diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 68b5fae5..67fad3d1 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -2,11 +2,33 @@ name: build on: push: - paths: [ '.github/workflows/build.yml','src/**'] + paths: [ '.github/workflows/build.yml','py/**'] pull_request: - paths: [ '.github/workflows/build.yml','src/**'] + paths: [ '.github/workflows/build.yml','py/**'] jobs: + hook: + runs-on: windows-latest + strategy: + matrix: + bits: [32, 64] + permissions: + id-token: write + attestations: write + contents: write + steps: + - uses: actions/checkout@v4 + with: + submodules: recursive + - uses: GuillaumeFalourd/setup-windows10-sdk-action@v2 + with: + sdk-version: 22621 + - run: python cpp/LunaHook/build.py build English ${{matrix.bits}} + + - uses: actions/upload-artifact@v4 + with: + name: hook_${{matrix.bits}} + path: cpp/LunaHook/builds/Release_English pyrt: runs-on: windows-latest strategy: @@ -19,11 +41,11 @@ jobs: python-version: '3.7.9' architecture: ${{ matrix.architecture }} - - run: python src/build.py pyrt ${{ matrix.architecture }} 3.7.9 + - run: python py/build.py pyrt ${{ matrix.architecture }} 3.7.9 - uses: actions/upload-artifact@v4 with: name: pyrt_${{ matrix.architecture }} - path: src/pyrt + path: py/pyrt build_cpp: runs-on: windows-latest strategy: @@ -37,16 +59,16 @@ jobs: with: sdk-version: 22621 - - run: python src/build.py cpp ${{ matrix.architecture }} + - run: python py/build.py cpp ${{ matrix.architecture }} - uses: actions/upload-artifact@v4 with: name: cpp_${{ matrix.architecture }} - path: src/plugins/builds + path: cpp/builds release: runs-on: windows-latest - needs: [pyrt,build_cpp] + needs: [pyrt,build_cpp,hook] strategy: matrix: include: @@ -59,8 +81,8 @@ jobs: - uses: actions/download-artifact@v4 with: path: build - - run: python src/build.py merge ${{ matrix.architecture }} + - run: python py/build.py merge ${{ matrix.architecture }} - uses: actions/upload-artifact@v4 with: name: ${{ matrix.fname }} - path: src/build/${{matrix.fname}}.zip \ No newline at end of file + path: py/build/${{matrix.fname}}.zip \ No newline at end of file diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 1364d070..ac1a17df 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -11,8 +11,29 @@ jobs: steps: - uses: actions/checkout@v4 - id: loadversion - run: python src/build.py loadversion | Out-File -FilePath $Env:GITHUB_OUTPUT -Encoding utf8 -Append - + run: python py/build.py loadversion | Out-File -FilePath $Env:GITHUB_OUTPUT -Encoding utf8 -Append + hook: + runs-on: windows-latest + strategy: + matrix: + bits: [32, 64] + permissions: + id-token: write + attestations: write + contents: write + steps: + - uses: actions/checkout@v4 + with: + submodules: recursive + - uses: GuillaumeFalourd/setup-windows10-sdk-action@v2 + with: + sdk-version: 22621 + - run: python cpp/LunaHook/build.py build English ${{matrix.bits}} + + - uses: actions/upload-artifact@v4 + with: + name: hook_${{matrix.bits}} + path: cpp/LunaHook/builds/Release_English pyrt: runs-on: windows-latest strategy: @@ -25,11 +46,11 @@ jobs: python-version: '3.7.9' architecture: ${{ matrix.architecture }} - - run: python src/build.py pyrt ${{ matrix.architecture }} 3.7.9 + - run: python py/build.py pyrt ${{ matrix.architecture }} 3.7.9 - uses: actions/upload-artifact@v4 with: name: pyrt_${{ matrix.architecture }} - path: src/pyrt + path: py/pyrt build_cpp: runs-on: windows-latest strategy: @@ -43,16 +64,16 @@ jobs: with: sdk-version: 22621 - - run: python src/build.py cpp ${{ matrix.architecture }} + - run: python py/build.py cpp ${{ matrix.architecture }} - uses: actions/upload-artifact@v4 with: name: cpp_${{ matrix.architecture }} - path: src/plugins/builds + path: cpp/builds release: runs-on: windows-latest - needs: [pyrt,build_cpp,loadversion] + needs: [pyrt,build_cpp,loadversion,hook] strategy: matrix: include: @@ -65,15 +86,15 @@ jobs: - uses: actions/download-artifact@v4 with: path: build - - run: python src/build.py merge ${{ matrix.architecture }} + - run: python py/build.py merge ${{ matrix.architecture }} - uses: actions/upload-artifact@v4 with: name: ${{ matrix.fname }} - path: src/build/${{matrix.fname}}.zip + path: py/build/${{matrix.fname}}.zip - uses: softprops/action-gh-release@v2 with: tag_name: ${{ needs.loadversion.outputs.version }} files: | - src/build/${{matrix.fname}}.zip + py/build/${{matrix.fname}}.zip env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} \ No newline at end of file diff --git a/.gitignore b/.gitignore index 08005899..e3ee54e7 100644 --- a/.gitignore +++ b/.gitignore @@ -23,22 +23,24 @@ temp/ .vscode/settings.json -src/userconfig -src/cache -src/chrome_cache -src/files/ocr -src/files/plugins -src/files/themes -src/run37.bat -src/run3732.bat -src/plugins/builds -src/plugins/libs/webview2 -src/plugins/.vscode/settings.json -src/plugins/libs/opencv-static/windows-x86 -src/plugins/libs/opencv-static/windows-x64 -src/plugins/libs/onnxruntime-static/windows-x86 -src/plugins/libs/onnxruntime-static/windows-x64 -src/plugins/libs/opencv-static.zip -src/plugins/libs/onnxruntime-static.zip -src/plugins/libs/onnxruntime-static/onnxruntime-static.7z -src/plugins/libs/opencv-static/opencv-static.7z +py/userconfig +py/cache +py/chrome_cache +py/files/ocr +py/files/plugins +py/files/themes +py/run37.bat +py/run3732.bat +cpp/LunaHook/build +cpp/LunaHook/builds +cpp/builds +cpp/libs/webview2 +cpp/.vscode/settings.json +cpp/libs/opencv-static/windows-x86 +cpp/libs/opencv-static/windows-x64 +cpp/libs/onnxruntime-static/windows-x86 +cpp/libs/onnxruntime-static/windows-x64 +cpp/libs/opencv-static.zip +cpp/libs/onnxruntime-static.zip +cpp/libs/onnxruntime-static/onnxruntime-static.7z +cpp/libs/opencv-static/opencv-static.7z diff --git a/.gitmodules b/.gitmodules index 30bec105..b5712f3b 100644 --- a/.gitmodules +++ b/.gitmodules @@ -1,18 +1,21 @@ [submodule "src/plugins/libs/wil"] - path = src/plugins/libs/wil + path = cpp/libs/wil url = https://github.com/microsoft/wil.git [submodule "src/plugins/libs/rapidfuzz-cpp"] - path = src/plugins/libs/rapidfuzz-cpp + path = cpp/libs/rapidfuzz-cpp url = https://github.com/rapidfuzz/rapidfuzz-cpp [submodule "src/plugins/libs/wechat-ocr"] - path = src/plugins/libs/wechat-ocr + path = cpp/libs/wechat-ocr url = https://github.com/swigger/wechat-ocr [submodule "src/plugins/libs/tinymp3"] - path = src/plugins/libs/tinymp3 + path = cpp/libs/tinymp3 url = https://github.com/HIllya51/tinymp3 [submodule "src/plugins/libs/Detours"] - path = src/plugins/libs/Detours + path = cpp/libs/Detours url = https://github.com/microsoft/Detours [submodule "src/plugins/libs/Clipper2"] - path = src/plugins/libs/Clipper2 + path = cpp/libs/Clipper2 url = https://github.com/AngusJohnson/Clipper2 +[submodule "src/plugins/libs/minhook"] + path = cpp/libs/minhook + url = https://github.com/TsudaKageyu/minhook diff --git a/src/plugins/CMakeLists.txt b/cpp/CMakeLists.txt similarity index 83% rename from src/plugins/CMakeLists.txt rename to cpp/CMakeLists.txt index e50bb7c8..a4ead142 100644 --- a/src/plugins/CMakeLists.txt +++ b/cpp/CMakeLists.txt @@ -22,12 +22,7 @@ set(CMAKE_RUNTIME_OUTPUT_DIRECTORY $<1:${CMAKE_FINAL_OUTPUT_DIRECTORY}>) include(libs/libs.cmake) -set(CMAKE_MODULE_PATH ${CMAKE_MODULE_PATH} ${CMAKE_SOURCE_DIR}/version) -include(generate_product_version) - -set(VERSION_MAJOR 5) -set(VERSION_MINOR 55) -set(VERSION_PATCH 5) +include(${CMAKE_SOURCE_DIR}/version/version.cmake) add_library(pch pch.cpp) target_precompile_headers(pch PUBLIC pch.h) diff --git a/cpp/LunaHook/CMakeLists.txt b/cpp/LunaHook/CMakeLists.txt new file mode 100644 index 00000000..94de43cf --- /dev/null +++ b/cpp/LunaHook/CMakeLists.txt @@ -0,0 +1,65 @@ +cmake_minimum_required(VERSION 3.16) + +project(LunaHook) + +set(CMAKE_MSVC_RUNTIME_LIBRARY "MultiThreaded$<$:Debug>") + +set(CMAKE_MODULE_PATH ${CMAKE_MODULE_PATH} ${CMAKE_CURRENT_SOURCE_DIR}/cmake) + +set(CMAKE_CXX_STANDARD 17) +add_definitions(-DUNICODE -D_UNICODE) +add_compile_options( + /MP + /wd4018 + /wd4819 + /wd4244 + /wd4267 + /wd4340 + /wd4369 + /wd4573 +) + +if(NOT CMAKE_BUILD_TYPE) + set(CMAKE_BUILD_TYPE Release) +endif() + +if(${CMAKE_SIZEOF_VOID_P} EQUAL 8) + set(bitappendix "64") +else() + set(bitappendix "32") +endif() + +if(NOT DEFINED LANGUAGE) + set(LANGUAGE English) +endif() +option(BUILD_PLUGIN "BUILD_PLUGIN" OFF) +option(BUILD_GUI "BUILD_GUI" OFF) +option(BUILD_CLI "BUILD_CLI" OFF) +option(WINXP "WINXP" OFF) + +if(WINXP) +set(WINXPAPP "_winxp") +else() +set(WINXPAPP "") +endif() + +add_definitions(-DLANGUAGE=${LANGUAGE}) + +set(CMAKE_FINAL_OUTPUT_DIRECTORY ${CMAKE_SOURCE_DIR}/builds/${CMAKE_BUILD_TYPE}_x${bitappendix}_${LANGUAGE}${WINXPAPP}) +set(binary_out_putpath ${CMAKE_SOURCE_DIR}/builds/${CMAKE_BUILD_TYPE}_${LANGUAGE}${WINXPAPP}) +#set(CMAKE_ARCHIVE_OUTPUT_DIRECTORY $<1:${CMAKE_FINAL_OUTPUT_DIRECTORY}>) +set(CMAKE_LIBRARY_OUTPUT_DIRECTORY $<1:${binary_out_putpath}>) +set(CMAKE_RUNTIME_OUTPUT_DIRECTORY $<1:${binary_out_putpath}>) + +include_directories(.) +option(USE_VCLTL "USE_VCLTL" OFF) +option(IS_LUNAHOOK "IS_LUNAHOOK" ON) +include(${CMAKE_SOURCE_DIR}/../libs/libs.cmake) + +include_directories(include) + +include(${CMAKE_SOURCE_DIR}/../version/version.cmake) + +add_subdirectory(include) +add_subdirectory(LunaHook) +add_subdirectory(LunaHost) diff --git a/cpp/LunaHook/Lang/Lang.h b/cpp/LunaHook/Lang/Lang.h new file mode 100644 index 00000000..fb0ca69b --- /dev/null +++ b/cpp/LunaHook/Lang/Lang.h @@ -0,0 +1,22 @@ +#pragma warning(push) +#pragma warning(disable: 4005) + +#define English 0 +#define Chinese 1 +#define Russian 2 +#define TradChinese 3 + +#include"en.h" + +#if (LANGUAGE == Chinese) +#include"zh.h" +#endif +#if (LANGUAGE == Russian) +#include"ru.h" +#endif +#if (LANGUAGE == TradChinese) +#include"cht.h" +#endif + + +#pragma warning(pop) \ No newline at end of file diff --git a/cpp/LunaHook/Lang/cht.h b/cpp/LunaHook/Lang/cht.h new file mode 100644 index 00000000..74979510 --- /dev/null +++ b/cpp/LunaHook/Lang/cht.h @@ -0,0 +1,101 @@ + +#define ALREADY_INJECTED L"已經注入" +#define NEED_32_BIT L"架構不匹配:請嘗試使用 32 位元注入此處理程序" +#define NEED_64_BIT L"架構不匹配:請嘗試使用 64 位元注入此處理程序" +#define INJECT_FAILED L"注入失敗" +#define INVALID_CODEPAGE L"無法轉換文字(無效的字碼頁?)" +#define PIPE_CONNECTED u8"管道已連接" +#define INSERTING_HOOK u8"注入勾點:%s %p" +#define REMOVING_HOOK u8"移除勾點:%s" +#define TOO_MANY_HOOKS u8"勾點數量已達上限:無法注入" +#define HOOK_SEARCH_STARTING u8"開始搜尋勾點" +#define HOOK_SEARCH_INITIALIZING u8"初始化勾點搜尋(%f%%)" +#define NOT_ENOUGH_TEXT u8"文字長度不足,無法精確搜尋" +#define HOOK_SEARCH_INITIALIZED u8"搜尋初始化完成,建立了 %zd 個勾點" +#define MAKE_GAME_PROCESS_TEXT u8"請點擊遊戲區域,在接下來的 %d 秒內使遊戲強制處理文字" +#define HOOK_SEARCH_FINISHED u8"勾點搜尋完畢,找到了 %d 條結果" +#define OUT_OF_RECORDS_RETRY u8"搜尋結果已達上限,如果結果不理想,請重試(預設最大紀錄數增加)" +#define FUNC_MISSING u8"函式不存在" +#define MODULE_MISSING u8"模組不存在" +#define GARBAGE_MEMORY u8"記憶體一直在改變,無法有效讀取" +#define SEND_ERROR u8"Sender 錯誤(可能是由於錯誤或不穩定的 H-code):%s" +#define READ_ERROR u8"Reader 錯誤(可能是由於錯誤或不穩定的 R-code):%s" +#define SearchForHooks_ERROR u8"搜尋勾點錯誤:記憶體移除,嘗試重新分配 %d" +#define ResultsNum u8"%d 個結果被找到" +#define HIJACK_ERROR u8"Hijack 錯誤" +#define COULD_NOT_FIND u8"無法找到文字" +#define CONSOLE L"控制台" +#define InvalidLength u8"可能存在錯誤(無效的文字長度 %d 出現 %s)" +#define InsertHookFailed u8"勾點注入失敗 %s" +#define Match_Error u8"匹配 %s 引擎時發生錯誤" +#define Attach_Error u8"連接到 %s 引擎時發生錯誤" +#define MatchedEngine u8"匹配到 %s 引擎" +#define ConfirmStop u8"確認是 %s 引擎,停止匹配" +#define Attach_Stop u8"成功連接到 %s 引擎" +#define ProcessRange u8"取得處理程序記憶體位址範圍 0x%p 到 0x%p" +#define WarningDummy u8"警告,注入的處理程序記憶體很小,可能是無用處理程序!" +#define WndSelectProcess L"選擇處理程序" +#define WndLunaHostGui L"LunaHost GUI" +#define WndSetting L"設定" +#define WndPlugins L"外掛程式" +#define NotifyInvalidHookCode L"特殊碼無效" +#define BtnSelectProcess L"選擇處理程序" +#define BtnDetach L"從遊戲分離" +#define BtnSaveHook L"儲存勾點" +#define BtnShowSettingWindow L"設定" +#define BtnAttach L"注入處理程序" +#define BtnRefresh L"重新整理" +#define BtnToClipboard L"複製到剪貼簿" +#define BtnReadOnly L"文字框唯讀" +#define BtnInsertUserHook L"插入特殊碼" +#define BtnSearchHook L"搜尋勾點" +#define BtnPlugin L"外掛程式" +#define LblFlushDelay L"排清延遲" +#define LblFilterRepeat L"過濾重複文字" +#define LblCodePage L"預設字碼頁" +#define LblMaxBuff L"最大緩衝區長度" +#define LblMaxHist L"最大快取文字長度" +#define LblAutoAttach L"自動附加" +#define LblAutoAttach_savedonly L"自動附加(僅限儲存過配置的遊戲)" +#define MenuCopyHookCode L"複製特殊碼" +#define MenuRemoveHook L"移除勾點" +#define MenuDetachProcess L"離開處理程序" +#define MenuRemeberSelect L"記住選擇的勾點" +#define MenuForgetSelect L"忘掉選擇的勾點" +#define MenuAddPlugin L"新增外掛程式" +#define MenuRemovePlugin L"移除外掛程式" +#define MenuPluginRankUp L"上移" +#define MenuPluginRankDown L"下移" +#define MenuPluginEnable L"使用" +#define MenuPluginVisSetting L"顯示設定" +#define DefaultFont L"Microsoft JhengHei" +#define CantLoadQtLoader L"無法載入 QtLoader.dll" +#define InvalidPlugin L"外掛程式無效!" +#define InvalidDll L"DLL 無效!" +#define InvalidDump L"重複!" +#define MsgError L"錯誤" +#define SEARCH_CJK L"搜尋中文 / 日文 / 韓文" +#define HS_SETTINGS L"設定" +#define BtnOk L"確定" +#define HS_START_HOOK_SEARCH L"開始搜尋勾點" +#define HS_SEARCH_PATTERN L"搜尋匹配特徵(Hex Byte Array)" +#define HS_SEARCH_DURATION L"搜尋持續時間(ms)" +#define HS_SEARCH_MODULE L"搜尋指定模組" +#define HS_PATTERN_OFFSET L"相對於特徵位址的偏移值" +#define HS_MAX_HOOK_SEARCH_RECORDS L"搜尋結果達到上限" +#define HS_MIN_ADDRESS L"起始位址(hex)" +#define HS_MAX_ADDRESS L"結束位址(hex)" +#define HS_STRING_OFFSET L"字串偏移值(hex)" +#define HS_HOOK_SEARCH_FILTER L"結果必須匹配的正則表達式" +#define HS_TEXT L"文字" +#define HS_CODEPAGE L"字碼頁" +#define HS_SEARCH_FOR_TEXT L"搜尋指定文字" +#define VersionLatest L"最新版本" +#define VersionCurrent L"目前版本" +#define ProjectHomePage L"GitHub:https://github.com/HIllya51/LunaHook\n專案首頁:https://lunatranslator.org\nPatreon:https://patreon.com/HIllya51\nDiscord:https://discord.com/invite/ErtDwVeAbB\n\n本程式是 LunaTranslator 的核心子模組,並完全整合在 LunaTranslator 中。本程式僅包含一些簡單功能,如果您需要更多功能,請使用 LunaTranslator。\n如果你發現有不支援的遊戲,請提交 Issue" +#define LIST_HOOK L"Hook" +#define LIST_TEXT L"文字" +#define PROC_CONN L"處理程序已連接 %d" +#define PROC_DISCONN L"處理程序已中斷連接 %d" +#define COPYSELECTION L"自動將文字框中選取的文字複製到剪貼簿" +#define FONTSELECT L"選擇字體" \ No newline at end of file diff --git a/cpp/LunaHook/Lang/en.h b/cpp/LunaHook/Lang/en.h new file mode 100644 index 00000000..dd1dcc9a --- /dev/null +++ b/cpp/LunaHook/Lang/en.h @@ -0,0 +1,101 @@ + +#define ALREADY_INJECTED L"already injected" +#define NEED_32_BIT L"architecture mismatch: only x86 can inject this process" +#define NEED_64_BIT L"architecture mismatch: only x64 can inject this process" +#define INJECT_FAILED L"couldn't inject" +#define INVALID_CODEPAGE L"couldn't convert text (invalid codepage?)" +#define PIPE_CONNECTED u8"pipe connected" +#define INSERTING_HOOK u8"inserting hook: %s %p" +#define REMOVING_HOOK u8"removing hook: %s" +#define TOO_MANY_HOOKS u8"too many hooks: can't insert" +#define HOOK_SEARCH_STARTING u8"starting hook search" +#define HOOK_SEARCH_INITIALIZING u8"initializing hook search (%f%%)" +#define NOT_ENOUGH_TEXT u8"not enough text to search accurately" +#define HOOK_SEARCH_INITIALIZED u8"initialized hook search with %zd hooks" +#define MAKE_GAME_PROCESS_TEXT u8"please click around in the game to force it to process text during the next %d seconds" +#define HOOK_SEARCH_FINISHED u8"hook search finished, %d results found" +#define OUT_OF_RECORDS_RETRY u8"out of search records, please retry if results are poor (default record count increased)" +#define FUNC_MISSING u8"function not present" +#define MODULE_MISSING u8"module not present" +#define GARBAGE_MEMORY u8"memory inline constantly changing, useless to read" +#define SEND_ERROR u8"Send ERROR (likely an unstable/incorrect H-code) in %s" +#define READ_ERROR u8"Reader ERROR (likely an incorrect R-code) in %s" +#define SearchForHooks_ERROR u8"SearchForHooks ERROR: out of memory, retrying to allocate %d" +#define ResultsNum u8"%d results processed" +#define HIJACK_ERROR u8"Hijack ERROR" +#define COULD_NOT_FIND u8"could not find text" +#define CONSOLE L"Console" +#define InvalidLength u8"something went very wrong (invalid length %d in %s)" +#define InsertHookFailed u8"failed to insert hook %s" +#define Match_Error u8"ERROR happened when matching engine %s " +#define Attach_Error u8"ERROR happened when attaching engine %s ERROR" +#define MatchedEngine u8"Matched engine %s" +#define ConfirmStop "Confirmed engine %s, stop checking" +#define Attach_Stop "Attach engine %s success and stop" +#define ProcessRange "hijacking process located from 0x%p to 0x%p" +#define WarningDummy "WARNING injected process is very small, possibly a dummy!" +#define WndSelectProcess L"SelectProcess" +#define WndLunaHostGui L"LunaHost GUI" +#define WndSetting L"Setting" +#define WndPlugins L"Plugins" +#define NotifyInvalidHookCode L"Invalid HookCode" +#define BtnSelectProcess L"Select Process" +#define BtnDetach L"Detach" +#define BtnSaveHook L"Save hook" +#define BtnShowSettingWindow L"Settings" +#define BtnAttach L"Attach" +#define BtnRefresh L"Refresh" +#define BtnToClipboard L"Copy To Clipboard" +#define BtnReadOnly L"Text box Read only" +#define BtnInsertUserHook L"Insert UserHook" +#define BtnSearchHook L"Search for hooks" +#define BtnPlugin L"Plugins" +#define LblFlushDelay L"Flush delay" +#define LblFilterRepeat L"Filter repetition" +#define LblCodePage L"Default codepage" +#define LblMaxBuff L"Max buffer size" +#define LblMaxHist L"Max history size" +#define LblAutoAttach L"Auto attach" +#define LblAutoAttach_savedonly L"Auto attach (saved only)" +#define MenuCopyHookCode L"CopyHookCode" +#define MenuRemoveHook L"RemoveHook" +#define MenuDetachProcess L"DetachProcess" +#define MenuRemeberSelect L"Remeber Hook Selection" +#define MenuForgetSelect L"Forget Hook Selection" +#define MenuAddPlugin L"Add Plugin" +#define MenuRemovePlugin L"Remove Plugin" +#define MenuPluginRankUp L"Up" +#define MenuPluginRankDown L"Down" +#define MenuPluginEnable L"Enable" +#define MenuPluginVisSetting L"Show Setting" +#define DefaultFont L"Arial" +#define CantLoadQtLoader L"Can't Load QtLoader.dll" +#define InvalidPlugin L"Invalid Plugin!" +#define InvalidDll L"Invalid Dll!" +#define InvalidDump L"Dumplicated!" +#define MsgError L"Error" +#define SEARCH_CJK L"Search for Chinese/Japanese/Korean" +#define HS_SETTINGS L"Settings" +#define BtnOk L"OK" +#define HS_START_HOOK_SEARCH L"Start hook search" +#define HS_SEARCH_PATTERN L"Search pattern (hex byte array)" +#define HS_SEARCH_DURATION L"Search duration (ms)" +#define HS_SEARCH_MODULE L"Search within module" +#define HS_PATTERN_OFFSET L"Offset from pattern start" +#define HS_MAX_HOOK_SEARCH_RECORDS L"Search result cap" +#define HS_MIN_ADDRESS L"Minimum address (hex)" +#define HS_MAX_ADDRESS L"Maximum address (hex)" +#define HS_STRING_OFFSET L"String offset (hex)" +#define HS_HOOK_SEARCH_FILTER L"Results must match this regex" +#define HS_TEXT L"Text" +#define HS_CODEPAGE L"Codepage" +#define HS_SEARCH_FOR_TEXT L"Search for specific text" +#define VersionLatest L"Latest version" +#define VersionCurrent L"Current version" +#define ProjectHomePage L"Github: https://github.com/HIllya51/LunaHook\nHomepage: https://lunatranslator.org\npatreon: https://patreon.com/HIllya51\n\nThis program is a core submodule of LunaTranslator and is fully integrated in Lunatranslator. This program contains only some simple functions, if you need more functions, please use LunaTranslator.\nIf you find unsupported games, please submit an issue" +#define LIST_HOOK L"Hook" +#define LIST_TEXT L"Text" +#define PROC_CONN L"process connected %d" +#define PROC_DISCONN L"process disconnected %d" +#define COPYSELECTION L"auto send selected text in textbox to clipboard" +#define FONTSELECT L"Select Font" \ No newline at end of file diff --git a/cpp/LunaHook/Lang/ru.h b/cpp/LunaHook/Lang/ru.h new file mode 100644 index 00000000..05f52150 --- /dev/null +++ b/cpp/LunaHook/Lang/ru.h @@ -0,0 +1,101 @@ + +#define ALREADY_INJECTED L"Уже внедрено" +#define NEED_32_BIT L"Неверная архетектура: тут нужно x86" +#define NEED_64_BIT L"Неверная архетектура: тут нужно x64" +#define INJECT_FAILED L"Не удалось внедрить" +#define INVALID_CODEPAGE L"Не удалось преобразовать текст (неверная кодовая страница?)" +#define PIPE_CONNECTED u8"Канал подключен" +#define INSERTING_HOOK u8"установка хука: %s %p" +#define REMOVING_HOOK u8"Удаление хука: %s" +#define TOO_MANY_HOOKS u8"Слишком много хуков: невозможно добавить" +#define HOOK_SEARCH_STARTING u8"Запущен поиск хуков" +#define HOOK_SEARCH_INITIALIZING u8"Инициализация поиска хуков (%f%%)" +#define NOT_ENOUGH_TEXT u8"Недостаточно текста для точного поиска" +#define HOOK_SEARCH_INITIALIZED u8"Поиск хуков инициализирован, найдено %zd хуков" +#define MAKE_GAME_PROCESS_TEXT u8"Пожалуйста, пощелкайте в игре, чтобы заставить ее обработать текст в течение следующих %d секунд" +#define HOOK_SEARCH_FINISHED u8"Поиск хуков завершен, найдено %d результатов" +#define OUT_OF_RECORDS_RETRY u8"Закончились записи поиска, попробуйте еще раз, если результаты неудовлетворительны (количество записей по умолчанию увеличено)" +#define FUNC_MISSING u8"Функция не найдена" +#define MODULE_MISSING u8"Модуль не найден" +#define GARBAGE_MEMORY u8"Данные в памяти постоянно меняются, чтение бесполезно" +#define SEND_ERROR u8"Ошибка отправки (возможен нестабильный/неверный H-код) в %s" +#define READ_ERROR u8"Ошибка чтения (возможен неверный R-код) в %s" +#define SearchForHooks_ERROR u8"Ошибка SearchForHooks: недостаточно памяти, повторная попытка выделения %d" +#define ResultsNum u8"Обработано %d результатов" +#define HIJACK_ERROR u8"Ошибка перехвата" +#define COULD_NOT_FIND u8"Не удалось найти текст" +#define CONSOLE L"Консоль" +#define InvalidLength u8"Произошла критическая ошибка (неверная длина %d в %s)" +#define InsertHookFailed u8"Не удалось установить хук %s" +#define Match_Error u8"Ошибка при сопоставлении с движком %s" +#define Attach_Error u8"Ошибка при подключении к движку %s" +#define MatchedEngine u8"Сопоставлен движок %s" +#define ConfirmStop u8"Подтвержден движок %s, поиск остановлен" +#define Attach_Stop u8"Движок %s успешно подключен, поиск остановлен" +#define ProcessRange u8"Перехват процесса в диапазоне адресов с 0x%p по 0x%p" +#define WarningDummy u8"ПРЕДУПРЕЖДЕНИЕ: внедренный процесс очень мал, возможно, это пустышка!" +#define WndSelectProcess L"Выбор процесса" +#define WndLunaHostGui L"LunaHost - GUI" +#define WndSetting L"Настройки" +#define WndPlugins L"Плагины" +#define NotifyInvalidHookCode L"Неверный код хука" +#define BtnSelectProcess L"Выбрать процесс" +#define BtnDetach L"Отключить" +#define BtnSaveHook L"Сохранить хук" +#define BtnShowSettingWindow L"Настройки" +#define BtnAttach L"Подключить" +#define BtnRefresh L"Обновить" +#define BtnToClipboard L"Скопировать в буфер обмена" +#define BtnReadOnly L"Текстовое поле доступно только для чтения" +#define BtnInsertUserHook L"Добавить польз. хук" +#define BtnSearchHook L"Найти хуки" +#define BtnPlugin L"Плагины" +#define LblFlushDelay L"Задержка сброса" +#define LblFilterRepeat L"Фильтр повторов" +#define LblCodePage L"Кодовая страница по умолчанию" +#define LblMaxBuff L"Максимальный размер буфера" +#define LblMaxHist L"Максимальный размер истории" +#define LblAutoAttach L"Автоподключение" +#define LblAutoAttach_savedonly L"Автоподключение (только сохраненные)" +#define MenuCopyHookCode L"Скопировать код хука" +#define MenuRemoveHook L"Удалить хук" +#define MenuDetachProcess L"Отключиться от процесса" +#define MenuRemeberSelect L"Запомнить выбранный хук" +#define MenuForgetSelect L"Забыть выбранный хук" +#define MenuAddPlugin L"Добавить плагин" +#define MenuRemovePlugin L"Удалить плагин" +#define MenuPluginRankUp L"Вверх" +#define MenuPluginRankDown L"Вниз" +#define MenuPluginEnable L"Включить" +#define MenuPluginVisSetting L"Показать настройки" +#define DefaultFont L"Arial" +#define CantLoadQtLoader L"Не удалось загрузить QtLoader.dll" +#define InvalidPlugin L"Неверный плагин!" +#define InvalidDll L"Неверная DLL!" +#define InvalidDump L"Дубликат!" +#define MsgError L"Ошибка" +#define SEARCH_CJK L"Искать китайские/японские/корейские символы" +#define HS_SETTINGS L"Настройки" +#define BtnOk L"OK" +#define HS_START_HOOK_SEARCH L"Начать поиск хуков" +#define HS_SEARCH_PATTERN L"Шаблон поиска (массив шестнадцатеричных байтов)" +#define HS_SEARCH_DURATION L"Длительность поиска (мс)" +#define HS_SEARCH_MODULE L"Искать внутри модуля" +#define HS_PATTERN_OFFSET L"Смещение от начала шаблона" +#define HS_MAX_HOOK_SEARCH_RECORDS L"Максимальное количество результатов поиска" +#define HS_MIN_ADDRESS L"Минимальный адрес (шестнадцатеричный)" +#define HS_MAX_ADDRESS L"Максимальный адрес (шестнадцатеричный)" +#define HS_STRING_OFFSET L"Смещение строки (шестнадцатеричное)" +#define HS_HOOK_SEARCH_FILTER L"Результаты должны соответствовать этому регулярному выражению" +#define HS_TEXT L"Текст" +#define HS_CODEPAGE L"Кодовая страница" +#define HS_SEARCH_FOR_TEXT L"Искать определенный текст" +#define VersionLatest L"Последняя версия" +#define VersionCurrent L"Текущая версия" +#define ProjectHomePage L"Github: https://github.com/HIllya51/LunaHook\nСтраница проекта: https://lunatranslator.org\npatreon: https://patreon.com/HIllya51\nDiscord: https://discord.com/invite/ErtDwVeAbB\n\nЭта программа является основным подмодулем LunaTranslator и полностью интегрирована в Lunatranslator. Эта программа содержит только некоторые простые функции. Если вам нужны дополнительные функции, используйте LunaTranslator.\nЕсли вы обнаружите какие-либо неподдерживаемые игры, сообщите о проблеме." +#define LIST_HOOK L"Хук" +#define LIST_TEXT L"Текст" +#define PROC_CONN L"Процесс подключен %d" +#define PROC_DISCONN L"Процесс отключен %d" +#define COPYSELECTION L"Автоматически копировать выделенный текст в буфер обмена" +#define FONTSELECT L"Выбрать шрифт" diff --git a/cpp/LunaHook/Lang/zh.h b/cpp/LunaHook/Lang/zh.h new file mode 100644 index 00000000..bf251790 --- /dev/null +++ b/cpp/LunaHook/Lang/zh.h @@ -0,0 +1,101 @@ + +#define ALREADY_INJECTED L"已经注入" +#define NEED_32_BIT L"架构不匹配: 请尝试使用32位注入此进程" +#define NEED_64_BIT L"架构不匹配: 请尝试使用64位注入此进程" +#define INJECT_FAILED L"注入失败" +#define INVALID_CODEPAGE L"无法转换文本 (无效的代码页?)" +#define PIPE_CONNECTED u8"管道已连接" +#define INSERTING_HOOK u8"注入钩子: %s %p" +#define REMOVING_HOOK u8"移除钩子: %s" +#define TOO_MANY_HOOKS u8"钩子数量已达上限: 无法注入" +#define HOOK_SEARCH_STARTING u8"开始搜索钩子" +#define HOOK_SEARCH_INITIALIZING u8"初始化钩子搜索 (%f%%)" +#define NOT_ENOUGH_TEXT u8"文本长度不足, 无法精确搜索" +#define HOOK_SEARCH_INITIALIZED u8"搜索初始化完成, 创建了 %zd 个钩子" +#define MAKE_GAME_PROCESS_TEXT u8"请点击游戏区域, 在接下来的 %d 秒内使游戏强制处理文本" +#define HOOK_SEARCH_FINISHED u8"钩子搜索完毕, 找到了 %d 条结果" +#define OUT_OF_RECORDS_RETRY u8"搜索结果已达上限, 如果结果不理想, 请重试(默认最大记录数增加)" +#define FUNC_MISSING u8"函数不存在" +#define MODULE_MISSING u8"模块不存在" +#define GARBAGE_MEMORY u8"内存一直在改变,无法有效读取" +#define SEND_ERROR u8"Sender 错误 (可能是由于错误或不稳定的 H-code) : %s" +#define READ_ERROR u8"Reader 错误 (可能是由于错误或不稳定的 R-code) : %s" +#define SearchForHooks_ERROR u8"搜索钩子错误 : 内存移除,尝试重新分配 %d" +#define ResultsNum u8"%d 个结果被找到" +#define HIJACK_ERROR u8"Hijack 错误" +#define COULD_NOT_FIND u8"无法找到文本" +#define CONSOLE L"控制台" +#define InvalidLength u8"可能存在错误 (无效的文本长度 %d 出现 %s)" +#define InsertHookFailed u8"钩子注入失败 %s" +#define Match_Error u8"匹配 %s 引擎时发生错误" +#define Attach_Error u8"连接到 %s 引擎时发送错误" +#define MatchedEngine u8"匹配到 %s 引擎" +#define ConfirmStop u8"确认是 %s 引擎, 停止匹配" +#define Attach_Stop u8"成功连接到 %s 引擎" +#define ProcessRange u8"获取到进程内存地址范围 0x%p 到 0x%p" +#define WarningDummy u8"警告,注入的进程内存很小,可能是无用进程!" +#define WndSelectProcess L"选择进程" +#define WndLunaHostGui L"LunaHost GUI" +#define WndSetting L"设置" +#define WndPlugins L"插件" +#define NotifyInvalidHookCode L"特殊码无效" +#define BtnSelectProcess L"选择进程" +#define BtnDetach L"从游戏分离" +#define BtnSaveHook L"保存钩子" +#define BtnShowSettingWindow L"设置" +#define BtnAttach L"注入进程" +#define BtnRefresh L"刷新" +#define BtnToClipboard L"复制到剪贴板" +#define BtnReadOnly L"文本框只读" +#define BtnInsertUserHook L"插入特殊码" +#define BtnSearchHook L"搜索钩子" +#define BtnPlugin L"插件" +#define LblFlushDelay L"刷新延迟" +#define LblFilterRepeat L"过滤重复文本" +#define LblCodePage L"默认代码页" +#define LblMaxBuff L"最大缓冲区长度" +#define LblMaxHist L"最大缓存文本长度" +#define LblAutoAttach L"自动附加" +#define LblAutoAttach_savedonly L"自动附加 (仅限保存过配置的游戏)" +#define MenuCopyHookCode L"复制特殊码" +#define MenuRemoveHook L"移除钩子" +#define MenuDetachProcess L"离开进程" +#define MenuRemeberSelect L"记住选择的钩子" +#define MenuForgetSelect L"忘掉选择的钩子" +#define MenuAddPlugin L"添加插件" +#define MenuRemovePlugin L"移除插件" +#define MenuPluginRankUp L"上移" +#define MenuPluginRankDown L"下移" +#define MenuPluginEnable L"使用" +#define MenuPluginVisSetting L"显示设置" +#define DefaultFont L"微软雅黑" +#define CantLoadQtLoader L"无法加载QtLoader.dll" +#define InvalidPlugin L"插件无效!" +#define InvalidDll L"Dll无效!" +#define InvalidDump L"重复!" +#define MsgError L"错误" +#define SEARCH_CJK L"搜索中文/日文/韩文" +#define HS_SETTINGS L"设置" +#define BtnOk L"确定" +#define HS_START_HOOK_SEARCH L"开始搜索钩子" +#define HS_SEARCH_PATTERN L"搜索匹配特征 (hex byte array)" +#define HS_SEARCH_DURATION L"搜索持续时间 (ms)" +#define HS_SEARCH_MODULE L"搜索指定模块" +#define HS_PATTERN_OFFSET L"相对于特征地址的偏移值" +#define HS_MAX_HOOK_SEARCH_RECORDS L"搜索结果达到上限" +#define HS_MIN_ADDRESS L"起始地址 (hex)" +#define HS_MAX_ADDRESS L"结束地址 (hex)" +#define HS_STRING_OFFSET L"字符串偏移值 (hex)" +#define HS_HOOK_SEARCH_FILTER L"结果必须匹配的正则表达式" +#define HS_TEXT L"文本" +#define HS_CODEPAGE L"代码页" +#define HS_SEARCH_FOR_TEXT L"搜索指定文本" +#define VersionLatest L"最新版本" +#define VersionCurrent L"当前版本" +#define ProjectHomePage L"Github: https://github.com/HIllya51/LunaHook\n项目主页: https://lunatranslator.org\npatreon:https://patreon.com/HIllya51\nDiscord:https://discord.com/invite/ErtDwVeAbB\n\n本程序是LunaTranslator 的核心子模块,并完全集成在Lunatranslator中。本程序仅包含一些简单功能,如果您需要更多功能,请使用 LunaTranslator。\n如果你发现有不支持的游戏,请提交issue" +#define LIST_HOOK L"Hook" +#define LIST_TEXT L"文本" +#define PROC_CONN L"进程已连接 %d" +#define PROC_DISCONN L"进程已断开连接 %d" +#define COPYSELECTION L"自动将文本框中选取的文本复制到剪贴板" +#define FONTSELECT L"选择字体" \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/CMakeLists.txt b/cpp/LunaHook/LunaHook/CMakeLists.txt new file mode 100644 index 00000000..1a8ac978 --- /dev/null +++ b/cpp/LunaHook/LunaHook/CMakeLists.txt @@ -0,0 +1,54 @@ +include_directories(. util engines) +if(${CMAKE_SIZEOF_VOID_P} EQUAL 8) + set(enginessrc MKXPZ Ryujinx livecaptions Kincaid vita3k rpcs3 yuzu TYPEMOON UnrealEngine AGES7 mono Godot 5pb lucasystem LightVN V8 pchooks Artemis KiriKiri YOX PPSSPP CMVS Suika2 ) + set(enginepath "engine64") + set(collector "enginecollection64.cpp") +else() + set(enginessrc Cage AGE_System AksysGames RPGMaker Stronger TACTICS Onscripter Sceplay DISCOVERY Erogos godot A98SYS GuruGuruSMF4 TeethingRing Fizz CoffeeMaker VALKYRIA mirage CisLugI tamasoft FrontWing solfasys Diskdream splushwave ransel akatombo GASTRO GSX Aksys ScrPlayer SYSD KISS IGScript Jellyfish BKEngine Overflow SRPGStudio Suika2 FVP LCScript Ohgetsu RPGMakerRGSS3 ONScripterru OVERDRIVE HXP Palette Purple Ruf RUNE Tarte Tomato Sakuradog Troy VitaminSoft UnknownEngine TSSystem Xbangbang Anisetta Nijyuei Interheart LovaGame Giga Jisatu101 EntisGLS Ciel ACTGS TerraLunar PPSSPP jukujojidai PCSX2 VanillawareGC cef V8 mono pchooks PONScripter Bishop sakanagl Lightvn KiriKiri SideB BGI Bootup morning shyakunage Regista NNNConfig Eushully Majiro littlecheese Elf Silkys CMVS Wolf Circus1 Circus2 Cotopha Artemis CatSystem Atelier Tenco QLIE Pal AIL2 NeXAS LunaSoft Unicorn Rejet Interlude AdobeAir Retouch Malie Live Nexton Lucifen Waffle TinkerBell SystemAoi Yuris Nitroplus2 Bruns EME RRE Candy Speed ApricoT Triangle AB2Try MBLMED GameMaker DxLib CodeX Minori Sprite RpgmXP Eagls Debonosu C4 WillPlus Tanuki GXP AOS Mink YukaSystem2 sakusesu Exp Syuntada Pensil Anim hibiki Nitroplus Reallive Siglus Taskforce2 RUGP IronGameSystem Anex86 ShinyDaysGame MarineHeart ShinaRio CaramelBox UnisonShift Escude Ryokucha Alice Footy2 utawarerumono System4x Abalone Abel 5pb HorkEye XUSE Leaf Nekopack AXL AGS AdobeFlash10 FocasLens Tamamo Ages3ResT) + set(enginepath "engine32") + set(collector "enginecollection32.cpp") +endif() +string(REPLACE ";" ".cpp;${enginepath}/" enginessrc "${enginessrc}") +#message("${enginessrc}") +set(enginessrc "${enginepath}/${enginessrc}.cpp") +message("${enginessrc}") +set_source_files_properties(${enginessrc} PROPERTIES SOURCE_ENCODING "UTF-8") + +set(texthook_src + main.cc + texthook.cc + hookfinder.cc + ${enginessrc} + ${collector} + enginecontrol.cpp + embed_util.cc + hijackfuns.cc + veh_hook.cpp +) + + +add_library(pchhook pchhook.cpp) +target_precompile_headers(pchhook PUBLIC pchhook.h) + + +add_subdirectory(util) +add_subdirectory(engines) + +generate_product_version( + versioninfohook + NAME "LunaHook" + COMPANY_COPYRIGHT "HIllya51 (C) 2024" + ICON ${PATH_TO_APPLICATION_ICON} + VERSION_MAJOR ${VERSION_MAJOR} + VERSION_MINOR ${VERSION_MINOR} + VERSION_PATCH ${VERSION_PATCH} + VERSION_REVISION ${VERSION_REVISION} +) + +add_library(LunaHook MODULE ${texthook_src} resource.rc ${versioninfohook}) + +target_precompile_headers(LunaHook REUSE_FROM pchhook) + +set_target_properties(LunaHook PROPERTIES OUTPUT_NAME "LunaHook${bitappendix}") + +target_link_libraries(LunaHook Version httpapi ws2_32 Shlwapi pch minhook commonengine utils ${YY_Thunks_for_WinXP}) \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/NoEngine.h b/cpp/LunaHook/LunaHook/NoEngine.h new file mode 100644 index 00000000..9e546789 --- /dev/null +++ b/cpp/LunaHook/LunaHook/NoEngine.h @@ -0,0 +1,143 @@ +class NoEngine : public ENGINE +{ +public: + bool attach_function() + { + ConsoleOutput("IGNORE %s", getenginename()); + // ConsoleOutput("IGNORE engine"); + return true; + } +}; +class oldSystem40ini : public NoEngine +{ +public: + oldSystem40ini() + { + // jichi 1/19/2015: Disable inserting Lstr for System40 + // See: http://sakuradite.com/topic/618 + + check_by = CHECK_BY::FILE; + check_by_target = L"System40.ini"; + }; +}; +// class RPGMakerRGSS3:public NoEngine{ +// public: +// RPGMakerRGSS3(){ +// // jichi 6/7/2015: RPGMaker v3 + +// check_by=CHECK_BY::FILE; +// check_by_target=L"*.rgss3a"; +// }; +// }; + +// class FVP:public NoEngine{ +// public: +// FVP(){ +// // 7/28/2015 jichi: Favorite games + +// check_by=CHECK_BY::FILE; +// check_by_target=L"*.hcb"; +// }; +// }; + +class AdvPlayerHD : public NoEngine +{ +public: + AdvPlayerHD() + { + // supposed to be WillPlus + + check_by = CHECK_BY::FILE_ANY; + check_by_target = check_by_list{L"AdvHD.exe", L"AdvHD.dll"}; + }; +}; + +class DPM : public NoEngine +{ +public: + DPM() + { + // jichi 4/30/2015: Skip games made from らすこう, such as とある人妻のネトラレ事情 + // It has garbage from lstrlenW. Correct text is supposed to be in TabbedTextOutA. + + check_by = CHECK_BY::FILE; + check_by_target = L"data_cg.dpm"; + }; +}; + +class Escude_ignore : public NoEngine +{ +public: + Escude_ignore() + { + // jichi 3/19/2014: Escude game + // Example: bgm.bin gfx.bin maou.bin script.bin snd.bin voc.bin + + check_by = CHECK_BY::FILE_ANY; + check_by_target = check_by_list{L"gfx.bin", L"snd.bin", L"voc.bin"}; + }; +}; + +class Chartreux : public NoEngine +{ +public: + Chartreux() + { + + // jichi 12/28/2014: "Chartreux Inc." in Copyright. + // Sublimary brands include Rosebleu, MORE, etc. + // GetGlyphOutlineA already works. + + check_by = CHECK_BY::RESOURCE_STR; + check_by_target = L"Chartreux"; + }; +}; +class lcsebody : public NoEngine +{ +public: + lcsebody() + { + + check_by = CHECK_BY::CUSTOM; + // jichi 3/19/2014: LC-ScriptEngine, GetGlyphOutlineA + check_by_target = []() + { + return (wcsstr(processName, L"lcsebody") || !wcsncmp(processName, L"lcsebo~", 7) || Util::CheckFile(L"lcsebody*")); + }; + }; +}; +// class FVP2:public NoEngine{ +// public: +// FVP2(){ + +// check_by=CHECK_BY::CUSTOM; +// // jichi 3/19/2014: LC-ScriptEngine, GetGlyphOutlineA +// check_by_target=[](){ + +// wchar_t str[MAX_PATH]; +// DWORD i; +// for (i = 0; processName[i]; i++) { +// str[i] = processName[i]; +// if (processName[i] == L'.') +// break; +// } +// *(DWORD *)(str + i + 1) = 0x630068; //.hcb +// *(DWORD *)(str + i + 3) = 0x62; +// // jichi 10/3/2013: such like アトリエかぐや +// return (Util::CheckFile(str)); +// }; +// }; +// }; + +// if (Util::CheckFile(L"AGERC.DLL")) { // jichi 3/17/2014: Eushully, AGE.EXE +// ConsoleOutput("IGNORE Eushully"); +// return true; +// } +// if (Util::CheckFile(L"*\\Managed\\UnityEngine.dll")) { // jichi 12/3/2013: Unity (BALDRSKY ZERO) +// ConsoleOutput("IGNORE Unity"); +// return true; +// } +// if (Util::CheckFile(L"bsz_Data\\Managed\\UnityEngine.dll") || Util::CheckFile(L"bsz2_Data\\Managed\\UnityEngine.dll")) { +// ConsoleOutput("IGNORE Unity"); +// return true; +// } diff --git a/cpp/LunaHook/LunaHook/embed_util.cc b/cpp/LunaHook/LunaHook/embed_util.cc new file mode 100644 index 00000000..c3976031 --- /dev/null +++ b/cpp/LunaHook/LunaHook/embed_util.cc @@ -0,0 +1,278 @@ +#include "MinHook.h" + +DynamicShiftJISCodec *dynamiccodec = new DynamicShiftJISCodec(932); + +void cast_back(const HookParam &hp, TextBuffer*buff, const std::wstring &trans, bool normal) +{ + + if ((hp.type & EMBED_CODEC_UTF16) || (hp.type & CODEC_UTF16)) + { // renpy + buff->from(trans); + } + else + { + std::string astr; + if (hp.type & EMBED_DYNA_SJIS && !normal) + { + astr = dynamiccodec->encodeSTD(trans, 0); + } + else + { + astr = WideStringToString(trans, hp.codepage ? hp.codepage : ((hp.type & CODEC_UTF8) ? CP_UTF8 : commonsharedmem->codepage)); + } + buff->from(astr); + } +} + +struct FunctionInfo +{ + const char *name; // for debugging purpose + uintptr_t *oldFunction, + newFunction; + bool attached; + uintptr_t addr; + explicit FunctionInfo(const uintptr_t _addr = 0, const char *name = "", uintptr_t *oldFunction = nullptr, uintptr_t newFunction = 0, + bool attached = false) + : name(name), oldFunction(oldFunction), newFunction(newFunction), attached(attached), addr(_addr) + { + } +}; +std::unordered_map funcs; // attached functions +std::vector replacedfuns; // attached functions +bool _1f() +{ +#define ADD_FUN(_f) funcs[F_##_f] = FunctionInfo((uintptr_t)_f, #_f, (uintptr_t *)&Hijack::old##_f, (uintptr_t)Hijack::new##_f); + ADD_FUN(CreateFontA) + ADD_FUN(CreateFontW) + ADD_FUN(CreateFontIndirectA) + ADD_FUN(CreateFontIndirectW) + ADD_FUN(GetGlyphOutlineA) + ADD_FUN(GetGlyphOutlineW) + ADD_FUN(GetTextExtentPoint32A) + ADD_FUN(GetTextExtentPoint32W) + ADD_FUN(GetTextExtentExPointA) + ADD_FUN(GetTextExtentExPointW) + // ADD_FUN(GetCharABCWidthsA) + // ADD_FUN(GetCharABCWidthsW) + ADD_FUN(TextOutA) + ADD_FUN(TextOutW) + ADD_FUN(ExtTextOutA) + ADD_FUN(ExtTextOutW) + ADD_FUN(DrawTextA) + ADD_FUN(DrawTextW) + ADD_FUN(DrawTextExA) + ADD_FUN(DrawTextExW) + ADD_FUN(CharNextA) + // ADD_FUN(CharNextW) + // ADD_FUN(CharNextExA) + // ADD_FUN(CharNextExW) + ADD_FUN(CharPrevA) + // ADD_FUN(CharPrevW) + ADD_FUN(MultiByteToWideChar) + ADD_FUN(WideCharToMultiByte) +#undef ADD_FUN + return 0; +} +bool _1 = _1f(); +bool ReplaceFunction(PVOID oldf, PVOID newf, PVOID *pOrigin) +{ + PVOID oldx; + if (!pOrigin) + pOrigin = &oldx; + RemoveHook((uintptr_t)oldf); + if (MH_OK == MH_CreateHook(oldf, newf, pOrigin)) + return MH_OK == MH_EnableHook(oldf); + else + { + MH_RemoveHook(oldf); + return false; + } +} +void attachFunction(uintptr_t _hook_font_flag) +{ + for (auto &_func : funcs) + { + if (_func.first & _hook_font_flag) + { + if (_func.second.attached) + continue; + + if (ReplaceFunction((PVOID)_func.second.addr, (PVOID)_func.second.newFunction, (PVOID *)_func.second.oldFunction)) + { + _func.second.attached = true; + replacedfuns.push_back(_func.first); + } + } + } +} +void detachall() +{ + for (auto _flag : replacedfuns) + { + auto info = funcs.at(_flag); + if (MH_OK == MH_DisableHook((LPVOID)info.addr)) + MH_RemoveHook((LPVOID)info.addr); + } +} +void solvefont(HookParam hp) +{ + if (hp.hook_font) + { + attachFunction(hp.hook_font); + } + if (hp.hook_font & F_MultiByteToWideChar) + disable_mbwc = true; + if (hp.hook_font & F_WideCharToMultiByte) + disable_wcmb = true; + + if (auto current_patch_fun = patch_fun.exchange(nullptr)) + { + current_patch_fun(); + dont_detach = true; + } +} +static std::wstring alwaysInsertSpacesSTD(const std::wstring &text) +{ + std::wstring ret; + for (auto c : text) + { + ret.push_back(c); + if (c >= 32) // ignore non-printable characters + ret.push_back(L' '); // or insert \u3000 if needed + } + return ret; +} +bool charEncodableSTD(const wchar_t &ch, UINT codepage) +{ + + if (ch <= 127) // ignore ascii characters + return true; + std::wstring s; + s.push_back(ch); + return StringToWideString(WideStringToString(s, codepage), codepage).value() == s; +} +static std::wstring insertSpacesAfterUnencodableSTD(const std::wstring &text, HookParam hp) +{ + + std::wstring ret; + for (const wchar_t &c : text) + { + ret.push_back(c); + if (!charEncodableSTD(c, hp.codepage ? hp.codepage : commonsharedmem->codepage)) + ret.push_back(L' '); + } + return ret; +} +std::wstring adjustSpacesSTD(const std::wstring &text, HookParam hp) +{ + if (hp.type & EMBED_INSERT_SPACE_ALWAYS) + return alwaysInsertSpacesSTD(text); + else if (hp.type & EMBED_INSERT_SPACE_AFTER_UNENCODABLE) + return insertSpacesAfterUnencodableSTD(text, hp); + return text; +} +bool isPauseKeyPressed() +{ + return WinKey::isKeyControlPressed() || WinKey::isKeyShiftPressed() && !WinKey::isKeyReturnPressed(); +} +std::unordered_map translatecache; +bool check_is_thread_selected(const ThreadParam &tp) +{ + for (int i = 0; i < ARRAYSIZE(commonsharedmem->embedtps); i++) + { + if (commonsharedmem->embedtps[i].use && (commonsharedmem->embedtps[i].tp == tp)) + return true; + } + return false; +} +bool check_embed_able(const ThreadParam &tp) +{ + return host_connected && check_is_thread_selected(tp) && ((isPauseKeyPressed() == false) ? true : !commonsharedmem->fastskipignore); +} +bool waitforevent(UINT32 timems, const ThreadParam &tp, const std::wstring &origin) +{ + char eventname[1000]; + sprintf(eventname, LUNA_EMBED_notify_event, GetCurrentProcessId(), simplehash::djb2_n2((const unsigned char *)(origin.c_str()), origin.size() * 2)); + auto event = win_event(eventname); + while (timems) + { + if (check_embed_able(tp) == false) + return false; + auto sleepstep = min(100, timems); + if (event.wait(sleepstep)) + return true; + timems -= sleepstep; + } + return false; +} + +void TextHook::parsenewlineseperator(TextBuffer*buff) +{ + if (!(hp.newlineseperator)) + return; + + if (hp.type & CODEC_UTF16) + { + StringCharReplacer((wchar_t *)buff->buff, buff->lpsize, hp.newlineseperator, wcslen(hp.newlineseperator), L'\n'); + } + else if (hp.type & CODEC_UTF32) + return; + else + { + // ansi/utf8,newlineseperator都是简单字符 + std::string newlineseperatorA; + for (int i = 0; i < wcslen(hp.newlineseperator); i++) + newlineseperatorA += (char)hp.newlineseperator[i]; + StringCharReplacer((char *)buff->buff, buff->lpsize, newlineseperatorA.c_str(), newlineseperatorA.size(), '\n'); + } +} +UINT64 texthash(void *data, size_t len) +{ + UINT64 sum = 0; + auto u8data = (UINT8 *)data; + for (int i = 0; i < len; i++) + { + sum += u8data[i]; + sum = sum << 1; + } + return sum; +} +bool checktranslatedok(void *data, size_t len) +{ + ZeroMemory(commonsharedmem->text, sizeof(commonsharedmem->text)); // clear trans before call + if (len > 1000) + return true; + return (translatecache.find(texthash(data, len)) != translatecache.end()); +} +bool TextHook::waitfornotify(TextBuffer*buff, ThreadParam tp) +{ + std::wstring origin; + if (auto t = commonparsestring(buff->buff, *buff->lpsize, &hp, commonsharedmem->codepage)) + origin = t.value(); + else + return false; + + std::wstring translate; + auto hash = texthash(buff->buff, *buff->lpsize); + if (translatecache.find(hash) != translatecache.end()) + { + translate = translatecache.at(hash); + } + else + { + if (waitforevent(commonsharedmem->waittime, tp, origin) == false) + return false; + translate = commonsharedmem->text; + if ((translate.size() == 0)) + return false; + translatecache.insert(std::make_pair(hash, translate)); + } + if (hp.newlineseperator) + strReplace(translate, L"\n", hp.newlineseperator); + translate = adjustSpacesSTD(translate, hp); + if (commonsharedmem->keeprawtext) + translate = origin + L" " + translate; + solvefont(hp); + cast_back(hp, buff, translate, false); + return true; +} \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/embed_util.h b/cpp/LunaHook/LunaHook/embed_util.h new file mode 100644 index 00000000..3f8a2864 --- /dev/null +++ b/cpp/LunaHook/LunaHook/embed_util.h @@ -0,0 +1,34 @@ +#ifndef __LUNA_EMBED_ENGINE_H +#define __LUNA_EMBED_ENGINE_H + +extern CommonSharedMem *commonsharedmem; +extern DynamicShiftJISCodec *dynamiccodec; + +namespace WinKey +{ + inline bool isKeyPressed(int vk) { return ::GetKeyState(vk) & 0xf0; } + inline bool isKeyToggled(int vk) { return ::GetKeyState(vk) & 0x0f; } + + inline bool isKeyReturnPressed() { return isKeyPressed(VK_RETURN); } + inline bool isKeyControlPressed() { return isKeyPressed(VK_CONTROL); } + inline bool isKeyShiftPressed() { return isKeyPressed(VK_SHIFT); } + inline bool isKeyAltPressed() { return isKeyPressed(VK_MENU); } +} +namespace Engine +{ + enum TextRole + { + UnknownRole = 0, + ScenarioRole, + NameRole, + OtherRole, + ChoiceRole = OtherRole, + HistoryRole = OtherRole, + RoleCount + }; +} +inline std::atomic patch_fun = nullptr; +bool ReplaceFunction(PVOID oldf, PVOID newf, PVOID *pOrigin = nullptr); +bool check_embed_able(const ThreadParam &tp); +bool checktranslatedok(void *data, size_t len); +#endif \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine.h b/cpp/LunaHook/LunaHook/engine.h new file mode 100644 index 00000000..01ad97c8 --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine.h @@ -0,0 +1,44 @@ +#ifndef __LUNA_ENGINE_H +#define __LUNA_ENGINE_H + +extern WCHAR *processName, processPath[MAX_PATH], processName_lower[MAX_PATH]; // cached +extern uintptr_t processStartAddress, processStopAddress; +extern uintptr_t processStartAddress, processStopAddress; + +class ENGINE +{ +public: + const char *enginename; + bool dontstop; // dont stop even if attached a engine + bool is_engine_certain; // stop when match a engine ,even if not attached + + enum class CHECK_BY + { + ALL_TRUE, + FILE, + FILE_ALL, + FILE_ANY, + RESOURCE_STR, + CUSTOM, + }; + CHECK_BY check_by; + // const wchar_t* check_by_single; + // std::vectorcheck_by_list; + // std::functioncheck_by_custom_function; + typedef std::function check_by_custom_function; + typedef std::vector check_by_list; + typedef const wchar_t *check_by_single; + std::variant check_by_target; + // virtual bool check_by_target(){return false;}; + virtual bool attach_function() = 0; + virtual const char *getenginename() + { + if (enginename) + return enginename; + return typeid(*this).name() + 6; + } + ENGINE() : enginename(nullptr), dontstop(false), is_engine_certain(true), check_by(CHECK_BY::ALL_TRUE){}; + bool check_function(); +}; + +#endif \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine32/5pb.cpp b/cpp/LunaHook/LunaHook/engine32/5pb.cpp new file mode 100644 index 00000000..fe2ca4f7 --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/5pb.cpp @@ -0,0 +1,729 @@ +#include "5pb.h" +#include "mages/mages.h" +/** jichi 12/2/2014 5pb + * + * Sample game: [140924] CROSS�CHANNEL 〜FINAL COMPLETE� * See: http://sakuradite.com/topic/528 + * + * Debugging method: insert breakpoint. + * The first matched function cannot extract prelude text. + * The second matched function can extract anything but contains garbage. + * + * Function for scenario: + * 0016d90e cc int3 + * 0016d90f cc int3 + * 0016d910 8b15 782b6e06 mov edx,dword ptr ds:[0x66e2b78] ; .00b43bfe + * 0016d916 8a0a mov cl,byte ptr ds:[edx] ; jichi: hook here + * 0016d918 33c0 xor eax,eax + * 0016d91a 84c9 test cl,cl + * 0016d91c 74 41 je short .0016d95f + * 0016d91e 8bff mov edi,edi + * 0016d920 80f9 25 cmp cl,0x25 + * 0016d923 75 11 jnz short .0016d936 + * 0016d925 8a4a 01 mov cl,byte ptr ds:[edx+0x1] + * 0016d928 42 inc edx + * 0016d929 80f9 4e cmp cl,0x4e + * 0016d92c 74 05 je short .0016d933 + * 0016d92e 80f9 6e cmp cl,0x6e + * 0016d931 75 26 jnz short .0016d959 + * 0016d933 42 inc edx + * 0016d934 eb 23 jmp short .0016d959 + * 0016d936 80f9 81 cmp cl,0x81 + * 0016d939 72 05 jb short .0016d940 + * 0016d93b 80f9 9f cmp cl,0x9f + * 0016d93e 76 0a jbe short .0016d94a + * 0016d940 80f9 e0 cmp cl,0xe0 + * 0016d943 72 0c jb short .0016d951 + * 0016d945 80f9 fc cmp cl,0xfc + * 0016d948 77 07 ja short .0016d951 + * 0016d94a b9 02000000 mov ecx,0x2 + * 0016d94f eb 05 jmp short .0016d956 + * 0016d951 b9 01000000 mov ecx,0x1 + * 0016d956 40 inc eax + * 0016d957 03d1 add edx,ecx + * 0016d959 8a0a mov cl,byte ptr ds:[edx] + * 0016d95b 84c9 test cl,cl + * 0016d95d ^75 c1 jnz short .0016d920 + * 0016d95f c3 retn + * + * Function for everything: + * 001e9a76 8bff mov edi,edi + * 001e9a78 55 push ebp + * 001e9a79 8bec mov ebp,esp + * 001e9a7b 51 push ecx + * 001e9a7c 8365 fc 00 and dword ptr ss:[ebp-0x4],0x0 + * 001e9a80 53 push ebx + * 001e9a81 8b5d 10 mov ebx,dword ptr ss:[ebp+0x10] + * 001e9a84 85db test ebx,ebx + * 001e9a86 75 07 jnz short .001e9a8f + * 001e9a88 33c0 xor eax,eax + * 001e9a8a e9 9a000000 jmp .001e9b29 + * 001e9a8f 56 push esi + * 001e9a90 83fb 04 cmp ebx,0x4 + * 001e9a93 72 75 jb short .001e9b0a + * 001e9a95 8d73 fc lea esi,dword ptr ds:[ebx-0x4] + * 001e9a98 85f6 test esi,esi + * 001e9a9a 74 6e je short .001e9b0a + * 001e9a9c 8b4d 0c mov ecx,dword ptr ss:[ebp+0xc] + * 001e9a9f 8b45 08 mov eax,dword ptr ss:[ebp+0x8] + * 001e9aa2 8a10 mov dl,byte ptr ds:[eax] + * 001e9aa4 83c0 04 add eax,0x4 + * 001e9aa7 83c1 04 add ecx,0x4 + * 001e9aaa 84d2 test dl,dl + * 001e9aac 74 52 je short .001e9b00 + * 001e9aae 3a51 fc cmp dl,byte ptr ds:[ecx-0x4] + * 001e9ab1 75 4d jnz short .001e9b00 + * 001e9ab3 8a50 fd mov dl,byte ptr ds:[eax-0x3] + * 001e9ab6 84d2 test dl,dl + * 001e9ab8 74 3c je short .001e9af6 + * 001e9aba 3a51 fd cmp dl,byte ptr ds:[ecx-0x3] + * 001e9abd 75 37 jnz short .001e9af6 + * 001e9abf 8a50 fe mov dl,byte ptr ds:[eax-0x2] + * 001e9ac2 84d2 test dl,dl + * 001e9ac4 74 26 je short .001e9aec + * 001e9ac6 3a51 fe cmp dl,byte ptr ds:[ecx-0x2] + * 001e9ac9 75 21 jnz short .001e9aec + * 001e9acb 8a50 ff mov dl,byte ptr ds:[eax-0x1] + * 001e9ace 84d2 test dl,dl + * 001e9ad0 74 10 je short .001e9ae2 + * 001e9ad2 3a51 ff cmp dl,byte ptr ds:[ecx-0x1] + * 001e9ad5 75 0b jnz short .001e9ae2 + * 001e9ad7 8345 fc 04 add dword ptr ss:[ebp-0x4],0x4 + * 001e9adb 3975 fc cmp dword ptr ss:[ebp-0x4],esi + * 001e9ade ^72 c2 jb short .001e9aa2 + * 001e9ae0 eb 2e jmp short .001e9b10 + * 001e9ae2 0fb640 ff movzx eax,byte ptr ds:[eax-0x1] + * 001e9ae6 0fb649 ff movzx ecx,byte ptr ds:[ecx-0x1] + * 001e9aea eb 46 jmp short .001e9b32 + * 001e9aec 0fb640 fe movzx eax,byte ptr ds:[eax-0x2] + * 001e9af0 0fb649 fe movzx ecx,byte ptr ds:[ecx-0x2] + * 001e9af4 eb 3c jmp short .001e9b32 + * 001e9af6 0fb640 fd movzx eax,byte ptr ds:[eax-0x3] + * 001e9afa 0fb649 fd movzx ecx,byte ptr ds:[ecx-0x3] + * 001e9afe eb 32 jmp short .001e9b32 + * 001e9b00 0fb640 fc movzx eax,byte ptr ds:[eax-0x4] + * 001e9b04 0fb649 fc movzx ecx,byte ptr ds:[ecx-0x4] + * 001e9b08 eb 28 jmp short .001e9b32 + * 001e9b0a 8b4d 0c mov ecx,dword ptr ss:[ebp+0xc] + * 001e9b0d 8b45 08 mov eax,dword ptr ss:[ebp+0x8] + * 001e9b10 8b75 fc mov esi,dword ptr ss:[ebp-0x4] + * 001e9b13 eb 0d jmp short .001e9b22 + * 001e9b15 8a10 mov dl,byte ptr ds:[eax] ; jichi: here, word by word + * 001e9b17 84d2 test dl,dl + * 001e9b19 74 11 je short .001e9b2c + * 001e9b1b 3a11 cmp dl,byte ptr ds:[ecx] + * 001e9b1d 75 0d jnz short .001e9b2c + * 001e9b1f 40 inc eax + * 001e9b20 46 inc esi + * 001e9b21 41 inc ecx + * 001e9b22 3bf3 cmp esi,ebx + * 001e9b24 ^72 ef jb short .001e9b15 + * 001e9b26 33c0 xor eax,eax + * 001e9b28 5e pop esi + * 001e9b29 5b pop ebx + * 001e9b2a c9 leave + * 001e9b2b c3 retn + */ +namespace +{ // unnamed + + // Characters to ignore: [%0-9A-Z] + bool Insert5pbHook1() + { + const BYTE bytes[] = { + 0xcc, // 0016d90e cc int3 + 0xcc, // 0016d90f cc int3 + 0x8b, 0x15, XX4, // 0016d910 8b15 782b6e06 mov edx,dword ptr ds:[0x66e2b78] ; .00b43bfe + 0x8a, 0x0a, // 0016d916 8a0a mov cl,byte ptr ds:[edx] ; jichi: hook here + 0x33, 0xc0, // 0016d918 33c0 xor eax,eax + 0x84, 0xc9 // 0016d91a 84c9 test cl,cl + }; + enum + { + addr_offset = 0x0016d916 - 0x0016d90e + }; + + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStopAddress); + // GROWL_DWORD3(addr+addr_offset, processStartAddress,processStopAddress); + if (!addr) + { + ConsoleOutput("5pb1: pattern not found"); + return false; + } + + HookParam hp; + hp.address = addr + addr_offset; + hp.offset = get_reg(regs::edx); + hp.type = USING_STRING; + ConsoleOutput("INSERT 5pb1"); + + // GDI functions are not used by 5pb games anyway. + // ConsoleOutput("5pb: disable GDI hooks"); + // + return NewHook(hp, "5pb1"); + } + + // Characters to ignore: [%@A-z] + inline bool _5pb2garbage_ch(char c) + { + return c == '%' || c == '@' || c >= 'A' && c <= 'z'; + } + + // 001e9b15 8a10 mov dl,byte ptr ds:[eax] ; jichi: here, word by word + void SpecialHook5pb2(hook_stack *stack, HookParam *hp, TextBuffer *buffer, uintptr_t *split) + { + static DWORD lasttext; + DWORD text = stack->eax; + if (lasttext == text) + return; + BYTE c = *(BYTE *)text; + if (!c) + return; + BYTE size = ::LeadByteTable[c]; // 1, 2, or 3 + if (size == 1 && _5pb2garbage_ch(*(LPCSTR)text)) + return; + lasttext = text; + buffer->from(text, size); + } + + bool Insert5pbHook2() + { + const BYTE bytes[] = { + 0x8a, 0x10, // 001e9b15 8a10 mov dl,byte ptr ds:[eax] ; jichi: here, word by word + 0x84, 0xd2, // 001e9b17 84d2 test dl,dl + 0x74, 0x11 // 001e9b19 74 11 je short .001e9b2c + }; + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStopAddress); + // GROWL_DWORD3(addr, processStartAddress,processStopAddress); + if (!addr) + { + ConsoleOutput("5pb2: pattern not found"); + return false; + } + + HookParam hp; + hp.address = addr; + hp.type = USING_STRING; + hp.text_fun = SpecialHook5pb2; + ConsoleOutput("INSERT 5pb2"); + + // GDI functions are not used by 5pb games anyway. + // ConsoleOutput("5pb: disable GDI hooks"); + // + return NewHook(hp, "5pb2"); + } + + /** jichi 2/2/2015: New 5pb hook + * Sample game: Hyperdimension.Neptunia.ReBirth1 + * + * Debugging method: hardware breakpoint and find function in msvc110 + * Then, backtrack the function stack to find proper function. + * + * Hooked function: 558BEC56FF750C8BF1FF75088D460850 + * + * 0025A12E CC INT3 + * 0025A12F CC INT3 + * 0025A130 55 PUSH EBP + * 0025A131 8BEC MOV EBP,ESP + * 0025A133 56 PUSH ESI + * 0025A134 FF75 0C PUSH DWORD PTR SS:[EBP+0xC] + * 0025A137 8BF1 MOV ESI,ECX + * 0025A139 FF75 08 PUSH DWORD PTR SS:[EBP+0x8] + * 0025A13C 8D46 08 LEA EAX,DWORD PTR DS:[ESI+0x8] + * 0025A13F 50 PUSH EAX + * 0025A140 E8 DB100100 CALL .0026B220 + * 0025A145 8B8E 988D0000 MOV ECX,DWORD PTR DS:[ESI+0x8D98] + * 0025A14B 8988 80020000 MOV DWORD PTR DS:[EAX+0x280],ECX + * 0025A151 8B8E A08D0000 MOV ECX,DWORD PTR DS:[ESI+0x8DA0] + * 0025A157 8988 88020000 MOV DWORD PTR DS:[EAX+0x288],ECX + * 0025A15D 8B8E A88D0000 MOV ECX,DWORD PTR DS:[ESI+0x8DA8] + * 0025A163 8988 90020000 MOV DWORD PTR DS:[EAX+0x290],ECX + * 0025A169 8B8E B08D0000 MOV ECX,DWORD PTR DS:[ESI+0x8DB0] + * 0025A16F 8988 98020000 MOV DWORD PTR DS:[EAX+0x298],ECX + * 0025A175 83C4 0C ADD ESP,0xC + * 0025A178 8D8E 188B0000 LEA ECX,DWORD PTR DS:[ESI+0x8B18] + * 0025A17E E8 DDD8FEFF CALL .00247A60 + * 0025A183 5E POP ESI + * 0025A184 5D POP EBP + * 0025A185 C2 0800 RETN 0x8 + * 0025A188 CC INT3 + * 0025A189 CC INT3 + * + * Runtime stack, text in arg1, and name in arg2: + * + * 0015F93C 00252330 RETURN to .00252330 from .0025A130 + * 0015F940 181D0D4C ASCII "That's my line! I won't let any of you + * take the title of True Goddess!" + * 0015F944 0B8B4D20 ASCII " White Heart " + * 0015F948 0B8B5528 + * 0015F94C 0B8B5524 + * 0015F950 /0015F980 + * 0015F954 |0026000F RETURN to .0026000F from .002521D0 + * + * + * Another candidate funciton for backup usage. + * Previous text in arg1. + * Current text in arg2. + * Current name in arg3. + * + * 0026B21C CC INT3 + * 0026B21D CC INT3 + * 0026B21E CC INT3 + * 0026B21F CC INT3 + * 0026B220 55 PUSH EBP + * 0026B221 8BEC MOV EBP,ESP + * 0026B223 81EC A0020000 SUB ESP,0x2A0 + * 0026B229 BA A0020000 MOV EDX,0x2A0 + * 0026B22E 53 PUSH EBX + * 0026B22F 8B5D 08 MOV EBX,DWORD PTR SS:[EBP+0x8] + * 0026B232 56 PUSH ESI + * 0026B233 57 PUSH EDI + * 0026B234 8D041A LEA EAX,DWORD PTR DS:[EDX+EBX] + * 0026B237 B9 A8000000 MOV ECX,0xA8 + * 0026B23C 8BF3 MOV ESI,EBX + * 0026B23E 8DBD 60FDFFFF LEA EDI,DWORD PTR SS:[EBP-0x2A0] + * 0026B244 F3:A5 REP MOVS DWORD PTR ES:[EDI],DWORD PTR DS> + * 0026B246 B9 A8000000 MOV ECX,0xA8 + * 0026B24B 8BF0 MOV ESI,EAX + * 0026B24D 8BFB MOV EDI,EBX + * 0026B24F F3:A5 REP MOVS DWORD PTR ES:[EDI],DWORD PTR DS> + * 0026B251 81C2 A0020000 ADD EDX,0x2A0 + * 0026B257 B9 A8000000 MOV ECX,0xA8 + * 0026B25C 8DB5 60FDFFFF LEA ESI,DWORD PTR SS:[EBP-0x2A0] + * 0026B262 8BF8 MOV EDI,EAX + * 0026B264 F3:A5 REP MOVS DWORD PTR ES:[EDI],DWORD PTR DS> + * 0026B266 81FA 40830000 CMP EDX,0x8340 + * 0026B26C ^7C C6 JL SHORT .0026B234 + * 0026B26E 8BCB MOV ECX,EBX + * 0026B270 E8 EBC7FDFF CALL .00247A60 + * 0026B275 FF75 0C PUSH DWORD PTR SS:[EBP+0xC] + * 0026B278 8B35 D8525000 MOV ESI,DWORD PTR DS:[0x5052D8] ; msvcr110.sprintf + * 0026B27E 68 805C5000 PUSH .00505C80 ; ASCII "%s" + * 0026B283 53 PUSH EBX + * 0026B284 FFD6 CALL ESI + * 0026B286 FF75 10 PUSH DWORD PTR SS:[EBP+0x10] + * 0026B289 8D83 00020000 LEA EAX,DWORD PTR DS:[EBX+0x200] + * 0026B28F 68 805C5000 PUSH .00505C80 ; ASCII "%s" + * 0026B294 50 PUSH EAX + * 0026B295 FFD6 CALL ESI + * 0026B297 83C4 18 ADD ESP,0x18 + * 0026B29A 8BC3 MOV EAX,EBX + * 0026B29C 5F POP EDI + * 0026B29D 5E POP ESI + * 0026B29E 5B POP EBX + * 0026B29F 8BE5 MOV ESP,EBP + * 0026B2A1 5D POP EBP + * 0026B2A2 C3 RETN + * 0026B2A3 CC INT3 + * 0026B2A4 CC INT3 + * 0026B2A5 CC INT3 + * 0026B2A6 CC INT3 + */ + void SpecialHook5pb3(hook_stack *stack, HookParam *hp, TextBuffer *buffer, uintptr_t *split) + { + int index = 0; + // Text in arg1, name in arg2 + if (LPCSTR text = (LPCSTR)stack->stack[index + 1]) + if (*text) + { + if (index) // trim spaces in character name + while (*text == ' ') + text++; + size_t sz = ::strlen(text); + if (index) + while (sz && text[sz - 1] == ' ') + sz--; + *split = FIXED_SPLIT_VALUE << index; + buffer->from(text, sz); + } + } + bool Insert5pbHook3() + { + const BYTE bytes[] = { + // function starts + 0x55, // 0025A130 55 PUSH EBP + 0x8b, 0xec, // 0025A131 8BEC MOV EBP,ESP + 0x56, // 0025A133 56 PUSH ESI + 0xff, 0x75, 0x0c, // 0025A134 FF75 0C PUSH DWORD PTR SS:[EBP+0xC] + 0x8b, 0xf1, // 0025A137 8BF1 MOV ESI,ECX + 0xff, 0x75, 0x08, // 0025A139 FF75 08 PUSH DWORD PTR SS:[EBP+0x8] + 0x8d, 0x46, 0x08, // 0025A13C 8D46 08 LEA EAX,DWORD PTR DS:[ESI+0x8] + 0x50, // 0025A13F 50 PUSH EAX + 0xe8 // 0025A140 E8 DB100100 CALL .0026B220 + }; + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStopAddress); + // GROWL_DWORD3(addr, processStartAddress,processStopAddress); + if (!addr) + { + ConsoleOutput("5pb2: pattern not found"); + return false; + } + + HookParam hp; + hp.address = addr; + hp.type = USING_STRING | NO_CONTEXT; + hp.text_fun = SpecialHook5pb3; + hp.filter_fun = NewLineCharToSpaceFilterA; // replace '\n' by ' ' + ConsoleOutput("INSERT 5pb3"); + + // GDI functions are not used by 5pb games anyway. + // ConsoleOutput("5pb: disable GDI hooks"); + // + return NewHook(hp, "5pb3"); + } +} // unnamed namespace + +bool Insert5pbHook() +{ + bool ok = Insert5pbHook1(); + ok = Insert5pbHook2() || ok; + ok = Insert5pbHook3() || ok; + return ok; +} +bool Insert5pbHookex() +{ + // 祝姬 + const BYTE bytes[] = { + 0x0F, 0xB6, 0xC2, 0x35, 0xC5, 0x9D, 0x1C, 0x81}; + auto addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStopAddress); + if (addr == 0) + return false; + const BYTE start[] = { + 0x55, 0x8b, 0xec, 0x83, 0xe4}; + addr = reverseFindBytes(start, sizeof(start), addr - 0x40, addr); + if (addr == 0) + return false; + HookParam hp; + hp.address = addr; + hp.offset = get_reg(regs::ecx); + hp.type = CODEC_UTF16; + + return NewHook(hp, "5pb"); +} + +bool InsertStuffScriptHook() +{ + // BOOL GetTextExtentPoint32( + // _In_ HDC hdc, + // _In_ LPCTSTR lpString, + // _In_ int c, + // _Out_ LPSIZE lpSize + // ); + HookParam hp; + hp.address = (DWORD)::GetTextExtentPoint32A; + hp.offset = get_stack(2); // arg2 lpString + hp.split = get_reg(regs::esp); + hp.type = USING_STRING | USING_SPLIT; + ConsoleOutput("INSERT StuffScriptEngine"); + return NewHook(hp, "StuffScriptEngine"); + // RegisterEngine(ENGINE_STUFFSCRIPT); +} +bool StuffScript2Filter(LPVOID data, size_t *size, HookParam *) +{ + auto text = reinterpret_cast(data); + auto len = reinterpret_cast(size); + + if (text[0] == '-') + { + StringFilter(text, len, "-/-", 3); + StringFilterBetween(text, len, "-", 1, "-", 1); + } + StringCharReplacer(text, len, "_n_r", 4, '\n'); + StringCharReplacer(text, len, "_r", 2, ' '); + StringFilter(text, len, "\\n", 2); + StringFilter(text, len, "_n", 2); + + return true; +} +bool InsertStuffScript2Hook() +{ + + /* + * Sample games: + * https://vndb.org/r41537 + * https://vndb.org/r41539 + */ + const BYTE bytes[] = { + 0x0F, XX, XX4, // jne tokyobabel.exe+3D4E8 + 0xB9, XX4, // mov ecx,tokyobabel.exe+54EAC + 0x8D, 0x85, XX4, // lea eax,[ebp+tokyobabel.exe+59B968] + 0x8A, 0x10, // mov dl,[eax] <-- hook here + 0x3A, 0x11, // cmp dl,[ecx] + 0x75, 0x1A, // jne tokyobabel.exe+3D1D7 + 0x84, 0xD2, // test dl,dl + 0x74, 0x12, // je tokyobabel.exe+3D1D3 + 0x8A, 0x50, 0x01, // mov dl,[eax+01] + 0x3A, 0x51, 0x01, // cmp dl,[ecx+01] + 0x75, 0x0E, // jne tokyobabel.exe+3D1D7 + 0x83, 0xC0, 0x02, // add eax,02 + 0x83, 0xC1, 0x02, // add ecx,02 + 0x84, 0xD2, // test dl,dl + 0x75, 0xE4, // jne Agreement.exe+4F538 + 0x33, 0xC0, // xor eax,eax + 0xEB, 0x05, // jmp Agreement.exe+4F55D + 0x1B, 0xC0, // sbb eax,eax + 0x83, 0xD8, 0xFF, // sbb eax,-01 + XX2, // cmp eax,edi + 0x0F, 0x84, XX4 // je tokyobabel.exe+3D4E8 + }; + ULONG range = min(processStopAddress - processStartAddress, MAX_REL_ADDR); + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStartAddress + range); + if (!addr) + return false; + + HookParam hp; + hp.address = addr + 0x11; + hp.offset = get_reg(regs::eax); + hp.index = 0; + hp.type = USING_STRING | NO_CONTEXT; + hp.filter_fun = StuffScript2Filter; + ConsoleOutput("INSERT StuffScript2"); + return NewHook(hp, "StuffScript2"); +} +bool StuffScript3Filter(LPVOID data, size_t *size, HookParam *) +{ + auto text = reinterpret_cast(data); + auto len = reinterpret_cast(size); + + if (text[0] == '\x81' && text[1] == '\x40') + { // removes space at the beginning of the sentence + *len -= 2; + ::memmove(text, text + 2, *len); + } + + StringFilterBetween(text, len, "/\x81\x79", 3, "\x81\x7A", 2); // remove hidden name + StringFilterBetween(text, len, "[", 1, "]", 1); // garbage + + // ruby + CharFilter(text, len, '<'); + StringFilterBetween(text, len, ",", 1, ">", 1); + + StringCharReplacer(text, len, "_r\x81\x40", 4, ' '); + StringCharReplacer(text, len, "_r", 2, ' '); + + return true; +} +bool InsertStuffScript3Hook() +{ + /* + * Sample games: + * https://vndb.org/v3111 + */ + const BYTE bytes[] = { + 0xCC, // int 3 + 0x81, 0xEC, XX4, // sub esp,00000140 <-- hook here + 0xA1, XX4, // mov eax,[EVOLIMIT.exe+8C1F0] + 0x33, 0xC4, // xor eax,esp + 0x89, 0x84, 0x24, XX4, // mov [esp+0000013C],eax + 0x53, // push ebx + 0x55, // push ebp + 0x8B, 0xAC, 0x24, XX4, // mov ebp,[esp+0000014C] + 0x8B, 0x45, 0x2C // mov eax,[ebp+2C] + }; + ULONG range = min(processStopAddress - processStartAddress, MAX_REL_ADDR); + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStartAddress + range); + if (!addr) + return false; + + HookParam hp = {}; + hp.address = addr + 1; + hp.offset = get_reg(regs::ecx); + hp.type = USING_STRING | NO_CONTEXT; + hp.filter_fun = StuffScript3Filter; + NewHook(hp, "StuffScript3"); + return true; +} +bool StuffScript_attach_function() +{ + auto _ = InsertStuffScriptHook(); + _ |= InsertStuffScript2Hook(); + _ |= InsertStuffScript3Hook(); + return _; +} +bool _5pb::attach_function() +{ + bool b1 = Insert5pbHook(); + bool b2 = Insert5pbHookex(); + bool b3 = hookmages::MAGES(); + bool sf = StuffScript_attach_function(); + return b1 || b2 || b3 || sf; +} + +bool KaleidoFilter(LPVOID data, size_t *size, HookParam *) +{ + auto text = reinterpret_cast(data); + auto len = reinterpret_cast(size); + + // Unofficial eng TL with garbage newline spaces + StringCharReplacer(text, len, " \\n ", 4, ' '); + StringCharReplacer(text, len, " \\n", 3, ' '); + StringCharReplacer(text, len, "\\n", 2, ' '); + StringCharReplacer(text, len, "\xEF\xBC\x9F", 3, '?'); + + return true; +} + +bool InsertKaleidoHook() +{ + + /* + * Sample games: + * https://vndb.org/v29889 + */ + const BYTE bytes[] = { + 0xFF, 0x75, 0xD4, // push [ebp-2C] + 0xE8, XX4, // call 5toubun.exe+1DD0 + 0x83, 0xC4, 0x0C, // add esp,0C + 0x8A, 0xC3, // mov al,bl + 0x8B, 0x4D, 0xF4, // mov ecx,[ebp-0C] + 0x64, 0x89, 0x0D, XX4, // mov fs:[00000000],ecx + 0x59 // pop ecx << hook here + }; + enum + { + addr_offset = sizeof(bytes) - 1 + }; + + ULONG range = min(processStopAddress - processStartAddress, MAX_REL_ADDR); + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStartAddress + range); + if (!addr) + return false; + + HookParam hp; + hp.address = addr + addr_offset; + hp.offset = get_reg(regs::esi); + hp.index = 0; + hp.split = get_stack(3); + hp.split_index = 0; + hp.type = USING_STRING | USING_SPLIT; + hp.filter_fun = KaleidoFilter; + ConsoleOutput(" INSERT Kaleido"); + + return NewHook(hp, "Kaleido"); +} +namespace +{ // ANONYMOUS;CODE 官中 + bool __1() + { + BYTE bytes[] = { + 0x8d, 0x45, 0xf4, 0x64, 0xA3, 0x00, 0x00, 0x00, 0x00, 0x8b, 0xf1, 0x8a, 0x46, 0x2c, 0x8b, 0x55, 0x08, 0x84, 0xc0, 0x74, 0x04, 0x32, 0xc0}; + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStopAddress); + if (!addr) + return false; + addr = MemDbg::findEnclosingAlignedFunction(addr); + if (addr == 0) + return false; + HookParam hp; + hp.address = addr; + hp.offset = get_stack(1); + hp.type = USING_STRING | CODEC_UTF8 | EMBED_ABLE | EMBED_AFTER_NEW; + hp.newlineseperator = L"\\n"; + return NewHook(hp, "5bp"); + } + bool __() + { + BYTE sig1[] = { + 0x81, 0xFE, 0xF0, 0x00, 0x00, 0x00}; + BYTE sig2[] = { + 0x81, 0xFE, 0xF8, 0x00, 0x00, 0x00}; + BYTE sig3[] = { + 0x81, 0xFE, 0xFC, 0x00, 0x00, 0x00}; + BYTE sig4[] = { + 0x81, 0xFE, 0xFE, 0x00, 0x00, 0x00}; + BYTE sig5[] = { + 0x81, 0xFE, 0x80, 0x00, 0x00, 0x00}; + BYTE sig6[] = { + 0x81, 0xFE, 0xE0, 0x00, 0x00, 0x00}; + std::unordered_map addr_hit; + for (auto sigsz : std::vector>{{sig1, sizeof(sig1)}, {sig2, sizeof(sig2)}, {sig3, sizeof(sig3)}, {sig4, sizeof(sig4)}, {sig5, sizeof(sig5)}, {sig6, sizeof(sig6)}}) + { + for (auto addr : Util::SearchMemory(sigsz.first, sigsz.second, PAGE_EXECUTE, processStartAddress, processStopAddress)) + { + addr = MemDbg::findEnclosingAlignedFunction(addr); + if (addr == 0) + continue; + if (addr_hit.find(addr) == addr_hit.end()) + { + addr_hit[addr] = 1; + } + else + addr_hit[addr] += 1; + } + } + DWORD addr = 0; + int m = 0; + for (auto _ : addr_hit) + { + if (_.second > m) + { + m = _.second; + addr = _.first; + } + } + if (!addr) + return false; + + HookParam hp; + hp.address = addr; + hp.offset = get_stack(1); + hp.type = USING_STRING | CODEC_UTF8; + hp.filter_fun = [](LPVOID data, size_t *size, HookParam *) + { + auto text = reinterpret_cast(data); + auto len = reinterpret_cast(size); + StringCharReplacer(text, len, "\\n", 2, '\n'); + return true; + }; + return NewHook(hp, "5bp"); + } +} // namespace name +namespace +{ + bool __2() + { + // レヱル・ロマネスク origin 多国語版 + // https://vndb.org/r119877 + // char __thiscall sub_426B70(float *this, int a2, int a3, int a4, int a5, char a6, char a7) + BYTE bytes[] = { + 0x0f, 0xb7, 0x04, 0x72, + 0x46, + 0x89, 0x85, XX4, + 0x0f, 0xb7, 0xc0, + 0x83, 0xc0, 0xf6, + 0x83, 0xf8, 0x52, + 0x0f, 0x87}; + auto addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStopAddress); + if (!addr) + return false; + addr = MemDbg::findEnclosingAlignedFunction_strict(addr); + if (!addr) + return false; + HookParam hp; + hp.address = addr; + hp.offset = get_stack(1); + hp.split = get_stack(2); + hp.type = USING_SPLIT | USING_STRING | FULL_STRING | CODEC_UTF16 | EMBED_ABLE | EMBED_AFTER_NEW; // 中文显示不出来 + hp.filter_fun = [](LPVOID data, size_t *size, HookParam *) + { + // そうして、[おひとよ,2]御一夜――\n眼下に広がるこの町も、僕を間違いなく救ってくれた。 + // 「行政に関しての最大の変化は、市長です。\n現在の市長には[ひない,1]雛衣・ポーレットが就任しています」 + // 「なるほど。それゆえ、御一夜は衰退し、\n\x%lエアクラ;#00ffc040;エアクラ%l;#;工場の誘致話が持ち上がったわけか?」 + // 「ナビ。お前も\x%lエアクラ;#00ffc040;エアクラ%l;#;の仲間だったな。\n気を悪くしたか?」 + auto text = reinterpret_cast(data); + auto len = reinterpret_cast(size); + auto xx = std::wstring(text, *len / 2); + xx = std::regex_replace(xx, std::wregex(L"\\[(.*?),\\d\\]"), L"$1"); + xx = std::regex_replace(xx, std::wregex(L"\\\\x%l(.*?);(.*?);(.*?);#;"), L"$1"); + return write_string_overwrite(data, size, xx); + }; + hp.newlineseperator = L"\\n"; + return NewHook(hp, "5bp"); + } + +} + +bool _5pb_2::attach_function() +{ + bool ___1 = __1() || __(); + ___1 |= __2(); + return InsertKaleidoHook() || ___1; +} \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine32/5pb.h b/cpp/LunaHook/LunaHook/engine32/5pb.h new file mode 100644 index 00000000..e231c66b --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/5pb.h @@ -0,0 +1,26 @@ + + +class _5pb : public ENGINE +{ +public: + _5pb() + { + is_engine_certain = false; + check_by = CHECK_BY::FILE_ANY; + check_by_target = check_by_list{L"data\\*.cpk", L"*.cpk", L"*.mpk", L"USRDIR\\*.mpk"}; + }; + bool attach_function(); +}; + +class _5pb_2 : public ENGINE +{ +public: + _5pb_2() + { + + check_by = CHECK_BY::FILE; + check_by_target = L"windata/script_body.bin"; + is_engine_certain = false; + }; + bool attach_function(); +}; \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine32/A98SYS.cpp b/cpp/LunaHook/LunaHook/engine32/A98SYS.cpp new file mode 100644 index 00000000..ea7504dd --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/A98SYS.cpp @@ -0,0 +1,29 @@ +#include "A98SYS.h" + +bool A98SYS::attach_function() +{ + // https://vndb.org/v6447 + // Rainy Blue ~6月の雨~ + + auto addrs = findiatcallormov_all((DWORD)::ExtTextOutA, processStartAddress, processStartAddress, processStopAddress, PAGE_EXECUTE); + if (addrs.size() != 2) + return false; + auto addr = addrs[1]; + addr = MemDbg::findEnclosingAlignedFunction(addr); + if (!addr) + return false; + auto addrs1 = findxref_reverse_checkcallop(addr, processStartAddress, processStopAddress, 0xe8); + if (!addrs1.size()) + return false; + addr = addrs1[0]; + addr = MemDbg::findEnclosingAlignedFunction(addr); + if (!addr) + return false; + HookParam hp; + hp.address = addr; + hp.offset = get_stack(1); + hp.type = USING_STRING | EMBED_ABLE | EMBED_AFTER_NEW | EMBED_DYNA_SJIS; + hp.hook_font = F_ExtTextOutA; + + return NewHook(hp, "A98SYS"); +} \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine32/A98SYS.h b/cpp/LunaHook/LunaHook/engine32/A98SYS.h new file mode 100644 index 00000000..dd25cb02 --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/A98SYS.h @@ -0,0 +1,13 @@ + + +class A98SYS : public ENGINE +{ +public: + A98SYS() + { + + check_by = CHECK_BY::FILE; + check_by_target = L"A98SYS.PAK"; // STREAM.PAK + }; + bool attach_function(); +}; \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine32/AB2Try.cpp b/cpp/LunaHook/LunaHook/engine32/AB2Try.cpp new file mode 100644 index 00000000..524089bc --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/AB2Try.cpp @@ -0,0 +1,74 @@ +#include "AB2Try.h" + +/******************************************************************************************** +AkabeiSoft2Try hook: + Game folder contains YaneSDK.dll. Maybe we should call the engine Yane(屋� = roof)? + This engine is based on .NET framework. This really makes it troublesome to locate a + valid hook address. The problem is that the engine file merely contains bytecode for + the CLR. Real meaningful object code is generated dynamically and the address is randomized. + Therefore the easiest method is to brute force search whole address space. While it's not necessary + to completely search the whole address space, since non-executable pages can be excluded first. + The generated code sections do not belong to any module(exe/dll), hence they do not have + a section name. So we can also exclude executable pages from all modules. At last, the code + section should be long(>0x2000). The remain address space should be several MBs in size and + can be examined in reasonable time(less than 0.1s for P8400 Win7x64). + Characteristic sequence is 0F B7 44 50 0C, stands for movzx eax, word ptr [edx*2 + eax + C]. + Obviously this instruction extracts one unicode character from a string. + A main shortcoming is that the code is not generated if it hasn't been used yet. + So if you are in title screen this approach will fail. + +********************************************************************************************/ +namespace +{ // unnamed + + typedef struct _NSTRING + { + PVOID vfTable; + DWORD lenWithNull; + DWORD lenWithoutNull; + WCHAR str[1]; + } NSTRING; + + // qsort correctly identifies overflow. + int cmp(const void *a, const void *b) + { + return *(int *)a - *(int *)b; + } + + void SpecialHookAB2Try(hook_stack *stack, HookParam *hp, TextBuffer *buffer, uintptr_t *split) + { + // DWORD test = *(DWORD*)(esp_base - 0x10); + DWORD edx = stack->edx; + if (edx != 0) + return; + + // NSTRING *s = *(NSTRING **)(esp_base - 8); + if (const NSTRING *s = (NSTRING *)stack->eax) + { + buffer->from(s->str, s->lenWithoutNull << 1); + //*split = 0; + *split = FIXED_SPLIT_VALUE; // 8/3/2014 jichi: change to single threads + } + } + + bool FindCharacteristInstruction() + { + const BYTE bytes[] = {0x0F, 0xB7, 0x44, 0x50, 0x0C, 0x89}; + for (auto addr : Util::SearchMemory(bytes, sizeof(bytes), PAGE_EXECUTE_READWRITE)) + { + // GROWL_DWORD(addr); + HookParam hp; + hp.address = addr; + hp.text_fun = SpecialHookAB2Try; + hp.type = USING_STRING | NO_CONTEXT | CODEC_UTF16; + // ConsoleOutput("Please adjust text speed to fastest/immediate."); + // RegisterEngineType(ENGINE_AB2T); + return NewHook(hp, "AB2Try"); + } + return false; + } +} // unnamed namespace +bool AB2Try::attach_function() +{ + return FindCharacteristInstruction(); +} \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine32/AB2Try.h b/cpp/LunaHook/LunaHook/engine32/AB2Try.h new file mode 100644 index 00000000..d3f83fb1 --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/AB2Try.h @@ -0,0 +1,13 @@ + + +class AB2Try : public ENGINE +{ +public: + AB2Try() + { + + check_by = CHECK_BY::FILE; + check_by_target = L"Yanesdk.dll"; + }; + bool attach_function(); +}; \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine32/ACTGS.cpp b/cpp/LunaHook/LunaHook/engine32/ACTGS.cpp new file mode 100644 index 00000000..94e7a813 --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/ACTGS.cpp @@ -0,0 +1,28 @@ +#include "ACTGS.h" + +bool ACTGS::attach_function() +{ + const BYTE bytes[] = { + 0x0F, 0xBE, 0xD0, + 0x83, 0xFA, 0x20, + 0x74, XX, + 0x83, 0xfa, 0x09, + 0x75, XX + + }; + ULONG range = min(processStopAddress - processStartAddress, MAX_REL_ADDR); + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStartAddress + range); + if (!addr) + return false; + + addr = findfuncstart(addr); + if (!addr) + return false; + HookParam hp; + hp.address = addr; + hp.offset = get_stack(2); + hp.type = USING_STRING; + hp.filter_fun = all_ascii_Filter; + + return NewHook(hp, "ACTGS"); +} \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine32/ACTGS.h b/cpp/LunaHook/LunaHook/engine32/ACTGS.h new file mode 100644 index 00000000..79e4ae0b --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/ACTGS.h @@ -0,0 +1,13 @@ + + +class ACTGS : public ENGINE +{ +public: + ACTGS() + { + + check_by = CHECK_BY::RESOURCE_STR; + check_by_target = L"ACTRESS Game System"; + }; + bool attach_function(); +}; \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine32/AGE_System.cpp b/cpp/LunaHook/LunaHook/engine32/AGE_System.cpp new file mode 100644 index 00000000..d215102a --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/AGE_System.cpp @@ -0,0 +1,57 @@ +#include "AGE_System.h" +namespace +{ + + DWORD findx() + { + // 已破解 + auto addr = findiatcallormov((DWORD)GetGlyphOutlineA, processStartAddress, processStartAddress, processStopAddress, true, 0x1d); // mov ebx, ds:GetGlyphOutlineA + if (addr) + return addr; + // 未破解 + // v8 = _mbsnextc(String); + BYTE sig[] = { + 0x8b, 0x4c, 0x24, 0x04, + 0x33, 0xd2, + 0x0f, 0xb6, 0x01, + 0xf6, 0x80, XX4, 0x04, + 0x74, 0x06, + 0xc1, 0xe0, 0x08, + 0x8b, 0xd0, + 0x41, + 0x0f, 0xb6, 0x01, + 0x03, 0xc2, + 0xc3}; + addr = MemDbg::findBytes(sig, sizeof(sig), processStartAddress, processStopAddress); + if (!addr) + return 0; + auto addr2 = findxref_reverse_checkcallop(addr, processStartAddress, processStopAddress, 0xe8); + if (addr2.size() != 2) + return 0; + return addr2[1]; + } +} +bool AGE_System::attach_function() +{ + //(18禁ゲーム) [170331] [ルネ] ようこそ! スケベエルフの森へ パッケージ版 + auto addr = findx(); + if (!addr) + return false; + addr = MemDbg::findEnclosingAlignedFunction(addr); + if (!addr) + return false; + auto addr2 = findxref_reverse_checkcallop(addr, addr - 0x1000, addr + 0x1000, 0xe8); + if (addr2.size() != 1) + return false; + + auto addr21 = MemDbg::findEnclosingAlignedFunction(addr2[0]); + if (!addr21) + return false; + + HookParam hp; + hp.address = addr21; + hp.offset = get_stack(3); + hp.type = USING_STRING | EMBED_ABLE | EMBED_DYNA_SJIS | EMBED_AFTER_NEW; + hp.hook_font = F_GetGlyphOutlineA; + return NewHook(hp, "AGE_System"); +} \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine32/AGE_System.h b/cpp/LunaHook/LunaHook/engine32/AGE_System.h new file mode 100644 index 00000000..ab2c6c0f --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/AGE_System.h @@ -0,0 +1,53 @@ + +/* +FILEVERSION 1,0,0,1 +PRODUCTVERSION 1,0,0,1 +FILEFLAGSMASK 0x3F +FILEFLAGS 0x0 +FILEOS VOS_NT_WINDOWS32 +FILETYPE VFT_APP +FILESUBTYPE 0x0 +{ + BLOCK "StringFileInfo" + { + BLOCK "041104b0" + { + VALUE "Comments" + VALUE "CompanyName", " " + VALUE "FileDescription", "AGE_System" + VALUE "FileVersion", "1, 0, 0, 1" + VALUE "InternalName", "AGE_System" + VALUE "LegalCopyright", "Copyright (C) 2012" + VALUE "LegalTrademarks" + VALUE "OriginalFilename", "AGE_System.exe" + VALUE "PrivateBuild" + VALUE "ProductName", "AGE_System" + VALUE "ProductVersion", "1, 0, 0, 1" + VALUE "SpecialBuild" + } + } + BLOCK "VarFileInfo" + { + VALUE "Translation", 0x411, 1200 + } +} + +*/ +//(18禁ゲーム) [170331] [ルネ] ようこそ! スケベエルフの森へ パッケージ版 +class AGE_System : public ENGINE +{ +public: + AGE_System() + { + + check_by = CHECK_BY::CUSTOM; + check_by_target = []() + { + auto s = check_by_list{L"Agrd.pac", L"vic.pac", L"se.pac", L"mus.pac"}; + return Util::SearchResourceString(L"AGE_System") // 已破解 + || std::all_of(s.begin(), s.end(), [](auto f) + { return Util::CheckFile_exits(f, true); }); // 未破解 + }; + }; + bool attach_function(); +}; \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine32/AGS.cpp b/cpp/LunaHook/LunaHook/engine32/AGS.cpp new file mode 100644 index 00000000..5fb01b2d --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/AGS.cpp @@ -0,0 +1,91 @@ +#include "AGS.h" + +bool InsertAGSHook() +{ + + const BYTE bytes1[] = { + /*.text:0043E3A0 55 push ebp + .text : 0043E3A1 8B EC mov ebp, esp + .text : 0043E3A3 83 EC 38 sub esp, 38h + .text : 0043E3A6 53 push ebx + .text : 0043E3A7 56 push esi + .text : 0043E3A8 8B F1 mov esi, ecx*/ + 0x55, + 0x8b, 0xec, + 0x83, 0xec, 0x38, 0x53, 0x56, 0x8b, 0xf1}; + + ULONG addr = MemDbg::findBytes(bytes1, sizeof(bytes1), processStartAddress, processStopAddress); + if (!addr) + { + return false; + } + const BYTE bytes2[] = { + /* .text:0043E95E FF 75 08 push[ebp + arg_0] + .text:0043E961 8B CE mov ecx, esi + .text : 0043E963 E8 38 FA FF FF call sub_43E3A0*/ + 0xff, 0x75, 0x08, + 0x8b, 0xce}; + bool ok = false; + + auto addrs = findrelativecall(bytes2, sizeof(bytes2), addr, processStartAddress, processStopAddress); + + for (auto addr : addrs) + { + addr = findfuncstart(addr); + if (!addr) + continue; + HookParam hp; + hp.address = addr; + hp.offset = get_reg(regs::eax); + hp.type = USING_STRING; + ConsoleOutput("INSERT HOOK_AGS %p", addr); + + ok |= NewHook(hp, "HOOK_AGS"); + } + + return ok; +} + +namespace +{ + bool hook2() + { + // 誘惑女教師~熟れた蜜の味~ + for (auto addr : findiatcallormov_all((DWORD)TextOutA, processStartAddress, processStartAddress, processStopAddress, PAGE_EXECUTE)) + { + + auto funcaddr = findfuncstart(addr, 0x1000); + ConsoleOutput("funcaddr %p", funcaddr); + if (!funcaddr) + continue; + BYTE sig1[] = {0x68, 0x00, 0x80, 0x00, 0x00, 0x6a, 0x00}; + BYTE sig2[] = {0x2D, 0xC0, 0x00, 0x00, 0x00, 0xC1, 0xE0, 0x08}; + BYTE sig3[] = {0x83, 0xC0, 0x80, 0xC1, 0xE0, 0x08}; + BYTE sig4[] = {0x3C, 0xA0, 0x0F, 0xB6, 0xC0}; + int found = 0; + for (auto sigsz : std::vector>{{sig1, sizeof(sig1)}, {sig2, sizeof(sig2)}, {sig3, sizeof(sig3)}, {sig4, sizeof(sig4)}}) + { + auto fd = MemDbg::findBytes(sigsz.first, sigsz.second, funcaddr, addr); + ConsoleOutput("%p", fd); + if (fd) + found += 1; + } + if (found == 4) + { + HookParam hp; + hp.address = funcaddr; + hp.type = DATA_INDIRECT; + hp.offset = get_stack(1); + hp.index = 0; + return NewHook(hp, "AGS"); + } + } + return false; + } +} + +bool AGS::attach_function() +{ + + return InsertAGSHook() || hook2(); +} \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine32/AGS.h b/cpp/LunaHook/LunaHook/engine32/AGS.h new file mode 100644 index 00000000..f258bd5b --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/AGS.h @@ -0,0 +1,14 @@ + + +class AGS : public ENGINE +{ +public: + AGS() + { + + check_by = CHECK_BY::FILE_ANY; + check_by_target = check_by_list{L"voice/*.pk", L"sound/*.pk", L"misc/*.pk"}; + is_engine_certain = false; + }; + bool attach_function(); +}; \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine32/AIL2.cpp b/cpp/LunaHook/LunaHook/engine32/AIL2.cpp new file mode 100644 index 00000000..53d0a6d9 --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/AIL2.cpp @@ -0,0 +1,63 @@ +#include "AIL2.h" +bool InsertAIL2Hook() +{ + auto findalign = [](uintptr_t addr1) + { + const BYTE pattern[] = {0x90, 0x90, 0x83, 0xec}; + return reverseFindBytes(pattern, sizeof(pattern), processStartAddress, addr1) + 2; + }; + bool succ = false; + BYTE bytes1[] = { + // .text:0042E5DF 3C 66 cmp al, 66h; 'f' + //.text:0042E5E1 74 57 jz short loc_42E63A + //.text : 0042E5E1 + //.text : 0042E5E3 3C 70 cmp al, 70h; 'p' + //.text:0042E5E5 74 4C jz short loc_42E633 + //.text : 0042E5E5 + //.text : 0042E5E7 3C 73 cmp al, 73h; 's' + //.text:0042E5E9 74 37 jz short loc_42E622 + 0x3c, 0x66, + 0x74, XX, + 0x3c, 0x70, + 0x74, XX, + 0x3c, 0x73, + 0x74, XX}; + auto addr1 = MemDbg::findBytes(bytes1, sizeof(bytes1), processStartAddress, processStopAddress); + if (addr1 == 0) + return false; + addr1 = findalign(addr1); + if (addr1 == 0) + return false; + ConsoleOutput("AIL1 %p", addr1); + HookParam hp; + hp.address = addr1; + hp.codepage = 932; + hp.offset = get_stack(3); + hp.type = USING_STRING; + succ |= NewHook(hp, "AIL1"); + + BYTE bytes[] = {// if ( v12 != 32 && v12 != 33088 ) + 0x3d, 0x40, 0x81, 0x00, 0x00, 0x0f}; + + addr1 = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStopAddress); + if (addr1 == 0) + return succ; + addr1 = MemDbg::findEnclosingAlignedFunction(addr1); + if (addr1 == 0) + return succ; + hp = {}; + hp.address = addr1; + hp.codepage = 932; + hp.offset = get_stack(4); + hp.type = USING_STRING | USING_SPLIT; + hp.split_index = 0; + succ |= NewHook(hp, "AIL2"); + + return succ; +} +bool AIL2::attach_function() +{ + // アイル + + return InsertAIL2Hook(); +} \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine32/AIL2.h b/cpp/LunaHook/LunaHook/engine32/AIL2.h new file mode 100644 index 00000000..846794e9 --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/AIL2.h @@ -0,0 +1,13 @@ + + +class AIL2 : public ENGINE +{ +public: + AIL2() + { + + check_by = CHECK_BY::FILE; + check_by_target = L"Gall*.dat"; + }; + bool attach_function(); +}; \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine32/AOS.cpp b/cpp/LunaHook/LunaHook/engine32/AOS.cpp new file mode 100644 index 00000000..82079f1d --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/AOS.cpp @@ -0,0 +1,307 @@ +#include "AOS.h" + +/** + * jichi 4/1/2014: Insert AOS hook + * About 彩斤�: http://erogetrailers.com/brand/165 + * About AOS: http://asmodean.reverse.net/pages/exaos.html + * + * Sample games: + * + * [140228] [Sugar Pot] 恋する少女と想�キセキ V1.00 H-CODE by �쿿 + * - /HB8*0@3C2F0:恋する少女と想�キセキ.exe + * - /HBC*0@3C190:恋する少女と想�キセキ.exe + * + * [120224] [Sugar Pot] ヂ�モノツキ + * + * LiLiM games + * + * /HB8*0@3C2F0:恋する少女と想�キセ + * - addr: 246512 = 0x3c2f0 + * - length_offset: 1 + * - module: 1814017450 + * - off: 8 + * - type: 72 = 0x48 + * + * 00e3c2ed cc int3 + * 00e3c2ee cc int3 + * 00e3c2ef cc int3 + * 00e3c2f0 /$ 51 push ecx ; jichi: hook here, function starts + * 00e3c2f1 |. a1 0c64eb00 mov eax,dword ptr ds:[0xeb640c] + * 00e3c2f6 |. 8b0d 7846eb00 mov ecx,dword ptr ds:[0xeb4678] + * 00e3c2fc |. 53 push ebx + * 00e3c2fd |. 55 push ebp + * 00e3c2fe |. 8b6c24 10 mov ebp,dword ptr ss:[esp+0x10] + * 00e3c302 |. 56 push esi + * 00e3c303 |. 8b35 c446eb00 mov esi,dword ptr ds:[0xeb46c4] + * 00e3c309 |. 57 push edi + * 00e3c30a |. 0fb63d c746eb00 movzx edi,byte ptr ds:[0xeb46c7] + * 00e3c311 |. 81e6 ffffff00 and esi,0xffffff + * 00e3c317 |. 894424 18 mov dword ptr ss:[esp+0x18],eax + * 00e3c31b |. 85ff test edi,edi + * 00e3c31d |. 74 6b je short 恋する�00e3c38a + * 00e3c31f |. 8bd9 mov ebx,ecx + * 00e3c321 |. 85db test ebx,ebx + * 00e3c323 |. 74 17 je short 恋する�00e3c33c + * 00e3c325 |. 8b4b 28 mov ecx,dword ptr ds:[ebx+0x28] + * 00e3c328 |. 56 push esi ; /color + * 00e3c329 |. 51 push ecx ; |hdc + * 00e3c32a |. ff15 3c40e800 call dword ptr ds:[<&gdi32.SetTextColor>>; \settextcolor + * 00e3c330 |. 89b3 c8000000 mov dword ptr ds:[ebx+0xc8],esi + * 00e3c336 |. 8b0d 7846eb00 mov ecx,dword ptr ds:[0xeb4678] + * 00e3c33c |> 0fbf55 1c movsx edx,word ptr ss:[ebp+0x1c] + * 00e3c340 |. 0fbf45 0a movsx eax,word ptr ss:[ebp+0xa] + * 00e3c344 |. 0fbf75 1a movsx esi,word ptr ss:[ebp+0x1a] + * 00e3c348 |. 03d7 add edx,edi + * 00e3c34a |. 03c2 add eax,edx + * 00e3c34c |. 0fbf55 08 movsx edx,word ptr ss:[ebp+0x8] + * 00e3c350 |. 03f7 add esi,edi + * 00e3c352 |. 03d6 add edx,esi + * 00e3c354 |. 85c9 test ecx,ecx + * 00e3c356 |. 74 32 je short 恋する�00e3c38a + */ + +bool InsertAOS1Hook() +{ + // jichi 4/2/2014: The starting of this function is different from ヂ�モノツキ + // So, use a pattern in the middle of the function instead. + // + // const BYTE bytes[] = { + // 0x51, // 00e3c2f0 /$ 51 push ecx ; jichi: hook here, function begins + // 0xa1, 0x0c,0x64,0xeb,0x00, // 00e3c2f1 |. a1 0c64eb00 mov eax,dword ptr ds:[0xeb640c] + // 0x8b,0x0d, 0x78,0x46,0xeb,0x00, // 00e3c2f6 |. 8b0d 7846eb00 mov ecx,dword ptr ds:[0xeb4678] + // 0x53, // 00e3c2fc |. 53 push ebx + // 0x55, // 00e3c2fd |. 55 push ebp + // 0x8b,0x6c,0x24, 0x10, // 00e3c2fe |. 8b6c24 10 mov ebp,dword ptr ss:[esp+0x10] + // 0x56, // 00e3c302 |. 56 push esi + // 0x8b,0x35, 0xc4,0x46,0xeb,0x00, // 00e3c303 |. 8b35 c446eb00 mov esi,dword ptr ds:[0xeb46c4] + // 0x57, // 00e3c309 |. 57 push edi + // 0x0f,0xb6,0x3d, 0xc7,0x46,0xeb,0x00, // 00e3c30a |. 0fb63d c746eb00 movzx edi,byte ptr ds:[0xeb46c7] + // 0x81,0xe6, 0xff,0xff,0xff,0x00 // 00e3c311 |. 81e6 ffffff00 and esi,0xffffff + //}; + // enum { addr_offset = 0 }; + + const BYTE bytes[] = { + 0x0f, 0xbf, 0x55, 0x1c, // 00e3c33c |> 0fbf55 1c movsx edx,word ptr ss:[ebp+0x1c] + 0x0f, 0xbf, 0x45, 0x0a, // 00e3c340 |. 0fbf45 0a movsx eax,word ptr ss:[ebp+0xa] + 0x0f, 0xbf, 0x75, 0x1a, // 00e3c344 |. 0fbf75 1a movsx esi,word ptr ss:[ebp+0x1a] + 0x03, 0xd7, // 00e3c348 |. 03d7 add edx,edi + 0x03, 0xc2, // 00e3c34a |. 03c2 add eax,edx + 0x0f, 0xbf, 0x55, 0x08, // 00e3c34c |. 0fbf55 08 movsx edx,word ptr ss:[ebp+0x8] + 0x03, 0xf7, // 00e3c350 |. 03f7 add esi,edi + 0x03, 0xd6, // 00e3c352 |. 03d6 add edx,esi + 0x85, 0xc9 // 00e3c354 |. 85c9 test ecx,ecx + }; + enum + { + addr_offset = 0x00e3c2f0 - 0x00e3c33c + }; // distance to the beginning of the function, which is 0x51 (push ecx) + ULONG range = min(processStopAddress - processStartAddress, MAX_REL_ADDR); + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStartAddress + range); + // GROWL(reladdr); + if (!addr) + { + ConsoleOutput("AOS1: pattern not found"); + return false; + } + addr += addr_offset; + // GROWL(addr); + enum + { + push_ecx = 0x51 + }; // beginning of the function + if (*(BYTE *)addr != push_ecx) + { + ConsoleOutput("AOS1: beginning of the function not found"); + return false; + } + + HookParam hp; + hp.address = addr; + hp.offset = get_stack(2); + hp.type = DATA_INDIRECT; + + ConsoleOutput("INSERT AOS1"); + + return NewHook(hp, "AOS1"); +} + +bool InsertAOS2Hook() +{ + const BYTE bytes[] = { + 0x51, // 00C4E7E0 /$ 51 PUSH ECX ; mireado: hook here, function begins + 0x33, 0xc0, // 00C4E7E1 |. 33C0 XOR EAX,EAX + 0x53, // 00C4E7E3 |. 53 PUSH EBX + 0x55, // 00C4E7E4 |. 55 PUSH EBP + 0x8b, 0x2d //, XX4, // 00C4E7E5 |. 8B2D 40A3CF00 MOV EBP,DWORD PTR DS:[0CFA340] ; mireado: some time changing 40A3CF00 => 40A3C000 + // 0x89,0x07, // 00C4E7EB |. 8907 MOV DWORD PTR DS:[EDI],EAX + // 0x89,0x47, 0x04 // 00C4E7ED |. 8947 04 MOV DWORD PTR DS:[EDI+4],EAX + // 0x56, // 00C4E7F0 |. 56 PUSH ESI + // 0x8b,0x75, 0x44 // 00C4E7F1 |. 8B75 44 MOV ESI,DWORD PTR SS:[EBP+44] + }; + + enum + { + addr_offset = 0 + }; // distance to the beginning of the function, which is 0x51 (push ecx) + ULONG range = min(processStopAddress - processStartAddress, MAX_REL_ADDR); + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStartAddress + range); + // GROWL(reladdr); + if (!addr) + { + ConsoleOutput("AOS2: pattern not found"); + return false; + } + addr += addr_offset; + // GROWL(addr); + enum + { + push_ecx = 0x51 + }; // beginning of the function + if (*(BYTE *)addr != push_ecx) + { + ConsoleOutput("AOS2: beginning of the function not found"); + return false; + } + + HookParam hp; + hp.address = addr; + hp.offset = get_stack(2); + hp.type = DATA_INDIRECT; + + ConsoleOutput("INSERT AOS2"); + + return NewHook(hp, "AOS2"); +} + +bool InsertAOSHook() +{ + return InsertAOS1Hook() || InsertAOS2Hook(); +} + +namespace +{ + + DWORD calladdr(DWORD addr) + { + if (addr == 0) + return 0; + BYTE callop[] = {0xe8}; + addr = reverseFindBytes(callop, sizeof(callop), addr - 0x20, addr); + if (addr == 0) + return 0; + auto calladdr = *(int *)((char *)addr + 1); + ConsoleOutput("calladdr %p", calladdr); + addr = calladdr + addr + 5; + ConsoleOutput("funcaddr %p", addr); + if (*(BYTE *)((BYTE *)addr - 1) != 0xcc) + return 0; + return addr; + } + DWORD lastcall() + { + auto addr = findiatcallormov((DWORD)TextOutA, processStartAddress, processStartAddress, processStopAddress, true); + if (addr == 0) + return 0; + addr = MemDbg::findEnclosingAlignedFunction(addr); + return addr; + } +} +regs mov_reg_ebpoffset(int reg) +{ + switch (reg) + { + case 0x4B: + return regs::ebx; + case 0x48: + return regs::eax; + case 0x49: + return regs::ecx; + case 0x4a: + return regs::edx; + case 0x4c: + return regs::ebp; + case 0x4d: + return regs::esp; + case 0x4e: + return regs::esi; + case 0x4f: + return regs::edi; + default: + return regs::invalid; + } +} +bool AOS_EX() +{ + BYTE aos_shared_bytes1[] = { + 0x3c, XX, + 0x74, XX, + 0x3c, XX, + 0x74, XX, + 0x3c, XX, + 0x74, XX, + 0x3c, XX, + 0x74, XX, + 0x3c, XX, + 0x74, XX}; + BYTE aos_shared_bytes2[] = { + + 0x80, 0xfb, XX, + 0x74, XX, + 0x80, 0xfb, XX, + 0x74, XX, + 0x80, 0xfb, XX, + 0x74, XX, + 0x80, 0xfb, XX, + 0x74, XX}; + std::vector addrs; + addrs.push_back(calladdr(MemDbg::findBytes(aos_shared_bytes1, sizeof(aos_shared_bytes1), processStartAddress, processStopAddress))); + addrs.push_back(calladdr(MemDbg::findBytes(aos_shared_bytes2, sizeof(aos_shared_bytes2), processStartAddress, processStopAddress))); + addrs.push_back(lastcall()); + for (auto addr : addrs) + { + if (addr == 0) + continue; + auto reg = mov_reg_ebpoffset(*(BYTE *)((BYTE *)addr + 5)); + int off; + if (reg != regs::invalid) + { + // usercall + off = get_reg(reg); + } + else if (((*(WORD *)addr)) == 0xec83) + { + // 姫様LOVEライフ! + // 也是usercall,但是第二个参数是栈上。 + off = get_stack(1); + } + else + { + // 螺旋遡行のディストピア -The infinite set of alternative version- 官方中文 + BYTE sig[] = {0x89, 0x55, 0xFC}; + if (MemDbg::findBytes(sig, sizeof(sig), addr, addr + 0x20)) + { + off = get_reg(regs::edx); + } + else + { + // cdecl; + off = get_stack(2); + } + } + HookParam hp; + hp.address = addr; + hp.offset = off; + hp.type = NO_CONTEXT | DATA_INDIRECT; + hp.index = 0; + + return NewHook(hp, "AOS_EX"); + } + return false; +} + +bool AOS::attach_function() +{ + bool b1 = InsertAOSHook(); + bool b3 = AOS_EX(); + return b1 || b3; +} \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine32/AOS.h b/cpp/LunaHook/LunaHook/engine32/AOS.h new file mode 100644 index 00000000..50729a86 --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/AOS.h @@ -0,0 +1,13 @@ + + +class AOS : public ENGINE +{ +public: + AOS() + { + + check_by = CHECK_BY::FILE; + check_by_target = L"*.aos"; + }; + bool attach_function(); +}; \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine32/AXL.cpp b/cpp/LunaHook/LunaHook/engine32/AXL.cpp new file mode 100644 index 00000000..2beeeaea --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/AXL.cpp @@ -0,0 +1,50 @@ +#include "AXL.h" +bool InsertAXLHook() +{ + // キミの声がきこえる + + BYTE bytes[] = { + 0x0f, 0x95, 0xc2, 0x33, 0xc0, 0xB9, 0x41, 0x00, 0x00, 0x00}; + auto addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStopAddress); + if (addr == 0) + return false; + + addr = findfuncstart(addr, 0x1000); + if (addr == 0) + return false; + HookParam hp; + hp.address = addr; + hp.offset = get_stack(4); + hp.type = USING_STRING; + + return NewHook(hp, "AXL"); +} +namespace +{ + bool hook2() + { + // 剣乙女ノア + // Maria~天使のキスと悪魔の花嫁~ + BYTE bytes[] = { + 0x55, 0x8b, 0xec, + 0x56, + 0x8b, 0xf0, + 0x3b, 0x9e, 0x8c, 0xf8, 0x00, 0x00, + 0x57}; + auto addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStopAddress); + if (addr == 0) + return false; + HookParam hp; + hp.address = addr; + hp.offset = get_stack(1); + hp.split = get_reg(regs::eax); + hp.type = USING_SPLIT; + + return NewHook(hp, "TAILWIND"); + } +} +bool AXL::attach_function() +{ + + return InsertAXLHook() || hook2(); +} \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine32/AXL.h b/cpp/LunaHook/LunaHook/engine32/AXL.h new file mode 100644 index 00000000..c92693eb --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/AXL.h @@ -0,0 +1,14 @@ + + +class AXL : public ENGINE +{ +public: + AXL() + { + + check_by = CHECK_BY::FILE; + check_by_target = L"script.arc"; + is_engine_certain = false; + }; + bool attach_function(); +}; \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine32/Abalone.cpp b/cpp/LunaHook/LunaHook/engine32/Abalone.cpp new file mode 100644 index 00000000..de4e9943 --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/Abalone.cpp @@ -0,0 +1,23 @@ +#include "Abalone.h" + +bool AbaloneHook() +{ + BYTE bytes[] = { + 0x8B, 0x44, 0x24, XX, + 0x80, 0x38, 0x00, + 0x74}; + auto addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStopAddress); + ConsoleOutput("AbaloneHook %p", addr); + if (addr == 0) + return false; + HookParam hp; + hp.address = addr + 4; + hp.offset = get_reg(regs::eax); + hp.type = DATA_INDIRECT; + hp.index = 0; + return NewHook(hp, "AbaloneHook"); +} +bool Abalone::attach_function() +{ + return AbaloneHook(); +} \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine32/Abalone.h b/cpp/LunaHook/LunaHook/engine32/Abalone.h new file mode 100644 index 00000000..13550ea3 --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/Abalone.h @@ -0,0 +1,14 @@ + + +class Abalone : public ENGINE +{ +public: + Abalone() + { + + check_by = CHECK_BY::FILE; + check_by_target = L"Archive.dat"; + is_engine_certain = false; + }; + bool attach_function(); +}; \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine32/Abel.cpp b/cpp/LunaHook/LunaHook/engine32/Abel.cpp new file mode 100644 index 00000000..99926b45 --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/Abel.cpp @@ -0,0 +1,423 @@ +#include "Abel.h" + +/******************************************************************************************** +AbelSoftware hook: + The game folder usually is made up many no extended name files(file name doesn't have '.'). + And these files have common prefix which is the game name, and 2 digit in order. + + +********************************************************************************************/ +/** 7/31/2015 + * Sample game オタカ� * Hooked address: 0x4413b0 + * + * GDI functions are cached: TextOutA and GetTextExtentPoint32A + * + * 004413AB 90 NOP + * 004413AC 90 NOP + * 004413AD 90 NOP + * 004413AE 90 NOP + * 004413AF 90 NOP + * 004413B0 6A FF PUSH -0x1 ; jichi: text in arg1, but text painted character by character + * 004413B2 68 D0714900 PUSH .004971D0 + * 004413B7 64:A1 00000000 MOV EAX,DWORD PTR FS:[0] + * 004413BD 50 PUSH EAX + * 004413BE 64:8925 00000000 MOV DWORD PTR FS:[0],ESP + * 004413C5 83EC 4C SUB ESP,0x4C + * 004413C8 A1 C00B4B00 MOV EAX,DWORD PTR DS:[0x4B0BC0] + * 004413CD 53 PUSH EBX + * 004413CE 55 PUSH EBP + * 004413CF 56 PUSH ESI + * 004413D0 57 PUSH EDI + * 004413D1 8BF1 MOV ESI,ECX + * 004413D3 894424 48 MOV DWORD PTR SS:[ESP+0x48],EAX + * 004413D7 894424 4C MOV DWORD PTR SS:[ESP+0x4C],EAX + * 004413DB 894424 58 MOV DWORD PTR SS:[ESP+0x58],EAX + * 004413DF 8B4424 6C MOV EAX,DWORD PTR SS:[ESP+0x6C] + * 004413E3 33DB XOR EBX,EBX + * 004413E5 50 PUSH EAX + * 004413E6 8D4C24 4C LEA ECX,DWORD PTR SS:[ESP+0x4C] + * 004413EA 895C24 68 MOV DWORD PTR SS:[ESP+0x68],EBX + * 004413EE E8 74520400 CALL .00486667 + * 004413F3 8B4C24 78 MOV ECX,DWORD PTR SS:[ESP+0x78] + * 004413F7 51 PUSH ECX + * 004413F8 8D4C24 50 LEA ECX,DWORD PTR SS:[ESP+0x50] + * 004413FC E8 66520400 CALL .00486667 + * 00441401 8B5424 7C MOV EDX,DWORD PTR SS:[ESP+0x7C] + * 00441405 8D4C24 58 LEA ECX,DWORD PTR SS:[ESP+0x58] + * 00441409 52 PUSH EDX + * 0044140A E8 58520400 CALL .00486667 + * 0044140F 8B4424 70 MOV EAX,DWORD PTR SS:[ESP+0x70] + * 00441413 894424 50 MOV DWORD PTR SS:[ESP+0x50],EAX + * 00441417 8B4424 74 MOV EAX,DWORD PTR SS:[ESP+0x74] + * 0044141B 83F8 FF CMP EAX,-0x1 + * 0044141E 75 06 JNZ SHORT .00441426 + * 00441420 895C24 54 MOV DWORD PTR SS:[ESP+0x54],EBX + * 00441424 EB 2E JMP SHORT .00441454 + * 00441426 8BC8 MOV ECX,EAX + * 00441428 33D2 XOR EDX,EDX + * 0044142A 81E1 FF000000 AND ECX,0xFF + * 00441430 8AD4 MOV DL,AH + * 00441432 81C9 00FFFFFF OR ECX,0xFFFFFF00 + * 00441438 81E2 FF000000 AND EDX,0xFF + * 0044143E C1E1 08 SHL ECX,0x8 + * 00441441 0BCA OR ECX,EDX + * 00441443 C1E8 10 SHR EAX,0x10 + * 00441446 C1E1 08 SHL ECX,0x8 + * 00441449 25 FF000000 AND EAX,0xFF + * 0044144E 0BC8 OR ECX,EAX + * 00441450 894C24 54 MOV DWORD PTR SS:[ESP+0x54],ECX + * 00441454 8B4424 48 MOV EAX,DWORD PTR SS:[ESP+0x48] + * 00441458 3958 F8 CMP DWORD PTR DS:[EAX-0x8],EBX + * 0044145B 0F84 7A030000 JE .004417DB + * 00441461 8B8E 08020000 MOV ECX,DWORD PTR DS:[ESI+0x208] + * 00441467 83F9 20 CMP ECX,0x20 + * 0044146A 0F8D 35030000 JGE .004417A5 + * 00441470 0FBE00 MOVSX EAX,BYTE PTR DS:[EAX] + * 00441473 83E8 09 SUB EAX,0x9 + * 00441476 0F84 29030000 JE .004417A5 + * 0044147C 48 DEC EAX + * 0044147D 0F84 0A030000 JE .0044178D + * 00441483 83E8 03 SUB EAX,0x3 + * 00441486 0F84 19030000 JE .004417A5 + * 0044148C 8BBE 38010000 MOV EDI,DWORD PTR DS:[ESI+0x138] + * 00441492 68 80C84A00 PUSH .004AC880 + * 00441497 8BCF MOV ECX,EDI + * 00441499 E8 E2E9FDFF CALL .0041FE80 + * 0044149E 3BC3 CMP EAX,EBX + * 004414A0 7D 0F JGE SHORT .004414B1 + * 004414A2 53 PUSH EBX + * 004414A3 53 PUSH EBX + * 004414A4 53 PUSH EBX + * 004414A5 53 PUSH EBX + * 004414A6 8D4C24 48 LEA ECX,DWORD PTR SS:[ESP+0x48] + * 004414AA E8 916DFDFF CALL .00418240 + * 004414AF EB 06 JMP SHORT .004414B7 + * 004414B1 8B4F 24 MOV ECX,DWORD PTR DS:[EDI+0x24] + * 004414B4 8B0481 MOV EAX,DWORD PTR DS:[ECX+EAX*4] + * 004414B7 8B48 04 MOV ECX,DWORD PTR DS:[EAX+0x4] + * 004414BA 8B10 MOV EDX,DWORD PTR DS:[EAX] + * 004414BC 894C24 24 MOV DWORD PTR SS:[ESP+0x24],ECX + * 004414C0 895424 20 MOV DWORD PTR SS:[ESP+0x20],EDX + * 004414C4 8B50 08 MOV EDX,DWORD PTR DS:[EAX+0x8] + * 004414C7 8B40 0C MOV EAX,DWORD PTR DS:[EAX+0xC] + * 004414CA 8D4C24 10 LEA ECX,DWORD PTR SS:[ESP+0x10] + * 004414CE 895424 28 MOV DWORD PTR SS:[ESP+0x28],EDX + * 004414D2 51 PUSH ECX + * 004414D3 8BCE MOV ECX,ESI + * 004414D5 894424 30 MOV DWORD PTR SS:[ESP+0x30],EAX + * 004414D9 E8 52F3FFFF CALL .00440830 + * 004414DE 8B5424 50 MOV EDX,DWORD PTR SS:[ESP+0x50] + * 004414E2 33C9 XOR ECX,ECX + * 004414E4 894C24 78 MOV DWORD PTR SS:[ESP+0x78],ECX + * 004414E8 B8 B0B64900 MOV EAX,.0049B6B0 + * 004414ED 3B10 CMP EDX,DWORD PTR DS:[EAX] + * 004414EF 7E 0B JLE SHORT .004414FC + * 004414F1 83C0 04 ADD EAX,0x4 + * 004414F4 41 INC ECX + * 004414F5 3D C0B64900 CMP EAX,.0049B6C0 + * 004414FA ^72 F1 JB SHORT .004414ED + * 004414FC 8B5424 48 MOV EDX,DWORD PTR SS:[ESP+0x48] + * 00441500 8D4424 18 LEA EAX,DWORD PTR SS:[ESP+0x18] + * 00441504 894C24 78 MOV DWORD PTR SS:[ESP+0x78],ECX + * 00441508 8B4C8E 3C MOV ECX,DWORD PTR DS:[ESI+ECX*4+0x3C] + * 0044150C 52 PUSH EDX + * 0044150D 50 PUSH EAX + * 0044150E E8 3D34FCFF CALL .00404950 + * 00441513 8B46 38 MOV EAX,DWORD PTR DS:[ESI+0x38] + * 00441516 895C24 70 MOV DWORD PTR SS:[ESP+0x70],EBX + * 0044151A 3BC3 CMP EAX,EBX + * 0044151C 0F84 F9000000 JE .0044161B + * 00441522 8B50 08 MOV EDX,DWORD PTR DS:[EAX+0x8] + * 00441525 8B4E 78 MOV ECX,DWORD PTR DS:[ESI+0x78] + * 00441528 3BCA CMP ECX,EDX + * 0044152A 0F8D EB000000 JGE .0044161B + * 00441530 8B50 04 MOV EDX,DWORD PTR DS:[EAX+0x4] + * 00441533 8B4424 10 MOV EAX,DWORD PTR SS:[ESP+0x10] + * 00441537 8B7E 74 MOV EDI,DWORD PTR DS:[ESI+0x74] + * 0044153A 8B2C8A MOV EBP,DWORD PTR DS:[EDX+ECX*4] + * 0044153D 8B4C24 18 MOV ECX,DWORD PTR SS:[ESP+0x18] + * 00441541 897C24 7C MOV DWORD PTR SS:[ESP+0x7C],EDI + * 00441545 8B55 00 MOV EDX,DWORD PTR SS:[EBP] + * 00441548 8D1C01 LEA EBX,DWORD PTR DS:[ECX+EAX] + * 0044154B 8BCD MOV ECX,EBP + * 0044154D FF52 08 CALL DWORD PTR DS:[EDX+0x8] + * 00441550 3BF8 CMP EDI,EAX + * 00441552 0F8D C3000000 JGE .0044161B + * 00441558 EB 04 JMP SHORT .0044155E + * 0044155A 8B7C24 7C MOV EDI,DWORD PTR SS:[ESP+0x7C] + * 0044155E 8B45 00 MOV EAX,DWORD PTR SS:[EBP] + * 00441561 57 PUSH EDI + * 00441562 8BCD MOV ECX,EBP + * 00441564 FF50 04 CALL DWORD PTR DS:[EAX+0x4] + * 00441567 8BF8 MOV EDI,EAX + * 00441569 8BCF MOV ECX,EDI + * 0044156B 8B17 MOV EDX,DWORD PTR DS:[EDI] + * 0044156D FF52 0C CALL DWORD PTR DS:[EDX+0xC] + * 00441570 85C0 TEST EAX,EAX + * 00441572 0F84 A3000000 JE .0044161B + * 00441578 8B07 MOV EAX,DWORD PTR DS:[EDI] + * 0044157A 8D4C24 6C LEA ECX,DWORD PTR SS:[ESP+0x6C] + * 0044157E 51 PUSH ECX + * 0044157F 8BCF MOV ECX,EDI + * 00441581 FF50 10 CALL DWORD PTR DS:[EAX+0x10] + * 00441584 8B5424 6C MOV EDX,DWORD PTR SS:[ESP+0x6C] + * 00441588 8B4C24 78 MOV ECX,DWORD PTR SS:[ESP+0x78] + * 0044158C 8D4424 30 LEA EAX,DWORD PTR SS:[ESP+0x30] + * 00441590 52 PUSH EDX + * 00441591 8B4C8E 3C MOV ECX,DWORD PTR DS:[ESI+ECX*4+0x3C] + * 00441595 50 PUSH EAX + * 00441596 C64424 6C 01 MOV BYTE PTR SS:[ESP+0x6C],0x1 + * 0044159B E8 B033FCFF CALL .00404950 + * 004415A0 8B10 MOV EDX,DWORD PTR DS:[EAX] + * 004415A2 8B86 E4030000 MOV EAX,DWORD PTR DS:[ESI+0x3E4] + * 004415A8 03DA ADD EBX,EDX + * 004415AA 8B5424 6C MOV EDX,DWORD PTR SS:[ESP+0x6C] + * 004415AE 52 PUSH EDX + * 004415AF 50 PUSH EAX + * 004415B0 E8 BB020000 CALL .00441870 + * 004415B5 83C4 08 ADD ESP,0x8 + * 004415B8 85C0 TEST EAX,EAX + * 004415BA 74 08 JE SHORT .004415C4 + * 004415BC 3B5C24 28 CMP EBX,DWORD PTR SS:[ESP+0x28] + * 004415C0 7F 43 JG SHORT .00441605 + * 004415C2 EB 18 JMP SHORT .004415DC + * 004415C4 8B4C24 6C MOV ECX,DWORD PTR SS:[ESP+0x6C] + * 004415C8 8B86 E0030000 MOV EAX,DWORD PTR DS:[ESI+0x3E0] + * 004415CE 51 PUSH ECX + * 004415CF 50 PUSH EAX + * 004415D0 E8 9B020000 CALL .00441870 + * 004415D5 83C4 08 ADD ESP,0x8 + * 004415D8 85C0 TEST EAX,EAX + * 004415DA 74 31 JE SHORT .0044160D + * 004415DC 8D4C24 6C LEA ECX,DWORD PTR SS:[ESP+0x6C] + * 004415E0 C64424 64 00 MOV BYTE PTR SS:[ESP+0x64],0x0 + * 004415E5 E8 404F0400 CALL .0048652A + * 004415EA 8B7C24 7C MOV EDI,DWORD PTR SS:[ESP+0x7C] + * 004415EE 8B55 00 MOV EDX,DWORD PTR SS:[EBP] + * 004415F1 47 INC EDI + * 004415F2 8BCD MOV ECX,EBP + * 004415F4 897C24 7C MOV DWORD PTR SS:[ESP+0x7C],EDI + * 004415F8 FF52 08 CALL DWORD PTR DS:[EDX+0x8] + * 004415FB 3BF8 CMP EDI,EAX + * 004415FD ^0F8C 57FFFFFF JL .0044155A + * 00441603 EB 16 JMP SHORT .0044161B + * 00441605 C74424 70 010000>MOV DWORD PTR SS:[ESP+0x70],0x1 + * 0044160D 8D4C24 6C LEA ECX,DWORD PTR SS:[ESP+0x6C] + * 00441611 C64424 64 00 MOV BYTE PTR SS:[ESP+0x64],0x0 + * 00441616 E8 0F4F0400 CALL .0048652A + * 0044161B 8B4424 10 MOV EAX,DWORD PTR SS:[ESP+0x10] + * 0044161F 8B4C24 18 MOV ECX,DWORD PTR SS:[ESP+0x18] + * 00441623 03C8 ADD ECX,EAX + * 00441625 8B4424 28 MOV EAX,DWORD PTR SS:[ESP+0x28] + * 00441629 3BC8 CMP ECX,EAX + * 0044162B 7E 18 JLE SHORT .00441645 + * 0044162D 8B5424 48 MOV EDX,DWORD PTR SS:[ESP+0x48] + * 00441631 8B86 E0030000 MOV EAX,DWORD PTR DS:[ESI+0x3E0] + * 00441637 52 PUSH EDX + * 00441638 50 PUSH EAX + * 00441639 E8 32020000 CALL .00441870 + * 0044163E 83C4 08 ADD ESP,0x8 + * 00441641 85C0 TEST EAX,EAX + * 00441643 74 08 JE SHORT .0044164D + * 00441645 8B4424 70 MOV EAX,DWORD PTR SS:[ESP+0x70] + * 00441649 85C0 TEST EAX,EAX + * 0044164B 74 3F JE SHORT .0044168C + * 0044164D 8B8E 08020000 MOV ECX,DWORD PTR DS:[ESI+0x208] + * 00441653 41 INC ECX + * 00441654 8BC1 MOV EAX,ECX + * 00441656 898E 08020000 MOV DWORD PTR DS:[ESI+0x208],ECX + * 0044165C 83F8 20 CMP EAX,0x20 + * 0044165F 0F8D 40010000 JGE .004417A5 + * 00441665 83EC 10 SUB ESP,0x10 + * 00441668 8B15 D0B04A00 MOV EDX,DWORD PTR DS:[0x4AB0D0] + * 0044166E 8BDC MOV EBX,ESP + * 00441670 33C0 XOR EAX,EAX + * 00441672 8B3D D4B04A00 MOV EDI,DWORD PTR DS:[0x4AB0D4] + * 00441678 33C9 XOR ECX,ECX + * 0044167A 8903 MOV DWORD PTR DS:[EBX],EAX + * 0044167C 894B 04 MOV DWORD PTR DS:[EBX+0x4],ECX + * 0044167F 8BCE MOV ECX,ESI + * 00441681 8953 08 MOV DWORD PTR DS:[EBX+0x8],EDX + * 00441684 897B 0C MOV DWORD PTR DS:[EBX+0xC],EDI + * 00441687 E8 7418FCFF CALL .00402F00 + * 0044168C 8B86 08020000 MOV EAX,DWORD PTR DS:[ESI+0x208] + * 00441692 6A 00 PUSH 0x0 + * 00441694 8D0CC5 00000000 LEA ECX,DWORD PTR DS:[EAX*8] + * 0044169B 2BC8 SUB ECX,EAX + * 0044169D 8B948E 78040000 MOV EDX,DWORD PTR DS:[ESI+ECX*4+0x478] + * 004416A4 8DAC8E 70040000 LEA EBP,DWORD PTR DS:[ESI+ECX*4+0x470] + * 004416AB 52 PUSH EDX + * 004416AC 8BCD MOV ECX,EBP + * 004416AE E8 7D8A0000 CALL .0044A130 + * 004416B3 8BD8 MOV EBX,EAX + * 004416B5 8D4424 48 LEA EAX,DWORD PTR SS:[ESP+0x48] + * 004416B9 50 PUSH EAX + * 004416BA 8D7B 08 LEA EDI,DWORD PTR DS:[EBX+0x8] + * 004416BD 8BCF MOV ECX,EDI + * 004416BF E8 534F0400 CALL .00486617 + * 004416C4 8D4C24 4C LEA ECX,DWORD PTR SS:[ESP+0x4C] + * 004416C8 51 PUSH ECX + * 004416C9 8D4F 04 LEA ECX,DWORD PTR DS:[EDI+0x4] + * 004416CC E8 464F0400 CALL .00486617 + * 004416D1 8B5424 50 MOV EDX,DWORD PTR SS:[ESP+0x50] + * 004416D5 8D4C24 58 LEA ECX,DWORD PTR SS:[ESP+0x58] + * 004416D9 8957 08 MOV DWORD PTR DS:[EDI+0x8],EDX + * 004416DC 8B4424 54 MOV EAX,DWORD PTR SS:[ESP+0x54] + * 004416E0 51 PUSH ECX + * 004416E1 8D4F 10 LEA ECX,DWORD PTR DS:[EDI+0x10] + * 004416E4 8947 0C MOV DWORD PTR DS:[EDI+0xC],EAX + * 004416E7 E8 2B4F0400 CALL .00486617 + * 004416EC 8B45 08 MOV EAX,DWORD PTR SS:[EBP+0x8] + * 004416EF 85C0 TEST EAX,EAX + * 004416F1 74 04 JE SHORT .004416F7 + * 004416F3 8918 MOV DWORD PTR DS:[EAX],EBX + * 004416F5 EB 03 JMP SHORT .004416FA + * 004416F7 895D 04 MOV DWORD PTR SS:[EBP+0x4],EBX + * 004416FA 83EC 10 SUB ESP,0x10 + * 004416FD 895D 08 MOV DWORD PTR SS:[EBP+0x8],EBX + * 00441700 8B4424 20 MOV EAX,DWORD PTR SS:[ESP+0x20] + * 00441704 8B5424 28 MOV EDX,DWORD PTR SS:[ESP+0x28] + * 00441708 8B7C24 2C MOV EDI,DWORD PTR SS:[ESP+0x2C] + * 0044170C 8BDC MOV EBX,ESP + * 0044170E 8D4C02 02 LEA ECX,DWORD PTR DS:[EDX+EAX+0x2] + * 00441712 8B5424 24 MOV EDX,DWORD PTR SS:[ESP+0x24] + * 00441716 8903 MOV DWORD PTR DS:[EBX],EAX + * 00441718 8D7C3A 02 LEA EDI,DWORD PTR DS:[EDX+EDI+0x2] + * 0044171C 8953 04 MOV DWORD PTR DS:[EBX+0x4],EDX + * 0044171F 894B 08 MOV DWORD PTR DS:[EBX+0x8],ECX + * 00441722 8BCE MOV ECX,ESI + * 00441724 897B 0C MOV DWORD PTR DS:[EBX+0xC],EDI + * 00441727 E8 D417FCFF CALL .00402F00 + * 0044172C 8B4424 4C MOV EAX,DWORD PTR SS:[ESP+0x4C] + * 00441730 8B48 F8 MOV ECX,DWORD PTR DS:[EAX-0x8] + * 00441733 85C9 TEST ECX,ECX + * 00441735 74 6E JE SHORT .004417A5 + * 00441737 8B4E 3C MOV ECX,DWORD PTR DS:[ESI+0x3C] + * 0044173A 50 PUSH EAX + * 0044173B 8D4424 24 LEA EAX,DWORD PTR SS:[ESP+0x24] + * 0044173F 50 PUSH EAX + * 00441740 E8 0B32FCFF CALL .00404950 + * 00441745 8B5C24 20 MOV EBX,DWORD PTR SS:[ESP+0x20] + * 00441749 8B4C24 18 MOV ECX,DWORD PTR SS:[ESP+0x18] + * 0044174D 8B7C24 24 MOV EDI,DWORD PTR SS:[ESP+0x24] + * 00441751 8BC3 MOV EAX,EBX + * 00441753 2BC1 SUB EAX,ECX + * 00441755 8BCF MOV ECX,EDI + * 00441757 99 CDQ + * 00441758 2BC2 SUB EAX,EDX + * 0044175A 8B5424 14 MOV EDX,DWORD PTR SS:[ESP+0x14] + * 0044175E F7D9 NEG ECX + * 00441760 D1F8 SAR EAX,1 + * 00441762 03CA ADD ECX,EDX + * 00441764 8B5424 10 MOV EDX,DWORD PTR SS:[ESP+0x10] + * 00441768 F7D8 NEG EAX + * 0044176A 03C2 ADD EAX,EDX + * 0044176C 83EC 10 SUB ESP,0x10 + * 0044176F 8D7C39 02 LEA EDI,DWORD PTR DS:[ECX+EDI+0x2] + * 00441773 8D5418 02 LEA EDX,DWORD PTR DS:[EAX+EBX+0x2] + * 00441777 8BDC MOV EBX,ESP + * 00441779 8903 MOV DWORD PTR DS:[EBX],EAX + * 0044177B 894B 04 MOV DWORD PTR DS:[EBX+0x4],ECX + * 0044177E 8BCE MOV ECX,ESI + * 00441780 8953 08 MOV DWORD PTR DS:[EBX+0x8],EDX + * 00441783 897B 0C MOV DWORD PTR DS:[EBX+0xC],EDI + * 00441786 E8 7517FCFF CALL .00402F00 + * 0044178B EB 18 JMP SHORT .004417A5 + * 0044178D 8D41 29 LEA EAX,DWORD PTR DS:[ECX+0x29] + * 00441790 8D14C5 00000000 LEA EDX,DWORD PTR DS:[EAX*8] + * 00441797 2BD0 SUB EDX,EAX + * 00441799 391C96 CMP DWORD PTR DS:[ESI+EDX*4],EBX + * 0044179C 74 07 JE SHORT .004417A5 + * 0044179E 41 INC ECX + * 0044179F 898E 08020000 MOV DWORD PTR DS:[ESI+0x208],ECX + * 004417A5 8B86 E8020000 MOV EAX,DWORD PTR DS:[ESI+0x2E8] + * 004417AB 33DB XOR EBX,EBX + * 004417AD 3BC3 CMP EAX,EBX + * 004417AF 74 2A JE SHORT .004417DB + * 004417B1 399E C8030000 CMP DWORD PTR DS:[ESI+0x3C8],EBX + * 004417B7 75 22 JNZ SHORT .004417DB + * 004417B9 8B86 C4030000 MOV EAX,DWORD PTR DS:[ESI+0x3C4] + * 004417BF 8BCE MOV ECX,ESI + * 004417C1 50 PUSH EAX + * 004417C2 E8 89040000 CALL .00441C50 + * 004417C7 3B86 3C020000 CMP EAX,DWORD PTR DS:[ESI+0x23C] + * 004417CD 74 06 JE SHORT .004417D5 + * 004417CF 8986 38020000 MOV DWORD PTR DS:[ESI+0x238],EAX + * 004417D5 8986 3C020000 MOV DWORD PTR DS:[ESI+0x23C],EAX + * 004417DB 399E 30020000 CMP DWORD PTR DS:[ESI+0x230],EBX + * 004417E1 75 3C JNZ SHORT .0044181F + * 004417E3 8BCE MOV ECX,ESI + * 004417E5 E8 C6040000 CALL .00441CB0 + * 004417EA 85C0 TEST EAX,EAX + * 004417EC 75 31 JNZ SHORT .0044181F + * 004417EE 399E 18020000 CMP DWORD PTR DS:[ESI+0x218],EBX + * 004417F4 74 29 JE SHORT .0044181F + * 004417F6 83BE C4020000 64 CMP DWORD PTR DS:[ESI+0x2C4],0x64 + * 004417FD 74 20 JE SHORT .0044181F + * 004417FF 8B86 08020000 MOV EAX,DWORD PTR DS:[ESI+0x208] + * 00441805 83F8 20 CMP EAX,0x20 + * 00441808 7D 1D JGE SHORT .00441827 + * 0044180A 83C0 29 ADD EAX,0x29 + * 0044180D 8D0CC5 00000000 LEA ECX,DWORD PTR DS:[EAX*8] + * 00441814 2BC8 SUB ECX,EAX + * 00441816 391C8E CMP DWORD PTR DS:[ESI+ECX*4],EBX + * 00441819 74 0C JE SHORT .00441827 + * 0044181B 6A 01 PUSH 0x1 + * 0044181D EB 01 JMP SHORT .00441820 + * 0044181F 53 PUSH EBX + * 00441820 8BCE MOV ECX,ESI + * 00441822 E8 49C5FEFF CALL .0042DD70 + * 00441827 8D4C24 58 LEA ECX,DWORD PTR SS:[ESP+0x58] + * 0044182B C74424 64 030000>MOV DWORD PTR SS:[ESP+0x64],0x3 + * 00441833 E8 F24C0400 CALL .0048652A + * 00441838 8D4C24 4C LEA ECX,DWORD PTR SS:[ESP+0x4C] + * 0044183C C64424 64 02 MOV BYTE PTR SS:[ESP+0x64],0x2 + * 00441841 E8 E44C0400 CALL .0048652A + * 00441846 8D4C24 48 LEA ECX,DWORD PTR SS:[ESP+0x48] + * 0044184A C74424 64 FFFFFF>MOV DWORD PTR SS:[ESP+0x64],-0x1 + * 00441852 E8 D34C0400 CALL .0048652A + * 00441857 8B4C24 5C MOV ECX,DWORD PTR SS:[ESP+0x5C] + * 0044185B 5F POP EDI + * 0044185C 5E POP ESI + * 0044185D 5D POP EBP + * 0044185E 64:890D 00000000 MOV DWORD PTR FS:[0],ECX + * 00441865 5B POP EBX + * 00441866 83C4 58 ADD ESP,0x58 + * 00441869 C2 1400 RETN 0x14 + * 0044186C 90 NOP + * 0044186D 90 NOP + * 0044186E 90 NOP + * 0044186F 90 NOP + * + * Another sample game: 不条琸�界の探偵令嬢 + */ +bool InsertAbelHook() +{ + // jichi: If this pattern failed again, try the following pattern instead: + // 004413D3 894424 48 MOV DWORD PTR SS:[ESP+0x48],EAX + // 004413D7 894424 4C MOV DWORD PTR SS:[ESP+0x4C],EAX + // 004413DB 894424 58 MOV DWORD PTR SS:[ESP+0x58],EAX + + const DWORD character[] = {0xc981d48a, 0xffffff00}; + if (DWORD j = SearchPattern(processStartAddress, processStopAddress - processStartAddress, character, sizeof(character))) + { + j += processStartAddress; + for (DWORD i = j - 0x100; j > i; j--) + if (*(WORD *)j == 0xff6a) + { + HookParam hp; + hp.address = j; + hp.offset = get_stack(1); + hp.type = USING_STRING | NO_CONTEXT; + return NewHook(hp, "Abel"); + } + } + ConsoleOutput("Abel: failed"); + return false; +} + +bool Abel::attach_function() +{ + + return InsertAbelHook(); +} \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine32/Abel.h b/cpp/LunaHook/LunaHook/engine32/Abel.h new file mode 100644 index 00000000..dcb750d6 --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/Abel.h @@ -0,0 +1,55 @@ + + +class Abel : public ENGINE +{ +public: + Abel() + { + + check_by = CHECK_BY::CUSTOM; + check_by_target = []() + { + // jichi 8/24/2013: Move into functions + // Artikash 6/15/2018: Removed this detection for Abel Software games. IthGetFileInfo no longer works correctly + // static BYTE static_file_info[0x1000]; + // if (IthGetFileInfo(L"*01", static_file_info)) + // if (*(DWORD*)static_file_info == 0) { + // STATUS_INFO_LENGTH_MISMATCH; + // static WCHAR static_search_name[MAX_PATH]; + // LPWSTR name=(LPWSTR)(static_file_info+0x5E); + // int len = wcslen(name); + // name[len-2] = L'.'; + // name[len-1] = L'e'; + // name[len] = L'x'; + // name[len+1] = L'e'; + // name[len+2] = 0; + // if (Util::CheckFile(name)) { + // sizeof(FILE_BOTH_DIR_INFORMATION); + // name[len-2] = L'*'; + // name[len-1] = 0; + // wcscpy(static_search_name,name); + // IthGetFileInfo(static_search_name,static_file_info); + // union { + // FILE_BOTH_DIR_INFORMATION *both_info; + // DWORD addr; + // }; + // both_info = (FILE_BOTH_DIR_INFORMATION *)static_file_info; + // //BYTE* ptr=static_file_info; + // len=0; + // while (both_info->NextEntryOffset) { + // addr += both_info->NextEntryOffset; + // len++; + // } + // if (len > 3) { + // InsertAbelHook(); + // return true; + // } + // } + // } + return (Util::CheckFile(L"system") && Util::CheckFile(L"system.dat")) || Util::CheckFile(L"*01"); + }; + + is_engine_certain = false; + }; + bool attach_function(); +}; \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine32/AdobeAir.cpp b/cpp/LunaHook/LunaHook/engine32/AdobeAir.cpp new file mode 100644 index 00000000..4dc5c001 --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/AdobeAir.cpp @@ -0,0 +1,244 @@ +#include "AdobeAir.h" + +/** + * jichi 4/15/2014: Insert Adobe AIR hook + * Sample games: + * 華アワセ 蛟編: /HW-C*0:D8@4D04B5:Adobe AIR.dll + * 華アワセ 姫空木編: /HW-C*0:d8@4E69A7:Adobe AIR.dll + * + * Issue: The game will hang if the hook is injected before loading + * + * /HW-C*0:D8@4D04B5:ADOBE AIR.DLL + * - addr: 5047477 = 0x4d04b5 + * -length_offset: 1 + * - module: 3506957663 = 0xd107ed5f + * - off: 4294967280 = 0xfffffff0 = -0x10 + * - split: 216 = 0xd8 + * - type: 90 = 0x5a + * + * 0f8f0497 |. eb 69 jmp short adobe_ai.0f8f0502 + * 0f8f0499 |> 83c8 ff or eax,0xffffffff + * 0f8f049c |. eb 67 jmp short adobe_ai.0f8f0505 + * 0f8f049e |> 8b7d 0c mov edi,dword ptr ss:[ebp+0xc] + * 0f8f04a1 |. 85ff test edi,edi + * 0f8f04a3 |. 7e 5d jle short adobe_ai.0f8f0502 + * 0f8f04a5 |. 8b55 08 mov edx,dword ptr ss:[ebp+0x8] + * 0f8f04a8 |. b8 80000000 mov eax,0x80 + * 0f8f04ad |. be ff030000 mov esi,0x3ff + * 0f8f04b2 |> 0fb70a /movzx ecx,word ptr ds:[edx] + * 0f8f04b5 |. 8bd8 |mov ebx,eax ; jichi: hook here + * 0f8f04b7 |. 4f |dec edi + * 0f8f04b8 |. 66:3bcb |cmp cx,bx + * 0f8f04bb |. 73 05 |jnb short adobe_ai.0f8f04c2 + * 0f8f04bd |. ff45 fc |inc dword ptr ss:[ebp-0x4] + * 0f8f04c0 |. eb 3a |jmp short adobe_ai.0f8f04fc + * 0f8f04c2 |> bb 00080000 |mov ebx,0x800 + * 0f8f04c7 |. 66:3bcb |cmp cx,bx + * 0f8f04ca |. 73 06 |jnb short adobe_ai.0f8f04d2 + * 0f8f04cc |. 8345 fc 02 |add dword ptr ss:[ebp-0x4],0x2 + * 0f8f04d0 |. eb 2a |jmp short adobe_ai.0f8f04fc + * 0f8f04d2 |> 81c1 00280000 |add ecx,0x2800 + * 0f8f04d8 |. 8bde |mov ebx,esi + * 0f8f04da |. 66:3bcb |cmp cx,bx + * 0f8f04dd |. 77 19 |ja short adobe_ai.0f8f04f8 + * 0f8f04df |. 4f |dec edi + * 0f8f04e0 |.^78 b7 |js short adobe_ai.0f8f0499 + * 0f8f04e2 |. 42 |inc edx + * 0f8f04e3 |. 42 |inc edx + * 0f8f04e4 |. 0fb70a |movzx ecx,word ptr ds:[edx] + * 0f8f04e7 |. 81c1 00240000 |add ecx,0x2400 + * 0f8f04ed |. 66:3bcb |cmp cx,bx + * 0f8f04f0 |. 77 06 |ja short adobe_ai.0f8f04f8 + * 0f8f04f2 |. 8345 fc 04 |add dword ptr ss:[ebp-0x4],0x4 + * 0f8f04f6 |. eb 04 |jmp short adobe_ai.0f8f04fc + * 0f8f04f8 |> 8345 fc 03 |add dword ptr ss:[ebp-0x4],0x3 + * 0f8f04fc |> 42 |inc edx + * 0f8f04fd |. 42 |inc edx + * 0f8f04fe |. 85ff |test edi,edi + * 0f8f0500 |.^7f b0 \jg short adobe_ai.0f8f04b2 + * 0f8f0502 |> 8b45 fc mov eax,dword ptr ss:[ebp-0x4] + * 0f8f0505 |> 5f pop edi + * 0f8f0506 |. 5e pop esi + * 0f8f0507 |. 5b pop ebx + * 0f8f0508 |. c9 leave + * 0f8f0509 \. c3 retn + */ +bool InsertAdobeAirHook() +{ + DWORD base = (DWORD)GetModuleHandleW(L"Adobe AIR.dll"); + if (!base) + { + ConsoleOutput("Adobe AIR: module not found"); + return false; + } + + // ULONG processStartAddress, processStopAddress; + // if (!NtInspect::getModuleMemoryRange(L"Adobe AIR.dll", &startAddress, &stopAddress)) { + // ConsoleOutput("Adobe AIR: module not found"); + // return false; + // } + + const BYTE bytes[] = { + 0x0f, 0xb7, 0x0a, // 0f8f04b2 |> 0fb70a /movzx ecx,word ptr ds:[edx] + 0x8b, 0xd8, // 0f8f04b5 |. 8bd8 |mov ebx,eax ; jichi: hook here + 0x4f, // 0f8f04b7 |. 4f |dec edi + 0x66, 0x3b, 0xcb, // 0f8f04b8 |. 66:3bcb |cmp cx,bx + 0x73, 0x05, // 0f8f04bb |. 73 05 |jnb short adobe_ai.0f8f04c2 + 0xff, 0x45, 0xfc, // 0f8f04bd |. ff45 fc |inc dword ptr ss:[ebp-0x4] + 0xeb, 0x3a // 0f8f04c0 |. eb 3a |jmp short adobe_ai.0f8f04fc + }; + enum + { + addr_offset = 0x0f8f04b5 - 0x0f8f04b2 + }; // = 3. 0 also works. + enum + { + range = 0x600000 + }; // larger than relative addresses + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), base, base + range); + // GROWL(reladdr); + if (!addr) + { + ConsoleOutput("Adobe AIR: pattern not found"); + return false; + } + + HookParam hp; + hp.address = addr + addr_offset; + // hp.module = module; + hp.offset = get_reg(regs::edx); + hp.split = 0xd8; + // hp.type = USING_SPLIT|MODULE_OFFSET|CODEC_UTF16|DATA_INDIRECT; // 0x5a; + hp.type = USING_SPLIT | CODEC_UTF16 | DATA_INDIRECT; + + ConsoleOutput("INSERT Adobe AIR"); + + return NewHook(hp, "Adobe AIR"); +} + +bool AdobeAIRhook2() +{ + auto hmodule = (DWORD)GetModuleHandle(L"Adobe AIR.dll"); + if (hmodule == 0) + return false; + enum + { + range = 0x600000 + }; // larger than relative addresses + + auto [minAddress, maxAddress] = std::make_pair(hmodule, hmodule + range); + const BYTE bs[] = { + // トリック・オア・アリス + 0x66, 0x83, 0xF8, 0x19, + 0x77, XX, + 0x81, 0xC7, 0xE0, 0xFF, 0x00, 0x00}; + auto addr = MemDbg::findBytes(bs, sizeof(bs), minAddress, maxAddress); + ConsoleOutput("%p", addr); + if (addr == 0) + return false; + const BYTE start[] = {0xC2, 0x10, 0x00}; // retn 10h,+3 + addr = reverseFindBytes(start, 3, addr - 0x1000, addr); + ConsoleOutput("%p", addr); + if (addr == 0) + return false; + HookParam hp; + hp.address = addr + 3; + hp.offset = get_stack(1); + hp.type = USING_STRING | CODEC_UTF16; + + return NewHook(hp, "AdobeAIR"); +} + +/** + * Artikash 12/8/2018: Update AIRNovel hook for version 31.0.0.96 + * Sample game: https://vndb.org/v22252: /HQ4*8:4*4@12FF9A:Adobe AIR.dll + * This function is called from Adobe AIR.FREGetObjectAsUTF8+5A + * First function parameter points to a struct containing a pointer to the text along with info about the type of text + * wchar_t* at offset 8 + */ +bool InsertAIRNovelHook() +{ + wcscpy_s(spDefault.boundaryModule, L"Adobe AIR.dll"); + if (DWORD FREGetObjectAsUTF8 = (DWORD)GetProcAddress(GetModuleHandleW(L"Adobe AIR.dll"), "FREGetObjectAsUTF8")) + { + DWORD func = FREGetObjectAsUTF8 + 0x5a + 5 + *(int *)(FREGetObjectAsUTF8 + 0x5b); + HookParam hp; + hp.address = func; + hp.type = CODEC_UTF16 | USING_STRING /*|USING_SPLIT|SPLIT_INDIRECT*/ | DATA_INDIRECT; // Artikash 12/14/2018: doesn't seem to be a good split anymore + hp.offset = get_stack(1); + hp.split = get_stack(1); + hp.index = 0x8; + hp.split_index = 0x4; + // hp.filter_fun = [](void* str, DWORD* len, HookParam* hp, BYTE index) // removes some of the garbage threads + //{ + // return *len < 4 && + // *(char*)str != '[' && + // *(char*)str != ';' && + // *(char*)str != '&' && + // *(char*)str != '*' && + // *(char*)str != '\n' && + // *(char*)str != '\t' && + // memcmp((char*)str, "app:/", 5); + // }; + + ConsoleOutput("INSERT AIRNovel"); + + return NewHook(hp, "AIRNovel"); + } + return false; +} +bool adobelair3() +{ + // 虚構英雄ジンガイアVol3 + DWORD base = (DWORD)GetModuleHandleW(L"Adobe AIR.dll"); + if (!base) + return false; + BYTE sig[] = { + 0x8b, 0x85, XX4, + 0x8B, 0x4E, 0x04, + 0x85, 0xC9, + 0x0F, 0x85, XX4, + 0xFF, 0x70, 0x14, + 0x8B, 0x78, 0x0c, + 0x8b, 0xcf, + 0x68, 0xb8, 0x00, 0x00, 0x00, + 0xff, 0x15, XX4, + 0xff, 0xd7, + 0x8b, 0xc8, + 0x83, 0xc4, 0x08, + 0x85, 0xc9, + 0x0f, 0x85, XX4}; + enum + { + range = 0x600000 + }; // larger than relative addresses + auto [minAddress, maxAddress] = std::make_pair(base, base + range); + auto addr = MemDbg::findBytes(sig, sizeof(sig), minAddress, maxAddress); + HookParam hp; + hp.address = addr; + hp.type = CODEC_UTF8 | USING_STRING | NO_CONTEXT; + hp.offset = get_stack(1); + hp.filter_fun = [](void *data, size_t *len, HookParam *hp) + { + // 若当前还有5个字符,则这个句子会显示5次,然后substr(1,len-1),直到结束,总共显示5+4+3+2+1次 + auto ws = StringToWideString(std::string((char *)data, *len)); + static int leng = 0; + if (ws.length() <= leng) + { + leng = ws.length(); + return false; + } + leng = ws.length(); + return true; + }; + return NewHook(hp, "AIRNovel"); +} +bool AdobeAir::attach_function() +{ + + bool b1 = InsertAdobeAirHook(); + b1 |= AdobeAIRhook2(); + b1 |= adobelair3(); + b1 = b1 || InsertAIRNovelHook(); // 乱码太多了这个 + return b1; +} \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine32/AdobeAir.h b/cpp/LunaHook/LunaHook/engine32/AdobeAir.h new file mode 100644 index 00000000..c2e81bdc --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/AdobeAir.h @@ -0,0 +1,16 @@ + + +class AdobeAir : public ENGINE +{ +public: + AdobeAir() + { + + check_by = CHECK_BY::CUSTOM; + check_by_target = []() + { + return Util::CheckFile(L"Adobe AIR\\Versions\\1.0\\Adobe AIR.dll") || GetModuleHandle(L"Adobe AIR.dll") || Util::CheckFile(L"*.swf"); + }; + }; + bool attach_function(); +}; \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine32/AdobeFlash10.cpp b/cpp/LunaHook/LunaHook/engine32/AdobeFlash10.cpp new file mode 100644 index 00000000..764a0fc7 --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/AdobeFlash10.cpp @@ -0,0 +1,288 @@ +#include "AdobeFlash10.h" + +/** jichi 10/31/2014 Adobe Flash Player v10 + * + * Sample game: [141031] [ヂ�ンクルベル] 輪舞曲Duo + * + * Debug method: Hex utf16 text, then insert hw breakpoints + * 21:51 3110% hexstr 『何よ utf16 + * 0e30554f8830 + * + * There are also UTF-8 strings in the memory. I could not find a good place to hook + * using hw breakpoints. + * + * There are lots of matches. One is selected. Then, the enclosing function is selected. + * arg1 is the UNICODE text. + * + * Pattern: + * + * 0161293a 8bc6 mov eax,esi + * 0161293c 5e pop esi + * 0161293d c2 0800 retn 0x8 + * + * Function starts + * 01612940 8b4c24 0c mov ecx,dword ptr ss:[esp+0xc] ; jichi: hook here + * 01612944 53 push ebx + * 01612945 55 push ebp + * 01612946 56 push esi + * 01612947 57 push edi + * 01612948 33ff xor edi,edi + * 0161294a 85c9 test ecx,ecx + * 0161294c 0f84 5f010000 je ron2.01612ab1 + * 01612952 397c24 18 cmp dword ptr ss:[esp+0x18],edi + * 01612956 0f8e ba010000 jle ron2.01612b16 + * 0161295c 8b6c24 14 mov ebp,dword ptr ss:[esp+0x14] + * 01612960 be 01000000 mov esi,0x1 + * 01612965 eb 09 jmp short ron2.01612970 + * 01612967 8da424 00000000 lea esp,dword ptr ss:[esp] + * 0161296e 8bff mov edi,edi + * 01612970 0fb755 00 movzx edx,word ptr ss:[ebp] + * 01612974 297424 18 sub dword ptr ss:[esp+0x18],esi + * 01612978 b8 80000000 mov eax,0x80 + * 0161297d 66:3bd0 cmp dx,ax + * 01612980 73 15 jnb short ron2.01612997 + * 01612982 297424 20 sub dword ptr ss:[esp+0x20],esi + * 01612986 0f88 1d010000 js ron2.01612aa9 + * 0161298c 8811 mov byte ptr ds:[ecx],dl + * 0161298e 03ce add ecx,esi + * 01612990 03fe add edi,esi + * 01612992 e9 fd000000 jmp ron2.01612a94 + * 01612997 b8 00080000 mov eax,0x800 + * 0161299c 66:3bd0 cmp dx,ax + * 0161299f 73 2a jnb short ron2.016129cb + * 016129a1 836c24 20 02 sub dword ptr ss:[esp+0x20],0x2 + * 016129a6 0f88 fd000000 js ron2.01612aa9 + * 016129ac 8bc2 mov eax,edx + * 016129ae c1e8 06 shr eax,0x6 + * 016129b1 24 1f and al,0x1f + * 016129b3 0c c0 or al,0xc0 + * 016129b5 8801 mov byte ptr ds:[ecx],al + * 016129b7 80e2 3f and dl,0x3f + * 016129ba 03ce add ecx,esi + * 016129bc 80ca 80 or dl,0x80 + * 016129bf 8811 mov byte ptr ds:[ecx],dl + * 016129c1 03ce add ecx,esi + * 016129c3 83c7 02 add edi,0x2 + * 016129c6 e9 c9000000 jmp ron2.01612a94 + * 016129cb 8d82 00280000 lea eax,dword ptr ds:[edx+0x2800] + * 016129d1 bb ff030000 mov ebx,0x3ff + * 016129d6 66:3bc3 cmp ax,bx + * 016129d9 77 7b ja short ron2.01612a56 + * 016129db 297424 18 sub dword ptr ss:[esp+0x18],esi + * 016129df 0f88 c4000000 js ron2.01612aa9 + * 016129e5 0fb775 02 movzx esi,word ptr ss:[ebp+0x2] + * 016129e9 83c5 02 add ebp,0x2 + * 016129ec 8d86 00240000 lea eax,dword ptr ds:[esi+0x2400] + * 016129f2 66:3bc3 cmp ax,bx + * 016129f5 77 58 ja short ron2.01612a4f + * 016129f7 0fb7d2 movzx edx,dx + * 016129fa 81ea f7d70000 sub edx,0xd7f7 + * 01612a00 0fb7c6 movzx eax,si + * 01612a03 c1e2 0a shl edx,0xa + * 01612a06 03d0 add edx,eax + * 01612a08 836c24 20 04 sub dword ptr ss:[esp+0x20],0x4 + * 01612a0d 0f88 96000000 js ron2.01612aa9 + * 01612a13 8bc2 mov eax,edx + * 01612a15 c1e8 12 shr eax,0x12 + * 01612a18 24 07 and al,0x7 + * 01612a1a 0c f0 or al,0xf0 + * 01612a1c 8801 mov byte ptr ds:[ecx],al + * 01612a1e 8bc2 mov eax,edx + * 01612a20 c1e8 0c shr eax,0xc + * 01612a23 24 3f and al,0x3f + * 01612a25 be 01000000 mov esi,0x1 + * 01612a2a 0c 80 or al,0x80 + * 01612a2c 880431 mov byte ptr ds:[ecx+esi],al + * 01612a2f 03ce add ecx,esi + * 01612a31 8bc2 mov eax,edx + * 01612a33 c1e8 06 shr eax,0x6 + * 01612a36 03ce add ecx,esi + * 01612a38 24 3f and al,0x3f + * 01612a3a 0c 80 or al,0x80 + * 01612a3c 8801 mov byte ptr ds:[ecx],al + * 01612a3e 80e2 3f and dl,0x3f + * 01612a41 03ce add ecx,esi + * 01612a43 80ca 80 or dl,0x80 + * 01612a46 8811 mov byte ptr ds:[ecx],dl + * 01612a48 03ce add ecx,esi + * 01612a4a 83c7 04 add edi,0x4 + * 01612a4d eb 45 jmp short ron2.01612a94 + * 01612a4f be 01000000 mov esi,0x1 + * 01612a54 eb 0b jmp short ron2.01612a61 + * 01612a56 8d82 00240000 lea eax,dword ptr ds:[edx+0x2400] + * 01612a5c 66:3bc3 cmp ax,bx + * 01612a5f 77 05 ja short ron2.01612a66 + * 01612a61 ba fdff0000 mov edx,0xfffd + * 01612a66 836c24 20 03 sub dword ptr ss:[esp+0x20],0x3 + * 01612a6b 78 3c js short ron2.01612aa9 + * 01612a6d 8bc2 mov eax,edx + * 01612a6f c1e8 0c shr eax,0xc + * 01612a72 24 0f and al,0xf + * 01612a74 0c e0 or al,0xe0 + * 01612a76 8801 mov byte ptr ds:[ecx],al + * 01612a78 8bc2 mov eax,edx + * 01612a7a c1e8 06 shr eax,0x6 + * 01612a7d 03ce add ecx,esi + * 01612a7f 24 3f and al,0x3f + * 01612a81 0c 80 or al,0x80 + * 01612a83 8801 mov byte ptr ds:[ecx],al + * 01612a85 80e2 3f and dl,0x3f + * 01612a88 03ce add ecx,esi + * 01612a8a 80ca 80 or dl,0x80 + * 01612a8d 8811 mov byte ptr ds:[ecx],dl + * 01612a8f 03ce add ecx,esi + * 01612a91 83c7 03 add edi,0x3 + * 01612a94 83c5 02 add ebp,0x2 + * 01612a97 837c24 18 00 cmp dword ptr ss:[esp+0x18],0x0 + * 01612a9c ^0f8f cefeffff jg ron2.01612970 + * 01612aa2 8bc7 mov eax,edi + * 01612aa4 5f pop edi + * 01612aa5 5e pop esi + * 01612aa6 5d pop ebp + * 01612aa7 5b pop ebx + * 01612aa8 c3 retn + * 01612aa9 5f pop edi + * 01612aaa 5e pop esi + * 01612aab 5d pop ebp + * 01612aac 83c8 ff or eax,0xffffffff + * 01612aaf 5b pop ebx + * 01612ab0 c3 retn + * 01612ab1 8b4424 18 mov eax,dword ptr ss:[esp+0x18] + * 01612ab5 85c0 test eax,eax + * 01612ab7 7e 5d jle short ron2.01612b16 + * 01612ab9 8b5424 14 mov edx,dword ptr ss:[esp+0x14] + * 01612abd 8d49 00 lea ecx,dword ptr ds:[ecx] + * 01612ac0 0fb70a movzx ecx,word ptr ds:[edx] ; jichi: this is where the text is accessed + * 01612ac3 be 80000000 mov esi,0x80 + * 01612ac8 48 dec eax + * 01612ac9 66:3bce cmp cx,si + * 01612acc 73 03 jnb short ron2.01612ad1 + * 01612ace 47 inc edi + * 01612acf eb 3e jmp short ron2.01612b0f + * 01612ad1 be 00080000 mov esi,0x800 + * 01612ad6 66:3bce cmp cx,si + * 01612ad9 73 05 jnb short ron2.01612ae0 + * 01612adb 83c7 02 add edi,0x2 + * 01612ade eb 2f jmp short ron2.01612b0f + * 01612ae0 81c1 00280000 add ecx,0x2800 + * 01612ae6 be ff030000 mov esi,0x3ff + * 01612aeb 66:3bce cmp cx,si + * 01612aee 77 1c ja short ron2.01612b0c + * 01612af0 83e8 01 sub eax,0x1 + * 01612af3 ^78 b4 js short ron2.01612aa9 + * 01612af5 0fb74a 02 movzx ecx,word ptr ds:[edx+0x2] + * 01612af9 83c2 02 add edx,0x2 + * 01612afc 81c1 00240000 add ecx,0x2400 + * 01612b02 66:3bce cmp cx,si + * 01612b05 77 05 ja short ron2.01612b0c + * 01612b07 83c7 04 add edi,0x4 + * 01612b0a eb 03 jmp short ron2.01612b0f + * 01612b0c 83c7 03 add edi,0x3 + * 01612b0f 83c2 02 add edx,0x2 + * 01612b12 85c0 test eax,eax + * 01612b14 ^7f aa jg short ron2.01612ac0 + * 01612b16 8bc7 mov eax,edi + * 01612b18 5f pop edi + * 01612b19 5e pop esi + * 01612b1a 5d pop ebp + * 01612b1b 5b pop ebx + * 01612b1c c3 retn + * 01612b1d cc int3 + * 01612b1e cc int3 + * 01612b1f cc int3 + * + * Runtime stack: + * 0019e974 0161640e return to Ron2.0161640e from Ron2.01612940 + * 0019e978 1216c180 UNICODE "Dat/Chr/HAL_061.swf" + * 0019e97c 00000013 + * 0019e980 12522838 + * 0019e984 00000013 + * 0019e988 0210da80 + * 0019e98c 0019ecb0 + * 0019e990 0019e9e0 + * 0019e994 0019ea24 + * 0019e998 0019e9cc + * + * Runtime registers: + * EAX 12522838 + * ECX 1216C180 UNICODE "Dat/Chr/HAL_061.swf" + * EDX 0C5E9898 + * EBX 12532838 + * ESP 0019E974 + * EBP 00000013 + * ESI 00000013 + * EDI 0019E9CC + * EIP 01612940 Ron2.01612940 + */ +// Skip ASCII garbage such as: Dat/Chr/HAL_061.swf +static bool AdobeFlashFilter(LPVOID data, size_t *size, HookParam *) +{ + // TODO: Remove [0-9a-zA-Z./]{4,} as garbage + LPCWSTR p = reinterpret_cast(data); + size_t len = *size / 2; + for (size_t i = 0; i < len; i++) + if (p[i] & 0xff00) + return true; + return false; +} +bool InsertAdobeFlash10Hook() +{ + const BYTE bytes[] = { + 0x8b, 0x4c, 0x24, 0x0c, // 01612940 8b4c24 0c mov ecx,dword ptr ss:[esp+0xc] ; jichi: hook here + 0x53, // 01612944 53 push ebx + 0x55, // 01612945 55 push ebp + 0x56, // 01612946 56 push esi + 0x57, // 01612947 57 push edi + 0x33, 0xff, // 01612948 33ff xor edi,edi + 0x85, 0xc9, // 0161294a 85c9 test ecx,ecx + 0x0f, 0x84 //, 5f010000 // 0161294c 0f84 5f010000 je ron2.01612ab1 + }; + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStopAddress); + // addr = 0x01612940; + // addr = 0x01612AC0; + if (!addr) + { + ConsoleOutput("AdobeFlash10: pattern not found"); + return false; + } + + HookParam hp; + hp.address = addr; + hp.offset = get_stack(1); + // hp.length_offset = 2 * 4; // arg2 might be the length + hp.type = CODEC_UTF16 | USING_STRING; + hp.filter_fun = AdobeFlashFilter; + ConsoleOutput("INSERT Adobe Flash 10"); + + ConsoleOutput("AdobeFlash10: disable GDI hooks"); + + return NewHook(hp, "Adobe Flash 10"); +} +namespace +{ + bool __() + { + //[yosino] ANCIENT + // https://ci-en.dlsite.com/creator/5059/ + const BYTE bytes[] = { + 0x55, 0x8b, 0xec, + 0x51, 0x51, 0x8b, 0x45, 0x10, + 0x53, 0x8b, 0xd9, 0x89, 0x43, 0x08, + 0x8a, 0x45, 0x0c}; + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStopAddress); + + if (!addr) + return false; + + HookParam hp; + hp.address = addr; + hp.offset = get_stack(4); + hp.type = CODEC_UTF16 | USING_STRING; + return NewHook(hp, "Adobe Flash 11"); + } +} +bool AdobeFlash10::attach_function() +{ + + return InsertAdobeFlash10Hook() | __(); +} \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine32/AdobeFlash10.h b/cpp/LunaHook/LunaHook/engine32/AdobeFlash10.h new file mode 100644 index 00000000..a70400d0 --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/AdobeFlash10.h @@ -0,0 +1,13 @@ + + +class AdobeFlash10 : public ENGINE +{ +public: + AdobeFlash10() + { + + check_by = CHECK_BY::RESOURCE_STR; + check_by_target = L"Adobe Flash Player 10"; + }; + bool attach_function(); +}; \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine32/Ages3ResT.cpp b/cpp/LunaHook/LunaHook/engine32/Ages3ResT.cpp new file mode 100644 index 00000000..c73c2852 --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/Ages3ResT.cpp @@ -0,0 +1,41 @@ +#include "Ages3ResT.h" + +bool Ages3ResTHook() +{ + const BYTE bytes[] = { + 0x8d, 0x4f, XX, + 0xff, 0x15, XX4, + XX, + 0x8d, 0x8f, XX4, + 0xff, 0x15, XX4, + 0x8d, XX, XX4, + XX, + 0x8d, 0x8f, XX4, + 0xff, 0x15, XX4, + 0x8b, XX, + 0xff, 0x15, XX4}; + + auto addrs = Util::SearchMemory(bytes, sizeof(bytes), PAGE_EXECUTE, processStartAddress, processStopAddress); + bool succ = false; + for (auto addr : addrs) + { + ConsoleOutput("Ages3ResT %p", addr); + if (addr == 0) + return false; + addr = findfuncstart(addr); + ConsoleOutput("Ages3ResT %p", addr); + if (addr == 0) + return false; + HookParam hp; + hp.address = addr; + hp.offset = get_stack(3); + hp.type = CODEC_UTF16 | USING_STRING; + succ |= NewHook(hp, "Ages3ResT"); + } + return succ; +} + +bool Ages3ResT::attach_function() +{ + return Ages3ResTHook(); +} \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine32/Ages3ResT.h b/cpp/LunaHook/LunaHook/engine32/Ages3ResT.h new file mode 100644 index 00000000..b9242318 --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/Ages3ResT.h @@ -0,0 +1,13 @@ + + +class Ages3ResT : public ENGINE +{ +public: + Ages3ResT() + { + + check_by = CHECK_BY::FILE; + check_by_target = L"Ages3ResT.dll"; + }; + bool attach_function(); +}; \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine32/Aksys.cpp b/cpp/LunaHook/LunaHook/engine32/Aksys.cpp new file mode 100644 index 00000000..918f2a5b --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/Aksys.cpp @@ -0,0 +1,66 @@ +#include "Aksys.h" +namespace +{ + bool _Aksys() + { + // https://vndb.org/v25385 + // Spirit Hunter: NG + /* + int __usercall sub_4CDD70@(const char *a1@, int a2, _DWORD *a3, int *a4) + { + int result; // eax + const char *v6; // [esp+Ch] [ebp-8h] BYREF + + *a3 = strlen(a1); + if ( *a1 && a2 ) + { + v6 = a1; + if ( (unsigned __int8)sub_4CAEB0(&v6) ) + { + *a4 = sub_4CAF70(0, 0, 0x3A4u, (const unsigned __int16 *)a1, 0xFDE9u); + return 0; + } + else + { + return -2141454316; + } + } + else + { + result = 0; + *a4 = 0; + } + return result; + } + */ + BYTE bytes[] = { + 0x68, 0xe9, 0xfd, 0, 0, + 0x56, + 0x68, 0xa4, 0x03, 0, 0, + 0x33, XX, + 0x33, XX, + 0xe8}; + auto addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStopAddress); + if (!addr) + return false; + addr = findfuncstart(addr); + if (!addr) + return false; + HookParam hp; + hp.address = addr; + hp.offset = get_reg(regs::edx); + hp.split = get_reg(regs::edx); + hp.type = USING_STRING | USING_SPLIT; + hp.filter_fun = [](LPVOID data, size_t *size, HookParam *) + { + StringFilter((char *)data, size, "@1r", 3); + StringFilter((char *)data, size, "@-1r", 4); + return (StringToWideString(std::string((char *)data, *size), 932).has_value()); + }; + return NewHook(hp, "Aksys"); + } +} +bool Aksys::attach_function() +{ + return _Aksys(); +} \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine32/Aksys.h b/cpp/LunaHook/LunaHook/engine32/Aksys.h new file mode 100644 index 00000000..c19e10cc --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/Aksys.h @@ -0,0 +1,14 @@ + + +class Aksys : public ENGINE +{ +public: + Aksys() + { + + check_by = CHECK_BY::FILE; + check_by_target = L"System.bra"; + is_engine_certain = false; + }; + bool attach_function(); +}; \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine32/AksysGames.cpp b/cpp/LunaHook/LunaHook/engine32/AksysGames.cpp new file mode 100644 index 00000000..1e65e6b9 --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/AksysGames.cpp @@ -0,0 +1,74 @@ +#include "AksysGames.h" + +bool AksysGames::attach_function() +{ + + const BYTE bytes[] = { + /* + v8 = *v2; + if ( *v2 == (char)0x80 ) + { + ++v2; + ++v5; + goto LABEL_26; + } + v9 = 0; + v17 = v7; + v15 = v2; + v10 = v6; + if ( (unsigned __int8)v8 >= 0x81u && (unsigned __int8)v8 <= 0x9Fu + || (unsigned __int8)v8 >= 0xE0u && (unsigned __int8)v8 <= 0xFCu ) + { + */ + /* + .text:004BCB70 mov cl, [eax] + .text:004BCB72 cmp cl, 80h ; '€' + .text:004BCB75 jz loc_4BCC76 + .text:004BCB7B xor esi, esi + .text:004BCB7D mov [ebp+var_20C], edi + .text:004BCB83 mov [ebp+var_214], eax + .text:004BCB89 mov ebx, edx + .text:004BCB8B test edi, edi + .text:004BCB8D jz short loc_4BCBE3 + .text:004BCB8F cmp cl, 81h + .text:004BCB92 jb short loc_4BCB99 + .text:004BCB94 cmp cl, 9Fh + .text:004BCB97 jbe short loc_4BCBA3 + .text:004BCB99 + .text:004BCB99 loc_4BCB99: ; CODE XREF: sub_4BCB20+72↑j + .text:004BCB99 cmp cl, 0E0h + .text:004BCB9C jb short loc_4BCBC3 + .text:004BCB9E cmp cl, 0FCh + .text:004BCBA1 ja short loc_4BCBC3 + */ + 0x8a, 0x08, + 0x80, 0xf9, 0x80, + 0x0f, 0x84, XX4, + 0x33, 0xf6, + 0x89, XX, XX4, + 0x89, XX, XX4, + 0x8b, 0xda, + 0x85, 0xff, + 0x74, XX, + 0x80, 0xf9, 0x81, + 0x72, XX, + 0x80, 0xf9, 0x9f, + 0x76, XX, + 0x80, 0xf9, 0xe0, + 0x72, XX, + 0x80, 0xf9, 0xfc, + 0x77, XX}; + + ULONG range = min(processStopAddress - processStartAddress, MAX_REL_ADDR); + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStartAddress + range); + if (!addr) + return false; + addr = findfuncstart(addr, 0x100, true); + if (!addr) + return false; + HookParam hp; + hp.address = addr; + hp.offset = get_stack(1); + hp.type = USING_STRING; + return NewHook(hp, "AksysGames"); +} \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine32/AksysGames.h b/cpp/LunaHook/LunaHook/engine32/AksysGames.h new file mode 100644 index 00000000..e72310c7 --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/AksysGames.h @@ -0,0 +1,42 @@ +// https://store.steampowered.com/app/828380/Death_Mark_Vol1/ +// Death Mark Vol.1 - 死印之迷雾 +/* +FILEVERSION 1,0,0,0 +PRODUCTVERSION 1,0,0,0 +FILEFLAGSMASK 0x3F +FILEFLAGS 0x0 +FILEOS VOS_NT_WINDOWS32 +FILETYPE VFT_APP +FILESUBTYPE 0x0 +{ + BLOCK "StringFileInfo" + { + BLOCK "041104b0" + { + VALUE "FileVersion", "1.0.0.0" + VALUE "InternalName", "Death Mark.exe" + VALUE "LegalCopyright", "©EXPERIENCE. Licensed to and published by Aksys Games." + VALUE "OriginalFilename", "Death Mark.exe" + VALUE "ProductName", "Death Mark" + VALUE "ProductVersion", "1.0.0.0" + } + } + BLOCK "VarFileInfo" + { + VALUE "Translation", 0x411, 1200 + } +} + +*/ +class AksysGames : public ENGINE +{ +public: + AksysGames() + { + + check_by = CHECK_BY::RESOURCE_STR; + check_by_target = L"Aksys Games"; + is_engine_certain = false; + }; + bool attach_function(); +}; \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine32/Alice.cpp b/cpp/LunaHook/LunaHook/engine32/Alice.cpp new file mode 100644 index 00000000..79388fc9 --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/Alice.cpp @@ -0,0 +1,108 @@ +#include "Alice.h" + +/******************************************************************************************** +System40 hook: + System40 is a game engine developed by Alicesoft. + Afaik, there are 2 very different types of System40. Each requires a particular hook. + + Pattern 1: Either SACTDX.dll or SACT2.dll exports SP_TextDraw. + The first relative call in this function draw text to some surface. + Text pointer is return by last absolute indirect call before that. + Split parameter is a little tricky. The first register pushed onto stack at the begining + usually is used as font size later. According to instruction opcode map, push + eax -- 50, ecx -- 51, edx -- 52, ebx --53, esp -- 54, ebp -- 55, esi -- 56, edi -- 57 + Split parameter value: + eax - -8, ecx - -C, edx - -10, ebx - -14, esp - -18, ebp - -1C, esi - -20, edi - -24 + Just extract the low 4 bit and shift left 2 bit, then minus by -8, + will give us the split parameter. e.g. push ebx 53->3 *4->C, -8-C=-14. + Sometimes if split function is enabled, ITH will split text spoke by different + character into different thread. Just open hook dialog and uncheck split parameter. + Then click modify hook. + + Pattern 2: *engine.dll exports SP_SetTextSprite. + At the entry point, EAX should be a pointer to some structure, character at +0x8. + Before calling this function, the caller put EAX onto stack, we can also find this + value on stack. But seems parameter order varies from game release. If a future + game breaks the EAX rule then we need to disassemble the caller code to determine + data offset dynamically. +********************************************************************************************/ + +static bool InsertAliceHook1(DWORD addr) +{ + if (!addr) + { + ConsoleOutput("AliceHook1: failed"); + return false; + } + for (DWORD i = addr, s = addr; i < s + 0x100; i++) + if (*(BYTE *)i == 0xe8) + { // Find the first relative call. + DWORD j = i + 5 + *(DWORD *)(i + 1); + while (true) + { // Find the first register push onto stack. + DWORD c = ::disasm((BYTE *)s); + if (c == 1) + break; + s += c; + } + DWORD c = *(BYTE *)s; + HookParam hp; + hp.address = j; + hp.offset = get_reg(regs::eax); + hp.split = -8 - ((c & 0xf) << 2); + hp.type = USING_STRING | USING_SPLIT; + // if (s>j) hp.type^=USING_SPLIT; + ConsoleOutput("INSERT AliceHook1"); + + // RegisterEngineType(ENGINE_SYS40); + return NewHook(hp, "System40"); + } + ConsoleOutput("AliceHook1: failed"); + return false; +} +static bool InsertAliceHook2(DWORD addr) +{ + if (!addr) + { + ConsoleOutput("AliceHook2: failed"); + return false; + } + HookParam hp; + hp.address = addr; + hp.offset = get_reg(regs::eax); + hp.index = 0x8; + hp.type = DATA_INDIRECT; + ConsoleOutput("INSERT AliceHook2"); + return NewHook(hp, "System40"); + // RegisterEngineType(ENGINE_SYS40); +} + +// jichi 8/23/2013 Move here from engine.cc +// Do not work for the latest Alice games +// jichi 5/13/2015: Looking for function entries in StoatSpriteEngine.dll +bool InsertAliceHook() +{ + bool ok = false; + if (auto addr = Util::FindFunction("SP_TextDraw")) + { + + ok |= InsertAliceHook1(addr); + } + // if (GetFunctionAddr("SP_SetTextSprite", &addr, &low, &high, 0) && addr) { + // InsertAliceHook2(addr); + // return true; + //} + if (auto addr = Util::FindFunction("SP_SetTextSprite")) + { // Artikash 6/27/2018 not sure if this works + + ok |= InsertAliceHook2(addr); + } + // ConsoleOutput("AliceHook: failed"); + return ok; +} + +bool Alice::attach_function() +{ + + return InsertAliceHook(); +} \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine32/Alice.h b/cpp/LunaHook/LunaHook/engine32/Alice.h new file mode 100644 index 00000000..97215bf0 --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/Alice.h @@ -0,0 +1,12 @@ + + +class Alice : public ENGINE +{ +public: + Alice() + { + + check_by = CHECK_BY::ALL_TRUE; + }; + bool attach_function(); +}; \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine32/Anex86.cpp b/cpp/LunaHook/LunaHook/engine32/Anex86.cpp new file mode 100644 index 00000000..9dbb72bd --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/Anex86.cpp @@ -0,0 +1,103 @@ +#include "Anex86.h" + +namespace +{ // unnamed, for Anex86 + BYTE JIS_tableH[0x80] = { + 0x00, 0x81, 0x81, 0x82, 0x82, 0x83, 0x83, 0x84, + 0x84, 0x85, 0x85, 0x86, 0x86, 0x87, 0x87, 0x88, + 0x88, 0x89, 0x89, 0x8a, 0x8a, 0x8b, 0x8b, 0x8c, + 0x8c, 0x8d, 0x8d, 0x8e, 0x8e, 0x8f, 0x8f, 0x90, + 0x90, 0x91, 0x91, 0x92, 0x92, 0x93, 0x93, 0x94, + 0x94, 0x95, 0x95, 0x96, 0x96, 0x97, 0x97, 0x98, + 0x98, 0x99, 0x99, 0x9a, 0x9a, 0x9b, 0x9b, 0x9c, + 0x9c, 0x9d, 0x9d, 0x9e, 0x9e, 0xdf, 0xdf, 0xe0, + 0xe0, 0xe1, 0xe1, 0xe2, 0xe2, 0xe3, 0xe3, 0xe4, + 0xe4, 0xe5, 0xe5, 0xe6, 0xe6, 0xe7, 0xe7, 0xe8, + 0xe8, 0xe9, 0xe9, 0xea, 0xea, 0xeb, 0xeb, 0xec, + 0xec, 0xed, 0xed, 0xee, 0xee, 0xef, 0xef, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}; + + BYTE JIS_tableL[0x80] = { + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, + 0x47, 0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, + 0x4f, 0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, + 0x57, 0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, + 0x5f, 0x60, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, + 0x67, 0x68, 0x69, 0x6a, 0x6b, 0x6c, 0x6d, 0x6e, + 0x6f, 0x70, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, + 0x77, 0x78, 0x79, 0x7a, 0x7b, 0x7c, 0x7d, 0x7e, + 0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87, + 0x88, 0x89, 0x8a, 0x8b, 0x8c, 0x8d, 0x8e, 0x8f, + 0x90, 0x91, 0x92, 0x93, 0x94, 0x95, 0x96, 0x97, + 0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x00}; + + void SpecialHookAnex86(hook_stack *stack, HookParam *hp, TextBuffer *buffer, uintptr_t *split) + { + auto ecx = stack->ecx; + if (*(BYTE *)(ecx + 0xe) != 0) + return; + auto lb = *(BYTE *)(ecx + 0xc); + auto hb = *(BYTE *)(ecx + 0xd); + if (hb == 0) + { + buffer->from_t(1); + } + else + { + if (hb <= 0x7e && lb <= 0x7e) + { + + BYTE low; + if ((hb & 1) == 0) + low = lb + 0x7E; + else + low = JIS_tableL[lb]; + auto chr = low | (JIS_tableH[hb] << 8); + buffer->from_t(_byteswap_ushort(chr)); + } + } + } +} // unnamed namespace +bool InsertAnex86Hook() +{ + const BYTE bytes[] = { + 0x8a, XX, 0x0c, // mov ??,[ecx+0C] + 0x8a, XX, 0x0d // mov ??,[ecx+0D] + }; + bool found = false; + for (auto addr : Util::SearchMemory(bytes, sizeof(bytes), PAGE_EXECUTE, processStartAddress, processStopAddress)) + { + // const DWORD dwords[] = {0x618ac033,0x0d418a0c}; // jichi 12/25/2013: Remove static keyword + // for (DWORD i = processStartAddress + 0x1000; i < processStopAddress - 8; i++) + // if (*(DWORD *)i == dwords[0]) + // if (*(DWORD *)(i + 4) == dwords[1]) { + HookParam hp; + if (*(BYTE *)(addr - 2) == 0x33 || *(BYTE *)(addr - 2) == 0x31) + addr = addr - 2; + hp.address = addr; + hp.offset = get_reg(regs::ecx); + hp.type = USING_CHAR; + hp.text_fun = SpecialHookAnex86; + // hp.type = EXTERN_HOOK; + ConsoleOutput("INSERT Anex86"); + + found |= NewHook(hp, "Anex86"); + } + if (found) + return true; + ConsoleOutput("Anex86: failed"); + return false; +} + +bool Anex86::attach_function() +{ + + return InsertAnex86Hook(); +} \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine32/Anex86.h b/cpp/LunaHook/LunaHook/engine32/Anex86.h new file mode 100644 index 00000000..26014515 --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/Anex86.h @@ -0,0 +1,16 @@ + + +class Anex86 : public ENGINE +{ +public: + Anex86() + { + + check_by = CHECK_BY::CUSTOM; + check_by_target = []() + { + return (wcsstr(processName_lower, L"anex86") || Util::CheckFile(L"anex86.exe")); + }; + }; + bool attach_function(); +}; \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine32/Anim.cpp b/cpp/LunaHook/LunaHook/engine32/Anim.cpp new file mode 100644 index 00000000..fe8bb6c8 --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/Anim.cpp @@ -0,0 +1,113 @@ +#include "Anim.h" + +bool InsertAnimHook() +{ + const BYTE bytes[] = {0xC7, 0x45, 0xFC, 0x01, 0x00, 0x00, 0x00, 0x8B, 0x4D, 0x10, 0x51, 0x8D, 0x8D, 0x40, 0x7E, 0xFF, 0xFF}; + ULONG range = min(processStopAddress - processStartAddress, MAX_REL_ADDR); + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStartAddress + range); + if (!addr) + { + ConsoleOutput("Anim: pattern not found"); + return false; + } + HookParam myhp; + myhp.address = addr + 10; + + myhp.type = USING_STRING | NO_CONTEXT | EMBED_ABLE | EMBED_AFTER_OVERWRITE | EMBED_DYNA_SJIS; // /HQ 不使用上下文区分 把所有线程的文本都提取 + myhp.hook_font = F_GetGlyphOutlineA; + // data_offset + myhp.offset = get_reg(regs::ecx); + char nameForUser[HOOK_NAME_SIZE] = "Anim"; + + return NewHook(myhp, nameForUser); +} + +bool InsertAnim2Hook() +{ + const BYTE bytes[] = {0xC7, 0x45, 0xFC, 0x01, 0x00, 0x00, 0x00, 0x8B, 0x45, 0x10, 0x50, 0x8D, 0x8D, 0xAC, 0x7E, 0xFF, 0xFF}; + ULONG range = min(processStopAddress - processStartAddress, MAX_REL_ADDR); + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStartAddress + range); + if (!addr) + { + ConsoleOutput("Anim2: pattern not found"); + return false; + } + HookParam myhp; + myhp.address = addr + 10; + myhp.hook_font = F_GetGlyphOutlineA; + // メスつまみ3 + // そんな俺に声をかけてきたのは、近所のスーパーで働いている主婦の、@n『@[赤羽:あかばね]@[千晶:ちあき]』さんだ。 + myhp.filter_fun = [](void *data, size_t *len, HookParam *hp) + { + static const std::regex rx("@\\[(.*?):(.*?)\\]", std::regex_constants::icase); + std::string result = std::string((char *)data, *len); + result = std::regex_replace(result, rx, "$1"); + return write_string_overwrite(data, len, result); + }; + myhp.newlineseperator = L"@n"; + myhp.type = USING_STRING | NO_CONTEXT | EMBED_ABLE | EMBED_AFTER_OVERWRITE | EMBED_DYNA_SJIS; + // 僕がいない間に変貌えられた妻の秘肉 ~ラブラブ新婚妻は他の男に抱かれ淫らに喘ぐ夢を見るか~ 体験版 + + // data_offset + myhp.offset = get_reg(regs::eax); + + return NewHook(myhp, "Anim2"); +} +namespace +{ + bool Anim3Filter(LPVOID data, size_t *size, HookParam *) + { + auto text = reinterpret_cast(data); + auto len = reinterpret_cast(size); + + StringFilterBetween(text, len, "\x81\x40", 2, "@m", 2); // @r(2,はと) + StringFilterBetween(text, len, "\x81\x40", 2, "@n", 2); // @r(2,はと) + StringCharReplacer(text, len, "@b", 2, ' '); + StringCharReplacer(text, len, "\x81\x42", 2, '.'); + StringCharReplacer(text, len, "\x81\x48", 2, '?'); + StringCharReplacer(text, len, "\x81\x49", 2, '!'); + + return true; + } + + bool InsertAnim3Hook() + { + /* + * Sample games: + * https://vndb.org/v17427 + * https://vndb.org/v18837 + */ + const BYTE bytes[] = { + 0xCC, // int 3 + 0x55, // push ebp << hook here + 0x8B, 0xEC, // mov ebp,esp + 0x81, 0xEC, XX4, // sub esp,00000830 + 0xA1, XX4, // mov eax,[musu_mama.exe+A91F0] + 0x33, 0xC5, // xor eax,ebp + 0x89, 0x45, 0xE8 // mov [ebp-18],eax + }; + ULONG range = min(processStopAddress - processStartAddress, MAX_REL_ADDR); + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStartAddress + range); + if (!addr) + { + ConsoleOutput("Anim3: pattern not found"); + return false; + } + + HookParam hp; + hp.address = addr + 1; + hp.offset = get_reg(regs::edx); + hp.type = USING_STRING; + hp.filter_fun = Anim3Filter; + ConsoleOutput("INSERT Anim3"); + + return NewHook(hp, "Anim3"); + } +} +bool Anim::attach_function() +{ + + auto b1 = InsertAnimHook() || InsertAnim2Hook(); + b1 = InsertAnim3Hook() || b1; + return b1; +} \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine32/Anim.h b/cpp/LunaHook/LunaHook/engine32/Anim.h new file mode 100644 index 00000000..dc272704 --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/Anim.h @@ -0,0 +1,14 @@ + + +class Anim : public ENGINE +{ +public: + Anim() + { + + check_by = CHECK_BY::FILE; + check_by_target = L"voice\\*.pck"; + is_engine_certain = false; + }; + bool attach_function(); +}; \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine32/Anisetta.cpp b/cpp/LunaHook/LunaHook/engine32/Anisetta.cpp new file mode 100644 index 00000000..036cc565 --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/Anisetta.cpp @@ -0,0 +1,24 @@ +#include "Anisetta.h" + +bool Anisetta::attach_function() +{ + // https://vndb.org/v4068 + // 12+ + const BYTE bytes[] = { + 0xF7, 0xD8, + 0x1B, 0xC0, + 0x25, 0x58, 0x02, 0x00, 0x00, + 0x05, 0x90, 0x01, 0x00, 0x00}; + auto addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStopAddress); + if (addr == 0) + return false; + addr = MemDbg::findEnclosingAlignedFunction(addr); + if (addr == 0) + return false; + HookParam hp; + hp.address = addr; + hp.type = CODEC_ANSI_BE; + hp.offset = get_stack(5); + + return NewHook(hp, "Anisetta"); +} \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine32/Anisetta.h b/cpp/LunaHook/LunaHook/engine32/Anisetta.h new file mode 100644 index 00000000..558540e4 --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/Anisetta.h @@ -0,0 +1,14 @@ + + +class Anisetta : public ENGINE +{ +public: + Anisetta() + { + + check_by = CHECK_BY::FILE_ANY; + check_by_target = check_by_list{L"*.pd", L".pb"}; + is_engine_certain = false; + }; + bool attach_function(); +}; \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine32/ApricoT.cpp b/cpp/LunaHook/LunaHook/engine32/ApricoT.cpp new file mode 100644 index 00000000..648dbccc --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/ApricoT.cpp @@ -0,0 +1,159 @@ +#include "ApricoT.h" + +/******************************************************************************************** +Apricot hook: + Game folder contains arc.a*. + This engine is heavily based on new DirectX interfaces. + I can't find a good place where text is clean and not repeating. + The game processes script encoded in UTF32-like format. + I reversed the parsing algorithm of the game and implemented it partially. + Only name and text data is needed. + +********************************************************************************************/ + +/** jichi 2/15/2015: ApricoT + * + * Sample game: イセカイ・ラヴァーズ�体験版 + * Issue of the old game is that it uses esp as split, and hence has relative address + * + * 00978100 5b pop ebx + * 00978101 83c4 2c add esp,0x2c + * 00978104 c2 0400 retn 0x4 + * 00978107 33c0 xor eax,eax ; jichi: hook here + * 00978109 bb 03000000 mov ebx,0x3 + * 0097810e 895c24 30 mov dword ptr ss:[esp+0x30],ebx + * 00978112 894424 2c mov dword ptr ss:[esp+0x2c],eax + * 00978116 894424 1c mov dword ptr ss:[esp+0x1c],eax + * 0097811a 8b4e 34 mov ecx,dword ptr ds:[esi+0x34] + * 0097811d 3b4e 3c cmp ecx,dword ptr ds:[esi+0x3c] + * 00978120 894424 3c mov dword ptr ss:[esp+0x3c],eax + * 00978124 7e 3b jle short .00978161 + * 00978126 8b7e 3c mov edi,dword ptr ds:[esi+0x3c] + * 00978129 3b7e 34 cmp edi,dword ptr ds:[esi+0x34] + * 0097812c 76 05 jbe short .00978133 + * 0097812e e8 01db1500 call .00ad5c34 + * 00978133 837e 38 04 cmp dword ptr ds:[esi+0x38],0x4 + * 00978137 72 05 jb short .0097813e + * 00978139 8b46 24 mov eax,dword ptr ds:[esi+0x24] + * 0097813c eb 03 jmp short .00978141 + * 0097813e 8d46 24 lea eax,dword ptr ds:[esi+0x24] + * 00978141 8b3cb8 mov edi,dword ptr ds:[eax+edi*4] + * 00978144 016e 3c add dword ptr ds:[esi+0x3c],ebp + * 00978147 57 push edi + * 00978148 55 push ebp + * 00978149 8d4c24 20 lea ecx,dword ptr ss:[esp+0x20] + * 0097814d e8 de05feff call .00958730 + * + * Sample stack: baseaddr = 0c90000 + * 001aec2c ede50fbb + * 001aec30 0886064c + * 001aec34 08860bd0 + * 001aec38 08860620 + * 001aec3c 00000000 + * 001aec40 00000000 + * 001aec44 08860bd0 + * 001aec48 001aee18 + * 001aec4c 08860620 + * 001aec50 00000000 + * 001aec54 00cb4408 return to .00cb4408 from .00c973e0 + * 001aec58 08860bd8 + * 001aec5c 00000000 + * 001aec60 001aefd8 pointer to next seh record + * 001aec64 00e47d88 se handler + * 001aec68 ffffffff + * 001aec6c 00cb9f40 return to .00cb9f40 from .00cc8030 ; jichi: split here + */ +static void SpecialHookApricoT(hook_stack *stack, HookParam *hp, TextBuffer *buffer, uintptr_t *split) +{ + DWORD reg_esi = stack->esi; + DWORD base = *(DWORD *)(reg_esi + 0x24); + DWORD index = *(DWORD *)(reg_esi + 0x3c); + DWORD *script = (DWORD *)(base + index * 4); + // jichi 2/14/2015 + // Change reg_esp to the return address + // DWORD reg_esp = regof(esp, esp_base); + //*split = reg_esp; + //*split = regof(esp, esp_base); + DWORD arg = stack->stack[16]; // return address + *split = arg > processStartAddress ? arg - processStartAddress : arg; // use relative split value + //*split = argof(1, esp_base); + if (script[0] == L'<') + { + DWORD *end; + for (end = script; *end != L'>'; end++) + ; // jichi 2/14/2015: i.e. = ::wcschr(script) or script + switch (script[1]) + { + case L'N': + if (script[2] == L'a' && script[3] == L'm' && script[4] == L'e') + { + buffer_index = 0; + for (script += 5; script < end; script++) + if (*script > 0x20) + wc_buffer[buffer_index++] = *script & 0xFFFF; + buffer->from(wc_buffer, buffer_index << 1); + // jichi 1/4/2014: The way I save subconext is not able to distinguish the split value + // Change to shift 16 + //*split |= 1 << 31; + *split |= 1 << 16; // jichi: differentiate name and text script + } + break; + case L'T': + if (script[2] == L'e' && script[3] == L'x' && script[4] == L't') + { + buffer_index = 0; + for (script += 5; script < end; script++) + { + if (*script > 0x40) + { + while (*script == L'{') + { + script++; + while (*script != L'\\') + { + wc_buffer[buffer_index++] = *script & 0xffff; + script++; + } + while (*script++ != L'}') + ; + } + wc_buffer[buffer_index++] = *script & 0xffff; + } + } + buffer->from(wc_buffer, buffer_index << 1); + } + break; + } + } +} + +bool InsertApricoTHook() +{ + for (DWORD i = processStartAddress + 0x1000; i < processStopAddress - 4; i++) + if ((*(DWORD *)i & 0xfff8fc) == 0x3cf880) // cmp reg,0x3c + for (DWORD j = i + 3, k = i + 0x100; j < k; j++) + if ((*(DWORD *)j & 0xffffff) == 0x4c2) + { // retn 4 + HookParam hp; + hp.address = j + 3; + hp.text_fun = SpecialHookApricoT; + hp.type = USING_STRING | NO_CONTEXT | CODEC_UTF16; + ConsoleOutput("INSERT ApricoT"); + // GROWL_DWORD3(hp.address, processStartAddress, processStopAddress); + + // RegisterEngineType(ENGINE_APRICOT); + // jichi 2/14/2015: disable cached GDI functions + ConsoleOutput("ApRicoT: disable GDI hooks"); + + return NewHook(hp, "ApRicoT"); + } + + ConsoleOutput("ApricoT: failed"); + return false; +} + +bool ApricoT::attach_function() +{ + + return InsertApricoTHook(); +} \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine32/ApricoT.h b/cpp/LunaHook/LunaHook/engine32/ApricoT.h new file mode 100644 index 00000000..cb55eb8f --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/ApricoT.h @@ -0,0 +1,25 @@ + + +class ApricoT : public ENGINE +{ +public: + ApricoT() + { + + check_by = CHECK_BY::FILE; + check_by_target = L"arc.a*"; + }; + bool attach_function(); +}; + +class ApricoTlast : public ApricoT +{ +public: + ApricoTlast() + { + + check_by = CHECK_BY::FILE; + check_by_target = L"arc.dat"; + is_engine_certain = false; + }; +}; \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine32/Artemis.cpp b/cpp/LunaHook/LunaHook/engine32/Artemis.cpp new file mode 100644 index 00000000..8e294ee8 --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/Artemis.cpp @@ -0,0 +1,270 @@ +#include "Artemis.h" + +/** + * jichi 10/1/2013: Artemis Engine + * See: http://www.ies-net.com/ + * See (CaoNiMaGeBi): http://tieba.baidu.com/p/2625537737 + * Pattern: + * 650a2f 83c4 0c add esp,0xc ; hook here + * 650a32 0fb6c0 movzx eax,al + * 650a35 85c0 test eax,eax + * 0fb6c0 75 0e jnz short tsugokaz.0065a47 + * + * Wrong: 0x400000 + 0x7c574 + * + * //Example: [130927]妹スパイラル /HBN-8*0:14@65589F + * Example: ヂ�ウノイイ家�Trial /HBN-8*0:14@650A2F + * Note: 0x650a2f > 40000(base) + 20000(limit) + * - addr: 0x650a2f + * - text_fun: 0x0 + * - function: 0 + * - hook_len: 0 + * - ind: 0 + * - length_offset: 1 + * - module: 0 + * - off: 4294967284 = 0xfffffff4 = -0xc + * - recover_len: 0 + * - split: 20 = 0x14 + * - split_ind: 0 + * - type: 1048 = 0x418 + * + * @CaoNiMaGeBi: + * RECENT GAMES: + * [130927]妹スパイラル /HBN-8*0:14@65589F + * [130927]サ�ライホルモン + * [131025]ヂ�ウノイイ家�/HBN-8*0:14@650A2F (for trial version) + * CLIENT ORGANIZAIONS: + * CROWD + * D:drive. + * Hands-Aid Corporation + * iMel株式会社 + * SHANNON + * SkyFish + * SNACK-FACTORY + * team flap + * Zodiac + * くらむちめ�� * まかろんソフト + * アイヂ�アファクトリー株式会社 + * カラクリズ� + * 合赼�社ファーストリー� + * 有限会社ウルクスへブン + * 有限会社ロータス + * 株式会社CUCURI + * 株式会社アバン + * 株式会社インタラクヂ�ブブレインズ + * 株式会社ウィンヂ�ール + * 株式会社エヴァンジェ + * 株式会社ポニーキャニオン + * 株式会社大福エンターヂ�ンメン� */ +bool InsertArtemis1Hook() +{ + const BYTE bytes[] = { + 0x83, 0xc4, 0x0c, // add esp,0xc ; hook here + 0x0f, 0xb6, 0xc0, // movzx eax,al + 0x85, 0xc0, // test eax,eax + 0x75, 0x0e // jnz XXOO ; it must be 0xe, or there will be duplication + }; + // enum { addr_offset = 0 }; + ULONG range = min(processStopAddress - processStartAddress, MAX_REL_ADDR); + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStartAddress + range); + // GROWL_DWORD3(reladdr, processStartAddress, range); + if (!addr) + { + ConsoleOutput("Artemis1: pattern not exist"); + return false; + } + + HookParam hp; + hp.address = addr; + hp.offset = get_reg(regs::ecx); + hp.split = get_stack(5); + hp.type = NO_CONTEXT | DATA_INDIRECT | USING_SPLIT; // 0x418 + + // hp.address = 0x650a2f; + // GROWL_DWORD(hp.address); + + ConsoleOutput("INSERT Artemis1"); + + // ConsoleOutput("Artemis1"); + return NewHook(hp, "Artemis1"); +} + +bool InsertArtemis2Hook() +{ + const BYTE bytes[] = { + // 0054461F | CC | int3 | + 0x55, // 00544620 | 55 | push ebp | + 0x8B, 0xEC, // 00544621 | 8B EC | mov ebp,esp | + 0x83, 0xE4, 0xF8, // 00544623 | 83 E4 F8 | and esp,FFFFFFF8 | + 0x6A, 0xFF, // 00544626 | 6A FF | push FFFFFFFF | + 0x68, XX4, // 00544628 | 68 68 7C 6A 00 | push 空のつくりかた体験版_ver3.0.6A7C68 | + 0x64, 0xA1, 0x00, 0x00, 0x00, 0x00, // 0054462D | 64 A1 00 00 00 00 | mov eax,dword ptr fs:[0] | + 0x50, // 00544633 | 50 | push eax | + 0x83, 0xEC, XX, // 00544634 | 83 EC 28 | sub esp,28 | + 0xA1, XX4, // 00544637 | A1 F0 57 81 00 | mov eax,dword ptr ds:[8157F0] | + 0x33, 0xC4, // 0054463C | 33 C4 | xor eax,esp | + 0x89, 0x44, 0x24, XX, // 0054463E | 89 44 24 20 | mov dword ptr ss:[esp+20],eax | + 0x53, // 00544642 | 53 | push ebx | + 0x56, // 00544643 | 56 | push esi | + 0x57, // 00544644 | 57 | push edi | + 0xA1, XX4, // 00544645 | A1 F0 57 81 00 | mov eax,dword ptr ds:[8157F0] | + 0x33, 0xC4, // 0054464A | 33 C4 | xor eax,esp | + 0x50, // 0054464C | 50 | push eax | + 0x8D, 0x44, 0x24, XX, // 0054464D | 8D 44 24 38 | lea eax,dword ptr ss:[esp+38] | [esp+38]:BaseThreadInitThunk + 0x64, 0xA3, 0x00, 0x00, 0x00, 0x00, // 00544651 | 64 A3 00 00 00 00 | mov dword ptr fs:[0],eax | + 0x8B, 0xF1, // 00544657 | 8B F1 | mov esi,ecx | + 0x8B, 0x5D, 0x08, // 00544659 | 8B 5D 08 | mov ebx,dword ptr ss:[ebp+8] | + 0x8B, 0x4D, 0x0C // 0054465C | 8B 4D 0C | mov ecx,dword ptr ss:[ebp+C] | ecx:DbgUiRemoteBreakin, [ebp+C]:BaseThreadInitThunk + }; + enum + { + addr_offset = 0 + }; // distance to the beginning of the function, which is 0x55 (push ebp) + ULONG range = min(processStopAddress - processStartAddress, MAX_REL_ADDR); + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStartAddress + range); + if (!addr) + { + ConsoleOutput("Artemis2: pattern not found"); + return false; + } + addr += addr_offset; + enum + { + push_ebp = 0x55 + }; // beginning of the function + if (*(BYTE *)addr != push_ebp) + { + ConsoleOutput("Artemis2: beginning of the function not found"); + return false; + } + + HookParam hp; + hp.address = addr; + hp.offset = get_stack(1); + hp.type = USING_STRING | NO_CONTEXT; + + ConsoleOutput("INSERT Artemis2"); + bool succ = NewHook(hp, "Artemis2"); + + // Artikash 1/1/2019: Recent games seem to use utf8 encoding instead, other than that the hook is identical. + // Not sure how to differentiate which games are sjis/utf8 so insert both + hp.address = addr + 6; + hp.offset = get_reg(regs::ebp); + hp.index = 8; // ebp was also pushed + hp.type = CODEC_UTF8 | USING_STRING | DATA_INDIRECT; + succ |= NewHook(hp, "Artemis2"); + // ConsoleOutput("Artemis2"); + return succ; +} + +bool InsertArtemis3Hook() +{ + const BYTE bytes[] = { + 0x55, // 005FD780 | 55 | push ebp | + 0x8B, 0xEC, // 005FD781 | 8BEC | mov ebp,esp | + 0x83, 0xE4, 0xF8, // 005FD783 | 83E4 F8 | and esp,FFFFFFF8 | + 0x83, 0xEC, 0x3C, // 005FD786 | 83EC 3C | sub esp,3C | + 0xA1, XX4, // 005FD789 | A1 6C908600 | mov eax,dword ptr ds:[86906C] | + 0x33, 0xC4, // 005FD78E | 33C4 | xor eax,esp | + 0x89, 0x44, 0x24, 0x38, // 005FD790 | 894424 38 | mov dword ptr ss:[esp+38],eax | + 0x53, // 005FD794 | 53 | push ebx | + 0x56, // 005FD795 | 56 | push esi | + 0x8B, 0xC1, // 005FD796 | 8BC1 | mov eax,ecx | + 0xC7, 0x44, 0x24, 0x14, 0x00, 0x00, 0x00, 0x00, // 005FD798 | C74424 14 00000000 | mov dword ptr ss:[esp+14],0 | + 0x8B, 0x4D, 0x0C, // 005FD7A0 | 8B4D 0C | mov ecx,dword ptr ss:[ebp+C] | + 0x33, 0xF6, // 005FD7A3 | 33F6 | xor esi,esi | + 0x57, // 005FD7A5 | 57 | push edi | + 0x8B, 0x7D, 0x08, // 005FD7A6 | 8B7D 08 | mov edi,dword ptr ss:[ebp+8] | + 0x89, 0x44, 0x24, 0x14, // 005FD7A9 | 894424 14 | mov dword ptr ss:[esp+14],eax | + 0x89, 0x4C, 0x24, 0x28, // 005FD7AD | 894C24 28 | mov dword ptr ss:[esp+28],ecx | + 0x80, 0x3F, 0x00, // 005FD7B1 | 803F 00 | cmp byte ptr ds:[edi],0 | + 0x0F, 0x84, XX4, // 005FD7B4 | 0F84 88040000 | je ヘンタイ・プリズンsplit 1.5FDC42 | + 0x83, 0xB8, XX4, 0x00, // 005FD7BA | 83B8 74030000 00 | cmp dword ptr ds:[eax+374],0 | + 0x8B, 0xDF, // 005FD7C1 | 8BDF | mov ebx,edi | + }; + + enum + { + addr_offset = 0 + }; // distance to the beginning of the function, which is 0x55 (push ebp) + ULONG range = min(processStopAddress - processStartAddress, MAX_REL_ADDR); + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStartAddress + range); + if (!addr) + { + ConsoleOutput("Artemis3: pattern not found"); + return false; + } + addr += addr_offset; + enum + { + push_ebp = 0x55 + }; // beginning of the function + if (*(BYTE *)addr != push_ebp) + { + ConsoleOutput("Artemis3: beginning of the function not found"); + return false; + } + + HookParam hp; + hp.address = addr; + hp.offset = get_stack(1); + hp.type = USING_STRING | EMBED_ABLE | CODEC_UTF8 | EMBED_AFTER_NEW; + + return NewHook(hp, "EmbedArtemis"); +} + +namespace +{ + bool a4() + { + // 高慢な奥さんは好きですか?~傲慢人妻教師の堕とし方~ + std::vector addrs; + for (DWORD func : {(DWORD)GetGlyphOutlineA, (DWORD)GetGlyphOutlineW}) + { + auto addrs_ = findiatcallormov_all(func, processStartAddress, processStartAddress, processStopAddress, PAGE_EXECUTE); + addrs.insert(addrs.end(), addrs_.begin(), addrs_.end()); + } + bool ok = false; + for (auto addr : addrs) + { + auto funcaddr = MemDbg::findEnclosingAlignedFunction(addr); + if (!funcaddr) + continue; + BYTE sig1[] = {0x81, XX, 0x00, 0x00, 0x10, 0x00}; + BYTE sig2[] = {0x68, 0x00, 0x02, 0x00, 0x00, 0x68, 0x00, 0x02, 0x00, 0x00}; + BYTE sig3[] = {XX, 0x80, 0x00, 0x00, 0x00, 0x0f, 0x95, 0xc1}; + BYTE sig4[] = {0xC1, XX, 0x18}; + int found = 0; + for (auto sigsz : std::vector>{{sig1, sizeof(sig1)}, {sig2, sizeof(sig2)}, {sig3, sizeof(sig3)}, {sig4, sizeof(sig4)}}) + { + auto fd = MemDbg::findBytes(sigsz.first, sigsz.second, funcaddr, addr); + if (fd) + found += 1; + } + if (found == 4) + { + { + HookParam hp; + hp.address = funcaddr; + hp.type = CODEC_ANSI_BE; + hp.offset = get_stack(2); + ok |= NewHook(hp, "Artemis4A"); + } + { + HookParam hp; + hp.address = funcaddr + 5; + hp.type = CODEC_UTF16; + hp.offset = get_stack(2); + ok |= NewHook(hp, "Artemis4W"); + } + return ok; + } + } + return false; + } +} +bool Artemis::attach_function() +{ + + return InsertArtemis1Hook() || InsertArtemis2Hook() || InsertArtemis3Hook() || a4(); +} \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine32/Artemis.h b/cpp/LunaHook/LunaHook/engine32/Artemis.h new file mode 100644 index 00000000..95d97d2e --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/Artemis.h @@ -0,0 +1,13 @@ + + +class Artemis : public ENGINE +{ +public: + Artemis() + { + + check_by = CHECK_BY::FILE; + check_by_target = L"*.pfs"; + }; + bool attach_function(); +}; \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine32/Atelier.cpp b/cpp/LunaHook/LunaHook/engine32/Atelier.cpp new file mode 100644 index 00000000..5fe05fe8 --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/Atelier.cpp @@ -0,0 +1,265 @@ +#include "Atelier.h" +/******************************************************************************************** +AtelierKaguya hook: + Game folder contains message.dat. Used by AtelierKaguya games. + Usually has font caching issue with TextOutA. + Game engine uses EBP to set up stack frame so we can easily trace back. + Keep step out until it's in main game module. We notice that either register or + stack contains string pointer before call instruction. But it's not quite stable. + In-depth analysis of the called function indicates that there's a loop traverses + the string one character by one. We can set a hook there. + This search process is too complex so I just make use of some characteristic + instruction(add esi,0x40) to locate the right point. +********************************************************************************************/ +bool InsertAtelierHook() +{ + PcHooks::hookOtherPcFunctions(); // lstrlenA gives good hook too + // SafeFillRange(processName, &base, &size); + // size=size-base; + // DWORD sig = 0x40c683; // add esi,0x40 + // i=processStartAddress+SearchPattern(processStartAddress,processStopAddress-processStartAddress,&sig,3); + DWORD i; + for (i = processStartAddress; i < processStopAddress - 4; i++) + { + DWORD sig = *(DWORD *)i & 0xffffff; + if (0x40c683 == sig) // add esi,0x40 + break; + } + if (i < processStopAddress - 4) + for (DWORD j = i - 0x200; i > j; i--) + if (*(DWORD *)i == 0xff6acccc) + { // find the function entry + HookParam hp; + hp.address = i + 2; + hp.offset = get_stack(2); + hp.split = get_reg(regs::esp); + hp.type = USING_SPLIT; + ConsoleOutput("INSERT Aterlier KAGUYA"); + + // RegisterEngineType(ENGINE_ATELIER); + return NewHook(hp, "Atelier KAGUYA"); + } + + ConsoleOutput("Aterlier: failed"); + return false; + // ConsoleOutput("Unknown Atelier KAGUYA engine."); +} + +bool InsertAtelierKaguya2Hook() +{ + + /* + * Sample games: + * https://vndb.org/v22713 + * https://vndb.org/v31685 + * https://vndb.org/v37081 + */ + const BYTE bytes[] = { + 0x51, // push ecx << hook here + 0x50, // push eax + 0xE8, XX4, // call Start.exe+114307 + 0x83, 0xC4, 0x08, // add esp,08 + 0x85, 0xC0, // test eax,eax + 0x78, 0xA1 // js Start.exe+48947 + }; + + ULONG range = min(processStopAddress - processStartAddress, MAX_REL_ADDR); + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStartAddress + range); + if (!addr) + { + ConsoleOutput("Atelier KAGUYA2: pattern not found"); + return false; + } + + HookParam hp; + hp.address = addr; + hp.offset = get_reg(regs::eax); + hp.type = USING_STRING | EMBED_AFTER_OVERWRITE | EMBED_ABLE | EMBED_DYNA_SJIS; + hp.hook_font = F_TextOutA; + hp.filter_fun = NewLineCharToSpaceFilterA; + ConsoleOutput("INSERT Atelier KAGUYA2"); + + return NewHook(hp, "Atelier KAGUYA2"); +} + +bool InsertAtelierKaguya3Hook() +{ + + /* + * Sample games: + * https://vndb.org/v10082 + */ + const BYTE bytes[] = { + 0x55, // push ebp << hook here + 0x8B, 0xEC, // mov ebp,esp + 0x6A, 0xFF, // push -01 + 0x68, 0x80, 0xB9, 0x4D, 0x00, // push Start.exe+DB980 + 0x64, 0xA1, XX4, // mov eax,fs:[00000000] + 0x50, // push eax + 0x51, // push ecx + 0x81, 0xEC, 0xAC, 0x00, 0x00, 0x00 // sub esp,000000AC + }; + + ULONG range = min(processStopAddress - processStartAddress, MAX_REL_ADDR); + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStartAddress + range); + if (!addr) + { + ConsoleOutput("Atelier KAGUYA3: pattern not found"); + return false; + } + + HookParam hp; + hp.address = addr; + hp.offset = get_reg(regs::eax); + hp.type = USING_STRING; + hp.filter_fun = NewLineCharToSpaceFilterA; + ConsoleOutput("INSERT Atelier KAGUYA3"); + + return NewHook(hp, "Atelier KAGUYA3"); +} + +bool InsertAtelierKaguya4Hook() +{ + + /* + * Sample games: + * https://vndb.org/v14705 + */ + const BYTE bytes[] = { + 0xE8, 0x90, 0xA8, 0xFF, 0xFF, // call Start.exe+18380 + 0x89, 0x45, 0xF8, // mov [ebp-08],eax + 0x8B, 0x4D, 0x10, // mov ecx,[ebp+10] + 0x51, // push ecx + 0x8B, 0x55, 0x0C, // mov edx,[ebp+0C] + 0x52, // push edx + 0x8B, 0x45, 0x08, // mov eax,[ebp+08] + 0x50 // push eax << hook here + }; + enum + { + addr_offset = sizeof(bytes) - 1 + }; + + ULONG range = min(processStopAddress - processStartAddress, MAX_REL_ADDR); + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStartAddress + range); + if (!addr) + { + ConsoleOutput("Atelier KAGUYA4: pattern not found"); + return false; + } + + HookParam hp; + hp.address = addr + addr_offset; + hp.offset = get_reg(regs::eax); + hp.type = USING_STRING; + hp.filter_fun = NewLineCharToSpaceFilterA; + ConsoleOutput("INSERT Atelier KAGUYA4"); + + return NewHook(hp, "Atelier KAGUYA4"); +} + +bool InsertAtelierKaguya5Hook() +{ + + /* + * Sample games: + * https://vndb.org/v11224 + */ + const BYTE bytes[] = { + 0xC2, 0x04, 0x00, // ret 0004 + 0x55, // push ebp << hook here + 0x8B, 0xEC, // mov ebp,esp + 0x6A, 0xFF, // push -01 + 0x68, XX4, // push Start.exe+DA680 + 0x64, 0xA1, 0x00, 0x00, 0x00, 0x00, // mov eax,fs:[00000000] + 0x50, // push eax + 0x51, // push ecx + }; + ULONG range = min(processStopAddress - processStartAddress, MAX_REL_ADDR); + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStartAddress + range); + if (!addr) + { + ConsoleOutput("Atelier KAGUYA5: pattern not found"); + return false; + } + + HookParam hp; + hp.address = addr + 3; + hp.offset = get_reg(regs::eax); + hp.type = USING_STRING; + hp.filter_fun = NewLineCharToSpaceFilterA; + ConsoleOutput("INSERT Atelier KAGUYA5"); + + return NewHook(hp, "Atelier KAGUYA5"); +} +bool InsertAtelierKaguyaX() +{ + // エロティ課 誘惑研修はじまるよ~ しごいちゃうから覚悟なさい! + const BYTE bytes[] = { + 0x3D, 0xF0, 0x41, 0x00, 0x00, + 0x75}; + + ULONG range = min(processStopAddress - processStartAddress, MAX_REL_ADDR); + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStartAddress + range); + if (!addr) + return false; + + addr = findfuncstart(addr, 0x1000); + if (!addr) + return false; + HookParam hp; + hp.address = addr; + hp.offset = get_stack(1); + hp.type = USING_STRING; + + return NewHook(hp, "Atelier KAGUYA3"); +} +bool Atelier::attach_function() +{ + + return InsertAtelierHook() || InsertAtelierKaguya2Hook() || InsertAtelierKaguyaX() || InsertAtelierKaguya3Hook() || InsertAtelierKaguya4Hook() || InsertAtelierKaguya5Hook(); +} + +bool Atelier2attach_function() +{ + // https://vndb.org/v304 + // ダンジョンクルセイダーズ~TALES OF DEMON EATER~ + const BYTE bytes[] = { + 0x83, 0xFE, 0x34, + 0xF6, XX, + 0x88, XX, 0x24, 0x29, + 0x7D}; + + ULONG range = min(processStopAddress - processStartAddress, MAX_REL_ADDR); + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStartAddress + range); + if (!addr) + return false; + + HookParam hp; + hp.address = addr + sizeof(bytes) - 1; + hp.offset = get_stack(10); + hp.type = USING_CHAR | NO_CONTEXT; + // NO_CONTEXT: + // 牝奴隷 ~犯された放課後~ + // https://vndb.org/v4351会把每行单独分开。 + return NewHook(hp, "Atelier KAGUYA3"); +} + +bool Atelier2attach_function2() +{ + // https://vndb.org/v7264 + // 禁断の病棟 特殊精神科医 遊佐惣介の診察記録 + auto addr = MemDbg::findCallerAddressAfterInt3((ULONG)TextOutA, processStartAddress, processStopAddress); + if (addr == 0) + return 0; + HookParam hp; + hp.address = addr; + hp.offset = get_stack(3); + hp.type = USING_STRING | DATA_INDIRECT; + + return NewHook(hp, "Atelier KAGUYA"); +} +bool Atelier2::attach_function() +{ + return Atelier2attach_function() || Atelier2attach_function2(); +} \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine32/Atelier.h b/cpp/LunaHook/LunaHook/engine32/Atelier.h new file mode 100644 index 00000000..959fc8b0 --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/Atelier.h @@ -0,0 +1,29 @@ + + +class Atelier : public ENGINE +{ +public: + Atelier() + { + + check_by = CHECK_BY::FILE; + check_by_target = L"message.dat"; + }; + bool attach_function(); +}; + +class Atelier2 : public ENGINE +{ +public: + Atelier2() + { + + check_by = CHECK_BY::CUSTOM; + check_by_target = []() + { + return (Util::CheckFile(L"*.ARC") && Util::CheckFile(L"*.ARI")) || + (Util::CheckFile(L"ARC\\*.ARC") && Util::CheckFile(L"ARC\\*.ARI")); + }; + }; + bool attach_function(); +}; \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine32/BGI.cpp b/cpp/LunaHook/LunaHook/engine32/BGI.cpp new file mode 100644 index 00000000..c4905532 --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/BGI.cpp @@ -0,0 +1,1710 @@ +#include "BGI.h" +/******************************************************************************************** +BGI hook: + Usually game folder contains BGI.*. After first run BGI.gdb appears. + + BGI engine has font caching issue so the strategy is simple. + First find call to TextOutA or TextOutW then reverse to function entry point, + until full text is caught. + After 2 tries we will get to the right place. Use ESP value to split text since + it's likely to be different for different calls. +********************************************************************************************/ +namespace +{ // unnamed +#if 0 // jichi 12/28/2013: dynamic BGI is not used +static bool FindBGIHook(DWORD fun, DWORD size, DWORD pt, WORD sig) +{ + if (!fun) { + ConsoleOutput("BGI: cannot find BGI hook"); + //swprintf(str, L"Can't find BGI hook: %.8X.",fun); + //ConsoleOutput(str); + return false; + } + //WCHAR str[0x40]; + //i=FindCallBoth(fun,size,pt); + + //swprintf(str, L"CALL addr: 0x%.8X",pt+i); + //ConsoleOutput(str); + for (DWORD i = fun, j = fun; j > i - 0x100; j--) + if ((*(WORD *)(pt + j)) == sig) { // Fun entry 1. + //swprintf(str, L"Entry 1: 0x%.8X",pt+j); + //ConsoleOutput(str); + for (DWORD k = i + 0x100; k < i+0x800; k++) + if (*(BYTE *)(pt + k) == 0xe8) + if (k + 5 + *(DWORD *)(pt + k + 1) == j) { // Find call to fun1. + //swprintf(str, L"CALL to entry 1: 0x%.8X",pt+k); + //ConsoleOutput(str); + for (DWORD l = k; l > k - 0x100;l--) + if ((*(WORD *)(pt + l)) == 0xec83) { // Fun entry 2. + //swprintf(str, L"Entry 2(final): 0x%.8X",pt+l); + //ConsoleOutput(str); + HookParam hp; + hp.address = (DWORD)pt + l; + hp.offset=get_stack(2); + hp.split =get_reg(regs::esp); + hp.type = CODEC_ANSI_BE|USING_SPLIT; + ConsoleOutput("INSERT DynamicBGI"); + + return NewHook(hp, "BGI"); + } + } + } + ConsoleOutput("DynamicBGI: failed"); + return false; +} +bool InsertBGIDynamicHook(LPVOID addr, DWORD frame, DWORD stack) +{ + if (addr != TextOutA && addr != TextOutW) { + //ConsoleOutput("DynamicBGI: failed"); + return false; + } + + DWORD i = *(DWORD *)(stack + 4) - processStartAddress; + return FindBGIHook(i, processStopAddress - processStartAddress, processStartAddress, 0xec83); +} +#endif // 0 + + /** jichi 5/12/2014 + * Sample game: FORTUNE ARTERIAL, case 2 at 0x41ebd0 + * + * sub_41EBD0 proc near, seems to take 5 parameters + * + * 0041ebd0 /$ 83ec 28 sub esp,0x28 ; jichi: hook here, beginning of the function + * 0041ebd3 |. 55 push ebp + * 0041ebd4 |. 8b6c24 38 mov ebp,dword ptr ss:[esp+0x38] + * 0041ebd8 |. 81fd 00ff0000 cmp ebp,0xff00 + * 0041ebde |. 0f82 e1000000 jb bgi.0041ecc5 + * 0041ebe4 |. 81fd ffff0000 cmp ebp,0xffff + * 0041ebea |. 0f87 d5000000 ja bgi.0041ecc5 + * 0041ebf0 |. a1 54634900 mov eax,dword ptr ds:[0x496354] + * 0041ebf5 |. 8bd5 mov edx,ebp + * 0041ebf7 |. 81e2 ff000000 and edx,0xff + * 0041ebfd |. 53 push ebx + * 0041ebfe |. 4a dec edx + * 0041ebff |. 33db xor ebx,ebx + * 0041ec01 |. 3bd0 cmp edx,eax + * 0041ec03 |. 56 push esi + * 0041ec04 |. 0f8d 8a000000 jge bgi.0041ec94 + * 0041ec0a |. 57 push edi + * 0041ec0b |. b9 06000000 mov ecx,0x6 + * 0041ec10 |. be 5c634900 mov esi,bgi.0049635c + * 0041ec15 |. 8d7c24 20 lea edi,dword ptr ss:[esp+0x20] + * 0041ec19 |. f3:a5 rep movs dword ptr es:[edi],dword ptr ds> + * 0041ec1b |. 8b0d 58634900 mov ecx,dword ptr ds:[0x496358] + * 0041ec21 |. 8b7424 3c mov esi,dword ptr ss:[esp+0x3c] + * 0041ec25 |. 8bc1 mov eax,ecx + * 0041ec27 |. 5f pop edi + * 0041ec28 |. 0fafc2 imul eax,edx + * 0041ec2b |. 8b56 08 mov edx,dword ptr ds:[esi+0x8] + * 0041ec2e |. 894424 0c mov dword ptr ss:[esp+0xc],eax + * 0041ec32 |. 3bca cmp ecx,edx + * 0041ec34 |. 7e 02 jle short bgi.0041ec38 + * 0041ec36 |. 8bca mov ecx,edx + * 0041ec38 |> 8d4401 ff lea eax,dword ptr ds:[ecx+eax-0x1] + * 0041ec3c |. 8b4c24 28 mov ecx,dword ptr ss:[esp+0x28] + * 0041ec40 |. 894424 14 mov dword ptr ss:[esp+0x14],eax + * 0041ec44 |. 8b46 0c mov eax,dword ptr ds:[esi+0xc] + * 0041ec47 |. 3bc8 cmp ecx,eax + * 0041ec49 |. 895c24 10 mov dword ptr ss:[esp+0x10],ebx + * 0041ec4d |. 77 02 ja short bgi.0041ec51 + * 0041ec4f |. 8bc1 mov eax,ecx + * 0041ec51 |> 8d4c24 0c lea ecx,dword ptr ss:[esp+0xc] + * 0041ec55 |. 8d5424 1c lea edx,dword ptr ss:[esp+0x1c] + * 0041ec59 |. 48 dec eax + * 0041ec5a |. 51 push ecx + * 0041ec5b |. 52 push edx + * 0041ec5c |. 894424 20 mov dword ptr ss:[esp+0x20],eax + * 0041ec60 |. e8 7b62feff call bgi.00404ee0 + * 0041ec65 |. 8b4424 34 mov eax,dword ptr ss:[esp+0x34] + * 0041ec69 |. 83c4 08 add esp,0x8 + * 0041ec6c |. 83f8 03 cmp eax,0x3 + * 0041ec6f |. 75 15 jnz short bgi.0041ec86 + * 0041ec71 |. 8b4424 48 mov eax,dword ptr ss:[esp+0x48] + * 0041ec75 |. 8d4c24 1c lea ecx,dword ptr ss:[esp+0x1c] + * 0041ec79 |. 50 push eax + * 0041ec7a |. 51 push ecx + * 0041ec7b |. 56 push esi + * 0041ec7c |. e8 1fa0feff call bgi.00408ca0 + */ + bool InsertBGI1Hook() + { + union + { + DWORD i; + DWORD *id; + BYTE *ib; + }; + HookParam hp; + for (i = processStartAddress + 0x1000; i < processStopAddress; i++) + { + if (ib[0] == 0x3d) + { + i++; + if (id[0] == 0xffff) + { // cmp eax,0xffff + hp.address = SafeFindEnclosingAlignedFunction(i, 0x40); + if (hp.address) + { + hp.offset = get_stack(3); + hp.split = get_reg(regs::esp); + hp.type = CODEC_ANSI_BE | USING_SPLIT; + ConsoleOutput("INSERT BGI#1"); + + // RegisterEngineType(ENGINE_BGI); + return NewHook(hp, "BGI"); + } + } + } + if (ib[0] == 0x81 && ((ib[1] & 0xf8) == 0xf8)) + { + i += 2; + if (id[0] == 0xffff) + { // cmp reg,0xffff + hp.address = SafeFindEnclosingAlignedFunction(i, 0x40); + if (hp.address) + { + hp.offset = get_stack(3); + hp.split = get_reg(regs::esp); + hp.type = CODEC_ANSI_BE | USING_SPLIT; + ConsoleOutput("INSERT BGI#2"); + + // RegisterEngineType(ENGINE_BGI); + return NewHook(hp, "BGI"); + } + } + } + } + // ConsoleOutput("Unknown BGI engine."); + + // ConsoleOutput("Probably BGI. Wait for text."); + // SwitchTrigger(true); + // trigger_fun=InsertBGIDynamicHook; + ConsoleOutput("BGI: failed"); + return false; + } + + /** + * jichi 2/5/2014: Add an alternative BGI hook + * + * Issue: This hook cannot extract character name for コトバの消えた日 + * + * See: http://tieba.baidu.com/p/2845113296 + * 世界と世界の真ん中で + * - /HSN4@349E0:sekachu.exe // Disabled BGI3, floating split char + * - /HS-1C:-4@68E56 // Not used, cannot detect character name + * - /HSC@34C80:sekachu.exe // BGI2, extract both scenario and character names + * + * [Lump of Sugar] 世界と世界の真ん中で + * /HSC@34C80:sekachu.exe + * - addr: 216192 = 0x34c80 + * - module: 3599131534 + * - off: 12 = 0xc + * - type: 65 = 0x41 + * + * base: 0x11a0000 + * hook_addr = base + addr = 0x11d4c80 + * + * 011d4c7e cc int3 + * 011d4c7f cc int3 + * 011d4c80 /$ 55 push ebp ; jichi: hook here + * 011d4c81 |. 8bec mov ebp,esp + * 011d4c83 |. 6a ff push -0x1 + * 011d4c85 |. 68 e6592601 push sekachu.012659e6 + * 011d4c8a |. 64:a1 00000000 mov eax,dword ptr fs:[0] + * 011d4c90 |. 50 push eax + * 011d4c91 |. 81ec 300d0000 sub esp,0xd30 + * 011d4c97 |. a1 d8c82801 mov eax,dword ptr ds:[0x128c8d8] + * 011d4c9c |. 33c5 xor eax,ebp + * 011d4c9e |. 8945 f0 mov dword ptr ss:[ebp-0x10],eax + * 011d4ca1 |. 53 push ebx + * 011d4ca2 |. 56 push esi + * 011d4ca3 |. 57 push edi + * 011d4ca4 |. 50 push eax + * 011d4ca5 |. 8d45 f4 lea eax,dword ptr ss:[ebp-0xc] + * 011d4ca8 |. 64:a3 00000000 mov dword ptr fs:[0],eax + * 011d4cae |. 8b4d 0c mov ecx,dword ptr ss:[ebp+0xc] + * 011d4cb1 |. 8b55 18 mov edx,dword ptr ss:[ebp+0x18] + * 011d4cb4 |. 8b45 08 mov eax,dword ptr ss:[ebp+0x8] + * 011d4cb7 |. 8b5d 10 mov ebx,dword ptr ss:[ebp+0x10] + * 011d4cba |. 8b7d 38 mov edi,dword ptr ss:[ebp+0x38] + * 011d4cbd |. 898d d8f3ffff mov dword ptr ss:[ebp-0xc28],ecx + * 011d4cc3 |. 8b4d 28 mov ecx,dword ptr ss:[ebp+0x28] + * 011d4cc6 |. 8995 9cf3ffff mov dword ptr ss:[ebp-0xc64],edx + * 011d4ccc |. 51 push ecx + * 011d4ccd |. 8b0d 305c2901 mov ecx,dword ptr ds:[0x1295c30] + * 011d4cd3 |. 8985 e0f3ffff mov dword ptr ss:[ebp-0xc20],eax + * 011d4cd9 |. 8b45 1c mov eax,dword ptr ss:[ebp+0x1c] + * 011d4cdc |. 8d95 4cf4ffff lea edx,dword ptr ss:[ebp-0xbb4] + * 011d4ce2 |. 52 push edx + * 011d4ce3 |. 899d 40f4ffff mov dword ptr ss:[ebp-0xbc0],ebx + * 011d4ce9 |. 8985 1cf4ffff mov dword ptr ss:[ebp-0xbe4],eax + * 011d4cef |. 89bd f0f3ffff mov dword ptr ss:[ebp-0xc10],edi + * 011d4cf5 |. e8 862efdff call sekachu.011a7b80 + * 011d4cfa |. 33c9 xor ecx,ecx + * 011d4cfc |. 8985 60f3ffff mov dword ptr ss:[ebp-0xca0],eax + * 011d4d02 |. 3bc1 cmp eax,ecx + * 011d4d04 |. 0f84 0f1c0000 je sekachu.011d6919 + * 011d4d0a |. e8 31f6ffff call sekachu.011d4340 + * 011d4d0f |. e8 6cf8ffff call sekachu.011d4580 + * 011d4d14 |. 8985 64f3ffff mov dword ptr ss:[ebp-0xc9c],eax + * 011d4d1a |. 8a03 mov al,byte ptr ds:[ebx] + * 011d4d1c |. 898d 90f3ffff mov dword ptr ss:[ebp-0xc70],ecx + * 011d4d22 |. 898d 14f4ffff mov dword ptr ss:[ebp-0xbec],ecx + * 011d4d28 |. 898d 38f4ffff mov dword ptr ss:[ebp-0xbc8],ecx + * 011d4d2e |. 8d71 01 lea esi,dword ptr ds:[ecx+0x1] + * 011d4d31 |. 3c 20 cmp al,0x20 ; jichi: pattern starts + * 011d4d33 |. 7d 75 jge short sekachu.011d4daa + * 011d4d35 |. 0fbec0 movsx eax,al + * 011d4d38 |. 83c0 fe add eax,-0x2 ; switch (cases 2..8) + * 011d4d3b |. 83f8 06 cmp eax,0x6 + * 011d4d3e |. 77 6a ja short sekachu.011d4daa + * 011d4d40 |. ff2485 38691d0>jmp dword ptr ds:[eax*4+0x11d6938] + * + * 蒼の彼方 体験版 (8/6/2014) + * 01312cce cc int3 ; jichi: reladdr = 0x32cd0 + * 01312ccf cc int3 + * 01312cd0 $ 55 push ebp + * 01312cd1 . 8bec mov ebp,esp + * 01312cd3 . 83e4 f8 and esp,0xfffffff8 + * 01312cd6 . 6a ff push -0x1 + * 01312cd8 . 68 86583a01 push 蒼の彼方.013a5886 + * 01312cdd . 64:a1 00000000 mov eax,dword ptr fs:[0] + * 01312ce3 . 50 push eax + * 01312ce4 . 81ec 38090000 sub esp,0x938 + * 01312cea . a1 24673c01 mov eax,dword ptr ds:[0x13c6724] + * 01312cef . 33c4 xor eax,esp + * 01312cf1 . 898424 3009000>mov dword ptr ss:[esp+0x930],eax + * 01312cf8 . 53 push ebx + * 01312cf9 . 56 push esi + * 01312cfa . 57 push edi + * 01312cfb . a1 24673c01 mov eax,dword ptr ds:[0x13c6724] + * 01312d00 . 33c4 xor eax,esp + * 01312d02 . 50 push eax + * 01312d03 . 8d8424 4809000>lea eax,dword ptr ss:[esp+0x948] + * 01312d0a . 64:a3 00000000 mov dword ptr fs:[0],eax + * 01312d10 . 8b45 08 mov eax,dword ptr ss:[ebp+0x8] + * 01312d13 . 8b7d 0c mov edi,dword ptr ss:[ebp+0xc] + * 01312d16 . 8b5d 30 mov ebx,dword ptr ss:[ebp+0x30] + * 01312d19 . 898424 8800000>mov dword ptr ss:[esp+0x88],eax + * 01312d20 . 8b45 14 mov eax,dword ptr ss:[ebp+0x14] + * 01312d23 . 898c24 8c00000>mov dword ptr ss:[esp+0x8c],ecx + * 01312d2a . 8b0d a8734a01 mov ecx,dword ptr ds:[0x14a73a8] + * 01312d30 . 894424 4c mov dword ptr ss:[esp+0x4c],eax + * 01312d34 . 899424 bc00000>mov dword ptr ss:[esp+0xbc],edx + * 01312d3b . 8b55 20 mov edx,dword ptr ss:[ebp+0x20] + * 01312d3e . 51 push ecx ; /arg1 => 00000000 + * 01312d3f . 8d8424 0c02000>lea eax,dword ptr ss:[esp+0x20c] ; | + * 01312d46 . 897c24 34 mov dword ptr ss:[esp+0x34],edi ; | + * 01312d4a . 899c24 8800000>mov dword ptr ss:[esp+0x88],ebx ; | + * 01312d51 . e8 ca59fdff call 蒼の彼方.012e8720 ; \蒼の彼方.012e8720 + * 01312d56 . 33c9 xor ecx,ecx + * 01312d58 . 898424 f400000>mov dword ptr ss:[esp+0xf4],eax + * 01312d5f . 3bc1 cmp eax,ecx + * 01312d61 . 0f84 391b0000 je 蒼の彼方.013148a0 + * 01312d67 . e8 54280000 call 蒼の彼方.013155c0 + * 01312d6c . e8 7f2a0000 call 蒼の彼方.013157f0 + * 01312d71 . 898424 f800000>mov dword ptr ss:[esp+0xf8],eax + * 01312d78 . 8a07 mov al,byte ptr ds:[edi] + * 01312d7a . 898c24 c400000>mov dword ptr ss:[esp+0xc4],ecx + * 01312d81 . 894c24 2c mov dword ptr ss:[esp+0x2c],ecx + * 01312d85 . 894c24 1c mov dword ptr ss:[esp+0x1c],ecx + * 01312d89 . b9 01000000 mov ecx,0x1 + * 01312d8e . 3c 20 cmp al,0x20 ; jichi: pattern starts + * 01312d90 . 7d 58 jge short 蒼の彼方.01312dea + * 01312d92 . 0fbec0 movsx eax,al + * 01312d95 . 83c0 fe add eax,-0x2 ; switch (cases 2..8) + * 01312d98 . 83f8 06 cmp eax,0x6 + * 01312d9b . 77 4d ja short 蒼の彼方.01312dea + * 01312d9d . ff2485 c448310>jmp dword ptr ds:[eax*4+0x13148c4] + * 01312da4 > 898c24 c400000>mov dword ptr ss:[esp+0xc4],ecx ; case 2 of switch 01312d95 + * 01312dab . 03f9 add edi,ecx + * 01312dad . eb 37 jmp short 蒼の彼方.01312de6 + * 01312daf > 894c24 2c mov dword ptr ss:[esp+0x2c],ecx ; case 3 of switch 01312d95 + * 01312db3 . 03f9 add edi,ecx + * 01312db5 . eb 2f jmp short 蒼の彼方.01312de6 + * 01312db7 > ba e0103b01 mov edx,蒼の彼方.013b10e0 ; case 4 of switch 01312d95 + * 01312dbc . eb 1a jmp short 蒼の彼方.01312dd8 + * 01312dbe > ba e4103b01 mov edx,蒼の彼方.013b10e4 ; case 5 of switch 01312d95 + * 01312dc3 . eb 13 jmp short 蒼の彼方.01312dd8 + * 01312dc5 > ba e8103b01 mov edx,蒼の彼方.013b10e8 ; case 6 of switch 01312d95 + * 01312dca . eb 0c jmp short 蒼の彼方.01312dd8 + * 01312dcc > ba ec103b01 mov edx,蒼の彼方.013b10ec ; case 7 of switch 01312d95 + * 01312dd1 . eb 05 jmp short 蒼の彼方.01312dd8 + * 01312dd3 > ba f0103b01 mov edx,蒼の彼方.013b10f0 ; case 8 of switch 01312d95 + * 01312dd8 > 8d7424 14 lea esi,dword ptr ss:[esp+0x14] + * 01312ddc . 894c24 1c mov dword ptr ss:[esp+0x1c],ecx + * 01312de0 . e8 1b8dffff call 蒼の彼方.0130bb00 + * 01312de5 . 47 inc edi + * 01312de6 > 897c24 30 mov dword ptr ss:[esp+0x30],edi + * 01312dea > 8d8424 0802000>lea eax,dword ptr ss:[esp+0x208] ; default case of switch 01312d95 + * 01312df1 . e8 ba1b0000 call 蒼の彼方.013149b0 + * 01312df6 . 837d 10 00 cmp dword ptr ss:[ebp+0x10],0x0 + * 01312dfa . 8bb424 2802000>mov esi,dword ptr ss:[esp+0x228] + * 01312e01 . 894424 5c mov dword ptr ss:[esp+0x5c],eax + * 01312e05 . 74 12 je short 蒼の彼方.01312e19 + * 01312e07 . 56 push esi ; /arg1 + * 01312e08 . e8 c31b0000 call 蒼の彼方.013149d0 ; \蒼の彼方.013149d0 + * 01312e0d . 83c4 04 add esp,0x4 + * 01312e10 . 898424 c000000>mov dword ptr ss:[esp+0xc0],eax + * 01312e17 . eb 0b jmp short 蒼の彼方.01312e24 + * 01312e19 > c78424 c000000>mov dword ptr ss:[esp+0xc0],0x0 + * 01312e24 > 8b4b 04 mov ecx,dword ptr ds:[ebx+0x4] + * 01312e27 . 0fafce imul ecx,esi + * 01312e2a . b8 1f85eb51 mov eax,0x51eb851f + * 01312e2f . f7e9 imul ecx + * 01312e31 . c1fa 05 sar edx,0x5 + * 01312e34 . 8bca mov ecx,edx + * 01312e36 . c1e9 1f shr ecx,0x1f + * 01312e39 . 03ca add ecx,edx + * 01312e3b . 894c24 70 mov dword ptr ss:[esp+0x70],ecx + * 01312e3f . 85c9 test ecx,ecx + * 01312e41 . 7f 09 jg short 蒼の彼方.01312e4c + * 01312e43 . b9 01000000 mov ecx,0x1 + * 01312e48 . 894c24 70 mov dword ptr ss:[esp+0x70],ecx + * 01312e4c > 8b53 08 mov edx,dword ptr ds:[ebx+0x8] + * 01312e4f . 0fafd6 imul edx,esi + * 01312e52 . b8 1f85eb51 mov eax,0x51eb851f + * 01312e57 . f7ea imul edx + * 01312e59 . c1fa 05 sar edx,0x5 + * 01312e5c . 8bc2 mov eax,edx + * 01312e5e . c1e8 1f shr eax,0x1f + * 01312e61 . 03c2 add eax,edx + * 01312e63 . 894424 78 mov dword ptr ss:[esp+0x78],eax + * 01312e67 . 85c0 test eax,eax + * 01312e69 . 7f 09 jg short 蒼の彼方.01312e74 + * 01312e6b . b8 01000000 mov eax,0x1 + * 01312e70 . 894424 78 mov dword ptr ss:[esp+0x78],eax + * 01312e74 > 33d2 xor edx,edx + * 01312e76 . 895424 64 mov dword ptr ss:[esp+0x64],edx + * 01312e7a . 895424 6c mov dword ptr ss:[esp+0x6c],edx + * 01312e7e . 8b13 mov edx,dword ptr ds:[ebx] + * 01312e80 . 4a dec edx ; switch (cases 1..2) + * 01312e81 . 74 0e je short 蒼の彼方.01312e91 + * 01312e83 . 4a dec edx + * 01312e84 . 75 13 jnz short 蒼の彼方.01312e99 + * 01312e86 . 8d1409 lea edx,dword ptr ds:[ecx+ecx] ; case 2 of switch 01312e80 + * 01312e89 . 895424 64 mov dword ptr ss:[esp+0x64],edx + * 01312e8d . 03c0 add eax,eax + * 01312e8f . eb 04 jmp short 蒼の彼方.01312e95 + * 01312e91 > 894c24 64 mov dword ptr ss:[esp+0x64],ecx ; case 1 of switch 01312e80 + * 01312e95 > 894424 6c mov dword ptr ss:[esp+0x6c],eax + * 01312e99 > 8b9c24 3802000>mov ebx,dword ptr ss:[esp+0x238] ; default case of switch 01312e80 + * 01312ea0 . 8bc3 mov eax,ebx + * 01312ea2 . e8 d98bffff call 蒼の彼方.0130ba80 + * 01312ea7 . 8bc8 mov ecx,eax + * 01312ea9 . 8bc3 mov eax,ebx + * 01312eab . e8 e08bffff call 蒼の彼方.0130ba90 + * 01312eb0 . 6a 01 push 0x1 ; /arg1 = 00000001 + * 01312eb2 . 8bd0 mov edx,eax ; | + * 01312eb4 . 8db424 1c01000>lea esi,dword ptr ss:[esp+0x11c] ; | + * 01312ebb . e8 3056fdff call 蒼の彼方.012e84f0 ; \蒼の彼方.012e84f0 + * 01312ec0 . 8bc7 mov eax,edi + * 01312ec2 . 83c4 04 add esp,0x4 + * 01312ec5 . 8d70 01 lea esi,dword ptr ds:[eax+0x1] + * 01312ec8 > 8a08 mov cl,byte ptr ds:[eax] + * 01312eca . 40 inc eax + * 01312ecb . 84c9 test cl,cl + * 01312ecd .^75 f9 jnz short 蒼の彼方.01312ec8 + * 01312ecf . 2bc6 sub eax,esi + * 01312ed1 . 40 inc eax + * 01312ed2 . 50 push eax + * 01312ed3 . e8 e74c0600 call 蒼の彼方.01377bbf + * 01312ed8 . 33f6 xor esi,esi + * 01312eda . 83c4 04 add esp,0x4 + * + * 1/1/2016 + * コドモノアソビ trial + * + * 00A64259 CC INT3 + * 00A6425A CC INT3 + * 00A6425B CC INT3 + * 00A6425C CC INT3 + * 00A6425D CC INT3 + * 00A6425E CC INT3 + * 00A6425F CC INT3 + * 00A64260 55 PUSH EBP + * 00A64261 8BEC MOV EBP,ESP + * 00A64263 83E4 F8 AND ESP,0xFFFFFFF8 + * 00A64266 6A FF PUSH -0x1 + * 00A64268 68 D610B000 PUSH .00B010D6 + * 00A6426D 64:A1 00000000 MOV EAX,DWORD PTR FS:[0] + * 00A64273 50 PUSH EAX + * 00A64274 81EC 40090000 SUB ESP,0x940 + * 00A6427A A1 2417B200 MOV EAX,DWORD PTR DS:[0xB21724] + * 00A6427F 33C4 XOR EAX,ESP + * 00A64281 898424 38090000 MOV DWORD PTR SS:[ESP+0x938],EAX + * 00A64288 53 PUSH EBX + * 00A64289 56 PUSH ESI + * 00A6428A 57 PUSH EDI + * 00A6428B A1 2417B200 MOV EAX,DWORD PTR DS:[0xB21724] + * 00A64290 33C4 XOR EAX,ESP + * 00A64292 50 PUSH EAX + * 00A64293 8D8424 50090000 LEA EAX,DWORD PTR SS:[ESP+0x950] + * 00A6429A 64:A3 00000000 MOV DWORD PTR FS:[0],EAX + * 00A642A0 8B45 08 MOV EAX,DWORD PTR SS:[EBP+0x8] + * 00A642A3 8B7D 0C MOV EDI,DWORD PTR SS:[EBP+0xC] + * 00A642A6 8B5D 30 MOV EBX,DWORD PTR SS:[EBP+0x30] + * 00A642A9 894424 50 MOV DWORD PTR SS:[ESP+0x50],EAX + * 00A642AD 8B45 14 MOV EAX,DWORD PTR SS:[EBP+0x14] + * 00A642B0 894C24 74 MOV DWORD PTR SS:[ESP+0x74],ECX + * 00A642B4 8B0D A024B800 MOV ECX,DWORD PTR DS:[0xB824A0] + * 00A642BA 894424 4C MOV DWORD PTR SS:[ESP+0x4C],EAX + * 00A642BE 899424 B8000000 MOV DWORD PTR SS:[ESP+0xB8],EDX + * 00A642C5 8B55 20 MOV EDX,DWORD PTR SS:[EBP+0x20] + * 00A642C8 51 PUSH ECX + * 00A642C9 8D8424 14020000 LEA EAX,DWORD PTR SS:[ESP+0x214] + * 00A642D0 897C24 2C MOV DWORD PTR SS:[ESP+0x2C],EDI + * 00A642D4 899C24 88000000 MOV DWORD PTR SS:[ESP+0x88],EBX + * 00A642DB E8 504CFDFF CALL .00A38F30 + * 00A642E0 33C9 XOR ECX,ECX + * 00A642E2 898424 F8000000 MOV DWORD PTR SS:[ESP+0xF8],EAX + * 00A642E9 3BC1 CMP EAX,ECX + * 00A642EB 0F84 391C0000 JE .00A65F2A + * 00A642F1 E8 FA2A0000 CALL .00A66DF0 + * 00A642F6 E8 252D0000 CALL .00A67020 + * 00A642FB 898424 FC000000 MOV DWORD PTR SS:[ESP+0xFC],EAX + * 00A64302 8A07 MOV AL,BYTE PTR DS:[EDI] + * 00A64304 898C24 CC000000 MOV DWORD PTR SS:[ESP+0xCC],ECX + * 00A6430B 894C24 30 MOV DWORD PTR SS:[ESP+0x30],ECX + * 00A6430F 894C24 1C MOV DWORD PTR SS:[ESP+0x1C],ECX + * 00A64313 B9 01000000 MOV ECX,0x1 + * 00A64318 3C 20 CMP AL,0x20 ; jichi: pattern found here + * 00A6431A 7D 58 JGE SHORT .00A64374 + * 00A6431C 0FBEC0 MOVSX EAX,AL + * 00A6431F 83C0 FE ADD EAX,-0x2 + * 00A64322 83F8 06 CMP EAX,0x6 + * 00A64325 77 4D JA SHORT .00A64374 + * 00A64327 FF2485 505FA600 JMP DWORD PTR DS:[EAX*4+0xA65F50] + * 00A6432E 898C24 CC000000 MOV DWORD PTR SS:[ESP+0xCC],ECX + * 00A64335 03F9 ADD EDI,ECX + * 00A64337 EB 37 JMP SHORT .00A64370 + * 00A64339 894C24 30 MOV DWORD PTR SS:[ESP+0x30],ECX + * 00A6433D 03F9 ADD EDI,ECX + * 00A6433F EB 2F JMP SHORT .00A64370 + * 00A64341 BA E0C1B000 MOV EDX,.00B0C1E0 + * 00A64346 EB 1A JMP SHORT .00A64362 + * 00A64348 BA E4C1B000 MOV EDX,.00B0C1E4 + * 00A6434D EB 13 JMP SHORT .00A64362 + * 00A6434F BA E8C1B000 MOV EDX,.00B0C1E8 + * 00A64354 EB 0C JMP SHORT .00A64362 + * 00A64356 BA ECC1B000 MOV EDX,.00B0C1EC + * 00A6435B EB 05 JMP SHORT .00A64362 + * 00A6435D BA F0C1B000 MOV EDX,.00B0C1F0 + * 00A64362 8D7424 14 LEA ESI,DWORD PTR SS:[ESP+0x14] + * 00A64366 894C24 1C MOV DWORD PTR SS:[ESP+0x1C],ECX + * 00A6436A E8 A196FFFF CALL .00A5DA10 + * 00A6436F 47 INC EDI + * 00A64370 897C24 28 MOV DWORD PTR SS:[ESP+0x28],EDI + * 00A64374 8D8424 10020000 LEA EAX,DWORD PTR SS:[ESP+0x210] + * 00A6437B E8 C01C0000 CALL .00A66040 + * 00A64380 837D 10 00 CMP DWORD PTR SS:[EBP+0x10],0x0 + * 00A64384 8BB424 30020000 MOV ESI,DWORD PTR SS:[ESP+0x230] + * 00A6438B 894424 60 MOV DWORD PTR SS:[ESP+0x60],EAX + * 00A6438F 74 12 JE SHORT .00A643A3 + * 00A64391 56 PUSH ESI + * 00A64392 E8 C91C0000 CALL .00A66060 + * 00A64397 83C4 04 ADD ESP,0x4 + * 00A6439A 898424 C4000000 MOV DWORD PTR SS:[ESP+0xC4],EAX + * 00A643A1 EB 0B JMP SHORT .00A643AE + * 00A643A3 C78424 C4000000 >MOV DWORD PTR SS:[ESP+0xC4],0x0 + * 00A643AE 8B4B 04 MOV ECX,DWORD PTR DS:[EBX+0x4] + * 00A643B1 0FAFCE IMUL ECX,ESI + * 00A643B4 B8 1F85EB51 MOV EAX,0x51EB851F + * 00A643B9 F7E9 IMUL ECX + * 00A643BB C1FA 05 SAR EDX,0x5 + * 00A643BE 8BCA MOV ECX,EDX + * 00A643C0 C1E9 1F SHR ECX,0x1F + * 00A643C3 03CA ADD ECX,EDX + * 00A643C5 898C24 94000000 MOV DWORD PTR SS:[ESP+0x94],ECX + * 00A643CC 85C9 TEST ECX,ECX + * 00A643D0 B9 01000000 MOV ECX,0x1 + * ... + */ + // static inline size_t _bgistrlen(LPCSTR text) + //{ + // size_t r = ::strlen(text); + // if (r >=2 && *(WORD *)(text + r - 2) == 0xa581) // remove trailing ▼ = \x81\xa5 + // r -= 2; + // return r; + // } + // + // static void SpecialHookBGI2(hook_stack* stack, HookParam *hp, uintptr_t *data, uintptr_t *split, size_t*len) + //{ + // LPCSTR text = (LPCSTR)*(DWORD *)(esp_base + hp->offset); + // if (text) { + // *data = (DWORD)text; + // *len = _bgistrlen(text); + // } + // } + namespace Private + { + enum + { + Type1 = 1, + Type2, + Type3, + Type_BGI3 + } type_; + int textIndex_; // the i-th of argument on the stack holding the text + void hookBefore(hook_stack *s, HookParam *hp, TextBuffer *buffer, uintptr_t *role) + { + if (type_ == Type_BGI3) + { + + DWORD retaddr = s->stack[0]; // retaddr + *role = Engine::ScenarioRole; + buffer->from_cs((LPCSTR)s->stack[textIndex_]); + return; + } + + static std::string data_; // persistent storage, which makes this function not thread-safe + + LPCSTR text = (LPCSTR)s->stack[textIndex_]; // arg2 or arg3 + if (!text || !*text) + return; + // In Type 1, split = arg8 + // In Type 2, there is no arg8. However, arg8 seems to be a good split that can differenciate choice and character name + // DWORD split = stack->args[3]; // arg4 + // DWORD split = s->stack[8]; // arg8 + // auto sig = Engine::hashThreadSignature(s->stack[0], split); + // enum { role = Engine::UnknownRole }; + + // DWORD split = s->stack[8]; // this is a good split, but usually game-specific + DWORD retaddr = s->stack[0]; // retaddr + //* role = Engine::OtherRole; + switch (type_) + { + + case Type3: + switch (s->stack[textIndex_ + 1]) + { + case 1: + if (*(WORD *)(retaddr + 8) == 0xcccc) // two int3 + *role = Engine::ScenarioRole; + break; + case 0: + if (s->stack[10] == 0x00ffffff && s->stack[10 - 3] == 1 || // for old BGI2 games + s->stack[10] == 0 && s->stack[10 - 1] == 0 && s->stack[10 - 2] == 0) // for new BGI2 games + *role = Engine::NameRole; + break; + } + break; + case Type2: + switch (s->stack[textIndex_ + 1]) + { + case 1: + // Return address for history text + // 012B37BA 83C4 34 ADD ESP,0x34 + // 012B37BD 837D 24 00 CMP DWORD PTR SS:[EBP+0x24],0x0 + if (*(WORD *)(retaddr + 3) != 0x7d83) + *role = Engine::ScenarioRole; + break; + case 0: + if (s->stack[12] == 0x00ffffff && s->stack[12 - 3] == 2) + *role = Engine::NameRole; + break; + } + break; + case Type1: + switch (s->stack[textIndex_ + 1]) + { + case 1: + *role = Engine::ScenarioRole; + break; + case 0: + if (s->stack[12] == 0x00ffffff && s->stack[12 - 3] == 1) + *role = Engine::NameRole; + break; + } + break; + } + + buffer->from_cs((LPCSTR)s->stack[textIndex_]); + } + + } + + /** + * 5/12/2014 + * This is the caller of the ITH BGI hook, which extract text by characters + * and cannot be used for substition. + * + * Sample game: 世界征服彼女 + * ITH hooked function: BGI#2 0x425550, called by 0x427450 + * + * 00427450 /$ 6a ff push -0x1 ; jichi: function starts + * 00427452 |. 68 78634900 push sekajyo_.00496378 ; se handler installation + * 00427457 |. 64:a1 00000000 mov eax,dword ptr fs:[0] + * 0042745d |. 50 push eax + * 0042745e |. 64:8925 000000>mov dword ptr fs:[0],esp + * 00427465 |. 81ec d80c0000 sub esp,0xcd8 + * 0042746b |. 8b8424 080d000>mov eax,dword ptr ss:[esp+0xd08] + * 00427472 |. 56 push esi + * 00427473 |. 8d8c24 3801000>lea ecx,dword ptr ss:[esp+0x138] + * 0042747a |. 50 push eax + * 0042747b |. 51 push ecx + * 0042747c |. 8b0d e0464b00 mov ecx,dword ptr ds:[0x4b46e0] + * 00427482 |. e8 f9fdfdff call sekajyo_.00407280 + * 00427487 |. 33f6 xor esi,esi + * 00427489 |. 898424 b800000>mov dword ptr ss:[esp+0xb8],eax + * 00427490 |. 3bc6 cmp eax,esi + * 00427492 |. 0f84 95140000 je sekajyo_.0042892d + * 00427498 |. 53 push ebx + * 00427499 |. 55 push ebp + * 0042749a |. 8bac24 fc0c000>mov ebp,dword ptr ss:[esp+0xcfc] + * 004274a1 |. 57 push edi + * 004274a2 |. 89b424 b400000>mov dword ptr ss:[esp+0xb4],esi + * 004274a9 |. 897424 10 mov dword ptr ss:[esp+0x10],esi + * 004274ad |. 8a45 00 mov al,byte ptr ss:[ebp] + * 004274b0 |. b9 01000000 mov ecx,0x1 + * 004274b5 |. 3c 20 cmp al,0x20 + * 004274b7 |. 7d 68 jge short sekajyo_.00427521 + * 004274b9 |. 0fbec0 movsx eax,al + * 004274bc |. 83c0 fe add eax,-0x2 ; switch (cases 2..8) + * + * Sample game: FORTUNE ARTERIAL + * ITH hooked function: BGI#2 sub_41EBD0, called by 0x4207e0 + * + * 0041ebcd 90 nop + * 0041ebce 90 nop + * 0041ebcf 90 nop + * 004207e0 /$ 81ec 30090000 sub esp,0x930 ; jichi: function starts + * 004207e6 |. 8b8424 5409000>mov eax,dword ptr ss:[esp+0x954] + * 004207ed |. 56 push esi + * 004207ee |. 8d8c24 0401000>lea ecx,dword ptr ss:[esp+0x104] + * 004207f5 |. 50 push eax + * 004207f6 |. 51 push ecx + * 004207f7 |. 8b0d 48634900 mov ecx,dword ptr ds:[0x496348] + * 004207fd |. e8 ee47feff call bgi.00404ff0 + * 00420802 |. 33f6 xor esi,esi + * 00420804 |. 894424 54 mov dword ptr ss:[esp+0x54],eax + * 00420808 |. 3bc6 cmp eax,esi + * 0042080a |. 0f84 94080000 je bgi.004210a4 + * 00420810 |. 53 push ebx + * 00420811 |. 55 push ebp + * 00420812 |. 8bac24 4809000>mov ebp,dword ptr ss:[esp+0x948] + * 00420819 |. 57 push edi + * 0042081a |. 897424 54 mov dword ptr ss:[esp+0x54],esi + * 0042081e |. 897424 10 mov dword ptr ss:[esp+0x10],esi + * 00420822 |. 8a45 00 mov al,byte ptr ss:[ebp] + * 00420825 |. 3c 20 cmp al,0x20 + * 00420827 |. 7d 69 jge short bgi.00420892 + * 00420829 |. 0fbec0 movsx eax,al + * 0042082c |. 83c0 fe add eax,-0x2 ; switch (cases 2..8) + * 0042082f |. 83f8 06 cmp eax,0x6 + * 00420832 |. 77 5e ja short bgi.00420892 + * 00420834 |. ff2485 ac10420>jmp dword ptr ds:[eax*4+0x4210ac] + * 0042083b |> c74424 54 0100>mov dword ptr ss:[esp+0x54],0x1 ; case 2 of switch 0042082c + * 00420843 |. eb 45 jmp short bgi.0042088a + * 00420845 |> 8d5424 1c lea edx,dword ptr ss:[esp+0x1c] ; case 4 of switch 0042082c + * 00420849 |. 68 0c424800 push bgi.0048420c + * 0042084e |. 52 push edx + * 0042084f |. eb 29 jmp short bgi.0042087a + * 00420851 |> 68 08424800 push bgi.00484208 ; case 5 of switch 0042082c + * 00420856 |. eb 1d jmp short bgi.00420875 + * 00420858 |> 8d4c24 1c lea ecx,dword ptr ss:[esp+0x1c] ; case 6 of switch 0042082c + * 0042085c |. 68 04424800 push bgi.00484204 + * 00420861 |. 51 push ecx + * 00420862 |. eb 16 jmp short bgi.0042087a + * 00420864 |> 8d5424 1c lea edx,dword ptr ss:[esp+0x1c] ; case 7 of switch 0042082c + * 00420868 |. 68 00424800 push bgi.00484200 + * 0042086d |. 52 push edx + * 0042086e |. eb 0a jmp short bgi.0042087a + * 00420870 |> 68 fc414800 push bgi.004841fc ; case 8 of switch 0042082c + * 00420875 |> 8d4424 20 lea eax,dword ptr ss:[esp+0x20] + * 00420879 |. 50 push eax + * 0042087a |> c74424 18 0100>mov dword ptr ss:[esp+0x18],0x1 + * 00420882 |. e8 b9a7ffff call bgi.0041b040 + * 00420887 |. 83c4 08 add esp,0x8 + * 0042088a |> 45 inc ebp + * 0042088b |. 89ac24 4c09000>mov dword ptr ss:[esp+0x94c],ebp + * 00420892 |> 8b9c24 3001000>mov ebx,dword ptr ss:[esp+0x130] ; default case of switch 0042082c + * 00420899 |. 8d8c24 1001000>lea ecx,dword ptr ss:[esp+0x110] + * 004208a0 |. 51 push ecx + * 004208a1 |. 895c24 70 mov dword ptr ss:[esp+0x70],ebx + * 004208a5 |. e8 76080000 call bgi.00421120 + * 004208aa |. 894424 34 mov dword ptr ss:[esp+0x34],eax + * 004208ae |. 8b8424 5409000>mov eax,dword ptr ss:[esp+0x954] + * 004208b5 |. 83c4 04 add esp,0x4 + * 004208b8 |. 3bc6 cmp eax,esi + * 004208ba |. 74 0f je short bgi.004208cb + * 004208bc |. 53 push ebx + * 004208bd |. e8 7e080000 call bgi.00421140 + */ + ULONG search1(ULONG startAddress, ULONG stopAddress) + { + // return 0x4207e0; // FORTUNE ARTERIAL + // const BYTE bytes[] = { + // 0x8a,0x45, 0x00, // 00420822 |. 8a45 00 mov al,byte ptr ss:[ebp] + // 0x3c, 0x20, // 00420825 |. 3c 20 cmp al,0x20 + // 0x7d, 0x69, // 00420827 |. 7d 69 jge short bgi.00420892 + // 0x0f,0xbe,0xc0, // 00420829 |. 0fbec0 movsx eax,al + // 0x83,0xc0, 0xfe, // 0042082c |. 83c0 fe add eax,-0x2 ; switch (cases 2..8) + // 0x83,0xf8, 0x06, // 0042082f |. 83f8 06 cmp eax,0x6 + // 0x77, 0x5e // 00420832 |. 77 5e ja short bgi.00420892 + // }; + // enum { hook_offset = 0x4207e0 - 0x420822 }; // distance to the beginning of the function + + const uint8_t bytes[] = { + // 0fafcbf7e9c1fa058bc2c1e81f03d08bfa85ff + 0x0f, 0xaf, 0xcb, // 004208de |. 0fafcb imul ecx,ebx + 0xf7, 0xe9, // 004208e1 |. f7e9 imul ecx + 0xc1, 0xfa, 0x05, // 004208e3 |. c1fa 05 sar edx,0x5 + 0x8b, 0xc2, // 004208e6 |. 8bc2 mov eax,edx + 0xc1, 0xe8, 0x1f, // 004208e8 |. c1e8 1f shr eax,0x1f + 0x03, 0xd0, // 004208eb |. 03d0 add edx,eax + 0x8b, 0xfa, // 004208ed |. 8bfa mov edi,edx + 0x85, 0xff, // 004208ef |. 85ff test edi,edi + }; + // enum { hook_offset = 0x4207e0 - 0x4208de }; // distance to the beginning of the function + // ULONG range = qMin(stopAddress - startAddress, Engine::MaximumMemoryRange); + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), startAddress, stopAddress); + if (!addr) + // ConsoleOutput("BGI2: pattern not found"); + return 0; + enum : WORD + { + sub_esp = 0xec81 // 004207e0 /$ 81ec 30090000 + , + push_ff = 0xff6a // 00427450 /$ 6a ff push -0x1, seh handler + }; + for (int i = 0; i < 300; i++, addr--) + if (*(WORD *)addr == sub_esp) + { // beginning of the function without seh + + // Sample game: 世界征服彼女 with SEH + // 00427450 /$ 6a ff push -0x1 + // 00427452 |. 68 78634900 push sekajyo_.00496378 ; se handler installation + // 00427457 |. 64:a1 00000000 mov eax,dword ptr fs:[0] + // 0042745d |. 50 push eax + // 0042745e |. 64:8925 000000>mov dword ptr fs:[0],esp + // 00427465 |. 81ec d80c0000 sub esp,0xcd8 + // + // 0x00427465 - 0x00427450 == 21 + ULONG seh_addr = addr; + for (int j = 0; j < 40; j++, seh_addr--) + if (*(WORD *)seh_addr == push_ff) // beginning of the function with seh + return seh_addr; + return addr; + } + + return 0; + } + + /** + * jichi 2/5/2014: Add an alternative BGI hook + * + * Issue: This hook cannot extract character name for コトバの消えた日 + * + * See: http://tieba.baidu.com/p/2845113296 + * 世界と世界の真ん中で + * - /HSN4@349E0:sekachu.exe // Disabled BGI3, floating split char + * - /HS-1C:-4@68E56 // Not used, cannot detect character name + * - /HSC@34C80:sekachu.exe // BGI2, extract both scenario and character names + * + * [Lump of Sugar] 世界と世界の真ん中で + * /HSC@34C80:sekachu.exe + * - addr: 216192 = 0x34c80 + * - module: 3599131534 + * - off: 12 = 0xc + * - type: 65 = 0x41 + * + * base: 0x11a0000 + * hook_addr = base + addr = 0x11d4c80 + * + * 011d4c7e cc int3 + * 011d4c7f cc int3 + * 011d4c80 /$ 55 push ebp ; jichi: hook here + * 011d4c81 |. 8bec mov ebp,esp + * 011d4c83 |. 6a ff push -0x1 + * 011d4c85 |. 68 e6592601 push sekachu.012659e6 + * 011d4c8a |. 64:a1 00000000 mov eax,dword ptr fs:[0] + * 011d4c90 |. 50 push eax + * 011d4c91 |. 81ec 300d0000 sub esp,0xd30 + * 011d4c97 |. a1 d8c82801 mov eax,dword ptr ds:[0x128c8d8] + * 011d4c9c |. 33c5 xor eax,ebp + * 011d4c9e |. 8945 f0 mov dword ptr ss:[ebp-0x10],eax + * 011d4ca1 |. 53 push ebx + * 011d4ca2 |. 56 push esi + * 011d4ca3 |. 57 push edi + * 011d4ca4 |. 50 push eax + * 011d4ca5 |. 8d45 f4 lea eax,dword ptr ss:[ebp-0xc] + * 011d4ca8 |. 64:a3 00000000 mov dword ptr fs:[0],eax + * 011d4cae |. 8b4d 0c mov ecx,dword ptr ss:[ebp+0xc] + * 011d4cb1 |. 8b55 18 mov edx,dword ptr ss:[ebp+0x18] + * 011d4cb4 |. 8b45 08 mov eax,dword ptr ss:[ebp+0x8] + * 011d4cb7 |. 8b5d 10 mov ebx,dword ptr ss:[ebp+0x10] + * 011d4cba |. 8b7d 38 mov edi,dword ptr ss:[ebp+0x38] + * 011d4cbd |. 898d d8f3ffff mov dword ptr ss:[ebp-0xc28],ecx + * 011d4cc3 |. 8b4d 28 mov ecx,dword ptr ss:[ebp+0x28] + * 011d4cc6 |. 8995 9cf3ffff mov dword ptr ss:[ebp-0xc64],edx + * 011d4ccc |. 51 push ecx + * 011d4ccd |. 8b0d 305c2901 mov ecx,dword ptr ds:[0x1295c30] + * 011d4cd3 |. 8985 e0f3ffff mov dword ptr ss:[ebp-0xc20],eax + * 011d4cd9 |. 8b45 1c mov eax,dword ptr ss:[ebp+0x1c] + * 011d4cdc |. 8d95 4cf4ffff lea edx,dword ptr ss:[ebp-0xbb4] + * 011d4ce2 |. 52 push edx + * 011d4ce3 |. 899d 40f4ffff mov dword ptr ss:[ebp-0xbc0],ebx + * 011d4ce9 |. 8985 1cf4ffff mov dword ptr ss:[ebp-0xbe4],eax + * 011d4cef |. 89bd f0f3ffff mov dword ptr ss:[ebp-0xc10],edi + * 011d4cf5 |. e8 862efdff call sekachu.011a7b80 + * 011d4cfa |. 33c9 xor ecx,ecx + * 011d4cfc |. 8985 60f3ffff mov dword ptr ss:[ebp-0xca0],eax + * 011d4d02 |. 3bc1 cmp eax,ecx + * 011d4d04 |. 0f84 0f1c0000 je sekachu.011d6919 + * 011d4d0a |. e8 31f6ffff call sekachu.011d4340 + * 011d4d0f |. e8 6cf8ffff call sekachu.011d4580 + * 011d4d14 |. 8985 64f3ffff mov dword ptr ss:[ebp-0xc9c],eax + * 011d4d1a |. 8a03 mov al,byte ptr ds:[ebx] + * 011d4d1c |. 898d 90f3ffff mov dword ptr ss:[ebp-0xc70],ecx + * 011d4d22 |. 898d 14f4ffff mov dword ptr ss:[ebp-0xbec],ecx + * 011d4d28 |. 898d 38f4ffff mov dword ptr ss:[ebp-0xbc8],ecx + * 011d4d2e |. 8d71 01 lea esi,dword ptr ds:[ecx+0x1] + * 011d4d31 |. 3c 20 cmp al,0x20 + * 011d4d33 |. 7d 75 jge short sekachu.011d4daa + * 011d4d35 |. 0fbec0 movsx eax,al + * 011d4d38 |. 83c0 fe add eax,-0x2 ; switch (cases 2..8) + * 011d4d3b |. 83f8 06 cmp eax,0x6 + * 011d4d3e |. 77 6a ja short sekachu.011d4daa + * 011d4d40 |. ff2485 38691d0>jmp dword ptr ds:[eax*4+0x11d6938] + */ + ULONG search2(ULONG startAddress, ULONG stopAddress) + { + // return startAddress + 0x31850; // 世界と世界の真ん中 体験版 + const uint8_t bytes[] = { + // 3c207d750fbec083c0fe83f806776a + 0x3c, 0x20, // 011d4d31 |. 3c 20 cmp al,0x20 + 0x7d, 0x75, // 011d4d33 |. 7d 75 jge short sekachu.011d4daa + 0x0f, 0xbe, 0xc0, // 011d4d35 |. 0fbec0 movsx eax,al + 0x83, 0xc0, 0xfe, // 011d4d38 |. 83c0 fe add eax,-0x2 ; switch (cases 2..8) + 0x83, 0xf8, 0x06, // 011d4d3b |. 83f8 06 cmp eax,0x6 + 0x77, 0x6a // 011d4d3e |. 77 6a ja short sekachu.011d4daa + }; + enum + { + hook_offset = 0x34c80 - 0x34d31 + }; // distance to the beginning of the function + // ULONG range = qMin(stopAddress - startAddress, Engine::MaximumMemoryRange); + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), startAddress, stopAddress); + if (!addr) + // ConsoleOutput("BGI2: pattern not found"); + return 0; + + addr += hook_offset; + enum : uint8_t + { + push_ebp = 0x55 + }; // 011d4c80 /$ 55 push ebp + if (*(uint8_t *)addr != push_ebp) + // ConsoleOutput("BGI2: pattern found but the function offset is invalid"); + return 0; + + return addr; + } + + /** + * Sample Game: type 3: 蒼の彼方 体験版 (8/6/2014) + * 01312cce cc int3 ; jichi: reladdr = 0x32cd0 + * 01312ccf cc int3 + * 01312cd0 $ 55 push ebp + * 01312cd1 . 8bec mov ebp,esp + * 01312cd3 . 83e4 f8 and esp,0xfffffff8 + * 01312cd6 . 6a ff push -0x1 + * 01312cd8 . 68 86583a01 push 蒼の彼方.013a5886 + * 01312cdd . 64:a1 00000000 mov eax,dword ptr fs:[0] + * 01312ce3 . 50 push eax + * 01312ce4 . 81ec 38090000 sub esp,0x938 + * 01312cea . a1 24673c01 mov eax,dword ptr ds:[0x13c6724] + * 01312cef . 33c4 xor eax,esp + * 01312cf1 . 898424 3009000>mov dword ptr ss:[esp+0x930],eax + * 01312cf8 . 53 push ebx + * 01312cf9 . 56 push esi + * 01312cfa . 57 push edi + * 01312cfb . a1 24673c01 mov eax,dword ptr ds:[0x13c6724] + * 01312d00 . 33c4 xor eax,esp + * 01312d02 . 50 push eax + * 01312d03 . 8d8424 4809000>lea eax,dword ptr ss:[esp+0x948] + * 01312d0a . 64:a3 00000000 mov dword ptr fs:[0],eax + * 01312d10 . 8b45 08 mov eax,dword ptr ss:[ebp+0x8] + * 01312d13 . 8b7d 0c mov edi,dword ptr ss:[ebp+0xc] + * 01312d16 . 8b5d 30 mov ebx,dword ptr ss:[ebp+0x30] + * 01312d19 . 898424 8800000>mov dword ptr ss:[esp+0x88],eax + * 01312d20 . 8b45 14 mov eax,dword ptr ss:[ebp+0x14] + * 01312d23 . 898c24 8c00000>mov dword ptr ss:[esp+0x8c],ecx + * 01312d2a . 8b0d a8734a01 mov ecx,dword ptr ds:[0x14a73a8] + * 01312d30 . 894424 4c mov dword ptr ss:[esp+0x4c],eax + * 01312d34 . 899424 bc00000>mov dword ptr ss:[esp+0xbc],edx + * 01312d3b . 8b55 20 mov edx,dword ptr ss:[ebp+0x20] + * 01312d3e . 51 push ecx ; /arg1 => 00000000 + * 01312d3f . 8d8424 0c02000>lea eax,dword ptr ss:[esp+0x20c] ; | + * 01312d46 . 897c24 34 mov dword ptr ss:[esp+0x34],edi ; | + * 01312d4a . 899c24 8800000>mov dword ptr ss:[esp+0x88],ebx ; | + * 01312d51 . e8 ca59fdff call 蒼の彼方.012e8720 ; \蒼の彼方.012e8720 + * 01312d56 . 33c9 xor ecx,ecx + * 01312d58 . 898424 f400000>mov dword ptr ss:[esp+0xf4],eax + * 01312d5f . 3bc1 cmp eax,ecx + * 01312d61 . 0f84 391b0000 je 蒼の彼方.013148a0 + * 01312d67 . e8 54280000 call 蒼の彼方.013155c0 + * 01312d6c . e8 7f2a0000 call 蒼の彼方.013157f0 + * 01312d71 . 898424 f800000>mov dword ptr ss:[esp+0xf8],eax + * 01312d78 . 8a07 mov al,byte ptr ds:[edi] + * 01312d7a . 898c24 c400000>mov dword ptr ss:[esp+0xc4],ecx + * 01312d81 . 894c24 2c mov dword ptr ss:[esp+0x2c],ecx + * 01312d85 . 894c24 1c mov dword ptr ss:[esp+0x1c],ecx + * 01312d89 . b9 01000000 mov ecx,0x1 + * 01312d8e . 3c 20 cmp al,0x20 ; jichi: pattern starts + * 01312d90 . 7d 58 jge short 蒼の彼方.01312dea + * 01312d92 . 0fbec0 movsx eax,al + * 01312d95 . 83c0 fe add eax,-0x2 ; switch (cases 2..8) + * 01312d98 . 83f8 06 cmp eax,0x6 + * 01312d9b . 77 4d ja short 蒼の彼方.01312dea + * 01312d9d . ff2485 c448310>jmp dword ptr ds:[eax*4+0x13148c4] + * 01312da4 > 898c24 c400000>mov dword ptr ss:[esp+0xc4],ecx ; case 2 of switch 01312d95 + * 01312dab . 03f9 add edi,ecx + * 01312dad . eb 37 jmp short 蒼の彼方.01312de6 + * 01312daf > 894c24 2c mov dword ptr ss:[esp+0x2c],ecx ; case 3 of switch 01312d95 + * 01312db3 . 03f9 add edi,ecx + * 01312db5 . eb 2f jmp short 蒼の彼方.01312de6 + * 01312db7 > ba e0103b01 mov edx,蒼の彼方.013b10e0 ; case 4 of switch 01312d95 + * 01312dbc . eb 1a jmp short 蒼の彼方.01312dd8 + * 01312dbe > ba e4103b01 mov edx,蒼の彼方.013b10e4 ; case 5 of switch 01312d95 + * 01312dc3 . eb 13 jmp short 蒼の彼方.01312dd8 + * 01312dc5 > ba e8103b01 mov edx,蒼の彼方.013b10e8 ; case 6 of switch 01312d95 + * 01312dca . eb 0c jmp short 蒼の彼方.01312dd8 + * 01312dcc > ba ec103b01 mov edx,蒼の彼方.013b10ec ; case 7 of switch 01312d95 + * 01312dd1 . eb 05 jmp short 蒼の彼方.01312dd8 + * 01312dd3 > ba f0103b01 mov edx,蒼の彼方.013b10f0 ; case 8 of switch 01312d95 + * 01312dd8 > 8d7424 14 lea esi,dword ptr ss:[esp+0x14] + * 01312ddc . 894c24 1c mov dword ptr ss:[esp+0x1c],ecx + * 01312de0 . e8 1b8dffff call 蒼の彼方.0130bb00 + * 01312de5 . 47 inc edi + * 01312de6 > 897c24 30 mov dword ptr ss:[esp+0x30],edi + * 01312dea > 8d8424 0802000>lea eax,dword ptr ss:[esp+0x208] ; default case of switch 01312d95 + * 01312df1 . e8 ba1b0000 call 蒼の彼方.013149b0 + * 01312df6 . 837d 10 00 cmp dword ptr ss:[ebp+0x10],0x0 + * 01312dfa . 8bb424 2802000>mov esi,dword ptr ss:[esp+0x228] + * 01312e01 . 894424 5c mov dword ptr ss:[esp+0x5c],eax + * 01312e05 . 74 12 je short 蒼の彼方.01312e19 + * 01312e07 . 56 push esi ; /arg1 + * 01312e08 . e8 c31b0000 call 蒼の彼方.013149d0 ; \蒼の彼方.013149d0 + * 01312e0d . 83c4 04 add esp,0x4 + * 01312e10 . 898424 c000000>mov dword ptr ss:[esp+0xc0],eax + * 01312e17 . eb 0b jmp short 蒼の彼方.01312e24 + * 01312e19 > c78424 c000000>mov dword ptr ss:[esp+0xc0],0x0 + * 01312e24 > 8b4b 04 mov ecx,dword ptr ds:[ebx+0x4] + * 01312e27 . 0fafce imul ecx,esi + * 01312e2a . b8 1f85eb51 mov eax,0x51eb851f + * 01312e2f . f7e9 imul ecx + * 01312e31 . c1fa 05 sar edx,0x5 + * 01312e34 . 8bca mov ecx,edx + * 01312e36 . c1e9 1f shr ecx,0x1f + * 01312e39 . 03ca add ecx,edx + * 01312e3b . 894c24 70 mov dword ptr ss:[esp+0x70],ecx + * 01312e3f . 85c9 test ecx,ecx + * 01312e41 . 7f 09 jg short 蒼の彼方.01312e4c + * 01312e43 . b9 01000000 mov ecx,0x1 + * 01312e48 . 894c24 70 mov dword ptr ss:[esp+0x70],ecx + * 01312e4c > 8b53 08 mov edx,dword ptr ds:[ebx+0x8] + * 01312e4f . 0fafd6 imul edx,esi + * 01312e52 . b8 1f85eb51 mov eax,0x51eb851f + * 01312e57 . f7ea imul edx + * 01312e59 . c1fa 05 sar edx,0x5 + * 01312e5c . 8bc2 mov eax,edx + * 01312e5e . c1e8 1f shr eax,0x1f + * 01312e61 . 03c2 add eax,edx + * 01312e63 . 894424 78 mov dword ptr ss:[esp+0x78],eax + * 01312e67 . 85c0 test eax,eax + * 01312e69 . 7f 09 jg short 蒼の彼方.01312e74 + * 01312e6b . b8 01000000 mov eax,0x1 + * 01312e70 . 894424 78 mov dword ptr ss:[esp+0x78],eax + * 01312e74 > 33d2 xor edx,edx + * 01312e76 . 895424 64 mov dword ptr ss:[esp+0x64],edx + * 01312e7a . 895424 6c mov dword ptr ss:[esp+0x6c],edx + * 01312e7e . 8b13 mov edx,dword ptr ds:[ebx] + * 01312e80 . 4a dec edx ; switch (cases 1..2) + * 01312e81 . 74 0e je short 蒼の彼方.01312e91 + * 01312e83 . 4a dec edx + * 01312e84 . 75 13 jnz short 蒼の彼方.01312e99 + * 01312e86 . 8d1409 lea edx,dword ptr ds:[ecx+ecx] ; case 2 of switch 01312e80 + * 01312e89 . 895424 64 mov dword ptr ss:[esp+0x64],edx + * 01312e8d . 03c0 add eax,eax + * 01312e8f . eb 04 jmp short 蒼の彼方.01312e95 + * 01312e91 > 894c24 64 mov dword ptr ss:[esp+0x64],ecx ; case 1 of switch 01312e80 + * 01312e95 > 894424 6c mov dword ptr ss:[esp+0x6c],eax + * 01312e99 > 8b9c24 3802000>mov ebx,dword ptr ss:[esp+0x238] ; default case of switch 01312e80 + * 01312ea0 . 8bc3 mov eax,ebx + * 01312ea2 . e8 d98bffff call 蒼の彼方.0130ba80 + * 01312ea7 . 8bc8 mov ecx,eax + * 01312ea9 . 8bc3 mov eax,ebx + * 01312eab . e8 e08bffff call 蒼の彼方.0130ba90 + * 01312eb0 . 6a 01 push 0x1 ; /arg1 = 00000001 + * 01312eb2 . 8bd0 mov edx,eax ; | + * 01312eb4 . 8db424 1c01000>lea esi,dword ptr ss:[esp+0x11c] ; | + * 01312ebb . e8 3056fdff call 蒼の彼方.012e84f0 ; \蒼の彼方.012e84f0 + * 01312ec0 . 8bc7 mov eax,edi + * 01312ec2 . 83c4 04 add esp,0x4 + * 01312ec5 . 8d70 01 lea esi,dword ptr ds:[eax+0x1] + * 01312ec8 > 8a08 mov cl,byte ptr ds:[eax] + * 01312eca . 40 inc eax + * 01312ecb . 84c9 test cl,cl + * 01312ecd .^75 f9 jnz short 蒼の彼方.01312ec8 + * 01312ecf . 2bc6 sub eax,esi + * 01312ed1 . 40 inc eax + * 01312ed2 . 50 push eax + * 01312ed3 . e8 e74c0600 call 蒼の彼方.01377bbf + * 01312ed8 . 33f6 xor esi,esi + * 01312eda . 83c4 04 add esp,0x4 + */ + ULONG search3(ULONG startAddress, ULONG stopAddress) + { + // return startAddress + 0x31850; // 世界と世界の真ん中 体験版 + const uint8_t bytes[] = { + // 3c207d580fbec083c0fe83f806774d + 0x3c, 0x20, // 01312d8e 3c 20 cmp al,0x20 ; jichi: pattern starts + 0x7d, 0x58, // 01312d90 7d 58 jge short 蒼の彼方.01312dea + 0x0f, 0xbe, 0xc0, // 01312d92 0fbec0 movsx eax,al + 0x83, 0xc0, 0xfe, // 01312d95 83c0 fe add eax,-0x2 ; switch (cases 2..8) + 0x83, 0xf8, 0x06, // 01312d98 83f8 06 cmp eax,0x6 + 0x77, 0x4d // 01312d9b 77 4d ja short 蒼の彼方.01312dea + }; + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), startAddress, stopAddress); + if (!addr) + return 0; + + // distance to the beginning of the function + static const int hook_offsets[] = { + 0x01312cd0 - 0x01312d8e // for new BGI2 game since 蒼の彼方 (2014/08), text is in arg2 + , + 0x00a64260 - 0x00a64318 // For newer BGI2 game since コドモノアソビ (2015/11) + }; + enum + { + hook_offset_count = sizeof(hook_offsets) / sizeof(*hook_offsets) + }; + + for (size_t i = 0; i < hook_offset_count; i++) + { + int hook_offset = hook_offsets[i]; + + enum : uint8_t + { + push_ebp = 0x55 + }; // 011d4c80 /$ 55 push ebp + if (*(uint8_t *)(addr + hook_offset) == push_ebp) + return addr + hook_offset; + } + return 0; // failed + } + ULONG search_bgi3(ULONG startAddress, ULONG stopAddress) + { + // 黄昏のフォルクローレ + /* .text:00C3A700 push ebp + .text : 00C3A701 mov ebp, esp + .text : 00C3A703 push[ebp + arg_30] + .text : 00C3A706 mov edx, [ebp + arg_4] + .text : 00C3A709 push[ebp + arg_2C] + .text : 00C3A70C mov ecx, [ebp + arg_0] + .text : 00C3A70F push[ebp + arg_28] + .text : 00C3A712 push[ebp + arg_24] + .text : 00C3A715 push[ebp + arg_20] + .text : 00C3A718 push[ebp + arg_1C] + .text : 00C3A71B push[ebp + arg_18] + .text : 00C3A71E push[ebp + arg_14] + .text : 00C3A721 push[ebp + arg_10] + .text : 00C3A724 push[ebp + arg_C] + .text : 00C3A727 push[ebp + arg_8] + .text : 00C3A72A call loc_C3A740 + int __stdcall sub_C3A700( + int a1, + int a2, + int a3, + int a4, + int a5, + int a6, + int a7, + int a8, + int a9, + int a10, + int a11, + int a12, + int a13) + + */ + const uint8_t bytes[] = { + 0x55, + 0x8b, 0xec, + 0xff, 0x75, 0x38, + 0x8b, 0x55, 0x0c, + 0xff, 0x75, 0x34, + 0x8b, 0x4d, 0x08, + 0xff, 0x75, 0x30}; + ULONG range = min(ULONG(stopAddress - startAddress), ULONG(0x00300000)); + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), startAddress, startAddress + range); + if (addr == 0) + return 0; + return addr; + } + bool search_tayutama(DWORD *funaddr, DWORD *addr) + { + const BYTE bytes[] = { + // The following code does not exist in newer BGI games after BGI 1.633.0.0 (tayutama2_trial_EX) + // 0x3c, 0x20, // 011d4d31 |. 3c 20 cmp al,0x20 + // 0x7d, XX, // 011d4d33 |. 7d 75 jge short sekachu.011d4daa ; jichi: 0x75 or 0x58 + 0x0f, 0xbe, 0xc0, // 011d4d35 |. 0fbec0 movsx eax,al + 0x83, 0xc0, 0xfe, // 011d4d38 |. 83c0 fe add eax,-0x2 ; switch (cases 2..8) + 0x83, 0xf8 //, 0x06 // 011d4d3b |. 83f8 06 cmp eax,0x6 + // The following code does not exist in newer BGI games after 蒼の彼方 + // 0x77, 0x6a // 011d4d3e |. 77 6a ja short sekachu.011d4daa + }; + + ULONG range = min(processStopAddress - processStartAddress, MAX_REL_ADDR); + *addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStartAddress + range); + // GROWL_DWORD(reladdr); + if (!*addr) + { + return false; + } + + *funaddr = MemDbg::findEnclosingAlignedFunction(*addr, 0x300); // range is around 177 ~ 190 + + enum : BYTE + { + push_ebp = 0x55 + }; // 011d4c80 /$ 55 push ebp + if (!*funaddr || *(BYTE *)*funaddr != push_ebp) + { + return false; + } + return true; + } + bool InsertBGI2Hook() + { + + /* Artikash 6/14/2019: Ugh, what a mess I've dug up... + At some point the beginning four bytes to search for were removed, but the difference below were not corrected? Or maybe they were? + I don't have all these games so no way to confirm which (if any) are wrong. + But the first difference (the important one since it's the one detecting offset=arg3, all others give new) seems to be four bytes off when hooking https://vndb.org/v8158 + ...but maybe it's not? Maybe I discovered a new difference? + I think the safest option is to just add the new? difference as a case that detects offset=arg3 since either way one case will detect offset=arg3 correctly. + And all the other cases fall through to offset=arg2. + */ + ULONG addr, funaddr; + HookParam hp; + hp.hook_font = F_TextOutA | F_TextOutW; + if (addr = search_bgi3(processStartAddress, processStopAddress)) + { + // 有乱码,无法处理。 + Private::textIndex_ = 3; + hp.offset = get_stack(Private::textIndex_); + Private::type_ = Private::Type_BGI3; + hp.hook_font |= F_GetTextExtentPoint32W; + if (addr - processStartAddress == 0x3B860) //[220729][1171051][きゃべつそふと] ジュエリー・ハーツ・アカデミア -We will wing wonder world-,无法处理的乱码,不知道怎么回事。 + addr = 0; + } + else if (search_tayutama(&funaddr, &addr)) + { + + switch (funaddr - addr) + { + // for old BGI2 game, text is arg3 + case 0x34c80 - 0x34d31: // old offset + case 0x34c50 - 0x34d05: // correction as mentioned above + Private::textIndex_ = 3; + break; + // for new BGI2 game since 蒼の彼方 (2014/08), text is in arg2 + case 0x01312cd0 - 0x01312D92: + // For newer BGI2 game since コドモノアソビ (2015/11) + case 0x00A64260 - 0x00A6431C: + // For latest BGI2 game since タユタマ2(2016/05) by @mireado + case 0x00E95290 - 0x00E95349: + // For latest BGI2 game since 千の刃濤、桃花染の皇姫 体験版 by @mireado + case 0x00AF5640 - 0x00AF56FF: + // For latest BGI2 game since by BGI 1.633.0.0 @mireado + case 0x00D8A660 - 0x00D8A73A: + Private::textIndex_ = 2; + break; + // Artikash 8/1/2018: Looks like it's basically always 4*2. Remove error from default case: breaks SubaHibi HD. Will figure out how to do this properly if it becomes an issue. + default: + ConsoleOutput("BGI2 WARN: function-code distance unknown"); + Private::textIndex_ = 2; + break; + } + Private::type_ = Private::Type3; + addr = funaddr; + } + else if (addr = search3(processStartAddress, processStopAddress)) + { + Private::type_ = Private::Type3; + Private::textIndex_ = 2; // use arg2, name = "BGI2"; + } + else if (addr = search2(processStartAddress, processStopAddress)) + { + Private::type_ = Private::Type2; + Private::textIndex_ = 3; // use arg3, name = "BGI2"; + } + else if (addr = search1(processStartAddress, processStopAddress)) + { + Private::type_ = Private::Type1; + Private::textIndex_ = 3; // use arg3, name = "BGI"; + } + if (addr == 0) + return false; + hp.address = addr; + hp.offset = get_stack(Private::textIndex_); + // jichi 5/12/2014: Using split could distinguish name and choices. But the signature might become unstable + hp.type = USING_STRING | USING_SPLIT | EMBED_ABLE | EMBED_DYNA_SJIS | EMBED_AFTER_NEW | NO_CONTEXT; + + hp.text_fun = Private::hookBefore; + hp.filter_fun = [](void *data, size_t *len, HookParam *hp) + { + // It could be either or + static const std::regex rx("(.+?)", std::regex_constants::icase); + std::string result = std::string((char *)data, *len); + result = std::regex_replace(result, rx, "$1"); + + return write_string_overwrite(data, len, result); + }; + + hp.split = get_stack(8); // pseudo arg8 + + // GROWL_DWORD2(hp.address, processStartAddress); + + return NewHook(hp, "EmbedBGI"); + } + + bool InsertBGI3Hook() + { + /* + * Sample games: + * https://vndb.org/v28283 + * https://vndb.org/v30456 + * https://vndb.org/v33996 + * https://vndb.org/v34532 + * https://vndb.org/v36131 + */ + bool found = false; + const BYTE pattern[] = { + 0x55, // 55 push ebp + 0x8b, 0xec, // 8BEC mov ebp,esp + 0x83, 0xe4, 0xf8, // 83E4 F8 and esp,FFFFFFF8 + 0x81, 0xec, 0x84, 0x00, 0x00, 0x00 // 81EC 84000000 sub esp,0x84 + }; + + for (auto addr : Util::SearchMemory(pattern, sizeof(pattern), PAGE_EXECUTE, processStartAddress, processStopAddress)) + { + HookParam hp; + hp.address = addr; + hp.offset = get_stack(2); + hp.split = get_stack(1); + hp.type = CODEC_UTF16 | USING_SPLIT; + ConsoleOutput("INSERT BGI3"); + found |= NewHook(hp, "BGI3"); + } + if (!found) + ConsoleOutput("BGI3: pattern not found"); + return found; + } + +#if 0 +/** + * jichi 1/31/2014: Add a new BGI hook + * See: http://www.hongfire.com/forum/showthread.php/36807-AGTH-text-extraction-tool-for-games-translation/page702 + * See: http://www.hongfire.com/forum/showthread.php/36807-AGTH-text-extraction-tool-for-games-translation/page716 + * + * Issue: This hook has floating split char + * + * [ぷちけろ] コトバの消えた日 �忁�で裸にする純�調教~体験版 + * /HS-1C:-4@68E56:BGI.exe + * - addr: 429654 (0x68e56) + * - module: 3927275266 (0xea157702) + * - off: 4294967264 = 0xffffffe0 = -0x20 + * - split: 4294967288 = 0xfffffff8 = -0x8 + * - type: 81 = 0x51 + * + * 00e88e3d cc int3 + * 00e88e3e cc int3 + * 00e88e3f cc int3 + * 00e88e40 /. 55 push ebp + * 00e88e41 |. 8bec mov ebp,esp + * 00e88e43 |. 56 push esi + * 00e88e44 |. 57 push edi + * 00e88e45 |. 8b7d 08 mov edi,dword ptr ss:[ebp+0x8] + * 00e88e48 |. 57 push edi + * 00e88e49 |. e8 c28a0100 call bgi.00ea1910 + * 00e88e4e |. 57 push edi ; |arg1 + * 00e88e4f |. 8bf0 mov esi,eax ; | + * 00e88e51 |. e8 ba8a0100 call bgi.00ea1910 ; \bgi.00ea1910 + * 00e88e56 |. 83c4 08 add esp,0x8 ; jichi: hook here + * 00e88e59 |. 2bc6 sub eax,esi + * 00e88e5b |. eb 03 jmp short bgi.00e88e60 + * 00e88e5d | 8d49 00 lea ecx,dword ptr ds:[ecx] + * 00e88e60 |> 8a0e /mov cl,byte ptr ds:[esi] + * 00e88e62 |. 880c30 |mov byte ptr ds:[eax+esi],cl + * 00e88e65 |. 46 |inc esi + * 00e88e66 |. 84c9 |test cl,cl + * 00e88e68 |.^75 f6 \jnz short bgi.00e88e60 + * 00e88e6a |. 5f pop edi + * 00e88e6b |. 33c0 xor eax,eax + * 00e88e6d |. 5e pop esi + * 00e88e6e |. 5d pop ebp + * 00e88e6f \. c3 retn + */ +bool InsertBGI3Hook() +{ + const BYTE bytes[] = { + 0x83,0xc4, 0x08,// 00e88e56 |. 83c4 08 add esp,0x8 ; hook here + 0x2b,0xc6, // 00e88e59 |. 2bc6 sub eax,esi + 0xeb, 0x03, // 00e88e5b |. eb 03 jmp short bgi.00e88e60 + 0x8d,0x49, 0x00,// 00e88e5d | 8d49 00 lea ecx,dword ptr ds:[ecx] + 0x8a,0x0e, // 00e88e60 |> 8a0e /mov cl,byte ptr ds:[esi] + 0x88,0x0c,0x30, // 00e88e62 |. 880c30 |mov byte ptr ds:[eax+esi],cl + 0x46, // 00e88e65 |. 46 |inc esi + 0x84,0xc9, // 00e88e66 |. 84c9 |test cl,cl + 0x75, 0xf6 // 00e88e68 |.^75 f6 \jnz short bgi.00e88e60 + //0x5f, // 00e88e6a |. 5f pop edi + //0x33,0xc0, // 00e88e6b |. 33c0 xor eax,eax + //0x5e, // 00e88e6d |. 5e pop esi + //0x5d, // 00e88e6e |. 5d pop ebp + //0xc3 // 00e88e6f \. c3 retn + }; + //enum { addr_offset = 0 }; + ULONG range = min(processStopAddress - processStartAddress, MAX_REL_ADDR); + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStartAddress + range); + //reladdr = 0x68e56; + if (!addr) { + ConsoleOutput("BGI3: pattern not found"); + return false; + } + + HookParam hp; + hp.type = USING_STRING|USING_SPLIT; + hp.offset=get_reg(regs::esi); + hp.split = get_reg(regs::eax); + hp.address = addr; + + //GROWL_DWORD2(hp.address, processStartAddress); + + ConsoleOutput("INSERT BGI3"); + + return NewHook(hp, "BGI3"); +} +#endif // 0 +} // unnamed + +// jichi 5/12/2014: BGI1 and BGI2 game can co-exist, such as 世界と世界の真ん中で +// BGI1 can exist in both old and new games +// BGI2 only exist in new games +// Insert BGI2 first. +// Artikash 6/12/2019: In newer games neither exists, but WideCharToMultiByte works, so insert that if BGI2 fails. + +bool BGI7Filter(LPVOID data, size_t *size, HookParam *) +{ + auto text = reinterpret_cast(data); + auto len = reinterpret_cast(size); + + CharFilter(text, len, L'\x0001'); + CharFilter(text, len, L'\x0002'); + CharFilter(text, len, L'\x0003'); + CharFilter(text, len, L'\x0004'); + CharFilter(text, len, L'\x0005'); + CharFilter(text, len, L'\x000A'); + if (text[0] == L'\x3000') + { + *len -= 2; + ::memmove(text, text + 1, *len); + } + CharReplacer(text, len, L'\x3000', L' '); // IDSP + + if (cpp_wcsnstr(text, L"<", *len / sizeof(wchar_t))) + { + StringFilterBetween(text, len, L"<", 1, L">", 1); + } + + return true; +} + +bool InsertBGI7Hook() +{ + + /* + * Sample games: + * https://vndb.org/v26664 + * https://vndb.org/v44105 + */ + bool found = false; + const BYTE pattern[] = { + 0x55, // 55 push ebp << hook here + 0x8b, 0xec, // 8BEC mov ebp,esp + 0x53, // 53 push ebx + 0x56, // 56 push esi + 0x57, // 57 push edi + 0x33, 0xFF, // 33 FF xor edi,edi + 0xE8, XX4, // E8 23FDFFFF call saclet.exe+A0990 + 0x8B, 0xF0 // 8B F0 mov esi,eax + }; + + for (auto addr : Util::SearchMemory(pattern, sizeof(pattern), PAGE_EXECUTE, processStartAddress, processStopAddress)) + { + HookParam hp; + hp.address = addr; + hp.offset = get_reg(regs::eax); + hp.split = get_reg(regs::esp); + hp.type = CODEC_UTF16 | USING_STRING | USING_SPLIT | KNOWN_UNSTABLE; + hp.filter_fun = BGI7Filter; + ConsoleOutput("INSERT BGI4"); + found |= NewHook(hp, "BGI4"); + } + if (!found) + ConsoleOutput("BGI4: pattern not found"); + return found; +} + +bool BGI56Filter(LPVOID data, size_t *size, HookParam *) +{ + auto text = reinterpret_cast(data); + auto len = reinterpret_cast(size); + + if (text[0] == '@') + { + *len -= 1; + ::memmove(text, text + 1, *len); + } + + return true; +} + +bool InsertBGI5Hook() +{ + + /* + * Sample games: + * https://vndb.org/v473 + */ + const BYTE bytes[] = { + 0x90, // nop + 0x81, 0xEC, XX4, // sub esp,00000920 << hook here + 0x8B, 0x84, 0x24, XX4, // mov eax,[esp+00000944] + 0x55, // push ebp + 0x8D, 0x8C, 0x24, XX4 // lea ecx,[esp+000000F4] + }; + + ULONG range = min(processStopAddress - processStartAddress, MAX_REL_ADDR); + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStartAddress + range); + if (!addr) + return false; + + HookParam hp; + hp.address = addr + 1; + hp.offset = get_reg(regs::ecx); + hp.padding = 1; + hp.type = USING_STRING; + hp.filter_fun = BGI56Filter; + ConsoleOutput("INSERT BGI5"); + + return NewHook(hp, "BGI5"); +} + +bool InsertBGI6Hook() +{ + + /* + * Sample games: + * https://vndb.org/r96578 + */ + const BYTE bytes[] = { + 0x90, // nop + 0x6A, 0xFF, // push -01 << hook here + 0x68, XX4, // push BGI.exe+87AF8 + 0x64, 0xA1, 0x00, 0x00, 0x00, 0x00, // mov eax,fs:[00000000] + 0x50, // push eax + 0x64, 0x89, 0x25, 0x00, 0x00, 0x00, 0x00, // mov fs:[00000000],esp + 0x81, 0xEC, XX4, // sub esp,000009B4 + 0x8B, 0x84, 0x24, 0xE4, 0x09, 0x00, 0x00 // mov eax,[esp+000009E4] + }; + + ULONG range = min(processStopAddress - processStartAddress, MAX_REL_ADDR); + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStartAddress + range); + if (!addr) + return false; + + HookParam hp; + hp.address = addr + 1; + hp.offset = get_reg(regs::ecx); + hp.padding = 1; + hp.type = USING_STRING; + hp.filter_fun = BGI56Filter; + ConsoleOutput("INSERT BGI6"); + + return NewHook(hp, "BGI6"); +} +bool InsertBGIHook() +{ + return InsertBGI2Hook() || InsertBGI3Hook() || (PcHooks::hookOtherPcFunctions(), InsertBGI1Hook()); +} + +bool InsertBGI4Hook() +{ + /* + int __cdecl sub_4A3AD0(LPSTR lpMultiByteStr, LPCWCH lpWideCharStr, int a3) +{ + int v3; // edi + UINT v4; // esi + int v5; // ebx + CHAR *v6; // ecx + + v3 = 0; + v4 = sub_4A37B0(); + if ( a3 ) + { + if ( a3 == 1 ) + v4 = 65001; + } + else + { + v4 = 932; + } + v5 = WideCharToMultiByte(v4, 0, lpWideCharStr, -1, 0, 0, 0, 0); + if ( v5 >= 1 ) + { + v6 = lpMultiByteStr; + if ( !lpMultiByteStr ) + { + v3 = unknown_libname_1(v5 + 1); + v6 = (CHAR *)v3; + } + WideCharToMultiByte(v4, 0, lpWideCharStr, -1, v6, v5, 0, 0); + } + return v3; +}*/ + const BYTE bytes[] = { + 0xBE, 0xE9, 0xFD, 0x00, 0x00, // cp=65001 + XX2, + 0xBE, 0xA4, 0x03, 0x00, 0x00 // cp=932 + }; + auto addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStopAddress); + if (addr == 0) + return false; + addr = MemDbg::findEnclosingAlignedFunction(addr); + if (addr == 0) + return false; + HookParam hp; + hp.address = addr; + // hp.offset=get_reg(regs::eax); + // hp.split = get_reg(regs::esp); + hp.text_fun = [](hook_stack *stack, HookParam *hp, TextBuffer *buffer, uintptr_t *split) + { + *split = stack->stack[6]; // 不一定对 + auto sp = *split; + if ((sp == 0) || (sp == 1) || ((sp & 0xFFF) == 0x790)) + { + // [240726][1282405][HOOKSOFT] シークレットラブ(仮) + // 这作case 1仅当快进时才有文本,其他的在XXXXX790上 + buffer->from_cs((wchar_t *)stack->stack[2]); + } + }; + hp.type = CODEC_UTF16 | USING_STRING | NO_CONTEXT | EMBED_ABLE | EMBED_AFTER_OVERWRITE; + hp.hook_font = F_TextOutW | F_GetTextExtentPoint32W; + hp.filter_fun = BGI7Filter; + hp.offset=get_stack(2); + ConsoleOutput("BGI4"); + + return NewHook(hp, "BGI4"); +} +namespace +{ + bool veryold() + { + // 紅月-くれないつき- + // あの街の恋の詩 + auto addr = findiatcallormov((DWORD)GetGlyphOutlineA, processStartAddress, processStartAddress, processStopAddress); + if (addr == 0) // 銀行淫~堕ちゆく女達~ //mov ebp, ds:GetGlyphOutlineA + addr = findiatcallormov((DWORD)GetGlyphOutlineA, processStartAddress, processStartAddress, processStopAddress, false, XX); + if (addr == 0) + return false; + addr = MemDbg::findEnclosingAlignedFunction(addr); + if (addr == 0) + return false; + auto xrefs = findxref_reverse_checkcallop(addr, addr - 0x1000, addr + 0x1000, 0xe8); + if (xrefs.size() != 1) + return false; + auto xrefaddr = xrefs[0]; + auto funcstart = MemDbg::findEnclosingAlignedFunction(xrefaddr); + if (funcstart == 0) + return false; + BYTE sig[] = {0x81, XX, 0x00, 0x01, 0x00, 0x00}; // cmp ebx, 100h + if (MemDbg::findBytes(sig, sizeof(sig), xrefaddr - 0x40, xrefaddr) == 0) + return false; + HookParam hp; + hp.address = funcstart; + hp.offset = get_stack(2); + hp.split = get_stack(1); + hp.type = CODEC_ANSI_BE | USING_SPLIT; + + return NewHook(hp, "BGI5"); + } +} +namespace +{ + //[220729][1171051][きゃべつそふと] ジュエリー・ハーツ・アカデミア -We will wing wonder world- + // int __fastcall sub_438E90(int a1, int *a2, int a3, _DWORD *a4, int a5) + bool hook7() + { + BYTE sig[] = { + 0x55, 0x8b, 0xec, + 0x83, 0xe4, 0xf0, + 0x83, 0xec, XX, + 0x56, + 0x57, + 0x8b, XX, 0x08, + 0x8b, 0xf2, + 0x8b, 0xd1, + 0x81, 0xcf, 0x00, 0x00, 0x00, 0x80, + 0x8b, 0xcf, + 0x89, 0x54, 0x24, 0x0c, + 0xe8, XX4, + 0x85, 0xc0, + 0x0f, 0x84, XX4, + 0x8b, 0x45, 0x08 + + }; + auto addr = MemDbg::findBytes(sig, sizeof(sig), processStartAddress, processStopAddress); + if (!addr) + return false; + HookParam hp; + hp.address = addr; + // hp.offset=get_stack(1); + // hp.split=get_stack(3); + hp.type = USING_CHAR | CODEC_UTF16 | NO_CONTEXT; //|USING_SPLIT; + hp.text_fun = [](hook_stack *stack, HookParam *hp, TextBuffer *buffer, uintptr_t *split) + { + switch (stack->stack[3]) + { + case 0xfefefe: + hp->user_value = stack->retaddr; + buffer->from_t((wchar_t)stack->stack[1]); + *split = 1; + break; + case 0xffffff: // 名字&历史+零散的文字,由于no_context他们被合并,但是和名字和文本是同一个调用地址 + + if (hp->user_value == stack->retaddr) + { + buffer->from_t((wchar_t)stack->stack[1]); + *split = 2; + } + break; + case 0xfcfcc0: // 历史 + default:; + } + }; + return NewHook(hp, "bgi7"); + } +} +bool BGI::attach_function() +{ + bool b1 = InsertBGIHook(); + bool b2 = InsertBGI4Hook(); + bool ok = b1 || b2 || veryold(); + ok |= hook7(); + ok = InsertBGI7Hook() || InsertBGI5Hook() || InsertBGI6Hook() || ok; + return ok; +} \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine32/BGI.h b/cpp/LunaHook/LunaHook/engine32/BGI.h new file mode 100644 index 00000000..326a9bb6 --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/BGI.h @@ -0,0 +1,11 @@ + + +class BGI:public ENGINE{ + public: + BGI(){ + + check_by=CHECK_BY::FILE_ANY; + check_by_target=check_by_list{L"bgi.*",L"sysgrp.arc"}; + }; + bool attach_function(); +}; diff --git a/cpp/LunaHook/LunaHook/engine32/BKEngine.cpp b/cpp/LunaHook/LunaHook/engine32/BKEngine.cpp new file mode 100644 index 00000000..b3360b1e --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/BKEngine.cpp @@ -0,0 +1,59 @@ +#include"BKEngine.h" +//https://bke.bakery.moe/download.html +namespace{ + bool _1(){ + BYTE sig[]={0x64,0xa3,0x00,0x00,0x00,0x00,0x8b,0xf1,0x8b,0x45,0x08,0x0f,0x57,0xc0,0xc7,0x06,0x02,0x00,0x00,0x00}; + auto addr=MemDbg::findBytes(sig, sizeof(sig), processStartAddress, processStopAddress); + if(addr==0)return 0; + addr=MemDbg::findEnclosingAlignedFunction(addr); + if(addr==0)return 0; + HookParam hp; + hp.address = addr; + hp.type = CODEC_UTF16|DATA_INDIRECT; + hp.index=0; + hp.offset=get_stack(1); + + return NewHook(hp, "BKEngine1"); + } + bool _2(){ + BYTE sig[]={0xb8,0xff,0x00,0x00,0x00,0x66,0x3b,0x06,0x1b,0xc0,0xf7,0xd8,0x40}; + auto addr=MemDbg::findBytes(sig, sizeof(sig), processStartAddress, processStopAddress); + if(addr==0)return 0; + addr=MemDbg::findEnclosingAlignedFunction(addr); + if(addr==0)return 0; + HookParam hp; + hp.address = addr; + hp.type = CODEC_UTF16|DATA_INDIRECT|NO_CONTEXT; + hp.index=0; + hp.offset=get_stack(1); + + return NewHook(hp, "BKEngine2"); + } + bool _3(){ + BYTE sig[]={0x6a,0xff,0x6a,0x00,0x56}; + std::unordered_mapmp; + DWORD maxaddr=0;int maxi=0; + for(auto addr:Util::SearchMemory(sig, sizeof(sig),PAGE_EXECUTE, processStartAddress, processStopAddress)){ + addr=MemDbg::findEnclosingAlignedFunction(addr); + if(addr==0)continue; + if(mp.find(addr)==mp.end())mp[addr]=0; + mp[addr]+=1; + if(mp[addr]>maxi){maxi=mp[addr];maxaddr=addr;} + } + if(maxaddr==0)return 0; + + HookParam hp; + hp.address = maxaddr; + hp.type = CODEC_UTF16|USING_STRING; + hp.offset=get_reg(regs::edx); + + return NewHook(hp, "BKEngine3"); + } +} +bool BKEngine::attach_function() { + + bool ok= _1(); + ok=_2()||ok; + ok=_3()||ok; + return ok; +} \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine32/BKEngine.h b/cpp/LunaHook/LunaHook/engine32/BKEngine.h new file mode 100644 index 00000000..068cd08e --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/BKEngine.h @@ -0,0 +1,11 @@ + + +class BKEngine:public ENGINE{ + public: + BKEngine(){ + is_engine_certain=false; + check_by=CHECK_BY::FILE; + check_by_target=L"*.bkarc"; + }; + bool attach_function(); +}; diff --git a/cpp/LunaHook/LunaHook/engine32/Bishop.cpp b/cpp/LunaHook/LunaHook/engine32/Bishop.cpp new file mode 100644 index 00000000..b2c2275f --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/Bishop.cpp @@ -0,0 +1,67 @@ +#include"Bishop.h" + +bool bishopmbcjmstojis() +{ + //特別授業 + const BYTE bytes[] = { + //unsigned int __cdecl _mbcjmstojis(unsigned int C) + 0x55,0x8b,0xec, + 0x8b,0x45,0x08, //mov eax, [ebp+C] + 0x81, 0x3D,XX4, 0xA4 ,0x03 ,0x00 ,0x00, //cmp dword_4A1F0C, 3A4h //if ( dword_4A1F0C == 932 ) + XX2, + 0xa9,0x00,0x00,0xff,0xff //if ( (C & 0xFFFF0000) != 0 ) + }; + + auto addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStopAddress); + + if (!addr) return false; + + HookParam hp; + hp.address = addr ; + hp.offset=get_stack(2); + hp.type = USING_SPLIT|USING_STRING; + + return NewHook(hp, "bishop"); +} +bool Bishop::attach_function() { + + return bishopmbcjmstojis(); +} + +bool Bishop2::attach_function(){ + + //三射面談~連鎖する恥辱・調教の学園~ + //特別授業3SLG + auto entry=Util::FindImportEntry(processStartAddress,(DWORD)GetGlyphOutlineW); + if(entry==0)return false; + bool ok=false; + for(auto addr:Util::SearchMemory(&entry, 4, PAGE_EXECUTE, processStartAddress, processStopAddress)){ + addr = MemDbg::findEnclosingAlignedFunction(addr); + if (!addr) continue; + auto xrefs=findxref_reverse_checkcallop(addr,max(processStartAddress,addr-0x100000),min(processStopAddress,addr+0x100000),0xe8); + for(auto addrx:xrefs){ + //ConsoleOutput("xref %p",addrx); + const BYTE aligned [] = {0xCC,0xCC}; + auto addrx1 = reverseFindBytes(aligned, sizeof(aligned), addrx-0x200, addrx); + //ConsoleOutput("Aligned %p",addrx1); + if (!addrx1) continue; + addrx1+=2; + BYTE __1[]={0xDC,0x0D,XX,XX,XX,0x00}; + auto _1 = MemDbg::findBytes(__1, 6, addrx-0x30, addrx); + //ConsoleOutput("sig %p",_1); + if(_1==0 )continue; + BYTE checkthiscall[]={0x8B,0xF9};//mov edi, ecx + auto _3 = MemDbg::findBytes(checkthiscall,2, addrx1, addrx); + HookParam hp; + hp.address = addrx1; + if(_3) + hp.offset=get_stack(3); + else + hp.offset=get_stack(4); + hp.type = CODEC_UTF16; + + ok=NewHook(hp, "Bishop2"); + } + } + return ok; +} \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine32/Bishop.h b/cpp/LunaHook/LunaHook/engine32/Bishop.h new file mode 100644 index 00000000..d6321d09 --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/Bishop.h @@ -0,0 +1,24 @@ + + +class Bishop:public ENGINE{ + public: + Bishop(){ + + check_by=CHECK_BY::FILE; + check_by_target=L"GRAPHICS\\PACK.PK"; + is_engine_certain=false; + }; + bool attach_function(); +}; + + +class Bishop2:public ENGINE{ + public: + Bishop2(){ + + check_by=CHECK_BY::FILE; + check_by_target=L"*.bsa"; + is_engine_certain=false; + }; + bool attach_function(); +}; \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine32/Bootup.cpp b/cpp/LunaHook/LunaHook/engine32/Bootup.cpp new file mode 100644 index 00000000..5abfae85 --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/Bootup.cpp @@ -0,0 +1,260 @@ +#include"Bootup.h" + +/** + * jichi 5/22/2015: Insert Bootup hook + * Sample games: + * - [090709] [PIL] 仏蘭西少女 + * - [110318] [Daisy2] 三国恋戦� * - [110329] [PIL/SLASH] 神学校 + * - [150527] [Daisy2] 絶対階級学� * + * Properties + * - There is Bootup.dat existing in the game folder. + * - lstrlenW can find text repeating once + * - GetCharABCWidthsW and TextOutW can find cached text that missing characters + * GetCharABCWidthsA and TextOutA for old games. + * - There is only one TextOut (W for new and A for old). + * + * Logic: + * + GDI hook + * - Hook to the caller of TextOut + * + Lstr hook + * - Find last (second) caller of the first GetCharABCWidths after int3 + * - Find the lstrlen function in this caller, and hook to it + * + * Full text is in arg1, shifted one by one. + * Character to paint is also in arg3 + * + * All Bootup games are slightly different + * - 三国恋戦�仏蘭西少女: text in both lstrlenA and caller of TextOutA + * But I didn't find correct lstrlenA to hook. BootupLstrA find nothing for 仏蘭西少女 and name for 三国恋戦� + * - 神学校: text in both lstrlenW and TextOutW, but lstrlenW has repetition + * Caller of TextOutW the same as that of TextOutA + * - 絶対階級学� text in both lstrlenW and TextOutW. But TextOutW's name has repetition + * Caller of TextOutW different 神学校 + * + * Here's the beginning of caller of TextOutW in 絶対階級学� + * 00B61ADD CC INT3 + * 00B61ADE CC INT3 + * 00B61ADF CC INT3 + * 00B61AE0 55 PUSH EBP + * 00B61AE1 8BEC MOV EBP,ESP + * 00B61AE3 81EC 98000000 SUB ESP,0x98 + * 00B61AE9 53 PUSH EBX + * 00B61AEA 56 PUSH ESI + * 00B61AEB 57 PUSH EDI + * 00B61AEC 8BF2 MOV ESI,EDX + * 00B61AEE 8BF9 MOV EDI,ECX + * 00B61AF0 8975 D8 MOV DWORD PTR SS:[EBP-0x28],ESI + * 00B61AF3 897D E0 MOV DWORD PTR SS:[EBP-0x20],EDI + * 00B61AF6 E8 A5FEFFFF CALL .00B619A0 + * 00B61AFB 8BD8 MOV EBX,EAX + * 00B61AFD 895D CC MOV DWORD PTR SS:[EBP-0x34],EBX + * 00B61B00 66:833B 00 CMP WORD PTR DS:[EBX],0x0 + * 00B61B04 0F85 0B020000 JNZ .00B61D15 + * 00B61B0A B8 00010000 MOV EAX,0x100 + * 00B61B0F 66:8933 MOV WORD PTR DS:[EBX],SI + * 00B61B12 66:3BF0 CMP SI,AX + * 00B61B15 72 26 JB SHORT .00B61B3D + * 00B61B17 8B47 3C MOV EAX,DWORD PTR DS:[EDI+0x3C] + * 00B61B1A 85C0 TEST EAX,EAX + * 00B61B1C 74 1F JE SHORT .00B61B3D + * 00B61B1E 8B57 44 MOV EDX,DWORD PTR DS:[EDI+0x44] + * 00B61B21 85D2 TEST EDX,EDX + * 00B61B23 7E 18 JLE SHORT .00B61B3D + * 00B61B25 33C9 XOR ECX,ECX + * 00B61B27 85D2 TEST EDX,EDX + * 00B61B29 7E 12 JLE SHORT .00B61B3D + * 00B61B2B 8B47 40 MOV EAX,DWORD PTR DS:[EDI+0x40] + * 00B61B2E 8BFF MOV EDI,EDI + * 00B61B30 66:3930 CMP WORD PTR DS:[EAX],SI + * 00B61B33 74 6F JE SHORT .00B61BA4 + * 00B61B35 41 INC ECX + * 00B61B36 83C0 02 ADD EAX,0x2 + * 00B61B39 3BCA CMP ECX,EDX + * 00B61B3B ^7C F3 JL SHORT .00B61B30 + * 00B61B3D 33C0 XOR EAX,EAX + * 00B61B3F 66:8945 9E MOV WORD PTR SS:[EBP-0x62],AX + * 00B61B43 8B47 04 MOV EAX,DWORD PTR DS:[EDI+0x4] + * 00B61B46 0FAF47 1C IMUL EAX,DWORD PTR DS:[EDI+0x1C] + * 00B61B4A 0FAF47 1C IMUL EAX,DWORD PTR DS:[EDI+0x1C] + * 00B61B4E 0FAF47 18 IMUL EAX,DWORD PTR DS:[EDI+0x18] + * 00B61B52 50 PUSH EAX + * 00B61B53 6A 00 PUSH 0x0 + * 00B61B55 FF77 14 PUSH DWORD PTR DS:[EDI+0x14] + * 00B61B58 66:8975 9C MOV WORD PTR SS:[EBP-0x64],SI + * 00B61B5C E8 2FC20200 CALL .00B8DD90 + * 00B61B61 83C4 0C ADD ESP,0xC + * 00B61B64 8D45 9C LEA EAX,DWORD PTR SS:[EBP-0x64] + * 00B61B67 6A 01 PUSH 0x1 + * 00B61B69 50 PUSH EAX + * 00B61B6A 6A 00 PUSH 0x0 + * 00B61B6C 6A 00 PUSH 0x0 + * 00B61B6E FF77 10 PUSH DWORD PTR DS:[EDI+0x10] + * 00B61B71 FF15 8820BB00 CALL DWORD PTR DS:[0xBB2088] ; gdi32.TextOutW + * 00B61B77 8B47 1C MOV EAX,DWORD PTR DS:[EDI+0x1C] + * 00B61B7A 8B57 14 MOV EDX,DWORD PTR DS:[EDI+0x14] + * 00B61B7D 8B7F 04 MOV EDI,DWORD PTR DS:[EDI+0x4] + * 00B61B80 8B73 0C MOV ESI,DWORD PTR DS:[EBX+0xC] + * 00B61B83 0FAFF8 IMUL EDI,EAX + * 00B61B86 48 DEC EAX + * 00B61B87 8975 C4 MOV DWORD PTR SS:[EBP-0x3C],ESI + * 00B61B8A 897D C8 MOV DWORD PTR SS:[EBP-0x38],EDI + * + * TextOutW's caller for 神学校 + * 0113183E CC INT3 + * 0113183F CC INT3 + * 01131840 55 PUSH EBP + * 01131841 8BEC MOV EBP,ESP + * 01131843 83EC 74 SUB ESP,0x74 + * 01131846 53 PUSH EBX + * 01131847 56 PUSH ESI + * 01131848 8B75 08 MOV ESI,DWORD PTR SS:[EBP+0x8] + * 0113184B 57 PUSH EDI + * 0113184C 8B7D 0C MOV EDI,DWORD PTR SS:[EBP+0xC] + * 0113184F 8BCF MOV ECX,EDI + * 01131851 8BD6 MOV EDX,ESI + * 01131853 E8 A8FEFFFF CALL .01131700 + * 01131858 8BD8 MOV EBX,EAX + * 0113185A 66:833B 00 CMP WORD PTR DS:[EBX],0x0 + * 0113185E 895D 90 MOV DWORD PTR SS:[EBP-0x70],EBX + * 01131861 0F85 700F0000 JNZ .011327D7 + * 01131867 B8 00010000 MOV EAX,0x100 + * 0113186C 66:893B MOV WORD PTR DS:[EBX],DI + * 0113186F 66:3BF8 CMP DI,AX + * 01131872 72 2E JB SHORT .011318A2 + * 01131874 8B56 3C MOV EDX,DWORD PTR DS:[ESI+0x3C] + * 01131877 85D2 TEST EDX,EDX + * 01131879 74 27 JE SHORT .011318A2 + * 0113187B 8B46 44 MOV EAX,DWORD PTR DS:[ESI+0x44] + * 0113187E 85C0 TEST EAX,EAX + * 01131880 7E 20 JLE SHORT .011318A2 + * 01131882 33FF XOR EDI,EDI + * 01131884 85C0 TEST EAX,EAX + * 01131886 7E 1A JLE SHORT .011318A2 + * 01131888 8B46 40 MOV EAX,DWORD PTR DS:[ESI+0x40] + * 0113188B EB 03 JMP SHORT .01131890 + * 0113188D 8D49 00 LEA ECX,DWORD PTR DS:[ECX] + * 01131890 66:8B4D 0C MOV CX,WORD PTR SS:[EBP+0xC] + * 01131894 66:3908 CMP WORD PTR DS:[EAX],CX + * 01131897 74 74 JE SHORT .0113190D + * 01131899 47 INC EDI + * 0113189A 83C0 02 ADD EAX,0x2 + * 0113189D 3B7E 44 CMP EDI,DWORD PTR DS:[ESI+0x44] + * 011318A0 ^7C EE JL SHORT .01131890 + * 011318A2 66:8B45 0C MOV AX,WORD PTR SS:[EBP+0xC] + * 011318A6 66:8945 8C MOV WORD PTR SS:[EBP-0x74],AX + * 011318AA 8B46 1C MOV EAX,DWORD PTR DS:[ESI+0x1C] + * 011318AD 0FAFC0 IMUL EAX,EAX + * 011318B0 0FAF46 18 IMUL EAX,DWORD PTR DS:[ESI+0x18] + * 011318B4 0FAF46 04 IMUL EAX,DWORD PTR DS:[ESI+0x4] + * 011318B8 8B56 14 MOV EDX,DWORD PTR DS:[ESI+0x14] + * 011318BB 33C9 XOR ECX,ECX + * 011318BD 50 PUSH EAX + * 011318BE 51 PUSH ECX + * 011318BF 52 PUSH EDX + * 011318C0 66:894D 8E MOV WORD PTR SS:[EBP-0x72],CX + * 011318C4 E8 87060200 CALL .01151F50 + * 011318C9 8B4E 10 MOV ECX,DWORD PTR DS:[ESI+0x10] + * 011318CC 83C4 0C ADD ESP,0xC + * 011318CF 6A 01 PUSH 0x1 + * 011318D1 8D45 8C LEA EAX,DWORD PTR SS:[EBP-0x74] + * 011318D4 50 PUSH EAX + * 011318D5 6A 00 PUSH 0x0 + * 011318D7 6A 00 PUSH 0x0 + * 011318D9 51 PUSH ECX + * 011318DA FF15 38101701 CALL DWORD PTR DS:[0x1171038] ; gdi32.TextOutW + * 011318E0 8B4E 1C MOV ECX,DWORD PTR DS:[ESI+0x1C] + * 011318E3 8B46 04 MOV EAX,DWORD PTR DS:[ESI+0x4] + * 011318E6 8B56 14 MOV EDX,DWORD PTR DS:[ESI+0x14] + * 011318E9 0FAFC1 IMUL EAX,ECX + * 011318EC 8B7B 0C MOV EDI,DWORD PTR DS:[EBX+0xC] + */ +namespace { // unnamed + +bool InsertBootupGDIHook() +{ + bool widechar = true; + ULONG addr = MemDbg::findCallerAddressAfterInt3((ULONG)TextOutW, processStartAddress, processStopAddress); + if (!addr) { + addr = MemDbg::findCallerAddressAfterInt3((ULONG)TextOutA, processStartAddress, processStopAddress); + widechar = false; + } + if (!addr) { + ConsoleOutput("BootupGDI: failed to find TextOut"); + return false; + } + + HookParam hp; + hp.address = addr; + hp.type = USING_SPLIT|NO_CONTEXT|USING_CHAR; // use NO_CONTEXT to get rid of floating reladdr + hp.type |= widechar ? CODEC_UTF16 : CODEC_ANSI_BE; // use context as split is sufficient, but will produce floating split + + + hp.offset=get_stack(2); // arg2, character in arg2, could be modified by hook + if (widechar) + hp.split = get_reg(regs::edx); + else + hp.split = get_stack(1); + hp.text_fun = + [](hook_stack* stack, HookParam* hp, TextBuffer *buffer, uintptr_t *split) + { + DWORD arg2 = stack->stack[2]; + if ((arg2 & 0xffff0000)) { // if arg2 high bits are there, this is new Bootup game + hp->type |= DATA_INDIRECT; + hp->offset = get_stack(3); + hp->split = get_reg(regs::ebx); + } + hp->text_fun=nullptr; + }; + + ConsoleOutput("INSERT BootupGDI"); + + + ConsoleOutput("BootupGDI: disable GDI hooks"); + + return NewHook(hp, widechar ? "BootupW" : "BootupA"); +} +bool InsertBootupLstrHook() // for character name +{ + bool widechar = true; + ULONG addr = MemDbg::findLastCallerAddressAfterInt3((ULONG)GetCharABCWidthsW, processStartAddress, processStopAddress); + if (!addr) { + // Do not hook to lstrlenA, which causes text extraction to stop + //addr = MemDbg::findLastCallerAddressAfterInt3((ULONG)GetCharABCWidthsA, processStartAddress, processStopAddress); + //widechar = false; + } + if (!addr) { + ConsoleOutput("BootupLstr: failed to find GetCharABCWidths"); + return false; + } + //GROWL_DWORD2(addr, processStartAddress); + //enum { range = 0x200 }; // 0x012A2CCB - 0x12A2CB0 = 0x1b + addr = MemDbg::findCallAddress(widechar ? (ULONG)::lstrlenW : (ULONG)::lstrlenA, + processStartAddress, processStopAddress, + addr - processStartAddress); //, range); // no range + if (!addr) { + ConsoleOutput("BootupLstr: failed to find lstrlen"); + return false; + } + + HookParam hp; + hp.address = addr; + hp.type = widechar ? (USING_STRING|CODEC_UTF16) : USING_STRING; // use context as split is sufficient, but will produce floating split + //hp.type = CODEC_UTF16|NO_CONTEXT|USING_SPLIT; // use text address as split + //hp.split = 0; + + ConsoleOutput("INSERT BootupLstr"); + + return NewHook(hp, widechar ? "BootupLstrW" : "BootupLstrA"); +} +} // unnamed namespace +bool InsertBootupHook() +{ + bool ret = InsertBootupGDIHook(); + InsertBootupLstrHook(); + return ret; +} + +bool Bootup::attach_function() { + + return InsertBootupHook(); +} \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine32/Bootup.h b/cpp/LunaHook/LunaHook/engine32/Bootup.h new file mode 100644 index 00000000..5cd16ddb --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/Bootup.h @@ -0,0 +1,13 @@ + + +class Bootup:public ENGINE{ + public: + Bootup(){ + + check_by=CHECK_BY::FILE; + check_by_target=L"Bootup.dat"; + is_engine_certain=false; + // lstrlenW can also find text with repetition though + }; + bool attach_function(); +}; diff --git a/cpp/LunaHook/LunaHook/engine32/Bruns.cpp b/cpp/LunaHook/LunaHook/engine32/Bruns.cpp new file mode 100644 index 00000000..45078072 --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/Bruns.cpp @@ -0,0 +1,80 @@ +#include"Bruns.h" + +bool InsertBrunsHook() +{ + bool success=false; + if (Util::CheckFile(L"libscr.dll")) { + HookParam hp; + hp.offset=get_stack(1); + hp.type = CODEC_UTF16; + //?push_back@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEXG@Z + if (Util::CheckFile(L"msvcp90.dll")) + hp.address = (DWORD)GetProcAddress(GetModuleHandleW(L"msvcp90.dll"), "?push_back@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEXG@Z"); + else if (Util::CheckFile(L"msvcp80.dll")) + hp.address = (DWORD)GetProcAddress(GetModuleHandleW(L"msvcp80.dll"), "?push_back@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEXG@Z"); + else if (Util::CheckFile(L"msvcp100.dll")) // jichi 8/17/2013: MSVCRT 10.0 and 11.0 + hp.address = (DWORD)GetProcAddress(GetModuleHandleW(L"msvcp100.dll"), "?push_back@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEXG@Z"); + else if (Util::CheckFile(L"msvcp110.dll")) + hp.address = (DWORD)GetProcAddress(GetModuleHandleW(L"msvcp110.dll"), "?push_back@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEXG@Z"); + if (hp.address) { + ConsoleOutput("INSERT Brus#1"); + success|=NewHook(hp, "Bruns"); + } + } + //else + // jichi 12/21/2013: Keep both bruns hooks + // The first one does not work for games like 「オーク・キングダマモン娘繁殖�豚人王~�anymore. + { + union { + DWORD i; + DWORD *id; + WORD *iw; + BYTE *ib; + }; + DWORD k = processStopAddress - 4; + for (i = processStartAddress + 0x1000; i < k; i++) { + if (*id != 0xff) //cmp reg,0xff + continue; + i += 4; + if (*iw != 0x8f0f) + continue;//jg + i += 2; + i += *id + 4; + for (DWORD j = i + 0x40; i < j; i++) { + if (*ib != 0xe8) + continue; + i++; + DWORD t = i + 4 + *id; + if (t > processStartAddress && t processStartAddress && t 66:8b78 08 /mov di,word ptr ds:[eax+0x8] + * 00449009 |. 66:3b7d 0c |cmp di,word ptr ss:[ebp+0xc] + * 0044900d |. 75 0a |jnz short cmvs32.00449019 + * 0044900f |. 66:8b7d 10 |mov di,word ptr ss:[ebp+0x10] + * 00449013 |. 66:3978 0a |cmp word ptr ds:[eax+0xa],di + * 00449017 |. 74 0a |je short cmvs32.00449023 + * 00449019 |> 8bd0 |mov edx,eax + * 0044901b |. 8b00 |mov eax,dword ptr ds:[eax] + * 0044901d |. 3bc6 |cmp eax,esi + * 0044901f |.^75 e4 \jnz short cmvs32.00449005 + * 00449021 |. eb 19 jmp short cmvs32.0044903c + * 00449023 |> 3bd6 cmp edx,esi + * 00449025 |. 74 0a je short cmvs32.00449031 + * 00449027 |. 8b38 mov edi,dword ptr ds:[eax] + * 00449029 |. 893a mov dword ptr ds:[edx],edi + * 0044902b |. 8b11 mov edx,dword ptr ds:[ecx] + * 0044902d |. 8910 mov dword ptr ds:[eax],edx + * 0044902f |. 8901 mov dword ptr ds:[ecx],eax + * 00449031 |> 8b40 04 mov eax,dword ptr ds:[eax+0x4] + * 00449034 |. 3bc6 cmp eax,esi + * 00449036 |. 0f85 64010000 jnz cmvs32.004491a0 + * 0044903c |> 8b55 08 mov edx,dword ptr ss:[ebp+0x8] + * 0044903f |. 53 push ebx + * 00449040 |. 0fb75d 0c movzx ebx,word ptr ss:[ebp+0xc] + * 00449044 |. b8 00000100 mov eax,0x10000 + * 00449049 |. 8945 e4 mov dword ptr ss:[ebp-0x1c],eax + * 0044904c |. 8945 f0 mov dword ptr ss:[ebp-0x10],eax + * 0044904f |. 8d45 e4 lea eax,dword ptr ss:[ebp-0x1c] + * 00449052 |. 50 push eax ; /pMat2 + * 00449053 |. 56 push esi ; |Buffer + * 00449054 |. 56 push esi ; |BufSize + * 00449055 |. 8d4d d0 lea ecx,dword ptr ss:[ebp-0x30] ; | + * 00449058 |. 51 push ecx ; |pMetrics + * 00449059 |. 6a 05 push 0x5 ; |Format = GGO_GRAY4_BITMAP + * 0044905b |. 53 push ebx ; |Char + * 0044905c |. 52 push edx ; |hDC + * 0044905d |. 8975 e8 mov dword ptr ss:[ebp-0x18],esi ; | + * 00449060 |. 8975 ec mov dword ptr ss:[ebp-0x14],esi ; | + * 00449063 |. ff15 5cf05300 call dword ptr ds:[<&gdi32.getglyphoutli>; \GetGlyphOutlineA + * 00449069 |. 8b75 10 mov esi,dword ptr ss:[ebp+0x10] + * 0044906c |. 0faff6 imul esi,esi + * 0044906f |. 8bf8 mov edi,eax + * 00449071 |. 8d04bd 0000000>lea eax,dword ptr ds:[edi*4] + * 00449078 |. 3bc6 cmp eax,esi + * 0044907a |. 76 02 jbe short cmvs32.0044907e + * 0044907c |. 8bf0 mov esi,eax + * 0044907e |> 56 push esi ; /Size + * 0044907f |. 6a 00 push 0x0 ; |Flags = LMEM_FIXED + * 00449081 |. ff15 34f25300 call dword ptr ds:[<&kernel32.localalloc>; \LocalAlloc + */ +bool InsertCMVS2Hook() +{ + // There are multiple functions satisfy the pattern below. + // Hook to any one of them is OK. + const BYTE bytes[] = { // function begin + 0x55, // 00448ff0 /$ 55 push ebp + 0x8b,0xec, // 00448ff1 |. 8bec mov ebp,esp + 0x83,0xec, 0x68, // 00448ff3 |. 83ec 68 sub esp,0x68 ; jichi: hook here + 0x8b,0x01, // 00448ff6 |. 8b01 mov eax,dword ptr ds:[ecx] + 0x56, // 00448ff8 |. 56 push esi + 0x33,0xf6, // 00448ff9 |. 33f6 xor esi,esi + 0x33,0xd2, // 00448ffb |. 33d2 xor edx,edx + 0x57, // 00448ffd |. 57 push edi + 0x89,0x4d, 0xfc, // 00448ffe |. 894d fc mov dword ptr ss:[ebp-0x4],ecx + 0x3b,0xc6, // 00449001 |. 3bc6 cmp eax,esi + 0x74, 0x37 // 00449003 |. 74 37 je short cmvs32.0044903c + }; + enum { addr_offset = 3 }; // offset from the beginning of the function + ULONG range = min(processStopAddress - processStartAddress, MAX_REL_ADDR); + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStartAddress + range); + // Artikash 11/9/2018: Not sure, but isn't findCallerAddress a better way to do this? + if (!addr) addr = MemDbg::findCallerAddressAfterInt3((DWORD)GetGlyphOutlineA, processStartAddress, processStopAddress); + if (!addr) { + ConsoleOutput("CMVS2: pattern not found"); + return false; + } + + //reladdr = 0x48ff0; + //reladdr = 0x48ff3; + HookParam hp; + hp.address = addr + addr_offset; + hp.offset=get_stack(3); + hp.type = CODEC_ANSI_BE; + + ConsoleOutput("INSERT CMVS2"); + + return NewHook(hp, "CMVS2"); +} + +} // unnamed namespace + +// jichi 3/7/2014: Insert the old hook first since GetGlyphOutlineA can NOT be found in new games +bool InsertCMVSHook() +{ + // Both CMVS1 and CMVS2 exists in new games. + // Insert the CMVS2 first. Since CMVS1 could break CMVS2 + // And the CMVS1 games do not have CMVS2 patterns. + //return InsertCMVS2Hook() || InsertCMVS1Hook(); + + //初恋サクラメント + //夏に奏でる僕らの詩 + //まじぷり\Wonder Cradle + //等等一堆游戏,都能搜索到2,但没文字。 + // bool b2=InsertCMVS2Hook(); + // //先插入1会崩溃。 + // bool b1=InsertCMVS1Hook(); + //return b1||b2; + return InsertCMVS1Hook(); +} + /** + * Sample game: クロノクロック (CMVS2) + * + * This function is found by back-tracking GetGlyphOutlineA + * Until I found a function with GetDC. + * + * 0045111B CC INT3 + * 0045111C CC INT3 + * 0045111D CC INT3 + * 0045111E CC INT3 + * 0045111F CC INT3 + * 00451120 55 PUSH EBP + * 00451121 8BEC MOV EBP,ESP + * 00451123 83EC 58 SUB ESP,0x58 + * 00451126 53 PUSH EBX + * 00451127 33C0 XOR EAX,EAX + * 00451129 56 PUSH ESI + * 0045112A 8BF1 MOV ESI,ECX + * 0045112C 57 PUSH EDI + * 0045112D 8B7D 08 MOV EDI,DWORD PTR SS:[EBP+0x8] + * 00451130 8945 FC MOV DWORD PTR SS:[EBP-0x4],EAX + * 00451133 8945 F4 MOV DWORD PTR SS:[EBP-0xC],EAX + * 00451136 8945 E8 MOV DWORD PTR SS:[EBP-0x18],EAX + * 00451139 8B86 58010000 MOV EAX,DWORD PTR DS:[ESI+0x158] + * 0045113F 50 PUSH EAX + * 00451140 FF15 C0735400 CALL DWORD PTR DS:[0x5473C0] ; user32.GetDC + * 00451146 68 80000000 PUSH 0x80 + * 0045114B 8D9E B8000000 LEA EBX,DWORD PTR DS:[ESI+0xB8] + * 00451151 6A 00 PUSH 0x0 + * 00451153 53 PUSH EBX + * 00451154 8945 E4 MOV DWORD PTR SS:[EBP-0x1C],EAX + * 00451157 E8 C4A00D00 CALL .0052B220 + * 0045115C 83C4 0C ADD ESP,0xC + * 0045115F 83BE A4000000 00 CMP DWORD PTR DS:[ESI+0xA4],0x0 + * 00451166 74 29 JE SHORT .00451191 + * 00451168 6A 00 PUSH 0x0 + * 0045116A 6A 00 PUSH 0x0 + * 0045116C 53 PUSH EBX + * 0045116D 8BCF MOV ECX,EDI + * 0045116F 51 PUSH ECX + * 00451170 8BCE MOV ECX,ESI + * 00451172 E8 29F8FFFF CALL .004509A0 + * 00451177 833B 00 CMP DWORD PTR DS:[EBX],0x0 + * 0045117A 77 09 JA SHORT .00451185 + * 0045117C 83BE AC000000 00 CMP DWORD PTR DS:[ESI+0xAC],0x0 + * 00451183 74 0C JE SHORT .00451191 + * 00451185 8B96 B0000000 MOV EDX,DWORD PTR DS:[ESI+0xB0] + * 0045118B 0196 9C000000 ADD DWORD PTR DS:[ESI+0x9C],EDX + * 00451191 8B4E 7C MOV ECX,DWORD PTR DS:[ESI+0x7C] + * 00451194 8B56 70 MOV EDX,DWORD PTR DS:[ESI+0x70] + * 00451197 B8 28000000 MOV EAX,0x28 + * 0045119C 66:8945 A8 MOV WORD PTR SS:[EBP-0x58],AX + * 004511A0 8B46 74 MOV EAX,DWORD PTR DS:[ESI+0x74] + * 004511A3 894D CC MOV DWORD PTR SS:[EBP-0x34],ECX + * 004511A6 8B4E 1C MOV ECX,DWORD PTR DS:[ESI+0x1C] + * 004511A9 8945 C4 MOV DWORD PTR SS:[EBP-0x3C],EAX + * 004511AC 8B86 80000000 MOV EAX,DWORD PTR DS:[ESI+0x80] + * 004511B2 894D BC MOV DWORD PTR SS:[EBP-0x44],ECX + * 004511B5 33C9 XOR ECX,ECX + * 004511B7 48 DEC EAX + * 004511B8 8955 C0 MOV DWORD PTR SS:[EBP-0x40],EDX + * 004511BB 894D B0 MOV DWORD PTR SS:[EBP-0x50],ECX + * 004511BE 74 18 JE SHORT .004511D8 + * 004511C0 48 DEC EAX + * 004511C1 74 0C JE SHORT .004511CF + * 004511C3 48 DEC EAX + * 004511C4 75 19 JNZ SHORT .004511DF + * 004511C6 C745 B0 03000000 MOV DWORD PTR SS:[EBP-0x50],0x3 + * 004511CD EB 10 JMP SHORT .004511DF + * 004511CF C745 B0 02000000 MOV DWORD PTR SS:[EBP-0x50],0x2 + * 004511D6 EB 07 JMP SHORT .004511DF + * 004511D8 C745 B0 01000000 MOV DWORD PTR SS:[EBP-0x50],0x1 + * 004511DF 8B45 0C MOV EAX,DWORD PTR SS:[EBP+0xC] + * 004511E2 3BC1 CMP EAX,ECX + * 004511E4 74 1B JE SHORT .00451201 + * 004511E6 8B50 0C MOV EDX,DWORD PTR DS:[EAX+0xC] + * 004511E9 8955 C8 MOV DWORD PTR SS:[EBP-0x38],EDX + * 004511EC 3948 10 CMP DWORD PTR DS:[EAX+0x10],ECX + * 004511EF 74 05 JE SHORT .004511F6 + * 004511F1 894D F0 MOV DWORD PTR SS:[EBP-0x10],ECX + * 004511F4 EB 26 JMP SHORT .0045121C + * 004511F6 8B96 8C000000 MOV EDX,DWORD PTR DS:[ESI+0x8C] + * 004511FC 0FAF10 IMUL EDX,DWORD PTR DS:[EAX] + * 004511FF EB 0E JMP SHORT .0045120F + * 00451201 8B46 78 MOV EAX,DWORD PTR DS:[ESI+0x78] + * 00451204 8B96 8C000000 MOV EDX,DWORD PTR DS:[ESI+0x8C] + * 0045120A 8945 C8 MOV DWORD PTR SS:[EBP-0x38],EAX + * 0045120D 03D2 ADD EDX,EDX + * 0045120F B8 CDCCCCCC MOV EAX,0xCCCCCCCD + * 00451214 F7E2 MUL EDX + * 00451216 C1EA 03 SHR EDX,0x3 + * 00451219 8955 F0 MOV DWORD PTR SS:[EBP-0x10],EDX + * 0045121C 8BC7 MOV EAX,EDI + * 0045121E 3808 CMP BYTE PTR DS:[EAX],CL + * 00451220 0F84 5A040000 JE .00451680 + * 00451226 EB 02 JMP SHORT .0045122A + * 00451228 33C9 XOR ECX,ECX + * 0045122A 0FB607 MOVZX EAX,BYTE PTR DS:[EDI] + * 0045122D 3C 5C CMP AL,0x5C + * 0045122F 0F84 AE030000 JE .004515E3 + * 00451235 3C 7B CMP AL,0x7B + * 00451237 0F84 65010000 JE .004513A2 + * 0045123D 50 PUSH EAX + * 0045123E E8 DD59FBFF CALL .00406C20 + * 00451243 Hook 85C0 TEST EAX,EAX + * 00451245 0F84 A6000000 JE .004512F1 + * 0045124B 66:0FBE47 01 MOVSX AX,BYTE PTR DS:[EDI+0x1] + * 00451250 66:0FBE17 MOVSX DX,BYTE PTR DS:[EDI] + * 00451254 B9 FF000000 MOV ECX,0xFF + * 00451259 66:23C1 AND AX,CX + * 0045125C 66:C1E2 08 SHL DX,0x8 + * 00451260 66:0BC2 OR AX,DX + * 00451263 B9 4A810000 MOV ECX,0x814A + * 00451268 83C7 02 ADD EDI,0x2 + * 0045126B 33DB XOR EBX,EBX + * 0045126D 66:8945 AA MOV WORD PTR SS:[EBP-0x56],AX + * 00451271 66:3BC1 CMP AX,CX + * 00451274 75 05 JNZ SHORT .0045127B + * 00451276 BB 01000000 MOV EBX,0x1 + * 0045127B 8B45 AA MOV EAX,DWORD PTR SS:[EBP-0x56] + * 0045127E 8D55 F4 LEA EDX,DWORD PTR SS:[EBP-0xC] + * 00451281 52 PUSH EDX + * 00451282 50 PUSH EAX + * 00451283 6A 00 PUSH 0x0 + * 00451285 8BCE MOV ECX,ESI + * 00451287 E8 44F9FFFF CALL .00450BD0 + * 0045128C 8B8E 98000000 MOV ECX,DWORD PTR DS:[ESI+0x98] + * 00451292 8B96 9C000000 MOV EDX,DWORD PTR DS:[ESI+0x9C] + * 00451298 894D B4 MOV DWORD PTR SS:[EBP-0x4C],ECX + * 0045129B 8955 B8 MOV DWORD PTR SS:[EBP-0x48],EDX + * 0045129E 85DB TEST EBX,EBX + * 004512A0 74 0E JE SHORT .004512B0 + * 004512A2 B8 CDCCCCCC MOV EAX,0xCCCCCCCD + * 004512A7 F766 1C MUL DWORD PTR DS:[ESI+0x1C] + * 004512AA C1EA 02 SHR EDX,0x2 + * 004512AD 2955 B4 SUB DWORD PTR SS:[EBP-0x4C],EDX + * 004512B0 8B55 E4 MOV EDX,DWORD PTR SS:[EBP-0x1C] + * 004512B3 8D45 DC LEA EAX,DWORD PTR SS:[EBP-0x24] + * 004512B6 50 PUSH EAX + * 004512B7 8D4D A8 LEA ECX,DWORD PTR SS:[EBP-0x58] + * 004512BA 51 PUSH ECX + * 004512BB 52 PUSH EDX + * 004512BC 8BCE MOV ECX,ESI + * 004512BE E8 EDEEFFFF CALL .004501B0 + * 004512C3 8945 F8 MOV DWORD PTR SS:[EBP-0x8],EAX + * 004512C6 85DB TEST EBX,EBX + * 004512C8 75 11 JNZ SHORT .004512DB + * 004512CA 8B46 20 MOV EAX,DWORD PTR DS:[ESI+0x20] + * 004512CD 0346 1C ADD EAX,DWORD PTR DS:[ESI+0x1C] + * 004512D0 0186 98000000 ADD DWORD PTR DS:[ESI+0x98],EAX + * 004512D6 E9 A4000000 JMP .0045137F + * 004512DB 8B4E 1C MOV ECX,DWORD PTR DS:[ESI+0x1C] + * 004512DE B8 CDCCCCCC MOV EAX,0xCCCCCCCD + * 004512E3 F7E1 MUL ECX + * 004512E5 C1EA 02 SHR EDX,0x2 + * 004512E8 D1E9 SHR ECX,1 + * 004512EA 2BCA SUB ECX,EDX + * 004512EC E9 85000000 JMP .00451376 + * 004512F1 66:0FBE0F MOVSX CX,BYTE PTR DS:[EDI] + * 004512F5 8B46 1C MOV EAX,DWORD PTR DS:[ESI+0x1C] + * 004512F8 8B56 14 MOV EDX,DWORD PTR DS:[ESI+0x14] + * 004512FB 2BD0 SUB EDX,EAX + * 004512FD 2B56 20 SUB EDX,DWORD PTR DS:[ESI+0x20] + * 00451300 66:894D AA MOV WORD PTR SS:[EBP-0x56],CX + * 00451304 8B4E 0C MOV ECX,DWORD PTR DS:[ESI+0xC] + * 00451307 03D1 ADD EDX,ECX + * 00451309 47 INC EDI + * 0045130A 3996 98000000 CMP DWORD PTR DS:[ESI+0x98],EDX + * 00451310 72 37 JB SHORT .00451349 + * 00451312 8B55 F4 MOV EDX,DWORD PTR SS:[EBP-0xC] + * 00451315 42 INC EDX + * 00451316 83BC96 B8000000 >CMP DWORD PTR DS:[ESI+EDX*4+0xB8],0x0 + * 0045131E 8955 F4 MOV DWORD PTR SS:[EBP-0xC],EDX + * 00451321 77 09 JA SHORT .0045132C + * 00451323 83BE AC000000 00 CMP DWORD PTR DS:[ESI+0xAC],0x0 + * 0045132A 74 0C JE SHORT .00451338 + * 0045132C 8B96 B0000000 MOV EDX,DWORD PTR DS:[ESI+0xB0] + * 00451332 0196 9C000000 ADD DWORD PTR DS:[ESI+0x9C],EDX + * 00451338 898E 98000000 MOV DWORD PTR DS:[ESI+0x98],ECX + * 0045133E 8B4E 24 MOV ECX,DWORD PTR DS:[ESI+0x24] + * 00451341 03C8 ADD ECX,EAX + * 00451343 018E 9C000000 ADD DWORD PTR DS:[ESI+0x9C],ECX + * 00451349 8B96 98000000 MOV EDX,DWORD PTR DS:[ESI+0x98] + * 0045134F 8B86 9C000000 MOV EAX,DWORD PTR DS:[ESI+0x9C] + * 00451355 8D4D DC LEA ECX,DWORD PTR SS:[EBP-0x24] + * 00451358 51 PUSH ECX + * 00451359 8955 B4 MOV DWORD PTR SS:[EBP-0x4C],EDX + * 0045135C 8D55 A8 LEA EDX,DWORD PTR SS:[EBP-0x58] + * 0045135F 8945 B8 MOV DWORD PTR SS:[EBP-0x48],EAX + * 00451362 8B45 E4 MOV EAX,DWORD PTR SS:[EBP-0x1C] + * 00451365 52 PUSH EDX + * 00451366 50 PUSH EAX + * 00451367 8BCE MOV ECX,ESI + * 00451369 E8 42EEFFFF CALL .004501B0 + * 0045136E 8B4E 1C MOV ECX,DWORD PTR DS:[ESI+0x1C] + * 00451371 8945 F8 MOV DWORD PTR SS:[EBP-0x8],EAX + * 00451374 D1E9 SHR ECX,1 + * 00451376 034E 20 ADD ECX,DWORD PTR DS:[ESI+0x20] + * 00451379 018E 98000000 ADD DWORD PTR DS:[ESI+0x98],ECX + * 0045137F 8B55 F0 MOV EDX,DWORD PTR SS:[EBP-0x10] + * 00451382 8B45 E8 MOV EAX,DWORD PTR SS:[EBP-0x18] + * 00451385 8B4D FC MOV ECX,DWORD PTR SS:[EBP-0x4] + * 00451388 52 PUSH EDX + * 00451389 8B55 0C MOV EDX,DWORD PTR SS:[EBP+0xC] + * 0045138C 50 PUSH EAX + * 0045138D 8B45 F8 MOV EAX,DWORD PTR SS:[EBP-0x8] + * 00451390 51 PUSH ECX + * 00451391 52 PUSH EDX + * 00451392 50 PUSH EAX + * 00451393 8BCE MOV ECX,ESI + * 00451395 E8 36F9FFFF CALL .00450CD0 + * 0045139A 8945 FC MOV DWORD PTR SS:[EBP-0x4],EAX + * 0045139D E9 D5020000 JMP .00451677 + * 004513A2 8D55 F4 LEA EDX,DWORD PTR SS:[EBP-0xC] + * 004513A5 52 PUSH EDX + * 004513A6 51 PUSH ECX + * 004513A7 51 PUSH ECX + * 004513A8 8BCE MOV ECX,ESI + * 004513AA E8 21F8FFFF CALL .00450BD0 + * 004513AF 8B86 98000000 MOV EAX,DWORD PTR DS:[ESI+0x98] + * 004513B5 8B4D FC MOV ECX,DWORD PTR SS:[EBP-0x4] + * 004513B8 8B55 BC MOV EDX,DWORD PTR SS:[EBP-0x44] + * 004513BB 8945 08 MOV DWORD PTR SS:[EBP+0x8],EAX + * 004513BE 8B86 9C000000 MOV EAX,DWORD PTR DS:[ESI+0x9C] + * 004513C4 2B86 B0000000 SUB EAX,DWORD PTR DS:[ESI+0xB0] + * 004513CA 894D D8 MOV DWORD PTR SS:[EBP-0x28],ECX + * 004513CD 8945 D4 MOV DWORD PTR SS:[EBP-0x2C],EAX + * 004513D0 BB 01000000 MOV EBX,0x1 + * 004513D5 Hook 47 INC EDI + * 004513D6 8955 D0 MOV DWORD PTR SS:[EBP-0x30],EDX + * 004513D9 8DA424 00000000 LEA ESP,DWORD PTR SS:[ESP] + * 004513E0 0FB607 MOVZX EAX,BYTE PTR DS:[EDI] + * 004513E3 50 PUSH EAX + * 004513E4 E8 3758FBFF CALL .00406C20 + * 004513E9 85C0 TEST EAX,EAX + * 004513EB 74 55 JE SHORT .00451442 + * 004513ED 66:0FBE4F 01 MOVSX CX,BYTE PTR DS:[EDI+0x1] + * 004513F2 66:0FBE07 MOVSX AX,BYTE PTR DS:[EDI] + * 004513F6 BA FF000000 MOV EDX,0xFF + * 004513FB 66:23CA AND CX,DX + * 004513FE 8B96 9C000000 MOV EDX,DWORD PTR DS:[ESI+0x9C] + * 00451404 66:C1E0 08 SHL AX,0x8 + * 00451408 66:0BC8 OR CX,AX + * 0045140B 66:894D AA MOV WORD PTR SS:[EBP-0x56],CX + * 0045140F 8B8E 98000000 MOV ECX,DWORD PTR DS:[ESI+0x98] + * 00451415 894D B4 MOV DWORD PTR SS:[EBP-0x4C],ECX + * 00451418 8D45 DC LEA EAX,DWORD PTR SS:[EBP-0x24] + * 0045141B 50 PUSH EAX + * 0045141C 8D4D A8 LEA ECX,DWORD PTR SS:[EBP-0x58] + * 0045141F 8955 B8 MOV DWORD PTR SS:[EBP-0x48],EDX + * 00451422 8B55 E4 MOV EDX,DWORD PTR SS:[EBP-0x1C] + * 00451425 51 PUSH ECX + * 00451426 52 PUSH EDX + * 00451427 8BCE MOV ECX,ESI + * 00451429 83C7 02 ADD EDI,0x2 + * 0045142C E8 7FEDFFFF CALL .004501B0 + * 00451431 8945 F8 MOV DWORD PTR SS:[EBP-0x8],EAX + * 00451434 8B46 20 MOV EAX,DWORD PTR DS:[ESI+0x20] + * 00451437 0346 1C ADD EAX,DWORD PTR DS:[ESI+0x1C] + * 0045143A 0186 98000000 ADD DWORD PTR DS:[ESI+0x98],EAX + * 00451440 EB 08 JMP SHORT .0045144A + * 00451442 803F 2F CMP BYTE PTR DS:[EDI],0x2F + * 00451445 75 02 JNZ SHORT .00451449 + * 00451447 33DB XOR EBX,EBX + * 00451449 47 INC EDI + * 0045144A 8B4D F0 MOV ECX,DWORD PTR SS:[EBP-0x10] + * 0045144D 8B55 E8 MOV EDX,DWORD PTR SS:[EBP-0x18] + * 00451450 8B45 FC MOV EAX,DWORD PTR SS:[EBP-0x4] + * 00451453 51 PUSH ECX + * 00451454 8B4D 0C MOV ECX,DWORD PTR SS:[EBP+0xC] + * 00451457 52 PUSH EDX + * 00451458 8B55 F8 MOV EDX,DWORD PTR SS:[EBP-0x8] + * 0045145B 50 PUSH EAX + * 0045145C 51 PUSH ECX + * 0045145D 52 PUSH EDX + * 0045145E 8BCE MOV ECX,ESI + * 00451460 E8 6BF8FFFF CALL .00450CD0 + * 00451465 8945 FC MOV DWORD PTR SS:[EBP-0x4],EAX + * 00451468 85DB TEST EBX,EBX + * 0045146A ^0F85 70FFFFFF JNZ .004513E0 + * 00451470 399E A4000000 CMP DWORD PTR DS:[ESI+0xA4],EBX + * 00451476 0F84 3F010000 JE .004515BB + * 0045147C 8BDF MOV EBX,EDI + * 0045147E C745 E0 00000000 MOV DWORD PTR SS:[EBP-0x20],0x0 + * 00451485 C745 EC 01000000 MOV DWORD PTR SS:[EBP-0x14],0x1 + * 0045148C 8D6424 00 LEA ESP,DWORD PTR SS:[ESP] + * 00451490 0FB603 MOVZX EAX,BYTE PTR DS:[EBX] + * 00451493 50 PUSH EAX + * 00451494 E8 8757FBFF CALL .00406C20 + * 00451499 85C0 TEST EAX,EAX + * 0045149B 74 08 JE SHORT .004514A5 + * 0045149D FF45 E0 INC DWORD PTR SS:[EBP-0x20] + * 004514A0 83C3 02 ADD EBX,0x2 + * 004514A3 EB 0D JMP SHORT .004514B2 + * 004514A5 803B 7D CMP BYTE PTR DS:[EBX],0x7D + * 004514A8 75 07 JNZ SHORT .004514B1 + * 004514AA C745 EC 00000000 MOV DWORD PTR SS:[EBP-0x14],0x0 + * 004514B1 43 INC EBX + * 004514B2 837D EC 00 CMP DWORD PTR SS:[EBP-0x14],0x0 + * 004514B6 ^75 D8 JNZ SHORT .00451490 + * 004514B8 8B9E B0000000 MOV EBX,DWORD PTR DS:[ESI+0xB0] + * 004514BE 8B4D E0 MOV ECX,DWORD PTR SS:[EBP-0x20] + * 004514C1 8B55 08 MOV EDX,DWORD PTR SS:[EBP+0x8] + * 004514C4 8BC3 MOV EAX,EBX + * 004514C6 0FAFC1 IMUL EAX,ECX + * 004514C9 03C9 ADD ECX,ECX + * 004514CB 894D E0 MOV DWORD PTR SS:[EBP-0x20],ECX + * 004514CE 8B8E 98000000 MOV ECX,DWORD PTR DS:[ESI+0x98] + * 004514D4 2BCA SUB ECX,EDX + * 004514D6 C1E0 0A SHL EAX,0xA + * 004514D9 C1E1 0A SHL ECX,0xA + * 004514DC C1E2 0A SHL EDX,0xA + * 004514DF 895D BC MOV DWORD PTR SS:[EBP-0x44],EBX + * 004514E2 C745 EC 01000000 MOV DWORD PTR SS:[EBP-0x14],0x1 + * 004514E9 8955 08 MOV DWORD PTR SS:[EBP+0x8],EDX + * 004514EC 3BC1 CMP EAX,ECX + * 004514EE 76 0F JBE SHORT .004514FF + * 004514F0 2BC1 SUB EAX,ECX + * 004514F2 D1E8 SHR EAX,1 + * 004514F4 2945 08 SUB DWORD PTR SS:[EBP+0x8],EAX + * 004514F7 C1E3 0A SHL EBX,0xA + * 004514FA 895D E0 MOV DWORD PTR SS:[EBP-0x20],EBX + * 004514FD EB 21 JMP SHORT .00451520 + * 004514FF 2BC8 SUB ECX,EAX + * 00451501 33D2 XOR EDX,EDX + * 00451503 8BC1 MOV EAX,ECX + * 00451505 F775 E0 DIV DWORD PTR SS:[EBP-0x20] + * 00451508 8B96 B4000000 MOV EDX,DWORD PTR DS:[ESI+0xB4] + * 0045150E C1E3 09 SHL EBX,0x9 + * 00451511 0145 08 ADD DWORD PTR SS:[EBP+0x8],EAX + * 00451514 03D8 ADD EBX,EAX + * 00451516 8D045A LEA EAX,DWORD PTR DS:[EDX+EBX*2] + * 00451519 8945 E0 MOV DWORD PTR SS:[EBP-0x20],EAX + * 0045151C 8D6424 00 LEA ESP,DWORD PTR SS:[ESP] + * 00451520 0FB60F MOVZX ECX,BYTE PTR DS:[EDI] + * 00451523 51 PUSH ECX + * 00451524 E8 F756FBFF CALL .00406C20 + * 00451529 85C0 TEST EAX,EAX + * 0045152B 74 4E JE SHORT .0045157B + * 0045152D 66:0FBE57 01 MOVSX DX,BYTE PTR DS:[EDI+0x1] + * 00451532 66:0FBE0F MOVSX CX,BYTE PTR DS:[EDI] + * 00451536 8B5D 08 MOV EBX,DWORD PTR SS:[EBP+0x8] + * 00451539 B8 FF000000 MOV EAX,0xFF + * 0045153E 66:23D0 AND DX,AX + * 00451541 8B45 D4 MOV EAX,DWORD PTR SS:[EBP-0x2C] + * 00451544 66:C1E1 08 SHL CX,0x8 + * 00451548 66:0BD1 OR DX,CX + * 0045154B 66:8955 AA MOV WORD PTR SS:[EBP-0x56],DX + * 0045154F 8BD3 MOV EDX,EBX + * 00451551 C1EA 0A SHR EDX,0xA + * 00451554 8D4D DC LEA ECX,DWORD PTR SS:[EBP-0x24] + * 00451557 51 PUSH ECX + * 00451558 8955 B4 MOV DWORD PTR SS:[EBP-0x4C],EDX + * 0045155B 8D55 A8 LEA EDX,DWORD PTR SS:[EBP-0x58] + * 0045155E 8945 B8 MOV DWORD PTR SS:[EBP-0x48],EAX + * 00451561 8B45 E4 MOV EAX,DWORD PTR SS:[EBP-0x1C] + * 00451564 52 PUSH EDX + * 00451565 50 PUSH EAX + * 00451566 8BCE MOV ECX,ESI + * 00451568 83C7 02 ADD EDI,0x2 + * 0045156B E8 40ECFFFF CALL .004501B0 + * 00451570 035D E0 ADD EBX,DWORD PTR SS:[EBP-0x20] + * 00451573 8945 F8 MOV DWORD PTR SS:[EBP-0x8],EAX + * 00451576 895D 08 MOV DWORD PTR SS:[EBP+0x8],EBX + * 00451579 EB 0D JMP SHORT .00451588 + * 0045157B 803F 7D CMP BYTE PTR DS:[EDI],0x7D + * 0045157E 75 07 JNZ SHORT .00451587 + * 00451580 C745 EC 00000000 MOV DWORD PTR SS:[EBP-0x14],0x0 + * 00451587 47 INC EDI + * 00451588 8B4D F0 MOV ECX,DWORD PTR SS:[EBP-0x10] + * 0045158B 8B55 E8 MOV EDX,DWORD PTR SS:[EBP-0x18] + * 0045158E 8B45 D8 MOV EAX,DWORD PTR SS:[EBP-0x28] + * 00451591 51 PUSH ECX + * 00451592 8B4D 0C MOV ECX,DWORD PTR SS:[EBP+0xC] + * 00451595 52 PUSH EDX + * 00451596 8B55 F8 MOV EDX,DWORD PTR SS:[EBP-0x8] + * 00451599 50 PUSH EAX + * 0045159A 51 PUSH ECX + * 0045159B 52 PUSH EDX + * 0045159C 8BCE MOV ECX,ESI + * 0045159E E8 2DF7FFFF CALL .00450CD0 + * 004515A3 837D EC 00 CMP DWORD PTR SS:[EBP-0x14],0x0 + * 004515A7 8945 D8 MOV DWORD PTR SS:[EBP-0x28],EAX + * 004515AA ^0F85 70FFFFFF JNZ .00451520 + * 004515B0 8B45 D0 MOV EAX,DWORD PTR SS:[EBP-0x30] + * 004515B3 8945 BC MOV DWORD PTR SS:[EBP-0x44],EAX + * 004515B6 E9 BC000000 JMP .00451677 + * 004515BB BB 01000000 MOV EBX,0x1 + * 004515C0 0FB60F MOVZX ECX,BYTE PTR DS:[EDI] + * 004515C3 51 PUSH ECX + * 004515C4 E8 5756FBFF CALL .00406C20 + * 004515C9 85C0 TEST EAX,EAX + * 004515CB 74 05 JE SHORT .004515D2 + * 004515CD 83C7 02 ADD EDI,0x2 + * 004515D0 EB 08 JMP SHORT .004515DA + * 004515D2 803F 7D CMP BYTE PTR DS:[EDI],0x7D + * 004515D5 75 02 JNZ SHORT .004515D9 + * 004515D7 33DB XOR EBX,EBX + * 004515D9 47 INC EDI + * 004515DA 85DB TEST EBX,EBX + * 004515DC ^75 E2 JNZ SHORT .004515C0 + * 004515DE E9 94000000 JMP .00451677 + * 004515E3 0FBE47 01 MOVSX EAX,BYTE PTR DS:[EDI+0x1] + * 004515E7 83C0 9D ADD EAX,-0x63 + * 004515EA 83F8 14 CMP EAX,0x14 + * 004515ED 0F87 84000000 JA .00451677 + * 004515F3 0FB690 B4164500 MOVZX EDX,BYTE PTR DS:[EAX+0x4516B4] + * 004515FA FF2495 A0164500 JMP DWORD PTR DS:[EDX*4+0x4516A0] + * 00451601 8B46 0C MOV EAX,DWORD PTR DS:[ESI+0xC] + * 00451604 8B4E 24 MOV ECX,DWORD PTR DS:[ESI+0x24] + * 00451607 034E 1C ADD ECX,DWORD PTR DS:[ESI+0x1C] + * 0045160A 8986 98000000 MOV DWORD PTR DS:[ESI+0x98],EAX + * 00451610 8B45 F4 MOV EAX,DWORD PTR SS:[EBP-0xC] + * 00451613 018E 9C000000 ADD DWORD PTR DS:[ESI+0x9C],ECX + * 00451619 8B8E 9C000000 MOV ECX,DWORD PTR DS:[ESI+0x9C] + * 0045161F 40 INC EAX + * 00451620 83BC86 B8000000 >CMP DWORD PTR DS:[ESI+EAX*4+0xB8],0x0 + * 00451628 8945 F4 MOV DWORD PTR SS:[EBP-0xC],EAX + * 0045162B 77 09 JA SHORT .00451636 + * 0045162D 83BE AC000000 00 CMP DWORD PTR DS:[ESI+0xAC],0x0 + * 00451634 74 3E JE SHORT .00451674 + * 00451636 8B96 B0000000 MOV EDX,DWORD PTR DS:[ESI+0xB0] + * 0045163C 03D1 ADD EDX,ECX + * 0045163E 8996 9C000000 MOV DWORD PTR DS:[ESI+0x9C],EDX + * 00451644 EB 2E JMP SHORT .00451674 + * 00451646 8BCE MOV ECX,ESI + * 00451648 E8 53F0FFFF CALL .004506A0 + * 0045164D EB 25 JMP SHORT .00451674 + * 0045164F 8A47 02 MOV AL,BYTE PTR DS:[EDI+0x2] + * 00451652 3C 63 CMP AL,0x63 + * 00451654 74 0C JE SHORT .00451662 + * 00451656 3C 73 CMP AL,0x73 + * 00451658 75 12 JNZ SHORT .0045166C + * 0045165A 894D E8 MOV DWORD PTR SS:[EBP-0x18],ECX + * 0045165D 83C7 03 ADD EDI,0x3 + * 00451660 EB 15 JMP SHORT .00451677 + * 00451662 C745 E8 01000000 MOV DWORD PTR SS:[EBP-0x18],0x1 + * 00451669 894D FC MOV DWORD PTR SS:[EBP-0x4],ECX + * 0045166C 83C7 03 ADD EDI,0x3 + * 0045166F EB 06 JMP SHORT .00451677 + * 00451671 894D FC MOV DWORD PTR SS:[EBP-0x4],ECX + * 00451674 83C7 02 ADD EDI,0x2 + * 00451677 803F 00 CMP BYTE PTR DS:[EDI],0x0 + * 0045167A ^0F85 A8FBFFFF JNZ .00451228 + * 00451680 8B45 E4 MOV EAX,DWORD PTR SS:[EBP-0x1C] + * 00451683 8B8E 58010000 MOV ECX,DWORD PTR DS:[ESI+0x158] + * 00451689 50 PUSH EAX + * 0045168A 51 PUSH ECX + * 0045168B FF15 C4735400 CALL DWORD PTR DS:[0x5473C4] ; user32.ReleaseDC + * 00451691 5F POP EDI + * 00451692 5E POP ESI + * 00451693 B8 01000000 MOV EAX,0x1 + * 00451698 5B POP EBX + * 00451699 8BE5 MOV ESP,EBP + * 0045169B 5D POP EBP + * 0045169C C2 0800 RETN 0x8 + * 0045169F 90 NOP + * 004516A0 46 INC ESI + * 004516A1 16 PUSH SS + * 004516A2 45 INC EBP + * 004516A3 0001 ADD BYTE PTR DS:[ECX],AL + * 004516A5 16 PUSH SS + * 004516A6 45 INC EBP + * 004516A7 0071 16 ADD BYTE PTR DS:[ECX+0x16],DH + * 004516AA 45 INC EBP + * 004516AB 004F 16 ADD BYTE PTR DS:[EDI+0x16],CL + * 004516AE 45 INC EBP + * 004516AF 0077 16 ADD BYTE PTR DS:[EDI+0x16],DH + * 004516B2 45 INC EBP + * 004516B3 0000 ADD BYTE PTR DS:[EAX],AL + * 004516B5 04 04 ADD AL,0x4 + * 004516B7 04 04 ADD AL,0x4 + * 004516B9 04 04 ADD AL,0x4 + * 004516BB 04 04 ADD AL,0x4 + * 004516BD 04 04 ADD AL,0x4 + * 004516BF 010404 ADD DWORD PTR SS:[ESP+EAX],EAX + * 004516C2 04 04 ADD AL,0x4 + * 004516C4 04 02 ADD AL,0x2 + * 004516C6 04 04 ADD AL,0x4 + * 004516C8 03CC ADD ECX,ESP + * 004516CA CC INT3 + * 004516CB CC INT3 + * 004516CC CC INT3 + * 004516CD CC INT3 + * 004516CE CC INT3 + * + * EAX 080E2FFA + * ECX 015A74A0 + * EDX 0012FDB4 + * EBX 015A78D8 + * ESP 0012FD98 + * EBP 0012FDCC + * ESI 014F05E8 + * EDI 01504BD0 + * EIP 00451120 .00451120 + * + * 0012FD98 00452439 RETURN to .00452439 from .00451120 + * 0012FD9C 080E2FFA ; jichi: text here + * 0012FDA0 0012FDB4 + * 0012FDA4 00002004 + * 0012FDA8 014F05E8 + * 0012FDAC 00000000 + * 0012FDB0 00000000 + * 0012FDB4 00000002 + * 0012FDB8 00000001 + * 0012FDBC 00000001 + * 0012FDC0 00000001 + * 0012FDC4 00000000 + * + * Sample game: 未来ノスタルジア (CMVS1) + * 004425DC CC INT3 + * 004425DD CC INT3 + * 004425DE CC INT3 + * 004425DF CC INT3 + * 004425E0 83EC 58 SUB ESP,0x58 + * 004425E3 53 PUSH EBX + * 004425E4 55 PUSH EBP + * 004425E5 56 PUSH ESI + * 004425E6 8BF1 MOV ESI,ECX + * 004425E8 8B86 58010000 MOV EAX,DWORD PTR DS:[ESI+0x158] + * 004425EE 57 PUSH EDI + * 004425EF 8B7C24 6C MOV EDI,DWORD PTR SS:[ESP+0x6C] + * 004425F3 33ED XOR EBP,EBP + * 004425F5 50 PUSH EAX + * 004425F6 896C24 70 MOV DWORD PTR SS:[ESP+0x70],EBP + * 004425FA 896C24 18 MOV DWORD PTR SS:[ESP+0x18],EBP + * 004425FE Hook 896C24 24 MOV DWORD PTR SS:[ESP+0x24],EBP + * 00442602 FF15 D8335200 CALL DWORD PTR DS:[0x5233D8] ; user32.GetDC + * 00442608 68 80000000 PUSH 0x80 + * 0044260D 8D9E B8000000 LEA EBX,DWORD PTR DS:[ESI+0xB8] + * 00442613 55 PUSH EBP + * 00442614 53 PUSH EBX + * 00442615 894424 30 MOV DWORD PTR SS:[ESP+0x30],EAX + * 00442619 E8 82340C00 CALL .00505AA0 + * 0044261E 83C4 0C ADD ESP,0xC + * 00442621 39AE A4000000 CMP DWORD PTR DS:[ESI+0xA4],EBP + * 00442627 74 23 JE SHORT .0044264C + * 00442629 55 PUSH EBP + * 0044262A 55 PUSH EBP + * 0044262B 53 PUSH EBX + * 0044262C 57 PUSH EDI + * 0044262D 8BCE MOV ECX,ESI + * 0044262F E8 FCF7FFFF CALL .00441E30 + * 00442634 392B CMP DWORD PTR DS:[EBX],EBP + * 00442636 77 08 JA SHORT .00442640 + * 00442638 39AE AC000000 CMP DWORD PTR DS:[ESI+0xAC],EBP + * 0044263E 74 0C JE SHORT .0044264C + * 00442640 8B8E B0000000 MOV ECX,DWORD PTR DS:[ESI+0xB0] + * 00442646 018E 9C000000 ADD DWORD PTR DS:[ESI+0x9C],ECX + * 0044264C 8B46 7C MOV EAX,DWORD PTR DS:[ESI+0x7C] + * 0044264F 8B4E 70 MOV ECX,DWORD PTR DS:[ESI+0x70] + * 00442652 894424 64 MOV DWORD PTR SS:[ESP+0x64],EAX + * 00442656 8B46 1C MOV EAX,DWORD PTR DS:[ESI+0x1C] + * 00442659 BA 28000000 MOV EDX,0x28 + * 0044265E 894424 54 MOV DWORD PTR SS:[ESP+0x54],EAX + * 00442662 8B86 80000000 MOV EAX,DWORD PTR DS:[ESI+0x80] + * 00442668 83E8 01 SUB EAX,0x1 + * 0044266B 66:895424 40 MOV WORD PTR SS:[ESP+0x40],DX + * 00442670 8B56 74 MOV EDX,DWORD PTR DS:[ESI+0x74] + * 00442673 894C24 58 MOV DWORD PTR SS:[ESP+0x58],ECX + * 00442677 895424 5C MOV DWORD PTR SS:[ESP+0x5C],EDX + * 0044267B 896C24 48 MOV DWORD PTR SS:[ESP+0x48],EBP + * 0044267F 74 1E JE SHORT .0044269F + * 00442681 83E8 01 SUB EAX,0x1 + * 00442684 74 0F JE SHORT .00442695 + * 00442686 83E8 01 SUB EAX,0x1 + * 00442689 75 1C JNZ SHORT .004426A7 + * 0044268B C74424 48 030000>MOV DWORD PTR SS:[ESP+0x48],0x3 + * 00442693 EB 12 JMP SHORT .004426A7 + * 00442695 C74424 48 020000>MOV DWORD PTR SS:[ESP+0x48],0x2 + * 0044269D EB 08 JMP SHORT .004426A7 + * 0044269F C74424 48 010000>MOV DWORD PTR SS:[ESP+0x48],0x1 + * 004426A7 8B6C24 70 MOV EBP,DWORD PTR SS:[ESP+0x70] + * 004426AB 33DB XOR EBX,EBX + * 004426AD 3BEB CMP EBP,EBX + * 004426AF 74 25 JE SHORT .004426D6 + * 004426B1 8B4D 0C MOV ECX,DWORD PTR SS:[EBP+0xC] + * 004426B4 894C24 60 MOV DWORD PTR SS:[ESP+0x60],ECX + * 004426B8 395D 10 CMP DWORD PTR SS:[EBP+0x10],EBX + * 004426BB 74 06 JE SHORT .004426C3 + * 004426BD 895C24 18 MOV DWORD PTR SS:[ESP+0x18],EBX + * 004426C1 EB 30 JMP SHORT .004426F3 + * 004426C3 8B96 8C000000 MOV EDX,DWORD PTR DS:[ESI+0x8C] + * 004426C9 0FAF55 00 IMUL EDX,DWORD PTR SS:[EBP] + * 004426CD B8 CDCCCCCC MOV EAX,0xCCCCCCCD + * 004426D2 F7E2 MUL EDX + * 004426D4 EB 16 JMP SHORT .004426EC + * 004426D6 8B46 78 MOV EAX,DWORD PTR DS:[ESI+0x78] + * 004426D9 8B8E 8C000000 MOV ECX,DWORD PTR DS:[ESI+0x8C] + * 004426DF 894424 60 MOV DWORD PTR SS:[ESP+0x60],EAX + * 004426E3 03C9 ADD ECX,ECX + * 004426E5 B8 CDCCCCCC MOV EAX,0xCCCCCCCD + * 004426EA F7E1 MUL ECX + * 004426EC C1EA 03 SHR EDX,0x3 + * 004426EF 895424 18 MOV DWORD PTR SS:[ESP+0x18],EDX + * 004426F3 381F CMP BYTE PTR DS:[EDI],BL + * 004426F5 0F84 79040000 JE .00442B74 + * 004426FB EB 05 JMP SHORT .00442702 + * 004426FD 8D49 00 LEA ECX,DWORD PTR DS:[ECX] + * 00442700 33DB XOR EBX,EBX + * 00442702 0FB607 MOVZX EAX,BYTE PTR DS:[EDI] + * 00442705 3C 5C CMP AL,0x5C + * 00442707 0F84 C6030000 JE .00442AD3 + * 0044270D 3C 7B CMP AL,0x7B + * 0044270F 0F84 70010000 JE .00442885 + * 00442715 50 PUSH EAX + * 00442716 E8 A50EFCFF CALL .004035C0 + * 0044271B 85C0 TEST EAX,EAX + * 0044271D 0F84 A8000000 JE .004427CB + * 00442723 66:0FBE47 01 MOVSX AX,BYTE PTR DS:[EDI+0x1] + * 00442728 66:0FBE0F MOVSX CX,BYTE PTR DS:[EDI] + * 0044272C BA FF000000 MOV EDX,0xFF + * 00442731 66:23C2 AND AX,DX + * 00442734 66:C1E1 08 SHL CX,0x8 + * 00442738 66:0BC1 OR AX,CX + * 0044273B BA 4A810000 MOV EDX,0x814A + * 00442740 83C7 02 ADD EDI,0x2 + * 00442743 66:894424 42 MOV WORD PTR SS:[ESP+0x42],AX + * 00442748 66:3BC2 CMP AX,DX + * 0044274B 75 05 JNZ SHORT .00442752 + * 0044274D BB 01000000 MOV EBX,0x1 + * 00442752 8B4C24 42 MOV ECX,DWORD PTR SS:[ESP+0x42] + * 00442756 8D4424 14 LEA EAX,DWORD PTR SS:[ESP+0x14] + * 0044275A 50 PUSH EAX + * 0044275B 51 PUSH ECX + * 0044275C 6A 00 PUSH 0x0 + * 0044275E 8BCE MOV ECX,ESI + * 00442760 E8 1BF9FFFF CALL .00442080 + * 00442765 8B96 98000000 MOV EDX,DWORD PTR DS:[ESI+0x98] + * 0044276B 8B86 9C000000 MOV EAX,DWORD PTR DS:[ESI+0x9C] + * 00442771 895424 4C MOV DWORD PTR SS:[ESP+0x4C],EDX + * 00442775 894424 50 MOV DWORD PTR SS:[ESP+0x50],EAX + * 00442779 85DB TEST EBX,EBX + * 0044277B 74 0F JE SHORT .0044278C + * 0044277D B8 CDCCCCCC MOV EAX,0xCCCCCCCD + * 00442782 F766 1C MUL DWORD PTR DS:[ESI+0x1C] + * 00442785 C1EA 02 SHR EDX,0x2 + * 00442788 295424 4C SUB DWORD PTR SS:[ESP+0x4C],EDX + * 0044278C 8B4424 24 MOV EAX,DWORD PTR SS:[ESP+0x24] + * 00442790 8D4C24 28 LEA ECX,DWORD PTR SS:[ESP+0x28] + * 00442794 51 PUSH ECX + * 00442795 8D5424 44 LEA EDX,DWORD PTR SS:[ESP+0x44] + * 00442799 52 PUSH EDX + * 0044279A 50 PUSH EAX + * 0044279B 8BCE MOV ECX,ESI + * 0044279D E8 0EEFFFFF CALL .004416B0 + * 004427A2 894424 10 MOV DWORD PTR SS:[ESP+0x10],EAX + * 004427A6 85DB TEST EBX,EBX + * 004427A8 75 0B JNZ SHORT .004427B5 + * 004427AA 8B4E 20 MOV ECX,DWORD PTR DS:[ESI+0x20] + * 004427AD 034E 1C ADD ECX,DWORD PTR DS:[ESI+0x1C] + * 004427B0 E9 A5000000 JMP .0044285A + * 004427B5 8B4E 1C MOV ECX,DWORD PTR DS:[ESI+0x1C] + * 004427B8 B8 CDCCCCCC MOV EAX,0xCCCCCCCD + * 004427BD F7E1 MUL ECX + * 004427BF C1EA 02 SHR EDX,0x2 + * 004427C2 D1E9 SHR ECX,1 + * 004427C4 2BCA SUB ECX,EDX + * 004427C6 E9 8C000000 JMP .00442857 + * 004427CB Hook 66:0FBE17 MOVSX DX,BYTE PTR DS:[EDI] + * 004427CF 8B46 1C MOV EAX,DWORD PTR DS:[ESI+0x1C] + * 004427D2 8B4E 0C MOV ECX,DWORD PTR DS:[ESI+0xC] + * 004427D5 66:895424 42 MOV WORD PTR SS:[ESP+0x42],DX + * 004427DA 8B56 14 MOV EDX,DWORD PTR DS:[ESI+0x14] + * 004427DD 2BD0 SUB EDX,EAX + * 004427DF 2B56 20 SUB EDX,DWORD PTR DS:[ESI+0x20] + * 004427E2 47 INC EDI + * 004427E3 03D1 ADD EDX,ECX + * 004427E5 3996 98000000 CMP DWORD PTR DS:[ESI+0x98],EDX + * 004427EB 72 37 JB SHORT .00442824 + * 004427ED 8B5424 14 MOV EDX,DWORD PTR SS:[ESP+0x14] + * 004427F1 42 INC EDX + * 004427F2 895424 14 MOV DWORD PTR SS:[ESP+0x14],EDX + * 004427F6 399C96 B8000000 CMP DWORD PTR DS:[ESI+EDX*4+0xB8],EBX + * 004427FD 77 08 JA SHORT .00442807 + * 004427FF 399E AC000000 CMP DWORD PTR DS:[ESI+0xAC],EBX + * 00442805 74 0C JE SHORT .00442813 + * 00442807 8B96 B0000000 MOV EDX,DWORD PTR DS:[ESI+0xB0] + * 0044280D 0196 9C000000 ADD DWORD PTR DS:[ESI+0x9C],EDX + * 00442813 898E 98000000 MOV DWORD PTR DS:[ESI+0x98],ECX + * 00442819 8B4E 24 MOV ECX,DWORD PTR DS:[ESI+0x24] + * 0044281C 03C8 ADD ECX,EAX + * 0044281E 018E 9C000000 ADD DWORD PTR DS:[ESI+0x9C],ECX + * 00442824 8B96 98000000 MOV EDX,DWORD PTR DS:[ESI+0x98] + * 0044282A 8B86 9C000000 MOV EAX,DWORD PTR DS:[ESI+0x9C] + * 00442830 8D4C24 28 LEA ECX,DWORD PTR SS:[ESP+0x28] + * 00442834 51 PUSH ECX + * 00442835 895424 50 MOV DWORD PTR SS:[ESP+0x50],EDX + * 00442839 8D5424 44 LEA EDX,DWORD PTR SS:[ESP+0x44] + * 0044283D 894424 54 MOV DWORD PTR SS:[ESP+0x54],EAX + * 00442841 8B4424 28 MOV EAX,DWORD PTR SS:[ESP+0x28] + * 00442845 52 PUSH EDX + * 00442846 50 PUSH EAX + * 00442847 8BCE MOV ECX,ESI + * 00442849 E8 62EEFFFF CALL .004416B0 + * 0044284E 8B4E 1C MOV ECX,DWORD PTR DS:[ESI+0x1C] + * 00442851 894424 10 MOV DWORD PTR SS:[ESP+0x10],EAX + * 00442855 D1E9 SHR ECX,1 + * 00442857 034E 20 ADD ECX,DWORD PTR DS:[ESI+0x20] + * 0044285A 8B5424 18 MOV EDX,DWORD PTR SS:[ESP+0x18] + * 0044285E 018E 98000000 ADD DWORD PTR DS:[ESI+0x98],ECX + * 00442864 8B4424 20 MOV EAX,DWORD PTR SS:[ESP+0x20] + * 00442868 8B4C24 6C MOV ECX,DWORD PTR SS:[ESP+0x6C] + * 0044286C 52 PUSH EDX + * 0044286D 8B5424 14 MOV EDX,DWORD PTR SS:[ESP+0x14] + * 00442871 50 PUSH EAX + * 00442872 51 PUSH ECX + * 00442873 55 PUSH EBP + * 00442874 52 PUSH EDX + * 00442875 8BCE MOV ECX,ESI + * 00442877 E8 F4F8FFFF CALL .00442170 + * 0044287C 894424 6C MOV DWORD PTR SS:[ESP+0x6C],EAX + * 00442880 E9 E6020000 JMP .00442B6B + * 00442885 8D4424 14 LEA EAX,DWORD PTR SS:[ESP+0x14] + * 00442889 50 PUSH EAX + * 0044288A 53 PUSH EBX + * 0044288B 53 PUSH EBX + * 0044288C 8BCE MOV ECX,ESI + * 0044288E E8 EDF7FFFF CALL .00442080 + * 00442893 8B86 9C000000 MOV EAX,DWORD PTR DS:[ESI+0x9C] + * 00442899 2B86 B0000000 SUB EAX,DWORD PTR DS:[ESI+0xB0] + * 0044289F 8B8E 98000000 MOV ECX,DWORD PTR DS:[ESI+0x98] + * 004428A5 8B5424 6C MOV EDX,DWORD PTR SS:[ESP+0x6C] + * 004428A9 894424 38 MOV DWORD PTR SS:[ESP+0x38],EAX + * 004428AD 8B4424 54 MOV EAX,DWORD PTR SS:[ESP+0x54] + * 004428B1 894C24 30 MOV DWORD PTR SS:[ESP+0x30],ECX + * 004428B5 895424 2C MOV DWORD PTR SS:[ESP+0x2C],EDX + * 004428B9 BB 01000000 MOV EBX,0x1 + * 004428BE 47 INC EDI + * 004428BF 894424 3C MOV DWORD PTR SS:[ESP+0x3C],EAX + * 004428C3 0FB60F MOVZX ECX,BYTE PTR DS:[EDI] + * 004428C6 51 PUSH ECX + * 004428C7 E8 F40CFCFF CALL .004035C0 + * 004428CC 85C0 TEST EAX,EAX + * 004428CE 74 5C JE SHORT .0044292C + * 004428D0 66:0FBE57 01 MOVSX DX,BYTE PTR DS:[EDI+0x1] + * 004428D5 66:0FBE0F MOVSX CX,BYTE PTR DS:[EDI] + * 004428D9 B8 FF000000 MOV EAX,0xFF + * 004428DE 66:23D0 AND DX,AX + * 004428E1 8B86 9C000000 MOV EAX,DWORD PTR DS:[ESI+0x9C] + * 004428E7 66:C1E1 08 SHL CX,0x8 + * 004428EB 66:0BD1 OR DX,CX + * 004428EE 66:895424 42 MOV WORD PTR SS:[ESP+0x42],DX + * 004428F3 8B96 98000000 MOV EDX,DWORD PTR DS:[ESI+0x98] + * 004428F9 8D4C24 28 LEA ECX,DWORD PTR SS:[ESP+0x28] + * 004428FD 51 PUSH ECX + * 004428FE 895424 50 MOV DWORD PTR SS:[ESP+0x50],EDX + * 00442902 8D5424 44 LEA EDX,DWORD PTR SS:[ESP+0x44] + * 00442906 894424 54 MOV DWORD PTR SS:[ESP+0x54],EAX + * 0044290A 8B4424 28 MOV EAX,DWORD PTR SS:[ESP+0x28] + * 0044290E 52 PUSH EDX + * 0044290F 50 PUSH EAX + * 00442910 8BCE MOV ECX,ESI + * 00442912 83C7 02 ADD EDI,0x2 + * 00442915 E8 96EDFFFF CALL .004416B0 + * 0044291A 8B4E 20 MOV ECX,DWORD PTR DS:[ESI+0x20] + * 0044291D 034E 1C ADD ECX,DWORD PTR DS:[ESI+0x1C] + * 00442920 894424 10 MOV DWORD PTR SS:[ESP+0x10],EAX + * 00442924 018E 98000000 ADD DWORD PTR DS:[ESI+0x98],ECX + * 0044292A EB 08 JMP SHORT .00442934 + * 0044292C 803F 2F CMP BYTE PTR DS:[EDI],0x2F + * 0044292F 75 02 JNZ SHORT .00442933 + * 00442931 33DB XOR EBX,EBX + * 00442933 47 INC EDI + * 00442934 8B5424 18 MOV EDX,DWORD PTR SS:[ESP+0x18] + * 00442938 8B4424 20 MOV EAX,DWORD PTR SS:[ESP+0x20] + * 0044293C 8B4C24 6C MOV ECX,DWORD PTR SS:[ESP+0x6C] + * 00442940 52 PUSH EDX + * 00442941 8B5424 14 MOV EDX,DWORD PTR SS:[ESP+0x14] + * 00442945 50 PUSH EAX + * 00442946 51 PUSH ECX + * 00442947 55 PUSH EBP + * 00442948 52 PUSH EDX + * 00442949 8BCE MOV ECX,ESI + * 0044294B E8 20F8FFFF CALL .00442170 + * 00442950 894424 6C MOV DWORD PTR SS:[ESP+0x6C],EAX + * 00442954 85DB TEST EBX,EBX + * 00442956 ^0F85 67FFFFFF JNZ .004428C3 + * 0044295C 399E A4000000 CMP DWORD PTR DS:[ESI+0xA4],EBX + * 00442962 0F84 42010000 JE .00442AAA + * 00442968 8BDF MOV EBX,EDI + * 0044296A 33ED XOR EBP,EBP + * 0044296C C74424 1C 010000>MOV DWORD PTR SS:[ESP+0x1C],0x1 + * 00442974 0FB603 MOVZX EAX,BYTE PTR DS:[EBX] + * 00442977 50 PUSH EAX + * 00442978 E8 430CFCFF CALL .004035C0 + * 0044297D 85C0 TEST EAX,EAX + * 0044297F 74 06 JE SHORT .00442987 + * 00442981 45 INC EBP + * 00442982 83C3 02 ADD EBX,0x2 + * 00442985 EB 0E JMP SHORT .00442995 + * 00442987 803B 7D CMP BYTE PTR DS:[EBX],0x7D + * 0044298A 75 08 JNZ SHORT .00442994 + * 0044298C C74424 1C 000000>MOV DWORD PTR SS:[ESP+0x1C],0x0 + * 00442994 43 INC EBX + * 00442995 837C24 1C 00 CMP DWORD PTR SS:[ESP+0x1C],0x0 + * 0044299A ^75 D8 JNZ SHORT .00442974 + * 0044299C 8B9E B0000000 MOV EBX,DWORD PTR DS:[ESI+0xB0] + * 004429A2 8BC3 MOV EAX,EBX + * 004429A4 0FAFC5 IMUL EAX,EBP + * 004429A7 8D4C2D 00 LEA ECX,DWORD PTR SS:[EBP+EBP] + * 004429AB 8B6C24 30 MOV EBP,DWORD PTR SS:[ESP+0x30] + * 004429AF 894C24 34 MOV DWORD PTR SS:[ESP+0x34],ECX + * 004429B3 8B8E 98000000 MOV ECX,DWORD PTR DS:[ESI+0x98] + * 004429B9 2BCD SUB ECX,EBP + * 004429BB C1E0 0A SHL EAX,0xA + * 004429BE C1E1 0A SHL ECX,0xA + * 004429C1 C1E5 0A SHL EBP,0xA + * 004429C4 895C24 54 MOV DWORD PTR SS:[ESP+0x54],EBX + * 004429C8 C74424 1C 010000>MOV DWORD PTR SS:[ESP+0x1C],0x1 + * 004429D0 3BC1 CMP EAX,ECX + * 004429D2 76 0B JBE SHORT .004429DF + * 004429D4 2BC1 SUB EAX,ECX + * 004429D6 D1E8 SHR EAX,1 + * 004429D8 2BE8 SUB EBP,EAX + * 004429DA C1E3 0A SHL EBX,0xA + * 004429DD EB 21 JMP SHORT .00442A00 + * 004429DF 2BC8 SUB ECX,EAX + * 004429E1 33D2 XOR EDX,EDX + * 004429E3 8BC1 MOV EAX,ECX + * 004429E5 F77424 34 DIV DWORD PTR SS:[ESP+0x34] + * 004429E9 8B96 B4000000 MOV EDX,DWORD PTR DS:[ESI+0xB4] + * 004429EF C1E3 09 SHL EBX,0x9 + * 004429F2 03E8 ADD EBP,EAX + * 004429F4 03D8 ADD EBX,EAX + * 004429F6 8D1C5A LEA EBX,DWORD PTR DS:[EDX+EBX*2] + * 004429F9 8DA424 00000000 LEA ESP,DWORD PTR SS:[ESP] + * 00442A00 0FB607 MOVZX EAX,BYTE PTR DS:[EDI] + * 00442A03 50 PUSH EAX + * 00442A04 E8 B70BFCFF CALL .004035C0 + * 00442A09 85C0 TEST EAX,EAX + * 00442A0B 74 4F JE SHORT .00442A5C + * 00442A0D 66:0FBE4F 01 MOVSX CX,BYTE PTR DS:[EDI+0x1] + * 00442A12 66:0FBE07 MOVSX AX,BYTE PTR DS:[EDI] + * 00442A16 BA FF000000 MOV EDX,0xFF + * 00442A1B 66:23CA AND CX,DX + * 00442A1E 8B5424 38 MOV EDX,DWORD PTR SS:[ESP+0x38] + * 00442A22 66:C1E0 08 SHL AX,0x8 + * 00442A26 66:0BC8 OR CX,AX + * 00442A29 66:894C24 42 MOV WORD PTR SS:[ESP+0x42],CX + * 00442A2E 8BCD MOV ECX,EBP + * 00442A30 C1E9 0A SHR ECX,0xA + * 00442A33 894C24 4C MOV DWORD PTR SS:[ESP+0x4C],ECX + * 00442A37 8D4424 28 LEA EAX,DWORD PTR SS:[ESP+0x28] + * 00442A3B 50 PUSH EAX + * 00442A3C 8D4C24 44 LEA ECX,DWORD PTR SS:[ESP+0x44] + * 00442A40 895424 54 MOV DWORD PTR SS:[ESP+0x54],EDX + * 00442A44 8B5424 28 MOV EDX,DWORD PTR SS:[ESP+0x28] + * 00442A48 51 PUSH ECX + * 00442A49 52 PUSH EDX + * 00442A4A 8BCE MOV ECX,ESI + * 00442A4C 83C7 02 ADD EDI,0x2 + * 00442A4F E8 5CECFFFF CALL .004416B0 + * 00442A54 894424 10 MOV DWORD PTR SS:[ESP+0x10],EAX + * 00442A58 03EB ADD EBP,EBX + * 00442A5A EB 0E JMP SHORT .00442A6A + * 00442A5C 803F 7D CMP BYTE PTR DS:[EDI],0x7D + * 00442A5F 75 08 JNZ SHORT .00442A69 + * 00442A61 C74424 1C 000000>MOV DWORD PTR SS:[ESP+0x1C],0x0 + * 00442A69 47 INC EDI + * 00442A6A 8B4424 18 MOV EAX,DWORD PTR SS:[ESP+0x18] + * 00442A6E 8B4C24 20 MOV ECX,DWORD PTR SS:[ESP+0x20] + * 00442A72 8B5424 2C MOV EDX,DWORD PTR SS:[ESP+0x2C] + * 00442A76 50 PUSH EAX + * 00442A77 8B4424 74 MOV EAX,DWORD PTR SS:[ESP+0x74] + * 00442A7B 51 PUSH ECX + * 00442A7C 8B4C24 18 MOV ECX,DWORD PTR SS:[ESP+0x18] + * 00442A80 52 PUSH EDX + * 00442A81 50 PUSH EAX + * 00442A82 51 PUSH ECX + * 00442A83 8BCE MOV ECX,ESI + * 00442A85 E8 E6F6FFFF CALL .00442170 + * 00442A8A 837C24 1C 00 CMP DWORD PTR SS:[ESP+0x1C],0x0 + * 00442A8F 894424 2C MOV DWORD PTR SS:[ESP+0x2C],EAX + * 00442A93 ^0F85 67FFFFFF JNZ .00442A00 + * 00442A99 8B5424 3C MOV EDX,DWORD PTR SS:[ESP+0x3C] + * 00442A9D 8B6C24 70 MOV EBP,DWORD PTR SS:[ESP+0x70] + * 00442AA1 895424 54 MOV DWORD PTR SS:[ESP+0x54],EDX + * 00442AA5 E9 C1000000 JMP .00442B6B + * 00442AAA BB 01000000 MOV EBX,0x1 + * 00442AAF 90 NOP + * 00442AB0 0FB607 MOVZX EAX,BYTE PTR DS:[EDI] + * 00442AB3 50 PUSH EAX + * 00442AB4 E8 070BFCFF CALL .004035C0 + * 00442AB9 85C0 TEST EAX,EAX + * 00442ABB 74 05 JE SHORT .00442AC2 + * 00442ABD 83C7 02 ADD EDI,0x2 + * 00442AC0 EB 08 JMP SHORT .00442ACA + * 00442AC2 803F 7D CMP BYTE PTR DS:[EDI],0x7D + * 00442AC5 75 02 JNZ SHORT .00442AC9 + * 00442AC7 33DB XOR EBX,EBX + * 00442AC9 47 INC EDI + * 00442ACA 85DB TEST EBX,EBX + * 00442ACC ^75 E2 JNZ SHORT .00442AB0 + * 00442ACE E9 98000000 JMP .00442B6B + * 00442AD3 0FBE47 01 MOVSX EAX,BYTE PTR DS:[EDI+0x1] + * 00442AD7 83C0 9D ADD EAX,-0x63 + * 00442ADA 83F8 14 CMP EAX,0x14 + * 00442ADD 0F87 88000000 JA .00442B6B + * 00442AE3 0FB688 AC2B4400 MOVZX ECX,BYTE PTR DS:[EAX+0x442BAC] + * 00442AEA FF248D 982B4400 JMP DWORD PTR DS:[ECX*4+0x442B98] + * 00442AF1 8B46 24 MOV EAX,DWORD PTR DS:[ESI+0x24] + * 00442AF4 0346 1C ADD EAX,DWORD PTR DS:[ESI+0x1C] + * 00442AF7 8B4C24 14 MOV ECX,DWORD PTR SS:[ESP+0x14] + * 00442AFB 8B56 0C MOV EDX,DWORD PTR DS:[ESI+0xC] + * 00442AFE 0186 9C000000 ADD DWORD PTR DS:[ESI+0x9C],EAX + * 00442B04 8B86 9C000000 MOV EAX,DWORD PTR DS:[ESI+0x9C] + * 00442B0A 41 INC ECX + * 00442B0B 8996 98000000 MOV DWORD PTR DS:[ESI+0x98],EDX + * 00442B11 894C24 14 MOV DWORD PTR SS:[ESP+0x14],ECX + * 00442B15 399C8E B8000000 CMP DWORD PTR DS:[ESI+ECX*4+0xB8],EBX + * 00442B1C 77 08 JA SHORT .00442B26 + * 00442B1E 399E AC000000 CMP DWORD PTR DS:[ESI+0xAC],EBX + * 00442B24 74 42 JE SHORT .00442B68 + * 00442B26 8B8E B0000000 MOV ECX,DWORD PTR DS:[ESI+0xB0] + * 00442B2C 03C8 ADD ECX,EAX + * 00442B2E 898E 9C000000 MOV DWORD PTR DS:[ESI+0x9C],ECX + * 00442B34 EB 32 JMP SHORT .00442B68 + * 00442B36 8BCE MOV ECX,ESI + * 00442B38 E8 03F0FFFF CALL .00441B40 + * 00442B3D EB 29 JMP SHORT .00442B68 + * 00442B3F 8A47 02 MOV AL,BYTE PTR DS:[EDI+0x2] + * 00442B42 3C 63 CMP AL,0x63 + * 00442B44 74 0D JE SHORT .00442B53 + * 00442B46 3C 73 CMP AL,0x73 + * 00442B48 75 15 JNZ SHORT .00442B5F + * 00442B4A 895C24 20 MOV DWORD PTR SS:[ESP+0x20],EBX + * 00442B4E 83C7 03 ADD EDI,0x3 + * 00442B51 EB 18 JMP SHORT .00442B6B + * 00442B53 C74424 20 010000>MOV DWORD PTR SS:[ESP+0x20],0x1 + * 00442B5B 895C24 6C MOV DWORD PTR SS:[ESP+0x6C],EBX + * 00442B5F 83C7 03 ADD EDI,0x3 + * 00442B62 EB 07 JMP SHORT .00442B6B + * 00442B64 895C24 6C MOV DWORD PTR SS:[ESP+0x6C],EBX + * 00442B68 83C7 02 ADD EDI,0x2 + * 00442B6B 803F 00 CMP BYTE PTR DS:[EDI],0x0 + * 00442B6E ^0F85 8CFBFFFF JNZ .00442700 + * 00442B74 8B5424 24 MOV EDX,DWORD PTR SS:[ESP+0x24] + * 00442B78 8B86 58010000 MOV EAX,DWORD PTR DS:[ESI+0x158] + * 00442B7E 52 PUSH EDX + * 00442B7F 50 PUSH EAX + * 00442B80 FF15 DC335200 CALL DWORD PTR DS:[0x5233DC] ; user32.ReleaseDC + * 00442B86 5F POP EDI + * 00442B87 5E POP ESI + * 00442B88 5D POP EBP + * 00442B89 B8 01000000 MOV EAX,0x1 + * 00442B8E 5B POP EBX + * 00442B8F 83C4 58 ADD ESP,0x58 + * 00442B92 C2 0800 RETN 0x8 + * 00442B95 8D49 00 LEA ECX,DWORD PTR DS:[ECX] + * 00442B98 36:2B4400 F1 SUB EAX,DWORD PTR SS:[EAX+EAX-0xF] + * 00442B9D 2A4400 64 SUB AL,BYTE PTR DS:[EAX+EAX+0x64] + * 00442BA1 2B4400 3F SUB EAX,DWORD PTR DS:[EAX+EAX+0x3F] + * 00442BA5 2B4400 6B SUB EAX,DWORD PTR DS:[EAX+EAX+0x6B] + * 00442BA9 2B4400 00 SUB EAX,DWORD PTR DS:[EAX+EAX] + * 00442BAD 04 04 ADD AL,0x4 + * 00442BAF 04 04 ADD AL,0x4 + * 00442BB1 04 04 ADD AL,0x4 + * 00442BB3 04 04 ADD AL,0x4 + * 00442BB5 04 04 ADD AL,0x4 + * 00442BB7 010404 ADD DWORD PTR SS:[ESP+EAX],EAX + * 00442BBA 04 04 ADD AL,0x4 + * 00442BBC 04 02 ADD AL,0x2 + * 00442BBE 04 04 ADD AL,0x4 + * 00442BC0 03CC ADD ECX,ESP + * 00442BC2 CC INT3 + * 00442BC3 CC INT3 + * 00442BC4 CC INT3 + * 00442BC5 CC INT3 + * 00442BC6 CC INT3 + * 00442BC7 CC INT3 + * 00442BC8 CC INT3 + * 00442BC9 CC INT3 + * 00442BCA CC INT3 + */ +namespace{ +bool attach(const uint8_t pattern[],int patternSize,DWORD startAddress,DWORD stopAddress){ + ULONG addr = MemDbg::findBytes(pattern, patternSize, startAddress, stopAddress); + if(addr==0)return false; + addr = MemDbg::findEnclosingAlignedFunction_strict(addr); + if(addr==0)return false; + HookParam hp; + hp.address = addr ; + hp.offset=get_stack(1); + hp.type=EMBED_ABLE|USING_STRING|EMBED_AFTER_NEW|EMBED_DYNA_SJIS; + hp.hook_font=F_GetGlyphOutlineA; + hp.filter_fun=[](void* data, size_t* len, HookParam* hp){ + auto text = reinterpret_cast(data); + std::string str = std::string(text, *len); + std::regex reg1("\\{(.*?)/(.*?)\\}"); + std::string result1 = std::regex_replace(str, reg1, "$1"); + + return write_string_overwrite(text,len,result1); + }; + + return NewHook(hp, "EmbedCMVS"); +};} +bool attachScenarioHook(ULONG startAddress, ULONG stopAddress) +{ + + // This pattern is selected by comparing two CMVS games + const uint8_t bytes[] = { + 0xb8, 0xcd,0xcc,0xcc,0xcc, // 004512de b8 cdcccccc mov eax,0xcccccccd + 0xf7,0xe1, // 004512e3 f7e1 mul ecx + 0xc1,0xea, 0x02, // 004512e5 c1ea 02 shr edx,0x2 + 0xd1,0xe9, // 004512e8 d1e9 shr ecx,1 + 0x2b,0xca // 004512ea 2bca sub ecx,edx + }; + //const uint8_t bytes[] = { //青春&国记的人名&选择支 + // 0xb8, 0xcd,0xcc,0xcc,0xcc, // 004512de b8 cdcccccc mov eax,0xcccccccd + // 0xf7,0xe1, // 004512e3 f7e1 mul ecx + // 0xd1,0xe9, // 004512e8 d1e9 shr ecx,1 + + // 0xc1,0xea, 0x02, // 004512e5 c1ea 02 shr edx,0x2 + // 0x2b,0xca // 004512ea 2bca sub ecx,edx + //}; + const uint8_t bytes_kunado_kukoki[] = { + + 0xf7,0xe1, + 0x8b,0x85,0xd8,0xfd,0xff,0xff, + 0xd1,0xe9, + 0xc1,0xea, 0x02, + 0x2b,0xca + }; + + return attach(bytes, sizeof(bytes), startAddress, stopAddress)||attach(bytes_kunado_kukoki, sizeof(bytes_kunado_kukoki), startAddress, stopAddress); +} +/** + * FIXME: This function exists but is not called for クロノクロック when painting backlog. + * + * Sample bake: ハピメア + * + * Backlog function, found by tracking all callers of ::GetDC: + * + * 0044ACAE CC INT3 + * 0044ACAF CC INT3 + * 0044ACB0 55 PUSH EBP + * 0044ACB1 8BEC MOV EBP,ESP + * 0044ACB3 83EC 30 SUB ESP,0x30 + * 0044ACB6 56 PUSH ESI + * 0044ACB7 8BF1 MOV ESI,ECX + * 0044ACB9 8B86 58010000 MOV EAX,DWORD PTR DS:[ESI+0x158] + * 0044ACBF 57 PUSH EDI + * 0044ACC0 8B7D 08 MOV EDI,DWORD PTR SS:[EBP+0x8] + * 0044ACC3 50 PUSH EAX + * 0044ACC4 C745 08 00000000 MOV DWORD PTR SS:[EBP+0x8],0x0 + * 0044ACCB FF15 D4F35300 CALL DWORD PTR DS:[0x53F3D4] ; user32.GetDC + * 0044ACD1 68 80000000 PUSH 0x80 + * 0044ACD6 8D8E B8000000 LEA ECX,DWORD PTR DS:[ESI+0xB8] + * 0044ACDC 6A 00 PUSH 0x0 + * 0044ACDE 51 PUSH ECX + * 0044ACDF 8945 FC MOV DWORD PTR SS:[EBP-0x4],EAX + * 0044ACE2 E8 F9870D00 CALL .005234E0 + * 0044ACE7 8B46 7C MOV EAX,DWORD PTR DS:[ESI+0x7C] + * 0044ACEA 8B4E 70 MOV ECX,DWORD PTR DS:[ESI+0x70] + * 0044ACED 8945 F4 MOV DWORD PTR SS:[EBP-0xC],EAX + * 0044ACF0 8B46 1C MOV EAX,DWORD PTR DS:[ESI+0x1C] + * 0044ACF3 BA 28000000 MOV EDX,0x28 + * 0044ACF8 8945 E4 MOV DWORD PTR SS:[EBP-0x1C],EAX + * 0044ACFB 8B86 80000000 MOV EAX,DWORD PTR DS:[ESI+0x80] + * 0044AD01 66:8955 D0 MOV WORD PTR SS:[EBP-0x30],DX + * 0044AD05 8B56 74 MOV EDX,DWORD PTR DS:[ESI+0x74] + * 0044AD08 83C4 0C ADD ESP,0xC + * 0044AD0B 48 DEC EAX + * 0044AD0C 894D E8 MOV DWORD PTR SS:[EBP-0x18],ECX + * 0044AD0F 8955 EC MOV DWORD PTR SS:[EBP-0x14],EDX + * 0044AD12 C745 D8 00000000 MOV DWORD PTR SS:[EBP-0x28],0x0 + * 0044AD19 74 18 JE SHORT .0044AD33 + * 0044AD1B 48 DEC EAX + * 0044AD1C 74 0C JE SHORT .0044AD2A + * 0044AD1E 48 DEC EAX + * 0044AD1F 75 19 JNZ SHORT .0044AD3A + * 0044AD21 C745 D8 03000000 MOV DWORD PTR SS:[EBP-0x28],0x3 + * 0044AD28 EB 10 JMP SHORT .0044AD3A + * 0044AD2A C745 D8 02000000 MOV DWORD PTR SS:[EBP-0x28],0x2 + * 0044AD31 EB 07 JMP SHORT .0044AD3A + * 0044AD33 C745 D8 01000000 MOV DWORD PTR SS:[EBP-0x28],0x1 + * 0044AD3A 8B45 0C MOV EAX,DWORD PTR SS:[EBP+0xC] + * 0044AD3D 85C0 TEST EAX,EAX + * 0044AD3F 74 08 JE SHORT .0044AD49 + * 0044AD41 8B48 0C MOV ECX,DWORD PTR DS:[EAX+0xC] + * 0044AD44 894D F0 MOV DWORD PTR SS:[EBP-0x10],ECX + * 0044AD47 EB 06 JMP SHORT .0044AD4F + * 0044AD49 8B56 78 MOV EDX,DWORD PTR DS:[ESI+0x78] + * 0044AD4C 8955 F0 MOV DWORD PTR SS:[EBP-0x10],EDX + * 0044AD4F 803F 00 CMP BYTE PTR DS:[EDI],0x0 + * 0044AD52 0F84 65020000 JE .0044AFBD + * 0044AD58 53 PUSH EBX + * 0044AD59 8DA424 00000000 LEA ESP,DWORD PTR SS:[ESP] + * 0044AD60 0FB607 MOVZX EAX,BYTE PTR DS:[EDI] + * 0044AD63 3C 5C CMP AL,0x5C + * 0044AD65 0F84 16020000 JE .0044AF81 + * 0044AD6B 3C 7B CMP AL,0x7B + * 0044AD6D 0F84 63010000 JE .0044AED6 + * 0044AD73 50 PUSH EAX + * 0044AD74 E8 778DFBFF CALL .00403AF0 + * 0044AD79 85C0 TEST EAX,EAX + * 0044AD7B 0F84 AC000000 JE .0044AE2D + * 0044AD81 66:0FBE47 01 MOVSX AX,BYTE PTR DS:[EDI+0x1] + * 0044AD86 66:0FBE17 MOVSX DX,BYTE PTR DS:[EDI] + * 0044AD8A B9 FF000000 MOV ECX,0xFF + * 0044AD8F 66:23C1 AND AX,CX + * 0044AD92 66:C1E2 08 SHL DX,0x8 + * 0044AD96 66:0BC2 OR AX,DX + * 0044AD99 B9 4A810000 MOV ECX,0x814A + * 0044AD9E 83C7 02 ADD EDI,0x2 + * 0044ADA1 33DB XOR EBX,EBX + * 0044ADA3 66:8945 D2 MOV WORD PTR SS:[EBP-0x2E],AX + * 0044ADA7 66:3BC1 CMP AX,CX + * 0044ADAA 75 05 JNZ SHORT .0044ADB1 + * 0044ADAC BB 01000000 MOV EBX,0x1 + * 0044ADB1 8B45 D2 MOV EAX,DWORD PTR SS:[EBP-0x2E] + * 0044ADB4 8D55 08 LEA EDX,DWORD PTR SS:[EBP+0x8] + * 0044ADB7 52 PUSH EDX + * 0044ADB8 50 PUSH EAX + * 0044ADB9 6A 00 PUSH 0x0 + * 0044ADBB 8BCE MOV ECX,ESI + * 0044ADBD E8 FEFCFFFF CALL .0044AAC0 + * 0044ADC2 8B8E 98000000 MOV ECX,DWORD PTR DS:[ESI+0x98] + * 0044ADC8 8B96 9C000000 MOV EDX,DWORD PTR DS:[ESI+0x9C] + * 0044ADCE 894D DC MOV DWORD PTR SS:[EBP-0x24],ECX + * 0044ADD1 8955 E0 MOV DWORD PTR SS:[EBP-0x20],EDX + * 0044ADD4 85DB TEST EBX,EBX + * 0044ADD6 74 0E JE SHORT .0044ADE6 + * 0044ADD8 B8 CDCCCCCC MOV EAX,0xCCCCCCCD + * 0044ADDD F766 1C MUL DWORD PTR DS:[ESI+0x1C] + * 0044ADE0 C1EA 02 SHR EDX,0x2 + * 0044ADE3 2955 DC SUB DWORD PTR SS:[EBP-0x24],EDX + * 0044ADE6 8B55 FC MOV EDX,DWORD PTR SS:[EBP-0x4] + * 0044ADE9 8D45 F8 LEA EAX,DWORD PTR SS:[EBP-0x8] + * 0044ADEC 50 PUSH EAX + * 0044ADED 8D4D D0 LEA ECX,DWORD PTR SS:[EBP-0x30] + * 0044ADF0 51 PUSH ECX + * 0044ADF1 52 PUSH EDX + * 0044ADF2 8BCE MOV ECX,ESI + * 0044ADF4 E8 87F2FFFF CALL .0044A080 + * 0044ADF9 85DB TEST EBX,EBX + * 0044ADFB 75 11 JNZ SHORT .0044AE0E + * 0044ADFD 8B46 20 MOV EAX,DWORD PTR DS:[ESI+0x20] + * 0044AE00 0346 1C ADD EAX,DWORD PTR DS:[ESI+0x1C] + * 0044AE03 0186 98000000 ADD DWORD PTR DS:[ESI+0x98],EAX + * 0044AE09 E9 A5010000 JMP .0044AFB3 + * 0044AE0E 8B4E 1C MOV ECX,DWORD PTR DS:[ESI+0x1C] + * 0044AE11 B8 CDCCCCCC MOV EAX,0xCCCCCCCD + * 0044AE16 F7E1 MUL ECX + * 0044AE18 D1E9 SHR ECX,1 + * 0044AE1A C1EA 02 SHR EDX,0x2 + * 0044AE1D 2BCA SUB ECX,EDX + * 0044AE1F 034E 20 ADD ECX,DWORD PTR DS:[ESI+0x20] + * 0044AE22 018E 98000000 ADD DWORD PTR DS:[ESI+0x98],ECX + * 0044AE28 E9 86010000 JMP .0044AFB3 + * 0044AE2D 66:0FBE0F MOVSX CX,BYTE PTR DS:[EDI] + * 0044AE31 8B56 14 MOV EDX,DWORD PTR DS:[ESI+0x14] + * 0044AE34 2B56 20 SUB EDX,DWORD PTR DS:[ESI+0x20] + * 0044AE37 8B46 1C MOV EAX,DWORD PTR DS:[ESI+0x1C] + * 0044AE3A 66:894D D2 MOV WORD PTR SS:[EBP-0x2E],CX + * 0044AE3E 8B4E 0C MOV ECX,DWORD PTR DS:[ESI+0xC] + * 0044AE41 2BD0 SUB EDX,EAX + * 0044AE43 03D1 ADD EDX,ECX + * 0044AE45 47 INC EDI + * 0044AE46 3996 98000000 CMP DWORD PTR DS:[ESI+0x98],EDX + * 0044AE4C 72 37 JB SHORT .0044AE85 + * 0044AE4E 8B55 08 MOV EDX,DWORD PTR SS:[EBP+0x8] + * 0044AE51 42 INC EDX + * 0044AE52 83BC96 B8000000 >CMP DWORD PTR DS:[ESI+EDX*4+0xB8],0x0 + * 0044AE5A 8955 08 MOV DWORD PTR SS:[EBP+0x8],EDX + * 0044AE5D 77 09 JA SHORT .0044AE68 + * 0044AE5F 83BE AC000000 00 CMP DWORD PTR DS:[ESI+0xAC],0x0 + * 0044AE66 74 0C JE SHORT .0044AE74 + * 0044AE68 8B96 B0000000 MOV EDX,DWORD PTR DS:[ESI+0xB0] + * 0044AE6E 0196 9C000000 ADD DWORD PTR DS:[ESI+0x9C],EDX + * 0044AE74 898E 98000000 MOV DWORD PTR DS:[ESI+0x98],ECX + * 0044AE7A 8B4E 24 MOV ECX,DWORD PTR DS:[ESI+0x24] + * 0044AE7D 03C8 ADD ECX,EAX + * 0044AE7F 018E 9C000000 ADD DWORD PTR DS:[ESI+0x9C],ECX + * 0044AE85 8B96 98000000 MOV EDX,DWORD PTR DS:[ESI+0x98] + * 0044AE8B 8B86 9C000000 MOV EAX,DWORD PTR DS:[ESI+0x9C] + * 0044AE91 8D4D F8 LEA ECX,DWORD PTR SS:[EBP-0x8] + * 0044AE94 51 PUSH ECX + * 0044AE95 8955 DC MOV DWORD PTR SS:[EBP-0x24],EDX + * 0044AE98 8D55 D0 LEA EDX,DWORD PTR SS:[EBP-0x30] + * 0044AE9B 8945 E0 MOV DWORD PTR SS:[EBP-0x20],EAX + * 0044AE9E 8B45 FC MOV EAX,DWORD PTR SS:[EBP-0x4] + * 0044AEA1 52 PUSH EDX + * 0044AEA2 50 PUSH EAX + * 0044AEA3 8BCE MOV ECX,ESI + * 0044AEA5 E8 D6F1FFFF CALL .0044A080 + * 0044AEAA 8B46 1C MOV EAX,DWORD PTR DS:[ESI+0x1C] + * 0044AEAD 8B4D F8 MOV ECX,DWORD PTR SS:[EBP-0x8] + * 0044AEB0 D1E8 SHR EAX,1 + * 0044AEB2 3BC8 CMP ECX,EAX + * 0044AEB4 77 10 JA SHORT .0044AEC6 + * 0044AEB6 8B4E 20 MOV ECX,DWORD PTR DS:[ESI+0x20] + * 0044AEB9 03C8 ADD ECX,EAX + * 0044AEBB 018E 98000000 ADD DWORD PTR DS:[ESI+0x98],ECX + * 0044AEC1 E9 ED000000 JMP .0044AFB3 + * 0044AEC6 8B56 20 MOV EDX,DWORD PTR DS:[ESI+0x20] + * 0044AEC9 03D1 ADD EDX,ECX + * 0044AECB 0196 98000000 ADD DWORD PTR DS:[ESI+0x98],EDX + * 0044AED1 E9 DD000000 JMP .0044AFB3 + * 0044AED6 47 INC EDI + * 0044AED7 BB 01000000 MOV EBX,0x1 + * 0044AEDC 8D6424 00 LEA ESP,DWORD PTR SS:[ESP] + * 0044AEE0 0FB607 MOVZX EAX,BYTE PTR DS:[EDI] + * 0044AEE3 50 PUSH EAX + * 0044AEE4 E8 078CFBFF CALL .00403AF0 + * 0044AEE9 85C0 TEST EAX,EAX + * 0044AEEB 74 63 JE SHORT .0044AF50 + * 0044AEED 66:0FBE4F 01 MOVSX CX,BYTE PTR DS:[EDI+0x1] + * 0044AEF2 66:0FBE07 MOVSX AX,BYTE PTR DS:[EDI] + * 0044AEF6 BA FF000000 MOV EDX,0xFF + * 0044AEFB 66:23CA AND CX,DX + * 0044AEFE 66:C1E0 08 SHL AX,0x8 + * 0044AF02 66:0BC8 OR CX,AX + * 0044AF05 66:894D D2 MOV WORD PTR SS:[EBP-0x2E],CX + * 0044AF09 8B55 D2 MOV EDX,DWORD PTR SS:[EBP-0x2E] + * 0044AF0C 8D4D 08 LEA ECX,DWORD PTR SS:[EBP+0x8] + * 0044AF0F 51 PUSH ECX + * 0044AF10 52 PUSH EDX + * 0044AF11 6A 00 PUSH 0x0 + * 0044AF13 8BCE MOV ECX,ESI + * 0044AF15 83C7 02 ADD EDI,0x2 + * 0044AF18 E8 A3FBFFFF CALL .0044AAC0 + * 0044AF1D 8B86 98000000 MOV EAX,DWORD PTR DS:[ESI+0x98] + * 0044AF23 8B8E 9C000000 MOV ECX,DWORD PTR DS:[ESI+0x9C] + * 0044AF29 8D55 F8 LEA EDX,DWORD PTR SS:[EBP-0x8] + * 0044AF2C 8945 DC MOV DWORD PTR SS:[EBP-0x24],EAX + * 0044AF2F 52 PUSH EDX + * 0044AF30 894D E0 MOV DWORD PTR SS:[EBP-0x20],ECX + * 0044AF33 8B4D FC MOV ECX,DWORD PTR SS:[EBP-0x4] + * 0044AF36 8D45 D0 LEA EAX,DWORD PTR SS:[EBP-0x30] + * 0044AF39 50 PUSH EAX + * 0044AF3A 51 PUSH ECX + * 0044AF3B 8BCE MOV ECX,ESI + * 0044AF3D E8 3EF1FFFF CALL .0044A080 + * 0044AF42 8B56 20 MOV EDX,DWORD PTR DS:[ESI+0x20] + * 0044AF45 0356 1C ADD EDX,DWORD PTR DS:[ESI+0x1C] + * 0044AF48 0196 98000000 ADD DWORD PTR DS:[ESI+0x98],EDX + * 0044AF4E EB 08 JMP SHORT .0044AF58 + * 0044AF50 803F 2F CMP BYTE PTR DS:[EDI],0x2F + * 0044AF53 75 02 JNZ SHORT .0044AF57 + * 0044AF55 33DB XOR EBX,EBX + * 0044AF57 47 INC EDI + * 0044AF58 85DB TEST EBX,EBX + * 0044AF5A ^75 84 JNZ SHORT .0044AEE0 + * 0044AF5C BB 01000000 MOV EBX,0x1 + * 0044AF61 0FB607 MOVZX EAX,BYTE PTR DS:[EDI] + * 0044AF64 50 PUSH EAX + * 0044AF65 E8 868BFBFF CALL .00403AF0 + * 0044AF6A 85C0 TEST EAX,EAX + * 0044AF6C 74 05 JE SHORT .0044AF73 + * 0044AF6E 83C7 02 ADD EDI,0x2 + * 0044AF71 EB 08 JMP SHORT .0044AF7B + * 0044AF73 803F 7D CMP BYTE PTR DS:[EDI],0x7D + * 0044AF76 75 02 JNZ SHORT .0044AF7A + * 0044AF78 33DB XOR EBX,EBX + * 0044AF7A 47 INC EDI + * 0044AF7B 85DB TEST EBX,EBX + * 0044AF7D ^75 E2 JNZ SHORT .0044AF61 + * 0044AF7F EB 32 JMP SHORT .0044AFB3 + * 0044AF81 0FBE47 01 MOVSX EAX,BYTE PTR DS:[EDI+0x1] + * 0044AF85 83C0 9D ADD EAX,-0x63 + * 0044AF88 83F8 14 CMP EAX,0x14 + * 0044AF8B 77 26 JA SHORT .0044AFB3 + * 0044AF8D 0FB688 F0AF4400 MOVZX ECX,BYTE PTR DS:[EAX+0x44AFF0] + * 0044AF94 FF248D E0AF4400 JMP DWORD PTR DS:[ECX*4+0x44AFE0] + * 0044AF9B 8B46 24 MOV EAX,DWORD PTR DS:[ESI+0x24] + * 0044AF9E 0346 1C ADD EAX,DWORD PTR DS:[ESI+0x1C] + * 0044AFA1 8B56 0C MOV EDX,DWORD PTR DS:[ESI+0xC] + * 0044AFA4 0186 9C000000 ADD DWORD PTR DS:[ESI+0x9C],EAX + * 0044AFAA 8996 98000000 MOV DWORD PTR DS:[ESI+0x98],EDX + * 0044AFB0 83C7 02 ADD EDI,0x2 + * 0044AFB3 803F 00 CMP BYTE PTR DS:[EDI],0x0 + * 0044AFB6 ^0F85 A4FDFFFF JNZ .0044AD60 + * 0044AFBC 5B POP EBX + * 0044AFBD 8B4D FC MOV ECX,DWORD PTR SS:[EBP-0x4] + * 0044AFC0 8B96 58010000 MOV EDX,DWORD PTR DS:[ESI+0x158] + * 0044AFC6 51 PUSH ECX + * 0044AFC7 52 PUSH EDX + * 0044AFC8 FF15 D8F35300 CALL DWORD PTR DS:[0x53F3D8] ; user32.ReleaseDC + * 0044AFCE 5F POP EDI + * 0044AFCF B8 01000000 MOV EAX,0x1 + * 0044AFD4 5E POP ESI + * 0044AFD5 8BE5 MOV ESP,EBP + * 0044AFD7 5D POP EBP + * 0044AFD8 C2 0800 RETN 0x8 + * 0044AFDB 83C7 03 ADD EDI,0x3 + * 0044AFDE ^EB D3 JMP SHORT .0044AFB3 + * 0044AFE0 B0 AF MOV AL,0xAF + * 0044AFE2 44 INC ESP + * 0044AFE3 009B AF4400DB ADD BYTE PTR DS:[EBX+0xDB0044AF],BL + * 0044AFE9 AF SCAS DWORD PTR ES:[EDI] + * 0044AFEA 44 INC ESP + * 0044AFEB 00B3 AF440000 ADD BYTE PTR DS:[EBX+0x44AF],DH + * 0044AFF1 0303 ADD EAX,DWORD PTR DS:[EBX] + * 0044AFF3 0303 ADD EAX,DWORD PTR DS:[EBX] + * 0044AFF5 0303 ADD EAX,DWORD PTR DS:[EBX] + * 0044AFF7 0303 ADD EAX,DWORD PTR DS:[EBX] + * 0044AFF9 0303 ADD EAX,DWORD PTR DS:[EBX] + * 0044AFFB 0103 ADD DWORD PTR DS:[EBX],EAX + * 0044AFFD 0303 ADD EAX,DWORD PTR DS:[EBX] + * 0044AFFF 0303 ADD EAX,DWORD PTR DS:[EBX] + * 0044B001 0003 ADD BYTE PTR DS:[EBX],AL + * 0044B003 0302 ADD EAX,DWORD PTR DS:[EDX] + * 0044B005 CC INT3 + * 0044B006 CC INT3 + * 0044B007 CC INT3 + * 0044B008 CC INT3 + */ + +bool attachHistoryHook(ULONG startAddress, ULONG stopAddress) +{ + const uint8_t bytes[] = { + 0xb8, 0xcd,0xcc,0xcc,0xcc, // 0044ae11 b8 cdcccccc mov eax,0xcccccccd + 0xf7,0xe1, // 0044ae16 f7e1 mul ecx + 0xd1,0xe9, // 0044ae18 d1e9 shr ecx,1 + 0xc1,0xea, 0x02, // 0044ae1a c1ea 02 shr edx,0x2 + 0x2b,0xca // 0044ae1d 2bca sub ecx,edx + }; + + return attach(bytes, sizeof(bytes), startAddress, stopAddress); +} +bool CMVS::attach_function() { + bool embed=attachScenarioHook(processStartAddress,processStopAddress); + if(embed)attachHistoryHook(processStartAddress,processStopAddress); + return InsertCMVSHook()||embed; +} \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine32/CMVS.h b/cpp/LunaHook/LunaHook/engine32/CMVS.h new file mode 100644 index 00000000..9d4b3c0b --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/CMVS.h @@ -0,0 +1,18 @@ + + +class CMVS:public ENGINE{ + public: + CMVS(){ + + check_by=CHECK_BY::FILE; + check_by_target=L"data\\pack\\*.cpz"; + + + // jichi 8/19/2013: DO NOT WORK for games like「ハピメア」 + //if (wcsstr(str,L"cmvs32") || wcsstr(str,L"cmvs64")) { + // InsertCMVSHook(); + // return true; + //} + }; + bool attach_function(); +}; \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine32/Cage.cpp b/cpp/LunaHook/LunaHook/engine32/Cage.cpp new file mode 100644 index 00000000..f8f9718a --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/Cage.cpp @@ -0,0 +1,75 @@ +#include "Cage.h" + +bool Cage::attach_function() +{ + // https://vndb.org/v8381 + // 夢姿 ~ゆめのすがた~ + /* + size_t __cdecl _mbslen(const unsigned __int8 *String) +{ +const unsigned __int8 *v2; // eax +size_t i; // esi + +if ( !dword_476AFC ) +return strlen((const char *)String); +_lock(25); +v2 = String; +for ( i = 0; *v2; ++i ) +{ +if ( (byte_476C01[*v2] & 4) != 0 && !*++v2 ) +break; +++v2; +} +_unlock(25); +return i; +} + */ + /* + .text:00451B0C mov eax, [esp+8+String] +.text:00451B10 pop ecx +.text:00451B11 xor esi, esi +.text:00451B13 +.text:00451B13 loc_451B13: ; CODE XREF: __mbslen+3D↓j +.text:00451B13 mov cl, [eax] +.text:00451B15 test cl, cl +.text:00451B17 jz short loc_451B2F +.text:00451B19 movzx ecx, cl +.text:00451B1C test byte_476C01[ecx], 4 +.text:00451B23 jz short loc_451B2B +.text:00451B25 inc eax +.text:00451B26 cmp byte ptr [eax], 0 +.text:00451B29 jz short loc_451B2F +.text:00451B2B +.text:00451B2B loc_451B2B: ; CODE XREF: __mbslen+33↑j +.text:00451B2B inc esi +.text:00451B2C inc eax +.text:00451B2D jmp short loc_451B13 + */ + BYTE check[] = { + 0x8B, 0x44, 0x24, 0x0C, + 0x59, + 0x33, 0xF6, + 0x8A, 0x08, + 0x84, 0xC9, + 0x74, 0x16, + 0x0F, 0xB6, 0xC9, + 0xF6, 0x81, XX4, 0x04, + 0x74, 0x06, + 0x40, + 0x80, 0x38, 0x00, + 0x74, 0x04, + 0x46, + 0x40, + 0xEB, 0xE4}; + auto addrx = MemDbg::findBytes(check, sizeof(check), processStartAddress, processStopAddress); + if (!addrx) + return false; + addrx = MemDbg::findEnclosingAlignedFunction(addrx); + if (!addrx) + return 0; + HookParam hp; + hp.address = addrx; + hp.type = USING_STRING; + hp.offset = get_stack(1); + return NewHook(hp, "Cage"); +} \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine32/Cage.h b/cpp/LunaHook/LunaHook/engine32/Cage.h new file mode 100644 index 00000000..bc7e36f2 --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/Cage.h @@ -0,0 +1,14 @@ + + +class Cage : public ENGINE +{ +public: + Cage() + { + // https://vndb.org/v8381 + // 夢姿 ~ゆめのすがた~ + check_by = CHECK_BY::FILE_ALL; + check_by_target = check_by_list{L"script.msb", L"data*.ym"}; + }; + bool attach_function(); +}; \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine32/Candy.cpp b/cpp/LunaHook/LunaHook/engine32/Candy.cpp new file mode 100644 index 00000000..8db417e2 --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/Candy.cpp @@ -0,0 +1,362 @@ +#include "Candy.h" + +/******************************************************************************************** +CandySoft hook: + Game folder contains many *.fpk. Engine name is SystemC. + I haven't seen this engine in other company/brand. + + AGTH /X3 will hook lstrlenA. One thread is the exactly result we want. + But the function call is difficult to located programmatically. + I find a equivalent points which is more easy to search. + The script processing function needs to find 0x5B'[', + so there should a instruction like cmp reg,5B + Find this position and navigate to function entry. + The first parameter is the string pointer. + This approach works fine with game later than つよきす2学� + + But the original つよき�is quite different. I handle this case separately. + +********************************************************************************************/ +namespace +{ + // https://vndb.org/v23666 + //(18禁ゲーム) [180928] [INTERHEART glossy] はらかつ!3 ~子作りビジネス廃業の危機!?~ (iso+mds+rr3) + // https://vndb.org/v47957 + //[240222][1261652][DESSERT Soft] 二股野郎とパパ活姉妹 パッケージ版 (mdf+mds) + // https://vndb.org/v20368 + //[170224] [Sweet HEART] アイドル★クリニック 恋の薬でHな処方 (iso+mds+rr3) + bool filter(LPVOID data, size_t *size, HookParam *) + { + StringFilter((char *)data, size, "$L", 2); + StringFilter((char *)data, size, "$M", 2); + StringFilter((char *)data, size, "$S", 2); + StringFilterBetween((char *)data, size, "[", 1, "]", 1); + StringFilterBetween((char *)data, size, "&", 1, ";", 1); + return true; + // else + // { + // v18 = *v16++; + // switch ( v18 ) + // { + // case '$': + // switch ( *v16 ) + // { + // case 0: + // goto LABEL_44; + // case 76: + // v15 = 3; + // break; + // case 77: + // if ( v15 < 2 ) + // v15 = 2; + // break; + // default: + // if ( *v16 == 83 && !v15 ) + // v15 = 1; + // break; + // } + // break; + // case '[': + // for ( i = *v16; i; i = *++v16 ) + // { + // if ( i == 93 ) + // break; + // } + // break; + // case '&': + // for ( j = *v16; j; j = *++v16 ) + // { + // if ( j == 59 ) + // break; + // } + // break; + // default: + // goto LABEL_43; + // } + // ++v16; + // } + } + uintptr_t hh() + { + // void __usercall sub_425580(char *a1@, int a2@, int a3) + BYTE bytes[] = { + 0x3c, 0x24, + 0x75, XX, + 0x80, 0x7e, 0x01, 0x00, + 0x74, XX, + 0x83, XX, 0x02, + 0x83, XX, 0x02}; + auto addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStopAddress); + if (!addr) + return 0; + addr = findfuncstart(addr, 0x400); + return addr; + } +} + +namespace +{ // unnamed Candy + + // jichi 8/23/2013: split into two different engines + // if (_wcsicmp(processName, L"systemc.exe")==0) + // Process name is "SystemC.exe" + bool InsertCandyHook1() + { + for (DWORD i = processStartAddress + 0x1000; i < processStopAddress - 4; i++) + if ((*(DWORD *)i & 0xffffff) == 0x24f980) // cmp cl,24 + for (DWORD j = i, k = i - 0x100; j > k; j--) + if (*(DWORD *)j == 0xc0330a8a) + { // mov cl,[edx]; xor eax,eax + HookParam hp; + hp.address = j; + hp.offset = get_reg(regs::edx); + hp.type = USING_STRING; + ConsoleOutput("INSERT SystemC#1"); + + // RegisterEngineType(ENGINE_CANDY); + return NewHook(hp, "SystemC"); + } + ConsoleOutput("CandyHook1: failed"); + return false; + } + + uintptr_t __InsertCandyHook2() + { + for (DWORD i = processStartAddress + 0x1000; i < processStopAddress - 4; i++) + if (*(WORD *)i == 0x5b3c || // cmp al,0x5b + (*(DWORD *)i & 0xfff8fc) == 0x5bf880) // cmp reg,0x5B + for (DWORD j = i, k = i - 0x100; j > k; j--) + if ((*(DWORD *)j & 0xffff) == 0x8b55) + { // push ebp, mov ebp,esp, sub esp,* + return j; + } + return 0; + } + // jichi 8/23/2013: Process name is NOT "SystemC.exe" + bool InsertCandyHook2() + { + auto addr1 = hh(); // 新版本的candy,但是有时会和旧版在同一个地址。当是同一个地址时,避让5个字节 + auto addr2 = __InsertCandyHook2(); + HookParam hp; + hp.type = USING_STRING; + hp.filter_fun = filter; + if (addr2 == 0 && addr1 == 0) + return false; + else if (addr2 == 0 && addr1 != 0) + { + hp.address = addr1; + hp.offset = get_reg(regs::edx); + return NewHook(hp, "SystemC"); + } + else if (addr2 != 0 && addr1 == 0) + { + hp.address = addr2; + hp.offset = get_stack(1); // jichi: text in arg1 + return NewHook(hp, "SystemC"); + } + else + { + if (addr1 == addr2) + { + addr1 += 5; + } + hp.address = addr1; + hp.offset = get_reg(regs::edx); + auto succ = NewHook(hp, "SystemC"); + hp.address = addr2; + hp.offset = get_stack(1); + succ |= NewHook(hp, "SystemC"); + return succ; + } + } + + /** jichi 10/2/2013: CHECKPOINT + * + * [5/31/2013] 恋もHもお勉強も、おまかせ�お姉ちも�部 + * base = 0xf20000 + * + シナリオ: /HSN-4@104A48:ANEBU.EXE + * - off: 4294967288 = 0xfffffff8 = -8 + , - type: 1025 = 0x401 + * + 選択肢: /HSN-4@104FDD:ANEBU.EXE + * - off: 4294967288 = 0xfffffff8 = -8 + * - type: 1089 = 0x441 + */ + // bool InsertCandyHook3() + //{ + // return false; // CHECKPOINT + // const BYTE ins[] = { + // 0x83,0xc4, 0x0c, // add esp,0xc ; hook here + // 0x0f,0xb6,0xc0, // movzx eax,al + // 0x85,0xc0, // test eax,eax + // 0x75, 0x0e // jnz XXOO ; it must be 0xe, or there will be duplication + // }; + // enum { addr_offset = 0 }; + // ULONG range = min(processStopAddress - processStartAddress, MAX_REL_ADDR); + // ULONG reladdr = SearchPattern(processStartAddress, range, ins, sizeof(ins)); + // reladdr = 0x104a48; + // GROWL_DWORD(processStartAddress); + // //GROWL_DWORD3(reladdr, processStartAddress, range); + // if (!reladdr) + // return false; + // + // HookParam hp; + // hp.address = processStartAddress + reladdr + addr_offset; + // hp.offset=get_reg(regs::eax); + // hp.type = USING_STRING|NO_CONTEXT; + // NewHook(hp, "Candy"); + // return true; + // } + +} // unnamed Candy + +namespace +{ + bool candy3() + { + // お母さんは俺専用!~あなたの初めてを…母さんが貰ってア・ゲ・ル~ + // 茉莉子さん家の性事情 ~伯母さんは僕のモノ~ + const BYTE bytes[] = { + 0x24, // XX||XX2 + 0x75}; + for (auto addr : Util::SearchMemory(bytes, sizeof(bytes), PAGE_EXECUTE)) + { + ConsoleOutput("%x", addr); + if ((*(BYTE *)(addr - 1) == 0x3c) || ((*(BYTE *)(addr - 2) == 0x83) && (*(BYTE *)(addr - 1) == 0xf9))) + { + addr = MemDbg::findEnclosingAlignedFunction(addr); + if (addr == 0) + continue; + ConsoleOutput("!%x", addr); + HookParam hp; + hp.type = USING_STRING; + if (*(BYTE *)addr == 0x55) + hp.offset = get_stack(1); + else if (*(BYTE *)addr == 0x56) + hp.offset = get_reg(regs::eax); + else + continue; + hp.address = addr; + + return NewHook(hp, "candy3"); + } + } + return false; + } + bool InsertCandyHook3() + { + + /* + * Sample games: + * https://vndb.org/v24878 + */ + const BYTE bytes[] = { + 0xCC, // int 3 + 0x55, // push ebp << hook here + 0x8B, 0xEC, // mov ebp,esp + 0x6A, 0xFF, // push -01 + 0x68, XX4, // push iinari-omnibus.exe+C4366 + 0x64, 0xA1, 0x00, 0x00, 0x00, 0x00, // mov eax,fs:[00000000] + 0x50, // push eax + 0x83, 0xEC, 0x74, // sub esp,74 + 0x53, // push ebx + 0x56, // push esi + 0x57 // push edi + }; + + ULONG range = min(processStopAddress - processStartAddress, MAX_REL_ADDR); + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStartAddress + range); + if (!addr) + return false; + HookParam hp; + hp.address = addr + 1; + hp.offset = get_stack(4); + hp.type = USING_STRING | CODEC_UTF16; + ConsoleOutput("INSERT SystemC#3"); + + return NewHook(hp, "SystemC#3"); + } +} +// jichi 10/2/2013: Add new candy hook +bool InsertCandyHook() +{ + + // if (0 == _wcsicmp(processName, L"systemc.exe")) + if (Util::CheckFile(L"SystemC.exe")) + return InsertCandyHook1() || candy3(); + else + { + // return InsertCandyHook2(); + bool b2 = InsertCandyHook2(); + b2 |= InsertCandyHook3(); + return b2; + } +} +namespace +{ + bool willowsoft() + { + const BYTE bytes[] = { + // https://vndb.org/v5761 + // まません + + 0xA1, XX4, + 0x89, 0x45, 0xF8, + 0x83, 0x7D, 0xF8, 0x10, + 0x74, XX, + 0x83, 0x7D, 0xF8, 0x18, + 0x74, XX, + 0x83, 0x7D, 0xF8, 0x20, + 0x74, XX}; + auto addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStopAddress); + if (addr == 0) + return false; + addr = MemDbg::findEnclosingAlignedFunction(addr, 0x20); + if (addr == 0) + return false; + HookParam hp; + hp.type = USING_STRING; + hp.offset = get_stack(2); + hp.type = USING_STRING; + hp.address = addr; + return NewHook(hp, "WillowSoft"); + } +} +bool Candy::attach_function() +{ + + auto b1 = InsertCandyHook(); + if (b1) + PcHooks::hookOtherPcFunctions(); + else + { + b1 = b1 || willowsoft(); + if (!b1) + PcHooks::hookOtherPcFunctions(); + } + return b1; +} + +bool WillowSoft::attach_function() +{ + // お母さんがいっぱい!!限定ママBOX + const BYTE bytes[] = { + 0xF7, 0xC2, 0x00, 0x00, 0xFF, 0x00, + XX2, + 0xF7, 0xC2, 0x00, 0x00, 0x00, 0xFF, + XX2}; + auto addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStopAddress); + if (addr == 0) + return false; + addr = MemDbg::findEnclosingAlignedFunction(addr); + if (addr == 0) + return false; + + HookParam hp; + hp.type = USING_STRING; + hp.offset = get_stack(2); + hp.type |= DATA_INDIRECT; + hp.index = 0; + hp.address = addr; + + return NewHook(hp, "WillowSoft"); +} \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine32/Candy.h b/cpp/LunaHook/LunaHook/engine32/Candy.h new file mode 100644 index 00000000..881b304d --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/Candy.h @@ -0,0 +1,27 @@ + + +class Candy : public ENGINE +{ +public: + Candy() + { + + check_by = CHECK_BY::FILE_ANY; + check_by_target = check_by_list{L"*.fpk", L"data\\*.fpk"}; + is_engine_certain = false; + }; + bool attach_function(); +}; + +class WillowSoft : public ENGINE +{ +public: + WillowSoft() + { + + check_by = CHECK_BY::FILE; + check_by_target = L"Selene.dll"; + is_engine_certain = false; + }; + bool attach_function(); +}; diff --git a/cpp/LunaHook/LunaHook/engine32/CaramelBox.cpp b/cpp/LunaHook/LunaHook/engine32/CaramelBox.cpp new file mode 100644 index 00000000..80a5d685 --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/CaramelBox.cpp @@ -0,0 +1,139 @@ +#include"CaramelBox.h" + + +static void SpecialHookCaramelBox(hook_stack *stack, HookParam *hp, TextBuffer *buffer, uintptr_t *split) +{ + DWORD reg_ecx = *(DWORD*)(stack->base + hp->offset); + BYTE *ptr = (BYTE *)reg_ecx; + buffer_index = 0; + while (ptr[0]) + if (ptr[0] == 0x28) { // Furigana format: (Kanji,Furi) + ptr++; + while (ptr[0]!=0x2c) //Copy Kanji + text_buffer[buffer_index++] = *ptr++; + while (ptr[0]!=0x29) // Skip Furi + ptr++; + ptr++; + } else if (ptr[0] == 0x5c) + ptr +=2; + else { + text_buffer[buffer_index++] = ptr[0]; + if (LeadByteTable[ptr[0]] == 2) { + ptr++; + text_buffer[buffer_index++] = ptr[0]; + } + ptr++; + } + buffer->from(text_buffer, buffer_index); + *split = 0; // 8/3/2014 jichi: use return address as split +} +// jichi 10/1/2013: Change return type to bool +bool InsertCaramelBoxHook() +{ + union { DWORD i; BYTE* pb; WORD* pw; DWORD *pd; }; + DWORD reg = -1; + for (i = processStartAddress + 0x1000; i < processStopAddress - 4; i++) { + if (*pd == 0x7ff3d) // cmp eax, 7ff + reg = 0; + else if ((*pd & 0xfffff8fc) == 0x07fff880) // cmp reg, 7ff + reg = pb[1] & 0x7; + + if (reg == -1) + continue; + + DWORD flag = 0; + if (*(pb - 6) == 3) { //add reg, [ebp+$disp_32] + if (*(pb - 5) == (0x85 | (reg << 3))) + flag = 1; + } else if (*(pb - 3) == 3) { // add reg, [ebp+$disp_8] + if (*(pb - 2) == (0x45 | (reg << 3))) + flag = 1; + } else if (*(pb - 2) == 3) { // add reg, reg + if (((*(pb - 1) >> 3) & 7)== reg) + flag = 1; + } + reg = -1; + if (flag) { + for (DWORD j = i, k = i - 0x100; j > k; j--) { + if ((*(DWORD *)j & 0xffff00ff) == 0x1000b8) { // mov eax,10?? + HookParam hp; + hp.address = j & ~0xf; + hp.text_fun = SpecialHookCaramelBox; + hp.type = USING_STRING; + for (i &= ~0xffff; i < processStopAddress - 4; i++) + if (pb[0] == 0xe8) { + pb++; + if (pd[0] + i + 4 == hp.address) { + pb += 4; + if ((pd[0] & 0xffffff) == 0x04c483) + hp.offset=get_stack(1); + else hp.offset=get_reg(regs::ecx); + break; + } + } + + if (hp.offset == 0) { + ConsoleOutput("CaramelBox: failed, zero off"); + return false; + } + ConsoleOutput("INSERT CaramelBox"); + + //RegisterEngineType(ENGINE_CARAMEL); + return NewHook(hp, "CaramelBox"); + } + } + } + } + ConsoleOutput("CaramelBox: failed"); + return false; +//_unknown_engine: + //ConsoleOutput("Unknown CarmelBox engine."); +} + + +bool CaramelBox::attach_function() { + + return InsertCaramelBoxHook(); +} + + + +bool CaramelBoxMilkAji::attach_function(){ + //雨芳恋歌 + //https://vndb.org/v6663 + BYTE bytes[] = { + 0x33,0xD2, + 0xB9,0x8A,0x02,0x00,0x00, + 0xF7,0xF1, + 0x6B,0xC0,0x44, + 0x6B,0xC0,0x03 + }; + auto addr=MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStopAddress); + if(addr==0)return false; + addr=MemDbg::findEnclosingAlignedFunction(addr); + if(addr==0)return false; + HookParam hp; + hp.address = addr; + hp.type = USING_STRING; + hp.offset=get_stack(1); + + return NewHook(hp, "CaramelBox"); +} +bool CaramelBox2::attach_function(){ + //https://vndb.org/r19777 + //Otoboku - Maidens Are Falling for Me! - Download Edition + trigger_fun=[](LPVOID addr1, hook_stack* stack){ + if(addr1!=TextOutA&& addr1!=GetTextExtentPoint32A)return false; + auto addr=stack->retaddr; + addr = MemDbg::findEnclosingAlignedFunction(addr); + if (addr == 0)return false; + HookParam hp; + hp.address = addr; + hp.type = USING_STRING|USING_SPLIT; + hp.offset=get_stack(2); + hp.split=get_stack(2); + NewHook(hp, "CaramelBox"); + return true; + }; + return true; +} \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine32/CaramelBox.h b/cpp/LunaHook/LunaHook/engine32/CaramelBox.h new file mode 100644 index 00000000..e36079db --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/CaramelBox.h @@ -0,0 +1,51 @@ + + +class CaramelBox:public ENGINE{ + public: + CaramelBox(){ + + check_by=CHECK_BY::CUSTOM; + check_by_target=[](){ + auto str=std::wstring( processName_lower); + DWORD len = str.size(); + + // jichi 8/10/2013: Since *.bin is common, move CaramelBox to the end + str[len - 3] = L'b'; + str[len - 2] = L'i'; + str[len - 1] = L'n'; + str[len] = 0; + return (Util::CheckFile(str.c_str()) || Util::CheckFile(L"trial.bin")); + }; + is_engine_certain=false; + + }; + bool attach_function(); +}; + + +class CaramelBoxMilkAji:public ENGINE{ + public: + CaramelBoxMilkAji(){ + + check_by=CHECK_BY::FILE; + check_by_target=L"SdActiRc.dll"; + is_engine_certain=false; + + }; + bool attach_function(); +}; + +class CaramelBox2:public ENGINE{ + public: + CaramelBox2(){ + + check_by=CHECK_BY::CUSTOM; + check_by_target=[](){ + if(!Util::CheckFile(L"*.mpg"))return false; + char copyright[]="OTOBOKU-CaramelBox";//OTOBOKU-CaramelBox //Software\Caramel-Box\OTOMEHABOKUNIKOISHITERU + return 0!=MemDbg::findBytes(copyright,sizeof(copyright),processStartAddress,min(processStopAddress,processStartAddress+0x200000)); + }; + + }; + bool attach_function(); +}; \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine32/CatSystem.cpp b/cpp/LunaHook/LunaHook/engine32/CatSystem.cpp new file mode 100644 index 00000000..8e08111a --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/CatSystem.cpp @@ -0,0 +1,877 @@ +#include "CatSystem.h" +// jichi 5/10/2014 +// See also: http://bbs.sumisora.org/read.php?tid=11044704&fpage=2 +// +// Old engine: グリザイアの迷宮 +// 0053cc4e cc int3 +// 0053cc4f cc int3 +// 0053cc50 6a ff push -0x1 ; jichi: hook here +// 0053cc52 68 6b486000 push .0060486b +// 0053cc57 64:a1 00000000 mov eax,dword ptr fs:[0] +// 0053cc5d 50 push eax +// 0053cc5e 81ec 24020000 sub esp,0x224 +// 0053cc64 a1 f8647600 mov eax,dword ptr ds:[0x7664f8] +// 0053cc69 33c4 xor eax,esp +// 0053cc6b 898424 20020000 mov dword ptr ss:[esp+0x220],eax +// 0053cc72 53 push ebx +// 0053cc73 55 push ebp +// 0053cc74 56 push esi +// 0053cc75 57 push edi +// +// Stack: +// 0544e974 0053d593 return to .0053d593 from .0053cc50 +// 0544e978 045cc820 +// 0544e97c 00008dc5 : jichi: text +// 0544e980 00000016 +// 0544e984 0452f2e4 +// 0544e988 00000000 +// 0544e98c 00000001 +// 0544e990 0544ea94 +// 0544e994 04513840 +// 0544e998 0452f2b8 +// 0544e99c 04577638 +// 0544e9a0 04620450 +// 0544e9a4 00000080 +// 0544e9a8 00000080 +// 0544e9ac 004914f3 return to .004914f3 from .0055c692 +// +// Registers: +// edx 0 +// ebx 00000016 +// +// +// New engine: イノセントガール +// Stack: +// 051ae508 0054e9d1 return to .0054e9d1 from .0054e310 +// 051ae50c 04361650 +// 051ae510 00008ca9 ; jichi: text +// 051ae514 0000001a +// 051ae518 04343864 +// 051ae51c 00000000 +// 051ae520 00000001 +// 051ae524 051ae62c +// 051ae528 041edc20 +// 051ae52c 04343830 +// 051ae530 0434a8b0 +// 051ae534 0434a7f0 +// 051ae538 00000080 +// 051ae53c 00000080 +// 051ae540 3f560000 +// 051ae544 437f8000 +// 051ae548 4433e000 +// 051ae54c 16f60c00 +// 051ae550 051ae650 +// 051ae554 042c4c20 +// 051ae558 0000002c +// 051ae55c 00439bc5 return to .00439bc5 from .0043af60 +// +// Registers & stack: +// Scenario: +// eax 04361650 +// ecx 04357640 +// edx 04343864 +// ebx 0000001a +// esp 051ae508 +// ebp 00008169 +// esi 04357640 +// edi 051ae62c +// eip 0054e310 .0054e310 +// +// 051ae508 0054e9d1 return to .0054e9d1 from .0054e310 +// 051ae50c 04361650 +// 051ae510 00008169 +// 051ae514 0000001a +// 051ae518 04343864 +// 051ae51c 00000000 +// 051ae520 00000001 +// 051ae524 051ae62c +// 051ae528 041edc20 +// 051ae52c 04343830 +// 051ae530 0434a8b0 +// 051ae534 0434a7f0 +// 051ae538 00000080 +// 051ae53c 00000080 +// 051ae540 3f560000 +// 051ae544 437f8000 +// 051ae548 4433e000 +// 051ae54c 16f60c00 +// 051ae550 051ae650 +// 051ae554 042c4c20 +// 051ae558 0000002c +// +// Name: +// +// eax 04362430 +// ecx 17025230 +// edx 0430b6e4 +// ebx 0000001a +// esp 051ae508 +// ebp 00008179 +// esi 17025230 +// edi 051ae62c +// eip 0054e310 .0054e310 +// +// 051ae508 0054e9d1 return to .0054e9d1 from .0054e310 +// 051ae50c 04362430 +// 051ae510 00008179 +// 051ae514 0000001a +// 051ae518 0430b6e4 +// 051ae51c 00000000 +// 051ae520 00000001 +// 051ae524 051ae62c +// 051ae528 041edae0 +// 051ae52c 0430b6b0 +// 051ae530 0434a790 +// 051ae534 0434a910 +// 051ae538 00000080 +// 051ae53c 00000080 +// 051ae540 3efa0000 +// 051ae544 4483f000 +// 051ae548 44322000 +// 051ae54c 16f60aa0 +// 051ae550 051ae650 +// 051ae554 042c4c20 +// 051ae558 0000002c + +static void SpecialHookCatSystem3(hook_stack *stack, HookParam *, uintptr_t *data, uintptr_t *split, size_t *len) +{ + // DWORD ch = *data = *(DWORD *)(esp_base + hp->offset); // arg2 + DWORD ch = *data = stack->stack[2]; + *len = LeadByteTable[(ch >> 8) & 0xff]; // CODEC_ANSI_BE + *split = stack->edx >> 16; +} + +bool InsertCatSystemHook() +{ + // DWORD search=0x95EB60F; + // DWORD j,i=SearchPattern(processStartAddress,processStopAddress-processStartAddress,&search,4); + // if (i==0) return; + // i+=processStartAddress; + // for (j=i-0x100;i>j;i--) + // if (*(DWORD*)i==0xcccccccc) break; + // if (i==j) return; + // hp.address=i+4; + // hp.offset=get_reg(regs::eax); + // hp.index=4; + // hp.type =CODEC_ANSI_BE|DATA_INDIRECT|USING_SPLIT|SPLIT_INDIRECT; + // hp.length_offset=1; + + enum + { + beg = 0xff6acccc + }; // jichi 7/12/2014: beginning of the function + enum + { + addr_offset = 2 + }; // skip two leading 0xcc + ULONG addr = MemDbg::findCallerAddress((ULONG)::GetTextMetricsA, beg, processStartAddress, processStopAddress); + if (!addr) + { + ConsoleOutput("CatSystem2: pattern not exist"); + return false; + } + + HookParam hp; + hp.address = addr + addr_offset; // skip 1 push? + hp.offset = get_stack(2); // text character is in arg2 + + // jichi 12/23/2014: Modify split for new catsystem + bool newEngine = Util::CheckFile(L"cs2conf.dll"); + if (newEngine) + { + // hp.text_fun = SpecialHookCatSystem3; // type not needed + // NewHook(hp, "CatSystem3"); + // ConsoleOutput("INSERT CatSystem3"); + hp.type = CODEC_ANSI_BE | USING_SPLIT; + hp.split = get_reg(regs::esi); + ConsoleOutput("INSERT CatSystem3new"); + return NewHook(hp, "CatSystem3new"); + } + else + { + BYTE check[] = {0x66, 0x83, 0xff, 0x20, // 0x20 + 0x0f, 0x84, XX4, + 0xb8, 0x40, 0x81, 0x00, 0x00, // 0x8140 + 0x66, 0x3b, 0xf8}; + if (MemDbg::findBytes(check, sizeof(check), addr, addr + 0x100)) + { + hp.split = get_stack(1); + hp.offset = get_reg(regs::edx); + } + else + { + hp.split = get_reg(regs::edx); + } + hp.type = CODEC_ANSI_BE | USING_SPLIT; + ConsoleOutput("INSERT CatSystem2"); + return NewHook(hp, "CatSystem2"); + } +} +bool InsertCatSystem2Hook() +{ + + /* + * Sample games: + * https://vndb.org/v26987 + */ + const BYTE bytes[] = { + 0x38, 0x08, // cmp [eax],cl + 0x0F, 0x84, XX4, // je cs2.exe+23E490 + 0x66, 0x66, 0x0F, 0x1F, 0x84, 0x00, XX4, // nop word ptr [eax+eax+00000000] + 0x4F, // dec edi + 0xC7, 0x85, XX4, XX4, // mov [ebp-000005A0],00000000 + 0x33, 0xF6, // xor esi,esi + 0xC7, 0x85, XX4, XX4, // mov [ebp-0000057C],00000000 + 0x85, 0xFF // test edi,edi + }; + + ULONG range = min(processStopAddress - processStartAddress, MAX_REL_ADDR); + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStartAddress + range); + if (!addr) + { + return false; + } + + HookParam hp; + hp.address = addr; + hp.offset = get_reg(regs::eax); + hp.type = USING_STRING | CODEC_UTF8; + hp.filter_fun = [](void *data, size_t *len, HookParam *hp) + { + static std::regex rx(R"(\[(.+?)/.+\])"); + auto _ = std::regex_replace(std::string((char *)data, *len), rx, "$1"); + return write_string_overwrite(data, len, _); + }; + return NewHook(hp, "CatSystem2new"); +} +namespace +{ // unnamed + namespace Patch + { + + namespace Private + { + // String in ecx + // bool __fastcall isLeadByteChar(const char *s, DWORD edx) + // bool isLeadByteChar(hook_stack*s,void* data, size_t* len,uintptr_t*role) + // { + // auto pc=(CHAR*)s->ecx; + + // s->eax=(bool)((pc)&&dynsjis::isleadbyte(*pc)); + // return false; + + // //return dynsjis::isleadstr(s); // no idea why this will cause Grisaia3 to hang + // //return ::IsDBCSLeadByte(HIBYTE(testChar)); + // } + bool isLeadByteChar(char *s) + { + return s && dynsjis::isleadchar(*s); + + // return dynsjis::isleadstr(s); // no idea why this will cause Grisaia3 to hang + // return ::IsDBCSLeadByte(HIBYTE(testChar)); + } + __declspec(naked) bool thiscallisLeadByteChar() + { + __asm { + push ecx + call isLeadByteChar + pop ecx + ret + } + } + + } // namespace Private + + /** + * Sample game: ゆきこいめると + * + * This function is found by searching the following instruction: + * 00511C8E 3C 81 CMP AL,0x81 + * + * This function is very similar to that in LC-ScriptEngine. + * + * Return 1 if the first byte in arg1 is leading byte else 0. + * + * 00511C7C CC INT3 + * 00511C7D CC INT3 + * 00511C7E CC INT3 + * 00511C7F CC INT3 + * 00511C80 8B4C24 04 MOV ECX,DWORD PTR SS:[ESP+0x4] + * 00511C84 85C9 TEST ECX,ECX + * 00511C86 74 2F JE SHORT .00511CB7 + * 00511C88 8A01 MOV AL,BYTE PTR DS:[ECX] + * 00511C8A 84C0 TEST AL,AL + * 00511C8C 74 29 JE SHORT .00511CB7 + * 00511C8E 3C 81 CMP AL,0x81 + * 00511C90 72 04 JB SHORT .00511C96 + * 00511C92 3C 9F CMP AL,0x9F + * 00511C94 76 08 JBE SHORT .00511C9E + * 00511C96 3C E0 CMP AL,0xE0 + * 00511C98 72 1D JB SHORT .00511CB7 + * 00511C9A 3C EF CMP AL,0xEF + * 00511C9C 77 19 JA SHORT .00511CB7 + * 00511C9E 8A41 01 MOV AL,BYTE PTR DS:[ECX+0x1] + * 00511CA1 3C 40 CMP AL,0x40 + * 00511CA3 72 04 JB SHORT .00511CA9 + * 00511CA5 3C 7E CMP AL,0x7E + * 00511CA7 76 08 JBE SHORT .00511CB1 + * 00511CA9 3C 80 CMP AL,0x80 + * 00511CAB 72 0A JB SHORT .00511CB7 + * 00511CAD 3C FC CMP AL,0xFC + * 00511CAF 77 06 JA SHORT .00511CB7 + * 00511CB1 B8 01000000 MOV EAX,0x1 + * 00511CB6 C3 RETN + * 00511CB7 33C0 XOR EAX,EAX + * 00511CB9 C3 RETN + * 00511CBA CC INT3 + * 00511CBB CC INT3 + * 00511CBC CC INT3 + * 00511CBD CC INT3 + * + * Sample game: Grisaia3 グリザイアの楽園 + * 0050747F CC INT3 + * 00507480 8B4C24 04 MOV ECX,DWORD PTR SS:[ESP+0x4] ; jichi: text in arg1 + * 00507484 85C9 TEST ECX,ECX + * 00507486 74 2F JE SHORT .005074B7 + * 00507488 8A01 MOV AL,BYTE PTR DS:[ECX] + * 0050748A 84C0 TEST AL,AL + * 0050748C 74 29 JE SHORT .005074B7 + * 0050748E 3C 81 CMP AL,0x81 + * 00507490 72 04 JB SHORT .00507496 + * 00507492 3C 9F CMP AL,0x9F + * 00507494 76 08 JBE SHORT .0050749E + * 00507496 3C E0 CMP AL,0xE0 + * 00507498 72 1D JB SHORT .005074B7 + * 0050749A 3C EF CMP AL,0xEF + * 0050749C 77 19 JA SHORT .005074B7 + * 0050749E 8A41 01 MOV AL,BYTE PTR DS:[ECX+0x1] + * 005074A1 3C 40 CMP AL,0x40 + * 005074A3 72 04 JB SHORT .005074A9 + * 005074A5 3C 7E CMP AL,0x7E + * 005074A7 76 08 JBE SHORT .005074B1 + * 005074A9 3C 80 CMP AL,0x80 + * 005074AB 72 0A JB SHORT .005074B7 + * 005074AD 3C FC CMP AL,0xFC + * 005074AF 77 06 JA SHORT .005074B7 + * 005074B1 B8 01000000 MOV EAX,0x1 + * 005074B6 C3 RETN + * 005074B7 33C0 XOR EAX,EAX + * 005074B9 C3 RETN + * 005074BA CC INT3 + * 005074BB CC INT3 + * 005074BC CC INT3 + * 005074BD CC INT3 + * + * Sample game: Grisaia1 グリザイアの果実 + * 0041488A CC INT3 + * 0041488B CC INT3 + * 0041488C CC INT3 + * 0041488D CC INT3 + * 0041488E CC INT3 + * 0041488F CC INT3 + * 00414890 85C9 TEST ECX,ECX ; jichi: text in ecx + * 00414892 74 2F JE SHORT Grisaia.004148C3 + * 00414894 8A01 MOV AL,BYTE PTR DS:[ECX] + * 00414896 84C0 TEST AL,AL + * 00414898 74 29 JE SHORT Grisaia.004148C3 + * 0041489A 3C 81 CMP AL,0x81 + * 0041489C 72 04 JB SHORT Grisaia.004148A2 + * 0041489E 3C 9F CMP AL,0x9F + * 004148A0 76 08 JBE SHORT Grisaia.004148AA + * 004148A2 3C E0 CMP AL,0xE0 + * 004148A4 72 1D JB SHORT Grisaia.004148C3 + * 004148A6 3C EF CMP AL,0xEF + * 004148A8 77 19 JA SHORT Grisaia.004148C3 + * 004148AA 8A41 01 MOV AL,BYTE PTR DS:[ECX+0x1] + * 004148AD 3C 40 CMP AL,0x40 + * 004148AF 72 04 JB SHORT Grisaia.004148B5 + * 004148B1 3C 7E CMP AL,0x7E + * 004148B3 76 08 JBE SHORT Grisaia.004148BD + * 004148B5 3C 80 CMP AL,0x80 + * 004148B7 72 0A JB SHORT Grisaia.004148C3 + * 004148B9 3C FC CMP AL,0xFC + * 004148BB 77 06 JA SHORT Grisaia.004148C3 + * 004148BD B8 01000000 MOV EAX,0x1 + * 004148C2 C3 RETN + * 004148C3 33C0 XOR EAX,EAX + * 004148C5 C3 RETN + * 004148C6 CC INT3 + * 004148C7 CC INT3 + * 004148C8 CC INT3 + */ + + ULONG patchEncoding(ULONG startAddress, ULONG stopAddress) + { + const uint8_t bytes[] = { + 0x74, 0x29, // 00511c8c 74 29 je short .00511cb7 + 0x3c, 0x81 // 00511c8e 3c 81 cmp al,0x81 + }; + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), startAddress, stopAddress); + if (!addr) + return false; + addr = MemDbg::findEnclosingAlignedFunction(addr); + if (!addr) + return false; + for (auto p = addr; p - addr < 20; p += ::disasm((LPCVOID)p)) + if (*(WORD *)p == 0xc985) // 00414890 85C9 TEST ECX,ECX ; jichi: text in ecx + return addr; // winhook::replace_fun(p, (ULONG)Private::isLeadByteChar); + return 0; + } + + } // namespace Patch + + /** + * Sample game: ゆきこいめると + * + * Example prefix to skip: + * 03751294 81 40 5C 70 63 81 75 83 7B 83 4E 82 CC 8E AF 82  \pc「ボクの識・ + * + * 033CF370 5C 6E 81 40 5C 70 63 8C 4A 82 E8 95 D4 82 BB 82 \n \pc繰り返そ・ + * 033CF380 A4 81 41 96 7B 93 96 82 C9 81 41 82 B1 82 CC 8B 、、本当に、この・ + * 033CF390 47 90 DF 82 CD 81 41 83 8D 83 4E 82 C8 82 B1 82 G節は、ロクなこ・ + * 033CF3A0 C6 82 AA 82 C8 82 A2 81 42 00 AA 82 C8 82 A2 81 ニがない。.ェない・ + * 033CF3B0 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 B............... + * 033CF3C0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ + * 033CF3D0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ + * 033CF3E0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ + * 033CF3F0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ + * 033CF400 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ + * + * Sample choice texts: + * + * str 155 選択肢 + * + * 0 op01 最初から始める + * + * 1 select_go_tar たるひ初キスシーンを見る + */ + template + strT ltrim(strT text) + { + strT lastText = nullptr; + while (*text && text != lastText) + { + lastText = text; + if (text[0] == 0x20) + text++; + if ((UINT8)text[0] == 0x81 && (UINT8)text[1] == 0x40) // skip space \u3000 (0x8140 in sjis) + text += 2; + if (text[0] == '\\') + { + text++; + while (::islower(text[0]) || text[0] == '@') + text++; + } + } + while ((signed char)text[0] > 0 && text[0] != '[') // skip all leading ascii characters except "[" needed for ruby + text++; + return text; + } + + // Remove trailing '\@' + size_t rtrim(LPCSTR text) + { + size_t size = ::strlen(text); + while (size >= 2 && text[size - 2] == '\\' && (UINT8)text[size - 1] <= 127) + size -= 2; + return size; + } + + namespace ScenarioHook + { + namespace Private + { + + bool isOtherText(LPCSTR text) + { + /* Sample game: ゆきこいめると */ + return ::strcmp(text, "\x91\x49\x91\xf0\x8e\x88") == 0; /* 選択肢 */ + } + + /** + * Sample game: 果つることなき未来ヨリ + * + * Sample ecx: + * + * 03283A88 24 00 CD 02 76 16 02 00 24 00 CD 02 58 00 CD 02 $.ヘv.$.ヘX.ヘ + * 03283A98 BD 2D 01 00 1C 1C 49 03 14 65 06 00 14 65 06 00 ス-.Ie.e. + * this is ID, this is the same ID: 0x066514 + * 03283AA8 80 64 06 00 20 8C 06 00 24 00 6C 0D 00 00 10 00 €d. ・.$.l.... + * this is ID: 0x066480 + * 03283AB8 C8 F1 C2 00 21 00 00 00 48 A9 75 00 E8 A9 96 00 ネ.!...Hゥu.隧・ + * 03283AC8 00 00 00 00 48 80 4F 03 00 00 00 00 CC CC CC CC ....H€O....フフフフ + * 03283AD8 CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC フフフフフフフフフフフフフフフフ + */ + // struct ClassArgument // for ecx + //{ + // DWORD unknown[7], + // split1, // 0x20 - 9 + // split2; // 0x20 + // // split1 - split2 is always 0x94 + // DWORD split() const { return split1 - split2; } // + // }; + + static bool containsNamePunct_(const char *text) + { + static const char *puncts[] = { + "\x81\x41" /* 、 */ + , + "\x81\x43" /* , */ + , + "\x81\x42" /* 。 */ + //, "\x81\x48" /* ? */ + , + "\x81\x49" /* ! */ + , + "\x81\x63" /* … */ + , + "\x81\x64" /* ‥ */ + + //, "\x81\x79" /* 【 */ + //, "\x81\x7a" /* 】 */ + , + "\x81\x75" /* 「 */ + , + "\x81\x76" /* 」 */ + , + "\x81\x77" /* 『 */ + , + "\x81\x78" /* 』 */ + //, "\x81\x69" /* ( */ + //, "\x81\x6a" /* ) */ + //, "\x81\x6f" /* { */ + //, "\x81\x70" /* } */ + //, "\x81\x71" /* 〈 */ + //, "\x81\x72" /* 〉 */ + , + "\x81\x6d" /* [ */ + , + "\x81\x6e" /* ] */ + //, "\x81\x83", /* < */ + //, "\x81\x84", /* > */ + , + "\x81\x65" /* ‘ */ + , + "\x81\x66" /* ’ */ + , + "\x81\x67" /* “ */ + , + "\x81\x68" /* ” */ + }; + for (size_t i = 0; i < sizeof(puncts) / sizeof(*puncts); i++) + if (::strstr(text, puncts[i])) + return true; + + if (::strstr(text, "\x81\x48") /* ? */ + && !::strstr(text, "\x81\x48\x81\x48\x81\x48")) /* ??? */ + return true; + return false; + } + bool guessIsNameText(const char *text, size_t size) + { + enum + { + MaximumNameSize = 0x10 + }; + if (!size) + size = ::strlen(text); + return size < MaximumNameSize && !containsNamePunct_(text); + } + LPSTR trimmedText; + size_t trimmedSize; + void hookBefore(hook_stack *s, HookParam *hp, TextBuffer *buffer, uintptr_t *role) + { + // static std::unordered_set hashes_; + auto text = (LPSTR)s->eax; // arg1 + if (!text || !*text || all_ascii(text)) + return ; + // Alternatively, if do not skip ascii chars, edx is always 0x4ef74 for Japanese texts + // if (s->edx != 0x4ef74) + // return true; + trimmedText = ltrim(text); + if (!trimmedText || !*trimmedText) + return ; + trimmedSize = rtrim(trimmedText); + *role = Engine::OtherRole; + // DOUT(QString::fromLocal8Bit((LPCSTR)s->esi)); + // auto splitText = (LPCSTR)s->esi; + // if (::strcmp(splitText, "MES_SETNAME")) // This is for scenario text with voice + // if (::strcmp(splitText, "MES_SETFACE")) + // if (::strcmp(splitText, "pcm")) // first scenario or history without text + // return true; + // auto retaddr = s->stack[1]; // caller + // auto retaddr = s->stack[13]; // parent caller + // auto split = *(DWORD *)s->esi; + // auto split = s->esi - s->eax; + // DOUT(split); + // auto self = (ClassArgument *)s->ecx; + // auto split = self->split(); + // enum { sig = 0 }; + auto self = s->ecx; + if (!Engine::isAddressWritable(self)) // old cs2 game such as Grisaia + self = s->stack[2]; // arg1 + ULONG groupId = self; + if (Engine::isAddressWritable(self)) + groupId = *(DWORD *)(self + 0x20); + { + static ULONG minimumGroupId_ = -1; // I assume scenario thread to have minimum groupId + + // if (session_.addText(groupId, Engine::hashCharArray(text))) { + if (groupId <= minimumGroupId_) + { + minimumGroupId_ = groupId; + + *role = Engine::ScenarioRole; + if (isOtherText(text)) + *role = Engine::OtherRole; + else if (::isdigit(text[0])) + *role = Engine::ChoiceRole; + else if (trimmedText == text && !trimmedText[trimmedSize] // no prefix and suffix + && guessIsNameText(trimmedText, trimmedSize)) + *role = Engine::NameRole; + } + } + + std::string oldData(trimmedText, trimmedSize); + strReplace(oldData, "\\n", "\n"); + buffer->from(oldData); + } + void hookafter(hook_stack *s, void *data, size_t len) + { + auto newData = std::string((char *)data, len); + strReplace(newData, "\n", "\\n"); + if (trimmedText[trimmedSize]) + newData.append(trimmedText + trimmedSize); + ::strcpy(trimmedText, newData.c_str()); + } + } // namespace Private + + /** + * Sample game: 果つることなき未来ヨリ + * + * Debugging message: + * - Hook to GetGlyphOutlineA + * - Find "MES_SHOW" address on the stack + * Alternatively, find the address of "fes.int/flow.fes" immediately after the game is launched + * - Use hardware breakpoint to find out when "MES_SHOW" is overridden + * Only stop when text is written by valid scenario text. + * + * 00503ADE CC INT3 + * 00503ADF CC INT3 + * 00503AE0 8B4424 0C MOV EAX,DWORD PTR SS:[ESP+0xC] + * 00503AE4 8B4C24 04 MOV ECX,DWORD PTR SS:[ESP+0x4] + * 00503AE8 56 PUSH ESI + * 00503AE9 FF30 PUSH DWORD PTR DS:[EAX] + * 00503AEB E8 102F1600 CALL Hatsumir.00666A00 ; jichi: text in eax after this call + * 00503AF0 BE 18058900 MOV ESI,Hatsumir.00890518 ; ASCII "fes.int/flow.fes" + * 00503AF5 8BC8 MOV ECX,EAX ; jichi: esi is the target location + * 00503AF7 2BF0 SUB ESI,EAX + * 00503AF9 8DA424 00000000 LEA ESP,DWORD PTR SS:[ESP] + * 00503B00 8A11 MOV DL,BYTE PTR DS:[ECX] + * 00503B02 8D49 01 LEA ECX,DWORD PTR DS:[ECX+0x1] + * 00503B05 88540E FF MOV BYTE PTR DS:[ESI+ECX-0x1],DL ; jichi: target location modified here + * 00503B09 84D2 TEST DL,DL + * 00503B0B ^75 F3 JNZ SHORT Hatsumir.00503B00 + * 00503B0D 8B4C24 0C MOV ECX,DWORD PTR SS:[ESP+0xC] + * 00503B11 50 PUSH EAX + * 00503B12 68 18058900 PUSH Hatsumir.00890518 ; ASCII "fes.int/flow.fes" + * 00503B17 8B89 B4000000 MOV ECX,DWORD PTR DS:[ECX+0xB4] + * 00503B1D E8 EE030B00 CALL Hatsumir.005B3F10 + * 00503B22 B8 02000000 MOV EAX,0x2 + * 00503B27 5E POP ESI + * 00503B28 C2 1000 RETN 0x10 + * 00503B2B CC INT3 + * 00503B2C CC INT3 + * 00503B2D CC INT3 + * 00503B2E CC INT3 + * + * EAX 0353B1A0 ; jichi: text here + * ECX 00D86D08 + * EDX 0004EF74 + * EBX 00012DB2 + * ESP 0525EBAC + * EBP 0525ED6C + * ESI 00D86D08 + * EDI 00000000 + * EIP 00503AF0 Hatsumir.00503AF0 + * + * 0525EBAC 00D86D08 + * 0525EBB0 0066998E RETURN to Hatsumir.0066998E + * 0525EBB4 00D86D08 + * 0525EBB8 00B16188 + * 0525EBBC 035527D8 + * 0525EBC0 0525EBE4 + * 0525EBC4 00B16188 + * 0525EBC8 00D86D08 + * 0525EBCC 0525F62B ASCII "ript.kcs" + * 0525EBD0 00000004 + * 0525EBD4 00000116 + * 0525EBD8 00000003 + * 0525EBDC 00000003 + * 0525EBE0 00665C08 RETURN to Hatsumir.00665C08 + * 0525EBE4 CCCCCCCC + * 0525EBE8 0525F620 ASCII "kcs.int/sscript.kcs" + * 0525EBEC 00694D94 Hatsumir.00694D94 + * 0525EBF0 004B278F RETURN to Hatsumir.004B278F from Hatsumir.00666CA0 + * 0525EBF4 B3307379 + * 0525EBF8 0525ED04 + * 0525EBFC 00B16188 + * 0525EC00 0525ED04 + * 0525EC04 00B16188 + * 0525EC08 00CC5440 + * 0525EC0C 02368938 + * 0525EC10 0069448C ASCII "%s/%s" + * 0525EC14 00B45B18 ASCII "kcs.int" + * 0525EC18 00000001 + * 0525EC1C 023741E0 + * 0525EC20 0000000A + * 0525EC24 0049DBB3 RETURN to Hatsumir.0049DBB3 from Hatsumir.00605A84 + * 0525EC28 72637373 + * 0525EC2C 2E747069 + * 0525EC30 0073636B Hatsumir.0073636B + * 0525EC34 0525ED04 + * 0525EC38 0053ECDE RETURN to Hatsumir.0053ECDE from Hatsumir.004970C0 + * 0525EC3C 0525EC80 + * 0525EC40 023D9FB8 + * + * Alternative ruby hook: + * It will hook to the beginning of the Ruby processing function, which is not better than the current approach. + * http://lab.aralgood.com/index.php?mid=board_lecture&search_target=title_content&search_keyword=CS&document_srl=1993027 + * + * Sample game: Grisaia3 グリザイアの楽園 + * + * 004B00CB CC INT3 + * 004B00CC CC INT3 + * 004B00CD CC INT3 + * 004B00CE CC INT3 + * 004B00CF CC INT3 + * 004B00D0 8B4424 0C MOV EAX,DWORD PTR SS:[ESP+0xC] + * 004B00D4 8B08 MOV ECX,DWORD PTR DS:[EAX] + * 004B00D6 56 PUSH ESI + * 004B00D7 51 PUSH ECX + * 004B00D8 8B4C24 0C MOV ECX,DWORD PTR SS:[ESP+0xC] + * 004B00DC E8 7F191300 CALL .005E1A60 + * 004B00E1 BE D0E87B00 MOV ESI,.007BE8D0 + * 004B00E6 8BC8 MOV ECX,EAX + * 004B00E8 2BF0 SUB ESI,EAX + * 004B00EA 8D9B 00000000 LEA EBX,DWORD PTR DS:[EBX] + * 004B00F0 8A11 MOV DL,BYTE PTR DS:[ECX] + * 004B00F2 88140E MOV BYTE PTR DS:[ESI+ECX],DL + * 004B00F5 41 INC ECX + * 004B00F6 84D2 TEST DL,DL + * 004B00F8 ^75 F6 JNZ SHORT .004B00F0 + * 004B00FA 8B5424 0C MOV EDX,DWORD PTR SS:[ESP+0xC] + * 004B00FE 8B8A B4000000 MOV ECX,DWORD PTR DS:[EDX+0xB4] + * 004B0104 50 PUSH EAX + * 004B0105 68 D0E87B00 PUSH .007BE8D0 + * 004B010A E8 818D0600 CALL .00518E90 + * 004B010F B8 02000000 MOV EAX,0x2 + * 004B0114 5E POP ESI + * 004B0115 C2 1000 RETN 0x10 + * 004B0118 CC INT3 + * 004B0119 CC INT3 + * 004B011A CC INT3 + * 004B011B CC INT3 + * 004B011C CC INT3 + * + * Sample game: Grisaia1 グリザイアの果実 + * 00498579 CC INT3 + * 0049857A CC INT3 + * 0049857B CC INT3 + * 0049857C CC INT3 + * 0049857D CC INT3 + * 0049857E CC INT3 + * 0049857F CC INT3 + * 00498580 8B4424 0C MOV EAX,DWORD PTR SS:[ESP+0xC] + * 00498584 8B08 MOV ECX,DWORD PTR DS:[EAX] ; jichi: ecx is no longer a pointer + * 00498586 8B4424 04 MOV EAX,DWORD PTR SS:[ESP+0x4] + * 0049858A 56 PUSH ESI + * 0049858B E8 10920500 CALL Grisaia.004F17A0 + * 00498590 BE D89C7600 MOV ESI,Grisaia.00769CD8 ; ASCII "bgm01" + * 00498595 8BC8 MOV ECX,EAX + * 00498597 2BF0 SUB ESI,EAX + * 00498599 8DA424 00000000 LEA ESP,DWORD PTR SS:[ESP] + * 004985A0 8A11 MOV DL,BYTE PTR DS:[ECX] + * 004985A2 88140E MOV BYTE PTR DS:[ESI+ECX],DL + * 004985A5 41 INC ECX + * 004985A6 84D2 TEST DL,DL + * 004985A8 ^75 F6 JNZ SHORT Grisaia.004985A0 + * 004985AA 8B4C24 0C MOV ECX,DWORD PTR SS:[ESP+0xC] + * 004985AE 8B91 B4000000 MOV EDX,DWORD PTR DS:[ECX+0xB4] + * 004985B4 50 PUSH EAX + * 004985B5 68 D89C7600 PUSH Grisaia.00769CD8 ; ASCII "bgm01" + * 004985BA 52 PUSH EDX + * 004985BB E8 701C0600 CALL Grisaia.004FA230 + * 004985C0 B8 02000000 MOV EAX,0x2 + * 004985C5 5E POP ESI + * 004985C6 C2 1000 RETN 0x10 + * 004985C9 CC INT3 + * 004985CA CC INT3 + * 004985CB CC INT3 + * 004985CC CC INT3 + * 004985CD CC INT3 + */ + bool attach(ULONG startAddress, ULONG stopAddress, HookParamType code) + { + const uint8_t bytes[] = { + 0xe8, XX4, // 004b00dc e8 7f191300 call .005e1a60 ; jichi: hook after here + 0xbe, XX4, // 004b00e1 be d0e87b00 mov esi,.007be8d0 + 0x8b, 0xc8, // 004b00e6 8bc8 mov ecx,eax + 0x2b, 0xf0 // 004b00e8 2bf0 sub esi,eax + // XX2, XX, 0x00,0x00,0x00 // 004b00ea 8d9b 00000000 lea ebx,dword ptr ds:[ebx] + }; + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), startAddress, stopAddress); + if (addr == 0) + return false; + HookParam hp; + hp.address = addr + 5; + hp.type = USING_STRING | EMBED_ABLE|NO_CONTEXT; + if (code) + hp.type |= code; + else + hp.type |= EMBED_DYNA_SJIS; + hp.text_fun = Private::hookBefore; + hp.hook_after = Private::hookafter; + hp.hook_font = F_GetGlyphOutlineA; + hp.filter_fun = [](void *data, size_t *len, HookParam *hp) + { + static std::regex rx(R"(\[(.+?)/.+\])"); + auto _ = std::regex_replace(std::string((char *)data, *len), rx, "$1"); + return write_string_overwrite(data, len, _); + }; + + static ULONG p; + p = Patch::patchEncoding(startAddress, stopAddress); + if (p) + { + hp.type |= EMBED_DYNA_SJIS; + hp.hook_font = F_GetGlyphOutlineA; + patch_fun = []() + { + if (*(WORD *)p == 0xc985) + { // test ecx,ecx , thiscall + ReplaceFunction((PVOID)p, (PVOID)(ULONG)Patch::Private::thiscallisLeadByteChar); + } + else + ReplaceFunction((PVOID)p, (PVOID)(ULONG)Patch::Private::isLeadByteChar); + }; + } + + return NewHook(hp, "EmbedCS2"); + } + } +} // namespace ScenarioHook +bool CatSystem::attach_function() +{ + HookParamType code = CODEC_ANSI_LE; + auto b1 = InsertCatSystemHook(); + if (!b1) + { + b1 |= InsertCatSystem2Hook(); + code = CODEC_UTF8; + } + auto embed = ScenarioHook::attach(processStartAddress, processStopAddress, code); + + b1 |= embed; + return b1; +} \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine32/CatSystem.h b/cpp/LunaHook/LunaHook/engine32/CatSystem.h new file mode 100644 index 00000000..7d3315fd --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/CatSystem.h @@ -0,0 +1,12 @@ + + +class CatSystem:public ENGINE{ + public: + CatSystem(){ + + check_by=CHECK_BY::FILE; + check_by_target=L"*.int"; + is_engine_certain=false; + }; + bool attach_function(); +}; \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine32/Ciel.cpp b/cpp/LunaHook/LunaHook/engine32/Ciel.cpp new file mode 100644 index 00000000..4d155f2a --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/Ciel.cpp @@ -0,0 +1,49 @@ +#include"Ciel.h" + +bool CielFilter(LPVOID data, size_t *size, HookParam *) +{ + auto text = reinterpret_cast(data); + auto len = reinterpret_cast(size); + + if (*len == 1) return false; + + //StringCharReplacer(text, len, "^n", 2, ' '); + + return true; +} + +bool InsertCielHook() +{ + + /* + * Sample games: + * https://vndb.org/r26480 + * https://vndb.org/v1648 + * https://vndb.org/v10392 + */ + const BYTE bytes[] = { + 0x50, // push eax << hook here + 0xE8, XX4, // call FaultA.exe+81032 + 0x83, 0xC4, 0x04, // add esp,04 + 0x85, 0xC0, // test eax,eax + 0x74, 0x32, // je FaultA.exe+41FA6 + 0x81, 0x7C, 0x24, 0x10, XX4 // cmp [esp+10],000003FE + }; + + ULONG range = min(processStopAddress - processStartAddress, MAX_REL_ADDR); + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStartAddress + range); + if (!addr) return false; + + HookParam hp; + hp.address = addr; + hp.offset=get_reg(regs::edi); + hp.index = 0; + hp.type = DATA_INDIRECT; + hp.filter_fun = CielFilter; + + return NewHook(hp, "Ciel"); +} +bool Ciel::attach_function() { + + return InsertCielHook(); +} \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine32/Ciel.h b/cpp/LunaHook/LunaHook/engine32/Ciel.h new file mode 100644 index 00000000..1069a04f --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/Ciel.h @@ -0,0 +1,11 @@ + + +class Ciel:public ENGINE{ + public: + Ciel(){ + + check_by=CHECK_BY::FILE; + check_by_target=L"sys/kidoku.dat"; + }; + bool attach_function(); +}; \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine32/Circus1.cpp b/cpp/LunaHook/LunaHook/engine32/Circus1.cpp new file mode 100644 index 00000000..102cf722 --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/Circus1.cpp @@ -0,0 +1,82 @@ +#include"Circus1.h" + /******************************************************************************************** +CIRCUS hook: + Game folder contains advdata folder. Used by CIRCUS games. + Usually has font caching issues. But trace back from GetGlyphOutline gives a hook + which generate repetition. + If we study circus engine follow Freaka's video, we can easily discover that + in the game main module there is a static buffer, which is filled by new text before + it's drawing to screen. By setting a hardware breakpoint there we can locate the + function filling the buffer. But we don't have to set hardware breakpoint to search + the hook address if we know some characteristic instruction(cmp al,0x24) around there. +********************************************************************************************/ +bool InsertCircusHook1() // jichi 10/2/2013: Change return type to bool +{ + for (DWORD i = processStartAddress + 0x1000; i < processStopAddress - 4; i++) + if (*(WORD *)i == 0xa3c) //cmp al, 0xA; je + for (DWORD j = i; j < i + 0x100; j++) { + BYTE c = *(BYTE *)j; + if (c == 0xc3) + break; + if (c == 0xe8) { + DWORD k = *(DWORD *)(j+1)+j+5; + if (k > processStartAddress && k < processStopAddress) { + HookParam hp; + hp.address = k; + hp.offset=get_stack(3); + hp.split =get_reg(regs::esp); + hp.type = DATA_INDIRECT|USING_SPLIT; + ConsoleOutput("INSERT CIRCUS#1"); + + //RegisterEngineType(ENGINE_CIRCUS); + return NewHook(hp, "Circus1"); + } + } + } + //break; + //ConsoleOutput("Unknown CIRCUS engine"); + ConsoleOutput("CIRCUS1: failed"); + return false; +} +namespace{ + //C.D.C.D.2~シーディーシーディー2~ + //https://vndb.org/v947 + bool circus12() + { + BYTE sig[]={ + 0x3C,0x24, + 0x0F,0x85,XX4, + 0x8A,0x47,0x01, + 0x47, + 0x3C,0x6E, + 0x75,XX, + 0xA0,XX4, + 0xB9,XX4, + 0x84,0xC0, + 0x0F,0x84,XX4, + 0x88,0x06, + 0x8A,0x41,0x01, + 0x46, + 0x41, + 0x84,0xC0, + 0x75,XX, + 0xE9,XX4, + 0x3C,0x66, + 0x75,XX + }; + auto addr=MemDbg::findBytes(sig,sizeof(sig),processStartAddress,processStopAddress); + if(!addr)return false; + addr=MemDbg::findEnclosingAlignedFunction(addr,0x40); + if(!addr)return false; + HookParam hp; + hp.address =addr; + hp.offset=get_stack(2); + hp.type = USING_STRING|EMBED_ABLE|EMBED_AFTER_NEW|EMBED_DYNA_SJIS; + hp.hook_font=F_GetGlyphOutlineA; + return NewHook(hp, "Circus1"); + } +} +bool Circus1::attach_function() { + + return InsertCircusHook1()|circus12(); +} \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine32/Circus1.h b/cpp/LunaHook/LunaHook/engine32/Circus1.h new file mode 100644 index 00000000..b0415e1d --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/Circus1.h @@ -0,0 +1,11 @@ + + +class Circus1:public ENGINE{ + public: + Circus1(){ + + check_by=CHECK_BY::FILE; + check_by_target=L"AdvData\\DAT\\NAMES.DAT"; + }; + bool attach_function(); +}; \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine32/Circus2.cpp b/cpp/LunaHook/LunaHook/engine32/Circus2.cpp new file mode 100644 index 00000000..1f108423 --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/Circus2.cpp @@ -0,0 +1,393 @@ +#include"Circus2.h" +namespace{ + bool filter(void* data, size_t* len, HookParam* hp){ + if (strstr((char*)data,"@i")||strstr((char*)data,"@y"))return false; + //{てんきゅう/天穹} + if(strstr((char*)data,"\x81\x6f")&&strstr((char*)data,"\x81\x5e")&&strstr((char*)data,"\x81\x70")){ + StringFilter((char*)data, len, "\x81\x70", 2); + StringFilterBetween((char*)data,len, "\x81\x6f", 2, "\x81\x5e", 2); + } + return true; + }; +} +/** + * jichi 6/5/2014: Sample function from DC3 at 0x4201d0 + * 004201ce cc int3 + * 004201cf cc int3 + * 004201d0 /$ 8b4c24 08 mov ecx,dword ptr ss:[esp+0x8] + * 004201d4 |. 8a01 mov al,byte ptr ds:[ecx] + * 004201d6 |. 84c0 test al,al + * 004201d8 |. 74 1c je short dc3.004201f6 + * 004201da |. 8b5424 04 mov edx,dword ptr ss:[esp+0x4] + * 004201de |. 8bff mov edi,edi + * 004201e0 |> 3c 24 /cmp al,0x24 + * 004201e2 |. 75 05 |jnz short dc3.004201e9 + * 004201e4 |. 83c1 02 |add ecx,0x2 + * 004201e7 |. eb 04 |jmp short dc3.004201ed + * 004201e9 |> 8802 |mov byte ptr ds:[edx],al + * 004201eb |. 42 |inc edx + * 004201ec |. 41 |inc ecx + * 004201ed |> 8a01 |mov al,byte ptr ds:[ecx] + * 004201ef |. 84c0 |test al,al + * 004201f1 |.^75 ed \jnz short dc3.004201e0 + * 004201f3 |. 8802 mov byte ptr ds:[edx],al + * 004201f5 |. c3 retn + * 004201f6 |> 8b4424 04 mov eax,dword ptr ss:[esp+0x4] + * 004201fa |. c600 00 mov byte ptr ds:[eax],0x0 + * 004201fd \. c3 retn + */ +bool InsertCircusHook2() // jichi 10/2/2013: Change return type to bool +{ + for (DWORD i = processStartAddress + 0x1000; i < processStopAddress -4; i++) + if ((*(DWORD *)i & 0xffffff) == 0x75243c) { // cmp al, 24; je + if (DWORD j = SafeFindEnclosingAlignedFunction(i, 0x80)) { + HookParam hp; + hp.address = j; + hp.offset=get_stack(2); + //hp.filter_fun = CharNewLineFilter; // \n\s* is used to remove new line + hp.type = USING_STRING; + //GROWL_DWORD(hp.address); // jichi 6/5/2014: 0x4201d0 for DC3 + + //RegisterEngineType(ENGINE_CIRCUS); + return NewHook(hp, "Circus"); + } + break; + } + //ConsoleOutput("Unknown CIRCUS engine."); + ConsoleOutput("CIRCUS: failed"); + return false; +} +namespace{ + bool c2(){ + //D.C.III Dream Days~ダ・カーポIII~ドリームデイズ + auto entry=Util::FindImportEntry(processStartAddress,(DWORD)GetGlyphOutlineA); + DWORD funcaddr=0; + if(entry==0)return false; + for (auto addr : Util::SearchMemory(&entry, 4, PAGE_EXECUTE, processStartAddress, processStopAddress) ) { + DWORD _=0xCCCCCCCC; + funcaddr=reverseFindBytes((BYTE*)&_,4,addr-0x1000,addr); + //funcaddr=MemDbg::findEnclosingAlignedFunction(addr,0x1000);ConsoleOutput("%p",funcaddr); + } + if(funcaddr==0)return false; + funcaddr+=4; + HookParam hp; + hp.address = funcaddr; + hp.offset=get_stack(2); + hp.type = USING_STRING;//|EMBED_ABLE|EMBED_AFTER_NEW|EMBED_DYNA_SJIS; + //hp.hook_font=F_GetGlyphOutlineA; + //it will split a long to many lines + hp.filter_fun=filter; + + return NewHook(hp, "Circus2"); + } +} + +namespace { // unnamed + +// Skip leading tags such as @K and @c5 +template +strT ltrim(strT s) +{ + if (s && *s == '@') + while ((signed char)*++s > 0); + return s; +} + +namespace ScenarioHook { +namespace Private { + + DWORD nameReturnAddress_, + scenarioReturnAddress_; + + /** + * Sample game: DC3, function: 0x4201d0 + * + * IDA: sub_4201D0 proc near + * - arg_0 = dword ptr 4 + * - arg_4 = dword ptr 8 + * + * Observations: + * - arg1: LPVOID, pointed to unknown object + * - arg2: LPCSTR, the actual text + * + * Example runtime stack: + * 0012F15C 0040C208 RETURN to .0040C208 from .00420460 + * 0012F160 0012F7CC ; jichi: unknown stck + * 0012F164 0012F174 ; jichi: text + * 0012F168 0012F6CC + * 0012F16C 0012F7CC + * 0012F170 0012F7CC + */ + void hookafter(hook_stack*s,void* data, size_t len){ + + auto newData =std::string((char*)data,len); + LPCSTR text = (LPCSTR)s->stack[2], // arg2 + trimmedText = ltrim(text); + if (trimmedText != text) + newData.insert(0,std::string(text, trimmedText - text)); + s->stack[2]=(DWORD)allocateString(newData); + } + void hookBefore(hook_stack *s, HookParam *hp, TextBuffer *buffer, uintptr_t *role) + { + + LPCSTR text = (LPCSTR)s->stack[2], // arg2 + trimmedText = ltrim(text); + if (!trimmedText || !*trimmedText) + return ; + auto retaddr = s->stack[0]; // retaddr + * role = retaddr == scenarioReturnAddress_ ? Engine::ScenarioRole : + retaddr == nameReturnAddress_ ? Engine::NameRole : + Engine::OtherRole; + //s->ebx? Engine::OtherRole : // other threads ebx is not zero + //// 004201e4 |. 83c1 02 |add ecx,0x2 + //// 004201e7 |. eb 04 |jmp short dc3.004201ed + //*(BYTE *)(retaddr + 3) == 0xe9 // old name + //? Engine::NameRole : // retaddr+3 is jmp + //Engine::ScenarioRole; + buffer->from_cs(trimmedText); + } + + // Alternatively, using the following pattern bytes also works: + // + // 3c24750583c102eb0488024241 + // + // 004201e0 |> 3c 24 /cmp al,0x24 + // 004201e2 |. 75 05 |jnz short dc3.004201e9 + // 004201e4 |. 83c1 02 |add ecx,0x2 + // 004201e7 |. eb 04 |jmp short dc3.004201ed + // 004201e9 |> 8802 |mov byte ptr ds:[edx],al + // 004201eb |. 42 |inc edx + // 004201ec |. 41 |inc ecx + ULONG findFunctionAddress(ULONG startAddress, ULONG stopAddress) // find the function to hook + { + //return 0x4201d0; // DC3 function address + for (ULONG i = startAddress + 0x1000; i < stopAddress -4; i++) + // * 004201e0 |> 3c 24 /cmp al,0x24 + // * 004201e2 |. 75 05 |jnz short dc3.004201e9 + if ((*(ULONG *)i & 0xffffff) == 0x75243c) { // cmp al, 24; je + enum { range = 0x80 }; // the range is small, since it is a small function + if (ULONG addr = MemDbg::findEnclosingAlignedFunction(i, range)) + return addr; + } + return 0; + } + +} // namespace Private + +/** + * jichi 6/5/2014: Sample function from DC3 at 0x4201d0 + * + * Sample game: DC3PP + * 0042CE1E 68 E0F0B700 PUSH .00B7F0E0 + * 0042CE23 A3 0C824800 MOV DWORD PTR DS:[0x48820C],EAX + * 0042CE28 E8 A352FFFF CALL .004220D0 ; jichi: name thread + * 0042CE2D C705 08024D00 01>MOV DWORD PTR DS:[0x4D0208],0x1 + * 0042CE37 EB 52 JMP SHORT .0042CE8B + * 0042CE39 392D 08024D00 CMP DWORD PTR DS:[0x4D0208],EBP + * 0042CE3F 74 08 JE SHORT .0042CE49 + * 0042CE41 392D 205BB900 CMP DWORD PTR DS:[0xB95B20],EBP + * 0042CE47 74 07 JE SHORT .0042CE50 + * 0042CE49 C605 E0F0B700 00 MOV BYTE PTR DS:[0xB7F0E0],0x0 + * 0042CE50 8D5424 40 LEA EDX,DWORD PTR SS:[ESP+0x40] + * 0042CE54 52 PUSH EDX + * 0042CE55 68 30B5BA00 PUSH .00BAB530 + * 0042CE5A 892D 08024D00 MOV DWORD PTR DS:[0x4D0208],EBP + * 0042CE60 E8 6B52FFFF CALL .004220D0 ; jichi: scenario thread + * 0042CE65 C705 A0814800 FF>MOV DWORD PTR DS:[0x4881A0],-0x1 + * 0042CE6F 892D 2C824800 MOV DWORD PTR DS:[0x48822C],EBP + * + * Sample game: 水夏弐律 + * + * 004201ce cc int3 + * 004201cf cc int3 + * 004201d0 /$ 8b4c24 08 mov ecx,dword ptr ss:[esp+0x8] + * 004201d4 |. 8a01 mov al,byte ptr ds:[ecx] + * 004201d6 |. 84c0 test al,al + * 004201d8 |. 74 1c je short dc3.004201f6 + * 004201da |. 8b5424 04 mov edx,dword ptr ss:[esp+0x4] + * 004201de |. 8bff mov edi,edi + * 004201e0 |> 3c 24 /cmp al,0x24 + * 004201e2 |. 75 05 |jnz short dc3.004201e9 + * 004201e4 |. 83c1 02 |add ecx,0x2 + * 004201e7 |. eb 04 |jmp short dc3.004201ed + * 004201e9 |> 8802 |mov byte ptr ds:[edx],al + * 004201eb |. 42 |inc edx + * 004201ec |. 41 |inc ecx + * 004201ed |> 8a01 |mov al,byte ptr ds:[ecx] + * 004201ef |. 84c0 |test al,al + * 004201f1 |.^75 ed \jnz short dc3.004201e0 + * 004201f3 |. 8802 mov byte ptr ds:[edx],al + * 004201f5 |. c3 retn + * 004201f6 |> 8b4424 04 mov eax,dword ptr ss:[esp+0x4] + * 004201fa |. c600 00 mov byte ptr ds:[eax],0x0 + * 004201fd \. c3 retn + * + * Sample registers: + * EAX 0012F998 + * ECX 000000DB + * EDX 00000059 + * EBX 00000000 ; ebx is zero for name/scenario thread + * ESP 0012F96C + * EBP 00000003 + * ESI 00000025 + * EDI 000000DB + * EIP 022C0000 + * + * EAX 0012F174 + * ECX 0012F7CC + * EDX FDFBF80C + * EBX 0012F6CC + * ESP 0012F15C + * EBP 0012F5CC + * ESI 800000DB + * EDI 00000001 + * EIP 00420460 .00420460 + * + * EAX 0012F174 + * ECX 0012F7CC + * EDX FDFBF7DF + * EBX 0012F6CC + * ESP 0012F15C + * EBP 0012F5CC + * ESI 00000108 + * EDI 00000001 + * EIP 00420460 .00420460 + * + * 0042DC5D 52 PUSH EDX + * 0042DC5E 68 E038AC00 PUSH .00AC38E0 ; ASCII "Ami" + * 0042DC63 E8 F827FFFF CALL .00420460 ; jichi: name thread + * 0042DC68 83C4 08 ADD ESP,0x8 + * 0042DC6B E9 48000000 JMP .0042DCB8 + * 0042DC70 83FD 58 CMP EBP,0x58 + * 0042DC73 74 07 JE SHORT .0042DC7C + * 0042DC75 C605 E038AC00 00 MOV BYTE PTR DS:[0xAC38E0],0x0 + * 0042DC7C 8D4424 20 LEA EAX,DWORD PTR SS:[ESP+0x20] + * 0042DC80 50 PUSH EAX + * 0042DC81 68 0808AF00 PUSH .00AF0808 + * 0042DC86 E8 D527FFFF CALL .00420460 ; jichi: scenario thread + * 0042DC8B 83C4 08 ADD ESP,0x8 + * 0042DC8E 33C0 XOR EAX,EAX + * 0042DC90 C705 D0DF4700 FF>MOV DWORD PTR DS:[0x47DFD0],-0x1 + * 0042DC9A A3 0CE04700 MOV DWORD PTR DS:[0x47E00C],EAX + * 0042DC9F A3 940EB200 MOV DWORD PTR DS:[0xB20E94],EAX + * 0042DCA4 A3 2C65AC00 MOV DWORD PTR DS:[0xAC652C],EAX + * 0042DCA9 C705 50F9AC00 59>MOV DWORD PTR DS:[0xACF950],0x59 + * 0042DCB3 A3 3C70AE00 MOV DWORD PTR DS:[0xAE703C],EAX + */ +bool attach(ULONG startAddress, ULONG stopAddress) +{ + ULONG addr = Private::findFunctionAddress(startAddress, stopAddress); + if (!addr) + return false; + // Find the nearest two callers (distance within 100) + ULONG lastCall = 0; + auto fun = [&lastCall](ULONG call) -> bool { + // scenario: 0x42b78c + // name: 0x42b754 + if (call - lastCall < 100) { + Private::scenarioReturnAddress_ = call + 5; + Private::nameReturnAddress_ = lastCall + 5; + return false; // found target + } + lastCall = call; + return true; // replace all functions + }; + MemDbg::iterNearCallAddress(fun, addr, startAddress, stopAddress); + if (!Private::scenarioReturnAddress_ && lastCall) { + Private::scenarioReturnAddress_ = lastCall + 5; + } + HookParam hp; + hp.address=addr; + hp.filter_fun=filter; + hp.text_fun=Private::hookBefore; + hp.hook_after=Private::hookafter; + hp.hook_font=F_GetGlyphOutlineA; + hp.type=USING_STRING|EMBED_ABLE|NO_CONTEXT|EMBED_DYNA_SJIS; + + + return NewHook(hp,"EmbedCircus"); +} + +} // namespace ScenarioHook + +} // unnamed namespace +bool InsertCircusHook3() +{ + /* + * Sample games: + * https://vndb.org/v20218 + */ + const BYTE bytes[] = { + 0xCC, // int 3 + 0x81, 0xEC, XX4, // sub esp,000004E0 << hook here + 0xA1, XX4, // mov eax,[DSIF.EXE+AD288] + 0x33, 0xC4, // xor eax,esp + 0x89, 0x84, 0x24, XX4, // mov [esp+000004DC],eax + 0x8B, 0x84, 0x24, XX4, // mov eax,[esp+000004E4] + 0x53, // push ebx + 0x55, // push ebp + 0x56, // push esi + 0x8B, 0xB4, 0x24, XX4 // mov esi,[esp+000004F4] + }; + ULONG range = min(processStopAddress - processStartAddress, MAX_REL_ADDR); + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStartAddress + range); + if (!addr) { + return false; + } + + HookParam hp; + hp.address = addr + 1; + hp.offset=get_reg(regs::esi); + hp.split = get_reg(regs::ecx); + hp.type = USING_STRING | USING_SPLIT; + return NewHook(hp, "Circus3"); +} + +bool CircusFilter(LPVOID data, size_t *size, HookParam *) +{ + auto text = reinterpret_cast(data); + auto len = reinterpret_cast(size); + + //ConsoleOutput("debug:Circus: -%.*s-", *len, text); + if (*len <= 1 || cpp_strnstr(text, "\\", *len) || (text[0] == '&' && text[1] == 'n')) + return false; + + CharReplacer(text, len, '\n', ' '); + + return true; +} + +bool InsertCircusHook4() +{ + /* + * Sample games: + * https://vndb.org/r46909 + */ + const BYTE bytes[] = { + 0x83, 0xF8, 0xFF, // cmp eax,-01 << hook here + 0x0F, 0x84, XX4, // je DST.exe+1BCF0 + 0x8B, 0x0D, XX4 // mov ecx,[DST.exe+A41F0] + }; + ULONG range = min(processStopAddress - processStartAddress, MAX_REL_ADDR); + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStartAddress + range); + if (!addr) { + return false; + } + + HookParam hp; + hp.address = addr; + hp.offset=get_reg(regs::edx); + hp.split =get_stack(4); //arg4 + hp.padding = 0x40; + hp.type = USING_STRING | USING_SPLIT; + hp.filter_fun = CircusFilter; + + return NewHook(hp, "Circus4"); +} +bool Circus2::attach_function() { + bool ch2=InsertCircusHook2(); + bool _1= ch2||c2(); + bool _2=ch2|| InsertCircusHook3() || InsertCircusHook4(); + bool embed=ScenarioHook::attach(processStartAddress,processStopAddress); + return _1||embed||_2; +} \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine32/Circus2.h b/cpp/LunaHook/LunaHook/engine32/Circus2.h new file mode 100644 index 00000000..93279d5e --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/Circus2.h @@ -0,0 +1,11 @@ + + +class Circus2:public ENGINE{ + public: + Circus2(){ + + check_by=CHECK_BY::FILE; + check_by_target=L"AdvData\\GRP\\NAMES.DAT"; + }; + bool attach_function(); +}; \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine32/CisLugI.cpp b/cpp/LunaHook/LunaHook/engine32/CisLugI.cpp new file mode 100644 index 00000000..ba4c7014 --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/CisLugI.cpp @@ -0,0 +1,67 @@ +#include "CisLugI.h" + +bool CisLugI::attach_function() +{ + // int __cdecl common_tcsncpy_s(_BYTE *a1, int a2, int a3, int a4) + // errno_t __cdecl strncpy_s(char *Destination, rsize_t SizeInBytes, const char *Source, rsize_t MaxCount) + // { + // return common_tcsncpy_s(Destination, SizeInBytes, (int)Source, MaxCount); + // } + BYTE sig[] = { + 0x8b, + 0xff, + 0x55, + 0x8b, + 0xec, + 0x51, + 0x8b, + XX, + 0x14, + 0x8b, + XX, + 0x08, + 0x56, + 0x85, + XX, + 0x75, + XX, + 0x85, + XX, + 0x75, + XX, + 0x39, + XX, + 0x0c, + 0x75, + XX, + 0x33, + 0xc0, + 0xeb, + XX, + 0x85, + XX, + 0x74, + XX, + 0x8b, + XX, + 0x0c, + 0x85, + XX, + 0x74, + XX, + 0x85, + XX, + 0x75, + XX, + + }; + auto addr = MemDbg::findBytes(sig, sizeof(sig), processStartAddress, processStopAddress); + if (!addr) + return false; + HookParam hp; + hp.address = addr; + hp.type = USING_STRING; + hp.offset = get_stack(3); + + return NewHook(hp, "CisLugI"); +} \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine32/CisLugI.h b/cpp/LunaHook/LunaHook/engine32/CisLugI.h new file mode 100644 index 00000000..29d90c38 --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/CisLugI.h @@ -0,0 +1,14 @@ +#include "engine.h" + +class CisLugI : public ENGINE +{ +public: + CisLugI() + { + // CisLugI-シスラギ- + // https://vndb.org/v23679 + check_by = CHECK_BY::FILE_ALL; + check_by_target = check_by_list{L"chara.rvk5", L"back.rvk5", L"bgm.rvk5", L"container*.rvk5", L"script/*.rvk5", L"Sgr/*.rvk5"}; + }; + bool attach_function(); +}; \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine32/CodeX.cpp b/cpp/LunaHook/LunaHook/engine32/CodeX.cpp new file mode 100644 index 00000000..dcfc3928 --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/CodeX.cpp @@ -0,0 +1,147 @@ +#include "CodeX.h" + +bool CodeXFilter(LPVOID data, size_t *size, HookParam *) +{ + std::string result = std::string((char *)data, *size); + strReplace(result, "^n", "\n"); + if (startWith(result, "\n")) + result = result.substr(1); + + //|晒[さら] + result = std::regex_replace(result, std::regex("\\|(.+?)\\[(.+?)\\]"), "$1"); + + return write_string_overwrite(data, size, result); +} + +bool InsertCodeXHook() +{ + + /* + * Sample games: + * https://vndb.org/v41664 + * https://vndb.org/v36122 + */ + const BYTE bytes[] = { + 0x83, 0xC4, 0x08, // add esp,08 << hook here + 0x8D, 0x85, XX4, // lea eax,[ebp-00000218] + 0x50, // push eax + 0x68, XX4, // push ???????????!.exe+10A76C + 0x85, 0xF6, // test esi,esi + 0x74, 0x4F, // je ???????????!.exe+2A95B + 0xFF, 0x15, XX4, // call dword ptr [???????????!.exe+C8140] + 0x8B, 0x85, XX4 // mov eax,[ebp-00000220] << alternative hook here + }; + + ULONG range = min(processStopAddress - processStartAddress, MAX_REL_ADDR); + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStartAddress + range); + if (!addr) + { + ConsoleOutput("CodeX: pattern not found"); + return false; + } + + HookParam hp; + hp.address = addr; + hp.offset = get_reg(regs::eax); + hp.index = 0; + hp.type = USING_STRING | EMBED_ABLE | EMBED_AFTER_OVERWRITE | NO_CONTEXT; // 无法解决中文乱码 + hp.hook_font = F_GetGlyphOutlineA; + hp.filter_fun = CodeXFilter; + ConsoleOutput("INSERT CodeX"); + + return NewHook(hp, "CodeX"); +} +namespace +{ + bool hook() + { + // 霞外籠逗留記 + BYTE _[] = {0x90, 0x90, 0x68, 0x64, 0x7B, 0x4C, 0x00}; // aHdL db 'hd{L',0 + ULONG addr = MemDbg::findBytes(_, sizeof(_), processStartAddress, processStopAddress); + if (addr == 0) + return false; + addr += 2; + BYTE bytes[] = {0x68, XX4}; + memcpy(bytes + 1, &addr, 4); + auto addrs = Util::SearchMemory(bytes, sizeof(bytes), PAGE_EXECUTE, processStartAddress, processStopAddress); + bool succ = false; + for (auto adr : addrs) + { + adr = MemDbg::findEnclosingAlignedFunction(adr); + if (adr == 0) + continue; + HookParam hp; + hp.address = adr; + hp.offset = get_stack(1); + hp.type = CODEC_ANSI_BE; + succ |= NewHook(hp, "CodeX"); + } + return succ; + } +} +namespace +{ + // https://vndb.org/v598 + // ANGEL BULLET + bool hook2() + { + BYTE _[] = { + 0x8b, 0x44, 0x24, 0x04, + 0x81, 0xec, XX4, + 0x25, 0xff, 0xff, 0, 0, + 0x8d, 0x54, 0x24, 0, + 0x56, + 0x8b, 0xf1, + 0x50, + 0x8d, 0x4e, XX, + 0x51, + 0x68, XX4, //%s%03d + 0x52, + 0xff, 0x15, XX4, // wprintfA + }; + ULONG addr = MemDbg::findBytes(_, sizeof(_), processStartAddress, processStopAddress); + if (addr == 0) + return false; + HookParam hp; + hp.address = addr; + hp.offset = get_reg(regs::edx); + hp.type = USING_STRING; + hp.filter_fun = CodeXFilter; + return NewHook(hp, "CodeX"); + } +} +namespace +{ + bool hook3() + { + BYTE _[] = { + // if ( *(_WORD *)v38 == 8511 || (_WORD)v5 == 16161 || (_WORD)v5 == 8481 ) + 0xB9, 0x3F, 0x21, 0x00, 0x00, // mov ecx, 213Fh + 0x0F, 0xB7, 0x02, // movzx eax, word ptr [edx] + 0x66, 0x3B, 0xC1, // cmp ax, cx + 0x0F, 0x84, XX4, // jz loc_458294 + 0xb9, 0x21, 0x3f, 0x00, 0x00, // mov ecx, 3F21h + 0x66, 0x3B, 0xC1, + 0x0F, 0x84, XX4, + 0xb9, 0x21, 0x21, 0x00, 0x00, // mov ecx, 2121h + 0x66, 0x3B, 0xC1, + 0x0F, 0x84, XX4}; + ULONG addr = MemDbg::findBytes(_, sizeof(_), processStartAddress, processStopAddress); + if (addr == 0) + return false; + addr = MemDbg::findEnclosingAlignedFunction(addr); + if (addr == 0) + return false; + HookParam hp; + hp.address = addr; + hp.offset = get_stack(1); + hp.type = USING_STRING | FULL_STRING | NO_CONTEXT; + // 这个可以提取到人名,但是会把一堆字体名给hook进去,所以不要内嵌 + hp.filter_fun = CodeXFilter; + return NewHook(hp, "CodeX2"); + } +} +bool CodeX::attach_function() +{ + return (hook3() | InsertCodeXHook()) || hook() || hook2(); +} \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine32/CodeX.h b/cpp/LunaHook/LunaHook/engine32/CodeX.h new file mode 100644 index 00000000..c03b6c94 --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/CodeX.h @@ -0,0 +1,12 @@ + + +class CodeX:public ENGINE{ + public: + CodeX(){ + + check_by=CHECK_BY::FILE; + check_by_target=L"*.xfl"; + is_engine_certain=false; + }; + bool attach_function(); +}; \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine32/CoffeeMaker.cpp b/cpp/LunaHook/LunaHook/engine32/CoffeeMaker.cpp new file mode 100644 index 00000000..bf1c5bdf --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/CoffeeMaker.cpp @@ -0,0 +1,71 @@ +#include "CoffeeMaker.h" + +bool CoffeeMaker_attach_function() +{ + // https://vndb.org/v4025 + // こころナビ + const BYTE bytes[] = { + 0x81,0xF9,0xD4,0x2B,0x00,0x00, + 0x7F,XX, + 0xB8,0x5D,0x41,0x4C,0xAE, + }; + auto addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStopAddress); + if (!addr) + return false; + addr = MemDbg::findEnclosingAlignedFunction(addr, 0x10); + if (!addr) + return false; + auto addrs = findxref_reverse_checkcallop(addr, addr - 0x1000, addr + 0x1000, 0xe8); + if (addrs.size() != 1) + return false; + auto addr2 = addrs[0]; + addr2 = MemDbg::findEnclosingAlignedFunction(addr2, 0x40); + if (!addr2) + return false; + HookParam hp; + hp.address = addr2; + hp.type = USING_CHAR | CODEC_ANSI_BE | NO_CONTEXT; + hp.user_value = addr; + hp.text_fun = [](hook_stack *stack, HookParam *hp, TextBuffer *buffer, uintptr_t *split) + { + auto a2 = stack->stack[1]; + if (a2 > 0x2bd4) + return; + auto sub_429050 = (int(__stdcall *)(signed int a1))hp->user_value; + static int idx = 0; + idx += 1; + if(idx++%2) + buffer->from_t((wchar_t)sub_429050(a2)); + }; + + return NewHook(hp, "CoffeeMaker"); +} + +bool CoffeeMaker_attach_function2() +{ + // https://vndb.org/v4025 + // こころナビ + const BYTE bytes[] = { + 0x55,0x8B,0xEC,0x57,0x56,0x8B,0x75,0x0C,0x8B,0x4D,0x10,0x8B,0x7D,0x08,0x8B,0xC1, + 0x8B,0xD1,0x03,0xC6,0x3B,0xFE,0x76,0x08,0x3B,0xF8,0x0F,0x82,XX4, + 0xF7,0xC7,0x03,0x00,0x00,0x00,0x75,XX,0xC1,0xE9,0x02,0x83,0xE2,0x03,0x83,0xF9,0x08 + }; + auto addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStopAddress); + if (!addr) + return false; + HookParam hp; + hp.address = addr; + hp.offset=get_stack(1);//get_reg(regs::ecx);//void *__cdecl memcpy(void *a1, const void *Src, size_t Size) + hp.type = USING_STRING; + hp.filter_fun=[](void* data, size_t* len, HookParam* hp){ + auto s=std::string((char*)data,*len); + strReplace(s,R"(\w\w\w)",""); + return write_string_overwrite(data,len,s); + }; + return NewHook(hp, "CoffeeMaker"); +} + +bool CoffeeMaker::attach_function() +{ + return CoffeeMaker_attach_function2()||CoffeeMaker_attach_function(); +} \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine32/CoffeeMaker.h b/cpp/LunaHook/LunaHook/engine32/CoffeeMaker.h new file mode 100644 index 00000000..ced94017 --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/CoffeeMaker.h @@ -0,0 +1,11 @@ + + +class CoffeeMaker:public ENGINE{ + public: + CoffeeMaker(){ + + check_by=CHECK_BY::FILE_ALL; + check_by_target=check_by_list{L"VIC.EPK",L"MUS.EPK",L"SE.EPK",L"CG.EPK",L"SCR.EPK"}; + }; + bool attach_function(); +}; \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine32/Cotopha.cpp b/cpp/LunaHook/LunaHook/engine32/Cotopha.cpp new file mode 100644 index 00000000..1abd27f4 --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/Cotopha.cpp @@ -0,0 +1,795 @@ +#include "Cotopha.h" +#define s2_mov_ecx_edi 0xcf8b + +namespace +{ // unnamed + + namespace ScenarioHook + { + + namespace Private + { + + /** + * Sample game: お兄ちゃん、右手の使用を禁止します! (old type) + * + * - Name + * + * EAX 00000000 + * ECX 04A4C058 + * EDX 00713FD8 .00713FD8 + * EBX 17F90130 + * ESP 0012EBBC + * EBP 0020C5A8 + * ESI 04A4B678 + * EDI 04A4C058 + * EIP 005C2E20 .005C2E20 + * + * 0012EBBC 0055D210 RETURN to .0055D210 + * 0012EBC0 17F90130 + * 0012EBC4 04A4B678 + * 0012EBC8 00000000 + * 0012EBCC 0020C5A8 + * 0012EBD0 00000000 ; jichi: used to identify name + * 0012EBD4 00000000 + * 0012EBD8 04A4B678 + * 0012EBDC 00000000 + * 0012EBE0 0020C5A8 + * 0012EBE4 00000000 + * 0012EBE8 0055C58F RETURN to .0055C58F from .0046CD30 + * 0012EBEC 0012EC54 + * 0012EBF0 0055C5A3 RETURN to .0055C5A3 from .0055D180 + * 0012EBF4 04A4C058 + * 0012EBF8 04A4B678 + * + * - Scenario + * + * EAX 00000000 + * ECX 04A4CC30 + * EDX 00713FD8 .00713FD8 + * EBX 17F90170 + * ESP 0012EBBC + * EBP 00000015 + * ESI 04A4C250 + * EDI 04A4CC30 + * EIP 005C2E20 .005C2E20 + * + * 0012EBBC 0055D210 RETURN to .0055D210 + * 0012EBC0 17F90170 + * 0012EBC4 04A4C250 + * 0012EBC8 0000001E ; jichi: old game arg3 is 1e + * 0012EBCC 00000015 + * 0012EBD0 00000002 + * 0012EBD4 00000002 + * 0012EBD8 04A4C250 + * 0012EBDC 0000001E + * 0012EBE0 00000015 + * 0012EBE4 00000000 + * 0012EBE8 0055C58F RETURN to .0055C58F from .0046CD30 + * 0012EBEC 0012EC54 + * 0012EBF0 0055C5A3 RETURN to .0055C5A3 from .0055D180 + * + * Caller of the scenario/name thread: + * 0055D207 8BCF MOV ECX,EDI + * 0055D209 897C24 34 MOV DWORD PTR SS:[ESP+0x34],EDI + * 0055D20D FF52 14 CALL DWORD PTR DS:[EDX+0x14] ; jichi: called here + * 0055D210 8BCF MOV ECX,EDI ; jichi: retaddr is here + * 0055D212 894424 18 MOV DWORD PTR SS:[ESP+0x18],EAX + * 0055D216 E8 456D0600 CALL .005C3F60 + * 0055D21B 33C9 XOR ECX,ECX + * 0055D21D 894424 14 MOV DWORD PTR SS:[ESP+0x14],EAX + * 0055D221 3BC1 CMP EAX,ECX + * 0055D223 76 06 JBE SHORT .0055D22B + * + * Sample game: キスと魔王と紅茶 (very old type) + * + * - Name: + * + * EAX 0A4106C0 ASCII "ゥa" + * ECX 0012F594 + * EDX 0058032C ASCII "pgM" + * EBX 00000000 + * ESP 0012F4F4 + * EBP 00000003 + * ESI 0012F618 + * EDI 0012F594 + * EIP 004D52B0 .004D52B0 + * + * 0012F4F4 004DBFF2 RETURN to .004DBFF2 + * 0012F4F8 0A4106C0 ASCII "ゥa" + * 0012F4FC 0012F698 + * 0012F500 0012F618 + * 0012F504 0296EA58 + * 0012F508 00000000 ; jichi: used to identify name + * 0012F50C 0A40EC00 + * 0012F510 00000000 + * 0012F514 000000F9 + * 0012F518 00005DC8 + * 0012F51C 00580304 ASCII "PgM" + * 0012F520 D90A0DDD + * 0012F524 00000018 + * 0012F528 00000000 + * + * - Scenario: + * + * EAX 00000000 + * ECX 01B69134 + * EDX 0058032C ASCII "pgM" + * EBX 09E82E88 + * ESP 0012F548 + * EBP 00000016 + * ESI 01B68A70 + * EDI 01B69134 + * EIP 004D52B0 .004D52B0 + * + * 0012F548 004B5210 RETURN to .004B5210 + * 0012F54C 09E82E88 + * 0012F550 01B68A70 + * 0012F554 00000018 + * 0012F558 00000016 + * 0012F55C 00000009 + * 0012F560 01B69134 + * 0012F564 01B68A70 + * 0012F568 00000018 + * 0012F56C 00000016 + * 0012F570 00000000 + * 0012F574 004B459F RETURN to .004B459F from .0040DE50 + * 0012F578 0012F5E0 + * 0012F57C 004B45B3 RETURN to .004B45B3 from .004B5180 + * 0012F580 09E82E88 + * 0012F584 00000000 + * 0012F588 0012FC78 + * 0012F58C 00000000 + * 0012F590 01B68A70 + * 0012F594 005655D0 .005655D0 + * 0012F598 0057BB80 .0057BB80 + * 0012F59C 0A419628 + * + * Caller of the name/scenario thread + * + * 004B517D 90 NOP + * 004B517E 90 NOP + * 004B517F 90 NOP + * 004B5180 83EC 1C SUB ESP,0x1C + * 004B5183 53 PUSH EBX + * 004B5184 55 PUSH EBP + * 004B5185 8B5C24 28 MOV EBX,DWORD PTR SS:[ESP+0x28] + * 004B5189 56 PUSH ESI + * 004B518A 8BF1 MOV ESI,ECX + * 004B518C 57 PUSH EDI + * 004B518D 8B86 A0050000 MOV EAX,DWORD PTR DS:[ESI+0x5A0] + * 004B5193 85C0 TEST EAX,EAX + * 004B5195 74 63 JE SHORT .004B51FA + * 004B5197 53 PUSH EBX + * 004B5198 8D8E C4060000 LEA ECX,DWORD PTR DS:[ESI+0x6C4] + * 004B519E E8 3DFD0100 CALL .004D4EE0 + * 004B51A3 8BF8 MOV EDI,EAX + * 004B51A5 8D86 D4060000 LEA EAX,DWORD PTR DS:[ESI+0x6D4] + * 004B51AB 8B8E EC060000 MOV ECX,DWORD PTR DS:[ESI+0x6EC] + * 004B51B1 8BAE F0060000 MOV EBP,DWORD PTR DS:[ESI+0x6F0] + * 004B51B7 8B10 MOV EDX,DWORD PTR DS:[EAX] + * 004B51B9 895424 1C MOV DWORD PTR SS:[ESP+0x1C],EDX + * 004B51BD 8B50 04 MOV EDX,DWORD PTR DS:[EAX+0x4] + * 004B51C0 895424 20 MOV DWORD PTR SS:[ESP+0x20],EDX + * 004B51C4 8B50 08 MOV EDX,DWORD PTR DS:[EAX+0x8] + * 004B51C7 8B40 0C MOV EAX,DWORD PTR DS:[EAX+0xC] + * 004B51CA 894424 28 MOV DWORD PTR SS:[ESP+0x28],EAX + * 004B51CE 8BC2 MOV EAX,EDX + * 004B51D0 2BC1 SUB EAX,ECX + * 004B51D2 3BF8 CMP EDI,EAX + * 004B51D4 7F 24 JG SHORT .004B51FA + * 004B51D6 83BE A0050000 03 CMP DWORD PTR DS:[ESI+0x5A0],0x3 + * 004B51DD 75 0B JNZ SHORT .004B51EA + * 004B51DF 2BC7 SUB EAX,EDI + * 004B51E1 99 CDQ + * 004B51E2 2BC2 SUB EAX,EDX + * 004B51E4 D1F8 SAR EAX,1 + * 004B51E6 03C8 ADD ECX,EAX + * 004B51E8 EB 04 JMP SHORT .004B51EE + * 004B51EA 2BD7 SUB EDX,EDI + * 004B51EC 8BCA MOV ECX,EDX + * 004B51EE 898E EC060000 MOV DWORD PTR DS:[ESI+0x6EC],ECX + * 004B51F4 89AE F0060000 MOV DWORD PTR DS:[ESI+0x6F0],EBP + * 004B51FA 8B96 C4060000 MOV EDX,DWORD PTR DS:[ESI+0x6C4] + * 004B5200 8DBE C4060000 LEA EDI,DWORD PTR DS:[ESI+0x6C4] + * 004B5206 53 PUSH EBX + * 004B5207 8BCF MOV ECX,EDI + * 004B5209 897C24 14 MOV DWORD PTR SS:[ESP+0x14],EDI + * 004B520D FF52 10 CALL DWORD PTR DS:[EDX+0x10] ; jichi: called here + * 004B5210 8BCF MOV ECX,EDI ; jichi: retaddr is here + * 004B5212 894424 18 MOV DWORD PTR SS:[ESP+0x18],EAX + * 004B5216 E8 85120200 CALL .004D64A0 + * 004B521B 33ED XOR EBP,EBP + * 004B521D 894424 14 MOV DWORD PTR SS:[ESP+0x14],EAX + * 004B5221 3BC5 CMP EAX,EBP + * 004B5223 76 06 JBE SHORT .004B522B + * 004B5225 89AE A0050000 MOV DWORD PTR DS:[ESI+0x5A0],EBP + * 004B522B 85C0 TEST EAX,EAX + * 004B522D 896C24 30 MOV DWORD PTR SS:[ESP+0x30],EBP + * 004B5231 76 68 JBE SHORT .004B529B + * 004B5233 55 PUSH EBP + * 004B5234 8BCF MOV ECX,EDI + * 004B5236 E8 75120200 CALL .004D64B0 + * 004B523B 85C0 TEST EAX,EAX + * 004B523D 74 4F JE SHORT .004B528E + * 004B523F 50 PUSH EAX + * 004B5240 8BCE MOV ECX,ESI + * 004B5242 E8 69000000 CALL .004B52B0 + * 004B5247 8BD8 MOV EBX,EAX + * 004B5249 85DB TEST EBX,EBX + * 004B524B 74 41 JE SHORT .004B528E + * 004B524D 8B86 C0060000 MOV EAX,DWORD PTR DS:[ESI+0x6C0] + * 004B5253 8B8E B0060000 MOV ECX,DWORD PTR DS:[ESI+0x6B0] + * 004B5259 8BAE 30070000 MOV EBP,DWORD PTR DS:[ESI+0x730] + * 004B525F 8DBE 28070000 LEA EDI,DWORD PTR DS:[ESI+0x728] + * 004B5265 03C8 ADD ECX,EAX + * 004B5267 6A 00 PUSH 0x0 + * 004B5269 8D55 01 LEA EDX,DWORD PTR SS:[EBP+0x1] + * 004B526C 898E C0060000 MOV DWORD PTR DS:[ESI+0x6C0],ECX + * 004B5272 52 PUSH EDX + * 004B5273 8BCF MOV ECX,EDI + * 004B5275 8983 C0000000 MOV DWORD PTR DS:[EBX+0xC0],EAX + * 004B527B E8 8003F8FF CALL .00435600 + * 004B5280 8B47 04 MOV EAX,DWORD PTR DS:[EDI+0x4] + * 004B5283 8B7C24 10 MOV EDI,DWORD PTR SS:[ESP+0x10] + * 004B5287 891CA8 MOV DWORD PTR DS:[EAX+EBP*4],EBX + * 004B528A 8B6C24 30 MOV EBP,DWORD PTR SS:[ESP+0x30] + * 004B528E 8B4424 14 MOV EAX,DWORD PTR SS:[ESP+0x14] + * 004B5292 45 INC EBP + * 004B5293 3BE8 CMP EBP,EAX + * 004B5295 896C24 30 MOV DWORD PTR SS:[ESP+0x30],EBP + * 004B5299 ^72 98 JB SHORT .004B5233 + * 004B529B 8BCF MOV ECX,EDI + * 004B529D E8 2E120200 CALL .004D64D0 + * 004B52A2 8B4424 18 MOV EAX,DWORD PTR SS:[ESP+0x18] + * 004B52A6 5F POP EDI + * 004B52A7 5E POP ESI + * 004B52A8 5D POP EBP + * 004B52A9 5B POP EBX + * 004B52AA 83C4 1C ADD ESP,0x1C + * 004B52AD C2 0400 RETN 0x4 + * 004B52B0 64:A1 00000000 MOV EAX,DWORD PTR FS:[0] + * 004B52B6 6A FF PUSH -0x1 + * 004B52B8 68 A1F15200 PUSH .0052F1A1 + * 004B52BD 50 PUSH EAX + * 004B52BE 64:8925 00000000 MOV DWORD PTR FS:[0],ESP + * 004B52C5 81EC CC000000 SUB ESP,0xCC + * 004B52CB 56 PUSH ESI + * 004B52CC 8BF1 MOV ESI,ECX + * 004B52CE 8B8C24 E0000000 MOV ECX,DWORD PTR SS:[ESP+0xE0] + * 004B52D5 57 PUSH EDI + * 004B52D6 85C9 TEST ECX,ECX + * 004B52D8 75 07 JNZ SHORT .004B52E1 + * 004B52DA 33C0 XOR EAX,EAX + * 004B52DC E9 55060000 JMP .004B5936 + * 004B52E1 8B79 14 MOV EDI,DWORD PTR DS:[ECX+0x14] + * 004B52E4 85FF TEST EDI,EDI + * 004B52E6 897C24 18 MOV DWORD PTR SS:[ESP+0x18],EDI + * 004B52EA 75 07 JNZ SHORT .004B52F3 + * 004B52EC 33C0 XOR EAX,EAX + * 004B52EE E9 43060000 JMP .004B5936 + * 004B52F3 8A86 AA060000 MOV AL,BYTE PTR DS:[ESI+0x6AA] + * 004B52F9 84C0 TEST AL,AL + * 004B52FB 74 51 JE SHORT .004B534E + * 004B52FD 8B01 MOV EAX,DWORD PTR DS:[ECX] + * 004B52FF 8D5424 08 LEA EDX,DWORD PTR SS:[ESP+0x8] + * 004B5303 52 PUSH EDX + * 004B5304 FF50 34 CALL DWORD PTR DS:[EAX+0x34] + * 004B5307 8D86 D4060000 LEA EAX,DWORD PTR DS:[ESI+0x6D4] + * 004B530D 8B8E D4060000 MOV ECX,DWORD PTR DS:[ESI+0x6D4] + * 004B5313 894C24 48 MOV DWORD PTR SS:[ESP+0x48],ECX + * 004B5317 8B50 04 MOV EDX,DWORD PTR DS:[EAX+0x4] + * 004B531A 895424 4C MOV DWORD PTR SS:[ESP+0x4C],EDX + * 004B531E 8B48 08 MOV ECX,DWORD PTR DS:[EAX+0x8] + * 004B5321 894C24 50 MOV DWORD PTR SS:[ESP+0x50],ECX + * 004B5325 8A8E 14070000 MOV CL,BYTE PTR DS:[ESI+0x714] + * 004B532B 8B40 0C MOV EAX,DWORD PTR DS:[EAX+0xC] + * 004B532E 84C9 TEST CL,CL + * 004B5330 75 0D JNZ SHORT .004B533F + * 004B5332 394424 0C CMP DWORD PTR SS:[ESP+0xC],EAX + * 004B5336 7E 16 JLE SHORT .004B534E + * 004B5338 33C0 XOR EAX,EAX + * 004B533A E9 F7050000 JMP .004B5936 + * + * Sample game: プライマルハーツ (new type), 0x54bd80 + * Name: + * 0012EB5C 004DACB0 RETURN to .004DACB0 + * 0012EB60 05067E40 + * 0012EB64 0000001E ; jichi: new game arg2 is 1e + * 0012EB68 0012ECA8 + * 0012EB6C 008D3E48 + * 0012EB70 004512DB RETURN to .004512DB from .00450FE0 + * 0012EB74 0000001E + * 0012EB78 00000025 + * 0012EB7C 0012ECA8 + * 0012EB80 008D3E48 + * 0012EB84 0000001E + * 0012EB88 004DA1CB RETURN to .004DA1CB from .00451280 + * 0012EB8C 004DA1DF RETURN to .004DA1DF from .004DAC20 ; jichi: 004DAC20 is a better place to hook to + * 0012EB90 05067E40 + * 0012EB94 5D9C7C59 + * 0012EB98 00000000 + * 0012EB9C 008D3E48 + * 0012EBA0 00000000 + * 0012EBA4 00000000 + * 0012EBA8 1600C8C8 + * 0012EBAC 006835B4 .006835B4 + * 0012EBB0 1621BBF0 UNICODE "\h:\f;MsgFont:\s:\c;E6ADFA:\v:" + * 0012EBB4 00000025 + * + * 0012EB5C 004DACB0 RETURN to .004DACB0 + * 0012EB60 05000420 + * 0012EB64 0000001E + * 0012EB68 0012ECA8 + * 0012EB6C 008D3E48 + * 0012EB70 004512DB RETURN to .004512DB from .00450FE0 + * 0012EB74 0000001E + * 0012EB78 00000022 + * 0012EB7C 0012ECA8 + * 0012EB80 008D3E48 + * 0012EB84 0000001E + * 0012EB88 004DA1CB RETURN to .004DA1CB from .00451280 + * 0012EB8C 004DA1DF RETURN to .004DA1DF from .004DAC20 + * 0012EB90 05000420 + * 0012EB94 5D9C7C59 + * 0012EB98 00000000 + * 0012EB9C 008D3E48 + * 0012EBA0 00000000 + * 0012EBA4 00000000 + * 0012EBA8 05000C90 + * 0012EBAC 006835B4 .006835B4 + * 0012EBB0 05000F40 UNICODE "\h:\f;MsgFont:\s:\c;DAD4FF:\v:" + * 0012EBB4 00000022 + * 0012EBB8 00000034 + * 0012EBBC 00000022 + * 0012EBC0 FFFFFFFF + * 0012EBC4 7C00FFFF + * 0012EBC8 78000000 + * 0012EBCC F8000001 + * 0012EBD0 00000000 + * 0012EBD4 58001384 + * 0012EBD8 28000000 + * 0012EBDC 28000000 + * 0012EBE0 00000048 + * 0012EBE4 00655A28 .00655A28 + * 0012EBE8 05000420 + * 0012EBEC 00000004 + * 0012EBF0 00000007 + * 0012EBF4 00210030 + * 0012EBF8 00000000 + * 0012EBFC 00DAD4FF + * 0012EC00 0012EC98 + * 0012EC04 00000001 + * + * EAX 0054BD80 .0054BD80 + * ECX 008D4848 + * EDX 0069E80C .0069E80C + * EBX 05067E40 + * ESP 0012EB5C + * EBP 0012ECA8 + * ESI 008D3E48 + * EDI 0000001E + * EIP 0054BD80 .0054BD80 + * + * 004DAC98 89AE 300A0000 MOV DWORD PTR DS:[ESI+0xA30],EBP + * 004DAC9E 8B96 000A0000 MOV EDX,DWORD PTR DS:[ESI+0xA00] + * 004DACA4 8B42 14 MOV EAX,DWORD PTR DS:[EDX+0x14] + * 004DACA7 8D8E 000A0000 LEA ECX,DWORD PTR DS:[ESI+0xA00] + * 004DACAD 53 PUSH EBX + * 004DACAE FFD0 CALL EAX ; jichi: called here + * 004DACB0 8B8E 100A0000 MOV ECX,DWORD PTR DS:[ESI+0xA10] + * 004DACB6 894424 14 MOV DWORD PTR SS:[ESP+0x14],EAX + * 004DACBA 8B41 08 MOV EAX,DWORD PTR DS:[ECX+0x8] + * 004DACBD 33FF XOR EDI,EDI + * 004DACBF 3BC7 CMP EAX,EDI + * 004DACC1 894424 10 MOV DWORD PTR SS:[ESP+0x10],EAX + * + * ecx: + * 01814848 0C E8 69 00 60 C7 F8 13 00 00 00 00 00 00 00 00 i읠ᏸ.... + * 01814858 28 3E 81 01 00 00 00 00 00 00 00 00 80 01 00 00 㸨Ɓ....ƀ. ; jichi: 810 is the width and 26 the height to paint + * 01814868 26 00 00 00 FF FF FF 00 00 00 00 00 00 00 00 00 &..ÿ.... + * 01814878 00 00 00 00 26 00 00 00 00 00 00 00 00 00 00 00 ..&..... + * 01814888 06 00 00 00 03 00 00 00 28 5A 65 00 98 3D 81 01 ..娨e㶘Ɓ + * 01814898 2C 00 00 00 43 00 00 00 00 01 01 00 BA C1 1E 77 ,.C.Ā솺眞 + * 018148A8 35 FC 1C 77 20 FF 1C 77 90 16 38 0B 64 D5 68 00 ﰵ眜@眜ᚐସ핤h + * 018148B8 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ + * 018148C8 7E 31 00 00 4C 03 00 00 00 00 00 00 00 00 00 00 ㅾ.͌..... + * 018148D8 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ + * 018148E8 00 00 00 00 00 00 F0 3F 00 00 00 00 00 00 F0 3F ...㿰...㿰 + * 018148F8 00 00 00 00 00 00 00 00 94 C3 67 00 00 00 00 00 ....쎔g.. + * + * 01814848 0C E8 69 00 58 EC E4 03 00 00 00 00 00 00 00 00 iϤ.... + * 01814858 28 3E 81 01 00 00 00 00 00 00 00 00 80 01 00 00 㸨Ɓ....ƀ. + * 01814868 26 00 00 00 FF FF FF 00 00 00 00 00 00 00 00 00 &..ÿ.... + * 01814878 00 00 00 00 26 00 00 00 00 00 00 00 00 00 00 00 ..&..... + * 01814888 06 00 00 00 03 00 00 00 28 5A 65 00 98 3D 81 01 ..娨e㶘Ɓ + * 01814898 2C 00 00 00 43 00 00 00 00 01 01 00 BA C1 1E 77 ,.C.Ā솺眞 + * 018148A8 35 FC 1C 77 20 FF 1C 77 90 16 38 0B 64 D5 68 00 ﰵ眜@眜ᚐସ핤h + * 018148B8 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ + * 018148C8 4B 4F 00 00 4C 03 00 00 00 00 00 00 00 00 00 00 佋.͌..... + * 018148D8 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ + * 018148E8 00 00 00 00 00 00 F0 3F 00 00 00 00 00 00 F0 3F ...㿰...㿰 + * 018148F8 00 00 00 00 00 00 00 00 94 C3 67 00 00 00 00 00 ....쎔g.. + * + * Scenario: + * EAX 0054BD80 .0054BD80 + * ECX 008D3C50 + * EDX 0069E80C .0069E80C + * EBX 1621C280 + * ESP 0012EB5C + * EBP 0012ECA8 + * ESI 008D3250 + * EDI 0000001E + * EIP 0054BD80 .0054BD80 + * + * 0012EB5C 004DACB0 RETURN to .004DACB0 + * 0012EB60 1621C280 + * 0012EB64 0000001E + * 0012EB68 0012ECA8 + * 0012EB6C 008D3250 + * 0012EB70 004512DB RETURN to .004512DB from .00450FE0 + * 0012EB74 0000001E + * 0012EB78 00000041 + * 0012EB7C 0012ECA8 + * 0012EB80 008D3250 + * 0012EB84 0000001E + * 0012EB88 004DA1CB RETURN to .004DA1CB from .00451280 + * 0012EB8C 004DA1DF RETURN to .004DA1DF from .004DAC20 + * 0012EB90 1621C280 + * + * 0012EB5C 004DACB0 RETURN to .004DACB0 + * 0012EB60 050003B8 + * 0012EB64 0000001E + * 0012EB68 0012ECA8 + * 0012EB6C 008D3250 + * 0012EB70 004512DB RETURN to .004512DB from .00450FE0 + * 0012EB74 0000001E + * 0012EB78 00000034 + * 0012EB7C 0012ECA8 + * 0012EB80 008D3250 + * 0012EB84 0000001E + * 0012EB88 004DA1CB RETURN to .004DA1CB from .00451280 + * 0012EB8C 004DA1DF RETURN to .004DA1DF from .004DAC20 + * 0012EB90 050003B8 + * 0012EB94 5D9C7C59 + * 0012EB98 00000000 + * 0012EB9C 008D3250 + * 0012EBA0 00000000 + * 0012EBA4 00000000 + * 0012EBA8 05007A68 UNICODE "38" + * 0012EBAC 006835B4 .006835B4 + * 0012EBB0 0500E910 UNICODE "\h:\f;MsgFont:\s:\c;DAD4FF:\v:" + * 0012EBB4 00000034 + * 0012EBB8 0000004F + * 0012EBBC 00000034 + * 0012EBC0 FFFFFFFF + * 0012EBC4 7C00FFFF + * 0012EBC8 78000000 + * 0012EBCC F8000001 + * 0012EBD0 00000000 + * 0012EBD4 58001384 + * 0012EBD8 28000000 + * 0012EBDC 28000000 + * 0012EBE0 00000040 + * 0012EBE4 00655A28 .00655A28 + * 0012EBE8 050003B8 + * + * ecx: + * 01813C50 0C E8 69 00 80 E9 F8 13 00 00 00 00 00 00 00 00 iᏸ.... + * 01813C60 30 32 81 01 00 00 00 00 00 00 00 00 84 03 00 00 ㈰Ɓ....΄. ; jichi: 384 is the width and 76 the height to paint + * 01813C70 76 00 00 00 FF FF FF 00 00 00 00 00 00 00 00 00 v..ÿ.... + * 01813C80 00 00 00 00 26 00 00 00 00 00 00 00 00 00 00 00 ..&..... + * 01813C90 06 00 00 00 03 00 00 00 28 5A 65 00 A0 31 81 01 ..娨eㆠƁ + * 01813CA0 2C 00 00 00 43 00 00 00 00 01 01 00 BA C1 1E 77 ,.C.Ā솺眞 + * 01813CB0 35 FC 1C 77 20 FF 1C 77 20 24 34 0B 64 D5 68 00 ﰵ眜@眜␠଴핤h + * 01813CC0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ + * 01813CD0 7E 31 00 00 50 03 00 00 00 00 00 00 00 00 00 00 ㅾ.͐..... + * 01813CE0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ + * 01813CF0 00 00 00 00 00 00 F0 3F 00 00 00 00 00 00 F0 3F ...㿰...㿰 + * + * 01813C50 0C E8 69 00 10 C4 E4 03 00 00 00 00 00 00 00 00 i쐐Ϥ.... + * 01813C60 30 32 81 01 00 00 00 00 00 00 00 00 84 03 00 00 ㈰Ɓ....΄. + * 01813C70 76 00 00 00 FF FF FF 00 00 00 00 00 00 00 00 00 v..ÿ.... + * 01813C80 00 00 00 00 26 00 00 00 00 00 00 00 00 00 00 00 ..&..... + * 01813C90 06 00 00 00 03 00 00 00 28 5A 65 00 A0 31 81 01 ..娨eㆠƁ + * 01813CA0 2C 00 00 00 43 00 00 00 00 01 01 00 BA C1 1E 77 ,.C.Ā솺眞 + * 01813CB0 35 FC 1C 77 20 FF 1C 77 20 24 34 0B 64 D5 68 00 ﰵ眜@眜␠଴핤h + */ + bool attachCaller(ULONG addr); + size_t textSize_; + void hookBefore(hook_stack *s, HookParam *hp, TextBuffer *buffer, uintptr_t *role) + { + static std::wstring text_; // persistent storage, which makes this function not thread-safe + textSize_ = 0; + auto text = (LPCWSTR)s->stack[1]; // arg1 + if (!text || !*text) + return ; + + if (::wcscmp(text, L"----/--/-- --:--") == 0) + return ; + + textSize_ = ::wcslen(text); + if (s->stack[1] == s->stack[13]) // for new games + attachCaller(s->stack[12]); + else if (s->stack[1] == s->stack[14]) // for old games + attachCaller(s->stack[13]); + // else // very old or very new games + + auto retaddr = s->stack[0]; + + // int textStackIndex = -1; + + *role = Engine::OtherRole; + if (s->stack[2] < 0x100) + { // new game, this value is mostly 0x1e + // if (s->stack[1] == s->stack[13]) + // textStackIndex = 13; + // 004DACA7 8D8E 000A0000 LEA ECX,DWORD PTR DS:[ESI+0xA00] + // 004DACAD 53 PUSH EBX + // 004DACAE FFD0 CALL EAX ; jichi: called here + // 004DACB0 8B8E 100A0000 MOV ECX,DWORD PTR DS:[ESI+0xA10] + // 004DACB6 894424 14 MOV DWORD PTR SS:[ESP+0x14],EAX + // 004DACBA 8B41 08 MOV EAX,DWORD PTR DS:[ECX+0x8] + // 004DACBD 33FF XOR EDI,EDI + // if (*(WORD *)retaddr == 0x8e8b) { // 004DACB0 8B8E 100A0000 MOV ECX,DWORD PTR DS:[ESI+0xA10] + *role = Engine::ScenarioRole; + enum : wchar_t + { + w_open = 0x3010, + w_close = 0x3011 + }; /* 【】 */ + if (text[0] == w_open && text[::wcslen(text) - 1] == w_close) + *role = Engine::NameRole; + } + else if (s->stack[3] < 0x100 // for old game + || *(WORD *)retaddr == s2_mov_ecx_edi && *(WORD *)(retaddr - 5) == 0x52ff) + { // for very old game + // Sample game: お兄ちゃん、右手の使用を禁止します! (old type) + // 0055D207 8BCF MOV ECX,EDI + // 0055D209 897C24 34 MOV DWORD PTR SS:[ESP+0x34],EDI + // 0055D20D FF52 14 CALL DWORD PTR DS:[EDX+0x14] ; jichi: called here + // 0055D210 8BCF MOV ECX,EDI ; jichi: retaddr is here + // 0055D212 894424 18 MOV DWORD PTR SS:[ESP+0x18],EAX + + // Sample game: キスと魔王と紅茶 (old type) + // name: + // 004DBFEC 50 PUSH EAX + // 004DBFED 8BCF MOV ECX,EDI + // 004DBFEF FF52 10 CALL DWORD PTR DS:[EDX+0x10] ; jichi: called here + // 004DBFF2 8B7424 7C MOV ESI,DWORD PTR SS:[ESP+0x7C] + // 004DBFF6 33DB XOR EBX,EBX + // 004DBFF8 3BF3 CMP ESI,EBX + // 004DBFFA 74 4B JE SHORT .004DC047 + // 004DBFFC 8BCF MOV ECX,EDI + // 004DBFFE E8 9DA4FFFF CALL .004D64A0 + // 004DC003 8BE8 MOV EBP,EAX + // 004DC005 891E MOV DWORD PTR DS:[ESI],EBX + // 004DC007 85ED TEST EBP,EBP + // + // Scenario: + // 004B5207 8BCF MOV ECX,EDI + // 004B5209 897C24 14 MOV DWORD PTR SS:[ESP+0x14],EDI + // 004B520D FF52 10 CALL DWORD PTR DS:[EDX+0x10] ; jichi: called here + // 004B5210 8BCF MOV ECX,EDI + // 004B5212 894424 18 MOV DWORD PTR SS:[ESP+0x18],EAX + // 004B5216 E8 85120200 CALL .004D64A0 + // 004B521B 33ED XOR EBP,EBP + *role = s->stack[5] == 0 ? Engine::NameRole : Engine::ScenarioRole; + } + buffer->from_cs(text); + } + + void hookAfterCaller(hook_stack *s, HookParam *hp, TextBuffer *buffer, uintptr_t *split) + { + if (textSize_) + s->eax = textSize_; + } + bool attachCaller(ULONG addr) + { + static std::unordered_set addresses_; + if (addresses_.find(addr) != addresses_.end()) + return false; + addresses_.insert(addr); + HookParam hp; + hp.address=addr; + hp.text_fun = hookAfterCaller; + return NewHook(hp,"attachCaller"); + } + + } // namespace Private + + } // namespace ScenarioHook + +} // unnamed namespace +bool CotophaFilter(LPVOID data, size_t *size, HookParam *) +{ + auto text = reinterpret_cast(data); + auto len = reinterpret_cast(size); + + if (*len <= 2 || text[0] != L'\\') + return false; + + size_t lenPurged = 0; + for (size_t i = 0; i < *len / 2; i++) + { + if (text[i] != L'\\') + { + text[lenPurged++] = text[i]; + } + else + { + // start command + wchar_t cmd = text[++i]; + if (cmd == 'r') + { // ruby + i++; // skip ';' char + while (text[++i] != L':') + { + if (text[i] == L';') // when we reach '; ' we have the kanji part + break; + text[lenPurged++] = text[i]; + } + } + else if (cmd == L'n' && lenPurged) // newline + text[lenPurged++] = L' '; // for Western language compatibility + while (text[++i] != L':') + ; + } + } + if (lenPurged) + text[lenPurged++] = L' '; // for Western language compatibility + *len = lenPurged * 2; + return true; +} +bool InsertCotophaHook1() +{ + enum : DWORD + { + ins = 0xec8b55 + }; // mov ebp,esp, sub esp,* ; jichi 7/12/2014 + ULONG addr = MemDbg::findCallerAddress((ULONG)::GetTextMetricsA, ins, processStartAddress, processStopAddress); + if (!addr) + return false; + HookParam hp; + hp.address = addr; + hp.offset = get_stack(1); + hp.split = get_reg(regs::ebp); + hp.type = CODEC_UTF16 | USING_SPLIT | USING_STRING | EMBED_ABLE | EMBED_AFTER_NEW|NO_CONTEXT; + hp.text_fun = ScenarioHook::Private::hookBefore; + ConsoleOutput("INSERT Cotopha"); + + // RegisterEngineType(ENGINE_COTOPHA); + return NewHook(hp, "Cotopha"); +} + +bool InsertCotophaHook2() +{ + if (void *addr = GetProcAddress(GetModuleHandleW(NULL), "eslHeapFree")) + { + HookParam hp; + hp.address = (uintptr_t)addr; + hp.offset = get_stack(2); + hp.type = CODEC_UTF16 | USING_STRING; + hp.filter_fun = CotophaFilter; + return NewHook(hp, "Cotopha2"); + } + return false; +} +bool InsertCotophaHook3() +{ + const BYTE bytes[] = {0x8B, 0x75, 0xB8, 0x8B, 0xCE, 0x50, 0xC6, 0x45, 0xFC, 0x01, 0xE8}; + ULONG range = min(processStopAddress - processStartAddress, MAX_REL_ADDR); + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStartAddress + range); + if (!addr) + return false; + + HookParam myhp; + myhp.address = addr; + myhp.type = CODEC_UTF16 | USING_STRING | EMBED_ABLE | EMBED_AFTER_NEW; + myhp.offset = get_reg(regs::eax); + + return NewHook(myhp, "Cotopha3_EWideString"); +} +bool InsertCotophaHook4() +{ + /* + * https://vndb.org/v32624 + */ + const BYTE bytes[] = { + 0xCC, // int 3 + 0x55, // push ebp << hook here + 0x8B, 0xEC, // mov ebp,esp + 0x51, // push ecx + 0x53, // push ebx + 0x56, // push esi + 0x57, // push edi + 0x8B, 0x7D, 0x08, // mov edi,[ebp+08] + 0x33, 0xF6, // xor esi,esi + 0x8B, 0xD9, // mov ebx,ecx + 0x85, 0xFF, // test edi,edi + 0x74, 0x0D // je ststeady2.glsGetEnabledProcessorType+643F + }; + + ULONG range = min(processStopAddress - processStartAddress, MAX_REL_ADDR); + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStartAddress + range); + if (!addr) + return false; + + HookParam hp = {}; + hp.address = addr + 1; + hp.offset = get_stack(1); + hp.type = CODEC_UTF16 | USING_STRING | NO_CONTEXT; + hp.filter_fun = CotophaFilter; + return NewHook(hp, "Cotopha4"); +} +namespace +{ + bool h5() + { + // 狙われた優等生 身代わりの代償 + const BYTE bytes[] = { + // if ( v90 && ((v40 = *(_WORD *)(v94 + 28), v40 >= 0x41u && v40 <= 0x5Au) || v40 >= 0x61u && v40 <= 0x7Au) ) + + 0x8b, 0x45, XX, + 0x0f, 0xb7, 0x50, XX, + + 0xb8, 0x41, 0x00, 0x00, 0x00, + 0x66, 0x3b, 0xd0, + 0x66, 0xb8, 0x5a, 0x00, + 0x1b, 0xc9, + 0x41, + 0x66, 0x3b, 0xc2, + 0x1b, 0xc0, + 0x40, + 0x85, 0xc8, + + 0x75, XX, + + 0xb8, 0x61, 0x00, 0x00, 0x00, + 0x66, 0x3b, 0xd0, + 0x66, 0xb8, 0x7a, 0x00, + 0x1b, 0xc9, + 0x41, + 0x66, 0x3b, 0xc2, + 0x1b, 0xc0, + 0x40, + 0x85, 0xc8 + + }; + + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStopAddress); + if (!addr) + return false; + addr = MemDbg::findEnclosingAlignedFunction(addr); + if (!addr) + return false; + BYTE check[] = { + 0x66, 0x90, + 0x40, + 0x66, 0x83, 0x3c, 0x42, 0x00, + 0x75, XX}; + BYTE check2[] = {0x8d, 0x45, 0xf4}; + auto addrx = MemDbg::findBytes(check, sizeof(check), addr, addr + 0x100); + if (!addrx) + return false; + addrx = MemDbg::findBytes(check2, sizeof(check2), addr, addrx); + if (!addrx) + return false; + HookParam hp; + hp.address = addr; + hp.offset = get_stack(3); + hp.type = CODEC_UTF16 | USING_STRING | EMBED_ABLE | EMBED_AFTER_NEW ; + hp.hook_font = F_GetGlyphOutlineW; + return NewHook(hp, "Cotopha5"); + } +} +bool InsertCotophaHook() +{ + auto _old = InsertCotophaHook1(); + return (InsertCotophaHook4() | InsertCotophaHook3()) || InsertCotophaHook2() || h5() || _old; +} +bool Cotopha::attach_function() +{ + + return InsertCotophaHook(); +} \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine32/Cotopha.h b/cpp/LunaHook/LunaHook/engine32/Cotopha.h new file mode 100644 index 00000000..3a34be45 --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/Cotopha.h @@ -0,0 +1,11 @@ + + +class Cotopha:public ENGINE{ + public: + Cotopha(){ + + check_by=CHECK_BY::FILE_ANY; + check_by_target=check_by_list{L"*.noa",L"data\\*.noa"}; + }; + bool attach_function(); +}; \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine32/DISCOVERY.cpp b/cpp/LunaHook/LunaHook/engine32/DISCOVERY.cpp new file mode 100644 index 00000000..7d33ea0a --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/DISCOVERY.cpp @@ -0,0 +1,39 @@ +#include "DISCOVERY.h" +namespace +{ + bool DISCOVERY1() + { + // https://vndb.org/v4053 + // 小雪の朱-コユキノアカ- + + BYTE sig[] = { + /* + if ( *(v6 - 2) != 23 + || *(v6 - 3) != sub_40C130(255, 255, 255) + || sub_418190(*(v6 - 4), v6 - 1) != 1 + || dword_B81054 && dword_975570 )*/ + + 0x83, 0x7b, 0xf8, 0x17, + 0x75, XX, + 0x68, 0xff, 0x00, 0x00, 0x00, + 0x68, 0xff, 0x00, 0x00, 0x00, + 0x68, 0xff, 0x00, 0x00, 0x00, + 0xe8}; + auto addr = MemDbg::findBytes(sig, sizeof(sig), processStartAddress, processStopAddress); + if (!addr) + return false; + HookParam hp; + hp.address = addr; + hp.type = USING_CHAR; + hp.text_fun = [](hook_stack *stack, HookParam *hp, TextBuffer *buffer, uintptr_t *split) + { + auto v6 = (int *)stack->ebx - 4; + buffer->from_t(*v6); + }; + return NewHook(hp, "DISCOVERY"); + } +} +bool DISCOVERY::attach_function() +{ + return DISCOVERY1(); +} \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine32/DISCOVERY.h b/cpp/LunaHook/LunaHook/engine32/DISCOVERY.h new file mode 100644 index 00000000..7b295703 --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/DISCOVERY.h @@ -0,0 +1,14 @@ + + +class DISCOVERY : public ENGINE +{ +public: + DISCOVERY() + { + + check_by = CHECK_BY::FILE_ALL; + check_by_target = check_by_list{L"BG.PD", L"CG.PD", L"CHIP.PD", L"SE.PB", L"STAND.PD", L"VOICE.PB", L"*.ID"}; + is_engine_certain = false; + }; + bool attach_function(); +}; \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine32/Debonosu.cpp b/cpp/LunaHook/LunaHook/engine32/Debonosu.cpp new file mode 100644 index 00000000..0ed46cde --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/Debonosu.cpp @@ -0,0 +1,221 @@ +#include "Debonosu.h" + +namespace +{ // unnamed + int _type; + void SpecialHookDebonosuScenario(hook_stack *stack, HookParam *hp, TextBuffer *buffer, uintptr_t *split) + { + DWORD retn = stack->retaddr; + if (*(WORD *)retn == 0xc483) + { // add esp, $ old Debonosu game + hp->offset = get_stack(1); + _type = 1; + } + else + { // new Debonosu game + hp->offset = get_reg(regs::eax); + _type = 2; + } + // hp->type ^= EXTERN_HOOK; + hp->text_fun = nullptr; + *split = FIXED_SPLIT_VALUE; + buffer->from_cs((char *)*(DWORD *)(stack->base + hp->offset)); + } + void hook_after(hook_stack *s, void *data, size_t len) + { + static std::string ts; + ts = std::string((LPSTR)data, len); + + if (_type == 1) + { + s->stack[1] = (DWORD)ts.c_str(); + } + else + { + s->ecx = (DWORD)ts.c_str(); + } + } + bool InsertDebonosuScenarioHook() + { + DWORD addr = Util::FindImportEntry(processStartAddress, (DWORD)lstrcatA); + if (!addr) + { + ConsoleOutput("Debonosu: lstrcatA is not called"); + return false; + } + DWORD search = 0x15ff | (addr << 16); // jichi 10/20/2014: call dword ptr ds + addr >>= 16; + for (DWORD i = processStartAddress; i < processStopAddress - 4; i++) + if (*(DWORD *)i == search && + *(WORD *)(i + 4) == addr && // call dword ptr lstrcatA + *(BYTE *)(i - 5) == 0x68) + { // push $ + DWORD push = *(DWORD *)(i - 4); + for (DWORD j = i + 6, k = j + 0x10; j < k; j++) + if (*(BYTE *)j == 0xb8 && + *(DWORD *)(j + 1) == push) + if (DWORD hook_addr = SafeFindEnclosingAlignedFunction(i, 0x200)) + { + HookParam hp; + hp.address = hook_addr; + hp.text_fun = SpecialHookDebonosuScenario; + // hp.type = USING_STRING; + hp.hook_after = hook_after; + hp.hook_font = F_MultiByteToWideChar | F_GetTextExtentPoint32A; + hp.type = USING_STRING | NO_CONTEXT | USING_SPLIT | FIXING_SPLIT | EMBED_ABLE | EMBED_DYNA_SJIS; // there is only one thread + hp.filter_fun = [](void *data, size_t *len, HookParam *hp) + { + return write_string_overwrite(data, len, std::regex_replace(std::string((char *)data, *len), std::regex("\\{(.*?)/(.*?)\\}"), "$1")); + }; + ConsoleOutput("INSERT Debonosu"); + + return NewHook(hp, "Debonosu"); + } + } + + ConsoleOutput("Debonosu: failed"); + // ConsoleOutput("Unknown Debonosu engine."); + return false; + } + void SpecialHookDebonosuName(hook_stack *stack, HookParam *hp, uintptr_t *data, uintptr_t *split, size_t *len) + { + DWORD text = stack->ecx; + if (!text) + return; + *data = text; + *len = ::strlen((LPCSTR)text); + *split = FIXED_SPLIT_VALUE << 1; + } + bool InsertDebonosuNameHook() + { + const BYTE bytes[] = { + // 0032f659 32c0 xor al,al + // 0032f65b 5b pop ebx + // 0032f65c 8be5 mov esp,ebp + // 0032f65e 5d pop ebp + // 0032f65f c3 retn + 0x55, // 0032f660 55 push ebp ; jichi: name text in ecx, which could be zero though + 0x8b, 0xec, // 0032f661 8bec mov ebp,esp + 0x81, 0xec, XX4, // 0032f663 81ec 2c080000 sub esp,0x82c + 0x8b, 0x45, 0x08, // 0032f669 8b45 08 mov eax,dword ptr ss:[ebp+0x8] + 0x53, // 0032f66c 53 push ebx + 0x56, // 0032f66d 56 push esi + 0x8b, 0xf1, // 0032f66e 8bf1 mov esi,ecx + 0x85, 0xc0, // 0032f670 85c0 test eax,eax + 0x8d, 0x4d, 0xf0, // 0032f672 8d4d f0 lea ecx,dword ptr ss:[ebp-0x10] + 0x0f, 0x45, 0xc8, // 0032f675 0f45c8 cmovne ecx,eax + 0x57 // 0032f678 57 push edi + }; + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStopAddress); + if (!addr) + { + ConsoleOutput("DebonosuName: pattern NOT FOUND"); + return false; + } + HookParam hp; + hp.address = addr; + // hp.text_fun = SpecialHookDebonosuName; + hp.offset = get_reg(regs::ecx); + // hp.type = USING_STRING; + hp.type = USING_STRING | NO_CONTEXT | USING_SPLIT | EMBED_ABLE | EMBED_AFTER_NEW; //|FIXING_SPLIT; // there is only one thread + ConsoleOutput("INSERT DebonosuName"); + + return NewHook(hp, "DebonosuName"); + } + +} // unnamed namespace +bool attach(ULONG startAddress, ULONG stopAddress) +{ + ULONG addr = 0; + { + const char *msg = "D3DFont::Draw"; + if (addr = MemDbg::findBytes(msg, ::strlen(msg + 1), startAddress, stopAddress)) + addr = MemDbg::findPushAddress(addr, startAddress, stopAddress); + } + if (!addr) + { + + const uint8_t bytes[] = { + 0x50, // 0010fb80 50 push eax + 0xff, 0x75, 0x14, // 0010fb81 ff75 14 push dword ptr ss:[ebp+0x14] + 0x8b, 0xce, // 0010fb84 8bce mov ecx,esi + 0xff, 0x75, 0x10 // 0010fb86 ff75 10 push dword ptr ss:[ebp+0x10] + }; + addr = MemDbg::findBytes(bytes, sizeof(bytes), startAddress, stopAddress); + } + if (!addr) + { + return false; + } + // addr = MemDbg::findEnclosingAlignedFunction(addr); // This might not work as the address is not always aligned + addr = MemDbg::findEnclosingFunctionAfterInt3(addr); + if (!addr) + { + return false; + } + HookParam hp; + hp.address = addr; + // hp.text_fun = SpecialHookDebonosuName; + hp.offset = 20; + // hp.type = USING_STRING; + hp.type = USING_STRING | NO_CONTEXT; //|FIXING_SPLIT; // there is only one thread + + return NewHook(hp, "Debonosu2"); +} + +namespace +{ + bool debox() + { + //[240726][1282636][でぼの巣製作所] 神楽漫遊記~桂香と初花~ DL版 (files) + auto lua51 = GetModuleHandle(L"lua5.1.dll"); + if (!lua51) + return false; + auto lua_tolstring = (DWORD)GetProcAddress(lua51, "lua_tolstring"); + if (!lua_tolstring) + return false; + auto addrs = findiatcallormov_all(lua_tolstring, processStartAddress, processStartAddress, processStopAddress, PAGE_EXECUTE); + auto succ = false; + for (auto addr : addrs) + { + HookParam hp; + hp.address = addr + 6; + hp.type = USING_STRING | NO_CONTEXT; + hp.offset = get_reg(regs::eax); + hp.filter_fun = [](LPVOID data, size_t *size, HookParam *) + { + auto text = reinterpret_cast(data); + auto len = reinterpret_cast(size); + if (all_ascii(text, *len)) + return false; + + std::string str = std::string(text, *len); + std::regex reg1("\\{(.*?)/(.*?)\\}"); + std::string result1 = std::regex_replace(str, reg1, "$1"); + + return write_string_overwrite(text, len, result1); + return true; + }; + succ |= NewHook(hp, "debonosu"); + } + return succ; + } +} +bool InsertDebonosuHook() +{ + bool ok = InsertDebonosuScenarioHook(); + if (ok) + InsertDebonosuNameHook(); + return ok; +} + +bool Debonosu::attach_function() +{ + // 1/1/2016 jich: skip izumo4 from studio ego that is not supported by debonosu + if (Util::CheckFile(L"*izumo4*.exe")) + { + PcHooks::hookOtherPcFunctions(); + return true; + } + return InsertDebonosuHook() || debox(); +} \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine32/Debonosu.h b/cpp/LunaHook/LunaHook/engine32/Debonosu.h new file mode 100644 index 00000000..9865c748 --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/Debonosu.h @@ -0,0 +1,16 @@ + + +class Debonosu:public ENGINE{ + public: + Debonosu(){ + + check_by=CHECK_BY::CUSTOM; + check_by_target=[](){ + //神楽創世記-久遠- + //官方中英版,bmp.pak在语言目录里。 + auto paks={L"bmp.pak",L"EN\\bmp.pak",L"ZHCN\\bmp.pak",L"ZHTW\\bmp.pak"}; + return (std::any_of(paks.begin(),paks.end(),Util::CheckFile) && Util::CheckFile(L"dsetup.dll"))||(Util::SearchResourceString(L"でぼの巣製作所")); + }; + }; + bool attach_function(); +}; \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine32/Diskdream.cpp b/cpp/LunaHook/LunaHook/engine32/Diskdream.cpp new file mode 100644 index 00000000..d6444462 --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/Diskdream.cpp @@ -0,0 +1,22 @@ +#include"Diskdream.h" + +bool Diskdream::attach_function() { + //https://vndb.org/v3143 + //Endless Serenade + char skip[]="FrameSkip = "; + ULONG addr = MemDbg::findBytes(skip, sizeof(skip), processStartAddress, processStopAddress); + if (!addr) return false; + addr=MemDbg::findPushAddress(addr,processStartAddress, processStopAddress); + if (!addr) return false; + addr = findfuncstart(addr); + if (!addr) return false; + HookParam hp; + hp.address = addr; + hp.offset=get_reg(regs::edx); + hp.type = USING_STRING; + hp.filter_fun = [](LPVOID data, size_t *size, HookParam *){ + if(*size==0)return false; + return (bool)IsDBCSLeadByteEx(932,*(BYTE*)data); + }; + return NewHook(hp, "Diskdream"); +} \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine32/Diskdream.h b/cpp/LunaHook/LunaHook/engine32/Diskdream.h new file mode 100644 index 00000000..cd68a96b --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/Diskdream.h @@ -0,0 +1,11 @@ + + +class Diskdream:public ENGINE{ + public: + Diskdream(){ + + check_by=CHECK_BY::FILE_ALL; + check_by_target=check_by_list{L"system.har",L"Graphic.har",L"wave*.har"}; + }; + bool attach_function(); +}; \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine32/DxLib.cpp b/cpp/LunaHook/LunaHook/engine32/DxLib.cpp new file mode 100644 index 00000000..4719dd2e --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/DxLib.cpp @@ -0,0 +1,50 @@ +#include"DxLib.h" +bool DxLibFilter(LPVOID data, size_t* size, HookParam*) +{ + auto text = reinterpret_cast(data); + auto len = reinterpret_cast(size); + + StringCharReplacer(text, len, "%N", 2, ' '); + StringFilter(text, len, "%K", 2); + StringFilter(text, len, "%P", 2); + + return true; +} +bool InsertDxLibHook() +{ + + /* + * Sample games: + * https://vndb.org/v7849 + * https://vndb.org/v10231 + */ + const BYTE bytes[] = { + 0xF7, 0xC6, XX4, // test esi,00000003 << hook here + 0x75, XX, // jne BookofShadows.exe+15FE54 + 0x8B, 0xD9, // mov ebx,ecx + 0xC1, 0xE9, 0x02, // shr ecx,02 + 0x75, XX, // jne BookofShadows.exe+15FEAE + 0xEB, XX // jmp BookofShadows.exe+15FE76 + }; + + ULONG range = min(processStopAddress - processStartAddress, MAX_REL_ADDR); + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStartAddress + range); + if (!addr) { + ConsoleOutput("DxLib: pattern not found"); + return false; + } + + HookParam hp; + hp.address = addr; + hp.offset =get_reg(regs::esi); + hp.type = USING_STRING; + hp.filter_fun = DxLibFilter; + ConsoleOutput(" INSERT DxLib"); + + return NewHook(hp, "DxLib"); +} + + +bool DxLib::attach_function() { + return InsertDxLibHook(); +} \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine32/DxLib.h b/cpp/LunaHook/LunaHook/engine32/DxLib.h new file mode 100644 index 00000000..ad73b7db --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/DxLib.h @@ -0,0 +1,12 @@ + + +class DxLib:public ENGINE{ + public: + DxLib(){ + + check_by=CHECK_BY::FILE; + check_by_target=L"*.bcx"; + is_engine_certain=false; + }; + bool attach_function(); +}; \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine32/EME.cpp b/cpp/LunaHook/LunaHook/engine32/EME.cpp new file mode 100644 index 00000000..6b269a1c --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/EME.cpp @@ -0,0 +1,74 @@ +#include "EME.h" + +/******************************************************************************************** +EMEHook hook: (Contributed by Freaka) + EmonEngine is used by LoveJuice company and TakeOut. Earlier builds were apparently + called Runrun engine. String parsing varies a lot depending on the font settings and + speed setting. E.g. without antialiasing (which very early versions did not have) + uses TextOutA, fast speed triggers different functions then slow/normal. The user can + set his own name and some odd control characters are used (0x09 for line break, 0x0D + for paragraph end) which is parsed and put together on-the-fly while playing so script + can't be read directly. +********************************************************************************************/ +bool InsertEMEHook() +{ + ULONG addr = MemDbg::findCallAddress((ULONG)::IsDBCSLeadByte, processStartAddress, processStopAddress); + // no needed as first call to IsDBCSLeadByte is correct, but sig could be used for further verification + // WORD sig = 0x51C3; + // while (c && (*(WORD*)(c-2)!=sig)) + //{ + // //-0x1000 as FindCallOrJmpAbs always uses an offset of 0x1000 + // c = Util::FindCallOrJmpAbs((DWORD)IsDBCSLeadByte,processStopAddress-c-0x1000+4,c-0x1000+4,false); + //} + if (!addr) + { + ConsoleOutput("EME: pattern does not exist"); + return false; + } + HookParam hp; + hp.address = addr; + hp.offset = get_reg(regs::eax); + hp.type = NO_CONTEXT | DATA_INDIRECT | USING_STRING; + ConsoleOutput("INSERT EmonEngine"); + + // ConsoleOutput("EmonEngine, hook will only work with text speed set to slow or normal!"); + // else ConsoleOutput("Unknown EmonEngine engine"); + return NewHook(hp, "EmonEngine"); +} +namespace +{ + + bool takeout() + { + // https://vndb.org/v6187 + // みちくさ~Loitering on the way~ + + trigger_fun = [](LPVOID addr, hook_stack *stack) + { + if (addr != (LPVOID)GetGlyphOutlineA) + return false; + auto caller = stack->retaddr; + auto add = MemDbg::findEnclosingAlignedFunction(caller); + if (!add) + return true; + HookParam hp; + hp.address = add; + + hp.type = USING_STRING; + hp.offset = get_stack(4); + hp.filter_fun = [](LPVOID data, size_t *size, HookParam *) + { + auto xx = std::string((char *)data, *size); + static lru_cache last(10); + return !last.touch(xx); + }; + return NewHook(hp, "takeout"); + }; + return false; + } +} +bool EME::attach_function() +{ + + return InsertEMEHook() | takeout(); +} \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine32/EME.h b/cpp/LunaHook/LunaHook/engine32/EME.h new file mode 100644 index 00000000..90db5489 --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/EME.h @@ -0,0 +1,11 @@ + + +class EME:public ENGINE{ + public: + EME(){ + + check_by=CHECK_BY::FILE; + check_by_target=L"emecfg.ecf"; + }; + bool attach_function(); +}; \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine32/Eagls.cpp b/cpp/LunaHook/LunaHook/engine32/Eagls.cpp new file mode 100644 index 00000000..c0a730a0 --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/Eagls.cpp @@ -0,0 +1,31 @@ +#include"Eagls.h" + + +/** jichi 7/26/2014: E.A.G.L.S engine for TechArts games (SQUEEZ, May-Be Soft) + * Sample games: [May-Be Soft] ちぽ�んじ� * Should also work for SQUEEZ's 孕ませシリーズ + * + * Two functions calls to GetGlyphOutlineA are responsible for painting. + * - 0x4094ef + * - 0x409e35 + * However, by default, one of the thread is like: scenario namename scenario + * The other thread have infinite loop. + */ +bool InsertEaglsHook() +{ + + // Modify the split for GetGlyphOutlineA + HookParam hp; + hp.address = (DWORD)::GetGlyphOutlineA; + hp.type = CODEC_ANSI_BE|USING_SPLIT; // the only difference is the split value + hp.offset = get_stack(2); + hp.split = get_stack(4); + //hp.split = arg7_lpmat2; + ConsoleOutput("INSERT EAGLS"); + + return NewHook(hp, "EAGLS"); +} + + +bool Eagls::attach_function() { + return InsertEaglsHook(); +} \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine32/Eagls.h b/cpp/LunaHook/LunaHook/engine32/Eagls.h new file mode 100644 index 00000000..46c8171c --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/Eagls.h @@ -0,0 +1,11 @@ + + +class Eagls:public ENGINE{ + public: + Eagls(){ + + check_by=CHECK_BY::FILE; + check_by_target=L"EAGLS.dll"; + }; + bool attach_function(); +}; \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine32/Elf.cpp b/cpp/LunaHook/LunaHook/engine32/Elf.cpp new file mode 100644 index 00000000..7a1661b0 --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/Elf.cpp @@ -0,0 +1,716 @@ +#include "Elf.h" + +/** + * jichi 6/1/2014: + * Observations from 愛姉妹4 + * - Scenario: arg1 + 4*5 is 0, arg1+0xc is address of the text + * - Character: arg1 + 4*10 is 0, arg1+0xc is text + */ +static inline size_t _elf_strlen(LPCSTR p) // limit search address which might be bad +{ + // CC_ASSERT(p); + for (size_t i = 0; i < VNR_TEXT_CAPACITY; i++) + if (!*p++) + return i; + return 0; // when len >= VNR_TEXT_CAPACITY +} + +static void SpecialHookElf(hook_stack *stack, HookParam *hp, TextBuffer *buffer, uintptr_t *split) +{ + // DWORD arg1 = *(DWORD *)(esp_base + 0x4); + DWORD arg1 = stack->stack[1]; + DWORD arg2_scene = arg1 + 4 * 5, + arg2_chara = arg1 + 4 * 10; + DWORD text; //= 0; // This variable will be killed + if (*(DWORD *)arg2_scene == 0) + { + text = *(DWORD *)(arg2_scene + 4 * 3); + if (!text || ::IsBadReadPtr((LPCVOID)text, 1)) // Text from scenario could be bad when open backlog while the character is speaking + return; + *split = 1; + } + else if (*(DWORD *)arg2_chara == 0) + { + text = arg2_chara + 4 * 3; + *split = 2; + } + else + return; + // if (text && text < MemDbg::UserMemoryStopAddress) { + // *len = _elf_strlen((LPCSTR)text); // in case the text is bad but still readable + //*len = ::strlen((LPCSTR)text); + buffer->from(text, _elf_strlen((LPCSTR)text)); +} + +/** + * jichi 5/31/2014: elf's + * Type1: SEXヂ�ーチャー剛史 trial, reladdr = 0x2f0f0, 2 parameters + * Type2: 愛姉妹4, reladdr = 0x2f9b0, 3 parameters + * + * IDA: sub_42F9B0 proc near ; bp-based frame + * var_8 = dword ptr -8 + * var_4 = byte ptr -4 + * var_3 = word ptr -3 + * arg_0 = dword ptr 8 + * arg_4 = dword ptr 0Ch + * arg_8 = dword ptr 10h + * + * Call graph (Type2): + * 0x2f9b0 ; hook here + * > 0x666a0 ; called multiple time + * > TextOutA ; there are two TextOutA, the second is the right one + * + * Function starts (Type1), pattern offset: 0xc + * - 012ef0f0 /$ 55 push ebp ; jichi: hook + * - 012ef0f1 |. 8bec mov ebp,esp + * - 012ef0f3 |. 83ec 10 sub esp,0x10 + * - 012ef0f6 |. 837d 0c 00 cmp dword ptr ss:[ebp+0xc],0x0 + * - 012ef0fa |. 53 push ebx + * - 012ef0fb |. 56 push esi + * - 012ef0fc |. 75 0f jnz short stt_tria.012ef10d ; jicchi: pattern starts + * - 012ef0fe |. 8b45 08 mov eax,dword ptr ss:[ebp+0x8] + * - 012ef101 |. 8b48 04 mov ecx,dword ptr ds:[eax+0x4] + * - 012ef104 |. 8b91 90000000 mov edx,dword ptr ds:[ecx+0x90] ; jichi: pattern stops + * - 012ef10a |. 8955 0c mov dword ptr ss:[ebp+0xc],edx + * - 012ef10d |> 8b4d 08 mov ecx,dword ptr ss:[ebp+0x8] + * - 012ef110 |. 8b51 04 mov edx,dword ptr ds:[ecx+0x4] + * - 012ef113 |. 33c0 xor eax,eax + * - 012ef115 |. c645 f8 00 mov byte ptr ss:[ebp-0x8],0x0 + * - 012ef119 |. 66:8945 f9 mov word ptr ss:[ebp-0x7],ax + * - 012ef11d |. 8b82 b0000000 mov eax,dword ptr ds:[edx+0xb0] + * - 012ef123 |. 8945 f4 mov dword ptr ss:[ebp-0xc],eax + * - 012ef126 |. 33db xor ebx,ebx + * - 012ef128 |> 8b4f 20 /mov ecx,dword ptr ds:[edi+0x20] + * - 012ef12b |. 83f9 10 |cmp ecx,0x10 + * + * Function starts (Type2), pattern offset: 0x10 + * - 0093f9b0 /$ 55 push ebp ; jichi: hook here + * - 0093f9b1 |. 8bec mov ebp,esp + * - 0093f9b3 |. 83ec 08 sub esp,0x8 + * - 0093f9b6 |. 837d 10 00 cmp dword ptr ss:[ebp+0x10],0x0 + * - 0093f9ba |. 53 push ebx + * - 0093f9bb |. 8b5d 0c mov ebx,dword ptr ss:[ebp+0xc] + * - 0093f9be |. 56 push esi + * - 0093f9bf |. 57 push edi + * - 0093f9c0 |. 75 0f jnz short silkys.0093f9d1 ; jichi: pattern starts + * - 0093f9c2 |. 8b45 08 mov eax,dword ptr ss:[ebp+0x8] + * - 0093f9c5 |. 8b48 04 mov ecx,dword ptr ds:[eax+0x4] + * - 0093f9c8 |. 8b91 90000000 mov edx,dword ptr ds:[ecx+0x90] ; jichi: pattern stops + * - 0093f9ce |. 8955 10 mov dword ptr ss:[ebp+0x10],edx + * - 0093f9d1 |> 33c0 xor eax,eax + * - 0093f9d3 |. c645 fc 00 mov byte ptr ss:[ebp-0x4],0x0 + * - 0093f9d7 |. 66:8945 fd mov word ptr ss:[ebp-0x3],ax + * - 0093f9db |. 33ff xor edi,edi + * - 0093f9dd |> 8b53 20 /mov edx,dword ptr ds:[ebx+0x20] + * - 0093f9e0 |. 8d4b 0c |lea ecx,dword ptr ds:[ebx+0xc] + * - 0093f9e3 |. 83fa 10 |cmp edx,0x10 + */ +bool InsertElfHook() +{ + const BYTE bytes[] = { + // 0x55, // 0093f9b0 /$ 55 push ebp ; jichi: hook here + // 0x8b,0xec, // 0093f9b1 |. 8bec mov ebp,esp + // 0x83,0xec, 0x08, // 0093f9b3 |. 83ec 08 sub esp,0x8 + // 0x83,0x7d, 0x10, 0x00, // 0093f9b6 |. 837d 10 00 cmp dword ptr ss:[ebp+0x10],0x0 + // 0x53, // 0093f9ba |. 53 push ebx + // 0x8b,0x5d, 0x0c, // 0093f9bb |. 8b5d 0c mov ebx,dword ptr ss:[ebp+0xc] + // 0x56, // 0093f9be |. 56 push esi + // 0x57, // 0093f9bf |. 57 push edi + 0x75, 0x0f, // 0093f9c0 |. 75 0f jnz short silkys.0093f9d1 + 0x8b, 0x45, 0x08, // 0093f9c2 |. 8b45 08 mov eax,dword ptr ss:[ebp+0x8] + 0x8b, 0x48, 0x04, // 0093f9c5 |. 8b48 04 mov ecx,dword ptr ds:[eax+0x4] + 0x8b, 0x91, 0x90, 0x00, 0x00, 0x00 // 0093f9c8 |. 8b91 90000000 mov edx,dword ptr ds:[ecx+0x90] + }; + // enum { addr_offset = 0xc }; + ULONG range = min(processStopAddress - processStartAddress, MAX_REL_ADDR); + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStartAddress + range); + // GROWL_DWORD(addr); + // addr = 0x42f170; // 愛姉妹4 Trial + // reladdr = 0x2f9b0; // 愛姉妹4 + // reladdr = 0x2f0f0; // SEXヂ�ーチャー剛史 trial + if (!addr) + { + ConsoleOutput("Elf: pattern not found"); + return false; + } + + enum : BYTE + { + push_ebp = 0x55 + }; + for (int i = 0; i < 0x20; i++, addr--) // value of i is supposed to be 0xc or 0x10 + if (*(BYTE *)addr == push_ebp) + { // beginning of the function + + HookParam hp; + hp.address = addr; + hp.text_fun = SpecialHookElf; + hp.type = USING_STRING | NO_CONTEXT; // = 9 + + ConsoleOutput("INSERT Elf"); + + return NewHook(hp, "Elf"); + } + ConsoleOutput("Elf: function not found"); + return false; +} +namespace +{ + bool __() + { + const BYTE bytes[] = { + // 姫騎士オリヴィア ~へ、変態、この変態男!少しは恥を知りなさい!~ + // 女系家族III~秘密HIMITSU卑蜜~ + // ベロちゅー!~コスプレメイドをエロメロしちゃう魔法の舌戯~ + 0x0F, 0xB7, XX, XX4, // v11 == 30081 // movzx edx, ds:word_4C285C //word_4C285C dw 7581h + }; + + for (auto addr : Util::SearchMemory(bytes, sizeof(bytes), PAGE_EXECUTE, processStartAddress, processStopAddress)) + { + BYTE reg = *(BYTE *)(addr + 2); + if ((reg != 0x05) && (reg != 0x0d) && (reg != 0x1d) && (reg != 0x15)) + continue; + int word_4C285C_addr = *(int *)(addr + 3); + if (word_4C285C_addr < processStartAddress || word_4C285C_addr > processStopAddress) + continue; + int word_4C285C = *(int *)word_4C285C_addr; + if ((word_4C285C) != 0x7581) + continue; + addr = findfuncstart(addr, 0x200); + if (addr == 0) + continue; + HookParam hp; + hp.address = addr; + hp.offset = get_stack(1); + hp.type = USING_STRING; + + return NewHook(hp, "aiwin6"); + } + + return false; + } +} +namespace +{ // unnamed + namespace ScenarioHook + { + namespace Private + { + + struct TextArgument + { + DWORD _unknown1[5]; + + DWORD scenarioFlag; // +4*5, 0 if it is scenario + DWORD _unknown2[2]; + LPCSTR scenarioText; // +4*5+4*3, could be bad address though + DWORD _unknown3; + + DWORD nameFlag; // +4*10, 0 if it is name + DWORD _unknown4[2]; + char nameText[1]; // +4*10+4*3, could be bad address though + }; + + std::string data_; + TextArgument *scenarioArg_, + *nameArg_; + LPCSTR scenarioText_; + + enum + { + MaxNameSize = 100 + }; + char nameText_[MaxNameSize + 1]; + + void hookBefore(hook_stack *s, HookParam *hp, TextBuffer *buffer, uintptr_t *role) + { + auto arg = (TextArgument *)s->stack[0]; // arg1 on the top of the stack + + // Scenario + if (arg->scenarioFlag == 0) + { + *role = Engine::ScenarioRole; + // Text from scenario could be bad when open backlog while the character is speaking + auto text = arg->scenarioText; + if (!Engine::isAddressReadable(text)) + return; + buffer->from_cs(text); + return; + // data_ = q->dispatchTextASTD(text, role, sig); + // scenarioArg_ = arg; + // scenarioText_ = arg->scenarioText; + // arg->scenarioText = (LPCSTR)data_.c_str(); + } + else if (arg->nameFlag == 0) + { + *role = Engine::NameRole; + auto text = arg->nameText; + buffer->from_cs(text); + return; + // ::memcpy(text, newData.constData(), qMin(oldData.size(), newData.size())); + // int left = oldData.size() - newData.size(); + // if (left > 0) + // ::memset(text + oldData.size() - left, 0, left); + } + } + void hookafter1(hook_stack *s, void *data1, size_t len) + { + auto newData = std::string((char *)data1, len); + auto arg = (TextArgument *)s->stack[0]; // arg1 on the top of the stack + + // Scenario + if (arg->scenarioFlag == 0) + { + + auto text = arg->scenarioText; + if (!Engine::isAddressReadable(text)) + return; + data_ = newData; + scenarioArg_ = arg; + scenarioText_ = arg->scenarioText; + arg->scenarioText = (LPCSTR)data_.c_str(); + } + else if (arg->nameFlag == 0) + { + + auto text = arg->nameText; + std::string oldData = text; + ::memcpy(text, newData.c_str(), min(oldData.size(), newData.size())); + int left = oldData.size() - newData.size(); + if (left > 0) + ::memset(text + oldData.size() - left, 0, left); + } + } + void hookAfter(hook_stack *stack, HookParam *hp, TextBuffer *buffer, uintptr_t *split) + { + if (scenarioArg_) + { + scenarioArg_->scenarioText = scenarioText_; + scenarioArg_ = nullptr; + } + if (nameArg_) + { + ::strcpy(nameArg_->nameText, nameText_); + nameArg_ = nullptr; + } + } + + } // namespace Private + + /** + * jichi 5/31/2014: elf's + * Type1: SEXティーチャー剛史 trial, reladdr = 0x2f0f0, 2 parameters + * Type2: 愛姉妹4, reladdr = 0x2f9b0, 3 parameters + * + * The hooked function is the caller of the caller of TextOutA. + */ + bool attach(ULONG startAddress, ULONG stopAddress) + { + const uint8_t bytes[] = { + // 0x55, // 0093f9b0 /$ 55 push ebp ; jichi: hook here + // 0x8b,0xec, // 0093f9b1 |. 8bec mov ebp,esp + // 0x83,0xec, 0x08, // 0093f9b3 |. 83ec 08 sub esp,0x8 + // 0x83,0x7d, 0x10, 0x00, // 0093f9b6 |. 837d 10 00 cmp dword ptr ss:[ebp+0x10],0x0 + // 0x53, // 0093f9ba |. 53 push ebx + // 0x8b,0x5d, 0x0c, // 0093f9bb |. 8b5d 0c mov ebx,dword ptr ss:[ebp+0xc] + // 0x56, // 0093f9be |. 56 push esi + // 0x57, // 0093f9bf |. 57 push edi + 0x75, 0x0f, // 0093f9c0 |. 75 0f jnz short silkys.0093f9d1 + 0x8b, 0x45, 0x08, // 0093f9c2 |. 8b45 08 mov eax,dword ptr ss:[ebp+0x8] + 0x8b, 0x48, 0x04, // 0093f9c5 |. 8b48 04 mov ecx,dword ptr ds:[eax+0x4] + 0x8b, 0x91, 0x90, 0x00, 0x00, 0x00 // 0093f9c8 |. 8b91 90000000 mov edx,dword ptr ds:[ecx+0x90] + }; + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), startAddress, stopAddress); + if (!addr) + return false; + addr = MemDbg::findEnclosingAlignedFunction(addr); + if (!addr) + return false; + int count = 0; + auto fun = [&count](ULONG addr) -> bool + { + bool succ = false; + HookParam hp; + hp.address = addr; + hp.text_fun = Private::hookBefore; + hp.hook_after = Private::hookafter1; + hp.type = USING_STRING | EMBED_ABLE | EMBED_DYNA_SJIS | NO_CONTEXT; + hp.hook_font = F_TextOutA; + succ |= NewHook(hp, "EmbedElf"); + hp.address = addr + 5; + hp.text_fun = Private::hookAfter; + succ |= NewHook(hp, "EmbedElf"); + count += 1; + return succ; // replace all functions + }; + MemDbg::iterNearCallAddress(fun, addr, startAddress, stopAddress); + return count; + + // lastCaller = MemDbg::findEnclosingAlignedFunction(lastCaller); + // Private::attached_ = false; + // return winhook::hook_before(lastCaller, [=](winhook::hook_stack *s) -> bool { + // if (Private::attached_) + // return true; + // Private::attached_ = true; + // if (ULONG addr = MemDbg::findEnclosingAlignedFunction(s->stack[0])) { + // DOUT("dynamic pattern found"); + // Private::oldHookFun = (Private::hook_fun_t)winhook::replace_fun(addr, (ULONG)Private::newHookFun); + // } + // return true; + // }); + } + + } // namespace ScenarioHook +} // unnamed namespace +namespace +{ + // flutter of birds~鳥達の羽ばたき~ + // https://vndb.org/v2379 + // 需要注意的是,不能把文本跳到最快,不然2~4行无法显示。 + // 这个有一大堆候选 + bool elf3() + { + bool succ = false; + BYTE sig[] = { + 0x83, XX, 0x14, 0x10, + 0x72, XX}; + for (auto addr : Util::SearchMemory(sig, sizeof(sig), PAGE_EXECUTE, processStartAddress, processStopAddress)) + { + auto check1 = *(BYTE *)(addr + 5); + if (check1 != 0x02 && check1 != 0x04) + continue; + auto check = *(BYTE *)(addr + 1); + HookParam hp; + hp.address = addr; + hp.user_value = check; + hp.type = USING_STRING | NO_CONTEXT; + hp.text_fun = [](hook_stack *stack, HookParam *hp, TextBuffer *buffer, uintptr_t *split) + { + DWORD ptr; + switch (hp->user_value) + { + case 0x7a: + ptr = stack->edx; + break; + case 0x7b: + ptr = stack->ebx; + break; + case 0x79: + ptr = stack->ecx; + break; + case 0x78: + ptr = stack->eax; + break; + case 0x7e: + ptr = stack->esi; + break; + case 0x7f: + ptr = stack->edi; + break; + case 0x7d: + ptr = stack->ebp; + break; + // esp: + // 83 7c 24 14 10 + default: + hp->type = HOOK_EMPTY; + break; + } + auto text = (TextUnionA *)ptr; + buffer->from(text->getText(), text->size); + }; + hp.filter_fun = all_ascii_Filter; + succ |= NewHook(hp, "elf3"); + } + return succ; + } +} +namespace +{ + bool elf4() + { + // WORDS WORTH【Windows10対応】 + // elf3只能拿到人名,跳过 + uint8_t bytes[] = { + 0x72, 0x02, + 0x8b, 0x36, + 0x8a, 0x0e, + 0x84, 0xc9, + 0x0f, 0x84, XX4, + 0x8d, 0x57, XX, + 0x8d, 0x5f, XX, + 0x8b, 0xff, + 0x80, 0xf9, 0x81, + 0x72, 0x05, + 0x80, 0xf9, 0x9f, + 0x76, 0x07, + 0x8d, 0x41, 0x20, + 0x3c, 0x0f, + 0x77, XX}; + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStopAddress); + if (!addr) + return false; + HookParam hp; + hp.address = addr + 4; + hp.type = USING_STRING; + hp.offset = get_reg(regs::esi); + return NewHook(hp, "Elf4"); + } +} +namespace +{ + bool nvxijiazu() + { + // https://vndb.org/v3327 + // 女系家族~淫謀~ + BYTE sig[] = { + 0X55, + 0x8b, 0xec, // mov ebp,esp + 0x51, 0x53, 0x56, + 0x8b, 0xf1, + 0x66, 0xc7, 0x45, 0xfd, 0x00, 0x00, + 0x66, 0x8b, 0x4d, 0x10, // mov ecx,[ebp+10] + 0x66, 0x8b, 0xd1, + 0x66, 0xc1, 0xea, 0x08, + 0x80, 0xfa, 0x81, // cmp dl,0x81 + 0x72, 0x05, + 0x80, 0xfa, 0x9f, // cmp dl,0x9f + 0x76, XX}; + ULONG addr = MemDbg::findBytes(sig, sizeof(sig), processStartAddress, processStopAddress); + if (!addr) + return false; + HookParam hp; + hp.address = addr; + hp.type = USING_CHAR | CODEC_ANSI_BE | DATA_INDIRECT; // 不可以NO_CONTEXT,因为有彩色可点击文字,会在另一个context有很多垃圾文本 + hp.offset = get_reg(regs::esp); + hp.index = 0x10; + return NewHook(hp, "Elf4"); + } +} +bool Elf::attach_function() +{ + + auto _1 = InsertElfHook() || __() || elf4() || nvxijiazu() || elf3(); + return ScenarioHook::attach(processStartAddress, processStopAddress) || _1; +} + +bool isshiftjisX(WORD w) +{ + auto l = w & 0xff; + auto h = (w >> 8) & 0xff; + if (!(((l <= 0x9f) && (l >= 0x81)) || ((l <= 0xEF) && (l >= 0xE0)))) + return false; + return ((h >= 0x40) && (h <= 0x7e)) || ((h >= 0x80) && (h <= 0xFC)); +} +void SpecialHookElf2(hook_stack *stack, HookParam *hp, TextBuffer *buffer, uintptr_t *split) +{ + static DWORD lasttext; + DWORD eax = stack->eax; + DWORD edx = stack->edx; + auto c = *(WORD *)(eax + edx); + if (isshiftjisX(c) == false) + { + return; + } + *split = stack->stack[1]; + buffer->from_t(c); +} +bool Elf2attach_function() +{ + // 这个有好多乱码 + //[エルフ]あしたの雪之丞 DVD Special Edition + const uint8_t bytes[] = { + 0x53, + 0x8a, 0x1c, 0x02, + 0x8b, 0x54, 0x24, 0x08, + 0x03, 0xc2}; + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStopAddress); + if (!addr) + return false; + HookParam hp; + hp.address = addr + 1; + hp.text_fun = SpecialHookElf2; + hp.type = NO_CONTEXT | USING_CHAR; + + return NewHook(hp, "Elf"); +} +bool elf2() +{ + // 勝 あしたの雪之丞2 + const uint8_t bytes[] = { + 0x66, 0x8b, 0x8e, XX4, + 0x66, 0x8b, 0x96, XX4, + 0x66, 0x01, 0x8e, XX4, + 0x66, 0x89, 0x96, XX4, + 0x8b, 0x06, + 0x6a, 0x00, + 0x8b, 0xce, + 0xff, 0x50, 0x08, + 0x84, 0xc0}; + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStopAddress); + if (!addr) + return false; + HookParam hp; + + hp.type = NO_CONTEXT | USING_CHAR; + hp.offset = get_reg(regs::ebx); + //[エルフ]あしたの雪之丞 DVD Special Edition + + const uint8_t bytes2[] = { + 0x66, 0x33, 0xdb, + 0x6a, 0x01, + 0x8a, 0xd8, + 0x8b, 0x06, + 0x8b, 0xce, + 0xff, 0x50, 0x08, + 0x33, 0xc9, + 0x33, 0xd2, + 0x8a, 0xe8, + 0x0b, 0xd9}; + auto addr2 = reverseFindBytes(bytes2, sizeof(bytes2), addr - 0x100, addr); + if (addr2) + { + hp.address = addr2 + sizeof(bytes2); + } + else + { + hp.address = addr + sizeof(bytes); + } + return NewHook(hp, "Elf"); +} +namespace +{ + // リフレインブルー【Windows10対応】 + bool _h1() + { + // HAN-18*-4@42E12:AI5WIN.exe + BYTE sig[] = { + 0x33, 0xff, + 0x8b, 0x06, + 0x8b, 0xce, + 0x6a, 0x01, + 0x8b, 0x40, 0x08, + 0xff, 0xd0, + 0x0f, 0x0b6, 0xc0, + 0x8b, 0xce, + 0x66, 0xc1, 0xe0, 0x08, + 0x0f, 0xb7, 0xc0, + 0x89, 0x45, 0xfc, + 0x8b, 0x06, + 0x6a, 0x01, + 0x8b, 0x40, 0x08, + 0xff, 0xd0, + 0x0f, 0xb6, 0xc0, + 0x8b, 0xce, + 0x66, 0x09, 0x45, 0xfc, + 0xff, 0x75, 0xfc, + 0xe8}; + ULONG addr = MemDbg::findBytes(sig, sizeof(sig), processStartAddress, processStopAddress); + if (!addr) + return false; + HookParam hp; + hp.address = addr + sizeof(sig) - 1; + hp.type = NO_CONTEXT | USING_CHAR | DATA_INDIRECT | CODEC_ANSI_BE; + hp.offset = get_reg(regs::ebp); + hp.index = -4; + return NewHook(hp, "Elf"); + } + bool _h2() + { + // HAN4@49570:AI5WIN.exe + + BYTE sig[] = { + 0x33, 0xc5, + 0x89, 0x45, 0xfc, + 0x8a, 0x81, XX4, + + 0x84, 0xc0, + 0x75, 0x0e, + 0x8b, 0x81, XX4, + 0x03, 0x81, XX4, + 0xeb, XX, + + 0x3c, 0x01, + 0x75, 0x0e, + 0x8b, 0x81, XX4, + 0x03, 0x81, XX4, + 0xeb, XX, + + 0x3c, 0x02, + 0x75, 0x0e, + 0x8b, 0x81, XX4, + 0x03, 0x81, XX4, + 0xeb, XX}; + ULONG addr = MemDbg::findBytes(sig, sizeof(sig), processStartAddress, processStopAddress); + if (!addr) + return false; + addr = MemDbg::findEnclosingAlignedFunction(addr); + if (!addr) + return false; + HookParam hp; + hp.address = addr; + hp.type = NO_CONTEXT | USING_CHAR | CODEC_ANSI_BE; + hp.offset = get_stack(1); + return NewHook(hp, "Elf"); + } + bool all() + { + return _h1() | _h2(); + } +} +namespace +{ + bool el() + { + // https://vndb.org/v2293 + // 【el】【Windows10対応】 + BYTE sig[] = { + // 0x66,0x8b,0x4d,0x0c + // 0x66,0x8b,0xc1 + 0x66, 0xc1, 0xe8, 0x08, + XX, // 0x57 + 0x3c, 0x81, + 0x72, 0x04, + 0x3c, 0x9f, + 0x76, 0x08, + 0x3c, 0xe0, + 0x72, 0x10, + 0x3c, 0xef, + 0x77, 0x0c}; + ULONG addr = MemDbg::findBytes(sig, sizeof(sig), processStartAddress, processStopAddress); + if (!addr) + return false; + HookParam hp; + hp.address = addr; + hp.type = NO_CONTEXT | USING_CHAR | CODEC_ANSI_BE; + hp.offset = get_reg(regs::eax); + return NewHook(hp, "Elf"); + } +} +bool Elf2::attach_function() +{ + return elf2() || Elf2attach_function() || all() || el(); +} + +bool ElfFunClubFinal::attach_function() +{ + // mov reg,ds:TextOutA + bool succ = false; + for (auto addr : findiatcallormov_all((DWORD)TextOutA, processStartAddress, processStartAddress, processStopAddress, PAGE_EXECUTE, XX)) + { + BYTE s[] = {XX, 0xCC, 0xCC, 0xCC}; + addr = reverseFindBytes(s, 4, addr - 0x100, addr); + if (addr == 0) + continue; + HookParam hp; + hp.address = addr + 4; + hp.type = CODEC_ANSI_BE | USING_CHAR; + hp.text_fun = [](hook_stack *stack, HookParam *hp, TextBuffer *buffer, uintptr_t *split) + { + *split = stack->stack[2] > 8; + buffer->from_t((WORD)stack->stack[3]); + }; + succ |= NewHook(hp, "ElfFunClubFinal"); + } + return succ; +} \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine32/Elf.h b/cpp/LunaHook/LunaHook/engine32/Elf.h new file mode 100644 index 00000000..e00ade07 --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/Elf.h @@ -0,0 +1,52 @@ + + +class Elf : public ENGINE +{ +public: + Elf() + { + check_by = CHECK_BY::CUSTOM; + check_by_target = []() + { + // flutter of birds~鳥達の羽ばたき~ + // https://vndb.org/v2379 + // 很奇怪,FindFirstFileW在win7上true,在win11上false,但PathFileExists在两者都是true + auto paks = {L"data.arc", L"effect.arc", L"mes.arc"}; + return std::all_of(paks.begin(), paks.end(), [](auto f) + { return Util::CheckFile_exits(f, true); }); + }; + // Util::CheckFile(L"Silkys.exe") || // It might or might not have Silkys.exe + // data, effect, layer, mes, music + }; + bool attach_function(); +}; + +class Elf2 : public ENGINE +{ +public: + Elf2() + { + check_by = CHECK_BY::CUSTOM; + check_by_target = []() + { + // check_by_list{L"data.arc",L"Ai5win.exe",L"mes.arc"}; + return Util::CheckFile_exits(L"Ai5win.exe", true) && (Util::CheckFile_exits(L"data.arc", true) || Util::CheckFile_exits(L"MISC\\data.arc", true)) && (Util::CheckFile_exits(L"mes.arc", true) || Util::CheckFile_exits(L"MISC\\mes.arc", true)); + }; + }; + bool attach_function(); +}; + +class ElfFunClubFinal : public ENGINE +{ +public: + ElfFunClubFinal() + { + is_engine_certain = false; + check_by = CHECK_BY::CUSTOM; + check_by_target = []() + { + return wcscmp(processName_lower, L"fanclub.exe") == 0; + }; + }; + bool attach_function(); +}; \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine32/EntisGLS.cpp b/cpp/LunaHook/LunaHook/engine32/EntisGLS.cpp new file mode 100644 index 00000000..e744be8e --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/EntisGLS.cpp @@ -0,0 +1,32 @@ +#include"EntisGLS.h" + +bool EntisGLS::attach_function() { + + +//それは舞い散る桜のように-完全版- +//int __thiscall sub_4BB5D0(_BYTE *this, LPCWCH lpWideCharStr) + const uint8_t bytes1[]={ + 0x66,0x83,0xF9,0x41 , + 0x72,0x06, + 0x66,0x83,0xF9,0x5a , + 0x76,0x0C, + 0x66,0x83,0xF9,0x61 , + 0x72,0x12, + 0x66,0x83,0xF9,0x7a , + 0x77,0x0c + + }; + auto addr=MemDbg::findBytes(bytes1, sizeof(bytes1), processStartAddress, processStopAddress); + + if (!addr) return false; + addr=MemDbg::findEnclosingAlignedFunction(addr); + if (!addr) return false; + HookParam hp; + hp.address = addr ; + hp.offset=get_stack(1); + hp.hook_font=F_GetGlyphOutlineW; + hp.type = USING_STRING|CODEC_UTF16|EMBED_ABLE|EMBED_AFTER_NEW; + + return NewHook(hp, "EntisGLS"); + +} \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine32/EntisGLS.h b/cpp/LunaHook/LunaHook/engine32/EntisGLS.h new file mode 100644 index 00000000..4ef15795 --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/EntisGLS.h @@ -0,0 +1,12 @@ + + +class EntisGLS:public ENGINE{ + public: + EntisGLS(){ + + check_by=CHECK_BY::FILE; + check_by_target= L"Data\\*.dat"; + is_engine_certain=false; + }; + bool attach_function(); +}; \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine32/Erogos.cpp b/cpp/LunaHook/LunaHook/engine32/Erogos.cpp new file mode 100644 index 00000000..a02e1b3b --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/Erogos.cpp @@ -0,0 +1,14 @@ +#include"Erogos.h" +//らぶフェチ ~マゾ編~ +//らぶフェチ~千聡編~ + +bool Erogos::attach_function() { + + HookParam hp; + hp.address = (DWORD)TextOutA; + hp.type=USING_STRING|USING_SPLIT; + hp.split=get_stack(4); + hp.offset=get_stack(4); + hp.length_offset=5; + return NewHook(hp, "Erogos"); +} \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine32/Erogos.h b/cpp/LunaHook/LunaHook/engine32/Erogos.h new file mode 100644 index 00000000..1f4e566a --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/Erogos.h @@ -0,0 +1,12 @@ + + +class Erogos:public ENGINE{ + public: + Erogos(){ + + check_by=CHECK_BY::FILE_ALL; + check_by_target=check_by_list{L"ags.exe",L"bg.dat",L"bgm.dat",L"mov.dat",L"script.dat",L"voice.dat"}; + is_engine_certain=false; + }; + bool attach_function(); +}; \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine32/Escude.cpp b/cpp/LunaHook/LunaHook/engine32/Escude.cpp new file mode 100644 index 00000000..0a3ef524 --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/Escude.cpp @@ -0,0 +1,261 @@ +#include"Escude.h" +/** jichi 7/23/2015 Escude + * Sample game: Re;Lord ��ルフォルト�魔女とぬぁ�るみ * See: http://capita.tistory.com/m/post/210 + * + * ENCODEKOR,FORCEFONT(5),HOOK(0x0042CB40,TRANS([[ESP+0x4]+0x20],PTRCHEAT,PTRBACKUP,SAFE),RETNPOS(SOURCE)),FONT(Malgun Gothic,-13) + * + * GDI functions: TextOutA, GetTextExtentPoint32A + * It requires changing function to MS Gothic using configure.exe + * + * Text in arg1 + 0x20 + * + * 0042CB3C CC INT3 + * 0042CB3D CC INT3 + * 0042CB3E CC INT3 + * 0042CB3F CC INT3 + * 0042CB40 56 PUSH ESI + * 0042CB41 8B7424 08 MOV ESI,DWORD PTR SS:[ESP+0x8] + * 0042CB45 8B06 MOV EAX,DWORD PTR DS:[ESI] + * 0042CB47 50 PUSH EAX + * 0042CB48 E8 53FC0A00 CALL .004DC7A0 + * 0042CB4D 8B56 04 MOV EDX,DWORD PTR DS:[ESI+0x4] + * 0042CB50 83C4 04 ADD ESP,0x4 + * 0042CB53 5E POP ESI + * 0042CB54 85D2 TEST EDX,EDX + * 0042CB56 74 7E JE SHORT .0042CBD6 + * 0042CB58 85C0 TEST EAX,EAX + * 0042CB5A 74 07 JE SHORT .0042CB63 + * 0042CB5C 8B08 MOV ECX,DWORD PTR DS:[EAX] + * 0042CB5E 8B49 04 MOV ECX,DWORD PTR DS:[ECX+0x4] + * 0042CB61 EB 02 JMP SHORT .0042CB65 + * 0042CB63 33C9 XOR ECX,ECX + * 0042CB65 890A MOV DWORD PTR DS:[EDX],ECX + * 0042CB67 85C0 TEST EAX,EAX + * 0042CB69 74 07 JE SHORT .0042CB72 + * 0042CB6B 8B08 MOV ECX,DWORD PTR DS:[EAX] + * 0042CB6D 8B49 08 MOV ECX,DWORD PTR DS:[ECX+0x8] + * 0042CB70 EB 02 JMP SHORT .0042CB74 + * 0042CB72 33C9 XOR ECX,ECX + * 0042CB74 894A 04 MOV DWORD PTR DS:[EDX+0x4],ECX + * 0042CB77 85C0 TEST EAX,EAX + * 0042CB79 74 08 JE SHORT .0042CB83 + * 0042CB7B 8B08 MOV ECX,DWORD PTR DS:[EAX] + * 0042CB7D 0FB749 0E MOVZX ECX,WORD PTR DS:[ECX+0xE] + * 0042CB81 EB 02 JMP SHORT .0042CB85 + * 0042CB83 33C9 XOR ECX,ECX + * 0042CB85 0FB7C9 MOVZX ECX,CX + * 0042CB88 894A 08 MOV DWORD PTR DS:[EDX+0x8],ECX + * 0042CB8B 85C0 TEST EAX,EAX + * 0042CB8D 74 19 JE SHORT .0042CBA8 + * 0042CB8F 8B08 MOV ECX,DWORD PTR DS:[EAX] + * 0042CB91 8379 04 00 CMP DWORD PTR DS:[ECX+0x4],0x0 + * 0042CB95 76 11 JBE SHORT .0042CBA8 + * 0042CB97 8B49 08 MOV ECX,DWORD PTR DS:[ECX+0x8] + * 0042CB9A 85C9 TEST ECX,ECX + * 0042CB9C 76 0A JBE SHORT .0042CBA8 + * 0042CB9E 49 DEC ECX + * 0042CB9F 0FAF48 0C IMUL ECX,DWORD PTR DS:[EAX+0xC] + * 0042CBA3 0348 04 ADD ECX,DWORD PTR DS:[EAX+0x4] + * 0042CBA6 EB 02 JMP SHORT .0042CBAA + * 0042CBA8 33C9 XOR ECX,ECX + * 0042CBAA 894A 0C MOV DWORD PTR DS:[EDX+0xC],ECX + * 0042CBAD 85C0 TEST EAX,EAX + * 0042CBAF 74 16 JE SHORT .0042CBC7 + * 0042CBB1 8B48 0C MOV ECX,DWORD PTR DS:[EAX+0xC] + * 0042CBB4 F7D9 NEG ECX + * 0042CBB6 894A 10 MOV DWORD PTR DS:[EDX+0x10],ECX + * 0042CBB9 8B00 MOV EAX,DWORD PTR DS:[EAX] + * 0042CBBB 83C0 28 ADD EAX,0x28 + * 0042CBBE 8942 14 MOV DWORD PTR DS:[EDX+0x14],EAX + * 0042CBC1 B8 01000000 MOV EAX,0x1 + * 0042CBC6 C3 RETN + * 0042CBC7 33C9 XOR ECX,ECX + * 0042CBC9 F7D9 NEG ECX + * 0042CBCB 894A 10 MOV DWORD PTR DS:[EDX+0x10],ECX + * 0042CBCE 8B00 MOV EAX,DWORD PTR DS:[EAX] + * 0042CBD0 83C0 28 ADD EAX,0x28 + * 0042CBD3 8942 14 MOV DWORD PTR DS:[EDX+0x14],EAX + * 0042CBD6 B8 01000000 MOV EAX,0x1 + * 0042CBDB C3 RETN + * 0042CBDC CC INT3 + * 0042CBDD CC INT3 + * 0042CBDE CC INT3 + * 0042CBDF CC INT3 + * 0042CBE0 8B4424 04 MOV EAX,DWORD PTR SS:[ESP+0x4] + * 0042CBE4 8B48 10 MOV ECX,DWORD PTR DS:[EAX+0x10] + * 0042CBE7 8B50 0C MOV EDX,DWORD PTR DS:[EAX+0xC] + * 0042CBEA 51 PUSH ECX + * 0042CBEB 8B48 08 MOV ECX,DWORD PTR DS:[EAX+0x8] + * 0042CBEE 52 PUSH EDX + * 0042CBEF 8B50 04 MOV EDX,DWORD PTR DS:[EAX+0x4] + * 0042CBF2 8B00 MOV EAX,DWORD PTR DS:[EAX] + * 0042CBF4 51 PUSH ECX + * 0042CBF5 52 PUSH EDX + * 0042CBF6 50 PUSH EAX + * 0042CBF7 E8 E4FD0A00 CALL .004DC9E0 + * 0042CBFC 83C4 14 ADD ESP,0x14 + * 0042CBFF C3 RETN + * 0042CC00 8B4424 04 MOV EAX,DWORD PTR SS:[ESP+0x4] + * 0042CC04 8B48 10 MOV ECX,DWORD PTR DS:[EAX+0x10] + * 0042CC07 8B50 0C MOV EDX,DWORD PTR DS:[EAX+0xC] + * 0042CC0A 51 PUSH ECX + * 0042CC0B 8B48 08 MOV ECX,DWORD PTR DS:[EAX+0x8] + * 0042CC0E 52 PUSH EDX + * 0042CC0F 8B50 04 MOV EDX,DWORD PTR DS:[EAX+0x4] + * 0042CC12 8B00 MOV EAX,DWORD PTR DS:[EAX] + * 0042CC14 51 PUSH ECX + * 0042CC15 52 PUSH EDX + * 0042CC16 50 PUSH EAX + * 0042CC17 E8 C4FF0A00 CALL .004DCBE0 + * 0042CC1C 83C4 14 ADD ESP,0x14 + * 0042CC1F C3 RETN + * 0042CC20 8B4424 04 MOV EAX,DWORD PTR SS:[ESP+0x4] + * 0042CC24 8B08 MOV ECX,DWORD PTR DS:[EAX] + * 0042CC26 894C24 04 MOV DWORD PTR SS:[ESP+0x4],ECX + * 0042CC2A E9 71FB0A00 JMP .004DC7A0 + * 0042CC2F CC INT3 + * 0042CC30 56 PUSH ESI + * 0042CC31 8B7424 08 MOV ESI,DWORD PTR SS:[ESP+0x8] + * 0042CC35 8B06 MOV EAX,DWORD PTR DS:[ESI] + * 0042CC37 50 PUSH EAX + * 0042CC38 E8 63FB0A00 CALL .004DC7A0 + * 0042CC3D D946 0C FLD DWORD PTR DS:[ESI+0xC] + * 0042CC40 D91C24 FSTP DWORD PTR SS:[ESP] + * 0042CC43 83EC 08 SUB ESP,0x8 + * 0042CC46 D946 08 FLD DWORD PTR DS:[ESI+0x8] + * 0042CC49 D95C24 04 FSTP DWORD PTR SS:[ESP+0x4] + * 0042CC4D D946 04 FLD DWORD PTR DS:[ESI+0x4] + * 0042CC50 D91C24 FSTP DWORD PTR SS:[ESP] + * 0042CC53 50 PUSH EAX + * 0042CC54 E8 27680400 CALL .00473480 + * 0042CC59 83C4 10 ADD ESP,0x10 + * 0042CC5C B8 01000000 MOV EAX,0x1 + * 0042CC61 5E POP ESI + * 0042CC62 C3 RETN + * 0042CC63 CC INT3 + * 0042CC64 CC INT3 + * 0042CC65 CC INT3 + * 0042CC66 CC INT3 + * 0042CC67 CC INT3 + * 0042CC68 CC INT3 + * 0042CC69 CC INT3 * + */ +namespace { // unnamed +/** + * Handle new lines and ruby. + * + * そ�日、彼の言葉に耳を傾ける�ぁ�かった� * ザールラント歴丹�〹� 二ノ月二十日グローセン州 ヘルフォルト区郊� * + * 僁�な霋�の後�r>を開け��r>見覚えのある輪郭が瞳に�り込む� * + * そ�日、彼の言葉に耳を傾ける�ぁ�かった。――尊厳を捨てて媚�る。それが生きることか?――��ぁ�敗北したのた誰しも少年の声を聞かず、蔑み、そして冷笑してぁ�。安寧の世がぁ�までも続くと信じてぁ�から。それでも、私�――。ザールラント歴丹�〹� 二ノ月二十日グローセン州 ヘルフォルト区郊外僅かな霋�の後�r>を開け��r>見覚えのある輪郭が瞳に�り込む + */ +bool EscudeFilter(LPVOID data, size_t *size, HookParam *) +{ + auto text = reinterpret_cast(data); + auto len = reinterpret_cast(size); + StringCharReplacer(text, len, "", 3, '\n'); + + if (cpp_strnstr(text, "", 7); + StringFilterBetween(text, len, "", 2); + } + return true; +} +LPCSTR _escudeltrim(LPCSTR text) +{ + if (text && *text == '<') + for (auto p = text; (signed char)*p > 0; p++) + if (*p == '>') + return p + 1; + return text; +} +void SpecialHookEscude(hook_stack *stack, HookParam *hp, TextBuffer *buffer, uintptr_t *split) +{ + DWORD arg1 = stack->stack[1]; + if (!arg1 || (LONG)arg1 == -1 || ::IsBadWritePtr((LPVOID)arg1, 4)) // this is indispensable + return; + LPCSTR text = (LPCSTR)*(DWORD *)(arg1 + 0x20); + if (!text || ::IsBadWritePtr((LPVOID)text, 1) || !*text) // this is indispensable + return; + text = _escudeltrim(text); + if (!text) + return; + *split = *(DWORD *)arg1; + buffer->from_cs(text); +} +struct HookArgument +{ + ULONG split; + //ULONG unknown1[3]; + //LPCSTR text1; // 0x10 only for old games + ULONG unknown[7]; + LPCSTR text; // 0x20 + + bool isValid() const { return Engine::isAddressWritable(text) && *text; } + + Engine::TextRole role() const + { + if (split >= 0xff) + return Engine::OtherRole; + static ULONG maxSplit_ = 0; + if (split > maxSplit_) + maxSplit_ = split; + if (split == maxSplit_) + return Engine::ScenarioRole; + return Engine::NameRole; // scenario role is larger than name role + } +}; +LPCSTR trimmedText; +void hook_before(hook_stack *s, HookParam *hp, TextBuffer *buffer, uintptr_t *role){ + + auto arg = (HookArgument *)s->stack[1]; + if ((long)arg == -1 || !Engine::isAddressWritable(arg) || !arg->isValid()) + return ; + trimmedText = _escudeltrim(arg->text); + * role = arg->role(); + buffer->from_cs(trimmedText); +} +void hook_after(hook_stack*s,void* data, size_t len){ + static std::string data_; + data_=std::string((char*)data,len); + auto arg = (HookArgument *)s->stack[1]; + if(trimmedText!=arg->text) + data_.insert(0,std::string(arg->text, trimmedText - arg->text)); + arg->text=data_.c_str(); +} +} // unnamed namespace +bool InsertEscudeHook() +{ + const BYTE bytes[] = { + 0x76, 0x0a, // 0042cb9c 76 0a jbe short .0042cba8 + 0x49, // 0042cb9e 49 dec ecx + 0x0f,0xaf,0x48, 0x0c // 0042cb9f 0faf48 0c imul ecx,dword ptr ds:[eax+0xc] + }; + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStopAddress); + //GROWL(addr); + if (!addr) { + ConsoleOutput("Escude: pattern not found"); + return false; + } + addr = MemDbg::findEnclosingAlignedFunction(addr); + if (!addr) { + ConsoleOutput("Escude: enclosing function not found"); + return false; + } + HookParam hp; + hp.address = addr; + hp.text_fun=hook_before; + hp.hook_after=hook_after; + hp.hook_font=F_TextOutA|F_GetTextExtentPoint32A; + hp.text_fun = SpecialHookEscude; + hp.filter_fun = EscudeFilter; + hp.type = USING_STRING|USING_SPLIT|NO_CONTEXT|EMBED_ABLE|EMBED_DYNA_SJIS; // NO_CONTEXT as this function is only called by one caller anyway + hp.newlineseperator=L""; + ConsoleOutput("INSERT Escude"); + + return NewHook(hp, "Escude"); +} + +bool Escude::attach_function() { + return InsertEscudeHook(); +} \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine32/Escude.h b/cpp/LunaHook/LunaHook/engine32/Escude.h new file mode 100644 index 00000000..f6d66350 --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/Escude.h @@ -0,0 +1,11 @@ + + +class Escude:public ENGINE{ + public: + Escude(){ + + check_by=CHECK_BY::FILE_ALL; + check_by_target=check_by_list{L"configure.cfg",L"gfx.bin"}; + } + bool attach_function(); +}; \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine32/Eushully.cpp b/cpp/LunaHook/LunaHook/engine32/Eushully.cpp new file mode 100644 index 00000000..b91d063a --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/Eushully.cpp @@ -0,0 +1,606 @@ +#include "Eushully.h" + +/** jichi 6/1/2014 Eushully + * Insert to the last GetTextExtentPoint32A + * + * ATCode: + * http://capita.tistory.com/m/post/255 + * + * Binary: + * {AGE.EXE!0x000113C3(89 C2 C1 E2 04 29 C2 E8 BD 25 20 00 52 89 D1 59), AGE.EXE!0x00012A47(E8 40 0F 20 00 90 90 90 90), AGE.EXE!0x0001DF07(55 8B EC 83 EC 08 56 EB 07 E8 32 5A 1F 00 EB F0), AGE.EXE!0x002137CE(90 90 90 90 90 C2 04 00 53 8B 1A 83 FB 6E 74 14 81 FB 96 01 00 00 74 1B 83 FB 6F 74 25 83 FB 72 74 27 EB 2C 8B 5A 10 89 1F 83 C7 04 B8 05 00 00 00 EB 1F 8B 5A 10 89 1F 83 C7 04 B8 07 00 00 00 EB 10 B8 03 00 00 00 EB 09 B8 01 00 00 00 EB 02 31 C0 5B C3 60 89 E5 83 EC 18 E8 7E 01 00 00 8B 55 F8 83 3A 00 75 31 8B 45 FC 8B 4C 30 E8 89 CA C1 E2 04 29 CA 8D 0C D6 8B 1C 08 51 8B 4C 08 FC 8B 7D F4 89 DA E8 7E FF FF FF 85 C0 74 0A 83 F8 01 74 09 8D 14 82 EB ED 89 EC 61 C3 C7 07 00 00 00 00 8B 75 F4 8B 7D F0 52 8B 06 85 C0 74 17 8D 04 81 8A 10 80 FA FF 74 08 F6 D2 88 17 40 47 EB F1 83 C6 04 EB E3 8B 55 F0 52 8B 02 E8 2F FF FF FF 8B 12 39 D0 74 C1 8B 55 F8 C7 02 01 00 00 00 8B 4D E4 8B 45 FC 8D 04 08 8B 55 F8 89 42 04 58 89 42 08 89 5A 0C 8B 45 FC 8B 4C 08 FC 8B 45 F4 8B 00 89 42 10 8D 04 81 89 42 14 8B 72 0C 8B 7D EC B9 08 00 00 00 F3 A5 8B 5D E8 8B 7A 14 8B 75 F0 31 C9 52 8A 06 84 C0 74 0F F6 D0 8A 14 39 88 14 19 88 04 39 41 46 EB EB 5A 8B 04 39 89 04 19 31 C0 F7 D0 89 04 39 83 C1 04 89 4A 18 8B 7A 0C 8B 42 10 31 C9 BB 6E 00 00 00 89 1F 89 4F 04 89 4F 08 C7 47 0C 02 00 00 00 83 C3 04 89 5F 14 89 4F 18 89 4F 1C 89 EC 61 C3 60 89 E5 83 EC 18 E8 59 00 00 00 8B 5D F8 83 3B 01 75 2E 31 C9 89 0B 8B 7B 0C 8B 75 EC 8D 49 08 F3 A5 8B 7B 14 8B 75 E8 8B 4B 18 F3 A4 8B 43 04 8B 53 08 89 10 8D 7B 04 31 C0 B9 40 01 00 00 F3 AB 89 EC 61 C3 8B 8C D6 A8 D7 05 00 8B 01 3D 96 01 00 00 74 07 83 F8 6E 74 02 EB 07 E8 7A FE FF FF 8B 01 C3 60 C7 45 FC A8 D7 05 00 EB 03 58 EB 05 E8 F8 FF FF FF 2D BD 39 21 00 03 80 D4 02 00 00 B9 00 01 00 00 8D 80 00 40 01 00 89 45 F8 8D 04 01 89 45 F4 8D 04 01 89 45 F0 8D 04 01 89 45 EC 8D 04 01 89 45 E8 61 C3)} + * + * #1 other text AGE.EXE!0x000113C3(89 C2 C1 E2 04 29 C2 E8 BD 25 20 00 52 89 D1 59) + * #2 scenario AGE.EXE!0x00012A47(E8 40 0F 20 00 90 90 90 90) + * + * 0041130B 8B96 9CA30A00 MOV EDX,DWORD PTR DS:[ESI+0xAA39C] + * 00411311 81A6 CCA90A00 FF>AND DWORD PTR DS:[ESI+0xAA9CC],0xF7FFFFF> + * 0041131B 33C0 XOR EAX,EAX + * 0041131D 50 PUSH EAX + * 0041131E 8986 1C160000 MOV DWORD PTR DS:[ESI+0x161C],EAX + * 00411324 8986 78EB0500 MOV DWORD PTR DS:[ESI+0x5EB78],EAX + * 0041132A 8B42 0C MOV EAX,DWORD PTR DS:[EDX+0xC] + * 0041132D 68 F4536100 PUSH .006153F4 ; ASCII "message:ReadTextSkip" + * 00411332 8D8E 9CA30A00 LEA ECX,DWORD PTR DS:[ESI+0xAA39C] + * 00411338 FFD0 CALL EAX + * 0041133A 8B96 9CA30A00 MOV EDX,DWORD PTR DS:[ESI+0xAA39C] + * 00411340 8B42 04 MOV EAX,DWORD PTR DS:[EDX+0x4] + * 00411343 68 4C606100 PUSH .0061604C ; ASCII "set:CancelMesSkipOnClick" + * 00411348 8D8E 9CA30A00 LEA ECX,DWORD PTR DS:[ESI+0xAA39C] + * 0041134E FFD0 CALL EAX + * 00411350 83F8 02 CMP EAX,0x2 + * 00411353 75 1A JNZ SHORT .0041136F + * 00411355 68 34606100 PUSH .00616034 ; ASCII "CALLBACK_SETTING.BIN" + * 0041135A 8BCE MOV ECX,ESI + * 0041135C E8 7FFBFFFF CALL .00410EE0 + * 00411361 5F POP EDI + * 00411362 5E POP ESI + * 00411363 5B POP EBX + * 00411364 C3 RETN + * 00411365 C786 18770700 01>MOV DWORD PTR DS:[ESI+0x77718],0x1 + * 0041136F 83BE 6C780700 00 CMP DWORD PTR DS:[ESI+0x7786C],0x0 + * 00411376 75 45 JNZ SHORT .004113BD + * 00411378 F603 40 TEST BYTE PTR DS:[EBX],0x40 + * 0041137B 75 40 JNZ SHORT .004113BD + * 0041137D 81A6 CCA90A00 FF>AND DWORD PTR DS:[ESI+0xAA9CC],0xF7FFFFF> + * 00411387 33DB XOR EBX,EBX + * 00411389 8DBE B0780700 LEA EDI,DWORD PTR DS:[ESI+0x778B0] + * 0041138F 90 NOP + * 00411390 8B07 MOV EAX,DWORD PTR DS:[EDI] + * 00411392 85C0 TEST EAX,EAX + * 00411394 74 1E JE SHORT .004113B4 + * 00411396 8B8F E4D5F8FF MOV ECX,DWORD PTR DS:[EDI+0xFFF8D5E4] + * 0041139C 8B57 0C MOV EDX,DWORD PTR DS:[EDI+0xC] + * 0041139F 51 PUSH ECX + * 004113A0 52 PUSH EDX + * 004113A1 50 PUSH EAX + * 004113A2 53 PUSH EBX + * 004113A3 8D8E 04480100 LEA ECX,DWORD PTR DS:[ESI+0x14804] + * 004113A9 E8 42840900 CALL .004A97F0 + * 004113AE C707 00000000 MOV DWORD PTR DS:[EDI],0x0 + * 004113B4 43 INC EBX + * 004113B5 83C7 04 ADD EDI,0x4 + * 004113B8 83FB 03 CMP EBX,0x3 + * 004113BB ^7C D3 JL SHORT .00411390 + * 004113BD 8B86 90D70500 MOV EAX,DWORD PTR DS:[ESI+0x5D790] + * 004113C3 8BC8 MOV ECX,EAX ; jichi: #1 hook here + * 004113C5 C1E1 04 SHL ECX,0x4 + * 004113C8 2BC8 SUB ECX,EAX + * 004113CA 8B94CE A8D70500 MOV EDX,DWORD PTR DS:[ESI+ECX*8+0x5D7A8] + * 004113D1 8B02 MOV EAX,DWORD PTR DS:[EDX] + * 004113D3 85C0 TEST EAX,EAX + * //004113C3 89C2 MOV EDX,EAX + * //004113C5 C1E2 04 SHL EDX,0x4 + * //004113C8 29C2 SUB EDX,EAX + * //004113CA E8 BD252000 CALL .0061398C + * //004113CF 52 PUSH EDX + * //004113D0 89D1 MOV ECX,EDX + * //004113D2 59 POP ECX + * 004113D5 78 35 JS SHORT .0041140C + * 004113D7 3D 00040000 CMP EAX,0x400 + * 004113DC 7D 2E JGE SHORT .0041140C + * 004113DE 8B8486 244F0A00 MOV EAX,DWORD PTR DS:[ESI+EAX*4+0xA4F24] + * 004113E5 8BCE MOV ECX,ESI + * 004113E7 FFD0 CALL EAX + * 004113E9 8B86 90D70500 MOV EAX,DWORD PTR DS:[ESI+0x5D790] + * 004113EF 8BC8 MOV ECX,EAX + * 004113F1 C1E1 04 SHL ECX,0x4 + * 004113F4 2BC8 SUB ECX,EAX + * 004113F6 8B94CE 04D80500 MOV EDX,DWORD PTR DS:[ESI+ECX*8+0x5D804] + * 004113FD 8D04CE LEA EAX,DWORD PTR DS:[ESI+ECX*8] + * 00411400 03D2 ADD EDX,EDX + * 00411402 03D2 ADD EDX,EDX + * 00411404 0190 A8D70500 ADD DWORD PTR DS:[EAX+0x5D7A8],EDX + * 0041140A EB 07 JMP SHORT .00411413 + * 0041140C 8BCE MOV ECX,ESI + * 0041140E E8 7D6C0000 CALL .00418090 + * 00411413 8B86 9CA30A00 MOV EAX,DWORD PTR DS:[ESI+0xAA39C] + * 00411419 8B50 04 MOV EDX,DWORD PTR DS:[EAX+0x4] + * 0041141C 8D8E 9CA30A00 LEA ECX,DWORD PTR DS:[ESI+0xAA39C] + * 00411422 68 4C606100 PUSH .0061604C ; ASCII "set:CancelMesSkipOnClick" + * 00411427 FFD2 CALL EDX + * 00411429 85C0 TEST EAX,EAX + * 0041142B ^0F85 30FFFFFF JNZ .00411361 + * 00411431 3986 D8C90000 CMP DWORD PTR DS:[ESI+0xC9D8],EAX + * 00411437 ^0F84 24FFFFFF JE .00411361 + * 0041143D 8B86 D0A90A00 MOV EAX,DWORD PTR DS:[ESI+0xAA9D0] + * 00411443 A8 10 TEST AL,0x10 + * 00411445 0F84 84000000 JE .004114CF + * 0041144B 83E0 EF AND EAX,0xFFFFFFEF + * 0041144E 83BE 10770700 00 CMP DWORD PTR DS:[ESI+0x77710],0x0 + * 00411455 8986 D0A90A00 MOV DWORD PTR DS:[ESI+0xAA9D0],EAX + * 0041145B ^0F85 00FFFFFF JNZ .00411361 + * 00411461 8B86 ECC90000 MOV EAX,DWORD PTR DS:[ESI+0xC9EC] + * 00411467 8DBE 3C550000 LEA EDI,DWORD PTR DS:[ESI+0x553C] + * 0041146D 85C0 TEST EAX,EAX + * 0041146F ^0F88 ECFEFFFF JS .00411361 + * 00411475 3987 08040000 CMP DWORD PTR DS:[EDI+0x408],EAX + * 0041147B ^0F8E E0FEFFFF JLE .00411361 + * 00411481 8BCE MOV ECX,ESI + * 00411483 E8 A86AFFFF CALL .00407F30 + * 00411488 6A 00 PUSH 0x0 + * 0041148A 8BCE MOV ECX,ESI + * 0041148C E8 EF3CFFFF CALL .00405180 + * 00411491 8B86 90D70500 MOV EAX,DWORD PTR DS:[ESI+0x5D790] + * 00411497 8BC8 MOV ECX,EAX + * 00411499 C1E1 04 SHL ECX,0x4 + * 0041149C 2BC8 SUB ECX,EAX + * 0041149E 8D34CE LEA ESI,DWORD PTR DS:[ESI+ECX*8] + * 004114A1 8BCF MOV ECX,EDI + * 004114A3 E8 0839FFFF CALL .00404DB0 + * 004114A8 8B96 A4D70500 MOV EDX,DWORD PTR DS:[ESI+0x5D7A4] + * 004114AE 8D0482 LEA EAX,DWORD PTR DS:[EDX+EAX*4] + * 004114B1 8986 A8D70500 MOV DWORD PTR DS:[ESI+0x5D7A8],EAX + * 004114B7 C787 B0740000 FF>MOV DWORD PTR DS:[EDI+0x74B0],-0x1 + * + * 00412953 53 PUSH EBX + * 00412954 FF15 B8406100 CALL DWORD PTR DS:[0x6140B8] ; kernel32.Sleep + * 0041295A 53 PUSH EBX + * 0041295B 53 PUSH EBX + * 0041295C 53 PUSH EBX + * 0041295D 53 PUSH EBX + * 0041295E 8D8D 34F8FFFF LEA ECX,DWORD PTR SS:[EBP-0x7CC] + * 00412964 51 PUSH ECX + * 00412965 FF15 AC436100 CALL DWORD PTR DS:[0x6143AC] ; user32.PeekMessageA + * 0041296B 85C0 TEST EAX,EAX + * 0041296D ^0F85 5DF3FFFF JNZ .00411CD0 + * 00412973 ^E9 D8F3FFFF JMP .00411D50 + * 00412978 A9 00000020 TEST EAX,0x20000000 + * 0041297D 74 0C JE SHORT .0041298B + * 0041297F 8BCE MOV ECX,ESI + * 00412981 E8 3A63FFFF CALL .00408CC0 + * 00412986 ^E9 C5F3FFFF JMP .00411D50 + * 0041298B 85C0 TEST EAX,EAX + * 0041298D 79 14 JNS SHORT .004129A3 + * 0041298F 8BCE MOV ECX,ESI + * 00412991 E8 AAEBFFFF CALL .00411540 + * 00412996 6A 02 PUSH 0x2 + * 00412998 FF15 B8406100 CALL DWORD PTR DS:[0x6140B8] ; kernel32.Sleep + * 0041299E ^E9 ADF3FFFF JMP .00411D50 + * 004129A3 A8 01 TEST AL,0x1 + * 004129A5 74 25 JE SHORT .004129CC + * 004129A7 8D8E D08D0600 LEA ECX,DWORD PTR DS:[ESI+0x68DD0] + * 004129AD E8 CEF30300 CALL .00451D80 + * 004129B2 8985 ACF8FFFF MOV DWORD PTR SS:[EBP-0x754],EAX + * 004129B8 3BC3 CMP EAX,EBX + * 004129BA ^0F8C 90F3FFFF JL .00411D50 + * 004129C0 83A6 CCA90A00 FE AND DWORD PTR DS:[ESI+0xAA9CC],0xFFFFFFF> + * 004129C7 ^E9 84F3FFFF JMP .00411D50 + * 004129CC A8 20 TEST AL,0x20 + * 004129CE 74 3C JE SHORT .00412A0C + * 004129D0 8D8E 5C8E0600 LEA ECX,DWORD PTR DS:[ESI+0x68E5C] + * 004129D6 E8 A5F30300 CALL .00451D80 + * 004129DB 8985 ACF8FFFF MOV DWORD PTR SS:[EBP-0x754],EAX + * 004129E1 3BC3 CMP EAX,EBX + * 004129E3 ^0F8C 67F3FFFF JL .00411D50 + * 004129E9 83A6 CCA90A00 DF AND DWORD PTR DS:[ESI+0xAA9CC],0xFFFFFFD> + * 004129F0 8D8E 5C8E0600 LEA ECX,DWORD PTR DS:[ESI+0x68E5C] + * 004129F6 E8 45EE0300 CALL .00451840 + * 004129FB 50 PUSH EAX + * 004129FC 8D8E 5C8E0600 LEA ECX,DWORD PTR DS:[ESI+0x68E5C] + * 00412A02 E8 39F30300 CALL .00451D40 + * 00412A07 ^E9 44F3FFFF JMP .00411D50 + * 00412A0C A9 00000010 TEST EAX,0x10000000 + * 00412A11 74 14 JE SHORT .00412A27 + * 00412A13 8BCE MOV ECX,ESI + * 00412A15 E8 A664FFFF CALL .00408EC0 + * 00412A1A 6A 02 PUSH 0x2 + * 00412A1C FF15 B8406100 CALL DWORD PTR DS:[0x6140B8] ; kernel32.Sleep + * 00412A22 ^E9 29F3FFFF JMP .00411D50 + * 00412A27 A9 00008000 TEST EAX,0x800000 + * 00412A2C 74 0C JE SHORT .00412A3A + * 00412A2E 8BCE MOV ECX,ESI + * 00412A30 E8 6B66FFFF CALL .004090A0 + * 00412A35 ^E9 16F3FFFF JMP .00411D50 + * 00412A3A 8B86 90D70500 MOV EAX,DWORD PTR DS:[ESI+0x5D790] + * 00412A40 8BD0 MOV EDX,EAX + * 00412A42 C1E2 04 SHL EDX,0x4 + * 00412A45 2BD0 SUB EDX,EAX + * 00412A47 8B84D6 A8D70500 MOV EAX,DWORD PTR DS:[ESI+EDX*8+0x5D7A8] ; jichi: #2 hook here + * //00412A47 E8 400F2000 CALL .0061398C + * 00412A4E 8B00 MOV EAX,DWORD PTR DS:[EAX] + * 00412A50 3BC3 CMP EAX,EBX + * 00412A52 7C 37 JL SHORT .00412A8B + * 00412A54 3D 00040000 CMP EAX,0x400 + * 00412A59 7D 30 JGE SHORT .00412A8B + * 00412A5B 8BCE MOV ECX,ESI + * 00412A5D 8B9486 244F0A00 MOV EDX,DWORD PTR DS:[ESI+EAX*4+0xA4F24] + * 00412A64 FFD2 CALL EDX + * 00412A66 8B86 90D70500 MOV EAX,DWORD PTR DS:[ESI+0x5D790] + * 00412A6C 8BC8 MOV ECX,EAX + * 00412A6E C1E1 04 SHL ECX,0x4 + * 00412A71 2BC8 SUB ECX,EAX + * 00412A73 8D04CE LEA EAX,DWORD PTR DS:[ESI+ECX*8] + * 00412A76 8B90 04D80500 MOV EDX,DWORD PTR DS:[EAX+0x5D804] + * 00412A7C 03D2 ADD EDX,EDX + * 00412A7E 03D2 ADD EDX,EDX + * 00412A80 0190 A8D70500 ADD DWORD PTR DS:[EAX+0x5D7A8],EDX + * 00412A86 ^E9 C5F2FFFF JMP .00411D50 + * 00412A8B 8BCE MOV ECX,ESI + * 00412A8D E8 FE550000 CALL .00418090 + * 00412A92 ^E9 B9F2FFFF JMP .00411D50 + * 00412A97 C785 A4F8FFFF 01>MOV DWORD PTR SS:[EBP-0x75C],0x1 + * 00412AA1 C745 FC FFFFFFFF MOV DWORD PTR SS:[EBP-0x4],-0x1 + * 00412AA8 B8 E02D4100 MOV EAX,.00412DE0 + * 00412AAD C3 RETN + * 00412AAE 8B85 14F8FFFF MOV EAX,DWORD PTR SS:[EBP-0x7EC] + * 00412AB4 50 PUSH EAX + * 00412AB5 8B8D 10F8FFFF MOV ECX,DWORD PTR SS:[EBP-0x7F0] + * + * Patched code: + * + * 0041DF07 55 PUSH EBP + * 0041DF08 8BEC MOV EBP,ESP + * 0041DF0A 83EC 08 SUB ESP,0x8 + * 0041DF0D 56 PUSH ESI + * 0041DF0E EB 07 JMP SHORT .0041DF17 + * 0041DF10 E8 325A1F00 CALL .00613947 + * 0041DF15 ^EB F0 JMP SHORT .0041DF07 + * + * 006137CE 90 NOP + * 006137CF 90 NOP + * 006137D0 90 NOP + * 006137D1 90 NOP + * 006137D2 90 NOP + * 006137D3 C2 0400 RETN 0x4 + * 006137D6 53 PUSH EBX + * 006137D7 8B1A MOV EBX,DWORD PTR DS:[EDX] + * 006137D9 83FB 6E CMP EBX,0x6E + * 006137DC 74 14 JE SHORT .006137F2 + * 006137DE 81FB 96010000 CMP EBX,0x196 + * 006137E4 74 1B JE SHORT .00613801 + * 006137E6 83FB 6F CMP EBX,0x6F + * 006137E9 74 25 JE SHORT .00613810 + * 006137EB 83FB 72 CMP EBX,0x72 + * 006137EE 74 27 JE SHORT .00613817 + * 006137F0 EB 2C JMP SHORT .0061381E + * 006137F2 8B5A 10 MOV EBX,DWORD PTR DS:[EDX+0x10] + * 006137F5 891F MOV DWORD PTR DS:[EDI],EBX + * 006137F7 83C7 04 ADD EDI,0x4 + * 006137FA B8 05000000 MOV EAX,0x5 + * 006137FF EB 1F JMP SHORT .00613820 + * 00613801 8B5A 10 MOV EBX,DWORD PTR DS:[EDX+0x10] + * 00613804 891F MOV DWORD PTR DS:[EDI],EBX + * 00613806 83C7 04 ADD EDI,0x4 + * 00613809 B8 07000000 MOV EAX,0x7 + * 0061380E EB 10 JMP SHORT .00613820 + * 00613810 B8 03000000 MOV EAX,0x3 + * 00613815 EB 09 JMP SHORT .00613820 + * 00613817 B8 01000000 MOV EAX,0x1 + * 0061381C EB 02 JMP SHORT .00613820 + * 0061381E 31C0 XOR EAX,EAX + * 00613820 5B POP EBX + * 00613821 C3 RETN + * 00613822 60 PUSHAD ; jichi: the translate function for hookpoint #2 + * 00613823 89E5 MOV EBP,ESP + * 00613825 83EC 18 SUB ESP,0x18 ; reserve 18 local variables + * 00613828 E8 7E010000 CALL .006139AB + * 0061382D 8B55 F8 MOV EDX,DWORD PTR SS:[EBP-0x8] + * 00613830 833A 00 CMP DWORD PTR DS:[EDX],0x0 + * 00613833 75 31 JNZ SHORT .00613866 + * 00613835 8B45 FC MOV EAX,DWORD PTR SS:[EBP-0x4] + * 00613838 8B4C30 E8 MOV ECX,DWORD PTR DS:[EAX+ESI-0x18] + * 0061383C 89CA MOV EDX,ECX + * 0061383E C1E2 04 SHL EDX,0x4 + * 00613841 29CA SUB EDX,ECX + * 00613843 8D0CD6 LEA ECX,DWORD PTR DS:[ESI+EDX*8] + * 00613846 8B1C08 MOV EBX,DWORD PTR DS:[EAX+ECX] + * 00613849 51 PUSH ECX + * 0061384A 8B4C08 FC MOV ECX,DWORD PTR DS:[EAX+ECX-0x4] + * 0061384E 8B7D F4 MOV EDI,DWORD PTR SS:[EBP-0xC] + * 00613851 89DA MOV EDX,EBX + * 00613853 E8 7EFFFFFF CALL .006137D6 + * 00613858 85C0 TEST EAX,EAX + * 0061385A 74 0A JE SHORT .00613866 + * 0061385C 83F8 01 CMP EAX,0x1 + * 0061385F 74 09 JE SHORT .0061386A + * 00613861 8D1482 LEA EDX,DWORD PTR DS:[EDX+EAX*4] + * 00613864 ^EB ED JMP SHORT .00613853 + * 00613866 89EC MOV ESP,EBP + * 00613868 61 POPAD + * 00613869 C3 RETN + * 0061386A C707 00000000 MOV DWORD PTR DS:[EDI],0x0 + * 00613870 8B75 F4 MOV ESI,DWORD PTR SS:[EBP-0xC] + * 00613873 8B7D F0 MOV EDI,DWORD PTR SS:[EBP-0x10] + * 00613876 52 PUSH EDX + * 00613877 8B06 MOV EAX,DWORD PTR DS:[ESI] + * 00613879 85C0 TEST EAX,EAX + * 0061387B 74 17 JE SHORT .00613894 + * 0061387D 8D0481 LEA EAX,DWORD PTR DS:[ECX+EAX*4] + * 00613880 8A10 MOV DL,BYTE PTR DS:[EAX] + * 00613882 80FA FF CMP DL,0xFF + * 00613885 74 08 JE SHORT .0061388F + * 00613887 F6D2 NOT DL + * 00613889 8817 MOV BYTE PTR DS:[EDI],DL + * 0061388B 40 INC EAX + * 0061388C 47 INC EDI + * 0061388D ^EB F1 JMP SHORT .00613880 + * 0061388F 83C6 04 ADD ESI,0x4 + * 00613892 ^EB E3 JMP SHORT .00613877 + * 00613894 8B55 F0 MOV EDX,DWORD PTR SS:[EBP-0x10] + * 00613897 52 PUSH EDX + * 00613898 8B02 MOV EAX,DWORD PTR DS:[EDX] + * 0061389A E8 2FFFFFFF CALL .006137CE + * 0061389F 8B12 MOV EDX,DWORD PTR DS:[EDX] + * 006138A1 39D0 CMP EAX,EDX + * 006138A3 ^74 C1 JE SHORT .00613866 + * 006138A5 8B55 F8 MOV EDX,DWORD PTR SS:[EBP-0x8] + * 006138A8 C702 01000000 MOV DWORD PTR DS:[EDX],0x1 + * 006138AE 8B4D E4 MOV ECX,DWORD PTR SS:[EBP-0x1C] + * 006138B1 8B45 FC MOV EAX,DWORD PTR SS:[EBP-0x4] + * 006138B4 8D0408 LEA EAX,DWORD PTR DS:[EAX+ECX] + * 006138B7 8B55 F8 MOV EDX,DWORD PTR SS:[EBP-0x8] + * 006138BA 8942 04 MOV DWORD PTR DS:[EDX+0x4],EAX + * 006138BD 58 POP EAX + * 006138BE 8942 08 MOV DWORD PTR DS:[EDX+0x8],EAX + * 006138C1 895A 0C MOV DWORD PTR DS:[EDX+0xC],EBX + * 006138C4 8B45 FC MOV EAX,DWORD PTR SS:[EBP-0x4] + * 006138C7 8B4C08 FC MOV ECX,DWORD PTR DS:[EAX+ECX-0x4] + * 006138CB 8B45 F4 MOV EAX,DWORD PTR SS:[EBP-0xC] + * 006138CE 8B00 MOV EAX,DWORD PTR DS:[EAX] + * 006138D0 8942 10 MOV DWORD PTR DS:[EDX+0x10],EAX + * 006138D3 8D0481 LEA EAX,DWORD PTR DS:[ECX+EAX*4] + * 006138D6 8942 14 MOV DWORD PTR DS:[EDX+0x14],EAX + * 006138D9 8B72 0C MOV ESI,DWORD PTR DS:[EDX+0xC] + * 006138DC 8B7D EC MOV EDI,DWORD PTR SS:[EBP-0x14] + * 006138DF B9 08000000 MOV ECX,0x8 + * 006138E4 F3:A5 REP MOVS DWORD PTR ES:[EDI],DWORD PTR DS> + * 006138E6 8B5D E8 MOV EBX,DWORD PTR SS:[EBP-0x18] + * 006138E9 8B7A 14 MOV EDI,DWORD PTR DS:[EDX+0x14] + * 006138EC 8B75 F0 MOV ESI,DWORD PTR SS:[EBP-0x10] + * 006138EF 31C9 XOR ECX,ECX + * 006138F1 52 PUSH EDX + * 006138F2 8A06 MOV AL,BYTE PTR DS:[ESI] + * 006138F4 84C0 TEST AL,AL + * 006138F6 74 0F JE SHORT .00613907 + * 006138F8 F6D0 NOT AL + * 006138FA 8A1439 MOV DL,BYTE PTR DS:[ECX+EDI] + * 006138FD 881419 MOV BYTE PTR DS:[ECX+EBX],DL + * 00613900 880439 MOV BYTE PTR DS:[ECX+EDI],AL + * 00613903 41 INC ECX + * 00613904 46 INC ESI + * 00613905 ^EB EB JMP SHORT .006138F2 + * 00613907 5A POP EDX + * 00613908 8B0439 MOV EAX,DWORD PTR DS:[ECX+EDI] + * 0061390B 890419 MOV DWORD PTR DS:[ECX+EBX],EAX + * 0061390E 31C0 XOR EAX,EAX + * 00613910 F7D0 NOT EAX + * 00613912 890439 MOV DWORD PTR DS:[ECX+EDI],EAX + * 00613915 83C1 04 ADD ECX,0x4 + * 00613918 894A 18 MOV DWORD PTR DS:[EDX+0x18],ECX + * 0061391B 8B7A 0C MOV EDI,DWORD PTR DS:[EDX+0xC] + * 0061391E 8B42 10 MOV EAX,DWORD PTR DS:[EDX+0x10] + * 00613921 31C9 XOR ECX,ECX + * 00613923 BB 6E000000 MOV EBX,0x6E + * 00613928 891F MOV DWORD PTR DS:[EDI],EBX + * 0061392A 894F 04 MOV DWORD PTR DS:[EDI+0x4],ECX + * 0061392D 894F 08 MOV DWORD PTR DS:[EDI+0x8],ECX + * 00613930 C747 0C 02000000 MOV DWORD PTR DS:[EDI+0xC],0x2 + * 00613937 83C3 04 ADD EBX,0x4 + * 0061393A 895F 14 MOV DWORD PTR DS:[EDI+0x14],EBX + * 0061393D 894F 18 MOV DWORD PTR DS:[EDI+0x18],ECX + * 00613940 894F 1C MOV DWORD PTR DS:[EDI+0x1C],ECX + * 00613943 89EC MOV ESP,EBP + * 00613945 61 POPAD + * 00613946 C3 RETN + * 00613947 60 PUSHAD + * 00613948 89E5 MOV EBP,ESP + * 0061394A 83EC 18 SUB ESP,0x18 + * 0061394D E8 59000000 CALL .006139AB + * 00613952 8B5D F8 MOV EBX,DWORD PTR SS:[EBP-0x8] + * 00613955 833B 01 CMP DWORD PTR DS:[EBX],0x1 + * 00613958 75 2E JNZ SHORT .00613988 + * 0061395A 31C9 XOR ECX,ECX + * 0061395C 890B MOV DWORD PTR DS:[EBX],ECX + * 0061395E 8B7B 0C MOV EDI,DWORD PTR DS:[EBX+0xC] + * 00613961 8B75 EC MOV ESI,DWORD PTR SS:[EBP-0x14] + * 00613964 8D49 08 LEA ECX,DWORD PTR DS:[ECX+0x8] + * 00613967 F3:A5 REP MOVS DWORD PTR ES:[EDI],DWORD PTR DS> + * 00613969 8B7B 14 MOV EDI,DWORD PTR DS:[EBX+0x14] + * 0061396C 8B75 E8 MOV ESI,DWORD PTR SS:[EBP-0x18] + * 0061396F 8B4B 18 MOV ECX,DWORD PTR DS:[EBX+0x18] + * 00613972 F3:A4 REP MOVS BYTE PTR ES:[EDI],BYTE PTR DS:[> + * 00613974 8B43 04 MOV EAX,DWORD PTR DS:[EBX+0x4] + * 00613977 8B53 08 MOV EDX,DWORD PTR DS:[EBX+0x8] + * 0061397A 8910 MOV DWORD PTR DS:[EAX],EDX + * 0061397C 8D7B 04 LEA EDI,DWORD PTR DS:[EBX+0x4] + * 0061397F 31C0 XOR EAX,EAX + * 00613981 B9 40010000 MOV ECX,0x140 + * 00613986 F3:AB REP STOS DWORD PTR ES:[EDI] + * 00613988 89EC MOV ESP,EBP + * 0061398A 61 POPAD + * 0061398B C3 RETN + * 0061398C 8B8CD6 A8D70500 MOV ECX,DWORD PTR DS:[ESI+EDX*8+0x5D7A8] ; jichi: #2 hook jumped here, execute the original instruction first + * 00613993 8B01 MOV EAX,DWORD PTR DS:[ECX] ; get dword split in ecx + * 00613995 3D 96010000 CMP EAX,0x196 + * 0061399A 74 07 JE SHORT .006139A3 ; translate if split is 0x196 or 0x6e + * 0061399C 83F8 6E CMP EAX,0x6E + * 0061399F 74 02 JE SHORT .006139A3 + * 006139A1 EB 07 JMP SHORT .006139AA + * 006139A3 E8 7AFEFFFF CALL .00613822 + * 006139A8 8B01 MOV EAX,DWORD PTR DS:[ECX] + * 006139AA C3 RETN + * 006139AB 60 PUSHAD + * 006139AC C745 FC A8D70500 MOV DWORD PTR SS:[EBP-0x4],0x5D7A8 + * 006139B3 EB 03 JMP SHORT .006139B8 + * 006139B5 58 POP EAX + * 006139B6 EB 05 JMP SHORT .006139BD + * 006139B8 E8 F8FFFFFF CALL .006139B5 + * 006139BD 2D BD392100 SUB EAX,0x2139BD + * 006139C2 0380 D4020000 ADD EAX,DWORD PTR DS:[EAX+0x2D4] + * 006139C8 B9 00010000 MOV ECX,0x100 + * 006139CD 8D80 00400100 LEA EAX,DWORD PTR DS:[EAX+0x14000] + * 006139D3 8945 F8 MOV DWORD PTR SS:[EBP-0x8],EAX + * 006139D6 8D0401 LEA EAX,DWORD PTR DS:[ECX+EAX] + * 006139D9 8945 F4 MOV DWORD PTR SS:[EBP-0xC],EAX + * 006139DC 8D0401 LEA EAX,DWORD PTR DS:[ECX+EAX] + * 006139DF 8945 F0 MOV DWORD PTR SS:[EBP-0x10],EAX + * 006139E2 8D0401 LEA EAX,DWORD PTR DS:[ECX+EAX] + * 006139E5 8945 EC MOV DWORD PTR SS:[EBP-0x14],EAX + * 006139E8 8D0401 LEA EAX,DWORD PTR DS:[ECX+EAX] + * 006139EB 8945 E8 MOV DWORD PTR SS:[EBP-0x18],EAX + * 006139EE 61 POPAD + * 006139EF C3 RETN + * 006139F0 0000 ADD BYTE PTR DS:[EAX],AL + * 006139F2 0000 ADD BYTE PTR DS:[EAX],AL + * 006139F4 0000 ADD BYTE PTR DS:[EAX],AL + */ +bool InsertEushullyHook() +{ + /* + ULONG addr = MemDbg::findLastCallerAddressAfterInt3((DWORD)::GetTextExtentPoint32A, processStartAddress, processStopAddress); + //GROWL_DWORD(addr); + if (!addr) { + ConsoleOutput("Eushully: failed"); + return false; + } + */ + ULONG lastCaller = 0, + lastCall = 0; + auto fun = [&lastCaller, &lastCall](ULONG caller, ULONG call) -> bool + { + lastCaller = caller; + lastCall = call; + return true; // find last caller && call + }; + MemDbg::iterCallerAddressAfterInt3(fun, (ULONG)::GetTextExtentPoint32A, processStartAddress, processStopAddress); + if (!lastCaller) + return false; + + // OtherHook + ULONG thisCaller = 0, + thisCall = 0, + prevCall = 0; + auto fun2 = [&thisCaller, &thisCall, &prevCall](ULONG caller, ULONG call) -> bool + { + if (call - prevCall == 133) + { // 0x0046e1f8 - 0x0046e173 = 133 + thisCaller = caller; + thisCall = call; + return false; // stop iteration + } + prevCall = call; + return true; // continue iteration + }; + MemDbg::iterCallerAddressAfterInt3(fun2, (ULONG)::GetGlyphOutlineA, processStartAddress, processStopAddress); + // BOOL GetTextExtentPoint32( + // _In_ HDC hdc, + // _In_ LPCTSTR lpString, + // _In_ int c, + // _Out_ LPSIZE lpSize + // ); + enum stack + { // current stack + // retaddr = 0 // esp[0] is the return address since this is the beginning of the function + arg1_hdc = 4 * 1 // 0x4 + , + arg2_lpString = 4 * 2 // 0x8 + , + arg3_lc = 4 * 3 // 0xc + , + arg4_lpSize = 4 * 4 // 0x10 + }; + { + enum : DWORD + { + sig = 0x550010c2 + }; + enum + { + fun_offset = 3 + }; + for (auto addr = lastCaller; addr < lastCall; addr++) + if (*(DWORD *)addr == sig) + { + lastCaller = addr + fun_offset; + break; + } + } + HookParam hp; + hp.address = lastCaller; + hp.type = USING_STRING | FIXING_SPLIT | EMBED_ABLE | EMBED_AFTER_NEW | EMBED_DYNA_SJIS; // merging all threads + hp.offset = arg2_lpString; // arg2 = 0x4 * 2 + hp.hook_font = F_MultiByteToWideChar | F_GetTextExtentPoint32A | F_GetGlyphOutlineA | F_CreateFontA; + ConsoleOutput("INSERT Eushully"); + bool succ = NewHook(hp, "ARCGameEngine"); + if (thisCaller) + { + hp.address = thisCall; + hp.offset = get_stack(6); + succ |= NewHook(hp, "ARCGameEngine_other"); + } + return succ; +} +namespace +{ + //(18禁ゲーム)[200529][エウシュリー] 天冥のコンキスタ DL版 + bool TENMEI() + { + BYTE sig[] = { + 0xc7, 0x45, XX, 0x00, 0x00, 0x00, 0x00, + 0xc7, 0x45, XX, 0x00, 0x00, 0x00, 0x00, + 0xc7, 0x45, XX, 0x00, 0x00, 0x00, 0x00, + 0xc7, 0x45, XX, 0x00, 0x00, 0x00, 0x00, + 0xc7, 0x45, XX, 0x0f, 0x00, 0x00, 0x00, + 0xc6, 0x45, XX, 0x00, + 0xc6, 0x45, XX, 0x01, + 0xc7, 0x45, XX, 0x00, 0x00, 0x00, 0x00, + 0xc7, 0x45, XX, 0x00, 0x00, 0x00, 0x00, + 0xc7, 0x45, XX, 0x00, 0x00, 0x00, 0x00, + 0xc7, 0x45, XX, 0x0f, 0x00, 0x00, 0x00, + 0xc6, 0x45, XX, 0x00, + 0xc6, 0x45, XX, 0x03}; + auto addr = MemDbg::findBytes(sig, sizeof(sig), processStartAddress, processStopAddress); + if (addr == 0) + return false; + addr = MemDbg::findEnclosingAlignedFunction(addr); + if (addr == 0) + return false; + HookParam hp; + hp.address = addr; + hp.type = USING_STRING | USING_SPLIT | NO_CONTEXT; // 必须NO_CONTEXT否则被注音的字会被分开 + hp.offset = get_stack(5); + hp.split = get_stack(1); // name 80000000 各种所有text 0 + hp.filter_fun = [](void *data, size_t *len, HookParam *hp) + { + StringFilter((char *)data, len, "\xf0\x40", 2); + NewLineCharFilterA((char *)data, len, hp); + return true; + }; + return NewHook(hp, "TENMEI"); + } +} +namespace +{ + bool pchooks() + { + HookParam hp; + hp.address = (DWORD)GetStringTypeExW; + hp.offset = get_stack(3); + hp.type = USING_STRING | CODEC_UTF16; + hp.filter_fun = [](void *data, size_t *len, HookParam *hp) + { + // 破折号和省略号会变成乱码 + for (auto i = 0; i < *len / 2; i++) + { + auto wc = (wchar_t *)data; + if (wc[i] == 0xe001) + wc[i] = 0x2014; + else if (wc[i] == 0xe003) + wc[i] = 0x2014; + else if (wc[i] == 0xe000) + wc[i] = 0x2026; + } + return true; + }; + auto succ = NewHook(hp, "eushully"); + hp.address = (DWORD)GetTextExtentPoint32W; + hp.offset = get_stack(2); + succ |= NewHook(hp, "eushully"); + return succ; + } +} +bool Eushully::attach_function() +{ + + return InsertEushullyHook() || TENMEI() || pchooks(); +} \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine32/Eushully.h b/cpp/LunaHook/LunaHook/engine32/Eushully.h new file mode 100644 index 00000000..38838a0e --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/Eushully.h @@ -0,0 +1,13 @@ + + +class Eushully : public ENGINE +{ +public: + Eushully() + { + + check_by = CHECK_BY::FILE; + check_by_target = L"AGERC.DLL"; // 6/1/2014 jichi: Eushully, AGE.EXE + }; + bool attach_function(); +}; diff --git a/cpp/LunaHook/LunaHook/engine32/Exp.cpp b/cpp/LunaHook/LunaHook/engine32/Exp.cpp new file mode 100644 index 00000000..980cee09 --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/Exp.cpp @@ -0,0 +1,230 @@ +#include"Exp.h" + +/** jichi 9/8/2014 EXP, http://www.exp-inc.jp + * Maker: EXP, 5pb + * Sample game: 剣の街�異邦人 + * + * There are three matched memory addresses with SHIFT-JIS. + * The middle one is used as it is aligned with zeros. + * The memory address is fixed. + * + * There are three functions found using hardware breakpoints. + * The last one is used as the first two are looped. + * + * reladdr = 0x138020 + * + * baseaddr = 0x00120000 + * + * 0025801d cc int3 + * 0025801e cc int3 + * 0025801f cc int3 + * 00258020 55 push ebp ; jichi: hook here + * 00258021 8bec mov ebp,esp + * 00258023 8b45 08 mov eax,dword ptr ss:[ebp+0x8] + * 00258026 83ec 08 sub esp,0x8 + * 00258029 85c0 test eax,eax + * 0025802b 0f84 d8000000 je .00258109 + * 00258031 837d 10 00 cmp dword ptr ss:[ebp+0x10],0x0 + * 00258035 0f84 ce000000 je .00258109 + * 0025803b 8b10 mov edx,dword ptr ds:[eax] ; jichi: edx is the text + * 0025803d 8b45 0c mov eax,dword ptr ss:[ebp+0xc] + * 00258040 53 push ebx + * 00258041 56 push esi + * 00258042 c745 f8 00000000 mov dword ptr ss:[ebp-0x8],0x0 + * 00258049 8945 fc mov dword ptr ss:[ebp-0x4],eax + * 0025804c 57 push edi + * 0025804d 8d49 00 lea ecx,dword ptr ds:[ecx] + * 00258050 8a0a mov cl,byte ptr ds:[edx] jichi: text in accessed in edx + * 00258052 8a45 14 mov al,byte ptr ss:[ebp+0x14] + * 00258055 3ac1 cmp al,cl + * 00258057 74 7a je short .002580d3 + * 00258059 8b7d 10 mov edi,dword ptr ss:[ebp+0x10] + * 0025805c 8b5d fc mov ebx,dword ptr ss:[ebp-0x4] + * 0025805f 33f6 xor esi,esi + * 00258061 8bc2 mov eax,edx + * 00258063 80f9 81 cmp cl,0x81 + * 00258066 72 05 jb short .0025806d + * 00258068 80f9 9f cmp cl,0x9f + * 0025806b 76 0a jbe short .00258077 + * 0025806d 80f9 e0 cmp cl,0xe0 + * 00258070 72 1d jb short .0025808f + * 00258072 80f9 fc cmp cl,0xfc + * 00258075 77 18 ja short .0025808f + * 00258077 8b45 fc mov eax,dword ptr ss:[ebp-0x4] + * 0025807a 85c0 test eax,eax + * 0025807c 74 05 je short .00258083 + * 0025807e 8808 mov byte ptr ds:[eax],cl + * 00258080 8d58 01 lea ebx,dword ptr ds:[eax+0x1] + * 00258083 8b7d 10 mov edi,dword ptr ss:[ebp+0x10] + * 00258086 8d42 01 lea eax,dword ptr ds:[edx+0x1] + * 00258089 be 01000000 mov esi,0x1 + * 0025808e 4f dec edi + * 0025808f 85ff test edi,edi + * 00258091 74 36 je short .002580c9 + * 00258093 85db test ebx,ebx + * 00258095 74 04 je short .0025809b + * 00258097 8a08 mov cl,byte ptr ds:[eax] + * 00258099 880b mov byte ptr ds:[ebx],cl + * 0025809b 46 inc esi + * 0025809c 33c0 xor eax,eax + * 0025809e 66:3bc6 cmp ax,si + * 002580a1 7f 47 jg short .002580ea + * 002580a3 0fbfce movsx ecx,si + * 002580a6 03d1 add edx,ecx + * 002580a8 3945 fc cmp dword ptr ss:[ebp-0x4],eax + * 002580ab 74 03 je short .002580b0 + * 002580ad 014d fc add dword ptr ss:[ebp-0x4],ecx + * 002580b0 294d 10 sub dword ptr ss:[ebp+0x10],ecx + * 002580b3 014d f8 add dword ptr ss:[ebp-0x8],ecx + * 002580b6 8a0a mov cl,byte ptr ds:[edx] + * 002580b8 80f9 0a cmp cl,0xa + * 002580bb 74 20 je short .002580dd + * 002580bd 80f9 0d cmp cl,0xd + * 002580c0 74 1b je short .002580dd + * 002580c2 3945 10 cmp dword ptr ss:[ebp+0x10],eax + * 002580c5 ^75 89 jnz short .00258050 + * 002580c7 eb 21 jmp short .002580ea + * 002580c9 85db test ebx,ebx + * 002580cb 74 1d je short .002580ea + * 002580cd c643 ff 00 mov byte ptr ds:[ebx-0x1],0x0 + * 002580d1 eb 17 jmp short .002580ea + * 002580d3 84c0 test al,al + * 002580d5 74 13 je short .002580ea + * 002580d7 42 inc edx + * 002580d8 ff45 f8 inc dword ptr ss:[ebp-0x8] + * 002580db eb 0d jmp short .002580ea + * 002580dd 8a42 01 mov al,byte ptr ds:[edx+0x1] + * 002580e0 42 inc edx + * 002580e1 3c 0a cmp al,0xa + * 002580e3 74 04 je short .002580e9 + * 002580e5 3c 0d cmp al,0xd + * 002580e7 75 01 jnz short .002580ea + * 002580e9 42 inc edx + * 002580ea 8b45 fc mov eax,dword ptr ss:[ebp-0x4] + * 002580ed 5f pop edi + * 002580ee 5e pop esi + * 002580ef 5b pop ebx + * 002580f0 85c0 test eax,eax + * 002580f2 74 09 je short .002580fd + * 002580f4 837d 10 00 cmp dword ptr ss:[ebp+0x10],0x0 + * 002580f8 74 03 je short .002580fd + * 002580fa c600 00 mov byte ptr ds:[eax],0x0 + * 002580fd 8b4d 08 mov ecx,dword ptr ss:[ebp+0x8] + * 00258100 8b45 f8 mov eax,dword ptr ss:[ebp-0x8] + * 00258103 8911 mov dword ptr ds:[ecx],edx + * 00258105 8be5 mov esp,ebp + * 00258107 5d pop ebp + * 00258108 c3 retn + * 00258109 33c0 xor eax,eax + * 0025810b 8be5 mov esp,ebp + * 0025810d 5d pop ebp + * 0025810e c3 retn + * 0025810f cc int3 + * + * Stack: + * 0f14f87c 00279177 return to .00279177 from .00258020 + * 0f14f880 0f14f8b0 ; arg1 address of the text's pointer + * 0f14f884 0f14f8c0 ; arg2 pointed to zero, maybe a buffer + * 0f14f888 00000047 ; arg3 it is zero if no text, this value might be text size + 1 + * 0f14f88c ffffff80 ; constant, used as split + * 0f14f890 005768c8 .005768c8 + * 0f14f894 02924340 ; text is at 02924350 + * 0f14f898 00000001 ; this might also be a good split + * 0f14f89c 1b520020 + * 0f14f8a0 00000000 + * 0f14f8a4 00000000 + * 0f14f8a8 029245fc + * 0f14f8ac 0004bfd3 + * 0f14f8b0 0f14fae0 + * 0f14f8b4 00000000 + * 0f14f8b8 00000000 + * 0f14f8bc 02924340 + * 0f14f8c0 00000000 + * + * Registers: + * eax 0f14f8c0 ; floating at runtime + * ecx 0f14f8b0; floating at runtime + * edx 00000000 + * ebx 0f14fae0; floating at runtime + * esp 0f14f87c; floating at runtime + * ebp 0f14facc; floating at runtime + * esi 00000047 + * edi 02924340 ; text is in 02924350 + * eip 00258020 .00258020 + * + * Memory access pattern: + * For long sentences, it first render the first line, then the second line, and so on. + * So, the second line is a subtext of the entire dialog. + */ +static void SpecialHookExp(hook_stack *stack, HookParam *hp, TextBuffer *buffer, uintptr_t *split) +{ + static DWORD lasttext; + // 00258020 55 push ebp ; jichi: hook here + // 00258021 8bec mov ebp,esp + // 00258023 8b45 08 mov eax,dword ptr ss:[ebp+0x8] ; jichi: move arg1 to eax + // 00258029 85c0 test eax,eax ; check if text is null + // 0025802b 0f84 d8000000 je .00258109 + // 00258031 837d 10 00 cmp dword ptr ss:[ebp+0x10],0x0 ; jichi: compare 0 with arg3, which is size+1 + // 00258035 0f84 ce000000 je .00258109 + // 0025803b 8b10 mov edx,dword ptr ds:[eax] ; move text address to edx + DWORD arg1 = stack->stack[1], // mov eax,dword ptr ss:[ebp+0x8] + arg3 = stack->stack[3]; // size - 1 + if (arg1 && arg3) + if (DWORD text = *(DWORD *)arg1) + if (!(text > lasttext && text < lasttext + VNR_TEXT_CAPACITY)) { // text is not a subtext of lastText + lasttext = text; // mov edx,dword ptr ds:[eax] + //*len = arg3 - 1; // the last char is the '\0', so -1, but this value is not reliable + + buffer->from_cs((char*)text); + // Registers are not used as split as all of them are floating at runtime + //*split = argof(4, esp_base); // arg4, always -8, this will merge all threads and result in repetition + *split = stack->stack[7]; // reduce repetition, but still have sub-text repeat + } +} +bool InsertExpHook() +{ + const BYTE bytes[] = { + 0x55, // 00258020 55 push ebp ; jichi: hook here, function starts, text in [arg1], size+1 in arg3 + 0x8b,0xec, // 00258021 8bec mov ebp,esp + 0x8b,0x45, 0x08, // 00258023 8b45 08 mov eax,dword ptr ss:[ebp+0x8] + 0x83,0xec, 0x08, // 00258026 83ec 08 sub esp,0x8 + 0x85,0xc0, // 00258029 85c0 test eax,eax + 0x0f,0x84, XX4, // 0025802b 0f84 d8000000 je .00258109 + 0x83,0x7d, 0x10, 0x00, // 00258031 837d 10 00 cmp dword ptr ss:[ebp+0x10],0x0 + 0x0f,0x84, XX4, // 00258035 0f84 ce000000 je .00258109 + 0x8b,0x10, // 0025803b 8b10 mov edx,dword ptr ds:[eax] ; jichi: edx is the text + 0x8b,0x45, 0x0c, // 0025803d 8b45 0c mov eax,dword ptr ss:[ebp+0xc] + 0x53, // 00258040 53 push ebx + 0x56, // 00258041 56 push esi + 0xc7,0x45, 0xf8, 0x00,0x00,0x00,0x00, // 00258042 c745 f8 00000000 mov dword ptr ss:[ebp-0x8],0x0 + 0x89,0x45, 0xfc, // 00258049 8945 fc mov dword ptr ss:[ebp-0x4],eax + 0x57, // 0025804c 57 push edi + 0x8d,0x49, 0x00, // 0025804d 8d49 00 lea ecx,dword ptr ds:[ecx] + 0x8a,0x0a // 00258050 8a0a mov cl,byte ptr ds:[edx] ; jichi: text accessed in edx + }; + enum { addr_offset = 0 }; + ULONG range = min(processStopAddress - processStartAddress, MAX_REL_ADDR); + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStartAddress + range); + //GROWL_DWORD(addr); + if (!addr) { + ConsoleOutput("EXP: pattern not found"); + return false; + } + + HookParam hp; + hp.address = addr + addr_offset; + hp.type = NO_CONTEXT|USING_STRING; // NO_CONTEXT to get rid of floating address + hp.text_fun = SpecialHookExp; + ConsoleOutput("INSERT EXP"); + + + ConsoleOutput("EXP: disable GDI hooks"); // There are no GDI functions hooked though + + return NewHook(hp, "EXP"); // FIXME: text displayed line by line +} + + +bool Exp::attach_function() { + + return InsertExpHook(); +} \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine32/Exp.h b/cpp/LunaHook/LunaHook/engine32/Exp.h new file mode 100644 index 00000000..070749ee --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/Exp.h @@ -0,0 +1,11 @@ + + +class Exp:public ENGINE{ + public: + Exp(){ + + check_by=CHECK_BY::FILE; + check_by_target=L"model\\*.hed"; + }; + bool attach_function(); +}; \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine32/FVP.cpp b/cpp/LunaHook/LunaHook/engine32/FVP.cpp new file mode 100644 index 00000000..c7d3f6cc --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/FVP.cpp @@ -0,0 +1,530 @@ +#include"FVP.h" + +namespace { // unnamed +namespace ScenarioHook { +namespace Private { + /** + * FIXME: Scenario/name/history text cannot be distinguished + * + * Sample game: 紅い瞳に映るセカイ + * + * Scenario: + * + * 0012FD44 0043CB56 RETURN to .0043CB56 from .00433610 + * 0012FD48 0B711390 + * 0012FD4C 024FE43C + * 0012FD50 02541120 + * 0012FD54 024FEC50 + * 0012FD58 00000000 + * 0012FD5C 024FE43C + * 0012FD60 0044598E RETURN to .0044598E + * 0012FD64 024FE53C + * 0012FD68 00000001 + * 0012FD6C 024FE43C + * + * EAX 0000000E + * ECX 01B99750 + * EDX 0B711391 + * EBX 01E7047C + * ESP 0012FD44 + * EBP 01B99750 + * ESI 0B711390 + * EDI 024FE53C + * EIP 00433610 .00433610 + * + * ecx: + * 01B99750 F4 D8 45 00 A8 D5 45 00 A0 2B 8E 0A 00 00 00 00 E.ィユE.+・.... + * 01B99760 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ + * 01B99770 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ + * 01B99780 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ + * + * [ecx+8] + * 0A8E2BA0 B0 51 A6 63 C0 83 4C 04 15 00 00 00 03 00 00 00 ーQヲcタキ...... + * 0A8E2BB0 00 00 00 0C 02 00 00 00 00 00 00 00 00 00 00 00 ............... + * 0A8E2BC0 00 04 00 00 80 00 00 00 00 00 00 00 00 00 00 00 ...€........... + * 0A8E2BD0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ + * + * 0012FD44 0043CB56 RETURN to .0043CB56 from .00433610 + * 0012FD48 0B6CE660 + * 0012FD4C 024FE43C + * 0012FD50 02541120 + * 0012FD54 024FEC50 + * 0012FD58 00000000 + * 0012FD5C 024FE43C + * 0012FD60 0044598E RETURN to .0044598E + * 0012FD64 024FE53C + * 0012FD68 00000001 + * 0012FD6C 024FE43C + * 0012FD70 00597669 d3dx9_31.00597669 + * 0012FD74 00000000 + * 0012FD78 004454D2 RETURN to .004454D2 + * 0012FD7C 01E7047C + * 0012FD80 0043F67F RETURN to .0043F67F from .00445440 + * 0012FD84 76F32EB2 user32.PeekMessageA + * 0012FD88 76F52B5A user32.TranslateAcceleratorA + * 0012FD8C 76F366E3 user32.IsIconic + * + * 0B6D9118 06 06 07 07 07 07 08 08 07 08 09 0A 0A 08 09 09 ..... + * 0B6D9128 37 5F 7C 3B E8 B7 02 00 D8 FF 61 02 30 8C 70 0B 7_|;霍.リa0継 + * 0B6D9138 35 5E 75 31 EF B7 02 08 98 7C 58 02 20 2F B9 01 5^u1・・X /ケ + * 0B6D9148 0B 00 00 00 C0 D0 E0 F0 A8 9A C7 23 00 00 00 8D ...タミ瑩ィ塢#...・ + * 0B6D9158 81 40 82 BB 82 CC 83 79 81 5B 83 57 82 AA 82 CF  そのページがぱ + * 0B6D9168 82 E7 82 CF 82 E7 82 C6 97 AC 82 B3 82 EA 82 E9 らぱらと流される + * 0B6D9178 81 42 00 00 00 00 00 00 B2 9A C7 23 00 00 00 8D 。......イ塢#...・ + * + * 0B6D9188 81 40 82 BB 82 CC 83 79 81 5B 83 57 82 AA 82 CF  そのページがぱ + * 0B6D9198 82 E7 82 CF 82 E7 82 C6 97 AC 82 B3 82 EA 82 E9 らぱらと流される + * 0B6D91A8 81 42 00 00 00 00 00 00 B4 9A C7 23 00 00 00 80 。......エ塢#...€ + * 0B6D91B8 14 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ............... + * 0B6D91C8 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ + * 0B6D91D8 00 00 00 00 00 00 00 00 BE 9A C7 23 00 00 00 80 ........セ塢#...€ + * 0B6D91E8 1A 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ............... + * 0B6D91F8 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ + * 0B6D9208 00 00 00 00 00 00 00 00 C0 9A C7 23 00 00 00 80 ........タ塢#...€ + * 0B6D9218 20 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ............... + * 0B6D9228 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ + * 0B6D9238 00 00 00 00 00 00 00 00 CA 9A C7 23 00 00 00 80 ........ハ塢#...€ + * 0B6D9248 26 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 &............... + * 0B6D9258 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ + * 0B6D9268 00 00 00 00 00 00 00 00 CC 9A C7 23 00 00 00 80 ........フ塢#...€ + * + * History: + * + * 0012FD44 0043CB56 RETURN to .0043CB56 from .00433610 + * 0012FD48 0B7113D8 + * 0012FD4C 024FE43C + * 0012FD50 02541120 + * 0012FD54 024FEC50 + * 0012FD58 00000000 + * 0012FD5C 024FE43C + * 0012FD60 0044598E RETURN to .0044598E + * 0012FD64 024FE5CC + * 0012FD68 00000001 + * 0012FD6C 024FE43C + * + * 0B6D9118 06 06 07 07 07 07 08 08 07 08 09 0A 0A 08 09 09 ..... + * 0B6D9128 37 5F 7C 3B E8 B7 02 00 D8 FF 61 02 30 8C 70 0B 7_|;霍.リa0継 + * 0B6D9138 35 5E 75 31 EF B7 02 08 98 7C 58 02 20 2F B9 01 5^u1・・X /ケ + * 0B6D9148 0B 00 00 00 C0 D0 E0 F0 A8 9A C7 23 00 00 00 8D ...タミ瑩ィ塢#...・ + * 0B6D9158 81 40 82 BB 82 CC 83 79 81 5B 83 57 82 AA 82 CF  そのページがぱ + * 0B6D9168 82 E7 82 CF 82 E7 82 C6 97 AC 82 B3 82 EA 82 E9 らぱらと流される + * 0B6D9178 81 42 00 00 00 00 00 00 B2 9A C7 23 00 00 00 8D 。......イ塢#...・ + * 0B6D9188 81 40 82 BB 82 CC 83 79 81 5B 83 57 82 AA 82 CF  そのページがぱ + * 0B6D9198 82 E7 82 CF 82 E7 82 C6 97 AC 82 B3 82 EA 82 E9 らぱらと流される + * 0B6D91A8 81 42 00 00 00 00 00 00 B4 9A C7 23 00 00 00 8A 。......エ塢#...・ + * 0B6D91B8 01 00 40 81 BB 82 CC 82 79 83 5B 81 57 83 AA 82 .@⊇のZゼ仝Μ・ + * 0B6D91C8 CF 82 E7 82 CF 82 E7 82 C6 82 AC 97 B3 82 EA 82 マらぱらとぎ竜れ・ + * 0B6D91D8 E9 82 42 81 7E 00 00 00 BE 9A C7 23 00 00 00 8D 驍B×...セ塢#...・ + * 0B6D91E8 81 40 82 BB 82 CC 83 79 81 5B 83 57 82 AA 82 CF  そのページがぱ + * 0B6D91F8 82 E7 82 CF 82 E7 82 C6 97 AC 82 B3 82 EA 82 E9 らぱらと流される + * 0B6D9208 81 42 00 00 00 00 00 00 C0 9A C7 23 00 00 00 8D 。......タ塢#...・ + * + * 0B6D9218 81 40 82 BB 82 CC 83 79 81 5B 83 57 82 AA 82 CF  そのページがぱ + * 0B6D9228 82 E7 82 CF 82 E7 82 C6 97 AC 82 B3 82 EA 82 E9 らぱらと流される + * 0B6D9238 81 42 00 00 00 00 00 00 CA 9A C7 23 00 00 00 80 。......ハ塢#...€ + * 0B6D9248 26 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 &............... + * 0B6D9258 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ + * 0B6D9268 00 00 00 00 00 00 00 00 CC 9A C7 23 00 00 00 80 ........フ塢#...€ + * + * ecx: + * 02536A88 F4 D8 45 00 A8 D5 45 00 80 39 2F 04 00 00 00 00 E.ィユE.€9/.... + * 02536A98 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ + * 02536AA8 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ + * 02536AB8 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ + * + * [ecx+8] + * 042F3980 B0 51 A6 63 A0 1A E2 09 15 00 00 00 03 00 00 00 ーQヲc・...... + * 042F3990 00 00 00 0C 02 00 00 00 00 00 00 00 00 00 00 00 ............... + * 042F39A0 00 04 00 00 80 00 00 00 00 00 00 00 00 00 00 00 ...€........... + * 042F39B0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ + * 042F39C0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ + * + * EAX 0000000E + * ECX 02537740 + * EDX 0B7113D9 + * EBX 01E7047C + * ESP 0012FD44 + * EBP 02537740 + * ESI 0B7113D8 + * EDI 024FE5CC + * EIP 00433610 .00433610 + * + * 0012FD44 0043CB56 RETURN to .0043CB56 from .00433610 + * 0012FD48 0B6CEA20 + * 0012FD4C 024FE43C + * 0012FD50 02541120 + * 0012FD54 024FEC50 + * 0012FD58 00000000 + * 0012FD5C 024FE43C + * 0012FD60 0044598E RETURN to .0044598E + * 0012FD64 024FE5CC + * 0012FD68 00000001 + * 0012FD6C 024FE43C + * 0012FD70 005A44DE d3dx9_31.005A44DE + * 0012FD74 00000000 + * 0012FD78 004454D2 RETURN to .004454D2 + * 0012FD7C 01E7047C + * 0012FD80 0043F67F RETURN to .0043F67F from .00445440 + * 0012FD84 76F32EB2 user32.PeekMessageA + * 0012FD88 76F52B5A user32.TranslateAcceleratorA + * 0012FD8C 76F366E3 user32.IsIconic + * + * Config message: + * + * 0012FD44 0043CB56 RETURN to .0043CB56 from .00433610 + * 0012FD48 026A1180 + * 0012FD4C 02508B94 + * 0012FD50 02541120 + * 0012FD54 025093A8 + * 0012FD58 00000000 + * 0012FD5C 02508B94 + * 0012FD60 0044598E RETURN to .0044598E + * 0012FD64 02508BA4 + * 0012FD68 00000001 + * 0012FD6C 02508B94 + * 0012FD70 005AC45E d3dx9_31.005AC45E + * 0012FD74 00000000 + * 0012FD78 004454D2 RETURN to .004454D2 + * 0012FD7C 01E7047C + * 0012FD80 0043F67F RETURN to .0043F67F from .00445440 + * 0012FD84 76F32EB2 user32.PeekMessageA + * 0012FD88 76F52B5A user32.TranslateAcceleratorA + * 0012FD8C 76F366E3 user32.IsIconic + * + * EAX 0000001E + * ECX 0253A4F8 + * EDX 026A1181 + * EBX 01E7047C + * ESP 0012FD44 + * EBP 0253A4F8 + * ESI 026A1180 + * EDI 02508BA4 + * EIP 00433610 .00433610 + * + * ecx: + * 0253A4F8 F4 D8 45 00 A8 D5 45 00 00 D4 2F 04 00 00 00 00 E.ィユE..ヤ/.... + * 0253A508 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ + * 0253A518 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ + * 0253A528 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ + * + * [ecx+8] + * 042FD400 B0 51 A6 63 C0 18 E2 09 15 00 00 00 03 00 00 00 ーQヲcタ・...... + * 042FD410 00 00 00 0C 02 00 00 00 00 00 00 00 00 00 00 00 ............... + * 042FD420 00 02 00 00 20 00 00 00 00 00 00 00 00 00 00 00 ... ........... + * 042FD430 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ + * + * 026A1160 25 07 4F 11 08 00 10 FE 0C 0A 1D 0C 01 1A 05 04 %O.... + * 026A1170 04 01 00 00 0C 01 07 90 11 08 00 0F 7C 05 0E 1F ...・.| + * + * 026A1180 83 81 83 62 83 5A 81 5B 83 57 91 AC 93 78 83 54 メッセージ速度サ + * 026A1190 83 93 83 76 83 8B 83 65 83 4C 83 58 83 67 00 03 ンプルテキスト. + * 026A11A0 7B 00 03 85 00 0F 7C 05 03 6F 00 06 54 11 08 00 {.・|o.T. + * + */ + // bool hookBefore(winhook::hook_stack *s) + // { + // static std::string data_; // persistent storage, which makes this function not thread-safe + // LPCSTR text = (LPCSTR)s->stack[1]; // arg1 + // if (!text || !*text) + // return true; + // //auto role = Engine::OtherRole; + // //if (text[-2] == 0 && text[-3] == 0 && text[-4] == 0) // 234 should be zero for text on the heap? + // // role = Engine::ScenarioRole; + // auto role = Engine::ScenarioRole; + + // auto retaddr = s->stack[0]; // retaddr, there is only one retaddr anyway + // //auto split = s->ecx; + // //if (Engine::isAddressReadable(split)) + // // split = *(DWORD *)(split + 8); + // auto sig = Engine::hashThreadSignature(role, retaddr); + // data_ = EngineController::instance()->dispatchTextASTD(text, role, sig); + // s->stack[1] = (ULONG)data_.c_str(); // reset arg1 + // return true; + // } +} // namespace Private + +/** jichi 7/28/2015 + * Sample game: 紅い瞳に映るセカイ + * Text can also be extracted in both GetGlyphOutlineA and lstrlenA + * See also: http://capita.tistory.com/m/post/267 + * + * 0043360E CC INT3 + * 0043360F CC INT3 + * 00433610 83EC 0C SUB ESP,0xC + * 00433613 55 PUSH EBP + * 00433614 56 PUSH ESI + * 00433615 57 PUSH EDI + * 00433616 8BF9 MOV EDI,ECX + * 00433618 8D4424 0C LEA EAX,DWORD PTR SS:[ESP+0xC] + * 0043361C 8DB7 74050000 LEA ESI,DWORD PTR DS:[EDI+0x574] + * 00433622 50 PUSH EAX + * 00433623 8BCE MOV ECX,ESI + * 00433625 897C24 18 MOV DWORD PTR SS:[ESP+0x18],EDI + * 00433629 C74424 10 010000>MOV DWORD PTR SS:[ESP+0x10],0x1 + * 00433631 E8 8AEFFFFF CALL .004325C0 + * 00433636 8D8F 90050000 LEA ECX,DWORD PTR DS:[EDI+0x590] + * 0043363C 51 PUSH ECX + * 0043363D 8D8F B8050000 LEA ECX,DWORD PTR DS:[EDI+0x5B8] + * 00433643 E8 E8EFFFFF CALL .00432630 + * 00433648 8B6C24 1C MOV EBP,DWORD PTR SS:[ESP+0x1C] + * 0043364C 8A45 00 MOV AL,BYTE PTR SS:[EBP] + * 0043364F 84C0 TEST AL,AL + * 00433651 0F84 8C000000 JE .004336E3 + * 00433657 53 PUSH EBX + * 00433658 EB 06 JMP SHORT .00433660 + * 0043365A 8D9B 00000000 LEA EBX,DWORD PTR DS:[EBX] + * 00433660 66:0FB6D0 MOVZX DX,AL + * 00433664 0FB7DA MOVZX EBX,DX + * 00433667 0FB7C3 MOVZX EAX,BX + * 0043366A 50 PUSH EAX + * 0043366B 895C24 24 MOV DWORD PTR SS:[ESP+0x24],EBX + * 0043366F 45 INC EBP + * 00433670 E8 DA4D0100 CALL .0044844F + * 00433675 83C4 04 ADD ESP,0x4 + * 00433678 85C0 TEST EAX,EAX + * 0043367A 74 13 JE SHORT .0043368F + * 0043367C 66:0FB64D 00 MOVZX CX,BYTE PTR SS:[EBP] + * 00433681 C1E3 08 SHL EBX,0x8 + * 00433684 66:0BD9 OR BX,CX + * 00433687 0FB7DB MOVZX EBX,BX + * 0043368A 895C24 20 MOV DWORD PTR SS:[ESP+0x20],EBX + * 0043368E 45 INC EBP + * 0043368F 8B4E 0C MOV ECX,DWORD PTR DS:[ESI+0xC] + * 00433692 85C9 TEST ECX,ECX + * 00433694 75 04 JNZ SHORT .0043369A + * 00433696 33C0 XOR EAX,EAX + * 00433698 EB 07 JMP SHORT .004336A1 + * 0043369A 8B46 14 MOV EAX,DWORD PTR DS:[ESI+0x14] + * 0043369D 2BC1 SUB EAX,ECX + * 0043369F D1F8 SAR EAX,1 + * 004336A1 8B7E 10 MOV EDI,DWORD PTR DS:[ESI+0x10] + * 004336A4 8BD7 MOV EDX,EDI + * 004336A6 2BD1 SUB EDX,ECX + * 004336A8 D1FA SAR EDX,1 + * 004336AA 3BD0 CMP EDX,EAX + * 004336AC 73 0B JNB SHORT .004336B9 + * 004336AE 66:891F MOV WORD PTR DS:[EDI],BX + * 004336B1 83C7 02 ADD EDI,0x2 + * 004336B4 897E 10 MOV DWORD PTR DS:[ESI+0x10],EDI + * 004336B7 EB 1E JMP SHORT .004336D7 + * 004336B9 3BCF CMP ECX,EDI + * 004336BB 76 05 JBE SHORT .004336C2 + * 004336BD E8 644A0100 CALL .00448126 + * 004336C2 8B06 MOV EAX,DWORD PTR DS:[ESI] + * 004336C4 8D4C24 20 LEA ECX,DWORD PTR SS:[ESP+0x20] + * 004336C8 51 PUSH ECX + * 004336C9 57 PUSH EDI + * 004336CA 50 PUSH EAX + * 004336CB 8D5424 1C LEA EDX,DWORD PTR SS:[ESP+0x1C] + * 004336CF 52 PUSH EDX + * 004336D0 8BCE MOV ECX,ESI + * 004336D2 E8 F9E8FFFF CALL .00431FD0 + * 004336D7 8A45 00 MOV AL,BYTE PTR SS:[EBP] + * 004336DA 84C0 TEST AL,AL + * 004336DC ^75 82 JNZ SHORT .00433660 + * 004336DE 8B7C24 18 MOV EDI,DWORD PTR SS:[ESP+0x18] + * 004336E2 5B POP EBX + * 004336E3 8D4424 1C LEA EAX,DWORD PTR SS:[ESP+0x1C] + * 004336E7 50 PUSH EAX + * 004336E8 8BCE MOV ECX,ESI + * 004336EA C74424 20 7E0000>MOV DWORD PTR SS:[ESP+0x20],0x7E + * 004336F2 E8 C9EEFFFF CALL .004325C0 + * 004336F7 6A 01 PUSH 0x1 + * 004336F9 6A 00 PUSH 0x0 + * 004336FB 6A 00 PUSH 0x0 + * 004336FD 8BCF MOV ECX,EDI + * 004336FF E8 5CF4FFFF CALL .00432B60 + * 00433704 5F POP EDI + * 00433705 5E POP ESI + * 00433706 5D POP EBP + * 00433707 83C4 0C ADD ESP,0xC + * 0043370A C2 0400 RETN 0x4 + * 0043370D CC INT3 + * 0043370E CC INT3 + * 0043370F CC INT3 + * + * Sample game: 星空のメモリア + * 0042EAAD CC INT3 + * 0042EAAE CC INT3 + * 0042EAAF CC INT3 + * 0042EAB0 83EC 0C SUB ESP,0xC + * 0042EAB3 55 PUSH EBP + * 0042EAB4 56 PUSH ESI + * 0042EAB5 57 PUSH EDI + * 0042EAB6 8BF9 MOV EDI,ECX + * 0042EAB8 8D4424 0C LEA EAX,DWORD PTR SS:[ESP+0xC] + * 0042EABC 8DB7 A4000000 LEA ESI,DWORD PTR DS:[EDI+0xA4] + * 0042EAC2 50 PUSH EAX + * 0042EAC3 8BCE MOV ECX,ESI + * 0042EAC5 897C24 18 MOV DWORD PTR SS:[ESP+0x18],EDI + * 0042EAC9 C74424 10 010000>MOV DWORD PTR SS:[ESP+0x10],0x1 + * 0042EAD1 E8 5AF2FFFF CALL .0042DD30 + * 0042EAD6 8D8F B8000000 LEA ECX,DWORD PTR DS:[EDI+0xB8] + * 0042EADC 51 PUSH ECX + * 0042EADD 8D8F E0000000 LEA ECX,DWORD PTR DS:[EDI+0xE0] + * 0042EAE3 E8 B8F2FFFF CALL .0042DDA0 + * 0042EAE8 8B6C24 1C MOV EBP,DWORD PTR SS:[ESP+0x1C] + * 0042EAEC 8A45 00 MOV AL,BYTE PTR SS:[EBP] + * 0042EAEF 84C0 TEST AL,AL + * 0042EAF1 0F84 96000000 JE .0042EB8D + * 0042EAF7 53 PUSH EBX + * 0042EAF8 EB 06 JMP SHORT .0042EB00 + * 0042EAFA 8D9B 00000000 LEA EBX,DWORD PTR DS:[EBX] + * 0042EB00 66:0FB6D0 MOVZX DX,AL + * 0042EB04 0FB7DA MOVZX EBX,DX + * 0042EB07 0FB7C3 MOVZX EAX,BX + * 0042EB0A 50 PUSH EAX + * 0042EB0B 895C24 24 MOV DWORD PTR SS:[ESP+0x24],EBX + * 0042EB0F 83C5 01 ADD EBP,0x1 + * 0042EB12 E8 22430100 CALL .00442E39 + * 0042EB17 83C4 04 ADD ESP,0x4 + * 0042EB1A 85C0 TEST EAX,EAX + * 0042EB1C 74 11 JE SHORT .0042EB2F + * 0042EB1E 33C9 XOR ECX,ECX + * 0042EB20 8AEB MOV CH,BL + * 0042EB22 83C5 01 ADD EBP,0x1 + * 0042EB25 8A4D FF MOV CL,BYTE PTR SS:[EBP-0x1] + * 0042EB28 0FB7D9 MOVZX EBX,CX + * 0042EB2B 895C24 20 MOV DWORD PTR SS:[ESP+0x20],EBX + * 0042EB2F 8B56 04 MOV EDX,DWORD PTR DS:[ESI+0x4] + * 0042EB32 85D2 TEST EDX,EDX + * 0042EB34 75 04 JNZ SHORT .0042EB3A + * 0042EB36 33C9 XOR ECX,ECX + * 0042EB38 EB 07 JMP SHORT .0042EB41 + * 0042EB3A 8B4E 08 MOV ECX,DWORD PTR DS:[ESI+0x8] + * 0042EB3D 2BCA SUB ECX,EDX + * 0042EB3F D1F9 SAR ECX,1 + * 0042EB41 85D2 TEST EDX,EDX + * 0042EB43 74 19 JE SHORT .0042EB5E + * 0042EB45 8B46 0C MOV EAX,DWORD PTR DS:[ESI+0xC] + * 0042EB48 2BC2 SUB EAX,EDX + * 0042EB4A D1F8 SAR EAX,1 + * 0042EB4C 3BC8 CMP ECX,EAX + * 0042EB4E 73 0E JNB SHORT .0042EB5E + * 0042EB50 8B46 08 MOV EAX,DWORD PTR DS:[ESI+0x8] + * 0042EB53 66:8918 MOV WORD PTR DS:[EAX],BX + * 0042EB56 83C0 02 ADD EAX,0x2 + * 0042EB59 8946 08 MOV DWORD PTR DS:[ESI+0x8],EAX + * 0042EB5C EB 23 JMP SHORT .0042EB81 + * 0042EB5E 8B7E 08 MOV EDI,DWORD PTR DS:[ESI+0x8] + * 0042EB61 3BD7 CMP EDX,EDI + * 0042EB63 76 05 JBE SHORT .0042EB6A + * 0042EB65 E8 6E420100 CALL .00442DD8 + * 0042EB6A 8D5424 20 LEA EDX,DWORD PTR SS:[ESP+0x20] + * 0042EB6E 52 PUSH EDX + * 0042EB6F 57 PUSH EDI + * 0042EB70 56 PUSH ESI + * 0042EB71 8D4424 1C LEA EAX,DWORD PTR SS:[ESP+0x1C] + * 0042EB75 50 PUSH EAX + * 0042EB76 8BCE MOV ECX,ESI + * 0042EB78 E8 83ECFFFF CALL .0042D800 + * 0042EB7D 8B7C24 18 MOV EDI,DWORD PTR SS:[ESP+0x18] + * 0042EB81 8A45 00 MOV AL,BYTE PTR SS:[EBP] + * 0042EB84 84C0 TEST AL,AL + * 0042EB86 ^0F85 74FFFFFF JNZ .0042EB00 + * 0042EB8C 5B POP EBX + * 0042EB8D 8D4C24 1C LEA ECX,DWORD PTR SS:[ESP+0x1C] + * 0042EB91 51 PUSH ECX + * 0042EB92 8BCE MOV ECX,ESI + * 0042EB94 C74424 20 7E0000>MOV DWORD PTR SS:[ESP+0x20],0x7E + * 0042EB9C E8 8FF1FFFF CALL .0042DD30 + * 0042EBA1 6A 01 PUSH 0x1 + * 0042EBA3 6A 00 PUSH 0x0 + * 0042EBA5 6A 00 PUSH 0x0 + * 0042EBA7 8BCF MOV ECX,EDI + * 0042EBA9 E8 72F4FFFF CALL .0042E020 + * 0042EBAE 5F POP EDI + * 0042EBAF 5E POP ESI + * 0042EBB0 5D POP EBP + * 0042EBB1 83C4 0C ADD ESP,0xC + * 0042EBB4 C2 0400 RETN 0x4 + * 0042EBB7 CC INT3 + * 0042EBB8 CC INT3 + * 0042EBB9 CC INT3 + * 0042EBBA CC INT3 + * 0042EBBB CC INT3 + * 0042EBBC CC INT3 + */ +bool attach(ULONG startAddress, ULONG stopAddress) +{ + const uint8_t bytes[] = { + 0x53, // 00433657 53 push ebx + 0xeb, 0x06, // 00433658 eb 06 jmp short .00433660 + 0x8d,0x9b, 0x00,0x00,0x00,0x00 // 0043365a 8d9b 00000000 lea ebx,dword ptr ds:[ebx] + }; + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), startAddress, stopAddress); + if (!addr) + return false; + + // 0042EAAD CC INT3 + // 0042EAAE CC INT3 + // 0042EAAF CC INT3 + // 0042EAB0 83EC 0C SUB ESP,0xC + // 0042EAB3 55 PUSH EBP + // 0042EAB4 56 PUSH ESI + // + // 00433657 - 00433610 = 71, function not aligned + addr = MemDbg::findEnclosingFunctionBeforeDword(0x550cec83, addr, MemDbg::MaximumFunctionSize, 1); // step = 1 + //addr = MemDbg::findEnclosingAlignedFunction(addr); // does not work + //addr = MemDbg::findEnclosingFunctionAfterInt3(addr); // does not work as there is not enough int3 + if (!addr) + return false; + HookParam hp; + hp.address=addr; + hp.offset=get_stack(1); + hp.type=USING_STRING|EMBED_ABLE|EMBED_AFTER_NEW|EMBED_DYNA_SJIS; + hp.hook_font=F_DrawTextA|F_GetGlyphOutlineA; + hp.filter_fun=[](void* data, size_t* len, HookParam* hp){ + + return write_string_overwrite(data,len,std::regex_replace(std::string((LPSTR)data,*len), std::regex("\\[.+\\|(.+?)\\]"), "$1")); +}; + + return NewHook(hp,"EmbedFVP"); +} +} // namespace ScenarioHook +} // unnamed namespace + +/** Public class */ + +bool FVP::attach_function() +{ + ULONG startAddress, stopAddress; + + if (!ScenarioHook::attach(processStartAddress, processStopAddress)) + return false; + // HijackManager::instance()->attachFunction((ULONG)::GetGlyphOutlineA); // for new game: 紅い瞳に映るセカイ + // HijackManager::instance()->attachFunction((ULONG)::DrawTextA); // for old game: 星空のメモリア + //HijackManager::instance()->attachFunction((ULONG)::CreateFontA); + return true; +} + +/** + * Get rid of ruby. Examples: + * [まぶた|瞼]を閉じた。 + */ +//QString FVPEngine::rubyCreate(const QString &rb, const QString &rt) +//{ +// static QString fmt = "[%2|%1]"; +// return fmt.arg(rb, rt); +//} +// +//// Remove furigana in scenario thread. +//QString FVPEngine::rubyRemove(const QString &text) +//{ +// if (!text.contains('|')) +// return text; +// static QRegExp rx("\\[.+\\|(.+)\\]"); +// if (!rx.isMinimal()) +// rx.setMinimal(true); +// return QString(text).replace(rx, "\\1"); +//} + +// std::wstring FVPEngine::rubyRemove(const std::wstring& text) +// { +// if (text.find(L'|') == std::wstring::npos) +// return text; +// static std::wregex rx(L"\\[.+\\|(.+?)\\]"); +// return std::regex_replace(text, rx, L"$1"); +// } + +// EOF diff --git a/cpp/LunaHook/LunaHook/engine32/FVP.h b/cpp/LunaHook/LunaHook/engine32/FVP.h new file mode 100644 index 00000000..83fc1dcb --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/FVP.h @@ -0,0 +1,11 @@ + + +class FVP:public ENGINE{ + public: + FVP(){ + is_engine_certain=false; + check_by=CHECK_BY::FILE; + check_by_target=L"*.hcb"; + }; + bool attach_function(); +}; \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine32/Fizz.cpp b/cpp/LunaHook/LunaHook/engine32/Fizz.cpp new file mode 100644 index 00000000..11714cdf --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/Fizz.cpp @@ -0,0 +1,75 @@ +#include "Fizz.h" + +bool Fizzattach_function1() +{ + // char __thiscall sub_59AA90(char *this, int a2, int a3, int a4, int a5, int a6, int a7, int a8, char a9) + // HB8@59AA90 + // https://vndb.org/v1380 + // さくらテイル + + const BYTE bytes[] = { + 0x55, 0x8b, 0xec, + 0x6a, 0xff, + 0x68, XX4, + 0x64, 0xa1, 0, 0, 0, 0, + 0x50, + 0x81, 0xec, XX2, 0, 0, + 0xa1, XX4, + 0x33, 0xc5, + 0x89, 0x45, 0xf0, + 0x50, + 0x8d, 0x45, 0xf4, + 0x64, 0xa3, 0, 0, 0, 0, + 0x89, 0x4d, XX, + 0xc7, 0x45, XX, 0, 0, 0, 0, + 0xc7, 0x45, XX, 0, 0, 0, 0, + 0x8d, 0x4d, XX, + 0xe8, XX4}; + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStopAddress); + if (!addr) + return false; + + HookParam hp; + hp.address = addr; + hp.offset = get_stack(2); + hp.type = USING_CHAR; + return NewHook(hp, "Fizz"); +} +namespace +{ + bool gsd() + { + //[110128][アトリエさくら]清純なカラダは、アイツの腕の中で男を知っていく + // https://vndb.org/v5688 + // size_t __cdecl strlen(const char *Str) + const BYTE bytes[] = { + 0xBA, 0xFF, 0xFE, 0xFE, 0x7E, + 0x03, 0xD0, + 0x83, 0xF0, 0xFF, + 0x33, 0xC2, + 0x83, 0xC1, 0x04, + 0xA9, 0x00, 0x01, 0x01, 0x81, + 0x74, XX}; + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStopAddress); + if (!addr) + return false; + BYTE sig[] = {0x8b, 0x4c, 0x24, 0x04}; + addr = reverseFindBytes(sig, sizeof(sig), addr - 0x40, addr); + if (!addr) + return false; + HookParam hp; + hp.address = addr; + hp.type = USING_STRING; + hp.offset = get_stack(1); + hp.filter_fun = all_ascii_Filter; + return NewHook(hp, "gsd"); + } +} +bool Fizz::attach_function() +{ + if (typex == 1) + return Fizzattach_function1(); + if (typex == 2) + return gsd(); + return false; +} \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine32/Fizz.h b/cpp/LunaHook/LunaHook/engine32/Fizz.h new file mode 100644 index 00000000..53066f55 --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/Fizz.h @@ -0,0 +1,27 @@ + + +class Fizz : public ENGINE +{ +public: + Fizz() + { + check_by = CHECK_BY::CUSTOM; + check_by_target = [&]() + { + auto _ = Util::CheckFile(L"data.gsp") && Util::CheckFile(L"Image*.gsp") && Util::CheckFile(L"bgm*.gsp") && Util::CheckFile(L"se.gsp"); + if (!_) + return false; + if (Util::CheckFile(L"voice/*.gsp")) + { + typex = 1; + } + else + { + typex = 2; + } + return true; + }; + }; + bool attach_function(); + int typex = 0; +}; \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine32/FocasLens.cpp b/cpp/LunaHook/LunaHook/engine32/FocasLens.cpp new file mode 100644 index 00000000..eb9a5caf --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/FocasLens.cpp @@ -0,0 +1,146 @@ +#include"FocasLens.h" + + +/** jichi 2/6/2015 FocasLens (Touhou) + * Sample game: [141227] [FocasLens] 幻想人形演� + * + * Debugging method: + * 1. Find first matched text, which has stable address + * 2. Insert WRITE hw break point + * 3. Find where the text is assigned + * + * The game also invokes GDI functions (GetGlyphOutlineA), where the access is cached and looped. + * + * Issues: + * - This hook cannot find name thread + * - Selected character name is hard-coded to the thread + * + * 001faaed cc int3 + * 001faaee cc int3 + * 001faaef cc int3 + * 001faaf0 55 push ebp + * 001faaf1 8bec mov ebp,esp + * 001faaf3 51 push ecx + * 001faaf4 53 push ebx + * 001faaf5 56 push esi + * 001faaf6 57 push edi + * 001faaf7 8bf0 mov esi,eax + * 001faaf9 e8 98281500 call .0034d396 + * 001faafe 50 push eax + * 001faaff a1 b08bb100 mov eax,dword ptr ds:[0xb18bb0] + * 001fab04 03c6 add eax,esi + * 001fab06 50 push eax + * 001fab07 e8 9b241500 call .0034cfa7 + * 001fab0c 8b0d e88bb100 mov ecx,dword ptr ds:[0xb18be8] + * 001fab12 8b3d b08bb100 mov edi,dword ptr ds:[0xb18bb0] + * 001fab18 83c1 f7 add ecx,-0x9 + * 001fab1b 83c4 08 add esp,0x8 + * 001fab1e 8bd8 mov ebx,eax + * 001fab20 390d ec8bb100 cmp dword ptr ds:[0xb18bec],ecx + * 001fab26 7c 65 jl short .001fab8d + * 001fab28 803c37 20 cmp byte ptr ds:[edi+esi],0x20 + * 001fab2c 74 41 je short .001fab6f + * 001fab2e 803c37 81 cmp byte ptr ds:[edi+esi],0x81 + * 001fab32 75 4d jnz short .001fab81 + * 001fab34 807c37 01 42 cmp byte ptr ds:[edi+esi+0x1],0x42 + * 001fab39 74 34 je short .001fab6f + * 001fab3b 803c37 81 cmp byte ptr ds:[edi+esi],0x81 + * 001fab3f 75 40 jnz short .001fab81 + * 001fab41 807c37 01 41 cmp byte ptr ds:[edi+esi+0x1],0x41 + * 001fab46 74 27 je short .001fab6f + * 001fab48 803c37 81 cmp byte ptr ds:[edi+esi],0x81 + * 001fab4c 75 33 jnz short .001fab81 + * 001fab4e 807c37 01 48 cmp byte ptr ds:[edi+esi+0x1],0x48 + * 001fab53 74 1a je short .001fab6f + * 001fab55 803c37 81 cmp byte ptr ds:[edi+esi],0x81 + * 001fab59 75 26 jnz short .001fab81 + * 001fab5b 807c37 01 49 cmp byte ptr ds:[edi+esi+0x1],0x49 + * 001fab60 74 0d je short .001fab6f + * 001fab62 803c37 81 cmp byte ptr ds:[edi+esi],0x81 + * 001fab66 75 19 jnz short .001fab81 + * 001fab68 807c37 01 40 cmp byte ptr ds:[edi+esi+0x1],0x40 + * 001fab6d 75 12 jnz short .001fab81 + * 001fab6f 803d c58bb100 00 cmp byte ptr ds:[0xb18bc5],0x0 + * 001fab76 75 09 jnz short .001fab81 + * 001fab78 c605 c58bb100 01 mov byte ptr ds:[0xb18bc5],0x1 + * 001fab7f eb 0c jmp short .001fab8d + * 001fab81 e8 7a000000 call .001fac00 + * 001fab86 c605 c58bb100 00 mov byte ptr ds:[0xb18bc5],0x0 + * 001fab8d 8b0d e48bb100 mov ecx,dword ptr ds:[0xb18be4] + * 001fab93 33c0 xor eax,eax + * 001fab95 85db test ebx,ebx + * 001fab97 7e 2b jle short .001fabc4 + * 001fab99 8d1437 lea edx,dword ptr ds:[edi+esi] + * 001fab9c 8b35 ec8bb100 mov esi,dword ptr ds:[0xb18bec] + * 001faba2 8955 fc mov dword ptr ss:[ebp-0x4],edx + * 001faba5 8bd1 mov edx,ecx + * 001faba7 0faf15 e88bb100 imul edx,dword ptr ds:[0xb18be8] + * 001fabae 0315 bc8bb100 add edx,dword ptr ds:[0xb18bbc] ; .00b180f8 + * 001fabb4 03f2 add esi,edx + * 001fabb6 8b55 fc mov edx,dword ptr ss:[ebp-0x4] + * 001fabb9 8a1402 mov dl,byte ptr ds:[edx+eax] + * 001fabbc 881406 mov byte ptr ds:[esi+eax],dl ; jichi: text is in dl in byte + * 001fabbf 40 inc eax + * 001fabc0 3bc3 cmp eax,ebx + * 001fabc2 ^7c f2 jl short .001fabb6 + * 001fabc4 0faf0d e88bb100 imul ecx,dword ptr ds:[0xb18be8] + * 001fabcb 030d bc8bb100 add ecx,dword ptr ds:[0xb18bbc] ; .00b180f8 + * 001fabd1 a1 ec8bb100 mov eax,dword ptr ds:[0xb18bec] + * 001fabd6 03fb add edi,ebx + * 001fabd8 893d b08bb100 mov dword ptr ds:[0xb18bb0],edi + * 001fabde 5f pop edi + * 001fabdf 03c8 add ecx,eax + * 001fabe1 03c3 add eax,ebx + * 001fabe3 5e pop esi + * 001fabe4 c60419 00 mov byte ptr ds:[ecx+ebx],0x0 + * 001fabe8 a3 ec8bb100 mov dword ptr ds:[0xb18bec],eax + * 001fabed 5b pop ebx + * 001fabee 8be5 mov esp,ebp + * 001fabf0 5d pop ebp + * 001fabf1 c3 retn + * 001fabf2 cc int3 + * 001fabf3 cc int3 + * 001fabf4 cc int3 + * 001fabf5 cc int3 + * 001fabf6 cc int3 + * 001fabf7 cc int3 + */ +static void SpecialHookFocasLens(hook_stack *stack, HookParam *hp, TextBuffer *buffer, uintptr_t *split) +{ + DWORD addr = (DWORD)stack->base + get_reg(regs::edx); + if (*(char *)addr) { + buffer->from(addr, 1); + *split = FIXED_SPLIT_VALUE; + } +} +bool InsertFocasLensHook() +{ + const BYTE bytes[] = { + 0x8a,0x14,0x02, // 001fabb9 8a1402 mov dl,byte ptr ds:[edx+eax] + 0x88,0x14,0x06, // 001fabbc 881406 mov byte ptr ds:[esi+eax],dl ; jichi: text is in dl in byte + 0x40, // 001fabbf 40 inc eax + 0x3b,0xc3 // 001fabc0 3bc3 cmp eax,ebx + }; + enum { addr_offset = 0x001fabbc - 0x001fabb9 }; + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStopAddress); + //GROWL(addr); + if (!addr) { + ConsoleOutput("FocasLens: pattern not found"); + return false; + } + HookParam hp; + hp.address = addr + addr_offset; + hp.text_fun = SpecialHookFocasLens; // use special hook to force byte access + hp.type = USING_STRING|USING_SPLIT|FIXING_SPLIT|NO_CONTEXT; // no context to get rid of relative function address + ConsoleOutput("INSERT FocasLens"); + + + // GDI functions are kept in case the font is not cached + // + return NewHook(hp, "FocasLens"); +} + +bool FocasLens::attach_function() { + + return InsertFocasLensHook(); +} \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine32/FocasLens.h b/cpp/LunaHook/LunaHook/engine32/FocasLens.h new file mode 100644 index 00000000..7561c661 --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/FocasLens.h @@ -0,0 +1,11 @@ + + +class FocasLens:public ENGINE{ + public: + FocasLens(){ + + check_by=CHECK_BY::FILE; + check_by_target=L"dat\\*.arc"; + }; + bool attach_function(); +}; \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine32/Footy2.cpp b/cpp/LunaHook/LunaHook/engine32/Footy2.cpp new file mode 100644 index 00000000..2046d0be --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/Footy2.cpp @@ -0,0 +1,27 @@ +#include"Footy2.h" +bool insertstrcpyhook() { + const BYTE bytes[] = { + 0x3B,0xD8,0x72,0x45,0x83,0xF9,0x10,0x72,0x04,0x8B,0x16,0xEB,0x02 + }; + auto addrs = Util::SearchMemory(bytes, sizeof(bytes), PAGE_EXECUTE, processStartAddress, processStopAddress); + const BYTE funcstart[] = { + 0x55,0x8b,0xec,0x53,0x8b,0x5d,0x08 + }; + bool succ=false; + for (auto addr : addrs) { + addr = reverseFindBytes(funcstart, sizeof(funcstart), addr - 0x100, addr); + if (addr == 0)continue; + HookParam hp; + hp.address = addr; + hp.offset=get_stack(1); + hp.type = USING_STRING; + ConsoleOutput("strcpy %p", addr); + succ|=NewHook(hp, "strcpy"); + } + return succ; +} +bool Footy2::attach_function() { + //ガールズ・ブック・メイカー -幸せのリブレット- + + return insertstrcpyhook(); +} \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine32/Footy2.h b/cpp/LunaHook/LunaHook/engine32/Footy2.h new file mode 100644 index 00000000..458a6175 --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/Footy2.h @@ -0,0 +1,12 @@ + + +class Footy2:public ENGINE{ + public: + Footy2(){ + + check_by=CHECK_BY::FILE; + check_by_target=L"Footy2.dll"; + dontstop=true; + }; + bool attach_function(); +}; \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine32/FrontWing.cpp b/cpp/LunaHook/LunaHook/engine32/FrontWing.cpp new file mode 100644 index 00000000..4c561eb0 --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/FrontWing.cpp @@ -0,0 +1,19 @@ +#include"FrontWing.h" + + +bool FrontWing::attach_function() { + const BYTE bytes[] = { + //v55 = (int)(__CFADD__(v54 * v13, 0x80000000) + v54 * v13 + 0x80000000 + 0x80000000) >> 1; + 0x05,0x00,0x00,0x00,0x80,0x15,0x00,0x00,0x00,0x80,0xD1,0xF8,0x85,0xC0 + }; + + auto addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStopAddress); + if (addr == 0)return false; + addr=MemDbg::findEnclosingAlignedFunction(addr); + if(addr==0)return false; + HookParam hp; + hp.address = addr; + hp.offset=get_stack(1); + hp.type = USING_STRING; + return NewHook(hp, "FrontWing"); +} \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine32/FrontWing.h b/cpp/LunaHook/LunaHook/engine32/FrontWing.h new file mode 100644 index 00000000..cb9a5150 --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/FrontWing.h @@ -0,0 +1,32 @@ + +//https://vndb.org/v760 +//魔界天使ジブリール +/* +BLOCK "StringFileInfo" + { + BLOCK "041104b0" + { + VALUE "Comments" + VALUE "CompanyName", "FrontWing Co.,LTD." + VALUE "FileDescription", "ADV" + VALUE "FileVersion", "1, 0, 0, 1" + VALUE "InternalName", "ADV2.1" + VALUE "LegalCopyright", "Copyright (C) 2002,2003 FrontWing" + VALUE "LegalTrademarks" + VALUE "OriginalFilename", "ADV.exe" + VALUE "PrivateBuild", "7d,3c,49,00" + VALUE "ProductName", "ADV" + VALUE "ProductVersion", "1, 0, 0, 1" + VALUE "SpecialBuild" + } + } +*/ +class FrontWing:public ENGINE{ + public: + FrontWing(){ + + check_by=CHECK_BY::RESOURCE_STR; + check_by_target=L"FrontWing Co.,LTD."; + }; + bool attach_function(); +}; \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine32/GASTRO.cpp b/cpp/LunaHook/LunaHook/engine32/GASTRO.cpp new file mode 100644 index 00000000..e9c949d9 --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/GASTRO.cpp @@ -0,0 +1,28 @@ +#include"GASTRO.h" +bool GASTRO::attach_function() { + //https://vndb.org/v4052 + BYTE bytes[] = { + //char *__cdecl strncpy(char *Destination, const char *Source, size_t Count) + 0x8B,0x4C,0x24,0x0C, + 0x57, + 0x85,0xC9, + 0x74,XX, + 0x56, + 0x53, + 0x8B,0xD9,0x8B, + 0x74,XX + }; + auto addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStopAddress); + if (addr == 0)return false; + HookParam hp; + hp.address = addr; + hp.offset=get_stack(2); + hp.type = USING_STRING; + hp.filter_fun=[](void* data, size_t* len, HookParam* hp){ + std::string s = std::string((char*)data ,*len); + s = std::regex_replace(s, std::regex("#(.*?)#"), ""); + strReplace(s,"\\c","");strReplace(s,"\\n",""); + return write_string_overwrite(data,len,s); + }; + return NewHook(hp, "GASTRO"); +} \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine32/GASTRO.h b/cpp/LunaHook/LunaHook/engine32/GASTRO.h new file mode 100644 index 00000000..d3118917 --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/GASTRO.h @@ -0,0 +1,12 @@ + + +class GASTRO:public ENGINE{ + public: + GASTRO(){ + + check_by=CHECK_BY::FILE_ALL; + check_by_target=check_by_list{L"BMPDATA.ARC",L"MIDDATA.ARC",L"SCRDATA.ARC",L"SE.ARC",L"SYSDATA.ARC"}; + is_engine_certain=false; + }; + bool attach_function(); +}; \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine32/GSX.cpp b/cpp/LunaHook/LunaHook/engine32/GSX.cpp new file mode 100644 index 00000000..160a2eaa --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/GSX.cpp @@ -0,0 +1,73 @@ +#include"GSX.h" + +namespace +{ + +bool GSX1() { + //https://vndb.org/v7585 + //PersonA ~オペラ座の怪人~ 体验版 + //http://www.mirai-soft.com/products/persona/download.html + //https://dlsoft.dmm.co.jp/detail/stone_0015/ + ULONG addr = MemDbg::findCallerAddress((ULONG)::GetCharWidth32W, 0xec8b55, processStartAddress, processStopAddress); + if(addr==0)return false; + HookParam hp; + hp.address=addr; + hp.type=USING_CHAR|CODEC_UTF16|DATA_INDIRECT; + hp.offset=get_stack(4); + return NewHook(hp,"GSX"); +} +bool GSX2() { + //https://vndb.org/v1930 + //星の王女 体验版 + //https://dlsoft.dmm.co.jp/detail/stone_0016/ + //https://vndb.org/v1931 + //星の王女2 体验版 + //https://dlsoft.dmm.co.jp/detail/stone_0017/ + //https://vndb.org/v2989 + //ツンデレ★S乙女 ―sweet sweet sweet― 体验版 + //https://dlsoft.dmm.co.jp/detail/stone_0027/ + //https://vndb.org/v1952 + //星の王女 ~宇宙意識に目覚めた義経~ 体验版 + //https://dlsoft.dmm.co.jp/detail/stone_0023/ + //https://vndb.org/v1400 + //仁義なき乙女 恋恋三昧 体验版 + //https://dlsoft.dmm.co.jp/detail/stone_0032/ + //https://vndb.org/v856 + //仁義なき乙女 体验版 + //https://dlsoft.dmm.co.jp/detail/stone_0031/ + ULONG addr = findiatcallormov((DWORD)GetGlyphOutlineA,processStartAddress, processStartAddress, processStopAddress,false,XX); + if(addr==0) + addr = findiatcallormov((DWORD)GetGlyphOutlineA,processStartAddress, processStartAddress, processStopAddress); + if(addr==0)return false; + auto addr1=findfuncstart(addr); + auto addr2=MemDbg::findEnclosingAlignedFunction(addr); + if(addr1) addr=addr1; + else addr=addr2; + if(addr==0)return false; + auto xrefs=findxref_reverse_checkcallop(addr,processStartAddress,processStopAddress,0xe8); + if(xrefs.size()!=2)return false; + addr=xrefs[1]; + addr1=findfuncstart(addr,0x180); + addr2=MemDbg::findEnclosingAlignedFunction(addr); + if(addr1)addr=addr1; + else addr=addr2; + if(addr==0)return false; + ConsoleOutput("%p",addr); + HookParam hp; + hp.address=addr; + hp.type=USING_CHAR; + hp.text_fun=[](hook_stack *stack, HookParam *hp, TextBuffer *buffer, uintptr_t *split){ + WORD d; + if(IsBadReadPtr((VOID*)stack->stack[3],4)) + d=*(WORD*)stack->stack[4]; + else + d=*(WORD*)stack->stack[3]; + buffer->from_t(d); + }; + return NewHook(hp,"GSX"); +} + +} +bool GSX::attach_function() { + return GSX1()||GSX2(); +} \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine32/GSX.h b/cpp/LunaHook/LunaHook/engine32/GSX.h new file mode 100644 index 00000000..66bdc94a --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/GSX.h @@ -0,0 +1,11 @@ + + +class GSX:public ENGINE{ + public: + GSX(){ + + check_by=CHECK_BY::RESOURCE_STR; + check_by_target=L"Game Script eXecuter"; + }; + bool attach_function(); +}; diff --git a/cpp/LunaHook/LunaHook/engine32/GXP.cpp b/cpp/LunaHook/LunaHook/engine32/GXP.cpp new file mode 100644 index 00000000..4b6b2e01 --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/GXP.cpp @@ -0,0 +1,618 @@ +#include"GXP.h" +/** + * jichi 5/11/2014: Hook to the beginning of a function + * + * Executable description shows "AVGEngineV2" + * + * Cached wrong text can also be found in GetGlyphOutlineW. + * + * 4/27/2015 old logic: + * 1. find the following location + * 00A78144 66:833C70 00 CMP WORD PTR DS:[EAX+ESI*2],0x0 + * i.e. 0x66833C7000 + * There are several matches, the first one is used. + * 2. find the first push operation after it + * 3. find the function call after push, and hook to it + * The text is in the arg1, which is character by character + * + * But in the new game since ウルスラグ� there the function call is not immediately after 0x66833C7000 any more. + * My own way to find the function to hook is as follows: + * 1. find the following location + * 00A78144 66:833C70 00 CMP WORD PTR DS:[EAX+ESI*2],0x0 + * i.e. 0x66833C7000 + * There are several matches, the first one is used. + * 2. Use Ollydbg to debug step by step until the first function call is encountered + * Then, the text character is directly on the stack + * + * Here's an example of Demonion II (reladdr = 0x18c540): + * The text is displayed character by character. + * sub_58C540 proc near + * arg_0 = dword ptr 8 // LPCSTR with 1 character + * + * 0138C540 /$ 55 PUSH EBP + * 0138C541 |. 8BEC MOV EBP,ESP + * 0138C543 |. 83E4 F8 AND ESP,0xFFFFFFF8 + * 0138C546 |. 8B43 0C MOV EAX,DWORD PTR DS:[EBX+0xC] + * 0138C549 |. 83EC 08 SUB ESP,0x8 + * 0138C54C |. 56 PUSH ESI + * 0138C54D |. 57 PUSH EDI + * 0138C54E |. 85C0 TEST EAX,EAX + * 0138C550 |. 75 04 JNZ SHORT demonion.0138C556 + * 0138C552 |. 33F6 XOR ESI,ESI + * 0138C554 |. EB 18 JMP SHORT demonion.0138C56E + * 0138C556 |> 8B4B 14 MOV ECX,DWORD PTR DS:[EBX+0x14] + * 0138C559 |. 2BC8 SUB ECX,EAX + * 0138C55B |. B8 93244992 MOV EAX,0x92492493 + * 0138C560 |. F7E9 IMUL ECX + * 0138C562 |. 03D1 ADD EDX,ECX + * 0138C564 |. C1FA 04 SAR EDX,0x4 + * 0138C567 |. 8BF2 MOV ESI,EDX + * 0138C569 |. C1EE 1F SHR ESI,0x1F + * 0138C56C |. 03F2 ADD ESI,EDX + * 0138C56E |> 8B7B 10 MOV EDI,DWORD PTR DS:[EBX+0x10] + * 0138C571 |. 8BCF MOV ECX,EDI + * 0138C573 |. 2B4B 0C SUB ECX,DWORD PTR DS:[EBX+0xC] + * 0138C576 |. B8 93244992 MOV EAX,0x92492493 + * 0138C57B |. F7E9 IMUL ECX + * 0138C57D |. 03D1 ADD EDX,ECX + * 0138C57F |. C1FA 04 SAR EDX,0x4 + * 0138C582 |. 8BC2 MOV EAX,EDX + * 0138C584 |. C1E8 1F SHR EAX,0x1F + * 0138C587 |. 03C2 ADD EAX,EDX + * 0138C589 |. 3BC6 CMP EAX,ESI + * 0138C58B |. 73 2F JNB SHORT demonion.0138C5BC + * 0138C58D |. C64424 08 00 MOV BYTE PTR SS:[ESP+0x8],0x0 + * 0138C592 |. 8B4C24 08 MOV ECX,DWORD PTR SS:[ESP+0x8] + * 0138C596 |. 8B5424 08 MOV EDX,DWORD PTR SS:[ESP+0x8] + * 0138C59A |. 51 PUSH ECX + * 0138C59B |. 8B4D 08 MOV ECX,DWORD PTR SS:[EBP+0x8] + * 0138C59E |. 52 PUSH EDX + * 0138C59F |. B8 01000000 MOV EAX,0x1 + * 0138C5A4 |. 8BD7 MOV EDX,EDI + * 0138C5A6 |. E8 F50E0000 CALL demonion.0138D4A0 + * 0138C5AB |. 83C4 08 ADD ESP,0x8 + * 0138C5AE |. 83C7 1C ADD EDI,0x1C + * 0138C5B1 |. 897B 10 MOV DWORD PTR DS:[EBX+0x10],EDI + * 0138C5B4 |. 5F POP EDI + * 0138C5B5 |. 5E POP ESI + * 0138C5B6 |. 8BE5 MOV ESP,EBP + * 0138C5B8 |. 5D POP EBP + * 0138C5B9 |. C2 0400 RETN 0x4 + * 0138C5BC |> 397B 0C CMP DWORD PTR DS:[EBX+0xC],EDI + * 0138C5BF |. 76 05 JBE SHORT demonion.0138C5C6 + * 0138C5C1 |. E8 1B060D00 CALL demonion.0145CBE1 + * 0138C5C6 |> 8B03 MOV EAX,DWORD PTR DS:[EBX] + * 0138C5C8 |. 57 PUSH EDI ; /Arg4 + * 0138C5C9 |. 50 PUSH EAX ; |Arg3 + * 0138C5CA |. 8B45 08 MOV EAX,DWORD PTR SS:[EBP+0x8] ; | + * 0138C5CD |. 50 PUSH EAX ; |Arg2 + * 0138C5CE |. 8D4C24 14 LEA ECX,DWORD PTR SS:[ESP+0x14] ; | + * 0138C5D2 |. 51 PUSH ECX ; |Arg1 + * 0138C5D3 |. 8BC3 MOV EAX,EBX ; | + * 0138C5D5 |. E8 D6010000 CALL demonion.0138C7B0 ; \demonion.0138C7B0 + * 0138C5DA |. 5F POP EDI + * 0138C5DB |. 5E POP ESI + * 0138C5DC |. 8BE5 MOV ESP,EBP + * 0138C5DE |. 5D POP EBP + * 0138C5DF \. C2 0400 RETN 0x4 + * + * 4/26/2015 ウルスラグ� * base = 0xa30000, old hook addr = 0xbe6360 + * + * 00A7813A EB 02 JMP SHORT .00A7813E + * 00A7813C 8BC7 MOV EAX,EDI + * 00A7813E 8BB3 E4020000 MOV ESI,DWORD PTR DS:[EBX+0x2E4] + * 00A78144 66:833C70 00 CMP WORD PTR DS:[EAX+ESI*2],0x0 ; jich: here's the first found segment + * 00A78149 74 36 JE SHORT .00A78181 + * 00A7814B 837F 14 08 CMP DWORD PTR DS:[EDI+0x14],0x8 + * 00A7814F 72 08 JB SHORT .00A78159 + * 00A78151 8B07 MOV EAX,DWORD PTR DS:[EDI] + * + * 00A7883A 24 3C AND AL,0x3C + * 00A7883C 50 PUSH EAX + * 00A7883D C74424 4C 000000>MOV DWORD PTR SS:[ESP+0x4C],0x0 + * 00A78845 0F5B ??? ; Unknown command + * 00A78847 C9 LEAVE + * 00A78848 F3:0F114424 44 MOVSS DWORD PTR SS:[ESP+0x44],XMM0 + * 00A7884E F3:0F114C24 48 MOVSS DWORD PTR SS:[ESP+0x48],XMM1 + * 00A78854 E8 37040000 CALL .00A78C90 ; jichi: here's the target function to hook to, text char on the stack[0] + * 00A78859 A1 888EDD00 MOV EAX,DWORD PTR DS:[0xDD8E88] + * 00A7885E A8 01 TEST AL,0x1 + * 00A78860 75 30 JNZ SHORT .00A78892 + * 00A78862 83C8 01 OR EAX,0x1 + * 00A78865 A3 888EDD00 MOV DWORD PTR DS:[0xDD8E88],EAX + * + * Here's the new function call: + * 00A78C8A CC INT3 + * 00A78C8B CC INT3 + * 00A78C8C CC INT3 + * 00A78C8D CC INT3 + * 00A78C8E CC INT3 + * 00A78C8F CC INT3 + * 00A78C90 55 PUSH EBP + * 00A78C91 8BEC MOV EBP,ESP + * 00A78C93 56 PUSH ESI + * 00A78C94 8BF1 MOV ESI,ECX + * 00A78C96 57 PUSH EDI + * 00A78C97 8B7D 08 MOV EDI,DWORD PTR SS:[EBP+0x8] + * 00A78C9A 8B4E 04 MOV ECX,DWORD PTR DS:[ESI+0x4] + * 00A78C9D 3BF9 CMP EDI,ECX + * 00A78C9F 73 76 JNB SHORT .00A78D17 + * 00A78CA1 8B06 MOV EAX,DWORD PTR DS:[ESI] + * 00A78CA3 3BC7 CMP EAX,EDI + * 00A78CA5 77 70 JA SHORT .00A78D17 + * 00A78CA7 2BF8 SUB EDI,EAX + * 00A78CA9 B8 93244992 MOV EAX,0x92492493 + * 00A78CAE F7EF IMUL EDI + * 00A78CB0 03D7 ADD EDX,EDI + * 00A78CB2 C1FA 04 SAR EDX,0x4 + * 00A78CB5 8BFA MOV EDI,EDX + * 00A78CB7 C1EF 1F SHR EDI,0x1F + * 00A78CBA 03FA ADD EDI,EDX + * 00A78CBC 3B4E 08 CMP ECX,DWORD PTR DS:[ESI+0x8] + * 00A78CBF 75 09 JNZ SHORT .00A78CCA + * 00A78CC1 6A 01 PUSH 0x1 + * 00A78CC3 8BCE MOV ECX,ESI + * 00A78CC5 E8 36030000 CALL .00A79000 + * 00A78CCA 8B56 04 MOV EDX,DWORD PTR DS:[ESI+0x4] + * 00A78CCD 8D0CFD 00000000 LEA ECX,DWORD PTR DS:[EDI*8] + * 00A78CD4 2BCF SUB ECX,EDI + * 00A78CD6 8B3E MOV EDI,DWORD PTR DS:[ESI] + * 00A78CD8 85D2 TEST EDX,EDX + * 00A78CDA 74 7B JE SHORT .00A78D57 + * 00A78CDC 66:8B048F MOV AX,WORD PTR DS:[EDI+ECX*4] + * 00A78CE0 66:8902 MOV WORD PTR DS:[EDX],AX + * 00A78CE3 8B448F 04 MOV EAX,DWORD PTR DS:[EDI+ECX*4+0x4] + * 00A78CE7 8942 04 MOV DWORD PTR DS:[EDX+0x4],EAX + * 00A78CEA 8B448F 08 MOV EAX,DWORD PTR DS:[EDI+ECX*4+0x8] + * 00A78CEE 8942 08 MOV DWORD PTR DS:[EDX+0x8],EAX + * 00A78CF1 8B448F 0C MOV EAX,DWORD PTR DS:[EDI+ECX*4+0xC] + * 00A78CF5 8942 0C MOV DWORD PTR DS:[EDX+0xC],EAX + * 00A78CF8 C742 10 00000000 MOV DWORD PTR DS:[EDX+0x10],0x0 + * 00A78CFF 8B448F 14 MOV EAX,DWORD PTR DS:[EDI+ECX*4+0x14] + * 00A78D03 8942 14 MOV DWORD PTR DS:[EDX+0x14],EAX + * 00A78D06 8A448F 18 MOV AL,BYTE PTR DS:[EDI+ECX*4+0x18] + * 00A78D0A 8842 18 MOV BYTE PTR DS:[EDX+0x18],AL + * 00A78D0D 8346 04 1C ADD DWORD PTR DS:[ESI+0x4],0x1C + * 00A78D11 5F POP EDI + * 00A78D12 5E POP ESI + * 00A78D13 5D POP EBP + * 00A78D14 C2 0400 RETN 0x4 + * 00A78D17 3B4E 08 CMP ECX,DWORD PTR DS:[ESI+0x8] + * 00A78D1A 75 09 JNZ SHORT .00A78D25 + * 00A78D1C 6A 01 PUSH 0x1 + * 00A78D1E 8BCE MOV ECX,ESI + * 00A78D20 E8 DB020000 CALL .00A79000 + * 00A78D25 8B4E 04 MOV ECX,DWORD PTR DS:[ESI+0x4] + * 00A78D28 85C9 TEST ECX,ECX + * 00A78D2A 74 2B JE SHORT .00A78D57 + * 00A78D2C 66:8B07 MOV AX,WORD PTR DS:[EDI] + * 00A78D2F 66:8901 MOV WORD PTR DS:[ECX],AX + * 00A78D32 8B47 04 MOV EAX,DWORD PTR DS:[EDI+0x4] + * 00A78D35 8941 04 MOV DWORD PTR DS:[ECX+0x4],EAX + * 00A78D38 8B47 08 MOV EAX,DWORD PTR DS:[EDI+0x8] + * 00A78D3B 8941 08 MOV DWORD PTR DS:[ECX+0x8],EAX + * 00A78D3E 8B47 0C MOV EAX,DWORD PTR DS:[EDI+0xC] + * 00A78D41 8941 0C MOV DWORD PTR DS:[ECX+0xC],EAX + * 00A78D44 C741 10 00000000 MOV DWORD PTR DS:[ECX+0x10],0x0 + * 00A78D4B 8B47 14 MOV EAX,DWORD PTR DS:[EDI+0x14] + * 00A78D4E 8941 14 MOV DWORD PTR DS:[ECX+0x14],EAX + * 00A78D51 8A47 18 MOV AL,BYTE PTR DS:[EDI+0x18] + * 00A78D54 8841 18 MOV BYTE PTR DS:[ECX+0x18],AL + * 00A78D57 8346 04 1C ADD DWORD PTR DS:[ESI+0x4],0x1C + * 00A78D5B 5F POP EDI + * 00A78D5C 5E POP ESI + * 00A78D5D 5D POP EBP + * 00A78D5E C2 0400 RETN 0x4 + * 00A78D61 CC INT3 + * 00A78D62 CC INT3 + * 00A78D63 CC INT3 + * 00A78D64 CC INT3 + * 00A78D65 CC INT3 + */ +static bool InsertGXP1Hook() +{ + union { + DWORD i; + DWORD *id; + BYTE *ib; + }; + for (i = processStartAddress + 0x1000; i < processStopAddress - 4; i++) { + // jichi example: + // 00A78144 66:833C70 00 CMP WORD PTR DS:[EAX+ESI*2],0x0 + + //find cmp word ptr [esi*2+eax],0 + if (*id != 0x703c8366) + continue; + i += 4; + if (*ib != 0) + continue; + i++; + DWORD j = i + 0x200; + j = j < (processStopAddress - 8) ? j : (processStopAddress - 8); + + DWORD flag = false; + while (i < j) { + DWORD k = disasm(ib); + if (k == 0) + break; + if (k == 1 && (*ib & 0xf8) == 0x50) { // push reg + flag = true; + break; + } + i += k; + } + if (flag) + while (i < j) { + if (*ib == 0xe8) { // jichi: find first long call after the push operation + i++; + DWORD addr = *id + i + 4; + if (addr > processStartAddress && addr < processStopAddress) { + HookParam hp; + hp.address = addr; + //hp.type = CODEC_UTF16|DATA_INDIRECT; + hp.type = USING_STRING|CODEC_UTF16|DATA_INDIRECT|NO_CONTEXT|FIXING_SPLIT; // jichi 4/25/2015: Fixing split + hp.offset=get_stack(1); + + //GROWL_DWORD3(hp.address, processStartAddress, hp.address - processStartAddress); + + //DWORD call = Util::FindCallAndEntryAbs(hp.address, processStopAddress - processStartAddress, processStartAddress, 0xec81); // zero + //DWORD call = Util::FindCallAndEntryAbs(hp.address, processStopAddress - processStartAddress, processStartAddress, 0xec83); // zero + //DWORD call = Util::FindCallAndEntryAbs(hp.address, processStopAddress - processStartAddress, processStartAddress, 0xec8b55); // zero + //GROWL_DWORD3(call, processStartAddress, call - processStartAddress); + + ConsoleOutput("INSERT GXP"); + + + // jichi 5/13/2015: Disable hooking to GetGlyphOutlineW + // FIXME: GetGlyphOutlineW can extract name, but GXP cannot + ConsoleOutput("GXP: disable GDI hooks"); + + return NewHook(hp, "GXP"); + } + } + i++; + } + } + //ConsoleOutput("Unknown GXP engine."); + ConsoleOutput("GXP: failed"); + return false; +} + +static bool InsertGXP2Hook() +{ + // pattern = 0x0f5bc9f30f11442444f30f114c2448e8 + const BYTE bytes[] = { + 0x0f,0x5b, // 00A78845 0F5B ??? ; Unknown command + 0xc9, // 00A78847 C9 LEAVE + 0xf3,0x0f,0x11,0x44,0x24, 0x44, // 00A78848 F3:0F114424 44 MOVSS DWORD PTR SS:[ESP+0x44],XMM0 + 0xf3,0x0f,0x11,0x4c,0x24, 0x48, // 00A7884E F3:0F114C24 48 MOVSS DWORD PTR SS:[ESP+0x48],XMM1 + 0xe8 //37040000 // 00A78854 E8 37040000 CALL .00A78C90 ; jichi: here's the target function to hook to, text char on the stack[0] + }; + enum { addr_offset = sizeof(bytes) - 1 }; // 0x00a78854 - 0x00a78845 + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStopAddress); + if (!addr) { + ConsoleOutput("GXP2: pattern not found"); + return false; + } + + HookParam hp; + hp.address = addr + addr_offset; + hp.type = CODEC_UTF16|NO_CONTEXT|DATA_INDIRECT|FIXING_SPLIT|USING_STRING; + ConsoleOutput("INSERT GXP2"); + + ConsoleOutput("GXP: disable GDI hooks"); + + return NewHook(hp, "GXP2"); +} + +bool InsertGXPHook() +{ + // GXP1 and GXP2 are harmless to each other + bool ok = InsertGXP1Hook(); + ok = InsertGXP2Hook() || ok; + return ok; +} +namespace { // unnamed + +ULONG moduleBaseAddress_; // saved only for debugging purposes + +bool isBadText(LPCWSTR text) +{ + return text[0] <= 127 || text[::wcslen(text) - 1] <= 127 // skip ascii text + || ::wcschr(text, 0xff3f); // Skip system text containing: _ +} + +namespace ScenarioHook1 { // for old GXP1 +namespace Private { + TextUnionW *arg_, + argValue_; + void hookBefore(hook_stack *s, HookParam *hp, TextBuffer *buffer, uintptr_t *split) + { + + static std::wstring text_; // persistent storage, which makes this function not thread-safe + + auto arg = (TextUnionW *)(s->stack[0] + 4); // arg1 + 0x4 + if (!arg->isValid()) + return ; + + auto text = arg->getText(); + if (isBadText(text)) + return ; + buffer->from_cs(text); + } + void hook2a(hook_stack*s,void* data1, size_t len) + { + auto text_=new wchar_t[len/2+1]; + auto n=std::wstring((LPWSTR)data1,len/2); + wcscpy(text_,n.c_str()); + auto arg = (TextUnionW *)(s->stack[0] + 4); // arg1 + 0x4 + arg_ = arg; + argValue_ = *arg; + + arg->setText(text_); + //if (arg->size) + // hashes_.insert(Engine::hashWCharArray(arg->text, arg->size)); + // return true; + } + void hookAfter(hook_stack *stack, HookParam *hp, TextBuffer *buffer, uintptr_t *split) + { + if (arg_) { + *arg_ = argValue_; + arg_ = nullptr; + } + } +} // namespace Private + +/** + * Sample game: 塔の下のエクセルキトゥス体験版 + * Executable description shows "AVGEngineV2" + * + * Debugging method: Find the fixed text address, and check when it is being modified + * + * Scenario caller, text in the struct of arg1 + 0x4. + */ +bool attach(ULONG startAddress, ULONG stopAddress) +{ + const uint8_t bytes[] = { + 0xeb, 0x02, // 01313bb6 eb 02 jmp short trial.01313bba + 0x8b,0xc5, // 01313bb8 8bc5 mov eax,ebp + 0x8b,0x54,0x24, 0x18, // 01313bba 8b5424 18 mov edx,dword ptr ss:[esp+0x18] + 0x8d,0x0c,0x51, // 01313bbe 8d0c51 lea ecx,dword ptr ds:[ecx+edx*2] + 0x8d,0x1c,0x3f // 01313bc1 8d1c3f lea ebx,dword ptr ds:[edi+edi] + }; + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), startAddress, stopAddress); + if (!addr) + return addr; + addr = MemDbg::findEnclosingAlignedFunction(addr); + if (!addr) + return addr; + //return winhook::hook_before(addr, Private::hookBefore); + + int count = 0; + auto fun = [&count](ULONG addr) -> bool { + auto retaddr=addr+5; + + if (*(DWORD *)retaddr!= 0x0c244c8a) + return true; + if (*(BYTE *)retaddr == 0x4f || + (*(DWORD *)retaddr & 0x00ff00ff) == 0x0024008b) // skip truncated texts + return true; + HookParam hp; + hp.address=addr; + hp.text_fun=Private::hookBefore; + hp.hook_after=Private::hook2a; + hp.type=EMBED_ABLE|CODEC_UTF16|USING_STRING|NO_CONTEXT; + hp.newlineseperator=L"%r"; + hp.hook_font=F_GetGlyphOutlineW; + bool succ=NewHook(hp,"EmbedGXP"); + hp.address=addr+5; + hp.text_fun=Private::hookAfter; + succ|=NewHook(hp,"EmbedGXP"); + count+=1; + return succ; // replace all functions + }; + MemDbg::iterNearCallAddress(fun, addr, startAddress, stopAddress); + return count; +} +} // namespace ScenarioHook1 + +namespace ScenarioHook2 { // for new GXP2 +namespace Private { + TextUnionW *arg_, + argValue_; + void hookBefore(hook_stack *s, HookParam *hp, TextBuffer *buffer, uintptr_t *split) + { + static std::wstring text_; // persistent storage, which makes this function not thread-safe + auto arg = (TextUnionW *)s->stack[0]; // arg1 + if (!arg->isValid()) + return ; + + auto text = arg->getText(); + if (isBadText(text)) + return ; + buffer->from_cs(text); + + } + void hook2a(hook_stack*s,void* data1, size_t len) + { + auto text_=new wchar_t[len/2+1]; + auto n=std::wstring((LPWSTR)data1,len/2); + wcscpy(text_,n.c_str()); +auto arg = (TextUnionW *)s->stack[0]; // arg1 + 0x4 + arg_ = arg; + argValue_ = *arg; + + arg->setText(text_); + } + + void hookAfter(hook_stack *stack, HookParam *hp, TextBuffer *buffer, uintptr_t *split) + { + if (arg_) { + *arg_ = argValue_; + arg_ = nullptr; + } + } +} // namespace Private + +bool attach(ULONG startAddress, ULONG stopAddress) +{ + const uint8_t bytes[] = { + 0x8d,0x04,0x3f, // 08159fd |. 8d043f lea eax,dword ptr ds:[edi+edi] ; jichi: edi *= 2 for wchar_t + 0x50, // 0815a00 |. 50 push eax ; jichi: size + 0x8d,0x04,0x4b, // 0815a01 |. 8d044b lea eax,dword ptr ds:[ebx+ecx*2] + 0x50, // 0815a04 |. 50 push eax ; jichi: source text + 0x52 // 0815a05 |. 52 push edx ; jichi: target text + }; + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), startAddress, stopAddress); + if (!addr) + return addr; + addr = MemDbg::findEnclosingAlignedFunction(addr); + if (!addr) + return addr; + //return winhook::hook_before(addr, Private::hookBefore); + + int count = 0; + auto fun = [&count](ULONG addr) -> bool { + auto retaddr=addr+5; + if (*(WORD *)retaddr != 0x458a) + return true; + if (*(BYTE *)retaddr == 0xa1) + return true; + HookParam hp; + hp.address=addr; + hp.text_fun=Private::hookBefore; + hp.hook_after=Private::hook2a; + hp.type=EMBED_ABLE|CODEC_UTF16|USING_STRING|NO_CONTEXT; + hp.newlineseperator=L"%r"; + hp.hook_font=F_GetGlyphOutlineW; + bool succ=NewHook(hp,"EmbedGXP2"); + hp.address=addr+5; + hp.text_fun=Private::hookAfter; + succ|=NewHook(hp,"EmbedGXP2"); + count+=1; + return succ; // replace all functions + }; + MemDbg::iterNearCallAddress(fun, addr, startAddress, stopAddress); + return count; +} +} // namespace ScenarioHook2 +/* +namespace PopupHook1 { // only for old GXP1 engine +namespace Private { + bool hookBefore(winhook::hook_stack *s) + { + static std::wstring text_; // persistent storage, which makes this function not thread-safe + auto arg = (TextUnionW *)(s->ecx + 0x1ec); // [ecx + 0x1ec] + if (!arg->isValid()) + return true; + auto text = arg->getText(); + if (isBadText(text)) + return true; + auto retaddr = s->stack[0]; + auto reladdr = retaddr - moduleBaseAddress_; + enum { role = Engine::OtherRole }; + std::wstring oldText = std::wstring(text), + newText = EngineController::instance()->dispatchTextWSTD(oldText, role, reladdr); + if (newText == oldText) + return true; + text_ = newText; + arg->setText(text_); + return true; + } +} // Private + bool attach(ULONG startAddress, ULONG stopAddress) +{ + const uint8_t bytes[] = { + 0x8b,0x86, 0xec,0x01,0x00,0x00, // 001092a9 8b86 ec010000 mov eax,dword ptr ds:[esi+0x1ec] ; jichi: text in eax + 0xeb, 0x06, // 001092af eb 06 jmp short trial.001092b7 + 0x8d,0x86, 0xec,0x01,0x00,0x00, // 001092b1 8d86 ec010000 lea eax,dword ptr ds:[esi+0x1ec] + 0x0f,0xb7,0x14,0x78, // 001092b7 0fb71478 movzx edx,word ptr ds:[eax+edi*2] + 0x52 // 001092bb 52 push edx + }; + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), startAddress, stopAddress); + if (!addr) + return false; + addr = MemDbg::findEnclosingAlignedFunction(addr); + if (!addr) + return false; + return winhook::hook_before(addr, Private::hookBefore); + // Function called at runtime + //int count = 0; + //auto fun = [&count](ULONG addr) -> bool { + // auto before = std::bind(Private::hookBefore, addr + 5, std::placeholders::_1); + // count += winhook::hook_both(addr, before, Private::hookAfter); + // return true; // replace all functions + //}; + //MemDbg::iterNearCallAddress(fun, addr, startAddress, stopAddress); + //DOUT("call number =" << count); + //return count; +} +} // namespace PopupHook1 + +namespace OtherHook { // for all GXP engines +namespace Private { + bool hookBefore(winhook::hook_stack *s) + { + static std::wstring text_; + auto text = (LPCWSTR)s->stack[3]; // arg3 + if (!text || !*text) + return true; + auto retaddr = s->stack[0]; + auto reladdr = retaddr - moduleBaseAddress_; + enum { role = Engine::OtherRole }; + std::wstring oldText = std::wstring(text), + newText = EngineController::instance()->dispatchTextWSTD(oldText, role, reladdr); + if (newText.empty() || oldText == newText) + return true; + strReplace(newText, L"%r", L"\n"); + //newText.replace("%r", "\n"); + text_ = newText; + s->stack[3] = (ULONG)text_.c_str(); + return true; + } +} // Private + bool attach(ULONG startAddress, ULONG stopAddress) +{ + const uint8_t bytes[] = { + 0x99, // 014d45ae 99 cdq + 0x2b,0xc2, // 014d45af 2bc2 sub eax,edx + 0xd1,0xf8, // 014d45b1 d1f8 sar eax,1 + 0x03 //,0xf0, // 014d45b3 03f0 add esi,eax + }; + int count = 0; + auto fun = [&count](ULONG addr) -> bool { + count += + (addr = MemDbg::findEnclosingAlignedFunction(addr)) + && winhook::hook_before(addr, Private::hookBefore); + return true; + }; + MemDbg::iterFindBytes(fun, bytes, sizeof(bytes), startAddress, stopAddress); + DOUT("call number =" << count); + return count; +} +} // namespace OtherHook +*/ + +bool attach() +{ + ULONG startAddress=processStartAddress, stopAddress=processStopAddress; + + moduleBaseAddress_ = startAddress; // used to calculate reladdr for debug purposes + if (ScenarioHook2::attach(startAddress, stopAddress)) { + + } else if (ScenarioHook1::attach(startAddress, stopAddress)) { + + // (PopupHook1::attach(startAddress, stopAddress)); + + } else + return false; + // (OtherHook::attach(startAddress, stopAddress)) + + return true; +} + +} // unnamed namespace +bool GXP::attach_function() { + auto _=InsertGXPHook(); + return attach()||_; +} \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine32/GXP.h b/cpp/LunaHook/LunaHook/engine32/GXP.h new file mode 100644 index 00000000..b1415b1b --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/GXP.h @@ -0,0 +1,11 @@ + + +class GXP:public ENGINE{ + public: + GXP(){ + + check_by=CHECK_BY::FILE; + check_by_target=L"*.gxp"; + }; + bool attach_function(); +}; \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine32/GameMaker.cpp b/cpp/LunaHook/LunaHook/engine32/GameMaker.cpp new file mode 100644 index 00000000..5e933323 --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/GameMaker.cpp @@ -0,0 +1,46 @@ +#include"GameMaker.h" + +bool GameMakerFilter(LPVOID data, size_t* size, HookParam*) +{ + CharFilter(reinterpret_cast(data), reinterpret_cast(size), '#'); + return true; +} + +bool InsertGameMakerHook() +{ + + /* + * Sample games: + * VA-11 Hall A + */ + const BYTE bytes[] = { + 0x85, 0xF6, // test esi,esi + 0x74, XX, // je "VA-11 Hall A.exe"+D5014 + 0x85, 0xC0, // test eax,eax + 0x74, XX, // je "VA-11 Hall A.exe"+D5014 + 0x50, // push eax + 0x56 // push esi << hook here + }; + enum { addr_offset = sizeof(bytes) - 1 }; + + ULONG range = min(processStopAddress - processStartAddress, MAX_REL_ADDR); + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStartAddress + range); + if (!addr) { + ConsoleOutput("GameMaker: pattern not found"); + return false; + } + + HookParam hp; + hp.address = addr + addr_offset; + hp.offset=get_reg(regs::eax); + hp.type = USING_STRING | NO_CONTEXT; + hp.filter_fun = GameMakerFilter; + ConsoleOutput(" INSERT GameMaker"); + + ConsoleOutput("GameMaker: use regex filter .+\\]"); + return NewHook(hp, "GameMaker"); +} + +bool GameMaker::attach_function() { + return InsertGameMakerHook(); +} \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine32/GameMaker.h b/cpp/LunaHook/LunaHook/engine32/GameMaker.h new file mode 100644 index 00000000..213d6539 --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/GameMaker.h @@ -0,0 +1,12 @@ + + +class GameMaker:public ENGINE{ + public: + GameMaker(){ + + check_by=CHECK_BY::FILE; + check_by_target=L"GMResource.dll"; + is_engine_certain=false; + }; + bool attach_function(); +}; \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine32/Giga.cpp b/cpp/LunaHook/LunaHook/engine32/Giga.cpp new file mode 100644 index 00000000..4c9cef7e --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/Giga.cpp @@ -0,0 +1,24 @@ +#include"Giga.h" + +bool Giga::attach_function() { + + const BYTE bytes[] = { + //ショコラ ~maid cafe curio Re-order~ + //https://vndb.org/v682 + 0xe8,XX4, + 0x83,0xC4,0x10, + 0xB8,0x01,0x00,0x00,0x00, + 0x81,0xC4,0x00,0x10,0x00,0x00, + 0xC3 + }; + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStopAddress); + if (addr == 0)return false; + addr = MemDbg::findEnclosingAlignedFunction(addr,0x100); + if (addr == 0)return false; + HookParam hp; + hp.address = addr; + hp.offset =get_stack(4); + hp.type = USING_STRING; + + return NewHook(hp, "Giga"); +} \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine32/Giga.h b/cpp/LunaHook/LunaHook/engine32/Giga.h new file mode 100644 index 00000000..e594e2d2 --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/Giga.h @@ -0,0 +1,11 @@ + + +class Giga:public ENGINE{ + public: + Giga(){ + + check_by=CHECK_BY::FILE; + check_by_target=L"Dat\\*.pac"; + }; + bool attach_function(); +}; \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine32/GuruGuruSMF4.cpp b/cpp/LunaHook/LunaHook/engine32/GuruGuruSMF4.cpp new file mode 100644 index 00000000..69fe63e7 --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/GuruGuruSMF4.cpp @@ -0,0 +1,48 @@ +#include"GuruGuruSMF4.h" + + + +bool GuruGuruSMF4::attach_function() { + //奈落の森の花 + trigger_fun=[](LPVOID addr1, hook_stack* stack){ + if(addr1!=GetGlyphOutlineW)return false; + auto addr=MemDbg::findEnclosingAlignedFunction((DWORD)stack->retaddr,0x500); + ConsoleOutput("%p",addr); + if(!addr)return true; + auto xrefs=findxref_reverse_checkcallop(addr,max(processStartAddress,addr-0x100000),min(processStopAddress,addr+0x100000),0xe8); + if(xrefs.size()!=1)return true; + addr=xrefs[0]; + ConsoleOutput("%p",addr); + addr=MemDbg::findEnclosingAlignedFunction(addr); + ConsoleOutput("%p",addr); + if(!addr)return true; + auto xrefs2=findxref_reverse_checkcallop(addr,max(processStartAddress,addr-0x100000),min(processStopAddress,addr+0x100000),0xe8); + if(xrefs2.size()!=2)return true; + addr=xrefs2[1]; + ConsoleOutput("%p",addr); + addr= findfuncstart(addr,0x300);// MemDbg::findEnclosingAlignedFunction(addr,0x500); + ConsoleOutput("%p",addr); + if(!addr)return true; + HookParam hp; + hp.address = (DWORD)addr; + hp.offset=get_stack(2); + hp.type = CODEC_UTF16|USING_STRING; + + hp.filter_fun=[](LPVOID data, size_t* size, HookParam*){ + auto ws=std::wstring((wchar_t*)data,*size/2); + + if(endWith(ws,L"FPS"))return false; + if(startWith(ws,L"ver"))return false; + if(startWith(ws,L"VER"))return false; + static std::set dedump; + if(dedump.find(ws)!=dedump.end())return false; + dedump.insert(ws); + return true; + }; + NewHook(hp, "GuruGuruSMF4"); + return true; + }; + + + return false; +} \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine32/GuruGuruSMF4.h b/cpp/LunaHook/LunaHook/engine32/GuruGuruSMF4.h new file mode 100644 index 00000000..e22e0d78 --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/GuruGuruSMF4.h @@ -0,0 +1,12 @@ + + +class GuruGuruSMF4:public ENGINE{ + public: + GuruGuruSMF4(){ + check_by=CHECK_BY::CUSTOM; + check_by_target=[](){ + return (bool)GetModuleHandle(L"GuruGuruSMF4.dll"); + }; + }; + bool attach_function(); +}; \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine32/HXP.cpp b/cpp/LunaHook/LunaHook/engine32/HXP.cpp new file mode 100644 index 00000000..982683b6 --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/HXP.cpp @@ -0,0 +1,17 @@ +#include"HXP.h" + + +bool HXP::attach_function() { + //https://vndb.org/v172 + //エクソダスギルティー・オルタナティブ + auto addr=MemDbg::findCallerAddress((DWORD)TextOutA, 0x01003d66,processStartAddress, processStopAddress); + if(addr==0)return false; + addr=MemDbg::findEnclosingAlignedFunction(addr); + if(addr==0)return false; + HookParam hp; + hp.address = (DWORD)addr; + hp.offset=get_stack(2); + hp.type = CODEC_ANSI_BE; + + return NewHook(hp, "HXP"); +} \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine32/HXP.h b/cpp/LunaHook/LunaHook/engine32/HXP.h new file mode 100644 index 00000000..6646ecff --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/HXP.h @@ -0,0 +1,11 @@ + + +class HXP:public ENGINE{ + public: + HXP(){ + is_engine_certain=false; + check_by=CHECK_BY::FILE; + check_by_target=L"DATA\\*.HXP"; + }; + bool attach_function(); +}; \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine32/HorkEye.cpp b/cpp/LunaHook/LunaHook/engine32/HorkEye.cpp new file mode 100644 index 00000000..2c6c2d8b --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/HorkEye.cpp @@ -0,0 +1,393 @@ +#include"HorkEye.h" + + + +/** 10/20/2014 jichi: HorkEye, http://horkeye.com + * Sample game: [150226] 結城友奈�勀��ある 体験版 + * + * No GDI functions are used by this game. + * + * Debug method: + * There are two matched texts. + * The one having fixed address is used to insert hw breakpoints. + * + * I found are two functions addressing the address, both of which seems to be good. + * The first one is used: + * + * 013cda60 8d4c24 1c lea ecx,dword ptr ss:[esp+0x1c] + * 013cda64 51 push ecx + * 013cda65 68 48a8c201 push .01c2a848 ; ascii "if" + * 013cda6a e8 d1291600 call .01530440 + * 013cda6f 83c4 0c add esp,0xc + * 013cda72 6a 01 push 0x1 + * 013cda74 83ec 1c sub esp,0x1c + * 013cda77 8bcc mov ecx,esp + * 013cda79 896424 30 mov dword ptr ss:[esp+0x30],esp + * 013cda7d 6a 10 push 0x10 + * 013cda7f c741 14 0f000000 mov dword ptr ds:[ecx+0x14],0xf + * 013cda86 c741 10 00000000 mov dword ptr ds:[ecx+0x10],0x0 + * 013cda8d 68 80125601 push .01561280 + * 013cda92 c601 00 mov byte ptr ds:[ecx],0x0 + * 013cda95 e8 5681ffff call .013c5bf0 + * 013cda9a e8 717a0900 call .01465510 + * 013cda9f 83c4 20 add esp,0x20 + * 013cdaa2 b8 01000000 mov eax,0x1 + * 013cdaa7 8b8c24 b8000000 mov ecx,dword ptr ss:[esp+0xb8] + * 013cdaae 5f pop edi + * 013cdaaf 5e pop esi + * 013cdab0 5d pop ebp + * 013cdab1 5b pop ebx + * 013cdab2 33cc xor ecx,esp + * 013cdab4 e8 c7361600 call .01531180 + * 013cdab9 81c4 ac000000 add esp,0xac + * 013cdabf c3 retn + * 013cdac0 83ec 40 sub esp,0x40 + * 013cdac3 a1 24805d01 mov eax,dword ptr ds:[0x15d8024] + * 013cdac8 8b15 c4709901 mov edx,dword ptr ds:[0x19970c4] + * 013cdace 8d0c00 lea ecx,dword ptr ds:[eax+eax] + * 013cdad1 a1 9c506b01 mov eax,dword ptr ds:[0x16b509c] + * 013cdad6 0305 18805d01 add eax,dword ptr ds:[0x15d8018] + * 013cdadc 53 push ebx + * 013cdadd 8b5c24 48 mov ebx,dword ptr ss:[esp+0x48] + * 013cdae1 55 push ebp + * 013cdae2 8b6c24 50 mov ebp,dword ptr ss:[esp+0x50] + * 013cdae6 894c24 34 mov dword ptr ss:[esp+0x34],ecx + * 013cdaea 8b0d 20805d01 mov ecx,dword ptr ds:[0x15d8020] + * 013cdaf0 894424 18 mov dword ptr ss:[esp+0x18],eax + * 013cdaf4 a1 1c805d01 mov eax,dword ptr ds:[0x15d801c] + * 013cdaf9 03c8 add ecx,eax + * 013cdafb 56 push esi + * 013cdafc 33f6 xor esi,esi + * 013cdafe d1f8 sar eax,1 + * 013cdb00 45 inc ebp + * 013cdb01 896c24 24 mov dword ptr ss:[esp+0x24],ebp + * 013cdb05 897424 0c mov dword ptr ss:[esp+0xc],esi + * 013cdb09 894c24 18 mov dword ptr ss:[esp+0x18],ecx + * 013cdb0d 8a0c1a mov cl,byte ptr ds:[edx+ebx] jichi: here + * 013cdb10 894424 30 mov dword ptr ss:[esp+0x30],eax + * 013cdb14 8a441a 01 mov al,byte ptr ds:[edx+ebx+0x1] + * 013cdb18 57 push edi + * 013cdb19 897424 14 mov dword ptr ss:[esp+0x14],esi + * 013cdb1d 3935 c8709901 cmp dword ptr ds:[0x19970c8],esi + * + * The hooked place is only accessed once. + * 013cdb0d 8a0c1a mov cl,byte ptr ds:[edx+ebx] jichi: here + * ebx is the text to be base address. + * edx is the offset to skip character name. + * + * 023B66A0 81 79 89 C4 EA A3 2C 53 30 30 35 5F 42 5F 30 30 【夏偾,S005_B_00 + * 023B66B0 30 32 81 7A 81 75 83 6F 81 5B 83 65 83 62 83 4E 02】「バーッ�ク + * 023B66C0 83 58 82 CD 82 B1 82 C1 82 BF 82 CC 93 73 8D 87 スはこっちの都� * 023B66D0 82 C8 82 C7 82 A8 8D 5C 82 A2 82 C8 82 B5 81 63 などお構いなし… + * + * There are garbage in character name. + * + * 1/15/2015 + * Alternative hook that might not need a text filter: + * http://www.hongfire.com/forum/showthread.php/36807-AGTH-text-extraction-tool-for-games-translation/page753 + * /HA-4@552B5:姉小路直子と銀色の死�exe + * If this hook no longer works, try that one instead. + + * Artikash 12/26/2018: Old HorkEye hook can't be found in shukusei no girlfriend https://vndb.org/v22880 + * This function can be used instead. Hook code: /HS4@funcaddr +0022DD80 - 83 EC 44 - sub esp,44 { 68 } +0022DD83 - A1 3C704400 - mov eax,[0044703C] { [0000001C] } +0022DD88 - 8B 0D 34704400 - mov ecx,[00447034] { [00000014] } +0022DD8E - 03 C0 - add eax,eax +0022DD90 - 8B 54 24 48 - mov edx,[esp+48] +0022DD94 - 89 44 24 2C - mov [esp+2C],eax +0022DD98 - A1 C87E5500 - mov eax,[00557EC8] { [00000002] } +0022DD9D - 03 05 30704400 - add eax,[00447030] { [00000014] } +0022DDA3 - 89 44 24 18 - mov [esp+18],eax +0022DDA7 - A1 38704400 - mov eax,[00447038] { [00000008] } +0022DDAC - 03 C1 - add eax,ecx +0022DDAE - D1 F9 - sar ecx,1 +0022DDB0 - 53 - push ebx +0022DDB1 - 55 - push ebp +0022DDB2 - 56 - push esi +0022DDB3 - 8B 74 24 58 - mov esi,[esp+58] +0022DDB7 - 33 DB - xor ebx,ebx +0022DDB9 - 89 4C 24 48 - mov [esp+48],ecx +0022DDBD - 46 - inc esi +0022DDBE - 8B 0D 5CA28300 - mov ecx,[0083A25C] { [00000000] } +0022DDC4 - 57 - push edi +0022DDC5 - 8B 3D 887E5500 - mov edi,[00557E88] { [00000040] } +0022DDCB - 89 74 24 2C - mov [esp+2C],esi +0022DDCF - 89 44 24 34 - mov [esp+34],eax +0022DDD3 - 89 5C 24 18 - mov [esp+18],ebx +0022DDD7 - 8A 24 11 - mov ah,[ecx+edx] +0022DDDA - 8A 44 11 01 - mov al,[ecx+edx+01] +0022DDDE - 89 7C 24 20 - mov [esp+20],edi +0022DDE2 - 39 1D 60A28300 - cmp [0083A260],ebx { [00000000] } +0022DDE8 - 0F85 DD000000 - jne 0022DECB +0022DDEE - 80 FC 5B - cmp ah,5B { 91 } +0022DDF1 - 0F85 9C000000 - jne 0022DE93 +0022DDF7 - 8B C1 - mov eax,ecx +0022DDF9 - 3B C6 - cmp eax,esi +0022DDFB - 7D 10 - jnl 0022DE0D +0022DDFD - 0F1F 00 - nop [eax] +0022DE00 - 80 3C 10 5D - cmp byte ptr [eax+edx],5D { 93 } +0022DE04 - 74 79 - je 0022DE7F +0022DE06 - 40 - inc eax +0022DE07 - 3B 44 24 2C - cmp eax,[esp+2C] +0022DE0B - 7C F3 - jl 0022DE00 +0022DE0D - A1 BC7E5500 - mov eax,[00557EBC] { [00000001] } +0022DE12 - 85 C0 - test eax,eax +0022DE14 - 0F84 A7000000 - je 0022DEC1 +0022DE1A - BE 02000000 - mov esi,00000002 { 2 } +0022DE1F - 89 74 24 1C - mov [esp+1C],esi +0022DE23 - 89 35 68A28300 - mov [0083A268],esi { [00000000] } +0022DE29 - 83 F8 01 - cmp eax,01 { 1 } +0022DE2C - 0F85 A3000000 - jne 0022DED5 +0022DE32 - 83 3D C07E5500 00 - cmp dword ptr [00557EC0],00 { 0 } +0022DE39 - 8B 2D 506D5500 - mov ebp,[00556D50] { [00000028] } +0022DE3F - 75 2D - jne 0022DE6E +0022DE41 - 8B C7 - mov eax,edi +0022DE43 - 8D 8D 50855100 - lea ecx,[ebp+00518550] +0022DE49 - C1 E0 0A - shl eax,0A { 10 } +0022DE4C - 03 C8 - add ecx,eax +0022DE4E - 66 A1 58704400 - mov ax,[00447058] { [00004081] } +0022DE54 - 83 C5 02 - add ebp,02 { 2 } +0022DE57 - 89 2D 506D5500 - mov [00556D50],ebp { [00000028] } +0022DE5D - 66 89 01 - mov [ecx],ax +0022DE60 - A0 5A704400 - mov al,[0044705A] { [0] } +0022DE65 - 88 41 02 - mov [ecx+02],al +0022DE68 - 8B 0D 5CA28300 - mov ecx,[0083A25C] { [00000000] } +... +*/ +// Skip text between "," and "�, and remove [n] +// ex:【夏偾,S005_B_0002】「バーッ�ク +static bool HorkEyeFilter(LPVOID data, size_t *size, HookParam *) +{ + size_t len = *size; + char *str = reinterpret_cast(data), + *start, + *stop; + + // Remove text between , and ] + // FIXME: This does not work well because of the ascii encoding + if ((start = (char *)::memchr(str, ',', len)) && + (stop = cpp_strnstr(start, "\x81\x7a", len - (start - str))) && + (len -= stop - start)) // = u'�.encode('sjis') + ::memmove(start, stop, len - (start - str)); + + // Remove [n] + enum { skip_len = 3 }; // = length of "[n]" + while (len >= skip_len && + (start = cpp_strnstr(str, "[n]", len)) && + (len -= skip_len)) + ::memmove(start, start + skip_len, len - (start - str)); + + *size = len; + return true; +} +namespace{ + template + strT ltrim(strT text) + { + strT lastText = nullptr; + while (*text && text != lastText) { + lastText = text; + if (text[0] == 0x20) + text++; + if ((UINT8)text[0] == 0x81 && (UINT8)text[1] == 0x40) // skip space \u3000 (0x8140 in sjis) + text += 2; + if (text[0] == '\\') { + text++; + while (::islower(text[0]) || text[0] == '@') + text++; + } + } + while ((signed char)text[0] > 0 && text[0] != '[') // skip all leading ascii characters except "[" needed for ruby + text++; + return text; + } + template + void hookBefore(hook_stack *s, HookParam *hp, TextBuffer *buffer, uintptr_t *split){ + auto str=(LPSTR)(s->stack[offset]);//stack-2:eax + int len=strlen(str);//s->ecx; + char *stop; + if ((stop = cpp_strnstr(str, "\x81\x7a", len )) && + (len -= (stop - str+2))){ + str=stop+2; + } // = u'�.encode('sjis') + auto old=std::string(str,len); + buffer->from(old); + } + template + void hookafter(hook_stack*s,void* data, size_t len1){ + + auto newData =std::string((char*)data,len1); + auto str=(LPSTR)(s->stack[offset]);//stack-2:eax + int len=strlen(str);//s->ecx; + int lensave=len; + char *stop; + if ( (stop = cpp_strnstr(str, "\x81\x7a", len )) && + (len -= (stop - str+2))){ + auto old=std::string(str,stop+2-str); + newData=old+newData; + } + for(int i=0;iecx=newData.size(); 修改ecx没用 + } +} +bool InsertHorkEyeHook() +{ + const BYTE bytes[] = { + 0x89,0x6c,0x24, 0x24, // 013cdb01 896c24 24 mov dword ptr ss:[esp+0x24],ebp + 0x89,0x74,0x24, 0x0c, // 013cdb05 897424 0c mov dword ptr ss:[esp+0xc],esi + 0x89,0x4c,0x24, 0x18, // 013cdb09 894c24 18 mov dword ptr ss:[esp+0x18],ecx + 0x8a,0x0c,0x1a // 013cdb0d 8a0c1a mov cl,byte ptr ds:[edx+ebx] jichi: here + }; + enum { addr_offset = sizeof(bytes) - 3 }; // 8a0c1a + ; + if (ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStopAddress)) { + HookParam hp; + hp.address = addr + addr_offset; + hp.offset=get_reg(regs::ebx); + hp.type = USING_STRING| NO_CONTEXT|FIXING_SPLIT|EMBED_ABLE|EMBED_DYNA_SJIS; + hp.text_fun=hookBefore<-4-1>; + hp.hook_after=hookafter<-4-1>; + hp.filter_fun = HorkEyeFilter; + hp.newlineseperator=L"[n]"; + ConsoleOutput("INSERT HorkEye"); + + return NewHook(hp, "HorkEye"); + } + + memcpy(spDefault.pattern, Array{ 0xcc, 0xcc, 0xcc, XX, 0xec }, spDefault.length = 5); + spDefault.offset = 3; + + const BYTE bytes2[] = + { + 0x83, 0xec, XX, // sub esp,?? + 0xa1, XX4, // mov eax,?? + 0x8b, 0x0d, XX4, // mov ecx,?? + 0x03, 0xc0 // add eax,eax + }; + + for (auto addr : Util::SearchMemory(bytes2, sizeof(bytes2),PAGE_EXECUTE_READWRITE,processStartAddress, processStopAddress)) + { + HookParam hp; + hp.address = addr; + hp.offset=get_stack(1); + hp.type = USING_STRING| EMBED_ABLE|EMBED_DYNA_SJIS|NO_CONTEXT; + hp.text_fun=hookBefore<1>; + hp.hook_after=hookafter<1>; + + return NewHook(hp, "HorkEye2"); + } + + ConsoleOutput("HorkEye: pattern not found"); + return false; + +} + +bool InsertHorkEye3Hook() +{ + const BYTE bytes2[] = + { + 0x55, + 0x8d,0xac,0x24,XX4, + 0x81,0xec,XX4, + 0x6a,0xff, + 0x68,XX4, + 0x64,0xa1,0x00,0x00,0x00,0x00, + 0x50, + 0x83,0xec,0x38, //必须是0x38,不能是XX,否则有重的。 + +//.text:0042E7F0 55 push ebp +//.text : 0042E7F1 8D AC 24 24 FF FF FF lea ebp,[esp - 0DCh] +//.text : 0042E7F8 81 EC DC 00 00 00 sub esp, 0DCh +//.text : 0042E7FE 6A FF push 0FFFFFFFFh +//.text : 0042E800 68 51 1E 5C 00 push offset SEH_42E7F0 +//.text : 0042E805 64 A1 00 00 00 00 mov eax, large fs : 0 +//.text : 0042E80B 50 push eax +//.text : 0042E80C 83 EC 38 sub esp, 38h +//.text : 0042E80F A1 24 D0 64 00 mov eax, ___security_cookie +//.text : 0042E814 33 C5 xor eax, ebp +//.text : 0042E816 89 85 D8 00 00 00 mov[ebp + 0DCh + var_4], eax + }; + + auto addr=MemDbg::findBytes(bytes2, sizeof(bytes2), processStartAddress, processStopAddress); + if (addr == 0)return false; + HookParam hp; + hp.address = addr; + hp.offset=get_stack(1); + hp.type = USING_STRING| EMBED_ABLE|EMBED_DYNA_SJIS|NO_CONTEXT; + hp.text_fun=hookBefore<1>; + hp.hook_after=hookafter<1>; + + return NewHook(hp, "HorkEye3"); + +} + +bool InsertHorkEye4Hook() +{ + //辻堂さんのバージンロード + //辻堂さんの純愛ロード + const BYTE bytes2[] = + { + 0xf7,0xd8, + 0x1b,0xc0, + 0x83,0xc0,0x02 + }; + auto addr = MemDbg::findBytes(bytes2, sizeof(bytes2), processStartAddress, processStopAddress); + if (addr == 0)return false; + const BYTE bytebetter[] = { + 0x8b,XX,XX,XX, + 0xa1,XX4, + 0x83,0xc4,XX, + 0x8b,XX + }; + auto addr1 = MemDbg::findBytes(bytebetter, sizeof(bytebetter), addr - 0x100, addr); + if (addr1) + addr = addr1; + else + addr = MemDbg::findEnclosingAlignedFunction(addr); + if (addr == 0)return false; + HookParam hp; + hp.address = addr; + hp.offset=get_reg(regs::eax); + hp.type = USING_STRING| NO_CONTEXT|EMBED_ABLE|EMBED_DYNA_SJIS; + hp.text_fun=hookBefore<-1-1>; + hp.hook_after=hookafter<-1-1>; + + return NewHook(hp, "HorkEye4"); + +} + +bool InsertHorkEye6Hook() +{ + //みなとカーニバルFD + + const BYTE bytes2[] = + { + 0x83,0xc2,0x6c, + 0x52, + 0xe8 + }; + auto addr = MemDbg::findBytes(bytes2, sizeof(bytes2), processStartAddress, processStopAddress); + if (addr == 0)return false; + ConsoleOutput("hk6 %p", addr); + const BYTE start[] = { 0x6A ,0xFF }; + addr = reverseFindBytes(start, sizeof(start), addr - 0x1000, addr); + if (addr == 0)return false; + ConsoleOutput("hk6 %p", addr); + HookParam hp; + hp.address = addr; + hp.offset=get_stack(3); + hp.type = CODEC_ANSI_BE ; + ConsoleOutput("INSERT HorkEye6 %p", addr); + + return NewHook(hp, "HorkEye6"); + +} + +bool HorkEye::attach_function() { + bool b1=InsertHorkEyeHook(); + bool b2=InsertHorkEye3Hook(); + bool b3=InsertHorkEye4Hook(); + bool b4=InsertHorkEye6Hook(); + return b1||b2||b3||b4; +} \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine32/HorkEye.h b/cpp/LunaHook/LunaHook/engine32/HorkEye.h new file mode 100644 index 00000000..4622f9f3 --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/HorkEye.h @@ -0,0 +1,12 @@ + + +class HorkEye:public ENGINE{ + public: + HorkEye(){ + + check_by=CHECK_BY::RESOURCE_STR; + check_by_target=L"HorkEye"; + + }; + bool attach_function(); +}; \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine32/IGScript.cpp b/cpp/LunaHook/LunaHook/engine32/IGScript.cpp new file mode 100644 index 00000000..ec7cf29f --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/IGScript.cpp @@ -0,0 +1,171 @@ +#include"IGScript.h" +namespace{ + bool LucaSystemFilter1(LPVOID data, size_t *size, HookParam *) + { + auto text = reinterpret_cast(data); + auto len = reinterpret_cast(size); + StringFilter(text, len, "\x81\x94", 2); + //秋&冬 官中 + StringReplacer(text, len, "\x82\xa1", 2,"\xa3\xac",2);//, + StringReplacer(text, len, "\x82\xa3", 2,"\xa1\xa3",2);//。 + StringReplacer(text, len, "\x82\xa5", 2,"\xa1\xa2",2);//、 + StringReplacer(text, len, "\x83\x48", 2,"\xa1\xb1",2);//” + StringReplacer(text, len, "\x83\x44", 2,"\xa3\xbf",2);//? + StringReplacer(text, len, "\x83\x42", 2,"\xa3\xa1",2);//! + StringReplacer(text, len, "\x82\xa7", 2,"\xa1\xb9",2);//」 + StringReplacer(text, len, "\x82\xc1", 2,"\xa1\xb7",2);//》 + StringReplacer(text, len, "\x83\x46", 2,"\xa1\xaf",2);//’ + + return true; + } + template + void SpecialHookigi(hook_stack *stack, HookParam *hp, TextBuffer *buffer, uintptr_t *split){ + DWORD Src = stack->stack[arg]; + DWORD Size = stack->stack[arg+1]; + if(strlen((char*)Src)<=2)return; + if(strlen((char*)Src)>=Size)return; + if(strlen((char*)Src)from_cs((char*)Src); + // ConsoleOutput(WideStringToString(StringToWideString((char*)Src,936).value()).c_str()); + // std::string xx; + // for(int i=0;i<*len;i++){ + // xx+=" "+std::to_string(*(BYTE*)(Src+i)); + + // } + // ConsoleOutput(xx.c_str()); + } +} +bool IGScript1attach_function() { + /* + FLOWERS + * https://vndb.org/v15395 + * https://vndb.org/v14267 + * https://vndb.org/v18152 + * https://vndb.org/r82704 + */ + const BYTE bytes[] = { + //memcpy(dst,src,size) + 0x81,0xf9,0x00,0x01,0x00,0x00, + 0x72,XX, + 0x83,0x3d,XX4,0x00, + 0x74,XX, + 0x57,0x56, + 0x83,0xe7,0x0f, + 0x83,0xe6,0x0f, + 0x3b,0xfe + }; + HMODULE module = GetModuleHandleW(L"Script.dll"); + auto [minAddress, maxAddress] = Util::QueryModuleLimits(module); + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), minAddress, maxAddress); + if (addr == 0)return false; + addr = MemDbg::findEnclosingAlignedFunction(addr,0x100); + if (addr == 0)return false; + HookParam hp; + hp.address = addr; + const BYTE funcstart[] = { + 0x55,0x8b,0xec,0x57,0x56 + }; + bool insertgbk=memcmp(funcstart,(LPVOID*)addr,5)==0; + hp.text_fun=SpecialHookigi<2>; + hp.type=NO_CONTEXT; + //hp.filter_fun=LucaSystemFilter1; + bool succ=NewHook(hp, "IGScript"); + + if(insertgbk){ + hp.address +=5; + hp.text_fun=SpecialHookigi<5>; + //仅官中适用这个过滤器。日语原版不需要过滤 + hp.filter_fun=LucaSystemFilter1; + succ|=NewHook(hp, "IGScript_1"); + } + return succ; + +} +namespace{ + bool LucaSystemFilter(LPVOID data, size_t *size, HookParam *) +{ + auto text = reinterpret_cast(data); + auto len = reinterpret_cast(size); + + if ( text[0] == '\x81' && text[1] == '\x94') + return false; + + StringCharReplacer(text, len, "\x81\x90", 2, ' '); // new line + //replacement from Flowers 4 config.json + CharReplacer(text, len, '\xA5', ' '); + CharReplacer(text, len, '\xA2', '<'); + CharReplacer(text, len, '\xA3', '>'); + CharReplacer(text, len, '\xA1', '\"'); + CharReplacer(text, len, '\xA4', '\''); + CharReplacer(text, len, '\xA7', 'à'); + CharReplacer(text, len, '\xA8', 'è'); + CharReplacer(text, len, '\xA9', 'é'); + CharReplacer(text, len, '\xAA', 'ë'); + CharReplacer(text, len, '\xAB', 'ō'); + CharReplacer(text, len, '\xB0', '-'); + CharReplacer(text, len, '\xBB', ' '); + + while(cpp_strnstr(text, " ", *len)) // Erasing all but one whitespace from strings + StringCharReplacer(text, len, " ", 2, ' '); + + if (text[0] == ' ') + ::memmove(text, text + 1, --*len); + + return true; +} + +bool InsertLucaSystemHook() { + + /* + * Sample games: + * https://vndb.org/v15395 + * https://vndb.org/v14267 + * https://vndb.org/v18152 + * https://vndb.org/r82704 + */ + const BYTE bytes[] = { + 0xCC, // int 3 + 0xE9, XX4, // jmp d3d9.dll+1E420 + 0x56, // push esi + 0x57, // push edi + 0x8B, 0x7C, 0x24, 0x20, // mov edi,[esp+20] + 0x8B, 0xD8, // mov ebx,eax + 0x8B, 0x07 // mov eax,[edi] + }; + const BYTE bytes2[] = { + 0xCC, // int 3 + 0x83, 0xEC, 0x0C, // sub esp,0C <- hook here + 0x53, // push ebx + 0x55, // push ebp + 0x56 // push esi + }; + + HMODULE module = GetModuleHandleW(L"Script.dll"); + auto [minAddress, maxAddress] = Util::QueryModuleLimits(module); + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), minAddress, maxAddress); + if (!addr) { + addr = MemDbg::findBytes(bytes2, sizeof(bytes2), minAddress, maxAddress); + if (!addr) { + ConsoleOutput("LucaSystem: pattern not found"); + return false; + } + } + + HookParam hp; + hp.address = addr + 1; + hp.offset =get_stack(1); + hp.padding = 0x04; + hp.type = USING_STRING; + hp.filter_fun = LucaSystemFilter; + + + return NewHook(hp, "LucaSystem"); +} +} +bool IGScript::attach_function() { + + auto b1= IGScript1attach_function(); + b1=InsertLucaSystemHook()||b1; + return b1; + +} \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine32/IGScript.h b/cpp/LunaHook/LunaHook/engine32/IGScript.h new file mode 100644 index 00000000..e231d1ce --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/IGScript.h @@ -0,0 +1,14 @@ + + +class IGScript:public ENGINE{ + public: + IGScript(){ + + check_by=CHECK_BY::CUSTOM; + check_by_target=[](){ + return GetModuleHandle(L"Script.dll")&&Util::CheckFile(L"*.iga"); + }; + is_engine_certain=false; + }; + bool attach_function(); +}; \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine32/Interheart.cpp b/cpp/LunaHook/LunaHook/engine32/Interheart.cpp new file mode 100644 index 00000000..1895d066 --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/Interheart.cpp @@ -0,0 +1,32 @@ +#include"Interheart.h" + +bool Interheart::attach_function() { + //人妻スイミング倶楽部 + //https://vndb.org/v18049 + const BYTE bytes[] = { + 0x50, + 0x8d,0x4d,XX, + //here + 0xe8,XX4, + 0x68,XX4, // push offset asc_956B20 ; "$L" + 0x8d,0x4d,XX, + 0xe8 + }; + bool ok=false; + for (auto addr : Util::SearchMemory(bytes, sizeof(bytes), PAGE_EXECUTE, processStartAddress, processStopAddress)) { + auto asc_956B20_addr_addr=addr+1+3+5+1; + auto asc_956B20_addr=*(int*)asc_956B20_addr_addr; + char* asc_956B20=(char*)asc_956B20_addr; + if(asc_956B20[0]=='$' && asc_956B20[1]=='L'){ + HookParam hp; + hp.address = addr+1+3; + hp.offset=get_reg(regs::edx); + hp.type = USING_STRING|NO_CONTEXT; + ok|=NewHook(hp, "Interheart"); + } + + } + + + return ok; +} \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine32/Interheart.h b/cpp/LunaHook/LunaHook/engine32/Interheart.h new file mode 100644 index 00000000..b6276e57 --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/Interheart.h @@ -0,0 +1,12 @@ + + +class Interheart:public ENGINE{ + public: + Interheart(){ + + check_by=CHECK_BY::FILE; + check_by_target=L"Pack\\*.fpk"; + is_engine_certain=false; + }; + bool attach_function(); +}; \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine32/Interlude.cpp b/cpp/LunaHook/LunaHook/engine32/Interlude.cpp new file mode 100644 index 00000000..7544cd34 --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/Interlude.cpp @@ -0,0 +1,26 @@ +#include"Interlude.h" + + +bool Interlude::attach_function() { + //インタールード + //https://vndb.org/v3195 + + const BYTE bytes[] = { + 0x83,0xEC,0x10, + 0x8B,0x44,0x24,0x24, + 0x3D,0x20,0x80,0x00,0x00, + 0xC7,0x04,0x24,0xE0,0xE0,0xE0,0x00, + 0xC7,0x44,0x24,0x04,0xE0,0xE0,0xE0,0x20, + 0xC7,0x44,0x24,0x08,0xE0,0xE0,0xE0,0x40, + 0xC7,0x44,0x24,0x0C,0xE0,0xE0,0xE0,0x80, + }; + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStopAddress); + + if (addr == 0)return false; + HookParam hp; + hp.address = addr ; + hp.offset=get_stack(5); + hp.type = CODEC_ANSI_BE ; + + return NewHook(hp, "Interlude"); +} \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine32/Interlude.h b/cpp/LunaHook/LunaHook/engine32/Interlude.h new file mode 100644 index 00000000..9a644e31 --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/Interlude.h @@ -0,0 +1,12 @@ + + +class Interlude:public ENGINE{ + public: + Interlude(){ + + check_by=CHECK_BY::FILE_ALL; + check_by_target=check_by_list{L"script.pak",L"system.pak",L"title.pak"}; + is_engine_certain=false; + }; + bool attach_function(); +}; diff --git a/cpp/LunaHook/LunaHook/engine32/IronGameSystem.cpp b/cpp/LunaHook/LunaHook/engine32/IronGameSystem.cpp new file mode 100644 index 00000000..08ffc4af --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/IronGameSystem.cpp @@ -0,0 +1,41 @@ +#include"IronGameSystem.h" + + +bool InsertIGSDynamicHook(LPVOID addr, hook_stack* stack) +{ + if (addr != GetGlyphOutlineW) + return false; + DWORD i; + i = *(DWORD *)stack->ebp; + i = *(DWORD *)(i+4); + //if (SafeFillRange(L"mscorlib.ni.dll", &j, &k)) { // Artikash 6/30/2018: Dunno why addresses are needed + while (*(BYTE *)i != 0xe8) + i++; + DWORD t = *(DWORD *)(i + 1) + i + 5; + //if (t>j && t(data), size, "\\n", 2, '\n'); + StringCharReplacer(reinterpret_cast(data), size, "\\N", 2, '\n'); + + return write_string_overwrite(data, size, std::regex_replace(std::string(reinterpret_cast(data), *size), std::regex("\\\\[0-7a-zA-Z]"), "")); + }; + + return NewHook(hp, "Jellyfish"); +} + +bool Jellyfish::Jellyfish_attach_function2() +{ + // https://vndb.org/r109826 + // Sisters: Last Day of Summer + + const BYTE bytes[] = { + 0x68, 0xB0, 0x04, 0x00, 0x00, 0x68, 0x40, 0x06, 0x00, 0x00}; + std::map count; + DWORD maxa = 0; + int maxi = 0; + for (auto _ : Util::SearchMemory(bytes, sizeof(bytes), PAGE_EXECUTE, minaddr, maxaddr)) + { + _ = findfuncstart(_); + if (_ == 0) + continue; + if (count.find(_) == count.end()) + count[_] = 0; + count[_] += 1; + if (count[_] >= maxi) + { + maxi = count[_]; + maxa = _; + } + } + if (maxa == 0) + return false; + HookParam hp; + hp.address = maxa; // 0x2F2E1+(DWORD)ism; + hp.type = USING_CHAR | CODEC_UTF16; + hp.text_fun = [](hook_stack *stack, HookParam *hp, TextBuffer *buffer, uintptr_t *split) + { + if (stack->ARG3 == 3) + return; + *split = (stack->ARG3) != 0; // 多行文本 + buffer->from_t((WORD)stack->ARG1); + // 不可以快进,否则会有重复 + }; + + return NewHook(hp, "Jellyfish"); +} + +bool Jellyfish::Jellyfish_attach_function3() +{ + // https://vndb.org/v2249 + // DEEP VOICE + + // 不可以快进,否则会有重复 + const BYTE bytes[] = { + 0x03, 0xd0, + 0x81, 0xFA, 0xE0, 0x01, 0x00, 0x00, + 0x0f, 0x8f, XX4}; + auto addr = MemDbg::findBytes(bytes, sizeof(bytes), minaddr, maxaddr); + if (!addr) + return false; + addr = MemDbg::findEnclosingAlignedFunction(addr); + if (!addr) + return false; + HookParam hp; + hp.address = addr; + hp.offset = get_stack(1); + hp.type = USING_CHAR; + return NewHook(hp, "Jellyfish3"); +} +bool Jellyfish::attach_function() +{ + std::tie(minaddr, maxaddr) = Util::QueryModuleLimits(ism); + return Jellyfish_attach_function() || Jellyfish_attach_function2() || Jellyfish_attach_function3(); +} \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine32/Jellyfish.h b/cpp/LunaHook/LunaHook/engine32/Jellyfish.h new file mode 100644 index 00000000..88089463 --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/Jellyfish.h @@ -0,0 +1,24 @@ + + +class Jellyfish : public ENGINE +{ +public: + HMODULE ism; + DWORD minaddr, maxaddr; + Jellyfish() + { + + is_engine_certain = false; + check_by = CHECK_BY::CUSTOM; + check_by_target = [this]() + { + ism = GetModuleHandle(L"ism.dll"); + return ism; + }; + // check_by_list{L"ism.dll"};//,L"data.isa"}; + }; + bool attach_function(); + bool Jellyfish_attach_function(); + bool Jellyfish_attach_function2(); + bool Jellyfish_attach_function3(); +}; diff --git a/cpp/LunaHook/LunaHook/engine32/Jisatu101.cpp b/cpp/LunaHook/LunaHook/engine32/Jisatu101.cpp new file mode 100644 index 00000000..7b74af52 --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/Jisatu101.cpp @@ -0,0 +1,27 @@ +#include"Jisatu101.h" + + +bool Jisatu101::attach_function() { + const BYTE bytes[] = { + //ジサツのための101の方法 + //https://vndb.org/v6475 + 0x8b,0x44,0x24,0x10, + 0x66,0x0f,0xb6,0x08, + 0x66,0x0f,0xb6,0x50,0x01, + + 0xC1 ,0xE1 ,0x08 , + 0x03 ,0xCA, + 0x66 ,0x81 ,0xF9 ,0x0A ,0x0D , + 0x74 + }; + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStopAddress); + if (addr == 0)return false; + addr = MemDbg::findEnclosingAlignedFunction(addr,0x100); + if (addr == 0)return false; + HookParam hp; + hp.address = addr; + hp.offset = get_stack(4); + hp.type = DATA_INDIRECT; + hp.index = 0; + return NewHook(hp, "Jisatu101"); +} \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine32/Jisatu101.h b/cpp/LunaHook/LunaHook/engine32/Jisatu101.h new file mode 100644 index 00000000..74e5b352 --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/Jisatu101.h @@ -0,0 +1,12 @@ + + +class Jisatu101:public ENGINE{ + public: + Jisatu101(){ + + check_by=CHECK_BY::FILE; + check_by_target=L"101.exe"; + is_engine_certain=false; + }; + bool attach_function(); +}; \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine32/KISS.cpp b/cpp/LunaHook/LunaHook/engine32/KISS.cpp new file mode 100644 index 00000000..64124e0e --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/KISS.cpp @@ -0,0 +1,38 @@ +#include"KISS.h" + +bool InsertKissHook() { + + /* + * Sample games: + * https://vndb.org/v1767 + */ + const BYTE bytes[] = { + 0xC1, 0xE9, 0x02, // shr ecx,02 <- hook here + 0xF3, 0xA5, // repe movsd + 0x8B, 0xCA, // mov ecx,edx + 0x55, // push ebp + 0x83, 0xE1, 0x03, // and ecx,03 + 0xF3, 0xA4, // repe movsb + 0x8D, 0x4C, 0x24, 0x18, // lea ecx,[esp+18] + 0xE8, XX4, // call kano.exe+6310 + 0x8B, 0x0D, XX4 // mov ecx,[kano.exe+211F8C] + }; + + ULONG range = min(processStopAddress - processStartAddress, MAX_REL_ADDR); + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStartAddress + range); + if (!addr) { + ConsoleOutput("Kiss: pattern not found"); + return false; + } + + HookParam hp; + hp.address = addr; + hp.offset=get_reg(regs::esi); + hp.type = USING_STRING | NO_CONTEXT|EMBED_DYNA_SJIS|EMBED_ABLE|EMBED_AFTER_NEW; + hp.hook_font=F_GetTextExtentPoint32A|F_ExtTextOutA; + ConsoleOutput("INSERT Kiss"); + return NewHook(hp, "Kiss"); +} +bool KISS::attach_function() { + return InsertKissHook(); +} \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine32/KISS.h b/cpp/LunaHook/LunaHook/engine32/KISS.h new file mode 100644 index 00000000..d6c0b722 --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/KISS.h @@ -0,0 +1,12 @@ + + +class KISS:public ENGINE{ + public: + KISS(){ + + check_by=CHECK_BY::FILE; + check_by_target=L"GameData\\script.ysb"; + is_engine_certain=false; + }; + bool attach_function(); +}; \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine32/KiriKiri.cpp b/cpp/LunaHook/LunaHook/engine32/KiriKiri.cpp new file mode 100644 index 00000000..815239dd --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/KiriKiri.cpp @@ -0,0 +1,1864 @@ +#include "KiriKiri.h" + +/******************************************************************************************** +KiriKiri hook: + Usually there are xp3 files in the game folder but also exceptions. + Find TVP(KIRIKIRI) in the version description is a much more precise way. + + KiriKiri1 correspond to AGTH KiriKiri hook, but this doesn't always work well. + Find call to GetGlyphOutlineW and go to function header. EAX will point to a + structure contains character (at 0x14, [EAX+0x14]) we want. To split names into + different threads AGTH uses [EAX], seems that this value stands for font size. + Since KiriKiri is compiled by BCC and BCC fastcall uses EAX to pass the first + parameter. Here we choose EAX is reasonable. + KiriKiri2 is a redundant hook to catch text when 1 doesn't work. When this happens, + usually there is a single GetTextExtentPoint32W contains irregular repetitions which + is out of the scope of KS or KF. This time we find a point and split them into clean + text threads. First find call to GetTextExtentPoint32W and step out of this function. + Usually there is a small loop. It is this small loop messed up the text. We can find + one ADD EBX,2 in this loop. It's clear that EBX is a string pointer goes through the + string. After the loop EBX will point to the end of the string. So EBX-2 is the last + char and we insert hook here to extract it. +********************************************************************************************/ +#if 0 // jichi 11/12/2013: not used +static void SpecialHookKiriKiri(hook_stack* stack, HookParam *, uintptr_t *data, uintptr_t *split, size_t*len) +{ + DWORD p1 = *(DWORD *)(esp_base - 0x14), + p2 = *(DWORD *)(esp_base - 0x18); + if ((p1>>16) == (p2>>16)) { + if (DWORD p3 = *(DWORD *)p1) { + p3 += 8; + for (p2 = p3 + 2; *(WORD *)p2; p2 += 2); + *len = p2 - p3; + *data = p3; + p1 = *(DWORD *)(esp_base - 0x20); + p1 = *(DWORD *)(p1 + 0x74); + *split = p1 | *(DWORD *)(esp_base + 0x48); + } else + *len = 0; + } else + *len=0; +} +#endif // 0 + +namespace kirikiri +{ +#pragma pack(push, 4) +#define TJS_VS_SHORT_LEN 21 + typedef int tjs_int; /* at least 32bits */ + typedef wchar_t tjs_char; + typedef uint32_t tjs_uint32; + + struct tTJSVariantString_S + { + tjs_int RefCount; // reference count - 1 + tjs_char *LongString; + tjs_char ShortString[TJS_VS_SHORT_LEN + 1]; + tjs_int Length; // string length + tjs_uint32 HeapFlag; + tjs_uint32 Hint; + }; +#pragma pack(pop) + class tTJSVariantString : public tTJSVariantString_S + { + }; + struct tTJSString_S + { + tTJSVariantString *Ptr; + }; + class tTJSString : public tTJSString_S + { + }; + typedef tTJSString ttstr; +#pragma pack(push, 4) + struct tTVPPoint + { + tjs_int x; + tjs_int y; + }; +#pragma pack(pop) + struct tTVPRect + { + union + { + struct + { + tjs_int left; + tjs_int top; + tjs_int right; + tjs_int bottom; + }; + + struct + { + // capital style + tjs_int Left; + tjs_int Top; + tjs_int Right; + tjs_int Bottom; + }; + + struct + { + tTVPPoint upper_left; + tTVPPoint bottom_right; + }; + }; + }; +} + +bool FindKiriKiriHook(DWORD fun, DWORD size, DWORD pt, DWORD flag) // jichi 10/20/2014: change return value to bool +{ + enum : DWORD + { + // jichi 10/20/2014: mov ebp,esp, sub esp,* + kirikiri1_sig = 0xec8b55, + + // jichi 10/20/2014: + // 00e01542 53 push ebx + // 00e01543 56 push esi + // 00e01544 57 push edi + kirikiri2_sig = 0x575653 + }; + enum : DWORD + { + StartAddress = 0x1000 + }; + enum : DWORD + { + StartRange = 0x6000, + StopRange = 0x8000 + }; // jichi 10/20/2014: ITH original pattern range + + // jichi 10/20/2014: The KiriKiri patterns exist in multiple places of the game. + // enum : DWORD { StartRange = 0x8000, StopRange = 0x9000 }; // jichi 10/20/2014: change to a different range + + // WCHAR str[0x40]; + DWORD sig = flag ? kirikiri2_sig : kirikiri1_sig; + DWORD t = 0; + for (DWORD i = StartAddress; i < size - 4; i++) + if (*(WORD *)(pt + i) == 0x15ff) + { // jichi 10/20/2014: call dword ptr ds + DWORD addr = *(DWORD *)(pt + i + 2); + + // jichi 10/20/2014: There are multiple function calls. The flag+1 one is selected. + // i.e. KiriKiri1: The first call to GetGlyphOutlineW is selected + // KiriKiri2: The second call to GetTextExtentPoint32W is selected + if (addr >= pt && addr <= pt + size - 4 && *(DWORD *)addr == fun) + t++; + if (t == flag + 1) // We find call to GetGlyphOutlineW or GetTextExtentPoint32W. + // swprintf(str, L"CALL addr:0x%.8X",i+pt); + // ConsoleOutput(str); + for (DWORD j = i; j > i - StartAddress; j--) + if (((*(DWORD *)(pt + j)) & 0xffffff) == sig) + { + if (flag) + { // We find the function entry. flag indicate 2 hooks. + t = 0; // KiriKiri2, we need to find call to this function. + for (DWORD k = j + StartRange; k < j + StopRange; k++) // Empirical range. + if (*(BYTE *)(pt + k) == 0xe8) + { + if (k + 5 + *(DWORD *)(pt + k + 1) == j) + t++; + if (t == 2) + { + // for (k+=pt+0x14; *(WORD*)(k)!=0xC483;k++); + // swprintf(str, L"Hook addr: 0x%.8X",pt+k); + // ConsoleOutput(str); + HookParam hp; + hp.address = pt + k + 0x14; + hp.offset = get_reg(regs::ebx); + hp.index = -0x2; + hp.split = get_reg(regs::ecx); + hp.type = CODEC_UTF16 | NO_CONTEXT | USING_SPLIT | DATA_INDIRECT; + ConsoleOutput("INSERT KiriKiri2"); + if (!NewHook(hp, "KiriKiri2")) + return false; + + // https://vndb.org/v5127 + // 蝶の毒 華の鎖 + // KiriKiri2被注音的汉字数量若>=2,则会少字。 + auto addr = pt + k + 0x14 - 5; + BYTE check[] = {0x66, 0x85, 0xC0, 0x75}; // mov ax,[ebx]; test ax,ax; jnz + if (memcmp(check, (void *)addr, sizeof(check)) == 0) + { + HookParam hp_1; + hp_1.address = addr; + hp_1.type = CODEC_UTF16 | NO_CONTEXT | USING_CHAR; + hp_1.text_fun = [](hook_stack *stack, HookParam *hp, TextBuffer *buffer, uintptr_t *split) + { + *split = stack->ecx; + if (*split != 0x16) + return; + buffer->from_t(*(WORD *)(stack->ebx - 2)); + }; + NewHook(hp_1, "KiriKiri2X"); + } + + return true; + } + } + } + else + { + // swprintf(str, L"Hook addr: 0x%.8X",pt+j); + // ConsoleOutput(str); + HookParam hp; + hp.address = (DWORD)pt + j; + hp.offset = get_reg(regs::eax); + hp.index = 0x14; + hp.split = get_reg(regs::eax); + hp.type = CODEC_UTF16 | DATA_INDIRECT | USING_SPLIT | SPLIT_INDIRECT; + ConsoleOutput("INSERT KiriKiri1"); + if (!NewHook(hp, "KiriKiri1")) + return false; + // 该函数为InternalDrawText + // 有4个xref, DrawTextMultiple*2,DrawTextSingle*2 + // DrawTextMultiple和DrawTextSingle均只有一个xref->DrawText + auto xrefs = findxref_reverse_checkcallop(pt + j, processStartAddress, processStopAddress, 0xe8); + if (xrefs.size() == 4) + for (auto addr : xrefs) + { + // ConsoleOutput("%p",addr); + addr = findfuncstart(addr, 0x300); // DrawTextMultiple or 2,DrawTextSingle + // ConsoleOutput("%p",addr); + if (addr) + { + xrefs = findxref_reverse_checkcallop(addr, processStartAddress, processStopAddress, 0xe8); + if (xrefs.size() == 1) + { + addr = xrefs[0]; + // ConsoleOutput("%p",addr); + addr = findfuncstart(addr, 0x300); // DrawText + // ConsoleOutput("%p",addr); + if (addr) + { + /* + void DrawText(const tTVPRect &destrect, tjs_int x, tjs_int y, const ttstr &text, + tjs_uint32 color, tTVPBBBltMethod bltmode, tjs_int opa = 255, + bool holdalpha = true, bool aa = true, tjs_int shlevel = 0, + tjs_uint32 shadowcolor = 0, + tjs_int shwidth = 0, tjs_int shofsx = 0, tjs_int shofsy = 0, + tTVPComplexRect *updaterects = NULL) + */ + + HookParam hp; + hp.address = addr; + hp.type = CODEC_UTF16 | USING_STRING | NO_CONTEXT; + hp.text_fun = [](hook_stack *stack, HookParam *hp, TextBuffer *buffer, uintptr_t *split) + { + // fastcall, a4 + auto text = (kirikiri::ttstr *)stack->stack[9]; + auto destrect = (kirikiri::tTVPRect *)stack->eax; + //*split=destrect->Bottom-destrect->Top;//split by font size;不知道为什么destrect里面的值是乱七八糟的 + *split = stack->ecx; // y. 值似乎不是y,多行不会被分开。 + buffer->from(text->Ptr->LongString ? text->Ptr->LongString : text->Ptr->ShortString, text->Ptr->Length * 2); + }; + NewHook(hp, "tTVPNativeBaseBitmap::DrawText"); + return true; + } + } + } + } + return true; + } + return false; + } + // ConsoleOutput("KiriKiri: FAILED to find function entry"); + } + if (flag) + ConsoleOutput("KiriKiri2: failed"); + else + ConsoleOutput("KiriKiri1: failed"); + return false; +} + +bool InsertKiriKiriHook() // 9/20/2014 jichi: change return type to bool +{ + bool k1 = FindKiriKiriHook((DWORD)GetGlyphOutlineW, processStopAddress - processStartAddress, processStartAddress, 0), // KiriKiri1 + k2 = FindKiriKiriHook((DWORD)GetTextExtentPoint32W, processStopAddress - processStartAddress, processStartAddress, 1); // KiriKiri2 + // RegisterEngineType(ENGINE_KIRIKIRI); + if (k1 && k2) + { + ConsoleOutput("KiriKiri1: disable GDI hooks"); + } + return k1 || k2; +} + +/** 10/20/2014 jichi: KAGParser + * Sample game: [141128] Venus Blood -HYPNO- ヴィーナスブラッ�・ヒュプノ 体験版 + * + * drawText and drawGlyph seem to be the right function to look at. + * However, the latest source code does not match VenusBlood. + * + * Debug method: + * Pre-compute: hexstr 視界のきかな�utf16, got: 96894c756e304d304b306a304430 + * Use ollydbg to insert hardware break point before the scene is entered. + * It found several places either in game or KAGParser, and the last one is as follows. + * It tries to find "[" (0x5b) in the memory. + * + * 1. It cannot find character name. + * 2. It will extract [r]. + * + * 6e562270 75 0a jnz short kagparse.6e56227c + * 6e562272 c705 00000000 00>mov dword ptr ds:[0],0x0 + * 6e56227c ffb424 24010000 push dword ptr ss:[esp+0x124] + * 6e562283 ff9424 24010000 call dword ptr ss:[esp+0x124] + * 6e56228a 8b8c24 20010000 mov ecx,dword ptr ss:[esp+0x120] + * 6e562291 890d 14ed576e mov dword ptr ds:[0x6e57ed14],ecx + * 6e562297 68 3090576e push kagparse.6e579030 ; unicode "[r]" + * 6e56229c 8d46 74 lea eax,dword ptr ds:[esi+0x74] + * 6e56229f 50 push eax + * 6e5622a0 ffd1 call ecx + * 6e5622a2 8b4e 50 mov ecx,dword ptr ds:[esi+0x50] + * 6e5622a5 8b46 54 mov eax,dword ptr ds:[esi+0x54] + * 6e5622a8 66:833c48 5b cmp word ptr ds:[eax+ecx*2],0x5b ; jichi: hook here + * 6e5622ad 75 06 jnz short kagparse.6e5622b5 + * 6e5622af 8d41 01 lea eax,dword ptr ds:[ecx+0x1] + * 6e5622b2 8946 50 mov dword ptr ds:[esi+0x50],eax + * 6e5622b5 ff46 50 inc dword ptr ds:[esi+0x50] + * 6e5622b8 ^e9 aebcffff jmp kagparse.6e55df6b + * 6e5622bd 8d8c24 88030000 lea ecx,dword ptr ss:[esp+0x388] + * 6e5622c4 e8 b707ffff call kagparse.6e552a80 + * 6e5622c9 84c0 test al,al + * 6e5622cb 75 0f jnz short kagparse.6e5622dc + * 6e5622cd 8d8424 88030000 lea eax,dword ptr ss:[esp+0x388] + * 6e5622d4 50 push eax + * 6e5622d5 8bce mov ecx,esi + * 6e5622d7 e8 149bffff call kagparse.6e55bdf0 + * 6e5622dc 8d8c24 80030000 lea ecx,dword ptr ss:[esp+0x380] + * 6e5622e3 e8 9807ffff call kagparse.6e552a80 + * 6e5622e8 84c0 test al,al + * 6e5622ea 75 0f jnz short kagparse.6e5622fb + * 6e5622ec 8d8424 80030000 lea eax,dword ptr ss:[esp+0x380] + * 6e5622f3 50 push eax + * 6e5622f4 8bce mov ecx,esi + * 6e5622f6 e8 35a0ffff call kagparse.6e55c330 + * 6e5622fb 8d8c24 c0030000 lea ecx,dword ptr ss:[esp+0x3c0] + * 6e562302 c68424 c0040000 >mov byte ptr ss:[esp+0x4c0],0x3c + * 6e56230a e8 81edfeff call kagparse.6e551090 + * 6e56230f 8d8c24 80030000 lea ecx,dword ptr ss:[esp+0x380] + * 6e562316 c68424 c0040000 >mov byte ptr ss:[esp+0x4c0],0x3b + * 6e56231e e8 8deefeff call kagparse.6e5511b0 + * 6e562323 8d8c24 88030000 lea ecx,dword ptr ss:[esp+0x388] + * 6e56232a e9 d7000000 jmp kagparse.6e562406 + * 6e56232f 66:837c24 20 00 cmp word ptr ss:[esp+0x20],0x0 + * 6e562335 75 10 jnz short kagparse.6e562347 + * 6e562337 ff46 4c inc dword ptr ds:[esi+0x4c] + * 6e56233a c746 50 00000000 mov dword ptr ds:[esi+0x50],0x0 + * 6e562341 c646 5c 00 mov byte ptr ds:[esi+0x5c],0x0 + * + * Runtime regisers: + * EAX 09C1A626 text address + * ECX 00000000 0 or other offset + * EDX 025F1368 this value seems does not change. it is always pointed to 0 + * EBX 0000300C + * ESP 0029EB7C + * EBP 0029F044 + * ESI 04EE4150 + * EDI 0029F020 + * + * とな�KAGParserEx.dll + * 10013948 68 14830210 push _3.10028314 ; UNICODE "[r]" + * 1001394d 83c2 7c add edx,0x7c + * 10013950 52 push edx + * 10013951 ffd0 call eax + * 10013953 8b75 08 mov esi,dword ptr ss:[ebp+0x8] + * 10013956 eb 02 jmp short _3.1001395a + * 10013958 8bf2 mov esi,edx + * 1001395a 8b46 58 mov eax,dword ptr ds:[esi+0x58] + * 1001395d 8b4e 5c mov ecx,dword ptr ds:[esi+0x5c] + * 10013960 66:833c41 5b cmp word ptr ds:[ecx+eax*2],0x5b ; jichi: hook here + * 10013965 75 06 jnz short _3.1001396d + * 10013967 83c0 01 add eax,0x1 + * 1001396a 8946 58 mov dword ptr ds:[esi+0x58],eax + * 1001396d 8346 58 01 add dword ptr ds:[esi+0x58],0x1 + * 10013971 807e 7a 00 cmp byte ptr ds:[esi+0x7a],0x0 + * 10013975 ^0f85 b5a7ffff jnz _3.1000e130 + * 1001397b 8b45 08 mov eax,dword ptr ss:[ebp+0x8] + * 1001397e 83b8 90000000 ff cmp dword ptr ds:[eax+0x90],-0x1 + * 10013985 0f84 68040000 je _3.10013df3 + * 1001398b 8bd8 mov ebx,eax + * 1001398d ^e9 a1a7ffff jmp _3.1000e133 + * 10013992 8d7c24 78 lea edi,dword ptr ss:[esp+0x78] + * 10013996 8d7424 54 lea esi,dword ptr ss:[esp+0x54] + * 1001399a e8 e16fffff call _3.1000a980 + */ + +#if 0 // not used, as KiriKiriZ is sufficient, and most KiriKiriZ games use KAGParserEx instead of KAGParser. +namespace { // unnamed + +bool KAGParserFilter(LPVOID data, size_t *size, HookParam *) +{ + StringFilter(reinterpret_cast(data), reinterpret_cast(size), L"[r]", 3); + return true; +} + +void SpecialHookKAGParser(hook_stack* stack, HookParam *, uintptr_t *data, uintptr_t *split, size_t*len) +{ + // 6e5622a8 66:833c48 5b cmp word ptr ds:[eax+ecx*2],0x5b + DWORD eax = regof(eax, esp_base), + ecx = regof(ecx, esp_base); + if (eax && !ecx) { // skip string when ecx is not zero + *data = eax; + *len = ::wcslen((LPCWSTR)eax) * 2; // 2 == sizeof(wchar_t) + *split = FIXED_SPLIT_VALUE; // merge all threads + } +} + +void SpecialHookKAGParserEx(hook_stack* stack, HookParam *, uintptr_t *data, uintptr_t *split, size_t*len) +{ + // 10013960 66:833c41 5b cmp word ptr ds:[ecx+eax*2],0x5b + DWORD eax = regof(eax, esp_base), + ecx = regof(ecx, esp_base); + if (ecx && !eax) { // skip string when ecx is not zero + *data = ecx; + *len = ::wcslen((LPCWSTR)ecx) * 2; // 2 == sizeof(wchar_t) + *split = FIXED_SPLIT_VALUE; // merge all threads + } +} +} // unnamed namespace +bool InsertKAGParserHook() +{ + ULONG processStartAddress, processStopAddress; + if (!NtInspect::getModuleMemoryRange(L"KAGParser.dll", &startAddress, &stopAddress)) { + ConsoleOutput("KAGParser: failed to get memory range"); + return false; + } + const wchar_t *patternString = L"[r]"; + const size_t patternStringSize = ::wcslen(patternString) * 2; + ULONG addr = MemDbg::findBytes(patternString, patternStringSize, processStartAddress, processStopAddress); + if (!addr) { + ConsoleOutput("KAGParser: [r] global string not found"); + return false; + } + // Find where it is used as function parameter + addr = MemDbg::findPushAddress(addr, processStartAddress, processStopAddress); + if (!addr) { + ConsoleOutput("KAGParser: push address not found"); + return false; + } + + const BYTE ins[] = { + 0x66,0x83,0x3c,0x48, 0x5b // 6e5622a8 66:833c48 5b cmp word ptr ds:[eax+ecx*2],0x5b ; jichi: hook here + }; + enum { range = 0x20 }; // 0x6e5622a8 - 0x6e562297 = 17 + addr = MemDbg::findBytes(ins, sizeof(ins), addr, addr + range); + if (!addr) { + ConsoleOutput("KAGParser: instruction pattern not found"); + return false; + } + + HookParam hp; + hp.address = addr; + hp.text_fun = SpecialHookKAGParser; + hp.filter_fun = KAGParserFilter; + hp.type = CODEC_UTF16|FIXING_SPLIT|NO_CONTEXT; // Fix the split value to merge all threads + ConsoleOutput("INSERT KAGParser"); + + return NewHook(hp, "KAGParser"); +} +bool InsertKAGParserExHook() +{ + ULONG processStartAddress, processStopAddress; + if (!NtInspect::getModuleMemoryRange(L"KAGParserEx.dll", &startAddress, &stopAddress)) { + ConsoleOutput("KAGParserEx: failed to get memory range"); + return false; + } + const wchar_t *patternString = L"[r]"; + const size_t patternStringSize = ::wcslen(patternString) * 2; + ULONG addr = MemDbg::findBytes(patternString, patternStringSize, processStartAddress, processStopAddress); + if (!addr) { + ConsoleOutput("KAGParserEx: [r] global string not found"); + return false; + } + // Find where it is used as function parameter + addr = MemDbg::findPushAddress(addr, processStartAddress, processStopAddress); + if (!addr) { + ConsoleOutput("KAGParserEx: push address not found"); + return false; + } + + const BYTE ins[] = { + 0x66,0x83,0x3c,0x41, 0x5b // 10013960 66:833c41 5b cmp word ptr ds:[ecx+eax*2],0x5b ; jichi: hook here + }; + enum { range = 0x20 }; // 0x10013960 - 0x10013948 = 24 + addr = MemDbg::findBytes(ins, sizeof(ins), addr, addr + range); + if (!addr) { + ConsoleOutput("KAGParserEx: instruction pattern not found"); + return false; + } + + HookParam hp; + hp.address = addr; + hp.text_fun = SpecialHookKAGParserEx; + hp.filter_fun = KAGParserFilter; + hp.type = CODEC_UTF16|FIXING_SPLIT|NO_CONTEXT; // Fix the split value to merge all threads + ConsoleOutput("INSERT KAGParserEx"); + + return NewHook(hp, "KAGParserEx"); +} +#endif // 0 + +/** 10/24/2014 jichi: New KiriKiri hook + * Sample game: [141128] Venus Blood -HYPNO- ヴィーナスブラッ�・ヒュプノ 体験版 + * + * This engine will hook to the caller of caller of the first GetGlyphOutlineW (totally three). + * The logic is quite similar to KiriKiri1 except it backtrack twice to get the function call. + * + * 1/31/2015: If the game no longer invoke GDI functions by default, one way to find the hook + * is to click the フォン�in the menu to force triggering GetGlyphOutlineW function. + * + * KiriKiriZ: + * https://github.com/krkrz/krkrz + * http://krkrz.github.io + * + * KiriKiri API: http://devdoc.kikyou.info/tvp/docs/kr2doc/contents/f_Layer.html + * + * See: krkrz/src/core/visual/LayerIntf.cpp + * API: http://devdoc.kikyou.info/tvp/docs/kr2doc/contents/f_Layer_drawText.html + * + * Debug method: + * Backtrack from GetGlyphOutlineW, and find the first function that is invoked more + * times than (cached) GetGlyphOutlineW. + * + * - Find function calls to GetGlyphOutlineW (totally three) + * + * - Find the caller of the first GetGlyphOutlineW + * Using MemDbg::findCallerAddressAfterInt3() + * + * - Find the caller of the above caller + * Since the function address is dynamic, the function is found using KiriKiriZHook + * + * 00377c44 8b01 mov eax,dword ptr ds:[ecx] + * 00377c46 ff75 10 push dword ptr ss:[ebp+0x10] + * 00377c49 ff75 0c push dword ptr ss:[ebp+0xc] + * 00377c4c 53 push ebx + * 00377c4d ff50 1c call dword ptr ds:[eax+0x1c] ; jichi: called here + * 00377c50 8bf0 mov esi,eax + * 00377c52 8975 e4 mov dword ptr ss:[ebp-0x1c],esi + * 00377c55 ff46 04 inc dword ptr ds:[esi+0x4] + * 00377c58 c745 fc 04000000 mov dword ptr ss:[ebp-0x4],0x4 + * + * Then, the UTF8 two-byte character is at [ecx]+0x14 + * 0017E950 16 00 00 00 00 02 00 00 00 00 00 00 98 D2 76 02 + * 0017E960 E0 8E 90 D9 42 7D 00 00 00 02 00 00 01 00 00 00 + * up: text here + * 0017E970 01 00 01 FF 00 00 00 00 00 00 00 00 C8 + * + * 1/30/2015: + * The hooked function in Venus Blood -HYPNO- is as follows. + * Since サノバウィッ� (150226), KiriKiriZ no longer invokes GetGlyphOutlineW. + * Try to extract instruction patterns from the following function instead. + * + * 011a7a3c cc int3 + * 011a7a3d cc int3 + * 011a7a3e cc int3 + * 011a7a3f cc int3 + * 011a7a40 55 push ebp + * 011a7a41 8bec mov ebp,esp + * 011a7a43 6a ff push -0x1 + * 011a7a45 68 dbaa3101 push .0131aadb + * 011a7a4a 64:a1 00000000 mov eax,dword ptr fs:[0] + * 011a7a50 50 push eax + * 011a7a51 83ec 14 sub esp,0x14 + * 011a7a54 53 push ebx + * 011a7a55 56 push esi + * 011a7a56 57 push edi + * 011a7a57 a1 00593d01 mov eax,dword ptr ds:[0x13d5900] + * 011a7a5c 33c5 xor eax,ebp + * 011a7a5e 50 push eax + * 011a7a5f 8d45 f4 lea eax,dword ptr ss:[ebp-0xc] + * 011a7a62 64:a3 00000000 mov dword ptr fs:[0],eax + * 011a7a68 8965 f0 mov dword ptr ss:[ebp-0x10],esp + * 011a7a6b 8bd9 mov ebx,ecx + * 011a7a6d 803d 00113e01 00 cmp byte ptr ds:[0x13e1100],0x0 + * 011a7a74 75 17 jnz short .011a7a8d + * 011a7a76 c745 e8 1cb83d01 mov dword ptr ss:[ebp-0x18],.013db81c + * 011a7a7d 8d45 e8 lea eax,dword ptr ss:[ebp-0x18] + * 011a7a80 50 push eax + * 011a7a81 e8 4ae2f0ff call .010b5cd0 + * 011a7a86 c605 00113e01 01 mov byte ptr ds:[0x13e1100],0x1 + * 011a7a8d 33c9 xor ecx,ecx + * 011a7a8f 384b 21 cmp byte ptr ds:[ebx+0x21],cl + * 011a7a92 0f95c1 setne cl + * 011a7a95 33c0 xor eax,eax + * 011a7a97 3843 20 cmp byte ptr ds:[ebx+0x20],al + * 011a7a9a 0f95c0 setne al + * 011a7a9d 33c8 xor ecx,eax + * 011a7a9f 334b 10 xor ecx,dword ptr ds:[ebx+0x10] + * 011a7aa2 0fb743 14 movzx eax,word ptr ds:[ebx+0x14] + * 011a7aa6 33c8 xor ecx,eax + * 011a7aa8 8b7b 1c mov edi,dword ptr ds:[ebx+0x1c] + * 011a7aab 33f9 xor edi,ecx + * 011a7aad 337b 18 xor edi,dword ptr ds:[ebx+0x18] + * 011a7ab0 897d e4 mov dword ptr ss:[ebp-0x1c],edi + * 011a7ab3 57 push edi + * 011a7ab4 53 push ebx + * 011a7ab5 e8 06330000 call .011aadc0 + * 011a7aba 8bf0 mov esi,eax + * 011a7abc 85f6 test esi,esi + * 011a7abe 74 26 je short .011a7ae6 + * 011a7ac0 56 push esi + * 011a7ac1 e8 ba330000 call .011aae80 + * 011a7ac6 8d46 2c lea eax,dword ptr ds:[esi+0x2c] + * 011a7ac9 85c0 test eax,eax + * 011a7acb 74 19 je short .011a7ae6 + * 011a7acd 8b08 mov ecx,dword ptr ds:[eax] + * 011a7acf ff41 04 inc dword ptr ds:[ecx+0x4] + * 011a7ad2 8b00 mov eax,dword ptr ds:[eax] + * 011a7ad4 8b4d f4 mov ecx,dword ptr ss:[ebp-0xc] + * 011a7ad7 64:890d 00000000 mov dword ptr fs:[0],ecx + * 011a7ade 59 pop ecx + * 011a7adf 5f pop edi + * 011a7ae0 5e pop esi + * 011a7ae1 5b pop ebx + * 011a7ae2 8be5 mov esp,ebp + * 011a7ae4 5d pop ebp + * 011a7ae5 c3 retn + * 011a7ae6 8b4d 08 mov ecx,dword ptr ss:[ebp+0x8] + * 011a7ae9 85c9 test ecx,ecx + * 011a7aeb 0f84 47010000 je .011a7c38 + * 011a7af1 0fb743 14 movzx eax,word ptr ds:[ebx+0x14] + * 011a7af5 50 push eax + * 011a7af6 e8 b5090300 call .011d84b0 + * 011a7afb 8bf0 mov esi,eax + * 011a7afd 8975 ec mov dword ptr ss:[ebp-0x14],esi + * 011a7b00 85f6 test esi,esi + * 011a7b02 0f84 30010000 je .011a7c38 + * 011a7b08 6a 34 push 0x34 + * 011a7b0a e8 29621300 call .012ddd38 + * 011a7b0f 83c4 04 add esp,0x4 + * 011a7b12 8bf8 mov edi,eax + * 011a7b14 897d e0 mov dword ptr ss:[ebp-0x20],edi + * 011a7b17 c745 fc 00000000 mov dword ptr ss:[ebp-0x4],0x0 + * 011a7b1e 85ff test edi,edi + * 011a7b20 74 1d je short .011a7b3f + * 011a7b22 c747 2c 41000000 mov dword ptr ds:[edi+0x2c],0x41 + * 011a7b29 c647 32 00 mov byte ptr ds:[edi+0x32],0x0 + * 011a7b2d c747 04 01000000 mov dword ptr ds:[edi+0x4],0x1 + * 011a7b34 c707 00000000 mov dword ptr ds:[edi],0x0 + * 011a7b3a 8945 e8 mov dword ptr ss:[ebp-0x18],eax + * 011a7b3d eb 05 jmp short .011a7b44 + * 011a7b3f 33ff xor edi,edi + * 011a7b41 897d e8 mov dword ptr ss:[ebp-0x18],edi + * 011a7b44 c745 fc ffffffff mov dword ptr ss:[ebp-0x4],-0x1 + * 011a7b4b 0fb746 04 movzx eax,word ptr ds:[esi+0x4] + * 011a7b4f 8947 1c mov dword ptr ds:[edi+0x1c],eax + * 011a7b52 0fb746 06 movzx eax,word ptr ds:[esi+0x6] + * 011a7b56 8947 20 mov dword ptr ds:[edi+0x20],eax + * 011a7b59 0fbf46 0c movsx eax,word ptr ds:[esi+0xc] + * 011a7b5d 8947 10 mov dword ptr ds:[edi+0x10],eax + * 011a7b60 0fbf46 0e movsx eax,word ptr ds:[esi+0xe] + * 011a7b64 8947 14 mov dword ptr ds:[edi+0x14],eax + * 011a7b67 0fbf46 08 movsx eax,word ptr ds:[esi+0x8] + * 011a7b6b 0345 0c add eax,dword ptr ss:[ebp+0xc] + * 011a7b6e 8947 08 mov dword ptr ds:[edi+0x8],eax + * 011a7b71 0fbf46 0a movsx eax,word ptr ds:[esi+0xa] + * 011a7b75 8b4d 10 mov ecx,dword ptr ss:[ebp+0x10] + * 011a7b78 2bc8 sub ecx,eax + * 011a7b7a 894f 0c mov dword ptr ds:[edi+0xc],ecx + * 011a7b7d 0fb643 20 movzx eax,byte ptr ds:[ebx+0x20] + * 011a7b81 8847 30 mov byte ptr ds:[edi+0x30],al + * 011a7b84 c647 32 00 mov byte ptr ds:[edi+0x32],0x0 + * 011a7b88 0fb643 21 movzx eax,byte ptr ds:[ebx+0x21] + * 011a7b8c 8847 31 mov byte ptr ds:[edi+0x31],al + * 011a7b8f 8b43 1c mov eax,dword ptr ds:[ebx+0x1c] + * 011a7b92 8947 28 mov dword ptr ds:[edi+0x28],eax + * 011a7b95 8b43 18 mov eax,dword ptr ds:[ebx+0x18] + * 011a7b98 8947 24 mov dword ptr ds:[edi+0x24],eax + * 011a7b9b c745 fc 01000000 mov dword ptr ss:[ebp-0x4],0x1 + * 011a7ba2 837f 1c 00 cmp dword ptr ds:[edi+0x1c],0x0 + * 011a7ba6 74 64 je short .011a7c0c + * 011a7ba8 8b47 20 mov eax,dword ptr ds:[edi+0x20] + * 011a7bab 85c0 test eax,eax + * 011a7bad 74 5d je short .011a7c0c + * 011a7baf 0fb776 04 movzx esi,word ptr ds:[esi+0x4] + * 011a7bb3 4e dec esi + * 011a7bb4 83e6 fc and esi,0xfffffffc + * 011a7bb7 83c6 04 add esi,0x4 + * 011a7bba 8977 18 mov dword ptr ds:[edi+0x18],esi + * 011a7bbd 0fafc6 imul eax,esi + * 011a7bc0 50 push eax + * 011a7bc1 8bcf mov ecx,edi + * 011a7bc3 e8 b8f6ffff call .011a7280 + * 011a7bc8 56 push esi + * 011a7bc9 ff37 push dword ptr ds:[edi] + * 011a7bcb ff75 ec push dword ptr ss:[ebp-0x14] + * 011a7bce 8b4d 08 mov ecx,dword ptr ss:[ebp+0x8] + * 011a7bd1 e8 3a090300 call .011d8510 + * 011a7bd6 807b 21 00 cmp byte ptr ds:[ebx+0x21],0x0 + * 011a7bda 74 0d je short .011a7be9 + * 011a7bdc ff77 28 push dword ptr ds:[edi+0x28] + * 011a7bdf ff77 24 push dword ptr ds:[edi+0x24] + * 011a7be2 8bcf mov ecx,edi + * 011a7be4 e8 d70affff call .011986c0 + * 011a7be9 897d ec mov dword ptr ss:[ebp-0x14],edi + * 011a7bec ff47 04 inc dword ptr ds:[edi+0x4] + * 011a7bef c645 fc 02 mov byte ptr ss:[ebp-0x4],0x2 + * 011a7bf3 8d45 ec lea eax,dword ptr ss:[ebp-0x14] + * 011a7bf6 50 push eax + * 011a7bf7 ff75 e4 push dword ptr ss:[ebp-0x1c] + * 011a7bfa 53 push ebx + * 011a7bfb e8 50280000 call .011aa450 + * 011a7c00 c645 fc 01 mov byte ptr ss:[ebp-0x4],0x1 + * 011a7c04 8d4d ec lea ecx,dword ptr ss:[ebp-0x14] + * 011a7c07 e8 84280000 call .011aa490 + * 011a7c0c c745 fc ffffffff mov dword ptr ss:[ebp-0x4],-0x1 + * 011a7c13 8bc7 mov eax,edi + * 011a7c15 8b4d f4 mov ecx,dword ptr ss:[ebp-0xc] + * 011a7c18 64:890d 00000000 mov dword ptr fs:[0],ecx + * 011a7c1f 59 pop ecx + * 011a7c20 5f pop edi + * 011a7c21 5e pop esi + * 011a7c22 5b pop ebx + * 011a7c23 8be5 mov esp,ebp + * 011a7c25 5d pop ebp + * 011a7c26 c3 retn + * 011a7c27 8b4d e8 mov ecx,dword ptr ss:[ebp-0x18] + * 011a7c2a e8 81f6ffff call .011a72b0 + * 011a7c2f 6a 00 push 0x0 + * 011a7c31 6a 00 push 0x0 + * 011a7c33 e8 93cb1300 call .012e47cb + * 011a7c38 a1 dc8a3d01 mov eax,dword ptr ds:[0x13d8adc] + * 011a7c3d 8b0c85 88b93f01 mov ecx,dword ptr ds:[eax*4+0x13fb988] + * 011a7c44 8b01 mov eax,dword ptr ds:[ecx] + * 011a7c46 ff75 10 push dword ptr ss:[ebp+0x10] + * 011a7c49 ff75 0c push dword ptr ss:[ebp+0xc] + * 011a7c4c 53 push ebx + * 011a7c4d ff50 1c call dword ptr ds:[eax+0x1c] + * 011a7c50 8bf0 mov esi,eax + * 011a7c52 8975 e4 mov dword ptr ss:[ebp-0x1c],esi + * 011a7c55 ff46 04 inc dword ptr ds:[esi+0x4] + * 011a7c58 c745 fc 04000000 mov dword ptr ss:[ebp-0x4],0x4 + * 011a7c5f 8d45 e4 lea eax,dword ptr ss:[ebp-0x1c] + * 011a7c62 50 push eax + * 011a7c63 57 push edi + * 011a7c64 53 push ebx + * 011a7c65 e8 a62c0000 call .011aa910 + * 011a7c6a a1 388b3f01 mov eax,dword ptr ds:[0x13f8b38] + * 011a7c6f 8b0d 448b3f01 mov ecx,dword ptr ds:[0x13f8b44] + * 011a7c75 3bc1 cmp eax,ecx + * 011a7c77 76 08 jbe short .011a7c81 + * 011a7c79 2bc1 sub eax,ecx + * 011a7c7b 50 push eax + * 011a7c7c e8 1f2e0000 call .011aaaa0 + * 011a7c81 c745 fc ffffffff mov dword ptr ss:[ebp-0x4],-0x1 + * 011a7c88 8b46 04 mov eax,dword ptr ds:[esi+0x4] + * 011a7c8b 83f8 01 cmp eax,0x1 + * 011a7c8e 75 2c jnz short .011a7cbc + * 011a7c90 8b06 mov eax,dword ptr ds:[esi] + * 011a7c92 85c0 test eax,eax + * 011a7c94 74 09 je short .011a7c9f + * 011a7c96 50 push eax + * 011a7c97 e8 3b621300 call .012dded7 + * 011a7c9c 83c4 04 add esp,0x4 + * 011a7c9f 56 push esi + * 011a7ca0 e8 335e1300 call .012ddad8 + * 011a7ca5 83c4 04 add esp,0x4 + * 011a7ca8 8bc6 mov eax,esi + * 011a7caa 8b4d f4 mov ecx,dword ptr ss:[ebp-0xc] + * 011a7cad 64:890d 00000000 mov dword ptr fs:[0],ecx + * 011a7cb4 59 pop ecx + * 011a7cb5 5f pop edi + * 011a7cb6 5e pop esi + * 011a7cb7 5b pop ebx + * 011a7cb8 8be5 mov esp,ebp + * 011a7cba 5d pop ebp + * 011a7cbb c3 retn + * 011a7cbc 48 dec eax + * 011a7cbd 8946 04 mov dword ptr ds:[esi+0x4],eax + * 011a7cc0 8bc6 mov eax,esi + * 011a7cc2 8b4d f4 mov ecx,dword ptr ss:[ebp-0xc] + * 011a7cc5 64:890d 00000000 mov dword ptr fs:[0],ecx + * 011a7ccc 59 pop ecx + * 011a7ccd 5f pop edi + * 011a7cce 5e pop esi + * 011a7ccf 5b pop ebx + * 011a7cd0 8be5 mov esp,ebp + * 011a7cd2 5d pop ebp + * 011a7cd3 c3 retn + * 011a7cd4 cc int3 + * 011a7cd5 cc int3 + * 011a7cd6 cc int3 + * 011a7cd7 cc int3 + * 011a7cd8 cc int3 + * + * Here's the hooked function in サノバウィッ� (150226). + * I randomly picked a pattern from VBH: + * + * 011a7a95 33c0 xor eax,eax + * 011a7a97 3843 20 cmp byte ptr ds:[ebx+0x20],al + * 011a7a9a 0f95c0 setne al + * 011a7a9d 33c8 xor ecx,eax + * 011a7a9f 334b 10 xor ecx,dword ptr ds:[ebx+0x10] + * 011a7aa2 0fb743 14 movzx eax,word ptr ds:[ebx+0x14] + * + * i.e: 33c03843200f95c033c8334b100fb74314 + * + * The new hooked function in サノバウィッ� is as follows. + * + * 012280dc cc int3 + * 012280dd cc int3 + * 012280de cc int3 + * 012280df cc int3 + * 012280e0 55 push ebp + * 012280e1 8bec mov ebp,esp + * 012280e3 6a ff push -0x1 + * 012280e5 68 3b813d01 push .013d813b + * 012280ea 64:a1 00000000 mov eax,dword ptr fs:[0] + * 012280f0 50 push eax + * 012280f1 83ec 14 sub esp,0x14 + * 012280f4 53 push ebx + * 012280f5 56 push esi + * 012280f6 57 push edi + * 012280f7 a1 00694901 mov eax,dword ptr ds:[0x1496900] + * 012280fc 33c5 xor eax,ebp + * 012280fe 50 push eax + * 012280ff 8d45 f4 lea eax,dword ptr ss:[ebp-0xc] + * 01228102 64:a3 00000000 mov dword ptr fs:[0],eax + * 01228108 8965 f0 mov dword ptr ss:[ebp-0x10],esp + * 0122810b 8bd9 mov ebx,ecx + * 0122810d 803d e82d4a01 00 cmp byte ptr ds:[0x14a2de8],0x0 + * 01228114 75 17 jnz short .0122812d + * 01228116 c745 e8 d8d44901 mov dword ptr ss:[ebp-0x18],.0149d4d8 + * 0122811d 8d45 e8 lea eax,dword ptr ss:[ebp-0x18] + * 01228120 50 push eax + * 01228121 e8 aadbf0ff call .01135cd0 + * 01228126 c605 e82d4a01 01 mov byte ptr ds:[0x14a2de8],0x1 + * 0122812d 33c9 xor ecx,ecx + * 0122812f 384b 21 cmp byte ptr ds:[ebx+0x21],cl + * 01228132 0f95c1 setne cl + * 01228135 33c0 xor eax,eax + * 01228137 3843 20 cmp byte ptr ds:[ebx+0x20],al + * 0122813a 0f95c0 setne al + * 0122813d 33c8 xor ecx,eax + * 0122813f 334b 10 xor ecx,dword ptr ds:[ebx+0x10] + * 01228142 0fb743 14 movzx eax,word ptr ds:[ebx+0x14] + * 01228146 33c8 xor ecx,eax + * 01228148 8b7b 1c mov edi,dword ptr ds:[ebx+0x1c] + * 0122814b 33f9 xor edi,ecx + * 0122814d 337b 18 xor edi,dword ptr ds:[ebx+0x18] + * 01228150 897d e4 mov dword ptr ss:[ebp-0x1c],edi + * 01228153 57 push edi + * 01228154 53 push ebx + * 01228155 e8 06330000 call .0122b460 + * 0122815a 8bf0 mov esi,eax + * 0122815c 85f6 test esi,esi + * 0122815e 74 26 je short .01228186 + * 01228160 56 push esi + * 01228161 e8 ba330000 call .0122b520 + * 01228166 8d46 2c lea eax,dword ptr ds:[esi+0x2c] + * 01228169 85c0 test eax,eax + * 0122816b 74 19 je short .01228186 + * 0122816d 8b08 mov ecx,dword ptr ds:[eax] + * 0122816f ff41 04 inc dword ptr ds:[ecx+0x4] + * 01228172 8b00 mov eax,dword ptr ds:[eax] + * 01228174 8b4d f4 mov ecx,dword ptr ss:[ebp-0xc] + * 01228177 64:890d 00000000 mov dword ptr fs:[0],ecx + * 0122817e 59 pop ecx + * 0122817f 5f pop edi + * 01228180 5e pop esi + * 01228181 5b pop ebx + * 01228182 8be5 mov esp,ebp + * 01228184 5d pop ebp + * 01228185 c3 retn + * 01228186 8b4d 08 mov ecx,dword ptr ss:[ebp+0x8] + * 01228189 85c9 test ecx,ecx + * 0122818b 0f84 47010000 je .012282d8 + * 01228191 0fb743 14 movzx eax,word ptr ds:[ebx+0x14] + * 01228195 50 push eax + * 01228196 e8 950f0300 call .01259130 + * 0122819b 8bf0 mov esi,eax + * 0122819d 8975 ec mov dword ptr ss:[ebp-0x14],esi + * 012281a0 85f6 test esi,esi + * 012281a2 0f84 30010000 je .012282d8 + * 012281a8 6a 34 push 0x34 + * 012281aa e8 297c1300 call .0135fdd8 + * 012281af 83c4 04 add esp,0x4 + * 012281b2 8bf8 mov edi,eax + * 012281b4 897d e0 mov dword ptr ss:[ebp-0x20],edi + * 012281b7 c745 fc 00000000 mov dword ptr ss:[ebp-0x4],0x0 + * 012281be 85ff test edi,edi + * 012281c0 74 1d je short .012281df + * 012281c2 c747 2c 41000000 mov dword ptr ds:[edi+0x2c],0x41 + * 012281c9 c647 32 00 mov byte ptr ds:[edi+0x32],0x0 + * 012281cd c747 04 01000000 mov dword ptr ds:[edi+0x4],0x1 + * 012281d4 c707 00000000 mov dword ptr ds:[edi],0x0 + * 012281da 8945 e8 mov dword ptr ss:[ebp-0x18],eax + * 012281dd eb 05 jmp short .012281e4 + * 012281df 33ff xor edi,edi + * 012281e1 897d e8 mov dword ptr ss:[ebp-0x18],edi + * 012281e4 c745 fc ffffffff mov dword ptr ss:[ebp-0x4],-0x1 + * 012281eb 0fb746 04 movzx eax,word ptr ds:[esi+0x4] + * 012281ef 8947 1c mov dword ptr ds:[edi+0x1c],eax + * 012281f2 0fb746 06 movzx eax,word ptr ds:[esi+0x6] + * 012281f6 8947 20 mov dword ptr ds:[edi+0x20],eax + * 012281f9 0fbf46 0c movsx eax,word ptr ds:[esi+0xc] + * 012281fd 8947 10 mov dword ptr ds:[edi+0x10],eax + * 01228200 0fbf46 0e movsx eax,word ptr ds:[esi+0xe] + * 01228204 8947 14 mov dword ptr ds:[edi+0x14],eax + * 01228207 0fbf46 08 movsx eax,word ptr ds:[esi+0x8] + * 0122820b 0345 0c add eax,dword ptr ss:[ebp+0xc] + * 0122820e 8947 08 mov dword ptr ds:[edi+0x8],eax + * 01228211 0fbf46 0a movsx eax,word ptr ds:[esi+0xa] + * 01228215 8b4d 10 mov ecx,dword ptr ss:[ebp+0x10] + * 01228218 2bc8 sub ecx,eax + * 0122821a 894f 0c mov dword ptr ds:[edi+0xc],ecx + * 0122821d 0fb643 20 movzx eax,byte ptr ds:[ebx+0x20] + * 01228221 8847 30 mov byte ptr ds:[edi+0x30],al + * 01228224 c647 32 00 mov byte ptr ds:[edi+0x32],0x0 + * 01228228 0fb643 21 movzx eax,byte ptr ds:[ebx+0x21] + * 0122822c 8847 31 mov byte ptr ds:[edi+0x31],al + * 0122822f 8b43 1c mov eax,dword ptr ds:[ebx+0x1c] + * 01228232 8947 28 mov dword ptr ds:[edi+0x28],eax + * 01228235 8b43 18 mov eax,dword ptr ds:[ebx+0x18] + * 01228238 8947 24 mov dword ptr ds:[edi+0x24],eax + * 0122823b c745 fc 01000000 mov dword ptr ss:[ebp-0x4],0x1 + * 01228242 837f 1c 00 cmp dword ptr ds:[edi+0x1c],0x0 + * 01228246 74 64 je short .012282ac + * 01228248 8b47 20 mov eax,dword ptr ds:[edi+0x20] + * 0122824b 85c0 test eax,eax + * 0122824d 74 5d je short .012282ac + * 0122824f 0fb776 04 movzx esi,word ptr ds:[esi+0x4] + * 01228253 4e dec esi + * 01228254 83e6 fc and esi,0xfffffffc + * 01228257 83c6 04 add esi,0x4 + * 0122825a 8977 18 mov dword ptr ds:[edi+0x18],esi + * 0122825d 0fafc6 imul eax,esi + * 01228260 50 push eax + * 01228261 8bcf mov ecx,edi + * 01228263 e8 a8f6ffff call .01227910 + * 01228268 56 push esi + * 01228269 ff37 push dword ptr ds:[edi] + * 0122826b ff75 ec push dword ptr ss:[ebp-0x14] + * 0122826e 8b4d 08 mov ecx,dword ptr ss:[ebp+0x8] + * 01228271 e8 1a0f0300 call .01259190 + * 01228276 807b 21 00 cmp byte ptr ds:[ebx+0x21],0x0 + * 0122827a 74 0d je short .01228289 + * 0122827c ff77 28 push dword ptr ds:[edi+0x28] + * 0122827f ff77 24 push dword ptr ds:[edi+0x24] + * 01228282 8bcf mov ecx,edi + * 01228284 e8 870affff call .01218d10 + * 01228289 897d ec mov dword ptr ss:[ebp-0x14],edi + * 0122828c ff47 04 inc dword ptr ds:[edi+0x4] + * 0122828f c645 fc 02 mov byte ptr ss:[ebp-0x4],0x2 + * 01228293 8d45 ec lea eax,dword ptr ss:[ebp-0x14] + * 01228296 50 push eax + * 01228297 ff75 e4 push dword ptr ss:[ebp-0x1c] + * 0122829a 53 push ebx + * 0122829b e8 50280000 call .0122aaf0 + * 012282a0 c645 fc 01 mov byte ptr ss:[ebp-0x4],0x1 + * 012282a4 8d4d ec lea ecx,dword ptr ss:[ebp-0x14] + * 012282a7 e8 84280000 call .0122ab30 + * 012282ac c745 fc ffffffff mov dword ptr ss:[ebp-0x4],-0x1 + * 012282b3 8bc7 mov eax,edi + * 012282b5 8b4d f4 mov ecx,dword ptr ss:[ebp-0xc] + * 012282b8 64:890d 00000000 mov dword ptr fs:[0],ecx + * 012282bf 59 pop ecx + * 012282c0 5f pop edi + * 012282c1 5e pop esi + * 012282c2 5b pop ebx + * 012282c3 8be5 mov esp,ebp + * 012282c5 5d pop ebp + * 012282c6 c3 retn + * 012282c7 8b4d e8 mov ecx,dword ptr ss:[ebp-0x18] + * 012282ca e8 71f6ffff call .01227940 + * 012282cf 6a 00 push 0x0 + * 012282d1 6a 00 push 0x0 + * 012282d3 e8 83eb1300 call .01366e5b + * 012282d8 a1 e89a4901 mov eax,dword ptr ds:[0x1499ae8] + * 012282dd 8b0c85 f0d64b01 mov ecx,dword ptr ds:[eax*4+0x14bd6f0] + * 012282e4 8b01 mov eax,dword ptr ds:[ecx] + * 012282e6 ff75 10 push dword ptr ss:[ebp+0x10] + * 012282e9 ff75 0c push dword ptr ss:[ebp+0xc] + * 012282ec 53 push ebx + * 012282ed ff50 1c call dword ptr ds:[eax+0x1c] + * 012282f0 8bf0 mov esi,eax + * 012282f2 8975 e4 mov dword ptr ss:[ebp-0x1c],esi + * 012282f5 ff46 04 inc dword ptr ds:[esi+0x4] + * 012282f8 c745 fc 04000000 mov dword ptr ss:[ebp-0x4],0x4 + * 012282ff 8d45 e4 lea eax,dword ptr ss:[ebp-0x1c] + * 01228302 50 push eax + * 01228303 57 push edi + * 01228304 53 push ebx + * 01228305 e8 a62c0000 call .0122afb0 + * 0122830a a1 a0a84b01 mov eax,dword ptr ds:[0x14ba8a0] + * 0122830f 8b0d aca84b01 mov ecx,dword ptr ds:[0x14ba8ac] + * 01228315 3bc1 cmp eax,ecx + * 01228317 76 08 jbe short .01228321 + * 01228319 2bc1 sub eax,ecx + * 0122831b 50 push eax + * 0122831c e8 1f2e0000 call .0122b140 + * 01228321 c745 fc ffffffff mov dword ptr ss:[ebp-0x4],-0x1 + * 01228328 8b46 04 mov eax,dword ptr ds:[esi+0x4] + * 0122832b 83f8 01 cmp eax,0x1 + * 0122832e 75 2c jnz short .0122835c + * 01228330 8b06 mov eax,dword ptr ds:[esi] + * 01228332 85c0 test eax,eax + * 01228334 74 09 je short .0122833f + * 01228336 50 push eax + * 01228337 e8 3b7c1300 call .0135ff77 + * 0122833c 83c4 04 add esp,0x4 + * 0122833f 56 push esi + * 01228340 e8 33781300 call .0135fb78 + * 01228345 83c4 04 add esp,0x4 + * 01228348 8bc6 mov eax,esi + * 0122834a 8b4d f4 mov ecx,dword ptr ss:[ebp-0xc] + * 0122834d 64:890d 00000000 mov dword ptr fs:[0],ecx + * 01228354 59 pop ecx + * 01228355 5f pop edi + * 01228356 5e pop esi + * 01228357 5b pop ebx + * 01228358 8be5 mov esp,ebp + * 0122835a 5d pop ebp + * 0122835b c3 retn + * 0122835c 48 dec eax + * 0122835d 8946 04 mov dword ptr ds:[esi+0x4],eax + * 01228360 8bc6 mov eax,esi + * 01228362 8b4d f4 mov ecx,dword ptr ss:[ebp-0xc] + * 01228365 64:890d 00000000 mov dword ptr fs:[0],ecx + * 0122836c 59 pop ecx + * 0122836d 5f pop edi + * 0122836e 5e pop esi + * 0122836f 5b pop ebx + * 01228370 8be5 mov esp,ebp + * 01228372 5d pop ebp + * 01228373 c3 retn + * 01228374 cc int3 + * 01228375 cc int3 + * 01228376 cc int3 + * 01228377 cc int3 + * 01228378 cc int3 + */ + +namespace +{ // unnamed + + // Skip individual L'\n' which might cause repetition. + // bool NewLineWideCharSkipper(LPVOID data, DWORD *size, HookParam *) + //{ + // LPCWSTR text = (LPCWSTR)data; + // if (*size == 2 && *text == L'\n') + // return false; + // return true; + //} + // + + bool NewKiriKiriZHook(DWORD addr) + { + HookParam hp; + hp.address = addr; + hp.offset = get_reg(regs::ecx); + hp.split = hp.offset; // the same logic but diff value as KiriKiri1, use [ecx] as split + hp.index = 0x14; // the same as KiriKiri1 + hp.type = CODEC_UTF16 | DATA_INDIRECT | USING_SPLIT | SPLIT_INDIRECT; + // hp.filter_fun = NewLineCharFilterW; + ConsoleOutput("INSERT KiriKiriZ"); + ConsoleOutput("KiriKiriZ: disable GDI hooks"); + return NewHook(hp, "KiriKiriZ"); + } + + bool InsertKiriKiriZHook1() + { + ULONG addr = MemDbg::findCallerAddressAfterInt3((DWORD)::GetGlyphOutlineW, processStartAddress, processStopAddress); + if (!addr) + { + ConsoleOutput("KiriKiriZ1: could not find caller of GetGlyphOutlineW"); + return false; + } + + HookParam hp; + hp.address = addr; + hp.text_fun = + [](hook_stack *stack, HookParam *hp, TextBuffer *buffer, uintptr_t *split) + { + hp->text_fun = nullptr; + hp->type = HOOK_EMPTY; + DWORD addr = stack->stack[0]; // retaddr + addr = MemDbg::findEnclosingAlignedFunction(addr, 0x400); // range is around 0x377c50 - 0x377a40 = 0x210 + if (!addr) + { + ConsoleOutput("KiriKiriZ: failed to find enclosing function"); + return; + } + NewKiriKiriZHook(addr); + ConsoleOutput("KiriKiriZ1 inserted"); + }; + ConsoleOutput("INSERT KiriKiriZ1 empty hook"); + + return NewHook(hp, "KiriKiriZ Hook"); + } + + // jichi 1/30/2015: Add KiriKiriZ2 for サノバウィッ� + // It inserts to the same location as the old KiriKiriZ, but use a different way to find it. + bool InsertKiriKiriZHook2() + { + const BYTE bytes[] = { + 0x38, 0x4b, 0x21, // 0122812f 384b 21 cmp byte ptr ds:[ebx+0x21],cl + 0x0f, 0x95, 0xc1, // 01228132 0f95c1 setne cl + 0x33, 0xc0, // 01228135 33c0 xor eax,eax + 0x38, 0x43, 0x20, // 01228137 3843 20 cmp byte ptr ds:[ebx+0x20],al + 0x0f, 0x95, 0xc0, // 0122813a 0f95c0 setne al + 0x33, 0xc8, // 0122813d 33c8 xor ecx,eax + 0x33, 0x4b, 0x10, // 0122813f 334b 10 xor ecx,dword ptr ds:[ebx+0x10] + 0x0f, 0xb7, 0x43, 0x14 // 01228142 0fb743 14 movzx eax,word ptr ds:[ebx+0x14] + }; + ULONG range = min(processStopAddress - processStartAddress, MAX_REL_ADDR); + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStartAddress + range); + // GROWL_DWORD(addr); + if (!addr) + { + ConsoleOutput("KiriKiriZ2: pattern not found"); + return false; + } + + // 012280e0 55 push ebp + // 012280e1 8bec mov ebp,esp + addr = MemDbg::findEnclosingAlignedFunction(addr, 0x100); // 0x0122812f-0x012280e0 = 0x4F + enum : BYTE + { + push_ebp = 0x55 + }; // 011d4c80 /$ 55 push ebp + if (!addr || *(BYTE *)addr != push_ebp) + { + ConsoleOutput("KiriKiriZ2: pattern found but the function offset is invalid"); + return false; + } + + NewKiriKiriZHook(addr); + ConsoleOutput("KiriKiriZ2 inserted"); + return true; + } + +} // unnamed namespace + +// jichi 1/30/2015: Do KiriKiriZ2 first, which might insert to the same location as KiriKiri1. + +bool KiriKiriZ_msvcFilter(LPVOID data, size_t *size, HookParam *) +{ + auto text = reinterpret_cast(data); + auto len = reinterpret_cast(size); + static std::wstring prevText; + + if (!*len) + return false; + text[*len / sizeof(wchar_t)] = L'\0'; // clean text + + if (!prevText.compare(text)) + return false; + prevText = text; + + StringCharReplacer(text, len, L"\\n", 2, L' '); + if (cpp_wcsnstr(text, L"%", *len / sizeof(wchar_t))) + { + StringFilterBetween(text, len, L"%", 1, L";", 1); + } + return true; +} +bool Krkrtextrenderdll() +{ + HMODULE module = GetModuleHandleW(L"textrender.dll"); + if (module == 0) + return false; + if (GetProcAddress(module, "V2Link") == 0) + return false; + + bool b1 = [module]() + { + auto [minAddress, maxAddress] = Util::QueryModuleLimits(module); + BYTE bytes[] = { + 0x81, 0xEC, 0xFC, 0x00, 0x00, 0x00}; + auto addr = MemDbg::findBytes(bytes, sizeof(bytes), minAddress, maxAddress); + if (addr == 0) + return false; + addr = MemDbg::findEnclosingAlignedFunction(addr); + if (addr == 0) + return false; + ConsoleOutput("textrender %p", addr); + HookParam hp; + hp.address = (DWORD)addr; + hp.offset = get_stack(2); + hp.type = CODEC_UTF16; + + return NewHook(hp, "krkr_textrender"); + }(); + bool b2 = [module]() + { + auto [minAddress, maxAddress] = Util::QueryModuleLimits(module); + BYTE bytes[] = { + 0xFF, XX, + 0x88, XX, XX, XX, + XX, XX, XX, XX, + XX, XX, + 0x74, XX, + XX, XX, XX, XX, + XX, + XX, + 0xE8, XX, XX, XX, XX, + 0xB0, 0x01, + 0xC3}; + auto addr = MemDbg::findBytes(bytes, sizeof(bytes), minAddress, maxAddress); + if (addr == 0) + return false; + ConsoleOutput("textrender %p", addr); + HookParam hp; + hp.address = addr - 0xb; + hp.offset = get_reg(regs::eax); + hp.type = CODEC_UTF16 | USING_STRING; + hp.filter_fun = KiriKiriZ_msvcFilter; + return NewHook(hp, "krkr_textrender"); + }(); + return b1 || b2; +} +bool KiriKiriZ3Filter(LPVOID data, size_t *size, HookParam *) +{ + auto text = reinterpret_cast(data); + auto len = reinterpret_cast(size); + + CharFilter(text, len, L'\x000A'); + if (cpp_wcsnstr(text, L"%", *len / sizeof(wchar_t))) + { + StringFilterBetween(text, len, L"%", 1, L"%", 1); + } + + return true; +} + +bool InsertKiriKiriZHook3() +{ + + /* + * Sample games: + * https://vndb.org/r109253 + */ + const BYTE bytes[] = { + 0x66, 0x83, 0x3F, 0x00, // cmp word ptr [edi],00 << hook here + 0x75, 0x06, // jne Imouto_no_Seiiki.exe+195C1 + 0x33, 0xDB, // xor ebx,ebx + 0x89, 0x1E, // mov [esi],ebx + 0xEB, 0x1B // jmp Imouto_no_Seiiki.exe+195DC + }; + + ULONG range = min(processStopAddress - processStartAddress, MAX_REL_ADDR); + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStartAddress + range); + if (!addr) + { + ConsoleOutput("KiriKiriZ3: pattern not found"); + return false; + } + + HookParam hp; + hp.address = addr; + hp.offset = get_reg(regs::edi); + hp.split = get_reg(regs::edx); + hp.type = NO_CONTEXT | CODEC_UTF16 | USING_STRING | USING_SPLIT; + hp.filter_fun = KiriKiriZ3Filter; + ConsoleOutput("INSERT KiriKiriZ3"); + return NewHook(hp, "KiriKiriZ3"); +} + +bool KiriKiriZ4Filter(LPVOID data, size_t *size, HookParam *) +{ + auto text = reinterpret_cast(data); + auto len = reinterpret_cast(size); + + if (text[0] == L' ' || text[0] == L':' || text[0] == L'@' || text[0] == L'[' || text[0] == L']') + return false; + + if (cpp_wcsnstr(text, L"[", *len / sizeof(wchar_t))) + { + StringCharReplacer(text, len, L"[r]", 3, L' '); + StringFilterBetween(text, len, L"[", 1, L"]", 1); + } + + return true; +} + +bool InsertKiriKiriZHook4() +{ + + /* + * Sample games: + * https://vndb.org/r111774 + * https://vndb.org/v38021 + */ + const BYTE bytes[] = { + 0xE8, 0xE8, 0xBA, 0xFE, 0xFF, // call Shironagasu.exe+227B0 << hook here + 0xC7, 0x45, 0xFC, XX4, // mov [ebp-04],00000000 + 0xC7, 0x45, 0xF0, XX4, // mov [ebp-10],00000001 + 0x8B, 0x45, 0x08 // mov eax,[ebp+08] + }; + + ULONG range = min(processStopAddress - processStartAddress, MAX_REL_ADDR); + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStartAddress + range); + if (!addr) + { + ConsoleOutput("KiriKiriZ4: pattern not found"); + return false; + } + + HookParam hp; + hp.address = addr; + hp.offset = get_reg(regs::ebx); + hp.type = NO_CONTEXT | CODEC_UTF16 | USING_STRING; + hp.filter_fun = KiriKiriZ4Filter; + ConsoleOutput("INSERT KiriKiriZ4"); + return NewHook(hp, "KiriKiriZ4"); +} +bool InsertKiriKiriZHook() +{ + auto ok = Krkrtextrenderdll(); + ok = InsertKiriKiriZHook3() || ok; + ok = InsertKiriKiriZHook4() || ok; + return InsertKiriKiriZHook2() || InsertKiriKiriZHook1() || ok; +} +namespace +{ + int type = 0; + std::wstring saveend = L""; + void hookafter(hook_stack *s, void *data, size_t len) + { + + auto newText = std::wstring((wchar_t *)data, len / 2); // EngineController::instance()->dispatchTextWSTD(innner, Engine::ScenarioRole, 0); + newText = newText + L"[plc]"; + if (type == 2) + { + newText = L"[x]" + newText; + } + else if (type == 1) + { + newText = std::regex_replace(newText, std::wregex(L"\u300c"), L"\\[\u300c\\]"); + newText = std::regex_replace(newText, std::wregex(L"\u300d"), L"\\[\u300d\\]"); + } + newText += saveend; + auto text = (LPWSTR)s->esi; + wcscpy(text, newText.c_str()); + } + void hookBefore(hook_stack *s, HookParam *hp, TextBuffer *buffer, uintptr_t *role) + { + // シロガネオトメ + auto text = (LPWSTR)s->esi; + if (!text || !*text) + return; + + if (all_ascii(text, wcslen(text))) + return; + std::wstring wstext = text; + //[「]ぱ、ぱんつなんてどうしてそんなに気になるの。ゆきちゃんだってはいてるでしょ[」][plc] ->对话 + //[x]彼女は言葉通りに、お風呂上がりにパンツを穿き忘れてそのまま一日過ごしかけたりすることがあった。ボクはそれをまじめに心配していたのだ(開き直り)。[plc] ->旁白 + /* + //算了,改人名容易出问题 + //[name name="?/翼"] ->人名 + //[name name="翼"] + auto checkisname=std::regex_replace(wstext, std::wregex(L"\\[name name=\"(.*?)\"\\]"), L""); + if(wstext!=L"" && checkisname==L""){ + auto name=std::regex_replace(wstext, std::wregex(L"\\[name name=\"(.*?)\"\\]"), L"$1"); + + auto _idx=name.find(L'\uff0f'); + std::wstring end=L""; + if(_idx!=name.npos){ + name=name.substr(0,_idx); + end=name.substr(_idx); + } + name = EngineController::instance()->dispatchTextWSTD(name, Engine::NameRole, 0); + name+=end; + name=L"[name name=\""+name+L"\"]"; + wcscpy(text,name.c_str()); + return true; + } + */ + if (wstext.size() < 5 || (wstext.substr(wstext.size() - 5) != L"[plc]")) + return; + + type = 0; + if (wstext.substr(0, 3) == L"[x]") + { + type = 1; + wstext = wstext.substr(3); + } + else if (wstext.substr(0, 3) == L"[\u300c]") + { // 「 」 + type = 2; + wstext = std::regex_replace(wstext, std::wregex(L"\\[\u300c\\]"), L"\u300c"); + wstext = std::regex_replace(wstext, std::wregex(L"\\[\u300d\\]"), L"\u300d"); + } + if (type == 0) + return; // 未知类型 + saveend = L""; + auto innner = wstext.substr(0, wstext.size() - 5); + innner = std::regex_replace(innner, std::wregex(L"\\[eruby text=(.*?) str=(.*?)\\]"), L"$2"); + if (innner[innner.size() - 1] == L']') + { + // 「ボクの身体をあれだけ好き勝手しておいて、いまさらカマトトぶっても遅いよ。ほら、正直になりなよ」[waitsd layer=&CHAR6] + for (int i = innner.size(); i > 0; i--) + { + if (innner[i] == '[') + { + saveend = innner.substr(i); + innner = innner.substr(0, i); + break; + } + } + } + buffer->from(innner); + } + + bool attachkr2(ULONG startAddress, ULONG stopAddress) + { + // シロガネオトメ + // .text:005D288D 66 8B 06 mov ax, [esi] + // .text:005D2890 66 83 F8 3B cmp ax, 3Bh ; ';' + // .text:005D2894 0F 84 AA 06 00 00 jz loc_5D2F44 + // .text:005D2894 + // .text:005D289A 66 83 F8 2A cmp ax, 2Ah ; '*' + // .text:005D289E 0F 85 DF 02 00 00 jnz loc_5D2B83 + + // 修改v3的值 + // v3 = *(const wchar_t **)(*(_DWORD *)(a1 + 100) + 8 * *(_DWORD *)(a1 + 116)); + // if ( *v3 != 59 ) + // { + // if ( *v3 == 42 ) + const uint8_t bytes[] = { + 0x66, 0x8B, 0x06, 0x66, 0x83, 0xF8, 0x3B, 0x0F, XX, XX4, 0x66, 0x83, 0xF8, 0x2A, 0x0F}; + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), startAddress, stopAddress); + if (!addr) + return false; + HookParam hp; + hp.address = addr; + hp.type = EMBED_ABLE | CODEC_UTF16 | NO_CONTEXT; + hp.text_fun = hookBefore; + hp.hook_after = hookafter; + return NewHook(hp, "EmbedKrkr2"); + } + +} // namespace Private + +namespace Private +{ + + std::wstring ConvertToFullWidth(const std::wstring &str) + { + std::wstring fullWidthStr; + wchar_t last = 0; + for (wchar_t c : str) + { + if (c >= 32 && c <= 126 && c != L'\\' && last != L'\\') + { + fullWidthStr += static_cast(c + 65248); + } + else + { + fullWidthStr += c; + } + last = c; + } + return fullWidthStr; + } + + void hookBeforez(hook_stack *s, HookParam *hp, TextBuffer *buffer, uintptr_t *split) + { + + auto text = (LPCSTR)s->ecx; + if (!text || !*text) + return; + if (strlen(text) > 2000) + return; + if (all_ascii(text, strlen(text))) + return; + //"。」』?―!、" + auto chatflags = {"\xe3\x80\x82", "\xe3\x80\x8d", "\xe3\x80\x8f", "\xef\xbc\x9f", "\xe2\x80\x95", "\xef\xbc\x81", "\xe3\x80\x81"}; + bool ok = false; + for (auto f : chatflags) + { + if (strstr(text, f)) + ok = true; + } + if (ok == false) + return; + // auto role = Engine::ScenarioRole ; + // auto split = s->edx; + // auto sig = Engine::hashThreadSignature(role, split); + + std::string utf8save = text; + strReplace(utf8save, "%51;", "\\-"); + strReplace(utf8save, "%164;", "\\+\\+"); + strReplace(utf8save, "%123;", "\\+"); + strReplace(utf8save, "%205;", "\\+\\+\\+"); + strReplace(utf8save, "#000033ff;", "\\#0033FF"); + strReplace(utf8save, "#;", "\\#FFFFFF"); + strReplace(utf8save, "#00ff0000;", "\\#FF0000"); + strReplace(utf8save, "%p-1;%f\xef\xbc\xad\xef\xbc\xb3 \xe3\x82\xb4\xe3\x82\xb7\xe3\x83\x83\xe3\x82\xaf;", ""); //"%p-1;%fMS ゴシック;" + strReplace(utf8save, "%p;%fuser;", ""); + + buffer->from(utf8save); + } + void after(hook_stack *s, void *data, size_t len) + { + + std::string res = std::string((char *)data, len); // EngineController::instance()->dispatchTextWSTD(innner, Engine::ScenarioRole, 0); + strReplace(res, "\\-", "%51;"); + strReplace(res, "\\+\\+", "%164;"); + strReplace(res, "\\+", "%123;"); + strReplace(res, "\\+\\+\\+", "%205;"); + strReplace(res, "\\#0033FF", "#000033ff;"); + strReplace(res, "\\#FFFFFF", "#;"); + strReplace(res, "\\#FF0000", "#00ff0000;"); + res = WideStringToString(ConvertToFullWidth((StringToWideString(res)))); + s->ecx = (DWORD)allocateString(res); + } + bool attach(ULONG startAddress, ULONG stopAddress) + { + // findbytes搜索1长度BYTE[]时有问题。 + // mashiro_fhd + // BYTE sig0[]={0x8B,XX};//mov esi,ecx + // ecx->XXX->esi->al/bl/cl/dl + /* + eax c1 + ebx d9 + ebp e9 + edx d1 + edi f9 + esi f1 + */ + + // BYTE sig01[]={0x8A,XX};//mov al, [esi] +/* +al 06 +bl 1e +cl 0e +dl 16 +*/ +#define sigs(n, N) \ + BYTE sig1##n[] = {0x3C, N}; \ + BYTE sig2##n[] = {0x80, XX, N}; +#define addsig(n) {sig1##n, sig2##n}, + sigs(1, 0x80) sigs(2, 0xc2) sigs(3, 0xE0) sigs(4, 0xF0) sigs(5, 0xF8) sigs(6, 0xFC) sigs(7, 0xFE) + // BYTE sig1[]={0x3C,0x80,XX};//0x73//0x0f + // BYTE sig2[]={0x3C,0xC2,XX}; + // BYTE sig3[]={0x3C,0xE0,XX}; + // BYTE sig4[]={0x3C,0xF0,XX}; + // BYTE sig5[]={0x3C,0xF8,XX}; + // BYTE sig6[]={0x3C,0xFC,XX}; + // BYTE sig7[]={0x3C,0xFE,XX}; + + ULONG addr = startAddress; + bool succ = false; + while (addr) + { + // MessageBox(0,xx,L"",0); + + addr = [](DWORD addr, DWORD stopAddress) + { + for (; addr < stopAddress; addr++) + if ((*(BYTE *)addr) == 0x8b) + switch (*(BYTE *)(addr + 1)) + { + case 0xc1: + case 0xd9: + case 0xe9: + case 0xd1: + case 0xf9: + case 0xf1: + return addr; + default: + continue; + } + return (DWORD)0; + }(addr + 1, stopAddress); + // ConsoleOutput("%p",0x400000+addr-startAddress); + if (addr == 0) + continue; + auto check = [](DWORD addr, DWORD stopAddress) + { + for (; addr < stopAddress; addr++) + if ((*(BYTE *)addr) == 0x8a) + switch (*(BYTE *)(addr + 1)) + { + case 0x06: + case 0x1e: + case 0x0e: + case 0x16: + return addr; + default: + continue; + } + return (DWORD)0; + }(addr, addr + 0x10); + if (check == 0) + continue; + switch (*(BYTE *)(check + 1)) + { + case 0x06: + case 0x1e: + case 0x0e: + case 0x16: + break; + default: + continue; + } + bool ok = true; + for (auto p : std::vector>{ + addsig(1) addsig(2) addsig(3) addsig(4) addsig(5) addsig(6) addsig(7) + + }) + { + auto check1 = MemDbg::findBytes(p.first, 2, check, check + 0x1000); + auto check2 = MemDbg::findBytes(p.second, 3, check, check + 0x1000); + check = min(check1, check2); + if (check == 0) + check = max(check1, check2); + if (check == 0) + { + ok = false; + break; + } + } + if (ok) + { + HookParam hp; + hp.address = addr; + hp.type = EMBED_ABLE | CODEC_UTF8 | NO_CONTEXT | USING_STRING; + hp.text_fun = hookBeforez; + hp.hook_after = after; + hp.newlineseperator = L"\\n"; + hp.hook_font = F_GetTextExtentPoint32W | F_GetGlyphOutlineW; + succ |= NewHook(hp, "EmbedKrkrZ"); + // return true; + } + } + + return succ; + } + +} // namespace ScenarioHook +namespace +{ + bool wcslen_wcscpy() + { + // LOVELY×CATION + const uint8_t bytes2[] = { + // wcscpy 唯一 + 0x55, 0x8b, 0xec, + 0x53, 0x56, 0x8b, 0x75, 0x0c, 0x56, 0xe8, XX, 0xFF, 0xFF, 0xFF, // call wcslen,距离很近,故均为ff + 0x59, 0x8b, 0xd8, 0x33, XX, 0x8b, 0x45, 0x08}; + const uint8_t bytes[] = { + // wcslen 有多个,可以修改任意一个,但是会造成困扰 + 0x55, 0x8b, 0xec, + 0x33, XX, + 0x8b, 0x45, 0x08, + 0xeb, 0x04, + XX, + 0x83, 0xc0, 0x02, + 0x66, 0x83, 0x38, 0x00, + 0x75, 0xf6, + 0x8b, XX, + 0x5d, 0xc3}; + ULONG addr = MemDbg::findBytes(bytes2, sizeof(bytes2), processStartAddress, processStopAddress); + static int off; + off = 8; + if (addr == 0) + { + addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStopAddress); + off = 4; + } + if (addr == 0) + return false; + HookParam hp; + hp.address = addr; + if (off == 8) + hp.type = CODEC_UTF16 | USING_STRING | NO_CONTEXT | EMBED_ABLE ; + else + hp.type = CODEC_UTF16 | USING_STRING | EMBED_ABLE; + hp.offset = off; + hp.filter_fun = [](LPVOID data, size_t *size, HookParam *) + { + auto t = std::wstring((wchar_t *)data, *size / 2); + if (all_ascii(t.c_str(), t.size())) + return false; + if (t.find(L".ks") != t.npos || t.find(L".tjs") != t.npos || t.find(L".xp3") != t.npos || t.find(L"/") != t.npos || t.find(L"\\") != t.npos || t[0] == L'@') + return false; // 脚本路径或文件路径 + // if(t.find(L"[\u540d\u524d]")!=t.npos)return false; //[名前],翻译后破坏结构 + if (t.find(L"\u8aad\u307f\u8fbc\u307f") != t.npos) + return false; // 読み込み + if (t.size() > 4 && t.substr(t.size() - 4) == L"[np]") + t = t.substr(0, t.size() - 4); + if (t.size() > 4 && t.substr(t.size() - 3) == L"[r]") + t = t.substr(0, t.size() - 3); // 揺り籠より天使まで + t = std::regex_replace(t, std::wregex(L"\\[\ruby text=\"(.*?)\"\\]"), L""); + t = std::regex_replace(t, std::wregex(L"\\[ruby text=\"(.*?)\"\\]"), L""); + t = std::regex_replace(t, std::wregex(L"\\[ch text=\"(.*?)\"\\]"), L"$1"); + if (std::any_of(t.begin(), t.end(), [](wchar_t c) + { return (c <= 127) && ((c != L'[') || c != L']'); })) + return false; + return write_string_overwrite(data, size, t); + }; + hp.hook_after = [](hook_stack *s, void *data, size_t len) + { + auto t = std::wstring((wchar_t *)s->stack[off / 4]); + auto newText = std::wstring((wchar_t *)data, len / 2); + if (t.size() > 4 && t.substr(t.size() - 4) == L"[np]") + newText = newText + L"[np]"; + if (t.size() > 3 && t.substr(t.size() - 3) == L"[r]") + newText = newText + L"[r]"; // 揺り籠より天使まで + wcscpy((wchar_t *)s->stack[off / 4], newText.c_str()); + }; + hp.hook_font = F_GetTextExtentPoint32W | F_GetGlyphOutlineW; + return NewHook(hp, "Krkr2wcs"); + } +} +bool KiriKiri3Filter(LPVOID data, size_t *size, HookParam *) +{ + auto text = reinterpret_cast(data); + auto len = reinterpret_cast(size); + static std::wstring prevText; + + if (!*len) + return false; + text[*len / sizeof(wchar_t)] = L'\0'; // clean text + if (!prevText.compare(text)) + return false; + prevText = text; + + if (cpp_wcsnstr(text, L"[", *len / sizeof(wchar_t))) + { + StringCharReplacer(text, len, L"[r]", 3, L' '); + StringFilterBetween(text, len, L"[", 1, L"]\\", 2); + // ruby type 1 + StringFilterBetween(text, len, L"[mruby r=", 9, L"\" text=\"", 8); // [mruby r="ゆきみ" text="由紀美"] + // ruby type 2 + StringFilterBetween(text, len, L"[ruby text=", 11, L"]", 1); // [ruby text="せんがわ" align="e"][ch text="仙川"] + StringFilter(text, len, L"[ch text=\"", 10); // [ruby text="せんがわ" align="e"][ch text="仙川"] + // ruby type 1-2 + StringFilter(text, len, L"\"]", 2); + // end ruby + StringFilter(text, len, L"[heart]", 7); + } + + StringCharReplacer(text, len, L"\uff0f", 1, L'\n'); + if (cpp_wcsnstr(text, L"[", *len / sizeof(wchar_t))) // detect garbage sentence. [ruby text=%r][ch text=%text][macropop] + return false; + + return true; +} +bool InsertKiriKiri3Hook() +{ + + /* + * Sample games: + * https://vndb.org/v16190 + * https://vndb.org/v43048 + * https://vndb.org/v46112 + * https://vndb.org/v20491 + * https://vndb.org/v28695 + * https://vndb.org/v5549 + * https://vndb.org/v28513 + * https://vndb.org/v46499 + */ + const BYTE bytes[] = { + 0x75, 0x09, // jne GAME.EXE+1D5B37 + 0x8B, 0x85, XX4, // mov eax,[ebp-00000254] + 0xFF, 0x40, 0x78 // inc [eax+78] + }; + + ULONG range = min(processStopAddress - processStartAddress, MAX_REL_ADDR); + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStartAddress + range); + if (!addr) + { + ConsoleOutput("KiriKiri3: pattern not found"); + return false; + } + + HookParam hp; + hp.address = addr; + hp.offset = get_reg(regs::ecx); + hp.index = 0; + hp.split = get_reg(regs::eax); + hp.split_index = 0; + hp.type = CODEC_UTF16 | USING_STRING | USING_SPLIT; + hp.filter_fun = KiriKiri3Filter; + ConsoleOutput("INSERT KiriKiri3"); + return NewHook(hp, "KiriKiri3"); +} + +bool KiriKiri4Filter(LPVOID data, size_t *size, HookParam *) +{ + auto text = reinterpret_cast(data); + auto len = reinterpret_cast(size); + + if (text[0] == L'[' || text[0] == L'@' || (*len <= 2 && text[0] == L' ')) + return false; + + if (cpp_wcsnstr(text, L"[", *len / sizeof(wchar_t))) + { + StringCharReplacer(text, len, L"[r]", 3, L' '); + StringFilterBetween(text, len, L"[", 1, L"]\\", 2); + // ruby type 1 + StringFilterBetween(text, len, L"[mruby r=", 9, L"\" text=\"", 8); // [mruby r="ゆきみ" text="由紀美"] + // ruby type 2 + StringFilterBetween(text, len, L"[ruby text=", 11, L"]", 1); // [ruby text="せんがわ" align="e"][ch text="仙川"] + StringFilterBetween(text, len, L"[Ruby text", 10, L"]", 1); // [Ruby text = "Sawano"][ch text="沢野"] + StringFilter(text, len, L"[ch text=\"", 10); // [ruby text="せんがわ" align="e"][ch text="仙川"] + // ruby type 1-2 + StringFilter(text, len, L"\"]", 2); + // end ruby + StringFilterBetween(text, len, L"[", 1, L"]", 1); + } + + return true; +} + +bool InsertKiriKiri4Hook() +{ + /* + * Sample games: + * https://vndb.org/r114393 + * https://vndb.org/v2916 + * https://vndb.org/r117083 + * https://vndb.org/v3851 + * https://vndb.org/v7804 + * https://vndb.org/v11123 + * https://vndb.org/v18650 + * https://vndb.org/v38034 + */ + const BYTE bytes[] = { + 0xE8, XX4, // call Kansen1._GetExceptDLLinfo+67B <-- hook here + 0x8D, 0x45, 0xA4, // lea eax,[ebp-5C] + 0xFF, 0x45, 0x9C, // inc [ebp-64] + 0xE8, XX4 // call Kansen1.exe+1D561C + }; + ULONG range = min(processStopAddress - processStartAddress, MAX_REL_ADDR); + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStartAddress + range); + if (!addr) + { + ConsoleOutput("KiriKiri4: pattern not found"); + return false; + } + + HookParam hp = {}; + hp.address = addr; + hp.offset = get_reg(regs::edx); + hp.type = NO_CONTEXT | CODEC_UTF16 | USING_STRING; + hp.filter_fun = KiriKiri4Filter; + ConsoleOutput(" INSERT KiriKiri4"); + NewHook(hp, "KiriKiri4"); + return true; +} +bool KiriKiri::attach_function() +{ + if (Util::SearchResourceString(L"TVP(KIRIKIRI) Z ")) + { // TVP(KIRIKIRI) Z CORE + // jichi 11/24/2014: Disabled that might crash VBH + // if (Util::CheckFile(L"plugin\\KAGParser.dll")) + // InsertKAGParserHook(); + // else if (Util::CheckFile(L"plugin\\KAGParserEx.dll")) + // InsertKAGParserExHook(); + bool krz = Private::attach(processStartAddress, processStopAddress); + if (InsertKiriKiriZHook() || krz) + return true; + } + bool b1 = attachkr2(processStartAddress, processStopAddress); + bool _3 = wcslen_wcscpy(); + auto _ = InsertKiriKiriHook() || InsertKiriKiriZHook() || b1 || _3; + return (InsertKiriKiri4Hook() | InsertKiriKiri3Hook()) || _; +} diff --git a/cpp/LunaHook/LunaHook/engine32/KiriKiri.h b/cpp/LunaHook/LunaHook/engine32/KiriKiri.h new file mode 100644 index 00000000..78775391 --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/KiriKiri.h @@ -0,0 +1,13 @@ + + +class KiriKiri:public ENGINE{ + public: + KiriKiri(){ + + check_by=CHECK_BY::CUSTOM; + check_by_target=[](){ + return Util::CheckFile(L"*.xp3") || Util::SearchResourceString(L"TVP(KIRIKIRI)"); + }; + }; + bool attach_function(); +}; diff --git a/cpp/LunaHook/LunaHook/engine32/LCScript.cpp b/cpp/LunaHook/LunaHook/engine32/LCScript.cpp new file mode 100644 index 00000000..5159b6b5 --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/LCScript.cpp @@ -0,0 +1,1010 @@ +#include "LCScript.h" +namespace +{ // unnamed + namespace ScenarioHook + { + namespace Private + { + + // Skip trailing 0203 + LPCSTR trim(LPCSTR text, int *size) + { + auto length = *size; + while (length && (UINT8)text[0] <= 127) + { // remove all leading ASCII characters including zeros + text++; + length--; + } + while (length && (UINT8)text[length - 1] == 0) // remove all trailing zeros + length--; + // remove all trailing illegal double-characters + enum + { + MinimumByte = 0x6 + }; // the same as dynamicEncodingMinimumByte + while (length >= 2 && (UINT8)text[length - 1] < MinimumByte && (UINT8)text[length - 2] < MinimumByte) + length -= 2; + *size = length; + return text; + } + + /** + * Sample game: 春恋*乙女~乙女の園でごきげんよう。~ + * + * 067C73FA 8F CD 90 6D 01 81 75 96 7B 93 96 82 C9 82 B1 82 章仁「本当にこ・ + * 067C740A F1 82 C8 82 C6 82 B1 82 EB 82 AA 82 A0 82 E9 82 ネところがある・ + * 067C741A F1 82 BE 82 C8 82 9F 81 63 81 63 81 76 02 03 00 セなぁ……」. + * 067C742A 38 00 00 00 01 81 40 96 DA 82 CC 91 4F 82 C9 8D 8... 目の前に・ + * 067C743A 4C 82 AA 82 E9 8C F5 8C 69 82 F0 91 4F 82 C9 81 Lがる光景を前に・ + * + * Name/scenario splitter: 01 () + * New line splitter: 0203 () + */ + + // 0042FBE8 A1 E8234A00 MOV EAX,DWORD PTR DS:[0x4A23E8] ; jichi: text length here + // + // 0042FC03 8B15 E8234A00 MOV EDX,DWORD PTR DS:[0x4A23E8] ; jichi: text length here + // 0042FC09 8B4C24 10 MOV ECX,DWORD PTR SS:[ESP+0x10] ; jichi: count is here + // 0042FC0D 8B76 04 MOV ESI,DWORD PTR DS:[ESI+0x4] + // 0042FC10 894424 14 MOV DWORD PTR SS:[ESP+0x14],EAX + // 0042FC14 8B92 44290000 MOV EDX,DWORD PTR DS:[EDX+0x2944] ; jichi: offset + // 0042FC1A 8BF8 MOV EDI,EAX + // 0042FC1C 8BC1 MOV EAX,ECX + // 0042FC1E 83C4 04 ADD ESP,0x4 + // 0042FC21 8D7432 04 LEA ESI,DWORD PTR DS:[EDX+ESI+0x4] + + ULONG textBaseAddress_, // 0042FC03 8B15 E8234A00 MOV EDX,DWORD PTR DS:[0x4A23E8] + textOffset_; // 0042FC14 8B92 44290000 MOV EDX,DWORD PTR DS:[EDX+0x2944] + + std::string data_; + + /** + * Sample game: 姦獄学園 + * Sample stack when hook1 is invoked: + * 0012FE10 00000003 + * 0012FE14 00000008 + * 0012FE18 7FFDF000 + * 0012FE1C 00000000 + * 0012FE20 00000000 + * 0012FE24 0012FEB0 Pointer to next SEH record + * 0012FE28 00480918 SE handler + * 0012FE2C 00000000 + * 0012FE30 00419B16 RETURN to .00419B16 from .0040169F + * 0012FE34 0012FE4C + * 0012FE38 0012FE70 + * 0012FE3C 00000040 + * 0012FE40 77032EB2 user32.PeekMessageA + * 0012FE44 00000000 + * 0012FE48 00000039 + * 0012FE4C 00000002 + * 0012FE50 00000039 + * 0012FE54 00000000 + * 0012FE58 00000000 + * + * Scenario thread caller: + * + * 0041C27C E8 D65AFEFF CALL .00401D57 + * 0041C281 8D5424 38 LEA EDX,DWORD PTR SS:[ESP+0x38] + * 0041C285 68 00040000 PUSH 0x400 + * 0041C28A 8D4424 34 LEA EAX,DWORD PTR SS:[ESP+0x34] + * 0041C28E 52 PUSH EDX + * 0041C28F 50 PUSH EAX + * 0041C290 E8 2354FEFF CALL .004016B8 ; jichi: scenario caller here + * 0041C295 83C4 0C ADD ESP,0xC + * 0041C298 8D4C24 38 LEA ECX,DWORD PTR SS:[ESP+0x38] + * 0041C29C 8B15 B44E4A00 MOV EDX,DWORD PTR DS:[0x4A4EB4] + * 0041C2A2 51 PUSH ECX + * 0041C2A3 8B0D 5C0A4A00 MOV ECX,DWORD PTR DS:[0x4A0A5C] + * 0041C2A9 8BC1 MOV EAX,ECX + * + * Other thread callers: + * + * 00421298 8D8424 B0000000 LEA EAX,DWORD PTR SS:[ESP+0xB0] + * 0042129F 50 PUSH EAX + * 004212A0 51 PUSH ECX + * 004212A1 895424 2C MOV DWORD PTR SS:[ESP+0x2C],EDX + * 004212A5 E8 0E04FEFF CALL .004016B8 ; jichi: other caller + * 004212AA 8D5424 38 LEA EDX,DWORD PTR SS:[ESP+0x38] + * 004212AE 68 80000000 PUSH 0x80 + * 004212B3 8D4424 24 LEA EAX,DWORD PTR SS:[ESP+0x24] + * 004212B7 52 PUSH EDX + * 004212B8 50 PUSH EAX + * 004212B9 E8 FA03FEFF CALL .004016B8 ; jichi: other here + * 004212BE 83C4 18 ADD ESP,0x18 + * 004212C1 83FF 01 CMP EDI,0x1 + * 004212C4 75 68 JNZ SHORT .0042132E + * + * + * Sample game: 春恋*乙女~乙女の園でごきげんよう。~ + * Sample scenario caller: + * 0041C0C4 8D4424 38 LEA EAX,DWORD PTR SS:[ESP+0x38] + * 0041C0C8 68 00040000 PUSH 0x400 + * 0041C0CD 8D4C24 34 LEA ECX,DWORD PTR SS:[ESP+0x34] + * 0041C0D1 50 PUSH EAX + * 0041C0D2 51 PUSH ECX + * 0041C0D3 E8 C755FEFF CALL .0040169F ; jichi: called here + * 0041C0D8 8B0D 4CE94900 MOV ECX,DWORD PTR DS:[0x49E94C] + * 0041C0DE 8B35 00244A00 MOV ESI,DWORD PTR DS:[0x4A2400] + * 0041C0E4 8BC1 MOV EAX,ECX + * 0041C0E6 83C4 0C ADD ESP,0xC + * + * 0012FA54 00000001 + * 0012FA58 00000006 + * 0012FA5C 7707EA71 user32.MessageBoxA + * 0012FA60 00000000 + * 0012FA64 00000000 + * 0012FA68 0012FF78 Pointer to next SEH record + * 0012FA6C 00480918 SE handler + * 0012FA70 00000000 + * 0012FA74 0041C0D8 RETURN to .0041C0D8 from .0040169F + * 0012FA78 0012FAB4 + * 0012FA7C 0012FABC + * 0012FA80 00000400 ; jichi: used as split to identify scenario thread + * 0012FA84 00000003 + * 0012FA88 77032EB2 user32.PeekMessageA + * 0012FA8C 77033569 user32.DispatchMessageA + * 0012FA90 7FFDF000 + * 0012FA94 00000000 + * 0012FA98 00000000 + * + * Other thread caller: + * 0012FD60 00000001 + * 0012FD64 00000001 + * 0012FD68 7FFDF000 + * 0012FD6C 00000000 + * 0012FD70 00000000 + * 0012FD74 0012FF78 Pointer to next SEH record + * 0012FD78 00480918 SE handler + * 0012FD7C 00000000 + * 0012FD80 0042113A RETURN to .0042113A from .0040169F + * 0012FD84 0012FDAC + * 0012FD88 0012FE3C + * 0012FD8C 00000080 ; jichi: arg3 + * 0012FD90 00000003 + * 0012FD94 77032EB2 user32.PeekMessageA + * 0012FD98 77033569 user32.DispatchMessageA + * 0012FD9C 00000002 + * 0012FDA0 00000034 + * 0012FDA4 00000002 + * 0012FDA8 0000006D + * 0012FDAC 00000002 + * 0012FDB0 00000034 + * 0012FDB4 00000000 + * 0012FDB8 00000001 + * 0012FDBC 001907D0 + * 0012FDC0 00000202 + * + * Sample game: 恋姫†無双 + * ecx = 0x22 + * Sample game text containing zeros + * 01D6B13B 8E A9 8C 52 81 41 05 04 00 00 00 01 81 40 81 40 自軍、...   + * 01D6B14B 81 40 91 CE 01 93 47 8C 52 81 41 05 05 00 00 00  対敵軍、... + * 01D6B15B 02 00 14 00 00 00 5F 62 74 6C 5F 53 65 74 57 61 ...._btl_SetWa + * 01D6B16B 7A 61 42 74 6E 53 72 63 59 00 0D 00 00 00 5F 62 zaBtnSrcY....._b + * 01D6B17B 74 6C 5F 63 6D 64 63 68 69 70 00 0F 00 00 00 5F tl_cmdchip...._ + * 01D6B18B 62 74 6C 5F 63 6D 64 63 68 69 70 5F 6D 00 0D 00 btl_cmdchip_m... + * 01D6B19B 00 00 5F 62 74 6C 5F 6F 6E 6D 6F 75 73 65 00 0E .._btl_onmouse. + * 01D6B1AB 00 00 00 5F 62 74 6C 5F 73 65 6C 65 63 74 65 64 ..._btl_selected + * 01D6B1BB 00 0B 00 00 00 5F 62 74 6C 5F 52 65 74 72 79 00 . ..._btl_Retry. + * 01D6B1CB 13 00 00 00 5F 62 74 6C 5F 43 6C 65 61 6E 75 70 ..._btl_Cleanup + * + * ecx = 0x19 + * 01D6B317 81 40 04 6B 00 00 00 82 CC 91 B9 8A 51 82 F0 97  k...の損害を・ + * 01D6B327 5E 82 A6 82 BD 81 42 02 00 10 00 00 00 5F 62 74 ^えた。...._bt + * 01D6B337 6C 5F 57 61 7A 61 5F 43 68 6F 75 6E 00 17 00 00 l_Waza_Choun... + * 01D6B347 00 5F 62 74 6C 5F 57 61 7A 61 45 6E 65 6D 79 5F ._btl_WazaEnemy_ + * 01D6B357 42 75 66 66 41 54 4B 00 10 00 00 00 5F 62 74 6C BuffATK...._btl + * 01D6B367 5F 57 61 7A 61 5F 4B 6F 63 68 75 00 1C 00 00 00 _Waza_Kochu.... + */ + + void hook1(hook_stack *s, HookParam *hp, TextBuffer *buffer, uintptr_t *role) + { + data_.clear(); + + int size = s->eax - 1; + if (size <= 0) + return ; + + // 0042FC03 8B15 E8234A00 MOV EDX,DWORD PTR DS:[0x4A23E8] ; jichi: text here + // 0042FC09 8B4C24 10 MOV ECX,DWORD PTR SS:[ESP+0x10] ; jichi: count is here + // 0042FC0D 8B76 04 MOV ESI,DWORD PTR DS:[ESI+0x4] ; jichi: [arg1+4] + // 0042FC10 894424 14 MOV DWORD PTR SS:[ESP+0x14],EAX + // 0042FC14 8B92 44290000 MOV EDX,DWORD PTR DS:[EDX+0x2944] ; jichi: base addr, [[0x4A23E8] + 0x2944] + // 0042FC1A 8BF8 MOV EDI,EAX + // 0042FC1C 8BC1 MOV EAX,ECX + // 0042FC1E 83C4 04 ADD ESP,0x4 + // + // 0042FC21 8D7432 04 LEA ESI,DWORD PTR DS:[EDX+ESI+0x4] ; jichi: hook2, text in esi + + ULONG edx, esi; + { + edx = *(DWORD *)textBaseAddress_; // 0042FC03 8B15 E8234A00 MOV EDX,DWORD PTR DS:[0x4A23E8] + edx = *(DWORD *)(edx + textOffset_); // 0042FC14 8B92 44290000 MOV EDX,DWORD PTR DS:[EDX+0x2944] + esi = *(DWORD *)(s->esi + 0x4); // 0042FC0D 8B76 04 MOV ESI,DWORD PTR DS:[ESI+0x4] + esi = edx + esi + 0x4; // 0042FC21 8D7432 04 LEA ESI,DWORD PTR DS:[EDX+ESI+0x4] + } + + auto text = (LPCSTR)esi; + if (!*text + //|| ::strlen(text) != size + || text[size] // text length not verified since there could be trailing zeros + || ::isalpha(text[0]) && ::isalpha(text[1]) // Sample system text in 恋姫無双: bcg_剣道場a + || all_ascii(text)) + return ; + + auto trimmedSize = size; + auto trimmedText = trim(text, &trimmedSize); + if (trimmedSize <= 0) + return ; + + // auto size = s->ecx * 4; + // auto dst = (LPSTR)s->edi; + *role = Engine::OtherRole; + auto retaddr = s->stack[8]; + // if ((*(DWORD *)retaddr & 0xffffff) == 0x0cc483) // 0041C295 83C4 0C ADD ESP,0xC + // role = Engine::ScenarioRole; + auto arg3 = s->stack[8 + 3]; + if (arg3 == 0x400) + *role = Engine::ScenarioRole; + // 8/7/2015: Here, I could also split choice and scenario from the retaddr. + // But I didn't so that choice can also be display the same way asn scenario. + // sig = retaddr; + + std::string oldData(trimmedText, trimmedSize); + + static const std::string zero_bytes(1, '\0'); + const char *zero_str = LCSE_0; + + bool containsZeros = false; + if (oldData.find('\0') != oldData.npos) + { + containsZeros = true; + strReplace(oldData, zero_bytes, zero_str); + // oldData.replace(zero_bytes, zero_str); + *role = Engine::OtherRole; + // FIXME: There could be individual ascii letters before zeros (such as "k" and "n") + // They should be escaped here. + // Escaping not implemented since I am lazy. + } + buffer->from(oldData); + } + void hookafter(hook_stack *s, void *data, size_t len1) + { + + int size = s->eax - 1; + if (size <= 0) + return; + + ULONG edx, esi; + { + edx = *(DWORD *)textBaseAddress_; // 0042FC03 8B15 E8234A00 MOV EDX,DWORD PTR DS:[0x4A23E8] + edx = *(DWORD *)(edx + textOffset_); // 0042FC14 8B92 44290000 MOV EDX,DWORD PTR DS:[EDX+0x2944] + esi = *(DWORD *)(s->esi + 0x4); // 0042FC0D 8B76 04 MOV ESI,DWORD PTR DS:[ESI+0x4] + esi = edx + esi + 0x4; // 0042FC21 8D7432 04 LEA ESI,DWORD PTR DS:[EDX+ESI+0x4] + } + + auto text = (LPCSTR)esi; + if (!*text + //|| ::strlen(text) != size + || text[size] // text length not verified since there could be trailing zeros + || ::isalpha(text[0]) && ::isalpha(text[1]) // Sample system text in 恋姫無双: bcg_剣道場a + || all_ascii(text)) + return; + + auto trimmedSize = size; + auto trimmedText = trim(text, &trimmedSize); + if (trimmedSize <= 0) + return; + + auto retaddr = s->stack[8]; + // if ((*(DWORD *)retaddr & 0xffffff) == 0x0cc483) // 0041C295 83C4 0C ADD ESP,0xC + // role = Engine::ScenarioRole; + auto arg3 = s->stack[8 + 3]; + + std::string oldData(trimmedText, trimmedSize); + + static const std::string zero_bytes(1, '\0'); + const char *zero_str = LCSE_0; + + bool containsZeros = false; + if (oldData.find('\0') != oldData.npos) + { + containsZeros = true; + strReplace(oldData, zero_bytes, zero_str); + // oldData.replace(zero_bytes, zero_str); + + // FIXME: There could be individual ascii letters before zeros (such as "k" and "n") + // They should be escaped here. + // Escaping not implemented since I am lazy. + } + std::string newData = std::string((char *)data, len1); + if (newData.empty() || newData == oldData) + return; + + if (containsZeros) + strReplace(newData, zero_str, zero_bytes); + // newData.replace(zero_str, zero_bytes); + + int prefixSize = trimmedText - text, + suffixSize = size - prefixSize - trimmedSize; + if (prefixSize) + newData.insert(0, std::string(text, prefixSize)); + if (suffixSize) + newData.append(trimmedText + trimmedSize, suffixSize); + + data_ = newData; + s->eax = data_.size() + 1; + return; + } + void hook2(hook_stack *s, HookParam *hp, TextBuffer *buffer, uintptr_t *split) + { + if (!data_.empty()) + s->esi = (ULONG)data_.c_str(); + } + } // namespace Private + + /** + * Sample game: 春恋*乙女~乙女の園でごきげんよう。~ + * + * 0042FB1E CC INT3 + * 0042FB1F CC INT3 + * 0042FB20 6A FF PUSH -0x1 + * 0042FB22 68 18094800 PUSH lcsebody.00480918 + * 0042FB27 64:A1 00000000 MOV EAX,DWORD PTR FS:[0] + * 0042FB2D 50 PUSH EAX + * 0042FB2E 64:8925 00000000 MOV DWORD PTR FS:[0],ESP + * 0042FB35 83EC 08 SUB ESP,0x8 + * 0042FB38 53 PUSH EBX + * 0042FB39 33DB XOR EBX,EBX + * 0042FB3B 56 PUSH ESI + * 0042FB3C 57 PUSH EDI + * 0042FB3D 895C24 0C MOV DWORD PTR SS:[ESP+0xC],EBX + * 0042FB41 895C24 10 MOV DWORD PTR SS:[ESP+0x10],EBX + * 0042FB45 8B7424 24 MOV ESI,DWORD PTR SS:[ESP+0x24] ; jichi; arg1 + * 0042FB49 895C24 1C MOV DWORD PTR SS:[ESP+0x1C],EBX + * 0042FB4D 8B06 MOV EAX,DWORD PTR DS:[ESI] + * 0042FB4F 83F8 05 CMP EAX,0x5 + * 0042FB52 75 2F JNZ SHORT lcsebody.0042FB83 + * 0042FB54 8B76 04 MOV ESI,DWORD PTR DS:[ESI+0x4] + * 0042FB57 8B3D E8234A00 MOV EDI,DWORD PTR DS:[0x4A23E8] + * 0042FB5D 3BF3 CMP ESI,EBX + * 0042FB5F 7C 08 JL SHORT lcsebody.0042FB69 + * 0042FB61 39B7 54290000 CMP DWORD PTR DS:[EDI+0x2954],ESI + * 0042FB67 7F 12 JG SHORT lcsebody.0042FB7B + * 0042FB69 53 PUSH EBX + * 0042FB6A 68 20F54800 PUSH lcsebody.0048F520 ; ASCII "err" + * 0042FB6F 68 F4F44800 PUSH lcsebody.0048F4F4 + * 0042FB74 53 PUSH EBX + * 0042FB75 FF15 EC874A00 CALL DWORD PTR DS:[<&USER32.MessageBoxA>>; user32.MessageBoxA + * 0042FB7B 8B87 74290000 MOV EAX,DWORD PTR DS:[EDI+0x2974] + * 0042FB81 EB 32 JMP SHORT lcsebody.0042FBB5 + * 0042FB83 83F8 08 CMP EAX,0x8 ; jichi: esi=arg1 jumped here + * 0042FB86 75 57 JNZ SHORT lcsebody.0042FBDF + * 0042FB88 8B76 04 MOV ESI,DWORD PTR DS:[ESI+0x4] + * 0042FB8B 8B3D E8234A00 MOV EDI,DWORD PTR DS:[0x4A23E8] + * 0042FB91 3BF3 CMP ESI,EBX + * 0042FB93 7C 08 JL SHORT lcsebody.0042FB9D + * 0042FB95 39B7 60290000 CMP DWORD PTR DS:[EDI+0x2960],ESI + * 0042FB9B 7F 12 JG SHORT lcsebody.0042FBAF + * 0042FB9D 53 PUSH EBX + * 0042FB9E 68 20F54800 PUSH lcsebody.0048F520 ; ASCII "err" + * 0042FBA3 68 F4F44800 PUSH lcsebody.0048F4F4 + * 0042FBA8 53 PUSH EBX + * 0042FBA9 FF15 EC874A00 CALL DWORD PTR DS:[<&USER32.MessageBoxA>>; user32.MessageBoxA + * 0042FBAF 8B87 80290000 MOV EAX,DWORD PTR DS:[EDI+0x2980] + * 0042FBB5 8D34F0 LEA ESI,DWORD PTR DS:[EAX+ESI*8] + * 0042FBB8 8B06 MOV EAX,DWORD PTR DS:[ESI] + * 0042FBBA 50 PUSH EAX + * 0042FBBB 894424 10 MOV DWORD PTR SS:[ESP+0x10],EAX + * 0042FBBF E8 5E840000 CALL lcsebody.00438022 + * 0042FBC4 8B4C24 10 MOV ECX,DWORD PTR SS:[ESP+0x10] + * 0042FBC8 83C4 04 ADD ESP,0x4 + * 0042FBCB 8BD1 MOV EDX,ECX + * 0042FBCD 894424 10 MOV DWORD PTR SS:[ESP+0x10],EAX + * 0042FBD1 8B76 04 MOV ESI,DWORD PTR DS:[ESI+0x4] + * 0042FBD4 8BF8 MOV EDI,EAX + * 0042FBD6 C1E9 02 SHR ECX,0x2 + * 0042FBD9 F3:A5 REP MOVS DWORD PTR ES:[EDI],DWORD PTR DS> + * 0042FBDB 8BCA MOV ECX,EDX + * 0042FBDD EB 4D JMP SHORT lcsebody.0042FC2C + * 0042FBDF 83F8 02 CMP EAX,0x2 ; jichi: esi=arg1 jumped here + * 0042FBE2 0F85 A2000000 JNZ lcsebody.0042FC8A + * 0042FBE8 A1 E8234A00 MOV EAX,DWORD PTR DS:[0x4A23E8] ; jichi: text length here + * 0042FBED 8B56 04 MOV EDX,DWORD PTR DS:[ESI+0x4] + * 0042FBF0 8B88 44290000 MOV ECX,DWORD PTR DS:[EAX+0x2944] + * 0042FBF6 8B0411 MOV EAX,DWORD PTR DS:[ECX+EDX] + * + * 0042FBF9 50 PUSH EAX ; jichi: hook1, text length pushed, new function + * 0042FBFA 894424 10 MOV DWORD PTR SS:[ESP+0x10],EAX ; jichi: text length, is this the memory allocation + * 0042FBFE E8 1F840000 CALL lcsebody.00438022 + * + * 0042FC03 8B15 E8234A00 MOV EDX,DWORD PTR DS:[0x4A23E8] ; jichi: text here + * 0042FC09 8B4C24 10 MOV ECX,DWORD PTR SS:[ESP+0x10] ; jichi: count is here + * 0042FC0D 8B76 04 MOV ESI,DWORD PTR DS:[ESI+0x4] ; jichi: [arg1+4] + * 0042FC10 894424 14 MOV DWORD PTR SS:[ESP+0x14],EAX + * 0042FC14 8B92 44290000 MOV EDX,DWORD PTR DS:[EDX+0x2944] ; jichi: base addr, [[0x4A23E8] + 0x2944] + * 0042FC1A 8BF8 MOV EDI,EAX + * 0042FC1C 8BC1 MOV EAX,ECX + * 0042FC1E 83C4 04 ADD ESP,0x4 + * + * 0042FC21 8D7432 04 LEA ESI,DWORD PTR DS:[EDX+ESI+0x4] ; jichi: hook2, text in esi + * 0042FC25 C1E9 02 SHR ECX,0x2 ; jichi: ecx is now the count, here, the rep function is blocked by 4 for performance + * 0042FC28 F3:A5 REP MOVS DWORD PTR ES:[EDI],DWORD PTR DS[ESI] ; jichi: text accessed here from esi to edi + * + * 0042FC2A 8BC8 MOV ECX,EAX + * 0042FC2C 8B5424 28 MOV EDX,DWORD PTR SS:[ESP+0x28] + * 0042FC30 83E1 03 AND ECX,0x3 + * 0042FC33 F3:A4 REP MOVS BYTE PTR ES:[EDI],BYTE PTR DS:[ESI] + * 0042FC35 8B4C24 2C MOV ECX,DWORD PTR SS:[ESP+0x2C] + * 0042FC39 8D4424 0C LEA EAX,DWORD PTR SS:[ESP+0xC] + * 0042FC3D 51 PUSH ECX + * 0042FC3E 52 PUSH EDX + * 0042FC3F 50 PUSH EAX + * 0042FC40 E8 AB14FDFF CALL lcsebody.004010F0 + * 0042FC45 83C4 0C ADD ESP,0xC + * 0042FC48 C74424 1C FFFFFF>MOV DWORD PTR SS:[ESP+0x1C],-0x1 + * 0042FC50 84C0 TEST AL,AL + * 0042FC52 8B4424 10 MOV EAX,DWORD PTR SS:[ESP+0x10] + * 0042FC56 895C24 0C MOV DWORD PTR SS:[ESP+0xC],EBX + * 0042FC5A 74 21 JE SHORT lcsebody.0042FC7D + * 0042FC5C 3BC3 CMP EAX,EBX + * 0042FC5E 74 09 JE SHORT lcsebody.0042FC69 + * 0042FC60 50 PUSH EAX + * 0042FC61 E8 467E0000 CALL lcsebody.00437AAC + * 0042FC66 83C4 04 ADD ESP,0x4 + * 0042FC69 5F POP EDI + * 0042FC6A 5E POP ESI + * 0042FC6B B0 01 MOV AL,0x1 + * 0042FC6D 5B POP EBX + * 0042FC6E 8B4C24 08 MOV ECX,DWORD PTR SS:[ESP+0x8] + * 0042FC72 64:890D 00000000 MOV DWORD PTR FS:[0],ECX + * 0042FC79 83C4 14 ADD ESP,0x14 + * 0042FC7C C3 RETN + * 0042FC7D 3BC3 CMP EAX,EBX + * 0042FC7F 74 09 JE SHORT lcsebody.0042FC8A + * 0042FC81 50 PUSH EAX + * 0042FC82 E8 257E0000 CALL lcsebody.00437AAC + * 0042FC87 83C4 04 ADD ESP,0x4 + * 0042FC8A 8B4C24 14 MOV ECX,DWORD PTR SS:[ESP+0x14] + * 0042FC8E 5F POP EDI + * 0042FC8F 5E POP ESI + * 0042FC90 32C0 XOR AL,AL + * 0042FC92 5B POP EBX + * 0042FC93 64:890D 00000000 MOV DWORD PTR FS:[0],ECX + * 0042FC9A 83C4 14 ADD ESP,0x14 + * 0042FC9D C3 RETN + * 0042FC9E 90 NOP + * 0042FC9F 90 NOP + * 0042FCA0 CC INT3 + * 0042FCA1 CC INT3 + * 0042FCA2 CC INT3 + * 0042FCA3 CC INT3 + * 0042FCA4 CC INT3 + * 0042FCA5 CC INT3 + * 0042FCA6 CC INT3 + * + * Sample game: 姦獄学園 + * + * 00430CAB CC INT3 + * 00430CAC CC INT3 + * 00430CAD CC INT3 + * 00430CAE CC INT3 + * 00430CAF CC INT3 + * 00430CB0 6A FF PUSH -0x1 + * 00430CB2 68 08204800 PUSH .00482008 + * 00430CB7 64:A1 00000000 MOV EAX,DWORD PTR FS:[0] + * 00430CBD 50 PUSH EAX + * 00430CBE 64:8925 00000000 MOV DWORD PTR FS:[0],ESP + * 00430CC5 83EC 08 SUB ESP,0x8 + * 00430CC8 53 PUSH EBX + * 00430CC9 33DB XOR EBX,EBX + * 00430CCB 56 PUSH ESI + * 00430CCC 57 PUSH EDI + * 00430CCD 895C24 0C MOV DWORD PTR SS:[ESP+0xC],EBX + * 00430CD1 895C24 10 MOV DWORD PTR SS:[ESP+0x10],EBX + * 00430CD5 8B7424 24 MOV ESI,DWORD PTR SS:[ESP+0x24] + * 00430CD9 895C24 1C MOV DWORD PTR SS:[ESP+0x1C],EBX + * 00430CDD 8B06 MOV EAX,DWORD PTR DS:[ESI] + * 00430CDF 83F8 05 CMP EAX,0x5 + * 00430CE2 75 2F JNZ SHORT .00430D13 + * 00430CE4 8B76 04 MOV ESI,DWORD PTR DS:[ESI+0x4] + * 00430CE7 8B3D 9C4E4A00 MOV EDI,DWORD PTR DS:[0x4A4E9C] + * 00430CED 3BF3 CMP ESI,EBX + * 00430CEF 7C 08 JL SHORT .00430CF9 + * 00430CF1 39B7 54310000 CMP DWORD PTR DS:[EDI+0x3154],ESI + * 00430CF7 7F 12 JG SHORT .00430D0B + * 00430CF9 53 PUSH EBX + * 00430CFA 68 98154900 PUSH .00491598 ; ASCII "err" + * 00430CFF 68 D8254900 PUSH .004925D8 + * 00430D04 53 PUSH EBX + * 00430D05 FF15 2CC84A00 CALL DWORD PTR DS:[0x4AC82C] ; user32.MessageBoxA + * 00430D0B 8B87 74310000 MOV EAX,DWORD PTR DS:[EDI+0x3174] + * 00430D11 EB 32 JMP SHORT .00430D45 + * 00430D13 83F8 08 CMP EAX,0x8 + * 00430D16 75 57 JNZ SHORT .00430D6F + * 00430D18 8B76 04 MOV ESI,DWORD PTR DS:[ESI+0x4] + * 00430D1B 8B3D 9C4E4A00 MOV EDI,DWORD PTR DS:[0x4A4E9C] + * 00430D21 3BF3 CMP ESI,EBX + * 00430D23 7C 08 JL SHORT .00430D2D + * 00430D25 39B7 60310000 CMP DWORD PTR DS:[EDI+0x3160],ESI + * 00430D2B 7F 12 JG SHORT .00430D3F + * 00430D2D 53 PUSH EBX + * 00430D2E 68 98154900 PUSH .00491598 ; ASCII "err" + * 00430D33 68 AC254900 PUSH .004925AC + * 00430D38 53 PUSH EBX + * 00430D39 FF15 2CC84A00 CALL DWORD PTR DS:[0x4AC82C] ; user32.MessageBoxA + * 00430D3F 8B87 80310000 MOV EAX,DWORD PTR DS:[EDI+0x3180] + * 00430D45 8D34F0 LEA ESI,DWORD PTR DS:[EAX+ESI*8] + * 00430D48 8B06 MOV EAX,DWORD PTR DS:[ESI] + * 00430D4A 50 PUSH EAX + * 00430D4B 894424 10 MOV DWORD PTR SS:[ESP+0x10],EAX + * 00430D4F E8 BE890000 CALL .00439712 + * 00430D54 8B4C24 10 MOV ECX,DWORD PTR SS:[ESP+0x10] + * 00430D58 83C4 04 ADD ESP,0x4 + * 00430D5B 8BD1 MOV EDX,ECX + * 00430D5D 894424 10 MOV DWORD PTR SS:[ESP+0x10],EAX + * 00430D61 8B76 04 MOV ESI,DWORD PTR DS:[ESI+0x4] + * 00430D64 8BF8 MOV EDI,EAX + * 00430D66 C1E9 02 SHR ECX,0x2 + * 00430D69 F3:A5 REP MOVS DWORD PTR ES:[EDI],DWORD PTR DS> + * 00430D6B 8BCA MOV ECX,EDX + * 00430D6D EB 4D JMP SHORT .00430DBC + * 00430D6F 83F8 02 CMP EAX,0x2 + * 00430D72 0F85 A2000000 JNZ .00430E1A + * 00430D78 A1 9C4E4A00 MOV EAX,DWORD PTR DS:[0x4A4E9C] + * 00430D7D 8B56 04 MOV EDX,DWORD PTR DS:[ESI+0x4] + * 00430D80 8B88 44310000 MOV ECX,DWORD PTR DS:[EAX+0x3144] + * 00430D86 8B0411 MOV EAX,DWORD PTR DS:[ECX+EDX] + * 00430D89 50 PUSH EAX + * 00430D8A 894424 10 MOV DWORD PTR SS:[ESP+0x10],EAX + * 00430D8E E8 7F890000 CALL .00439712 + * 00430D93 8B15 9C4E4A00 MOV EDX,DWORD PTR DS:[0x4A4E9C] + * 00430D99 8B4C24 10 MOV ECX,DWORD PTR SS:[ESP+0x10] + * 00430D9D 8B76 04 MOV ESI,DWORD PTR DS:[ESI+0x4] + * 00430DA0 894424 14 MOV DWORD PTR SS:[ESP+0x14],EAX + * 00430DA4 8B92 44310000 MOV EDX,DWORD PTR DS:[EDX+0x3144] + * 00430DAA 8BF8 MOV EDI,EAX + * 00430DAC 8BC1 MOV EAX,ECX + * 00430DAE 83C4 04 ADD ESP,0x4 + * 00430DB1 8D7432 04 LEA ESI,DWORD PTR DS:[EDX+ESI+0x4] ; jichi: the other game's access point + * 00430DB5 C1E9 02 SHR ECX,0x2 + * 00430DB8 F3:A5 REP MOVS DWORD PTR ES:[EDI],DWORD PTR DS:[ESI] + * 00430DBA 8BC8 MOV ECX,EAX + * 00430DBC 8B5424 28 MOV EDX,DWORD PTR SS:[ESP+0x28] + * 00430DC0 83E1 03 AND ECX,0x3 + * 00430DC3 F3:A4 REP MOVS BYTE PTR ES:[EDI],BYTE PTR DS:[ESI] + * 00430DC5 8B4C24 2C MOV ECX,DWORD PTR SS:[ESP+0x2C] + * 00430DC9 8D4424 0C LEA EAX,DWORD PTR SS:[ESP+0xC] + * 00430DCD 51 PUSH ECX + * 00430DCE 52 PUSH EDX + * 00430DCF 50 PUSH EAX + * 00430DD0 E8 2503FDFF CALL .004010FA + * 00430DD5 83C4 0C ADD ESP,0xC + * 00430DD8 C74424 1C FFFFFF>MOV DWORD PTR SS:[ESP+0x1C],-0x1 + * 00430DE0 84C0 TEST AL,AL + * 00430DE2 8B4424 10 MOV EAX,DWORD PTR SS:[ESP+0x10] + * 00430DE6 895C24 0C MOV DWORD PTR SS:[ESP+0xC],EBX + * 00430DEA 74 21 JE SHORT .00430E0D + * 00430DEC 3BC3 CMP EAX,EBX + * 00430DEE 74 09 JE SHORT .00430DF9 + * 00430DF0 50 PUSH EAX + * 00430DF1 E8 A6830000 CALL .0043919C + * 00430DF6 83C4 04 ADD ESP,0x4 + * 00430DF9 5F POP EDI + * 00430DFA 5E POP ESI + * 00430DFB B0 01 MOV AL,0x1 + * 00430DFD 5B POP EBX + * 00430DFE 8B4C24 08 MOV ECX,DWORD PTR SS:[ESP+0x8] + * 00430E02 64:890D 00000000 MOV DWORD PTR FS:[0],ECX + * 00430E09 83C4 14 ADD ESP,0x14 + * 00430E0C C3 RETN + * 00430E0D 3BC3 CMP EAX,EBX + * 00430E0F 74 09 JE SHORT .00430E1A + * 00430E11 50 PUSH EAX + * 00430E12 E8 85830000 CALL .0043919C + * 00430E17 83C4 04 ADD ESP,0x4 + * 00430E1A 8B4C24 14 MOV ECX,DWORD PTR SS:[ESP+0x14] + * 00430E1E 5F POP EDI + * 00430E1F 5E POP ESI + * 00430E20 32C0 XOR AL,AL + * 00430E22 5B POP EBX + * 00430E23 64:890D 00000000 MOV DWORD PTR FS:[0],ECX + * 00430E2A 83C4 14 ADD ESP,0x14 + * 00430E2D C3 RETN + * 00430E2E 90 NOP + * 00430E2F 90 NOP + * 00430E30 CC INT3 + * 00430E31 CC INT3 + * 00430E32 CC INT3 + * 00430E33 CC INT3 + * 00430E34 CC INT3 + */ + bool isLeadByteChar(const char *s) + { + return dynsjis::isleadstr(s); + // return ::IsDBCSLeadByte(HIBYTE(testChar)); + } + bool attach(ULONG startAddress, ULONG stopAddress, ULONG dyna) + { + const uint8_t bytes[] = { + 0x8d, 0x74, 0x32, 0x04, // 0042fc21 8d7432 04 lea esi,dword ptr ds:[edx+esi+0x4] + 0xc1, 0xe9, 0x02, // 0042fc25 c1e9 02 shr ecx,0x2 + 0xf3, 0xa5 // 0042fc28 f3:a5 rep movs dword ptr es:[edi],dword ptr ds[esi] ; jichi: text accessed here from esi to edi + }; + ULONG addr2 = MemDbg::findBytes(bytes, sizeof(bytes), startAddress, stopAddress); + if (!addr2) + return false; + + // 0042FBF9 50 PUSH EAX ; jichi: hook1, text length pushed, new function + // 0042FBFA 894424 10 MOV DWORD PTR SS:[ESP+0x10],EAX ; jichi: text length, is this the memory allocation? + // 0042FBFE E8 1F840000 CALL lcsebody.00438022 + // 0042FC03 8B15 E8234A00 MOV EDX,DWORD PTR DS:[0x4A23E8] ; jichi: text here + // 0042FC09 8B4C24 10 MOV ECX,DWORD PTR SS:[ESP+0x10] ; jichi: count is here + // 0042FC0D 8B76 04 MOV ESI,DWORD PTR DS:[ESI+0x4] ; jichi: [arg1+4] + // 0042FC10 894424 14 MOV DWORD PTR SS:[ESP+0x14],EAX + // 0042FC14 8B92 44290000 MOV EDX,DWORD PTR DS:[EDX+0x2944] ; jichi: base addr, [[0x4A23E8] + 0x2944] + // 0042FC1A 8BF8 MOV EDI,EAX + // 0042FC1C 8BC1 MOV EAX,ECX + // 0042FC1E 83C4 04 ADD ESP,0x4 + // + // 0042FC21 8D7432 04 LEA ESI,DWORD PTR DS:[EDX+ESI+0x4] ; jichi: hook2, text in esi + // 0042FC25 C1E9 02 SHR ECX,0x2 ; jichi: ecx is now the count, here, the rep function is blocked by 4 for performance + // 0042FC28 F3:A5 REP MOVS DWORD PTR ES:[EDI],DWORD PTR DS[ESI] ; jichi: text accessed here from esi to edi + ULONG addr1 = addr2 + 0x0042fbf9 - 0x0042fc21; + if (*(BYTE *)addr1 != 0x50) // push_eax + return false; + + // 0042FC03 8B15 E8234A00 MOV EDX,DWORD PTR DS:[0x4A23E8] ; jichi: text here + // 0042FC09 8B4C24 10 MOV ECX,DWORD PTR SS:[ESP+0x10] ; jichi: count is here + // 0042FC0D 8B76 04 MOV ESI,DWORD PTR DS:[ESI+0x4] ; jichi: [arg1+4] + // 0042FC10 894424 14 MOV DWORD PTR SS:[ESP+0x14],EAX + // 0042FC14 8B92 44290000 MOV EDX,DWORD PTR DS:[EDX+0x2944] ; jichi: offset addr, [[0x4A23E8] + 0x2944] + { + ULONG addr = addr2 + 0x0042fc03 - 0x0042fc21; + if (*(WORD *)addr != 0x158b) // 0042FC03 8B15 E8234A00 MOV EDX,DWORD PTR DS:[0x4A23E8] + return false; + addr += 2; + Private::textBaseAddress_ = *(DWORD *)addr; + } + { + ULONG addr = addr2 + 0x0042fc14 - 0x0042fc21; + if (*(WORD *)addr != 0x928b) // 0042FC14 8B92 44290000 MOV EDX,DWORD PTR DS:[EDX+0x2944] + return false; + addr += 2; + Private::textOffset_ = *(DWORD *)addr; + } + HookParam hp; + hp.address = addr1; + hp.text_fun = Private::hook1; + hp.hook_after = Private::hookafter; + hp.type = EMBED_ABLE|NO_CONTEXT; + hp.newlineseperator = L"\x01"; + hp.hook_font = F_GetGlyphOutlineA; + if (dyna) + { + static ULONG dynas; + dynas = dyna; + hp.type |= EMBED_DYNA_SJIS; + hp.hook_font = F_GetGlyphOutlineA; + patch_fun = []() + { + ReplaceFunction((PVOID)dynas, (PVOID)(ULONG)isLeadByteChar); + dynamiccodec->setMinimumSecondByte(6); //// skip 0x1,0x2,0x3 in case dynamic encoding could crash the game + }; + } + auto succ = NewHook(hp, "EmbedLCSE"); + hp.address = addr2 + 4; + hp.text_fun = Private::hook2; + succ |= NewHook(hp, "EmbedLCSE"); + return succ; + } + } // namespace ScenarioHook + + namespace Patch + { + + namespace Private + { + bool isLeadByteChar(const char *s) + { + return dynsjis::isleadstr(s); + // return ::IsDBCSLeadByte(HIBYTE(testChar)); + } + + } // namespace Private + + /** + * Sample game: 春恋*乙女~乙女の園でごきげんよう。~ + * + * Debugging method: Find text in memory, and then insert hardware breakpoint. + * It will be accessed only ONCE in the following function. + * + * This function can also be found by searching the following instruction: + * 0040A389 3C 81 CMP AL,0x81 + * + * This function is very similar to that in CatSystem2. + * + * 0040A37E CC INT3 + * 0040A37F CC INT3 + * 0040A380 8B4C24 04 MOV ECX,DWORD PTR SS:[ESP+0x4] + * 0040A384 8A01 MOV AL,BYTE PTR DS:[ECX] ; jichi: first byte + * 0040A386 8A49 01 MOV CL,BYTE PTR DS:[ECX+0x1] ; jichi: second byte + * 0040A389 3C 81 CMP AL,0x81 + * 0040A38B 72 04 JB SHORT lcsebody.0040A391 + * 0040A38D 3C 9F CMP AL,0x9F + * 0040A38F 76 08 JBE SHORT lcsebody.0040A399 + * 0040A391 3C E0 CMP AL,0xE0 + * 0040A393 72 1B JB SHORT lcsebody.0040A3B0 + * 0040A395 3C FC CMP AL,0xFC + * 0040A397 77 17 JA SHORT lcsebody.0040A3B0 + * 0040A399 80F9 40 CMP CL,0x40 + * 0040A39C 72 05 JB SHORT lcsebody.0040A3A3 + * 0040A39E 80F9 7E CMP CL,0x7E + * 0040A3A1 76 0A JBE SHORT lcsebody.0040A3AD + * 0040A3A3 80F9 80 CMP CL,0x80 + * 0040A3A6 72 08 JB SHORT lcsebody.0040A3B0 + * 0040A3A8 80F9 FC CMP CL,0xFC + * 0040A3AB 77 03 JA SHORT lcsebody.0040A3B0 + * 0040A3AD B0 01 MOV AL,0x1 + * 0040A3AF C3 RETN + * 0040A3B0 32C0 XOR AL,AL + * 0040A3B2 C3 RETN + * 0040A3B3 90 NOP + * 0040A3B4 90 NOP + * 0040A3B5 90 NOP + * 0040A3B6 90 NOP + * + * This function is found by tracing the caller of GetGlyphOutlineA, as follows: + * + * 00416B6B CC INT3 + * 00416B6C CC INT3 + * 00416B6D CC INT3 + * 00416B6E CC INT3 + * 00416B6F CC INT3 + * 00416B70 83EC 08 SUB ESP,0x8 + * 00416B73 53 PUSH EBX + * 00416B74 56 PUSH ESI + * 00416B75 8BF1 MOV ESI,ECX + * 00416B77 33DB XOR EBX,EBX ; jichi: zero ebx + * 00416B79 57 PUSH EDI + * 00416B7A 8B86 EC000000 MOV EAX,DWORD PTR DS:[ESI+0xEC] + * 00416B80 8A9430 08010000 MOV DL,BYTE PTR DS:[EAX+ESI+0x108] ; jichi: byte accessed here + * 00416B87 8D8C30 08010000 LEA ECX,DWORD PTR DS:[EAX+ESI+0x108] ; jichi: byte accessed here + * 00416B8E 3AD3 CMP DL,BL ; jichi: bl is zero, dl is the current byte + * 00416B90 75 0C JNZ SHORT lcsebody.00416B9E + * 00416B92 B8 FF000000 MOV EAX,0xFF + * 00416B97 5F POP EDI + * 00416B98 5E POP ESI + * 00416B99 5B POP EBX + * 00416B9A 83C4 08 ADD ESP,0x8 + * 00416B9D C3 RETN + * 00416B9E 8B96 F0000000 MOV EDX,DWORD PTR DS:[ESI+0xF0] + * 00416BA4 4A DEC EDX + * 00416BA5 3BC2 CMP EAX,EDX + * 00416BA7 0F8D 31010000 JGE lcsebody.00416CDE + * 00416BAD 51 PUSH ECX + * 00416BAE E8 31B1FEFF CALL lcsebody.00401CE4 ; jichi: ecx point to the current character, return 0 or 1 + * 00416BB3 83C4 04 ADD ESP,0x4 + * 00416BB6 84C0 TEST AL,AL + * 00416BB8 0F84 20010000 JE lcsebody.00416CDE ; jichi: wrong here + * 00416BBE 8B86 EC000000 MOV EAX,DWORD PTR DS:[ESI+0xEC] + * 00416BC4 33C9 XOR ECX,ECX + * 00416BC6 03C6 ADD EAX,ESI + * 00416BC8 889E 20050000 MOV BYTE PTR DS:[ESI+0x520],BL + * 00416BCE 8AA8 08010000 MOV CH,BYTE PTR DS:[EAX+0x108] ; jichi: high bits + * 00416BD4 8A88 09010000 MOV CL,BYTE PTR DS:[EAX+0x109] + * 00416BDA 8BF9 MOV EDI,ECX ; jichi: low bits, edi is now the full character + * 00416BDC 8BCE MOV ECX,ESI ; jichi: recover ecx to esi + * 00416BDE E8 13AEFEFF CALL lcsebody.004019F6 ; jichi: eax is zero when edi is legal + * 00416BE3 3BC3 CMP EAX,EBX ; jichi: ebx is always zero as well + * 00416BE5 74 4A JE SHORT lcsebody.00416C31 + * 00416BE7 389E 2C050000 CMP BYTE PTR DS:[ESI+0x52C],BL + * 00416BED 0F84 9A020000 JE lcsebody.00416E8D + * 00416BF3 389E 20050000 CMP BYTE PTR DS:[ESI+0x520],BL + * 00416BF9 74 1B JE SHORT lcsebody.00416C16 + * 00416BFB B9 34F14800 MOV ECX,lcsebody.0048F134 + * 00416C00 3B39 CMP EDI,DWORD PTR DS:[ECX] + * 00416C02 74 2D JE SHORT lcsebody.00416C31 + * 00416C04 83C1 04 ADD ECX,0x4 + * 00416C07 81F9 50F14800 CMP ECX,lcsebody.0048F150 + * 00416C0D ^7C F1 JL SHORT lcsebody.00416C00 + * 00416C0F 5F POP EDI + * 00416C10 5E POP ESI + * 00416C11 5B POP EBX + * 00416C12 83C4 08 ADD ESP,0x8 + * 00416C15 C3 RETN + * 00416C16 B9 00F14800 MOV ECX,lcsebody.0048F100 + * 00416C1B 3B39 CMP EDI,DWORD PTR DS:[ECX] + * 00416C1D 74 12 JE SHORT lcsebody.00416C31 + * 00416C1F 83C1 04 ADD ECX,0x4 + * 00416C22 81F9 34F14800 CMP ECX,lcsebody.0048F134 + * 00416C28 ^7C F1 JL SHORT lcsebody.00416C1B + * 00416C2A 5F POP EDI + * 00416C2B 5E POP ESI + * 00416C2C 5B POP EBX + * 00416C2D 83C4 08 ADD ESP,0x8 + * 00416C30 C3 RETN + * 00416C31 8A8E 20050000 MOV CL,BYTE PTR DS:[ESI+0x520] + * 00416C37 3ACB CMP CL,BL + * 00416C39 74 15 JE SHORT lcsebody.00416C50 + * 00416C3B B8 70F14800 MOV EAX,lcsebody.0048F170 + * 00416C40 3B38 CMP EDI,DWORD PTR DS:[EAX] + * 00416C42 74 21 JE SHORT lcsebody.00416C65 + * 00416C44 83C0 04 ADD EAX,0x4 + * 00416C47 3D 7CF14800 CMP EAX,lcsebody.0048F17C + * 00416C4C ^7C F2 JL SHORT lcsebody.00416C40 + * 00416C4E EB 1B JMP SHORT lcsebody.00416C6B + * 00416C50 B8 50F14800 MOV EAX,lcsebody.0048F150 + * 00416C55 3B38 CMP EDI,DWORD PTR DS:[EAX] ; jichi: compare current wide character with a threshold (0x8169 = "(") + * 00416C57 74 0C JE SHORT lcsebody.00416C65 + * 00416C59 83C0 04 ADD EAX,0x4 + * 00416C5C 3D 70F14800 CMP EAX,lcsebody.0048F170 + * 00416C61 ^7C F2 JL SHORT lcsebody.00416C55 + * 00416C63 EB 06 JMP SHORT lcsebody.00416C6B + * 00416C65 FF86 24050000 INC DWORD PTR DS:[ESI+0x524] + * 00416C6B 3ACB CMP CL,BL + * 00416C6D 74 15 JE SHORT lcsebody.00416C84 + * 00416C6F B8 9CF14800 MOV EAX,lcsebody.0048F19C + * 00416C74 3B38 CMP EDI,DWORD PTR DS:[EAX] + * 00416C76 74 21 JE SHORT lcsebody.00416C99 + * 00416C78 83C0 04 ADD EAX,0x4 + * 00416C7B 3D A8F14800 CMP EAX,lcsebody.0048F1A8 + * 00416C80 ^7C F2 JL SHORT lcsebody.00416C74 + * 00416C82 EB 2A JMP SHORT lcsebody.00416CAE + * 00416C84 B8 7CF14800 MOV EAX,lcsebody.0048F17C + * 00416C89 3B38 CMP EDI,DWORD PTR DS:[EAX] + * 00416C8B 74 0C JE SHORT lcsebody.00416C99 + * 00416C8D 83C0 04 ADD EAX,0x4 + * 00416C90 3D 9CF14800 CMP EAX,lcsebody.0048F19C + * 00416C95 ^7C F2 JL SHORT lcsebody.00416C89 + * 00416C97 EB 15 JMP SHORT lcsebody.00416CAE + * 00416C99 8B86 24050000 MOV EAX,DWORD PTR DS:[ESI+0x524] + * 00416C9F 48 DEC EAX + * 00416CA0 8986 24050000 MOV DWORD PTR DS:[ESI+0x524],EAX + * 00416CA6 79 06 JNS SHORT lcsebody.00416CAE + * 00416CA8 899E 24050000 MOV DWORD PTR DS:[ESI+0x524],EBX + * 00416CAE 57 PUSH EDI + * 00416CAF 8BCE MOV ECX,ESI + * 00416CB1 E8 20A5FEFF CALL lcsebody.004011D6 + * 00416CB6 8B86 EC000000 MOV EAX,DWORD PTR DS:[ESI+0xEC] + * 00416CBC 8A9430 08010000 MOV DL,BYTE PTR DS:[EAX+ESI+0x108] + * 00416CC3 83C0 02 ADD EAX,0x2 + * 00416CC6 885424 0C MOV BYTE PTR SS:[ESP+0xC],DL + * 00416CCA 8A8C30 07010000 MOV CL,BYTE PTR DS:[EAX+ESI+0x107] + * 00416CD1 884C24 0D MOV BYTE PTR SS:[ESP+0xD],CL + * 00416CD5 885C24 0E MOV BYTE PTR SS:[ESP+0xE],BL + * 00416CD9 E9 77010000 JMP lcsebody.00416E55 + * 00416CDE 8B96 EC000000 MOV EDX,DWORD PTR DS:[ESI+0xEC] + * 00416CE4 C686 20050000 01 MOV BYTE PTR DS:[ESI+0x520],0x1 + * 00416CEB 8A8C16 08010000 MOV CL,BYTE PTR DS:[ESI+EDX+0x108] + * 00416CF2 8D8416 08010000 LEA EAX,DWORD PTR DS:[ESI+EDX+0x108] + * 00416CF9 80F9 1F CMP CL,0x1F + * 00416CFC 77 54 JA SHORT lcsebody.00416D52 + * 00416CFE 80F9 03 CMP CL,0x3 + * 00416D01 75 06 JNZ SHORT lcsebody.00416D09 + * 00416D03 899E 28050000 MOV DWORD PTR DS:[ESI+0x528],EBX + * 00416D09 8A00 MOV AL,BYTE PTR DS:[EAX] + * 00416D0B 83EC 0C SUB ESP,0xC + * 00416D0E 8D5424 18 LEA EDX,DWORD PTR SS:[ESP+0x18] + * 00416D12 8BCC MOV ECX,ESP + * 00416D14 896424 1C MOV DWORD PTR SS:[ESP+0x1C],ESP + * 00416D18 8DBE FC000000 LEA EDI,DWORD PTR DS:[ESI+0xFC] + * 00416D1E 52 PUSH EDX + * 00416D1F 51 PUSH ECX + * 00416D20 8BCF MOV ECX,EDI + * 00416D22 884424 20 MOV BYTE PTR SS:[ESP+0x20],AL + * 00416D26 885C24 21 MOV BYTE PTR SS:[ESP+0x21],BL + * 00416D2A E8 D0A8FEFF CALL lcsebody.004015FF + * 00416D2F 8BCF MOV ECX,EDI + * 00416D31 E8 A1A8FEFF CALL lcsebody.004015D7 + * 00416D36 8B8E EC000000 MOV ECX,DWORD PTR DS:[ESI+0xEC] + * 00416D3C 0FBE8431 0801000> MOVSX EAX,BYTE PTR DS:[ECX+ESI+0x108] + * 00416D44 41 INC ECX + * 00416D45 898E EC000000 MOV DWORD PTR DS:[ESI+0xEC],ECX + * 00416D4B 5F POP EDI + * 00416D4C 5E POP ESI + * 00416D4D 5B POP EBX + * 00416D4E 83C4 08 ADD ESP,0x8 + * 00416D51 C3 RETN + * 00416D52 8BCE MOV ECX,ESI + * 00416D54 E8 9DACFEFF CALL lcsebody.004019F6 + * 00416D59 3BC3 CMP EAX,EBX + * 00416D5B 74 4A JE SHORT lcsebody.00416DA7 + * 00416D5D 389E 2C050000 CMP BYTE PTR DS:[ESI+0x52C],BL + * 00416D63 0F84 24010000 JE lcsebody.00416E8D + * 00416D69 389E 20050000 CMP BYTE PTR DS:[ESI+0x520],BL + * 00416D6F 74 1B JE SHORT lcsebody.00416D8C + * 00416D71 B9 34F14800 MOV ECX,lcsebody.0048F134 + * 00416D76 3919 CMP DWORD PTR DS:[ECX],EBX + * 00416D78 74 2D JE SHORT lcsebody.00416DA7 + * 00416D7A 83C1 04 ADD ECX,0x4 + * 00416D7D 81F9 50F14800 CMP ECX,lcsebody.0048F150 + * 00416D83 ^7C F1 JL SHORT lcsebody.00416D76 + * 00416D85 5F POP EDI + * 00416D86 5E POP ESI + * 00416D87 5B POP EBX + * 00416D88 83C4 08 ADD ESP,0x8 + * 00416D8B C3 RETN + * 00416D8C B9 00F14800 MOV ECX,lcsebody.0048F100 + * 00416D91 3919 CMP DWORD PTR DS:[ECX],EBX + * 00416D93 74 12 JE SHORT lcsebody.00416DA7 + * 00416D95 83C1 04 ADD ECX,0x4 + * 00416D98 81F9 34F14800 CMP ECX,lcsebody.0048F134 + * 00416D9E ^7C F1 JL SHORT lcsebody.00416D91 + * 00416DA0 5F POP EDI + * 00416DA1 5E POP ESI + * 00416DA2 5B POP EBX + * 00416DA3 83C4 08 ADD ESP,0x8 + * 00416DA6 C3 RETN + * 00416DA7 8B86 EC000000 MOV EAX,DWORD PTR DS:[ESI+0xEC] + * 00416DAD 8A96 20050000 MOV DL,BYTE PTR DS:[ESI+0x520] + * 00416DB3 0FBEBC06 08010000 MOVSX EDI,BYTE PTR DS:[ESI+EAX+0x108] ; jichi: edi get assigned to the illegal character + * 00416DBB 8BCF MOV ECX,EDI + * 00416DBD C1E1 08 SHL ECX,0x8 + * 00416DC0 3AD3 CMP DL,BL + * 00416DC2 74 15 JE SHORT lcsebody.00416DD9 + * 00416DC4 B8 70F14800 MOV EAX,lcsebody.0048F170 + * 00416DC9 3B08 CMP ECX,DWORD PTR DS:[EAX] + * 00416DCB 74 21 JE SHORT lcsebody.00416DEE + * 00416DCD 83C0 04 ADD EAX,0x4 + * 00416DD0 3D 7CF14800 CMP EAX,lcsebody.0048F17C + * 00416DD5 ^7C F2 JL SHORT lcsebody.00416DC9 + * 00416DD7 EB 1B JMP SHORT lcsebody.00416DF4 + * 00416DD9 B8 50F14800 MOV EAX,lcsebody.0048F150 + * 00416DDE 3B08 CMP ECX,DWORD PTR DS:[EAX] + * 00416DE0 74 0C JE SHORT lcsebody.00416DEE + * 00416DE2 83C0 04 ADD EAX,0x4 + * 00416DE5 3D 70F14800 CMP EAX,lcsebody.0048F170 + * 00416DEA ^7C F2 JL SHORT lcsebody.00416DDE + * 00416DEC EB 06 JMP SHORT lcsebody.00416DF4 + * 00416DEE FF86 24050000 INC DWORD PTR DS:[ESI+0x524] + * 00416DF4 3AD3 CMP DL,BL + * 00416DF6 74 15 JE SHORT lcsebody.00416E0D + * 00416DF8 B8 9CF14800 MOV EAX,lcsebody.0048F19C + * 00416DFD 3B08 CMP ECX,DWORD PTR DS:[EAX] + * 00416DFF 74 21 JE SHORT lcsebody.00416E22 + * 00416E01 83C0 04 ADD EAX,0x4 + * 00416E04 3D A8F14800 CMP EAX,lcsebody.0048F1A8 + * 00416E09 ^7C F2 JL SHORT lcsebody.00416DFD + * 00416E0B EB 2A JMP SHORT lcsebody.00416E37 + * 00416E0D B8 7CF14800 MOV EAX,lcsebody.0048F17C + * 00416E12 3B08 CMP ECX,DWORD PTR DS:[EAX] + * 00416E14 74 0C JE SHORT lcsebody.00416E22 + * 00416E16 83C0 04 ADD EAX,0x4 + * 00416E19 3D 9CF14800 CMP EAX,lcsebody.0048F19C + * 00416E1E ^7C F2 JL SHORT lcsebody.00416E12 + * 00416E20 EB 15 JMP SHORT lcsebody.00416E37 + * 00416E22 8B86 24050000 MOV EAX,DWORD PTR DS:[ESI+0x524] + * 00416E28 48 DEC EAX + * 00416E29 8986 24050000 MOV DWORD PTR DS:[ESI+0x524],EAX + * 00416E2F 79 06 JNS SHORT lcsebody.00416E37 + * 00416E31 899E 24050000 MOV DWORD PTR DS:[ESI+0x524],EBX + * 00416E37 57 PUSH EDI ; jichi: invalid character + * 00416E38 8BCE MOV ECX,ESI + * 00416E3A E8 97A3FEFF CALL lcsebody.004011D6 ; jichi: char in arg1 + * 00416E3F 8B86 EC000000 MOV EAX,DWORD PTR DS:[ESI+0xEC] + */ + + ULONG patchEncoding(ULONG startAddress, ULONG stopAddress) + { + const uint8_t bytes[] = { + 0x8b, 0x4c, 0x24, 0x04, // 0040a380 8b4c24 04 mov ecx,dword ptr ss:[esp+0x4] + 0x8a, 0x01, // 0040a384 8a01 mov al,byte ptr ds:[ecx] + 0x8a, 0x49, 0x01, // 0040a386 8a49 01 mov cl,byte ptr ds:[ecx+0x1] + 0x3c, 0x81 // 0040a389 3c 81 cmp al,0x81 + }; + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), startAddress, stopAddress); + return addr; // && winhook::replace_fun(addr, (ULONG)Private::isLeadByteChar); + } + + } // namespace Patch +} // unnamed namespace + +bool LCScript::attach_function() +{ + + if (!ScenarioHook::attach(processStartAddress, processStopAddress, Patch::patchEncoding(processStartAddress, processStopAddress))) + return false; + + return true; +} \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine32/LCScript.h b/cpp/LunaHook/LunaHook/engine32/LCScript.h new file mode 100644 index 00000000..f4deb07d --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/LCScript.h @@ -0,0 +1,16 @@ + + +#define LCSE_0 "[0]" // pseudo separator +#define LCSE_0W L"[0]" // pseudo separator +class LCScript:public ENGINE{ + public: + LCScript(){ + + check_by=CHECK_BY::CUSTOM; + // jichi 3/19/2014: LC-ScriptEngine, GetGlyphOutlineA + check_by_target=[](){ + return (wcsstr(processName, L"lcsebody") || !wcsncmp(processName, L"lcsebo~", 7) || Util::CheckFile(L"lcsebody*")); + }; + }; + bool attach_function(); +}; \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine32/Leaf.cpp b/cpp/LunaHook/LunaHook/engine32/Leaf.cpp new file mode 100644 index 00000000..75f1f35a --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/Leaf.cpp @@ -0,0 +1,766 @@ +#include"Leaf.h" + + +/** jichi 12/25/2014: Leaf/AQUAPLUS + * Sample game: [141224] [AQUAPLUS] WHITE ALBUM2 ミニアフタースト�リー + * Debug method: hardware break found text + * The text address is fixed. + * There are three matched functions. + * It can find both character name and scenario. + * + * The scenario text contains "\n" or "\k". + * + * 0045145C CC INT3 + * 0045145D CC INT3 + * 0045145E CC INT3 + * 0045145F CC INT3 + * 00451460 D9EE FLDZ + * 00451462 56 PUSH ESI + * 00451463 8B7424 08 MOV ESI,DWORD PTR SS:[ESP+0x8] + * 00451467 D95E 0C FSTP DWORD PTR DS:[ESI+0xC] + * 0045146A 57 PUSH EDI + * 0045146B 8BF9 MOV EDI,ECX + * 0045146D 8B97 B0A00000 MOV EDX,DWORD PTR DS:[EDI+0xA0B0] + * 00451473 33C0 XOR EAX,EAX + * 00451475 3BD0 CMP EDX,EAX + * 00451477 C706 05000000 MOV DWORD PTR DS:[ESI],0x5 + * 0045147D C746 04 03000000 MOV DWORD PTR DS:[ESI+0x4],0x3 + * 00451484 8946 10 MOV DWORD PTR DS:[ESI+0x10],EAX + * 00451487 8946 08 MOV DWORD PTR DS:[ESI+0x8],EAX + * 0045148A 7F 0D JG SHORT .00451499 + * 0045148C 8987 B0A00000 MOV DWORD PTR DS:[EDI+0xA0B0],EAX + * 00451492 5F POP EDI + * 00451493 8BC6 MOV EAX,ESI + * 00451495 5E POP ESI + * 00451496 C2 0400 RETN 0x4 + * 00451499 8D0492 LEA EAX,DWORD PTR DS:[EDX+EDX*4] + * 0045149C 53 PUSH EBX + * 0045149D 8B9C87 B08C0000 MOV EBX,DWORD PTR DS:[EDI+EAX*4+0x8CB0] + * 004514A4 8D0487 LEA EAX,DWORD PTR DS:[EDI+EAX*4] + * 004514A7 55 PUSH EBP + * 004514A8 8D6B FF LEA EBP,DWORD PTR DS:[EBX-0x1] + * 004514AB B9 04000000 MOV ECX,0x4 + * 004514B0 3BE9 CMP EBP,ECX + * 004514B2 0F87 10020000 JA .004516C8 + * 004514B8 FF24AD E8164500 JMP DWORD PTR DS:[EBP*4+0x4516E8] + * 004514BF 8B80 C08C0000 MOV EAX,DWORD PTR DS:[EAX+0x8CC0] + * 004514C5 8D0480 LEA EAX,DWORD PTR DS:[EAX+EAX*4] + * 004514C8 03C0 ADD EAX,EAX + * 004514CA 0FBE9400 6416BC0>MOVSX EDX,BYTE PTR DS:[EAX+EAX+0xBC1664] + * 004514D2 03C0 ADD EAX,EAX + * 004514D4 8D5A FF LEA EBX,DWORD PTR DS:[EDX-0x1] + * 004514D7 3BD9 CMP EBX,ECX + * 004514D9 0F87 B9000000 JA .00451598 + * 004514DF FF249D FC164500 JMP DWORD PTR DS:[EBX*4+0x4516FC] + * 004514E6 0FB688 6516BC00 MOVZX ECX,BYTE PTR DS:[EAX+0xBC1665] + * 004514ED FF8F B0A00000 DEC DWORD PTR DS:[EDI+0xA0B0] + * 004514F3 5D POP EBP + * 004514F4 5B POP EBX + * 004514F5 5F POP EDI + * 004514F6 894E 10 MOV DWORD PTR DS:[ESI+0x10],ECX + * 004514F9 8BC6 MOV EAX,ESI + * 004514FB 5E POP ESI + * 004514FC C2 0400 RETN 0x4 + * 004514FF 0FBF90 6616BC00 MOVSX EDX,WORD PTR DS:[EAX+0xBC1666] + * 00451506 FF8F B0A00000 DEC DWORD PTR DS:[EDI+0xA0B0] + * 0045150C 5D POP EBP + * 0045150D 5B POP EBX + * 0045150E 5F POP EDI + * 0045150F 8956 10 MOV DWORD PTR DS:[ESI+0x10],EDX + * 00451512 8BC6 MOV EAX,ESI + * 00451514 5E POP ESI + * 00451515 C2 0400 RETN 0x4 + * 00451518 8B80 6816BC00 MOV EAX,DWORD PTR DS:[EAX+0xBC1668] + * 0045151E FF8F B0A00000 DEC DWORD PTR DS:[EDI+0xA0B0] + * 00451524 5D POP EBP + * 00451525 5B POP EBX + * 00451526 8946 10 MOV DWORD PTR DS:[ESI+0x10],EAX + * 00451529 5F POP EDI + * 0045152A 8BC6 MOV EAX,ESI + * 0045152C 5E POP ESI + * 0045152D C2 0400 RETN 0x4 + * 00451530 D980 6C16BC00 FLD DWORD PTR DS:[EAX+0xBC166C] + * 00451536 FF8F B0A00000 DEC DWORD PTR DS:[EDI+0xA0B0] + * 0045153C 5D POP EBP + * 0045153D D95E 0C FSTP DWORD PTR DS:[ESI+0xC] + * 00451540 5B POP EBX + * 00451541 5F POP EDI + * 00451542 894E 04 MOV DWORD PTR DS:[ESI+0x4],ECX + * 00451545 8BC6 MOV EAX,ESI + * 00451547 5E POP ESI + * 00451548 C2 0400 RETN 0x4 + * 0045154B 8B80 7016BC00 MOV EAX,DWORD PTR DS:[EAX+0xBC1670] + * 00451551 8D58 01 LEA EBX,DWORD PTR DS:[EAX+0x1] + * 00451554 8A10 MOV DL,BYTE PTR DS:[EAX] + * 00451556 40 INC EAX + * 00451557 84D2 TEST DL,DL + * 00451559 ^75 F9 JNZ SHORT .00451554 + * 0045155B 2BC3 SUB EAX,EBX + * 0045155D 8D58 01 LEA EBX,DWORD PTR DS:[EAX+0x1] + * 00451560 53 PUSH EBX + * 00451561 6A 00 PUSH 0x0 + * 00451563 53 PUSH EBX + * 00451564 6A 00 PUSH 0x0 + * 00451566 FF15 74104A00 CALL DWORD PTR DS:[0x4A1074] ; kernel32.GetProcessHeap + * 0045156C 50 PUSH EAX + * 0045156D FF15 B4104A00 CALL DWORD PTR DS:[0x4A10B4] ; ntdll.RtlAllocateHeap + * 00451573 50 PUSH EAX + * 00451574 E8 373F0200 CALL .004754B0 + * 00451579 8B8F B0A00000 MOV ECX,DWORD PTR DS:[EDI+0xA0B0] + * 0045157F 8D0C89 LEA ECX,DWORD PTR DS:[ECX+ECX*4] + * 00451582 8B8C8F C08C0000 MOV ECX,DWORD PTR DS:[EDI+ECX*4+0x8CC0] + * 00451589 8D1489 LEA EDX,DWORD PTR DS:[ECX+ECX*4] + * 0045158C 8B0C95 7016BC00 MOV ECX,DWORD PTR DS:[EDX*4+0xBC1670] + * 00451593 E9 0C010000 JMP .004516A4 + * 00451598 52 PUSH EDX + * 00451599 68 A8644A00 PUSH .004A64A8 + * 0045159E E9 2B010000 JMP .004516CE + * 004515A3 8D9492 2D230000 LEA EDX,DWORD PTR DS:[EDX+EDX*4+0x232D] + * 004515AA 8B1C97 MOV EBX,DWORD PTR DS:[EDI+EDX*4] + * 004515AD 85DB TEST EBX,EBX + * 004515AF 0F8C 23010000 JL .004516D8 + * 004515B5 8B80 C08C0000 MOV EAX,DWORD PTR DS:[EAX+0x8CC0] + * 004515BB 99 CDQ + * 004515BC BD 1A000000 MOV EBP,0x1A + * 004515C1 F7FD IDIV EBP + * 004515C3 C1E2 04 SHL EDX,0x4 + * 004515C6 03D3 ADD EDX,EBX + * 004515C8 85C0 TEST EAX,EAX + * 004515CA 74 1C JE SHORT .004515E8 + * 004515CC D98497 34A70000 FLD DWORD PTR DS:[EDI+EDX*4+0xA734] + * 004515D3 FF8F B0A00000 DEC DWORD PTR DS:[EDI+0xA0B0] + * 004515D9 5D POP EBP + * 004515DA D95E 0C FSTP DWORD PTR DS:[ESI+0xC] + * 004515DD 5B POP EBX + * 004515DE 5F POP EDI + * 004515DF 894E 04 MOV DWORD PTR DS:[ESI+0x4],ECX + * 004515E2 8BC6 MOV EAX,ESI + * 004515E4 5E POP ESI + * 004515E5 C2 0400 RETN 0x4 + * 004515E8 8B8497 B4A00000 MOV EAX,DWORD PTR DS:[EDI+EDX*4+0xA0B4] + * 004515EF FF8F B0A00000 DEC DWORD PTR DS:[EDI+0xA0B0] + * 004515F5 5D POP EBP + * 004515F6 5B POP EBX + * 004515F7 8946 10 MOV DWORD PTR DS:[ESI+0x10],EAX + * 004515FA 5F POP EDI + * 004515FB 8BC6 MOV EAX,ESI + * 004515FD 5E POP ESI + * 004515FE C2 0400 RETN 0x4 + * 00451601 8B88 C08C0000 MOV ECX,DWORD PTR DS:[EAX+0x8CC0] + * 00451607 D980 BC8C0000 FLD DWORD PTR DS:[EAX+0x8CBC] + * 0045160D 894E 10 MOV DWORD PTR DS:[ESI+0x10],ECX + * 00451610 D95E 0C FSTP DWORD PTR DS:[ESI+0xC] + * 00451613 8B88 B88C0000 MOV ECX,DWORD PTR DS:[EAX+0x8CB8] + * 00451619 894E 08 MOV DWORD PTR DS:[ESI+0x8],ECX + * 0045161C 8D9492 2D230000 LEA EDX,DWORD PTR DS:[EDX+EDX*4+0x232D] + * 00451623 8B0C97 MOV ECX,DWORD PTR DS:[EDI+EDX*4] + * 00451626 894E 04 MOV DWORD PTR DS:[ESI+0x4],ECX + * 00451629 33C9 XOR ECX,ECX + * 0045162B 8988 B08C0000 MOV DWORD PTR DS:[EAX+0x8CB0],ECX + * 00451631 8988 B48C0000 MOV DWORD PTR DS:[EAX+0x8CB4],ECX + * 00451637 8988 B88C0000 MOV DWORD PTR DS:[EAX+0x8CB8],ECX + * 0045163D 5D POP EBP + * 0045163E 8988 BC8C0000 MOV DWORD PTR DS:[EAX+0x8CBC],ECX + * 00451644 8988 C08C0000 MOV DWORD PTR DS:[EAX+0x8CC0],ECX + * 0045164A FF8F B0A00000 DEC DWORD PTR DS:[EDI+0xA0B0] + * 00451650 5B POP EBX + * 00451651 5F POP EDI + * 00451652 8BC6 MOV EAX,ESI + * 00451654 5E POP ESI + * 00451655 C2 0400 RETN 0x4 + * 00451658 8B90 C08C0000 MOV EDX,DWORD PTR DS:[EAX+0x8CC0] + * 0045165E 8B8497 14080000 MOV EAX,DWORD PTR DS:[EDI+EDX*4+0x814] ; jichi: text in eax + * 00451665 8D58 01 LEA EBX,DWORD PTR DS:[EAX+0x1] ; jichi: hook here would crash + * 00451668 8A10 MOV DL,BYTE PTR DS:[EAX] ; jichi: text accessed here in eax + * 0045166A 40 INC EAX + * 0045166B 84D2 TEST DL,DL + * 0045166D ^75 F9 JNZ SHORT .00451668 + * 0045166F 2BC3 SUB EAX,EBX ; jichi: hook here, text in ebx-1 + * 00451671 8D58 01 LEA EBX,DWORD PTR DS:[EAX+0X1] + * 00451674 53 PUSH EBX + * 00451675 6A 00 PUSH 0x0 + * 00451677 53 PUSH EBX + * 00451678 6A 00 PUSH 0x0 + * 0045167A FF15 74104A00 CALL DWORD PTR DS:[0x4A1074] ; kernel32.GetProcessHeap + * 00451680 50 PUSH EAX + * 00451681 FF15 B4104A00 CALL DWORD PTR DS:[0x4A10B4] ; ntdll.RtlAllocateHeap + * 00451687 50 PUSH EAX + * 00451688 E8 233E0200 CALL .004754B0 + * 0045168D 8B8F B0A00000 MOV ECX,DWORD PTR DS:[EDI+0xA0B0] + * 00451693 8D0C89 LEA ECX,DWORD PTR DS:[ECX+ECX*4] + * 00451696 8B948F C08C0000 MOV EDX,DWORD PTR DS:[EDI+ECX*4+0x8CC0] + * 0045169D 8B8C97 14080000 MOV ECX,DWORD PTR DS:[EDI+EDX*4+0x814] ; jichi: text in ecx + * 004516A4 53 PUSH EBX + * 004516A5 51 PUSH ECX + * 004516A6 50 PUSH EAX + * 004516A7 8946 08 MOV DWORD PTR DS:[ESI+0x8],EAX + * 004516AA E8 31410200 CALL .004757E0 + * 004516AF 83C4 18 ADD ESP,0x18 + * 004516B2 FF8F B0A00000 DEC DWORD PTR DS:[EDI+0xA0B0] + * 004516B8 5D POP EBP + * 004516B9 5B POP EBX + * 004516BA 5F POP EDI + * 004516BB C746 04 05000000 MOV DWORD PTR DS:[ESI+0x4],0x5 + * 004516C2 8BC6 MOV EAX,ESI + * 004516C4 5E POP ESI + * 004516C5 C2 0400 RETN 0x4 + * 004516C8 53 PUSH EBX + * 004516C9 68 8C644A00 PUSH .004A648C + * 004516CE 6A 00 PUSH 0x0 + * 004516D0 E8 6BABFFFF CALL .0044C240 + * 004516D5 83C4 0C ADD ESP,0xC + * 004516D8 FF8F B0A00000 DEC DWORD PTR DS:[EDI+0xA0B0] + * 004516DE 5D POP EBP + * 004516DF 5B POP EBX + * 004516E0 5F POP EDI + * 004516E1 8BC6 MOV EAX,ESI + * 004516E3 5E POP ESI + * 004516E4 C2 0400 RETN 0x4 + * 004516E7 90 NOP + * 004516E8 BF 144500A3 MOV EDI,0xA3004514 + * 004516ED 15 45005816 ADC EAX,0x16580045 + * 004516F2 45 INC EBP + * 004516F3 00C8 ADD AL,CL + * 004516F5 16 PUSH SS + * 004516F6 45 INC EBP + * 004516F7 0001 ADD BYTE PTR DS:[ECX],AL + * 004516F9 16 PUSH SS + * 004516FA 45 INC EBP + * 004516FB 00E6 ADD DH,AH + * 004516FD 14 45 ADC AL,0x45 + * 004516FF 00FF ADD BH,BH + * 00451701 14 45 ADC AL,0x45 + * 00451703 0018 ADD BYTE PTR DS:[EAX],BL + * 00451705 15 45003015 ADC EAX,0x15300045 + * 0045170A 45 INC EBP + * 0045170B 004B 15 ADD BYTE PTR DS:[EBX+0x15],CL + * 0045170E 45 INC EBP + * 0045170F 0083 7C240800 ADD BYTE PTR DS:[EBX+0x8247C],AL + * 00451715 56 PUSH ESI + * 00451716 8BF1 MOV ESI,ECX + * 00451718 74 29 JE SHORT .00451743 + * 0045171A 8B86 B0A00000 MOV EAX,DWORD PTR DS:[ESI+0xA0B0] + * 00451720 3D FF000000 CMP EAX,0xFF + * 00451725 7C 15 JL SHORT .0045173C + * 00451727 68 74644A00 PUSH .004A6474 + * 0045172C 6A 00 PUSH 0x0 + * 0045172E E8 0DABFFFF CALL .0044C240 + * 00451733 83C4 08 ADD ESP,0x8 + * 00451736 33C0 XOR EAX,EAX + * 00451738 5E POP ESI + * 00451739 C2 0800 RETN 0x8 + * 0045173C 40 INC EAX + * 0045173D 8986 B0A00000 MOV DWORD PTR DS:[ESI+0xA0B0],EAX + * 00451743 8B86 B0A00000 MOV EAX,DWORD PTR DS:[ESI+0xA0B0] + * 00451749 8D0C80 LEA ECX,DWORD PTR DS:[EAX+EAX*4] + * 0045174C 8D0C8E LEA ECX,DWORD PTR DS:[ESI+ECX*4] + * 0045174F 57 PUSH EDI + * 00451750 8BB9 B08C0000 MOV EDI,DWORD PTR DS:[ECX+0x8CB0] + * 00451756 8BD7 MOV EDX,EDI + * 00451758 83EA 01 SUB EDX,0x1 + * 0045175B 74 70 JE SHORT .004517CD + * 0045175D 83EA 01 SUB EDX,0x1 + * 00451760 74 1A JE SHORT .0045177C + * 00451762 57 PUSH EDI + * 00451763 68 CC644A00 PUSH .004A64CC + * 00451768 6A 00 PUSH 0x0 + * 0045176A E8 D1AAFFFF CALL .0044C240 + * 0045176F 83C4 0C ADD ESP,0xC + * 00451772 5F POP EDI + * 00451773 B8 01000000 MOV EAX,0x1 + * 00451778 5E POP ESI + * 00451779 C2 0800 RETN 0x8 + * 0045177C 8D9480 2D230000 LEA EDX,DWORD PTR DS:[EAX+EAX*4+0x232D] + * 00451783 8B3C96 MOV EDI,DWORD PTR DS:[ESI+EDX*4] + * 00451786 85FF TEST EDI,EDI + * 00451788 0F8C C8000000 JL .00451856 + * 0045178E 8B81 C08C0000 MOV EAX,DWORD PTR DS:[ECX+0x8CC0] + * 00451794 99 CDQ + * 00451795 B9 1A000000 MOV ECX,0x1A + * 0045179A F7F9 IDIV ECX + * 0045179C C1E2 04 SHL EDX,0x4 + * 0045179F 03D7 ADD EDX,EDI + * 004517A1 85C0 TEST EAX,EAX + * 004517A3 74 13 JE SHORT .004517B8 + * 004517A5 DB4424 0C FILD DWORD PTR SS:[ESP+0xC] + * 004517A9 5F POP EDI + * 004517AA 8D41 E7 LEA EAX,DWORD PTR DS:[ECX-0x19] + * 004517AD D99C96 34A70000 FSTP DWORD PTR DS:[ESI+EDX*4+0xA734] + * 004517B4 5E POP ESI + * 004517B5 C2 0800 RETN 0x8 + * 004517B8 8B4424 0C MOV EAX,DWORD PTR SS:[ESP+0xC] + * 004517BC 898496 B4A00000 MOV DWORD PTR DS:[ESI+EDX*4+0xA0B4],EAX + * 004517C3 5F POP EDI + * 004517C4 B8 01000000 MOV EAX,0x1 + * 004517C9 5E POP ESI + * 004517CA C2 0800 RETN 0x8 + * 004517CD 8B89 C08C0000 MOV ECX,DWORD PTR DS:[ECX+0x8CC0] + * 004517D3 8D0489 LEA EAX,DWORD PTR DS:[ECX+ECX*4] + * 004517D6 03C0 ADD EAX,EAX + * 004517D8 0FBE9400 6416BC0>MOVSX EDX,BYTE PTR DS:[EAX+EAX+0xBC1664] + * 004517E0 03C0 ADD EAX,EAX + * 004517E2 8D7A FF LEA EDI,DWORD PTR DS:[EDX-0x1] + * 004517E5 83FF 04 CMP EDI,0x4 + * 004517E8 77 41 JA SHORT .0045182B + * 004517EA FF24BD 60184500 JMP DWORD PTR DS:[EDI*4+0x451860] + * 004517F1 8A4C24 0C MOV CL,BYTE PTR SS:[ESP+0xC] + * 004517F5 8888 6516BC00 MOV BYTE PTR DS:[EAX+0xBC1665],CL + * 004517FB EB 3E JMP SHORT .0045183B + * 004517FD 66:8B5424 0C MOV DX,WORD PTR SS:[ESP+0xC] + * 00451802 66:8990 6616BC00 MOV WORD PTR DS:[EAX+0xBC1666],DX + * 00451809 EB 30 JMP SHORT .0045183B + * 0045180B 8B4C24 0C MOV ECX,DWORD PTR SS:[ESP+0xC] + * 0045180F 8988 6816BC00 MOV DWORD PTR DS:[EAX+0xBC1668],ECX + * 00451815 EB 24 JMP SHORT .0045183B + * 00451817 DB4424 0C FILD DWORD PTR SS:[ESP+0xC] + * 0045181B D998 6C16BC00 FSTP DWORD PTR DS:[EAX+0xBC166C] + * 00451821 EB 18 JMP SHORT .0045183B + * 00451823 51 PUSH ECX + * 00451824 68 BC644A00 PUSH .004A64BC + * 00451829 EB 06 JMP SHORT .00451831 + * 0045182B 52 PUSH EDX + * 0045182C 68 A8644A00 PUSH .004A64A8 + * 00451831 6A 00 PUSH 0x0 + * 00451833 E8 08AAFFFF CALL .0044C240 + * 00451838 83C4 0C ADD ESP,0xC + * 0045183B 8B86 B0A00000 MOV EAX,DWORD PTR DS:[ESI+0xA0B0] + * 00451841 8D1480 LEA EDX,DWORD PTR DS:[EAX+EAX*4] + * 00451844 8B8496 C08C0000 MOV EAX,DWORD PTR DS:[ESI+EDX*4+0x8CC0] + * 0045184B 6A 00 PUSH 0x0 + * 0045184D 50 PUSH EAX + * 0045184E E8 FDF0FFFF CALL .00450950 + * 00451853 83C4 08 ADD ESP,0x8 + * 00451856 5F POP EDI + * 00451857 B8 01000000 MOV EAX,0x1 + * 0045185C 5E POP ESI + * 0045185D C2 0800 RETN 0x8 + * 00451860 F1 INT1 + * 00451861 17 POP SS ; Modification of segment register + * 00451862 45 INC EBP + * 00451863 00FD ADD CH,BH + * 00451865 17 POP SS ; Modification of segment register + * 00451866 45 INC EBP + * 00451867 000B ADD BYTE PTR DS:[EBX],CL + * 00451869 1845 00 SBB BYTE PTR SS:[EBP],AL + * 0045186C 17 POP SS ; Modification of segment register + * 0045186D 1845 00 SBB BYTE PTR SS:[EBP],AL + * 00451870 2318 AND EBX,DWORD PTR DS:[EAX] + * 00451872 45 INC EBP + * 00451873 00CC ADD AH,CL + * 00451875 CC INT3 + * 00451876 CC INT3 + * 00451877 CC INT3 + * 00451878 CC INT3 + * 00451879 CC INT3 + * 0045187A CC INT3 + * 0045187B CC INT3 + * 0045187C CC INT3 + * 0045187D CC INT3 + * + * EAX 00000038 + * ECX 00000004 ; jichi: fixed + * EDX 00000000 ; jichi: fixed + * EBX 00321221 + * ESP 0012FD98 + * EBP 00000002 + * ESI 0012FDC4 + * EDI 079047E0 + * EIP 00451671 .00451671 + */ +namespace{ + std::string save; + int role; +} +static void SpecialHookLeaf(hook_stack *stack, HookParam *hp, TextBuffer *buffer, uintptr_t *split) +{ + DWORD text = stack->ebx - 1; // = ebx -1 + save=std::string((LPSTR)text,::strlen((LPCSTR)text)); + *split = FIXED_SPLIT_VALUE; // only caller's address use as split + buffer->from(save); +} +// Remove both \n and \k +static bool LeafFilter(LPVOID data, size_t *size, HookParam *) +{ + LPSTR text = (LPSTR)data; + if (::memchr(text, '\\', *size)) { + StringFilter(text, reinterpret_cast(size), "\\n", 2); + StringFilter(text, reinterpret_cast(size), "\\k", 2); + } + return true; +} +namespace{ +void hook2(hook_stack *stack, HookParam *hp, TextBuffer *buffer, uintptr_t *split) + { + strReplace(save,"\\k",""); + static std::regex rx(""); + save= std::regex_replace(save, rx, "$1"); + buffer->from(save); + } + void hook2a(hook_stack*s,void* data1, size_t len) + { + s->ecx=(DWORD)allocateString(std::string_view((char*)data1,len)); + } +} +bool InsertLeafHook() +{ + const BYTE bytes[] = { + 0x8b,0x90, XX4, // 00451658 8b90 c08c0000 mov edx,dword ptr ds:[eax+0x8cc0] + 0x8b,0x84,0x97, XX4, // 0045165e 8b8497 14080000 mov eax,dword ptr ds:[edi+edx*4+0x814] + // The above is needed as there are other matches + 0x8d,0x58, 0x01, // 00451665 8d58 01 lea ebx,dword ptr ds:[eax+0x1] ; jichi: hook here would crash because of jump + 0x8a,0x10, // 00451668 8a10 mov dl,byte ptr ds:[eax] ; jichi: text accessed here in eax + 0x40, // 0045166a 40 inc eax + 0x84,0xd2, // 0045166b 84d2 test dl,dl + 0x75, 0xf9, // 0045166d ^75 f9 jnz short .00451668 + 0x2b,0xc3, // 0045166f 2bc3 sub eax,ebx ; jichi: hook here, text in ebx-1 + 0x8d,0x58, 0x01 // 00451671 8d58 01 lea ebx,dword ptr ds:[eax+0x1] + //0x53, // 00451674 53 push ebx + //0x6a, 0x00, // 00451675 6a 00 push 0x0 + //0x53, // 00451677 53 push ebx + //0x6a, 0x00, // 00451678 6a 00 push 0x0 + //0xff,0x15 // 0045167a ff15 74104a00 call dword ptr ds:[0x4a1074] ; kernel32.getprocessheap + }; + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStopAddress); + enum { addr_offset = 0x0045166f - 0x00451658 }; + //GROWL_DWORD(addr); + if (!addr) { + ConsoleOutput("Leaf: pattern not found"); + return false; + } + + HookParam hp; + hp.address = addr + addr_offset; + //hp.offset=get_reg(regs::eax); + hp.type = USING_STRING|USING_SPLIT; // use top of the stack as split + hp.text_fun = SpecialHookLeaf; + //hp.filter_fun = NewLineStringFilterA; // remove two characters of "\\n" + hp.filter_fun = LeafFilter; // remove two characters + ConsoleOutput("INSERT Leaf"); + auto succ=NewHook(hp, "Leaf"); + + //ConsoleOutput("Leaf: disable GDI hooks"); + // 0045165E 8B8497 14080000 MOV EAX,DWORD PTR DS:[EDI+EDX*4+0x814] ; jichi: text in eax, hook1 hook after here to replace eax + // 0045169D 8B8C97 14080000 MOV ECX,DWORD PTR DS:[EDI+EDX*4+0x814] ; jichi: text in ecx, hook2 hook after here to replace ecx + const uint8_t bytes1[] = { 0x8b,0x84,0x97, 0x14,0x08,0x00,0x00 }, + bytes2[] = { 0x8b,0x8c,0x97, 0x14,0x08,0x00,0x00 }; + + + ULONG addr1 = MemDbg::findBytes(bytes1, sizeof(bytes1), processStartAddress, processStopAddress), + addr2 = MemDbg::findBytes(bytes2, sizeof(bytes2), processStartAddress, processStopAddress); + if (!addr1 || !addr2) + return true; + HookParam hp1; + //这个会卡死,无解 + // hp.address=addr1+7; + // hp.hook_before=Private::hook1; + // hp.hook_after=Private::hookafterbf; + // hp.type=EMBED_ABLE; + //NewHook(hp,"EmbedLeaf"); + hp1.address=addr2+7; + hp1.text_fun=hook2; + hp1.hook_after=hook2a; + hp1.type=EMBED_ABLE|EMBED_DYNA_SJIS|NO_CONTEXT; + hp1.newlineseperator=L"\\n"; + succ|=NewHook(hp1,"EmbedLeaf"); + return succ; +} +bool activehook() +{ + + /* + * Sample games: + * https://vndb.org/v2477 + */ + const BYTE bytes[] = { + 0x56, // push esi << hook here + 0xE8, XX4, // call HEARTWORK.EXE+134F0 + 0x83, 0xC4, 0x38, // add esp,38 + 0x5F, // pop edi + 0x5D, // pop ebp + 0x5B, // pop ebx + 0xE8, XX4 // call HEARTWORK.EXE+1AF80 + }; + + ULONG range = min(processStopAddress - processStartAddress, MAX_REL_ADDR); + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStartAddress + range); + if (!addr) return false; + HookParam hp; + hp.address = addr; + hp.offset=get_reg(regs::ecx); + hp.type = USING_STRING; + return NewHook(hp, "active"); +} +bool AquaplusFilter(LPVOID data, size_t *size, HookParam *) +{ + auto text = reinterpret_cast(data); + auto len = reinterpret_cast(size); + + CharReplacer(text, len, '^', '\"'); + StringCharReplacer(text, len, "\\n", 2, ' '); + StringFilter(text, len, "\\k", 2); + StringFilter(text, len, "\\p", 2); + if (cpp_strnstr(text, " + StringFilter(text, len, "", 1); + } + StringFilter(text, len, "'); + + if (*len == 0) return false; + + return true; +} + +bool InsertAquaplus1Hook() +{ + + /* + * Sample games: + * https://vndb.org/r20439 + */ + const BYTE bytes[] = { + 0xCC, // int 3 + 0x53, // push ebx << hook here + 0x8B, 0x5C, 0x24, 0x0C, // mov ebx,[esp+0C] + 0x55, // push ebp + 0x8B, 0x6C, 0x24, 0x0C, // mov ebp,[esp+0C] + 0x56, // push esi + 0x57, // push edi + 0x8B, 0x7D, 0x24, // mov edi,[ebp+24] + 0x85, 0xFF // test edi,edi + }; + + ULONG range = min(processStopAddress - processStartAddress, MAX_REL_ADDR); + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStartAddress + range); + if (!addr) return false; + + HookParam hp; + hp.address = addr + 1; + hp.offset=get_stack(2); + hp.type = USING_STRING; + hp.filter_fun = AquaplusFilter; + return NewHook(hp, "Aquaplus1"); +} + +bool InsertAquaplus2Hook() +{ + + /* + * Sample games: + * https://vndb.org/r108249 + */ + const BYTE bytes[] = { + 0xC6, 0x04, 0x30 , 0x00, // mov byte ptr [eax+esi],00 << hook here + 0x8B, 0xF2, // mov esi,edx + 0x8A, 0x02, // mov al,[edx] + 0x42, // inc edx + 0x84, 0xC0, // test al,al + 0x75, 0xF9 // jne "WHITE ALBUM Memories like Falling Snow.exe"+85253 + }; + + ULONG range = min(processStopAddress - processStartAddress, MAX_REL_ADDR); + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStartAddress + range); + if (!addr) return false; + + HookParam hp; + hp.address = addr; + hp.offset=get_reg(regs::ebx); + hp.index = 0; + hp.split = get_reg(regs::esp); + hp.split_index = 0; + hp.type = USING_STRING | NO_CONTEXT | USING_SPLIT |CODEC_UTF8; + hp.filter_fun = AquaplusFilter; + return NewHook(hp, "Aquaplus2"); +} +bool InsertAquaplus3Hook() +{ + /* + * Sample games: + * Dungeon Travelers 2: The Royal Library & the Monster Seal + */ + const BYTE bytes[] = { + 0xCC, // int 3 + 0x80, 0x3D, XX4, 0x00, // cmp byte ptr [DT2_en.exe+3052EC],00 << hook here + 0x75, 0x67, // jne DT2_en.exe+89DC0 + 0x56, // push esi + 0xBA, XX4 // mov edx,DT2_en.exe+3051E0 + }; + + ULONG range = min(processStopAddress - processStartAddress, MAX_REL_ADDR); + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStartAddress + range); + if (!addr)return false; + HookParam hp; + hp.address = addr + 1; + hp.offset = get_reg(regs::eax); + hp.type = CODEC_UTF8 | USING_STRING | NO_CONTEXT; + hp.filter_fun = NewLineCharToSpaceFilterA; + return NewHook(hp, "Aquaplus3"); +} +bool InsertAquaplusHooks() +{ return InsertAquaplus1Hook() || InsertAquaplus2Hook()||InsertAquaplus3Hook();} + +namespace{ + bool kizuato(){ + const BYTE bytes[] = { + //痕 ~きずあと~  + 0x3c,0xa0, + 0x0f,0x82,XX4, + 0x3c,0xe0, + 0x0f,0x83 + }; + const BYTE bytes2[] = { + //雫 ~しずく~  + 0x80,0xf9,0xa0, + 0x0f,0x82,XX4, + 0x80,0xf9,0xe0, + 0x0f,0x83 + }; + ULONG range = min(processStopAddress - processStartAddress, MAX_REL_ADDR); + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStartAddress + range); + if (!addr) addr = MemDbg::findBytes(bytes2, sizeof(bytes2), processStartAddress, processStartAddress + range);\ + if (!addr) return false; + ConsoleOutput("%x",addr); + BYTE subespbegin[]={0x81,0xEC,XX,0x01,0x00,0x00}; + addr=reverseFindBytes(subespbegin,sizeof(subespbegin),addr-0x500,addr); + ConsoleOutput("%x",addr); + if (!addr) return false; + HookParam hp; + hp.address = addr; + hp.offset =0x34; + hp.type = USING_STRING ; + + hp.text_fun =[](hook_stack *stack, HookParam *hp, TextBuffer *buffer, uintptr_t *split){ + static std::unordered_map last; + auto ret=stack->stack[0]; + if(last.find(ret)==last.end())last[ret]=""; + auto current=std::string((char*)stack->stack[13]); + if(last[ret]==current)return ; + last[ret]=current; + strReplace(current, "\\k\\n","\n"); + strReplace(current,"\\n" ,"" ); + strReplace(current,"\\k" ,"" ); + strReplace(current,"\\s" ,"" ); + current=std::regex_replace(current, std::regex(R"(\|(.*?)>)"),"$1"); + strReplace(current,"", "" ); + buffer->from(current); + }; + return NewHook(hp, "kizuato"); + } +} +namespace{ + //WHITE ALBUM2 Special Contents + /* + int __cdecl sub_40DE00(char *Source, int a2) + { + int v2; // eax + int v3; // edx + _DWORD *v4; // esi + unsigned __int8 *v5; // edi + unsigned __int8 *v6; // ebx + double v7; // st7 + float v9; // [esp+0h] [ebp-14h] + float v10; // [esp+4h] [ebp-10h] + + sub_4033B0(Source, 0); + v2 = sub_405100(); + sub_4050E0(v2 - 1); + v4 = (_DWORD *)(4 * v3 + 4961380); + v5 = (unsigned __int8 *)(4 * v3 + 4961381); + v6 = (unsigned __int8 *)(4 * v3 + 4961382); + if ( dword_4CFC84 ) + sub_44B0A0( + 452, + 0, + Source, + 28, + 40, + 15, + 0, + 14, + 32, + 40, + 1, + BYTE2(dword_4BB464[v3]), + BYTE1(dword_4BB464[v3]), + (unsigned __int8)dword_4BB464[v3], + BYTE2(dword_4BB490), + BYTE1(dword_4BB490), + (unsigned __int8)dword_4BB490, + 1); + else + sub_44B0A0( + 452, + 0, + Source, + 28, + 28, + 4, + 0, + 14, + 32, + 40, + 1, + BYTE2(dword_4BB464[v3]), + BYTE1(dword_4BB464[v3]), + (unsigned __int8)dword_4BB464[v3], + BYTE2(dword_4BB490), + BYTE1(dword_4BB490), + (unsigned __int8)dword_4BB490, + 1); + sub_44B490(1091, 0, 4183, 1); + if ( dword_4D00E4 ) + sub_44B110(dword_4D00F0 + 1, *v6, *v5, (unsigned __int8)*v4, -1, -1, -1); + sub_44B540(1091, 2); + if ( dword_4CFC84 ) + { + v10 = 26.0; + v7 = 75.0; + } + else + { + v10 = 536.0; + v7 = 274.0; + } + v9 = v7; + sub_44B730(1091, v9, v10); + sub_44B7F0(1091, 640.0, 624.0); + sub_44B940(1091, 2); + dword_4CFC64 = (unsigned int)(dword_4CFC64 - 1) <= 1; + dword_4CFC78 = a2; + dword_4CFC74 = 0; + dword_4CFC7C = 0; + dword_4CFC98 = 0; + sub_44B4E0(1091, 0); + return sub_44B4F0(1091, dword_4CFC7C); + } + */ + bool wa2special(){ + BYTE sig[]={ + 0x6A,0x01,0x6A,0x28,0x6A,0x20,0x6A,0x0E,0x6A,0x00,0x6A,0x0F,0x6A,0x28,0x6A,0x1C, + // .text:0040DE70 push 1 + // .text:0040DE72 push 28h ; '(' + // .text:0040DE74 push 20h ; ' ' + // .text:0040DE76 push 0Eh + // .text:0040DE78 push 0 + // .text:0040DE7A push 0Fh + // .text:0040DE7C push 28h ; '(' + // .text:0040DE7E push 1Ch + }; + auto addr = MemDbg::findBytes(sig, sizeof(sig), processStartAddress, processStopAddress ); + if (!addr)return false; + addr=MemDbg::findEnclosingAlignedFunction_strict(addr); + if (!addr)return false; + HookParam hp; + hp.address = addr; + hp.offset=get_stack(1); + hp.type = USING_STRING | NO_CONTEXT|EMBED_ABLE|EMBED_DYNA_SJIS|EMBED_AFTER_NEW; + hp.newlineseperator=L"\\n"; + hp.filter_fun = AquaplusFilter; + return NewHook(hp, "wa2special"); + } +} +bool Leaf::attach_function() { + return InsertLeafHook()||activehook()||InsertAquaplusHooks()||kizuato()||wa2special(); +} \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine32/Leaf.h b/cpp/LunaHook/LunaHook/engine32/Leaf.h new file mode 100644 index 00000000..f696aae7 --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/Leaf.h @@ -0,0 +1,13 @@ + + +class Leaf:public ENGINE{ + public: + Leaf(){ + + check_by=CHECK_BY::FILE_ANY; + //check_by_target=L"*.pak"; + check_by_target=check_by_list{L"*.pak",L"Data\\*.pck"}; + is_engine_certain=false; + }; + bool attach_function(); +}; \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine32/Lightvn.cpp b/cpp/LunaHook/LunaHook/engine32/Lightvn.cpp new file mode 100644 index 00000000..f953d02a --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/Lightvn.cpp @@ -0,0 +1,83 @@ +#include"Lightvn.h" + +//https://vndb.org/r?f=fwLight_evn- + +void SpecialHookLightvnA(hook_stack *stack, HookParam *hp, TextBuffer *buffer, uintptr_t *split) +{ + //[Parser::ReadScriptBreak] curline:'"「次は[水縹]<みはなだ>駅、水縹駅――お出口は左側です」' + + //[PARSETOKENS] line:.始発でここまで来ているのは俺くらいなものだろう。 + //(scenario:T) (script:00.txt, lineNo:30) + //[PARSETOKENS] line:"電車には俺のほかに数人乗っている程度。\c + //(scenario:F) (script:00.txt, lineNo:29) + std::string s=(char*)stack->stack[1]; + //std::regex _1("\\[Parser::ReadScriptBreak\\] curline:'[\"\\.]([\\s\\S]*?)'([\\s\\S]*?)");//对于多行显示不全 + //std::regex _2("\\[PARSETOKENS\\] line:([\\s\\S]*?)\\(scenario:([\\s\\S]*?)"); + std::regex _2("\\[PARSETOKENS\\] line:[-\"\\.]+([\\s\\S]*?)\\(scenario:([\\s\\S]*?)"); + std::regex _3("\\[PARSETOKENS\\] line:([\\s\\S]*?)backlogName = '([\\s\\S]*?)'([\\s\\S]*?)"); + std::smatch match; std::string _; + if (std::regex_match(s, match, _2)) { + _=std::string(match[1]); + _ = std::regex_replace(_, std::regex("\\[(.*?)\\]<(.*?)>"), "$1"); + strReplace(_,"\\c",""); + strReplace(_,"\\w",""); + *split=1; + } + else if (std::regex_match(s, match, _3)) { + _=std::string(match[2]); + *split=2; + } + buffer->from(_); +} + +void SpecialHookLightvnW(hook_stack *stack, HookParam *hp, TextBuffer *buffer, uintptr_t *split) +{ + std::wstring s((wchar_t*)stack->stack[1]); + std::wregex _2(L"\\[PARSETOKENS\\] line:[-\"\\.]+([\\s\\S]*?)\\(scenario:([\\s\\S]*?)"); + std::wregex _3(L"\\[PARSETOKENS\\] line:([\\s\\S]*?)backlogName = '([\\s\\S]*?)'([\\s\\S]*?)"); + std::wsmatch match; std::wstring _; + if (std::regex_match(s, match, _2)) { + _=std::wstring(match[1]); + _ = std::regex_replace(_, std::wregex(L"\\[(.*?)\\]<(.*?)>"), L"$1"); + strReplace(_,L"\\c",L""); + strReplace(_,L"\\w",L""); + *split=1; + } + else if (std::regex_match(s, match, _3)) { + _=std::wstring(match[2]); + *split=2; + } + buffer->from(_); +} +bool InsertLightvnHook() +{ + wcscpy_s(spDefault.boundaryModule, L"Engine.dll"); + /*// This hooking method also has decent results, but hooking OutputDebugString seems better + const BYTE bytes[] = { 0x8d, 0x55, 0xfe, 0x52 }; + for (auto addr : Util::SearchMemory(bytes, sizeof(bytes), PAGE_EXECUTE_READ, (uintptr_t)GetModuleHandleW(L"Engine.dll"))) + { + HookParam hp; + hp.address = MemDbg::findEnclosingAlignedFunction(addr); + hp.type = CODEC_UTF16 | USING_STRING; + hp.offset=get_stack(1); + NewHook(hp, "Light.vn"); + }*/ + VirtualProtect(IsDebuggerPresent, 2, PAGE_EXECUTE_READWRITE, DUMMY); + *(uint16_t*)IsDebuggerPresent = 0xc340; // asm for inc eax ret + HookParam hp; + hp.address = (uintptr_t)OutputDebugStringA; + hp.type = CODEC_UTF8 | USING_STRING; + hp.offset=get_stack(1); + hp.text_fun = SpecialHookLightvnA; + auto succ=NewHook(hp, "OutputDebugStringA"); + hp.address = (uintptr_t)OutputDebugStringW; + hp.type = CODEC_UTF16 | USING_STRING; + hp.text_fun = SpecialHookLightvnW; + succ|=NewHook(hp, "OutputDebugStringW"); + return succ; +} + +bool Lightvn::attach_function() { + + return InsertLightvnHook(); +} \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine32/Lightvn.h b/cpp/LunaHook/LunaHook/engine32/Lightvn.h new file mode 100644 index 00000000..28c655c3 --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/Lightvn.h @@ -0,0 +1,13 @@ + + +class Lightvn:public ENGINE{ + public: + Lightvn(){ + + check_by=CHECK_BY::CUSTOM; + check_by_target=[](){ + return GetModuleHandleW(L"Engine.dll") && GetModuleHandleW(L"BugTrapU.dll"); + }; + }; + bool attach_function(); +}; diff --git a/cpp/LunaHook/LunaHook/engine32/Live.cpp b/cpp/LunaHook/LunaHook/engine32/Live.cpp new file mode 100644 index 00000000..bbf03b38 --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/Live.cpp @@ -0,0 +1,50 @@ +#include"Live.h" +bool InsertLiveDynamicHook(LPVOID addr, DWORD frame, DWORD stack) +{ + if (addr != ::GetGlyphOutlineA || !frame) + return false; + DWORD k = *(DWORD *)frame; + k = *(DWORD *)(k + 4); + if (*(BYTE *)(k - 5) != 0xe8) + k = *(DWORD *)(frame + 4); + DWORD j = k + *(DWORD *)(k - 4); + if (j > processStartAddress && j < processStopAddress) { + HookParam hp; + hp.address = j; + hp.offset = get_reg(regs::edx); + hp.type = CODEC_ANSI_BE; + ConsoleOutput("INSERT DynamicLive"); + return NewHook(hp, "Live"); + //RegisterEngineType(ENGINE_LIVE); + } + ConsoleOutput("DynamicLive: failed"); + return true; // jichi 12/25/2013: return true +} +//void InsertLiveHook() +//{ +// ConsoleOutput("Probably Live. Wait for text."); +// trigger_fun=InsertLiveDynamicHook; +// SwitchTrigger(true); +//} +bool InsertLiveHook() +{ + const BYTE ins[] = {0x64,0x89,0x20,0x8b,0x45,0x0c,0x50}; + ULONG addr = MemDbg::findBytes(ins, sizeof(ins), processStartAddress, processStopAddress); + if (!addr) { + ConsoleOutput("Live: pattern not found"); + return false; + } + HookParam hp; + hp.address = addr; + hp.offset = get_reg(regs::edx); + hp.type = CODEC_ANSI_BE; + ConsoleOutput("INSERT Live"); + return NewHook(hp, "Live"); + //RegisterEngineType(ENGINE_LIVE); + //else ConsoleOutput("Unknown Live engine"); +} + +bool Live::attach_function() { + + return InsertLiveHook(); +} \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine32/Live.h b/cpp/LunaHook/LunaHook/engine32/Live.h new file mode 100644 index 00000000..04e725f2 --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/Live.h @@ -0,0 +1,11 @@ + + +class Live:public ENGINE{ + public: + Live(){ + + check_by=CHECK_BY::FILE; + check_by_target=L"live.dll"; + }; + bool attach_function(); +}; \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine32/LovaGame.cpp b/cpp/LunaHook/LunaHook/engine32/LovaGame.cpp new file mode 100644 index 00000000..276da10a --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/LovaGame.cpp @@ -0,0 +1,70 @@ +#include"LovaGame.h" + + bool LovaGame::attach_function(){ + return false; +#if 0 + /** 7/19/2015: Game engine specific for http://lova.jp + * + * No idea why hooking to this place will crash the game. + * + * Debugging method: + * - Find text in UTF8/UTF16 + * There is one UTF8 matched, and 2 UTF16 + * - Use virtual machine to find where UTF8 is MODIFIED + * It is modified in msvcrt + * - Backtrack the stack to find where text is accessed in main module + * + * Base addr = 05f0000 + * + * 012FF246 C64418 08 00 MOV BYTE PTR DS:[EAX+EBX+0x8],0x0 + * 012FF24B C740 04 01000000 MOV DWORD PTR DS:[EAX+0x4],0x1 + * 012FF252 8918 MOV DWORD PTR DS:[EAX],EBX + * 012FF254 8BF0 MOV ESI,EAX + * 012FF256 8B45 08 MOV EAX,DWORD PTR SS:[EBP+0x8] + * 012FF259 53 PUSH EBX + * 012FF25A 50 PUSH EAX + * 012FF25B 8D4E 08 LEA ECX,DWORD PTR DS:[ESI+0x8] + * 012FF25E 51 PUSH ECX + * 012FF25F E8 CEAE2A00 CALL .015AA132 ; JMP to msvcr100.memcpy, copied here + * 012FF264 8B07 MOV EAX,DWORD PTR DS:[EDI] + * 012FF266 83E0 03 AND EAX,0x3 + * 012FF269 0BF0 OR ESI,EAX + * 012FF26B 83C4 0C ADD ESP,0xC + * 012FF26E 8937 MOV DWORD PTR DS:[EDI],ESI + * 012FF270 8B75 FC MOV ESI,DWORD PTR SS:[EBP-0x4] + */ + + ULONG processStartAddress, processStopAddress; + if (!FillRange(processName,&startAddress, &stopAddress)) { // need accurate stopAddress + ConsoleOutput("LOVA: failed to get memory range"); + return false; + } + + const BYTE bytes[] = { + 0xC6,0x44,0x18, 0x08, 0x00, // 012FF246 C64418 08 00 MOV BYTE PTR DS:[EAX+EBX+0x8],0x0 + 0xC7,0x40, 0x04, 0x01,0x00,0x00,0x00, // 012FF24B C740 04 01000000 MOV DWORD PTR DS:[EAX+0x4],0x1 + 0x89,0x18, // 012FF252 8918 MOV DWORD PTR DS:[EAX],EBX + 0x8B,0xF0, // 012FF254 8BF0 MOV ESI,EAX + 0x8B,0x45, 0x08, // 012FF256 8B45 08 MOV EAX,DWORD PTR SS:[EBP+0x8] + 0x53, // 012FF259 53 PUSH EBX + 0x50, // 012FF25A 50 PUSH EAX + 0x8D,0x4E, 0x08, // 012FF25B 8D4E 08 LEA ECX,DWORD PTR DS:[ESI+0x8] + 0x51, // 012FF25E 51 PUSH ECX + 0xE8 //CEAE2A00 // 012FF25F E8 CEAE2A00 CALL .015AA132 ; JMP to msvcr100.memcpy, copied here + }; + enum { addr_offset = sizeof(bytes) - 1 }; + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStopAddress); + if (!addr) { + ConsoleOutput("LOVA: could not find instruction pattern"); + return false; + } + + HookParam hp; + hp.address = addr + addr_offset; + //hp.text_fun = SpecialGameHookLova; + hp.offset=get_stack(2); // source in arg2 + hp.type = USING_STRING|RELATIVE_SPLIT; + ConsoleOutput("INSERT LOVA"); + return NewHook(hp, "LOVA"); +#endif + } \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine32/LovaGame.h b/cpp/LunaHook/LunaHook/engine32/LovaGame.h new file mode 100644 index 00000000..6cf1a46f --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/LovaGame.h @@ -0,0 +1,11 @@ + +class LovaGame:public ENGINE{ + public: + LovaGame(){ + + check_by=CHECK_BY::FILE_ALL; + check_by_target=check_by_list{L"UE3ShaderCompileWorker.exe",L"awesomium_process.exe"}; + dontstop=true; + } + bool attach_function(); +}; \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine32/LunaSoft.cpp b/cpp/LunaHook/LunaHook/engine32/LunaSoft.cpp new file mode 100644 index 00000000..696751de --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/LunaSoft.cpp @@ -0,0 +1,528 @@ +#include "LunaSoft.h" +/** jichi 12/27/2014 LunaSoft + * Sample game: [141226] [LunaSoft] 悪堕ラビリンス -- /hsn8@46C5EF + * + * /hsn8@46C5EF + * - addr: 0x46C5EF + * - off: 8 + * - type: 1025 = 0x401 + * + * - 0046c57e cc int3 + * - 0046c57f cc int3 + * - 0046c580 55 push ebp ; jichi: text in arg1 + * - 0046c581 8bec mov ebp,esp + * - 0046c583 83ec 08 sub esp,0x8 + * - 0046c586 894d f8 mov dword ptr ss:[ebp-0x8],ecx + * - 0046c589 8b4d f8 mov ecx,dword ptr ss:[ebp-0x8] + * - 0046c58c 83c1 1c add ecx,0x1c + * - 0046c58f e8 2cebf9ff call .0040b0c0 + * - 0046c594 8b00 mov eax,dword ptr ds:[eax] + * - 0046c596 8945 fc mov dword ptr ss:[ebp-0x4],eax + * - 0046c599 837d fc 00 cmp dword ptr ss:[ebp-0x4],0x0 + * - 0046c59d 75 21 jnz short .0046c5c0 + * - 0046c59f 8b4d f8 mov ecx,dword ptr ss:[ebp-0x8] + * - 0046c5a2 83c1 28 add ecx,0x28 + * - 0046c5a5 e8 16ebf9ff call .0040b0c0 + * - 0046c5aa 8b08 mov ecx,dword ptr ds:[eax] + * - 0046c5ac 894d fc mov dword ptr ss:[ebp-0x4],ecx + * - 0046c5af 8b55 fc mov edx,dword ptr ss:[ebp-0x4] + * - 0046c5b2 52 push edx + * - 0046c5b3 8b4d f8 mov ecx,dword ptr ss:[ebp-0x8] + * - 0046c5b6 83c1 28 add ecx,0x28 + * - 0046c5b9 e8 82d9f9ff call .00409f40 + * - 0046c5be eb 0f jmp short .0046c5cf + * - 0046c5c0 8b45 fc mov eax,dword ptr ss:[ebp-0x4] + * - 0046c5c3 50 push eax + * - 0046c5c4 8b4d f8 mov ecx,dword ptr ss:[ebp-0x8] + * - 0046c5c7 83c1 1c add ecx,0x1c + * - 0046c5ca e8 71d9f9ff call .00409f40 + * - 0046c5cf 837d fc 00 cmp dword ptr ss:[ebp-0x4],0x0 + * - 0046c5d3 75 02 jnz short .0046c5d7 + * - 0046c5d5 eb 61 jmp short .0046c638 + * - 0046c5d7 8b4d fc mov ecx,dword ptr ss:[ebp-0x4] + * - 0046c5da e8 b1cdf9ff call .00409390 + * - 0046c5df 8b4d 08 mov ecx,dword ptr ss:[ebp+0x8] + * - 0046c5e2 51 push ecx ; jichi: text in ecx + * - 0046c5e3 68 38010000 push 0x138 + * - 0046c5e8 8b55 fc mov edx,dword ptr ss:[ebp-0x4] + * - 0046c5eb 83c2 08 add edx,0x8 + * - 0046c5ee 52 push edx + * - 0046c5ef ff15 88b24c00 call dword ptr ds:[0x4cb288] ; msvcr90.strcpy_s, jichi: text accessed here in arg2 + * - 0046c5f5 83c4 0c add esp,0xc + * - 0046c5f8 8b45 0c mov eax,dword ptr ss:[ebp+0xc] + * - 0046c5fb 50 push eax + * - 0046c5fc 6a 10 push 0x10 + */ +// Remove: \n\s* +// This is dangerous since \n could appear within SJIS +// static bool LunaSoftFilter(LPVOID data, size_t *size, HookParam *) +//{ +// size_t len = *size; +// char *str = reinterpret_cast(data), +// *cur; +// +// while (len && +// (cur = ::memchr(str, '\n', len)) && +// --len) { +// ::memmove(cur, cur + 1, len - (cur - str)); +// while (cur < str + len) +// if (::isspace(*cur) && --len) +// ::memmove(cur, cur + 1, len - (cur - str)); +// else if (len >= 2 && ::iswspace(*(LPCWSTR)cur) && (len-=2)) +// ::memmove(cur, cur + 2, len - (cur - str)); +// else +// break; +// } +// +// *size = len; +// return true; +//} +bool InsertLunaSoftHook() +{ + const BYTE bytes[] = { + 0xcc, // 0046c57e cc int3 + 0xcc, // 0046c57f cc int3 + 0x55, // 0046c580 55 push ebp ; jichi: text in arg1 + 0x8b, 0xec, // 0046c581 8bec mov ebp,esp + 0x83, 0xec, 0x08, // 0046c583 83ec 08 sub esp,0x8 + 0x89, 0x4d, 0xf8, // 0046c586 894d f8 mov dword ptr ss:[ebp-0x8],ecx + 0x8b, 0x4d, 0xf8, // 0046c589 8b4d f8 mov ecx,dword ptr ss:[ebp-0x8] + 0x83, 0xc1, 0x1c, // 0046c58c 83c1 1c add ecx,0x1c + 0xe8 // 0046c58f e8 2cebf9ff call .0040b0c0 + }; + enum + { + addr_offset = 2 + }; + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStopAddress); + // GROWL(addr); + if (!addr) + { + ConsoleOutput("LunaSoft: pattern not found"); + return false; + } + HookParam hp; + hp.address = addr + addr_offset; + hp.offset = get_stack(1); + hp.type = USING_STRING; + // hp.filter_fun = LunaSoftFilter; // remove \n + ConsoleOutput("INSERT LunaSoft"); + return NewHook(hp, "LunaSoft"); + + // There are no GDI functions anyway + // ConsoleOutput("LunaSoft: disable GDI hooks"); + // +} +bool InsertXXkata() +{ + // アイリスフィールド + + // 素晴らしき国家の築き方 + // 浮遊都市の作り方 + // 正しい性奴隷の使い方 + + // HSNc@0:user32.dll:wsprintfA + auto addr = GetProcAddress(GetModuleHandleW(L"user32.dll"), "wsprintfA"); + if (addr == 0) + return false; + HookParam hp; + hp.address = (uint64_t)addr; + hp.type = USING_STRING | NO_CONTEXT; + hp.offset = get_stack(3); + hp.filter_fun = all_ascii_Filter; + return NewHook(hp, "XXkata"); +} + +namespace +{ // unnamed + namespace ScenarioHook + { + namespace Private + { + lru_cache cache_(100); + + /** + * Sample game: 悪堕ラビリンス, scenario return address: 0x42f6dc + * + * 0042F6C8 E8 335F0000 CALL lus004.00435600 + * 0042F6CD 8945 10 MOV DWORD PTR SS:[EBP+0x10],EAX + * 0042F6D0 8B55 10 MOV EDX,DWORD PTR SS:[EBP+0x10] + * 0042F6D3 52 PUSH EDX + * 0042F6D4 8B4D EC MOV ECX,DWORD PTR SS:[EBP-0x14] + * 0042F6D7 E8 34850500 CALL lus004.00487C10 + * 0042F6DC 8B45 10 MOV EAX,DWORD PTR SS:[EBP+0x10] ; jichi: retaddr + * 0042F6DF 50 PUSH EAX + * 0042F6E0 8B4D 08 MOV ECX,DWORD PTR SS:[EBP+0x8] + * 0042F6E3 E8 785E0000 CALL lus004.00435560 + * 0042F6E8 8945 10 MOV DWORD PTR SS:[EBP+0x10],EAX + * 0042F6EB E9 5E010000 JMP lus004.0042F84E + * 0042F6F0 8B4D 10 MOV ECX,DWORD PTR SS:[EBP+0x10] + */ + void hookBefore(hook_stack *s, HookParam *hp, TextBuffer *buffer, uintptr_t *role) + { + auto text = (LPCSTR)s->stack[1]; // arg1 + if (!text || !*text) // || Util::allAscii(text)) + return ; + std::string oldData = text; + if (cache_.exists(oldData)) + return ; + // 0042F6DC 8B45 10 MOV EAX,DWORD PTR SS:[EBP+0x10] ; jichi: retaddr + // 0042F6DF 50 PUSH EAX + ULONG retaddr = s->stack[0]; + *role = Engine::OtherRole; + if (*(DWORD *)retaddr == 0x5010458b) + *role = Engine::ScenarioRole; + buffer->from(oldData); + + } + void hookafter1(hook_stack *s, void *data1, size_t len) + { + static std::string newData; + newData = std::string((char *)data1, len); + newData = cache_.put(newData).first; + s->stack[1] = (ULONG)newData.c_str(); // arg1 + } + } // namespace Private + + /** + * Sample game: 悪堕ラビリンス + * + * Debugging method: Hook to all function that accessing the text + * Until find ones that can get text modified. + * + * This is the first function accessing the text. + * It is used for text size allocation. + * + * 00487C0E CC INT3 + * 00487C0F CC INT3 + * 00487C10 55 PUSH EBP + * 00487C11 8BEC MOV EBP,ESP + * 00487C13 51 PUSH ECX + * 00487C14 894D FC MOV DWORD PTR SS:[EBP-0x4],ECX + * 00487C17 8B45 FC MOV EAX,DWORD PTR SS:[EBP-0x4] + * 00487C1A 8B4D 08 MOV ECX,DWORD PTR SS:[EBP+0x8] + * 00487C1D 8988 AC020000 MOV DWORD PTR DS:[EAX+0x2AC],ECX + * 00487C23 8B55 FC MOV EDX,DWORD PTR SS:[EBP-0x4] + * 00487C26 D9EE FLDZ + * 00487C28 D99A B0020000 FSTP DWORD PTR DS:[EDX+0x2B0] + * 00487C2E 8B45 FC MOV EAX,DWORD PTR SS:[EBP-0x4] + * 00487C31 8B88 84000000 MOV ECX,DWORD PTR DS:[EAX+0x84] + * 00487C37 81E1 00000F00 AND ECX,0xF0000 + * 00487C3D C1E9 10 SHR ECX,0x10 + * 00487C40 83F9 02 CMP ECX,0x2 + * 00487C43 75 21 JNZ SHORT .00487C66 + * 00487C45 8B55 FC MOV EDX,DWORD PTR SS:[EBP-0x4] + * 00487C48 8B82 AC020000 MOV EAX,DWORD PTR DS:[EDX+0x2AC] + * 00487C4E 50 PUSH EAX + * 00487C4F 8B4D FC MOV ECX,DWORD PTR SS:[EBP-0x4] + * 00487C52 8B89 88000000 MOV ECX,DWORD PTR DS:[ECX+0x88] + * 00487C58 E8 0323FAFF CALL .00429F60 + * 00487C5D 8B55 FC MOV EDX,DWORD PTR SS:[EBP-0x4] + * 00487C60 8982 B8020000 MOV DWORD PTR DS:[EDX+0x2B8],EAX + * 00487C66 8BE5 MOV ESP,EBP + * 00487C68 5D POP EBP + * 00487C69 C2 0400 RETN 0x4 + * 00487C6C CC INT3 + * 00487C6D CC INT3 + * 00487C6E CC INT3 + * + * This is the function where text is being painted. + * + * 0042B1EE CC INT3 + * 0042B1EF CC INT3 + * 0042B1F0 55 PUSH EBP + * 0042B1F1 8BEC MOV EBP,ESP + * 0042B1F3 81EC 44010000 SUB ESP,0x144 + * 0042B1F9 898D E8FEFFFF MOV DWORD PTR SS:[EBP-0x118],ECX + * 0042B1FF 8B85 E8FEFFFF MOV EAX,DWORD PTR SS:[EBP-0x118] + * 0042B205 8378 24 00 CMP DWORD PTR DS:[EAX+0x24],0x0 + * 0042B209 75 05 JNZ SHORT lus004.0042B210 + * 0042B20B E9 2E070000 JMP lus004.0042B93E + * 0042B210 837D 08 00 CMP DWORD PTR SS:[EBP+0x8],0x0 + * 0042B214 75 05 JNZ SHORT lus004.0042B21B + * 0042B216 E9 23070000 JMP lus004.0042B93E + * 0042B21B C785 FCFEFFFF 00>MOV DWORD PTR SS:[EBP-0x104],0x0 + * 0042B225 C745 D0 00000000 MOV DWORD PTR SS:[EBP-0x30],0x0 + * 0042B22C C785 40FFFFFF 00>MOV DWORD PTR SS:[EBP-0xC0],0x0 + * 0042B236 8B4D 14 MOV ECX,DWORD PTR SS:[EBP+0x14] + * 0042B239 83E1 03 AND ECX,0x3 + * 0042B23C 83F9 01 CMP ECX,0x1 + * 0042B23F 75 07 JNZ SHORT lus004.0042B248 + * 0042B241 D9EE FLDZ + * 0042B243 D95D 88 FSTP DWORD PTR SS:[EBP-0x78] + * 0042B246 EB 1B JMP SHORT lus004.0042B263 + * 0042B248 8B55 14 MOV EDX,DWORD PTR SS:[EBP+0x14] + * 0042B24B 83E2 03 AND EDX,0x3 + * 0042B24E 83FA 02 CMP EDX,0x2 + * 0042B251 75 07 JNZ SHORT lus004.0042B25A + * 0042B253 D9E8 FLD1 + * 0042B255 D95D 88 FSTP DWORD PTR SS:[EBP-0x78] + * 0042B258 EB 09 JMP SHORT lus004.0042B263 + * 0042B25A D905 986A4E00 FLD DWORD PTR DS:[0x4E6A98] + * 0042B260 D95D 88 FSTP DWORD PTR SS:[EBP-0x78] + * 0042B263 8B45 14 MOV EAX,DWORD PTR SS:[EBP+0x14] + * 0042B266 83E0 0C AND EAX,0xC + * 0042B269 83F8 04 CMP EAX,0x4 + * 0042B26C 75 07 JNZ SHORT lus004.0042B275 + * 0042B26E D9EE FLDZ + * 0042B270 D95D AC FSTP DWORD PTR SS:[EBP-0x54] + * 0042B273 EB 1B JMP SHORT lus004.0042B290 + * 0042B275 8B4D 14 MOV ECX,DWORD PTR SS:[EBP+0x14] + * 0042B278 83E1 0C AND ECX,0xC + * 0042B27B 83F9 08 CMP ECX,0x8 + * 0042B27E 75 07 JNZ SHORT lus004.0042B287 + * 0042B280 D9E8 FLD1 + * 0042B282 D95D AC FSTP DWORD PTR SS:[EBP-0x54] + * 0042B285 EB 09 JMP SHORT lus004.0042B290 + * 0042B287 D905 986A4E00 FLD DWORD PTR DS:[0x4E6A98] + * 0042B28D D95D AC FSTP DWORD PTR SS:[EBP-0x54] + * 0042B290 8B55 0C MOV EDX,DWORD PTR SS:[EBP+0xC] + * 0042B293 D942 30 FLD DWORD PTR DS:[EDX+0x30] + * 0042B296 D99D 74FFFFFF FSTP DWORD PTR SS:[EBP-0x8C] + * 0042B29C 8B45 0C MOV EAX,DWORD PTR SS:[EBP+0xC] + * 0042B29F D940 34 FLD DWORD PTR DS:[EAX+0x34] + * 0042B2A2 D99D 78FFFFFF FSTP DWORD PTR SS:[EBP-0x88] + * 0042B2A8 8B8D E8FEFFFF MOV ECX,DWORD PTR SS:[EBP-0x118] + * 0042B2AE 8B51 2C MOV EDX,DWORD PTR DS:[ECX+0x2C] + * 0042B2B1 8995 E0FEFFFF MOV DWORD PTR SS:[EBP-0x120],EDX + * 0042B2B7 C785 E4FEFFFF 00>MOV DWORD PTR SS:[EBP-0x11C],0x0 + * 0042B2C1 DFAD E0FEFFFF FILD QWORD PTR SS:[EBP-0x120] + * 0042B2C7 DC0D 186A4E00 FMUL QWORD PTR DS:[0x4E6A18] + * 0042B2CD D99D 68FFFFFF FSTP DWORD PTR SS:[EBP-0x98] + * 0042B2D3 D9EE FLDZ + * 0042B2D5 D99D 6CFFFFFF FSTP DWORD PTR SS:[EBP-0x94] + * 0042B2DB D9EE FLDZ + * 0042B2DD D95D D4 FSTP DWORD PTR SS:[EBP-0x2C] + * 0042B2E0 8B85 E8FEFFFF MOV EAX,DWORD PTR SS:[EBP-0x118] + * 0042B2E6 8B48 2C MOV ECX,DWORD PTR DS:[EAX+0x2C] + * 0042B2E9 898D D8FEFFFF MOV DWORD PTR SS:[EBP-0x128],ECX + * 0042B2EF C785 DCFEFFFF 00>MOV DWORD PTR SS:[EBP-0x124],0x0 + * 0042B2F9 DFAD D8FEFFFF FILD QWORD PTR SS:[EBP-0x128] + * 0042B2FF D95D D8 FSTP DWORD PTR SS:[EBP-0x28] + * 0042B302 8B55 0C MOV EDX,DWORD PTR SS:[EBP+0xC] + * 0042B305 52 PUSH EDX + * 0042B306 8D85 00FFFFFF LEA EAX,DWORD PTR SS:[EBP-0x100] + * 0042B30C 50 PUSH EAX + * 0042B30D E8 3E6FFEFF CALL lus004.00412250 + * 0042B312 83C4 04 ADD ESP,0x4 + * 0042B315 D9E8 FLD1 + * 0042B317 D91C24 FSTP DWORD PTR SS:[ESP] + * 0042B31A 51 PUSH ECX + * 0042B31B D9EE FLDZ + * 0042B31D D91C24 FSTP DWORD PTR SS:[ESP] + * 0042B320 51 PUSH ECX + * 0042B321 D9EE FLDZ + * 0042B323 D91C24 FSTP DWORD PTR SS:[ESP] + * 0042B326 51 PUSH ECX + * 0042B327 D9EE FLDZ + * ... + * + * + * 0012FC68 089E0060 + * 0012FC6C 08AD9D00 + * 0012FC70 01D66B60 + * 0012FC74 00000000 + * 0012FC78 0012FDD0 + * 0012FC7C 00000000 + * 0012FC80 /0012FDD0 + * 0012FC84 |0042B43B RETURN to lus004.0042B43B from lus004.00429E50 + * 0012FC88 |02C2AB18 ; jichi: text is here + * 0012FC8C |0012FCAC + * 0012FC90 |00000000 + * 0012FC94 |0012FCC4 + * 0012FC98 |6186B837 RETURN to d3d9.6186B837 + * 0012FC9C |0029DFA0 + * 0012FCA0 |0012FCAC + * 0012FCA4 |00000000 + * 0012FCA8 |00000018 + * 0012FCAC |00000000 + * 0012FCB0 |00000018 + * 0012FCB4 |00000000 + * 0012FCB8 |01D66B60 + * 0012FCBC |00000000 + * 0012FCC0 |00000002 + * 0012FCC4 |0012FD24 + * 0012FCC8 |6186B774 RETURN to d3d9.6186B774 + * 0012FCCC |00000000 + * 0012FCD0 |3FA00000 + * 0012FCD4 |00000000 + * 0012FCD8 |00000000 + * 0012FCDC |00000000 + * 0012FCE0 |00000000 + * 0012FCE4 |3FA00000 + * 0012FCE8 |00000000 + * 0012FCEC |00000000 + * 0012FCF0 |00000000 + * 0012FCF4 |00000000 + * 0012FCF8 |3F800000 + * 0012FCFC |00000000 + * 0012FD00 |00000000 + * 0012FD04 |00000000 + * 0012FD08 |00000000 + * 0012FD0C |3F800000 + * 0012FD10 |00000000 + * 0012FD14 |FF000000 + * 0012FD18 |FF000000 + * 0012FD1C |FF000000 + * 0012FD20 |FF000000 + * 0012FD24 |00000000 + * 0012FD28 |0043E66F RETURN to lus004.0043E66F + * 0012FD2C |089E0060 + * 0012FD30 |00000005 + * 0012FD34 |01D670E0 + * 0012FD38 |41700000 + * 0012FD3C |00000000 + * 0012FD40 |00000000 + * 0012FD44 |42EC0000 + * 0012FD48 |4413C000 + * 0012FD4C |089E0060 + * 0012FD50 |01CC7504 + * 0012FD54 |00000000 + * 0012FD58 |00000000 + * 0012FD5C |08A3B600 + * 0012FD60 |0012FD78 + * 0012FD64 |6F5980B8 RETURN to prl_umdd.6F5980B8 from prl_umdd.6F597B05 + * 0012FD68 |0029DFA0 + * 0012FD6C |00000019 + * 0012FD70 |00000008 + * 0012FD74 |00000000 + * 0012FD78 |089E0060 + * 0012FD7C |00000000 + * 0012FD80 |00000001 + * 0012FD84 |01D1E670 + * 0012FD88 |61845418 d3d9.61845418 + * 0012FD8C |00000005 + * 0012FD90 |00000000 + * 0012FD94 |00000000 + * 0012FD98 |00000010 + * 0012FD9C |00000002 + * 0012FDA0 |00000000 + * 0012FDA4 |00000000 + * 0012FDA8 |41F00000 + * 0012FDAC |0012FDC8 + * 0012FDB0 |00406E55 RETURN to lus004.00406E55 from lus004.0043EC70 + * 0012FDB4 |00000000 + * 0012FDB8 |00000001 + * 0012FDBC |00000004 + * 0012FDC0 |01D66BF0 + * 0012FDC4 |01D1E670 + * 0012FDC8 |0012FDE0 + * 0012FDCC |00486701 RETURN to lus004.00486701 from lus004.00406E20 + * 0012FDD0 ]0012FE4C + * 0012FDD4 |004871D7 RETURN to lus004.004871D7 from lus004.0042B1F0 + * 0012FDD8 |02C2AB18 ; jichi: text is here + * 0012FDDC |0012FDFC + * 0012FDE0 |FF000000 + * 0012FDE4 |00000005 + * 0012FDE8 |3FC00000 + * 0012FDEC |005039A8 lus004.005039A8 + * 0012FDF0 |00252FDD + * 0012FDF4 |00000002 + * 0012FDF8 |00000002 + * 0012FDFC |3FA00000 + * 0012FE00 |00000000 + * 0012FE04 |00000000 + * 0012FE08 |00000000 + * 0012FE0C |00000000 + * 0012FE10 |3FA00000 + * 0012FE14 |00000000 + * 0012FE18 |00000000 + * 0012FE1C |00000000 + * 0012FE20 |00000000 + * 0012FE24 |3F800000 + * 0012FE28 |00000000 + * 0012FE2C |42EC0000 + * 0012FE30 |4413C000 + * 0012FE34 |00000000 + * 0012FE38 |3F800000 + * 0012FE3C |00000005 + * 0012FE40 |00000004 + * 0012FE44 |029101F0 + * 0012FE48 |00000001 + * 0012FE4C ]0012FE8C + * 0012FE50 |004851B8 RETURN to lus004.004851B8 + * 0012FE54 |029101F0 + * 0012FE58 |000000EF + * 0012FE5C |00000000 + * 0012FE60 |000000EF + * 0012FE64 |000000EF + * 0012FE68 |000000EF + * 0012FE6C |01CB0B70 + * 0012FE70 |FFFFFFFF + * 0012FE74 |00000000 + * 0012FE78 |01D70270 + * 0012FE7C |00000000 + * 0012FE80 |000000EF + * 0012FE84 |000000C1 + * 0012FE88 |029101F0 + * 0012FE8C ]0012FEA0 + * 0012FE90 |004B55FB RETURN to lus004.004B55FB from lus004.00485070 + * 0012FE94 |00000000 + * 0012FE98 |000000EF + * 0012FE9C |01DB7770 ASCII "XZN" + * 0012FEA0 ]0012FEAC + * 0012FEA4 |004AAD57 RETURN to lus004.004AAD57 + * 0012FEA8 |01C70288 + * 0012FEAC ]0012FEBC + * 0012FEB0 |004AB09C RETURN to lus004.004AB09C from lus004.004AACD0 + * 0012FEB4 |01C70288 + * 0012FEB8 |01000000 + * 0012FEBC ]0012FEE0 + * 0012FEC0 |004AC8F5 RETURN to lus004.004AC8F5 from lus004.004AB080 + * 0012FEC4 |00BF0752 + * 0012FEC8 |00000113 + */ + bool attach(ULONG startAddress, ULONG stopAddress) // attach scenario + { + ULONG addr1, addr2; + { + const uint8_t bytes1[] = { + 0x89, 0x88, 0xac, 0x02, 0x00, 0x00, // 00487c1d 8988 ac020000 mov dword ptr ds:[eax+0x2ac],ecx + 0x8b, 0x55, 0xfc, // 00487c23 8b55 fc mov edx,dword ptr ss:[ebp-0x4] + 0xd9, 0xee // 00487c26 d9ee fldz + }; + addr1 = MemDbg::findBytes(bytes1, sizeof(bytes1), startAddress, stopAddress); + if (!addr1) + return false; + addr1 = MemDbg::findEnclosingAlignedFunction(addr1); + if (!addr1) + return false; + // addr1 = 0x00487c10; + } + { + const uint8_t bytes2[] = { + 0x83, 0xe0, 0x0c, // 0042b266 83e0 0c and eax,0xc + 0x83, 0xf8, 0x04, // 0042b269 83f8 04 cmp eax,0x4 + 0x75, 0x07, // 0042b26c 75 07 jnz short lus004.0042b275 + 0xd9, 0xee // 0042b26e d9ee fldz + }; + addr2 = MemDbg::findBytes(bytes2, sizeof(bytes2), startAddress, stopAddress); + if (!addr2) + return false; + addr2 = MemDbg::findEnclosingAlignedFunction(addr2); + if (!addr2) + return false; + // addr2 = 0x0042b1f0; + } + HookParam hp; + hp.address = addr1; + hp.text_fun = Private::hookBefore; + hp.hook_after = Private::hookafter1; + hp.type = EMBED_ABLE | EMBED_DYNA_SJIS|NO_CONTEXT; + auto succ = NewHook(hp, "EMBEDLUNA"); + hp.address = addr2; + succ |= NewHook(hp, "EMBEDLUNA"); + + return succ; + } + } // namespace ScenarioHook +} // unnamed namespace + +bool LunaSoft::attach_function() +{ + + bool b1 = InsertLunaSoftHook(); + bool b2 = InsertXXkata(); + bool embed = ScenarioHook::attach(processStartAddress, processStopAddress); + return b1 || b2 || embed; +} \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine32/LunaSoft.h b/cpp/LunaHook/LunaHook/engine32/LunaSoft.h new file mode 100644 index 00000000..4931444d --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/LunaSoft.h @@ -0,0 +1,11 @@ + + +class LunaSoft:public ENGINE{ + public: + LunaSoft(){ + + check_by=CHECK_BY::FILE; + check_by_target=L"Pac\\*.pac"; + }; + bool attach_function(); +}; \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine32/MBLMED.cpp b/cpp/LunaHook/LunaHook/engine32/MBLMED.cpp new file mode 100644 index 00000000..395137ae --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/MBLMED.cpp @@ -0,0 +1,61 @@ +#include"MBLMED.h" + +// jichi 3/19/2014: Insert both hooks +//void InsertLuneHook() +bool InsertMBLHook() +{ + enum : DWORD { fun = 0xec8b55 }; // jichi 10/20/2014: mov ebp,esp, sub esp,* + bool ret = false; + if (DWORD c = Util::FindCallOrJmpAbs((DWORD)::ExtTextOutA, processStopAddress - processStartAddress, processStartAddress, true)) + if (DWORD addr = Util::FindCallAndEntryRel(c, processStopAddress - processStartAddress, processStartAddress, fun)) { + HookParam hp; + hp.address = addr; + hp.offset=get_stack(1); + hp.type = USING_STRING; + ConsoleOutput("INSERT MBL-Furigana"); + ret|=NewHook(hp, "MBL-Furigana"); + } + if (DWORD c = Util::FindCallOrJmpAbs((DWORD)::GetGlyphOutlineA, processStopAddress - processStartAddress, processStartAddress, true)) + if (DWORD addr = Util::FindCallAndEntryRel(c, processStopAddress - processStartAddress, processStartAddress, fun)) { + HookParam hp; + hp.address = addr; + hp.offset=get_stack(1); + hp.split = get_reg(regs::esp); + hp.type = CODEC_ANSI_BE|USING_SPLIT; + ConsoleOutput("INSERT MBL"); + ret|=NewHook(hp, "MBL"); + } + if (!ret) + ConsoleOutput("MBL: failed"); + return ret; +} + +bool InsertMEDHook() +{ + for (DWORD i = processStartAddress; i < processStopAddress - 4; i++) + if (*(DWORD *)i == 0x8175) //cmp *, 8175 + for (DWORD j = i, k = i + 0x100; j < k; j++) + if (*(BYTE *)j == 0xe8) { + DWORD t = j + 5 + *(DWORD *)(j + 1); + if (t > processStartAddress && t < processStopAddress) { + HookParam hp; + hp.address = t; + hp.offset=get_reg(regs::eax); + hp.type = CODEC_ANSI_BE; + ConsoleOutput("INSERT MED"); + return NewHook(hp, "MED"); + //RegisterEngineType(ENGINE_MED); + } + } + + //ConsoleOutput("Unknown MED engine."); + ConsoleOutput("MED: failed"); + return false; +} + +bool MBLMED::attach_function() { + + bool b1=Util::CheckFile(L"*.mbl") &&InsertMBLHook(); + bool b2=Util::CheckFile(L"*.med") &&InsertMEDHook(); + return b1||b2; +} \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine32/MBLMED.h b/cpp/LunaHook/LunaHook/engine32/MBLMED.h new file mode 100644 index 00000000..321370a2 --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/MBLMED.h @@ -0,0 +1,11 @@ + + +class MBLMED:public ENGINE{ + public: + MBLMED(){ + + check_by=CHECK_BY::FILE_ANY; + check_by_target=check_by_list{L"*.mbl",L"*.med"}; + }; + bool attach_function(); +}; \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine32/Majiro.cpp b/cpp/LunaHook/LunaHook/engine32/Majiro.cpp new file mode 100644 index 00000000..23df5cee --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/Majiro.cpp @@ -0,0 +1,306 @@ +#include"Majiro.h" + +/** jichi 12/28/2014: new Majiro hook pattern + * + * Different function starts: + * + * Old Majiro: + * enum { sub_esp = 0xec81 }; // caller pattern: sub esp = 0x81,0xec byte + * + * New Majiro since [141128] [アトリエさくら] 流され妻、綾�“ネトラレ”��体験版 + * 003e9230 55 push ebp + * 003e9231 8bec mov ebp,esp + * 003e9233 83ec 64 sub esp,0x64 + * + * Also, function addresses are fixed in old majiro, but floating in new majiro. + * In the old Majiro game, caller's address could be used as split. + * In the new Majiro game, the hooked function is invoked by the same caller. + * + * Use a split instead. + * Sample stack values are as follows. + * - Old majiro: arg3 is text, arg1 is font name + * - New majiro: arg3 is text, arg4 is font name + * + * Name: + * 0038f164 003e8163 return to .003e8163 from .003e9230 + * 0038f168 00000000 + * 0038f16c 00000000 + * 0038f170 08b04dbc ; jichi: arg3, text + * 0038f174 006709f0 ; jichi: arg4, font name + * 0038f178 006dace8 + * 0038f17c 00000000 + * 0038f180 00000013 + * 0038f184 006fcba8 + * 0038f188 00000078 ; jichi: 0x24, alternative split + * 0038f18c 00000078 + * 0038f190 00000018 + * 0038f194 00000002 + * 0038f198 08b04dbc + * 0038f19c 006709f0 + * 0038f1a0 00000000 + * 0038f1a4 00000000 + * 0038f1a8 00000078 + * 0038f1ac 00000018 + * 0038f1b0 08aa0130 + * 0038f1b4 01b6b6c0 + * 0038f1b8 beff26e4 + * 0038f1bc 0038f1fc + * 0038f1c0 004154af return to .004154af from .00415400 ; jichi: 0x52, could be used as split + * 0038f1c4 0000000e + * 0038f1c8 000001ae + * 0038f1cc 00000158 + * 0038f1d0 00000023 + * 0038f1d4 beff2680 + * 0038f1d8 0038f208 + * 0038f1dc 003ecfda return to .003ecfda from .00415400 + * + * Scenario: + * 0038e57c 003e8163 return to .003e8163 from .003e9230 + * 0038e580 00000000 + * 0038e584 00000000 + * 0038e588 0038ee4c ; jichi: arg3, text + * 0038e58c 004d5400 .004d5400 ; jichi: arg4, font name + * 0038e590 006dace8 + * 0038e594 0038ee6d + * 0038e598 004d7549 .004d7549 + * 0038e59c 00000000 + * 0038e5a0 00000180 ; jichi: 0x24, alternative hook + * 0038e5a4 00000180 + * 0038e5a8 00000018 + * 0038e5ac 00000002 + * 0038e5b0 0038ee4c + * 0038e5b4 004d5400 .004d5400 + * 0038e5b8 00000000 + * 0038e5bc 00000000 + * 0038e5c0 00000180 + * 0038e5c4 00000018 + * 0038e5c8 006a0180 + * 0038e5cc 0038e5f8 + * 0038e5d0 0041fc87 return to .0041fc87 from .0041fc99 + * 0038e5d4 0038e5f8 + * 0038e5d8 00418165 return to .00418165 from .0041fc81 ; jichi: used as split + * 0038e5dc 004d7549 .004d7549 + * 0038e5e0 0038ee6d + * 0038e5e4 0038e608 + * 0038e5e8 00419555 return to .00419555 from .0041814e + * 0038e5ec 00000000 + * 0038e5f0 004d7549 .004d7549 + * 0038e5f4 0038ee6d + * + * 12/4/2014: Add split for furigana. + * Sample game: [141128] [チュアブルソフト] 残念な俺達�青春事情 + * Following are memory values after arg4 (font name) + * + * Surface: � * 00EC5400 82 6C 82 72 20 82 6F 83 53 83 56 83 62 83 4E 00 �� �ゴシヂ�. + * 00EC5410 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ + * 00EC5420 01 00 00 00 00 00 00 00 1C 00 00 00 0D 00 00 00 ....... ....... + * 00EC5430 (2D)00 00 00 FF FF FF 00 00 00 00 02 00 00 00 00 -...���.... .... ; jichi: first byte as split in parenthesis + * 00EC5440 00(00 00 00)60 F7 3F 00 F0 D8 FF FF 00 00 00 00 ....`・. .... ; jichi: first word without first byte as split + * + * 00EC5450 32 01 00 00 0C 00 00 00 A0 02 00 00 88 00 00 00 2 ......� ..・.. + * 00EC5460 00 00 00 00 01 00 00 00 00 00 00 00 32 01 00 00 .... .......2 .. + * 00EC5470 14 00 00 00 01 00 00 00 82 6C 82 72 20 82 6F 83 ... ...�� �・ ; MS P Gothic + * 00EC5480 53 S + * + * Furigana: そ� + * 00EC5400 82 6C 82 72 20 83 53 83 56 83 62 83 4E 00 4E 00 �� ゴシヂ�.N. + * 00EC5410 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ + * 00EC5420 01 00 00 00 00 00 00 00 0E 00 00 00 06 00 00 00 ....... ... ... + * 00EC5430 (16)00 00 00 FF FF FF 00 00 00 00 02 00 00 00 00 ...���.... .... + * 00EC5440 00(00 00 00)60 F7 3F 00 F0 D8 FF FF 00 00 00 00 ....`・. .... + * + * 00EC5450 32 01 00 00 0C 00 00 00 A0 02 00 00 88 00 00 00 2 ......� ..・.. + * 00EC5460 00 00 00 00 00 00 00 00 00 00 00 00 32 01 00 00 ............2 .. + * 00EC5470 14 00 00 00 01 00 00 00 82 6C 82 72 20 82 6F 83 ... ...�� �・ ; MS P Gothic + * 00EC5480 53 S + * + * Furigana: そ� + * 00EC5400 82 6C 82 72 20 82 6F 83 53 83 56 83 62 83 4E 00 �� �ゴシヂ�. + * 00EC5410 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ + * 00EC5420 01 00 00 00 00 00 00 00 0E 00 00 00 06 00 00 00 ....... ... ... + * 00EC5430 (2D)00 00 00 FF FF FF 00 00 00 00 02 00 00 00 00 -...���.... .... + * 00EC5440 00(00 00 00)60 F7 3F 00 2B 01 00 00 06 00 00 00 ....`・.+ .. ... + * + * 00EC5450 32 01 00 00 0C 00 00 00 A0 02 00 00 88 00 00 00 2 ......� ..・.. + * 00EC5460 00 00 00 00 00 00 00 00 00 00 00 00 32 01 00 00 ............2 .. + * 00EC5470 14 00 00 00 01 00 00 00 82 6C 82 72 20 82 6F 83 ... ...�� �・ ; MS P Gothic + * 00EC5480 53 S + * + * ---- need to split the above and below case + * + * Text: � * 00EC5400 82 6C 82 72 20 82 6F 83 53 83 56 83 62 83 4E 00 �� �ゴシヂ�. + * 00EC5410 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ + * 00EC5420 01 00 00 00 00 00 00 00 1C 00 00 00 0D 00 00 00 ....... ....... + * 00EC5430 (2D)00 00 00 FF FF FF 00 00 00 00 02 00 00 00 00 -...���.... .... ; jichi: first byte as split in parenthesis + * 00EC5440 FF(FF FF FF)60 F7 3F 00 32 01 00 00 14 00 00 00 ����`・.2 .. ... ; jichi: first word without first byte as split + * + * 00EC5450 32 01 00 00 0C 00 00 00 A0 02 00 00 88 00 00 00 2 ......� ..・.. + * 00EC5460 00 00 00 00 01 00 00 00 00 00 00 00 32 01 00 00 .... .......2 .. + * 00EC5470 14 00 00 00 00 00 00 00 82 6C 82 72 20 82 6F 83 .......�� �・ ; MS P Gothic + * 00EC5480 53 S + * + * Text: らには、一人の少女� * 00EC5400 82 6C 82 72 20 82 6F 83 53 83 56 83 62 83 4E 00 �� �ゴシヂ�. + * 00EC5410 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ + * 00EC5420 01 00 00 00 00 00 00 00 1C 00 00 00 0D 00 00 00 ....... ....... + * 00EC5430 (2D)00 00 00 FF FF FF 00 00 00 00 02 00 00 00 00 -...���.... .... + * 00EC5440 FF(FF FF FF)60 F7 3F 00 4D 01 00 00 14 00 00 00 ����`・.M .. ... + * + * 00EC5450 32 01 00 00 0C 00 00 00 A0 02 00 00 88 00 00 00 2 ......� ..・.. + * 00EC5460 00 00 00 00 01 00 00 00 00 00 00 00 32 01 00 00 .... .......2 .. + * 00EC5470 14 00 00 00 00 00 00 00 82 6C 82 72 20 82 6F 83 .......�� �・ ; MS P Gothic + * 00EC5480 53 S + */ + +namespace { // unnamed + +// These values are the same as the assembly logic of ITH: +// ([eax+0x28] & 0xff) | (([eax+0x48] >> 1) & 0xffffff00) +// 0x28 = 10 * 4, 0x48 = 18 / 4 +inline DWORD MajiroOldFontSplit(const DWORD *arg) // arg is supposed to be a string, though +{ return (arg[10] & 0xff) | ((arg[18] >> 1) & 0xffffff00); } + +// Remove lower bytes use 0xffffff00, which are different for furigana +inline DWORD MajiroNewFontSplit(const DWORD *arg) // arg is supposed to be a string, though +{ return (arg[12] & 0xff) | (arg[16] & 0xffffff00); } + +void SpecialHookMajiro(hook_stack *stack, HookParam *hp, TextBuffer *buffer, uintptr_t *split) +{ + DWORD arg3 = stack->stack[3]; // text + buffer->from_cs((LPCSTR)arg3); + // IsBadReadPtr is not needed for old Majiro game. + // I am not sure if it is needed by new Majiro game. + if (hp->user_value) { // new majiro + if (DWORD arg4 = stack->stack[4]) // old majiro + *split = MajiroNewFontSplit((LPDWORD)arg4); + else + *split = *(DWORD *)(stack->base + 0x5c); // = 4 * 23, caller's caller + } else if (DWORD arg1 = stack->stack[1]) // old majiro + *split = MajiroOldFontSplit((LPDWORD)arg1); +} +} // unnamed namespace +bool InsertMajiroHook() +{ + // jichi 4/19/2014: There must be a function in Majiro game which contains 6 TextOutA. + // That function draws all texts. + // + // jichi 11/28/2014: Add new function signature + const DWORD funcs[] = { // caller patterns + 0xec81, // sub esp = 0x81,0xec byte old majiro + 0x83ec8b55, // mov ebp,esp, sub esp,* new majiro + + 0x5348ec83 + // sub esp, 48h, push ebx + //MOON CHILDe + //https://vndb.org/v1568 + + }; + enum { FunctionCount = sizeof(funcs) / sizeof(*funcs) }; + ULONG addr = MemDbg::findMultiCallerAddress((ULONG)::TextOutA, funcs, FunctionCount, processStartAddress, processStopAddress); + //ULONG addr = MemDbg::findCallerAddress((ULONG)::TextOutA, 0x83ec8b55, processStartAddress, processStopAddress); + if (!addr) { + ConsoleOutput("Majiro: failed"); + return false; + } + + bool newMajiro = 0x55 == *(BYTE *)addr; + + HookParam hp; + //hp.type|=USING_STRING|USING_SPLIT|SPLIT_INDIRECT; + hp.address = addr; + hp.text_fun = SpecialHookMajiro; + hp.user_value = newMajiro; + if (newMajiro) { + hp.type = NO_CONTEXT; // do not use return address for new majiro + ConsoleOutput("INSERT Majiro2"); + return NewHook(hp, "Majiro2"); + } else { + ConsoleOutput("INSERT Majiro"); + return NewHook(hp, "Majiro"); + } + //RegisterEngineType(ENGINE_MAJIRO); +} +bool InsertMajiroHook3x() { + const BYTE bytes[] = { + 0x8b,0x08, + 0x0f,0xbf,0x19, + 0x83,0xc1,0x02, + }; + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStopAddress); + + if (addr == 0)return false; + HookParam hp; + hp.address = addr+8; + hp.offset=get_reg(regs::ecx); + hp.type = USING_STRING | NO_CONTEXT;//|EMBED_ABLE|EMBED_AFTER_OVERWRITE|EMBED_DYNA_SJIS; + //可以内嵌,但是必须保持「」,且DynamicEncoding编码的文字会被自动替换成引擎内的某的字符,导致可读性低。 + //hp.hook_font=F_TextOutA|F_GetTextExtentPoint32A; + //https://vndb.org/v17376 + //私が好きなら「好き」って言って! + hp.text_fun= [](hook_stack *stack, HookParam *hp, TextBuffer *buffer, uintptr_t *split){ + auto str=(char*)stack->ecx; + buffer->from_cs(str); + if((str[0]==0x81)&&(str[1]==0x79))*split=0; + else *split=1; + + }; + return NewHook(hp, "majiro3"); +} +bool InsertMajiro2Hookx() { + //Scarlett~スカーレット~ + const BYTE bytes[] = { + 0x83,0xE2,0x03,0x03,0xC2,0xC1,0xF8,0x02,0x81,0xF9,0x00,0x01,0x00,0x00 + }; + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStopAddress); + + if (addr == 0)return false; + addr = MemDbg::findEnclosingAlignedFunction(addr); + if (addr == 0)return false; + HookParam hp; + hp.address = addr ; + hp.offset=get_stack(2); + hp.type = USING_STRING ; + ConsoleOutput("INSERT majiro4 %p",addr); + return NewHook(hp, "majiro4"); +} +bool InsertMajiro3Hook() +{ + + /* + * Sample games: + * Narcissu 10th Anniversary Anthology Project + * https://vndb.org/v10 + * https://vndb.org/v70 + * https://vndb.org/v18738 + * https://vndb.org/v18739 + * https://vndb.org/v18736 + */ + const BYTE bytes[] = { + 0xC1, 0xE9, 0x02, // shr ecx,02 << hook here + 0xF3, 0xA5, // repe movsd + 0x8B, 0xCA, // mov ecx,edx + 0x8D, 0x95, XX4 // lea edx,[ebp-00000404] + }; + + ULONG range = min(processStopAddress - processStartAddress, MAX_REL_ADDR); + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStartAddress + range); + if (!addr) { + ConsoleOutput("Majiro3: pattern not found"); + return false; + } + + HookParam hp; + hp.address = addr; + hp.offset=get_reg(regs::esi); + hp.type = USING_STRING; + ConsoleOutput("INSERT Majiro3"); + ConsoleOutput("Majiro3: To separate the text between lines flag the \"Flush delay string spacing\" option"); + return NewHook(hp, "Majiro3"); +} +bool Majiro::attach_function() { + + bool b1= InsertMajiroHook(); + bool b2=InsertMajiroHook3x(); + bool b3=InsertMajiro2Hookx(); + bool b4=InsertMajiro3Hook(); + return b1||b2||b3||b4; +} \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine32/Majiro.h b/cpp/LunaHook/LunaHook/engine32/Majiro.h new file mode 100644 index 00000000..5b0ff956 --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/Majiro.h @@ -0,0 +1,11 @@ + + +class Majiro:public ENGINE{ + public: + Majiro(){ + + check_by=CHECK_BY::FILE_ALL; + check_by_target=check_by_list{L"data*.arc",L"stream*.arc"}; + }; + bool attach_function(); +}; diff --git a/cpp/LunaHook/LunaHook/engine32/Malie.cpp b/cpp/LunaHook/LunaHook/engine32/Malie.cpp new file mode 100644 index 00000000..f552bb63 --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/Malie.cpp @@ -0,0 +1,1652 @@ +#include"Malie.h" +namespace { // unnamed Malie +/******************************************************************************************** +Malie hook: + Process name is malie.exe. + This is the most complicate code I have made. Malie engine store text string in + linked list. We need to insert a hook to where it travels the list. At that point + EBX should point to a structure. We can find character at -8 and font size at +10. + Also need to enable ITH suppress function. +********************************************************************************************/ +bool InsertMalieHook1() +{ + const DWORD sig1 = 0x05e3c1; + enum { sig1_size = 3 }; + DWORD i = SearchPattern(processStartAddress, processStopAddress - processStartAddress, &sig1, sig1_size); + if (!i) { + ConsoleOutput("MalieHook1: pattern i not exist"); + return false; + } + + const WORD sig2 = 0xc383; + enum { sig2_size = 2 }; + DWORD j = i + processStartAddress + sig1_size; + i = SearchPattern(j, processStopAddress - j, &sig2, sig2_size); + //if (!j) + if (!i) { // jichi 8/19/2013: Change the condition fro J to I + ConsoleOutput("MalieHook1: pattern j not exist"); + return false; + } + HookParam hp; + hp.address = j + i; + hp.offset=get_reg(regs::ebx); + hp.index = -0x8; + hp.split = get_reg(regs::ebx); + hp.split_index = 0x10; + hp.type = CODEC_UTF16|USING_SPLIT|DATA_INDIRECT|SPLIT_INDIRECT; + ConsoleOutput("INSERT MalieHook1"); + return NewHook(hp, "Malie"); + //RegisterEngineType(ENGINE_MALIE); +} + +DWORD malie_furi_flag_; // jichi 8/20/2013: Make it global so that it can be reset +void SpecialHookMalie(hook_stack *stack, HookParam *hp, TextBuffer *buffer, uintptr_t *split) +{ + DWORD ch = stack->eax & 0xffff, + ptr = stack->edi; + + if (malie_furi_flag_) { + DWORD index = stack->edx; + if (*(WORD *)(ptr + index * 2 - 2) < 0xa) + malie_furi_flag_ = 0; + } + else if (ch == 0xa) { + malie_furi_flag_ = 1; + //len = 0; ?? + } + *split = malie_furi_flag_; + buffer->from_t(ch); +} + +bool InsertMalieHook2() // jichi 8/20/2013: Change return type to boolean +{ + const BYTE bytes[] = {0x66,0x3d,0x1,0x0}; + DWORD start = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStopAddress); + if (!start) { + ConsoleOutput("MalieHook2: pattern not exist"); + return false; + } + BYTE *ptr = (BYTE *)start; + while (true) { + if (*(WORD *)ptr == 0x3d66) { + ptr += 4; + if (ptr[0] == 0x75) { + ptr += ptr[1]+2; + continue; + } + if (*(WORD *)ptr == 0x850f) { + ptr += *(DWORD *)(ptr + 2) + 6; + continue; + } + } + break; + } + malie_furi_flag_ = 0; // reset old malie flag + HookParam hp; + hp.address = (DWORD)ptr + 4; + hp.offset=get_reg(regs::eax); + hp.text_fun = SpecialHookMalie; + hp.type = USING_SPLIT|CODEC_UTF16|NO_CONTEXT|USING_CHAR; + ConsoleOutput("INSERT MalieHook2"); + return NewHook(hp, "Malie"); + //RegisterEngineType(ENGINE_MALIE); + +} + +/** + * jichi 12/17/2013: Added for Electro Arms + * Observations from Electro Arms: + * 1. split = 0xC can handle most texts and its dwRetn is always zero + * 2. The text containing furigana needed to split has non-zero dwRetn when split = 0 + * + * 3/15/2015: logic modified as the plus operation would create so many threads + */ +void SpecialHookMalie2(hook_stack *stack, HookParam *hp, TextBuffer *buffer, uintptr_t *split) +{ + buffer->from_t((WORD)stack->eax); + //CC_UNUSED(data); + //*len = GetHookDataLength(*hp, esp_base, (DWORD)data); + + + DWORD s1 = stack->stack[3], // base split, which is stable + s2 = stack->stack[0]; // used to split out furigana, but un stable + // http://www.binaryhexconverter.com/decimal-to-binary-converter + //enum : DWORD { mask = 0x14 }; + *split = s1 + (s2 ? 1 : 0); +} + +// static DWORD last_split; // FIXME: This makes the special function stateful +// DWORD s1 = *(DWORD *)esp_base; // current split at 0x0 +// if (!s1) +// *split = last_split; +// else { +// DWORD s2 = *(DWORD *)(esp_base + 0xc); // second split +// *split = last_split = s1 + s2; // not sure if plus is a good way +// } + +/** + * jichi 8/20/2013: Add hook for sweet light BRAVA!! + * See: http://www.hongfire.com/forum/printthread.php?t=36807&pp=10&page=680 + * + * BRAVA!! /H code: "/HWN-4:C@1A3DF4:malie.exe" + * - addr: 1719796 = 0x1a3df4 + * - text_fun: 0x0 + * - function: 0 + * - hook_len: 0 + * - ind: 0 + * - length_offset: 1 + * - module: 751199171 = 0x2cc663c3 + * - off: 4294967288 = 0xfffffff8L = -0x8 + * - recover_len: 0 + * - split: 12 = 0xc + * - split_ind: 0 + * - type: 1106 = 0x452 + */ +bool InsertMalie2Hook() +{ + // 001a3dee 6900 70000000 imul eax,dword ptr ds:[eax],70 + // 001a3df4 0200 add al,byte ptr ds:[eax] ; this is the place to hook + // 001a3df6 50 push eax + // 001a3df7 0069 00 add byte ptr ds:[ecx],ch + // 001a3dfa 0000 add byte ptr ds:[eax],al + const BYTE bytes1[] = { + 0x40, // inc eax + 0x89,0x56, 0x08, // mov dword ptr ds:[esi+0x8],edx + 0x33,0xd2, // xor edx,edx + 0x89,0x46, 0x04 // mov dword ptr ds:[esi+0x4],eax + }; + ULONG range1 = min(processStopAddress - processStartAddress, MAX_REL_ADDR); + ULONG addr = MemDbg::findBytes(bytes1, sizeof(bytes1), processStartAddress, processStartAddress + range1); + //reladdr = 0x1a3df4; + if (!addr) { + //ITH_MSG(0, "Wrong1", "t", 0); + //ConsoleOutput("Not malie2 engine"); + ConsoleOutput("Malie2Hook: pattern p not exist"); + return false; + } + + addr += sizeof(bytes1); // skip bytes1 + //const BYTE bytes2[] = { 0x85, 0xc0 }; // test eax,eax + const WORD bytes2 = 0xc085; // test eax,eax + enum { range2 = 0x200 }; + addr = MemDbg::findBytes(&bytes2, sizeof(bytes2), addr, addr + range2); + if (!addr) { + //ConsoleOutput("Not malie2 engine"); + ConsoleOutput("Malie2Hook: pattern q not exist"); + return false; + } + + HookParam hp; + hp.address = addr; + hp.offset=get_reg(regs::eax); + //hp.split = 0xc; // jichi 12/17/2013: Subcontext removed + //hp.split = -0xc; // jichi 12/17/2013: This could split the furigana, but will mess up the text + //hp.type = USING_SPLIT|CODEC_UTF16|NO_CONTEXT; + // jichi 12/17/2013: Need extern func for Electro Arms + // Though the hook parameter is quit similar to Malie, the original extern function does not work + hp.type = USING_SPLIT|NO_CONTEXT|CODEC_UTF16|USING_CHAR; + hp.text_fun = SpecialHookMalie2; + ConsoleOutput("INSERT Malie2"); + return NewHook(hp, "Malie2"); + + //GROWL_DWORD2(hp.address, reladdr); + //RegisterEngineType(ENGINE_MALIE); +} + +// jichi 2/8/3014: Return the beginning and the end of the text +// Remove the leading illegal characters +enum { _MALIE3_MAX_LENGTH = VNR_TEXT_CAPACITY }; +LPCWSTR _Malie3LTrim(LPCWSTR p) +{ + if (p) + for (int count = 0; count < _MALIE3_MAX_LENGTH; count++, + p++) + if (p[0] == L'v' && p[1] == L'_') { // ex. v_akr0001, v_mzk0001 + p += 9; + return p; // must return otherwise trimming more will break the ITH repetition elimination + } else if (p[0] >= 0xa) // ltrim illegal characters less than 0xa + return p; + return nullptr; +} +// Remove the trailing illegal characters +LPCWSTR _Malie3RTrim(LPCWSTR p) +{ + if (p) + for (int count = 0; count < _MALIE3_MAX_LENGTH; count++, + p--) + if (p[-1] >= 0xa) { // trim illegal characters less than 0xa + if (p[-1] >= L'0' && p[-1] <= L'9'&& p[-1-7] == L'_') + p -= 9; + else + return p; + } + return nullptr; +} + +// Example section in memory: +// 0D7D7E00 07 00 08 00 76 00 5F 00 7A 00 65 00 70 00 30 00 v_zep0 +// 0D7D7E10 30 00 37 00 35 00 00 00 0C 30 42 30 41 30 01 30 075.「あぁ�// 0D7D7E20 41 30 26 20 26 20 07 00 09 00 07 00 06 00 07 00 ぁ……. +// 0D7D7E30 08 00 76 00 5F 00 7A 00 65 00 70 00 30 00 30 00 v_zep00 +// 0D7D7E40 37 00 36 00 00 00 46 30 01 30 42 30 01 30 41 30 76.぀�あ、ぁ +// 0D7D7E50 41 30 41 30 26 20 26 20 26 20 26 20 01 30 63 30 ぁぁ…………、っ +// 0D7D7E60 07 00 09 00 0D 30 07 00 06 00 0A 00 0A 00 00 30 .�.. +// 0D7D7E70 16 60 44 30 01 30 16 60 44 30 01 30 4A 30 5E 30 怖い、怖い、お�// 0D7D7E80 7E 30 57 30 44 30 02 30 55 4F 4C 30 16 60 44 30 ましい。何が怖い +// 0D7D7E90 6E 30 4B 30 55 30 48 30 01 30 06 52 4B 30 89 30 のかさえ、�から +// 0D7D7EA0 6A 30 44 30 02 30 07 00 06 00 0A 00 00 30 8B 89 な぀. �// 0D7D7EB0 8B 30 6A 30 88 30 02 30 8B 89 8B 30 6A 30 02 30 るなよ。見るな�// 0D7D7EC0 07 00 06 00 8B 89 8B 30 6A 30 01 30 8B 89 8B 30 見るな、見る +// 0D7D7ED0 6A 30 8B 89 8B 30 6A 30 8B 89 8B 30 6A 30 01 30 な見るな見るな�// 0D7D7EE0 1F 75 4D 30 66 30 66 30 AA 60 44 30 4B 30 88 30 生きてて悪ぁ��// 0D7D7EF0 02 30 C5 60 51 30 6A 30 44 30 63 30 66 30 07 00 。情けなぁ�て +// 0D7D7F00 01 00 E4 55 0A 00 8F 30 89 30 00 00 46 30 6A 30 嗤.わら.ぁ� +// 0D7D7F10 88 30 02 30 07 00 06 00 BE 7C 00 4E 6F 67 6A 30 よ�精一杯な +// 0D7D7F20 93 30 60 30 8B 89 03 90 57 30 66 30 4F 30 8C 30 んだ見送�てくれ +// 0D7D7F30 02 30 4A 30 58 98 44 30 57 30 7E 30 59 30 01 30 。お願いします�// 0D7D7F40 60 30 4B 30 89 30 69 30 46 30 4B 30 5D 30 6E 30 �からどぁ�そ� +// 0D7D7F50 EE 76 92 30 84 30 81 30 66 30 01 30 4F 30 60 30 目をやめて、く� +// 0D7D7F60 55 30 44 30 01 30 5D 30 93 30 6A 30 02 30 07 00 さい、そんな� +// 0D7D7F70 06 00 0A 00 00 30 07 00 01 00 BA 87 50 5B 0A 00 . 螺� +// 0D7D7F80 59 30 4C 30 00 00 8B 30 88 30 46 30 6A 30 EE 76 すが.るよぁ�目 +// 0D7D7F90 67 30 00 25 00 25 07 00 06 00 BF 30 01 30 B9 30 で──タ、ス +// 0D7D7FA0 01 30 B1 30 01 30 C6 30 01 30 6A 30 93 30 66 30 、ケ、テ、なんて +// 0D7D7FB0 02 30 07 00 06 00 00 00 00 00 00 00 00 00 00 00 �..... +// 0D7D7FC0 FC D8 C0 22 00 00 00 80 74 00 00 00 00 00 00 00 .耀t... +// +// Return the end of the line +LPCWSTR _Malie3GetEOL(LPCWSTR p) +{ + if (p) + for (int count = 0; count < _MALIE3_MAX_LENGTH; count++, + p++) + switch (*p) { + case 0: + case 0xa: // stop at \0, or \n where the text after 0xa is furigana + return p; + case 0x7: + // \x07\x00\x01\x00 is used to split furigana, which we want to keep + // \x07\x00\x04\x00 is used to split sentences, observed in シルヴァリオ ヴェンヂ�ヂ� + // \x07\x00\x06\x00 is used to split paragraph, observed in シルヴァリオ ヴェンヂ�ヂ� + if (p[1] < 0xa && p[1] != 0x1) + return p; + } + return nullptr; +} + +/** + * jichi 3/8/2014: Add hook for 相州戦神館學�八命陣 + * See: http://sakuradite.com/topic/157 + * check 0x5b51ed for ecx+edx*2 + * Also need to skip furigana. + */ + +void SpecialHookMalie3(hook_stack *stack, HookParam *hp, TextBuffer *buffer, uintptr_t *split) +{ + //CC_UNUSED(split); + DWORD ecx = stack->ecx, // *(DWORD *)(esp_base + pusha_ecx_off - 4), + edx = stack->edx; // *(DWORD *)(esp_base + pusha_edx_off - 4); + //*data = ecx + edx*2; // [ecx+edx*2]; + //*len = wcslen((LPCWSTR)data) << 2; + // There are garbage characters + LPCWSTR start = _Malie3LTrim((LPCWSTR)(ecx + edx*2)), + stop = _Malie3RTrim(_Malie3GetEOL(start)); + + *split = FIXED_SPLIT_VALUE; + //GROWL_DWORD5((DWORD)start, (DWORD)stop, *len, (DWORD)*start, (DWORD)_Malie3GetEOL(start)); + buffer->from(start, max(0, stop - start) * 2); +} + +/** + * jichi 8/20/2013: Add hook for 相州戦神館學�八命陣 + * See: http://sakuradite.com/topic/157 + * Credits: @ok123 + * + * Debugging method: insert hardware breakpoint into text + * There are four matches of text in the memory + * + * Sample game: シルヴァリオ ヴェンヂ�ヂ� + * 0065478B 90 NOP + * 0065478C 90 NOP + * 0065478D 90 NOP + * 0065478E 90 NOP + * 0065478F 90 NOP + * 00654790 8B4424 04 MOV EAX,DWORD PTR SS:[ESP+0x4] + * 00654794 56 PUSH ESI + * 00654795 57 PUSH EDI + * 00654796 8B50 08 MOV EDX,DWORD PTR DS:[EAX+0x8] + * 00654799 8B08 MOV ECX,DWORD PTR DS:[EAX] + * 0065479B 33F6 XOR ESI,ESI + * 0065479D 66:8B3451 MOV SI,WORD PTR DS:[ECX+EDX*2] ; jichi: text accessed here + * 006547A1 42 INC EDX + * 006547A2 8970 04 MOV DWORD PTR DS:[EAX+0x4],ESI + * 006547A5 8950 08 MOV DWORD PTR DS:[EAX+0x8],EDX + * 006547A8 8B50 04 MOV EDX,DWORD PTR DS:[EAX+0x4] + * 006547AB 83FA 01 CMP EDX,0x1 + * 006547AE 75 2C JNZ SHORT malie.006547DC + * 006547B0 8B50 08 MOV EDX,DWORD PTR DS:[EAX+0x8] + * 006547B3 33F6 XOR ESI,ESI + * 006547B5 66:8B3451 MOV SI,WORD PTR DS:[ECX+EDX*2] + * 006547B9 42 INC EDX + * 006547BA 8970 04 MOV DWORD PTR DS:[EAX+0x4],ESI + * 006547BD 33F6 XOR ESI,ESI + * 006547BF 8950 08 MOV DWORD PTR DS:[EAX+0x8],EDX + * 006547C2 66:8B3451 MOV SI,WORD PTR DS:[ECX+EDX*2] + * 006547C6 8970 04 MOV DWORD PTR DS:[EAX+0x4],ESI + * 006547C9 42 INC EDX + * 006547CA 33F6 XOR ESI,ESI + * 006547CC 8950 08 MOV DWORD PTR DS:[EAX+0x8],EDX + * 006547CF 66:8B3451 MOV SI,WORD PTR DS:[ECX+EDX*2] + * 006547D3 42 INC EDX + * 006547D4 8970 04 MOV DWORD PTR DS:[EAX+0x4],ESI + * 006547D7 8950 08 MOV DWORD PTR DS:[EAX+0x8],EDX + * 006547DA ^EB BF JMP SHORT malie.0065479B + * 006547DC 83FA 02 CMP EDX,0x2 + * 006547DF 0F84 59010000 JE malie.0065493E + * 006547E5 83FA 03 CMP EDX,0x3 + * 006547E8 75 12 JNZ SHORT malie.006547FC + * 006547EA 8B50 08 MOV EDX,DWORD PTR DS:[EAX+0x8] + * 006547ED 33F6 XOR ESI,ESI + * 006547EF 66:8B3451 MOV SI,WORD PTR DS:[ECX+EDX*2] + * 006547F3 42 INC EDX + * 006547F4 8970 04 MOV DWORD PTR DS:[EAX+0x4],ESI + * 006547F7 8950 08 MOV DWORD PTR DS:[EAX+0x8],EDX + * 006547FA ^EB 9F JMP SHORT malie.0065479B + * 006547FC 83FA 04 CMP EDX,0x4 + * 006547FF 0F84 39010000 JE malie.0065493E + * 00654805 83FA 07 CMP EDX,0x7 + * 00654808 0F85 27010000 JNZ malie.00654935 + * 0065480E 8B50 08 MOV EDX,DWORD PTR DS:[EAX+0x8] + * 00654811 33F6 XOR ESI,ESI + * 00654813 66:8B3451 MOV SI,WORD PTR DS:[ECX+EDX*2] + * 00654817 8970 04 MOV DWORD PTR DS:[EAX+0x4],ESI + * 0065481A 8D72 01 LEA ESI,DWORD PTR DS:[EDX+0x1] + * 0065481D 8B50 04 MOV EDX,DWORD PTR DS:[EAX+0x4] + * 00654820 8970 08 MOV DWORD PTR DS:[EAX+0x8],ESI + * 00654823 8D7A FF LEA EDI,DWORD PTR DS:[EDX-0x1] + * 00654826 83FF 3B CMP EDI,0x3B + * 00654829 ^0F87 79FFFFFF JA malie.006547A8 + * 0065482F 33D2 XOR EDX,EDX + * 00654831 8A97 9C496500 MOV DL,BYTE PTR DS:[EDI+0x65499C] + * 00654837 FF2495 80496500 JMP DWORD PTR DS:[EDX*4+0x654980] + * 0065483E 8B50 0C MOV EDX,DWORD PTR DS:[EAX+0xC] + * 00654841 85D2 TEST EDX,EDX + * 00654843 0F8F 2B010000 JG malie.00654974 + * 00654849 33D2 XOR EDX,EDX + * 0065484B 66:8B1471 MOV DX,WORD PTR DS:[ECX+ESI*2] + * 0065484F 46 INC ESI + * 00654850 85D2 TEST EDX,EDX + * 00654852 8950 04 MOV DWORD PTR DS:[EAX+0x4],EDX + * 00654855 8970 08 MOV DWORD PTR DS:[EAX+0x8],ESI + * 00654858 0F84 E0000000 JE malie.0065493E + * 0065485E 8B50 08 MOV EDX,DWORD PTR DS:[EAX+0x8] + * 00654861 33F6 XOR ESI,ESI + * 00654863 66:8B3451 MOV SI,WORD PTR DS:[ECX+EDX*2] + * 00654867 42 INC EDX + * 00654868 8950 08 MOV DWORD PTR DS:[EAX+0x8],EDX + * 0065486B 8BD6 MOV EDX,ESI + * 0065486D 85D2 TEST EDX,EDX + * 0065486F 8970 04 MOV DWORD PTR DS:[EAX+0x4],ESI + * 00654872 ^75 EA JNZ SHORT malie.0065485E + * 00654874 8B50 08 MOV EDX,DWORD PTR DS:[EAX+0x8] + */ +bool InsertMalie3Hook() +{ + // i.e. 8b44240456578b50088b0833f6668b345142 + const BYTE bytes[] = { + // 0x90 nop + 0x8b,0x44,0x24, 0x04, // 5b51e0 mov eax,dword ptr ss:[esp+0x4] ; jichi: function starts + 0x56, // 5b51e4 push esi + 0x57, // 5b51e5 push edi + 0x8b,0x50, 0x08, // 5b51e6 mov edx,dword ptr ds:[eax+0x8] + 0x8b,0x08, // 5b51e9 mov ecx,dword ptr ds:[eax] + 0x33,0xf6, // 5b51eb xor esi,esi + 0x66,0x8b,0x34,0x51, // 5b51ed mov si,word ptr ds:[ecx+edx*2] // jichi: hook here + 0x42 // 5b51f1 inc edx + }; + enum {addr_offset = 0x5b51ed - 0x5b51e0}; + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStopAddress); + if (!addr) { + ConsoleOutput("Malie3: pattern not found"); + return false; + } + HookParam hp; + hp.address = addr + addr_offset; + //GROWL(hp.address); + //hp.address = 0x5b51ed; + //hp.address = 0x5b51f1; + //hp.address = 0x5b51f2; + // jichi 3/15/2015: Remove 0704 in シルヴァリオ ヴェンッ�タ + hp.filter_fun = IllegalCharsFilterW; // remove illegal control chars such as 0x07,0x01 + hp.text_fun = SpecialHookMalie3; + hp.type = USING_SPLIT|NO_CONTEXT|CODEC_UTF16; + //hp.filter_fun = Malie3Filter; + ConsoleOutput("INSERT Malie3"); + return NewHook(hp, "Malie3"); +} + +bool InsertMalie4Hook() +{ + // i.e. 50 8B 45 10 D9 9F ?? ?? ?? ?? 0F B7 04 58 50 51 E8 ?? ?? ?? ?? 8B 45 14 83 C4 10 + const BYTE bytes[] = { + 0x50, // 65904E | 50 | push eax | mireado: pattern starts + 0x8B,0x45,0x10, // 65904F | 8B 45 10 | mov eax,dword ptr ss:[ebp+10] | + 0xD9,0x9F,XX4, // 659052 | D9 9F E8 6B 87 00 | fstp dword ptr ds:[edi+876BE8] | + 0x0F,0xB7,0x04,0x58, // 659058 | 0F B7 04 58 | movzx eax,word ptr ds:[eax+ebx*2] | + 0x50, // 65905C | 50 | push eax | + 0x51, // 65905D | 51 | push ecx | + 0xE8,XX4, // 65905E | E8 DD 1D EA FF | call malie.4FAE40 | mireado: hook here + 0x8B,0x45,0x14, // 659063 | 8B 45 14 | mov eax,dword ptr ss:[ebp+14] | + 0x83,0xC4,0x10 // 659066 | 83 C4 10 | add esp,10 | + }; + enum {addr_offset = 0x65905E - 0x65904E}; + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStopAddress); + if (!addr) { + ConsoleOutput("Malie4: pattern not found"); + return false; + } + + HookParam hp; + hp.address = addr + addr_offset; + hp.offset=get_reg(regs::eax); // pusha_eax_off - 4 + //hp.split = 0xc; // jichi 12/17/2013: Subcontext removed + //hp.type = USING_SPLIT|CODEC_UTF16|NO_CONTEXT; + // jichi 12/17/2013: Need extern func for Electro Arms + // Though the hook parameter is quit similar to Malie, the original extern function does not work + hp.split = get_reg(regs::edx); // jichi 12/17/2013: This could split the furigana, but will mess up the text + hp.type = USING_SPLIT|NO_CONTEXT|CODEC_UTF16; + ConsoleOutput("INSERT Malie4"); + return NewHook(hp, "Malie4"); + + //GROWL_DWORD2(hp.address, reladdr); + //RegisterEngineType(ENGINE_MALIE); +} + +// Artikash 1/19/2019: works on https://vndb.org/r52326 +bool InsertMalie5Hook() +{ + const BYTE bytes[] = { + 0x8b, 0x49, 0x10, // mov ecx,[ecx+10] + 0x03, 0x08, // add ecx,[eax] + 0x51 // push ecx + }; + + if (DWORD addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStopAddress)) + { + ConsoleOutput("INSERT Malie5"); + HookParam hp; + hp.address = addr + 5; + hp.offset=get_reg(regs::ecx); + hp.type = CODEC_UTF16 | USING_STRING | NO_CONTEXT; + return NewHook(hp, "Malie5"); + } + + ConsoleOutput("Malie5 pattern not found"); + return false; +} + +// jichi 3/12/2015: Return guessed Malie engine year +//int GetMalieYear() +//{ +// if (Util::SearchResourceString(L"2013 light")) +// return 2013; +// if (Util::SearchResourceString(L"2014 light")) +// return 2014; +// return 2015; +//} + +} // unnamed Malie + +bool InsertMalieHook() +{ + if (Util::CheckFile(L"tools.dll")) + return InsertMalieHook1(); // jichi 3/5/2015: For old light games such as Dies irae. + + else { // For old Malie games before 2015 + // jichi 8/20/2013: Add hook for sweet light engine + // Insert both malie and malie2 hook. + bool ok = false; + + // jichi 3/12/2015: Disable MalieHook2 which will crash シルヴァリオ ヴェンッ�タ + //if (!Util::CheckFile(L"gdiplus.dll")) + if (Util::CheckFile(L"System\\*")) { // Insert old Malie hook. There are usually System/cursor.cur + ok = InsertMalieHook2() || ok; + ok = InsertMalie2Hook() || ok; // jichi 8/20/2013 + } + + // The main disadvantage of Malie3 is that it cannot find character name + ok = InsertMalie3Hook() || ok; // jichi 3/7/2014 + ok = InsertMalie4Hook() || ok; + ok = InsertMalie5Hook() || ok; + return ok; + } +} + +namespace { // unnamed +namespace ScenarioHook { +namespace Private { + + /** + * Sample game: シルヴァリオ ヴェンデッタ + * + * 0706: long pause, text separator + * 0704: short pause + * 0708: voice start. + * 0701: ruby start, 0a as separator + * + * Sample plain unvoiced text: + * + * 0706 is used as pause char. + * + * 01FFF184 00 30 2A 8A 8C 30 8B 30 21 6B 6E 30 27 59 75 65  訪れる次の大敵 + * 01FFF194 00 25 00 25 21 6B 6E 30 0D 4E 78 5E 02 30 21 6B ──次の不幸。次 + * 01FFF1A4 6E 30 E6 82 E3 96 02 30 21 6B 6E 30 34 78 C5 6E の苦難。次の破滅 + * 01FFF1B4 02 30 07 00 06 00 0A 00 00 30 B4 63 7F 30 D6 53 。. 掴み取 + * 01FFF1C4 63 30 5F 30 6F 30 5A 30 6E 30 2A 67 65 67 6F 30 ったはずの未来は + * 01FFF1D4 97 66 D2 9E 6B 30 55 87 7E 30 8C 30 5F 30 7E 30 暗黒に蝕まれたま + * 01FFF1E4 7E 30 9A 7D 4C 88 57 30 66 30 44 30 4F 30 02 30 ま続行していく。 + * 01FFF1F4 07 00 06 00 0A 00 00 30 80 30 57 30 8D 30 4B 62 . むしろ手 + * 01FFF204 6B 30 57 30 5F 30 47 59 E1 8D 92 30 7C 54 73 30 にした奇跡を呼び + * 01FFF214 34 6C 6B 30 01 30 88 30 8A 30 4A 30 5E 30 7E 30 水に、よりおぞま + * 01FFF224 57 30 44 30 B0 65 5F 30 6A 30 66 8A F4 7D 92 30 しい新たな試練を + * 01FFF234 44 7D 7F 30 BC 8F 93 30 67 30 4B 90 7D 54 92 30 組み込んで運命を + * 01FFF244 C6 99 D5 52 55 30 5B 30 8B 30 6E 30 60 30 02 30 駆動させるのだ。 + * 01FFF254 07 00 06 00 00 00 00 00 00 00 00 00 00 00 00 00 ...... + * 01FFF264 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ + * 01FFF274 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ + * 01FFF284 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ + * 01FFF294 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ + * 01FFF2A4 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ + * + * Mixed unvoiced text and voiced text list: + * 01FFF184 00 30 1C 20 DD 52 29 52 1D 20 4B 30 89 30 6F 30  “勝利”からは + * 01FFF194 03 90 52 30 89 30 8C 30 6A 30 44 30 02 30 07 00 逃げられない。 + * 01FFF1A4 06 00 0A 00 00 30 1C 20 DD 52 29 52 1D 20 4B 30 . “勝利”か + * 01FFF1B4 89 30 6F 30 03 90 52 30 89 30 8C 30 6A 30 44 30 らは逃げられない + * 01FFF1C4 02 30 07 00 06 00 0A 00 00 30 1C 20 DD 52 29 52 。. “勝利 + * 01FFF1D4 1D 20 4B 30 89 30 6F 30 03 90 52 30 89 30 8C 30 ”からは逃げられ + * 01FFF1E4 6A 30 44 30 02 30 07 00 06 00 0A 00 0A 00 07 00 ない。.. + * 01FFF1F4 08 00 76 00 5F 00 76 00 6E 00 64 00 30 00 30 00 v_vnd00 + * 01FFF204 30 00 31 00 00 00 0C 30 6A 30 89 30 70 30 00 25 01.「ならば─ + * 01FFF214 00 25 00 25 00 25 0D 30 07 00 09 00 07 00 06 00 ───」. + * 01FFF224 0A 00 0A 00 00 30 00 25 00 25 55 30 42 30 01 30 .. ──さあ、 + * 01FFF234 69 30 46 30 59 30 8B 30 4B 30 1F FF 07 00 06 00 どうするか? + * 01FFF244 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ + * 01FFF254 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ + * 01FFF264 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ + * + * Sample voiced text: + * + * 0269F184 07 00 08 00 76 00 5F 00 7A 00 65 00 70 00 30 00 v_zep0 + * 0269F194 30 00 30 00 31 00 00 00 1C 20 DD 52 29 52 1D 20 001.“勝利” + * 0269F1A4 68 30 6F 30 01 30 55 4F 60 30 1F FF 07 00 09 00 とは、何だ?. + * 0269F1B4 07 00 06 00 0A 00 0A 00 07 00 08 00 76 00 5F 00 ..v_ + * 0269F1C4 7A 00 65 00 70 00 30 00 30 00 30 00 32 00 00 00 zep0002. + * 0269F1D4 1C 20 04 68 49 51 1D 20 68 30 6F 30 01 30 55 4F “栄光”とは、何 + * 0269F1E4 60 30 1F FF 07 00 09 00 07 00 06 00 0A 00 0A 00 だ?... + * 0269F1F4 07 00 08 00 76 00 5F 00 7A 00 65 00 70 00 30 00 v_zep0 + * 0269F204 30 00 30 00 33 00 00 00 5D 30 8C 30 92 30 97 5F 003.それを得 + * 0269F214 8C 30 70 30 01 30 55 4F 82 30 31 59 8F 30 5A 30 れば、何も失わず + * 0269F224 6B 30 08 6E 80 30 6E 30 60 30 8D 30 46 30 4B 30 に済むのだろうか + * 0269F234 07 00 09 00 07 00 06 00 0A 00 0A 00 07 00 08 00 ... + * 0269F244 76 00 5F 00 7A 00 65 00 70 00 30 00 30 00 30 00 v_zep000 + * 0269F254 34 00 00 00 51 65 48 30 8B 30 6E 30 4B 30 02 30 4.救えるのか。 + * 0269F264 88 5B 8C 30 8B 30 6E 30 4B 30 02 30 2C 67 53 5F 守れるのか。本当 + * 0269F274 6B 30 01 30 78 5E 5B 30 6B 30 6A 30 8C 30 8B 30 に、幸せになれる + * 0269F284 6E 30 60 30 8D 30 46 30 4B 30 07 00 09 00 07 00 のだろうか. + * 0269F294 06 00 00 00 00 00 00 00 D1 01 00 00 8C F3 69 02 ...Ǒ.ɩ + * + * Ruby: + * + * 01FDF2B4 63 30 5F 30 07 00 01 00 14 90 EF 7A 0A 00 68 30 った途端.と + * 01FDF2C4 5F 30 93 30 00 00 01 30 06 90 6B 30 40 62 09 67 たん.、逆に所有 + * + * Pause without 0a: + * + * 0271F184 07 00 08 00 76 00 5F 00 7A 00 65 00 70 00 30 00 v_zep0 + * 0271F194 30 00 34 00 34 00 00 00 00 30 51 30 8C 30 69 30 044. けれど + * 0271F1A4 00 25 00 25 07 00 09 00 07 00 06 00 07 00 08 00 ──. + * 0271F1B4 76 00 5F 00 7A 00 65 00 70 00 30 00 30 00 34 00 v_zep004 + * 0271F1C4 35 00 00 00 5D 30 8C 30 67 30 82 30 01 30 88 5B 5.それでも、守 + * 0271F1D4 89 30 6A 30 51 30 8C 30 70 30 6A 30 89 30 6A 30 らなければならな + * 0271F1E4 44 30 50 5B 4C 30 FA 51 65 67 5F 30 4B 30 89 30 い子が出来たから + * 0271F1F4 02 30 07 00 09 00 07 00 06 00 07 00 04 00 00 30 。.  + * 0271F204 07 00 08 00 76 00 5F 00 7A 00 65 00 70 00 30 00 v_zep0 + * 0271F214 30 00 34 00 36 00 00 00 7C 5F 73 59 92 30 51 65 046.彼女を救 + * 0271F224 46 30 5F 30 81 30 6B 30 01 30 53 30 6E 30 61 30 うために、このち + * 0271F234 63 30 7D 30 51 30 6A 30 7D 54 92 30 F8 61 51 30 っぽけな命を懸け + * 0271F244 8B 30 68 30 93 8A 63 30 5F 30 02 30 86 30 48 30 ると誓った。ゆえ + * + * Scenario caller: 4637bf + * + * 0046377D 90 NOP + * 0046377E 90 NOP + * 0046377F 90 NOP + * 00463780 81EC 00080000 SUB ESP,0x800 + * 00463786 56 PUSH ESI + * 00463787 8BB424 08080000 MOV ESI,DWORD PTR SS:[ESP+0x808] + * 0046378E 8B46 1C MOV EAX,DWORD PTR DS:[ESI+0x1C] + * 00463791 8B88 68020000 MOV ECX,DWORD PTR DS:[EAX+0x268] + * 00463797 57 PUSH EDI + * 00463798 51 PUSH ECX + * 00463799 E8 D200FFFF CALL malie.00453870 + * 0046379E 8BBC24 14080000 MOV EDI,DWORD PTR SS:[ESP+0x814] + * 004637A5 68 C06C4100 PUSH malie.00416CC0 + * 004637AA 8D5424 10 LEA EDX,DWORD PTR SS:[ESP+0x10] + * 004637AE 57 PUSH EDI + * 004637AF 52 PUSH EDX + * 004637B0 E8 AB041F00 CALL malie.00653C60 + * 004637B5 8D4424 18 LEA EAX,DWORD PTR SS:[ESP+0x18] + * 004637B9 50 PUSH EAX + * 004637BA E8 21031F00 CALL malie.00653AE0 ; jichi: scenario caller + * 004637BF 8B4E 1C MOV ECX,DWORD PTR DS:[ESI+0x1C] + * 004637C2 57 PUSH EDI + * 004637C3 8981 68020000 MOV DWORD PTR DS:[ECX+0x268],EAX + * 004637C9 E8 32E61E00 CALL malie.00651E00 + * 004637CE 83C4 18 ADD ESP,0x18 + * 004637D1 33D2 XOR EDX,EDX + * 004637D3 85C0 TEST EAX,EAX + * 004637D5 8B46 1C MOV EAX,DWORD PTR DS:[ESI+0x1C] + * 004637D8 0F9FC2 SETG DL + * 004637DB 5F POP EDI + * 004637DC 5E POP ESI + * 004637DD 8990 7C020000 MOV DWORD PTR DS:[EAX+0x27C],EDX + * 004637E3 81C4 00080000 ADD ESP,0x800 + * 004637E9 C3 RETN + * 004637EA 90 NOP + * 004637EB 90 NOP + * 004637EC 90 NOP + * + * Name caller: 46382e + * + * 004637EB 90 NOP + * 004637EC 90 NOP + * 004637ED 90 NOP + * 004637EE 90 NOP + * 004637EF 90 NOP + * 004637F0 81EC 00080000 SUB ESP,0x800 + * 004637F6 56 PUSH ESI + * 004637F7 8BB424 08080000 MOV ESI,DWORD PTR SS:[ESP+0x808] + * 004637FE 8B46 1C MOV EAX,DWORD PTR DS:[ESI+0x1C] + * 00463801 8B88 6C020000 MOV ECX,DWORD PTR DS:[EAX+0x26C] + * 00463807 51 PUSH ECX + * 00463808 E8 6300FFFF CALL malie.00453870 + * 0046380D 8B9424 10080000 MOV EDX,DWORD PTR SS:[ESP+0x810] + * 00463814 68 C06C4100 PUSH malie.00416CC0 + * 00463819 52 PUSH EDX + * 0046381A 8D4424 10 LEA EAX,DWORD PTR SS:[ESP+0x10] + * 0046381E 50 PUSH EAX + * 0046381F E8 3C041F00 CALL malie.00653C60 + * 00463824 8D4C24 14 LEA ECX,DWORD PTR SS:[ESP+0x14] + * 00463828 51 PUSH ECX + * 00463829 E8 B2021F00 CALL malie.00653AE0 ; jichi: name + * 0046382E 8B56 1C MOV EDX,DWORD PTR DS:[ESI+0x1C] + * 00463831 83C4 14 ADD ESP,0x14 + * 00463834 8982 6C020000 MOV DWORD PTR DS:[EDX+0x26C],EAX + * 0046383A 5E POP ESI + * 0046383B 81C4 00080000 ADD ESP,0x800 + * 00463841 C3 RETN + * 00463842 90 NOP + * 00463843 90 NOP + * 00463844 90 NOP + * + * History caller: 418d0b + * + * 00418C9D 90 NOP + * 00418C9E 90 NOP + * 00418C9F 90 NOP + * 00418CA0 81EC 00080000 SUB ESP,0x800 + * 00418CA6 53 PUSH EBX + * 00418CA7 56 PUSH ESI + * 00418CA8 57 PUSH EDI + * 00418CA9 6A 6C PUSH 0x6C + * 00418CAB FF15 20256900 CALL DWORD PTR DS:[<&MSVCRT.malloc>] ; msvcrt.malloc + * 00418CB1 8BD8 MOV EBX,EAX + * 00418CB3 83C4 04 ADD ESP,0x4 + * 00418CB6 85DB TEST EBX,EBX + * 00418CB8 0F84 D1000000 JE malie.00418D8F + * 00418CBE 8BB424 10080000 MOV ESI,DWORD PTR SS:[ESP+0x810] + * 00418CC5 33C0 XOR EAX,EAX + * 00418CC7 B9 1B000000 MOV ECX,0x1B + * 00418CCC 8BFB MOV EDI,EBX + * 00418CCE F3:AB REP STOS DWORD PTR ES:[EDI] + * 00418CD0 8B06 MOV EAX,DWORD PTR DS:[ESI] + * 00418CD2 68 C06C4100 PUSH malie.00416CC0 + * 00418CD7 50 PUSH EAX + * 00418CD8 8D4C24 14 LEA ECX,DWORD PTR SS:[ESP+0x14] + * 00418CDC 51 PUSH ECX + * 00418CDD E8 7EAF2300 CALL malie.00653C60 + * 00418CE2 8D5424 18 LEA EDX,DWORD PTR SS:[ESP+0x18] + * 00418CE6 52 PUSH EDX + * 00418CE7 E8 F4AD2300 CALL malie.00653AE0 + * 00418CEC 8903 MOV DWORD PTR DS:[EBX],EAX + * 00418CEE 8B46 04 MOV EAX,DWORD PTR DS:[ESI+0x4] + * 00418CF1 68 C06C4100 PUSH malie.00416CC0 + * 00418CF6 50 PUSH EAX + * 00418CF7 8D4C24 24 LEA ECX,DWORD PTR SS:[ESP+0x24] + * 00418CFB 51 PUSH ECX + * 00418CFC E8 5FAF2300 CALL malie.00653C60 + * 00418D01 8D5424 28 LEA EDX,DWORD PTR SS:[ESP+0x28] + * 00418D05 52 PUSH EDX + * 00418D06 E8 D5AD2300 CALL malie.00653AE0 ; jichi: history caller + * 00418D0B 8943 04 MOV DWORD PTR DS:[EBX+0x4],EAX + * 00418D0E 8B46 08 MOV EAX,DWORD PTR DS:[ESI+0x8] + * 00418D11 83C4 20 ADD ESP,0x20 + * 00418D14 85C0 TEST EAX,EAX + * 00418D16 75 05 JNZ SHORT malie.00418D1D + * 00418D18 B8 0CEF7000 MOV EAX,malie.0070EF0C + * 00418D1D 50 PUSH EAX + * 00418D1E E8 3D6F2300 CALL malie.0064FC60 + * 00418D23 8943 08 MOV DWORD PTR DS:[EBX+0x8],EAX + * 00418D26 8B46 0C MOV EAX,DWORD PTR DS:[ESI+0xC] + * 00418D29 83C4 04 ADD ESP,0x4 + * 00418D2C 85C0 TEST EAX,EAX + * 00418D2E 75 05 JNZ SHORT malie.00418D35 + * 00418D30 B8 0CEF7000 MOV EAX,malie.0070EF0C + * 00418D35 50 PUSH EAX + * 00418D36 E8 256F2300 CALL malie.0064FC60 + * 00418D3B 8943 0C MOV DWORD PTR DS:[EBX+0xC],EAX + * 00418D3E 8B46 60 MOV EAX,DWORD PTR DS:[ESI+0x60] + * 00418D41 8943 60 MOV DWORD PTR DS:[EBX+0x60],EAX + * 00418D44 8B4E 64 MOV ECX,DWORD PTR DS:[ESI+0x64] + * 00418D47 894B 64 MOV DWORD PTR DS:[EBX+0x64],ECX + * 00418D4A 8B56 68 MOV EDX,DWORD PTR DS:[ESI+0x68] + * 00418D4D 8D7E 10 LEA EDI,DWORD PTR DS:[ESI+0x10] + * 00418D50 83C4 04 ADD ESP,0x4 + * 00418D53 85FF TEST EDI,EDI + * 00418D55 8953 68 MOV DWORD PTR DS:[EBX+0x68],EDX + * 00418D58 74 35 JE SHORT malie.00418D8F + * 00418D5A 55 PUSH EBP + * 00418D5B 8BEB MOV EBP,EBX + * 00418D5D 2BEE SUB EBP,ESI + * 00418D5F BE 14000000 MOV ESI,0x14 + * 00418D64 8B07 MOV EAX,DWORD PTR DS:[EDI] + * 00418D66 66:8338 00 CMP WORD PTR DS:[EAX],0x0 + * 00418D6A 75 04 JNZ SHORT malie.00418D70 + * 00418D6C 33C0 XOR EAX,EAX + * 00418D6E EB 09 JMP SHORT malie.00418D79 + * 00418D70 50 PUSH EAX + * 00418D71 E8 EA6E2300 CALL malie.0064FC60 + * 00418D76 83C4 04 ADD ESP,0x4 + * 00418D79 89042F MOV DWORD PTR DS:[EDI+EBP],EAX + * 00418D7C 83C7 04 ADD EDI,0x4 + * 00418D7F 4E DEC ESI + * 00418D80 ^75 E2 JNZ SHORT malie.00418D64 + * 00418D82 5D POP EBP + * 00418D83 5F POP EDI + * 00418D84 5E POP ESI + * 00418D85 8BC3 MOV EAX,EBX + * 00418D87 5B POP EBX + * 00418D88 81C4 00080000 ADD ESP,0x800 + * 00418D8E C3 RETN + * 00418D8F 5F POP EDI + * 00418D90 5E POP ESI + * 00418D91 8BC3 MOV EAX,EBX + * 00418D93 5B POP EBX + * 00418D94 81C4 00080000 ADD ESP,0x800 + * 00418D9A C3 RETN + * 00418D9B 90 NOP + * 00418D9C 90 NOP + * + * Exit dialog box caller: + * 00475A8D 90 NOP + * 00475A8E 90 NOP + * 00475A8F 90 NOP + * 00475A90 56 PUSH ESI + * 00475A91 68 B09C7500 PUSH malie.00759CB0 + * 00475A96 FF15 F8206900 CALL DWORD PTR DS:[<&KERNEL32.EnterCriti>; ntdll.RtlEnterCriticalSection + * 00475A9C 8B7424 08 MOV ESI,DWORD PTR SS:[ESP+0x8] + * 00475AA0 85F6 TEST ESI,ESI + * 00475AA2 74 4A JE SHORT malie.00475AEE + * 00475AA4 56 PUSH ESI + * 00475AA5 E8 56000000 CALL malie.00475B00 + * 00475AAA 8B46 1C MOV EAX,DWORD PTR DS:[ESI+0x1C] + * 00475AAD 8B08 MOV ECX,DWORD PTR DS:[EAX] + * 00475AAF 51 PUSH ECX + * 00475AB0 E8 BBDDFDFF CALL malie.00453870 + * 00475AB5 8B5424 14 MOV EDX,DWORD PTR SS:[ESP+0x14] + * 00475AB9 52 PUSH EDX + * 00475ABA E8 21E01D00 CALL malie.00653AE0 ; jichi: called here + * 00475ABF 8B4E 1C MOV ECX,DWORD PTR DS:[ESI+0x1C] + * 00475AC2 8901 MOV DWORD PTR DS:[ECX],EAX + * 00475AC4 8B56 1C MOV EDX,DWORD PTR DS:[ESI+0x1C] + * 00475AC7 C782 94000000 00>MOV DWORD PTR DS:[EDX+0x94],0x0 + * 00475AD1 8B46 1C MOV EAX,DWORD PTR DS:[ESI+0x1C] + * 00475AD4 8B08 MOV ECX,DWORD PTR DS:[EAX] + * 00475AD6 51 PUSH ECX + * 00475AD7 E8 84C41D00 CALL malie.00651F60 + * 00475ADC 8B56 1C MOV EDX,DWORD PTR DS:[ESI+0x1C] + * 00475ADF 56 PUSH ESI + * 00475AE0 8982 98000000 MOV DWORD PTR DS:[EDX+0x98],EAX + * 00475AE6 E8 C5000000 CALL malie.00475BB0 + * 00475AEB 83C4 14 ADD ESP,0x14 + * 00475AEE 68 B09C7500 PUSH malie.00759CB0 + * 00475AF3 FF15 44226900 CALL DWORD PTR DS:[<&KERNEL32.LeaveCriti>; ntdll.RtlLeaveCriticalSection + * 00475AF9 5E POP ESI + * 00475AFA C3 RETN + * 00475AFB 90 NOP + * 00475AFC 90 NOP + * 00475AFD 90 NOP + * + * Sample game: 相州戦神館學園 八命陣 (older game0 + * Scenario caller: 46314f + * + * 0046310B 90 NOP + * 0046310C 90 NOP + * 0046310D 90 NOP + * 0046310E 90 NOP + * 0046310F 90 NOP + * 00463110 81EC 00080000 SUB ESP,0x800 + * 00463116 56 PUSH ESI + * 00463117 8BB424 08080000 MOV ESI,DWORD PTR SS:[ESP+0x808] + * 0046311E 8B46 20 MOV EAX,DWORD PTR DS:[ESI+0x20] + * 00463121 8B88 68020000 MOV ECX,DWORD PTR DS:[EAX+0x268] + * 00463127 57 PUSH EDI + * 00463128 51 PUSH ECX + * 00463129 E8 62240200 CALL .00485590 + * 0046312E 8BBC24 14080000 MOV EDI,DWORD PTR SS:[ESP+0x814] + * 00463135 68 10634100 PUSH .00416310 + * 0046313A 8D5424 10 LEA EDX,DWORD PTR SS:[ESP+0x10] + * 0046313E 57 PUSH EDI + * 0046313F 52 PUSH EDX + * 00463140 E8 AB841D00 CALL .0063B5F0 + * 00463145 8D4424 18 LEA EAX,DWORD PTR SS:[ESP+0x18] + * 00463149 50 PUSH EAX + * 0046314A E8 41831D00 CALL .0063B490 + * 0046314F 8B4E 20 MOV ECX,DWORD PTR DS:[ESI+0x20] ; jichi: scenario retaddr + * 00463152 57 PUSH EDI + * 00463153 8981 68020000 MOV DWORD PTR DS:[ECX+0x268],EAX + * 00463159 E8 82661D00 CALL .006397E0 + * 0046315E 83C4 18 ADD ESP,0x18 + * 00463161 33D2 XOR EDX,EDX + * 00463163 85C0 TEST EAX,EAX + * 00463165 8B46 20 MOV EAX,DWORD PTR DS:[ESI+0x20] + * 00463168 0F9FC2 SETG DL + * 0046316B 5F POP EDI + * 0046316C 5E POP ESI + * 0046316D 8990 7C020000 MOV DWORD PTR DS:[EAX+0x27C],EDX + * 00463173 81C4 00080000 ADD ESP,0x800 + * 00463179 C3 RETN + * 0046317A 90 NOP + * 0046317B 90 NOP + * 0046317C 90 NOP + * 0046317D 90 NOP + * 0046317E 90 NOP + * + * Sample game: BRAVA!! + * Scenario retaddr: 42011f + * + * 004200FD 90 NOP + * 004200FE 90 NOP + * 004200FF 90 NOP + * 00420100 56 PUSH ESI + * 00420101 8B7424 08 MOV ESI,DWORD PTR SS:[ESP+0x8] + * 00420105 8B46 20 MOV EAX,DWORD PTR DS:[ESI+0x20] + * 00420108 8B88 F0000000 MOV ECX,DWORD PTR DS:[EAX+0xF0] + * 0042010E 57 PUSH EDI + * 0042010F 51 PUSH ECX + * 00420110 E8 BB240200 CALL .004425D0 + * 00420115 8B7C24 14 MOV EDI,DWORD PTR SS:[ESP+0x14] + * 00420119 57 PUSH EDI + * 0042011A E8 01031300 CALL .00550420 + * 0042011F 8B56 20 MOV EDX,DWORD PTR DS:[ESI+0x20] ; jichi: scenario caller + * 00420122 57 PUSH EDI + * 00420123 8982 F0000000 MOV DWORD PTR DS:[EDX+0xF0],EAX + * 00420129 E8 B2E61200 CALL .0054E7E0 + * 0042012E 8B56 20 MOV EDX,DWORD PTR DS:[ESI+0x20] + * 00420131 83C4 0C ADD ESP,0xC + * 00420134 33C9 XOR ECX,ECX + * 00420136 85C0 TEST EAX,EAX + * 00420138 0F9FC1 SETG CL + * 0042013B 5F POP EDI + * 0042013C 5E POP ESI + * 0042013D 898A FC000000 MOV DWORD PTR DS:[EDX+0xFC],ECX + * 00420143 C3 RETN + * 00420144 90 NOP + * + * Name retaddr: 415a2c + * + * 004159DD 90 NOP + * 004159DE 90 NOP + * 004159DF 90 NOP + * 004159E0 81EC 00080000 SUB ESP,0x800 + * 004159E6 53 PUSH EBX + * 004159E7 56 PUSH ESI + * 004159E8 57 PUSH EDI + * 004159E9 6A 6C PUSH 0x6C + * 004159EB FF15 40D45800 CALL DWORD PTR DS:[0x58D440] ; msvcrt.malloc + * 004159F1 8BD8 MOV EBX,EAX + * 004159F3 83C4 04 ADD ESP,0x4 + * 004159F6 85DB TEST EBX,EBX + * 004159F8 0F84 D1000000 JE .00415ACF + * 004159FE 8BB424 10080000 MOV ESI,DWORD PTR SS:[ESP+0x810] + * 00415A05 33C0 XOR EAX,EAX + * 00415A07 B9 1B000000 MOV ECX,0x1B + * 00415A0C 8BFB MOV EDI,EBX + * 00415A0E F3:AB REP STOS DWORD PTR ES:[EDI] + * 00415A10 8B06 MOV EAX,DWORD PTR DS:[ESI] + * 00415A12 68 003B4100 PUSH .00413B00 + * 00415A17 50 PUSH EAX + * 00415A18 8D4C24 14 LEA ECX,DWORD PTR SS:[ESP+0x14] + * 00415A1C 51 PUSH ECX + * 00415A1D E8 5EAB1300 CALL .00550580 + * 00415A22 8D5424 18 LEA EDX,DWORD PTR SS:[ESP+0x18] + * 00415A26 52 PUSH EDX + * 00415A27 E8 F4A91300 CALL .00550420 + * 00415A2C 8903 MOV DWORD PTR DS:[EBX],EAX ; jichi: name caller + * 00415A2E 8B46 04 MOV EAX,DWORD PTR DS:[ESI+0x4] + * 00415A31 68 003B4100 PUSH .00413B00 + * 00415A36 50 PUSH EAX + * 00415A37 8D4C24 24 LEA ECX,DWORD PTR SS:[ESP+0x24] + * 00415A3B 51 PUSH ECX + * 00415A3C E8 3FAB1300 CALL .00550580 + * 00415A41 8D5424 28 LEA EDX,DWORD PTR SS:[ESP+0x28] + * 00415A45 52 PUSH EDX + * 00415A46 E8 D5A91300 CALL .00550420 + * 00415A4B 8943 04 MOV DWORD PTR DS:[EBX+0x4],EAX + * 00415A4E 8B46 08 MOV EAX,DWORD PTR DS:[ESI+0x8] + * 00415A51 83C4 20 ADD ESP,0x20 + * 00415A54 85C0 TEST EAX,EAX + * 00415A56 75 05 JNZ SHORT .00415A5D + * 00415A58 B8 6C285E00 MOV EAX,.005E286C + * 00415A5D 50 PUSH EAX + * 00415A5E E8 DD691300 CALL .0054C440 + * 00415A63 8943 08 MOV DWORD PTR DS:[EBX+0x8],EAX + * 00415A66 8B46 0C MOV EAX,DWORD PTR DS:[ESI+0xC] + * 00415A69 83C4 04 ADD ESP,0x4 + * 00415A6C 85C0 TEST EAX,EAX + * 00415A6E 75 05 JNZ SHORT .00415A75 + * 00415A70 B8 6C285E00 MOV EAX,.005E286C + * 00415A75 50 PUSH EAX + * 00415A76 E8 C5691300 CALL .0054C440 + * 00415A7B 8943 0C MOV DWORD PTR DS:[EBX+0xC],EAX + * 00415A7E 8B46 60 MOV EAX,DWORD PTR DS:[ESI+0x60] + * 00415A81 8943 60 MOV DWORD PTR DS:[EBX+0x60],EAX + * 00415A84 8B4E 64 MOV ECX,DWORD PTR DS:[ESI+0x64] + * 00415A87 894B 64 MOV DWORD PTR DS:[EBX+0x64],ECX + * 00415A8A 8B56 68 MOV EDX,DWORD PTR DS:[ESI+0x68] + * 00415A8D 8D7E 10 LEA EDI,DWORD PTR DS:[ESI+0x10] + * 00415A90 83C4 04 ADD ESP,0x4 + * 00415A93 85FF TEST EDI,EDI + * 00415A95 8953 68 MOV DWORD PTR DS:[EBX+0x68],EDX + * 00415A98 74 35 JE SHORT .00415ACF + * 00415A9A 55 PUSH EBP + * 00415A9B 8BEB MOV EBP,EBX + * 00415A9D 2BEE SUB EBP,ESI + * 00415A9F BE 14000000 MOV ESI,0x14 + * 00415AA4 8B07 MOV EAX,DWORD PTR DS:[EDI] + * 00415AA6 66:8338 00 CMP WORD PTR DS:[EAX],0x0 + * 00415AAA 75 04 JNZ SHORT .00415AB0 + * 00415AAC 33C0 XOR EAX,EAX + * 00415AAE EB 09 JMP SHORT .00415AB9 + * 00415AB0 50 PUSH EAX + * 00415AB1 E8 8A691300 CALL .0054C440 + * 00415AB6 83C4 04 ADD ESP,0x4 + * 00415AB9 89042F MOV DWORD PTR DS:[EDI+EBP],EAX + * 00415ABC 83C7 04 ADD EDI,0x4 + * 00415ABF 4E DEC ESI + * 00415AC0 ^75 E2 JNZ SHORT .00415AA4 + * 00415AC2 5D POP EBP + * 00415AC3 5F POP EDI + * 00415AC4 5E POP ESI + * 00415AC5 8BC3 MOV EAX,EBX + * 00415AC7 5B POP EBX + * 00415AC8 81C4 00080000 ADD ESP,0x800 + * 00415ACE C3 RETN + * 00415ACF 5F POP EDI + * 00415AD0 5E POP ESI + * 00415AD1 8BC3 MOV EAX,EBX + * 00415AD3 5B POP EBX + * 00415AD4 81C4 00080000 ADD ESP,0x800 + * 00415ADA C3 RETN + * 00415ADB 90 NOP + * 00415ADC 90 NOP + * 00415ADD 90 NOP + * 00415ADE 90 NOP + */ + + + + size_t parseTextSize(LPCWSTR text) + { + size_t count = 0; + bool skipNull = false; + for (; *text || skipNull; text++, count++) + if (text[0] == 0) + skipNull = false; + else if (text[0] == 0x7) + switch (text[1]) { + case 0x1: // ruby + skipNull = true; + break; + case 0x8: // voice + return count; + case 0x6: // pause + return count + 2; + } + return count; + } + + size_t rtrim(LPCWSTR text, size_t size) + { + while (size && (text[size - 1] <= 32 || text[size - 1] == 0x3000)) // trim trailing non-printable characters + size--; + return size; + } + + std::string parseTextData(LPCWSTR text) + { + std::string ret; + if (!wcschr(text, 0x7)) { + ret=std::string((LPCSTR)text, ::wcslen(text) * sizeof(wchar_t)); + return ret; + } + for (; *text; text++) { + if (text[0] == 0x7) + switch (text[1]) { + case 0x1: // ruby + if (LPCWSTR p = ::wcschr(text + 2, 0xa)) { + ret.append(LPCSTR(text + 2), (p - text - 2) * sizeof(wchar_t)); + text = p + ::wcslen(p); // text now point to zero + continue; + } // mismatched ruby that should never happen + return std::string(); + case 0x8: // voice + return ret; + case 0x6: // pause + ret.append((LPCSTR)text, 2 * sizeof(wchar_t)); + return ret; + } + ret.append((LPCSTR)text, sizeof(wchar_t)); + } + return ret; + } +#define MALIE_0 L"[0]" // represent \0 + void filterTextData(std::string &text) + { + // remove short pause + static std::string shortPause((LPCSTR)L"\x07\x04", 2 * sizeof(wchar_t)); + //text.replace(shortPause, ""); // there is no remove method in std::string + strReplace(text, shortPause, ""); + } + // I need a cache retainer here to make sure same text result in same result + void hookafter(hook_stack*s,void* data1, size_t len) + { + static std::string data_; + static std::unordered_set hashes_; + auto text = (LPCWSTR)s->stack[1]; + if (!text || !*text + || !(text[0] == 0x7 && text[1] == 0x8) && all_ascii(text) ) + return ; + std::string data; + bool update = false; + + for (size_t size; *text; text += size) { + if (text[0] == 0x7 && text[1] == 0x8) { // voiced + size_t len = ::wcslen(text); + data.append((LPCSTR)text, (len + 1) * sizeof(wchar_t)); + text += len + 1; + } + + size = parseTextSize(text); + std::string oldData = parseTextData(text); + filterTextData(oldData); + if (oldData.empty()) // this should never happen + return ; + + auto oldTextAddress = (LPCWSTR)oldData.c_str(); + size_t oldTextSize = oldData.size() / sizeof(wchar_t), + trimmedSize = rtrim(oldTextAddress, oldTextSize); + if (trimmedSize == 0 || all_ascii(oldTextAddress, trimmedSize)) + data.append(oldData); + else { + std::wstring oldText = std::wstring(oldTextAddress, trimmedSize), + newText = std::wstring((LPWSTR)data1,len/2) ; + if (newText.empty() || newText == oldText) + data.append(oldData); + else { + update = true; + data.append((LPCSTR)newText.c_str(), newText.size() * sizeof(wchar_t)); + if (trimmedSize != oldTextSize) + data.append(LPCSTR(oldTextAddress + trimmedSize), (oldTextSize - trimmedSize) * sizeof(wchar_t)); + } + } + } + if (update) { + { + static const std::string zero_bytes(sizeof(wchar_t), '\0'), + zero_repr((LPCSTR)MALIE_0, sizeof(MALIE_0) - sizeof(wchar_t)); // - \0's size + //data.replace(zero_repr, zero_bytes); + strReplace(data, zero_repr, zero_bytes); + } + + // make sure there are 5 zeros at the end + data.push_back(0); data.push_back(0); data.push_back(0); data.push_back(0); data.push_back(0); + data_ = data; + text = (LPCWSTR)data_.c_str(); + + s->stack[1] = (ULONG)text; + } + } + void hookBefore(hook_stack *s, HookParam *hp, TextBuffer *buffer, uintptr_t *role) + { + + static std::string data_; + static std::unordered_set hashes_; + auto text = (LPCWSTR)s->stack[1]; + if (!text || !*text + || !(text[0] == 0x7 && text[1] == 0x8) && all_ascii(text) ) + return ; + + //if (::wcsstr(text, L"\x30DC\x30BF\x30F3")) // ボタン + // return true; + //if (::wcsstr(text, L"\x30A4\x30E1\x30FC")) // イメージ + // return true; + + // Scenario caller: + // 004637BA E8 21031F00 CALL malie.00653AE0 ; jichi: scenario caller + // 004637BF 8B4E 1C MOV ECX,DWORD PTR DS:[ESI+0x1C] + // 004637C2 57 PUSH EDI + // + // 0046314A E8 41831D00 CALL .0063B490 + // 0046314F 8B4E 20 MOV ECX,DWORD PTR DS:[ESI+0x20] ; jichi: scenario retaddr + // 00463152 57 PUSH EDI + // + // (balloon-like) + // 0042011F 8B56 20 MOV EDX,DWORD PTR DS:[ESI+0x20] ; jichi: scenario caller + // 00420122 57 PUSH EDI + // + // Name caller: + // 00463829 E8 B2021F00 CALL malie.00653AE0 ; jichi: name + // 0046382E 8B56 1C MOV EDX,DWORD PTR DS:[ESI+0x1C] + // 00463831 83C4 14 ADD ESP,0x14 + // + // (balloon-like) + // 00415A2C 8903 MOV DWORD PTR DS:[EBX],EAX ; jichi: name caller + // 00415A2E 8B46 04 MOV EAX,DWORD PTR DS:[ESI+0x4] + // 00415A31 68 003B4100 PUSH .00413B00 + * role = Engine::OtherRole; + auto retaddr = s->stack[0]; + switch (*(DWORD *)retaddr & 0xff0000ff) { + case 0x5700008b: *role = Engine::ScenarioRole; break; + case 0x8300008b: + case 0x46000089: *role = Engine::NameRole; break; + } + //auto sig = Engine::hashThreadSignature(role, retaddr); // this is not needed as the retaddr is used as split + auto sig = retaddr; + + std::string data; + bool update = false; + + for (size_t size; *text; text += size) { + if (text[0] == 0x7 && text[1] == 0x8) { // voiced + size_t len = ::wcslen(text); + data.append((LPCSTR)text, (len + 1) * sizeof(wchar_t)); + text += len + 1; + } + + size = parseTextSize(text); + std::string oldData = parseTextData(text); + filterTextData(oldData); + if (oldData.empty()) // this should never happen + return ; + + auto oldTextAddress = (LPCWSTR)oldData.c_str(); + size_t oldTextSize = oldData.size() / sizeof(wchar_t), + trimmedSize = rtrim(oldTextAddress, oldTextSize); + if (trimmedSize == 0 || all_ascii(oldTextAddress, trimmedSize)) + data.append(oldData); + else { + buffer->from(std::wstring_view(oldTextAddress, trimmedSize)); + return; + } + } + + } +} // namespace Private + +/** + * Sample game: シルヴァリオ ヴェンデッタ + * + * Text in arg1. + * Function found by debugging the text being accessed. + * It is the same as one of the parent call of Malie2. + * + * The target text arg1 is on this function's caller's stack. + * + * 00653ADC 90 NOP + * 00653ADD 90 NOP + * 00653ADE 90 NOP + * 00653ADF 90 NOP + * 00653AE0 56 PUSH ESI + * 00653AE1 8B7424 08 MOV ESI,DWORD PTR SS:[ESP+0x8] + * 00653AE5 33C0 XOR EAX,EAX + * 00653AE7 85F6 TEST ESI,ESI + * 00653AE9 74 47 JE SHORT malie.00653B32 + * 00653AEB 53 PUSH EBX + * 00653AEC 57 PUSH EDI + * 00653AED 68 00C47F00 PUSH malie.007FC400 + * 00653AF2 FF15 F8206900 CALL DWORD PTR DS:[<&KERNEL32.EnterCriti>; ntdll.RtlEnterCriticalSection + * 00653AF8 56 PUSH ESI + * 00653AF9 E8 C2E4FFFF CALL malie.00651FC0 + * 00653AFE 8D78 02 LEA EDI,DWORD PTR DS:[EAX+0x2] + * 00653B01 57 PUSH EDI + * 00653B02 FF15 20256900 CALL DWORD PTR DS:[<&MSVCRT.malloc>] ; msvcrt.malloc + * 00653B08 8BD8 MOV EBX,EAX + * 00653B0A 83C4 08 ADD ESP,0x8 + * 00653B0D 85DB TEST EBX,EBX + * 00653B0F 74 12 JE SHORT malie.00653B23 + * 00653B11 8BCF MOV ECX,EDI + * 00653B13 8BFB MOV EDI,EBX + * 00653B15 8BC1 MOV EAX,ECX + * 00653B17 C1E9 02 SHR ECX,0x2 + * 00653B1A F3:A5 REP MOVS DWORD PTR ES:[EDI],DWORD PTR DS:[ESI] + * 00653B1C 8BC8 MOV ECX,EAX + * 00653B1E 83E1 03 AND ECX,0x3 + * 00653B21 F3:A4 REP MOVS BYTE PTR ES:[EDI],BYTE PTR DS:[ESI] + * 00653B23 68 00C47F00 PUSH malie.007FC400 + * 00653B28 FF15 44226900 CALL DWORD PTR DS:[<&KERNEL32.LeaveCriti>; ntdll.RtlLeaveCriticalSection + * 00653B2E 8BC3 MOV EAX,EBX + * 00653B30 5F POP EDI + * 00653B31 5B POP EBX + * 00653B32 5E POP ESI + * 00653B33 C3 RETN + * 00653B34 90 NOP + * 00653B35 90 NOP + * 00653B36 90 NOP + * 00653B37 90 NOP + * 00653B38 90 NOP + * + * Malie2's pattern: 4089560833d2894604 + * + * const BYTE bytes1[] = { + * 0x40, // inc eax + * 0x89,0x56, 0x08, // mov dword ptr ds:[esi+0x8],edx + * 0x33,0xd2, // xor edx,edx + * 0x89,0x46, 0x04 // mov dword ptr ds:[esi+0x4],eax + * }; + * + * Malie2 not used as it produces too many garbage + * + * Malie2's call stack: + * + * 026DF0D8 026DF0E0 + * 026DF0DC 026DF184 ; jichi: source text + * 026DF0E0 026DF184 + * 026DF0E4 00000000 + * 026DF0E8 000000B8 + * 026DF0EC 0627DFE8 + * 026DF0F0 016F0000 + * 026DF0F4 0627DFE0 + * 026DF0F8 0180B5E0 + * 026DF0FC 00000001 + * 026DF100 0180B8F0 ASCII ""=VH" + * 026DF104 /026DF11C + * 026DF108 |77492CE8 RETURN to ntdll.77492CE8 from ntdll.77492D0B + * 026DF10C |0180B8F8 + * 026DF110 |FFFFFFFF + * 026DF114 |04A9103C + * 026DF118 |0180B8F0 ASCII ""=VH" + * 026DF11C \026DF168 + * 026DF120 771B98CD RETURN to msvcrt.771B98CD from ntdll.RtlFreeHeap + * 026DF124 018B0000 + * 026DF128 00000000 + * 026DF12C 00000006 + * 026DF130 FFFFFFFF + * 026DF134 FFFFFFFF + * 026DF138 00000000 + * 026DF13C 026DF184 ; jichi: text + * 026DF140 0000000C + * 026DF144 062671D8 + * 026DF148 00000000 + * 026DF14C /026DFA08 + * 026DF150 |00653AFE RETURN to malie.00653AFE from malie.00651FC0 + * 026DF154 |026DF184 ; jichi: text + * 026DF158 |007272A8 malie.007272A8 + * 026DF15C |04A9103C + * 026DF160 |0183DFE8 + * 026DF164 |004637BF RETURN to malie.004637BF from malie.00653AE0 + * 026DF168 |026DF184 ; jichi: text, two continous scenario text + * 026DF16C |026DF184 ; jichi: text + * 026DF170 |007272A8 malie.007272A8 + * 026DF174 |00416CC0 malie.00416CC0 + * 026DF178 |0180B8F8 + * 026DF17C |FFFFFFFF + * 026DF180 |0183DFE8 + * 026DF184 |00080007 + * 026DF188 |005F0076 malie.005F0076 + * 026DF18C |0065007A malie.0065007A + * 026DF190 |00300070 + * 026DF194 |00300030 + * + * Sample game: 相州戦神館學園 八命陣 (older game without critical sections) + * 0063B48D 90 NOP + * 0063B48E 90 NOP + * 0063B48F 90 NOP + * 0063B490 56 PUSH ESI + * 0063B491 8B7424 08 MOV ESI,DWORD PTR SS:[ESP+0x8] + * 0063B495 33C0 XOR EAX,EAX + * 0063B497 57 PUSH EDI + * 0063B498 85F6 TEST ESI,ESI + * 0063B49A 74 29 JE SHORT .0063B4C5 + * 0063B49C 56 PUSH ESI + * 0063B49D E8 FEE4FFFF CALL .006399A0 + * 0063B4A2 8D78 02 LEA EDI,DWORD PTR DS:[EAX+0x2] + * 0063B4A5 57 PUSH EDI + * 0063B4A6 FF15 94946700 CALL DWORD PTR DS:[0x679494] ; msvcrt.malloc + * 0063B4AC 83C4 08 ADD ESP,0x8 + * 0063B4AF 85C0 TEST EAX,EAX + * 0063B4B1 74 12 JE SHORT .0063B4C5 + * 0063B4B3 8BCF MOV ECX,EDI + * 0063B4B5 8BF8 MOV EDI,EAX + * 0063B4B7 8BD1 MOV EDX,ECX + * 0063B4B9 C1E9 02 SHR ECX,0x2 + * 0063B4BC F3:A5 REP MOVS DWORD PTR ES:[EDI],DWORD PTR DS:[ESI] + * 0063B4BE 8BCA MOV ECX,EDX + * 0063B4C0 83E1 03 AND ECX,0x3 + * 0063B4C3 F3:A4 REP MOVS BYTE PTR ES:[EDI],BYTE PTR DS:[ESI] + * 0063B4C5 5F POP EDI + * 0063B4C6 5E POP ESI + * 0063B4C7 C3 RETN + * 0063B4C8 90 NOP + * 0063B4C9 90 NOP + * 0063B4CA 90 NOP + * 0063B4CB 90 NOP + * + * Sample game: 神咒神威神楽WEB体験版 + * FIXME: Texts get disappeared + * 00517A8D 90 NOP + * 00517A8E 90 NOP + * 00517A8F 90 NOP + * 00517A90 56 PUSH ESI + * 00517A91 8B7424 08 MOV ESI,DWORD PTR SS:[ESP+0x8] + * 00517A95 57 PUSH EDI + * 00517A96 56 PUSH ESI + * 00517A97 E8 64E5FFFF CALL .00516000 + * 00517A9C 8D78 02 LEA EDI,DWORD PTR DS:[EAX+0x2] + * 00517A9F 57 PUSH EDI + * 00517AA0 FF15 40745500 CALL DWORD PTR DS:[0x557440] ; msvcrt.malloc + * 00517AA6 83C4 08 ADD ESP,0x8 + * 00517AA9 85C0 TEST EAX,EAX + * 00517AAB 74 12 JE SHORT .00517ABF + * 00517AAD 8BCF MOV ECX,EDI + * 00517AAF 8BF8 MOV EDI,EAX + * 00517AB1 8BD1 MOV EDX,ECX + * 00517AB3 C1E9 02 SHR ECX,0x2 + * 00517AB6 F3:A5 REP MOVS DWORD PTR ES:[EDI],DWORD PTR DS> + * 00517AB8 8BCA MOV ECX,EDX + * 00517ABA 83E1 03 AND ECX,0x3 + * 00517ABD F3:A4 REP MOVS BYTE PTR ES:[EDI],BYTE PTR DS:[> + * 00517ABF 5F POP EDI + * 00517AC0 5E POP ESI + * 00517AC1 C3 RETN + * 00517AC2 90 NOP + * 00517AC3 90 NOP + * 00517AC4 90 NOP + */ +bool attach(ULONG startAddress, ULONG stopAddress) +{ + const uint8_t bytes[] = { + //FF15 20256900 // 00653B02 FF15 20256900 CALL DWORD PTR DS:[<&MSVCRT.malloc>] ; msvcrt.malloc + //8BD8 // 00653B08 8BD8 MOV EBX,EAX + 0x83,0xC4, 0x08, // 00653B0A 83C4 08 ADD ESP,0x8 + 0x85,XX, // 00653B0D 85DB TEST EBX,EBX + 0x74, 0x12, // 00653B0F 74 12 JE SHORT malie.00653B23 + 0x8B,XX, // 00653B11 8BCF MOV ECX,EDI + 0x8B,XX, // 00653B13 8BFB MOV EDI,EBX + 0x8B,XX, // 00653B15 8BC1 MOV EAX,ECX + 0xC1,0xE9, 0x02, // 00653B17 C1E9 02 SHR ECX,0x2 + 0xF3,0xA5, // 00653B1A F3:A5 REP MOVS DWORD PTR ES:[EDI],DWORD PTR DS:[ESI] + 0x8B,XX, // 00653B1C 8BC8 MOV ECX,EAX + 0x83,0xE1, 0x03, // 00653B1E 83E1 03 AND ECX,0x3 + 0xF3,0xA4 // 00653B21 F3:A4 REP MOVS BYTE PTR ES:[EDI],BYTE PTR DS:[ESI] + }; + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), startAddress, stopAddress); + //DOUT(addr); + if (!addr) + return false; + addr = MemDbg::findEnclosingAlignedFunction(addr); + if (!addr) + return false; + //addr = 0x00653AE0; // the actual hooked grant parent call function, text in arg1 + + // Sample game: シルヴァリオ ヴェンデッタ + // If there are untranslated function, hook to the following location and debug the function stack to find text address + //addr = 0x006519B0; // the callee function, text in arg2, function called by two functions, including the callee. Hooking to this function causing history to crash + //return winhook::hook_before(addr, Private::hookBefore); + HookParam hp; + hp.address=addr; + hp.text_fun=Private::hookBefore; + hp.hook_after=Private::hookafter; + hp.type=CODEC_UTF16|EMBED_ABLE|NO_CONTEXT; + return NewHook(hp,"EmbedMalie"); +} +} // namespace ScenarioHook + +namespace Patch { +namespace Private { + void hookBefore(hook_stack *s, HookParam *hp, TextBuffer *buffer, uintptr_t *split) + { + static std::wstring fontFace_; + auto fontFamily=std::wstring(commonsharedmem->fontFamily); + + if (!fontFamily.empty()) { + if (fontFace_ != fontFamily) + fontFace_ = fontFamily; + s->stack[1] = (ULONG)fontFace_.c_str(); + //::memcpy((LPVOID)s->stack[2], fontFace_.utf16(), fontFace_.size() * sizeof(wchar_t)); + } + } +} // namespace Private + +/** + * Sample game: シルヴァリオ ヴェンデッタ + * Force changing font face, otherwise CreateFontIndirectW won't be invoked. + * + * Default font is TelopMinPro. + * + * There are two fonts that are needed to be changed for Malie engine. + * - Text font: can be changed in registry as "FontFace" + * - UI font: canb be changed in malie.ini using SystemFont + * Example: + * + * ;フォント種類指定 + * ;SystemFont=SimSun + * ;FONT01=SimSun + * SystemFont=TelopMinPro + * FONT01=TelopMinPro + * + * This function is found by debugging CreateFontIndirectW. + * Font face in both arg1 and arg2. + * + * 0043A82C 90 NOP + * 0043A82D 90 NOP + * 0043A82E 90 NOP + * 0043A82F 90 NOP + * 0043A830 53 PUSH EBX + * 0043A831 55 PUSH EBP + * 0043A832 56 PUSH ESI + * 0043A833 57 PUSH EDI + * 0043A834 E8 C7FFFFFF CALL malie.0043A800 + * 0043A839 8BF8 MOV EDI,EAX + * 0043A83B 33F6 XOR ESI,ESI + * 0043A83D 85FF TEST EDI,EDI + * 0043A83F 7E 20 JLE SHORT malie.0043A861 + * 0043A841 8B5C24 14 MOV EBX,DWORD PTR SS:[ESP+0x14] + * 0043A845 8B2D 14256900 MOV EBP,DWORD PTR DS:[<&MSVCRT._wcsicmp>>; msvcrt._wcsicmp + * 0043A84B 56 /PUSH ESI + * 0043A84C E8 6FFFFFFF |CALL malie.0043A7C0 + * 0043A851 50 |PUSH EAX + * 0043A852 53 |PUSH EBX + * 0043A853 FFD5 |CALL EBP + * 0043A855 83C4 0C |ADD ESP,0xC + * 0043A858 85C0 |TEST EAX,EAX + * 0043A85A 74 0D |JE SHORT malie.0043A869 + * 0043A85C 46 |INC ESI + * 0043A85D 3BF7 |CMP ESI,EDI + * 0043A85F ^7C EA \JL SHORT malie.0043A84B + * 0043A861 5F POP EDI + * 0043A862 5E POP ESI + * 0043A863 5D POP EBP + * 0043A864 83C8 FF OR EAX,0xFFFFFFFF + * 0043A867 5B POP EBX + * 0043A868 C3 RETN + * 0043A869 5F POP EDI + * 0043A86A 8BC6 MOV EAX,ESI + * 0043A86C 5E POP ESI + * 0043A86D 5D POP EBP + * 0043A86E 5B POP EBX + * 0043A86F C3 RETN + * 0043A870 8B4424 04 MOV EAX,DWORD PTR SS:[ESP+0x4] + * 0043A874 83F8 FF CMP EAX,-0x1 + * 0043A877 75 05 JNZ SHORT malie.0043A87E + * 0043A879 E8 92FFFFFF CALL malie.0043A810 + * 0043A87E 50 PUSH EAX + * 0043A87F E8 3CFFFFFF CALL malie.0043A7C0 + * 0043A884 33C9 XOR ECX,ECX + * 0043A886 83C4 04 ADD ESP,0x4 + * 0043A889 66:8338 40 CMP WORD PTR DS:[EAX],0x40 + * 0043A88D 0F94C1 SETE CL + * 0043A890 8BC1 MOV EAX,ECX + * 0043A892 C3 RETN + * 0043A893 90 NOP + * 0043A894 90 NOP + * 0043A895 90 NOP + * 0043A896 90 NOP + * 0043A897 90 NOP + * 0043A898 90 NOP + * + * 0278F138 0043AB90 RETURN to malie.0043AB90 from malie.0043A830 + * 0278F13C 0278F154 UNICODE "telopminpro" + * 0278F140 0278F154 UNICODE "telopminpro" + * 0278F144 006D2AE8 UNICODE "%s" + * 0278F148 0192C990 UNICODE "telopminpro" + * 0278F14C 00000000 + * 0278F150 0A33AAE0 + * 0278F154 00650074 malie.00650074 + * 0278F158 006F006C malie.006F006C + * 0278F15C 006D0070 ASCII "Context" + * 0278F160 006E0069 malie.006E0069 + * 0278F164 00720070 malie.00720070 + * 0278F168 0000006F + * 0278F16C 3F088850 + * 0278F170 00000000 + * 0278F174 00000000 + * + */ +bool attachFont(ULONG startAddress, ULONG stopAddress) +{ + const uint8_t bytes[] = { + 0x50, // 0043A851 50 |PUSH EAX + 0x53, // 0043A852 53 |PUSH EBX + 0xFF,0xD5, // 0043A853 FFD5 |CALL EBP + 0x83,0xC4, 0x0C, // 0043A855 83C4 0C |ADD ESP,0xC + 0x85,0xC0, // 0043A858 85C0 |TEST EAX,EAX + 0x74, 0x0D, // 0043A85A 74 0D |JE SHORT malie.0043A869 + 0x46, // 0043A85C 46 |INC ESI + 0x3B,0xF7 // 0043A85D 3BF7 |CMP ESI,EDI + }; + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), startAddress, stopAddress); + if (!addr) + return false; + addr = MemDbg::findEnclosingAlignedFunction(addr); + if (!addr) + return false; + HookParam hp; + hp.address=addr; + hp.text_fun= Private::hookBefore; + return NewHook(hp,"PatchMalieFont"); +} +} // namespace Patch +} // unnamed namespace + +namespace{ + //Dies irae ~Acta est Fabula~ HD + //Dies irae ~Interview with Kaziklu Bey~ + + std::wstring readString(DWORD address) { + std::wstring s = L""; + uint16_t c; + //console.log(hexdump(address)) + while ((c = *(uint16_t*)address) != 0) { + // utf-16 characters + if (c >= 0x20) { + s += (wchar_t)c;// String.fromCharCode(c); + address = address+2;//.add(2); + } + else { + // start command + if (c == 0x7) { + address = address+2;//.add(2); + //let cmd = address.readU16(); + auto cmd=*(uint16_t*)address; + address = address+2;//.add(2); // skip cmd + // voice id --> skip + if (cmd == 0x8) { + while ((c = *(uint16_t*)address) != 0) { + address = address+2;//.add(2); + } + address = address+2;//.add(2); + } + // end line --> return string + if (cmd == 0x6) { + return s; + } + // ruby + if (cmd == 0x1) { + while ((c = *(uint16_t*)address) != 0) { + // when we reach 0xa we have the kanji part + if (c == 0xa) { + address = address+2;//.add(2); + //let rubi = ''; + while ((c = *(uint16_t*)address) != 0) { + // rubi += String.fromCharCode(c); + address = address+2;//.add(2); + } + //console.log('rubi: ' + rubi); + break; + } + else { + s += (wchar_t)c;// String.fromCharCode(c); + address = address+2;//.add(2); + } + } + address = address+2;//.add(2); + } + } + else { + address = address+2;//.add(2); + } + } + } + return {}; + } + void textfun_light(hook_stack *stack, HookParam *hp, TextBuffer *buffer, uintptr_t *split){ + DWORD eax = stack->eax; + DWORD ecx=*(DWORD*)eax; + DWORD edx = stack->edx ; + auto str = readString(ecx+edx*2); + static std::wstring _ws; + if(_ws==str)return; + _ws=std::move(str); + *split=0; + buffer->from(_ws); + } + bool malie_light(){ + BYTE pattern[]={ + 0x8b,0x08,//往前两个字节,否则jump到下个指令(被hook截断)会崩溃 + 0x0f,XX,XX,XX,0x89,XX,XX,0x8d,XX,XX,0x89,XX,XX,0x8d,XX,XX,0x00,0x00,0x00,0x00 + }; + ULONG addr = MemDbg::findBytes(pattern, sizeof(pattern), processStartAddress, processStopAddress); + if (!addr) + return false; + HookParam hp{}; + hp.address=addr; + hp.text_fun=textfun_light; + hp.type=CODEC_UTF16|USING_STRING|NO_CONTEXT; + return NewHook(hp,"malie_6"); + + } + +} + +bool Malie::attach_function() { + bool embed=ScenarioHook::attach(processStartAddress,processStopAddress); + // if(embed)Patch::attachFont(processStartAddress,processStopAddress); 导致闪退,放弃 + auto b1= InsertMalieHook()||embed; + b1=malie_light()||b1; + return b1; +} \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine32/Malie.h b/cpp/LunaHook/LunaHook/engine32/Malie.h new file mode 100644 index 00000000..3de8b018 --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/Malie.h @@ -0,0 +1,11 @@ + + +class Malie:public ENGINE{ + public: + Malie(){ + + check_by=CHECK_BY::FILE_ANY; + check_by_target=check_by_list{L"Malie.ini",L"Malie.exe"}; + }; + bool attach_function(); +}; \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine32/MarineHeart.cpp b/cpp/LunaHook/LunaHook/engine32/MarineHeart.cpp new file mode 100644 index 00000000..b19e633f --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/MarineHeart.cpp @@ -0,0 +1,127 @@ +#include"MarineHeart.h" + + +/** + * jichi 4/19/2014: Marine Heart + * See: http://blgames.proboards.com/post/1984 + * http://www.yaoiotaku.com/forums/threads/11440-huge-bl-game-torrent + * + * Issue: The extracted text someitems has limited repetition + * TODO: It might be better to use FindCallAndEntryAbs for gdi32.CreateFontA? + * See how FindCallAndEntryAbs is used in Majiro. + * + * 妖恋愛奭�神サマ�堕し方/HS4*0@40D160 + * - addr: 4247904 = 0x40d160 + * - off: 4 + * - type: 9 + * + * Function starts + * 0040d160 /$ 55 push ebp ; jichi: hook here + * 0040d161 |. 8bec mov ebp,esp + * 0040d163 |. 83c4 90 add esp,-0x70 + * 0040d166 |. 33c0 xor eax,eax + * 0040d168 |. 53 push ebx + * 0040d169 |. 56 push esi + * 0040d16a |. 57 push edi + * 0040d16b |. 8b75 08 mov esi,dword ptr ss:[ebp+0x8] + * 0040d16e |. c745 cc 281e4800 mov dword ptr ss:[ebp-0x34],saisys.00481> + * 0040d175 |. 8965 d0 mov dword ptr ss:[ebp-0x30],esp + * 0040d178 |. c745 c8 d0d14700 mov dword ptr ss:[ebp-0x38], + * 0040d17f |. 66:c745 d4 0000 mov word ptr ss:[ebp-0x2c],0x0 + * 0040d185 |. 8945 e0 mov dword ptr ss:[ebp-0x20],eax + * 0040d188 |. 64:8b15 00000000 mov edx,dword ptr fs:[0] + * 0040d18f |. 8955 c4 mov dword ptr ss:[ebp-0x3c],edx + * 0040d192 |. 8d4d c4 lea ecx,dword ptr ss:[ebp-0x3c] + * 0040d195 |. 64:890d 00000000 mov dword ptr fs:[0],ecx + * 0040d19c |. 8b05 741c4800 mov eax,dword ptr ds:[0x481c74] + * 0040d1a2 |. 8945 bc mov dword ptr ss:[ebp-0x44],eax + * 0040d1a5 |. 8b05 781c4800 mov eax,dword ptr ds:[0x481c78] + * 0040d1ab |. 8945 c0 mov dword ptr ss:[ebp-0x40],eax + * 0040d1ae |. 8d46 24 lea eax,dword ptr ds:[esi+0x24] + * 0040d1b1 |. 8b56 14 mov edx,dword ptr ds:[esi+0x14] + * 0040d1b4 |. 8955 bc mov dword ptr ss:[ebp-0x44],edx + * 0040d1b7 |. 8b10 mov edx,dword ptr ds:[eax] + * 0040d1b9 |. 85d2 test edx,edx + * 0040d1bb |. 74 04 je short saisys.0040d1c1 + * 0040d1bd |. 8b08 mov ecx,dword ptr ds:[eax] + * 0040d1bf |. eb 05 jmp short saisys.0040d1c6 + * 0040d1c1 |> b9 9b1c4800 mov ecx,saisys.00481c9b + * 0040d1c6 |> 51 push ecx ; /facename + * 0040d1c7 |. 6a 01 push 0x1 ; |pitchandfamily = fixed_pitch|ff_dontcare + * 0040d1c9 |. 6a 03 push 0x3 ; |quality = 3. + * 0040d1cb |. 6a 00 push 0x0 ; |clipprecision = clip_default_precis + * 0040d1cd |. 6a 00 push 0x0 ; |outputprecision = out_default_precis + * 0040d1cf |. 68 80000000 push 0x80 ; |charset = 128. + * 0040d1d4 |. 6a 00 push 0x0 ; |strikeout = false + * 0040d1d6 |. 6a 00 push 0x0 ; |underline = false + * 0040d1d8 |. 6a 00 push 0x0 ; |italic = false + * 0040d1da |. 68 90010000 push 0x190 ; |weight = fw_normal + * 0040d1df |. 6a 00 push 0x0 ; |orientation = 0x0 + * 0040d1e1 |. 6a 00 push 0x0 ; |escapement = 0x0 + * 0040d1e3 |. 6a 00 push 0x0 ; |width = 0x0 + * 0040d1e5 |. 8b46 04 mov eax,dword ptr ds:[esi+0x4] ; | + * 0040d1e8 |. 50 push eax ; |height + * 0040d1e9 |. e8 00fa0600 call ; \createfonta + * 0040d1ee |. 8945 b8 mov dword ptr ss:[ebp-0x48],eax + * 0040d1f1 |. 8b55 b8 mov edx,dword ptr ss:[ebp-0x48] + * 0040d1f4 |. 85d2 test edx,edx + * 0040d1f6 |. 75 14 jnz short saisys.0040d20c + */ +bool InsertMarineHeartHook() +{ + // FIXME: Why this does not work?! + // jichi 6/3/2014: CreateFontA is only called once in this function + // 0040d160 /$ 55 push ebp ; jichi: hook here + // 0040d161 |. 8bec mov ebp,esp + //ULONG addr = Util::FindCallAndEntryAbs((DWORD)CreateFontA, processStopAddress - processStartAddress, processStartAddress, 0xec8b); + + const BYTE bytes[] = { + 0x51, // 0040d1c6 |> 51 push ecx ; /facename + 0x6a, 0x01, // 0040d1c7 |. 6a 01 push 0x1 ; |pitchandfamily = fixed_pitch|ff_dontcare + 0x6a, 0x03, // 0040d1c9 |. 6a 03 push 0x3 ; |quality = 3. + 0x6a, 0x00, // 0040d1cb |. 6a 00 push 0x0 ; |clipprecision = clip_default_precis + 0x6a, 0x00, // 0040d1cd |. 6a 00 push 0x0 ; |outputprecision = out_default_precis + 0x68, 0x80,0x00,0x00,0x00, // 0040d1cf |. 68 80000000 push 0x80 ; |charset = 128. + 0x6a, 0x00, // 0040d1d4 |. 6a 00 push 0x0 ; |strikeout = false + 0x6a, 0x00, // 0040d1d6 |. 6a 00 push 0x0 ; |underline = false + 0x6a, 0x00, // 0040d1d8 |. 6a 00 push 0x0 ; |italic = false + 0x68, 0x90,0x01,0x00,0x00, // 0040d1da |. 68 90010000 push 0x190 ; |weight = fw_normal + 0x6a, 0x00, // 0040d1df |. 6a 00 push 0x0 ; |orientation = 0x0 + 0x6a, 0x00, // 0040d1e1 |. 6a 00 push 0x0 ; |escapement = 0x0 + 0x6a, 0x00, // 0040d1e3 |. 6a 00 push 0x0 ; |width = 0x0 0x8b,0x46, 0x04, + 0x8b,0x46, 0x04, // 0040d1e5 |. 8b46 04 mov eax,dword ptr ds:[esi+0x4] ; | + 0x50, // 0040d1e8 |. 50 push eax ; |height + 0xe8//, 0x00,0xfa,0x06,0x00 // 0040d1e9 |. e8 00fa0600 call ; \createfonta + }; + enum { addr_offset = 0x0040d160 - 0x0040d1c6 }; // distance to the beginning of the function + ULONG range = min(processStopAddress - processStartAddress, MAX_REL_ADDR); + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStartAddress + range); + //GROWL_DWORD(reladdr); + if (!addr) { + ConsoleOutput("MarineHeart: pattern not found"); + return false; + } + + addr += addr_offset; + //addr = 0x40d160; + //GROWL_DWORD(addr); + enum : BYTE { push_ebp = 0x55 }; // 011d4c80 /$ 55 push ebp + if (*(BYTE *)addr != push_ebp) { + ConsoleOutput("MarineHeart: pattern found but the function offset is invalid"); + return false; + } + + HookParam hp; + hp.address = addr; + hp.offset=get_stack(1); + hp.type = USING_STRING|DATA_INDIRECT; // = 9 + + ConsoleOutput("INSERT MarineHeart"); + return NewHook(hp, "MarineHeart"); +} + + +bool MarineHeart::attach_function() { + + return InsertMarineHeartHook(); +} \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine32/MarineHeart.h b/cpp/LunaHook/LunaHook/engine32/MarineHeart.h new file mode 100644 index 00000000..9a721a6e --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/MarineHeart.h @@ -0,0 +1,14 @@ + + +class MarineHeart:public ENGINE{ + public: + MarineHeart(){ + + check_by=CHECK_BY::CUSTOM; + check_by_target=[](){ + return (wcsstr(processName, L"SAISYS") || Util::CheckFile(L"SaiSys.exe")); + + }; + }; + bool attach_function(); +}; \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine32/Mink.cpp b/cpp/LunaHook/LunaHook/engine32/Mink.cpp new file mode 100644 index 00000000..3cc5c3f4 --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/Mink.cpp @@ -0,0 +1,217 @@ +#include"Mink.h" +/** 12/23/2014 jichi: Mink games (not sure the engine name) + * Sample game: + * - [130111] [Mink EGO] お�ちも�にはぜったい言えなぁ�ぁ�つなこと�-- /HB-4*0:64@45164A + * - [141219] [Mink] しすた�・すきーむ3 + * + * Observations from sisters3: + * - GetGlyphOutlineA can get text, but it is cached. + * - It's caller's first argument is the correct text, but I failed to find where it is called + * - Debugging text in memory caused looping + * + * /HB-4*0:64@45164A + * - addr: 0x45164a + * - length_offset: 1 + * - split: 0x64 + * - off: 0xfffffff8 = -8 + * - type: 0x18 + * + * Observations from Onechan: + * - There are lots of threads + * - The one with -1 split value is correct, but not sure for all games + * - The result texts still contain garbage, but can be split using return values. + * + * 00451611 e9 ee000000 jmp .00451704 + * 00451616 8b45 0c mov eax,dword ptr ss:[ebp+0xc] + * 00451619 3bc3 cmp eax,ebx + * 0045161b 75 2b jnz short .00451648 + * 0045161d e8 a9340000 call .00454acb + * 00451622 53 push ebx + * 00451623 53 push ebx + * 00451624 53 push ebx + * 00451625 53 push ebx + * 00451626 53 push ebx + * 00451627 c700 16000000 mov dword ptr ds:[eax],0x16 + * 0045162d e8 16340000 call .00454a48 + * 00451632 83c4 14 add esp,0x14 + * 00451635 385d f4 cmp byte ptr ss:[ebp-0xc],bl + * 00451638 74 07 je short .00451641 + * 0045163a 8b45 f0 mov eax,dword ptr ss:[ebp-0x10] + * 0045163d 8360 70 fd and dword ptr ds:[eax+0x70],0xfffffffd + * 00451641 33c0 xor eax,eax + * 00451643 e9 bc000000 jmp .00451704 + * 00451648 3818 cmp byte ptr ds:[eax],bl + * 0045164a 75 14 jnz short .00451660 ; jichi: hook here + * 0045164c 385d f4 cmp byte ptr ss:[ebp-0xc],bl + * 0045164f 74 07 je short .00451658 + * 00451651 8b45 f0 mov eax,dword ptr ss:[ebp-0x10] + * 00451654 8360 70 fd and dword ptr ds:[eax+0x70],0xfffffffd + * 00451658 8b45 08 mov eax,dword ptr ss:[ebp+0x8] + * 0045165b e9 a4000000 jmp .00451704 + * 00451660 56 push esi + * 00451661 8b75 08 mov esi,dword ptr ss:[ebp+0x8] + * 00451664 3bf3 cmp esi,ebx + * 00451666 75 28 jnz short .00451690 + * 00451668 e8 5e340000 call .00454acb + * 0045166d 53 push ebx + * 0045166e 53 push ebx + * 0045166f 53 push ebx + * 00451670 53 push ebx + * 00451671 53 push ebx + * 00451672 c700 16000000 mov dword ptr ds:[eax],0x16 + * 00451678 e8 cb330000 call .00454a48 + * 0045167d 83c4 14 add esp,0x14 + * 00451680 385d f4 cmp byte ptr ss:[ebp-0xc],bl + * 00451683 74 07 je short .0045168c + * 00451685 8b45 f0 mov eax,dword ptr ss:[ebp-0x10] + * 00451688 8360 70 fd and dword ptr ds:[eax+0x70],0xfffffffd + * 0045168c 33c0 xor eax,eax + * 0045168e eb 73 jmp short .00451703 + * 00451690 57 push edi + * 00451691 50 push eax + * 00451692 8bfe mov edi,esi + * 00451694 e8 a7600000 call .00457740 + * 00451699 8975 f8 mov dword ptr ss:[ebp-0x8],esi + * 0045169c 2945 f8 sub dword ptr ss:[ebp-0x8],eax + * 0045169f 56 push esi + * 004516a0 e8 9b600000 call .00457740 + * 004516a5 0345 f8 add eax,dword ptr ss:[ebp-0x8] + * 004516a8 59 pop ecx + * 004516a9 59 pop ecx + * 004516aa 381e cmp byte ptr ds:[esi],bl + * 004516ac 74 46 je short .004516f4 + * 004516ae 2b75 0c sub esi,dword ptr ss:[ebp+0xc] + * 004516b1 3bf8 cmp edi,eax + * 004516b3 77 3f ja short .004516f4 + * 004516b5 8a17 mov dl,byte ptr ds:[edi] + * 004516b7 8b4d 0c mov ecx,dword ptr ss:[ebp+0xc] + * 004516ba 8855 ff mov byte ptr ss:[ebp-0x1],dl + * 004516bd 3ad3 cmp dl,bl + * 004516bf 74 11 je short .004516d2 + * 004516c1 8a11 mov dl,byte ptr ds:[ecx] + * 004516c3 3ad3 cmp dl,bl + * 004516c5 74 40 je short .00451707 + * 004516c7 38140e cmp byte ptr ds:[esi+ecx],dl + * 004516ca 75 06 jnz short .004516d2 + * 004516cc 41 inc ecx + * 004516cd 381c0e cmp byte ptr ds:[esi+ecx],bl + * 004516d0 ^75 ef jnz short .004516c1 + * 004516d2 3819 cmp byte ptr ds:[ecx],bl + * 004516d4 74 31 je short .00451707 + * 004516d6 0fb64d ff movzx ecx,byte ptr ss:[ebp-0x1] + * 004516da 8b55 ec mov edx,dword ptr ss:[ebp-0x14] + * 004516dd 8a4c11 1d mov cl,byte ptr ds:[ecx+edx+0x1d] + */ + +#if 0 // hook to the caller of dynamic GetGlyphOutlineA +/** + * @param addr function address + * @param frame real address of the function, supposed to be the same as addr + * @param stack address of current stack - 4 + * @return If suceess + */ +static bool InsertMinkDynamicHook(LPVOID fun, DWORD frame, DWORD stack) +{ + CC_UNUSED(frame); + if (fun != ::GetGlyphOutlineA) + return false; + DWORD addr = *(DWORD *)(stack + 4); + if (!addr) { + ConsoleOutput("Mink: missing function return addr, this should never happen"); + return true; + } + addr = MemDbg::findEnclosingAlignedFunction(addr, 0x200); // range is around 0x120 + if (!addr) { + ConsoleOutput("Mink: failed to caller address"); + return true; + } + + HookParam hp; + hp.address = addr; // hook to the beginning of the caller function + hp.offset =get_stack(1); + hp.type = CODEC_ANSI_BE; + return NewHook(hp, "Mink"); +} +#endif // 0 + +static void SpecialHookMink(hook_stack *stack, HookParam *hp, TextBuffer *buffer, uintptr_t *split) +{ + //DWORD addr = *(DWORD *)(esp_base + hp->offset); // default value + DWORD addr = stack->eax; + if (!IthGetMemoryRange((LPVOID)(addr), 0, 0)) + return; + DWORD ch = *(DWORD *)addr; + DWORD size = LeadByteTable[ch & 0xff]; // Slightly faster than IsDBCSLeadByte + if (size == 1 && ::ispunct(ch & 0xff)) // skip ascii punctuations, since garbage is like ":text:" + return; + + // Issue: still have lots of garbage + *split = stack->stack[25]; + //*split = *(DWORD *)(esp_base + 0x48); + buffer->from(&ch, size); +} + +bool InsertMinkHook() +{ + const BYTE bytes[] = { + 0x38,0x18, // 00451648 3818 cmp byte ptr ds:[eax],bl + 0x75, 0x14, // 0045164a 75 14 jnz short .00451660 ; jichi: hook here + 0x38,0x5d, 0xf4, // 0045164c 385d f4 cmp byte ptr ss:[ebp-0xc],bl + 0x74, 0x07, // 0045164f 74 07 je short .00451658 + 0x8b,0x45, 0xf0, // 00451651 8b45 f0 mov eax,dword ptr ss:[ebp-0x10] + 0x83,0x60, 0x70, 0xfd, // 00451654 8360 70 fd and dword ptr ds:[eax+0x70],0xfffffffd + 0x8b,0x45, 0x08 // 00451658 8b45 08 mov eax,dword ptr ss:[ebp+0x8] + }; + enum { addr_offset = 2 }; + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStopAddress); + //ULONG addr = 0x45164a; + //ULONG addr = 0x451648; + //ULONG addr = 0x4521a8; + //GROWL_DWORD(addr); + if (!addr) { + ConsoleOutput("Mink: pattern not found"); + return false; + } + + HookParam hp; + hp.address = addr + addr_offset; + hp.offset=get_reg(regs::eax); // -8 + hp.split = 0x64; + hp.type = USING_SPLIT|DATA_INDIRECT|USING_CHAR; // 0x18 + hp.text_fun = SpecialHookMink; + ConsoleOutput("INSERT Mink"); + return NewHook(hp, "Mink"); + + //ConsoleOutput("Mink: disable GDI hooks"); + // +} + +bool Mink2::attach_function() { + const BYTE pattern[] = { + //破談屋 + //https://vndb.org/v2719 + 0xF7,0xC7,0x03,0x00,0x00,0x00, + 0x75,XX, + 0xC1,0xE9,0x02, + 0x83,0xE2,0x03, + 0x83,0xF9,0x08, + 0x72,XX + }; + bool found=false; + for (auto addr : Util::SearchMemory(pattern, sizeof(pattern), PAGE_EXECUTE, processStartAddress, processStopAddress)) + { + addr = MemDbg::findEnclosingAlignedFunction(addr,0x100); + if (addr == 0)return false; + HookParam hp; + hp.address = addr; + hp.offset=get_stack(2); + hp.length_offset=3; + hp.type = USING_STRING; + found|=NewHook(hp, "Mink"); + } + return found; +} +bool Mink::attach_function() { + + return InsertMinkHook(); +} \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine32/Mink.h b/cpp/LunaHook/LunaHook/engine32/Mink.h new file mode 100644 index 00000000..c265d1ab --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/Mink.h @@ -0,0 +1,22 @@ + + +class Mink:public ENGINE{ + public: + Mink(){ + + check_by=CHECK_BY::FILE; + check_by_target=L"*.at2";//Mink, sample files: voice.at2, voice.det, voice.nme + }; + bool attach_function(); +}; + +class Mink2:public ENGINE{ + public: + Mink2(){ + + check_by=CHECK_BY::FILE; + check_by_target=L"Scr\\*.sc"; + is_engine_certain=false; + }; + bool attach_function(); +}; \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine32/Minori.cpp b/cpp/LunaHook/LunaHook/engine32/Minori.cpp new file mode 100644 index 00000000..a9e9ec72 --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/Minori.cpp @@ -0,0 +1,694 @@ +#include"Minori.h" + + +bool Minori1EngFilter(LPVOID data, size_t* size, HookParam*) +{ + auto text = reinterpret_cast(data); + auto len = reinterpret_cast(size); + StringCharReplacer(text, len, "\\n", 2, ' '); + StringFilter(text, len, "\\a", 2); + StringFilter(text, len, "\\v", 2); + CharReplacer(text, len, '\xC4', '-'); + CharReplacer(text, len, '\x93', '"'); + CharReplacer(text, len, '\x94', '"'); + CharReplacer(text, len, '\x92', '\''); + StringCharReplacer(text, len, "\\I", 2, '\''); + StringCharReplacer(text, len, "\\P", 2, '\''); + + return true; +} + +bool Minori1JapFilter(LPVOID data, size_t* size, HookParam*) +{ + auto text = reinterpret_cast(data); + auto len = reinterpret_cast(size); + StringFilter(text, len, "\\a", 2); + StringFilter(text, len, "\\v", 2); + StringFilter(text, len, "\\N", 2); + + if (cpp_strnstr(text, "{", *len)) { + StringFilterBetween(text, len, "{", 1, "}", 1); + } + + return true; +} + +bool InsertMinori1Hook() +{ + + /* + * Sample games: + * https://vndb.org/v19644 + * https://vndb.org/v12562 + */ + const BYTE bytes[] = { + 0x84, 0xC0, // test al,al << hook here + 0x0F, 0x85, XX4, // jne trinoline_en_AA.exe+243E1 + 0x68, XX4, // push trinoline_en_AA.exe+118BF8 << alt eng hook + 0x33, 0xFF // xor edi,edi + }; + enum { alt_addr_offset = 8 }; + + ULONG range = min(processStopAddress - processStartAddress, MAX_REL_ADDR); + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStartAddress + range); + if (!addr) { + ConsoleOutput("Minori1: pattern not found"); + return false; + } + + HookParam hp; + hp.address = addr; + hp.offset =get_reg(regs::edx); + hp.codepage = 932; + hp.type = USING_STRING; + hp.filter_fun = Minori1JapFilter; + ConsoleOutput(" INSERT Minori1"); + auto succ=NewHook(hp, "Minori1"); + + hp.address = addr + alt_addr_offset; + hp.filter_fun = Minori1EngFilter; + ConsoleOutput(" INSERT Minori1eng"); + succ|=NewHook(hp, "Minori1eng"); + + return succ; +} + +bool Minori2Filter(LPVOID data, size_t* size, HookParam*) +{ + auto text = reinterpret_cast(data); + auto len = reinterpret_cast(size); + StringCharReplacer(text, len, "\\n", 2, ' '); + + if (cpp_strnstr(text, "{", *len)) { + StringFilterBetween(text, len, "{", 1, "}", 1); + } + + return true; +} + +bool InsertMinori2Hook() +{ + + /* + * Sample games: + * https://vndb.org/v35 + */ + const BYTE bytes[] = { + 0x80, 0x38, 0x00, // cmp byte ptr [eax],00 << hook here + 0x0F, 0x84, XX4, // je WindRP.exe+2832A + 0xB8, 0x20, 0x03, 0x00, 0x00, // mov eax,00000320 + 0x89, 0x44, 0x24, 0x10, // mov [esp+10],eax + 0x89, 0x44, 0x24, 0x14, // mov [esp+14],eax + 0x8B, 0x47, 0x20 // mov eax,[edi+20] + }; + ULONG range = min(processStopAddress - processStartAddress, MAX_REL_ADDR); + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStartAddress + range); + if (!addr) { + ConsoleOutput("Minori2: pattern not found"); + return false; + } + + ConsoleOutput(" INSERT Minori2"); + HookParam hp; + hp.address = addr; + hp.offset=get_reg(regs::eax); + hp.type = USING_STRING; + hp.filter_fun = Minori2Filter; + ConsoleOutput(" INSERT Minori2"); + ConsoleOutput("Minori2: Please, set text to max speed"); + return NewHook(hp, "Minori2"); +} + +bool InsertMinoriHooks() +{ + return InsertMinori1Hook() || InsertMinori2Hook(); +} + +namespace { // unnamed +namespace ScenarioHook { +namespace Private { + /** + * Sample game: 12の月のイヴ + * Remove \tag and leading #. + */ + LPCSTR trim(LPCSTR text, int *size) + { + int length = *size; + // handle prefix + while (text[0] == '#' || text[0] == '@') { + text++; + length--; + } + while (text[0] == '\\' && ::isalpha(text[1])) { + text += 2; + length -= 2; + } + // handle suffix + while (length >= 2 && text[length - 2] == '\\' && ::isalpha(text[length - 1])) + length -= 2; + *size = length; + return text; + } + + /** + * Sample game: ソレヨリノ前奏詩 + * + * 013BEFAE CC INT3 + * 013BEFAF CC INT3 + * 013BEFB0 55 PUSH EBP + * 013BEFB1 8BEC MOV EBP,ESP + * 013BEFB3 6A FF PUSH -0x1 + * 013BEFB5 68 78654401 PUSH yorino_t.01446578 + * 013BEFBA 64:A1 00000000 MOV EAX,DWORD PTR FS:[0] + * 013BEFC0 50 PUSH EAX + * 013BEFC1 64:8925 00000000 MOV DWORD PTR FS:[0],ESP + * 013BEFC8 83EC 54 SUB ESP,0x54 + * 013BEFCB 53 PUSH EBX + * 013BEFCC 8B5D 08 MOV EBX,DWORD PTR SS:[EBP+0x8] + * 013BEFCF 56 PUSH ESI + * 013BEFD0 57 PUSH EDI + * 013BEFD1 8BF3 MOV ESI,EBX + * 013BEFD3 E8 68FFFFFF CALL yorino_t.013BEF40 + * 013BEFD8 8883 6C2A0000 MOV BYTE PTR DS:[EBX+0x2A6C],AL + * 013BEFDE 8B45 14 MOV EAX,DWORD PTR SS:[EBP+0x14] + * 013BEFE1 33F6 XOR ESI,ESI + * 013BEFE3 56 PUSH ESI + * 013BEFE4 50 PUSH EAX + * 013BEFE5 BF 0F000000 MOV EDI,0xF + * 013BEFEA 83C8 FF OR EAX,0xFFFFFFFF + * 013BEFED 8D4D BC LEA ECX,DWORD PTR SS:[EBP-0x44] + * 013BEFF0 897D D0 MOV DWORD PTR SS:[EBP-0x30],EDI + * 013BEFF3 8975 CC MOV DWORD PTR SS:[EBP-0x34],ESI + * 013BEFF6 C645 BC 00 MOV BYTE PTR SS:[EBP-0x44],0x0 + * 013BEFFA E8 313AFAFF CALL yorino_t.01362A30 ; jichi: name call + * 013BEFFF 8B4D 18 MOV ECX,DWORD PTR SS:[EBP+0x18] + * 013BF002 56 PUSH ESI + * 013BF003 8975 FC MOV DWORD PTR SS:[EBP-0x4],ESI + * 013BF006 51 PUSH ECX + * 013BF007 83C8 FF OR EAX,0xFFFFFFFF + * 013BF00A 8D4D D8 LEA ECX,DWORD PTR SS:[EBP-0x28] + * 013BF00D 897D EC MOV DWORD PTR SS:[EBP-0x14],EDI + * 013BF010 8975 E8 MOV DWORD PTR SS:[EBP-0x18],ESI + * 013BF013 C645 D8 00 MOV BYTE PTR SS:[EBP-0x28],0x0 + * 013BF017 E8 143AFAFF CALL yorino_t.01362A30 ; jichi: scenario call + * 013BF01C C645 FC 01 MOV BYTE PTR SS:[EBP-0x4],0x1 + * 013BF020 8B8B 7C2A0000 MOV ECX,DWORD PTR DS:[EBX+0x2A7C] + * 013BF026 3BCE CMP ECX,ESI + * 013BF028 74 1C JE SHORT yorino_t.013BF046 + * 013BF02A 8B11 MOV EDX,DWORD PTR DS:[ECX] + * 013BF02C 8B52 0C MOV EDX,DWORD PTR DS:[EDX+0xC] + * 013BF02F 8D45 BC LEA EAX,DWORD PTR SS:[EBP-0x44] + * 013BF032 50 PUSH EAX + * 013BF033 FFD2 CALL EDX + * 013BF035 8B8B 7C2A0000 MOV ECX,DWORD PTR DS:[EBX+0x2A7C] + * 013BF03B 8B01 MOV EAX,DWORD PTR DS:[ECX] + * 013BF03D 8B40 0C MOV EAX,DWORD PTR DS:[EAX+0xC] + * 013BF040 8D55 D8 LEA EDX,DWORD PTR SS:[EBP-0x28] + * 013BF043 52 PUSH EDX + * 013BF044 FFD0 CALL EAX + * 013BF046 8B8B 1C130000 MOV ECX,DWORD PTR DS:[EBX+0x131C] + * 013BF04C 8B7D 0C MOV EDI,DWORD PTR SS:[EBP+0xC] + * 013BF04F 3BCF CMP ECX,EDI + * 013BF051 0F95C0 SETNE AL + * 013BF054 C683 411A0000 00 MOV BYTE PTR DS:[EBX+0x1A41],0x0 + * 013BF05B 8845 08 MOV BYTE PTR SS:[EBP+0x8],AL + * 013BF05E 84C0 TEST AL,AL + * 013BF060 74 15 JE SHORT yorino_t.013BF077 + * 013BF062 3BCE CMP ECX,ESI + * 013BF064 7C 11 JL SHORT yorino_t.013BF077 + * 013BF066 8BB3 0C1A0000 MOV ESI,DWORD PTR DS:[EBX+0x1A0C] + * 013BF06C 85F6 TEST ESI,ESI + * 013BF06E 74 05 JE SHORT yorino_t.013BF075 + * 013BF070 E8 8B500100 CALL yorino_t.013D4100 + * 013BF075 33F6 XOR ESI,ESI + * 013BF077 56 PUSH ESI + * 013BF078 8D4D D8 LEA ECX,DWORD PTR SS:[EBP-0x28] + * 013BF07B 51 PUSH ECX + * 013BF07C 8D8B 00130000 LEA ECX,DWORD PTR DS:[EBX+0x1300] + * 013BF082 83C8 FF OR EAX,0xFFFFFFFF + * 013BF085 E8 A639FAFF CALL yorino_t.01362A30 + * 013BF08A 56 PUSH ESI + * 013BF08B 8D55 BC LEA EDX,DWORD PTR SS:[EBP-0x44] + * 013BF08E 52 PUSH EDX + * 013BF08F 8D8B 20130000 LEA ECX,DWORD PTR DS:[EBX+0x1320] + * 013BF095 83C8 FF OR EAX,0xFFFFFFFF + * 013BF098 89BB 1C130000 MOV DWORD PTR DS:[EBX+0x131C],EDI + * 013BF09E E8 8D39FAFF CALL yorino_t.01362A30 + * 013BF0A3 8B45 10 MOV EAX,DWORD PTR SS:[EBP+0x10] + * 013BF0A6 56 PUSH ESI + * 013BF0A7 50 PUSH EAX + * 013BF0A8 8D8B 3C130000 LEA ECX,DWORD PTR DS:[EBX+0x133C] + * 013BF0AE 83C8 FF OR EAX,0xFFFFFFFF + * 013BF0B1 E8 7A39FAFF CALL yorino_t.01362A30 + * 013BF0B6 8B15 00A74B01 MOV EDX,DWORD PTR DS:[0x14BA700] ; yorino_t.0146603C + * 013BF0BC 8B82 CC000000 MOV EAX,DWORD PTR DS:[EDX+0xCC] + * 013BF0C2 B9 00A74B01 MOV ECX,yorino_t.014BA700 + * 013BF0C7 FFD0 CALL EAX + * 013BF0C9 3BC6 CMP EAX,ESI + * 013BF0CB 7E 15 JLE SHORT yorino_t.013BF0E2 + * 013BF0CD 3983 CC290000 CMP DWORD PTR DS:[EBX+0x29CC],EAX + * 013BF0D3 7C 0D JL SHORT yorino_t.013BF0E2 + * 013BF0D5 8BCB MOV ECX,EBX + * 013BF0D7 E8 14650000 CALL yorino_t.013C55F0 + * 013BF0DC 89B3 CC290000 MOV DWORD PTR DS:[EBX+0x29CC],ESI + * 013BF0E2 8A45 1C MOV AL,BYTE PTR SS:[EBP+0x1C] + * 013BF0E5 8883 421A0000 MOV BYTE PTR DS:[EBX+0x1A42],AL + * 013BF0EB 84C0 TEST AL,AL + * 013BF0ED 75 1F JNZ SHORT yorino_t.013BF10E + * 013BF0EF 83BB A0120000 02 CMP DWORD PTR DS:[EBX+0x12A0],0x2 + * 013BF0F6 75 16 JNZ SHORT yorino_t.013BF10E + * 013BF0F8 89B3 A0120000 MOV DWORD PTR DS:[EBX+0x12A0],ESI + * 013BF0FE 8B15 00A74B01 MOV EDX,DWORD PTR DS:[0x14BA700] ; yorino_t.0146603C + * 013BF104 8B42 2C MOV EAX,DWORD PTR DS:[EDX+0x2C] + * 013BF107 B9 00A74B01 MOV ECX,yorino_t.014BA700 + * 013BF10C FFD0 CALL EAX + * 013BF10E 8B45 08 MOV EAX,DWORD PTR SS:[EBP+0x8] + * 013BF111 8B53 10 MOV EDX,DWORD PTR DS:[EBX+0x10] + * 013BF114 8B52 3C MOV EDX,DWORD PTR DS:[EDX+0x3C] + * 013BF117 6A 00 PUSH 0x0 + * 013BF119 6A 01 PUSH 0x1 + * 013BF11B 50 PUSH EAX + * 013BF11C 8D4D D8 LEA ECX,DWORD PTR SS:[EBP-0x28] + * 013BF11F 51 PUSH ECX + * 013BF120 8D45 BC LEA EAX,DWORD PTR SS:[EBP-0x44] + * 013BF123 50 PUSH EAX + * 013BF124 8D4B 10 LEA ECX,DWORD PTR DS:[EBX+0x10] + * 013BF127 FFD2 CALL EDX + * 013BF129 8B43 10 MOV EAX,DWORD PTR DS:[EBX+0x10] + * 013BF12C 8BB3 0C1A0000 MOV ESI,DWORD PTR DS:[EBX+0x1A0C] + * 013BF132 8945 1C MOV DWORD PTR SS:[EBP+0x1C],EAX + * 013BF135 8B83 141A0000 MOV EAX,DWORD PTR DS:[EBX+0x1A14] + * 013BF13B E8 204B0100 CALL yorino_t.013D3C60 + * 013BF140 8B55 1C MOV EDX,DWORD PTR SS:[EBP+0x1C] + * 013BF143 50 PUSH EAX + * 013BF144 8B42 4C MOV EAX,DWORD PTR DS:[EDX+0x4C] + * 013BF147 8BCF MOV ECX,EDI + * 013BF149 51 PUSH ECX + * 013BF14A 8D4B 10 LEA ECX,DWORD PTR DS:[EBX+0x10] + * 013BF14D FFD0 CALL EAX + * 013BF14F 8B53 10 MOV EDX,DWORD PTR DS:[EBX+0x10] + * 013BF152 8B42 78 MOV EAX,DWORD PTR DS:[EDX+0x78] + * 013BF155 8D4B 10 LEA ECX,DWORD PTR DS:[EBX+0x10] + * 013BF158 FFD0 CALL EAX + * 013BF15A 8BF3 MOV ESI,EBX + * 013BF15C 8983 64130000 MOV DWORD PTR DS:[EBX+0x1364],EAX + * 013BF162 E8 B9B0FFFF CALL yorino_t.013BA220 + * 013BF167 84C0 TEST AL,AL + * 013BF169 74 6D JE SHORT yorino_t.013BF1D8 + * 013BF16B 8B53 10 MOV EDX,DWORD PTR DS:[EBX+0x10] + * 013BF16E 8B42 40 MOV EAX,DWORD PTR DS:[EDX+0x40] + * 013BF171 6A 00 PUSH 0x0 + * 013BF173 6A 01 PUSH 0x1 + * 013BF175 8D4B 10 LEA ECX,DWORD PTR DS:[EBX+0x10] + * 013BF178 FFD0 CALL EAX + * 013BF17A E8 C1FDFFFF CALL yorino_t.013BEF40 + * 013BF17F 33C9 XOR ECX,ECX + * 013BF181 8BFB MOV EDI,EBX + * 013BF183 E8 C8B8FFFF CALL yorino_t.013BAA50 + * 013BF188 33FF XOR EDI,EDI + * 013BF18A 89BB 181A0000 MOV DWORD PTR DS:[EBX+0x1A18],EDI + * 013BF190 E8 3BF0FFFF CALL yorino_t.013BE1D0 + * 013BF195 68 78CB4401 PUSH yorino_t.0144CB78 + * 013BF19A 8D75 A0 LEA ESI,DWORD PTR SS:[EBP-0x60] + * 013BF19D C745 B4 0F000000 MOV DWORD PTR SS:[EBP-0x4C],0xF + * 013BF1A4 897D B0 MOV DWORD PTR SS:[EBP-0x50],EDI + * 013BF1A7 C645 A0 00 MOV BYTE PTR SS:[EBP-0x60],0x0 + * 013BF1AB E8 A065FAFF CALL yorino_t.01365750 + * 013BF1B0 C645 FC 02 MOV BYTE PTR SS:[EBP-0x4],0x2 + * 013BF1B4 8B53 10 MOV EDX,DWORD PTR DS:[EBX+0x10] + * 013BF1B7 8B52 6C MOV EDX,DWORD PTR DS:[EDX+0x6C] + * 013BF1BA 8D4B 10 LEA ECX,DWORD PTR DS:[EBX+0x10] + * 013BF1BD 6A 01 PUSH 0x1 + * 013BF1BF 8BC6 MOV EAX,ESI + * 013BF1C1 50 PUSH EAX + * 013BF1C2 FFD2 CALL EDX + * 013BF1C4 837D B4 10 CMP DWORD PTR SS:[EBP-0x4C],0x10 + * 013BF1C8 72 56 JB SHORT yorino_t.013BF220 + * 013BF1CA 8B45 A0 MOV EAX,DWORD PTR SS:[EBP-0x60] + * 013BF1CD 50 PUSH EAX + * 013BF1CE E8 28B50500 CALL yorino_t.0141A6FB + * 013BF1D3 83C4 04 ADD ESP,0x4 + * 013BF1D6 EB 48 JMP SHORT yorino_t.013BF220 + * 013BF1D8 8B7D 10 MOV EDI,DWORD PTR SS:[EBP+0x10] + * 013BF1DB C783 181A0000 04>MOV DWORD PTR DS:[EBX+0x1A18],0x4 + * 013BF1E5 837F 10 00 CMP DWORD PTR DS:[EDI+0x10],0x0 + * 013BF1E9 C705 64514801 00>MOV DWORD PTR DS:[0x1485164],0x0 + * 013BF1F3 76 2B JBE SHORT yorino_t.013BF220 + * 013BF1F5 8BF3 MOV ESI,EBX + * 013BF1F7 E8 D4EFFFFF CALL yorino_t.013BE1D0 + * 013BF1FC 8B15 00A74B01 MOV EDX,DWORD PTR DS:[0x14BA700] ; yorino_t.0146603C + * 013BF202 8B82 8C000000 MOV EAX,DWORD PTR DS:[EDX+0x8C] + * 013BF208 B9 00A74B01 MOV ECX,yorino_t.014BA700 + * 013BF20D FFD0 CALL EAX + * 013BF20F 84C0 TEST AL,AL + * 013BF211 75 0D JNZ SHORT yorino_t.013BF220 + * 013BF213 837F 10 00 CMP DWORD PTR DS:[EDI+0x10],0x0 + * 013BF217 76 07 JBE SHORT yorino_t.013BF220 + * 013BF219 57 PUSH EDI + * 013BF21A 53 PUSH EBX + * 013BF21B E8 A0EAFFFF CALL yorino_t.013BDCC0 + * 013BF220 BE 10000000 MOV ESI,0x10 + * 013BF225 C683 C8290000 00 MOV BYTE PTR DS:[EBX+0x29C8],0x0 + * 013BF22C 3975 EC CMP DWORD PTR SS:[EBP-0x14],ESI + * 013BF22F 72 0C JB SHORT yorino_t.013BF23D + * 013BF231 8B4D D8 MOV ECX,DWORD PTR SS:[EBP-0x28] + * 013BF234 51 PUSH ECX + * 013BF235 E8 C1B40500 CALL yorino_t.0141A6FB + * 013BF23A 83C4 04 ADD ESP,0x4 + * 013BF23D 3975 D0 CMP DWORD PTR SS:[EBP-0x30],ESI + * 013BF240 5F POP EDI + * 013BF241 5E POP ESI + * 013BF242 C745 EC 0F000000 MOV DWORD PTR SS:[EBP-0x14],0xF + * 013BF249 C745 E8 00000000 MOV DWORD PTR SS:[EBP-0x18],0x0 + * 013BF250 C645 D8 00 MOV BYTE PTR SS:[EBP-0x28],0x0 + * 013BF254 5B POP EBX + * 013BF255 72 0C JB SHORT yorino_t.013BF263 + * 013BF257 8B55 BC MOV EDX,DWORD PTR SS:[EBP-0x44] + * 013BF25A 52 PUSH EDX + * 013BF25B E8 9BB40500 CALL yorino_t.0141A6FB + * 013BF260 83C4 04 ADD ESP,0x4 + * 013BF263 8B4D F4 MOV ECX,DWORD PTR SS:[EBP-0xC] + * 013BF266 64:890D 00000000 MOV DWORD PTR FS:[0],ECX + * 013BF26D 8BE5 MOV ESP,EBP + * 013BF26F 5D POP EBP + * 013BF270 C2 1800 RETN 0x18 + * 013BF273 CC INT3 + * 013BF274 CC INT3 + * 013BF275 CC INT3 + * 013BF276 CC INT3 + * 013BF277 CC INT3 + * 013BF278 CC INT3 + * 013BF279 CC INT3 + * 013BF27A CC INT3 + * 013BF27B CC INT3 + * 013BF27C CC INT3 + * 013BF27D CC INT3 + * 013BF27E CC INT3 + * 013BF27F CC INT3 + * + * Sample text: + * 00C3091C 57 48 49 54 45 2E 70 6E 67 00 00 00 00 00 00 00 WHITE.png....... + * 00C3092C 09 00 00 00 0F 00 00 00 00 00 00 00 00 00 00 00 ............... + */ + TextUnionA *arg_, + argValue_; +std::unordered_mapaddr_role; + void hookBeforehookBefore(hook_stack *s, HookParam *hp, TextBuffer *buffer, uintptr_t *role) + { + static std::string data_; + //auto arg = (TextUnionA *)s->ecx; + auto arg = (TextUnionA *)s->stack[0]; // arg1 + if (!arg || !arg->isValid()) + return ; + auto text = arg->getText(); + if (all_ascii(text)) + return ; + int size = arg->size, + trimmedSize = size; + auto trimmedText = trim(text, &trimmedSize); + if (!trimmedSize || !*trimmedText) + return ; + //auto sig = Engine::hashThreadSignature(role, retaddr); + std::string oldData(trimmedText, trimmedSize); + auto retaddr=s->stack[0]; + *role=addr_role[retaddr]; + if (*role == Engine::NameRole) + strReplace(oldData,"\x81\x40", ""); // remove spaces in the middle of names + + buffer->from(oldData); + + } + void hookafter(hook_stack*s,void* data1, size_t len){ + std::string newData = std::string((LPSTR)data1,len); + auto arg = (TextUnionA *)s->stack[0]; // arg1 + auto text = arg->getText(); + int size = arg->size, + trimmedSize = size; + auto trimmedText = trim(text, &trimmedSize); + int prefixSize = trimmedText - text, + suffixSize = size - prefixSize - trimmedSize; + if (prefixSize) + newData.insert(0,std::string(text, prefixSize)); + if (suffixSize) + newData.append(trimmedText + trimmedSize, suffixSize); + arg_ = arg; + argValue_ = *arg; + static std::string data_; + data_ = newData; + arg->setText(data_); + } + void hookAfter(hook_stack *stack, HookParam *hp, TextBuffer *buffer, uintptr_t *split) + { + if (arg_) { + *arg_ = argValue_; + arg_ = nullptr; + } + } +} // namespace Private + +/** + * Sample game: ソレヨリノ前奏詩 + * arg1 is source, ecx is target. + * + * 01052A2D CC INT3 + * 01052A2E CC INT3 + * 01052A2F CC INT3 + * 01052A30 55 PUSH EBP + * 01052A31 8BEC MOV EBP,ESP + * 01052A33 53 PUSH EBX + * 01052A34 8B5D 0C MOV EBX,DWORD PTR SS:[EBP+0xC] + * 01052A37 56 PUSH ESI + * 01052A38 8BF1 MOV ESI,ECX ; jichi: ecx is target address? + * 01052A3A 8B4D 08 MOV ECX,DWORD PTR SS:[EBP+0x8] + * 01052A3D 57 PUSH EDI + * 01052A3E 8B79 10 MOV EDI,DWORD PTR DS:[ECX+0x10] ; jichi: source size + * 01052A41 3BFB CMP EDI,EBX + * 01052A43 73 0A JNB SHORT yorino_t.01052A4F + * 01052A45 68 88CA1301 PUSH yorino_t.0113CA88 ; ASCII "invalid string position" + * 01052A4A E8 337C0B00 CALL yorino_t.0110A682 + * 01052A4F 2BFB SUB EDI,EBX + * 01052A51 3BC7 CMP EAX,EDI + * 01052A53 0F42F8 CMOVB EDI,EAX + * 01052A56 3BF1 CMP ESI,ECX + * 01052A58 75 1D JNZ SHORT yorino_t.01052A77 + * 01052A5A 8D0C1F LEA ECX,DWORD PTR DS:[EDI+EBX] + * 01052A5D 83C8 FF OR EAX,0xFFFFFFFF + * 01052A60 E8 EBFCFFFF CALL yorino_t.01052750 + * 01052A65 8BC3 MOV EAX,EBX + * 01052A67 33C9 XOR ECX,ECX + * 01052A69 E8 E2FCFFFF CALL yorino_t.01052750 + * 01052A6E 5F POP EDI + * 01052A6F 8BC6 MOV EAX,ESI + * 01052A71 5E POP ESI + * 01052A72 5B POP EBX + * 01052A73 5D POP EBP + * 01052A74 C2 0800 RETN 0x8 + * 01052A77 83FF FE CMP EDI,-0x2 + * 01052A7A 76 0A JBE SHORT yorino_t.01052A86 + * 01052A7C 68 B4CA1301 PUSH yorino_t.0113CAB4 ; ASCII "string too long" + * 01052A81 E8 AF7B0B00 CALL yorino_t.0110A635 + * 01052A86 8B46 14 MOV EAX,DWORD PTR DS:[ESI+0x14] + * 01052A89 3BC7 CMP EAX,EDI + * 01052A8B 73 27 JNB SHORT yorino_t.01052AB4 + * 01052A8D 8B46 10 MOV EAX,DWORD PTR DS:[ESI+0x10] + * 01052A90 50 PUSH EAX + * 01052A91 57 PUSH EDI + * 01052A92 56 PUSH ESI + * 01052A93 E8 88FDFFFF CALL yorino_t.01052820 + * 01052A98 8B4D 08 MOV ECX,DWORD PTR SS:[EBP+0x8] + * 01052A9B 85FF TEST EDI,EDI + * 01052A9D 74 68 JE SHORT yorino_t.01052B07 + * 01052A9F B8 10000000 MOV EAX,0x10 + * 01052AA4 3941 14 CMP DWORD PTR DS:[ECX+0x14],EAX + * 01052AA7 72 02 JB SHORT yorino_t.01052AAB + * 01052AA9 8B09 MOV ECX,DWORD PTR DS:[ECX] + * 01052AAB 3946 14 CMP DWORD PTR DS:[ESI+0x14],EAX + * 01052AAE 72 2A JB SHORT yorino_t.01052ADA + * 01052AB0 8B06 MOV EAX,DWORD PTR DS:[ESI] + * 01052AB2 EB 28 JMP SHORT yorino_t.01052ADC + * 01052AB4 85FF TEST EDI,EDI + * 01052AB6 ^75 E7 JNZ SHORT yorino_t.01052A9F + * 01052AB8 897E 10 MOV DWORD PTR DS:[ESI+0x10],EDI + * 01052ABB 83F8 10 CMP EAX,0x10 + * 01052ABE 72 0E JB SHORT yorino_t.01052ACE + * 01052AC0 8B06 MOV EAX,DWORD PTR DS:[ESI] + * 01052AC2 5F POP EDI + * 01052AC3 C600 00 MOV BYTE PTR DS:[EAX],0x0 + * 01052AC6 8BC6 MOV EAX,ESI + * 01052AC8 5E POP ESI + * 01052AC9 5B POP EBX + * 01052ACA 5D POP EBP + * 01052ACB C2 0800 RETN 0x8 + * 01052ACE 5F POP EDI + * 01052ACF 8BC6 MOV EAX,ESI + * 01052AD1 5E POP ESI + * 01052AD2 C600 00 MOV BYTE PTR DS:[EAX],0x0 + * 01052AD5 5B POP EBX + * 01052AD6 5D POP EBP + * 01052AD7 C2 0800 RETN 0x8 + * 01052ADA 8BC6 MOV EAX,ESI ; jichi: esi is target address + * 01052ADC 57 PUSH EDI ; jichi: source size + * 01052ADD 03CB ADD ECX,EBX + * 01052ADF 51 PUSH ECX ; jichi: source + * 01052AE0 50 PUSH EAX ; jichi: target + * 01052AE1 E8 9AC80B00 CALL yorino_t.0110F380 ; jichi: called here + * 01052AE6 83C4 0C ADD ESP,0xC + * 01052AE9 837E 14 10 CMP DWORD PTR DS:[ESI+0x14],0x10 + * 01052AED 897E 10 MOV DWORD PTR DS:[ESI+0x10],EDI + * 01052AF0 72 0F JB SHORT yorino_t.01052B01 + * 01052AF2 8B06 MOV EAX,DWORD PTR DS:[ESI] + * 01052AF4 C60438 00 MOV BYTE PTR DS:[EAX+EDI],0x0 + * 01052AF8 5F POP EDI + * 01052AF9 8BC6 MOV EAX,ESI + * 01052AFB 5E POP ESI + * 01052AFC 5B POP EBX + * 01052AFD 5D POP EBP + * 01052AFE C2 0800 RETN 0x8 + * 01052B01 8BC6 MOV EAX,ESI + * 01052B03 C60438 00 MOV BYTE PTR DS:[EAX+EDI],0x0 + * 01052B07 5F POP EDI + * 01052B08 8BC6 MOV EAX,ESI + * 01052B0A 5E POP ESI + * 01052B0B 5B POP EBX + * 01052B0C 5D POP EBP + * 01052B0D C2 0800 RETN 0x8 + * 01052B10 6A 00 PUSH 0x0 + * 01052B12 50 PUSH EAX + * 01052B13 C746 14 0F000000 MOV DWORD PTR DS:[ESI+0x14],0xF + * 01052B1A C746 10 00000000 MOV DWORD PTR DS:[ESI+0x10],0x0 + * 01052B21 83C8 FF OR EAX,0xFFFFFFFF + * 01052B24 8BCE MOV ECX,ESI + * 01052B26 C606 00 MOV BYTE PTR DS:[ESI],0x0 + * 01052B29 E8 02FFFFFF CALL yorino_t.01052A30 + * 01052B2E 8BC6 MOV EAX,ESI + * 01052B30 C3 RETN + * 01052B31 CC INT3 + * 01052B32 CC INT3 + * 01052B33 CC INT3 + * 01052B34 CC INT3 + * 01052B35 CC INT3 + * 01052B36 CC INT3 + * 01052B37 CC INT3 + * 01052B38 CC INT3 + * 01052B39 CC INT3 + * 01052B3A CC INT3 + * 01052B3B CC INT3 + * 01052B3C CC INT3 + * + * 005CF5C4 01C17D68 + * 005CF5C8 00000026 + * 005CF5CC /005CF5EC + * 005CF5D0 |00172AE6 RETURN to yorino_t.00172AE6 from yorino_t.0022F380 + * 005CF5D4 |01C154F0 ; jichi: target text + * 005CF5D8 |01C15608 ; jcihi: source text + * 005CF5DC |00000026 ; jichi: source size + * 005CF5E0 |00000082 ; jichi: capacity? not sure + * 005CF5E4 |00000000 + * 005CF5E8 |01C16A68 + * 005CF5EC ]005CF668 + * 005CF5F0 |001CF08A RETURN to yorino_t.001CF08A from yorino_t.00172A30 + * 005CF5F4 |005CF640 + * 005CF5F8 |00000000 + * 005CF5FC |01C19500 + */ +bool attach(ULONG startAddress, ULONG stopAddress) +{ + const uint8_t bytes[] = { + 0x8b,0xc6, // 01052ada 8bc6 mov eax,esi ; jichi: esi is target address + 0x57, // 01052adc 57 push edi ; jichi: source size + 0x03,0xcb, // 01052add 03cb add ecx,ebx + 0x51, // 01052adf 51 push ecx ; jichi: source + 0x50 // 01052ae0 50 push eax ; jichi: target + //0xe8, XX4, // 01052ae1 e8 9ac80b00 call yorino_t.0110f380 ; jichi: called here + //0x83,0xc4, 0x0c // 01052ae6 83c4 0c add esp,0xc + }; + //enum { addr_offset = sizeof(bytes) - 8 }; + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), startAddress, stopAddress); + if (!addr) + return false; + addr = MemDbg::findEnclosingAlignedFunction(addr); + if (!addr) + return false; + //return winhook::hook_before(addr, Private::hookBefore); + + bool count = false; + auto fun = [&count](ULONG addr) -> bool { + // Sample game: ソレヨリノ前奏詩 + // 013BEFFA E8 313AFAFF CALL yorino_t.01362A30 ; jichi: name call + // 013BEFFF 8B4D 18 MOV ECX,DWORD PTR SS:[EBP+0x18] + // 013BF002 56 PUSH ESI + // 013BF003 8975 FC MOV DWORD PTR SS:[EBP-0x4],ESI + // 013BF006 51 PUSH ECX + // 013BF007 83C8 FF OR EAX,0xFFFFFFFF + // 013BF00A 8D4D D8 LEA ECX,DWORD PTR SS:[EBP-0x28] + // 013BF00D 897D EC MOV DWORD PTR SS:[EBP-0x14],EDI + // 013BF010 8975 E8 MOV DWORD PTR SS:[EBP-0x18],ESI + // 013BF013 C645 D8 00 MOV BYTE PTR SS:[EBP-0x28],0x0 + // 013BF017 E8 143AFAFF CALL yorino_t.01362A30 ; jichi: scenario call + // 013BF01C C645 FC 01 MOV BYTE PTR SS:[EBP-0x4],0x1 + // 013BF020 8B8B 7C2A0000 MOV ECX,DWORD PTR DS:[EBX+0x2A7C] + // 013BF026 3BCE CMP ECX,ESI + // + // Bad scenario to skip: + // + // 0035A9A3 C745 E4 0F000000 MOV DWORD PTR SS:[EBP-0x1C],0xF + // 0035A9AA C745 E0 00000000 MOV DWORD PTR SS:[EBP-0x20],0x0 + // 0035A9B1 C645 D0 00 MOV BYTE PTR SS:[EBP-0x30],0x0 + // 0035A9B5 -E9 4656D001 JMP 02060000 ; jichi: here + // 0035A9BA C645 FC 01 MOV BYTE PTR SS:[EBP-0x4],0x1 + // 0035A9BE 8B7D E0 MOV EDI,DWORD PTR SS:[EBP-0x20] + // 0035A9C1 83FF 01 CMP EDI,0x1 + // 0035A9C4 0F86 B0000000 JBE .0035AA7A + auto retaddr = addr + 5; + auto role = Engine::OtherRole; + switch (*(DWORD *)retaddr) { + case 0x56184d8b: + // 013BEFFF 8B4D 18 MOV ECX,DWORD PTR SS:[EBP+0x18] + // 013BF002 56 PUSH ESI + role = Engine::NameRole; + break; + case 0x01fc45c6: // 013BF01C C645 FC 01 MOV BYTE PTR SS:[EBP-0x4],0x1 + if (*(DWORD *)(retaddr - 5 - sizeof(DWORD)) == 0x00D845C6) { // previous instruction + role = Engine::ScenarioRole; + break; + } + default: return true; + } + Private::addr_role[retaddr]=role; + { + HookParam hp; + hp.address=addr; + hp.text_fun=Private::hookBeforehookBefore; + hp.hook_after=Private::hookafter; + hp.type=EMBED_ABLE|USING_STRING|EMBED_DYNA_SJIS|NO_CONTEXT; + hp.hook_font=F_GetGlyphOutlineA; + hp.filter_fun=[](void* data, size_t* len, HookParam* hp){ + + write_string_overwrite(data,len,std::regex_replace(std::string((char*)data,*len), std::regex("\\{.*?\\}"), "")); + return true; + + }; + count|=NewHook(hp,"EmbedMinori"); + } + { + HookParam hp; + hp.address=addr+5; + hp.text_fun=Private::hookAfter; + hp.hook_after=Private::hookafter; + count|=NewHook(hp,"EmbedMinori"); + } + return true; // replace all functions + }; + MemDbg::iterNearCallAddress(fun, addr, startAddress, stopAddress); + + return count; +} + +} // namespace ScenarioHook + +} // unnamed namespace + +bool Minori::attach_function() { + bool embed=ScenarioHook::attach(processStartAddress,processStopAddress); + return InsertMinoriHooks()||embed; +} \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine32/Minori.h b/cpp/LunaHook/LunaHook/engine32/Minori.h new file mode 100644 index 00000000..dc1da5ff --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/Minori.h @@ -0,0 +1,12 @@ + + +class Minori:public ENGINE{ + public: + Minori(){ + + check_by=CHECK_BY::FILE; + check_by_target=L"*.paz"; + is_engine_certain=false; + }; + bool attach_function(); +}; \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine32/NNNConfig.cpp b/cpp/LunaHook/LunaHook/engine32/NNNConfig.cpp new file mode 100644 index 00000000..745dd488 --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/NNNConfig.cpp @@ -0,0 +1,52 @@ +#include "NNNConfig.h" +bool NNNConfig::attach_function() +{ + // blackcyc + // 夢幻廻廊 + // 復讐の女仕官ハイネ ~肢体に刻まれる淫欲のプログラム~ + // https://vndb.org/v24955 + const BYTE bytes[] = { + 0x68, 0xE8, 0x03, 0x00, 0x00, 0x6a, 0x00}; + auto addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStopAddress); + if (addr == 0) + return false; + + addr = addr + sizeof(bytes); + for (int i = 0; i < 5; i++) + { + if (*(BYTE *)addr == 0xe8) + { + addr += 1; + break; + } + addr += 1; + } + uintptr_t offset = *(uintptr_t *)(addr); + uintptr_t funcaddr = offset + addr + 4; + const BYTE check[] = {0x83, 0xEC, 0x1C}; + auto checkoffset = MemDbg::findBytes(check, sizeof(check), funcaddr, funcaddr + 0x20); + + if (checkoffset == 0) + offset = get_stack(5); + else + offset = get_stack(6); + HookParam hp; + hp.address = funcaddr; + hp.offset = offset; + hp.type = USING_STRING; + hp.text_fun = [](hook_stack *stack, HookParam *hp, TextBuffer *buffer, uintptr_t *split) + { + // 当前文本可以过滤重复,上一条文本会按照换行符切分不停刷新。 + auto data=stack->stack[hp->offset/4]; + static std::unordered_map everythreadlast; + if (everythreadlast.find(stack->retaddr) == everythreadlast.end()) + everythreadlast[stack->retaddr] = ""; + auto thisstr = std::string((char *)data); + if (everythreadlast[stack->retaddr] == thisstr) + return; + everythreadlast[stack->retaddr] = thisstr; + auto len = everythreadlast[stack->retaddr].size(); + buffer->from(data, len); + }; + return NewHook(hp, "NNNhook"); +} \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine32/NNNConfig.h b/cpp/LunaHook/LunaHook/engine32/NNNConfig.h new file mode 100644 index 00000000..411fea39 --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/NNNConfig.h @@ -0,0 +1,30 @@ + + +class NNNConfig : public ENGINE +{ +public: + NNNConfig() + { + + check_by = CHECK_BY::FILE; + check_by_target = L"nnnConfig2.exe"; + is_engine_certain = false; + }; + bool attach_function(); +}; + +class gazelle : public NNNConfig +{ +public: + gazelle() + { + // https://vndb.org/v6180 + // 海の女神 空の女神 + check_by = CHECK_BY::CUSTOM; + check_by_target = []() + { + return Util::CheckFile(L"nnndir/*.txt"); + }; + is_engine_certain = false; + }; +}; \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine32/NeXAS.cpp b/cpp/LunaHook/LunaHook/engine32/NeXAS.cpp new file mode 100644 index 00000000..f9b58d33 --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/NeXAS.cpp @@ -0,0 +1,498 @@ +#include "NeXAS.h" + +/** jichi 7/6/2014 NeXAS + * Sample game: BALDRSKYZERO EXTREME + * + * Call graph: + * - GetGlyphOutlineA x 2 functions + * - Caller 503620: char = [arg1 + 0x1a8] + * - Caller: 500039, 4ffff0 + * edi = [esi+0x1a0] # stack size 4x3 + * arg1 = eax = [edi] + * + * 0050361f cc int3 + * 00503620 /$ 55 push ebp + * 00503621 |. 8bec mov ebp,esp + * 00503623 |. 83e4 f8 and esp,0xfffffff8 + * 00503626 |. 64:a1 00000000 mov eax,dword ptr fs:[0] + * 0050362c |. 6a ff push -0x1 + * 0050362e |. 68 15815900 push bszex.00598115 + * 00503633 |. 50 push eax + * 00503634 |. 64:8925 000000>mov dword ptr fs:[0],esp + * 0050363b |. 81ec 78010000 sub esp,0x178 + * 00503641 |. 53 push ebx + * 00503642 |. 8b5d 08 mov ebx,dword ptr ss:[ebp+0x8] + * 00503645 |. 80bb ed010000 >cmp byte ptr ds:[ebx+0x1ed],0x0 + * 0050364c |. 56 push esi + * 0050364d |. 57 push edi + * 0050364e |. 0f85 6e0b0000 jnz bszex.005041c2 + * 00503654 |. 8db3 a8010000 lea esi,dword ptr ds:[ebx+0x1a8] + * 0050365a |. c683 ed010000 >mov byte ptr ds:[ebx+0x1ed],0x1 + * 00503661 |. 837e 14 10 cmp dword ptr ds:[esi+0x14],0x10 + * 00503665 |. 72 04 jb short bszex.0050366b + * 00503667 |. 8b06 mov eax,dword ptr ds:[esi] + * 00503669 |. eb 02 jmp short bszex.0050366d + * 0050366b |> 8bc6 mov eax,esi + * 0050366d |> 8038 20 cmp byte ptr ds:[eax],0x20 + * 00503670 |. 0f84 ef0a0000 je bszex.00504165 + * 00503676 |. b9 fcc97400 mov ecx,bszex.0074c9fc + * 0050367b |. 8bfe mov edi,esi + * 0050367d |. e8 2e20f1ff call bszex.004156b0 + * 00503682 |. 84c0 test al,al + * 00503684 |. 0f85 db0a0000 jnz bszex.00504165 + * 0050368a |. 8b93 38010000 mov edx,dword ptr ds:[ebx+0x138] + * 00503690 |. 33c0 xor eax,eax + * 00503692 |. 3bd0 cmp edx,eax + * 00503694 |. 0f84 8d0a0000 je bszex.00504127 + * 0050369a |. 8b8b 3c010000 mov ecx,dword ptr ds:[ebx+0x13c] + * 005036a0 |. 3bc8 cmp ecx,eax + * 005036a2 |. 0f84 7f0a0000 je bszex.00504127 + * 005036a8 |. 894424 40 mov dword ptr ss:[esp+0x40],eax + * 005036ac |. 894424 44 mov dword ptr ss:[esp+0x44],eax + * 005036b0 |. 894424 48 mov dword ptr ss:[esp+0x48],eax + * 005036b4 |. 898424 8c01000>mov dword ptr ss:[esp+0x18c],eax + * 005036bb |. 33ff xor edi,edi + * 005036bd |. 66:897c24 60 mov word ptr ss:[esp+0x60],di + * 005036c2 |. bf 01000000 mov edi,0x1 + * 005036c7 |. 66:897c24 62 mov word ptr ss:[esp+0x62],di + * 005036cc |. 33ff xor edi,edi + * 005036ce |. 66:897c24 64 mov word ptr ss:[esp+0x64],di + * 005036d3 |. 66:897c24 66 mov word ptr ss:[esp+0x66],di + * 005036d8 |. 66:897c24 68 mov word ptr ss:[esp+0x68],di + * 005036dd |. 66:897c24 6a mov word ptr ss:[esp+0x6a],di + * 005036e2 |. 66:897c24 6c mov word ptr ss:[esp+0x6c],di + * 005036e7 |. bf 01000000 mov edi,0x1 + * 005036ec |. 66:897c24 6e mov word ptr ss:[esp+0x6e],di + * 005036f1 |. 894424 0c mov dword ptr ss:[esp+0xc],eax + * 005036f5 |. 894424 10 mov dword ptr ss:[esp+0x10],eax + * 005036f9 |. 3883 ec010000 cmp byte ptr ds:[ebx+0x1ec],al + * 005036ff |. 0f84 39010000 je bszex.0050383e + * 00503705 |. c78424 f000000>mov dword ptr ss:[esp+0xf0],bszex.00780e> + * 00503710 |. 898424 3001000>mov dword ptr ss:[esp+0x130],eax + * 00503717 |. 898424 1001000>mov dword ptr ss:[esp+0x110],eax + * 0050371e |. 898424 1401000>mov dword ptr ss:[esp+0x114],eax + * 00503725 |. c68424 8c01000>mov byte ptr ss:[esp+0x18c],0x1 + * 0050372d |. 837e 14 10 cmp dword ptr ds:[esi+0x14],0x10 + * 00503731 |. 72 02 jb short bszex.00503735 + * 00503733 |. 8b36 mov esi,dword ptr ds:[esi] + * 00503735 |> 51 push ecx + * 00503736 |. 52 push edx + * 00503737 |. 56 push esi + * 00503738 |. 8d8424 ec00000>lea eax,dword ptr ss:[esp+0xec] + * 0050373f |. 68 00ca7400 push bszex.0074ca00 ; ascii "gaiji%s%02d%02d.fil" + * 00503744 |. 50 push eax + * 00503745 |. e8 cec6f7ff call bszex.0047fe18 + * 0050374a |. 83c4 14 add esp,0x14 + * 0050374d |. 8d8c24 e000000>lea ecx,dword ptr ss:[esp+0xe0] + * 00503754 |. 51 push ecx ; /arg1 + * 00503755 |. 8d8c24 9400000>lea ecx,dword ptr ss:[esp+0x94] ; | + * 0050375c |. e8 dfeaefff call bszex.00402240 ; \bszex.00402240 + * 00503761 |. 6a 00 push 0x0 ; /arg4 = 00000000 + * 00503763 |. 8d9424 9400000>lea edx,dword ptr ss:[esp+0x94] ; | + * 0050376a |. c68424 9001000>mov byte ptr ss:[esp+0x190],0x2 ; | + * 00503772 |. a1 a8a78200 mov eax,dword ptr ds:[0x82a7a8] ; | + * 00503777 |. 52 push edx ; |arg3 + * 00503778 |. 50 push eax ; |arg2 => 00000000 + * 00503779 |. 8d8c24 fc00000>lea ecx,dword ptr ss:[esp+0xfc] ; | + * 00503780 |. 51 push ecx ; |arg1 + * 00503781 |. e8 2a0dfeff call bszex.004e44b0 ; \bszex.004e44b0 + * 00503786 |. 84c0 test al,al + * 00503788 |. 8d8c24 9000000>lea ecx,dword ptr ss:[esp+0x90] + * 0050378f |. 0f95c3 setne bl + * 00503792 |. c68424 8c01000>mov byte ptr ss:[esp+0x18c],0x1 + * 0050379a |. e8 a1baf1ff call bszex.0041f240 + * 0050379f |. 84db test bl,bl + * 005037a1 |. 74 40 je short bszex.005037e3 + * 005037a3 |. 8db424 f000000>lea esi,dword ptr ss:[esp+0xf0] + * 005037aa |. e8 6106feff call bszex.004e3e10 + * 005037af |. 8bd8 mov ebx,eax + * 005037b1 |. 895c24 0c mov dword ptr ss:[esp+0xc],ebx + * 005037b5 |. e8 5606feff call bszex.004e3e10 + * 005037ba |. 8bf8 mov edi,eax + * 005037bc |. 0faffb imul edi,ebx + * 005037bf |. 894424 10 mov dword ptr ss:[esp+0x10],eax + * 005037c3 |. 8bc7 mov eax,edi + * 005037c5 |. 8d7424 40 lea esi,dword ptr ss:[esp+0x40] + * 005037c9 |. e8 e219f1ff call bszex.004151b0 + * 005037ce |. 8b5424 40 mov edx,dword ptr ss:[esp+0x40] + * 005037d2 |. 52 push edx ; /arg1 + * 005037d3 |. 8bc7 mov eax,edi ; | + * 005037d5 |. 8db424 f400000>lea esi,dword ptr ss:[esp+0xf4] ; | + * 005037dc |. e8 8f03feff call bszex.004e3b70 ; \bszex.004e3b70 + * 005037e1 |. eb 10 jmp short bszex.005037f3 + * 005037e3 |> 8d8424 e000000>lea eax,dword ptr ss:[esp+0xe0] + * 005037ea |. 50 push eax + * 005037eb |. e8 60c5f2ff call bszex.0042fd50 + * 005037f0 |. 83c4 04 add esp,0x4 + * 005037f3 |> 8b5c24 10 mov ebx,dword ptr ss:[esp+0x10] + * 005037f7 |. 8b7c24 40 mov edi,dword ptr ss:[esp+0x40] + * 005037fb |. 8bcb mov ecx,ebx + * 005037fd |. 0faf4c24 0c imul ecx,dword ptr ss:[esp+0xc] + * 00503802 |. 33c0 xor eax,eax + * 00503804 |. 85c9 test ecx,ecx + * 00503806 |. 7e 09 jle short bszex.00503811 + * 00503808 |> c02c07 02 /shr byte ptr ds:[edi+eax],0x2 + * 0050380c |. 40 |inc eax + * 0050380d |. 3bc1 |cmp eax,ecx + * 0050380f |.^7c f7 \jl short bszex.00503808 + * 00503811 |> 8b4d 08 mov ecx,dword ptr ss:[ebp+0x8] + * 00503814 |. 33c0 xor eax,eax + * 00503816 |. 8db424 f000000>lea esi,dword ptr ss:[esp+0xf0] + * 0050381d |. 8981 dc010000 mov dword ptr ds:[ecx+0x1dc],eax + * 00503823 |. 8981 e0010000 mov dword ptr ds:[ecx+0x1e0],eax + * 00503829 |. c78424 f000000>mov dword ptr ss:[esp+0xf0],bszex.00780e> + * 00503834 |. e8 4702feff call bszex.004e3a80 + * 00503839 |. e9 68010000 jmp bszex.005039a6 + * 0050383e |> 8b0d 08a58200 mov ecx,dword ptr ds:[0x82a508] + * 00503844 |. 51 push ecx ; /hwnd => null + * 00503845 |. ff15 d4e26f00 call dword ptr ds:[<&user32.getdc>] ; \getdc + * 0050384b |. 68 50b08200 push bszex.0082b050 ; /facename = "" + * 00503850 |. 6a 00 push 0x0 ; |pitchandfamily = default_pitch|ff_dontcare + * 00503852 |. 6a 02 push 0x2 ; |quality = proof_quality + * 00503854 |. 6a 00 push 0x0 ; |clipprecision = clip_default_precis + * 00503856 |. 6a 07 push 0x7 ; |outputprecision = out_tt_only_precis + * 00503858 |. 68 80000000 push 0x80 ; |charset = 128. + * 0050385d |. 6a 00 push 0x0 ; |strikeout = false + * 0050385f |. 6a 00 push 0x0 ; |underline = false + * 00503861 |. 8bf8 mov edi,eax ; | + * 00503863 |. 8b83 38010000 mov eax,dword ptr ds:[ebx+0x138] ; | + * 00503869 |. 6a 00 push 0x0 ; |italic = false + * 0050386b |. 68 84030000 push 0x384 ; |weight = fw_heavy + * 00503870 |. 99 cdq ; | + * 00503871 |. 6a 00 push 0x0 ; |orientation = 0x0 + * 00503873 |. 2bc2 sub eax,edx ; | + * 00503875 |. 8b93 3c010000 mov edx,dword ptr ds:[ebx+0x13c] ; | + * 0050387b |. 6a 00 push 0x0 ; |escapement = 0x0 + * 0050387d |. d1f8 sar eax,1 ; | + * 0050387f |. 50 push eax ; |width + * 00503880 |. 52 push edx ; |height + * 00503881 |. ff15 48e06f00 call dword ptr ds:[<&gdi32.createfonta>] ; \createfonta + * 00503887 |. 50 push eax ; /hobject + * 00503888 |. 57 push edi ; |hdc + * 00503889 |. 894424 30 mov dword ptr ss:[esp+0x30],eax ; | + * 0050388d |. ff15 4ce06f00 call dword ptr ds:[<&gdi32.selectobject>>; \selectobject + * 00503893 |. 894424 1c mov dword ptr ss:[esp+0x1c],eax + * 00503897 |. 8d8424 4801000>lea eax,dword ptr ss:[esp+0x148] + * 0050389e |. 50 push eax ; /ptextmetric + * 0050389f |. 57 push edi ; |hdc + * 005038a0 |. ff15 50e06f00 call dword ptr ds:[<&gdi32.gettextmetric>; \gettextmetricsa + * 005038a6 |. 837e 14 10 cmp dword ptr ds:[esi+0x14],0x10 + * 005038aa |. 72 02 jb short bszex.005038ae + * 005038ac |. 8b36 mov esi,dword ptr ds:[esi] + * 005038ae |> 56 push esi ; /arg1 + * 005038af |. e8 deccf7ff call bszex.00480592 ; \bszex.00480592 + * 005038b4 |. 83c4 04 add esp,0x4 + * 005038b7 |. 8d4c24 60 lea ecx,dword ptr ss:[esp+0x60] + * 005038bb |. 51 push ecx ; /pmat2 + * 005038bc |. 6a 00 push 0x0 ; |buffer = null + * 005038be |. 6a 00 push 0x0 ; |bufsize = 0x0 + * 005038c0 |. 8d9424 d800000>lea edx,dword ptr ss:[esp+0xd8] ; | + * 005038c7 |. 52 push edx ; |pmetrics + * 005038c8 |. 6a 06 push 0x6 ; |format = ggo_gray8_bitmap + * 005038ca |. 50 push eax ; |char + * 005038cb |. 57 push edi ; |hdc + * 005038cc |. 894424 30 mov dword ptr ss:[esp+0x30],eax ; | + * 005038d0 |. ff15 54e06f00 call dword ptr ds:[<&gdi32.getglyphoutli>; \getglyphoutlinea + * 005038d6 |. 8bd8 mov ebx,eax + * 005038d8 |. 85db test ebx,ebx + * 005038da |. 0f84 d5070000 je bszex.005040b5 + * 005038e0 |. 83fb ff cmp ebx,-0x1 + * 005038e3 |. 0f84 cc070000 je bszex.005040b5 + * 005038e9 |. 8d7424 40 lea esi,dword ptr ss:[esp+0x40] + * 005038ed |. e8 be18f1ff call bszex.004151b0 + * 005038f2 |. 8b4c24 40 mov ecx,dword ptr ss:[esp+0x40] + * 005038f6 |. 8d4424 60 lea eax,dword ptr ss:[esp+0x60] + * 005038fa |. 50 push eax ; /pmat2 + * 005038fb |. 8b4424 18 mov eax,dword ptr ss:[esp+0x18] ; | + * 005038ff |. 51 push ecx ; |buffer + * 00503900 |. 53 push ebx ; |bufsize + * 00503901 |. 8d9424 d800000>lea edx,dword ptr ss:[esp+0xd8] ; | + * 00503908 |. 52 push edx ; |pmetrics + * 00503909 |. 6a 06 push 0x6 ; |format = ggo_gray8_bitmap + * 0050390b |. 50 push eax ; |char + * 0050390c |. 57 push edi ; |hdc + * 0050390d |. ff15 54e06f00 call dword ptr ds:[<&gdi32.getglyphoutli>; \getglyphoutlinea + * 00503913 |. 8b4c24 1c mov ecx,dword ptr ss:[esp+0x1c] + * 00503917 |. 51 push ecx ; /hobject + * 00503918 |. 57 push edi ; |hdc + * 00503919 |. ff15 4ce06f00 call dword ptr ds:[<&gdi32.selectobject>>; \selectobject + * 0050391f |. 8b15 08a58200 mov edx,dword ptr ds:[0x82a508] + * 00503925 |. 57 push edi ; /hdc + * 00503926 |. 52 push edx ; |hwnd => null + * 00503927 |. ff15 a4e26f00 call dword ptr ds:[<&user32.releasedc>] ; \releasedc + * 0050392d |. 8b4424 28 mov eax,dword ptr ss:[esp+0x28] + * 00503931 |. 50 push eax ; /hobject + * 00503932 |. ff15 58e06f00 call dword ptr ds:[<&gdi32.deleteobject>>; \deleteobject + * 00503938 |. 8bb424 cc00000>mov esi,dword ptr ss:[esp+0xcc] + * 0050393f |. 8b8c24 d000000>mov ecx,dword ptr ss:[esp+0xd0] + * 00503946 |. 83c6 03 add esi,0x3 + * 00503949 |. 81e6 fcff0000 and esi,0xfffc + * 0050394f |. 8bd1 mov edx,ecx + * 00503951 |. 0fafd6 imul edx,esi + * 00503954 |. 897424 0c mov dword ptr ss:[esp+0xc],esi + * 00503958 |. 894c24 10 mov dword ptr ss:[esp+0x10],ecx + * 0050395c |. 3bda cmp ebx,edx + * 0050395e |. 74 1a je short bszex.0050397a + */ +bool InsertNeXASHookA() +{ + // There are two GetGlyphOutlineA, both of which seem to have the same texts + ULONG addr = MemDbg::findCallAddress((ULONG)::GetGlyphOutlineA, processStartAddress, processStopAddress); + if (!addr) + return false; + BYTE sig[] = { + /* + .text:00467841 cmp dword ptr [esi+18h], 10h + .text:00467845 jb short loc_46784C + .text:00467847 mov esi, [esi+4] + .text:0046784A jmp short loc_46784F + .text:0046784C ; --------------------------------------------------------------------------- + .text:0046784C + .text:0046784C loc_46784C: ; CODE XREF: sub_467540+305↑j + .text:0046784C add esi, 4 + .text:0046784F + .text:0046784F loc_46784F: ; CODE XREF: sub_467540+30A↑j + .text:0046784F push esi ; String + .text:00467850 call __mbsnextc + */ + /* + if ( *(_DWORD *)(v1 + 288) < 0x10u ) + v9 = (const unsigned __int8 *)(v1 + 268); + else + v9 = *(const unsigned __int8 **)(v1 + 268); + uChara = _mbsnextc(v9); + GlyphOutlineA = GetGlyphOutlineA(DC, uChara, 6u, &gm, 0, 0, &mat2); + */ + 0x83, 0x7E, 0x18, 0x10, + 0x72, 0x05, + 0x8B, 0x76, 0x04, + 0xEB, 0x03, + 0x83, 0xC6, 0x04, + 0x56, + 0xE8, XX4}; + auto addr2 = reverseFindBytes(sig, sizeof(sig), addr - 0x40, addr); + if (addr2) + { + addr2 = MemDbg::findEnclosingAlignedFunction(addr2); + if (addr2) + { + HookParam hp; + hp.address = addr2; + hp.text_fun = [](hook_stack *stack, HookParam *hp, TextBuffer *buffer, uintptr_t *split) + { + auto v1 = stack->ecx; + const unsigned __int8 *v9; + if (*(DWORD *)(v1 + 288) < 0x10u) + v9 = (const unsigned __int8 *)(v1 + 268); + else + v9 = *(const unsigned __int8 **)(v1 + 268); + + buffer->from_cs((char*)v9); + }; + if (NewHook(hp, "NeXAS_1")) + return true; + } + } + + // BALDR HEART + BYTE sig2[] = { + 0x72, 0x02, + 0x8b, 0x00, + 0x50, + 0x8d, 0x8d, 0x00, 0xfc, 0xff, 0xff, + 0x68, 0x00, 0x04, 0x00, 0x00, + 0x51, + 0xe8, XX4}; + auto addrx = MemDbg::findBytes(sig2, sizeof(sig2), processStartAddress, processStopAddress); + if (addrx) + { + HookParam hp; + hp.address = addrx + sizeof(sig2) - 5; + hp.offset = get_reg(regs::eax); + hp.type = USING_STRING; + hp.newlineseperator = L"@n"; + hp.filter_fun = [](LPVOID data, size_t *size, HookParam *) + { + auto s = std::string((char *)data, *size); + s = std::regex_replace(s, std::regex("@r(.*?)@(.*?)@"), "$1"); + s = std::regex_replace(s, std::regex("@v\\d{8}"), ""); + s = std::regex_replace(s, std::regex("@k"), ""); + s = std::regex_replace(s, std::regex("@g"), ""); + s = std::regex_replace(s, std::regex("@d"), ""); + return write_string_overwrite(data, size, s); + }; + if (NewHook(hp, "NeXAS3")) + return true; + } + // DWORD GetGlyphOutline( + // _In_ HDC hdc, + // _In_ UINT uChar, + // _In_ UINT uFormat, + // _Out_ LPGLYPHMETRICS lpgm, + // _In_ DWORD cbBuffer, + // _Out_ LPVOID lpvBuffer, + // _In_ const MAT2 *lpmat2 + // ); + + HookParam hp; + // hp.address = (DWORD)::GetGlyphOutlineA; + hp.address = addr; + // hp.type = USING_STRING|USING_SPLIT; + hp.type = CODEC_ANSI_BE | NO_CONTEXT | USING_SPLIT; + hp.offset = get_stack(1); + + // Either lpgm or lpmat2 are good choices + hp.split = get_stack(3); + // hp.split = arg7_lpmat2; // = 0x18, arg7 + + ConsoleOutput("INSERT NeXAS"); + return NewHook(hp, "NeXAS"); +} +struct nexassomeinfo +{ + DWORD off1, off2; + DWORD split; +}; +bool InsertNeXASHookW() +{ + //[240926][1287246][エンターグラム] 制服カノジョ まよいごエンゲージ DL版 (files) + // char sig[] = "Gaiji%s%02d%02d.fil";或者也可以找所有的push这个的地址 + auto addrs = findiatcallormov_all((DWORD)GetGlyphOutlineW, processStartAddress, processStartAddress, processStopAddress, PAGE_EXECUTE); + bool succ = false; + for (auto addr1 : addrs) + { + auto addr = MemDbg::findEnclosingAlignedFunction(addr1); + if (!addr) + continue; + BYTE check[] = { + 0x83, XX, XX4, 0x10, // cmp dword ptr [edi+0BCh], 10h; XX4:0xbc, 0x00, 0x00, 0x00 + 0x8d, XX, XX4, // lea edx, [edi+0A8h], XX4:0xa8, 0x00, 0x00, 0x00 + 0x89, XX, XX, + 0x72, 0x06, + 0x8b, XX, XX4, // mov edx, [edi+0A8h], XX4:0xa8, 0x00, 0x00, 0x00 + + }; + auto addrx = MemDbg::findBytes(check, sizeof(check), addr, addr1); + if (!addrx) + continue; + HookParam hp; + hp.address = addr; + hp.type = USING_STRING | CODEC_UTF8; // utf8编码的单字符 + hp.user_value = (DWORD) new nexassomeinfo{*(DWORD *)(addrx + 2), *(DWORD *)(addrx + 9), 0}; + hp.text_fun = [](hook_stack *stack, HookParam *hp, TextBuffer *buffer, uintptr_t *split) + { + /* + v17 = *(_DWORD *)(this + 188) < 0x10u; + v18 = (const CHAR *)(this + 168); + h = v16; + if ( !v17 ) + v18 = *(const CHAR **)(this + 168); + sub_42A120(v34, v18, *(_DWORD *)(this + 184));//utf8转utf16 + */ + auto v1 = stack->ecx; + const unsigned __int8 *v9; + auto off1 = ((nexassomeinfo *)hp->user_value)->off1; // 188,0xbc + auto off2 = ((nexassomeinfo *)hp->user_value)->off2; // 168,0xa8 + if (*(DWORD *)(v1 + off1) < 0x10u) + v9 = (const unsigned __int8 *)(v1 + off2); + else + v9 = *(const unsigned __int8 **)(v1 + off2); + + buffer->from_cs((char*)v9); + if (((nexassomeinfo *)hp->user_value)->split == 0) + ((nexassomeinfo *)hp->user_value)->split = stack->stack[1]; + *split = std::abs((long long)((nexassomeinfo *)hp->user_value)->split - (long long)stack->stack[1]) < 0x10; + // 文本会被分成两个线程,原因未知。人名线程是比文本小很多的,两个文本线程离得很近 + // 不能不分,不分会导致沾到一起。 + }; + succ |= NewHook(hp, "NeXASW"); + } + return succ; +} +namespace +{ + bool _2() + { + // 飛ぶ山羊はさかさまの木の夢を見るか + BYTE bs[] = { + 0x8B, 0x56, 0x68, + 0x8a, 0x04, 0x3a, + 0x8d, 0x0c, 0x3a, + 0x33, 0xdb, + 0x3c, 0x40}; + auto addr = MemDbg::findBytes(bs, sizeof(bs), processStartAddress, processStopAddress); + if (addr == 0) + return 0; + HookParam hp; + hp.address = addr + 9; + hp.type = DATA_INDIRECT; + hp.index = 0; + hp.offset = get_reg(regs::ecx); + hp.filter_fun = [](LPVOID data, size_t *size, HookParam *) + { + auto text = reinterpret_cast(data); + if (text[0] == '@') + { + return false; + } + return true; + }; + + return NewHook(hp, "NeXAS2"); + } +} +namespace +{ + bool _3() + { + // 真剣で私に恋しなさい!A-5 + char atv[] = "@v"; + auto aV = MemDbg::findBytes(atv, sizeof(atv), processStartAddress, processStopAddress); + if (!aV) + return false; + aV = MemDbg::findBytes(atv, sizeof(atv), aV + 1, processStopAddress); // 第一个是历史,第二个才是当前文本 + if (!aV) + return false; + auto addr = MemDbg::findPushAddress(aV, processStartAddress, processStopAddress); + if (addr == 0) + return 0; + addr = MemDbg::findEnclosingAlignedFunction(addr); + if (addr == 0) + return 0; + HookParam hp; + hp.address = addr; + hp.type = USING_STRING; + hp.text_fun = [](hook_stack *stack, HookParam *hp, TextBuffer *buffer, uintptr_t *split) + { + auto a2 = (TextUnionA *)stack->stack[1]; // std::string* + buffer->from_cs(a2->getText()); + }; + hp.filter_fun = [](void *data, size_t *len, HookParam *hp) + { + auto s = std::string((char *)data, *len); + if (startWith(s, "@")) + { + if (startWith(s, "@v")) + { + // S001_L1_0001 + s = std::regex_replace(s, std::regex("@v[a-zA-Z0-9]{4}_[a-zA-Z0-9]{2}_[a-zA-Z0-9]{4}"), ""); + return write_string_overwrite(data, len, s); + } + else + { + return false; + } + } + + return true; + }; + hp.newlineseperator = L"@n"; + return NewHook(hp, "NeXAS3"); + } +} + +bool NeXAS::attach_function() +{ + auto _ = _2() || _3(); + return InsertNeXASHookA() || InsertNeXASHookW() || _; +} \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine32/NeXAS.h b/cpp/LunaHook/LunaHook/engine32/NeXAS.h new file mode 100644 index 00000000..8a9898b0 --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/NeXAS.h @@ -0,0 +1,17 @@ + + +class NeXAS : public ENGINE +{ +public: + NeXAS() + { + + is_engine_certain = false; + check_by = CHECK_BY::CUSTOM; + check_by_target = []() + { + return Util::SearchResourceString(L"NeXAS") || (Util::CheckFile(L"*.pac") && (Util::CheckFile(L"Thumbnail.pac") || Util::CheckFile(L"Thumbnail5.pac"))); + }; + }; + bool attach_function(); +}; diff --git a/cpp/LunaHook/LunaHook/engine32/Nekopack.cpp b/cpp/LunaHook/LunaHook/engine32/Nekopack.cpp new file mode 100644 index 00000000..68d315d5 --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/Nekopack.cpp @@ -0,0 +1,60 @@ +#include"Nekopack.h" + + +/** + * mireado 8/01/2016: Add NekoPack hook + * + * See: http://sakuradite.com/topic/1470 + * https://arallab.hided.net/board_codetalk/2605967 + * + * [Pure More] 少女アクティビティ_trial 1.01 + * + * base: 0x4000000 + * binary pattern :: 558BEC81C4C4FDFFFFB8 + */ + +bool InsertNekopackHook() +{ + const BYTE bytes[] = { + 0x55, // 0069637C /$ 55 PUSH EBP + 0x8b,0xec, // 0069637D |. 8BEC MOV EBP,ESP + 0x81,0xc4, 0xC4,0xFD,0xFF,0xFF, // 0069637F |. 81C4 C4FDFFFF ADD ESP,-23C + 0xb8, XX4, // 00696385 |. B8 A8FF7900 MOV EAX,OFFSET 0079FFA8 + 0x53, // 0069638A |. 53 PUSH EBX + 0x56, // 0069638B |. 56 PUSH ESI + 0x57, // 0069638C |. 57 PUSH EDI + 0x8b,0x5d, 0x08 // 0069638D |. 8B5D 08 MOV EBX,DWORD PTR SS:[ARG.1] + }; + ULONG range = min(processStopAddress - processStartAddress, MAX_REL_ADDR); + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStartAddress + range); + enum { addr_offset = 0 }; // distance to the beginning of the function, which is 0x55 (push ebp) + //GROWL(reladdr); + if (!addr) { + ConsoleOutput("NekoPack: pattern not found"); + return false; + } + addr += addr_offset; + //GROWL(addr); + enum { push_ebp = 0x55 }; // beginning of the function + if (*(BYTE *)addr != push_ebp) { + ConsoleOutput("NekoPack: beginning of the function not found"); + return false; + } + + HookParam hp; + hp.address = addr; + hp.offset=get_stack(2); + hp.type = USING_STRING; + + ConsoleOutput("INSERT NekoPack"); + return NewHook(hp, "NekoPack"); + + // Disable GDIHook(um.. ?), which is cached and hence missing characters. + //ConsoleOutput("NekoPack: disable GDI hooks"); + // +} + +bool Nekopack::attach_function() { + + return InsertNekopackHook(); +} \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine32/Nekopack.h b/cpp/LunaHook/LunaHook/engine32/Nekopack.h new file mode 100644 index 00000000..84d6801e --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/Nekopack.h @@ -0,0 +1,12 @@ + + +class Nekopack:public ENGINE{ + public: + Nekopack(){ + + check_by=CHECK_BY::FILE; + check_by_target=L"*.dat"; + is_engine_certain=false; + }; + bool attach_function(); +}; \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine32/Nexton.cpp b/cpp/LunaHook/LunaHook/engine32/Nexton.cpp new file mode 100644 index 00000000..cecc1042 --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/Nexton.cpp @@ -0,0 +1,1022 @@ +#include"Nexton.h" +/** + * jichi 9/5/2013: NEXTON games with aInfo.db + * Sample games: + * - /HA-C@4D69E:InnocentBullet.exe (イノセントバレッ�) + * - /HA-C@40414C:ImoutoBancho.exe (妹番長) + * + * See: http://ja.wikipedia.org/wiki/ネクストン + * See (CaoNiMaGeBi): http://tieba.baidu.com/p/2576241908 + * + * Old: + * md5 = 85ac031f2539e1827d9a1d9fbde4023d + * hcode = /HA-C@40414C:ImoutoBancho.exe + * - addr: 4211020 (0x40414c) + * - module: 1051997988 (0x3eb43724) + * - length_offset: 1 + * - off: 4294967280 (0xfffffff0) = -0x10 + * - split: 0 + * - type: 68 (0x44) + * + * New (11/7/2013): + * /HA-20:4@583DE:MN2.EXE (NEW) + * - addr: 361438 (0x583de) + * - module: 3436540819 + * - length_offset: 1 + * - off: 4294967260 (0xffffffdc) = -0x24 + * - split: 4 + * - type: 84 (0x54) + */ + +bool InsertNextonHook() +{ +#if 0 + // 0x8944241885c00f84 + const BYTE bytes[] = { + //0xe8 //??,??,??,??, 00804147 e8 24d90100 call imoutoba.00821a70 + 0x89,0x44,0x24, 0x18, // 0080414c 894424 18 mov dword ptr ss:[esp+0x18],eax; hook here + 0x85,0xc0, // 00804150 85c0 test eax,eax + 0x0f,0x84 // 00804152 ^0f84 c0feffff je imoutoba.00804018 + }; + //enum { addr_offset = 0 }; + ULONG addr = processStartAddress; //- sizeof(bytes); + do { + addr += sizeof(bytes); // ++ so that each time return diff address + ULONG range = min(processStopAddress - addr, MAX_REL_ADDR); + addr = MemDbg::findBytes(bytes, sizeof(bytes), addr, addr + range); + if (!addr) { + ConsoleOutput("NEXTON: pattern not exist"); + return false; + } + + //const BYTE hook_ins[] = { + // 0x57, // 00804144 57 push edi + // 0x8b,0xc3, // 00804145 8bc3 mov eax,ebx + // 0xe8 //??,??,??,??, 00804147 e8 24d90100 call imoutoba.00821a70 + //}; + } while(0xe8c38b57 != *(DWORD *)(addr - 8)); +#endif // 0 + const BYTE bytes[] = { + 0x57, // 0044d696 57 push edi + 0x8b,0xc3, // 0044d697 8bc3 mov eax,ebx + 0xe8, XX4, // 0044d699 e8 6249fdff call .00422000 + 0x89,0x44,0x24, 0x18, // 0044d69e 894424 18 mov dword ptr ss:[esp+0x18],eax ; jichi: this is the ith hook point + 0x85,0xc0, // 0044d6a2 85c0 test eax,eax + 0x0f,0x84 //c2feffff // 0044d6a4 ^0f84 c2feffff je .0044d56c + }; + enum { addr_offset = 0x0044d69e - 0x0044d696 }; // = 8 + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStopAddress); + if (!addr) { + ConsoleOutput("NEXTON: pattern not exist"); + return false; + } + + + HookParam hp; + hp.address = addr + addr_offset; + //hp.type = CODEC_ANSI_BE; // 4 + + // 魔王のくせに生イキ�っ �今度は性戦ぽ // CheatEngine search for byte array: 8944241885C00F84 + //addr = 0x4583de; // wrong + //addr = 0x5460ba; + //addr = 0x5f3d8a; + //addr = 0x768776; + //addr = 0x7a5319; + + hp.offset=get_reg(regs::edi); + hp.split=get_stack(1); + hp.type = CODEC_ANSI_BE|USING_SPLIT; // 0x54 + + // Indirect is needed for new games, + // Such as: /HA-C*0@4583DE for 「魔王のくせに生イキ�っ��� //hp.type = CODEC_ANSI_BE|DATA_INDIRECT; // 12 + //hp.type = CODEC_UTF16; + //GROWL_DWORD3(addr, -hp.offset, hp.type); + + ConsoleOutput("INSERT NEXTON"); + return NewHook(hp, "NEXTON"); + + //ConsoleOutput("NEXTON: disable GDI hooks"); // There are no GDI functions hooked though + // // disable GetGlyphOutlineA +} + +namespace { // unnamed +namespace ScenarioHook { +namespace Private { + /** + * Scenario caller: + * 0047D555 8BCE MOV ECX,ESI + * 0047D557 FFD0 CALL EAX + * 0047D559 8B4D 08 MOV ECX,DWORD PTR SS:[EBP+0x8] + * 0047D55C 51 PUSH ECX + * 0047D55D 8BCE MOV ECX,ESI + * 0047D55F E8 ECFDFCFF CALL .0044D350 ; jichi: scenario called here + * 0047D564 A1 0C839800 MOV EAX,DWORD PTR DS:[0x98830C] + * 0047D569 C746 38 00000000 MOV DWORD PTR DS:[ESI+0x38],0x0 + * 0047D570 8BB7 20040000 MOV ESI,DWORD PTR DS:[EDI+0x420] + * 0047D576 8B50 14 MOV EDX,DWORD PTR DS:[EAX+0x14] + * 0047D579 2B50 10 SUB EDX,DWORD PTR DS:[EAX+0x10] + * 0047D57C 8D78 10 LEA EDI,DWORD PTR DS:[EAX+0x10] + * 0047D57F C1FA 02 SAR EDX,0x2 + * 0047D582 3BF2 CMP ESI,EDX + * 0047D584 72 05 JB SHORT .0047D58B + * 0047D586 E8 091C0300 CALL .004AF194 + * 0047D58B 8B07 MOV EAX,DWORD PTR DS:[EDI] + * 0047D58D 8B34B0 MOV ESI,DWORD PTR DS:[EAX+ESI*4] + * 0047D590 8B16 MOV EDX,DWORD PTR DS:[ESI] + * 0047D592 8B42 04 MOV EAX,DWORD PTR DS:[EDX+0x4] + * 0047D595 8BCE MOV ECX,ESI + * 0047D597 FFD0 CALL EAX + * 0047D599 8B4D 0C MOV ECX,DWORD PTR SS:[EBP+0xC] + * 0047D59C 51 PUSH ECX + * 0047D59D 8BCE MOV ECX,ESI + * 0047D59F E8 ACFDFCFF CALL .0044D350 ; jichi: name called here + * 0047D5A4 5F POP EDI + * 0047D5A5 5E POP ESI + * 0047D5A6 5B POP EBX + * 0047D5A7 8BE5 MOV ESP,EBP + * 0047D5A9 5D POP EBP + * 0047D5AA C2 0800 RETN 0x8 + * 0047D5AD CC INT3 + * 0047D5AE CC INT3 + * 0047D5AF CC INT3 + * + * History: + * + * 0047C054 50 PUSH EAX + * 0047C055 8BCF MOV ECX,EDI + * 0047C057 E8 F412FDFF CALL .0044D350 ; jichi: name history called here + * 0047C05C 46 INC ESI + * 0047C05D 3B7424 14 CMP ESI,DWORD PTR SS:[ESP+0x14] + * 0047C061 ^0F82 EAFEFFFF JB .0047BF51 + * 0047C067 8B4C24 20 MOV ECX,DWORD PTR SS:[ESP+0x20] + * 0047C06B 3BF1 CMP ESI,ECX + * 0047C06D 0F83 A7000000 JNB .0047C11A + * 0047C073 EB 0B JMP SHORT .0047C080 + * 0047C075 8DA424 00000000 LEA ESP,DWORD PTR SS:[ESP] + * 0047C07C 8D6424 00 LEA ESP,DWORD PTR SS:[ESP] + * 0047C080 8B8B 483A0000 MOV ECX,DWORD PTR DS:[EBX+0x3A48] + * 0047C086 2B8B 443A0000 SUB ECX,DWORD PTR DS:[EBX+0x3A44] + * 0047C08C C1F9 03 SAR ECX,0x3 + * 0047C08F 3BF1 CMP ESI,ECX + * 0047C091 72 05 JB SHORT .0047C098 + * + * 0045BFCF 53 PUSH EBX + * 0045BFD0 53 PUSH EBX + * 0045BFD1 E8 15670500 CALL .004B26EB ; jichi: scenario history called here + * 0045BFD6 8BC6 MOV EAX,ESI + * 0045BFD8 8B4D F4 MOV ECX,DWORD PTR SS:[EBP-0xC] + * 0045BFDB 64:890D 00000000 MOV DWORD PTR FS:[0],ECX + * 0045BFE2 59 POP ECX + * 0045BFE3 5F POP EDI + * 0045BFE4 5E POP ESI + * 0045BFE5 5B POP EBX + * 0045BFE6 8BE5 MOV ESP,EBP + * 0045BFE8 5D POP EBP + * 0045BFE9 C3 RETN + * 0045BFEA CC INT3 + */ + void hookBefore(hook_stack *s, HookParam *hp, TextBuffer *buffer, uintptr_t *role) + { + static std::string data_; + auto text = (LPCSTR)s->stack[1]; // arg1 + if (!text || !*text) + return ; + * role = Engine::OtherRole; + auto retaddr = s->stack[0]; + BYTE ins = *(BYTE *)retaddr; + if (ins == 0xa1) // 0047D564 A1 0C839800 MOV EAX,DWORD PTR DS:[0x98830C] + *role = Engine::ScenarioRole; + else if (ins == 0x5f) // 0047D5A4 5F POP EDI + *role = Engine::NameRole; + + buffer->from_cs(text); + } +} // namespace Private + +/** + * Sample game: Innocent Bullet + * + * Name/Scenario/History are translated in different callers. + * + * 0044D34D CC INT3 + * 0044D34E CC INT3 + * 0044D34F CC INT3 + * 0044D350 55 PUSH EBP + * 0044D351 8BEC MOV EBP,ESP + * 0044D353 83E4 F8 AND ESP,0xFFFFFFF8 + * 0044D356 6A FF PUSH -0x1 + * 0044D358 68 30B88800 PUSH .0088B830 + * 0044D35D 64:A1 00000000 MOV EAX,DWORD PTR FS:[0] + * 0044D363 50 PUSH EAX + * 0044D364 81EC B0000000 SUB ESP,0xB0 + * 0044D36A A1 50569600 MOV EAX,DWORD PTR DS:[0x965650] + * 0044D36F 33C4 XOR EAX,ESP + * 0044D371 898424 A8000000 MOV DWORD PTR SS:[ESP+0xA8],EAX + * 0044D378 53 PUSH EBX + * 0044D379 56 PUSH ESI + * 0044D37A 57 PUSH EDI + * 0044D37B A1 50569600 MOV EAX,DWORD PTR DS:[0x965650] + * 0044D380 33C4 XOR EAX,ESP + * 0044D382 50 PUSH EAX + * 0044D383 8D8424 C0000000 LEA EAX,DWORD PTR SS:[ESP+0xC0] + * 0044D38A 64:A3 00000000 MOV DWORD PTR FS:[0],EAX + * 0044D390 8B45 08 MOV EAX,DWORD PTR SS:[EBP+0x8] + * 0044D393 8BF1 MOV ESI,ECX + * 0044D395 8B16 MOV EDX,DWORD PTR DS:[ESI] + * 0044D397 894424 38 MOV DWORD PTR SS:[ESP+0x38],EAX + * 0044D39B 8B42 04 MOV EAX,DWORD PTR DS:[EDX+0x4] + * 0044D39E 897424 34 MOV DWORD PTR SS:[ESP+0x34],ESI + * 0044D3A2 FFD0 CALL EAX + * 0044D3A4 68 60244200 PUSH .00422460 + * 0044D3A9 B9 EC769800 MOV ECX,.009876EC + * 0044D3AE E8 FD41FDFF CALL .004215B0 + * 0044D3B3 8B3D F4769800 MOV EDI,DWORD PTR DS:[0x9876F4] + * 0044D3B9 8B47 30 MOV EAX,DWORD PTR DS:[EDI+0x30] + * 0044D3BC 2B47 2C SUB EAX,DWORD PTR DS:[EDI+0x2C] + * 0044D3BF 8B5E 04 MOV EBX,DWORD PTR DS:[ESI+0x4] + * 0044D3C2 83C7 20 ADD EDI,0x20 + * 0044D3C5 33C9 XOR ECX,ECX + * 0044D3C7 83C4 04 ADD ESP,0x4 + * 0044D3CA C1F8 02 SAR EAX,0x2 + * 0044D3CD 3BD9 CMP EBX,ECX + * 0044D3CF 7C 24 JL SHORT .0044D3F5 + * 0044D3D1 3BC3 CMP EAX,EBX + * 0044D3D3 7E 20 JLE SHORT .0044D3F5 + * 0044D3D5 8B57 10 MOV EDX,DWORD PTR DS:[EDI+0x10] + * 0044D3D8 2B57 0C SUB EDX,DWORD PTR DS:[EDI+0xC] + * 0044D3DB C1FA 02 SAR EDX,0x2 + * 0044D3DE 3BDA CMP EBX,EDX + * 0044D3E0 72 07 JB SHORT .0044D3E9 + * 0044D3E2 E8 AD1D0600 CALL .004AF194 + * 0044D3E7 33C9 XOR ECX,ECX + * 0044D3E9 8B47 0C MOV EAX,DWORD PTR DS:[EDI+0xC] + * 0044D3EC 8B1498 MOV EDX,DWORD PTR DS:[EAX+EBX*4] + * 0044D3EF 895424 1C MOV DWORD PTR SS:[ESP+0x1C],EDX + * 0044D3F3 EB 04 JMP SHORT .0044D3F9 + * 0044D3F5 894C24 1C MOV DWORD PTR SS:[ESP+0x1C],ECX + * 0044D3F9 8B4424 1C MOV EAX,DWORD PTR SS:[ESP+0x1C] + * 0044D3FD D9EE FLDZ + * 0044D3FF 83C0 34 ADD EAX,0x34 + * 0044D402 D95C24 14 FSTP DWORD PTR SS:[ESP+0x14] + * 0044D406 894424 4C MOV DWORD PTR SS:[ESP+0x4C],EAX + * 0044D40A 8B00 MOV EAX,DWORD PTR DS:[EAX] + * 0044D40C 894424 18 MOV DWORD PTR SS:[ESP+0x18],EAX + * 0044D410 DB4424 18 FILD DWORD PTR SS:[ESP+0x18] + * 0044D414 85C0 TEST EAX,EAX + * 0044D416 7D 06 JGE SHORT .0044D41E + * 0044D418 D805 D05C9100 FADD DWORD PTR DS:[0x915CD0] + * 0044D41E 894C24 3C MOV DWORD PTR SS:[ESP+0x3C],ECX + * 0044D422 D95C24 28 FSTP DWORD PTR SS:[ESP+0x28] + * 0044D426 894C24 2C MOV DWORD PTR SS:[ESP+0x2C],ECX + * 0044D42A 8D4C24 70 LEA ECX,DWORD PTR SS:[ESP+0x70] + * 0044D42E 51 PUSH ECX + * 0044D42F C74424 70 60DC90>MOV DWORD PTR SS:[ESP+0x70],.0090DC60 + * 0044D437 E8 242B0000 CALL .0044FF60 + * 0044D43C 33FF XOR EDI,EDI + * 0044D43E 8D5424 6C LEA EDX,DWORD PTR SS:[ESP+0x6C] + * 0044D442 89BC24 C8000000 MOV DWORD PTR SS:[ESP+0xC8],EDI + * 0044D449 8B4C24 38 MOV ECX,DWORD PTR SS:[ESP+0x38] + * 0044D44D 52 PUSH EDX + * 0044D44E E8 6D150000 CALL .0044E9C0 + * 0044D453 8B8424 80000000 MOV EAX,DWORD PTR SS:[ESP+0x80] + * 0044D45A 8B4C24 7C MOV ECX,DWORD PTR SS:[ESP+0x7C] + * 0044D45E 894424 60 MOV DWORD PTR SS:[ESP+0x60],EAX + * 0044D462 3BC8 CMP ECX,EAX + * 0044D464 76 10 JBE SHORT .0044D476 + * 0044D466 E8 291D0600 CALL .004AF194 + * 0044D46B 8B8424 80000000 MOV EAX,DWORD PTR SS:[ESP+0x80] + * 0044D472 8B4C24 7C MOV ECX,DWORD PTR SS:[ESP+0x7C] + * 0044D476 8B5424 70 MOV EDX,DWORD PTR SS:[ESP+0x70] + * 0044D47A 895424 58 MOV DWORD PTR SS:[ESP+0x58],EDX + * 0044D47E 897C24 38 MOV DWORD PTR SS:[ESP+0x38],EDI + * 0044D482 8BD9 MOV EBX,ECX + * 0044D484 3BC8 CMP ECX,EAX + * 0044D486 76 05 JBE SHORT .0044D48D + * 0044D488 E8 071D0600 CALL .004AF194 + * 0044D48D 8B7C24 70 MOV EDI,DWORD PTR SS:[ESP+0x70] + * 0044D491 897C24 50 MOV DWORD PTR SS:[ESP+0x50],EDI + * 0044D495 895C24 54 MOV DWORD PTR SS:[ESP+0x54],EBX + * 0044D499 85FF TEST EDI,EDI + * 0044D49B 74 06 JE SHORT .0044D4A3 + * 0044D49D 3B7C24 58 CMP EDI,DWORD PTR SS:[ESP+0x58] + * 0044D4A1 74 05 JE SHORT .0044D4A8 + * 0044D4A3 E8 EC1C0600 CALL .004AF194 + * 0044D4A8 3B5C24 60 CMP EBX,DWORD PTR SS:[ESP+0x60] + * 0044D4AC 0F84 E4030000 JE .0044D896 + * 0044D4B2 85FF TEST EDI,EDI + * 0044D4B4 0F85 9C000000 JNZ .0044D556 + * 0044D4BA E8 D51C0600 CALL .004AF194 + * 0044D4BF 33C0 XOR EAX,EAX + * 0044D4C1 3B58 10 CMP EBX,DWORD PTR DS:[EAX+0x10] + * 0044D4C4 72 05 JB SHORT .0044D4CB + * 0044D4C6 E8 C91C0600 CALL .004AF194 + * 0044D4CB 8B0B MOV ECX,DWORD PTR DS:[EBX] + * 0044D4CD 8B01 MOV EAX,DWORD PTR DS:[ECX] + * 0044D4CF 8B50 10 MOV EDX,DWORD PTR DS:[EAX+0x10] + * 0044D4D2 FFD2 CALL EDX + * 0044D4D4 85C0 TEST EAX,EAX + * 0044D4D6 0F85 99030000 JNZ .0044D875 + * 0044D4DC 85FF TEST EDI,EDI + * 0044D4DE 75 7D JNZ SHORT .0044D55D + * 0044D4E0 E8 AF1C0600 CALL .004AF194 + * 0044D4E5 3B5F 10 CMP EBX,DWORD PTR DS:[EDI+0x10] + * 0044D4E8 72 05 JB SHORT .0044D4EF + * 0044D4EA E8 A51C0600 CALL .004AF194 + * 0044D4EF 8B0B MOV ECX,DWORD PTR DS:[EBX] + * 0044D4F1 8B01 MOV EAX,DWORD PTR DS:[ECX] + * 0044D4F3 8B50 08 MOV EDX,DWORD PTR DS:[EAX+0x8] + * 0044D4F6 FFD2 CALL EDX + * 0044D4F8 8BC8 MOV ECX,EAX + * 0044D4FA C78424 B4000000 >MOV DWORD PTR SS:[ESP+0xB4],0xF + * 0044D505 C78424 B0000000 >MOV DWORD PTR SS:[ESP+0xB0],0x0 + * 0044D510 C68424 A0000000 >MOV BYTE PTR SS:[ESP+0xA0],0x0 + * 0044D518 8D79 01 LEA EDI,DWORD PTR DS:[ECX+0x1] + * 0044D51B EB 03 JMP SHORT .0044D520 + * 0044D51D 8D49 00 LEA ECX,DWORD PTR DS:[ECX] + * 0044D520 8A11 MOV DL,BYTE PTR DS:[ECX] + * 0044D522 41 INC ECX + * 0044D523 84D2 TEST DL,DL + * 0044D525 ^75 F9 JNZ SHORT .0044D520 + * 0044D527 2BCF SUB ECX,EDI + * 0044D529 51 PUSH ECX + * 0044D52A 50 PUSH EAX + * 0044D52B 8D8C24 A4000000 LEA ECX,DWORD PTR SS:[ESP+0xA4] + * 0044D532 E8 D934FCFF CALL .00410A10 + * 0044D537 C68424 C8000000 >MOV BYTE PTR SS:[ESP+0xC8],0x1 + * 0044D53F 83BC24 B4000000 >CMP DWORD PTR SS:[ESP+0xB4],0x10 + * 0044D547 72 18 JB SHORT .0044D561 + * 0044D549 8B8424 A0000000 MOV EAX,DWORD PTR SS:[ESP+0xA0] + * 0044D550 894424 30 MOV DWORD PTR SS:[ESP+0x30],EAX + * 0044D554 EB 16 JMP SHORT .0044D56C + * 0044D556 8B07 MOV EAX,DWORD PTR DS:[EDI] + * 0044D558 ^E9 64FFFFFF JMP .0044D4C1 + * 0044D55D 8B3F MOV EDI,DWORD PTR DS:[EDI] + * 0044D55F ^EB 84 JMP SHORT .0044D4E5 + * 0044D561 8D8C24 A0000000 LEA ECX,DWORD PTR SS:[ESP+0xA0] + * 0044D568 894C24 30 MOV DWORD PTR SS:[ESP+0x30],ECX + * 0044D56C 8B7C24 30 MOV EDI,DWORD PTR SS:[ESP+0x30] + * 0044D570 0FB617 MOVZX EDX,BYTE PTR DS:[EDI] + * 0044D573 52 PUSH EDX + * 0044D574 33DB XOR EBX,EBX + * 0044D576 E8 39420600 CALL .004B17B4 + * 0044D57B 83C4 04 ADD ESP,0x4 + * 0044D57E 85C0 TEST EAX,EAX + * 0044D580 74 12 JE SHORT .0044D594 + * 0044D582 8BCF MOV ECX,EDI + * 0044D584 3859 01 CMP BYTE PTR DS:[ECX+0x1],BL + * 0044D587 8D41 01 LEA EAX,DWORD PTR DS:[ECX+0x1] + * 0044D58A 74 08 JE SHORT .0044D594 + * 0044D58C 0FB619 MOVZX EBX,BYTE PTR DS:[ECX] + * 0044D58F C1E3 08 SHL EBX,0x8 + * 0044D592 8BF8 MOV EDI,EAX + * 0044D594 0FB63F MOVZX EDI,BYTE PTR DS:[EDI] + * 0044D597 03FB ADD EDI,EBX + * 0044D599 0F84 8E020000 JE .0044D82D + * 0044D59F D94424 28 FLD DWORD PTR SS:[ESP+0x28] + * 0044D5A3 D946 0C FLD DWORD PTR DS:[ESI+0xC] + * 0044D5A6 DED9 FCOMPP + * 0044D5A8 DFE0 FSTSW AX + * 0044D5AA F6C4 05 TEST AH,0x5 + * 0044D5AD 0F8B 7A020000 JPO .0044D82D + * 0044D5B3 8B4424 30 MOV EAX,DWORD PTR SS:[ESP+0x30] + * 0044D5B7 50 PUSH EAX + * 0044D5B8 E8 0F420600 CALL .004B17CC + * 0044D5BD 83C4 04 ADD ESP,0x4 + * 0044D5C0 894424 30 MOV DWORD PTR SS:[ESP+0x30],EAX + * 0044D5C4 83FF 20 CMP EDI,0x20 + * 0044D5C7 75 27 JNZ SHORT .0044D5F0 + * 0044D5C9 FF86 88000000 INC DWORD PTR DS:[ESI+0x88] + * 0044D5CF 8B4C24 1C MOV ECX,DWORD PTR SS:[ESP+0x1C] + * 0044D5D3 8B51 38 MOV EDX,DWORD PTR DS:[ECX+0x38] + * 0044D5D6 DB41 38 FILD DWORD PTR DS:[ECX+0x38] + * 0044D5D9 85D2 TEST EDX,EDX + * 0044D5DB 7D 06 JGE SHORT .0044D5E3 + * 0044D5DD D805 D05C9100 FADD DWORD PTR DS:[0x915CD0] + * 0044D5E3 D84424 14 FADD DWORD PTR SS:[ESP+0x14] + * 0044D5E7 D95C24 14 FSTP DWORD PTR SS:[ESP+0x14] + * 0044D5EB ^E9 7CFFFFFF JMP .0044D56C + * 0044D5F0 81FF 40810000 CMP EDI,0x8140 + * 0044D5F6 75 14 JNZ SHORT .0044D60C + * 0044D5F8 FF86 88000000 INC DWORD PTR DS:[ESI+0x88] + * 0044D5FE 8B4424 1C MOV EAX,DWORD PTR SS:[ESP+0x1C] + * 0044D602 8B48 3C MOV ECX,DWORD PTR DS:[EAX+0x3C] + * 0044D605 DB40 3C FILD DWORD PTR DS:[EAX+0x3C] + * 0044D608 85C9 TEST ECX,ECX + * 0044D60A ^EB CF JMP SHORT .0044D5DB + * 0044D60C 83FF 0A CMP EDI,0xA + * 0044D60F 75 6F JNZ SHORT .0044D680 + * 0044D611 8B46 18 MOV EAX,DWORD PTR DS:[ESI+0x18] + * 0044D614 83F8 03 CMP EAX,0x3 + * 0044D617 77 3D JA SHORT .0044D656 + * 0044D619 FF2485 98DA4400 JMP DWORD PTR DS:[EAX*4+0x44DA98] + * 0044D620 56 PUSH ESI + * 0044D621 E8 3A080000 CALL .0044DE60 + * 0044D626 EB 2E JMP SHORT .0044D656 + * 0044D628 D94424 14 FLD DWORD PTR SS:[ESP+0x14] + * 0044D62C 51 PUSH ECX + * 0044D62D D91C24 FSTP DWORD PTR SS:[ESP] + * 0044D630 56 PUSH ESI + * 0044D631 E8 FA080000 CALL .0044DF30 + * 0044D636 EB 1E JMP SHORT .0044D656 + * 0044D638 D94424 14 FLD DWORD PTR SS:[ESP+0x14] + * 0044D63C 51 PUSH ECX + * 0044D63D D91C24 FSTP DWORD PTR SS:[ESP] + * 0044D640 56 PUSH ESI + * 0044D641 E8 CA090000 CALL .0044E010 + * 0044D646 EB 0E JMP SHORT .0044D656 + * 0044D648 D94424 14 FLD DWORD PTR SS:[ESP+0x14] + * 0044D64C 51 PUSH ECX + * 0044D64D D91C24 FSTP DWORD PTR SS:[ESP] + * 0044D650 56 PUSH ESI + * 0044D651 E8 9A0A0000 CALL .0044E0F0 + * 0044D656 8B5424 4C MOV EDX,DWORD PTR SS:[ESP+0x4C] + * 0044D65A D9EE FLDZ + * 0044D65C 8B02 MOV EAX,DWORD PTR DS:[EDX] + * 0044D65E D95C24 14 FSTP DWORD PTR SS:[ESP+0x14] + * 0044D662 D946 14 FLD DWORD PTR DS:[ESI+0x14] + * 0044D665 DB02 FILD DWORD PTR DS:[EDX] + * 0044D667 85C0 TEST EAX,EAX + * 0044D669 7D 06 JGE SHORT .0044D671 + * 0044D66B D805 D05C9100 FADD DWORD PTR DS:[0x915CD0] + * 0044D671 DEC1 FADDP ST(1),ST + * 0044D673 D84424 28 FADD DWORD PTR SS:[ESP+0x28] + * 0044D677 D95C24 28 FSTP DWORD PTR SS:[ESP+0x28] + * 0044D67B ^E9 ECFEFFFF JMP .0044D56C + * 0044D680 83FF 0D CMP EDI,0xD + * 0044D683 ^0F84 E3FEFFFF JE .0044D56C + * 0044D689 83FF 09 CMP EDI,0x9 + * 0044D68C ^0F84 DAFEFFFF JE .0044D56C + * 0044D692 8B5C24 1C MOV EBX,DWORD PTR SS:[ESP+0x1C] + * 0044D696 57 PUSH EDI + * 0044D697 8BC3 MOV EAX,EBX + * 0044D699 E8 6249FDFF CALL .00422000 + * 0044D69E 894424 18 MOV DWORD PTR SS:[ESP+0x18],EAX ; jichi: This is the ITH hook point + * 0044D6A2 85C0 TEST EAX,EAX + * 0044D6A4 ^0F84 C2FEFFFF JE .0044D56C + * 0044D6AA 57 PUSH EDI + * 0044D6AB 8BC3 MOV EAX,EBX + * 0044D6AD E8 4E49FDFF CALL .00422000 + * 0044D6B2 85C0 TEST EAX,EAX + * 0044D6B4 ^0F84 B2FEFFFF JE .0044D56C + * 0044D6BA 83C0 10 ADD EAX,0x10 + * 0044D6BD 894424 40 MOV DWORD PTR SS:[ESP+0x40],EAX + * 0044D6C1 ^0F84 A5FEFFFF JE .0044D56C + * 0044D6C7 57 PUSH EDI + * 0044D6C8 8BC3 MOV EAX,EBX + * 0044D6CA E8 3149FDFF CALL .00422000 + * 0044D6CF 85C0 TEST EAX,EAX + * 0044D6D1 75 04 JNZ SHORT .0044D6D7 + * 0044D6D3 D9EE FLDZ + * 0044D6D5 EB 03 JMP SHORT .0044D6DA + * 0044D6D7 D940 20 FLD DWORD PTR DS:[EAX+0x20] + * 0044D6DA D95C24 24 FSTP DWORD PTR SS:[ESP+0x24] + * 0044D6DE 8D4C24 20 LEA ECX,DWORD PTR SS:[ESP+0x20] + * 0044D6E2 D94424 24 FLD DWORD PTR SS:[ESP+0x24] + * 0044D6E6 51 PUSH ECX + * 0044D6E7 8D8E 04010000 LEA ECX,DWORD PTR DS:[ESI+0x104] + * 0044D6ED D95C24 24 FSTP DWORD PTR SS:[ESP+0x24] + * 0044D6F1 E8 6A55FFFF CALL .00442C60 + * 0044D6F6 D94424 24 FLD DWORD PTR SS:[ESP+0x24] + * 0044D6FA D94424 14 FLD DWORD PTR SS:[ESP+0x14] + * 0044D6FE D9C0 FLD ST + * 0044D700 DEC2 FADDP ST(2),ST + * 0044D702 D946 10 FLD DWORD PTR DS:[ESI+0x10] + * 0044D705 DEC2 FADDP ST(2),ST + * 0044D707 D9C9 FXCH ST(1) + * 0044D709 D95C24 48 FSTP DWORD PTR SS:[ESP+0x48] + * 0044D70D D94424 28 FLD DWORD PTR SS:[ESP+0x28] + * 0044D711 D95C24 20 FSTP DWORD PTR SS:[ESP+0x20] + * 0044D715 D94424 48 FLD DWORD PTR SS:[ESP+0x48] + * 0044D719 D946 08 FLD DWORD PTR DS:[ESI+0x8] + * 0044D71C DED9 FCOMPP + * 0044D71E DFE0 FSTSW AX + * 0044D720 F6C4 05 TEST AH,0x5 + * 0044D723 7A 47 JPE SHORT .0044D76C + * 0044D725 51 PUSH ECX + * 0044D726 8BC6 MOV EAX,ESI + * 0044D728 D91C24 FSTP DWORD PTR SS:[ESP] + * 0044D72B E8 D0060000 CALL .0044DE00 + * 0044D730 D94424 24 FLD DWORD PTR SS:[ESP+0x24] + * 0044D734 D846 10 FADD DWORD PTR DS:[ESI+0x10] + * 0044D737 8B5424 4C MOV EDX,DWORD PTR SS:[ESP+0x4C] + * 0044D73B 8B02 MOV EAX,DWORD PTR DS:[EDX] + * 0044D73D D95C24 48 FSTP DWORD PTR SS:[ESP+0x48] + * 0044D741 D946 14 FLD DWORD PTR DS:[ESI+0x14] + * 0044D744 DB02 FILD DWORD PTR DS:[EDX] + * 0044D746 85C0 TEST EAX,EAX + * 0044D748 7D 06 JGE SHORT .0044D750 + * 0044D74A D805 D05C9100 FADD DWORD PTR DS:[0x915CD0] + * 0044D750 DEC1 FADDP ST(1),ST + * 0044D752 D84424 28 FADD DWORD PTR SS:[ESP+0x28] + * 0044D756 D95C24 20 FSTP DWORD PTR SS:[ESP+0x20] + * 0044D75A D9EE FLDZ + * 0044D75C D95C24 14 FSTP DWORD PTR SS:[ESP+0x14] + * 0044D760 D94424 20 FLD DWORD PTR SS:[ESP+0x20] + * 0044D764 D95C24 28 FSTP DWORD PTR SS:[ESP+0x28] + * 0044D768 D94424 14 FLD DWORD PTR SS:[ESP+0x14] + * 0044D76C FF86 88000000 INC DWORD PTR DS:[ESI+0x88] + * 0044D772 D95C24 64 FSTP DWORD PTR SS:[ESP+0x64] + * 0044D776 D94424 28 FLD DWORD PTR SS:[ESP+0x28] + * 0044D77A 8D7E 6C LEA EDI,DWORD PTR DS:[ESI+0x6C] + * 0044D77D 8D5C24 64 LEA EBX,DWORD PTR SS:[ESP+0x64] + * 0044D781 D95C24 68 FSTP DWORD PTR SS:[ESP+0x68] + * 0044D785 E8 B658FFFF CALL .00443040 + * 0044D78A D9E8 FLD1 + * 0044D78C 8B5C24 18 MOV EBX,DWORD PTR SS:[ESP+0x18] + * 0044D790 83EC 0C SUB ESP,0xC + * 0044D793 D95C24 08 FSTP DWORD PTR SS:[ESP+0x8] + * 0044D797 8D46 54 LEA EAX,DWORD PTR DS:[ESI+0x54] + * 0044D79A D94424 34 FLD DWORD PTR SS:[ESP+0x34] + * 0044D79E 8B7424 4C MOV ESI,DWORD PTR SS:[ESP+0x4C] + * 0044D7A2 D95C24 04 FSTP DWORD PTR SS:[ESP+0x4] + * 0044D7A6 D94424 20 FLD DWORD PTR SS:[ESP+0x20] + * 0044D7AA D91C24 FSTP DWORD PTR SS:[ESP] + * 0044D7AD E8 1E040000 CALL .0044DBD0 + * 0044D7B2 8D5C24 2C LEA EBX,DWORD PTR SS:[ESP+0x2C] + * 0044D7B6 8D7C24 3C LEA EDI,DWORD PTR SS:[ESP+0x3C] + * 0044D7BA E8 E1050000 CALL .0044DDA0 + * 0044D7BF 0FB74C24 3C MOVZX ECX,WORD PTR SS:[ESP+0x3C] + * 0044D7C4 8B7424 34 MOV ESI,DWORD PTR SS:[ESP+0x34] + * 0044D7C8 8DBE A4000000 LEA EDI,DWORD PTR DS:[ESI+0xA4] + * 0044D7CE 8D5C24 18 LEA EBX,DWORD PTR SS:[ESP+0x18] + * 0044D7D2 894C24 18 MOV DWORD PTR SS:[ESP+0x18],ECX + * 0044D7D6 E8 15C8FCFF CALL .00419FF0 + * 0044D7DB 0FB74C24 2C MOVZX ECX,WORD PTR SS:[ESP+0x2C] + * 0044D7E0 B8 56555555 MOV EAX,0x55555556 + * 0044D7E5 F7E9 IMUL ECX + * 0044D7E7 8BC2 MOV EAX,EDX + * 0044D7E9 C1E8 1F SHR EAX,0x1F + * 0044D7EC 03C2 ADD EAX,EDX + * 0044D7EE 8DBE 8C000000 LEA EDI,DWORD PTR DS:[ESI+0x8C] + * 0044D7F4 8D5C24 18 LEA EBX,DWORD PTR SS:[ESP+0x18] + * 0044D7F8 894424 18 MOV DWORD PTR SS:[ESP+0x18],EAX + * 0044D7FC E8 EFC7FCFF CALL .00419FF0 + * 0044D801 8DBE D4000000 LEA EDI,DWORD PTR DS:[ESI+0xD4] + * 0044D807 D94424 48 FLD DWORD PTR SS:[ESP+0x48] + * 0044D80B 8D5C24 38 LEA EBX,DWORD PTR SS:[ESP+0x38] + * 0044D80F D95C24 14 FSTP DWORD PTR SS:[ESP+0x14] + * 0044D813 D94424 20 FLD DWORD PTR SS:[ESP+0x20] + * 0044D817 D95C24 28 FSTP DWORD PTR SS:[ESP+0x28] + * 0044D81B E8 D0C7FCFF CALL .00419FF0 + * 0044D820 C74424 38 000000>MOV DWORD PTR SS:[ESP+0x38],0x0 + * 0044D828 ^E9 3FFDFFFF JMP .0044D56C + * 0044D82D C68424 C8000000 >MOV BYTE PTR SS:[ESP+0xC8],0x0 + * 0044D835 83BC24 B4000000 >CMP DWORD PTR SS:[ESP+0xB4],0x10 + * 0044D83D 72 10 JB SHORT .0044D84F + * 0044D83F 8B8C24 A0000000 MOV ECX,DWORD PTR SS:[ESP+0xA0] + * 0044D846 51 PUSH ECX + * 0044D847 E8 29130600 CALL .004AEB75 + * 0044D84C 83C4 04 ADD ESP,0x4 + * 0044D84F 8B7C24 50 MOV EDI,DWORD PTR SS:[ESP+0x50] + * 0044D853 8B5C24 54 MOV EBX,DWORD PTR SS:[ESP+0x54] + * 0044D857 C78424 B4000000 >MOV DWORD PTR SS:[ESP+0xB4],0xF + * 0044D862 C78424 B0000000 >MOV DWORD PTR SS:[ESP+0xB0],0x0 + * 0044D86D C68424 A0000000 >MOV BYTE PTR SS:[ESP+0xA0],0x0 + * 0044D875 85FF TEST EDI,EDI + * 0044D877 75 19 JNZ SHORT .0044D892 + * 0044D879 E8 16190600 CALL .004AF194 + * 0044D87E 33C0 XOR EAX,EAX + * 0044D880 3B58 10 CMP EBX,DWORD PTR DS:[EAX+0x10] + * 0044D883 72 05 JB SHORT .0044D88A + * 0044D885 E8 0A190600 CALL .004AF194 + * 0044D88A 83C3 04 ADD EBX,0x4 + * 0044D88D ^E9 03FCFFFF JMP .0044D495 + * 0044D892 8B07 MOV EAX,DWORD PTR DS:[EDI] + * 0044D894 ^EB EA JMP SHORT .0044D880 + * 0044D896 66:8B5424 2C MOV DX,WORD PTR SS:[ESP+0x2C] + * 0044D89B 66:8996 84000000 MOV WORD PTR DS:[ESI+0x84],DX + * 0044D8A2 8B4E 64 MOV ECX,DWORD PTR DS:[ESI+0x64] + * 0044D8A5 2B4E 60 SUB ECX,DWORD PTR DS:[ESI+0x60] + * 0044D8A8 B8 67666666 MOV EAX,0x66666667 + * 0044D8AD F7E9 IMUL ECX + * 0044D8AF C1FA 03 SAR EDX,0x3 + * 0044D8B2 8BC2 MOV EAX,EDX + * 0044D8B4 C1E8 1F SHR EAX,0x1F + * 0044D8B7 03C2 ADD EAX,EDX + * 0044D8B9 74 0F JE SHORT .0044D8CA + * 0044D8BB D94424 14 FLD DWORD PTR SS:[ESP+0x14] + * 0044D8BF 51 PUSH ECX + * 0044D8C0 8BC6 MOV EAX,ESI + * 0044D8C2 D91C24 FSTP DWORD PTR SS:[ESP] + * 0044D8C5 E8 36050000 CALL .0044DE00 + * 0044D8CA 8B86 9C000000 MOV EAX,DWORD PTR DS:[ESI+0x9C] + * 0044D8D0 33DB XOR EBX,EBX + * 0044D8D2 895C24 3C MOV DWORD PTR SS:[ESP+0x3C],EBX + * 0044D8D6 895C24 2C MOV DWORD PTR SS:[ESP+0x2C],EBX + * 0044D8DA 895C24 1C MOV DWORD PTR SS:[ESP+0x1C],EBX + * 0044D8DE 895C24 20 MOV DWORD PTR SS:[ESP+0x20],EBX + * 0044D8E2 894424 18 MOV DWORD PTR SS:[ESP+0x18],EAX + * 0044D8E6 3986 98000000 CMP DWORD PTR DS:[ESI+0x98],EAX + * 0044D8EC 76 05 JBE SHORT .0044D8F3 + * 0044D8EE E8 A1180600 CALL .004AF194 + * 0044D8F3 8BBE 98000000 MOV EDI,DWORD PTR DS:[ESI+0x98] + * 0044D8F9 8B8E 8C000000 MOV ECX,DWORD PTR DS:[ESI+0x8C] + * 0044D8FF 894C24 58 MOV DWORD PTR SS:[ESP+0x58],ECX + * 0044D903 3BBE 9C000000 CMP EDI,DWORD PTR DS:[ESI+0x9C] + * 0044D909 76 05 JBE SHORT .0044D910 + * 0044D90B E8 84180600 CALL .004AF194 + * 0044D910 8B86 8C000000 MOV EAX,DWORD PTR DS:[ESI+0x8C] + * 0044D916 894424 40 MOV DWORD PTR SS:[ESP+0x40],EAX + * 0044D91A 897C24 44 MOV DWORD PTR SS:[ESP+0x44],EDI + * 0044D91E 895C24 34 MOV DWORD PTR SS:[ESP+0x34],EBX + * 0044D922 3BC3 CMP EAX,EBX + * 0044D924 74 06 JE SHORT .0044D92C + * 0044D926 3B4424 58 CMP EAX,DWORD PTR SS:[ESP+0x58] + * 0044D92A 74 05 JE SHORT .0044D931 + * 0044D92C E8 63180600 CALL .004AF194 + * 0044D931 8B5424 44 MOV EDX,DWORD PTR SS:[ESP+0x44] + * 0044D935 3B5424 18 CMP EDX,DWORD PTR SS:[ESP+0x18] + * 0044D939 0F84 0D010000 JE .0044DA4C + * 0044D93F 8B4424 34 MOV EAX,DWORD PTR SS:[ESP+0x34] + * 0044D943 33DB XOR EBX,EBX + * 0044D945 8DBE EC000000 LEA EDI,DWORD PTR DS:[ESI+0xEC] + * 0044D94B 894424 24 MOV DWORD PTR SS:[ESP+0x24],EAX + * 0044D94F 8B4E 4C MOV ECX,DWORD PTR DS:[ESI+0x4C] + * 0044D952 2B4E 48 SUB ECX,DWORD PTR DS:[ESI+0x48] + * 0044D955 B8 67666666 MOV EAX,0x66666667 + * 0044D95A F7E9 IMUL ECX + * 0044D95C C1FA 03 SAR EDX,0x3 + * 0044D95F 8BCA MOV ECX,EDX + * 0044D961 C1E9 1F SHR ECX,0x1F + * 0044D964 03CA ADD ECX,EDX + * 0044D966 8B5424 20 MOV EDX,DWORD PTR SS:[ESP+0x20] + * 0044D96A 8D0413 LEA EAX,DWORD PTR DS:[EBX+EDX] + * 0044D96D 3BC1 CMP EAX,ECX + * 0044D96F 72 05 JB SHORT .0044D976 + * 0044D971 E8 1E180600 CALL .004AF194 + * 0044D976 8B46 48 MOV EAX,DWORD PTR DS:[ESI+0x48] + * 0044D979 034424 24 ADD EAX,DWORD PTR SS:[ESP+0x24] + * 0044D97D 8D8C24 88000000 LEA ECX,DWORD PTR SS:[ESP+0x88] + * 0044D984 D900 FLD DWORD PTR DS:[EAX] + * 0044D986 51 PUSH ECX + * 0044D987 D99C24 8C000000 FSTP DWORD PTR SS:[ESP+0x8C] + * 0044D98E D940 04 FLD DWORD PTR DS:[EAX+0x4] + * 0044D991 D99C24 90000000 FSTP DWORD PTR SS:[ESP+0x90] + * 0044D998 D940 08 FLD DWORD PTR DS:[EAX+0x8] + * 0044D99B D99C24 94000000 FSTP DWORD PTR SS:[ESP+0x94] + * 0044D9A2 D940 0C FLD DWORD PTR DS:[EAX+0xC] + * 0044D9A5 D99C24 98000000 FSTP DWORD PTR SS:[ESP+0x98] + * 0044D9AC D940 10 FLD DWORD PTR DS:[EAX+0x10] + * 0044D9AF D99C24 9C000000 FSTP DWORD PTR SS:[ESP+0x9C] + * 0044D9B6 E8 A50B0000 CALL .0044E560 + * 0044D9BB 834424 24 14 ADD DWORD PTR SS:[ESP+0x24],0x14 + * 0044D9C0 43 INC EBX + * 0044D9C1 83FB 04 CMP EBX,0x4 + * 0044D9C4 ^7C 89 JL SHORT .0044D94F + * 0044D9C6 8D5C24 2C LEA EBX,DWORD PTR SS:[ESP+0x2C] + * 0044D9CA 8D7C24 3C LEA EDI,DWORD PTR SS:[ESP+0x3C] + * 0044D9CE E8 CD030000 CALL .0044DDA0 + * 0044D9D3 8B86 9C000000 MOV EAX,DWORD PTR DS:[ESI+0x9C] + * 0044D9D9 2B86 98000000 SUB EAX,DWORD PTR DS:[ESI+0x98] + * 0044D9DF 8B5424 24 MOV EDX,DWORD PTR SS:[ESP+0x24] + * 0044D9E3 BF 04000000 MOV EDI,0x4 + * 0044D9E8 017C24 20 ADD DWORD PTR SS:[ESP+0x20],EDI + * 0044D9EC C1F8 02 SAR EAX,0x2 + * 0044D9EF 895424 34 MOV DWORD PTR SS:[ESP+0x34],EDX + * 0044D9F3 394424 1C CMP DWORD PTR SS:[ESP+0x1C],EAX + * 0044D9F7 72 05 JB SHORT .0044D9FE + * 0044D9F9 E8 96170600 CALL .004AF194 + * 0044D9FE 8B8E B4000000 MOV ECX,DWORD PTR DS:[ESI+0xB4] + * 0044DA04 2B8E B0000000 SUB ECX,DWORD PTR DS:[ESI+0xB0] + * 0044DA0A C1F9 02 SAR ECX,0x2 + * 0044DA0D 394C24 1C CMP DWORD PTR SS:[ESP+0x1C],ECX + * 0044DA11 72 05 JB SHORT .0044DA18 + * 0044DA13 E8 7C170600 CALL .004AF194 + * 0044DA18 8B4424 40 MOV EAX,DWORD PTR SS:[ESP+0x40] + * 0044DA1C FF4424 1C INC DWORD PTR SS:[ESP+0x1C] + * 0044DA20 85C0 TEST EAX,EAX + * 0044DA22 75 24 JNZ SHORT .0044DA48 + * 0044DA24 E8 6B170600 CALL .004AF194 + * 0044DA29 33C0 XOR EAX,EAX + * 0044DA2B 8B5424 44 MOV EDX,DWORD PTR SS:[ESP+0x44] + * 0044DA2F 3B50 10 CMP EDX,DWORD PTR DS:[EAX+0x10] + * 0044DA32 72 05 JB SHORT .0044DA39 + * 0044DA34 E8 5B170600 CALL .004AF194 + * 0044DA39 017C24 44 ADD DWORD PTR SS:[ESP+0x44],EDI + * 0044DA3D 8B4424 40 MOV EAX,DWORD PTR SS:[ESP+0x40] + * 0044DA41 33DB XOR EBX,EBX + * 0044DA43 ^E9 DAFEFFFF JMP .0044D922 + * 0044DA48 8B00 MOV EAX,DWORD PTR DS:[EAX] + * 0044DA4A ^EB DF JMP SHORT .0044DA2B + * 0044DA4C 8B86 9C000000 MOV EAX,DWORD PTR DS:[ESI+0x9C] + * 0044DA52 2B86 98000000 SUB EAX,DWORD PTR DS:[ESI+0x98] + * 0044DA58 8D4C24 6C LEA ECX,DWORD PTR SS:[ESP+0x6C] + * 0044DA5C C1F8 02 SAR EAX,0x2 + * 0044DA5F 8946 38 MOV DWORD PTR DS:[ESI+0x38],EAX + * 0044DA62 C78424 C8000000 >MOV DWORD PTR SS:[ESP+0xC8],-0x1 + * 0044DA6D E8 CE0E0000 CALL .0044E940 + * 0044DA72 8B8C24 C0000000 MOV ECX,DWORD PTR SS:[ESP+0xC0] + * 0044DA79 64:890D 00000000 MOV DWORD PTR FS:[0],ECX + * 0044DA80 59 POP ECX + * 0044DA81 5F POP EDI + * 0044DA82 5E POP ESI + * 0044DA83 5B POP EBX + * 0044DA84 8B8C24 A8000000 MOV ECX,DWORD PTR SS:[ESP+0xA8] + * 0044DA8B 33CC XOR ECX,ESP + * 0044DA8D E8 EE100600 CALL .004AEB80 + * 0044DA92 8BE5 MOV ESP,EBP + * 0044DA94 5D POP EBP + * 0044DA95 C2 0400 RETN 0x4 + * 0044DA98 20D6 AND DH,DL + * 0044DA9A 44 INC ESP + * 0044DA9B 0028 ADD BYTE PTR DS:[EAX],CH + * 0044DA9D D6 SALC + * 0044DA9E 44 INC ESP + * 0044DA9F 0038 ADD BYTE PTR DS:[EAX],BH + * 0044DAA1 D6 SALC + * 0044DAA2 44 INC ESP + * 0044DAA3 0048 D6 ADD BYTE PTR DS:[EAX-0x2A],CL + * 0044DAA6 44 INC ESP + * 0044DAA7 00CC ADD AH,CL + * 0044DAA9 CC INT3 + * 0044DAAA CC INT3 + * 0044DAAB CC INT3 + * 0044DAAC CC INT3 + * 0044DAAD CC INT3 + * 0044DAAE CC INT3 + * 0044DAAF CC INT3 + */ +bool attach(ULONG startAddress, ULONG stopAddress) // attach scenario +{ + const uint8_t bytes[] = { + 0x57, // 0044d696 57 push edi + 0x8b,0xc3, // 0044d697 8bc3 mov eax,ebx + 0xe8, XX4, // 0044d699 e8 6249fdff call .00422000 + 0x89,0x44,0x24, 0x18, // 0044d69e 894424 18 mov dword ptr ss:[esp+0x18],eax ; jichi: this is the ith hook point + 0x85,0xc0, // 0044d6a2 85c0 test eax,eax + 0x0f,0x84 //c2feffff // 0044d6a4 ^0f84 c2feffff je .0044d56c + }; + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), startAddress, stopAddress); + if (!addr) + return false; + addr = MemDbg::findEnclosingAlignedFunction(addr); // range is around 50, use 80 + if (!addr) + return false; + HookParam hp; + hp.address=addr; + hp.type=USING_STRING|EMBED_ABLE|EMBED_AFTER_NEW| EMBED_DYNA_SJIS|NO_CONTEXT; + hp.offset=get_stack(1); + hp.text_fun=Private::hookBefore; + hp.hook_font=F_GetGlyphOutlineA; + return NewHook(hp,"EmbedNexton"); +} + +} // namespace ScenarioHook +} // unnamed namespace + +bool Nexton::attach_function() { + bool embed=ScenarioHook::attach(processStartAddress,processStopAddress); + return InsertNextonHook()||embed; +} + + +/** jichi 8/17/2014 Nexton1 + * Sample games: + * - [Nomad][071026] 淫烙�巫女 Trial + * + * Debug method: text are prefetched into memory. Add break point to it. + * + * GetGlyphOutlineA is called, but no correct text. + * + * There are so many good hooks. The shortest function was picked,as follows: + * 0041974e cc int3 + * 0041974f cc int3 + * 00419750 56 push esi ; jichi: hook here, text in arg1 + * 00419751 8b7424 08 mov esi,dword ptr ss:[esp+0x8] + * 00419755 8bc6 mov eax,esi + * 00419757 57 push edi + * 00419758 8d78 01 lea edi,dword ptr ds:[eax+0x1] + * 0041975b eb 03 jmp short inrakutr.00419760 + * 0041975d 8d49 00 lea ecx,dword ptr ds:[ecx] + * 00419760 8a10 mov dl,byte ptr ds:[eax] ; jichi: eax is the text + * 00419762 83c0 01 add eax,0x1 + * 00419765 84d2 test dl,dl + * 00419767 ^75 f7 jnz short inrakutr.00419760 + * 00419769 2bc7 sub eax,edi + * 0041976b 50 push eax + * 0041976c 56 push esi + * 0041976d 83c1 04 add ecx,0x4 + * 00419770 e8 eb85feff call inrakutr.00401d60 + * 00419775 5f pop edi + * 00419776 5e pop esi + * 00419777 c2 0400 retn 0x4 + * 0041977a cc int3 + * 0041977b cc int3 + * 0041977c cc int3 + * + * Runtime stack: this function takes two arguments. Text address is in arg1. + * + * Other possible hooks are as follows: + * 00460caf 53 push ebx + * 00460cb0 c700 16000000 mov dword ptr ds:[eax],0x16 + * 00460cb6 e8 39feffff call inrakutr.00460af4 + * 00460cbb 83c4 14 add esp,0x14 + * 00460cbe 385d fc cmp byte ptr ss:[ebp-0x4],bl + * 00460cc1 74 07 je short inrakutr.00460cca + * 00460cc3 8b45 f8 mov eax,dword ptr ss:[ebp-0x8] + * 00460cc6 8360 70 fd and dword ptr ds:[eax+0x70],0xfffffffd + * 00460cca 33c0 xor eax,eax + * 00460ccc eb 2c jmp short inrakutr.00460cfa + * 00460cce 0fb601 movzx eax,byte ptr ds:[ecx] ; jichi: here, ecx + * 00460cd1 8b55 f4 mov edx,dword ptr ss:[ebp-0xc] + * 00460cd4 f64410 1d 04 test byte ptr ds:[eax+edx+0x1d],0x4 + * 00460cd9 74 0e je short inrakutr.00460ce9 + * 00460cdb 8d51 01 lea edx,dword ptr ds:[ecx+0x1] + * 00460cde 381a cmp byte ptr ds:[edx],bl + * 00460ce0 74 07 je short inrakutr.00460ce9 + * 00460ce2 c1e0 08 shl eax,0x8 + * 00460ce5 8bf0 mov esi,eax + * 00460ce7 8bca mov ecx,edx + * 00460ce9 0fb601 movzx eax,byte ptr ds:[ecx] + * 00460cec 03c6 add eax,esi + * 00460cee 385d fc cmp byte ptr ss:[ebp-0x4],bl + * 00460cf1 74 07 je short inrakutr.00460cfa + * 00460cf3 8b4d f8 mov ecx,dword ptr ss:[ebp-0x8] + * 00460cf6 8361 70 fd and dword ptr ds:[ecx+0x70],0xfffffffd + * 00460cfa 5e pop esi + * 00460cfb 5b pop ebx + * 00460cfc c9 leave + * 00460cfd c3 retn + * + * 00460d41 74 05 je short inrakutr.00460d48 + * 00460d43 381e cmp byte ptr ds:[esi],bl + * 00460d45 74 01 je short inrakutr.00460d48 + * 00460d47 46 inc esi + * 00460d48 8bc6 mov eax,esi + * 00460d4a 5e pop esi + * 00460d4b 5b pop ebx + * 00460d4c c3 retn + * 00460d4d 56 push esi + * 00460d4e 8b7424 08 mov esi,dword ptr ss:[esp+0x8] + * 00460d52 0fb606 movzx eax,byte ptr ds:[esi] ; jichi: esi & ebp + * 00460d55 50 push eax + * 00460d56 e8 80fcffff call inrakutr.004609db + * 00460d5b 85c0 test eax,eax + * 00460d5d 59 pop ecx + * 00460d5e 74 0b je short inrakutr.00460d6b + * 00460d60 807e 01 00 cmp byte ptr ds:[esi+0x1],0x0 + * 00460d64 74 05 je short inrakutr.00460d6b + * 00460d66 6a 02 push 0x2 + * 00460d68 58 pop eax + * 00460d69 5e pop esi + * 00460d6a c3 retn + * + * 00460d1d 53 push ebx + * 00460d1e 53 push ebx + * 00460d1f 53 push ebx + * 00460d20 53 push ebx + * 00460d21 53 push ebx + * 00460d22 c700 16000000 mov dword ptr ds:[eax],0x16 + * 00460d28 e8 c7fdffff call inrakutr.00460af4 + * 00460d2d 83c4 14 add esp,0x14 + * 00460d30 33c0 xor eax,eax + * 00460d32 eb 16 jmp short inrakutr.00460d4a + * 00460d34 0fb606 movzx eax,byte ptr ds:[esi] ; jichi: esi, ebp + * 00460d37 50 push eax + * 00460d38 e8 9efcffff call inrakutr.004609db + * 00460d3d 46 inc esi + * 00460d3e 85c0 test eax,eax + * 00460d40 59 pop ecx + * 00460d41 74 05 je short inrakutr.00460d48 + * 00460d43 381e cmp byte ptr ds:[esi],bl + * 00460d45 74 01 je short inrakutr.00460d48 + * 00460d47 46 inc esi + * + * 0042c59f cc int3 + * 0042c5a0 56 push esi + * 0042c5a1 8bf1 mov esi,ecx + * 0042c5a3 8b86 cc650000 mov eax,dword ptr ds:[esi+0x65cc] + * 0042c5a9 8b50 1c mov edx,dword ptr ds:[eax+0x1c] + * 0042c5ac 57 push edi + * 0042c5ad 8b7c24 0c mov edi,dword ptr ss:[esp+0xc] + * 0042c5b1 8d8e cc650000 lea ecx,dword ptr ds:[esi+0x65cc] + * 0042c5b7 57 push edi + * 0042c5b8 ffd2 call edx + * 0042c5ba 8bc7 mov eax,edi + * 0042c5bc 8d50 01 lea edx,dword ptr ds:[eax+0x1] + * 0042c5bf 90 nop + * 0042c5c0 8a08 mov cl,byte ptr ds:[eax] ; jichi: here eax + * 0042c5c2 83c0 01 add eax,0x1 + * 0042c5c5 84c9 test cl,cl + * 0042c5c7 ^75 f7 jnz short inrakutr.0042c5c0 + * 0042c5c9 2bc2 sub eax,edx + * 0042c5cb 50 push eax + * 0042c5cc 57 push edi + * 0042c5cd 8d8e 24660000 lea ecx,dword ptr ds:[esi+0x6624] + * 0042c5d3 e8 8857fdff call inrakutr.00401d60 + * 0042c5d8 8b86 b4660000 mov eax,dword ptr ds:[esi+0x66b4] + * 0042c5de 85c0 test eax,eax + * 0042c5e0 74 0d je short inrakutr.0042c5ef + * 0042c5e2 8b8e b8660000 mov ecx,dword ptr ds:[esi+0x66b8] + * 0042c5e8 2bc8 sub ecx,eax + * 0042c5ea c1f9 02 sar ecx,0x2 + * 0042c5ed 75 05 jnz short inrakutr.0042c5f4 + * 0042c5ef e8 24450300 call inrakutr.00460b18 + * 0042c5f4 8b96 b4660000 mov edx,dword ptr ds:[esi+0x66b4] + * 0042c5fa 8b0a mov ecx,dword ptr ds:[edx] + * 0042c5fc 8b01 mov eax,dword ptr ds:[ecx] + * 0042c5fe 8b50 30 mov edx,dword ptr ds:[eax+0x30] + * 0042c601 ffd2 call edx + * 0042c603 8b06 mov eax,dword ptr ds:[esi] + * 0042c605 8b90 f8000000 mov edx,dword ptr ds:[eax+0xf8] + * 0042c60b 6a 00 push 0x0 + * 0042c60d 68 c3164a00 push inrakutr.004a16c3 + * 0042c612 57 push edi + * 0042c613 8bce mov ecx,esi + * 0042c615 ffd2 call edx + * 0042c617 5f pop edi + * 0042c618 5e pop esi + * 0042c619 c2 0400 retn 0x4 + * 0042c61c cc int3 + * + * 0041974e cc int3 + * 0041974f cc int3 + * 00419750 56 push esi + * 00419751 8b7424 08 mov esi,dword ptr ss:[esp+0x8] + * 00419755 8bc6 mov eax,esi + * 00419757 57 push edi + * 00419758 8d78 01 lea edi,dword ptr ds:[eax+0x1] + * 0041975b eb 03 jmp short inrakutr.00419760 + * 0041975d 8d49 00 lea ecx,dword ptr ds:[ecx] + * 00419760 8a10 mov dl,byte ptr ds:[eax] ; jichi: eax + * 00419762 83c0 01 add eax,0x1 + * 00419765 84d2 test dl,dl + * 00419767 ^75 f7 jnz short inrakutr.00419760 + * 00419769 2bc7 sub eax,edi + * 0041976b 50 push eax + * 0041976c 56 push esi + * 0041976d 83c1 04 add ecx,0x4 + * 00419770 e8 eb85feff call inrakutr.00401d60 + * 00419775 5f pop edi + * 00419776 5e pop esi + * 00419777 c2 0400 retn 0x4 + * 0041977a cc int3 + * 0041977b cc int3 + * 0041977c cc int3 + * + * 0042c731 57 push edi + * 0042c732 ffd0 call eax + * 0042c734 8bc7 mov eax,edi + * 0042c736 8d50 01 lea edx,dword ptr ds:[eax+0x1] + * 0042c739 8da424 00000000 lea esp,dword ptr ss:[esp] + * 0042c740 8a08 mov cl,byte ptr ds:[eax] ; jichi: eax + * 0042c742 83c0 01 add eax,0x1 + * 0042c745 84c9 test cl,cl + * 0042c747 ^75 f7 jnz short inrakutr.0042c740 + * 0042c749 2bc2 sub eax,edx + * 0042c74b 8bf8 mov edi,eax + * 0042c74d e8 fe1d0100 call inrakutr.0043e550 + * 0042c752 8b0d 187f4c00 mov ecx,dword ptr ds:[0x4c7f18] + * 0042c758 8b11 mov edx,dword ptr ds:[ecx] + * 0042c75a 8b42 70 mov eax,dword ptr ds:[edx+0x70] + * 0042c75d ffd0 call eax + * 0042c75f 83c0 0a add eax,0xa + * 0042c762 0fafc7 imul eax,edi + * 0042c765 5f pop edi + * 0042c766 8986 60660000 mov dword ptr ds:[esi+0x6660],eax + */ +bool InsertNexton1Hook() +{ + const BYTE bytes[] = { + 0x56, // 00419750 56 push esi ; jichi: hook here, text in arg1 + 0x8b,0x74,0x24, 0x08, // 00419751 8b7424 08 mov esi,dword ptr ss:[esp+0x8] + 0x8b,0xc6, // 00419755 8bc6 mov eax,esi + 0x57, // 00419757 57 push edi + 0x8d,0x78, 0x01, // 00419758 8d78 01 lea edi,dword ptr ds:[eax+0x1] + 0xeb, 0x03, // 0041975b eb 03 jmp short inrakutr.00419760 + 0x8d,0x49, 0x00, // 0041975d 8d49 00 lea ecx,dword ptr ds:[ecx] + 0x8a,0x10, // 00419760 8a10 mov dl,byte ptr ds:[eax] ; jichi: eax is the text + 0x83,0xc0, 0x01, // 00419762 83c0 01 add eax,0x1 + 0x84,0xd2, // 00419765 84d2 test dl,dl + 0x75, 0xf7, // 00419767 ^75 f7 jnz short inrakutr.00419760 + 0x2b,0xc7, // 00419769 2bc7 sub eax,edi + 0x50, // 0041976b 50 push eax + 0x56, // 0041976c 56 push esi + 0x83,0xc1, 0x04 // 0041976d 83c1 04 add ecx,0x4 + //0xe8, XX4, // 00419770 e8 eb85feff call inrakutr.00401d60 + //0x5f, // 00419775 5f pop edi + //0x5e, // 00419776 5e pop esi + //0xc2, 0x04,0x00 // 00419777 c2 0400 retn 0x4 + }; + enum { addr_offset = 0 }; // distance to the beginning of the function + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStopAddress); + //GROWL_DWORD(addr); // supposed to be 0x4010e0 + if (!addr) { + ConsoleOutput("NEXTON1: pattern not found"); + return false; + } + //GROWL_DWORD(addr); + + HookParam hp; + hp.address = addr + addr_offset; + //hp.length_offset = 1; + hp.offset=get_stack(1); // [esp+4] == arg0 + hp.type = USING_STRING; + ConsoleOutput("INSERT NEXTON1"); + return NewHook(hp, "NEXTON1"); +} + +bool Nexton1::attach_function() { + + return InsertNexton1Hook(); +} \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine32/Nexton.h b/cpp/LunaHook/LunaHook/engine32/Nexton.h new file mode 100644 index 00000000..17f2a66d --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/Nexton.h @@ -0,0 +1,32 @@ + + +class Nexton:public ENGINE{ + public: + Nexton(){ + is_engine_certain=false; + check_by=CHECK_BY::CUSTOM; + check_by_target=[](){ + return Util::CheckFile(L"aInfo.db")|| + ( + Util::CheckFile(L"cfg.cfg")&& + Util::CheckFile(L"SystemConfig.exe")&& + Util::CheckFile(L"data.arc")&& + Util::CheckFile(L"se_000.arc")&& + Util::CheckFile(L"voice_000.arc") + ); + }; + }; + bool attach_function(); +}; + +class Nexton1:public ENGINE{ + public: + Nexton1(){ + + check_by=CHECK_BY::FILE; + // old nexton game + check_by_target=L"comnArc.arc"; + is_engine_certain=false; + }; + bool attach_function(); +}; \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine32/Nijyuei.cpp b/cpp/LunaHook/LunaHook/engine32/Nijyuei.cpp new file mode 100644 index 00000000..b22416df --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/Nijyuei.cpp @@ -0,0 +1,23 @@ +#include"Nijyuei.h" + + +bool Nijyuei::attach_function() { + //二重影 + BYTE bytes[] = { + 0xE8,XX4, + 0x85,0xc0, + 0x0f,0x85,XX4, + 0x5f,0x5e,0x5d,0x5b, + 0x81,0xC4,0x0C,0x01,0x00,0x00, + 0xC3 + + }; + auto addr=MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStopAddress); + if(addr==0)return false; + + HookParam hp; + hp.address = addr+5; + hp.type = USING_STRING; + hp.offset=get_reg(regs::edx); + return NewHook(hp, "Nijyuei"); +} \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine32/Nijyuei.h b/cpp/LunaHook/LunaHook/engine32/Nijyuei.h new file mode 100644 index 00000000..b511d5cb --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/Nijyuei.h @@ -0,0 +1,11 @@ + + +class Nijyuei:public ENGINE{ + public: + Nijyuei(){ + + check_by=CHECK_BY::FILE; + check_by_target=L"Nijyuei.kpd"; + }; + bool attach_function(); +}; \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine32/Nitroplus.cpp b/cpp/LunaHook/LunaHook/engine32/Nitroplus.cpp new file mode 100644 index 00000000..cdfe52ea --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/Nitroplus.cpp @@ -0,0 +1,170 @@ +#include "Nitroplus.h" + +bool InsertNitroplusHook() +{ + const BYTE bytes[] = {0xb0, 0x74, 0x53}; + DWORD addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStopAddress); + if (!addr) + { + ConsoleOutput("Nitroplus: pattern not exist"); + return false; + } + enum : WORD + { + sub_esp = 0xec83 + }; // caller pattern: sub esp = 0x83,0xec + BYTE b = *(BYTE *)(addr + 3) & 3; + while (*(WORD *)addr != sub_esp) + addr--; + HookParam hp; + hp.address = addr; + hp.offset = -0x14 + (b << 2); + hp.type = CODEC_ANSI_BE; + ConsoleOutput("INSERT Nitroplus"); + return NewHook(hp, "Nitroplus"); + // RegisterEngineType(ENGINE_Nitroplus); +} +bool InsertNitroplus2Hook() +{ + + /* + * Sample games: + * https://vndb.org/v428 + */ + BYTE bytes[] = { + 0x8D, 0xB4, 0x29, XX4, // lea esi,[ecx+ebp+0000415C] + 0x74, 0x20, // je Django.exe+6126E + 0x8D, 0xBC, 0xBD, XX4, // lea edi,[ebp+edi*4+0006410C] + 0x8B, 0x56, 0xB0, // mov edx,[esi-50] + 0xE8, XX4 // call Django.exe+51150 << hook here + }; + enum + { + addr_offset = sizeof(bytes) - 5 + }; + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStopAddress); + if (!addr) + { + ConsoleOutput("Nitroplus2: pattern not found"); + return false; + } + HookParam hp; + hp.address = addr + addr_offset; + hp.offset = get_reg(regs::edx); + hp.type = CODEC_ANSI_BE; + return NewHook(hp, "Nitroplus2"); +} +namespace +{ + // DRAMAtical Murder re:connect 普及版 + // https://vndb.org/v10895 + bool dmmdrc() + { + // BYTE sig[]={ + // 0xc7,0x04,0x24,0x24,0x53,0x59,0x53,//$SYS + // 0xc7,0x44,0x24,0x04,0x54,0x45,0x4d,0x5f,//TEM_ + // 0xc7,0x44,0x24,0x08,0x6c,0x61,0x73,0x74,//last + // 0xc7,0x44,0x24,0x0c,0x5f,0x74,0x65,0x78,//_tex + // }; + BYTE sig[] = { + 0x8d, 0x89, XX4, + 0x8b, 0xc2, + 0xc1, 0xe8, 0x08, + 0x88, 0x01, + 0x88, 0x51, 0x01, + 0xc6, 0x41, 0x02, 0x00}; + ULONG addr = MemDbg::findBytes(sig, sizeof(sig), processStartAddress, processStopAddress); + if (!addr) + return false; + HookParam hp; + hp.address = *(DWORD *)(addr + 2); + hp.type = DIRECT_READ; + auto succ = NewHook(hp, "dmmdrc"); + + BYTE sig2[] = { + 0x68, 0x00, 0x02, 0x00, 0x00, + 0xba, XX4, + 0xe8, XX4}; + memcpy(sig2 + 6, (void *)(addr + 2), 4); + addr = MemDbg::findBytes(sig2, sizeof(sig2), addr, addr + 0x100); + if (addr) + { + HookParam hp; + hp.address = addr + sizeof(sig2); + hp.type = USING_STRING; + hp.user_value = 0; + hp.text_fun = [](hook_stack *stack, HookParam *hp, TextBuffer *buffer, uintptr_t *split) + { + auto data = stack->edx; + auto l = strlen((char *)data); + if (hp->user_value > l) + hp->user_value = 0; + data += hp->user_value; + auto len = l - hp->user_value; + hp->user_value = l; + buffer->from(data, len); + }; + succ |= NewHook(hp, "dmmdrc2"); + } + return succ; + } +} +bool Nitroplus::attach_function() +{ + + return InsertNitroplusHook() || InsertNitroplus2Hook() || dmmdrc(); +} + +bool NitroplusSysFilter(LPVOID data, size_t *size, HookParam *) +{ + auto text = reinterpret_cast(data); + auto len = reinterpret_cast(size); + + if (*len <= 2) + return false; + + StringFilter(text, len, "\x81@", 2); + CharReplacer(text, len, '\r', ' '); + if (cpp_strnstr(text, "<", *len)) + { + StringFilterBetween(text, len, "<", 1, ">", 1); + } + while (*len > 1 && ::isspace(*text)) + { + ::memmove(text, text + 1, --(*len)); + } + + return true; +} + +bool InsertNitroplusSysHook() +{ + + /* + * Sample games: + * https://vndb.org/r76679 + */ + const BYTE bytes[] = { + 0x0F, 0x84, XX4, // je system.dll+5B8CA <- hook here + 0xEB, 0x04, // jmp system.dll+5A791 + 0x8B, 0x44, 0x24, 0x20, // mov eax,[esp+20] + 0x8B, 0x4C, 0x24, 0x24 // mov ecx,[esp+24] + }; + + HMODULE module = GetModuleHandleW(L"system.dll"); + auto [minAddress, maxAddress] = Util::QueryModuleLimits(module); + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), minAddress, maxAddress); + if (!addr) + return false; + + HookParam hp; + hp.address = addr; + hp.offset = get_reg(regs::eax); + hp.type = USING_STRING; + hp.filter_fun = NitroplusSysFilter; + return NewHook(hp, "NitroplusSystem"); +} +bool Nitroplusplus::attach_function() +{ + return InsertNitroplusSysHook(); +} \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine32/Nitroplus.h b/cpp/LunaHook/LunaHook/engine32/Nitroplus.h new file mode 100644 index 00000000..c0bad435 --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/Nitroplus.h @@ -0,0 +1,23 @@ + + +class Nitroplus:public ENGINE{ + public: + Nitroplus(){ + + check_by=CHECK_BY::FILE; + check_by_target=L"*.npa"; + }; + bool attach_function(); +}; + +class Nitroplusplus:public ENGINE{ + public: + Nitroplusplus(){ + check_by=CHECK_BY::CUSTOM; + is_engine_certain=false; + check_by_target=[](){ + return Util::SearchResourceString(L"Nitro+")&&Util::CheckFile(L"system.dll"); + }; + }; + bool attach_function(); +}; \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine32/Nitroplus2.cpp b/cpp/LunaHook/LunaHook/engine32/Nitroplus2.cpp new file mode 100644 index 00000000..7b1ef9fb --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/Nitroplus2.cpp @@ -0,0 +1,539 @@ +#include "Nitroplus2.h" + +/** + * Jazzinghen 23/05/2020: Add TokyoNecro hook + * + * [Nitroplus] 東京Necro 1.01 - Text boxes hook + * + * Hook code: HS-14*8@B5420:TokyoNecro.exe + * + * Debug method: + * Found memory location where the text was written, then used hardware break on write. + * After that found the function that writes the text in, found that the memory pointed + * contains more than just the text. Followed the call stack "upwards" until a function + * that handles only the text copy is found. + * + * Disassembled code: + * TokyoNecro.exe+B5420 - 55 - push ebp ; place to hook + * TokyoNecro.exe+B5421 - 8B EC - mov ebp,esp + * TokyoNecro.exe+B5423 - 6A FF - push -01 + * TokyoNecro.exe+B5425 - 68 E8613000 - push TokyoNecro.exe+1961E8 + * TokyoNecro.exe+B542A - 64 A1 00000000 - mov eax,fs:[00000000] + * TokyoNecro.exe+B5430 - 50 - push eax + * TokyoNecro.exe+B5431 - 64 89 25 00000000 - mov fs:[00000000],esp + * TokyoNecro.exe+B5438 - 83 EC 1C - sub esp,1C + * TokyoNecro.exe+B543B - 8B 55 08 - mov edx,[ebp+08] + * TokyoNecro.exe+B543E - 53 - push ebx + * TokyoNecro.exe+B543F - 56 - push esi + * TokyoNecro.exe+B5440 - 8B C2 - mov eax,edx + * TokyoNecro.exe+B5442 - 57 - push edi + * TokyoNecro.exe+B5443 - 8B D9 - mov ebx,ecx + * TokyoNecro.exe+B5445 - C7 45 EC 0F000000 - mov [ebp-14],0000000F + * TokyoNecro.exe+B544C - C7 45 E8 00000000 - mov [ebp-18],00000000 + * TokyoNecro.exe+B5453 - C6 45 D8 00 - mov byte ptr [ebp-28],00 + * TokyoNecro.exe+B5457 - 8D 70 01 - lea esi,[eax+01] + * TokyoNecro.exe+B545A - 8D 9B 00000000 - lea ebx,[ebx+00000000] + * TokyoNecro.exe+B5460 - 8A 08 - mov cl,[eax] + * TokyoNecro.exe+B5462 - 40 - inc eax + * TokyoNecro.exe+B5463 - 84 C9 - test cl,cl + * TokyoNecro.exe+B5465 - 75 F9 - jne TokyoNecro.exe+B5460 + * TokyoNecro.exe+B5467 - 2B C6 - sub eax,esi + * TokyoNecro.exe+B5469 - 52 - push edx + * TokyoNecro.exe+B546A - 8B F8 - mov edi,eax ▷ Search + * TokyoNecro.exe+B546C - 8D 75 D8 - lea esi,[ebp-28] | + * TokyoNecro.exe+B546F - E8 6CE1F4FF - call TokyoNecro.exe+35E0 ▷ + * + * Notes: + * + * There's more data above due to the fact that the start of the function is very + * common and it was hooking a wrong function. + * + * The text is contained into the memory location at [esp+04] when hooking the + * code at TokyoNecro.exe+B5420 + * + * If the game is hooked right at the main menu it will also catch the real time clock + * rendered there. + */ + +namespace +{ + + const BYTE funcSig[] = {0x55, 0x8b, 0xec}; + + bool TextHook() + { + + const BYTE bytecodes[] = { + 0x8B, 0xF8, // 8B F8 - mov edi,eax + 0x8D, 0x75, 0xD8, // 8D 75 D8 - lea esi,[ebp-28] + 0xE8, 0x6C, 0xE1, 0xF4, 0xFF, // E8 6CE1F4FF - call TokyoNecro.exe+35E0 + }; + ULONG addr = MemDbg::findBytes(bytecodes, sizeof(bytecodes), processStartAddress, processStopAddress); + if (addr == 0) + { + ConsoleOutput("TokyoNecro: pattern not found"); + return false; + } + + // Look for the start of the function + const ULONG function_start = MemDbg::findEnclosingAlignedFunction(addr); + if (memcmp((void *)function_start, funcSig, sizeof(funcSig)) != 0) + { + ConsoleOutput("TokyoNecro: function start not found"); + return false; + } + + HookParam hp; + hp.address = function_start; + // The memory address is held at [ebp+08] at TokyoNecro.exe+B543B, meaning that at + // the start of the function it's right above the stack pointer. Since there's no + // way to do an operation on the value of a register BEFORE dereferencing (e.g. + // (void*)(esp+4) instead of ((void*)esp)+4) we have to go up the stack instead of + // using the data in the registers + hp.offset = get_stack(1); + hp.type = USING_STRING; + ConsoleOutput("INSERT TokyoNecroText"); + return NewHook(hp, "TokyoNecroText"); + } + + /** + * [Nitroplus] 東京Necro 1.01 - Database/Encyclopedia hook + * + * Hook code: HS4*@B5380:tokyonecro.exe + * + * TokyoNecro.exe+B5380 - 55 - push ebp ; Location to hook + * TokyoNecro.exe+B5381 - 8B EC - mov ebp,esp + * TokyoNecro.exe+B5383 - 6A FF - push -01 + * TokyoNecro.exe+B5385 - 68 E8618E00 - push TokyoNecro.exe+1961E8 + * TokyoNecro.exe+B538A - 64 A1 00000000 - mov eax,fs:[00000000] + * TokyoNecro.exe+B5390 - 50 - push eax + * TokyoNecro.exe+B5391 - 64 89 25 00000000 - mov fs:[00000000],esp + * TokyoNecro.exe+B5398 - 83 EC 1C - sub esp,1C + * TokyoNecro.exe+B539B - 8B 55 08 - mov edx,[ebp+08] + * TokyoNecro.exe+B539E - 53 - push ebx + * TokyoNecro.exe+B539F - 56 - push esi + * TokyoNecro.exe+B53A0 - 8B C2 - mov eax,edx + * TokyoNecro.exe+B53A2 - 57 - push edi + * TokyoNecro.exe+B53A3 - 8B D9 - mov ebx,ecx + * TokyoNecro.exe+B53A5 - C7 45 EC 0F000000 - mov [ebp-14],0000000F + * TokyoNecro.exe+B53AC - C7 45 E8 00000000 - mov [ebp-18],00000000 + * TokyoNecro.exe+B53B3 - C6 45 D8 00 - mov byte ptr [ebp-28],00 + * TokyoNecro.exe+B53B7 - 8D 70 01 - lea esi,[eax+01] + * TokyoNecro.exe+B53BA - 8D 9B 00000000 - lea ebx,[ebx+00000000] + * TokyoNecro.exe+B53C0 - 8A 08 - mov cl,[eax] + * TokyoNecro.exe+B53C2 - 40 - inc eax + * TokyoNecro.exe+B53C3 - 84 C9 - test cl,cl + * TokyoNecro.exe+B53C5 - 75 F9 - jne TokyoNecro.exe+B53C0 + * TokyoNecro.exe+B53C7 - 2B C6 - sub eax,esi + * TokyoNecro.exe+B53C9 - 52 - push edx + * TokyoNecro.exe+B53CA - 8B F8 - mov edi,eax ▷ Search + * TokyoNecro.exe+B53CC - 8D 75 D8 - lea esi,[ebp-28] | + * TokyoNecro.exe+B53CF - E8 0CE2F4FF - call TokyoNecro.exe+35E0 ▷ + * + * + */ + + bool DatabaseHook() + { + const BYTE bytecodes[] = { + 0x8B, 0xF8, // 8B F8 - mov edi,eax + 0x8D, 0x75, 0xD8, // 8D 75 D8 - lea esi,[ebp-28] + 0xE8, 0x0C, 0xE2, 0xF4, 0xFF, // E8 6CE1F4FF - call TokyoNecro.exe+35E0 + }; + ULONG addr = MemDbg::findBytes(bytecodes, sizeof(bytecodes), processStartAddress, processStopAddress); + if (addr == 0) + { + ConsoleOutput("TokyoNecro: pattern not found"); + return false; + } + + // Look for the start of the function + const ULONG function_start = MemDbg::findEnclosingAlignedFunction(addr); + if (memcmp((void *)function_start, funcSig, sizeof(funcSig)) != 0) + { + ConsoleOutput("TokyoNecro: function start not found"); + return false; + } + + HookParam hp; + hp.address = function_start; + hp.offset = get_stack(1); + hp.type = USING_STRING; + return NewHook(hp, "TokyoNecroDatabase"); + ConsoleOutput("INSERT TokyoNecroDatabase"); + } + + bool InsertTokyoNecroHook() + { + DatabaseHook(); + return TextHook(); + } +} // namespace TokyoNecro + +bool InsertNitroPlusHook() +{ + // 機神咆吼デモンベイン + // みにくいモジカの子 + BYTE bytes[] = { + 0x55, + 0x8b, 0xec, + 0xff, 0x75, 0x10, + 0xff, 0x75, 0x0c, + 0xe8, XX, XX, 0xff, 0xff}; + BYTE bytes2[] = { + 0x55, + 0x8b, 0xec, + 0xff, 0x75, 0x0c, + 0xe8, XX, XX, 0xff, 0xff}; + auto addr1 = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStopAddress); + auto addr2 = MemDbg::findBytes(bytes2, sizeof(bytes2), processStartAddress, processStopAddress); + ConsoleOutput("NitroPlus %p", addr1); + ConsoleOutput("NitroPlus %p", addr2); + if (addr1 == 0 && addr2 == 0) + return false; + auto succ = false; + if (addr1) + { + HookParam hp; + hp.address = addr1; + hp.offset = get_stack(2); + hp.type = CODEC_UTF16; + succ |= NewHook(hp, "NitroPlus"); + } + if (addr2) + { + HookParam hp; + hp.address = addr2; + hp.offset = get_stack(2); + hp.type = CODEC_UTF16; + succ |= NewHook(hp, "NitroPlus"); + } + + return succ; +} +namespace +{ // unnamed + namespace ScenarioHook + { + + /** + * Sample game: 凍京NECRO 体験版 + * Debug step: + * 1. find the text location that does not change + * 2. Use Ollydbg to find where the text is modified + * 3. Backtrack the stack to find proper caller. + * + * Issues: It cannot extract character name. + * + * File pattern: *.npk for new "Nitroplus" (p is lower case) + * btw, *.npa for old "Nitroplus" + * + * 00CF0E6A CC INT3 + * 00CF0E6B CC INT3 + * 00CF0E6C CC INT3 + * 00CF0E6D CC INT3 + * 00CF0E6E CC INT3 + * 00CF0E6F CC INT3 + * 00CF0E70 55 PUSH EBP ; jichi: text in arg1 + * 00CF0E71 8BEC MOV EBP,ESP + * 00CF0E73 6A FF PUSH -0x1 + * 00CF0E75 68 184BDC00 PUSH .00DC4B18 + * 00CF0E7A 64:A1 00000000 MOV EAX,DWORD PTR FS:[0] + * 00CF0E80 50 PUSH EAX + * 00CF0E81 64:8925 00000000 MOV DWORD PTR FS:[0],ESP + * 00CF0E88 83EC 1C SUB ESP,0x1C + * 00CF0E8B 8B55 08 MOV EDX,DWORD PTR SS:[EBP+0x8] + * 00CF0E8E 53 PUSH EBX + * 00CF0E8F 56 PUSH ESI + * 00CF0E90 8BC2 MOV EAX,EDX + * 00CF0E92 57 PUSH EDI + * 00CF0E93 8BD9 MOV EBX,ECX + * 00CF0E95 C745 EC 0F000000 MOV DWORD PTR SS:[EBP-0x14],0xF + * 00CF0E9C C745 E8 00000000 MOV DWORD PTR SS:[EBP-0x18],0x0 + * 00CF0EA3 C645 D8 00 MOV BYTE PTR SS:[EBP-0x28],0x0 + * 00CF0EA7 8D70 01 LEA ESI,DWORD PTR DS:[EAX+0x1] + * 00CF0EAA 8D9B 00000000 LEA EBX,DWORD PTR DS:[EBX] + * 00CF0EB0 8A08 MOV CL,BYTE PTR DS:[EAX] + * 00CF0EB2 40 INC EAX + * 00CF0EB3 84C9 TEST CL,CL + * 00CF0EB5 ^75 F9 JNZ SHORT .00CF0EB0 + * 00CF0EB7 2BC6 SUB EAX,ESI + * 00CF0EB9 52 PUSH EDX + * 00CF0EBA 8BF8 MOV EDI,EAX + * 00CF0EBC 8D75 D8 LEA ESI,DWORD PTR SS:[EBP-0x28] + * 00CF0EBF E8 0C0DF5FF CALL .00C41BD0 + * 00CF0EC4 C745 FC 00000000 MOV DWORD PTR SS:[EBP-0x4],0x0 ; jichi: pattern start + * 00CF0ECB 8B8B 84030000 MOV ECX,DWORD PTR DS:[EBX+0x384] + * 00CF0ED1 8B01 MOV EAX,DWORD PTR DS:[ECX] + * 00CF0ED3 8B40 60 MOV EAX,DWORD PTR DS:[EAX+0x60] + * 00CF0ED6 8BD6 MOV EDX,ESI + * 00CF0ED8 52 PUSH EDX + * 00CF0ED9 FFD0 CALL EAX ;jichi: called here .00CAEF00 + * 00CF0EDB 837D EC 10 CMP DWORD PTR SS:[EBP-0x14],0x10 + * 00CF0EDF 5F POP EDI + * 00CF0EE0 5E POP ESI + * 00CF0EE1 5B POP EBX + * 00CF0EE2 72 0C JB SHORT .00CF0EF0 + * 00CF0EE4 8B4D D8 MOV ECX,DWORD PTR SS:[EBP-0x28] + * 00CF0EE7 51 PUSH ECX + * 00CF0EE8 E8 ED060B00 CALL .00DA15DA + * 00CF0EED 83C4 04 ADD ESP,0x4 + * 00CF0EF0 8B4D F4 MOV ECX,DWORD PTR SS:[EBP-0xC] + * 00CF0EF3 64:890D 00000000 MOV DWORD PTR FS:[0],ECX + * 00CF0EFA 8BE5 MOV ESP,EBP + * 00CF0EFC 5D POP EBP + * 00CF0EFD C2 0400 RETN 0x4 + * 00CF0F00 8B89 84030000 MOV ECX,DWORD PTR DS:[ECX+0x384] + * 00CF0F06 8B01 MOV EAX,DWORD PTR DS:[ECX] + * 00CF0F08 8B50 64 MOV EDX,DWORD PTR DS:[EAX+0x64] + * 00CF0F0B FFE2 JMP EDX + * 00CF0F0D CC INT3 + * 00CF0F0E CC INT3 + * 00CF0F0F CC INT3 + * 00CF0F10 55 PUSH EBP + * 00CF0F11 8BEC MOV EBP,ESP + * 00CF0F13 83EC 10 SUB ESP,0x10 + * 00CF0F16 8B89 84030000 MOV ECX,DWORD PTR DS:[ECX+0x384] + * 00CF0F1C 8B01 MOV EAX,DWORD PTR DS:[ECX] + * 00CF0F1E 8B80 A0000000 MOV EAX,DWORD PTR DS:[EAX+0xA0] + * 00CF0F24 8D55 F0 LEA EDX,DWORD PTR SS:[EBP-0x10] + * 00CF0F27 52 PUSH EDX + * 00CF0F28 FFD0 CALL EAX + * 00CF0F2A 8D4D F8 LEA ECX,DWORD PTR SS:[EBP-0x8] + * 00CF0F2D FF15 7482DC00 CALL DWORD PTR DS:[0xDC8274] ; _1nput1_.1007E880 + * 00CF0F33 66:0F6E45 F0 MOVD MM0,DWORD PTR SS:[EBP-0x10] + * 00CF0F38 66:0F6E4D F4 MOVD MM1,DWORD PTR SS:[EBP-0xC] + * 00CF0F3D 8B0D E046E000 MOV ECX,DWORD PTR DS:[0xE046E0] + * 00CF0F43 0F5B ??? ; Unknown command + * 00CF0F45 C0F3 0F SAL BL,0xF + * 00CF0F48 1145 F8 ADC DWORD PTR SS:[EBP-0x8],EAX + * 00CF0F4B 0F5B ??? ; Unknown command + * 00CF0F4D C9 LEAVE + * 00CF0F4E F3:0F114D FC MOVSS DWORD PTR SS:[EBP-0x4],XMM1 + * 00CF0F53 8B41 54 MOV EAX,DWORD PTR DS:[ECX+0x54] + * 00CF0F56 F3:0F1180 500100>MOVSS DWORD PTR DS:[EAX+0x150],XMM0 + * 00CF0F5E F3:0F1045 FC MOVSS XMM0,DWORD PTR SS:[EBP-0x4] + * 00CF0F63 F3:0F1180 540100>MOVSS DWORD PTR DS:[EAX+0x154],XMM0 + * 00CF0F6B 0F57C0 XORPS XMM0,XMM0 + * 00CF0F6E F3:0F1180 580100>MOVSS DWORD PTR DS:[EAX+0x158],XMM0 + * 00CF0F76 F3:0F1180 5C0100>MOVSS DWORD PTR DS:[EAX+0x15C],XMM0 + * 00CF0F7E 8BE5 MOV ESP,EBP + * 00CF0F80 5D POP EBP + * 00CF0F81 C3 RETN + * 00CF0F82 CC INT3 + * 00CF0F83 CC INT3 + * 00CF0F84 CC INT3 + * 00CF0F85 CC INT3 + * 00CF0F86 CC INT3 + * 00CF0F87 CC INT3 + * 00CF0F88 CC INT3 + * 00CF0F89 CC INT3 + * 00CF0F8A CC INT3 + * 00CF0F8B CC INT3 + * 00CF0F8C CC INT3 + * + * If the function does not work, here's the common function that performing strcpy + * 00DA8E8A CC INT3 + * 00DA8E8B CC INT3 + * 00DA8E8C CC INT3 + * 00DA8E8D CC INT3 + * 00DA8E8E CC INT3 + * 00DA8E8F CC INT3 + * 00DA8E90 55 PUSH EBP + * 00DA8E91 8BEC MOV EBP,ESP + * 00DA8E93 57 PUSH EDI + * 00DA8E94 56 PUSH ESI + * 00DA8E95 8B75 0C MOV ESI,DWORD PTR SS:[EBP+0xC] + * 00DA8E98 8B4D 10 MOV ECX,DWORD PTR SS:[EBP+0x10] + * 00DA8E9B 8B7D 08 MOV EDI,DWORD PTR SS:[EBP+0x8] + * 00DA8E9E 8BC1 MOV EAX,ECX + * 00DA8EA0 8BD1 MOV EDX,ECX + * 00DA8EA2 03C6 ADD EAX,ESI + * 00DA8EA4 3BFE CMP EDI,ESI + * 00DA8EA6 76 08 JBE SHORT .00DA8EB0 + * 00DA8EA8 3BF8 CMP EDI,EAX + * 00DA8EAA 0F82 A0010000 JB .00DA9050 + * 00DA8EB0 81F9 80000000 CMP ECX,0x80 + * 00DA8EB6 72 1C JB SHORT .00DA8ED4 + * 00DA8EB8 833D D470E000 00 CMP DWORD PTR DS:[0xE070D4],0x0 + * 00DA8EBF 74 13 JE SHORT .00DA8ED4 + * 00DA8EC1 57 PUSH EDI + * 00DA8EC2 56 PUSH ESI + * 00DA8EC3 83E7 0F AND EDI,0xF + * 00DA8EC6 83E6 0F AND ESI,0xF + * 00DA8EC9 3BFE CMP EDI,ESI + * 00DA8ECB 5E POP ESI + * 00DA8ECC 5F POP EDI + * 00DA8ECD 75 05 JNZ SHORT .00DA8ED4 + * 00DA8ECF ^E9 0E9FFFFF JMP .00DA2DE2 + * 00DA8ED4 F7C7 03000000 TEST EDI,0x3 + * 00DA8EDA 75 14 JNZ SHORT .00DA8EF0 + * 00DA8EDC C1E9 02 SHR ECX,0x2 + * 00DA8EDF 83E2 03 AND EDX,0x3 + * 00DA8EE2 83F9 08 CMP ECX,0x8 + * 00DA8EE5 72 29 JB SHORT .00DA8F10 + * 00DA8EE7 F3:A5 REP MOVS DWORD PTR ES:[EDI],DWORD PTR DS:[ESI] ; jichi: modified here + * 00DA8EE9 FF2495 0090DA00 JMP DWORD PTR DS:[EDX*4+0xDA9000] + * 00DA8EF0 8BC7 MOV EAX,EDI + * 00DA8EF2 BA 03000000 MOV EDX,0x3 + * 00DA8EF7 83E9 04 SUB ECX,0x4 + * 00DA8EFA 72 0C JB SHORT .00DA8F08 + * 00DA8EFC 83E0 03 AND EAX,0x3 + * 00DA8EFF 03C8 ADD ECX,EAX + * 00DA8F01 FF2485 148FDA00 JMP DWORD PTR DS:[EAX*4+0xDA8F14] + * 00DA8F08 FF248D 1090DA00 JMP DWORD PTR DS:[ECX*4+0xDA9010] + * 00DA8F0F 90 NOP + * 00DA8F10 FF248D 948FDA00 JMP DWORD PTR DS:[ECX*4+0xDA8F94] + * 00DA8F17 90 NOP + * 00DA8F18 24 8F AND AL,0x8F + * 00DA8F1A DA00 FIADD DWORD PTR DS:[EAX] + * 00DA8F1C 50 PUSH EAX + * 00DA8F1D 8F ??? ; Unknown command + * 00DA8F1E DA00 FIADD DWORD PTR DS:[EAX] + * 00DA8F20 ^74 8F JE SHORT .00DA8EB1 + * 00DA8F22 DA00 FIADD DWORD PTR DS:[EAX] + * 00DA8F24 23D1 AND EDX,ECX + * 00DA8F26 8A06 MOV AL,BYTE PTR DS:[ESI] + * 00DA8F28 8807 MOV BYTE PTR DS:[EDI],AL + * 00DA8F2A 8A46 01 MOV AL,BYTE PTR DS:[ESI+0x1] + * 00DA8F2D 8847 01 MOV BYTE PTR DS:[EDI+0x1],AL + * 00DA8F30 8A46 02 MOV AL,BYTE PTR DS:[ESI+0x2] + * 00DA8F33 C1E9 02 SHR ECX,0x2 + * 00DA8F36 8847 02 MOV BYTE PTR DS:[EDI+0x2],AL + * 00DA8F39 83C6 03 ADD ESI,0x3 + * 00DA8F3C 83C7 03 ADD EDI,0x3 + * 00DA8F3F 83F9 08 CMP ECX,0x8 + * 00DA8F42 ^72 CC JB SHORT .00DA8F10 + * 00DA8F44 F3:A5 REP MOVS DWORD PTR ES:[EDI],DWORD PTR DS:[ESI] + * 00DA8F46 FF2495 0090DA00 JMP DWORD PTR DS:[EDX*4+0xDA9000] + * 00DA8F4D 8D49 00 LEA ECX,DWORD PTR DS:[ECX] + * 00DA8F50 23D1 AND EDX,ECX + * 00DA8F52 8A06 MOV AL,BYTE PTR DS:[ESI] + * 00DA8F54 8807 MOV BYTE PTR DS:[EDI],AL + * 00DA8F56 8A46 01 MOV AL,BYTE PTR DS:[ESI+0x1] + * 00DA8F59 C1E9 02 SHR ECX,0x2 + * 00DA8F5C 8847 01 MOV BYTE PTR DS:[EDI+0x1],AL + * 00DA8F5F 83C6 02 ADD ESI,0x2 + * 00DA8F62 83C7 02 ADD EDI,0x2 + * 00DA8F65 83F9 08 CMP ECX,0x8 + * 00DA8F68 ^72 A6 JB SHORT .00DA8F10 + * 00DA8F6A F3:A5 REP MOVS DWORD PTR ES:[EDI],DWORD PTR DS:[ESI] + * 00DA8F6C FF2495 0090DA00 JMP DWORD PTR DS:[EDX*4+0xDA9000] + * 00DA8F73 90 NOP + * 00DA8F74 23D1 AND EDX,ECX + * 00DA8F76 8A06 MOV AL,BYTE PTR DS:[ESI] + * 00DA8F78 8807 MOV BYTE PTR DS:[EDI],AL + * 00DA8F7A 83C6 01 ADD ESI,0x1 + * 00DA8F7D C1E9 02 SHR ECX,0x2 + * 00DA8F80 83C7 01 ADD EDI,0x1 + * 00DA8F83 83F9 08 CMP ECX,0x8 + * 00DA8F86 ^72 88 JB SHORT .00DA8F10 + * 00DA8F88 F3:A5 REP MOVS DWORD PTR ES:[EDI],DWORD PTR DS:[ESI] + * 00DA8F8A FF2495 0090DA00 JMP DWORD PTR DS:[EDX*4+0xDA9000] + * 00DA8F91 8D49 00 LEA ECX,DWORD PTR DS:[ECX] + * 00DA8F94 F7 ??? ; Unknown command + * 00DA8F95 8F ??? ; Unknown command + * 00DA8F96 DA00 FIADD DWORD PTR DS:[EAX] + * 00DA8F98 E4 8F IN AL,0x8F ; I/O command + * 00DA8F9A DA00 FIADD DWORD PTR DS:[EAX] + * 00DA8F9C DC8F DA00D48F FMUL QWORD PTR DS:[EDI+0x8FD400DA] + * 00DA8FA2 DA00 FIADD DWORD PTR DS:[EAX] + * 00DA8FA4 CC INT3 + * 00DA8FA5 8F ??? ; Unknown command + * 00DA8FA6 DA00 FIADD DWORD PTR DS:[EAX] + * 00DA8FA8 C48F DA00BC8F LES ECX,FWORD PTR DS:[EDI+0x8FBC00DA] ; Modification of segment register + * 00DA8FAE DA00 FIADD DWORD PTR DS:[EAX] + * 00DA8FB0 B4 8F MOV AH,0x8F + * + */ + bool attach(ULONG startAddress, ULONG stopAddress) // attach scenario + { + const uint8_t bytes[] = { + 0xc7, 0x45, 0xfc, 0x00, 0x00, 0x00, 0x00, // 00cf0ec4 c745 fc 00000000 mov dword ptr ss:[ebp-0x4],0x0 ; jichi: pattern start + 0x8b, 0x8b, 0x84, 0x03, 0x00, 0x00, // 00cf0ecb 8b8b 84030000 mov ecx,dword ptr ds:[ebx+0x384] + 0x8b, 0x01, // 00cf0ed1 8b01 mov eax,dword ptr ds:[ecx] + 0x8b, 0x40, 0x60, // 00cf0ed3 8b40 60 mov eax,dword ptr ds:[eax+0x60] + 0x8b, 0xd6, // 00cf0ed6 8bd6 mov edx,esi + 0x52, // 00cf0ed8 52 push edx + 0xff, 0xd0 // 00cf0ed9 ffd0 call eax ;jichi: called here .00caef00 + }; + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), startAddress, stopAddress); + if (!addr) + return false; + addr = MemDbg::findEnclosingAlignedFunction(addr); + if (!addr) + return false; + HookParam hp; + hp.address = addr; + hp.offset = get_stack(1); + hp.type = USING_STRING | EMBED_ABLE | EMBED_AFTER_NEW | EMBED_DYNA_SJIS; + hp.filter_fun = all_ascii_Filter; + return NewHook(hp, "EmbedNitroplus"); + } + + } // namespace ScenarioHook +} // unnamed namespace + +namespace +{ + bool sayanouta() + { + // 沙耶の唄 The Best 10対応DL版 + char tolang[] = "string too long"; + auto tolangaddr = MemDbg::findBytes(tolang, sizeof(tolang), processStartAddress, processStopAddress); + auto lower = processStartAddress; + auto succ = false; + while (true) + { + auto addrX = MemDbg::findPushAddress(tolangaddr, lower, processStopAddress); + if (addrX == 0) + break; + lower = addrX + 0x100; + + const uint8_t bytes[] = { + 0x55, 0x8b, 0xec, + 0x53, 0x8b, 0x5d, 0x08, + 0x56, 0x8b, 0xf1, + 0x85, 0xdb, + 0x74, XX, + 0x8b, 0x4e, 0x14, + 0x83, 0xf9, 0x10, + 0x72, 0x04, + 0x8b, 0x06, + 0xeb, 0x02}; + + ULONG addr = reverseFindBytes(bytes, sizeof(bytes), addrX - 0x200, addrX); + if (!addr) + continue; + HookParam hp; + hp.address = addr; + hp.type = USING_STRING | CODEC_UTF8 | NO_CONTEXT; + hp.text_fun = [](hook_stack *stack, HookParam *hp, TextBuffer *buffer, uintptr_t *split) + { + auto refaddr = stack->retaddr - (DWORD)GetModuleHandle(0); + if (refaddr < 0xb0000 || refaddr > 0xb1000) + return; + buffer->from(stack->stack[1], stack->stack[2]); + }; + hp.filter_fun = [](void *data, size_t *len, HookParam *hp) + { + static const std::regex rx("#\\{(.*?)\\}(.*?)#", std::regex_constants::icase); + std::string result = std::string((char *)data, *len); + result = std::regex_replace(result, rx, "$2"); + strReplace(result, u8" \n", ""); + strReplace(result, u8"\n", ""); + return write_string_overwrite(data, len, result); + }; + succ |= NewHook(hp, "sayanouta"); + } + return succ; + } +} +bool Nitroplus2::attach_function() +{ + bool embed = ScenarioHook::attach(processStartAddress, processStopAddress); + bool b = InsertNitroPlusHook(); + bool b2 = (Util::SearchResourceString(L"TOKYONECRO")) && InsertTokyoNecroHook(); + b2 |= sayanouta(); + return b || b2 || embed; +} \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine32/Nitroplus2.h b/cpp/LunaHook/LunaHook/engine32/Nitroplus2.h new file mode 100644 index 00000000..b1e4411d --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/Nitroplus2.h @@ -0,0 +1,12 @@ + + +class Nitroplus2:public ENGINE{ + public: + Nitroplus2(){ + + check_by=CHECK_BY::FILE; + check_by_target=L"*.npk"; + is_engine_certain=false; + }; + bool attach_function(); +}; \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine32/ONScripterru.cpp b/cpp/LunaHook/LunaHook/engine32/ONScripterru.cpp new file mode 100644 index 00000000..d5f232a2 --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/ONScripterru.cpp @@ -0,0 +1,142 @@ +#include"ONScripterru.h" +void ONScripterruCommonFilter(char *text, size_t *len) +{ + StringCharReplacer(text, len, "{n}", 3, ' '); + + if (cpp_strnstr(text, "{c:", *len)) { + StringFilterBetween(text, len, "{c:", 3, ":", 1); + } + if (cpp_strnstr(text, "{e:", *len)) { + StringFilterBetween(text, len, "{e:", 3, ":", 1); + } + if (cpp_strnstr(text, "{f:", *len)) { + StringFilterBetween(text, len, "{f:", 3, ":", 1); + } + if (cpp_strnstr(text, "{i:", *len)) { + StringFilter(text, len, "{i:", 3); + } + if (cpp_strnstr(text, "{p:", *len)) { + StringFilterBetween(text, len, "{p:", 3, "}", 1); + } + CharFilter(text, len, '}'); + + if (cpp_strnstr(text, "[", *len)) { + StringFilterBetween(text, len, "[", 1, "]", 1); + } + +} + +bool ONScripterru1Filter(LPVOID data, size_t *size, HookParam *) +{ + auto text = reinterpret_cast(data); + auto len = reinterpret_cast(size); + + if ( *len == 0 || text[0] == ':' || text[1] == '{') + return false; + + ONScripterruCommonFilter(text, len); + CharFilter(text, len, '`'); + + return true; +} + +bool InsertONScripterruHook1() +{ + + /* + * Sample games: + * Umineko Project (all text displayed) + */ + const BYTE bytes[] = { + 0x90, // nop + 0x55, // push ebp << hook here + 0x57, // push edi + 0x31, 0xED, // xor ebp,ebp + 0x56, // push esi + 0x53, // push ebx + 0x83, 0xEC, 0x3C // sub esp,3C + }; + + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStopAddress); + if (!addr) { + ConsoleOutput("ONScripter-RU 1: pattern not found"); + return false; + } + + HookParam hp; + hp.address = addr + 1; + hp.offset=get_reg(regs::eax); + hp.type = USING_STRING | CODEC_UTF8; + hp.filter_fun = ONScripterru1Filter; + ConsoleOutput("INSERT ONScripter-RU 1"); + return NewHook(hp, "ONScripter-RU1"); + +} + +void StringBetween(char *str, size_t *size, const char *fr, size_t frlen, const char *to, size_t tolen) +{ + size_t len = *size, + curlen; + + char *start = cpp_strnstr(str, fr, len); + if (!*start) + return; + //start += frlen; + char *end = cpp_strnstr((start += frlen), to, len - (start - str)); + if (!*end) + return; + ::memmove(str, start, end - start); + + *size = end - start; + //str[*size] = '\0'; +} + +bool ONScripterru2Filter(LPVOID data, size_t *size, HookParam *) +{ + auto text = reinterpret_cast(data); + auto len = reinterpret_cast(size); + + StringBetween(text, len, "`", 1, "`", 1); + + ONScripterruCommonFilter(text, len); + + return true; +} + +bool InsertONScripterruHook2() +{ + + /* + * Sample games: + * Umineko Project (partial text displayed) + */ + const BYTE bytes[] = { + 0x0F, 0xB6, 0x04, 0x18, // movzx eax,byte ptr [eax+ebx] << hook here + 0x89, 0x74, 0x24, 0x04, // mov [esp+04],esi + 0x43, // inc ebx + 0x89, 0x44, 0x24, 0x08 // mov [esp+08],eax + }; + + ULONG range = min(processStopAddress - processStartAddress, MAX_REL_ADDR); + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStartAddress + range); + if (!addr) { + ConsoleOutput("ONScripter-RU 2: pattern not found"); + return false; + } + + HookParam hp; + hp.address = addr; + hp.offset=get_reg(regs::eax); + hp.split =get_reg(regs::esi); + hp.type = USING_STRING | CODEC_UTF8 | USING_SPLIT | KNOWN_UNSTABLE; + //hp.type = USING_STRING | CODEC_UTF8 | USING_SPLIT; + hp.filter_fun = ONScripterru2Filter; + ConsoleOutput("INSERT ONScripter-RU 2"); + return NewHook(hp, "ONScripter-RU2"); +} + +bool ONScripterru::attach_function() { + + bool ok = InsertONScripterruHook1(); + return InsertONScripterruHook2() || ok; +} \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine32/ONScripterru.h b/cpp/LunaHook/LunaHook/engine32/ONScripterru.h new file mode 100644 index 00000000..06e7df83 --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/ONScripterru.h @@ -0,0 +1,11 @@ + + +class ONScripterru:public ENGINE{ + public: + ONScripterru(){ + + check_by=CHECK_BY::CUSTOM; + check_by_target=[](){return Util::SearchResourceString(L"ONScripter-RU") || Util::SearchResourceString(L"onscripter-ru.exe");}; + }; + bool attach_function(); +}; \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine32/OVERDRIVE.cpp b/cpp/LunaHook/LunaHook/engine32/OVERDRIVE.cpp new file mode 100644 index 00000000..60c2c3aa --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/OVERDRIVE.cpp @@ -0,0 +1,27 @@ +#include"OVERDRIVE.h" + + +bool OVERDRIVE::attach_function() { + //エーデルワイス + const BYTE bytes[] = { + 0x56, + 0x57, + 0x8b,0x7c,0x24,0x0c, + 0x32,0xc0, + 0x85,0xff, + 0x8b,0xf1, + 0x0f,0x84,XX,0x00,0x00,0x00, + }; + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStopAddress); + + if (!addr) return false; + HookParam hp; + hp.address = addr ; + hp.offset=get_stack(1); + hp.type = USING_STRING; + hp.filter_fun=[](void* data, size_t* len, HookParam* hp){ + StringFilter((char*)data, len, "\\p\\l", 4); + return true; + }; + return NewHook(hp, "OVERDRIVE"); +} \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine32/OVERDRIVE.h b/cpp/LunaHook/LunaHook/engine32/OVERDRIVE.h new file mode 100644 index 00000000..4bbb36a8 --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/OVERDRIVE.h @@ -0,0 +1,11 @@ + + +class OVERDRIVE:public ENGINE{ + public: + OVERDRIVE(){ + is_engine_certain=false; + check_by=CHECK_BY::FILE_ALL; + check_by_target=check_by_list{L"DATA\\bgm.vfa",L"DATA\\grp.vfa",L"DATA\\SCR.arc",L"DATA\\snd.vfa"}; + }; + bool attach_function(); +}; \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine32/Ohgetsu.cpp b/cpp/LunaHook/LunaHook/engine32/Ohgetsu.cpp new file mode 100644 index 00000000..0e6252ca --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/Ohgetsu.cpp @@ -0,0 +1,173 @@ +#include"Ohgetsu.h" + +namespace{ +bool hook1() { + //Silvery White ~君と出逢った理由~ + const BYTE bytes[] = { + 0x8b,XX,0x10, + 0x8b,XX,0x0C, + 0x8b,XX,0x08, + 0x8b,XX, + 0xc1,XX,02, + 0xf3,0xa5, + 0x8b,XX, + 0x83,XX,0x03, + 0xf3,0xa4, + 0x8b,XX,0x08, + 0x03,XX,0x10, + 0xC6,XX,0x00 + }; + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStopAddress); + + if (!addr) return false; + addr= MemDbg::findEnclosingAlignedFunction(addr); + if (!addr) return false; + HookParam hp; + hp.address = addr ; + hp.offset=get_stack(2); + hp.type = USING_STRING; + hp.text_fun = [](hook_stack *stack, HookParam *hp, TextBuffer *buffer, uintptr_t *split) { + auto text = (LPCSTR)stack->stack[2]; + auto size = stack->stack[3]; + *split = stack->stack[0]; + buffer->from(text, size); + }; + return NewHook(hp, "Ohgetsu"); +} +bool hook2() { + //Palmyra ~熱砂の海と美なる戦姫~ + const BYTE bytes[] = { + 0x8b,XX,0x08, + 0x0f,XX,0x08, + 0xC1,XX,0x08, + 0x8b,XX,0x08, + 0x0f,0xb6,0x42,0x01, + 0x0b,XX, + + }; + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStopAddress); + + if (!addr) return false; + addr= MemDbg::findEnclosingAlignedFunction(addr); + if (!addr) return false; + HookParam hp; + hp.address = addr ; + hp.offset=get_stack(1); + hp.type = USING_STRING; + hp.text_fun = [](hook_stack *stack, HookParam *hp, TextBuffer *buffer, uintptr_t *split) { + *split = stack->stack[0]; + buffer->from(stack->stack[1], stack->stack[2]); + }; + return NewHook(hp, "Ohgetsu"); +} +bool _3(){ + //それは舞い散る桜のように FullEffect + auto addr = MemDbg::findCallerAddress((DWORD)GetGlyphOutlineA,0xec81, processStartAddress, processStopAddress); + if (!addr) { return false; } + + //reladdr = 0x48ff0; + //reladdr = 0x48ff3; + HookParam hp; + hp.address = addr ; + hp.offset=get_stack(1); + hp.type = CODEC_ANSI_BE; + + return NewHook(hp, "Basil"); +} +bool _4(){ + //それは舞い散る桜のように FullEffect + const BYTE bytes[] = { + 0x3D,0x00,0x02,0xFF,0xFF, + XX2, + 0x3D,0x01,0x02,0xFF,0xFF, + XX2, + 0x3D,0x02,0x02,0xFF,0xFF, + XX2, + + }; + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStopAddress); + + if (!addr) return false; + addr= MemDbg::findEnclosingAlignedFunction(addr); + if (!addr) return false; + HookParam hp; + hp.address = addr ; + hp.offset=get_stack(2); + hp.type = USING_STRING|EMBED_ABLE|EMBED_AFTER_NEW|EMBED_DYNA_SJIS; + hp.hook_font=F_GetGlyphOutlineA; + return NewHook(hp, "Basil2"); +} +} +namespace{ +bool _5(){ + //仰せのままに★ご主人様! + const BYTE bytes[] = { + //memset(&byte_562568, 0, 0x20u); + //memset(byte_562588, 0, sizeof(byte_562588)); ->RS@562588 + 0x6a,0x20, + 0x6a,0x00, + 0x68,XX4, + 0xe8,XX4, + 0x83,0xc4,0x0c, + 0x68,0x40,0x01,0x00,0x00, + 0x6a,0x00, + 0x68,XX4, + 0xe8,XX4 + }; + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStopAddress); + + if (!addr) return false; + addr=*(DWORD*)(addr+25); + if(IsBadReadPtr((LPVOID)addr,10)!=0)return false; + HookParam hp; + hp.address=addr; + hp.type=DIRECT_READ; + hp.filter_fun=[](LPVOID data, size_t* size, HookParam*){ + auto text = reinterpret_cast(data); + auto len = reinterpret_cast(size); + StringCharReplacer(text, len, "||", 2, '\n'); + return true; + }; + return NewHook(hp,"Ohgetsu"); +} +bool _6(){ + //仰せのままに★ご主人様! + //这个有人名,上面那个只有文本 + const BYTE bytes[] = { + 0x6a,0x46, + 0x8b,0x4d,0xf4, + 0x6b,0xc9,0x46, + 0x81,0xc1,XX4, + 0x51, + 0x8b,0x55,0xf4, + 0x83,0xea,0x05, + 0x6b,0xd2,0x46, + 0x81,0xc2,XX4, + 0x52, + 0xe8 + }; + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStopAddress); + if (!addr) return false; + addr = findfuncstart(addr); + if (!addr)return false; + HookParam hp; + hp.address=addr; + hp.type=USING_STRING; + hp.length_offset=2; + hp.offset=get_stack(1); + hp.filter_fun=[](LPVOID data, size_t* size, HookParam*){ + auto text = reinterpret_cast(data); + auto len = reinterpret_cast(size); + StringCharReplacer(text, len, "||", 2, '\n'); + return true; + }; + return NewHook(hp,"Ohgetsu"); +} +bool _7(){ + return _6()||_5(); +} +} +bool Ohgetsu::attach_function() { + bool ok=_4(); + return hook1()||hook2()||_7()||_3()||ok; +} \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine32/Ohgetsu.h b/cpp/LunaHook/LunaHook/engine32/Ohgetsu.h new file mode 100644 index 00000000..450f630b --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/Ohgetsu.h @@ -0,0 +1,13 @@ + + +class Ohgetsu:public ENGINE{ + public: + Ohgetsu(){ + is_engine_certain=false; + check_by=CHECK_BY::FILE_ALL; + //check_by_target=check_by_list{L"script.pac",L"se.pac",L"visual.pac",L"voice.pac",L"music.pac",L"mov00001.mpg"}; + //それは舞い散る桜のように FullEffect + check_by_target=check_by_list{L"script.pac",L"se.pac",L"visual.pac",L"voice*.pac"};//,L"music.pac",L"mov00001.mpg"}; + }; + bool attach_function(); +}; \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine32/Onscripter.cpp b/cpp/LunaHook/LunaHook/engine32/Onscripter.cpp new file mode 100644 index 00000000..e7da9e3c --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/Onscripter.cpp @@ -0,0 +1,43 @@ +#include "Onscripter.h" + +namespace +{ + // Monster Girl Quest Remastered + + bool hook2() + { + BYTE bytes[] = { + 0x8b, 0xbe, XX2, 0x00, 0x00, + 0x80, 0x3c, 0x07, 0x00, + 0x8d, 0x1c, 0x07, + 0x75, XX, + 0x8b, 0xce, + 0xe8, XX4}; + auto addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStopAddress); + if (!addr) + return false; + HookParam hp; + hp.address = addr; + hp.offset = get_reg(regs::eax); + hp.type = USING_STRING | CODEC_UTF8; + hp.filter_fun = [](LPVOID data, size_t *size, HookParam *) + { + auto xx = std::string((char *)data, *size); + static std::string last; + if (xx == last) + return false; + last = xx; + strReplace(xx, "@", ""); + strReplace(xx, "\\", ""); + strReplace(xx, "_", "\n"); + strReplace(xx, "/", ""); + // # ( ) < 代码里,但C了一会儿没遇到,不管了先 + return write_string_overwrite(data, size, xx); + }; + return NewHook(hp, "onscripter"); + } +} +bool Onscripter::attach_function() +{ + return hook2(); +} \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine32/Onscripter.h b/cpp/LunaHook/LunaHook/engine32/Onscripter.h new file mode 100644 index 00000000..13e3d4eb --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/Onscripter.h @@ -0,0 +1,14 @@ + + +class Onscripter : public ENGINE +{ +public: + Onscripter() + { + + check_by = CHECK_BY::FILE; + check_by_target = L"arc.nsa"; + is_engine_certain = false; + }; + bool attach_function(); +}; \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine32/Overflow.cpp b/cpp/LunaHook/LunaHook/engine32/Overflow.cpp new file mode 100644 index 00000000..659f36e8 --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/Overflow.cpp @@ -0,0 +1,99 @@ +#include"Overflow.h" + +bool InsertSekaiProject1Hook() +{ + + /* + * Sample games: + * https://vndb.org/v1193 + */ + const BYTE bytes[] = { + 0xCC, // int 3 + 0x83, 0xEC, 0x10, // sub esp,10 << hook here + 0x8B, 0x44, 0x24, 0x14, // mov eax,[esp+14] + 0x53, // push ebx + 0x56, // push esi + 0x50, // push eax + 0x8B, 0xD9 // mov ebx,ecx + }; + + ULONG range = min(processStopAddress - processStartAddress, MAX_REL_ADDR); + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStartAddress + range); + if (!addr) { + ConsoleOutput("SekaiProject1: pattern not found"); + return false; + } + + HookParam hp; + hp.address = addr + 1; + hp.offset=get_stack(1); + hp.type = CODEC_UTF16 | USING_STRING | NO_CONTEXT; + ConsoleOutput("INSERT SekaiProject1"); + return NewHook(hp, "SekaiProject1"); +} + +bool InsertSekaiProject2Hook() +{ + + /* + * Sample games: + * https://vndb.org/r21174 + */ + const BYTE bytes[] = { + 0xC7, 0x45, 0xDC, 0x00, 0x00, 0x00, 0x00, // mov [ebp-24],00000000 << hook here + 0xEB, 0x09, // jmp "SCHOOLDAYS HQ.exe"+4C821 + 0x8B, 0x45, 0xDC, // mov eax,[ebp-24] + 0x83, 0xC0, 0x01, // add eax,01 + 0x89, 0x45, 0xDC // mov [ebp-24],eax + }; + + ULONG range = min(processStopAddress - processStartAddress, MAX_REL_ADDR); + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStartAddress + range); + if (!addr) { + ConsoleOutput("SekaiProject2: pattern not found"); + return false; + } + + HookParam hp; + hp.address = addr; + hp.offset=get_stack(21); + hp.type = CODEC_UTF16 | USING_STRING | NO_CONTEXT; + ConsoleOutput("INSERT SekaiProject2"); + return NewHook(hp, "SekaiProject2"); +} + +bool InsertSekaiProject3Hook() +{ + + /* + * Sample games: + * https://vndb.org/r39989 + */ + const BYTE bytes[] = { + 0xCC, // int 3 + 0x8B, 0x44, 0x24, 0x04, // mov eax,[esp+04] << hook here + 0x83, 0xEC, 0x14, // sub esp,14 + 0x55, // push ebp + 0x56, // push esi + 0x57, // push edi + 0x8B, 0xF9 // mov edi,ecx + }; + + ULONG range = min(processStopAddress - processStartAddress, MAX_REL_ADDR); + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStartAddress + range); + if (!addr) { + ConsoleOutput("SekaiProject3: pattern not found"); + return false; + } + + HookParam hp; + hp.address = addr + 1; + hp.offset=get_stack(1); + hp.type = CODEC_UTF16 | USING_STRING | NO_CONTEXT; + ConsoleOutput("INSERT SekaiProject3"); + return NewHook(hp, "SekaiProject3"); +} + +bool Overflow::attach_function() +{ return InsertSekaiProject1Hook() || InsertSekaiProject2Hook() || InsertSekaiProject3Hook();} + \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine32/Overflow.h b/cpp/LunaHook/LunaHook/engine32/Overflow.h new file mode 100644 index 00000000..36158946 --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/Overflow.h @@ -0,0 +1,11 @@ + + +class Overflow:public ENGINE{ + public: + Overflow(){ + is_engine_certain=false; + check_by=CHECK_BY::FILE_ALL; + check_by_target=check_by_list{L"Packs/*.GPK"}; + }; + bool attach_function(); +}; \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine32/PCSX2.cpp b/cpp/LunaHook/LunaHook/engine32/PCSX2.cpp new file mode 100644 index 00000000..ed14a288 --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/PCSX2.cpp @@ -0,0 +1,1042 @@ +#include"PCSX2.h" + +#include"ppsspp/psputils.hpp" +/** 7/19/2014 jichi + * Tested game: Fate/stay night [Realta Nua] + * + * Fixed memory address. + * Text is incrementally increased. + * + * Debug method: Debug next text location at \0. + * There are three locations that are OK to hook. + * The first one is used. + * + * Runtime stack: + * 0dc1f7e0 055be7c0 + * 0dc1f7e4 023105b0 pcsx2.023105b0 + * 0dc1f7e8 0dc1f804 + * 0dc1f7ec 023a406b pcsx2.023a406b + * 0dc1f7f0 00000000 + * 0dc1f7f4 000027e5 + * + * 305a5424 2b05 809e9500 sub eax,dword ptr ds:[0x959e80] + * 305a542a 0f88 05000000 js 305a5435 + * 305a5430 -e9 cbebdfd1 jmp pcsx2.023a4000 + * 305a5435 8b0d 20ac9600 mov ecx,dword ptr ds:[0x96ac20] + * 305a543b 89c8 mov eax,ecx + * 305a543d c1e8 0c shr eax,0xc + * 305a5440 8b0485 30009e12 mov eax,dword ptr ds:[eax*4+0x129e0030] + * 305a5447 bb 57545a30 mov ebx,0x305a5457 + * 305a544c 01c1 add ecx,eax + * 305a544e -0f88 ecbcd7d1 js pcsx2.02321140 + * 305a5454 0fbe01 movsx eax,byte ptr ds:[ecx] ; jichi: hook here + * 305a5457 99 cdq + * 305a5458 a3 f0ab9600 mov dword ptr ds:[0x96abf0],eax + * 305a545d 8915 f4ab9600 mov dword ptr ds:[0x96abf4],edx + * 305a5463 a1 40ac9600 mov eax,dword ptr ds:[0x96ac40] + * 305a5468 3b05 f0ab9600 cmp eax,dword ptr ds:[0x96abf0] + * 305a546e 75 11 jnz short 305a5481 + * 305a5470 a1 44ac9600 mov eax,dword ptr ds:[0x96ac44] + * 305a5475 3b05 f4ab9600 cmp eax,dword ptr ds:[0x96abf4] + * 305a547b 0f84 3a000000 je 305a54bb + * 305a5481 8305 00ac9600 24 add dword ptr ds:[0x96ac00],0x24 + * 305a5488 9f lahf + * 305a5489 66:c1f8 0f sar ax,0xf + * 305a548d 98 cwde + * 305a548e a3 04ac9600 mov dword ptr ds:[0x96ac04],eax + * 305a5493 c705 a8ad9600 6c>mov dword ptr ds:[0x96ada8],0x10e26c + * 305a549d a1 c0ae9600 mov eax,dword ptr ds:[0x96aec0] + * 305a54a2 83c0 04 add eax,0x4 + * + * 3038c78e -0f88 ac4af9d1 js pcsx2.02321240 + * 3038c794 8911 mov dword ptr ds:[ecx],edx + * 3038c796 8b0d 60ab9600 mov ecx,dword ptr ds:[0x96ab60] + * 3038c79c 89c8 mov eax,ecx + * 3038c79e c1e8 0c shr eax,0xc + * 3038c7a1 8b0485 30009e12 mov eax,dword ptr ds:[eax*4+0x129e0030] + * 3038c7a8 bb b8c73830 mov ebx,0x3038c7b8 + * 3038c7ad 01c1 add ecx,eax + * 3038c7af -0f88 8b49f9d1 js pcsx2.02321140 + * 3038c7b5 0fbe01 movsx eax,byte ptr ds:[ecx] ; jichi: or hook here + * 3038c7b8 99 cdq + * 3038c7b9 a3 e0ab9600 mov dword ptr ds:[0x96abe0],eax + * 3038c7be 8915 e4ab9600 mov dword ptr ds:[0x96abe4],edx + * 3038c7c4 c705 20ab9600 00>mov dword ptr ds:[0x96ab20],0x0 + * 3038c7ce c705 24ab9600 00>mov dword ptr ds:[0x96ab24],0x0 + * 3038c7d8 c705 f0ab9600 25>mov dword ptr ds:[0x96abf0],0x25 + * 3038c7e2 c705 f4ab9600 00>mov dword ptr ds:[0x96abf4],0x0 + * 3038c7ec 833d e0ab9600 25 cmp dword ptr ds:[0x96abe0],0x25 + * 3038c7f3 75 0d jnz short 3038c802 + * 3038c7f5 833d e4ab9600 00 cmp dword ptr ds:[0x96abe4],0x0 + * 3038c7fc 0f84 34000000 je 3038c836 + * 3038c802 31c0 xor eax,eax + * + * 304e1a0a 8b0d 40ab9600 mov ecx,dword ptr ds:[0x96ab40] + * 304e1a10 89c8 mov eax,ecx + * 304e1a12 c1e8 0c shr eax,0xc + * 304e1a15 8b0485 30009e12 mov eax,dword ptr ds:[eax*4+0x129e0030] + * 304e1a1c bb 2c1a4e30 mov ebx,0x304e1a2c + * 304e1a21 01c1 add ecx,eax + * 304e1a23 -0f88 17f7e3d1 js pcsx2.02321140 + * 304e1a29 0fbe01 movsx eax,byte ptr ds:[ecx] ; jichi: or hook here + * 304e1a2c 99 cdq + * 304e1a2d a3 f0ab9600 mov dword ptr ds:[0x96abf0],eax + * 304e1a32 8915 f4ab9600 mov dword ptr ds:[0x96abf4],edx + * 304e1a38 a1 f0ab9600 mov eax,dword ptr ds:[0x96abf0] + * 304e1a3d 3b05 d0ab9600 cmp eax,dword ptr ds:[0x96abd0] + * 304e1a43 75 11 jnz short 304e1a56 + * 304e1a45 a1 f4ab9600 mov eax,dword ptr ds:[0x96abf4] + * 304e1a4a 3b05 d4ab9600 cmp eax,dword ptr ds:[0x96abd4] + * 304e1a50 0f84 3c000000 je 304e1a92 + * 304e1a56 a1 f0ab9600 mov eax,dword ptr ds:[0x96abf0] + * 304e1a5b 83c0 d0 add eax,-0x30 + * 304e1a5e 99 cdq + */ +namespace { // unnamed +bool _typemoongarbage_ch(char c) +{ + return c == '%' || c == '.' || c == ' ' || c == ',' + || c >= '0' && c <= '9' + || c >= 'A' && c <= 'z'; // also ignore ASCII 91-96: [ \ ] ^ _ ` +} + +// Trim leading garbage +LPCSTR _typemoonltrim(LPCSTR p) +{ + enum { MAX_LENGTH = VNR_TEXT_CAPACITY }; + if (p && p[0] == '%') + for (int count = 0; *p && count < MAX_LENGTH; count++, p++) + if (!_typemoongarbage_ch(*p)) + return p; + return nullptr; +} + +// Remove trailing garbage such as %n +size_t _typemoonstrlen(LPCSTR text) +{ + size_t len = ::strlen(text); + size_t ret = len; + while (len && _typemoongarbage_ch(text[len - 1])) { + len--; + if (text[len] == '%') + ret = len; + } + return ret; +} + +} // unnamed namespace + +// Use last text size to determine +static void SpecialPS2HookTypeMoon(hook_stack *stack, HookParam *hp, TextBuffer *buffer, uintptr_t *split) +{ + static LPCSTR lasttext; // this value should be the same for the same game + static size_t lastsize; + + LPCSTR cur = LPCSTR(stack->ecx); + if (!*cur) + return; + + LPCSTR text = reverse_search_begin(cur); + if (!text) + return; + //text = _typemoonltrim(text); + if (lasttext != text) { + lasttext = text; + lastsize = 0; // reset last size + } + + size_t size = ::strlen(text); + if (size == lastsize) + return; + if (size > lastsize) // incremental + text += lastsize; + lastsize = size; + + text = _typemoonltrim(text); + size = _typemoonstrlen(text); + //size = ::strlen(text); + + buffer->from(text, size); + *split = FIXED_SPLIT_VALUE << 2; // merge all threads + //*split = *(DWORD *)(esp_base + 4); // use [esp+4] as split + //*split = regof(eax, esp_base); + //*split = regof(esi, esp_base); +} + +bool InsertTypeMoonPS2Hook() +{ + ConsoleOutput("TypeMoon PS2: enter"); + const BYTE bytes[] = { + 0x2b,0x05, XX4, // 305a5424 2b05 809e9500 sub eax,dword ptr ds:[0x959e80] + 0x0f,0x88, 0x05,0x00,0x00,0x00, // 305a542a 0f88 05000000 js 305a5435 + 0xe9, XX4, // 305a5430 -e9 cbebdfd1 jmp pcsx2.023a4000 + 0x8b,0x0d, XX4, // 305a5435 8b0d 20ac9600 mov ecx,dword ptr ds:[0x96ac20] + 0x89,0xc8, // 305a543b 89c8 mov eax,ecx + 0xc1,0xe8, 0x0c, // 305a543d c1e8 0c shr eax,0xc + 0x8b,0x04,0x85, XX4, // 305a5440 8b0485 30009e12 mov eax,dword ptr ds:[eax*4+0x129e0030] + 0xbb, XX4, // 305a5447 bb 57545a30 mov ebx,0x305a5457 + 0x01,0xc1, // 305a544c 01c1 add ecx,eax + // Following pattern is not sufficient + 0x0f,0x88, XX4, // 305a544e -0f88 ecbcd7d1 js pcsx2.02321140 + 0x0f,0xbe,0x01, // 305a5454 0fbe01 movsx eax,byte ptr ds:[ecx] ; jichi: hook here + 0x99, // 305a5457 99 cdq + 0xa3, XX4, // 305a5458 a3 f0ab9600 mov dword ptr ds:[0x96abf0],eax + 0x89,0x15, XX4, // 305a545d 8915 f4ab9600 mov dword ptr ds:[0x96abf4],edx + 0xa1, XX4, // 305a5463 a1 40ac9600 mov eax,dword ptr ds:[0x96ac40] + 0x3b,0x05, XX4, // 305a5468 3b05 f0ab9600 cmp eax,dword ptr ds:[0x96abf0] + 0x75, 0x11, // 305a546e 75 11 jnz short 305a5481 + 0xa1, XX4, // 305a5470 a1 44ac9600 mov eax,dword ptr ds:[0x96ac44] + 0x3b,0x05, XX4, // 305a5475 3b05 f4ab9600 cmp eax,dword ptr ds:[0x96abf4] + 0x0f,0x84, XX4, // 305a547b 0f84 3a000000 je 305a54bb + 0x83,0x05, XX4, 0x24, // 305a5481 8305 00ac9600 24 add dword ptr ds:[0x96ac00],0x24 + 0x9f, // 305a5488 9f lahf + 0x66,0xc1,0xf8, 0x0f, // 305a5489 66:c1f8 0f sar ax,0xf + 0x98 // 305a548d 98 cwde + }; + enum { addr_offset = 0x305a5454 - 0x305a5424 }; + auto succ=false; + DWORD addr = SafeMatchBytesInPS2Memory(bytes, sizeof(bytes)); + //addr = 0x30403967; + if (!addr) + ConsoleOutput("TypeMoon PS2: pattern not found"); + else { + //GROWL_DWORD(addr + addr_offset); + HookParam hp; + hp.address = addr + addr_offset; + hp.type = USING_STRING|NO_CONTEXT; // no context to get rid of return address + hp.text_fun = SpecialPS2HookTypeMoon; + ConsoleOutput("TypeMoon PS2: INSERT"); + //GROWL_DWORD(hp.address); + succ|=NewHook(hp, "TypeMoon PS2"); + } + + ConsoleOutput("TypeMoon PS2: leave"); + return succ; +} + +/** 8/3/2014 jichi + * Tested game: School Rumble ねる娘�育つ + * + * Fixed memory address. + * There is only one matched address. + * + * Debug method: Predict text location. + * There are a couple of locations that are OK to hook. + * The last one is used. + * + * Issue: the order of chara and scenario is reversed: 「scenario」chara + * + * eax 20000000 + * ecx 202d5ab3 + * edx 00000000 + * ebx 3026e299 + * esp 0c14f910 + * ebp 0c14f918 + * esi 0014f470 + * edi 00000000 + * eip 3026e296 + * + * 3026e1d5 -0f88 a530d7d2 js pcsx2.02fe1280 + * 3026e1db 0f1202 movlps xmm0,qword ptr ds:[edx] + * 3026e1de 0f1301 movlps qword ptr ds:[ecx],xmm0 + * 3026e1e1 ba 10ac6201 mov edx,0x162ac10 + * 3026e1e6 8b0d d0ac6201 mov ecx,dword ptr ds:[0x162acd0] ; pcsx2.01ffed00 + * 3026e1ec 83c1 10 add ecx,0x10 + * 3026e1ef 83e1 f0 and ecx,0xfffffff0 + * 3026e1f2 89c8 mov eax,ecx + * 3026e1f4 c1e8 0c shr eax,0xc + * 3026e1f7 8b0485 30006d0d mov eax,dword ptr ds:[eax*4+0xd6d0030] + * 3026e1fe bb 11e22630 mov ebx,0x3026e211 + * 3026e203 01c1 add ecx,eax + * 3026e205 -0f88 b530d7d2 js pcsx2.02fe12c0 + * 3026e20b 0f280a movaps xmm1,dqword ptr ds:[edx] + * 3026e20e 0f2909 movaps dqword ptr ds:[ecx],xmm1 + * 3026e211 ba 00ac6201 mov edx,0x162ac00 + * 3026e216 8b0d d0ac6201 mov ecx,dword ptr ds:[0x162acd0] ; pcsx2.01ffed00 + * 3026e21c 83e1 f0 and ecx,0xfffffff0 + * 3026e21f 89c8 mov eax,ecx + * 3026e221 c1e8 0c shr eax,0xc + * 3026e224 8b0485 30006d0d mov eax,dword ptr ds:[eax*4+0xd6d0030] + * 3026e22b bb 3ee22630 mov ebx,0x3026e23e + * 3026e230 01c1 add ecx,eax + * 3026e232 -0f88 8830d7d2 js pcsx2.02fe12c0 + * 3026e238 0f2812 movaps xmm2,dqword ptr ds:[edx] + * 3026e23b 0f2911 movaps dqword ptr ds:[ecx],xmm2 + * 3026e23e 31c0 xor eax,eax + * 3026e240 a3 f4ac6201 mov dword ptr ds:[0x162acf4],eax + * 3026e245 c705 f0ac6201 d4>mov dword ptr ds:[0x162acf0],0x1498d4 + * 3026e24f c705 a8ad6201 c0>mov dword ptr ds:[0x162ada8],0x1281c0 + * 3026e259 a1 c0ae6201 mov eax,dword ptr ds:[0x162aec0] + * 3026e25e 83c0 07 add eax,0x7 + * 3026e261 a3 c0ae6201 mov dword ptr ds:[0x162aec0],eax + * 3026e266 2b05 809e6101 sub eax,dword ptr ds:[0x1619e80] + * 3026e26c 0f88 05000000 js 3026e277 + * 3026e272 -e9 895ddfd2 jmp pcsx2.03064000 + * 3026e277 8b0d 40ab6201 mov ecx,dword ptr ds:[0x162ab40] + * 3026e27d 89c8 mov eax,ecx + * 3026e27f c1e8 0c shr eax,0xc + * 3026e282 8b0485 30006d0d mov eax,dword ptr ds:[eax*4+0xd6d0030] + * 3026e289 bb 99e22630 mov ebx,0x3026e299 + * 3026e28e 01c1 add ecx,eax + * 3026e290 -0f88 6a2dd7d2 js pcsx2.02fe1000 + * 3026e296 0fb601 movzx eax,byte ptr ds:[ecx] ; jichi: hook here + * 3026e299 a3 60ab6201 mov dword ptr ds:[0x162ab60],eax + * 3026e29e c705 64ab6201 00>mov dword ptr ds:[0x162ab64],0x0 + * 3026e2a8 a1 60ab6201 mov eax,dword ptr ds:[0x162ab60] + * 3026e2ad 05 7fffffff add eax,-0x81 + * 3026e2b2 99 cdq + * 3026e2b3 a3 70ab6201 mov dword ptr ds:[0x162ab70],eax + * 3026e2b8 8915 74ab6201 mov dword ptr ds:[0x162ab74],edx + * 3026e2be b8 01000000 mov eax,0x1 + * 3026e2c3 833d 74ab6201 00 cmp dword ptr ds:[0x162ab74],0x0 + * 3026e2ca 72 0d jb short 3026e2d9 + * 3026e2cc 77 09 ja short 3026e2d7 + * 3026e2ce 833d 70ab6201 18 cmp dword ptr ds:[0x162ab70],0x18 + * 3026e2d5 72 02 jb short 3026e2d9 + * 3026e2d7 31c0 xor eax,eax + * 3026e2d9 a3 10ab6201 mov dword ptr ds:[0x162ab10],eax + * 3026e2de c705 14ab6201 00>mov dword ptr ds:[0x162ab14],0x0 + * 3026e2e8 c705 20ab6201 00>mov dword ptr ds:[0x162ab20],0x0 + * 3026e2f2 c705 24ab6201 00>mov dword ptr ds:[0x162ab24],0x0 + * 3026e2fc c705 30ab6201 00>mov dword ptr ds:[0x162ab30],0x0 + * 3026e306 c705 34ab6201 00>mov dword ptr ds:[0x162ab34],0x0 + * 3026e310 833d 10ab6201 00 cmp dword ptr ds:[0x162ab10],0x0 + * 3026e317 0f85 41000000 jnz 3026e35e + * 3026e31d 833d 14ab6201 00 cmp dword ptr ds:[0x162ab14],0x0 + * 3026e324 0f85 34000000 jnz 3026e35e + * 3026e32a 31c0 xor eax,eax + * 3026e32c a3 50ab6201 mov dword ptr ds:[0x162ab50],eax + * 3026e331 a3 54ab6201 mov dword ptr ds:[0x162ab54],eax + * 3026e336 c705 a8ad6201 c0>mov dword ptr ds:[0x162ada8],0x1285c0 + * 3026e340 a1 c0ae6201 mov eax,dword ptr ds:[0x162aec0] + * 3026e345 83c0 08 add eax,0x8 + * 3026e348 a3 c0ae6201 mov dword ptr ds:[0x162aec0],eax + * 3026e34d 2b05 809e6101 sub eax,dword ptr ds:[0x1619e80] + * 3026e353 0f88 96280000 js 30270bef + * 3026e359 -e9 a25cdfd2 jmp pcsx2.03064000 + * 3026e35e 31c0 xor eax,eax + * 3026e360 a3 50ab6201 mov dword ptr ds:[0x162ab50],eax + * 3026e365 a3 54ab6201 mov dword ptr ds:[0x162ab54],eax + * 3026e36a c705 a8ad6201 dc>mov dword ptr ds:[0x162ada8],0x1281dc + * 3026e374 a1 c0ae6201 mov eax,dword ptr ds:[0x162aec0] + * 3026e379 83c0 08 add eax,0x8 + * 3026e37c a3 c0ae6201 mov dword ptr ds:[0x162aec0],eax + * 3026e381 2b05 809e6101 sub eax,dword ptr ds:[0x1619e80] + * 3026e387 0f88 a61f0000 js 30270333 + * 3026e38d -e9 6e5cdfd2 jmp pcsx2.03064000 + * 3026e392 b8 01000000 mov eax,0x1 + * 3026e397 833d 64ab6201 00 cmp dword ptr ds:[0x162ab64],0x0 + * 3026e39e 7c 10 jl short 3026e3b0 + * 3026e3a0 7f 0c jg short 3026e3ae + * 3026e3a2 813d 60ab6201 80>cmp dword ptr ds:[0x162ab60],0x80 + * 3026e3ac 72 02 jb short 3026e3b0 + * 3026e3ae 31c0 xor eax,eax + * 3026e3b0 a3 10ab6201 mov dword ptr ds:[0x162ab10],eax + * 3026e3b5 c705 14ab6201 00>mov dword ptr ds:[0x162ab14],0x0 + * 3026e3bf 31c0 xor eax,eax + * 3026e3c1 a3 54ab6201 mov dword ptr ds:[0x162ab54],eax + * 3026e3c6 c705 50ab6201 01>mov dword ptr ds:[0x162ab50],0x1 + * 3026e3d0 c705 a8ad6201 e8>mov dword ptr ds:[0x162ada8],0x1285e8 + * 3026e3da a1 c0ae6201 mov eax,dword ptr ds:[0x162aec0] + * 3026e3df 83c0 03 add eax,0x3 + * 3026e3e2 a3 c0ae6201 mov dword ptr ds:[0x162aec0],eax + * 3026e3e7 2b05 809e6101 sub eax,dword ptr ds:[0x1619e80] + * 3026e3ed 0f88 05000000 js 3026e3f8 + * 3026e3f3 -e9 085cdfd2 jmp pcsx2.03064000 + * 3026e3f8 833d 10ab6201 00 cmp dword ptr ds:[0x162ab10],0x0 + * 3026e3ff 0f85 49000000 jnz 3026e44e + * 3026e405 833d 14ab6201 00 cmp dword ptr ds:[0x162ab14],0x0 + * 3026e40c 0f85 3c000000 jnz 3026e44e + * 3026e412 a1 60ab6201 mov eax,dword ptr ds:[0x162ab60] + * 3026e417 c1e0 03 shl eax,0x3 + * 3026e41a 99 cdq + * 3026e41b a3 30ab6201 mov dword ptr ds:[0x162ab30],eax + * 3026e420 8915 34ab6201 mov dword ptr ds:[0x162ab34],edx + * 3026e426 c705 a8ad6201 04>mov dword ptr ds:[0x162ada8],0x128604 + * 3026e430 a1 c0ae6201 mov eax,dword ptr ds:[0x162aec0] + * 3026e435 83c0 02 add eax,0x2 + * 3026e438 a3 c0ae6201 mov dword ptr ds:[0x162aec0],eax + * 3026e43d 2b05 809e6101 sub eax,dword ptr ds:[0x1619e80] + * 3026e443 0f88 93220000 js 302706dc + * 3026e449 -e9 b25bdfd2 jmp pcsx2.03064000 + * 3026e44e a1 60ab6201 mov eax,dword ptr ds:[0x162ab60] + * 3026e453 c1e0 03 shl eax,0x3 + * 3026e456 99 cdq + * 3026e457 a3 30ab6201 mov dword ptr ds:[0x162ab30],eax + * 3026e45c 8915 34ab6201 mov dword ptr ds:[0x162ab34],edx + * 3026e462 c705 a8ad6201 f0>mov dword ptr ds:[0x162ada8],0x1285f0 + * 3026e46c a1 c0ae6201 mov eax,dword ptr ds:[0x162aec0] + * 3026e471 83c0 02 add eax,0x2 + * 3026e474 a3 c0ae6201 mov dword ptr ds:[0x162aec0],eax + * 3026e479 2b05 809e6101 sub eax,dword ptr ds:[0x1619e80] + * 3026e47f 0f88 91270000 js 30270c16 + * 3026e485 -e9 765bdfd2 jmp pcsx2.03064000 + * 3026e48a a1 30ab6201 mov eax,dword ptr ds:[0x162ab30] + * 3026e48f 0305 60ab6201 add eax,dword ptr ds:[0x162ab60] + * 3026e495 99 cdq + * 3026e496 a3 30ab6201 mov dword ptr ds:[0x162ab30],eax + * 3026e49b 8915 34ab6201 mov dword ptr ds:[0x162ab34],edx + * 3026e4a1 a1 30ab6201 mov eax,dword ptr ds:[0x162ab30] + * 3026e4a6 c1e0 05 shl eax,0x5 + * 3026e4a9 99 cdq + * 3026e4aa a3 30ab6201 mov dword ptr ds:[0x162ab30],eax + * 3026e4af 8915 34ab6201 mov dword ptr ds:[0x162ab34],edx + * 3026e4b5 a1 30ab6201 mov eax,dword ptr ds:[0x162ab30] + * 3026e4ba 05 e01f2b00 add eax,0x2b1fe0 + * 3026e4bf 99 cdq + * 3026e4c0 a3 20ab6201 mov dword ptr ds:[0x162ab20],eax + * 3026e4c5 8915 24ab6201 mov dword ptr ds:[0x162ab24],edx + * 3026e4cb 8b35 f0ac6201 mov esi,dword ptr ds:[0x162acf0] + * 3026e4d1 8935 a8ad6201 mov dword ptr ds:[0x162ada8],esi + * 3026e4d7 a1 c0ae6201 mov eax,dword ptr ds:[0x162aec0] + * 3026e4dc 83c0 07 add eax,0x7 + * 3026e4df a3 c0ae6201 mov dword ptr ds:[0x162aec0],eax + * 3026e4e4 2b05 809e6101 sub eax,dword ptr ds:[0x1619e80] + * 3026e4ea -0f88 155bdfd2 js pcsx2.03064005 + * 3026e4f0 -e9 0b5bdfd2 jmp pcsx2.03064000 + * 3026e4f5 a1 20ab6201 mov eax,dword ptr ds:[0x162ab20] + * 3026e4fa 8b15 24ab6201 mov edx,dword ptr ds:[0x162ab24] + * 3026e500 a3 00ac6201 mov dword ptr ds:[0x162ac00],eax + * 3026e505 8915 04ac6201 mov dword ptr ds:[0x162ac04],edx + * 3026e50b 833d 00ac6201 00 cmp dword ptr ds:[0x162ac00],0x0 + * 3026e512 75 0d jnz short 3026e521 + * 3026e514 833d 04ac6201 00 cmp dword ptr ds:[0x162ac04],0x0 + * 3026e51b 0f84 39000000 je 3026e55a + * 3026e521 31c0 xor eax,eax + */ +// Use fixed split for this hook +static void SpecialPS2HookMarvelous(hook_stack *stack, HookParam *hp, TextBuffer *buffer, uintptr_t *split) +{ + DWORD text = stack->ecx; + if (BYTE c = *(BYTE *)text) { // BYTE is unsigned + buffer->from(text,::LeadByteTable[c]); + *split = FIXED_SPLIT_VALUE * 3; // merge all threads + //*split = regof(esi, esp_base); + //*split = *(DWORD *)(esp_base + 4*5); // esp[5] + } +} + +bool InsertMarvelousPS2Hook() +{ + ConsoleOutput("Marvelous PS2: enter"); + const BYTE bytes[] = { + 0x2b,0x05, XX4, // 3026e266 2b05 809e6101 sub eax,dword ptr ds:[0x1619e80] + 0x0f,0x88, 0x05,0x00,0x00,0x00, // 3026e26c 0f88 05000000 js 3026e277 + 0xe9, XX4, // 3026e272 -e9 895ddfd2 jmp pcsx2.03064000 + 0x8b,0x0d, XX4, // 3026e277 8b0d 40ab6201 mov ecx,dword ptr ds:[0x162ab40] + 0x89,0xc8, // 3026e27d 89c8 mov eax,ecx + 0xc1,0xe8, 0x0c, // 3026e27f c1e8 0c shr eax,0xc + 0x8b,0x04,0x85, XX4, // 3026e282 8b0485 30006d0d mov eax,dword ptr ds:[eax*4+0xd6d0030] + 0xbb, XX4, // 3026e289 bb 99e22630 mov ebx,0x3026e299 + 0x01,0xc1, // 3026e28e 01c1 add ecx,eax + 0x0f,0x88, XX4, // 3026e290 -0f88 6a2dd7d2 js pcsx2.02fe1000 + 0x0f,0xb6,0x01, // 3026e296 0fb601 movzx eax,byte ptr ds:[ecx] ; jichi: hook here + 0xa3, XX4, // 3026e299 a3 60ab6201 mov dword ptr ds:[0x162ab60],eax + 0xc7,0x05, XX4, 0x00,0x00,0x00,0x00,// 3026e29e c705 64ab6201 00>mov dword ptr ds:[0x162ab64],0x0 + 0xa1, XX4, // 3026e2a8 a1 60ab6201 mov eax,dword ptr ds:[0x162ab60] + 0x05, 0x7f,0xff,0xff,0xff, // 3026e2ad 05 7fffffff add eax,-0x81 + 0x99, // 3026e2b2 99 cdq + 0xa3 //70ab6201 // 3026e2b3 a3 70ab6201 mov dword ptr ds:[0x162ab70],eax + }; + enum { addr_offset = 0x3026e296 - 0x3026e266 }; + + DWORD addr = SafeMatchBytesInPS2Memory(bytes, sizeof(bytes)); + //addr = 0x30403967; + auto succ=false; + if (!addr) + ConsoleOutput("Marvelous PS2: pattern not found"); + else { + //GROWL_DWORD(addr + addr_offset); + HookParam hp; + hp.address = addr + addr_offset; + hp.type = USING_STRING|NO_CONTEXT; // no context to get rid of return address + hp.text_fun = SpecialPS2HookMarvelous; + ConsoleOutput("Marvelous PS2: INSERT"); + //GROWL_DWORD(hp.address); + succ|=NewHook(hp, "Marvelous PS2"); + } + + ConsoleOutput("Marvelous PS2: leave"); + return succ; +} + +/** 8/3/2014 jichi + * Tested game: School Rumble 二学� * + * Fixed memory address. + * There is only one matched address. + * + * Debug method: Breakpoint the memory address. + * + * Issue: It cannot extract character name. + * + * 302072bd a3 c0ae9e01 mov dword ptr ds:[0x19eaec0],eax + * 302072c2 2b05 809e9d01 sub eax,dword ptr ds:[0x19d9e80] ; cdvdgiga.5976f736 + * 302072c8 ^0f88 f3cafcff js 301d3dc1 + * 302072ce -e9 2dcd21d3 jmp pcsx2.03424000 + * 302072d3 8b0d 50ab9e01 mov ecx,dword ptr ds:[0x19eab50] + * 302072d9 89c8 mov eax,ecx + * 302072db c1e8 0c shr eax,0xc + * 302072de 8b0485 3000e511 mov eax,dword ptr ds:[eax*4+0x11e50030] + * 302072e5 bb f5722030 mov ebx,0x302072f5 + * 302072ea 01c1 add ecx,eax + * 302072ec -0f88 0e9d19d3 js pcsx2.033a1000 + * 302072f2 0fb601 movzx eax,byte ptr ds:[ecx] + * 302072f5 a3 20ab9e01 mov dword ptr ds:[0x19eab20],eax + * 302072fa c705 24ab9e01 00>mov dword ptr ds:[0x19eab24],0x0 + * 30207304 8305 60ab9e01 ff add dword ptr ds:[0x19eab60],-0x1 + * 3020730b 9f lahf + * 3020730c 66:c1f8 0f sar ax,0xf + * 30207310 98 cwde + * 30207311 a3 64ab9e01 mov dword ptr ds:[0x19eab64],eax + * 30207316 8305 50ab9e01 01 add dword ptr ds:[0x19eab50],0x1 + * 3020731d 9f lahf + * 3020731e 66:c1f8 0f sar ax,0xf + * 30207322 98 cwde + * 30207323 a3 54ab9e01 mov dword ptr ds:[0x19eab54],eax + * 30207328 8b15 20ab9e01 mov edx,dword ptr ds:[0x19eab20] + * 3020732e 8b0d 30ab9e01 mov ecx,dword ptr ds:[0x19eab30] + * 30207334 89c8 mov eax,ecx + * 30207336 c1e8 0c shr eax,0xc + * 30207339 8b0485 3000e511 mov eax,dword ptr ds:[eax*4+0x11e50030] + * 30207340 bb 4f732030 mov ebx,0x3020734f + * 30207345 01c1 add ecx,eax + * 30207347 -0f88 739e19d3 js pcsx2.033a11c0 + * 3020734d 8811 mov byte ptr ds:[ecx],dl ; jichi: hook here, text in dl + * 3020734f 8305 30ab9e01 01 add dword ptr ds:[0x19eab30],0x1 + * 30207356 9f lahf + * 30207357 66:c1f8 0f sar ax,0xf + * 3020735b 98 cwde + * 3020735c a3 34ab9e01 mov dword ptr ds:[0x19eab34],eax + * 30207361 a1 60ab9e01 mov eax,dword ptr ds:[0x19eab60] + * 30207366 3b05 40ab9e01 cmp eax,dword ptr ds:[0x19eab40] + * 3020736c 75 11 jnz short 3020737f + * 3020736e a1 64ab9e01 mov eax,dword ptr ds:[0x19eab64] + * 30207373 3b05 44ab9e01 cmp eax,dword ptr ds:[0x19eab44] + * 30207379 0f84 28000000 je 302073a7 + * 3020737f c705 a8ad9e01 34>mov dword ptr ds:[0x19eada8],0x17eb34 + * 30207389 a1 c0ae9e01 mov eax,dword ptr ds:[0x19eaec0] + * 3020738e 83c0 09 add eax,0x9 + * 30207391 a3 c0ae9e01 mov dword ptr ds:[0x19eaec0],eax + * 30207396 2b05 809e9d01 sub eax,dword ptr ds:[0x19d9e80] ; cdvdgiga.5976f736 + * 3020739c ^0f88 31ffffff js 302072d3 + * 302073a2 -e9 59cc21d3 jmp pcsx2.03424000 + * 302073a7 c705 a8ad9e01 50>mov dword ptr ds:[0x19eada8],0x17eb50 + * 302073b1 a1 c0ae9e01 mov eax,dword ptr ds:[0x19eaec0] + * 302073b6 83c0 09 add eax,0x9 + * 302073b9 a3 c0ae9e01 mov dword ptr ds:[0x19eaec0],eax + * 302073be 2b05 809e9d01 sub eax,dword ptr ds:[0x19d9e80] ; cdvdgiga.5976f736 + * 302073c4 ^0f88 75cbfcff js 301d3f3f + * 302073ca -e9 31cc21d3 jmp pcsx2.03424000 + * 302073cf 8b15 10ac9e01 mov edx,dword ptr ds:[0x19eac10] + * 302073d5 8b0d 20ac9e01 mov ecx,dword ptr ds:[0x19eac20] + * 302073db 83c1 04 add ecx,0x4 + * 302073de 89c8 mov eax,ecx + * 302073e0 c1e8 0c shr eax,0xc + * 302073e3 8b0485 3000e511 mov eax,dword ptr ds:[eax*4+0x11e50030] + * 302073ea bb f9732030 mov ebx,0x302073f9 + * 302073ef 01c1 add ecx,eax + * 302073f1 -0f88 499e19d3 js pcsx2.033a1240 + * 302073f7 8911 mov dword ptr ds:[ecx],edx + * 302073f9 c705 a8ad9e01 5c>mov dword ptr ds:[0x19eada8],0x18d25c + * 30207403 a1 c0ae9e01 mov eax,dword ptr ds:[0x19eaec0] + * 30207408 83c0 03 add eax,0x3 + * 3020740b a3 c0ae9e01 mov dword ptr ds:[0x19eaec0],eax + * 30207410 2b05 809e9d01 sub eax,dword ptr ds:[0x19d9e80] ; cdvdgiga.5976f736 + * 30207416 0f88 05000000 js 30207421 + * 3020741c -e9 dfcb21d3 jmp pcsx2.03424000 + * 30207421 a1 50ac9e01 mov eax,dword ptr ds:[0x19eac50] + * 30207426 05 00a2ffff add eax,0xffffa200 + * 3020742b 99 cdq + * 3020742c a3 00ac9e01 mov dword ptr ds:[0x19eac00],eax + * 30207431 8915 04ac9e01 mov dword ptr ds:[0x19eac04],edx + * 30207437 31d2 xor edx,edx + * 30207439 8b0d d0ac9e01 mov ecx,dword ptr ds:[0x19eacd0] + * 3020743f 89c8 mov eax,ecx + * 30207441 c1e8 0c shr eax,0xc + * 30207444 8b0485 3000e511 mov eax,dword ptr ds:[eax*4+0x11e50030] + * 3020744b bb 5a742030 mov ebx,0x3020745a + * 30207450 01c1 add ecx,eax + * 30207452 -0f88 e89d19d3 js pcsx2.033a1240 + * 30207458 8911 mov dword ptr ds:[ecx],edx + * 3020745a a1 00ac9e01 mov eax,dword ptr ds:[0x19eac00] + * 3020745f 8b15 04ac9e01 mov edx,dword ptr ds:[0x19eac04] + */ +// Use fixed split for this hook +static void SpecialPS2HookMarvelous2(hook_stack *stack, HookParam *hp, TextBuffer *buffer, uintptr_t *split) +{ + DWORD text = stack->edx; // get text in dl: 3020734d 8811 mov byte ptr ds:[ecx],dl + if (BYTE c = *(BYTE *)text) { // BYTE is unsigned + + //*split = FIXED_SPLIT_VALUE * 4; // merge all threads + *split = stack->esi; + //*split = *(DWORD *)(esp_base + 4*5); // esp[5] + buffer->from(text, 1); + } +} + +bool InsertMarvelous2PS2Hook() +{ + ConsoleOutput("Marvelous2 PS2: enter"); + const BYTE bytes[] = { + // The following pattern is not sufficient + 0x89,0xc8, // 30207334 89c8 mov eax,ecx + 0xc1,0xe8, 0x0c, // 30207336 c1e8 0c shr eax,0xc + 0x8b,0x04,0x85, XX4, // 30207339 8b0485 3000e511 mov eax,dword ptr ds:[eax*4+0x11e50030] + 0xbb, XX4, // 30207340 bb 4f732030 mov ebx,0x3020734f + 0x01,0xc1, // 30207345 01c1 add ecx,eax + 0x0f,0x88, XX4, // 30207347 -0f88 739e19d3 js pcsx2.033a11c0 + 0x88,0x11, // 3020734d 8811 mov byte ptr ds:[ecx],dl ; jichi: hook here, text in dl + 0x83,0x05, XX4, 0x01, // 3020734f 8305 30ab9e01 01 add dword ptr ds:[0x19eab30],0x1 + 0x9f, // 30207356 9f lahf + 0x66,0xc1,0xf8, 0x0f, // 30207357 66:c1f8 0f sar ax,0xf + 0x98, // 3020735b 98 cwde + // The above pattern is not sufficient + 0xa3, XX4, // 3020735c a3 34ab9e01 mov dword ptr ds:[0x19eab34],eax + 0xa1, XX4, // 30207361 a1 60ab9e01 mov eax,dword ptr ds:[0x19eab60] + 0x3b,0x05, XX4, // 30207366 3b05 40ab9e01 cmp eax,dword ptr ds:[0x19eab40] + 0x75, 0x11, // 3020736c 75 11 jnz short 3020737f + 0xa1, XX4, // 3020736e a1 64ab9e01 mov eax,dword ptr ds:[0x19eab64] + 0x3b,0x05, XX4, // 30207373 3b05 44ab9e01 cmp eax,dword ptr ds:[0x19eab44] + 0x0f,0x84, XX4, // 30207379 0f84 28000000 je 302073a7 + 0xc7,0x05, XX8, // 3020737f c705 a8ad9e01 34>mov dword ptr ds:[0x19eada8],0x17eb34 + // The above pattern is not sufficient + 0xa1, XX4, // 30207389 a1 c0ae9e01 mov eax,dword ptr ds:[0x19eaec0] + 0x83,0xc0, 0x09, // 3020738e 83c0 09 add eax,0x9 + 0xa3, XX4, // 30207391 a3 c0ae9e01 mov dword ptr ds:[0x19eaec0],eax + 0x2b,0x05, XX4, // 30207396 2b05 809e9d01 sub eax,dword ptr ds:[0x19d9e80] ; cdvdgiga.5976f736 + 0x0f,0x88, XX4, // 3020739c ^0f88 31ffffff js 302072d3 + 0xe9, XX4, // 302073a2 -e9 59cc21d3 jmp pcsx2.03424000 + 0xc7,0x05, XX8, // 302073a7 c705 a8ad9e01 50>mov dword ptr ds:[0x19eada8],0x17eb50 + 0xa1, XX4, // 302073b1 a1 c0ae9e01 mov eax,dword ptr ds:[0x19eaec0] + 0x83,0xc0, 0x09, // 302073b6 83c0 09 add eax,0x9 + 0xa3, XX4, // 302073b9 a3 c0ae9e01 mov dword ptr ds:[0x19eaec0],eax + 0x2b,0x05, XX4, // 302073be 2b05 809e9d01 sub eax,dword ptr ds:[0x19d9e80] ; cdvdgiga.5976f736 + 0x0f,0x88, XX4, // 302073c4 ^0f88 75cbfcff js 301d3f3f + 0xe9, XX4, // 302073ca -e9 31cc21d3 jmp pcsx2.03424000 + 0x8b,0x15, XX4, // 302073cf 8b15 10ac9e01 mov edx,dword ptr ds:[0x19eac10] + 0x8b,0x0d, XX4, // 302073d5 8b0d 20ac9e01 mov ecx,dword ptr ds:[0x19eac20] + 0x83,0xc1, 0x04, // 302073db 83c1 04 add ecx,0x4 + 0x89,0xc8, // 302073de 89c8 mov eax,ecx + 0xc1,0xe8, 0x0c, // 302073e0 c1e8 0c shr eax,0xc + 0x8b,0x04,0x85, XX4, // 302073e3 8b0485 3000e511 mov eax,dword ptr ds:[eax*4+0x11e50030] + 0xbb, XX4, // 302073ea bb f9732030 mov ebx,0x302073f9 + 0x01,0xc1 // 302073ef 01c1 add ecx,eax + }; + enum { addr_offset = 0x3020734d - 0x30207334 }; + auto succ=false; + DWORD addr = SafeMatchBytesInPS2Memory(bytes, sizeof(bytes)); + //addr = 0x30403967; + if (!addr) + ConsoleOutput("Marvelous2 PS2: pattern not found"); + else { + //GROWL_DWORD(addr + addr_offset); + HookParam hp; + hp.address = addr + addr_offset; + hp.type = USING_STRING|NO_CONTEXT; // no context to get rid of return address + hp.text_fun = SpecialPS2HookMarvelous2; + ConsoleOutput("Marvelous2 PS2: INSERT"); + //GROWL_DWORD(hp.address); + succ|=NewHook(hp, "Marvelous2 PS2"); + } + + ConsoleOutput("Marvelous2 PS2: leave"); + return succ; +} + +#if 0 // jichi 7/19/2014: duplication text + +/** 7/19/2014 jichi + * Tested game: .hack//G.U. Vol.1 + */ +bool InsertNamcoPS2Hook() +{ + ConsoleOutput("Namco PS2: enter"); + const BYTE bytes[1] = { + }; + enum { addr_offset = 0 }; + + //DWORD addr = SafeMatchBytesInPSPMemory(bytes, sizeof(bytes)); + //DWORD addr = 0x303baf26; + DWORD addr = 0x303C4B72; + if (!addr) + ConsoleOutput("Namco PS2: pattern not found"); + else { + HookParam hp; + hp.address = addr + addr_offset; + hp.type = USING_STRING|USING_SPLIT; // no context to get rid of return address + hp.offset=get_reg(regs::ecx); + hp.split = hp.offset; // use ecx address to split + ConsoleOutput("Namco PS2: INSERT"); + //GROWL_DWORD(hp.address); + NewHook(hp, "Namco PS2"); + } + + ConsoleOutput("Namco PS2: leave"); + return addr; +} +#endif // 0 + +#if 0 // SEGA: loop text. BANDAI and Imageepoch should be sufficient +/** 7/25/2014 jichi sega.jp PSP engine + * Sample game: Shining Hearts + * Encoding: UTF-8 + * + * Debug method: simply add hardware break points to the matched memory + * All texts are in the memory. + * There are two memory addresses, but only one function addresses them. + * + * This function seems to be the same as Tecmo? + * + * 13513476 f0:90 lock nop ; lock prefix is not allowed + * 13513478 77 0f ja short 13513489 + * 1351347a c705 a8aa1001 38>mov dword ptr ds:[0x110aaa8],0x89cae38 + * 13513484 -e9 7bcb4ff0 jmp 03a10004 + * 13513489 8b05 7ca71001 mov eax,dword ptr ds:[0x110a77c] + * 1351348f 81e0 ffffff3f and eax,0x3fffffff + * 13513495 8bb0 00004007 mov esi,dword ptr ds:[eax+0x7400000] ; jichi: there are too many garbage here + * 1351349b 8b3d 7ca71001 mov edi,dword ptr ds:[0x110a77c] + * 135134a1 8d7f 04 lea edi,dword ptr ds:[edi+0x4] + * 135134a4 8b05 84a71001 mov eax,dword ptr ds:[0x110a784] + * 135134aa 81e0 ffffff3f and eax,0x3fffffff + * 135134b0 89b0 00004007 mov dword ptr ds:[eax+0x7400000],esi ; extract from esi + * 135134b6 8b2d 84a71001 mov ebp,dword ptr ds:[0x110a784] + * 135134bc 8d6d 04 lea ebp,dword ptr ss:[ebp+0x4] + * 135134bf 8b15 78a71001 mov edx,dword ptr ds:[0x110a778] + * 135134c5 81fa 01000000 cmp edx,0x1 + * 135134cb 8935 70a71001 mov dword ptr ds:[0x110a770],esi + * 135134d1 893d 7ca71001 mov dword ptr ds:[0x110a77c],edi + * 135134d7 892d 84a71001 mov dword ptr ds:[0x110a784],ebp + * 135134dd c705 88a71001 01>mov dword ptr ds:[0x110a788],0x1 + * 135134e7 0f84 16000000 je 13513503 + * 135134ed 832d c4aa1001 09 sub dword ptr ds:[0x110aac4],0x9 + * 135134f4 e9 23000000 jmp 1351351c + * 135134f9 013cae add dword ptr ds:[esi+ebp*4],edi + * 135134fc 9c pushfd + * 135134fd 08e9 or cl,ch + * 135134ff 20cb and bl,cl + * 13513501 4f dec edi + * 13513502 f0:832d c4aa1001>lock sub dword ptr ds:[0x110aac4],0x9 ; lock prefix + * 1351350a e9 b1000000 jmp 135135c0 + * 1351350f 015cae 9c add dword ptr ds:[esi+ebp*4-0x64],ebx + * 13513513 08e9 or cl,ch + * 13513515 0acb or cl,bl + * 13513517 4f dec edi + * 13513518 f0:90 lock nop ; lock prefix is not allowed + * 1351351a cc int3 + * 1351351b cc int3 + */ +// Read text from esi +static void SpecialPSPHookSega(hook_stack* stack, HookParam *, uintptr_t *data, uintptr_t *split, size_t*len) +{ + LPCSTR text = LPCSTR(esp_base + get_reg(regs::esi)); // esi address + if (*text) { + *data = (DWORD)text; + *len = !text[0] ? 0 : !text[1] ? 1 : text[2] ? 2 : text[3] ? 3 : 4; + *split = regof(ebx, esp_base); + } +} + +bool InsertSegaPSPHook() +{ + ConsoleOutput("SEGA PSP: enter"); + const BYTE bytes[] = { + 0x77, 0x0f, // 13513478 77 0f ja short 13513489 + 0xc7,0x05, XX8, // 1351347a c705 a8aa1001 38>mov dword ptr ds:[0x110aaa8],0x89cae38 + 0xe9, XX4, // 13513484 -e9 7bcb4ff0 jmp 03a10004 + 0x8b,0x05, XX4, // 13513489 8b05 7ca71001 mov eax,dword ptr ds:[0x110a77c] + 0x81,0xe0, 0xff,0xff,0xff,0x3f, // 1351348f 81e0 ffffff3f and eax,0x3fffffff + 0x8b,0xb0, XX4, // 13513495 8bb0 00004007 mov esi,dword ptr ds:[eax+0x7400000] ; jichi: here are too many garbage + 0x8b,0x3d, XX4, // 1351349b 8b3d 7ca71001 mov edi,dword ptr ds:[0x110a77c] + 0x8d,0x7f, 0x04, // 135134a1 8d7f 04 lea edi,dword ptr ds:[edi+0x4] + 0x8b,0x05, XX4, // 135134a4 8b05 84a71001 mov eax,dword ptr ds:[0x110a784] + 0x81,0xe0, 0xff,0xff,0xff,0x3f, // 135134aa 81e0 ffffff3f and eax,0x3fffffff + 0x89,0xb0 //, XX4, // 135134b0 89b0 00004007 mov dword ptr ds:[eax+0x7400000],esi ; jichi: hook here, get text in esi + }; + enum { memory_offset = 2 }; + enum { addr_offset = sizeof(bytes) - memory_offset }; + //enum { addr_offset = 0x13513495 - 0x13513478 }; + + DWORD addr = SafeMatchBytesInPSPMemory(bytes, sizeof(bytes)); + if (!addr) + ConsoleOutput("SEGA PSP: pattern not found"); + else { + HookParam hp; + hp.address = addr + addr_offset; + hp.type = USING_STRING|NO_CONTEXT; // UTF-8 + hp.text_fun = SpecialPSPHookSega; + ConsoleOutput("SEGA PSP: INSERT"); + NewHook(hp, "SEGA PSP"); + } + + ConsoleOutput("SEGA PSP: leave"); + return addr; +} +#endif // 0 + + +#if 0 // jichi 7/14/2014: TODO there is text duplication issue? + +/** 7/13/2014 jichi SHADE.co.jp PSP engine + * Sample game: とある科学の趛�磁� (b-railgun.iso) + * + * CheatEngine/Ollydbg shew there are 4 memory hits to full text in SHIFT-JIS. + * CheatEngine is not able to trace JIT instructions. + * Ollydbg can track the latter two memory accesses > 0x1ffffffff + * + * The third access is 12ab3d64. There is one write access and 3 read accesses. + * But all the accesses are in a loop. + * So, the extracted text would suffer from infinite loop problem. + * + * Memory range: 0x0400000 - 139f000 + * + * 13400e10 90 nop + * 13400e11 cc int3 + * 13400e12 cc int3 + * 13400e13 cc int3 + * 13400e14 77 0f ja short 13400e25 + * 13400e16 c705 a8aa1001 08>mov dword ptr ds:[0x110aaa8],0x88c1308 + * 13400e20 -e9 dff161f3 jmp 06a20004 + * 13400e25 8b35 78a71001 mov esi,dword ptr ds:[0x110a778] + * 13400e2b 81c6 01000000 add esi,0x1 + * 13400e31 8b05 78a71001 mov eax,dword ptr ds:[0x110a778] + * 13400e37 81e0 ffffff3f and eax,0x3fffffff + * 13400e3d 0fb6b8 00004007 movzx edi,byte ptr ds:[eax+0x7400000] ; jichi: the data is in [eax+0x7400000] + * 13400e44 8b2d 78a71001 mov ebp,dword ptr ds:[0x110a778] + * 13400e4a 8d6d 01 lea ebp,dword ptr ss:[ebp+0x1] + * 13400e4d 81ff 00000000 cmp edi,0x0 + * 13400e53 8935 70a71001 mov dword ptr ds:[0x110a770],esi + * 13400e59 893d 74a71001 mov dword ptr ds:[0x110a774],edi + * 13400e5f 892d 78a71001 mov dword ptr ds:[0x110a778],ebp + * 13400e65 0f84 16000000 je 13400e81 + * 13400e6b 832d c4aa1001 04 sub dword ptr ds:[0x110aac4],0x4 + * 13400e72 e9 21000000 jmp 13400e98 + * 13400e77 010c13 add dword ptr ds:[ebx+edx],ecx + * 13400e7a 8c08 mov word ptr ds:[eax],cs + * 13400e7c -e9 a2f161f3 jmp 06a20023 + * 13400e81 832d c4aa1001 04 sub dword ptr ds:[0x110aac4],0x4 + * 13400e88 e9 7f000000 jmp 13400f0c + * 13400e8d 0118 add dword ptr ds:[eax],ebx + * 13400e8f 138c08 e98cf161 adc ecx,dword ptr ds:[eax+ecx+0x61f18ce9> + * 13400e96 f3: prefix rep: ; superfluous prefix + * 13400e97 90 nop + * 13400e98 77 0f ja short 13400ea9 + * 13400e9a c705 a8aa1001 0c>mov dword ptr ds:[0x110aaa8],0x88c130c + * 13400ea4 -e9 5bf161f3 jmp 06a20004 + * 13400ea9 8b05 78a71001 mov eax,dword ptr ds:[0x110a778] + * 13400eaf 81e0 ffffff3f and eax,0x3fffffff + * 13400eb5 0fb6b0 00004007 movzx esi,byte ptr ds:[eax+0x7400000] + * 13400ebc 8b3d 78a71001 mov edi,dword ptr ds:[0x110a778] + * 13400ec2 8d7f 01 lea edi,dword ptr ds:[edi+0x1] + * 13400ec5 81fe 00000000 cmp esi,0x0 + * 13400ecb 8935 74a71001 mov dword ptr ds:[0x110a774],esi + * 13400ed1 893d 78a71001 mov dword ptr ds:[0x110a778],edi + * 13400ed7 0f84 16000000 je 13400ef3 + * 13400edd 832d c4aa1001 03 sub dword ptr ds:[0x110aac4],0x3 + * 13400ee4 ^e9 afffffff jmp 13400e98 + * 13400ee9 010c13 add dword ptr ds:[ebx+edx],ecx + * 13400eec 8c08 mov word ptr ds:[eax],cs + * 13400eee -e9 30f161f3 jmp 06a20023 + * 13400ef3 832d c4aa1001 03 sub dword ptr ds:[0x110aac4],0x3 + * 13400efa e9 0d000000 jmp 13400f0c + * 13400eff 0118 add dword ptr ds:[eax],ebx + * 13400f01 138c08 e91af161 adc ecx,dword ptr ds:[eax+ecx+0x61f11ae9> + * 13400f08 f3: prefix rep: ; superfluous prefix + * 13400f09 90 nop + * 13400f0a cc int3 + * 13400f0b cc int3 + */ +static void SpecialPSPHookShade(hook_stack* stack, HookParam *hp, BYTE, uintptr_t *data, uintptr_t *split, size_t*len) +{ + DWORD eax = regof(eax, esp_base); + LPCSTR text = LPCSTR(eax + hp->user_value); + if (*text) { + *data = (DWORD)text; + *len = ::strlen(text); + } +} + +bool InsertShadePSPHook() +{ + ConsoleOutput("Shade PSP: enter"); + // TODO: Query MEM_Mapped at runtime + // http://msdn.microsoft.com/en-us/library/windows/desktop/aa366902%28v=vs.85%29.aspx + enum : DWORD { StartAddress = 0x13390000, StopAddress = 0x13490000 }; + + const BYTE bytes[] = { + 0xcc, // 13400e12 cc int3 + 0xcc, // 13400e13 cc int3 + 0x77, 0x0f, // 13400e14 77 0f ja short 13400e25 + 0xc7,0x05, XX8, // 13400e16 c705 a8aa1001 08>mov dword ptr ds:[0x110aaa8],0x88c1308 + 0xe9, XX4, // 13400e20 -e9 dff161f3 jmp 06a20004 + 0x8b,0x35, XX4, // 13400e25 8b35 78a71001 mov esi,dword ptr ds:[0x110a778] + 0x81,0xc6, 0x01,0x00,0x00,0x00, // 13400e2b 81c6 01000000 add esi,0x1 + 0x8b,0x05, XX4, // 13400e31 8b05 78a71001 mov eax,dword ptr ds:[0x110a778] + 0x81,0xe0, 0xff,0xff,0xff,0x3f, // 13400e37 81e0 ffffff3f and eax,0x3fffffff + 0x0f,0xb6,0xb8, XX4, // 13400e3d 0fb6b8 00004007 movzx edi,byte ptr ds:[eax+0x7400000] ; jichi: the data is in [eax+0x7400000] + 0x8b,0x2d, XX4, // 13400e44 8b2d 78a71001 mov ebp,dword ptr ds:[0x110a778] + 0x8d,0x6d, 0x01, // 13400e4a 8d6d 01 lea ebp,dword ptr ss:[ebp+0x1] + 0x81,0xff, 0x00,0x00,0x00,0x00 // 13400e4d 81ff 00000000 cmp edi,0x0 + }; + enum{ memory_offset = 3 }; + enum { addr_offset = 0x13400e3d - 0x13400e12 }; + + ULONG addr = SafeMatchBytesInPSPMemory(bytes, sizeof(bytes)); + if (!addr) + ConsoleOutput("Shade PSP: failed"); + else { + HookParam hp; + hp.address = addr + addr_offset; + hp.user_value = *(DWORD *)(hp.address + memory_offset); + hp.text_fun = SpecialPSPHookShade; + hp.type = USING_STRING; + ConsoleOutput("Shade PSP: INSERT"); + + // CHECKPOINT 7/14/2014: This would crash vnrcli + // I do not have permission to modify the JIT code region? + NewHook(hp, "Shade PSP"); + } + + //DWORD peek = 0x13400e14; + //GROWL_DWORD(*(BYTE *)peek); // supposed to be 0x77 ja + ConsoleOutput("Shade PSP: leave"); + return addr; +} + +#endif // 0 + +#if 0 // jichi 7/17/2014: Disabled as there are so many text threads +/** jichi 7/17/2014 alternative Alchemist hook + * + * Sample game: your diary+ (moe-ydp.iso) + * The debugging method is the same as Alchemist1. + * + * It seems that hooks found in Alchemist games + * also exist in other games. + * + * This function is executed in a looped. + * + * 13400e12 cc int3 + * 13400e13 cc int3 + * 13400e14 77 0f ja short 13400e25 + * 13400e16 c705 a8aa1001 84>mov dword ptr ds:[0x110aaa8],0x8931084 + * 13400e20 -e9 dff148f0 jmp 03890004 + * 13400e25 8b05 78a71001 mov eax,dword ptr ds:[0x110a778] + * 13400e2b 81e0 ffffff3f and eax,0x3fffffff + * 13400e31 0fbeb0 00004007 movsx esi,byte ptr ds:[eax+0x7400000] ; jichi: hook here + * 13400e38 8b3d 78a71001 mov edi,dword ptr ds:[0x110a778] + * 13400e3e 81fe 00000000 cmp esi,0x0 + * 13400e44 893d 7ca71001 mov dword ptr ds:[0x110a77c],edi + * 13400e4a 8935 80a71001 mov dword ptr ds:[0x110a780],esi + * 13400e50 0f85 16000000 jnz 13400e6c + * 13400e56 832d c4aa1001 03 sub dword ptr ds:[0x110aac4],0x3 + * 13400e5d e9 16010000 jmp 13400f78 + * 13400e62 01a0 109308e9 add dword ptr ds:[eax+0xe9089310],esp + * 13400e68 b7 f1 mov bh,0xf1 + * 13400e6a 48 dec eax + * 13400e6b f0:832d c4aa1001>lock sub dword ptr ds:[0x110aac4],0x3 ; lock prefix + * 13400e73 e9 0c000000 jmp 13400e84 + * 13400e78 0190 109308e9 add dword ptr ds:[eax+0xe9089310],edx + * 13400e7e a1 f148f090 mov eax,dword ptr ds:[0x90f048f1] + * 13400e83 cc int3 + * 13400e84 77 0f ja short 13400e95 + * 13400e86 c705 a8aa1001 90>mov dword ptr ds:[0x110aaa8],0x8931090 + * 13400e90 -e9 6ff148f0 jmp 03890004 + * 13400e95 8b35 78a71001 mov esi,dword ptr ds:[0x110a778] + * 13400e9b 8d76 01 lea esi,dword ptr ds:[esi+0x1] + * 13400e9e 8bc6 mov eax,esi + * 13400ea0 81e0 ffffff3f and eax,0x3fffffff + * 13400ea6 0fbeb8 00004007 movsx edi,byte ptr ds:[eax+0x7400000] + * 13400ead 81ff 00000000 cmp edi,0x0 + * 13400eb3 8935 78a71001 mov dword ptr ds:[0x110a778],esi + * 13400eb9 893d 80a71001 mov dword ptr ds:[0x110a780],edi + * 13400ebf 0f84 25000000 je 13400eea + * 13400ec5 8b35 78a71001 mov esi,dword ptr ds:[0x110a778] + * 13400ecb 8d76 01 lea esi,dword ptr ds:[esi+0x1] + * 13400ece 8935 78a71001 mov dword ptr ds:[0x110a778],esi + * 13400ed4 832d c4aa1001 04 sub dword ptr ds:[0x110aac4],0x4 + * 13400edb e9 24000000 jmp 13400f04 + * 13400ee0 019410 9308e939 add dword ptr ds:[eax+edx+0x39e90893],ed> + * 13400ee7 f1 int1 + * 13400ee8 48 dec eax + * 13400ee9 f0:832d c4aa1001>lock sub dword ptr ds:[0x110aac4],0x4 ; lock prefix + * 13400ef1 e9 82000000 jmp 13400f78 + * 13400ef6 01a0 109308e9 add dword ptr ds:[eax+0xe9089310],esp + * 13400efc 23f1 and esi,ecx + * 13400efe 48 dec eax + * 13400eff f0:90 lock nop ; lock prefix is not allowed + * 13400f01 cc int3 + * 13400f02 cc int3 + */ +// jichi 7/17/2014: Why this function is exactly the same as SpecialPSPHookImageepoch? +static void SpecialPSPHookAlchemist3(hook_stack* stack, HookParam *hp, BYTE, uintptr_t *data, uintptr_t *split, size_t*len) +{ + DWORD eax = regof(eax, esp_base); + DWORD text = eax + hp->user_value; + static DWORD lasttext; + if (text != lasttext && *(LPCSTR)text) { + *data = lasttext = text; + *len = ::strlen((LPCSTR)text); + *split = regof(ecx, esp_base); // use ecx "this" as split value? + } +} +bool InsertAlchemist3PSPHook() +{ + ConsoleOutput("Alchemist3 PSP: enter"); + const BYTE bytes[] = { + //0xcc, // 13400e12 cc int3 + //0xcc, // 13400e13 cc int3 + 0x77, 0x0f, // 13400e14 77 0f ja short 13400e25 + 0xc7,0x05, XX8, // 13400e16 c705 a8aa1001 84>mov dword ptr ds:[0x110aaa8],0x8931084 + 0xe9, XX4, // 13400e20 -e9 dff148f0 jmp 03890004 + 0x8b,0x05, XX4, // 13400e25 8b05 78a71001 mov eax,dword ptr ds:[0x110a778] + 0x81,0xe0, 0xff,0xff,0xff,0x3f, // 13400e2b 81e0 ffffff3f and eax,0x3fffffff + 0x0f,0xbe,0xb0, XX4, // 13400e31 0fbeb0 00004007 movsx esi,byte ptr ds:[eax+0x7400000] ; jichi: hook here + 0x8b,0x3d, XX4, // 13400e38 8b3d 78a71001 mov edi,dword ptr ds:[0x110a778] + 0x81,0xfe, 0x00,0x00,0x00,0x00, // 13400e3e 81fe 00000000 cmp esi,0x0 + 0x89,0x3d, XX4, // 13400e44 893d 7ca71001 mov dword ptr ds:[0x110a77c],edi + 0x89,0x35, XX4, // 13400e4a 8935 80a71001 mov dword ptr ds:[0x110a780],esi + 0x0f,0x85 //, 16000000 // 13400e50 0f85 16000000 jnz 13400e6c + }; + enum { memory_offset = 3 }; + enum { addr_offset = 0x13407711 - 0x134076f4 }; + + DWORD addr = SafeMatchBytesInPSPMemory(bytes, sizeof(bytes)); + if (!addr) + ConsoleOutput("Alchemist3 PSP: pattern not found"); + else { + HookParam hp; + hp.address = addr + addr_offset; + hp.user_value = *(DWORD *)(hp.address + memory_offset); // use module to pass membase + hp.text_fun = SpecialPSPHookAlchemist3; + hp.type = USING_STRING|NO_CONTEXT; // no context is needed to get rid of variant retaddr + ConsoleOutput("Alchemist3 PSP: INSERT"); + NewHook(hp, "Alchemist3 PSP"); + } + + ConsoleOutput("Alchemist3 PSP: leave"); + return addr; +} +#endif // 0 +/** jichi 7/19/2014 PCSX2 + * Tested wit pcsx2-v1.2.1-328-gef0e3fe-windows-x86, built at http://buildbot.orphis.net/pcsx2 + */ +bool InsertPCSX2Hooks() +{ + memcpy(spDefault.pattern, Array{ 0x89, 0xc8, 0xc1, 0xe8, 0x0c }, spDefault.length = 5); + spDefault.minAddress = 0; + spDefault.maxAddress = -1ULL; + spDefault.offset = 0; + spDefault.searchTime = 60'000; + spDefault.maxRecords = 500'000; + spDefault.padding = 0x20000000; + ConsoleOutput("PCSX2 detected (searching for hooks may work)"); + // TODO: Add generic hooks + return InsertTypeMoonPS2Hook() + || InsertMarvelousPS2Hook() + || InsertMarvelous2PS2Hook(); +} + +bool PCSX2::attach_function() { + + return InsertPCSX2Hooks(); +} \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine32/PCSX2.h b/cpp/LunaHook/LunaHook/engine32/PCSX2.h new file mode 100644 index 00000000..050c9175 --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/PCSX2.h @@ -0,0 +1,12 @@ + + +class PCSX2:public ENGINE{ + public: + PCSX2(){ + + check_by=CHECK_BY::FILE; + check_by_target=L"pcsx2*.exe"; //PCSX2.exe or PCSX2WX.exe + }; + bool attach_function(); + +}; \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine32/PONScripter.cpp b/cpp/LunaHook/LunaHook/engine32/PONScripter.cpp new file mode 100644 index 00000000..09c7ea2a --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/PONScripter.cpp @@ -0,0 +1,119 @@ +#include"PONScripter.h" + +bool InsertPONScripterHook() +{ + if (DWORD str = MemDbg::findBytes("CBString::Failure in (CBString", 30, processStartAddress, processStopAddress)) + { + if (DWORD calledAt = MemDbg::findBytes(&str, sizeof(str), processStartAddress, processStopAddress)) + { + DWORD funcs[] = { 0xec8b55, 0xe58955 }; + DWORD addr = MemDbg::findBytes(funcs, 3, calledAt - 0x100, calledAt); + if (!addr) addr = MemDbg::findBytes(funcs + 1, 3, calledAt - 0x100, calledAt); + if (addr) + { + HookParam hp; + hp.address = addr; + hp.type = USING_STRING | CODEC_UTF8 | DATA_INDIRECT; + hp.offset=get_stack(1); + hp.index = 0xc; + return NewHook(hp, "PONScripter"); + } + else ConsoleOutput("failed to find function start"); + } + else ConsoleOutput("failed to find string reference"); + } + else ConsoleOutput("failed to find string"); + return false; +} +bool PONScripterFilter(LPVOID data, size_t *size, HookParam *) +{ + auto text = reinterpret_cast(data); + auto len = reinterpret_cast(size); + static std::string prevText; + + for (int i=0; i<*len; i++) { + if (text[i] == '^' || text[i]=='@' || text[i]=='\\' || text[i]=='\n') { + text[i] = '\0'; + *len = i; + break; + } + } + + if (!prevText.compare(text)) + return false; + prevText = text; + + StringFilter(text, len, "#", 7); // remove # followed by 6 chars + + return true; +} + +bool InsertPONScripterEngHook() +{ + + /* + * Sample games: + * https://vndb.org/v24770 + */ + const BYTE bytes[] = { + 0x89, 0xD0, // mov eax,edx + 0x8D, 0x75, 0xD8, // lea esi,[ebp-28] + 0x89, 0x55, 0xB4, // mov [ebp-4C],edx + 0x83, 0xC0, 0x01, // add eax,01 + 0x89, 0x45, 0xC0 // mov [ebp-40],eax << hook here + }; + enum { addr_offset = sizeof(bytes) - 3 }; + + ULONG range = min(processStopAddress - processStartAddress, MAX_REL_ADDR); + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStartAddress + range); + if (!addr) { + ConsoleOutput("PONScripterEng: pattern not found"); + return false; + } + + HookParam hp; + hp.address = addr + addr_offset; + hp.offset=get_reg(regs::eax); + hp.type = USING_STRING|CODEC_UTF8; + hp.filter_fun = PONScripterFilter; + ConsoleOutput("INSERT PONScripterEng"); + return NewHook(hp, "PONScripterEng"); +} + +bool InsertPONScripterJapHook() +{ + + /* + * Sample games: + * https://vndb.org/v24770 + */ + const BYTE bytes[] = { + 0x8D, 0x87, XX4, // lea eax,[edi+00000198] << hook here + 0x8B, 0x0D, XX4, // mov ecx,[ciconia_phase1.exe+3D82C0] + 0x89, 0x55, 0xB4, // mov [ebp-4C],edx + 0xC6, 0x45, 0xAE, 0x00, // mov byte ptr [ebp-52],00 + 0x89, 0x45, 0xA4, // mov [ebp-5C],eax + 0x8B, 0x01, // mov eax,[ecx] + 0x8B, 0x75, 0xB4 // mov esi,[ebp-4C] + }; + + ULONG range = min(processStopAddress - processStartAddress, MAX_REL_ADDR); + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStartAddress + range); + if (!addr) { + ConsoleOutput("PONScripterJap: pattern not found"); + return false; + } + + HookParam hp; + hp.address = addr; + hp.offset=get_reg(regs::edx); + hp.type = USING_STRING|CODEC_UTF8; + hp.filter_fun = PONScripterFilter; + ConsoleOutput("INSERT PONScripterJap"); + return NewHook(hp, "PONScripterJap"); +} +bool PONScripter::attach_function() { + + bool ok = InsertPONScripterEngHook() && InsertPONScripterJapHook(); + return ok || InsertPONScripterHook(); // If a language hook is missing, the original code is executed +} \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine32/PONScripter.h b/cpp/LunaHook/LunaHook/engine32/PONScripter.h new file mode 100644 index 00000000..32a2f9cf --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/PONScripter.h @@ -0,0 +1,11 @@ + + +class PONScripter:public ENGINE{ + public: + PONScripter(){ + + check_by=CHECK_BY::FILE_ANY; + check_by_target=check_by_list{L"Proportional ONScripter",L"ponscr.exe"}; + }; + bool attach_function(); +}; diff --git a/cpp/LunaHook/LunaHook/engine32/PPSSPP.cpp b/cpp/LunaHook/LunaHook/engine32/PPSSPP.cpp new file mode 100644 index 00000000..68d0740d --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/PPSSPP.cpp @@ -0,0 +1,3646 @@ + +#include"PPSSPP.h" + +#include"ppsspp/psputils.hpp" +#if 0 +namespace { // unnamed + +inline bool _bandaigarbage_ch(char c) +{ + return c == ' ' || c == '/' || c == '#' || c == '.' || c == ':' + || c >= '0' && c <= '9' + || c >= 'A' && c <= 'z'; // also ignore ASCII 91-96: [ \ ] ^ _ ` +} + +// Remove trailing /L/P or #n garbage +size_t _bandaistrlen(LPCSTR text) +{ + size_t len = ::strlen(text); + size_t ret = len; + while (len && _bandaigarbage_ch(text[len - 1])) { + len--; + if (text[len] == '/' || text[len] == '#') // in case trim UTF-8 trailing bytes + ret = len; + } + return ret; +} + +// Trim leading garbage +LPCSTR _bandailtrim(LPCSTR p) +{ + enum { MAX_LENGTH = VNR_TEXT_CAPACITY }; + if (p) + for (int count = 0; *p && count < MAX_LENGTH; count++, p++) + if (!_bandaigarbage_ch(*p)) + return p; + return nullptr; +} +} // unnamed namespae + + + +static void SpecialPSPHookBandai(hook_stack* stack, HookParam *hp, uintptr_t *data, uintptr_t *split, size_t*len) +{ + DWORD eax = stack->eax; + LPCSTR text = LPCSTR(eax + hp->user_value); + + if (*text) { + //lasttext = text; + text = _bandailtrim(text); + *data = (DWORD)text; + *len = _bandaistrlen(text); + + // Issue: The split value will create lots of threads for Shining Hearts + //*split = regof(ecx, esp_base); // works for Shool Rumble, but mix character name for Shining Hearts + *split = stack->edi; // works for Shining Hearts to split character name + } +} + +// 7/22/2014 jichi: This engine works for multiple game? +// It is also observed in Broccoli game ぁ�の�リンスさまっ. +bool InsertBandaiPSPHook() +{ + ConsoleOutput("BANDAI PSP: enter"); + + const BYTE bytes[] = { + 0x77, 0x0f, // 13400560 77 0f ja short 13400571 + 0xc7,0x05, XX8, // 13400562 c705 a8aa1001 cc>mov dword ptr ds:[0x110aaa8],0x883decc + 0xe9, XX4, // 1340056c -e9 93fa54f0 jmp 03950004 + 0x8b,0x35, XX4, // 13400571 8b35 78a71001 mov esi,dword ptr ds:[0x110a778] + 0x81,0xc6, 0x01,0x00,0x00,0x00, // 13400577 81c6 01000000 add esi,0x1 + 0x8b,0x05, XX4, // 1340057d 8b05 78a71001 mov eax,dword ptr ds:[0x110a778] + 0x81,0xe0, 0xff,0xff,0xff,0x3f, // 13400583 81e0 ffffff3f and eax,0x3fffffff + 0x0f,0xb6,0xb8, XX4, // 13400589 0fb6b8 00004007 movzx edi,byte ptr ds:[eax+0x7400000] ; jichi: hook here + 0x8b,0x2d, XX4, // 13400590 8b2d 78a71001 mov ebp,dword ptr ds:[0x110a778] + 0x8d,0x6d, 0x01, // 13400596 8d6d 01 lea ebp,dword ptr ss:[ebp+0x1] + 0x81,0xff, 0x00,0x00,0x00,0x00 // 13400599 81ff 00000000 cmp edi,0x0 + }; + enum { memory_offset = 3 }; // 13400589 0fb6b8 00004007 movzx edi,byte ptr ds:[eax+0x7400000] + enum { addr_offset = 0x13400589 - 0x13400560 }; + auto succ=false; + DWORD addr = SafeMatchBytesInPSPMemory(bytes, sizeof(bytes)); + if (!addr) + ConsoleOutput("BANDAI PSP: pattern not found"); + else { + HookParam hp; + hp.address = addr + addr_offset; + hp.user_value = *(DWORD *)(hp.address + memory_offset); + hp.type = USING_STRING|USING_SPLIT|NO_CONTEXT; + //hp.offset=get_reg(regs::eax); + hp.text_fun = SpecialPSPHookBandai; + ConsoleOutput("BANDAI PSP: INSERT"); + succ|=NewHook(hp, "BANDAI PSP"); + } + + ConsoleOutput("BANDAI PSP: leave"); + return succ; +} + + +/** 7/29/2014 jichi Otomate PPSSPP 0.9.9 + * Sample game: Amnesia Crowd + * Sample game: Amnesia Later + * + * 006db4af cc int3 + * 006db4b0 8b15 b8ebaf00 mov edx,dword ptr ds:[0xafebb8] ; ppssppwi.01134988 + * 006db4b6 56 push esi + * 006db4b7 8b42 10 mov eax,dword ptr ds:[edx+0x10] + * 006db4ba 25 ffffff3f and eax,0x3fffffff + * 006db4bf 0305 94411301 add eax,dword ptr ds:[0x1134194] + * 006db4c5 8d70 01 lea esi,dword ptr ds:[eax+0x1] + * 006db4c8 8a08 mov cl,byte ptr ds:[eax] ; jichi: hook here, get text in [eax] + * 006db4ca 40 inc eax + * 006db4cb 84c9 test cl,cl + * 006db4cd ^75 f9 jnz short ppssppwi.006db4c8 + * 006db4cf 2bc6 sub eax,esi + * 006db4d1 8942 08 mov dword ptr ds:[edx+0x8],eax + * 006db4d4 5e pop esi + * 006db4d5 8d0485 07000000 lea eax,dword ptr ds:[eax*4+0x7] + * 006db4dc c3 retn + * 006db4dd cc int3 + */ +static void SpecialPPSSPPHookOtomate(hook_stack* stack, HookParam *hp, uintptr_t *data, uintptr_t *split, size_t*len) +{ + // 006db4b7 8b42 10 mov eax,dword ptr ds:[edx+0x10] ; jichi: hook here + // 006db4ba 25 ffffff3f and eax,0x3fffffff + // 006db4bf 0305 94411301 add eax,dword ptr ds:[0x1134194]; jichi: ds offset + // 006db4c5 8d70 01 lea esi,dword ptr ds:[eax+0x1] + DWORD edx = stack->edx; + DWORD eax = *(DWORD *)(edx + 0x10); + eax &= 0x3fffffff; + eax += *(DWORD *)hp->user_value; + + //DWORD eax = regof(eax, esp_base); + LPCSTR text = LPCSTR(eax); + if (*text) { + text = _bandailtrim(text); // the same as bandai PSP + *data = (DWORD)text; + *len = _bandaistrlen(text); + + *split = stack->ecx; // the same as Otomate PSP hook + //DWORD ecx = regof(ecx, esp_base); // the same as Otomate PSP hook + //*split = ecx ? ecx : (FIXED_SPLIT_VALUE << 2); + //*split = ecx & 0xffffff00; // skip cl which is used + } +} +bool InsertOtomatePPSSPPHook() +{ + ConsoleOutput("Otomate PPSSPP: enter"); + const BYTE bytes[] = { + 0x8b,0x15, XX4, // 006db4b0 8b15 b8ebaf00 mov edx,dword ptr ds:[0xafebb8] ; ppssppwi.01134988 + 0x56, // 006db4b6 56 push esi + 0x8b,0x42, 0x10, // 006db4b7 8b42 10 mov eax,dword ptr ds:[edx+0x10] ; jichi: hook here + 0x25, 0xff,0xff,0xff,0x3f, // 006db4ba 25 ffffff3f and eax,0x3fffffff + 0x03,0x05, XX4, // 006db4bf 0305 94411301 add eax,dword ptr ds:[0x1134194]; jichi: ds offset + 0x8d,0x70, 0x01, // 006db4c5 8d70 01 lea esi,dword ptr ds:[eax+0x1] + 0x8a,0x08, // 006db4c8 8a08 mov cl,byte ptr ds:[eax] ; jichi: hook here + 0x40, // 006db4ca 40 inc eax + 0x84,0xc9, // 006db4cb 84c9 test cl,cl + 0x75, 0xf9, // 006db4cd ^75 f9 jnz short ppssppwi.006db4c8 + 0x2b,0xc6, // 006db4cf 2bc6 sub eax,esi + 0x89,0x42, 0x08, // 006db4d1 8942 08 mov dword ptr ds:[edx+0x8],eax + 0x5e, // 006db4d4 5e pop esi + 0x8d,0x04,0x85, 0x07,0x00,0x00,0x00 // 006db4d5 8d0485 07000000 lea eax,dword ptr ds:[eax*4+0x7] + }; + //enum { addr_offset = 0x006db4c8 - 0x006db4b0 }; + enum { addr_offset = 0x006db4b7 - 0x006db4b0 }; + enum { ds_offset = 0x006db4bf - 0x006db4b0 + 2 }; + auto succ=false; + DWORD addr = SafeFindBytes(bytes, sizeof(bytes), processStartAddress, processStopAddress); + //GROWL_DWORD(addr); + if (!addr) + ConsoleOutput("Otomate PPSSPP: pattern not found"); + else { + HookParam hp; + hp.address = addr + addr_offset; + hp.user_value = *(DWORD *)(addr + ds_offset); // this is the address after ds:[] + hp.type = USING_STRING|NO_CONTEXT; + hp.text_fun = SpecialPPSSPPHookOtomate; + ConsoleOutput("Otomate PPSSPP: INSERT"); + succ|=NewHook(hp, "Otomate PPSSPP"); + } + + ConsoleOutput("Otomate PPSSPP: leave"); + return succ; +} + +/** jichi 7/12/2014 PPSSPP + * Tested with PPSSPP 0.9.8. + */ +void SpecialPSPHook(hook_stack* stack, HookParam *hp, uintptr_t *data, uintptr_t *split, size_t*len) +{ + DWORD offset = *(DWORD *)(stack->base + hp->offset); + LPCSTR text = LPCSTR(offset + hp->user_value); + static LPCSTR lasttext; + if (*text) { + *data = (DWORD)text; + // I only considered SHIFT-JIS/UTF-8 case + if (hp->length_offset == 1) + *len = 1; // only read 1 byte + else if (hp->length_offset) + *len = *(DWORD *)(stack->base + hp->length_offset); + else + *len = ::strlen(text); // should only be applied to hp->type|USING_STRING + if (hp->type & USING_SPLIT) { + if (hp->type & FIXING_SPLIT) + *split = FIXED_SPLIT_VALUE; + else + *split = *(DWORD *)(stack->base + hp->split); + } + } +} + + +/** 8/9/2014 jichi imageepoch.co.jp PSP engine, 0.9.8, 0.9.9 + * Sample game: Sol Trigger (0.9.8, 0.9.9) + * + * Though Imageepoch1 also exists, it cannot find scenario text. + * + * FIXED memory addresses (different from Imageepoch1): two matches, UTF-8 + * + * Debug method: find current text and add breakpoint. + * + * There a couple of good functions. The first one is used. + * There is only one text threads. But it cannot extract character names. + * + * 135fd497 cc int3 + * 135fd498 77 0f ja short 135fd4a9 + * 135fd49a c705 a8aa1001 20>mov dword ptr ds:[0x110aaa8],0x8952d20 + * 135fd4a4 -e9 5b2b2ef0 jmp 038e0004 + * 135fd4a9 8b35 dca71001 mov esi,dword ptr ds:[0x110a7dc] + * 135fd4af 81c6 04000000 add esi,0x4 + * 135fd4b5 8b05 a8a71001 mov eax,dword ptr ds:[0x110a7a8] + * 135fd4bb 81e0 ffffff3f and eax,0x3fffffff + * 135fd4c1 0fb6b8 00004007 movzx edi,byte ptr ds:[eax+0x7400000] ; jichi: hook here + * 135fd4c8 813d 68a71001 00>cmp dword ptr ds:[0x110a768],0x0 + * 135fd4d2 893d 78a71001 mov dword ptr ds:[0x110a778],edi + * 135fd4d8 c705 aca71001 23>mov dword ptr ds:[0x110a7ac],0x23434623 + * 135fd4e2 c705 b0a71001 30>mov dword ptr ds:[0x110a7b0],0x30303030 + * 135fd4ec 8935 b4a71001 mov dword ptr ds:[0x110a7b4],esi + * 135fd4f2 c705 b8a71001 00>mov dword ptr ds:[0x110a7b8],0x0 + * 135fd4fc 0f85 16000000 jnz 135fd518 + * 135fd502 832d c4aa1001 08 sub dword ptr ds:[0x110aac4],0x8 + * 135fd509 e9 22000000 jmp 135fd530 + * 135fd50e 01642d 95 add dword ptr ss:[ebp+ebp-0x6b],esp + * 135fd512 08e9 or cl,ch + * 135fd514 0b2b or ebp,dword ptr ds:[ebx] + * 135fd516 2e:f0:832d c4aa1>lock sub dword ptr cs:[0x110aac4],0x8 ; lock prefix + * 135fd51f c705 a8aa1001 40>mov dword ptr ds:[0x110aaa8],0x8952d40 + * 135fd529 -e9 f52a2ef0 jmp 038e0023 + * 135fd52e 90 nop + * 135fd52f cc int3 + */ +bool InsertImageepoch2PSPHook() +{ + ConsoleOutput("Imageepoch2 PSP: enter"); + + const BYTE bytes[] = { + // 135fd497 cc int3 + 0x77, 0x0f, // 135fd498 77 0f ja short 135fd4a9 + 0xc7,0x05, XX8, // 135fd49a c705 a8aa1001 20>mov dword ptr ds:[0x110aaa8],0x8952d20 + 0xe9, XX4, // 135fd4a4 -e9 5b2b2ef0 jmp 038e0004 + 0x8b,0x35, XX4, // 135fd4a9 8b35 dca71001 mov esi,dword ptr ds:[0x110a7dc] + 0x81,0xc6, 0x04,0x00,0x00,0x00, // 135fd4af 81c6 04000000 add esi,0x4 + 0x8b,0x05, XX4, // 135fd4b5 8b05 a8a71001 mov eax,dword ptr ds:[0x110a7a8] + 0x81,0xe0, 0xff,0xff,0xff,0x3f, // 135fd4bb 81e0 ffffff3f and eax,0x3fffffff + 0x0f,0xb6,0xb8, XX4, // 135fd4c1 0fb6b8 00004007 movzx edi,byte ptr ds:[eax+0x7400000] ; jichi: hook here + 0x81,0x3d, XX4, 0x00,0x00,0x00,0x00, // 135fd4c8 813d 68a71001 00>cmp dword ptr ds:[0x110a768],0x0 + 0x89,0x3d, XX4, // 135fd4d2 893d 78a71001 mov dword ptr ds:[0x110a778],edi + 0xc7,0x05, XX8, // 135fd4d8 c705 aca71001 23>mov dword ptr ds:[0x110a7ac],0x23434623 + 0xc7,0x05, XX8, // 135fd4e2 c705 b0a71001 30>mov dword ptr ds:[0x110a7b0],0x30303030 + 0x89,0x35, XX4, // 135fd4ec 8935 b4a71001 mov dword ptr ds:[0x110a7b4],esi + 0xc7,0x05, XX4, 0x00,0x00,0x00,0x00, // 135fd4f2 c705 b8a71001 00>mov dword ptr ds:[0x110a7b8],0x0 + 0x0f,0x85 //, XX4, // 135fd4fc 0f85 16000000 jnz 135fd518 + }; + enum { memory_offset = 3 }; // 1346d381 0fb6a8 00004007 movzx ebp,byte ptr ds:[eax+0x7400000] + enum { addr_offset = 0x135fd4c1 - 0x135fd498 }; + auto succ=false; + DWORD addr = SafeMatchBytesInPSPMemory(bytes, sizeof(bytes)); + if (!addr) + ConsoleOutput("Imageepoch2 PSP: pattern not found"); + else { + HookParam hp; + hp.address = addr + addr_offset; + hp.user_value = *(DWORD *)(hp.address + memory_offset); + hp.type = USING_STRING|USING_SPLIT|NO_CONTEXT; // UTF-8, though + hp.offset=get_reg(regs::eax); + hp.split = get_reg(regs::ecx); + hp.text_fun = SpecialPSPHook; + ConsoleOutput("Imageepoch2 PSP: INSERT"); + succ|=NewHook(hp, "Imageepoch2 PSP"); + } + + ConsoleOutput("Imageepoch2 PSP: leave"); + return succ; +} + +/** 7/22/2014 jichi BANDAI PSP engine, 0.9.8 only + * Replaced by Otomate PPSSPP on 0.9.9. + * Sample game: School Rumble PSP 姉さん事件で�(SHIFT-JIS) + * See: http://sakuradite.com/topic/333 + * + * Sample game: 寮�のサクリファイス work on 0.9.8, not 0.9.9 + * + * + * Sample game: Shining Hearts (UTF-8) + * See: http://sakuradite.com/topic/346 + * + * The encoding could be either UTF-8 or SHIFT-JIS + * + * Debug method: breakpoint the memory address + * There are two matched memory address to the current text + * + * Only one function is accessing the text address. + * + * Character name: + * + * 1346c122 cc int3 + * 1346c123 cc int3 + * 1346c124 77 0f ja short 1346c135 + * 1346c126 c705 a8aa1001 a4>mov dword ptr ds:[0x110aaa8],0x882f2a4 + * 1346c130 -e9 cf3e2cf0 jmp 03730004 + * 1346c135 8b05 a8a71001 mov eax,dword ptr ds:[0x110a7a8] + * 1346c13b 81e0 ffffff3f and eax,0x3fffffff + * 1346c141 8bb0 14004007 mov esi,dword ptr ds:[eax+0x7400014] + * 1346c147 8b3d 70a71001 mov edi,dword ptr ds:[0x110a770] + * 1346c14d c1e7 02 shl edi,0x2 + * 1346c150 8b05 a8a71001 mov eax,dword ptr ds:[0x110a7a8] + * 1346c156 81e0 ffffff3f and eax,0x3fffffff + * 1346c15c 8ba8 18004007 mov ebp,dword ptr ds:[eax+0x7400018] + * 1346c162 03fe add edi,esi + * 1346c164 8bc7 mov eax,edi + * 1346c166 81e0 ffffff3f and eax,0x3fffffff + * 1346c16c 0fb790 02004007 movzx edx,word ptr ds:[eax+0x7400002] + * 1346c173 8bc2 mov eax,edx + * 1346c175 8bd5 mov edx,ebp + * 1346c177 03d0 add edx,eax + * 1346c179 8bc2 mov eax,edx + * 1346c17b 81e0 ffffff3f and eax,0x3fffffff + * 1346c181 0fb6b8 00004007 movzx edi,byte ptr ds:[eax+0x7400000] ; jichi: hook here + * 1346c188 8bcf mov ecx,edi + * 1346c18a 81e7 ff000000 and edi,0xff + * 1346c190 8935 74a71001 mov dword ptr ds:[0x110a774],esi + * 1346c196 8b35 b8a71001 mov esi,dword ptr ds:[0x110a7b8] + * 1346c19c 81c6 bc82ffff add esi,0xffff82bc + * 1346c1a2 81ff 00000000 cmp edi,0x0 + * 1346c1a8 893d 70a71001 mov dword ptr ds:[0x110a770],edi + * 1346c1ae 8915 78a71001 mov dword ptr ds:[0x110a778],edx + * 1346c1b4 892d 7ca71001 mov dword ptr ds:[0x110a77c],ebp + * 1346c1ba 890d 80a71001 mov dword ptr ds:[0x110a780],ecx + * 1346c1c0 8935 84a71001 mov dword ptr ds:[0x110a784],esi + * 1346c1c6 0f85 16000000 jnz 1346c1e2 + * 1346c1cc 832d c4aa1001 0b sub dword ptr ds:[0x110aac4],0xb + * 1346c1d3 e9 3c050000 jmp 1346c714 + * 1346c1d8 014cf3 82 add dword ptr ds:[ebx+esi*8-0x7e],ecx + * 1346c1dc 08e9 or cl,ch + * 1346c1de 41 inc ecx + * 1346c1df 3e:2c f0 sub al,0xf0 ; superfluous prefix + * 1346c1e2 832d c4aa1001 0b sub dword ptr ds:[0x110aac4],0xb + * 1346c1e9 e9 0e000000 jmp 1346c1fc + * 1346c1ee 01d0 add eax,edx + * 1346c1f0 f2: prefix repne: ; superfluous prefix + * 1346c1f1 8208 e9 or byte ptr ds:[eax],0xffffffe9 + * 1346c1f4 2b3e sub edi,dword ptr ds:[esi] + * 1346c1f6 2c f0 sub al,0xf0 + * 1346c1f8 90 nop + * 1346c1f9 cc int3 + * 1346c1fa cc int3 + * 1346c1fb cc int3 + * + * Scenario: + * + * 1340055d cc int3 + * 1340055e cc int3 + * 1340055f cc int3 + * 13400560 77 0f ja short 13400571 + * 13400562 c705 a8aa1001 cc>mov dword ptr ds:[0x110aaa8],0x883decc + * 1340056c -e9 93fa54f0 jmp 03950004 + * 13400571 8b35 78a71001 mov esi,dword ptr ds:[0x110a778] + * 13400577 81c6 01000000 add esi,0x1 + * 1340057d 8b05 78a71001 mov eax,dword ptr ds:[0x110a778] + * 13400583 81e0 ffffff3f and eax,0x3fffffff + * 13400589 0fb6b8 00004007 movzx edi,byte ptr ds:[eax+0x7400000] ; jichi: hook here + * 13400590 8b2d 78a71001 mov ebp,dword ptr ds:[0x110a778] + * 13400596 8d6d 01 lea ebp,dword ptr ss:[ebp+0x1] + * 13400599 81ff 00000000 cmp edi,0x0 + * 1340059f 8935 70a71001 mov dword ptr ds:[0x110a770],esi + * 134005a5 893d 74a71001 mov dword ptr ds:[0x110a774],edi + * 134005ab 892d 78a71001 mov dword ptr ds:[0x110a778],ebp + * 134005b1 0f84 16000000 je 134005cd + * 134005b7 832d c4aa1001 04 sub dword ptr ds:[0x110aac4],0x4 + * 134005be e9 21000000 jmp 134005e4 + * 134005c3 01d0 add eax,edx + * 134005c5 de83 08e956fa fiadd word ptr ds:[ebx+0xfa56e908] + * 134005cb 54 push esp + * 134005cc f0:832d c4aa1001>lock sub dword ptr ds:[0x110aac4],0x4 ; lock prefix + * 134005d4 e9 7f000000 jmp 13400658 + * 134005d9 01dc add esp,ebx + * 134005db de83 08e940fa fiadd word ptr ds:[ebx+0xfa40e908] + * 134005e1 54 push esp + * 134005e2 f0:90 lock nop ; lock prefix is not allowed + * 134005e4 77 0f ja short 134005f5 + * 134005e6 c705 a8aa1001 d0>mov dword ptr ds:[0x110aaa8],0x883ded0 + * 134005f0 -e9 0ffa54f0 jmp 03950004 + * 134005f5 8b05 78a71001 mov eax,dword ptr ds:[0x110a778] + * 134005fb 81e0 ffffff3f and eax,0x3fffffff + * 13400601 0fb6b0 00004007 movzx esi,byte ptr ds:[eax+0x7400000] + * 13400608 8b3d 78a71001 mov edi,dword ptr ds:[0x110a778] + * 1340060e 8d7f 01 lea edi,dword ptr ds:[edi+0x1] + * 13400611 81fe 00000000 cmp esi,0x0 + * 13400617 8935 74a71001 mov dword ptr ds:[0x110a774],esi + * 1340061d 893d 78a71001 mov dword ptr ds:[0x110a778],edi + * 13400623 0f84 16000000 je 1340063f + * 13400629 832d c4aa1001 03 sub dword ptr ds:[0x110aac4],0x3 + * 13400630 ^e9 afffffff jmp 134005e4 + * 13400635 01d0 add eax,edx + * 13400637 de83 08e9e4f9 fiadd word ptr ds:[ebx+0xf9e4e908] + * 1340063d 54 push esp + * 1340063e f0:832d c4aa1001>lock sub dword ptr ds:[0x110aac4],0x3 ; lock prefix + * 13400646 e9 0d000000 jmp 13400658 + * 1340064b 01dc add esp,ebx + * 1340064d de83 08e9cef9 fiadd word ptr ds:[ebx+0xf9cee908] + * 13400653 54 push esp + * 13400654 f0:90 lock nop ; lock prefix is not allowed + * 13400656 cc int3 + * 13400657 cc int3 + */ +bool InsertBandaiNamePSPHook() +{ + ConsoleOutput("BANDAI Name PSP: enter"); + + const BYTE bytes[] = { + //0xcc, // 1346c122 cc int3 + //0xcc, // 1346c123 cc int3 + 0x77, 0x0f, // 1346c124 77 0f ja short 1346c135 + 0xc7,0x05, XX8, // 1346c126 c705 a8aa1001 a4>mov dword ptr ds:[0x110aaa8],0x882f2a4 + 0xe9, XX4, // 1346c130 -e9 cf3e2cf0 jmp 03730004 + 0x8b,0x05, XX4, // 1346c135 8b05 a8a71001 mov eax,dword ptr ds:[0x110a7a8] + 0x81,0xe0, 0xff,0xff,0xff,0x3f, // 1346c13b 81e0 ffffff3f and eax,0x3fffffff + 0x8b,0xb0, XX4, // 1346c141 8bb0 14004007 mov esi,dword ptr ds:[eax+0x7400014] + 0x8b,0x3d, XX4, // 1346c147 8b3d 70a71001 mov edi,dword ptr ds:[0x110a770] + 0xc1,0xe7, 0x02, // 1346c14d c1e7 02 shl edi,0x2 + 0x8b,0x05, XX4, // 1346c150 8b05 a8a71001 mov eax,dword ptr ds:[0x110a7a8] + 0x81,0xe0, 0xff,0xff,0xff,0x3f, // 1346c156 81e0 ffffff3f and eax,0x3fffffff + 0x8b,0xa8, XX4, // 1346c15c 8ba8 18004007 mov ebp,dword ptr ds:[eax+0x7400018] + 0x03,0xfe, // 1346c162 03fe add edi,esi + 0x8b,0xc7, // 1346c164 8bc7 mov eax,edi + 0x81,0xe0, 0xff,0xff,0xff,0x3f, // 1346c166 81e0 ffffff3f and eax,0x3fffffff + 0x0f,0xb7,0x90, XX4, // 1346c16c 0fb790 02004007 movzx edx,word ptr ds:[eax+0x7400002] + 0x8b,0xc2, // 1346c173 8bc2 mov eax,edx + 0x8b,0xd5, // 1346c175 8bd5 mov edx,ebp + 0x03,0xd0, // 1346c177 03d0 add edx,eax + 0x8b,0xc2, // 1346c179 8bc2 mov eax,edx + 0x81,0xe0, 0xff,0xff,0xff,0x3f, // 1346c17b 81e0 ffffff3f and eax,0x3fffffff + 0x0f,0xb6,0xb8 //, XX4 // 1346c181 0fb6b8 00004007 movzx edi,byte ptr ds:[eax+0x7400000] ; jichi: hook here + }; + enum { memory_offset = 3 }; // 1346c181 0fb6b8 00004007 movzx edi,byte ptr ds:[eax+0x7400000] + enum { addr_offset = sizeof(bytes) - memory_offset }; + auto succ=false; + DWORD addr = SafeMatchBytesInPSPMemory(bytes, sizeof(bytes)); + if (!addr) + ConsoleOutput("BANDAI Name PSP: pattern not found"); + else { + HookParam hp; + hp.address = addr + addr_offset; + hp.user_value = *(DWORD *)(hp.address + memory_offset); + hp.type = USING_STRING|USING_SPLIT|NO_CONTEXT; + hp.offset=get_reg(regs::eax); + hp.split = get_reg(regs::ebx); + hp.text_fun = SpecialPSPHook; + ConsoleOutput("BANDAI Name PSP: INSERT"); + succ|=NewHook(hp, "BANDAI Name PSP"); + } + + ConsoleOutput("BANDAI Name PSP: leave"); + return succ; +} + +/** 7/26/2014 jichi Otomate PSP engine, 0.9.8 only, 0.9.9 not work + * Replaced by Otomate PPSSPP on 0.9.9. + * + * Sample game: クロノスタシア + * Sample game: フォトカ�(repetition) + * + * Not work on 0.9.9: Amnesia Crowd + * + * The instruction pattern also exist in 0.9.9. But the function is not called. + * + * Memory address is FIXED. + * Debug method: breakpoint the memory address + * + * The memory access of the function below is weird that the accessed value is 2 bytes after the real text. + * + * PPSSPP 0.9.8, クロノスタシア + * 13c00fe1 cc int3 + * 13c00fe2 cc int3 + * 13c00fe3 cc int3 + * 13c00fe4 77 0f ja short 13c00ff5 + * 13c00fe6 c705 a8aa1001 30>mov dword ptr ds:[0x110aaa8],0x884b330 + * 13c00ff0 -e9 0ff0edf2 jmp 06ae0004 + * 13c00ff5 8b05 78a71001 mov eax,dword ptr ds:[0x110a778] + * 13c00ffb 81e0 ffffff3f and eax,0x3fffffff + * 13c01001 0fbeb0 0000c007 movsx esi,byte ptr ds:[eax+0x7c00000] ; jichi: hook here + * 13c01008 81fe 00000000 cmp esi,0x0 ; jichi: hook here, get the esi value + * 13c0100e 8935 80a71001 mov dword ptr ds:[0x110a780],esi + * 13c01014 0f84 25000000 je 13c0103f + * 13c0101a 8b35 78a71001 mov esi,dword ptr ds:[0x110a778] + * 13c01020 8d76 01 lea esi,dword ptr ds:[esi+0x1] + * 13c01023 8935 78a71001 mov dword ptr ds:[0x110a778],esi + * 13c01029 832d c4aa1001 03 sub dword ptr ds:[0x110aac4],0x3 + * 13c01030 ^e9 afffffff jmp 13c00fe4 + * 13c01035 0130 add dword ptr ds:[eax],esi + * 13c01037 b3 84 mov bl,0x84 + * 13c01039 08e9 or cl,ch + * 13c0103b e4 ef in al,0xef ; i/o command + * 13c0103d ed in eax,dx ; i/o command + * 13c0103e f2: prefix repne: ; superfluous prefix + * 13c0103f 832d c4aa1001 03 sub dword ptr ds:[0x110aac4],0x3 + * 13c01046 e9 0d000000 jmp 13c01058 + * 13c0104b 013cb3 add dword ptr ds:[ebx+esi*4],edi + * 13c0104e 8408 test byte ptr ds:[eax],cl + * 13c01050 -e9 ceefedf2 jmp 06ae0023 + * 13c01055 90 nop + * 13c01056 cc int3 + * 13c01057 cc int3 + */ +// TODO: is reverse_strlen a better choice? +// Read text from esi +static void SpecialPSPHookOtomate(hook_stack* stack, HookParam *hp, uintptr_t *data, uintptr_t *split, size_t*len) +{ + //static uniquemap uniq; + DWORD eax = stack->eax; + LPCSTR text = LPCSTR(eax + hp->user_value - 2); // -2 to read 1 word more from previous location + if (*text) { + *split = stack->ecx; // this would cause lots of texts, but it works for all games + //*split = regof(ecx, esp_base) & 0xff00; // only use higher bits + *data = (DWORD)text; + size_t sz = ::strlen(text); + *len = sz == 3 ? 3 : 1; // handling the last two bytes + } +} + +bool InsertOtomatePSPHook() +{ + ConsoleOutput("Otomate PSP: enter"); + const BYTE bytes[] = { + 0x77, 0x0f, // 13c00fe4 77 0f ja short 13c00ff5 + 0xc7,0x05, XX8, // 13c00fe6 c705 a8aa1001 30>mov dword ptr ds:[0x110aaa8],0x884b330 + 0xe9, XX4, // 13c00ff0 -e9 0ff0edf2 jmp 06ae0004 + 0x8b,0x05, XX4, // 13c00ff5 8b05 78a71001 mov eax,dword ptr ds:[0x110a778] + 0x81,0xe0, 0xff,0xff,0xff,0x3f, // 13c00ffb 81e0 ffffff3f and eax,0x3fffffff + 0x0f,0xbe,0xb0, XX4, // 13c01001 0fbeb0 0000c007 movsx esi,byte ptr ds:[eax+0x7c00000] ; jichi: hook here + 0x81,0xfe, 0x00,0x00,0x00,0x00, // 13c01008 81fe 00000000 cmp esi,0x0 + 0x89,0x35, XX4, // 13c0100e 8935 80a71001 mov dword ptr ds:[0x110a780],esi + 0x0f,0x84, 0x25,0x00,0x00,0x00, // 13c01014 0f84 25000000 je 13c0103f + 0x8b,0x35, XX4, // 13c0101a 8b35 78a71001 mov esi,dword ptr ds:[0x110a778] + 0x8d,0x76, 0x01, // 13c01020 8d76 01 lea esi,dword ptr ds:[esi+0x1] + 0x89,0x35, XX4, // 13c01023 8935 78a71001 mov dword ptr ds:[0x110a778],esi + 0x83,0x2d, XX4, 0x03 // 13c01029 832d c4aa1001 03 sub dword ptr ds:[0x110aac4],0x3 + }; + enum { memory_offset = 3 }; + //enum { addr_offset = 0x13c01008 - 0x13c00fe4 }; + enum { addr_offset = 0x13c01001- 0x13c00fe4 }; + auto succ=false; + DWORD addr = SafeMatchBytesInPSPMemory(bytes, sizeof(bytes)); + //GROWL_DWORD(addr); + if (!addr) + ConsoleOutput("Otomate PSP: pattern not found"); + else { + HookParam hp; + hp.address = addr + addr_offset; + hp.user_value = *(DWORD *)(hp.address + memory_offset); + hp.type = USING_STRING|NO_CONTEXT; + hp.text_fun = SpecialPSPHookOtomate; + ConsoleOutput("Otomate PSP: INSERT"); + succ|=NewHook(hp, "Otomate PSP"); + } + + ConsoleOutput("Otomate PSP: leave"); + return succ; +} + +/** 7/27/2014 jichi Intense.jp PSP engine, 0.9.8, 0.9.9, + * Though Otomate can work, it cannot work line by line. + * + * Sample game: 寮�のサクリファイス work on 0.9.8 & 0.9.9 + * This hook is only for intro graphic painting + * + * Memory address is FIXED. + * Debug method: predict and breakpoint the memory address + * + * There are two matches in the memory, and only one function accessing them. + * The memory is accessed by words. + * + * The memory and hooked function is as follows. + * + * 09dfee77 88 c3 82 a2 95 a3 82 cc 89 9c 92 ea 82 c5 81 41 暗い淵の奥底で� * 09dfee87 92 e1 82 ad 81 41 8f ac 82 b3 82 ad 81 41 8b bf 低く、小さく〟� + * 09dfee97 82 ad 81 42 2a 70 0a 82 b1 82 ea 82 cd 81 41 8c く�p.これは、� + * 09dfeea7 db 93 ae 81 63 81 48 2a 70 0a 82 c6 82 e0 82 b7 �動…p.ともす + * 09dfeeb7 82 ea 82 ce 95 b7 82 ab 93 a6 82 b5 82 c4 82 b5 れ�聞き送�て� * 09dfeec7 82 dc 82 a2 82 bb 82 a4 82 c8 81 41 2a 70 0a 8f まぁ�ぁ��p.・ + * 09dfeed7 ac 82 b3 82 ad 81 41 8e e3 81 58 82 b5 82 ad 81 �さく、弱、�く� + * 09dfeee7 41 95 73 8a 6d 82 a9 82 c8 89 b9 81 42 00 00 00 a不確かな音�.. + * 09dfeef7 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ + * 09dfee07 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ + * + * 13472227 90 nop + * 13472228 77 0f ja short 13472239 + * 1347222a c705 a8aa1001 20>mov dword ptr ds:[0x110aaa8],0x884ce20 + * 13472234 -e9 cbdd16f0 jmp 035e0004 + * 13472239 8b05 a8a71001 mov eax,dword ptr ds:[0x110a7a8] + * 1347223f 81e0 ffffff3f and eax,0x3fffffff + * 13472245 8bb0 30004007 mov esi,dword ptr ds:[eax+0x7400030] + * 1347224b 8b3d 84a71001 mov edi,dword ptr ds:[0x110a784] + * 13472251 81c7 01000000 add edi,0x1 + * 13472257 8bee mov ebp,esi + * 13472259 032d 84a71001 add ebp,dword ptr ds:[0x110a784] + * 1347225f 8bc5 mov eax,ebp + * 13472261 81e0 ffffff3f and eax,0x3fffffff + * 13472267 0fbe90 00004007 movsx edx,byte ptr ds:[eax+0x7400000] ; jichi: hook here + * 1347226e 8b05 a8a71001 mov eax,dword ptr ds:[0x110a7a8] + * 13472274 81e0 ffffff3f and eax,0x3fffffff + * 1347227a 89b8 38004007 mov dword ptr ds:[eax+0x7400038],edi + * 13472280 8bea mov ebp,edx + * 13472282 81e5 ff000000 and ebp,0xff + * 13472288 81fa 0a000000 cmp edx,0xa + * 1347228e c705 70a71001 0a>mov dword ptr ds:[0x110a770],0xa + * 13472298 8915 74a71001 mov dword ptr ds:[0x110a774],edx + * 1347229e 893d 78a71001 mov dword ptr ds:[0x110a778],edi + * 134722a4 892d 7ca71001 mov dword ptr ds:[0x110a77c],ebp + * 134722aa 8935 80a71001 mov dword ptr ds:[0x110a780],esi + * 134722b0 0f85 16000000 jnz 134722cc + * 134722b6 832d c4aa1001 08 sub dword ptr ds:[0x110aac4],0x8 + * 134722bd e9 02680000 jmp 13478ac4 + * 134722c2 01ec add esp,ebp + * 134722c4 ce into + * 134722c5 8408 test byte ptr ds:[eax],cl + * 134722c7 -e9 57dd16f0 jmp 035e0023 + * 134722cc 832d c4aa1001 08 sub dword ptr ds:[0x110aac4],0x8 + * 134722d3 e9 0c000000 jmp 134722e4 + * 134722d8 0140 ce add dword ptr ds:[eax-0x32],eax + * 134722db 8408 test byte ptr ds:[eax],cl + * 134722dd -e9 41dd16f0 jmp 035e0023 + * 134722e2 90 nop + * 134722e3 cc int3 + */ +// Read text from esi +static void SpecialPSPHookIntense(hook_stack* stack, HookParam *hp, uintptr_t *data, uintptr_t *split, size_t*len) +{ + DWORD eax = stack->eax; + DWORD text = eax + hp->user_value; + if (BYTE c = *(BYTE *)text) { // unsigned char + *data = text; + *len = ::LeadByteTable[c]; // 1 or 2 + //*split = regof(ecx, esp_base); // cause scenario text to split + //*split = regof(edx, esp_base); // cause scenario text to split + + //*split = regof(ebx, esp_base); // works, but floating value + *split = FIXED_SPLIT_VALUE * 3; + } +} +bool InsertIntensePSPHook() +{ + ConsoleOutput("Intense PSP: enter"); + const BYTE bytes[] = { + 0x77, 0x0f, // 13472228 77 0f ja short 13472239 + 0xc7,0x05, XX8, // 1347222a c705 a8aa1001 20>mov dword ptr ds:[0x110aaa8],0x884ce20 + 0xe9, XX4, // 13472234 -e9 cbdd16f0 jmp 035e0004 + 0x8b,0x05, XX4, // 13472239 8b05 a8a71001 mov eax,dword ptr ds:[0x110a7a8] + 0x81,0xe0, 0xff,0xff,0xff,0x3f, // 1347223f 81e0 ffffff3f and eax,0x3fffffff + 0x8b,0xb0, XX4, // 13472245 8bb0 30004007 mov esi,dword ptr ds:[eax+0x7400030] + 0x8b,0x3d, XX4, // 1347224b 8b3d 84a71001 mov edi,dword ptr ds:[0x110a784] + 0x81,0xc7, 0x01,0x00,0x00,0x00, // 13472251 81c7 01000000 add edi,0x1 + 0x8b,0xee, // 13472257 8bee mov ebp,esi + 0x03,0x2d, XX4, // 13472259 032d 84a71001 add ebp,dword ptr ds:[0x110a784] + 0x8b,0xc5, // 1347225f 8bc5 mov eax,ebp + 0x81,0xe0, 0xff,0xff,0xff,0x3f, // 13472261 81e0 ffffff3f and eax,0x3fffffff + 0x0f,0xbe,0x90, XX4, // 13472267 0fbe90 00004007 movsx edx,byte ptr ds:[eax+0x7400000] ; jichi: hook here + 0x8b,0x05, XX4, // 1347226e 8b05 a8a71001 mov eax,dword ptr ds:[0x110a7a8] + 0x81,0xe0, 0xff,0xff,0xff,0x3f // 13472274 81e0 ffffff3f and eax,0x3fffffff + }; + enum { memory_offset = 3 }; + enum { addr_offset = 0x13472267 - 0x13472228 }; + auto succ=false; + DWORD addr = SafeMatchBytesInPSPMemory(bytes, sizeof(bytes)); + if (!addr) + ConsoleOutput("Intense PSP: pattern not found"); + else { + HookParam hp; + hp.address = addr + addr_offset; + hp.user_value = *(DWORD *)(hp.address + memory_offset); + hp.type = USING_STRING|NO_CONTEXT; + hp.text_fun = SpecialPSPHookIntense; + ConsoleOutput("Intense PSP: INSERT"); + succ|=NewHook(hp, "Intense PSP"); + } + + ConsoleOutput("Intense PSP: leave"); + return succ; +} + +/** 7/26/2014 jichi Broccoli PSP engine, 0.9.8, 0.9.9 + * Sample game: 明治東亰恋伽 (works on both 0.9.8, 0.9.9) + * + * Memory address is FIXED. + * Debug method: breakpoint the memory address + * + * The data is in (WORD)dl in bytes. + * + * There are two text threads. + * Only one is correct. + * + * 13d26cab cc int3 + * 13d26cac 77 0f ja short 13d26cbd + * 13d26cae c705 a8aa1001 24>mov dword ptr ds:[0x110aaa8],0x886a724 + * 13d26cb8 -e9 4793ccef jmp 039f0004 + * 13d26cbd 8b35 dca71001 mov esi,dword ptr ds:[0x110a7dc] + * 13d26cc3 8db6 60feffff lea esi,dword ptr ds:[esi-0x1a0] + * 13d26cc9 8b3d e4a71001 mov edi,dword ptr ds:[0x110a7e4] + * 13d26ccf 8bc6 mov eax,esi + * 13d26cd1 81e0 ffffff3f and eax,0x3fffffff + * 13d26cd7 89b8 9001c007 mov dword ptr ds:[eax+0x7c00190],edi + * 13d26cdd 8b2d 80a71001 mov ebp,dword ptr ds:[0x110a780] + * 13d26ce3 0fbfed movsx ebp,bp + * 13d26ce6 8bd6 mov edx,esi + * 13d26ce8 8bce mov ecx,esi + * 13d26cea 03cd add ecx,ebp + * 13d26cec 8935 dca71001 mov dword ptr ds:[0x110a7dc],esi + * 13d26cf2 33c0 xor eax,eax + * 13d26cf4 3bd1 cmp edx,ecx + * 13d26cf6 0f92c0 setb al + * 13d26cf9 8bf0 mov esi,eax + * 13d26cfb 81fe 00000000 cmp esi,0x0 + * 13d26d01 8935 70a71001 mov dword ptr ds:[0x110a770],esi + * 13d26d07 890d 74a71001 mov dword ptr ds:[0x110a774],ecx + * 13d26d0d 892d 80a71001 mov dword ptr ds:[0x110a780],ebp + * 13d26d13 8915 8ca71001 mov dword ptr ds:[0x110a78c],edx + * 13d26d19 0f85 16000000 jnz 13d26d35 + * 13d26d1f 832d c4aa1001 08 sub dword ptr ds:[0x110aac4],0x8 + * 13d26d26 e9 b9000000 jmp 13d26de4 + * 13d26d2b 0158 a7 add dword ptr ds:[eax-0x59],ebx + * 13d26d2e 8608 xchg byte ptr ds:[eax],cl + * 13d26d30 -e9 ee92ccef jmp 039f0023 + * 13d26d35 832d c4aa1001 08 sub dword ptr ds:[0x110aac4],0x8 + * 13d26d3c e9 0b000000 jmp 13d26d4c + * 13d26d41 0144a7 86 add dword ptr ds:[edi-0x7a],eax + * 13d26d45 08e9 or cl,ch + * 13d26d47 d892 ccef9077 fcom dword ptr ds:[edx+0x7790efcc] + * 13d26d4d 0fc7 ??? ; unknown command + * 13d26d4f 05 a8aa1001 add eax,0x110aaa8 + * 13d26d54 44 inc esp + * 13d26d55 a7 cmps dword ptr ds:[esi],dword ptr es:[ed> + * 13d26d56 8608 xchg byte ptr ds:[eax],cl + * 13d26d58 -e9 a792ccef jmp 039f0004 + * 13d26d5d 8b05 7ca71001 mov eax,dword ptr ds:[0x110a77c] + * 13d26d63 81e0 ffffff3f and eax,0x3fffffff + * 13d26d69 0fb6b0 0000c007 movzx esi,byte ptr ds:[eax+0x7c00000] + * 13d26d70 8b3d 7ca71001 mov edi,dword ptr ds:[0x110a77c] + * 13d26d76 8d7f 01 lea edi,dword ptr ds:[edi+0x1] + * 13d26d79 8b05 8ca71001 mov eax,dword ptr ds:[0x110a78c] + * 13d26d7f 81e0 ffffff3f and eax,0x3fffffff + * 13d26d85 8bd6 mov edx,esi + * 13d26d87 8890 0000c007 mov byte ptr ds:[eax+0x7c00000],dl ; jichi: hook here, get byte from dl + * 13d26d8d 8b2d 8ca71001 mov ebp,dword ptr ds:[0x110a78c] + * 13d26d93 8d6d 01 lea ebp,dword ptr ss:[ebp+0x1] + * 13d26d96 81fe 00000000 cmp esi,0x0 + * 13d26d9c 893d 7ca71001 mov dword ptr ds:[0x110a77c],edi + * 13d26da2 8935 88a71001 mov dword ptr ds:[0x110a788],esi + * 13d26da8 892d 8ca71001 mov dword ptr ds:[0x110a78c],ebp + * 13d26dae 0f84 16000000 je 13d26dca + * 13d26db4 832d c4aa1001 05 sub dword ptr ds:[0x110aac4],0x5 + * 13d26dbb e9 f48b0100 jmp 13d3f9b4 + * 13d26dc0 0138 add dword ptr ds:[eax],edi + * 13d26dc2 a7 cmps dword ptr ds:[esi],dword ptr es:[ed> + * 13d26dc3 8608 xchg byte ptr ds:[eax],cl + * 13d26dc5 -e9 5992ccef jmp 039f0023 + * 13d26dca 832d c4aa1001 05 sub dword ptr ds:[0x110aac4],0x5 + * 13d26dd1 e9 0e000000 jmp 13d26de4 + * 13d26dd6 0158 a7 add dword ptr ds:[eax-0x59],ebx + * 13d26dd9 8608 xchg byte ptr ds:[eax],cl + * 13d26ddb -e9 4392ccef jmp 039f0023 + * 13d26de0 90 nop + * 13d26de1 cc int3 + */ + +// New line character for Broccoli games is '^' +static inline bool _broccoligarbage_ch(char c) { return c == '^'; } + +// Read text from dl +static void SpecialPSPHookBroccoli(hook_stack* stack, HookParam *, uintptr_t *data, uintptr_t *split, size_t*len) +{ + DWORD text = stack->edx; // edx address + char c = *(LPCSTR)text; + if (c && !_broccoligarbage_ch(c)) { + *data = text; + *len = 1; + *split = stack->ecx; + } +} + +bool InsertBroccoliPSPHook() +{ + ConsoleOutput("Broccoli PSP: enter"); + + const BYTE bytes[] = { + 0x0f,0xc7, // 13d26d4d 0fc7 ??? ; unknown command + 0x05, XX4, // 13d26d4f 05 a8aa1001 add eax,0x110aaa8 + 0x44, // 13d26d54 44 inc esp + 0xa7, // 13d26d55 a7 cmps dword ptr ds:[esi],dword ptr es:[ed> + 0x86,0x08, // 13d26d56 8608 xchg byte ptr ds:[eax],cl + 0xe9, XX4, // 13d26d58 -e9 a792ccef jmp 039f0004 + 0x8b,0x05, XX4, // 13d26d5d 8b05 7ca71001 mov eax,dword ptr ds:[0x110a77c] + // Following pattern is not sufficient + 0x81,0xe0, 0xff,0xff,0xff,0x3f, // 13d26d63 81e0 ffffff3f and eax,0x3fffffff + 0x0f,0xb6,0xb0, XX4, // 13d26d69 0fb6b0 0000c007 movzx esi,byte ptr ds:[eax+0x7c00000] + 0x8b,0x3d, XX4, // 13d26d70 8b3d 7ca71001 mov edi,dword ptr ds:[0x110a77c] + 0x8d,0x7f, 0x01, // 13d26d76 8d7f 01 lea edi,dword ptr ds:[edi+0x1] + 0x8b,0x05, XX4, // 13d26d79 8b05 8ca71001 mov eax,dword ptr ds:[0x110a78c] + 0x81,0xe0, 0xff,0xff,0xff,0x3f, // 13d26d7f 81e0 ffffff3f and eax,0x3fffffff + 0x8b,0xd6, // 13d26d85 8bd6 mov edx,esi + 0x88,0x90, XX4, // 13d26d87 8890 0000c007 mov byte ptr ds:[eax+0x7c00000],dl ; jichi: hook here, get byte from dl + 0x8b,0x2d, XX4, // 13d26d8d 8b2d 8ca71001 mov ebp,dword ptr ds:[0x110a78c] + 0x8d,0x6d, 0x01, // 13d26d93 8d6d 01 lea ebp,dword ptr ss:[ebp+0x1] + 0x81,0xfe, 0x00,0x00,0x00,0x00 // 13d26d96 81fe 00000000 cmp esi,0x0 + }; + enum { addr_offset = 0x13d26d87 - 0x13d26d4d }; + auto succ=false; + DWORD addr = SafeMatchBytesInPSPMemory(bytes, sizeof(bytes)); + if (!addr) + ConsoleOutput("Broccoli PSP: pattern not found"); + else { + HookParam hp; + hp.address = addr + addr_offset; + hp.type = USING_STRING|USING_SPLIT|NO_CONTEXT; + hp.text_fun = SpecialPSPHookBroccoli; + //GROWL_DWORD(hp.address); + ConsoleOutput("Broccoli PSP: INSERT"); + succ|=NewHook(hp, "Broccoli PSP"); + } + + ConsoleOutput("Broccoli PSP: leave"); + return succ; +} + +/** 9/5/2014 jichi felistella.co.jp PSP engine, 0.9.8, 0.9.9 + * Sample game: Summon Night 5 0.9.8/0.9.9 + * + * Encoding: utf8 + * Fixed memory addresses: two matches + * + * Debug method: predict the text and add break-points. + * + * There are two good functions + * The second is used as it contains fewer garbage + * + * // Not used + * 14081173 cc int3 + * 14081174 77 0f ja short 14081185 + * 14081176 c705 c84c1301 40>mov dword ptr ds:[0x1134cc8],0x8989540 + * 14081180 -e9 7feef5f3 jmp 07fe0004 + * 14081185 8b35 9c491301 mov esi,dword ptr ds:[0x113499c] + * 1408118b 8bc6 mov eax,esi + * 1408118d 81e0 ffffff3f and eax,0x3fffffff + * 14081193 0fb6b8 00000008 movzx edi,byte ptr ds:[eax+0x8000000] ; jichi: hook here + * 1408119a 8bef mov ebp,edi + * 1408119c 81e5 80000000 and ebp,0x80 + * 140811a2 8d76 01 lea esi,dword ptr ds:[esi+0x1] + * 140811a5 81fd 00000000 cmp ebp,0x0 + * 140811ab c705 90491301 00>mov dword ptr ds:[0x1134990],0x0 + * 140811b5 893d 9c491301 mov dword ptr ds:[0x113499c],edi + * 140811bb 8935 a0491301 mov dword ptr ds:[0x11349a0],esi + * 140811c1 892d a4491301 mov dword ptr ds:[0x11349a4],ebp + * 140811c7 0f85 16000000 jnz 140811e3 + * 140811cd 832d e44c1301 06 sub dword ptr ds:[0x1134ce4],0x6 + * 140811d4 e9 fbf71200 jmp 141b09d4 + * 140811d9 01dc add esp,ebx + * 140811db 95 xchg eax,ebp + * 140811dc 98 cwde + * 140811dd 08e9 or cl,ch + * 140811df 40 inc eax + * + * // Used + * 141be92f cc int3 + * 141be930 77 0f ja short 141be941 + * 141be932 c705 c84c1301 0c>mov dword ptr ds:[0x1134cc8],0x8988f0c + * 141be93c -e9 c316e2f3 jmp 07fe0004 + * 141be941 8b35 98491301 mov esi,dword ptr ds:[0x1134998] + * 141be947 8bc6 mov eax,esi + * 141be949 81e0 ffffff3f and eax,0x3fffffff + * 141be94f 0fb6b8 00000008 movzx edi,byte ptr ds:[eax+0x8000000] ; jichi: hook here + * 141be956 81ff 00000000 cmp edi,0x0 + * 141be95c c705 90491301 00>mov dword ptr ds:[0x1134990],0x0 + * 141be966 893d 98491301 mov dword ptr ds:[0x1134998],edi + * 141be96c 8935 9c491301 mov dword ptr ds:[0x113499c],esi + * 141be972 0f85 16000000 jnz 141be98e + * 141be978 832d e44c1301 04 sub dword ptr ds:[0x1134ce4],0x4 + * 141be97f e9 e4020000 jmp 141bec68 + * 141be984 01748f 98 add dword ptr ds:[edi+ecx*4-0x68],esi + * 141be988 08e9 or cl,ch + * 141be98a 95 xchg eax,ebp + * 141be98b 16 push ss + * 141be98c ^e2 f3 loopd short 141be981 + * 141be98e 832d e44c1301 04 sub dword ptr ds:[0x1134ce4],0x4 + * 141be995 e9 0e000000 jmp 141be9a8 + * 141be99a 011c8f add dword ptr ds:[edi+ecx*4],ebx + * 141be99d 98 cwde + * 141be99e 08e9 or cl,ch + * 141be9a0 7f 16 jg short 141be9b8 + * 141be9a2 ^e2 f3 loopd short 141be997 + * 141be9a4 90 nop + * 141be9a5 cc int3 + */ +// Only split text when edi is eax +// The value of edi is either eax or 0 +static void SpecialPSPHookFelistella(hook_stack* stack, HookParam *hp, uintptr_t *data, uintptr_t *split, size_t*len) +{ + DWORD eax = stack->eax; + LPCSTR text = LPCSTR(eax + hp->user_value); + if (text) { + *len = ::strlen(text); // utf8 + *data = (DWORD)text; + + DWORD edi = stack->edi; + *split = FIXED_SPLIT_VALUE * (edi == eax ? 4 : 5); + } +} +bool InsertFelistellaPSPHook() +{ + ConsoleOutput("FELISTELLA PSP: enter"); + const BYTE bytes[] = { + //0xcc, // 141be92f cc int3 + 0x77, 0x0f, // 141be930 77 0f ja short 141be941 + 0xc7,0x05, XX8, // 141be932 c705 c84c1301 0c>mov dword ptr ds:[0x1134cc8],0x8988f0c + 0xe9, XX4, // 141be93c -e9 c316e2f3 jmp 07fe0004 + 0x8b,0x35, XX4, // 141be941 8b35 98491301 mov esi,dword ptr ds:[0x1134998] + 0x8b,0xc6, // 141be947 8bc6 mov eax,esi + 0x81,0xe0, 0xff,0xff,0xff,0x3f, // 141be949 81e0 ffffff3f and eax,0x3fffffff + 0x0f,0xb6,0xb8, XX4, // 141be94f 0fb6b8 00000008 movzx edi,byte ptr ds:[eax+0x8000000] ; jichi: hook here + 0x81,0xff, 0x00,0x00,0x00,0x00, // 141be956 81ff 00000000 cmp edi,0x0 + 0xc7,0x05, XX4, 0x00,0x00,0x00,0x00, // 141be95c c705 90491301 00>mov dword ptr ds:[0x1134990],0x0 + 0x89,0x3d, XX4, // 141be966 893d 98491301 mov dword ptr ds:[0x1134998],edi + 0x89,0x35, XX4, // 141be96c 8935 9c491301 mov dword ptr ds:[0x113499c],esi + 0x0f,0x85, XX4, // 141be972 0f85 16000000 jnz 141be98e + 0x83,0x2d, XX4, 0x04, // 141be978 832d e44c1301 04 sub dword ptr ds:[0x1134ce4],0x4 + // Above is not sufficient + 0xe9, XX4, // 141be97f e9 e4020000 jmp 141bec68 + 0x01,0x74,0x8f, 0x98 // 141be984 01748f 98 add dword ptr ds:[edi+ecx*4-0x68],esi + //0x08,0xe9, // 141be988 08e9 or cl,ch + // Below could be changed for different run + //0x95, // 141be98a 95 xchg eax,ebp + //0x16 // 141be98b 16 push ss + }; + enum { memory_offset = 3 }; + enum { addr_offset = 0x141be94f - 0x141be930 }; + auto succ=false; + DWORD addr = SafeMatchBytesInPSPMemory(bytes, sizeof(bytes)); + //GROWL_DWORD(addr); + if (!addr) + ConsoleOutput("FELISTELLA PSP: pattern not found"); + else { + HookParam hp; + hp.address = addr + addr_offset; + hp.user_value = *(DWORD *)(hp.address + memory_offset); + hp.type = USING_STRING|CODEC_UTF8|USING_SPLIT|NO_CONTEXT; // Fix the split value to merge all threads + //hp.text_fun = SpecialPSPHook; + hp.text_fun = SpecialPSPHookFelistella; + hp.offset=get_reg(regs::eax); + ConsoleOutput("FELISTELLA PSP: INSERT"); + succ|=NewHook(hp, "FELISTELLA PSP"); + } + + ConsoleOutput("FELISTELLA PSP: leave"); + return succ; +} + +/** 7/13/2014 jichi alchemist-net.co.jp PSP engine, 0.9.8 only, not work on 0.9.9 + * Sample game: your diary+ (moe-ydp.iso) + * The memory address is fixed. + * Note: This pattern seems to be common that not only exists in Alchemist games. + * + * Not work on 0.9.9: Amnesia Crowd + * + * Debug method: simply add hardware break points to the matched memory + * + * PPSSPP 0.9.8, your diary+ + * 134076f2 cc int3 + * 134076f3 cc int3 + * 134076f4 77 0f ja short 13407705 + * 134076f6 c705 a8aa1001 40>mov dword ptr ds:[0x110aaa8],0x8931040 + * 13407700 -e9 ff88f2f3 jmp 07330004 + * 13407705 8b05 7ca71001 mov eax,dword ptr ds:[0x110a77c] + * 1340770b 81e0 ffffff3f and eax,0x3fffffff + * 13407711 0fbeb0 00004007 movsx esi,byte ptr ds:[eax+0x7400000] // jichi: hook here + * 13407718 8b3d 78a71001 mov edi,dword ptr ds:[0x110a778] + * 1340771e 8b2d 7ca71001 mov ebp,dword ptr ds:[0x110a77c] + * 13407724 81c5 01000000 add ebp,0x1 + * 1340772a 8b05 78a71001 mov eax,dword ptr ds:[0x110a778] + * 13407730 81e0 ffffff3f and eax,0x3fffffff + * 13407736 8bd6 mov edx,esi + * 13407738 8890 00004007 mov byte ptr ds:[eax+0x7400000],dl // jichi: alternatively hook here + * 1340773e 8b15 78a71001 mov edx,dword ptr ds:[0x110a778] + * 13407744 81c2 01000000 add edx,0x1 + * 1340774a 8bcd mov ecx,ebp + * 1340774c 8935 88a71001 mov dword ptr ds:[0x110a788],esi + * 13407752 8bf2 mov esi,edx + * 13407754 813d 88a71001 00>cmp dword ptr ds:[0x110a788],0x0 + * 1340775e 893d 70a71001 mov dword ptr ds:[0x110a770],edi + * 13407764 8935 78a71001 mov dword ptr ds:[0x110a778],esi + * 1340776a 890d 7ca71001 mov dword ptr ds:[0x110a77c],ecx + * 13407770 8915 80a71001 mov dword ptr ds:[0x110a780],edx + * 13407776 892d 84a71001 mov dword ptr ds:[0x110a784],ebp + * 1340777c 0f85 16000000 jnz 13407798 + * 13407782 832d c4aa1001 08 sub dword ptr ds:[0x110aac4],0x8 + * 13407789 e9 ce000000 jmp 1340785c + * 1340778e 017c10 93 add dword ptr ds:[eax+edx-0x6d],edi + * 13407792 08e9 or cl,ch + * 13407794 8b88 f2f3832d mov ecx,dword ptr ds:[eax+0x2d83f3f2] + * 1340779a c4aa 100108e9 les ebp,fword ptr ds:[edx+0xe9080110] ; modification of segment register + * 134077a0 0c 00 or al,0x0 + * 134077a2 0000 add byte ptr ds:[eax],al + * 134077a4 0160 10 add dword ptr ds:[eax+0x10],esp + * 134077a7 93 xchg eax,ebx + * 134077a8 08e9 or cl,ch + * 134077aa ^75 88 jnz short 13407734 + * 134077ac f2: prefix repne: ; superfluous prefix + * 134077ad f3: prefix rep: ; superfluous prefix + * 134077ae 90 nop + * 134077af cc int3 + */ + +namespace { // unnamed + +// Return true if the text is a garbage character +inline bool _alchemistgarbage_ch(char c) +{ + return c == '.' || c == '/' + || c == '#' || c == ':' // garbage in alchemist2 hook + || c >= '0' && c <= '9' + || c >= 'A' && c <= 'z' // also ignore ASCII 91-96: [ \ ] ^ _ ` + ; +} + +// Return true if the text is full of garbage characters +bool _alchemistgarbage(LPCSTR p) +{ + enum { MAX_LENGTH = VNR_TEXT_CAPACITY }; + for (int count = 0; *p && count < MAX_LENGTH; count++, p++) + if (!_alchemistgarbage_ch(*p)) + return false; + return true; +} + +// 7/20/2014 jichi: Trim Rejet garbage. Sample game: 月華繚乱ROMANCE +// Such as: #Pos[1,2] +inline bool _rejetgarbage_ch(char c) +{ + return c == '#' || c == ' ' || c == '[' || c == ']' || c == ',' + || c >= 'A' && c <= 'z' // also ignore ASCII 91-96: [ \ ] ^ _ ` + || c >= '0' && c <= '9'; +} + +bool _rejetgarbage(LPCSTR p) +{ + enum { MAX_LENGTH = VNR_TEXT_CAPACITY }; + for (int count = 0; *p && count < MAX_LENGTH; count++, p++) + if (!_rejetgarbage_ch(*p)) + return false; + return true; +} + +// Trim leading garbage +LPCSTR _rejetltrim(LPCSTR p) +{ + enum { MAX_LENGTH = VNR_TEXT_CAPACITY }; + if (p) + for (int count = 0; *p && count < MAX_LENGTH; count++, p++) + if (!_rejetgarbage_ch(*p)) + return p; + return nullptr; +} + +// Trim trailing garbage +size_t _rejetstrlen(LPCSTR text) +{ + if (!text) + return 0; + size_t len = ::strlen(text), + ret = len; + while (len && _rejetgarbage_ch(text[len - 1])) { + len--; + if (text[len] == '#') // in case trim UTF-8 trailing bytes + ret = len; + } + return ret; +} + +} // unnamed namespace + +static void SpecialPSPHookAlchemist(hook_stack* stack, HookParam *hp, uintptr_t *data, uintptr_t *split, size_t*len) +{ + DWORD eax = stack->eax; + LPCSTR text = LPCSTR(eax + hp->user_value); + if (*text && !_alchemistgarbage(text)) { + text = _rejetltrim(text); + *data = (DWORD)text; + *len = _rejetstrlen(text); + *split = stack->ecx; + } +} + +bool InsertAlchemistPSPHook() +{ + ConsoleOutput("Alchemist PSP: enter"); + const BYTE bytes[] = { + //0xcc, // 134076f2 cc int3 + //0xcc, // 134076f3 cc int3 + 0x77, 0x0f, // 134076f4 77 0f ja short 13407705 + 0xc7,0x05, XX8, // 134076f6 c705 a8aa1001 40>mov dword ptr ds:[0x110aaa8],0x8931040 + 0xe9, XX4, // 13407700 -e9 ff88f2f3 jmp 07330004 + 0x8b,0x05, XX4, // 13407705 8b05 7ca71001 mov eax,dword ptr ds:[0x110a77c] + 0x81,0xe0, 0xff,0xff,0xff,0x3f, // 1340770b 81e0 ffffff3f and eax,0x3fffffff + 0x0f,0xbe,0xb0, XX4, // 13407711 0fbeb0 00004007 movsx esi,byte ptr ds:[eax+0x7400000] // jichi: hook here + 0x8b,0x3d, XX4, // 13407718 8b3d 78a71001 mov edi,dword ptr ds:[0x110a778] + 0x8b,0x2d, XX4, // 1340771e 8b2d 7ca71001 mov ebp,dword ptr ds:[0x110a77c] + 0x81,0xc5, 0x01,0x00,0x00,0x00, // 13407724 81c5 01000000 add ebp,0x1 + 0x8b,0x05, XX4, // 1340772a 8b05 78a71001 mov eax,dword ptr ds:[0x110a778] + 0x81,0xe0, 0xff,0xff,0xff,0x3f, // 13407730 81e0 ffffff3f and eax,0x3fffffff + 0x8b,0xd6, // 13407736 8bd6 mov edx,esi + 0x88,0x90 //, XX4 // 13407738 8890 00004007 mov byte ptr ds:[eax+0x7400000],dl // jichi: alternatively hook here + }; + enum { memory_offset = 3 }; // 13407711 0fbeb0 00004007 movsx esi,byte ptr ds:[eax+0x7400000] + enum { addr_offset = 0x13407711 - 0x134076f4 }; + auto succ=false; + DWORD addr = SafeMatchBytesInPSPMemory(bytes, sizeof(bytes)); + //GROWL_DWORD(addr); + if (!addr) + ConsoleOutput("Alchemist PSP: pattern not found"); + else { + HookParam hp; + hp.address = addr + addr_offset; + hp.user_value = *(DWORD *)(hp.address + memory_offset); + hp.text_fun = SpecialPSPHookAlchemist; + hp.type = USING_STRING|NO_CONTEXT; // no context is needed to get rid of variant retaddr + ConsoleOutput("Alchemist PSP: INSERT"); + succ|=NewHook(hp, "Alchemist PSP"); + } + + ConsoleOutput("Alchemist PSP: leave"); + return succ; +} + +/** 8/12/2014 jichi Konami.jp PSP engine, 0.9.8, 0.9.9, + * Though Alchemist/Otomate can work, it has bad split that creates too many threads. + * + * Sample game: 幻想水滸�紡がれし百年の�on 0.9.8, 0.9.9 + * + * Memory address is FIXED. + * But hardware accesses are looped. + * Debug method: predict and breakpoint the memory address + * + * There are two matches in the memory. + * Three looped functions are as follows. + * I randomply picked the first one. + * + * It cannot extract character names. + * + * 14178f73 cc int3 + * 14178f74 77 0f ja short 14178f85 + * 14178f76 c705 c84c1301 a4>mov dword ptr ds:[0x1134cc8],0x88129a4 + * 14178f80 -e9 7f7071ef jmp 03890004 + * 14178f85 8b05 c8491301 mov eax,dword ptr ds:[0x11349c8] + * 14178f8b 81e0 ffffff3f and eax,0x3fffffff + * 14178f91 0fbeb0 00000008 movsx esi,byte ptr ds:[eax+0x8000000] ; jichi: hook here, loop + * 14178f98 81fe 40000000 cmp esi,0x40 + * 14178f9e 8935 98491301 mov dword ptr ds:[0x1134998],esi + * 14178fa4 c705 9c491301 40>mov dword ptr ds:[0x113499c],0x40 + * 14178fae 0f85 2f000000 jnz 14178fe3 + * 14178fb4 8b05 c8491301 mov eax,dword ptr ds:[0x11349c8] + * 14178fba 81e0 ffffff3f and eax,0x3fffffff + * 14178fc0 0fbeb0 01000008 movsx esi,byte ptr ds:[eax+0x8000001] + * 14178fc7 8935 98491301 mov dword ptr ds:[0x1134998],esi + * 14178fcd 832d e44c1301 04 sub dword ptr ds:[0x1134ce4],0x4 + * 14178fd4 c705 c84c1301 d0>mov dword ptr ds:[0x1134cc8],0x88129d0 + * 14178fde -e9 407071ef jmp 03890023 + * 14178fe3 832d e44c1301 04 sub dword ptr ds:[0x1134ce4],0x4 + * 14178fea e9 0d000000 jmp 14178ffc + * 14178fef 01b429 8108e92a add dword ptr ds:[ecx+ebp+0x2ae90881],es> + * 14178ff6 70 71 jo short 14179069 + * 14178ff8 ef out dx,eax ; i/o command + * 14178ff9 90 nop + * 14178ffa cc int3 + * + * 1417a18c 77 0f ja short 1417a19d + * 1417a18e c705 c84c1301 78>mov dword ptr ds:[0x1134cc8],0x8818378 + * 1417a198 -e9 675e71ef jmp 03890004 + * 1417a19d 8b05 c8491301 mov eax,dword ptr ds:[0x11349c8] + * 1417a1a3 81e0 ffffff3f and eax,0x3fffffff + * 1417a1a9 0fbeb0 00000008 movsx esi,byte ptr ds:[eax+0x8000000] ; jichi: hook here, loop + * 1417a1b0 81fe 0a000000 cmp esi,0xa + * 1417a1b6 8935 98491301 mov dword ptr ds:[0x1134998],esi + * 1417a1bc c705 9c491301 0a>mov dword ptr ds:[0x113499c],0xa + * 1417a1c6 0f84 2e000000 je 1417a1fa + * 1417a1cc 8b05 fc491301 mov eax,dword ptr ds:[0x11349fc] + * 1417a1d2 81e0 ffffff3f and eax,0x3fffffff + * 1417a1d8 8bb0 18000008 mov esi,dword ptr ds:[eax+0x8000018] + * 1417a1de 8935 98491301 mov dword ptr ds:[0x1134998],esi + * 1417a1e4 832d e44c1301 04 sub dword ptr ds:[0x1134ce4],0x4 + * 1417a1eb e9 24000000 jmp 1417a214 + * 1417a1f0 01b0 838108e9 add dword ptr ds:[eax+0xe9088183],esi + * 1417a1f6 295e 71 sub dword ptr ds:[esi+0x71],ebx + * 1417a1f9 ef out dx,eax ; i/o command + * 1417a1fa 832d e44c1301 04 sub dword ptr ds:[0x1134ce4],0x4 + * 1417a201 e9 1e660000 jmp 14180824 + * 1417a206 0188 838108e9 add dword ptr ds:[eax+0xe9088183],ecx + * 1417a20c 135e 71 adc ebx,dword ptr ds:[esi+0x71] + * 1417a20f ef out dx,eax ; i/o command + * 1417a210 90 nop + * 1417a211 cc int3 + * 1417a212 cc int3 + * + * 1417a303 90 nop + * 1417a304 77 0f ja short 1417a315 + * 1417a306 c705 c84c1301 48>mov dword ptr ds:[0x1134cc8],0x8818448 + * 1417a310 -e9 ef5c71ef jmp 03890004 + * 1417a315 8b35 dc491301 mov esi,dword ptr ds:[0x11349dc] + * 1417a31b 8b3d 98491301 mov edi,dword ptr ds:[0x1134998] + * 1417a321 33c0 xor eax,eax + * 1417a323 3bf7 cmp esi,edi + * 1417a325 0f9cc0 setl al + * 1417a328 8bf8 mov edi,eax + * 1417a32a 81ff 00000000 cmp edi,0x0 + * 1417a330 893d 98491301 mov dword ptr ds:[0x1134998],edi + * 1417a336 0f84 2f000000 je 1417a36b + * 1417a33c 8b05 c8491301 mov eax,dword ptr ds:[0x11349c8] + * 1417a342 81e0 ffffff3f and eax,0x3fffffff + * 1417a348 0fbeb0 00000008 movsx esi,byte ptr ds:[eax+0x8000000] ; jichi: hook here, loop + * 1417a34f 8935 98491301 mov dword ptr ds:[0x1134998],esi + * 1417a355 832d e44c1301 03 sub dword ptr ds:[0x1134ce4],0x3 + * 1417a35c e9 23000000 jmp 1417a384 + * 1417a361 018484 8108e9b8 add dword ptr ss:[esp+eax*4+0xb8e90881],> + * 1417a368 5c pop esp + * 1417a369 ^71 ef jno short 1417a35a + * 1417a36b 832d e44c1301 03 sub dword ptr ds:[0x1134ce4],0x3 + * 1417a372 c705 c84c1301 54>mov dword ptr ds:[0x1134cc8],0x8818454 + * 1417a37c -e9 a25c71ef jmp 03890023 + * 1417a381 90 nop + * 1417a382 cc int3 + */ +// Read text from looped address word by word +// Use reverse search to avoid looping issue assume the text is at fixed address. +static void SpecialPSPHookKonami(hook_stack* stack, HookParam *hp, uintptr_t *data, uintptr_t *split, size_t*len) +{ + //static LPCSTR lasttext; // this value should be the same for the same game + static size_t lastsize; + + DWORD eax = stack->eax; + LPCSTR cur = LPCSTR(eax + hp->user_value); + if (!*cur) + return; + + LPCSTR text = reverse_search_begin(cur); + if (!text) + return; + //if (lasttext != text) { + // lasttext = text; + // lastsize = 0; // reset last size + //} + + size_t size = ::strlen(text); + if (size == lastsize) + return; + + *len = lastsize = size; + *data = (DWORD)text; + + *split = stack->ebx; // ecx changes for each character, ebx is an address, edx is stable, but very large +} +bool InsertKonamiPSPHook() +{ + ConsoleOutput("KONAMI PSP: enter"); + const BYTE bytes[] = { + // 14178f73 cc int3 + 0x77, 0x0f, // 14178f74 77 0f ja short 14178f85 + 0xc7,0x05, XX8, // 14178f76 c705 c84c1301 a4>mov dword ptr ds:[0x1134cc8],0x88129a4 + 0xe9, XX4, // 14178f80 -e9 7f7071ef jmp 03890004 + 0x8b,0x05, XX4, // 14178f85 8b05 c8491301 mov eax,dword ptr ds:[0x11349c8] + 0x81,0xe0, 0xff,0xff,0xff,0x3f, // 14178f8b 81e0 ffffff3f and eax,0x3fffffff + 0x0f,0xbe,0xb0, XX4, // 14178f91 0fbeb0 00000008 movsx esi,byte ptr ds:[eax+0x8000000] ; jichi: hook here, loop + 0x81,0xfe, 0x40,0x00,0x00,0x00, // 14178f98 81fe 40000000 cmp esi,0x40 + 0x89,0x35 //, XX4, // 14178f9e 8935 98491301 mov dword ptr ds:[0x1134998],esi + //0xc7,0x05, XX4, 0x40,0x00,0x00,0x00, // 14178fa4 c705 9c491301 40>mov dword ptr ds:[0x113499c],0x40 + //0x0f,0x85, 0x2f,0x00,0x00,0x00,0x00, // 14178fae 0f85 2f000000 jnz 14178fe3 + //0x8b,0x05, XX4 // 14178fb4 8b05 c8491301 mov eax,dword ptr ds:[0x11349c8] + }; + enum { memory_offset = 3 }; + enum { addr_offset = 0x14178f91 - 0x14178f74 }; + auto succ=false; + DWORD addr = SafeMatchBytesInPSPMemory(bytes, sizeof(bytes)); + if (!addr) + ConsoleOutput("KONAMI PSP: pattern not found"); + else { + HookParam hp; + hp.address = addr + addr_offset; + hp.user_value = *(DWORD *)(hp.address + memory_offset); + hp.type = USING_STRING|NO_CONTEXT; + hp.text_fun = SpecialPSPHookKonami; + ConsoleOutput("KONAMI PSP: INSERT"); + succ|=NewHook(hp, "KONAMI PSP"); + } + + ConsoleOutput("KONAMI PSP: leave"); + return succ; +} +/** 7/13/2014 jichi 5pb.jp PSP engine, 0.9.8, 0.9.9 + * Sample game: STEINS;GATE + * + * FIXME: The current pattern could crash VNR + * + * Note: searching after 0x15000000 would found a wrong address on 0.9.9. + * Hooking to it would crash PPSSPP. + * + * Float memory addresses: two matches + * + * Debug method: precompute memory address and set break points, then navigate to that scene + * + * Attach to this function for wrong game might cause BEX (buffer overflow) exception. + * + * 135752c7 90 nop + * 135752c8 77 0f ja short 135752d9 + * 135752ca c705 a8aa1001 d4>mov dword ptr ds:[0x110aaa8],0x8888ed4 + * 135752d4 -e9 2badf3ef jmp 034b0004 + * 135752d9 8b35 dca71001 mov esi,dword ptr ds:[0x110a7dc] + * 135752df 8d76 a0 lea esi,dword ptr ds:[esi-0x60] + * 135752e2 8b3d e4a71001 mov edi,dword ptr ds:[0x110a7e4] + * 135752e8 8bc6 mov eax,esi + * 135752ea 81e0 ffffff3f and eax,0x3fffffff + * 135752f0 89b8 1c004007 mov dword ptr ds:[eax+0x740001c],edi + * 135752f6 8b2d bca71001 mov ebp,dword ptr ds:[0x110a7bc] + * 135752fc 8bc6 mov eax,esi + * 135752fe 81e0 ffffff3f and eax,0x3fffffff + * 13575304 89a8 18004007 mov dword ptr ds:[eax+0x7400018],ebp + * 1357530a 8b15 b8a71001 mov edx,dword ptr ds:[0x110a7b8] + * 13575310 8bc6 mov eax,esi + * 13575312 81e0 ffffff3f and eax,0x3fffffff + * 13575318 8990 14004007 mov dword ptr ds:[eax+0x7400014],edx + * 1357531e 8b0d b4a71001 mov ecx,dword ptr ds:[0x110a7b4] + * 13575324 8bc6 mov eax,esi + * 13575326 81e0 ffffff3f and eax,0x3fffffff + * 1357532c 8988 10004007 mov dword ptr ds:[eax+0x7400010],ecx + * 13575332 8b3d b0a71001 mov edi,dword ptr ds:[0x110a7b0] + * 13575338 8bc6 mov eax,esi + * 1357533a 81e0 ffffff3f and eax,0x3fffffff + * 13575340 89b8 0c004007 mov dword ptr ds:[eax+0x740000c],edi + * 13575346 8b3d aca71001 mov edi,dword ptr ds:[0x110a7ac] + * 1357534c 8bc6 mov eax,esi + * 1357534e 81e0 ffffff3f and eax,0x3fffffff + * 13575354 89b8 08004007 mov dword ptr ds:[eax+0x7400008],edi + * 1357535a 8b3d a8a71001 mov edi,dword ptr ds:[0x110a7a8] + * 13575360 8bc6 mov eax,esi + * 13575362 81e0 ffffff3f and eax,0x3fffffff + * 13575368 89b8 04004007 mov dword ptr ds:[eax+0x7400004],edi + * 1357536e 8b15 78a71001 mov edx,dword ptr ds:[0x110a778] + * 13575374 8935 dca71001 mov dword ptr ds:[0x110a7dc],esi + * 1357537a 8b05 7ca71001 mov eax,dword ptr ds:[0x110a77c] + * 13575380 81e0 ffffff3f and eax,0x3fffffff + * 13575386 0fbeb0 00004007 movsx esi,byte ptr ds:[eax+0x7400000] ; jichi: hook here + * 1357538d 8935 78a71001 mov dword ptr ds:[0x110a778],esi + * 13575393 8b35 80a71001 mov esi,dword ptr ds:[0x110a780] + * 13575399 8935 b0a71001 mov dword ptr ds:[0x110a7b0],esi + * 1357539f 8b35 84a71001 mov esi,dword ptr ds:[0x110a784] + * 135753a5 8b0d 7ca71001 mov ecx,dword ptr ds:[0x110a77c] + * 135753ab 813d 78a71001 00>cmp dword ptr ds:[0x110a778],0x0 + * 135753b5 c705 a8a71001 00>mov dword ptr ds:[0x110a7a8],0x0 + * 135753bf 8935 aca71001 mov dword ptr ds:[0x110a7ac],esi + * 135753c5 890d b4a71001 mov dword ptr ds:[0x110a7b4],ecx + * 135753cb 8915 b8a71001 mov dword ptr ds:[0x110a7b8],edx + * 135753d1 0f85 16000000 jnz 135753ed + * 135753d7 832d c4aa1001 0f sub dword ptr ds:[0x110aac4],0xf + * 135753de e9 e5010000 jmp 135755c8 + * 135753e3 01f0 add eax,esi + * 135753e5 90 nop + * 135753e6 8808 mov byte ptr ds:[eax],cl + * 135753e8 -e9 36acf3ef jmp 034b0023 + * 135753ed 832d c4aa1001 0f sub dword ptr ds:[0x110aac4],0xf + * 135753f4 e9 0b000000 jmp 13575404 + * 135753f9 0110 add dword ptr ds:[eax],edx + * 135753fb 8f ??? ; unknown command + * 135753fc 8808 mov byte ptr ds:[eax],cl + * 135753fe -e9 20acf3ef jmp 034b0023 + * 13575403 90 nop + * 13575404 77 0f ja short 13575415 + * 13575406 c705 a8aa1001 10>mov dword ptr ds:[0x110aaa8],0x8888f10 + * 13575410 -e9 efabf3ef jmp 034b0004 + * 13575415 8b35 a8a71001 mov esi,dword ptr ds:[0x110a7a8] + * 1357541b 33c0 xor eax,eax + * 1357541d 3b35 b0a71001 cmp esi,dword ptr ds:[0x110a7b0] + * 13575423 0f9cc0 setl al + * 13575426 8bf8 mov edi,eax + * 13575428 81ff 00000000 cmp edi,0x0 + * 1357542e 893d 74a71001 mov dword ptr ds:[0x110a774],edi + * 13575434 0f84 22000000 je 1357545c + * 1357543a 8b35 b4a71001 mov esi,dword ptr ds:[0x110a7b4] + * 13575440 8935 78a71001 mov dword ptr ds:[0x110a778],esi + * 13575446 832d c4aa1001 03 sub dword ptr ds:[0x110aac4],0x3 + * 1357544d c705 a8aa1001 2c>mov dword ptr ds:[0x110aaa8],0x8888f2c + * 13575457 -e9 c7abf3ef jmp 034b0023 + * 1357545c 832d c4aa1001 03 sub dword ptr ds:[0x110aac4],0x3 + * 13575463 e9 0c000000 jmp 13575474 + * 13575468 011c8f add dword ptr ds:[edi+ecx*4],ebx + * 1357546b 8808 mov byte ptr ds:[eax],cl + * 1357546d -e9 b1abf3ef jmp 034b0023 + * 13575472 90 nop + * 13575473 cc int3 + * 13575474 77 0f ja short 13575485 + * 13575476 c705 a8aa1001 1c>mov dword ptr ds:[0x110aaa8],0x8888f1c + * 13575480 -e9 7fabf3ef jmp 034b0004 + * 13575485 8b35 78a71001 mov esi,dword ptr ds:[0x110a778] + * 1357548b 8b05 b8a71001 mov eax,dword ptr ds:[0x110a7b8] + * 13575491 81e0 ffffff3f and eax,0x3fffffff + * 13575497 8bd6 mov edx,esi + * 13575499 8890 00004007 mov byte ptr ds:[eax+0x7400000],dl + * 1357549f 8b3d b4a71001 mov edi,dword ptr ds:[0x110a7b4] + * 135754a5 8d7f 01 lea edi,dword ptr ds:[edi+0x1] + * 135754a8 8b2d b8a71001 mov ebp,dword ptr ds:[0x110a7b8] + * 135754ae 8d6d 01 lea ebp,dword ptr ss:[ebp+0x1] + * 135754b1 813d 68a71001 00>cmp dword ptr ds:[0x110a768],0x0 + * 135754bb 893d b4a71001 mov dword ptr ds:[0x110a7b4],edi + * 135754c1 892d b8a71001 mov dword ptr ds:[0x110a7b8],ebp + * 135754c7 0f85 16000000 jnz 135754e3 + * 135754cd 832d c4aa1001 04 sub dword ptr ds:[0x110aac4],0x4 + * 135754d4 e9 23000000 jmp 135754fc + * 135754d9 01e4 add esp,esp + * 135754db 90 nop + * 135754dc 8808 mov byte ptr ds:[eax],cl + * 135754de -e9 40abf3ef jmp 034b0023 + * 135754e3 832d c4aa1001 04 sub dword ptr ds:[0x110aac4],0x4 + * 135754ea c705 a8aa1001 2c>mov dword ptr ds:[0x110aaa8],0x8888f2c + * 135754f4 -e9 2aabf3ef jmp 034b0023 + * 135754f9 90 nop + * 135754fa cc int3 + * 135754fb cc int3 + */ +namespace { // unnamed + +// Characters to ignore: [%0-9A-Z] +inline bool _5pbgarbage_ch(char c) +{ return c == '%' || c >= 'A' && c <= 'Z' || c >= '0' && c <= '9'; } + +// Trim leading garbage +LPCSTR _5pbltrim(LPCSTR p) +{ + enum { MAX_LENGTH = VNR_TEXT_CAPACITY }; + if (p) + for (int count = 0; *p && count < MAX_LENGTH; count++, p++) + if (!_5pbgarbage_ch(*p)) + return p; + return nullptr; +} + +// Trim trailing garbage +size_t _5pbstrlen(LPCSTR text) +{ + if (!text) + return 0; + size_t len = ::strlen(text), + ret = len; + while (len && _5pbgarbage_ch(text[len - 1])) { + len--; + if (text[len] == '%') // in case trim UTF-8 trailing bytes + ret = len; + } + return ret; +} + +} // unnamed namespace + +static void SpecialPSPHook5pb(hook_stack* stack, HookParam *hp, uintptr_t *data, uintptr_t *split, size_t*len) +{ + DWORD eax = stack->eax; + LPCSTR text = LPCSTR(eax + hp->user_value); + if (*text) { + text = _5pbltrim(text); + *data = (DWORD)text; + *len = _5pbstrlen(text); + *split = stack->ecx; + //*split = FIXED_SPLIT_VALUE; // there is only one thread, no split used + } +} + +bool Insert5pbPSPHook() +{ + ConsoleOutput("5pb PSP: enter"); + + const BYTE bytes[] = { + //0x90, // 135752c7 90 nop + 0x77, 0x0f, // 135752c8 77 0f ja short 135752d9 + 0xc7,0x05, XX8, // 135752ca c705 a8aa1001 d4>mov dword ptr ds:[0x110aaa8],0x8888ed4 + 0xe9, XX4, // 135752d4 -e9 2badf3ef jmp 034b0004 + 0x8b,0x35, XX4, // 135752d9 8b35 dca71001 mov esi,dword ptr ds:[0x110a7dc] + 0x8d,0x76, 0xa0, // 135752df 8d76 a0 lea esi,dword ptr ds:[esi-0x60] + 0x8b,0x3d, XX4, // 135752e2 8b3d e4a71001 mov edi,dword ptr ds:[0x110a7e4] + 0x8b,0xc6, // 135752e8 8bc6 mov eax,esi + 0x81,0xe0, 0xff,0xff,0xff,0x3f, // 135752ea 81e0 ffffff3f and eax,0x3fffffff + 0x89,0xb8, XX4, // 135752f0 89b8 1c004007 mov dword ptr ds:[eax+0x740001c],edi + 0x8b,0x2d, XX4, // 135752f6 8b2d bca71001 mov ebp,dword ptr ds:[0x110a7bc] + 0x8b,0xc6, // 135752fc 8bc6 mov eax,esi + 0x81,0xe0, 0xff,0xff,0xff,0x3f, // 135752fe 81e0 ffffff3f and eax,0x3fffffff + 0x89,0xa8, XX4, // 13575304 89a8 18004007 mov dword ptr ds:[eax+0x7400018],ebp + 0x8b,0x15, XX4, // 1357530a 8b15 b8a71001 mov edx,dword ptr ds:[0x110a7b8] + 0x8b,0xc6, // 13575310 8bc6 mov eax,esi + 0x81,0xe0, 0xff,0xff,0xff,0x3f, // 13575312 81e0 ffffff3f and eax,0x3fffffff + 0x89,0x90, XX4, // 13575318 8990 14004007 mov dword ptr ds:[eax+0x7400014],edx + 0x8b,0x0d, XX4, // 1357531e 8b0d b4a71001 mov ecx,dword ptr ds:[0x110a7b4] + 0x8b,0xc6, // 13575324 8bc6 mov eax,esi + 0x81,0xe0, 0xff,0xff,0xff,0x3f, // 13575326 81e0 ffffff3f and eax,0x3fffffff + 0x89,0x88, XX4, // 1357532c 8988 10004007 mov dword ptr ds:[eax+0x7400010],ecx + 0x8b,0x3d, XX4, // 13575332 8b3d b0a71001 mov edi,dword ptr ds:[0x110a7b0] + 0x8b,0xc6, // 13575338 8bc6 mov eax,esi + 0x81,0xe0, 0xff,0xff,0xff,0x3f, // 1357533a 81e0 ffffff3f and eax,0x3fffffff + 0x89,0xb8, XX4, // 13575340 89b8 0c004007 mov dword ptr ds:[eax+0x740000c],edi + 0x8b,0x3d, XX4, // 13575346 8b3d aca71001 mov edi,dword ptr ds:[0x110a7ac] + 0x8b,0xc6, // 1357534c 8bc6 mov eax,esi + 0x81,0xe0, 0xff,0xff,0xff,0x3f, // 1357534e 81e0 ffffff3f and eax,0x3fffffff + 0x89,0xb8, XX4, // 13575354 89b8 08004007 mov dword ptr ds:[eax+0x7400008],edi + 0x8b,0x3d, XX4, // 1357535a 8b3d a8a71001 mov edi,dword ptr ds:[0x110a7a8] + 0x8b,0xc6, // 13575360 8bc6 mov eax,esi + 0x81,0xe0, 0xff,0xff,0xff,0x3f, // 13575362 81e0 ffffff3f and eax,0x3fffffff + 0x89,0xb8, XX4, // 13575368 89b8 04004007 mov dword ptr ds:[eax+0x7400004],edi + 0x8b,0x15, XX4, // 1357536e 8b15 78a71001 mov edx,dword ptr ds:[0x110a778] + 0x89,0x35, XX4, // 13575374 8935 dca71001 mov dword ptr ds:[0x110a7dc],esi + 0x8b,0x05, XX4, // 1357537a 8b05 7ca71001 mov eax,dword ptr ds:[0x110a77c] + 0x81,0xe0, 0xff,0xff,0xff,0x3f, // 13575380 81e0 ffffff3f and eax,0x3fffffff + 0x0f,0xbe,0xb0 //, XX4 // 13575386 0fbeb0 00004007 movsx esi,byte ptr ds:[eax+0x7400000] ; jichi: hook here + }; + enum { memory_offset = 3 }; // 13575386 0fbeb0 00004007 movsx esi,byte ptr ds:[eax+0x7400000] + enum { addr_offset = sizeof(bytes) - memory_offset }; + + enum : DWORD { start = MemDbg::MappedMemoryStartAddress }; + DWORD stop = PPSSPP_VERSION[1] == 9 && PPSSPP_VERSION[2] == 8 ? MemDbg::MemoryStopAddress : 0x15000000; + DWORD addr = SafeMatchBytesInPSPMemory(bytes, sizeof(bytes), start, stop); + //GROWL_DWORD(addr); + auto succ=false; + if (!addr) + ConsoleOutput("5pb PSP: pattern not found"); + else { + HookParam hp; + hp.address = addr + addr_offset; + hp.user_value = *(DWORD *)(hp.address + memory_offset); + hp.text_fun = SpecialPSPHook5pb; + hp.type = USING_STRING|NO_CONTEXT; // no context is needed to get rid of variant retaddr + ConsoleOutput("5pb PSP: INSERT"); + succ|=NewHook(hp, "5pb PSP"); + } + + ConsoleOutput("5pb PSP: leave"); + return succ; +} + +/** 7/19/2014 jichi kid-game.co.jp PSP engine, 0,9.8, 0.9.9 + * Sample game: Monochrome + * + * Note: sceFontGetCharInfo, sceFontGetCharGlyphImage_Clip also works + * + * Debug method: breakpoint the memory address + * There are two matched memory address to the current text + * + * == Second run == + * 13973a7b 90 nop + * 13973a7c 77 0f ja short 13973a8d + * 13973a7e c705 a8aa1001 90>mov dword ptr ds:[0x110aaa8],0x885c290 + * 13973a88 -e9 77c5ecef jmp 03840004 + * 13973a8d 8b05 90a71001 mov eax,dword ptr ds:[0x110a790] + * 13973a93 81e0 ffffff3f and eax,0x3fffffff + * 13973a99 0fb6b0 00008007 movzx esi,byte ptr ds:[eax+0x7800000] + * 13973aa0 8b05 78a71001 mov eax,dword ptr ds:[0x110a778] + * 13973aa6 81e0 ffffff3f and eax,0x3fffffff + * 13973aac 0fb6b8 00008007 movzx edi,byte ptr ds:[eax+0x7800000] ; jichi: hook here + * 13973ab3 81fe 00000000 cmp esi,0x0 + * 13973ab9 c705 8ca71001 00>mov dword ptr ds:[0x110a78c],0x0 + * 13973ac3 893d 9ca71001 mov dword ptr ds:[0x110a79c],edi + * 13973ac9 8935 a0a71001 mov dword ptr ds:[0x110a7a0],esi + * 13973acf 0f85 16000000 jnz 13973aeb + * 13973ad5 832d c4aa1001 04 sub dword ptr ds:[0x110aac4],0x4 + * 13973adc c705 a8aa1001 d0>mov dword ptr ds:[0x110aaa8],0x885c2d0 + * 13973ae6 -e9 38c5ecef jmp 03840023 + * 13973aeb 832d c4aa1001 04 sub dword ptr ds:[0x110aac4],0x4 + * 13973af2 e9 0d000000 jmp 13973b04 + * 13973af7 01a0 c28508e9 add dword ptr ds:[eax+0xe90885c2],esp + * 13973afd 22c5 and al,ch + * 13973aff ec in al,dx ; i/o command + * 13973b00 ef out dx,eax ; i/o command + * 13973b01 90 nop + * 13973b02 cc int3 + * 13973b03 cc int3 + * + * == First run == + * 1087394a cc int3 + * 1087394b cc int3 + * 1087394c 77 0f ja short 1087395d + * 1087394e c705 a8aa1001 78>mov dword ptr ds:[0x110aaa8],0x885c278 + * 10873958 -e9 a7c6bff2 jmp 03470004 + * 1087395d 8b35 80d0da12 mov esi,dword ptr ds:[0x12dad080] + * 10873963 8bc6 mov eax,esi + * 10873965 81e0 ffffff3f and eax,0x3fffffff + * 1087396b 8bb8 0000000a mov edi,dword ptr ds:[eax+0xa000000] + * 10873971 81ff 00000000 cmp edi,0x0 + * 10873977 c705 70a71001 00>mov dword ptr ds:[0x110a770],0x8db0000 + * 10873981 c705 74a71001 00>mov dword ptr ds:[0x110a774],0x0 + * 1087398b 893d 90a71001 mov dword ptr ds:[0x110a790],edi + * 10873991 8935 94a71001 mov dword ptr ds:[0x110a794],esi + * 10873997 c705 98a71001 00>mov dword ptr ds:[0x110a798],0x0 + * 108739a1 0f85 16000000 jnz 108739bd + * 108739a7 832d c4aa1001 06 sub dword ptr ds:[0x110aac4],0x6 + * 108739ae e9 75c20100 jmp 1088fc28 + * 108739b3 0148 c3 add dword ptr ds:[eax-0x3d],ecx + * 108739b6 8508 test dword ptr ds:[eax],ecx + * 108739b8 -e9 66c6bff2 jmp 03470023 + * 108739bd 832d c4aa1001 06 sub dword ptr ds:[0x110aac4],0x6 + * 108739c4 e9 0b000000 jmp 108739d4 + * 108739c9 0190 c28508e9 add dword ptr ds:[eax+0xe90885c2],edx + * 108739cf 50 push eax + * 108739d0 c6 ??? ; unknown command + * 108739d1 bf f290770f mov edi,0xf7790f2 + * 108739d6 c705 a8aa1001 90>mov dword ptr ds:[0x110aaa8],0x885c290 + * 108739e0 -e9 1fc6bff2 jmp 03470004 + * 108739e5 8b05 90a71001 mov eax,dword ptr ds:[0x110a790] + * 108739eb 81e0 ffffff3f and eax,0x3fffffff + * 108739f1 0fb6b0 0000000a movzx esi,byte ptr ds:[eax+0xa000000] ; jichi: hook here + * 108739f8 8b05 78a71001 mov eax,dword ptr ds:[0x110a778] + * 108739fe 81e0 ffffff3f and eax,0x3fffffff + * 10873a04 0fb6b8 0000000a movzx edi,byte ptr ds:[eax+0xa000000] ; jichi: hook here + * 10873a0b 81fe 00000000 cmp esi,0x0 + * 10873a11 c705 8ca71001 00>mov dword ptr ds:[0x110a78c],0x0 + * 10873a1b 893d 9ca71001 mov dword ptr ds:[0x110a79c],edi + * 10873a21 8935 a0a71001 mov dword ptr ds:[0x110a7a0],esi + * 10873a27 0f85 16000000 jnz 10873a43 + * 10873a2d 832d c4aa1001 04 sub dword ptr ds:[0x110aac4],0x4 + * 10873a34 c705 a8aa1001 d0>mov dword ptr ds:[0x110aaa8],0x885c2d0 + * 10873a3e -e9 e0c5bff2 jmp 03470023 + * 10873a43 832d c4aa1001 04 sub dword ptr ds:[0x110aac4],0x4 + * 10873a4a e9 0d000000 jmp 10873a5c + * 10873a4f 01a0 c28508e9 add dword ptr ds:[eax+0xe90885c2],esp + * 10873a55 ca c5bf retf 0xbfc5 ; far return + * 10873a58 f2: prefix repne: ; superfluous prefix + * 10873a59 90 nop + * 10873a5a cc int3 + * 10873a5b cc int3 + */ +static void SpecialPSPHookKid(hook_stack* stack, HookParam *hp, uintptr_t *data, uintptr_t *split, size_t*len) +{ + DWORD eax = stack->eax; + LPCSTR text = LPCSTR(eax + hp->user_value); + static LPCSTR lasttext; // Prevent reading the same address multiple times + if (text != lasttext && *text) { + lasttext = text; + text = _5pbltrim(text); + *data = (DWORD)text; + *len = _5pbstrlen(text); + *split = stack->ecx; + } +} + +bool InsertKidPSPHook() +{ + ConsoleOutput("KID PSP: enter"); + + const BYTE bytes[] = { + //0x90, // 13973a7b 90 nop + 0x77, 0x0f, // 13973a7c 77 0f ja short 13973a8d + 0xc7,0x05, XX8, // 13973a7e c705 a8aa1001 90>mov dword ptr ds:[0x110aaa8],0x885c290 + 0xe9, XX4, // 13973a88 -e9 77c5ecef jmp 03840004 + 0x8b,0x05, XX4, // 13973a8d 8b05 90a71001 mov eax,dword ptr ds:[0x110a790] + 0x81,0xe0, 0xff,0xff,0xff,0x3f, // 13973a93 81e0 ffffff3f and eax,0x3fffffff + 0x0f,0xb6,0xb0, XX4, // 13973a99 0fb6b0 00008007 movzx esi,byte ptr ds:[eax+0x7800000] + 0x8b,0x05, XX4, // 13973aa0 8b05 78a71001 mov eax,dword ptr ds:[0x110a778] + 0x81,0xe0, 0xff,0xff,0xff,0x3f, // 13973aa6 81e0 ffffff3f and eax,0x3fffffff + 0x0f,0xb6,0xb8, XX4, // 13973aac 0fb6b8 00008007 movzx edi,byte ptr ds:[eax+0x7800000] ; jichi: hook here + 0x81,0xfe, 0x00,0x00,0x00,0x00 // 13973ab3 81fe 00000000 cmp esi,0x0 + }; + enum { memory_offset = 3 }; // 13973aac 0fb6b8 00008007 movzx edi,byte ptr ds:[eax+0x7800000] + enum { addr_offset = 0x13973aac - 0x13973a7c }; + auto succ=false; + DWORD addr = SafeMatchBytesInPSPMemory(bytes, sizeof(bytes)); + if (!addr) + ConsoleOutput("KID PSP: pattern not found"); + else { + HookParam hp; + hp.address = addr + addr_offset; + hp.user_value = *(DWORD *)(hp.address + memory_offset); + hp.text_fun = SpecialPSPHookKid; + hp.type = USING_STRING|NO_CONTEXT; // no context is needed to get rid of variant retaddr + + //HookParam hp; + //hp.address = addr + addr_offset; + //hp.user_value = *(DWORD *)(hp.address + memory_offset); + //hp.type = USING_STRING|USING_SPLIT|NO_CONTEXT; // Fix the split value to merge all threads + //hp.offset=get_reg(regs::eax); + //hp.split = get_reg(regs::ecx); + //hp.text_fun = SpecialPSPHook; + + ConsoleOutput("KID PSP: INSERT"); + succ|=NewHook(hp, "KID PSP"); + } + + ConsoleOutput("KID PSP: leave"); + return succ; +} + +/** 7/13/2014 jichi imageepoch.co.jp PSP engine, 0.9.8, 0.9.9 + * Sample game: BLACK�OCK SHOOTER + * + * Float memory addresses: two matches, UTF-8 + * + * 7/29/2014: seems to work on 0.9.9 + * + * Debug method: find current sentence, then find next sentence in the memory + * and add break-points + * + * 1346d34b f0:90 lock nop ; lock prefix is not allowed + * 1346d34d cc int3 + * 1346d34e cc int3 + * 1346d34f cc int3 + * 1346d350 77 0f ja short 1346d361 + * 1346d352 c705 a8aa1001 e4>mov dword ptr ds:[0x110aaa8],0x89609e4 + * 1346d35c -e9 a32c27f0 jmp 036e0004 + * 1346d361 8b05 78a71001 mov eax,dword ptr ds:[0x110a778] + * 1346d367 81e0 ffffff3f and eax,0x3fffffff + * 1346d36d 8bb0 00004007 mov esi,dword ptr ds:[eax+0x7400000] ; jichi: or hook here + * 1346d373 8b3d 78a71001 mov edi,dword ptr ds:[0x110a778] + * 1346d379 8bc6 mov eax,esi + * 1346d37b 81e0 ffffff3f and eax,0x3fffffff + * 1346d381 0fb6a8 00004007 movzx ebp,byte ptr ds:[eax+0x7400000] ; jichi: hook here + * 1346d388 8d56 01 lea edx,dword ptr ds:[esi+0x1] + * 1346d38b 8bc5 mov eax,ebp + * 1346d38d 0fbec8 movsx ecx,al + * 1346d390 8935 70a71001 mov dword ptr ds:[0x110a770],esi + * 1346d396 8bf5 mov esi,ebp + * 1346d398 81f9 00000000 cmp ecx,0x0 + * 1346d39e 892d 74a71001 mov dword ptr ds:[0x110a774],ebp + * 1346d3a4 8935 78a71001 mov dword ptr ds:[0x110a778],esi + * 1346d3aa 8915 7ca71001 mov dword ptr ds:[0x110a77c],edx + * 1346d3b0 890d 80a71001 mov dword ptr ds:[0x110a780],ecx + * 1346d3b6 893d 84a71001 mov dword ptr ds:[0x110a784],edi + * 1346d3bc 0f8d 16000000 jge 1346d3d8 + * 1346d3c2 832d c4aa1001 07 sub dword ptr ds:[0x110aac4],0x7 + * 1346d3c9 e9 22000000 jmp 1346d3f0 + * 1346d3ce 010c0a add dword ptr ds:[edx+ecx],ecx + * 1346d3d1 96 xchg eax,esi + * 1346d3d2 08e9 or cl,ch + * 1346d3d4 4b dec ebx + * 1346d3d5 2c 27 sub al,0x27 + * 1346d3d7 f0:832d c4aa1001>lock sub dword ptr ds:[0x110aac4],0x7 ; lock prefix + * 1346d3df e9 bc380000 jmp 13470ca0 + * 1346d3e4 0100 add dword ptr ds:[eax],eax + * 1346d3e6 0a96 08e9352c or dl,byte ptr ds:[esi+0x2c35e908] + * 1346d3ec 27 daa + * 1346d3ed f0:90 lock nop ; lock prefix is not allowed + * 1346d3ef cc int3 + */ +static void SpecialPSPHookImageepoch(hook_stack* stack, HookParam *hp, uintptr_t *data, uintptr_t *split, size_t*len) +{ + // 7/25/2014: I tried using uniquemap to eliminate duplication, which does not work + DWORD eax = stack->eax; + DWORD text = eax + hp->user_value; + static DWORD lasttext; // Prevent reading the same address multiple times + if (text != lasttext && *(LPCSTR)text) { + *data = lasttext = text; + *len = ::strlen((LPCSTR)text); // UTF-8 is null-terminated + *split = stack->ecx; // use ecx = "this" to split? + } +} + +bool InsertImageepochPSPHook() +{ + ConsoleOutput("Imageepoch PSP: enter"); + + const BYTE bytes[] = { + //0xcc, // 1346d34f cc int3 + 0x77, 0x0f, // 1346d350 77 0f ja short 1346d361 + 0xc7,0x05, XX8, // 1346d352 c705 a8aa1001 e4>mov dword ptr ds:[0x110aaa8],0x89609e4 + 0xe9, XX4, // 1346d35c -e9 a32c27f0 jmp 036e0004 + 0x8b,0x05, XX4, // 1346d361 8b05 78a71001 mov eax,dword ptr ds:[0x110a778] + 0x81,0xe0, 0xff,0xff,0xff,0x3f, // 1346d367 81e0 ffffff3f and eax,0x3fffffff + 0x8b,0xb0, XX4, // 1346d36d 8bb0 00004007 mov esi,dword ptr ds:[eax+0x7400000] ; jichi: or hook here + 0x8b,0x3d, XX4, // 1346d373 8b3d 78a71001 mov edi,dword ptr ds:[0x110a778] + 0x8b,0xc6, // 1346d379 8bc6 mov eax,esi + 0x81,0xe0, 0xff,0xff,0xff,0x3f, // 1346d37b 81e0 ffffff3f and eax,0x3fffffff + 0x0f,0xb6,0xa8, XX4, // 1346d381 0fb6a8 00004007 movzx ebp,byte ptr ds:[eax+0x7400000] ; jichi: hook here + 0x8d,0x56, 0x01, // 1346d388 8d56 01 lea edx,dword ptr ds:[esi+0x1] + 0x8b,0xc5, // 1346d38b 8bc5 mov eax,ebp + 0x0f,0xbe,0xc8 // 1346d38d 0fbec8 movsx ecx,al + }; + enum { memory_offset = 3 }; // 1346d381 0fb6a8 00004007 movzx ebp,byte ptr ds:[eax+0x7400000] + enum { addr_offset = 0x1346d381 - 0x1346d350 }; + //enum { addr_offset = sizeof(bytes) - memory_offset }; + auto succ=false; + DWORD addr = SafeMatchBytesInPSPMemory(bytes, sizeof(bytes)); + if (!addr) + ConsoleOutput("Imageepoch PSP: pattern not found"); + else { + HookParam hp; + hp.address = addr + addr_offset; + hp.user_value = *(DWORD *)(hp.address + memory_offset); + hp.type = USING_STRING|USING_SPLIT|NO_CONTEXT; // UTF-8, though + hp.offset=get_reg(regs::eax); + hp.split = get_reg(regs::ecx); + //hp.text_fun = SpecialPSPHook; + hp.text_fun = SpecialPSPHookImageepoch; // since this function is common, use its own static lasttext for HPF_IgnoreSameAddress + ConsoleOutput("Imageepoch PSP: INSERT"); + succ|=NewHook(hp, "Imageepoch PSP"); + } + + ConsoleOutput("Imageepoch PSP: leave"); + return succ; +} + +/** 7/20/2014 jichi alchemist-net.co.jp PSP engine, 0.9.8, 0.9.9 + * An alternative alchemist hook for old alchemist games. + * Sample game: のーふぁ�と (No Fate) + * The memory address is fixed. + * + * Also work on 0.9.9 Otoboku PSP + * + * Debug method: simply add hardware break points to the matched memory + * + * Two candidate functions are seems OK. + * + * Instruction pattern: 81e580808080 // and ebp,0x80808080 + * + * 0.9.8 のーふぁ�と + * 13400ef3 90 nop + * 13400ef4 77 0f ja short 13400f05 + * 13400ef6 c705 a8aa1001 d0>mov dword ptr ds:[0x110aaa8],0x889aad0 + * 13400f00 -e9 fff050f0 jmp 03910004 + * 13400f05 8b35 78a71001 mov esi,dword ptr ds:[0x110a778] + * 13400f0b 8bc6 mov eax,esi + * 13400f0d 81e0 ffffff3f and eax,0x3fffffff + * 13400f13 8bb8 00004007 mov edi,dword ptr ds:[eax+0x7400000] ; jichi + * 13400f19 8bef mov ebp,edi + * 13400f1b 81ed 01010101 sub ebp,0x1010101 + * 13400f21 f7d7 not edi + * 13400f23 23ef and ebp,edi + * 13400f25 81e5 80808080 and ebp,0x80808080 + * 13400f2b 81fd 00000000 cmp ebp,0x0 + * 13400f31 c705 78a71001 80>mov dword ptr ds:[0x110a778],0x80808080 + * 13400f3b c705 7ca71001 01>mov dword ptr ds:[0x110a77c],0x1010101 + * 13400f45 8935 80a71001 mov dword ptr ds:[0x110a780],esi + * 13400f4b 892d 88a71001 mov dword ptr ds:[0x110a788],ebp + * 13400f51 0f84 22000000 je 13400f79 + * 13400f57 8b35 80a71001 mov esi,dword ptr ds:[0x110a780] + * 13400f5d 8935 78a71001 mov dword ptr ds:[0x110a778],esi + * 13400f63 832d c4aa1001 0c sub dword ptr ds:[0x110aac4],0xc + * 13400f6a e9 35ba0000 jmp 1340c9a4 + * 13400f6f 0124ab add dword ptr ds:[ebx+ebp*4],esp + * 13400f72 8908 mov dword ptr ds:[eax],ecx + * 13400f74 -e9 aaf050f0 jmp 03910023 + * 13400f79 832d c4aa1001 0c sub dword ptr ds:[0x110aac4],0xc + * 13400f80 e9 0b000000 jmp 13400f90 + * 13400f85 0100 add dword ptr ds:[eax],eax + * 13400f87 ab stos dword ptr es:[edi] + * 13400f88 8908 mov dword ptr ds:[eax],ecx + * 13400f8a -e9 94f050f0 jmp 03910023 + * 13400f8f 90 nop + */ + +static void SpecialPSPHookAlchemist2(hook_stack* stack, HookParam *hp, uintptr_t *data, uintptr_t *split, size_t*len) +{ + DWORD eax = stack->eax; + LPCSTR text = LPCSTR(eax + hp->user_value); + if (*text && !_alchemistgarbage(text)) { + *data = (DWORD)text; + *len = ::strlen(text); + *split = stack->ecx; + } +} + +bool InsertAlchemist2PSPHook() +{ + ConsoleOutput("Alchemist2 PSP: enter"); + const BYTE bytes[] = { + 0x77, 0x0f, // 13400ef4 77 0f ja short 13400f05 + 0xc7,0x05, XX8, // 13400ef6 c705 a8aa1001 d0>mov dword ptr ds:[0x110aaa8],0x889aad0 + 0xe9, XX4, // 13400f00 -e9 fff050f0 jmp 03910004 + 0x8b,0x35, XX4, // 13400f05 8b35 78a71001 mov esi,dword ptr ds:[0x110a778] + 0x8b,0xc6, // 13400f0b 8bc6 mov eax,esi + 0x81,0xe0, 0xff,0xff,0xff,0x3f, // 13400f0d 81e0 ffffff3f and eax,0x3fffffff + 0x8b,0xb8, XX4, // 13400f13 8bb8 00004007 mov edi,dword ptr ds:[eax+0x7400000] ; jichi: hook here + 0x8b,0xef, // 13400f19 8bef mov ebp,edi + 0x81,0xed, 0x01,0x01,0x01,0x01, // 13400f1b 81ed 01010101 sub ebp,0x1010101 + 0xf7,0xd7, // 13400f21 f7d7 not edi + 0x23,0xef, // 13400f23 23ef and ebp,edi + 0x81,0xe5, 0x80,0x80,0x80,0x80, // 13400f25 81e5 80808080 and ebp,0x80808080 + 0x81,0xfd, 0x00,0x00,0x00,0x00 // 13400f2b 81fd 00000000 cmp ebp,0x0 + }; + enum { memory_offset = 2 }; // 13400f13 8bb8 00004007 mov edi,dword ptr ds:[eax+0x7400000] + enum { addr_offset = 0x13400f13 - 0x13400ef4 }; + auto succ=false; + DWORD addr = SafeMatchBytesInPSPMemory(bytes, sizeof(bytes)); + //GROWL_DWORD(addr); + if (!addr) + ConsoleOutput("Alchemist2 PSP: pattern not found"); + else { + HookParam hp; + hp.address = addr + addr_offset; + hp.user_value = *(DWORD *)(hp.address + memory_offset); + hp.text_fun = SpecialPSPHookAlchemist2; + hp.type = USING_STRING|NO_CONTEXT; // no context is needed to get rid of variant retaddr + ConsoleOutput("Alchemist2 PSP: INSERT"); + succ|=NewHook(hp, "Alchemist2 PSP"); + } + + ConsoleOutput("Alchemist2 PSP: leave"); + return succ; +} + +/** 7/19/2014 jichi CYBERFRONT PSP engine, 0,9.8, 0.9.9 + * Sample game: 想�かけ�クローストゥ (0.9.9) + * + * Debug method: breakpoint the memory address + * There are two matched memory address to the current text + * + * The second is used. + * The #1 is missing text. + * + * #1 The text is written word by word + * + * 0ed8be86 90 nop + * 0ed8be87 cc int3 + * 0ed8be88 77 0f ja short 0ed8be99 + * 0ed8be8a c705 c84c1301 dc>mov dword ptr ds:[0x1134cc8],0x88151dc + * 0ed8be94 -e9 6b41b4f4 jmp 038d0004 + * 0ed8be99 8b35 cc491301 mov esi,dword ptr ds:[0x11349cc] + * 0ed8be9f 8d76 02 lea esi,dword ptr ds:[esi+0x2] + * 0ed8bea2 8b3d 94491301 mov edi,dword ptr ds:[0x1134994] + * 0ed8bea8 8b05 d0491301 mov eax,dword ptr ds:[0x11349d0] + * 0ed8beae 81e0 ffffff3f and eax,0x3fffffff + * 0ed8beb4 8bd7 mov edx,edi + * 0ed8beb6 8890 00008009 mov byte ptr ds:[eax+0x9800000],dl ; jichi: hook here, write text here + * 0ed8bebc 8b05 c8491301 mov eax,dword ptr ds:[0x11349c8] + * 0ed8bec2 81e0 ffffff3f and eax,0x3fffffff + * 0ed8bec8 0fb6a8 00008009 movzx ebp,byte ptr ds:[eax+0x9800000] + * 0ed8becf 8b05 d0491301 mov eax,dword ptr ds:[0x11349d0] + * 0ed8bed5 81e0 ffffff3f and eax,0x3fffffff + * 0ed8bedb 8bd5 mov edx,ebp + * 0ed8bedd 8890 01008009 mov byte ptr ds:[eax+0x9800001],dl + * 0ed8bee3 8b15 d0491301 mov edx,dword ptr ds:[0x11349d0] + * 0ed8bee9 8d52 02 lea edx,dword ptr ds:[edx+0x2] + * 0ed8beec 892d 90491301 mov dword ptr ds:[0x1134990],ebp + * 0ed8bef2 8935 cc491301 mov dword ptr ds:[0x11349cc],esi + * 0ed8bef8 8915 d0491301 mov dword ptr ds:[0x11349d0],edx + * 0ed8befe 832d e44c1301 06 sub dword ptr ds:[0x1134ce4],0x6 + * 0ed8bf05 e9 0e000000 jmp 0ed8bf18 + * 0ed8bf0a 013451 add dword ptr ds:[ecx+edx*2],esi + * 0ed8bf0d 8108 e90f41b4 or dword ptr ds:[eax],0xb4410fe9 + * 0ed8bf13 f4 hlt ; privileged command + * 0ed8bf14 90 nop + * 0ed8bf15 cc int3 + * + * #2 The text is read + * + * Issue: the text is read multiple times. + * Only esp > 0xfff is kept. + * + * 0ed8cf13 90 nop + * 0ed8cf14 77 0f ja short 0ed8cf25 + * 0ed8cf16 c705 c84c1301 b8>mov dword ptr ds:[0x1134cc8],0x888d1b8 + * 0ed8cf20 -e9 df30b4f4 jmp 038d0004 + * 0ed8cf25 8b05 98491301 mov eax,dword ptr ds:[0x1134998] + * 0ed8cf2b 81e0 ffffff3f and eax,0x3fffffff + * 0ed8cf31 0fb6b0 00008009 movzx esi,byte ptr ds:[eax+0x9800000] ; jichi: hook here + * 0ed8cf38 81fe 00000000 cmp esi,0x0 + * 0ed8cf3e 8935 90491301 mov dword ptr ds:[0x1134990],esi + * 0ed8cf44 0f85 2f000000 jnz 0ed8cf79 + * 0ed8cf4a 8b05 9c491301 mov eax,dword ptr ds:[0x113499c] + * 0ed8cf50 81e0 ffffff3f and eax,0x3fffffff + * 0ed8cf56 0fbeb0 00008009 movsx esi,byte ptr ds:[eax+0x9800000] + * 0ed8cf5d 8935 90491301 mov dword ptr ds:[0x1134990],esi + * 0ed8cf63 832d e44c1301 03 sub dword ptr ds:[0x1134ce4],0x3 + * 0ed8cf6a c705 c84c1301 18>mov dword ptr ds:[0x1134cc8],0x888d218 + * 0ed8cf74 -e9 aa30b4f4 jmp 038d0023 + * 0ed8cf79 832d e44c1301 03 sub dword ptr ds:[0x1134ce4],0x3 + * 0ed8cf80 e9 0b000000 jmp 0ed8cf90 + * 0ed8cf85 01c4 add esp,eax + * 0ed8cf87 d188 08e99430 ror dword ptr ds:[eax+0x3094e908],1 + * 0ed8cf8d b4 f4 mov ah,0xf4 + * 0ed8cf8f 90 nop + */ + +static void SpecialPSPHookCyberfront(hook_stack* stack, HookParam *hp, uintptr_t *data, uintptr_t *split, size_t*len) +{ + DWORD splitvalue = stack->edi; + if (splitvalue < 0x0fff) + return; + DWORD eax = stack->eax; + LPCSTR text = LPCSTR(eax + hp->user_value); + if (*text) { + *data = (DWORD)text; + *len = ::strlen(text); + *split = splitvalue; + } +} +bool InsertCyberfrontPSPHook() +{ + ConsoleOutput("CYBERFRONT PSP: enter"); + + const BYTE bytes[] = { + // 0ed8cf13 90 nop + 0x77, 0x0f, // 0ed8cf14 77 0f ja short 0ed8cf25 + 0xc7,0x05, XX8, // 0ed8cf16 c705 c84c1301 b8>mov dword ptr ds:[0x1134cc8],0x888d1b8 + 0xe9, XX4, // 0ed8cf20 -e9 df30b4f4 jmp 038d0004 + 0x8b,0x05, XX4, // 0ed8cf25 8b05 98491301 mov eax,dword ptr ds:[0x1134998] + 0x81,0xe0, 0xff,0xff,0xff,0x3f, // 0ed8cf2b 81e0 ffffff3f and eax,0x3fffffff + 0x0f,0xb6,0xb0, XX4, // 0ed8cf31 0fb6b0 00008009 movzx esi,byte ptr ds:[eax+0x9800000] ; jichi: hook here + 0x81,0xfe, 0x00,0x00,0x00,0x00, // 0ed8cf38 81fe 00000000 cmp esi,0x0 + 0x89,0x35, XX4, // 0ed8cf3e 8935 90491301 mov dword ptr ds:[0x1134990],esi + 0x0f,0x85, 0x2f,0x00,0x00,0x00, // 0ed8cf44 0f85 2f000000 jnz 0ed8cf79 + 0x8b,0x05, XX4, // 0ed8cf4a 8b05 9c491301 mov eax,dword ptr ds:[0x113499c] + 0x81,0xe0, 0xff,0xff,0xff,0x3f, // 0ed8cf50 81e0 ffffff3f and eax,0x3fffffff + 0x0f,0xbe,0xb0, XX4, // 0ed8cf56 0fbeb0 00008009 movsx esi,byte ptr ds:[eax+0x9800000] + 0x89,0x35, XX4, // 0ed8cf5d 8935 90491301 mov dword ptr ds:[0x1134990],esi + 0x83,0x2d, XX4, 0x03, // 0ed8cf63 832d e44c1301 03 sub dword ptr ds:[0x1134ce4],0x3 + 0xc7,0x05 //, XX8 // 0ed8cf6a c705 c84c1301 18>mov dword ptr ds:[0x1134cc8],0x888d218 + }; + enum { memory_offset = 3 }; // 13909a51 8890 00008007 mov byte ptr ds:[eax+0x7800000],dl + enum { addr_offset = 0x0ed8cf31 - 0x0ed8cf14 }; + auto succ=false; + DWORD addr = SafeMatchBytesInPSPMemory(bytes, sizeof(bytes)); + //GROWL_DWORD(addr); + if (!addr) + ConsoleOutput("CYBERFRONT PSP: pattern not found"); + else { + HookParam hp; + hp.address = addr + addr_offset; + hp.user_value = *(DWORD *)(hp.address + memory_offset); + hp.type = USING_STRING|USING_SPLIT|NO_CONTEXT; + //hp.offset=get_reg(regs::eax); + hp.text_fun = SpecialPSPHookCyberfront; + ConsoleOutput("CYBERFRONT PSP: INSERT"); + succ|=NewHook(hp, "CYBERFRONT PSP"); + } + + ConsoleOutput("CYBERFRONT PSP: leave"); + return succ; +} + + +/** 7/19/2014 jichi yetigame.jp PSP engine, 0.9.8, 0.9.9 + * Sample game: Secret Game Portable 0.9.8/0.9.9 + * + * Float memory addresses: two matches + * + * Debug method: find current sentence, then find next sentence in the memory + * and add break-points. Need to patch 1 leading \u3000 space. + * + * It seems that each time I ran the game, the instruction pattern would change?! + * == The second time I ran the game == + * + * 14e49ed9 90 nop + * 14e49eda cc int3 + * 14e49edb cc int3 + * 14e49edc 77 0f ja short 14e49eed + * 14e49ede c705 a8aa1001 98>mov dword ptr ds:[0x110aaa8],0x885ff98 + * 14e49ee8 -e9 17619eee jmp 03830004 + * 14e49eed 8b35 70a71001 mov esi,dword ptr ds:[0x110a770] + * 14e49ef3 c1ee 1f shr esi,0x1f + * 14e49ef6 8b05 b4a71001 mov eax,dword ptr ds:[0x110a7b4] + * 14e49efc 81e0 ffffff3f and eax,0x3fffffff + * 14e49f02 8bb8 14deff07 mov edi,dword ptr ds:[eax+0x7ffde14] + * 14e49f08 0335 70a71001 add esi,dword ptr ds:[0x110a770] + * 14e49f0e d1fe sar esi,1 + * 14e49f10 8b05 b0a71001 mov eax,dword ptr ds:[0x110a7b0] + * 14e49f16 81e0 ffffff3f and eax,0x3fffffff + * 14e49f1c 89b8 00000008 mov dword ptr ds:[eax+0x8000000],edi + * 14e49f22 8b05 dca71001 mov eax,dword ptr ds:[0x110a7dc] + * 14e49f28 81e0 ffffff3f and eax,0x3fffffff + * 14e49f2e 89b0 30000008 mov dword ptr ds:[eax+0x8000030],esi + * 14e49f34 8b05 b4a71001 mov eax,dword ptr ds:[0x110a7b4] + * 14e49f3a 81e0 ffffff3f and eax,0x3fffffff + * 14e49f40 8ba8 14deff07 mov ebp,dword ptr ds:[eax+0x7ffde14] + * 14e49f46 8bc5 mov eax,ebp + * 14e49f48 81e0 ffffff3f and eax,0x3fffffff + * 14e49f4e 0fb6b0 00000008 movzx esi,byte ptr ds:[eax+0x8000000] ; jichi: hook here + * 14e49f55 8d6d 01 lea ebp,dword ptr ss:[ebp+0x1] + * 14e49f58 8b05 b4a71001 mov eax,dword ptr ds:[0x110a7b4] + * + * == The first time I ran the game == + * There are a couple of good break-points, as follows. + * Only the second function is hooked. + * + * 138cf7a2 cc int3 + * 138cf7a3 cc int3 + * 138cf7a4 77 0f ja short 138cf7b5 + * 138cf7a6 c705 a8aa1001 90>mov dword ptr ds:[0x110aaa8],0x885ff90 + * 138cf7b0 -e9 4f08a9f3 jmp 07360004 + * 138cf7b5 8b05 b4a71001 mov eax,dword ptr ds:[0x110a7b4] + * 138cf7bb 81e0 ffffff3f and eax,0x3fffffff + * 138cf7c1 8bb0 14de7f07 mov esi,dword ptr ds:[eax+0x77fde14] + * 138cf7c7 8935 78a71001 mov dword ptr ds:[0x110a778],esi + * 138cf7cd c705 e4a71001 98>mov dword ptr ds:[0x110a7e4],0x885ff98 + * 138cf7d7 832d c4aa1001 02 sub dword ptr ds:[0x110aac4],0x2 + * 138cf7de e9 0d000000 jmp 138cf7f0 + * 138cf7e3 015c48 85 add dword ptr ds:[eax+ecx*2-0x7b],ebx + * 138cf7e7 08e9 or cl,ch + * 138cf7e9 36:08a9 f390cccc or byte ptr ss:[ecx+0xcccc90f3],ch + * 138cf7f0 77 0f ja short 138cf801 + * 138cf7f2 c705 a8aa1001 5c>mov dword ptr ds:[0x110aaa8],0x885485c + * 138cf7fc -e9 0308a9f3 jmp 07360004 + * 138cf801 8b05 78a71001 mov eax,dword ptr ds:[0x110a778] + * 138cf807 81e0 ffffff3f and eax,0x3fffffff + * 138cf80d 0fb6b0 00008007 movzx esi,byte ptr ds:[eax+0x7800000] ; jichi: hook here + * 138cf814 81fe 00000000 cmp esi,0x0 + * 138cf81a 8935 74a71001 mov dword ptr ds:[0x110a774],esi + * 138cf820 c705 80a71001 00>mov dword ptr ds:[0x110a780],0x0 + * 138cf82a c705 84a71001 25>mov dword ptr ds:[0x110a784],0x25 + * 138cf834 c705 88a71001 4e>mov dword ptr ds:[0x110a788],0x4e + * 138cf83e c705 8ca71001 6e>mov dword ptr ds:[0x110a78c],0x6e + * 138cf848 0f85 16000000 jnz 138cf864 + * 138cf84e 832d c4aa1001 06 sub dword ptr ds:[0x110aac4],0x6 + * 138cf855 e9 b6010000 jmp 138cfa10 + * 138cf85a 01bc48 8508e9bf add dword ptr ds:[eax+ecx*2+0xbfe90885],> + * 138cf861 07 pop es ; modification of segment register + * 138cf862 a9 f3832dc4 test eax,0xc42d83f3 + * 138cf867 aa stos byte ptr es:[edi] + * 138cf868 1001 adc byte ptr ds:[ecx],al + * 138cf86a 06 push es + * 138cf86b e9 0c000000 jmp 138cf87c + * 138cf870 017448 85 add dword ptr ds:[eax+ecx*2-0x7b],esi + * 138cf874 08e9 or cl,ch + * 138cf876 a9 07a9f390 test eax,0x90f3a907 + * 138cf87b cc int3 + * + * This function is used. + * 138cfa46 cc int3 + * 138cfa47 cc int3 + * 138cfa48 77 0f ja short 138cfa59 + * 138cfa4a c705 a8aa1001 98>mov dword ptr ds:[0x110aaa8],0x885ff98 + * 138cfa54 -e9 ab05a9f3 jmp 07360004 + * 138cfa59 8b35 70a71001 mov esi,dword ptr ds:[0x110a770] + * 138cfa5f c1ee 1f shr esi,0x1f + * 138cfa62 8b05 b4a71001 mov eax,dword ptr ds:[0x110a7b4] + * 138cfa68 81e0 ffffff3f and eax,0x3fffffff + * 138cfa6e 8bb8 14de7f07 mov edi,dword ptr ds:[eax+0x77fde14] + * 138cfa74 0335 70a71001 add esi,dword ptr ds:[0x110a770] + * 138cfa7a d1fe sar esi,1 + * 138cfa7c 8b05 b0a71001 mov eax,dword ptr ds:[0x110a7b0] + * 138cfa82 81e0 ffffff3f and eax,0x3fffffff + * 138cfa88 89b8 00008007 mov dword ptr ds:[eax+0x7800000],edi + * 138cfa8e 8b05 dca71001 mov eax,dword ptr ds:[0x110a7dc] + * 138cfa94 81e0 ffffff3f and eax,0x3fffffff + * 138cfa9a 89b0 30008007 mov dword ptr ds:[eax+0x7800030],esi + * 138cfaa0 8b05 b4a71001 mov eax,dword ptr ds:[0x110a7b4] + * 138cfaa6 81e0 ffffff3f and eax,0x3fffffff + * 138cfaac 8ba8 14de7f07 mov ebp,dword ptr ds:[eax+0x77fde14] + * 138cfab2 8bc5 mov eax,ebp + * 138cfab4 81e0 ffffff3f and eax,0x3fffffff + * 138cfaba 0fb6b0 00008007 movzx esi,byte ptr ds:[eax+0x7800000] ; jichi: hook here + * 138cfac1 8d6d 01 lea ebp,dword ptr ss:[ebp+0x1] + * 138cfac4 8b05 b4a71001 mov eax,dword ptr ds:[0x110a7b4] + * 138cfaca 81e0 ffffff3f and eax,0x3fffffff + * 138cfad0 89a8 14de7f07 mov dword ptr ds:[eax+0x77fde14],ebp + * 138cfad6 81fe 00000000 cmp esi,0x0 + * 138cfadc 892d 70a71001 mov dword ptr ds:[0x110a770],ebp + * 138cfae2 8935 74a71001 mov dword ptr ds:[0x110a774],esi + * 138cfae8 893d aca71001 mov dword ptr ds:[0x110a7ac],edi + * 138cfaee 0f84 16000000 je 138cfb0a + * 138cfaf4 832d c4aa1001 0b sub dword ptr ds:[0x110aac4],0xb + * 138cfafb e9 24000000 jmp 138cfb24 + * 138cfb00 01b0 ff8508e9 add dword ptr ds:[eax+0xe90885ff],esi + * 138cfb06 1905 a9f3832d sbb dword ptr ds:[0x2d83f3a9],eax + * 138cfb0c c4aa 10010be9 les ebp,fword ptr ds:[edx+0xe90b0110] ; modification of segment register + * 138cfb12 9a 00000001 c4ff call far ffc4:01000000 ; far call + * 138cfb19 8508 test dword ptr ds:[eax],ecx + * 138cfb1b -e9 0305a9f3 jmp 07360023 + * 138cfb20 90 nop + * 138cfb21 cc int3 + * 138cfb22 cc int3 + * + * 138cfb22 cc int3 + * 138cfb23 cc int3 + * 138cfb24 77 0f ja short 138cfb35 + * 138cfb26 c705 a8aa1001 b0>mov dword ptr ds:[0x110aaa8],0x885ffb0 + * 138cfb30 -e9 cf04a9f3 jmp 07360004 + * 138cfb35 8b05 b4a71001 mov eax,dword ptr ds:[0x110a7b4] + * 138cfb3b 81e0 ffffff3f and eax,0x3fffffff + * 138cfb41 8bb0 14de7f07 mov esi,dword ptr ds:[eax+0x77fde14] + * 138cfb47 8bc6 mov eax,esi + * 138cfb49 81e0 ffffff3f and eax,0x3fffffff + * 138cfb4f 0fb6b8 00008007 movzx edi,byte ptr ds:[eax+0x7800000] ; jichi: hook here + * 138cfb56 8d76 01 lea esi,dword ptr ds:[esi+0x1] + * 138cfb59 8b05 b4a71001 mov eax,dword ptr ds:[0x110a7b4] + * 138cfb5f 81e0 ffffff3f and eax,0x3fffffff + * 138cfb65 89b0 14de7f07 mov dword ptr ds:[eax+0x77fde14],esi + * 138cfb6b 81ff 00000000 cmp edi,0x0 + * 138cfb71 8935 70a71001 mov dword ptr ds:[0x110a770],esi + * 138cfb77 893d 74a71001 mov dword ptr ds:[0x110a774],edi + * 138cfb7d 0f84 16000000 je 138cfb99 + * 138cfb83 832d c4aa1001 05 sub dword ptr ds:[0x110aac4],0x5 + * 138cfb8a ^e9 95ffffff jmp 138cfb24 + * 138cfb8f 01b0 ff8508e9 add dword ptr ds:[eax+0xe90885ff],esi + * 138cfb95 8a04a9 mov al,byte ptr ds:[ecx+ebp*4] + * 138cfb98 f3: prefix rep: ; superfluous prefix + * 138cfb99 832d c4aa1001 05 sub dword ptr ds:[0x110aac4],0x5 + * 138cfba0 e9 0b000000 jmp 138cfbb0 + * 138cfba5 01c4 add esp,eax + * 138cfba7 ff85 08e97404 inc dword ptr ss:[ebp+0x474e908] + * 138cfbad a9 f390770f test eax,0xf7790f3 + * 138cfbb2 c705 a8aa1001 c4>mov dword ptr ds:[0x110aaa8],0x885ffc4 + * 138cfbbc -e9 4304a9f3 jmp 07360004 + * 138cfbc1 f3:0f1015 6c1609>movss xmm2,dword ptr ds:[0x1009166c] + * 138cfbc9 8b05 b0a71001 mov eax,dword ptr ds:[0x110a7b0] + * 138cfbcf 81e0 ffffff3f and eax,0x3fffffff + * 138cfbd5 8bb0 00008007 mov esi,dword ptr ds:[eax+0x7800000] + * 138cfbdb f3:0f101d 641609>movss xmm3,dword ptr ds:[0x10091664] + * 138cfbe3 c7c7 00000000 mov edi,0x0 + * 138cfbe9 893d f4b12b11 mov dword ptr ds:[0x112bb1f4],edi + * 138cfbef 8bc6 mov eax,esi + * 138cfbf1 81e0 ffffff3f and eax,0x3fffffff + * 138cfbf7 0fb6a8 00008007 movzx ebp,byte ptr ds:[eax+0x7800000] ; jichi: hook here + * 138cfbfe 81fd 00000000 cmp ebp,0x0 + * 138cfc04 c705 70a71001 00>mov dword ptr ds:[0x110a770],0x9ac0000 + * 138cfc0e c705 74a71001 00>mov dword ptr ds:[0x110a774],0x8890000 + * 138cfc18 892d a8a71001 mov dword ptr ds:[0x110a7a8],ebp + * 138cfc1e 8935 aca71001 mov dword ptr ds:[0x110a7ac],esi + * 138cfc24 c705 b4a71001 00>mov dword ptr ds:[0x110a7b4],0x8890000 + * 138cfc2e c705 b8a71001 80>mov dword ptr ds:[0x110a7b8],0x80 + * 138cfc38 c705 bca71001 00>mov dword ptr ds:[0x110a7bc],0x0 + * 138cfc42 c705 e0a71001 00>mov dword ptr ds:[0x110a7e0],0x0 + * 138cfc4c f3:0f111d 3ca810>movss dword ptr ds:[0x110a83c],xmm3 + * 138cfc54 f3:0f1115 40a810>movss dword ptr ds:[0x110a840],xmm2 + * 138cfc5c 0f85 16000000 jnz 138cfc78 + * 138cfc62 832d c4aa1001 0d sub dword ptr ds:[0x110aac4],0xd + * 138cfc69 e9 32270000 jmp 138d23a0 + * 138cfc6e 0158 00 add dword ptr ds:[eax],ebx + * 138cfc71 8608 xchg byte ptr ds:[eax],cl + * 138cfc73 -e9 ab03a9f3 jmp 07360023 + * 138cfc78 832d c4aa1001 0d sub dword ptr ds:[0x110aac4],0xd + * 138cfc7f e9 0c000000 jmp 138cfc90 + * 138cfc84 01f8 add eax,edi + * 138cfc86 ff85 08e99503 inc dword ptr ss:[ebp+0x395e908] + * 138cfc8c a9 f390cc77 test eax,0x77cc90f3 + * 138cfc91 0fc7 ??? ; unknown command + * 138cfc93 05 a8aa1001 add eax,0x110aaa8 + * 138cfc98 f8 clc + * 138cfc99 ff85 08e96303 inc dword ptr ss:[ebp+0x363e908] + * 138cfc9f a9 f38b35ac test eax,0xac358bf3 + * 138cfca4 a7 cmps dword ptr ds:[esi],dword ptr es:[ed> + * 138cfca5 1001 adc byte ptr ds:[ecx],al + * 138cfca7 8b3d b4a71001 mov edi,dword ptr ds:[0x110a7b4] + * 138cfcad 81c7 48d6ffff add edi,-0x29b8 + * 138cfcb3 8935 78a71001 mov dword ptr ds:[0x110a778],esi + * 138cfcb9 893d 7ca71001 mov dword ptr ds:[0x110a77c],edi + * 138cfcbf c705 80a71001 02>mov dword ptr ds:[0x110a780],0x2 + * 138cfcc9 c705 e4a71001 08>mov dword ptr ds:[0x110a7e4],0x8860008 + * 138cfcd3 832d c4aa1001 04 sub dword ptr ds:[0x110aac4],0x4 + * 138cfcda ^e9 4914f4ff jmp 13811128 + * 138cfcdf 90 nop + * 138cfce0 77 0f ja short 138cfcf1 + * 138cfce2 c705 a8aa1001 74>mov dword ptr ds:[0x110aaa8],0x8844574 + * 138cfcec -e9 1303a9f3 jmp 07360004 + * 138cfcf1 8b35 84a71001 mov esi,dword ptr ds:[0x110a784] + * 138cfcf7 81c6 ffffffff add esi,-0x1 + * 138cfcfd 813d 84a71001 00>cmp dword ptr ds:[0x110a784],0x0 + * 138cfd07 8935 8ca71001 mov dword ptr ds:[0x110a78c],esi + * 138cfd0d 0f85 16000000 jnz 138cfd29 + * 138cfd13 832d c4aa1001 02 sub dword ptr ds:[0x110aac4],0x2 + * 138cfd1a c705 a8aa1001 e0>mov dword ptr ds:[0x110aaa8],0x88445e0 + * 138cfd24 -e9 fa02a9f3 jmp 07360023 + * 138cfd29 832d c4aa1001 02 sub dword ptr ds:[0x110aac4],0x2 + * 138cfd30 ^e9 ab15f4ff jmp 138112e0 + * 138cfd35 90 nop + * 138cfd36 cc int3 + * 138cfd37 cc int3 + * + * 13811266 cc int3 + * 13811267 cc int3 + * 13811268 77 0f ja short 13811279 + * 1381126a c705 a8aa1001 b0>mov dword ptr ds:[0x110aaa8],0x88445b0 + * 13811274 -e9 8bedb4f3 jmp 07360004 + * 13811279 8b35 8ca71001 mov esi,dword ptr ds:[0x110a78c] + * 1381127f 8b3d 88a71001 mov edi,dword ptr ds:[0x110a788] + * 13811285 8b2d 84a71001 mov ebp,dword ptr ds:[0x110a784] + * 1381128b 81c5 ffffffff add ebp,-0x1 + * 13811291 813d 84a71001 00>cmp dword ptr ds:[0x110a784],0x0 + * 1381129b 8935 78a71001 mov dword ptr ds:[0x110a778],esi + * 138112a1 893d 7ca71001 mov dword ptr ds:[0x110a77c],edi + * 138112a7 892d 8ca71001 mov dword ptr ds:[0x110a78c],ebp + * 138112ad 0f84 16000000 je 138112c9 + * 138112b3 832d c4aa1001 04 sub dword ptr ds:[0x110aac4],0x4 + * 138112ba e9 21000000 jmp 138112e0 + * 138112bf 017c45 84 add dword ptr ss:[ebp+eax*2-0x7c],edi + * 138112c3 08e9 or cl,ch + * 138112c5 5a pop edx + * 138112c6 ed in eax,dx ; i/o command + * 138112c7 b4 f3 mov ah,0xf3 + * 138112c9 832d c4aa1001 04 sub dword ptr ds:[0x110aac4],0x4 + * 138112d0 c705 a8aa1001 c0>mov dword ptr ds:[0x110aaa8],0x88445c0 + * 138112da -e9 44edb4f3 jmp 07360023 + * 138112df 90 nop + * 138112e0 77 0f ja short 138112f1 + * 138112e2 c705 a8aa1001 7c>mov dword ptr ds:[0x110aaa8],0x884457c + * 138112ec -e9 13edb4f3 jmp 07360004 + * 138112f1 8b05 7ca71001 mov eax,dword ptr ds:[0x110a77c] + * 138112f7 81e0 ffffff3f and eax,0x3fffffff + * 138112fd 0fb6b0 00008007 movzx esi,byte ptr ds:[eax+0x7800000] ; jichi: hook here + * 13811304 8b05 78a71001 mov eax,dword ptr ds:[0x110a778] + * 1381130a 81e0 ffffff3f and eax,0x3fffffff + * 13811310 0fbeb8 00008007 movsx edi,byte ptr ds:[eax+0x7800000] ; jichi: hook here + * 13811317 8bc6 mov eax,esi + * 13811319 0fbee8 movsx ebp,al + * 1381131c 3bef cmp ebp,edi + * 1381131e 893d 70a71001 mov dword ptr ds:[0x110a770],edi + * 13811324 892d 74a71001 mov dword ptr ds:[0x110a774],ebp + * 1381132a 8935 80a71001 mov dword ptr ds:[0x110a780],esi + * 13811330 0f85 16000000 jnz 1381134c + * 13811336 832d c4aa1001 05 sub dword ptr ds:[0x110aac4],0x5 + * 1381133d e9 56110000 jmp 13812498 + * 13811342 01c8 add eax,ecx + * 13811344 45 inc ebp + * 13811345 8408 test byte ptr ds:[eax],cl + * 13811347 -e9 d7ecb4f3 jmp 07360023 + * 1381134c 832d c4aa1001 05 sub dword ptr ds:[0x110aac4],0x5 + * 13811353 e9 0c000000 jmp 13811364 + * 13811358 0190 458408e9 add dword ptr ds:[eax+0xe9088445],edx + * 1381135e c1ec b4 shr esp,0xb4 ; shift constant out of range 1..31 + * 13811361 f3: prefix rep: ; superfluous prefix + * 13811362 90 nop + * 13811363 cc int3 + * + * 13811362 90 nop + * 13811363 cc int3 + * 13811364 77 0f ja short 13811375 + * 13811366 c705 a8aa1001 90>mov dword ptr ds:[0x110aaa8],0x8844590 + * 13811370 -e9 8fecb4f3 jmp 07360004 + * 13811375 8b05 78a71001 mov eax,dword ptr ds:[0x110a778] + * 1381137b 81e0 ffffff3f and eax,0x3fffffff + * 13811381 0fb6b0 00008007 movzx esi,byte ptr ds:[eax+0x7800000] ; jichi: hook here + * 13811388 81e6 ff000000 and esi,0xff + * 1381138e 8b3d 80a71001 mov edi,dword ptr ds:[0x110a780] + * 13811394 81e7 ff000000 and edi,0xff + * 1381139a 8bc7 mov eax,edi + * 1381139c 8bfe mov edi,esi + * 1381139e 2bf8 sub edi,eax + * 138113a0 8b05 e4a71001 mov eax,dword ptr ds:[0x110a7e4] + * 138113a6 893d 70a71001 mov dword ptr ds:[0x110a770],edi + * 138113ac 8935 74a71001 mov dword ptr ds:[0x110a774],esi + * 138113b2 8905 a8aa1001 mov dword ptr ds:[0x110aaa8],eax + * 138113b8 832d c4aa1001 05 sub dword ptr ds:[0x110aac4],0x5 + * 138113bf -e9 5fecb4f3 jmp 07360023 + * 138113c4 90 nop + * 138113c5 cc int3 + * 138113c6 cc int3 + * 138113c7 cc int3 + * + * 138124f2 cc int3 + * 138124f3 cc int3 + * 138124f4 77 0f ja short 13812505 + * 138124f6 c705 a8aa1001 d0>mov dword ptr ds:[0x110aaa8],0x88445d0 + * 13812500 -e9 ffdab4f3 jmp 07360004 + * 13812505 813d 74a71001 00>cmp dword ptr ds:[0x110a774],0x0 + * 1381250f c705 90a71001 00>mov dword ptr ds:[0x110a790],0x0 + * 13812519 0f84 16000000 je 13812535 + * 1381251f 832d c4aa1001 02 sub dword ptr ds:[0x110aac4],0x2 + * 13812526 e9 21000000 jmp 1381254c + * 1381252b 018446 8408e9ee add dword ptr ds:[esi+eax*2+0xeee90884],> + * 13812532 dab4f3 832dc4aa fidiv dword ptr ds:[ebx+esi*8+0xaac42d83> + * 13812539 1001 adc byte ptr ds:[ecx],al + * 1381253b 02e9 add ch,cl + * 1381253d 3302 xor eax,dword ptr ds:[edx] + * 1381253f 0000 add byte ptr ds:[eax],al + * 13812541 01d8 add eax,ebx + * 13812543 45 inc ebp + * 13812544 8408 test byte ptr ds:[eax],cl + * 13812546 -e9 d8dab4f3 jmp 07360023 + * 1381254b 90 nop + * 1381254c 77 0f ja short 1381255d + * 1381254e c705 a8aa1001 84>mov dword ptr ds:[0x110aaa8],0x8844684 + * 13812558 -e9 a7dab4f3 jmp 07360004 + * 1381255d 8b35 78a71001 mov esi,dword ptr ds:[0x110a778] + * 13812563 0335 8ca71001 add esi,dword ptr ds:[0x110a78c] + * 13812569 8b3d 88a71001 mov edi,dword ptr ds:[0x110a788] + * 1381256f 8d7f 01 lea edi,dword ptr ds:[edi+0x1] + * 13812572 8b2d 7ca71001 mov ebp,dword ptr ds:[0x110a77c] + * 13812578 8d6d 01 lea ebp,dword ptr ss:[ebp+0x1] + * 1381257b 8b15 90a71001 mov edx,dword ptr ds:[0x110a790] + * 13812581 3b15 8ca71001 cmp edx,dword ptr ds:[0x110a78c] + * 13812587 892d 7ca71001 mov dword ptr ds:[0x110a77c],ebp + * 1381258d 893d 88a71001 mov dword ptr ds:[0x110a788],edi + * 13812593 8935 94a71001 mov dword ptr ds:[0x110a794],esi + * 13812599 0f85 16000000 jnz 138125b5 + * 1381259f 832d c4aa1001 04 sub dword ptr ds:[0x110aac4],0x4 + * 138125a6 c705 a8aa1001 c4>mov dword ptr ds:[0x110aaa8],0x88446c4 + * 138125b0 -e9 6edab4f3 jmp 07360023 + * 138125b5 832d c4aa1001 04 sub dword ptr ds:[0x110aac4],0x4 + * 138125bc e9 0b000000 jmp 138125cc + * 138125c1 019446 8408e958 add dword ptr ds:[esi+eax*2+0x58e90884],> + * 138125c8 dab4f3 90770fc7 fidiv dword ptr ds:[ebx+esi*8+0xc70f7790> + * 138125cf 05 a8aa1001 add eax,0x110aaa8 + * 138125d4 94 xchg eax,esp + * 138125d5 46 inc esi + * 138125d6 8408 test byte ptr ds:[eax],cl + * 138125d8 -e9 27dab4f3 jmp 07360004 + * 138125dd 8b05 88a71001 mov eax,dword ptr ds:[0x110a788] + * 138125e3 81e0 ffffff3f and eax,0x3fffffff + * 138125e9 0fb6b0 00008007 movzx esi,byte ptr ds:[eax+0x7800000] ; jichi: hook here + * 138125f0 8b05 7ca71001 mov eax,dword ptr ds:[0x110a77c] + * 138125f6 81e0 ffffff3f and eax,0x3fffffff + * 138125fc 0fb6b8 00008007 movzx edi,byte ptr ds:[eax+0x7800000] + * 13812603 8bc6 mov eax,esi + * 13812605 0fbee8 movsx ebp,al + * 13812608 8bc7 mov eax,edi + * 1381260a 0fbed0 movsx edx,al + * 1381260d 8b0d 90a71001 mov ecx,dword ptr ds:[0x110a790] + * 13812613 8d49 01 lea ecx,dword ptr ds:[ecx+0x1] + * 13812616 3bd5 cmp edx,ebp + * 13812618 892d 70a71001 mov dword ptr ds:[0x110a770],ebp + * 1381261e 8935 74a71001 mov dword ptr ds:[0x110a774],esi + * 13812624 893d 80a71001 mov dword ptr ds:[0x110a780],edi + * 1381262a 8915 84a71001 mov dword ptr ds:[0x110a784],edx + * 13812630 890d 90a71001 mov dword ptr ds:[0x110a790],ecx + * 13812636 0f84 16000000 je 13812652 + * 1381263c 832d c4aa1001 06 sub dword ptr ds:[0x110aac4],0x6 + * 13812643 e9 98d70b00 jmp 138cfde0 + * 13812648 019445 8408e9d1 add dword ptr ss:[ebp+eax*2+0xd1e90884],> + * 1381264f d9b4f3 832dc4aa fstenv (28-byte) ptr ds:[ebx+esi*8+0xaac> + * 13812656 1001 adc byte ptr ds:[ecx],al + * 13812658 06 push es + * 13812659 e9 0e000000 jmp 1381266c + * 1381265e 01ac46 8408e9bb add dword ptr ds:[esi+eax*2+0xbbe90884],> + * 13812665 d9b4f3 90cccccc fstenv (28-byte) ptr ds:[ebx+esi*8+0xccc> + * 1381266c 77 0f ja short 1381267d + * 1381266e c705 a8aa1001 ac>mov dword ptr ds:[0x110aaa8],0x88446ac + * 13812678 -e9 87d9b4f3 jmp 07360004 + * 1381267d 8b35 88a71001 mov esi,dword ptr ds:[0x110a788] + * 13812683 3b35 94a71001 cmp esi,dword ptr ds:[0x110a794] + * 13812689 0f85 16000000 jnz 138126a5 + * 1381268f 832d c4aa1001 02 sub dword ptr ds:[0x110aac4],0x2 + * 13812696 e9 d9000000 jmp 13812774 + * 1381269b 01d8 add eax,ebx + * 1381269d 45 inc ebp + * 1381269e 8408 test byte ptr ds:[eax],cl + * 138126a0 -e9 7ed9b4f3 jmp 07360023 + * 138126a5 832d c4aa1001 02 sub dword ptr ds:[0x110aac4],0x2 + * 138126ac e9 0b000000 jmp 138126bc + * 138126b1 01b446 8408e968 add dword ptr ds:[esi+eax*2+0x68e90884],> + * 138126b8 d9b4f3 90770fc7 fstenv (28-byte) ptr ds:[ebx+esi*8+0xc70> + * 138126bf 05 a8aa1001 add eax,0x110aaa8 + * 138126c4 b4 46 mov ah,0x46 + * 138126c6 8408 test byte ptr ds:[eax],cl + * 138126c8 -e9 37d9b4f3 jmp 07360004 + * 138126cd 8b35 88a71001 mov esi,dword ptr ds:[0x110a788] + * 138126d3 8d76 01 lea esi,dword ptr ds:[esi+0x1] + * 138126d6 813d 84a71001 00>cmp dword ptr ds:[0x110a784],0x0 + * 138126e0 8935 88a71001 mov dword ptr ds:[0x110a788],esi + * 138126e6 0f84 16000000 je 13812702 + * 138126ec 832d c4aa1001 02 sub dword ptr ds:[0x110aac4],0x2 + * 138126f3 e9 24000000 jmp 1381271c + * 138126f8 018c46 8408e921 add dword ptr ds:[esi+eax*2+0x21e90884],> + * 138126ff d9b4f3 832dc4aa fstenv (28-byte) ptr ds:[ebx+esi*8+0xaac> + * 13812706 1001 adc byte ptr ds:[ecx],al + * 13812708 02c7 add al,bh + * 1381270a 05 a8aa1001 add eax,0x110aaa8 + * 1381270f bc 468408e9 mov esp,0xe9088446 + * 13812714 0bd9 or ebx,ecx + * 13812716 b4 f3 mov ah,0xf3 + * 13812718 90 nop + * 13812719 cc int3 + * 1381271a cc int3 + * 1381271b cc int3 + * + * This function is very similar to Imageepoch, and can have duplicate text + * 138d1486 cc int3 + * 138d1487 cc int3 + * 138d1488 77 0f ja short 138d1499 + * 138d148a c705 a8aa1001 2c>mov dword ptr ds:[0x110aaa8],0x884452c + * 138d1494 -e9 6beba8f3 jmp 07360004 + * 138d1499 8b05 7ca71001 mov eax,dword ptr ds:[0x110a77c] + * 138d149f 81e0 ffffff3f and eax,0x3fffffff + * 138d14a5 0fbeb0 00008007 movsx esi,byte ptr ds:[eax+0x7800000] ; jichi: hook here + * 138d14ac 8b3d 7ca71001 mov edi,dword ptr ds:[0x110a77c] + * 138d14b2 8d7f 01 lea edi,dword ptr ds:[edi+0x1] + * 138d14b5 8b05 74a71001 mov eax,dword ptr ds:[0x110a774] + * 138d14bb 81e0 ffffff3f and eax,0x3fffffff + * 138d14c1 8bd6 mov edx,esi + * 138d14c3 8890 00008007 mov byte ptr ds:[eax+0x7800000],dl + * 138d14c9 8b2d 74a71001 mov ebp,dword ptr ds:[0x110a774] + * 138d14cf 8d6d 01 lea ebp,dword ptr ss:[ebp+0x1] + * 138d14d2 81fe 00000000 cmp esi,0x0 + * 138d14d8 8935 70a71001 mov dword ptr ds:[0x110a770],esi + * 138d14de 892d 74a71001 mov dword ptr ds:[0x110a774],ebp + * 138d14e4 893d 7ca71001 mov dword ptr ds:[0x110a77c],edi + * 138d14ea 0f85 16000000 jnz 138d1506 + * 138d14f0 832d c4aa1001 05 sub dword ptr ds:[0x110aac4],0x5 + * 138d14f7 e9 e8000000 jmp 138d15e4 + * 138d14fc 015445 84 add dword ptr ss:[ebp+eax*2-0x7c],edx + * 138d1500 08e9 or cl,ch + * 138d1502 1d eba8f383 sbb eax,0x83f3a8eb + * 138d1507 2d c4aa1001 sub eax,0x110aac4 + * 138d150c 05 e90e0000 add eax,0xee9 + * 138d1511 0001 add byte ptr ds:[ecx],al + * 138d1513 40 inc eax + * 138d1514 45 inc ebp + * 138d1515 8408 test byte ptr ds:[eax],cl + * 138d1517 -e9 07eba8f3 jmp 07360023 + * 138d151c 90 nop + * 138d151d cc int3 + * 138d151e cc int3 + * 138d151f cc int3 + */ +//static void SpecialPSPHookYeti(hook_stack* stack, HookParam *hp, uintptr_t *data, uintptr_t *split, size_t*len) +//{ +// //enum { base = 0x7400000 }; +// DWORD eax = regof(eax, esp_base); +// LPCSTR text = LPCSTR(eax + hp->user_value); +// if (*text) { +// *data = (DWORD)text; +// *len = ::strlen(text); // SHIFT-JIS +// //*split = regof(ecx, esp_base); // ecx is bad that will split text threads +// //*split = FIXED_SPLIT_VALUE; // Similar to 5pb, it only has one thread? +// //*split = regof(ebx, esp_base); // value of ebx is splitting +// *split = FIXED_SPLIT_VALUE << 1; // * 2 to make it unique +// } +//} + +bool InsertYetiPSPHook() +{ + ConsoleOutput("Yeti PSP: enter"); + const BYTE bytes[] = { + //0xcc, // 14e49edb cc int3 + 0x77, 0x0f, // 14e49edc 77 0f ja short 14e49eed + 0xc7,0x05, XX8, // 14e49ede c705 a8aa1001 98>mov dword ptr ds:[0x110aaa8],0x885ff98 + 0xe9, XX4, // 14e49ee8 -e9 17619eee jmp 03830004 + 0x8b,0x35, XX4, // 14e49eed 8b35 70a71001 mov esi,dword ptr ds:[0x110a770] + 0xc1,0xee, 0x1f, // 14e49ef3 c1ee 1f shr esi,0x1f + 0x8b,0x05, XX4, // 14e49ef6 8b05 b4a71001 mov eax,dword ptr ds:[0x110a7b4] + 0x81,0xe0, 0xff,0xff,0xff,0x3f, // 14e49efc 81e0 ffffff3f and eax,0x3fffffff + 0x8b,0xb8, XX4, // 14e49f02 8bb8 14deff07 mov edi,dword ptr ds:[eax+0x7ffde14] + 0x03,0x35, XX4, // 14e49f08 0335 70a71001 add esi,dword ptr ds:[0x110a770] + 0xd1,0xfe, // 14e49f0e d1fe sar esi,1 + 0x8b,0x05, XX4, // 14e49f10 8b05 b0a71001 mov eax,dword ptr ds:[0x110a7b0] + 0x81,0xe0, 0xff,0xff,0xff,0x3f, // 14e49f16 81e0 ffffff3f and eax,0x3fffffff + 0x89,0xb8, XX4, // 14e49f1c 89b8 00000008 mov dword ptr ds:[eax+0x8000000],edi + 0x8b,0x05, XX4, // 14e49f22 8b05 dca71001 mov eax,dword ptr ds:[0x110a7dc] + 0x81,0xe0, 0xff,0xff,0xff,0x3f, // 14e49f28 81e0 ffffff3f and eax,0x3fffffff + 0x89,0xb0, XX4, // 14e49f2e 89b0 30000008 mov dword ptr ds:[eax+0x8000030],esi + 0x8b,0x05, XX4, // 14e49f34 8b05 b4a71001 mov eax,dword ptr ds:[0x110a7b4] + 0x81,0xe0, 0xff,0xff,0xff,0x3f, // 14e49f3a 81e0 ffffff3f and eax,0x3fffffff + 0x8b,0xa8, XX4, // 14e49f40 8ba8 14deff07 mov ebp,dword ptr ds:[eax+0x7ffde14] + 0x8b,0xc5, // 14e49f46 8bc5 mov eax,ebp + 0x81,0xe0, 0xff,0xff,0xff,0x3f, // 14e49f48 81e0 ffffff3f and eax,0x3fffffff + 0x0f,0xb6,0xb0 //, XX4, // 14e49f4e 0fb6b0 00000008 movzx esi,byte ptr ds:[eax+0x8000000] ; jichi: hook here + }; + enum { memory_offset = 3 }; // 14e49f4e 0fb6b0 00000008 movzx esi,byte ptr ds:[eax+0x8000000] + enum { addr_offset = sizeof(bytes) - memory_offset }; + auto succ=false; + DWORD addr = SafeMatchBytesInPSPMemory(bytes, sizeof(bytes)); + if (!addr) + ConsoleOutput("Yeti PSP: pattern not found"); + else { + HookParam hp; + hp.address = addr + addr_offset; + hp.user_value = *(DWORD *)(hp.address + memory_offset); + hp.type = USING_STRING|USING_SPLIT|FIXING_SPLIT|NO_CONTEXT; // Fix the split value to merge all threads + hp.text_fun = SpecialPSPHook; + hp.offset=get_reg(regs::eax); + ConsoleOutput("Yeti PSP: INSERT"); + succ|=NewHook(hp, "Yeti PSP"); + } + + ConsoleOutput("Yeti PSP: leave"); + return succ; +} + +/** 7/19/2014 jichi Alternative Yeti PSP engine, 0.9.8, 0.9.9 + * Sample game: Never 7, 0.9.8 & 0.9.9 + * Sample game: ひまわり + * + * Do not work on 0.9.9 Ever17 (7/27/2014) + * + * + * This hook does not work for 12River. + * However, sceFont functions work. + * + * Memory address is FIXED. + * Debug method: breakpoint the memory address + * There are two matched memory address to the current text + * + * There are several functions. The first one is used. + * + * The text also has 5pb-like garbage, but it is difficult to trim. + * + * PPSSPP 0.9.8: + * + * 14289802 cc int3 + * 14289803 cc int3 + * 14289804 77 0f ja short 14289815 + * 14289806 c705 a8aa1001 58>mov dword ptr ds:[0x110aaa8],0x881ab58 + * 14289810 -e9 ef6767ef jmp 03900004 + * 14289815 8b35 74a71001 mov esi,dword ptr ds:[0x110a774] + * 1428981b 0335 78a71001 add esi,dword ptr ds:[0x110a778] + * 14289821 8b05 dca71001 mov eax,dword ptr ds:[0x110a7dc] + * 14289827 81e0 ffffff3f and eax,0x3fffffff + * 1428982d 8bb8 28004007 mov edi,dword ptr ds:[eax+0x7400028] + * 14289833 8bc6 mov eax,esi + * 14289835 81e0 ffffff3f and eax,0x3fffffff + * 1428983b 8bd7 mov edx,edi + * 1428983d 8890 10044007 mov byte ptr ds:[eax+0x7400410],dl + * 14289843 8b05 b0a71001 mov eax,dword ptr ds:[0x110a7b0] + * 14289849 81e0 ffffff3f and eax,0x3fffffff + * 1428984f 8bb8 84004007 mov edi,dword ptr ds:[eax+0x7400084] + * 14289855 8b05 aca71001 mov eax,dword ptr ds:[0x110a7ac] + * 1428985b 81e0 ffffff3f and eax,0x3fffffff + * 14289861 0fb6a8 00004007 movzx ebp,byte ptr ds:[eax+0x7400000] ; jichi: hook here + * 14289868 81ff 00000000 cmp edi,0x0 + * 1428986e 8935 70a71001 mov dword ptr ds:[0x110a770],esi + * 14289874 893d 74a71001 mov dword ptr ds:[0x110a774],edi + * 1428987a 892d 78a71001 mov dword ptr ds:[0x110a778],ebp + * 14289880 0f85 16000000 jnz 1428989c + * 14289886 832d c4aa1001 06 sub dword ptr ds:[0x110aac4],0x6 + * 1428988d c705 a8aa1001 ac>mov dword ptr ds:[0x110aaa8],0x881aeac + * 14289897 -e9 876767ef jmp 03900023 + * 1428989c 832d c4aa1001 06 sub dword ptr ds:[0x110aac4],0x6 + * 142898a3 e9 0c000000 jmp 142898b4 + * 142898a8 0170 ab add dword ptr ds:[eax-0x55],esi + * 142898ab 8108 e9716767 or dword ptr ds:[eax],0x676771e9 + * 142898b1 ef out dx,eax ; i/o command + * 142898b2 90 nop + * + * 142878ed cc int3 + * 142878ee cc int3 + * 142878ef cc int3 + * 142878f0 77 0f ja short 14287901 + * 142878f2 c705 a8aa1001 44>mov dword ptr ds:[0x110aaa8],0x8811e44 + * 142878fc -e9 038767ef jmp 03900004 + * 14287901 8b35 70a71001 mov esi,dword ptr ds:[0x110a770] + * 14287907 8b05 b0a71001 mov eax,dword ptr ds:[0x110a7b0] + * 1428790d 81e0 ffffff3f and eax,0x3fffffff + * 14287913 8bd6 mov edx,esi + * 14287915 8890 00004007 mov byte ptr ds:[eax+0x7400000],dl ; jichi: hook here + * 1428791b 8b05 a8a71001 mov eax,dword ptr ds:[0x110a7a8] + * 14287921 81e0 ffffff3f and eax,0x3fffffff + * 14287927 0fb6b8 00004007 movzx edi,byte ptr ds:[eax+0x7400000] + * 1428792e 8b2d aca71001 mov ebp,dword ptr ds:[0x110a7ac] + * 14287934 81c5 02000000 add ebp,0x2 + * 1428793a 8bd5 mov edx,ebp + * 1428793c 8915 aca71001 mov dword ptr ds:[0x110a7ac],edx + * 14287942 8b05 b0a71001 mov eax,dword ptr ds:[0x110a7b0] + * 14287948 81e0 ffffff3f and eax,0x3fffffff + * 1428794e 8bd7 mov edx,edi + * 14287950 8890 01004007 mov byte ptr ds:[eax+0x7400001],dl + * 14287956 8b15 b0a71001 mov edx,dword ptr ds:[0x110a7b0] + * 1428795c 8d52 02 lea edx,dword ptr ds:[edx+0x2] + * 1428795f 893d 74a71001 mov dword ptr ds:[0x110a774],edi + * 14287965 892d a8a71001 mov dword ptr ds:[0x110a7a8],ebp + * 1428796b 8915 b0a71001 mov dword ptr ds:[0x110a7b0],edx + * 14287971 832d c4aa1001 07 sub dword ptr ds:[0x110aac4],0x7 + * 14287978 e9 0b000000 jmp 14287988 + * 1428797d 01a8 1d8108e9 add dword ptr ds:[eax+0xe908811d],ebp + * 14287983 9c pushfd + * 14287984 8667 ef xchg byte ptr ds:[edi-0x11],ah + * 14287987 90 nop + * + * 14289a2a 90 nop + * 14289a2b cc int3 + * 14289a2c 77 0f ja short 14289a3d + * 14289a2e c705 a8aa1001 b4>mov dword ptr ds:[0x110aaa8],0x881abb4 + * 14289a38 -e9 c76567ef jmp 03900004 + * 14289a3d 8b05 dca71001 mov eax,dword ptr ds:[0x110a7dc] + * 14289a43 81e0 ffffff3f and eax,0x3fffffff + * 14289a49 8bb0 18004007 mov esi,dword ptr ds:[eax+0x7400018] + * 14289a4f 8b05 dca71001 mov eax,dword ptr ds:[0x110a7dc] + * 14289a55 81e0 ffffff3f and eax,0x3fffffff + * 14289a5b 8bb8 24004007 mov edi,dword ptr ds:[eax+0x7400024] + * 14289a61 8b2d 70a71001 mov ebp,dword ptr ds:[0x110a770] + * 14289a67 03ee add ebp,esi + * 14289a69 8b05 dca71001 mov eax,dword ptr ds:[0x110a7dc] + * 14289a6f 81e0 ffffff3f and eax,0x3fffffff + * 14289a75 8bb0 20004007 mov esi,dword ptr ds:[eax+0x7400020] + * 14289a7b 8bc5 mov eax,ebp + * 14289a7d 81e0 ffffff3f and eax,0x3fffffff + * 14289a83 66:89b8 c2034007 mov word ptr ds:[eax+0x74003c2],di + * 14289a8a 8bc5 mov eax,ebp + * 14289a8c 81e0 ffffff3f and eax,0x3fffffff + * 14289a92 66:89b0 c0034007 mov word ptr ds:[eax+0x74003c0],si + * 14289a99 8b05 aca71001 mov eax,dword ptr ds:[0x110a7ac] + * 14289a9f 81e0 ffffff3f and eax,0x3fffffff + * 14289aa5 0fb6b0 00004007 movzx esi,byte ptr ds:[eax+0x7400000] ; jichi: hook here + * 14289aac 81e6 ff000000 and esi,0xff + * 14289ab2 892d 70a71001 mov dword ptr ds:[0x110a770],ebp + * 14289ab8 893d 74a71001 mov dword ptr ds:[0x110a774],edi + * 14289abe 8935 78a71001 mov dword ptr ds:[0x110a778],esi + * 14289ac4 c705 e4a71001 d8>mov dword ptr ds:[0x110a7e4],0x881abd8 + * 14289ace 832d c4aa1001 09 sub dword ptr ds:[0x110aac4],0x9 + * 14289ad5 ^e9 d6c6f8ff jmp 142161b0 + * 14289ada 90 nop + * + * 14289adb cc int3 + * 14289adc 77 0f ja short 14289aed + * 14289ade c705 a8aa1001 d8>mov dword ptr ds:[0x110aaa8],0x881abd8 + * 14289ae8 -e9 176567ef jmp 03900004 + * 14289aed 813d 70a71001 00>cmp dword ptr ds:[0x110a770],0x0 + * 14289af7 0f85 2f000000 jnz 14289b2c + * 14289afd 8b05 aca71001 mov eax,dword ptr ds:[0x110a7ac] + * 14289b03 81e0 ffffff3f and eax,0x3fffffff + * 14289b09 0fb6b0 00004007 movzx esi,byte ptr ds:[eax+0x7400000] ; jichi: hook here + * 14289b10 8935 70a71001 mov dword ptr ds:[0x110a770],esi + * 14289b16 832d c4aa1001 02 sub dword ptr ds:[0x110aac4],0x2 + * 14289b1d e9 22000000 jmp 14289b44 + * 14289b22 0110 add dword ptr ds:[eax],edx + * 14289b24 af scas dword ptr es:[edi] + * 14289b25 8108 e9f76467 or dword ptr ds:[eax],0x6764f7e9 + * 14289b2b ef out dx,eax ; i/o command + * 14289b2c 832d c4aa1001 02 sub dword ptr ds:[0x110aac4],0x2 + * 14289b33 c705 a8aa1001 e0>mov dword ptr ds:[0x110aaa8],0x881abe0 + * 14289b3d -e9 e16467ef jmp 03900023 + * + * PPSSPP 0.9.9 (7/27/2014) + * + * 0ed85942 cc int3 + * 0ed85943 cc int3 + * 0ed85944 77 0f ja short 0ed85955 + * 0ed85946 c705 c84c1301 58>mov dword ptr ds:[0x1134cc8],0x881ab58 + * 0ed85950 -e9 afa6aef4 jmp 03870004 + * 0ed85955 8b35 94491301 mov esi,dword ptr ds:[0x1134994] + * 0ed8595b 0335 98491301 add esi,dword ptr ds:[0x1134998] + * 0ed85961 8b05 fc491301 mov eax,dword ptr ds:[0x11349fc] + * 0ed85967 81e0 ffffff3f and eax,0x3fffffff + * 0ed8596d 8bb8 28008009 mov edi,dword ptr ds:[eax+0x9800028] + * 0ed85973 8bc6 mov eax,esi + * 0ed85975 81e0 ffffff3f and eax,0x3fffffff + * 0ed8597b 8bd7 mov edx,edi + * 0ed8597d 8890 10048009 mov byte ptr ds:[eax+0x9800410],dl + * 0ed85983 8b05 d0491301 mov eax,dword ptr ds:[0x11349d0] + * 0ed85989 81e0 ffffff3f and eax,0x3fffffff + * 0ed8598f 8bb8 84008009 mov edi,dword ptr ds:[eax+0x9800084] + * 0ed85995 8b05 cc491301 mov eax,dword ptr ds:[0x11349cc] + * 0ed8599b 81e0 ffffff3f and eax,0x3fffffff + * 0ed859a1 0fb6a8 00008009 movzx ebp,byte ptr ds:[eax+0x9800000] ; jichi: hook here + * 0ed859a8 81ff 00000000 cmp edi,0x0 + * 0ed859ae 8935 90491301 mov dword ptr ds:[0x1134990],esi + * 0ed859b4 893d 94491301 mov dword ptr ds:[0x1134994],edi + * 0ed859ba 892d 98491301 mov dword ptr ds:[0x1134998],ebp + * 0ed859c0 0f85 16000000 jnz 0ed859dc + * 0ed859c6 832d e44c1301 06 sub dword ptr ds:[0x1134ce4],0x6 + * 0ed859cd c705 c84c1301 ac>mov dword ptr ds:[0x1134cc8],0x881aeac + * 0ed859d7 -e9 47a6aef4 jmp 03870023 + * 0ed859dc 832d e44c1301 06 sub dword ptr ds:[0x1134ce4],0x6 + * 0ed859e3 e9 0c000000 jmp 0ed859f4 + * 0ed859e8 0170 ab add dword ptr ds:[eax-0x55],esi + * 0ed859eb 8108 e931a6ae or dword ptr ds:[eax],0xaea631e9 + * 0ed859f1 f4 hlt ; privileged command + * 0ed859f2 90 nop + */ +// TODO: Is reverse_strlen a better choice? +static void SpecialPSPHookYeti2(hook_stack* stack, HookParam *hp, uintptr_t *data, uintptr_t *split, size_t*len) +{ + DWORD eax = stack->eax; + LPCSTR text = LPCSTR(eax + hp->user_value); + if (BYTE c = *(BYTE *)text) { + *data = (DWORD)text; + //*len = text[1] ? 2 : 1; + *len = ::LeadByteTable[c]; + + *split = stack->edx; + //DWORD ecx = regof(ecx, esp_base); + //*split = ecx ? (FIXED_SPLIT_VALUE << 1) : 0; // << 1 to be unique, non-zero ecx is what I want + } +} + +bool InsertYeti2PSPHook() +{ + ConsoleOutput("Yeti2 PSP: enter"); + + const BYTE bytes[] = { + 0x81,0xe0, 0xff,0xff,0xff,0x3f, // 14289827 81e0 ffffff3f and eax,0x3fffffff + 0x8b,0xb8, XX4, // 1428982d 8bb8 28004007 mov edi,dword ptr ds:[eax+0x7400028] + 0x8b,0xc6, // 14289833 8bc6 mov eax,esi + 0x81,0xe0, 0xff,0xff,0xff,0x3f, // 14289835 81e0 ffffff3f and eax,0x3fffffff + 0x8b,0xd7, // 1428983b 8bd7 mov edx,edi + 0x88,0x90, XX4, // 1428983d 8890 10044007 mov byte ptr ds:[eax+0x7400410],dl + 0x8b,0x05, XX4, // 14289843 8b05 b0a71001 mov eax,dword ptr ds:[0x110a7b0] + 0x81,0xe0, 0xff,0xff,0xff,0x3f, // 14289849 81e0 ffffff3f and eax,0x3fffffff + 0x8b,0xb8, XX4, // 1428984f 8bb8 84004007 mov edi,dword ptr ds:[eax+0x7400084] + 0x8b,0x05, XX4, // 14289855 8b05 aca71001 mov eax,dword ptr ds:[0x110a7ac] + 0x81,0xe0, 0xff,0xff,0xff,0x3f, // 1428985b 81e0 ffffff3f and eax,0x3fffffff + 0x0f,0xb6,0xa8 //, XX4 // 14289861 0fb6a8 00004007 movzx ebp,byte ptr ds:[eax+0x7400000] ; jichi: hook here + // 14289b10 8935 70a71001 mov dword ptr ds:[0x110a770],esi + // 14289b16 832d c4aa1001 02 sub dword ptr ds:[0x110aac4],0x2 + }; + enum { memory_offset = 3 }; + enum { addr_offset = sizeof(bytes) - memory_offset }; + //enum { addr_offset = sizeof(bytes) + 4 }; // point to next statement after ebp is assigned + auto succ=false; + DWORD addr = SafeMatchBytesInPSPMemory(bytes, sizeof(bytes)); + if (!addr) + ConsoleOutput("Yeti2 PSP: pattern not found"); + else { + HookParam hp; + hp.address = addr + addr_offset; + hp.user_value = *(DWORD *)(hp.address + memory_offset); + hp.type = USING_STRING|NO_CONTEXT; + hp.text_fun = SpecialPSPHookYeti2; + ConsoleOutput("Yeti2 PSP: INSERT"); + succ|=NewHook(hp, "Yeti2 PSP"); + } + + ConsoleOutput("Yeti2 PSP: leave"); + return succ; +} + +/** 7/22/2014 jichi: Nippon1 PSP engine, 0.9.8 only + * Sample game: ぁ�の�リンスさまっ♪ (0.9.8 only) + * + * Memory address is FIXED. + * Debug method: breakpoint the precomputed address + * + * The data is in (WORD)bp instead of eax. + * bp contains SHIFT-JIS CODEC_ANSI_BE data. + * + * There is only one text thread. + * + * 134e0553 cc int3 + * 134e0554 77 0f ja short 134e0565 + * 134e0556 c705 a8aa1001 34>mov dword ptr ds:[0x110aaa8],0x8853a34 + * 134e0560 -e9 9ffa03f0 jmp 03520004 + * 134e0565 8b35 74a71001 mov esi,dword ptr ds:[0x110a774] + * 134e056b d1e6 shl esi,1 + * 134e056d c7c7 987db708 mov edi,0x8b77d98 + * 134e0573 03fe add edi,esi + * 134e0575 8b2d 78a71001 mov ebp,dword ptr ds:[0x110a778] + * 134e057b 8bc7 mov eax,edi + * 134e057d 81e0 ffffff3f and eax,0x3fffffff + * 134e0583 66:89a8 00004007 mov word ptr ds:[eax+0x7400000],bp ; jichi: hook here + * 134e058a 8b2d 8c7df70f mov ebp,dword ptr ds:[0xff77d8c] + * 134e0590 8d6d 01 lea ebp,dword ptr ss:[ebp+0x1] + * 134e0593 892d 8c7df70f mov dword ptr ds:[0xff77d8c],ebp + * 134e0599 8b05 e4a71001 mov eax,dword ptr ds:[0x110a7e4] + * 134e059f c705 74a71001 00>mov dword ptr ds:[0x110a774],0x8b70000 + * 134e05a9 892d 78a71001 mov dword ptr ds:[0x110a778],ebp + * 134e05af 8935 7ca71001 mov dword ptr ds:[0x110a77c],esi + * 134e05b5 8905 a8aa1001 mov dword ptr ds:[0x110aaa8],eax + * 134e05bb 832d c4aa1001 0c sub dword ptr ds:[0x110aac4],0xc + * 134e05c2 -e9 5cfa03f0 jmp 03520023 + */ +// Read text from bp +// TODO: This should be expressed as general hook without extern fun +static void SpecialPSPHookNippon1(hook_stack* stack, HookParam *hp, uintptr_t *data, uintptr_t *split, size_t*len) +{ + LPCSTR text = LPCSTR(stack->base + hp->offset); // dynamic offset, ebp or esi + if (*text) { + *data = (DWORD)text; + *len = !text[0] ? 0 : !text[1] ? 1 : 2; // bp or si has at most two bytes + //*len = ::LeadByteTable[*(BYTE *)text] // TODO: Test leadbytetable + *split = stack->ecx; + } +} + +bool InsertNippon1PSPHook() +{ + ConsoleOutput("Nippon1 PSP: enter"); + + const BYTE bytes[] = { + //0xcc, // 134e0553 cc int3 + 0x77, 0x0f, // 134e0554 77 0f ja short 134e0565 + 0xc7,0x05, XX8, // 134e0556 c705 a8aa1001 34>mov dword ptr ds:[0x110aaa8],0x8853a34 + 0xe9, XX4, // 134e0560 -e9 9ffa03f0 jmp 03520004 + 0x8b,0x35, XX4, // 134e0565 8b35 74a71001 mov esi,dword ptr ds:[0x110a774] + 0xd1,0xe6, // 134e056b d1e6 shl esi,1 + 0xc7,0xc7, XX4, // 134e056d c7c7 987db708 mov edi,0x8b77d98 + 0x03,0xfe, // 134e0573 03fe add edi,esi + 0x8b,0x2d, XX4, // 134e0575 8b2d 78a71001 mov ebp,dword ptr ds:[0x110a778] + 0x8b,0xc7, // 134e057b 8bc7 mov eax,edi + 0x81,0xe0, 0xff,0xff,0xff,0x3f, // 134e057d 81e0 ffffff3f and eax,0x3fffffff + 0x66,0x89,0xa8, XX4, // 134e0583 66:89a8 00004007 mov word ptr ds:[eax+0x7400000],bp ; jichi: hook here + 0x8b,0x2d, XX4, // 134e058a 8b2d 8c7df70f mov ebp,dword ptr ds:[0xff77d8c] + 0x8d,0x6d, 0x01 // 134e0590 8d6d 01 lea ebp,dword ptr ss:[ebp+0x1] + }; + enum { memory_offset = 3 }; + enum { addr_offset = 0x134e0583 - 0x134e0554 }; + auto succ=false; + DWORD addr = SafeMatchBytesInPSPMemory(bytes, sizeof(bytes)); + if (!addr) + ConsoleOutput("Nippon1 PSP: pattern not found"); + else { + HookParam hp; + hp.address = addr + addr_offset; + hp.offset=get_reg(regs::ebp); + hp.type = USING_STRING|NO_CONTEXT; + hp.text_fun = SpecialPSPHookNippon1; + ConsoleOutput("Nippon1 PSP: INSERT"); + succ|=NewHook(hp, "Nippon1 PSP"); + } + + ConsoleOutput("Nippon1 PSP: leave"); + return succ; +} + +/** 7/26/2014 jichi: Alternative Nippon1 PSP engine, 0.9.8 only + * Sample game: 神�悪戯 (0.9.8 only) + * Issue: character name cannot be extracted + * + * Memory address is FIXED. + * Debug method: breakpoint the precomputed address + * + * This function is the one that write the text into the memory. + * + * 13d13e8b 0f92c0 setb al + * 13d13e8e 8bf8 mov edi,eax + * 13d13e90 81ff 00000000 cmp edi,0x0 + * 13d13e96 893d 78a71001 mov dword ptr ds:[0x110a778],edi + * 13d13e9c 8935 dca71001 mov dword ptr ds:[0x110a7dc],esi + * 13d13ea2 0f85 16000000 jnz 13d13ebe + * 13d13ea8 832d c4aa1001 0a sub dword ptr ds:[0x110aac4],0xa + * 13d13eaf c705 a8aa1001 cc>mov dword ptr ds:[0x110aaa8],0x887c2cc + * 13d13eb9 -e9 65c1a3ef jmp 03750023 + * 13d13ebe 832d c4aa1001 0a sub dword ptr ds:[0x110aac4],0xa + * 13d13ec5 e9 0e000000 jmp 13d13ed8 + * 13d13eca 01a8 c28708e9 add dword ptr ds:[eax+0xe90887c2],ebp + * 13d13ed0 4f dec edi + * 13d13ed1 c1a3 ef90cccc cc shl dword ptr ds:[ebx+0xcccc90ef],0xcc ; shift constant out of range 1..31 + * 13d13ed8 77 0f ja short 13d13ee9 + * 13d13eda c705 a8aa1001 a8>mov dword ptr ds:[0x110aaa8],0x887c2a8 + * 13d13ee4 -e9 1bc1a3ef jmp 03750004 + * 13d13ee9 8b05 dca71001 mov eax,dword ptr ds:[0x110a7dc] + * 13d13eef 81e0 ffffff3f and eax,0x3fffffff + * 13d13ef5 0fb7b0 0000c007 movzx esi,word ptr ds:[eax+0x7c00000] + * 13d13efc 8b3d fccd5a10 mov edi,dword ptr ds:[0x105acdfc] + * 13d13f02 8bef mov ebp,edi + * 13d13f04 d1e5 shl ebp,1 + * 13d13f06 81c5 e8cd9a08 add ebp,0x89acde8 + * 13d13f0c 8bc5 mov eax,ebp + * 13d13f0e 81e0 ffffff3f and eax,0x3fffffff + * 13d13f14 66:89b0 2000c007 mov word ptr ds:[eax+0x7c00020],si ; jichi: hook here + * 13d13f1b 8d7f 01 lea edi,dword ptr ds:[edi+0x1] + * 13d13f1e 893d fccd5a10 mov dword ptr ds:[0x105acdfc],edi + * 13d13f24 8b15 dca71001 mov edx,dword ptr ds:[0x110a7dc] + * 13d13f2a 8d52 10 lea edx,dword ptr ds:[edx+0x10] + * 13d13f2d 8b05 e4a71001 mov eax,dword ptr ds:[0x110a7e4] + * 13d13f33 893d 78a71001 mov dword ptr ds:[0x110a778],edi + * 13d13f39 c705 7ca71001 e8>mov dword ptr ds:[0x110a77c],0x89acde8 + * 13d13f43 8935 80a71001 mov dword ptr ds:[0x110a780],esi + * 13d13f49 892d 84a71001 mov dword ptr ds:[0x110a784],ebp + * 13d13f4f 8915 dca71001 mov dword ptr ds:[0x110a7dc],edx + * 13d13f55 8905 a8aa1001 mov dword ptr ds:[0x110aaa8],eax + * 13d13f5b 832d c4aa1001 0b sub dword ptr ds:[0x110aac4],0xb + * 13d13f62 -e9 bcc0a3ef jmp 03750023 + * 13d13f67 90 nop + */ + +// 8/13/2014: 5pb might crash on 0.9.9. +bool InsertNippon2PSPHook() +{ + ConsoleOutput("Nippon2 PSP: enter"); + + const BYTE bytes[] = { + 0xe9, XX4, // 13d13ee4 -e9 1bc1a3ef jmp 03750004 + 0x8b,0x05, XX4, // 13d13ee9 8b05 dca71001 mov eax,dword ptr ds:[0x110a7dc] + 0x81,0xe0, 0xff,0xff,0xff,0x3f, // 13d13eef 81e0 ffffff3f and eax,0x3fffffff + 0x0f,0xb7,0xb0, XX4, // 13d13ef5 0fb7b0 0000c007 movzx esi,word ptr ds:[eax+0x7c00000] + 0x8b,0x3d, XX4, // 13d13efc 8b3d fccd5a10 mov edi,dword ptr ds:[0x105acdfc] + 0x8b,0xef, // 13d13f02 8bef mov ebp,edi + 0xd1,0xe5, // 13d13f04 d1e5 shl ebp,1 + 0x81,0xc5, XX4, // 13d13f06 81c5 e8cd9a08 add ebp,0x89acde8 + 0x8b,0xc5, // 13d13f0c 8bc5 mov eax,ebp + 0x81,0xe0, 0xff,0xff,0xff,0x3f, // 13d13f0e 81e0 ffffff3f and eax,0x3fffffff + 0x66,0x89,0xb0 //, XX4 // 13d13f14 66:89b0 2000c007 mov word ptr ds:[eax+0x7c00020],si ; jichi: hook here + }; + enum { memory_offset = 3 }; + enum { addr_offset = sizeof(bytes) - memory_offset }; + auto succ=false; + DWORD addr = SafeMatchBytesInPSPMemory(bytes, sizeof(bytes)); + if (!addr) + ConsoleOutput("Nippon2 PSP: pattern not found"); + else { + HookParam hp; + hp.address = addr + addr_offset; + hp.offset=get_reg(regs::esi); + hp.type = USING_STRING|NO_CONTEXT; + hp.text_fun = SpecialPSPHookNippon1; + ConsoleOutput("Nippon2 PSP: INSERT"); + succ|=NewHook(hp, "Nippon2 PSP"); + } + + ConsoleOutput("Nippon2 PSP: leave"); + return succ; +} + +#if 0 // 8/9/2014 jichi: cannot find a good function + +/** 8/9/2014 jichi Typemoon.com PSP engine, 0.9.8, 0.9.9, + * + * Sample game: Fate CCC + * This game is made by both TYPE-MOON and Imageepoch + * But the encoding is SHIFT-JIS than UTF-8 like other Imageepoch games. + * Otomate hook will produce significant amount of garbage. + * + * Memory address is FIXED. + * There are two matches in the memory. + * + * Debug method: breakpoint the memory address + * The hooked functions were looping which made it difficult to debug. + * + * Two looped functions are as follows. The first one is used + * The second function is tested as bad. + * + * Registers: (all of them are fixed except eax) + * EAX 08C91373 + * ECX 00000016 + * EDX 00000012 + * EBX 0027A580 + * ESP 0353E6D0 + * EBP 0000000B + * ESI 0000001E + * EDI 00000001 + * EIP 1351E14D + * + * 1351e12d f0:90 lock nop ; lock prefix is not allowed + * 1351e12f cc int3 + * 1351e130 77 0f ja short 1351e141 + * 1351e132 c705 a8aa1001 b8>mov dword ptr ds:[0x110aaa8],0x88ed7b8 + * 1351e13c -e9 c31e27f0 jmp 03790004 + * 1351e141 8b05 aca71001 mov eax,dword ptr ds:[0x110a7ac] + * 1351e147 81e0 ffffff3f and eax,0x3fffffff + * 1351e14d 0fbeb0 01004007 movsx esi,byte ptr ds:[eax+0x7400001] ; or jichi: hook here + * 1351e154 8b05 dca71001 mov eax,dword ptr ds:[0x110a7dc] + * 1351e15a 81e0 ffffff3f and eax,0x3fffffff + * 1351e160 8bb8 50004007 mov edi,dword ptr ds:[eax+0x7400050] + * 1351e166 81e6 ff000000 and esi,0xff + * 1351e16c 8bc6 mov eax,esi + * 1351e16e 8b35 a8a71001 mov esi,dword ptr ds:[0x110a7a8] + * 1351e174 0bf0 or esi,eax + * 1351e176 c1e6 10 shl esi,0x10 + * 1351e179 c1fe 10 sar esi,0x10 + * 1351e17c 893d 78a71001 mov dword ptr ds:[0x110a778],edi + * 1351e182 8935 7ca71001 mov dword ptr ds:[0x110a77c],esi + * 1351e188 c705 e4a71001 d4>mov dword ptr ds:[0x110a7e4],0x88ed7d4 + * 1351e192 832d c4aa1001 07 sub dword ptr ds:[0x110aac4],0x7 + * 1351e199 e9 0e000000 jmp 1351e1ac + * 1351e19e 01ac3e 8e08e97b add dword ptr ds:[esi+edi+0x7be9088e],eb> + * 1351e1a5 1e push ds + * 1351e1a6 27 daa + * 1351e1a7 f0:90 lock nop ; lock prefix is not allowed + * 1351e1a9 cc int3 + * + * 13513f23 cc int3 + * 13513f24 77 0f ja short 13513f35 + * 13513f26 c705 a8aa1001 d4>mov dword ptr ds:[0x110aaa8],0x88e7bd4 + * 13513f30 -e9 cfc027f0 jmp 03790004 + * 13513f35 8b05 7ca71001 mov eax,dword ptr ds:[0x110a77c] + * 13513f3b 81e0 ffffff3f and eax,0x3fffffff + * 13513f41 0fbeb0 00004007 movsx esi,byte ptr ds:[eax+0x7400000] + * 13513f48 8b3d 84a71001 mov edi,dword ptr ds:[0x110a784] + * 13513f4e 8d7f 01 lea edi,dword ptr ds:[edi+0x1] + * 13513f51 8b05 78a71001 mov eax,dword ptr ds:[0x110a778] + * 13513f57 81e0 ffffff3f and eax,0x3fffffff + * 13513f5d 8bd6 mov edx,esi + * 13513f5f 8890 00004007 mov byte ptr ds:[eax+0x7400000],dl ; jichi: bad hook + * 13513f65 8b2d 78a71001 mov ebp,dword ptr ds:[0x110a778] + * 13513f6b 8d6d 01 lea ebp,dword ptr ss:[ebp+0x1] + * 13513f6e 33c0 xor eax,eax + * 13513f70 3b3d 80a71001 cmp edi,dword ptr ds:[0x110a780] + * 13513f76 0f9cc0 setl al + * 13513f79 8bf0 mov esi,eax + * 13513f7b 8b15 7ca71001 mov edx,dword ptr ds:[0x110a77c] + * 13513f81 8d52 01 lea edx,dword ptr ds:[edx+0x1] + * 13513f84 81fe 00000000 cmp esi,0x0 + * 13513f8a 892d 78a71001 mov dword ptr ds:[0x110a778],ebp + * 13513f90 8915 7ca71001 mov dword ptr ds:[0x110a77c],edx + * 13513f96 893d 84a71001 mov dword ptr ds:[0x110a784],edi + * 13513f9c 8935 88a71001 mov dword ptr ds:[0x110a788],esi + * 13513fa2 0f84 16000000 je 13513fbe + * 13513fa8 832d c4aa1001 07 sub dword ptr ds:[0x110aac4],0x7 + * 13513faf ^e9 70ffffff jmp 13513f24 + * 13513fb4 01d4 add esp,edx + * 13513fb6 7b 8e jpo short 13513f46 + * 13513fb8 08e9 or cl,ch + * 13513fba 65:c027 f0 shl byte ptr gs:[edi],0xf0 ; shift constant out of range 1..31 + * 13513fbe 832d c4aa1001 07 sub dword ptr ds:[0x110aac4],0x7 + * 13513fc5 e9 0e000000 jmp 13513fd8 + * 13513fca 01f0 add eax,esi + * 13513fcc 7b 8e jpo short 13513f5c + * 13513fce 08e9 or cl,ch + * 13513fd0 4f dec edi + * 13513fd1 c027 f0 shl byte ptr ds:[edi],0xf0 ; shift constant out of range 1..31 + * 13513fd4 90 nop + * 13513fd5 cc int3 + * 13513fd6 cc int3 + */ +// Read text from dl +static void SpecialPSPHookTypeMoon(hook_stack* stack, HookParam *hp, uintptr_t *data, uintptr_t *split, size_t*len) +{ + DWORD eax = regof(eax, esp_base); + DWORD text = eax + hp->user_value - 1; // the text is in the previous byte + if (BYTE c = *(BYTE *)text) { // unsigned char + *data = text; + *len = ::LeadByteTable[c]; // 1 or 2 + //*split = regof(ecx, esp_base); + //*split = regof(edx, esp_base); + *split = regof(ebx, esp_base); + } +} +bool InsertTypeMoonPSPHook() +{ + ConsoleOutput("TypeMoon PSP: enter"); + const BYTE bytes[] = { + 0x77, 0x0f, // 1351e130 77 0f ja short 1351e141 + 0xc7,0x05, XX8, // 1351e132 c705 a8aa1001 b8>mov dword ptr ds:[0x110aaa8],0x88ed7b8 + 0xe9, XX4, // 1351e13c -e9 c31e27f0 jmp 03790004 + 0x8b,0x05, XX4, // 1351e141 8b05 aca71001 mov eax,dword ptr ds:[0x110a7ac] + 0x81,0xe0, 0xff,0xff,0xff,0x3f, // 1351e147 81e0 ffffff3f and eax,0x3fffffff + 0x0f,0xbe,0xb0, XX4, // 1351e14d 0fbeb0 01004007 movsx esi,byte ptr ds:[eax+0x7400001] ; jichi: hook here + 0x8b,0x05, XX4, // 1351e154 8b05 dca71001 mov eax,dword ptr ds:[0x110a7dc] + 0x81,0xe0, 0xff,0xff,0xff,0x3f, // 1351e15a 81e0 ffffff3f and eax,0x3fffffff + 0x8b,0xb8, XX4, // 1351e160 8bb8 50004007 mov edi,dword ptr ds:[eax+0x7400050] + 0x81,0xe6, 0xff,0x00,0x00,0x00, // 1351e166 81e6 ff000000 and esi,0xff + 0x8b,0xc6, // 1351e16c 8bc6 mov eax,esi + 0x8b,0x35, XX4, // 1351e16e 8b35 a8a71001 mov esi,dword ptr ds:[0x110a7a8] + 0x0b,0xf0, // 1351e174 0bf0 or esi,eax + 0xc1,0xe6, 0x10, // 1351e176 c1e6 10 shl esi,0x10 + 0xc1,0xfe, 0x10 // 1351e179 c1fe 10 sar esi,0x10 + }; + enum { memory_offset = 3 }; + enum { addr_offset = 0x1351e14d - 0x1351e130 }; + + DWORD addr = SafeMatchBytesInPSPMemory(bytes, sizeof(bytes)); + if (!addr) + ConsoleOutput("TypeMoon PSP: pattern not found"); + else { + HookParam hp; + hp.address = addr + addr_offset; + hp.user_value = *(DWORD *)(hp.address + memory_offset); + hp.type = USING_STRING|NO_CONTEXT; + hp.text_fun = SpecialPSPHookTypeMoon; + ConsoleOutput("TypeMoon PSP: INSERT"); + NewHook(hp, "TypeMoon PSP"); + } + + ConsoleOutput("TypeMoon PSP: leave"); + return addr; +} + +#endif // 0 + +#if 0 // 7/25/2014: This function is not invoked? Why? +/** 7/22/2014 jichi: KOEI TECMO PSP, 0.9.8 + * Sample game: 金色のコルダ3 + * + * 134598e2 cc int3 + * 134598e3 cc int3 + * 134598e4 77 0f ja short 134598f5 + * 134598e6 c705 a8aa1001 8c>mov dword ptr ds:[0x110aaa8],0x880f08c + * 134598f0 -e9 0f67fbef jmp 03410004 + * 134598f5 8b05 7ca71001 mov eax,dword ptr ds:[0x110a77c] + * 134598fb 81e0 ffffff3f and eax,0x3fffffff + * 13459901 8bb0 00004007 mov esi,dword ptr ds:[eax+0x7400000] ; jichi: hook here + * 13459907 8b3d 7ca71001 mov edi,dword ptr ds:[0x110a77c] + * 1345990d 8d7f 04 lea edi,dword ptr ds:[edi+0x4] + * 13459910 8b05 84a71001 mov eax,dword ptr ds:[0x110a784] + * 13459916 81e0 ffffff3f and eax,0x3fffffff + * 1345991c 89b0 00004007 mov dword ptr ds:[eax+0x7400000],esi + * 13459922 8b2d 84a71001 mov ebp,dword ptr ds:[0x110a784] + * 13459928 8d6d 04 lea ebp,dword ptr ss:[ebp+0x4] + * 1345992b 8b15 78a71001 mov edx,dword ptr ds:[0x110a778] + * 13459931 81fa 01000000 cmp edx,0x1 + * 13459937 8935 70a71001 mov dword ptr ds:[0x110a770],esi + * 1345993d 893d 7ca71001 mov dword ptr ds:[0x110a77c],edi + * 13459943 892d 84a71001 mov dword ptr ds:[0x110a784],ebp + * 13459949 c705 88a71001 01>mov dword ptr ds:[0x110a788],0x1 + * 13459953 0f84 16000000 je 1345996f + * 13459959 832d c4aa1001 09 sub dword ptr ds:[0x110aac4],0x9 + * 13459960 e9 17000000 jmp 1345997c + * 13459965 0190 f08008e9 add dword ptr ds:[eax+0xe90880f0],edx + * 1345996b b4 66 mov ah,0x66 + * 1345996d fb sti + * 1345996e ef out dx,eax ; i/o command + * 1345996f 832d c4aa1001 09 sub dword ptr ds:[0x110aac4],0x9 + * 13459976 ^e9 ddc1ffff jmp 13455b58 + * 1345997b 90 nop + */ +bool InsertTecmoPSPHook() +{ + ConsoleOutput("Tecmo PSP: enter"); + + const BYTE bytes[] = { + 0x77, 0x0f, // 134598e4 77 0f ja short 134598f5 + 0xc7,0x05, XX8, // 134598e6 c705 a8aa1001 8c>mov dword ptr ds:[0x110aaa8],0x880f08c + 0xe9, XX4, // 134598f0 -e9 0f67fbef jmp 03410004 + 0x8b,0x05, XX4, // 134598f5 8b05 7ca71001 mov eax,dword ptr ds:[0x110a77c] + 0x81,0xe0, 0xff,0xff,0xff,0x3f, // 134598fb 81e0 ffffff3f and eax,0x3fffffff + 0x8b,0xb0, XX4, // 13459901 8bb0 00004007 mov esi,dword ptr ds:[eax+0x7400000] ; jichi: hook here + 0x8b,0x3d, XX4, // 13459907 8b3d 7ca71001 mov edi,dword ptr ds:[0x110a77c] + 0x8d,0x7f, 0x04, // 1345990d 8d7f 04 lea edi,dword ptr ds:[edi+0x4] + 0x8b,0x05, XX4, // 13459910 8b05 84a71001 mov eax,dword ptr ds:[0x110a784] + 0x81,0xe0, 0xff,0xff,0xff,0x3f, // 13459916 81e0 ffffff3f and eax,0x3fffffff + 0x89,0xb0 //, XX4, // 1345991c 89b0 00004007 mov dword ptr ds:[eax+0x7400000],esi + //0x8b,0x2d, XX4, // 13459922 8b2d 84a71001 mov ebp,dword ptr ds:[0x110a784] + //0x8d,0x6d, 0x04, // 13459928 8d6d 04 lea ebp,dword ptr ss:[ebp+0x4] + //0x8b,0x15, XX4, // 1345992b 8b15 78a71001 mov edx,dword ptr ds:[0x110a778] + //0x81,0xfa, 0x01,0x00,0x00,0x00 // 13459931 81fa 01000000 cmp edx,0x1 + }; + enum { memory_offset = 2 }; + enum { addr_offset = 0x13459901 - 0x134598e4 }; + + DWORD addr = SafeMatchBytesInPSPMemory(bytes, sizeof(bytes)); + if (!addr) + ConsoleOutput("Tecmo PSP: pattern not found"); + else { + HookParam hp; + hp.address = addr + addr_offset; + hp.user_value = *(DWORD *)(hp.address + memory_offset); + hp.type = USING_STRING|USING_SPLIT|NO_CONTEXT; + hp.offset=get_reg(regs::eax); + hp.split = get_reg(regs::ecx); + hp.text_fun = SpecialPSPHook; + ConsoleOutput("Tecmo PSP: INSERT"); + NewHook(hp, "Tecmo PSP"); + } + + ConsoleOutput("Tecmo PSP: leave"); + return addr; +} +#endif // 0 + +#if 0 // 8/9/2014 jichi: does not work + +bool InsertKadokawaPSPHook() +{ + ConsoleOutput("Kadokawa PSP: enter"); + const BYTE bytes[] = { + 0x81,0xe0, 0xff,0xff,0xff,0x3f, // 134844f3 81e0 ffffff3f and eax,0x3fffffff + 0x0f,0xb6,0xb0, XX4, // 134844f9 0fb6b0 00004007 movzx esi,byte ptr ds:[eax+0x7400000] ; jichi: hook here, byte by byte + 0x8b,0x05, XX4, // 13484500 8b05 84a71001 mov eax,dword ptr ds:[0x110a784] + 0x81,0xe0, 0xff,0xff,0xff,0x3f, // 13484506 81e0 ffffff3f and eax,0x3fffffff + 0x8b,0xd6, // 1348450c 8bd6 mov edx,esi + 0x88,0x90, XX4, // 1348450e 8890 00004007 mov byte ptr ds:[eax+0x7400000],dl + 0x8b,0x3d, XX4, // 13484514 8b3d 84a71001 mov edi,dword ptr ds:[0x110a784] + 0x8d,0x7f, 0x01, // 1348451a 8d7f 01 lea edi,dword ptr ds:[edi+0x1] + 0x8b,0x2d, XX4, // 1348451d 8b2d 7ca71001 mov ebp,dword ptr ds:[0x110a77c] + 0x8d,0x6d, 0x01, // 13484523 8d6d 01 lea ebp,dword ptr ss:[ebp+0x1] + 0x3b,0x3d, XX4, // 13484526 3b3d 74a71001 cmp edi,dword ptr ds:[0x110a774] + 0x89,0x35, XX4, // 1348452c 8935 70a71001 mov dword ptr ds:[0x110a770],esi + 0x89,0x2d, XX4, // 13484532 892d 7ca71001 mov dword ptr ds:[0x110a77c],ebp + 0x89,0x3d, XX4, // 13484538 893d 84a71001 mov dword ptr ds:[0x110a784],edi + // Above is not sufficient + //0x0f,0x84, XX4, // 1348453e 0f84 16000000 je 1348455a + //0x83,0x2d, XX4, 0x05, // 13484544 832d c4aa1001 05 sub dword ptr ds:[0x110aac4],0x5 + //0xe9, XX4, // 1348454b ^e9 8cffffff jmp 134844dc + //0x01,0x38, // 13484550 0138 add dword ptr ds:[eax],edi + //0xb0, 0x84, // 13484552 b0 84 mov al,0x84 + //0x08,0xe9 // 13484554 08e9 or cl,ch + // Below will change at runtime + }; + enum { memory_offset = 3 }; + enum { addr_offset = 0x134844f9 - 0x134844f3 }; + + DWORD addr = SafeMatchBytesInPSPMemory(bytes, sizeof(bytes)); + if (!addr) { + ConsoleOutput("Kadokawa PSP: pattern not found"); + return false; + } + addr = SafeMatchBytesInPSPMemory(bytes, sizeof(bytes), addr); + addr = SafeMatchBytesInPSPMemory(bytes, sizeof(bytes), addr); + + if (!addr) + ConsoleOutput("Kadokawa PSP: pattern not found"); + else { + HookParam hp; + hp.address = addr + addr_offset; + hp.user_value = *(DWORD *)(hp.address + memory_offset); + hp.type = USING_STRING|USING_SPLIT|NO_CONTEXT; + hp.offset=get_reg(regs::eax); + hp.split = get_reg(regs::ecx); + hp.length_offset = 1; // byte by byte + hp.text_fun = SpecialPSPHook; + + //GROWL_DWORD2(hp.address, hp.user_value); + ConsoleOutput("Kadokawa PSP: INSERT"); + NewHook(hp, "Kadokawa PSP"); + } + + ConsoleOutput("Kadokawa PSP: leave"); + return addr; +} +#endif // 0 + +#if 0 // FIXME: I am not able to find stable pattern in PSP 0.9.9.1 + +/** 9/21/2014 jichi Otomate PPSSPP 0.9.9.1 + * Sample game: Amnesia Later + * + * There are four fixed memory addresses. + * The two out of four can be used. + * (The other twos have loops or cannot be debugged). + * + * This function is the same as PPSSPP 0.9.9.1 (?). + * + * 14039126 cc int3 + * 14039127 cc int3 + * 14039128 77 0f ja short 14039139 + * 1403912a c705 988e1301 3c>mov dword ptr ds:[0x1138e98],0x8922c3c + * 14039134 -e9 cb6e83ef jmp 03870004 + * 14039139 8b05 688b1301 mov eax,dword ptr ds:[0x1138b68] + * 1403913f 81e0 ffffff3f and eax,0x3fffffff + * 14039145 0fbeb0 00000008 movsx esi,byte ptr ds:[eax+0x8000000] ; jichi: text accessed, but looped + * 1403914c 8b05 6c8b1301 mov eax,dword ptr ds:[0x1138b6c] + * 14039152 81e0 ffffff3f and eax,0x3fffffff + * 14039158 0fbeb8 00000008 movsx edi,byte ptr ds:[eax+0x8000000] + * 1403915f 3bf7 cmp esi,edi + * 14039161 8935 748b1301 mov dword ptr ds:[0x1138b74],esi + * 14039167 893d 7c8b1301 mov dword ptr ds:[0x1138b7c],edi + * 1403916d 0f84 2f000000 je 140391a2 + * 14039173 8b05 688b1301 mov eax,dword ptr ds:[0x1138b68] + * 14039179 81e0 ffffff3f and eax,0x3fffffff + * 1403917f 0fb6b0 00000008 movzx esi,byte ptr ds:[eax+0x8000000] ; jichi: hook here + * 14039186 8935 608b1301 mov dword ptr ds:[0x1138b60],esi + * 1403918c 832d b48e1301 04 sub dword ptr ds:[0x1138eb4],0x4 + * 14039193 e9 24000000 jmp 140391bc + * 14039198 0170 2c add dword ptr ds:[eax+0x2c],esi + * 1403919b 92 xchg eax,edx + * 1403919c 08e9 or cl,ch + * 1403919e 816e 83 ef832db4 sub dword ptr ds:[esi-0x7d],0xb42d83ef + * 140391a5 8e13 mov ss,word ptr ds:[ebx] ; modification of segment register + * 140391a7 0104e9 add dword ptr ds:[ecx+ebp*8],eax + * 140391aa b2 59 mov dl,0x59 + * 140391ac 0000 add byte ptr ds:[eax],al + * 140391ae 014c2c 92 add dword ptr ss:[esp+ebp-0x6e],ecx + * 140391b2 08e9 or cl,ch + * 140391b4 6b6e 83 ef imul ebp,dword ptr ds:[esi-0x7d],-0x11 + * 140391b8 90 nop + * 140391b9 cc int3 + * 140391ba cc int3 + */ +// Get bytes in esi +static void SpecialPSPHookOtomate2(hook_stack* stack, HookParam *hp, uintptr_t *data, uintptr_t *split, size_t*len) +{ + //static uniquemap uniq; + DWORD text = esp_base + get_reg(regs::esi); + if (*(LPCSTR *)text) { + *split = regof(ecx, esp_base); // this would cause lots of texts, but it works for all games + *data = text; + *len = 1; + } +} + +bool InsertOtomate2PSPHook() +{ + ConsoleOutput("Otomate2 PSP: enter"); + const BYTE bytes[] = { + 0x77, 0x0f, // 14039128 77 0f ja short 14039139 + 0xc7,0x05, XX8, // 1403912a c705 988e1301 3c>mov dword ptr ds:[0x1138e98],0x8922c3c + 0xe9, XX4, // 14039134 -e9 cb6e83ef jmp 03870004 + 0x8b,0x05, XX4, // 14039139 8b05 688b1301 mov eax,dword ptr ds:[0x1138b68] + 0x81,0xe0, 0xff,0xff,0xff,0x3f, // 1403913f 81e0 ffffff3f and eax,0x3fffffff + 0x0f,0xbe,0xb0, XX4, // 14039145 0fbeb0 00000008 movsx esi,byte ptr ds:[eax+0x8000000] ; jichi: text accessed, but looped + 0x8b,0x05, XX4, // 1403914c 8b05 6c8b1301 mov eax,dword ptr ds:[0x1138b6c] + 0x81,0xe0, 0xff,0xff,0xff,0x3f, // 14039152 81e0 ffffff3f and eax,0x3fffffff + 0x0f,0xbe,0xb8, XX4, // 14039158 0fbeb8 00000008 movsx edi,byte ptr ds:[eax+0x8000000] + 0x3b,0xf7, // 1403915f 3bf7 cmp esi,edi + 0x89,0x35, XX4, // 14039161 8935 748b1301 mov dword ptr ds:[0x1138b74],esi + 0x89,0x3d, XX4, // 14039167 893d 7c8b1301 mov dword ptr ds:[0x1138b7c],edi + 0x0f,0x84, 0x2f,0x00,0x00,0x00, // 1403916d 0f84 2f000000 je 140391a2 + + //0x8b,0x05, XX4, // 14039173 8b05 688b1301 mov eax,dword ptr ds:[0x1138b68] + //0x81,0xe0, 0xff,0xff,0xff,0x3f, // 14039179 81e0 ffffff3f and eax,0x3fffffff + //0x0f,0xb6,0xb0, XX4, // 1403917f 0fb6b0 00000008 movzx esi,byte ptr ds:[eax+0x8000000] ; jichi: text accessed + //0x89,0x35, XX4, // 14039186 8935 608b1301 mov dword ptr ds:[0x1138b60],esi ; jichi: hook here, get lower bytes in esi + //0x83,0x2d, XX4, 0x04 // 1403918c 832d b48e1301 04 sub dword ptr ds:[0x1138eb4],0x4 + }; + enum { addr_offset = 0x14039186 - 0x14039128 }; + + DWORD addr = SafeMatchBytesInPSPMemory(bytes, sizeof(bytes)); + if (!addr) { + ConsoleOutput("Otomate2 PSP: leave: first pattern not found"); + return false; + } + addr += addr_offset; + + //0x89,0x35, XX4, // 14039186 8935 608b1301 mov dword ptr ds:[0x1138b60],esi ; jichi: hook here, get lower bytes in esi + enum : WORD { mov_esi = 0x3589 }; + if (*(WORD *)addr != mov_esi) { + ConsoleOutput("Otomate2 PSP: leave: second pattern not found"); + return false; + } + + HookParam hp; + hp.address = addr; + hp.type = USING_STRING|NO_CONTEXT; + hp.text_fun = SpecialPSPHookOtomate2; + ConsoleOutput("Otomate2 PSP: INSERT"); + NewHook(hp, "Otomate PSP"); + + ConsoleOutput("Otomate2 PSP: leave"); + return addr; +} + +#endif // 0 + +/** 8/9/2014 jichi Kadokawa.co.jp PSP engine, 0.9.8, ?, + * + * Sample game: 未来日�work on 0.9.8, not tested on 0.9.9 + * + * FIXME: Currently, only the character name works + * + * Memory address is FIXED. + * Debug method: predict and breakpoint the memory address + * + * There are two matches in the memory, and only one function accessing them. + * + * Character name function is as follows. + * The scenario is the text after the name. + * + * 1348d79f cc int3 + * 1348d7a0 77 0f ja short 1348d7b1 + * 1348d7a2 c705 a8aa1001 fc>mov dword ptr ds:[0x110aaa8],0x884c6fc + * 1348d7ac -e9 532844f0 jmp 038d0004 + * 1348d7b1 8b05 78a71001 mov eax,dword ptr ds:[0x110a778] + * 1348d7b7 81e0 ffffff3f and eax,0x3fffffff + * 1348d7bd 0fb6b0 00004007 movzx esi,byte ptr ds:[eax+0x7400000] ; jichi: hook here + * 1348d7c4 81fe 00000000 cmp esi,0x0 + * 1348d7ca 8935 70a71001 mov dword ptr ds:[0x110a770],esi + * 1348d7d0 0f85 2f000000 jnz 1348d805 + * 1348d7d6 8b05 7ca71001 mov eax,dword ptr ds:[0x110a77c] + * 1348d7dc 81e0 ffffff3f and eax,0x3fffffff + * 1348d7e2 0fbeb0 00004007 movsx esi,byte ptr ds:[eax+0x7400000] + * 1348d7e9 8935 70a71001 mov dword ptr ds:[0x110a770],esi + * 1348d7ef 832d c4aa1001 03 sub dword ptr ds:[0x110aac4],0x3 + * 1348d7f6 c705 a8aa1001 5c>mov dword ptr ds:[0x110aaa8],0x884c75c + * 1348d800 -e9 1e2844f0 jmp 038d0023 + * 1348d805 832d c4aa1001 03 sub dword ptr ds:[0x110aac4],0x3 + * 1348d80c e9 0b000000 jmp 1348d81c + * 1348d811 0108 add dword ptr ds:[eax],ecx + * 1348d813 c78408 e9082844 >mov dword ptr ds:[eax+ecx+0x442808e9],0x> + * 1348d81e c705 a8aa1001 08>mov dword ptr ds:[0x110aaa8],0x884c708 + * 1348d828 -e9 d72744f0 jmp 038d0004 + * 1348d82d 8b05 7ca71001 mov eax,dword ptr ds:[0x110a77c] + * 1348d833 81e0 ffffff3f and eax,0x3fffffff + * 1348d839 0fbeb0 00004007 movsx esi,byte ptr ds:[eax+0x7400000] + * 1348d840 81fe 00000000 cmp esi,0x0 + * 1348d846 8935 88a71001 mov dword ptr ds:[0x110a788],esi + * 1348d84c 0f85 16000000 jnz 1348d868 + * 1348d852 832d c4aa1001 03 sub dword ptr ds:[0x110aac4],0x3 + * 1348d859 e9 aa030000 jmp 1348dc08 + * 1348d85e 0154c7 84 add dword ptr ds:[edi+eax*8-0x7c],edx + * 1348d862 08e9 or cl,ch + * 1348d864 bb 2744f083 mov ebx,0x83f04427 + * 1348d869 2d c4aa1001 sub eax,0x110aac4 + * 1348d86e 03e9 add ebp,ecx + * 1348d870 0c 00 or al,0x0 + * 1348d872 0000 add byte ptr ds:[eax],al + * 1348d874 0114c7 add dword ptr ds:[edi+eax*8],edx + * 1348d877 8408 test byte ptr ds:[eax],cl + * 1348d879 -e9 a52744f0 jmp 038d0023 + * 1348d87e 90 nop + * 1348d87f cc int3 + * + * Scenario function is as follows. + * But I am not able to find it at runtime. + * + * 13484483 90 nop + * 13484484 77 0f ja short 13484495 + * 13484486 c705 a8aa1001 30>mov dword ptr ds:[0x110aaa8],0x884b030 + * 13484490 -e9 6fbb59f3 jmp 06a20004 + * 13484495 8b35 74a71001 mov esi,dword ptr ds:[0x110a774] + * 1348449b 81fe 00000000 cmp esi,0x0 + * 134844a1 9c pushfd + * 134844a2 8bc6 mov eax,esi + * 134844a4 8b35 84a71001 mov esi,dword ptr ds:[0x110a784] + * 134844aa 03f0 add esi,eax + * 134844ac 8935 74a71001 mov dword ptr ds:[0x110a774],esi + * 134844b2 9d popfd + * 134844b3 0f8f 0c000000 jg 134844c5 + * 134844b9 832d c4aa1001 02 sub dword ptr ds:[0x110aac4],0x2 + * 134844c0 ^e9 23b0f9ff jmp 1341f4e8 + * 134844c5 832d c4aa1001 02 sub dword ptr ds:[0x110aac4],0x2 + * 134844cc e9 0b000000 jmp 134844dc + * 134844d1 0138 add dword ptr ds:[eax],edi + * 134844d3 b0 84 mov al,0x84 + * 134844d5 08e9 or cl,ch + * 134844d7 48 dec eax + * 134844d8 bb 59f39077 mov ebx,0x7790f359 + * 134844dd 0fc7 ??? ; unknown command + * 134844df 05 a8aa1001 add eax,0x110aaa8 + * 134844e4 38b0 8408e917 cmp byte ptr ds:[eax+0x17e90884],dh + * 134844ea bb 59f38b05 mov ebx,0x58bf359 + * 134844ef ^7c a7 jl short 13484498 + * 134844f1 1001 adc byte ptr ds:[ecx],al + * 134844f3 81e0 ffffff3f and eax,0x3fffffff + * 134844f9 0fb6b0 00004007 movzx esi,byte ptr ds:[eax+0x7400000] ; jichi: hook here, byte by byte + * 13484500 8b05 84a71001 mov eax,dword ptr ds:[0x110a784] + * 13484506 81e0 ffffff3f and eax,0x3fffffff + * 1348450c 8bd6 mov edx,esi + * 1348450e 8890 00004007 mov byte ptr ds:[eax+0x7400000],dl + * 13484514 8b3d 84a71001 mov edi,dword ptr ds:[0x110a784] + * 1348451a 8d7f 01 lea edi,dword ptr ds:[edi+0x1] + * 1348451d 8b2d 7ca71001 mov ebp,dword ptr ds:[0x110a77c] + * 13484523 8d6d 01 lea ebp,dword ptr ss:[ebp+0x1] + * 13484526 3b3d 74a71001 cmp edi,dword ptr ds:[0x110a774] + * 1348452c 8935 70a71001 mov dword ptr ds:[0x110a770],esi + * 13484532 892d 7ca71001 mov dword ptr ds:[0x110a77c],ebp + * 13484538 893d 84a71001 mov dword ptr ds:[0x110a784],edi + * 1348453e 0f84 16000000 je 1348455a + * 13484544 832d c4aa1001 05 sub dword ptr ds:[0x110aac4],0x5 + * 1348454b ^e9 8cffffff jmp 134844dc + * 13484550 0138 add dword ptr ds:[eax],edi + * 13484552 b0 84 mov al,0x84 + * 13484554 08e9 or cl,ch + * 13484556 c9 leave + * 13484557 ba 59f3832d mov edx,0x2d83f359 + * 1348455c c4aa 100105e9 les ebp,fword ptr ds:[edx+0xe9050110] ; modification of segment register + * 13484562 0e push cs + * 13484563 0000 add byte ptr ds:[eax],al + * 13484565 0001 add byte ptr ds:[ecx],al + * 13484567 4c dec esp + * 13484568 b0 84 mov al,0x84 + * 1348456a 08e9 or cl,ch + * 1348456c b3 ba mov bl,0xba + * 1348456e 59 pop ecx + * 1348456f f3: prefix rep: ; superfluous prefix + * 13484570 90 nop + * 13484571 cc int3 + * 13484572 cc int3 + * 13484573 cc int3 + */ +bool InsertKadokawaNamePSPHook() +{ + ConsoleOutput("Kadokawa Name PSP: enter"); + const BYTE bytes[] = { + 0x77, 0x0f, // 1348d7a0 77 0f ja short 1348d7b1 + 0xc7,0x05, XX8, // 1348d7a2 c705 a8aa1001 fc>mov dword ptr ds:[0x110aaa8],0x884c6fc + 0xe9, XX4, // 1348d7ac -e9 532844f0 jmp 038d0004 + 0x8b,0x05, XX4, // 1348d7b1 8b05 78a71001 mov eax,dword ptr ds:[0x110a778] + 0x81,0xe0, 0xff,0xff,0xff,0x3f, // 1348d7b7 81e0 ffffff3f and eax,0x3fffffff + 0x0f,0xb6,0xb0, XX4, // 1348d7bd 0fb6b0 00004007 movzx esi,byte ptr ds:[eax+0x7400000] ; jichi: hook here + 0x81,0xfe, 0x00,0x00,0x00,0x00, // 1348d7c4 81fe 00000000 cmp esi,0x0 + 0x89,0x35, XX4, // 1348d7ca 8935 70a71001 mov dword ptr ds:[0x110a770],esi + 0x0f,0x85, 0x2f,0x00,0x00,0x00, // 1348d7d0 0f85 2f000000 jnz 1348d805 + 0x8b,0x05, XX4, // 1348d7d6 8b05 7ca71001 mov eax,dword ptr ds:[0x110a77c] + 0x81,0xe0, 0xff,0xff,0xff,0x3f, // 1348d7dc 81e0 ffffff3f and eax,0x3fffffff + 0x0f,0xbe,0xb0, XX4, // 1348d7e2 0fbeb0 00004007 movsx esi,byte ptr ds:[eax+0x7400000] + 0x89,0x35 //, XX4, // 1348d7e9 8935 70a71001 mov dword ptr ds:[0x110a770],esi + }; + enum { memory_offset = 3 }; + enum { addr_offset = 0x1348d7bd - 0x1348d7a0 }; + auto succ=false; + DWORD addr = SafeMatchBytesInPSPMemory(bytes, sizeof(bytes)); + if (!addr) + ConsoleOutput("Kadokawa Name PSP: pattern not found"); + else { + HookParam hp; + hp.address = addr + addr_offset; + hp.user_value = *(DWORD *)(hp.address + memory_offset); + hp.type = USING_STRING|USING_SPLIT|NO_CONTEXT; + hp.offset=get_reg(regs::eax); + hp.split = get_reg(regs::edx); + hp.text_fun = SpecialPSPHook; + + //GROWL_DWORD2(hp.address, hp.user_value); + ConsoleOutput("Kadokawa Name PSP: INSERT"); + succ|=NewHook(hp, "Kadokawa Name PSP"); + } + + ConsoleOutput("Kadokawa Name PSP: leave"); + return succ; +} + +bool InsertPPSSPPHooks() +{ + //if (PPSSPP_VERSION[1] == 9 && (PPSSPP_VERSION[2] > 9 || PPSSPP_VERSION[2] == 9 && PPSSPP_VERSION[3] >= 1)) // >= 0.9.9.1 + + ConsoleOutput("PPSSPP: enter"); + + // http://stackoverflow.com/questions/940707/how-do-i-programatically-get-the-version-of-a-dll-or-exe-file + // get the version info for the file requested + // if (DWORD dwSize = ::GetFileVersionInfoSizeW(processPath, nullptr)) { + // UINT len = 0; + // BYTE * buf = new BYTE[dwSize]; + // VS_FIXEDFILEINFO * info = nullptr; + // if (::GetFileVersionInfoW(processPath, 0, dwSize, buf) + // && ::VerQueryValueW(buf, L"\\", (LPVOID*)&info, &len) + // && info) + // { + // PPSSPP_VERSION[0] = HIWORD(info->dwFileVersionMS), + // PPSSPP_VERSION[1] = LOWORD(info->dwFileVersionMS), + // PPSSPP_VERSION[2] = HIWORD(info->dwFileVersionLS), + // PPSSPP_VERSION[3] = LOWORD(info->dwFileVersionLS); + // + // } + // else + // ConsoleOutput("failed to get PPSSPP version"); + // delete[] buf; + // + //} + + + if (PPSSPP_VERSION[1] == 9 && PPSSPP_VERSION[2] == 9 && PPSSPP_VERSION[3] == 0) // 0.9.9.0 + InsertOtomatePPSSPPHook(); + + //bool engineFound = false; + Insert5pbPSPHook(); + InsertCyberfrontPSPHook(); + InsertImageepoch2PSPHook(); + InsertFelistellaPSPHook(); + + InsertBroccoliPSPHook(); + InsertIntensePSPHook(); + //InsertKadokawaNamePSPHook(); // disabled + InsertKonamiPSPHook(); + + if (PPSSPP_VERSION[1] == 9 && PPSSPP_VERSION[2] == 8) { // only works for 0.9.8 anyway + InsertNippon1PSPHook(); + InsertNippon2PSPHook(); // This could crash PPSSPP 099 just like 5pb + } + + //InsertTecmoPSPHook(); + + // Generic hooks + + bool bandaiFound = InsertBandaiPSPHook(); + InsertBandaiNamePSPHook(); + + // Hooks whose pattern is not generic enouph + + InsertYetiPSPHook(); + InsertYeti2PSPHook(); + + InsertAlchemistPSPHook(); + InsertAlchemist2PSPHook(); + + //InsertTypeMoonPSPHook() // otomate is creating too many garbage + //|| InsertOtomatePSPHook(); + InsertOtomatePSPHook(); + + if (!bandaiFound) { + // KID pattern is a subset of BANDAI, and hence MUST NOT be together with BANDAI + // Sample BANDAI game that could be broken by KID: 寮�のサクリファイス + InsertKidPSPHook(); // KID could lose text, could exist in multiple game + + InsertImageepochPSPHook(); // Imageepoch could crash vnrcli for School Rumble PSP + } + + ConsoleOutput("PPSSPP: leave"); + return true; +} +#endif + +bool PPSSPPengine::attach_function() { + return InsertPPSSPPcommonhooks(); +} + \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine32/PPSSPP.h b/cpp/LunaHook/LunaHook/engine32/PPSSPP.h new file mode 100644 index 00000000..0fd75186 --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/PPSSPP.h @@ -0,0 +1,13 @@ + + +class PPSSPPengine:public ENGINE{ + public: + PPSSPPengine(){ + + check_by=CHECK_BY::FILE; + check_by_target=L"PPSSPP*.exe"; + is_engine_certain=false; + }; + bool attach_function(); + +}; \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine32/Pal.cpp b/cpp/LunaHook/LunaHook/engine32/Pal.cpp new file mode 100644 index 00000000..50776835 --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/Pal.cpp @@ -0,0 +1,267 @@ +#include"Pal.h" +/** jichi 6/1/2014 AMUSE CRAFT + * Related brands: http://erogetrailers.com/brand/2047 + * Sample game: 魔女こいにっ� * See: http://sakuradite.com/topic/223 + * Sample H-code: /HBN-4*0:18@26159:MAJOKOI_try.exe (need remove context, though) + * + * Sample games: + * - 時計仕掛け�レイライン + * - きみと僕との騎士の日� * + * /HBN-4*0:18@26159:MAJOKOI_TRY.EXE + * - addr: 155993 + * - length_offset: 1 + * - module: 104464j455 + * - off: 4294967288 = 0xfffffff8 + * - split: 24 = 0x18 + * - type: 1112 = 0x458 + * + * Call graph: + * - hook reladdr: 0x26159, fun reladdr: 26150 + * - scene fun reladdr: 0x26fd0 + * - arg1 and arg3 are pointers + * - arg2 is the text + * - scenairo only reladdr: 0x26670 + * Issue for implementing embeded engine: two functions are needed to be hijacked + * + * 013c614e cc int3 + * 013c614f cc int3 + * 013c6150 /$ 55 push ebp ; jichi: function starts, this function seems to process text encoding + * 013c6151 |. 8bec mov ebp,esp + * 013c6153 |. 8b45 08 mov eax,dword ptr ss:[ebp+0x8] + * 013c6156 |. 0fb608 movzx ecx,byte ptr ds:[eax] + * 013c6159 |. 81f9 81000000 cmp ecx,0x81 ; jichi: hook here + * 013c615f |. 7c 0d jl short majokoi_.013c616e + * 013c6161 |. 8b55 08 mov edx,dword ptr ss:[ebp+0x8] + * 013c6164 |. 0fb602 movzx eax,byte ptr ds:[edx] + * 013c6167 |. 3d 9f000000 cmp eax,0x9f + * 013c616c |. 7e 1c jle short majokoi_.013c618a + * 013c616e |> 8b4d 08 mov ecx,dword ptr ss:[ebp+0x8] + * 013c6171 |. 0fb611 movzx edx,byte ptr ds:[ecx] + * 013c6174 |. 81fa e0000000 cmp edx,0xe0 + * 013c617a |. 7c 30 jl short majokoi_.013c61ac + * 013c617c |. 8b45 08 mov eax,dword ptr ss:[ebp+0x8] + * 013c617f |. 0fb608 movzx ecx,byte ptr ds:[eax] + * 013c6182 |. 81f9 fc000000 cmp ecx,0xfc + * 013c6188 |. 7f 22 jg short majokoi_.013c61ac + * 013c618a |> 8b55 08 mov edx,dword ptr ss:[ebp+0x8] + * 013c618d |. 0fb642 01 movzx eax,byte ptr ds:[edx+0x1] + * 013c6191 |. 83f8 40 cmp eax,0x40 + * 013c6194 |. 7c 16 jl short majokoi_.013c61ac + * 013c6196 |. 8b4d 08 mov ecx,dword ptr ss:[ebp+0x8] + * 013c6199 |. 0fb651 01 movzx edx,byte ptr ds:[ecx+0x1] + * 013c619d |. 81fa fc000000 cmp edx,0xfc + * 013c61a3 |. 7f 07 jg short majokoi_.013c61ac + * 013c61a5 |. b8 01000000 mov eax,0x1 + * 013c61aa |. eb 02 jmp short majokoi_.013c61ae + * 013c61ac |> 33c0 xor eax,eax + * 013c61ae |> 5d pop ebp + * 013c61af \. c3 retn + */ +static bool InsertOldPalHook() // this is used in case the new pattern does not work +{ + const BYTE bytes[] = { + 0x55, // 013c6150 /$ 55 push ebp ; jichi: function starts + 0x8b,0xec, // 013c6151 |. 8bec mov ebp,esp + 0x8b,0x45, 0x08, // 013c6153 |. 8b45 08 mov eax,dword ptr ss:[ebp+0x8] + 0x0f,0xb6,0x08, // 013c6156 |. 0fb608 movzx ecx,byte ptr ds:[eax] + 0x81,0xf9 //81000000 // 013c6159 |. 81f9 81000000 cmp ecx,0x81 ; jichi: hook here + }; + enum { addr_offset = sizeof(bytes) - 2 }; + ULONG range = min(processStopAddress - processStartAddress, MAX_REL_ADDR); + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStartAddress + range); + //GROWL_DWORD(reladdr); // supposed to be 0x21650 + //GROWL_DWORD(reladdr + addr_offset); + //reladdr = 0x26159; // 魔女こいにっ�trial + if (!addr) { + ConsoleOutput("AMUSE CRAFT: pattern not found"); + return false; + } + + HookParam hp; + hp.address = addr + addr_offset; + //hp.type = NO_CONTEXT|USING_SPLIT|DATA_INDIRECT; // 0x418 + //hp.type = NO_CONTEXT|USING_SPLIT|DATA_INDIRECT|RELATIVE_SPLIT; // Use relative address to prevent floating issue + hp.type = NO_CONTEXT|USING_SPLIT|DATA_INDIRECT; + hp.offset=get_reg(regs::eax); // eax + ConsoleOutput("INSERT AMUSE CRAFT"); + return NewHook(hp, "Pal"); +} +namespace{ + template + strT trim(strT text, int *size) + { + //int length = ::strlen(text); + auto length = *size; + if (text[0] == '<' && text[1] == 'c') { + auto p = ::strchr(text + 2, '>'); + if (!p) + return text; + p++; + length -= p - text; + text = p; // skip leading '' + } + + if (text[length - 1] == '>' && text[length - 2] == 'c' && text[length - 3] == '/' && text[length - 4] == '<') + length -= 4; // skip the trailing ' + + *size = length; + return text; + } + LPSTR trimmedText;int trimmedSize; +void before(hook_stack *s, HookParam *hp, TextBuffer *buffer, uintptr_t *role){ + auto text = (LPSTR)s->stack[2]; // text in arg2 + if (!text || !*text) + return ; + + int size = ::strlen(text); + trimmedSize = size; + trimmedText = trim(text, &trimmedSize); + if (trimmedSize <= 0 || !trimmedText || !*trimmedText) + return ; + auto retaddr = s->stack[0]; + if (*(WORD *)(retaddr - 8) == 0x088b) // 8b08 mov ecx,dword ptr ds:[eax] + *role = s->stack[3] ? Engine::ScenarioRole : Engine::NameRole; + buffer->from(trimmedText, trimmedSize); +} +void after(hook_stack*s,void* data, size_t len){ + std::string newData((char*)data, len); + auto text = (LPSTR)s->stack[2]; // text in arg2 + int prefixSize = trimmedText - text; + int size = ::strlen(text); + int suffixSize = size - prefixSize - trimmedSize; + //if (prefixSize) + // newData.prepend(text, prefixSize); + if (suffixSize) + newData.append(trimmedText + trimmedSize, suffixSize); + ::strcpy(trimmedText, newData.c_str()); +} + +std::string rubyRemove( std::string text) { + std::regex rx("(.*?)"); + text= std::regex_replace(text, rx, "$2"); + std::regex rx2("(.*?)"); + text= std::regex_replace(text, rx2, "$2"); + std::regex rx3("(.*?)"); + text= std::regex_replace(text, rx3, "$2"); + return text; +} +} +static bool InsertNewPal1Hook() +{ + //有乱码,无法处理。并且遇到某些中文字符会闪退 + const BYTE bytes[] = { + 0x55, // 002c6ab0 55 push ebp + 0x8b,0xec, // 002c6ab1 8bec mov ebp,esp + 0x83,0xec, 0x78, // 002c6ab3 83ec 78 sub esp,0x78 + 0xa1, XX4, // 002c6ab6 a1 8c002f00 mov eax,dword ptr ds:[0x2f008c] + 0x33,0xc5, // 002c6abb 33c5 xor eax,ebp + 0x89,0x45, 0xf8 // 002c6abd 8945 f8 mov dword ptr ss:[ebp-0x8],eax ; mireado : small update + }; + ULONG range = min(processStopAddress - processStartAddress, MAX_REL_ADDR); + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStartAddress + range); + if (!addr) { + ConsoleOutput("Pal1: pattern not found"); + return false; + } + + HookParam hp; + hp.address = addr; + hp.offset=get_stack(2); // arg2 + hp.type = USING_STRING|EMBED_ABLE|NO_CONTEXT; + hp.text_fun=before; + hp.hook_after=after; + hp.filter_fun=[](void* data, size_t* len, HookParam* hp){ + auto s=std::string((char*)data,*len); + s=rubyRemove(s); + write_string_overwrite(data,len,s); + return true; + }; + hp.hook_font=F_CreateFontIndirectA|F_CreateFontA; + ConsoleOutput("INSERT Pal1"); + return NewHook(hp, "Pal"); +} +// Eguni 2016/11/06 +// Supporting new Pal engine, tested with 恋×シンアイ彼女 +static bool InsertNewPal2Hook() +{ + const BYTE bytes[] = { + 0x55, // 0124E220 55 push ebp; doesn't works... why? + 0x8b,0xec, // 0124E221 8bec mov ebp,esp + 0x83,0xec, 0x7c, // 0124E223 83ec 7c sub esp,0x7C + 0xa1, XX4, // 0124E226 a1 788D2901 mov eax,dword ptr ds:[0x2f008c] + 0x33,0xc5, // 0124E22B 33c5 xor eax,ebp + 0x89,0x45, 0xfc, // 0124E22D 8945 FC mov dword ptr ss:[ebp-0x8],eax ; mireado : small update + 0xe8 // 0136e230 e8 call 01377800 + }; + ULONG range = min(processStopAddress - processStartAddress, MAX_REL_ADDR); + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStartAddress + range); + if (!addr) { + ConsoleOutput("Pal2: pattern not found"); + return false; + } + + HookParam hp; + hp.address = addr; + hp.offset=get_stack(2); // arg2 + hp.type = USING_STRING; + ConsoleOutput("INSERT Pal2"); + return NewHook(hp, "Pal"); +} +namespace{ +bool redcheris(){ +const BYTE bytes[] = { + //int __usercall sub_44E1E0@( + // char *a1@, + + //if ( *(_DWORD *)a1 == 1047683644 ) + 0x8B,0x06, + 0x3D,0x3C,0x62,0x72,0x3E , + 0x75,0x10 + }; + ULONG range = min(processStopAddress - processStartAddress, MAX_REL_ADDR); + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStartAddress + range); + if (!addr) return false; + addr=MemDbg::findEnclosingAlignedFunction(addr); + if (!addr) return false; + HookParam hp; + hp.address = addr; + hp.offset=get_reg(regs::edx); + hp.type = USING_STRING|EMBED_ABLE|EMBED_AFTER_NEW; + //无法编码的字符无法显示,若开启dyna则会直接略过这个字,还不如不开。 + //[230929] [ユニゾンシフト] 恋とHしかしていない! + hp.newlineseperator=L"
"; + hp.filter_fun=[](void* data, size_t* len, HookParam* hp){ + auto s=std::string((char*)data,*len); + s=rubyRemove(s); + write_string_overwrite(data,len,s); + return true; + }; + return NewHook(hp, "Pal"); +} +} + +bool InsertPalHook() // use Old Pal first, which does not have ruby +{ + PcHooks::hookOtherPcFunctions(); + auto succ=false; + for (auto func : { "PalSpriteCreateTextEx","PalSpriteCreateText","PalFontDrawText" }) { + HookParam hp; + hp.type = USING_STRING | MODULE_OFFSET | FUNCTION_OFFSET; + wcscpy_s(hp.module, L"Pal.dll"); + strcpy_s(hp.function, func); + hp.offset=get_stack(2); + succ|=NewHook(hp, func); + } + bool embed= InsertNewPal1Hook() ; + bool b1= InsertOldPalHook() || InsertNewPal2Hook(); + + bool b2=redcheris(); + return b1||b2||embed||succ; +} + +bool Pal::attach_function() { + + return InsertPalHook(); +} + + \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine32/Pal.h b/cpp/LunaHook/LunaHook/engine32/Pal.h new file mode 100644 index 00000000..e1793fc7 --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/Pal.h @@ -0,0 +1,12 @@ + + +class Pal:public ENGINE{ + public: + Pal(){ + check_by=CHECK_BY::CUSTOM; + check_by_target=[](){ + return Util::CheckFile(L"dll\\Pal.dll")||GetModuleHandleW(L"Pal.dll"); + }; + }; + bool attach_function(); +}; \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine32/Palette.cpp b/cpp/LunaHook/LunaHook/engine32/Palette.cpp new file mode 100644 index 00000000..c16e41ea --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/Palette.cpp @@ -0,0 +1,51 @@ +#include"Palette.h" + +bool Palette::attach_function() { + + BYTE sig2[]={ + //さくらシュトラッセ + //さくらんぼシュトラッセ + //MERI+DIA~マリアディアナ~ + 0x8b,XX, + 0x8b,XX,0x14, + 0x03,XX, + 0x3b,XX, + 0x76,XX, + 0x83,XX,0x10, + 0x72,XX, + 0x8b,XX, + 0x8b,XX,0x24,0x14, + XX, + 0x2b,XX, + XX, + XX, + 0x8b,XX, + 0xe8,XX4, + XX, + XX, + XX, + 0xC2,0x08,0x00 + }; + auto m=GetModuleHandle(L"system.dll"); + ULONG addr=0; + if(m) { + //もしも明日が晴れならば + //えむぴぃ + auto [minAddress, maxAddress] = Util::QueryModuleLimits(m); + addr= MemDbg::findBytes(sig2, sizeof(sig2), minAddress, maxAddress); + } + else{ + addr = MemDbg::findBytes(sig2, sizeof(sig2), processStartAddress, processStopAddress); + } + if (!addr) return false; + addr = MemDbg::findEnclosingAlignedFunction(addr); + + if (!addr) return false; + HookParam hp; + hp.address = addr; + hp.offset=get_stack(1); + hp.type = USING_STRING; + hp.filter_fun=all_ascii_Filter; + ConsoleOutput("Please adjust the text display speed to maximum to remove duplicates"); + return NewHook(hp, "Palette"); +} \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine32/Palette.h b/cpp/LunaHook/LunaHook/engine32/Palette.h new file mode 100644 index 00000000..214228b9 --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/Palette.h @@ -0,0 +1,11 @@ + + +class Palette:public ENGINE{ + public: + Palette(){ + is_engine_certain=false; + check_by=CHECK_BY::FILE; + check_by_target=L"data\\*.pak"; + }; + bool attach_function(); +}; \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine32/Pensil.cpp b/cpp/LunaHook/LunaHook/engine32/Pensil.cpp new file mode 100644 index 00000000..b33d3caa --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/Pensil.cpp @@ -0,0 +1,928 @@ +#include"Pensil.h" +bool InsertPensilHook() +{ + for (DWORD i = processStartAddress; i < processStopAddress - 4; i++) + if (*(DWORD *)i == 0x6381) // cmp *,8163 + if (DWORD j = SafeFindEnclosingAlignedFunction(i, 0x100)) { + // Artikash 7/20/2019: I don't understand how or why this is possible, but I found a game that by default has copy on write memory for its .text section + VirtualProtect((void*)j, 1, PAGE_EXECUTE_READ, DUMMY); + HookParam hp; + hp.address = j; + hp.offset=get_stack(2); + hp.split=get_stack(1); + hp.type=USING_SPLIT; + ConsoleOutput("INSERT Pensil"); + return NewHook(hp, "Pensil"); + //RegisterEngineType(ENGINE_PENSIL); + } + //ConsoleOutput("Unknown Pensil engine."); + ConsoleOutput("Pensil: failed"); + return false; +} + +namespace{ + bool pensilfilter(void* data, size_t* len, HookParam* hp){ + //「馬鹿な、\{軌道護符|サテラ}が封じられるとは! ハーリーの仕業か。連中の魔法科学はそこまで進んだのか!?」 + write_string_overwrite(data,len,std::regex_replace(std::string(reinterpret_cast(data),*len), std::regex("\\\\\\{(.*?)\\|(.*?)\\}"), "$1")); + return true; + }; +} + +namespace { // unnamed +namespace ScenarioHook { + +/** + * Sample game: はにつま + * + * Debugging method: + * 1. Hook to GetGlyphOutlineA + * 2. Find text in memory + * There are three matches. The static scenario text is found + * 3. Looking for text on the stack + * The text is just above Windows Message calls on the stack. + * + * Name/Scenario/Other texts can be translated. + * History cannot be translated. + * + * Text in arg2. + * + * 0046AFE8 CC INT3 + * 0046AFE9 CC INT3 + * 0046AFEA CC INT3 + * 0046AFEB CC INT3 + * 0046AFEC CC INT3 + * 0046AFED CC INT3 + * 0046AFEE CC INT3 + * 0046AFEF CC INT3 + * 0046AFF0 83EC 10 SUB ESP,0x10 + * 0046AFF3 56 PUSH ESI + * 0046AFF4 57 PUSH EDI + * 0046AFF5 8B7C24 1C MOV EDI,DWORD PTR SS:[ESP+0x1C] + * 0046AFF9 85FF TEST EDI,EDI + * 0046AFFB 0F84 D6020000 JE .0046B2D7 + * 0046B001 8B7424 20 MOV ESI,DWORD PTR SS:[ESP+0x20] + * 0046B005 85F6 TEST ESI,ESI + * 0046B007 0F84 CA020000 JE .0046B2D7 + * 0046B00D 55 PUSH EBP + * 0046B00E 33ED XOR EBP,EBP + * 0046B010 392D A8766C00 CMP DWORD PTR DS:[0x6C76A8],EBP + * 0046B016 75 09 JNZ SHORT .0046B021 + * 0046B018 5D POP EBP + * 0046B019 5F POP EDI + * 0046B01A 33C0 XOR EAX,EAX + * 0046B01C 5E POP ESI + * 0046B01D 83C4 10 ADD ESP,0x10 + * 0046B020 C3 RETN + * 0046B021 8B47 24 MOV EAX,DWORD PTR DS:[EDI+0x24] + * 0046B024 8B4F 28 MOV ECX,DWORD PTR DS:[EDI+0x28] + * 0046B027 8B57 2C MOV EDX,DWORD PTR DS:[EDI+0x2C] + * 0046B02A 894424 0C MOV DWORD PTR SS:[ESP+0xC],EAX + * 0046B02E 8B47 30 MOV EAX,DWORD PTR DS:[EDI+0x30] + * 0046B031 53 PUSH EBX + * 0046B032 894C24 14 MOV DWORD PTR SS:[ESP+0x14],ECX + * 0046B036 895424 18 MOV DWORD PTR SS:[ESP+0x18],EDX + * 0046B03A 894424 1C MOV DWORD PTR SS:[ESP+0x1C],EAX + * 0046B03E 8A1E MOV BL,BYTE PTR DS:[ESI] + * 0046B040 84DB TEST BL,BL + * 0046B042 0F84 95000000 JE .0046B0DD + * 0046B048 EB 06 JMP SHORT .0046B050 + * 0046B04A 8D9B 00000000 LEA EBX,DWORD PTR DS:[EBX] + * 0046B050 0FB716 MOVZX EDX,WORD PTR DS:[ESI] + * 0046B053 0FB7C2 MOVZX EAX,DX + * 0046B056 3D 5C630000 CMP EAX,0x635C + * 0046B05B 0F8F 93010000 JG .0046B1F4 + * 0046B061 0F84 2B010000 JE .0046B192 + * 0046B067 3D 5C4E0000 CMP EAX,0x4E5C + * 0046B06C 0F8F DF000000 JG .0046B151 + * 0046B072 0F84 9E010000 JE .0046B216 + * 0046B078 3D 5C430000 CMP EAX,0x435C + * 0046B07D 0F84 0F010000 JE .0046B192 + * 0046B083 3D 5C460000 CMP EAX,0x465C + * 0046B088 0F84 80000000 JE .0046B10E + * 0046B08E 3D 5C470000 CMP EAX,0x475C + * 0046B093 0F85 CA010000 JNZ .0046B263 + * 0046B099 8A46 02 MOV AL,BYTE PTR DS:[ESI+0x2] + * 0046B09C 83C6 02 ADD ESI,0x2 + * 0046B09F 33C9 XOR ECX,ECX + * 0046B0A1 3C 39 CMP AL,0x39 + * 0046B0A3 77 17 JA SHORT .0046B0BC + * 0046B0A5 3C 30 CMP AL,0x30 + * 0046B0A7 72 13 JB SHORT .0046B0BC + * 0046B0A9 83C6 01 ADD ESI,0x1 + * 0046B0AC 0FB6D0 MOVZX EDX,AL + * 0046B0AF 8A06 MOV AL,BYTE PTR DS:[ESI] + * 0046B0B1 3C 39 CMP AL,0x39 + * 0046B0B3 8D0C89 LEA ECX,DWORD PTR DS:[ECX+ECX*4] + * 0046B0B6 8D4C4A D0 LEA ECX,DWORD PTR DS:[EDX+ECX*2-0x30] + * 0046B0BA ^76 E9 JBE SHORT .0046B0A5 + * 0046B0BC 8D4424 10 LEA EAX,DWORD PTR SS:[ESP+0x10] + * 0046B0C0 50 PUSH EAX + * 0046B0C1 81C1 00FFFFFF ADD ECX,-0x100 + * 0046B0C7 51 PUSH ECX + * 0046B0C8 57 PUSH EDI + * 0046B0C9 E8 92F1FFFF CALL .0046A260 + * 0046B0CE 83C4 0C ADD ESP,0xC + * 0046B0D1 03E8 ADD EBP,EAX + * 0046B0D3 8A1E MOV BL,BYTE PTR DS:[ESI] + * 0046B0D5 84DB TEST BL,BL + * 0046B0D7 ^0F85 73FFFFFF JNZ .0046B050 + * 0046B0DD F647 10 01 TEST BYTE PTR DS:[EDI+0x10],0x1 + * 0046B0E1 74 09 JE SHORT .0046B0EC + * 0046B0E3 57 PUSH EDI + * 0046B0E4 E8 F7DDFFFF CALL .00468EE0 + * 0046B0E9 83C4 04 ADD ESP,0x4 + * 0046B0EC F647 10 08 TEST BYTE PTR DS:[EDI+0x10],0x8 + * 0046B0F0 74 12 JE SHORT .0046B104 + * 0046B0F2 833D 98026C00 00 CMP DWORD PTR DS:[0x6C0298],0x0 + * 0046B0F9 74 09 JE SHORT .0046B104 + * 0046B0FB 57 PUSH EDI + * 0046B0FC E8 6FE4FFFF CALL .00469570 + * 0046B101 83C4 04 ADD ESP,0x4 + * 0046B104 5B POP EBX + * 0046B105 8BC5 MOV EAX,EBP + * 0046B107 5D POP EBP + * 0046B108 5F POP EDI + * 0046B109 5E POP ESI + * 0046B10A 83C4 10 ADD ESP,0x10 + * 0046B10D C3 RETN + * 0046B10E 8A46 02 MOV AL,BYTE PTR DS:[ESI+0x2] + * 0046B111 83C6 02 ADD ESI,0x2 + * 0046B114 33C9 XOR ECX,ECX + * 0046B116 3C 39 CMP AL,0x39 + * 0046B118 77 1D JA SHORT .0046B137 + * 0046B11A 8D9B 00000000 LEA EBX,DWORD PTR DS:[EBX] + * 0046B120 3C 30 CMP AL,0x30 + * 0046B122 72 13 JB SHORT .0046B137 + * 0046B124 83C6 01 ADD ESI,0x1 + * 0046B127 0FB6D0 MOVZX EDX,AL + * 0046B12A 8A06 MOV AL,BYTE PTR DS:[ESI] + * 0046B12C 3C 39 CMP AL,0x39 + * 0046B12E 8D0C89 LEA ECX,DWORD PTR DS:[ECX+ECX*4] + * 0046B131 8D4C4A D0 LEA ECX,DWORD PTR DS:[EDX+ECX*2-0x30] + * 0046B135 ^76 E9 JBE SHORT .0046B120 + * 0046B137 6A 01 PUSH 0x1 + * 0046B139 8B0C8D 580D6C00 MOV ECX,DWORD PTR DS:[ECX*4+0x6C0D58] + * 0046B140 8D4424 14 LEA EAX,DWORD PTR SS:[ESP+0x14] + * 0046B144 50 PUSH EAX + * 0046B145 51 PUSH ECX + * 0046B146 57 PUSH EDI + * 0046B147 E8 84FBFFFF CALL .0046ACD0 + * 0046B14C 83C4 10 ADD ESP,0x10 + * 0046B14F ^EB 80 JMP SHORT .0046B0D1 + * 0046B151 3D 5C520000 CMP EAX,0x525C + * 0046B156 0F84 BA000000 JE .0046B216 + * 0046B15C 3D 5C530000 CMP EAX,0x535C + * 0046B161 ^0F84 32FFFFFF JE .0046B099 + * 0046B167 3D 5C5C0000 CMP EAX,0x5C5C + * 0046B16C 0F85 F1000000 JNZ .0046B263 + * 0046B172 8D5424 10 LEA EDX,DWORD PTR SS:[ESP+0x10] + * 0046B176 52 PUSH EDX + * 0046B177 6A 5C PUSH 0x5C + * 0046B179 57 PUSH EDI + * 0046B17A E8 81F3FFFF CALL .0046A500 + * 0046B17F 83C4 0C ADD ESP,0xC + * 0046B182 85C0 TEST EAX,EAX + * 0046B184 0F84 43010000 JE .0046B2CD + * 0046B18A 83C6 01 ADD ESI,0x1 + * 0046B18D ^E9 41FFFFFF JMP .0046B0D3 + * 0046B192 33C9 XOR ECX,ECX + * 0046B194 83C6 02 ADD ESI,0x2 + * 0046B197 8A06 MOV AL,BYTE PTR DS:[ESI] + * 0046B199 3C 39 CMP AL,0x39 + * 0046B19B 77 14 JA SHORT .0046B1B1 + * 0046B19D 3C 30 CMP AL,0x30 + * 0046B19F 72 10 JB SHORT .0046B1B1 + * 0046B1A1 83C1 FD ADD ECX,-0x3 + * 0046B1A4 0FB6C0 MOVZX EAX,AL + * 0046B1A7 C1E1 04 SHL ECX,0x4 + * 0046B1AA 03C8 ADD ECX,EAX + * 0046B1AC 83C6 01 ADD ESI,0x1 + * 0046B1AF ^EB E6 JMP SHORT .0046B197 + * 0046B1B1 3C 46 CMP AL,0x46 + * 0046B1B3 77 13 JA SHORT .0046B1C8 + * 0046B1B5 3C 41 CMP AL,0x41 + * 0046B1B7 72 0F JB SHORT .0046B1C8 + * 0046B1B9 0FB6D0 MOVZX EDX,AL + * 0046B1BC C1E1 04 SHL ECX,0x4 + * 0046B1BF 8D4C11 C9 LEA ECX,DWORD PTR DS:[ECX+EDX-0x37] + * 0046B1C3 83C6 01 ADD ESI,0x1 + * 0046B1C6 ^EB CF JMP SHORT .0046B197 + * 0046B1C8 3C 66 CMP AL,0x66 + * 0046B1CA 77 13 JA SHORT .0046B1DF + * 0046B1CC 3C 61 CMP AL,0x61 + * 0046B1CE 72 0F JB SHORT .0046B1DF + * 0046B1D0 0FB6C0 MOVZX EAX,AL + * 0046B1D3 C1E1 04 SHL ECX,0x4 + * 0046B1D6 8D4C01 A9 LEA ECX,DWORD PTR DS:[ECX+EAX-0x57] + * 0046B1DA 83C6 01 ADD ESI,0x1 + * 0046B1DD ^EB B8 JMP SHORT .0046B197 + * 0046B1DF 894C24 1C MOV DWORD PTR SS:[ESP+0x1C],ECX + * 0046B1E3 894C24 18 MOV DWORD PTR SS:[ESP+0x18],ECX + * 0046B1E7 894C24 14 MOV DWORD PTR SS:[ESP+0x14],ECX + * 0046B1EB 894C24 10 MOV DWORD PTR SS:[ESP+0x10],ECX + * 0046B1EF ^E9 DFFEFFFF JMP .0046B0D3 + * 0046B1F4 3D 5C720000 CMP EAX,0x725C + * 0046B1F9 7F 56 JG SHORT .0046B251 + * 0046B1FB 74 19 JE SHORT .0046B216 + * 0046B1FD 3D 5C660000 CMP EAX,0x665C + * 0046B202 74 23 JE SHORT .0046B227 + * 0046B204 3D 5C670000 CMP EAX,0x675C + * 0046B209 ^0F84 8AFEFFFF JE .0046B099 + * 0046B20F 3D 5C6E0000 CMP EAX,0x6E5C + * 0046B214 75 4D JNZ SHORT .0046B263 + * 0046B216 57 PUSH EDI + * 0046B217 E8 54DBFFFF CALL .00468D70 + * 0046B21C 83C4 04 ADD ESP,0x4 + * 0046B21F 83C6 02 ADD ESI,0x2 + * 0046B222 ^E9 ACFEFFFF JMP .0046B0D3 + * 0046B227 8A46 02 MOV AL,BYTE PTR DS:[ESI+0x2] + * 0046B22A 83C6 02 ADD ESI,0x2 + * 0046B22D 33C9 XOR ECX,ECX + * 0046B22F 3C 39 CMP AL,0x39 + * 0046B231 77 17 JA SHORT .0046B24A + * 0046B233 3C 30 CMP AL,0x30 + * 0046B235 72 13 JB SHORT .0046B24A + * 0046B237 83C6 01 ADD ESI,0x1 + * 0046B23A 0FB6D0 MOVZX EDX,AL + * 0046B23D 8A06 MOV AL,BYTE PTR DS:[ESI] + * 0046B23F 3C 39 CMP AL,0x39 + * 0046B241 8D0C89 LEA ECX,DWORD PTR DS:[ECX+ECX*4] + * 0046B244 8D4C4A D0 LEA ECX,DWORD PTR DS:[EDX+ECX*2-0x30] + * 0046B248 ^76 E9 JBE SHORT .0046B233 + * 0046B24A 6A 00 PUSH 0x0 + * 0046B24C ^E9 E8FEFFFF JMP .0046B139 + * 0046B251 3D 5C730000 CMP EAX,0x735C + * 0046B256 ^0F84 3DFEFFFF JE .0046B099 + * 0046B25C 3D 5C7B0000 CMP EAX,0x7B5C + * 0046B261 74 49 JE SHORT .0046B2AC + * 0046B263 52 PUSH EDX + * 0046B264 E8 C7D5FFFF CALL .00468830 + * 0046B269 83C4 04 ADD ESP,0x4 + * 0046B26C 85C0 TEST EAX,EAX + * 0046B26E 74 1E JE SHORT .0046B28E + * 0046B270 8D4424 10 LEA EAX,DWORD PTR SS:[ESP+0x10] + * 0046B274 50 PUSH EAX + * 0046B275 52 PUSH EDX + * 0046B276 57 PUSH EDI + * 0046B277 E8 E4EFFFFF CALL .0046A260 + * 0046B27C 83C4 0C ADD ESP,0xC + * 0046B27F 85C0 TEST EAX,EAX + * 0046B281 74 4A JE SHORT .0046B2CD + * 0046B283 83C6 02 ADD ESI,0x2 + * 0046B286 83C5 01 ADD EBP,0x1 + * 0046B289 ^E9 45FEFFFF JMP .0046B0D3 + * 0046B28E 8D4C24 10 LEA ECX,DWORD PTR SS:[ESP+0x10] + * 0046B292 51 PUSH ECX + * 0046B293 53 PUSH EBX + * 0046B294 57 PUSH EDI + * 0046B295 E8 66F2FFFF CALL .0046A500 + * 0046B29A 83C4 0C ADD ESP,0xC + * 0046B29D 85C0 TEST EAX,EAX + * 0046B29F 74 2C JE SHORT .0046B2CD + * 0046B2A1 83C6 01 ADD ESI,0x1 + * 0046B2A4 83C5 01 ADD EBP,0x1 + * 0046B2A7 ^E9 27FEFFFF JMP .0046B0D3 + * 0046B2AC 8D5424 24 LEA EDX,DWORD PTR SS:[ESP+0x24] + * 0046B2B0 52 PUSH EDX + * 0046B2B1 83C6 02 ADD ESI,0x2 + * 0046B2B4 56 PUSH ESI + * 0046B2B5 57 PUSH EDI + * 0046B2B6 E8 F5F4FFFF CALL .0046A7B0 + * 0046B2BB 8BF0 MOV ESI,EAX + * 0046B2BD 83C4 0C ADD ESP,0xC + * 0046B2C0 85F6 TEST ESI,ESI + * 0046B2C2 74 09 JE SHORT .0046B2CD + * 0046B2C4 036C24 24 ADD EBP,DWORD PTR SS:[ESP+0x24] + * 0046B2C8 ^E9 06FEFFFF JMP .0046B0D3 + * 0046B2CD 5B POP EBX + * 0046B2CE 5D POP EBP + * 0046B2CF 5F POP EDI + * 0046B2D0 33C0 XOR EAX,EAX + * 0046B2D2 5E POP ESI + * 0046B2D3 83C4 10 ADD ESP,0x10 + * 0046B2D6 C3 RETN + * 0046B2D7 5F POP EDI + * 0046B2D8 33C0 XOR EAX,EAX + * 0046B2DA 5E POP ESI + * 0046B2DB 83C4 10 ADD ESP,0x10 + * 0046B2DE C3 RETN + * 0046B2DF CC INT3 + * + * Sample game: 母子愛2 (2RM) + * 0047120D CC INT3 + * 0047120E CC INT3 + * 0047120F CC INT3 + * 00471210 83EC 10 SUB ESP,0x10 + * 00471213 56 PUSH ESI + * 00471214 57 PUSH EDI + * 00471215 8B7C24 1C MOV EDI,DWORD PTR SS:[ESP+0x1C] + * 00471219 85FF TEST EDI,EDI + * 0047121B 0F84 98030000 JE oyakoai2.004715B9 + * 00471221 8B7424 20 MOV ESI,DWORD PTR SS:[ESP+0x20] + * 00471225 85F6 TEST ESI,ESI + * 00471227 0F84 8C030000 JE oyakoai2.004715B9 + * 0047122D 55 PUSH EBP + * 0047122E 33ED XOR EBP,EBP + * 00471230 392D 48E16C00 CMP DWORD PTR DS:[0x6CE148],EBP + * 00471236 75 09 JNZ SHORT oyakoai2.00471241 + * 00471238 5D POP EBP + * 00471239 5F POP EDI + * 0047123A 33C0 XOR EAX,EAX + * 0047123C 5E POP ESI + * 0047123D 83C4 10 ADD ESP,0x10 + * 00471240 C3 RETN + * 00471241 8B47 60 MOV EAX,DWORD PTR DS:[EDI+0x60] + * 00471244 8B4F 64 MOV ECX,DWORD PTR DS:[EDI+0x64] + * 00471247 8B57 68 MOV EDX,DWORD PTR DS:[EDI+0x68] + * 0047124A 894424 0C MOV DWORD PTR SS:[ESP+0xC],EAX + * 0047124E 8B47 6C MOV EAX,DWORD PTR DS:[EDI+0x6C] + * 00471251 894424 18 MOV DWORD PTR SS:[ESP+0x18],EAX + * 00471255 8B47 4C MOV EAX,DWORD PTR DS:[EDI+0x4C] + * 00471258 25 00F00000 AND EAX,0xF000 + * 0047125D 3D 00100000 CMP EAX,0x1000 + * 00471262 894C24 10 MOV DWORD PTR SS:[ESP+0x10],ECX + * 00471266 895424 14 MOV DWORD PTR SS:[ESP+0x14],EDX + * 0047126A 74 26 JE SHORT oyakoai2.00471292 + * 0047126C 3D 00200000 CMP EAX,0x2000 + * 00471271 74 13 JE SHORT oyakoai2.00471286 + * 00471273 3D 00300000 CMP EAX,0x3000 + * 00471278 75 30 JNZ SHORT oyakoai2.004712AA + * 0047127A 8D4C24 0C LEA ECX,DWORD PTR SS:[ESP+0xC] + * 0047127E 51 PUSH ECX + * 0047127F 68 81770000 PUSH 0x7781 + * 00471284 EB 16 JMP SHORT oyakoai2.0047129C + * 00471286 8D5424 0C LEA EDX,DWORD PTR SS:[ESP+0xC] + * 0047128A 52 PUSH EDX + * 0047128B 68 81750000 PUSH 0x7581 + * 00471290 EB 0A JMP SHORT oyakoai2.0047129C + * 00471292 8D4424 0C LEA EAX,DWORD PTR SS:[ESP+0xC] + * 00471296 50 PUSH EAX + * 00471297 68 81790000 PUSH 0x7981 + * 0047129C 57 PUSH EDI + * 0047129D E8 3EF0FFFF CALL oyakoai2.004702E0 + * 004712A2 83C4 0C ADD ESP,0xC + * 004712A5 BD 02000000 MOV EBP,0x2 + * 004712AA 53 PUSH EBX + * 004712AB 8A1E MOV BL,BYTE PTR DS:[ESI] + * 004712AD 84DB TEST BL,BL + * 004712AF 0F84 93000000 JE oyakoai2.00471348 + * 004712B5 0FB716 MOVZX EDX,WORD PTR DS:[ESI] + * 004712B8 0FB7C2 MOVZX EAX,DX + * 004712BB 3D 5C630000 CMP EAX,0x635C + * 004712C0 0F8F A7010000 JG oyakoai2.0047146D + * 004712C6 0F84 39010000 JE oyakoai2.00471405 + * 004712CC 3D 5C4E0000 CMP EAX,0x4E5C + * 004712D1 0F8F ED000000 JG oyakoai2.004713C4 + * 004712D7 0F84 B2010000 JE oyakoai2.0047148F + * 004712DD 3D 5C430000 CMP EAX,0x435C + * 004712E2 0F84 1D010000 JE oyakoai2.00471405 + * 004712E8 3D 5C460000 CMP EAX,0x465C + * 004712ED 0F84 8D000000 JE oyakoai2.00471380 + * 004712F3 3D 5C470000 CMP EAX,0x475C + * 004712F8 0F85 E2010000 JNZ oyakoai2.004714E0 + * 004712FE 8A46 02 MOV AL,BYTE PTR DS:[ESI+0x2] + * 00471301 83C6 02 ADD ESI,0x2 + * 00471304 33C9 XOR ECX,ECX + * 00471306 3C 39 CMP AL,0x39 + * 00471308 77 1D JA SHORT oyakoai2.00471327 + * 0047130A 8D9B 00000000 LEA EBX,DWORD PTR DS:[EBX] + * 00471310 3C 30 CMP AL,0x30 + * 00471312 72 13 JB SHORT oyakoai2.00471327 + * 00471314 83C6 01 ADD ESI,0x1 + * 00471317 0FB6D0 MOVZX EDX,AL + * 0047131A 8A06 MOV AL,BYTE PTR DS:[ESI] + * 0047131C 3C 39 CMP AL,0x39 + * 0047131E 8D0C89 LEA ECX,DWORD PTR DS:[ECX+ECX*4] + * 00471321 8D4C4A D0 LEA ECX,DWORD PTR DS:[EDX+ECX*2-0x30] + * 00471325 ^76 E9 JBE SHORT oyakoai2.00471310 + * 00471327 8D4424 10 LEA EAX,DWORD PTR SS:[ESP+0x10] + * 0047132B 50 PUSH EAX + * 0047132C 81C1 00FFFFFF ADD ECX,-0x100 + * 00471332 51 PUSH ECX + * 00471333 57 PUSH EDI + * 00471334 E8 A7EFFFFF CALL oyakoai2.004702E0 + * 00471339 83C4 0C ADD ESP,0xC + * 0047133C 03E8 ADD EBP,EAX + * 0047133E 8A1E MOV BL,BYTE PTR DS:[ESI] + * 00471340 84DB TEST BL,BL + * 00471342 ^0F85 6DFFFFFF JNZ oyakoai2.004712B5 + * 00471348 8B47 4C MOV EAX,DWORD PTR DS:[EDI+0x4C] + * 0047134B 25 00F00000 AND EAX,0xF000 + * 00471350 3D 00100000 CMP EAX,0x1000 + * 00471355 0F84 05020000 JE oyakoai2.00471560 + * 0047135B 3D 00200000 CMP EAX,0x2000 + * 00471360 0F84 EE010000 JE oyakoai2.00471554 + * 00471366 3D 00300000 CMP EAX,0x3000 + * 0047136B 0F85 05020000 JNZ oyakoai2.00471576 + * 00471371 8D4C24 10 LEA ECX,DWORD PTR SS:[ESP+0x10] + * 00471375 51 PUSH ECX + * 00471376 68 81780000 PUSH 0x7881 + * 0047137B E9 EA010000 JMP oyakoai2.0047156A + * 00471380 8A46 02 MOV AL,BYTE PTR DS:[ESI+0x2] + * 00471383 83C6 02 ADD ESI,0x2 + * 00471386 33C9 XOR ECX,ECX + * 00471388 3C 39 CMP AL,0x39 + * 0047138A 77 1B JA SHORT oyakoai2.004713A7 + * 0047138C 8D6424 00 LEA ESP,DWORD PTR SS:[ESP] + * 00471390 3C 30 CMP AL,0x30 + * 00471392 72 13 JB SHORT oyakoai2.004713A7 + * 00471394 83C6 01 ADD ESI,0x1 + * 00471397 0FB6D0 MOVZX EDX,AL + * 0047139A 8A06 MOV AL,BYTE PTR DS:[ESI] + * 0047139C 3C 39 CMP AL,0x39 + * 0047139E 8D0C89 LEA ECX,DWORD PTR DS:[ECX+ECX*4] + * 004713A1 8D4C4A D0 LEA ECX,DWORD PTR DS:[EDX+ECX*2-0x30] + * 004713A5 ^76 E9 JBE SHORT oyakoai2.00471390 + * 004713A7 6A 01 PUSH 0x1 + * 004713A9 8B0C8D E8776C00 MOV ECX,DWORD PTR DS:[ECX*4+0x6C77E8] + * 004713B0 8D4424 14 LEA EAX,DWORD PTR SS:[ESP+0x14] + * 004713B4 50 PUSH EAX + * 004713B5 51 PUSH ECX + * 004713B6 57 PUSH EDI + * 004713B7 E8 34FBFFFF CALL oyakoai2.00470EF0 + * 004713BC 83C4 10 ADD ESP,0x10 + * 004713BF ^E9 78FFFFFF JMP oyakoai2.0047133C + * 004713C4 3D 5C520000 CMP EAX,0x525C + * 004713C9 0F84 C0000000 JE oyakoai2.0047148F + * 004713CF 3D 5C530000 CMP EAX,0x535C + * 004713D4 ^0F84 24FFFFFF JE oyakoai2.004712FE + * 004713DA 3D 5C5C0000 CMP EAX,0x5C5C + * 004713DF 0F85 FB000000 JNZ oyakoai2.004714E0 + * 004713E5 8D5424 10 LEA EDX,DWORD PTR SS:[ESP+0x10] + * 004713E9 52 PUSH EDX + * 004713EA 6A 5C PUSH 0x5C + * 004713EC 57 PUSH EDI + * 004713ED E8 2EF2FFFF CALL oyakoai2.00470620 + * 004713F2 83C4 0C ADD ESP,0xC + * 004713F5 85C0 TEST EAX,EAX + * 004713F7 0F84 4D010000 JE oyakoai2.0047154A + * 004713FD 83C6 01 ADD ESI,0x1 + * 00471400 ^E9 39FFFFFF JMP oyakoai2.0047133E + * 00471405 33C9 XOR ECX,ECX + * 00471407 83C6 02 ADD ESI,0x2 + * 0047140A 8D9B 00000000 LEA EBX,DWORD PTR DS:[EBX] + * 00471410 8A06 MOV AL,BYTE PTR DS:[ESI] + * 00471412 3C 39 CMP AL,0x39 + * 00471414 77 14 JA SHORT oyakoai2.0047142A + * 00471416 3C 30 CMP AL,0x30 + * 00471418 72 10 JB SHORT oyakoai2.0047142A + * 0047141A 83C1 FD ADD ECX,-0x3 + * 0047141D 0FB6C0 MOVZX EAX,AL + * 00471420 C1E1 04 SHL ECX,0x4 + * 00471423 03C8 ADD ECX,EAX + * 00471425 83C6 01 ADD ESI,0x1 + * 00471428 ^EB E6 JMP SHORT oyakoai2.00471410 + * 0047142A 3C 46 CMP AL,0x46 + * 0047142C 77 13 JA SHORT oyakoai2.00471441 + * 0047142E 3C 41 CMP AL,0x41 + * 00471430 72 0F JB SHORT oyakoai2.00471441 + * 00471432 0FB6D0 MOVZX EDX,AL + * 00471435 C1E1 04 SHL ECX,0x4 + * 00471438 8D4C11 C9 LEA ECX,DWORD PTR DS:[ECX+EDX-0x37] + * 0047143C 83C6 01 ADD ESI,0x1 + * 0047143F ^EB CF JMP SHORT oyakoai2.00471410 + * 00471441 3C 66 CMP AL,0x66 + * 00471443 77 13 JA SHORT oyakoai2.00471458 + * 00471445 3C 61 CMP AL,0x61 + * 00471447 72 0F JB SHORT oyakoai2.00471458 + * 00471449 0FB6C0 MOVZX EAX,AL + * 0047144C C1E1 04 SHL ECX,0x4 + * 0047144F 8D4C01 A9 LEA ECX,DWORD PTR DS:[ECX+EAX-0x57] + * 00471453 83C6 01 ADD ESI,0x1 + * 00471456 ^EB B8 JMP SHORT oyakoai2.00471410 + * 00471458 894C24 1C MOV DWORD PTR SS:[ESP+0x1C],ECX + * 0047145C 894C24 18 MOV DWORD PTR SS:[ESP+0x18],ECX + * 00471460 894C24 14 MOV DWORD PTR SS:[ESP+0x14],ECX + * 00471464 894C24 10 MOV DWORD PTR SS:[ESP+0x10],ECX + * 00471468 ^E9 D1FEFFFF JMP oyakoai2.0047133E + * 0047146D 3D 5C720000 CMP EAX,0x725C + * 00471472 7F 5A JG SHORT oyakoai2.004714CE + * 00471474 74 19 JE SHORT oyakoai2.0047148F + * 00471476 3D 5C660000 CMP EAX,0x665C + * 0047147B 74 23 JE SHORT oyakoai2.004714A0 + * 0047147D 3D 5C670000 CMP EAX,0x675C + * 00471482 ^0F84 76FEFFFF JE oyakoai2.004712FE + * 00471488 3D 5C6E0000 CMP EAX,0x6E5C + * 0047148D 75 51 JNZ SHORT oyakoai2.004714E0 + * 0047148F 57 PUSH EDI + * 00471490 E8 BBD2FFFF CALL oyakoai2.0046E750 + * 00471495 83C4 04 ADD ESP,0x4 + * 00471498 83C6 02 ADD ESI,0x2 + * 0047149B ^E9 9EFEFFFF JMP oyakoai2.0047133E + * 004714A0 8A46 02 MOV AL,BYTE PTR DS:[ESI+0x2] + * 004714A3 83C6 02 ADD ESI,0x2 + * 004714A6 33C9 XOR ECX,ECX + * 004714A8 3C 39 CMP AL,0x39 + * 004714AA 77 1B JA SHORT oyakoai2.004714C7 + * 004714AC 8D6424 00 LEA ESP,DWORD PTR SS:[ESP] + * 004714B0 3C 30 CMP AL,0x30 + * 004714B2 72 13 JB SHORT oyakoai2.004714C7 + * 004714B4 83C6 01 ADD ESI,0x1 + * 004714B7 0FB6D0 MOVZX EDX,AL + * 004714BA 8A06 MOV AL,BYTE PTR DS:[ESI] + * 004714BC 3C 39 CMP AL,0x39 + * 004714BE 8D0C89 LEA ECX,DWORD PTR DS:[ECX+ECX*4] + * 004714C1 8D4C4A D0 LEA ECX,DWORD PTR DS:[EDX+ECX*2-0x30] + * 004714C5 ^76 E9 JBE SHORT oyakoai2.004714B0 + * 004714C7 6A 00 PUSH 0x0 + * 004714C9 ^E9 DBFEFFFF JMP oyakoai2.004713A9 + * 004714CE 3D 5C730000 CMP EAX,0x735C + * 004714D3 ^0F84 25FEFFFF JE oyakoai2.004712FE + * 004714D9 3D 5C7B0000 CMP EAX,0x7B5C + * 004714DE 74 49 JE SHORT oyakoai2.00471529 + * 004714E0 52 PUSH EDX + * 004714E1 E8 5ACDFFFF CALL oyakoai2.0046E240 + * 004714E6 83C4 04 ADD ESP,0x4 + * 004714E9 85C0 TEST EAX,EAX + * 004714EB 74 1E JE SHORT oyakoai2.0047150B + * 004714ED 8D4424 10 LEA EAX,DWORD PTR SS:[ESP+0x10] + * 004714F1 50 PUSH EAX + * 004714F2 52 PUSH EDX + * 004714F3 57 PUSH EDI + * 004714F4 E8 E7EDFFFF CALL oyakoai2.004702E0 + * 004714F9 83C4 0C ADD ESP,0xC + * 004714FC 85C0 TEST EAX,EAX + * 004714FE 74 4A JE SHORT oyakoai2.0047154A + * 00471500 83C6 02 ADD ESI,0x2 + * 00471503 83C5 01 ADD EBP,0x1 + * 00471506 ^E9 33FEFFFF JMP oyakoai2.0047133E + * 0047150B 8D4C24 10 LEA ECX,DWORD PTR SS:[ESP+0x10] + * 0047150F 51 PUSH ECX + * 00471510 53 PUSH EBX + * 00471511 57 PUSH EDI + * 00471512 E8 09F1FFFF CALL oyakoai2.00470620 + * 00471517 83C4 0C ADD ESP,0xC + * 0047151A 85C0 TEST EAX,EAX + * 0047151C 74 2C JE SHORT oyakoai2.0047154A + * 0047151E 83C6 01 ADD ESI,0x1 + * 00471521 83C5 01 ADD EBP,0x1 + * 00471524 ^E9 15FEFFFF JMP oyakoai2.0047133E + * 00471529 8D5424 24 LEA EDX,DWORD PTR SS:[ESP+0x24] + * 0047152D 52 PUSH EDX + * 0047152E 83C6 02 ADD ESI,0x2 + * 00471531 56 PUSH ESI + * 00471532 57 PUSH EDI + * 00471533 E8 38F4FFFF CALL oyakoai2.00470970 + * 00471538 8BF0 MOV ESI,EAX + * 0047153A 83C4 0C ADD ESP,0xC + * 0047153D 85F6 TEST ESI,ESI + * 0047153F 74 09 JE SHORT oyakoai2.0047154A + * 00471541 036C24 24 ADD EBP,DWORD PTR SS:[ESP+0x24] + * 00471545 ^E9 F4FDFFFF JMP oyakoai2.0047133E + * 0047154A 5B POP EBX + * 0047154B 5D POP EBP + * 0047154C 5F POP EDI + * 0047154D 33C0 XOR EAX,EAX + * 0047154F 5E POP ESI + * 00471550 83C4 10 ADD ESP,0x10 + * 00471553 C3 RETN + * 00471554 8D5424 10 LEA EDX,DWORD PTR SS:[ESP+0x10] + * 00471558 52 PUSH EDX + * 00471559 68 81760000 PUSH 0x7681 + * 0047155E EB 0A JMP SHORT oyakoai2.0047156A + * 00471560 8D4424 10 LEA EAX,DWORD PTR SS:[ESP+0x10] + * 00471564 50 PUSH EAX + * 00471565 68 817A0000 PUSH 0x7A81 + * 0047156A 57 PUSH EDI + * 0047156B E8 70EDFFFF CALL oyakoai2.004702E0 + * 00471570 83C4 0C ADD ESP,0xC + * 00471573 83C5 02 ADD EBP,0x2 + * 00471576 F647 4C 01 TEST BYTE PTR DS:[EDI+0x4C],0x1 + * 0047157A 74 09 JE SHORT oyakoai2.00471585 + * 0047157C 57 PUSH EDI + * 0047157D E8 4ED3FFFF CALL oyakoai2.0046E8D0 + * 00471582 83C4 04 ADD ESP,0x4 + * 00471585 F747 4C 00010000 TEST DWORD PTR DS:[EDI+0x4C],0x100 + * 0047158C 74 09 JE SHORT oyakoai2.00471597 + * 0047158E 57 PUSH EDI + * 0047158F E8 4CD6FFFF CALL oyakoai2.0046EBE0 + * 00471594 83C4 04 ADD ESP,0x4 + * 00471597 F647 4C 08 TEST BYTE PTR DS:[EDI+0x4C],0x8 + * 0047159B 74 12 JE SHORT oyakoai2.004715AF + * 0047159D 833D 306D6C00 00 CMP DWORD PTR DS:[0x6C6D30],0x0 + * 004715A4 74 09 JE SHORT oyakoai2.004715AF + * 004715A6 57 PUSH EDI + * 004715A7 E8 C4DCFFFF CALL oyakoai2.0046F270 + * 004715AC 83C4 04 ADD ESP,0x4 + * 004715AF 5B POP EBX + * 004715B0 8BC5 MOV EAX,EBP + * 004715B2 5D POP EBP + * 004715B3 5F POP EDI + * 004715B4 5E POP ESI + * 004715B5 83C4 10 ADD ESP,0x10 + * 004715B8 C3 RETN + * 004715B9 5F POP EDI + * 004715BA 33C0 XOR EAX,EAX + * 004715BC 5E POP ESI + * 004715BD 83C4 10 ADD ESP,0x10 + * 004715C0 C3 RETN + * 004715C1 CC INT3 + * 004715C2 CC INT3 + * 004715C3 CC INT3 + * 004715C4 CC INT3 + * 004715C5 CC INT3 + * 004715C6 CC INT3 + * 004715C7 CC INT3 + * 004715C8 CC INT3 + * 004715C9 CC INT3 + * 004715CA CC INT3 + * 004715CB CC INT3 + * 004715CC CC INT3 + * 004715CD CC INT3 + * 004715CE CC INT3 + * 004715CF CC INT3 + */ +bool attach(ULONG startAddress, ULONG stopAddress) +{ + const uint8_t bytes[] = { + 0x75, 0x09, // 00471236 75 09 jnz short oyakoai2.00471241 + 0x5d, // 00471238 5d pop ebp + 0x5f, // 00471239 5f pop edi + 0x33,0xc0, // 0047123a 33c0 xor eax,eax + 0x5e, // 0047123c 5e pop esi + 0x83,0xc4, 0x10, // 0047123d 83c4 10 add esp,0x10 + 0xc3 // 00471240 c3 retn + }; + const BYTE pattern[] = { + //プリズム☆ま~じカル ~Prism Generations!~ + //プリズム☆ま~じカル!AFTERSTORYS迷える子羊といけにえの山 + //[141128][bootUP!] はにつま + 0x0f,XX2, + 0x3d,0x5c,0x63,0x00,0x00 + }; + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), startAddress, stopAddress); + + auto _do=[](ULONG addr){ + addr = MemDbg::findEnclosingAlignedFunction(addr,0x100); + if (!addr) + return false; + HookParam hp; + hp.address=addr; + hp.type=USING_STRING|EMBED_ABLE|EMBED_AFTER_NEW|EMBED_DYNA_SJIS; + hp.offset=get_stack(2); + hp.filter_fun=pensilfilter; + hp.hook_font=F_GetGlyphOutlineA; + return NewHook(hp,"EmbedPensil"); + }; + if(addr && _do(addr))return true; + bool ok=false; + for (auto addr : Util::SearchMemory(pattern, sizeof(pattern), PAGE_EXECUTE, processStartAddress, processStopAddress)){ + ok=_do(addr)||ok; + } + return ok; +} + +} // namespace ScenarioHook +namespace OtherHook { +bool attach(ULONG startAddress, ULONG stopAddress) +{ + const uint8_t bytes[] = { + 0x83,0x7e, 0x14, 0x00, // 004250f6 837e 14 00 cmp dword ptr ds:[esi+0x14],0x0 + 0x75, 0x09, // 004250fa 75 09 jnz short oyakoai2.00425105 + 0x33,0xc0, // 004250fc 33c0 xor eax,eax + 0x5e, // 004250fe 5e pop esi + 0x83,0xc4, 0x28, // 004250ff 83c4 28 add esp,0x28 + 0xc2, 0x08,0x00 // 00425102 c2 0800 retn 0x8 + }; + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), startAddress, stopAddress); + if (!addr) + return false; + addr = MemDbg::findEnclosingAlignedFunction(addr); + if (!addr) + return false; + HookParam hp; + hp.address=addr; + hp.type=USING_STRING|EMBED_ABLE|EMBED_AFTER_NEW| EMBED_DYNA_SJIS; + hp.offset=get_stack(1); + hp.filter_fun=pensilfilter; + hp.hook_font=F_GetGlyphOutlineA; + return NewHook(hp,"EmbedPensilChoice"); + +} + +} // namespace OtherHook +} +#if 0 // jich 3/8/2015: disabled +bool IsPensilSetup() +{ + HANDLE hFile = IthCreateFile(L"PSetup.exe", FILE_READ_DATA, FILE_SHARE_READ, FILE_OPEN); + FILE_STANDARD_INFORMATION info; + IO_STATUS_BLOCK ios; + LPVOID buffer = nullptr; + NtQueryInformationFile(hFile, &ios, &info, sizeof(info), FileStandardInformation); + NtAllocateVirtualMemory(GetCurrentProcess(), &buffer, 0, + &info.AllocationSize.LowPart, MEM_RESERVE|MEM_COMMIT, PAGE_READWRITE); + NtReadFile(hFile, 0,0,0, &ios, buffer, info.EndOfFile.LowPart, 0, 0); + CloseHandle(hFile); + BYTE *b = (BYTE *)buffer; + DWORD len = info.EndOfFile.LowPart & ~1; + if (len == info.AllocationSize.LowPart) + len -= 2; + b[len] = 0; + b[len + 1] = 0; + bool ret = wcsstr((LPWSTR)buffer, L"PENSIL") || wcsstr((LPWSTR)buffer, L"Pensil"); + NtFreeVirtualMemory(GetCurrentProcess(), &buffer, &info.AllocationSize.LowPart, MEM_RELEASE); + return ret; +} +#endif // if 0 + + +/** jichi 8/2/2014 2RM + * Sample games: + * - [エロイッ�] 父娘� �いけなね�作り2- /HBN-20*0@54925:oyakoai.exe + * - [エロイッ�] ぁ�なね�作り �親友�お母さんに種付けしまくる1週間�-- /HS-1C@46FC9D (not used) + * + * Observations from Debug of 父娘�: + * - The executable shows product name as 2RM - Adventure Engine + * - 2 calls to GetGlyphOutlineA with incompleted game + * - Memory location of the text is fixed + * - The LAST place accessing the text is hooked + * - The actual text has pattern like this {surface,ruby} and hence not hooked + * + * /HBN-20*0@54925:oyakoai.exe + * - addr: 346405 = 0x54925 + * - length_offset: 1 + * - module: 3918223605 + * - off: 4294967260 = 0xffffffdc = -0x24 -- 0x24 comes from mov ebp,dword ptr ss:[esp+0x24] + * - type: 1096 = 0x448 + * + * This is a very long function + * 父娘�: + * - 004548e1 |. 84db test bl,bl + * - 004548e3 |. 8b7424 20 mov esi,dword ptr ss:[esp+0x20] + * - 004548e7 |. 74 08 je short oyakoai.004548f1 + * - 004548e9 |. c74424 24 0000>mov dword ptr ss:[esp+0x24],0x0 + * - 004548f1 |> 8b6c24 3c mov ebp,dword ptr ss:[esp+0x3c] + * - 004548f5 |. 837d 5c 00 cmp dword ptr ss:[ebp+0x5c],0x0 + * - 004548f9 |. c74424 18 0000>mov dword ptr ss:[esp+0x18],0x0 + * - 00454901 |. 0f8e da000000 jle oyakoai.004549e1 + * - 00454907 |. 8b6c24 24 mov ebp,dword ptr ss:[esp+0x24] + * - 0045490b |. eb 0f jmp short oyakoai.0045491c + * - 0045490d | 8d49 00 lea ecx,dword ptr ds:[ecx] + * - 00454910 |> 8b15 50bd6c00 mov edx,dword ptr ds:[0x6cbd50] + * - 00454916 |. 8b0d 94bd6c00 mov ecx,dword ptr ds:[0x6cbd94] + * - 0045491c |> 803f 00 cmp byte ptr ds:[edi],0x0 + * - 0045491f |. 0f84 db000000 je oyakoai.00454a00 + * - 00454925 |. 0fb717 movzx edx,word ptr ds:[edi] ; jichi: hook here + * - 00454928 |. 8b4c24 10 mov ecx,dword ptr ss:[esp+0x10] + * - 0045492c |. 52 push edx + * - 0045492d |. 894c24 2c mov dword ptr ss:[esp+0x2c],ecx + * - 00454931 |. e8 9a980100 call oyakoai.0046e1d0 + * - 00454936 |. 83c4 04 add esp,0x4 + * - 00454939 |. 85c0 test eax,eax + * - 0045493b |. 74 50 je short oyakoai.0045498d + * - 0045493d |. 0335 50bd6c00 add esi,dword ptr ds:[0x6cbd50] + * - 00454943 |. 84db test bl,bl + * - 00454945 |. 74 03 je short oyakoai.0045494a + * - 00454947 |. 83c5 02 add ebp,0x2 + * - 0045494a |> 3b7424 1c cmp esi,dword ptr ss:[esp+0x1c] + * - 0045494e |. a1 54bd6c00 mov eax,dword ptr ds:[0x6cbd54] + * - 00454953 |. 7f 12 jg short oyakoai.00454967 + * - 00454955 |. 84db test bl,bl + * - 00454957 |. 0f84 ea000000 je oyakoai.00454a47 + * - 0045495d |. 3b6c24 40 cmp ebp,dword ptr ss:[esp+0x40] + * - 00454961 |. 0f85 e0000000 jnz oyakoai.00454a47 + * - 00454967 |> 014424 10 add dword ptr ss:[esp+0x10],eax + * - 0045496b |. 84db test bl,bl + * - 0045496d |. 8b7424 20 mov esi,dword ptr ss:[esp+0x20] + * - 00454971 |. 0f84 d0000000 je oyakoai.00454a47 + * - 00454977 |. 3b6c24 40 cmp ebp,dword ptr ss:[esp+0x40] + * - 0045497b |. 0f85 c6000000 jnz oyakoai.00454a47 + * - 00454981 |. 33ed xor ebp,ebp + * - 00454983 |. 83c7 02 add edi,0x2 + * - 00454986 |. 834424 18 01 add dword ptr ss:[esp+0x18],0x1 + * - 0045498b |. eb 3c jmp short oyakoai.004549c9 + * - 0045498d |> a1 50bd6c00 mov eax,dword ptr ds:[0x6cbd50] + * - 00454992 |. d1e8 shr eax,1 + * - 00454994 |. 03f0 add esi,eax + * - 00454996 |. 84db test bl,bl + * - 00454998 |. 74 03 je short oyakoai.0045499d + * - 0045499a |. 83c5 01 add ebp,0x1 + * - 0045499d |> 3b7424 1c cmp esi,dword ptr ss:[esp+0x1c] + * - 004549a1 |. a1 54bd6c00 mov eax,dword ptr ds:[0x6cbd54] + * - 004549a6 |. 7f 0a jg short oyakoai.004549b2 + * - 004549a8 |. 84db test bl,bl + * + * ぁ�なね�作り: + * 00454237 c74424 24 020000>mov dword ptr ss:[esp+0x24],0x2 + * 0045423f 3bf5 cmp esi,ebp + * 00454241 7f 0e jg short .00454251 + * 00454243 84db test bl,bl + * 00454245 74 1e je short .00454265 + * 00454247 8b6c24 24 mov ebp,dword ptr ss:[esp+0x24] + * 0045424b 3b6c24 40 cmp ebp,dword ptr ss:[esp+0x40] + * 0045424f 75 14 jnz short .00454265 + * 00454251 014424 10 add dword ptr ss:[esp+0x10],eax + * 00454255 84db test bl,bl + * 00454257 8b7424 20 mov esi,dword ptr ss:[esp+0x20] + * 0045425b 74 08 je short .00454265 + * 0045425d c74424 24 000000>mov dword ptr ss:[esp+0x24],0x0 + * 00454265 8b6c24 3c mov ebp,dword ptr ss:[esp+0x3c] + * 00454269 837d 5c 00 cmp dword ptr ss:[ebp+0x5c],0x0 + * 0045426d c74424 18 000000>mov dword ptr ss:[esp+0x18],0x0 + * 00454275 0f8e d7000000 jle .00454352 + * 0045427b 8b6c24 24 mov ebp,dword ptr ss:[esp+0x24] + * 0045427f eb 0c jmp short .0045428d + * 00454281 8b15 18ad6c00 mov edx,dword ptr ds:[0x6cad18] + * 00454287 8b0d 5cad6c00 mov ecx,dword ptr ds:[0x6cad5c] + * 0045428d 803f 00 cmp byte ptr ds:[edi],0x0 + * 00454290 0f84 db000000 je .00454371 + * 00454296 0fb717 movzx edx,word ptr ds:[edi] ; jichi: hook here + * 00454299 8b4c24 10 mov ecx,dword ptr ss:[esp+0x10] + * 0045429d 52 push edx + * 0045429e 894c24 2c mov dword ptr ss:[esp+0x2c],ecx + * 004542a2 e8 498a0100 call .0046ccf0 + * 004542a7 83c4 04 add esp,0x4 + * 004542aa 85c0 test eax,eax + * 004542ac 74 50 je short .004542fe + * 004542ae 0335 18ad6c00 add esi,dword ptr ds:[0x6cad18] + * 004542b4 84db test bl,bl + * 004542b6 74 03 je short .004542bb + * 004542b8 83c5 02 add ebp,0x2 + * 004542bb 3b7424 1c cmp esi,dword ptr ss:[esp+0x1c] + * 004542bf a1 1cad6c00 mov eax,dword ptr ds:[0x6cad1c] + * 004542c4 7f 12 jg short .004542d8 + * 004542c6 84db test bl,bl + * 004542c8 0f84 ea000000 je .004543b8 + * 004542ce 3b6c24 40 cmp ebp,dword ptr ss:[esp+0x40] + * 004542d2 0f85 e0000000 jnz .004543b8 + * 004542d8 014424 10 add dword ptr ss:[esp+0x10],eax + * 004542dc 84db test bl,bl + * 004542de 8b7424 20 mov esi,dword ptr ss:[esp+0x20] + * 004542e2 0f84 d0000000 je .004543b8 + * 004542e8 3b6c24 40 cmp ebp,dword ptr ss:[esp+0x40] + * 004542ec 0f85 c6000000 jnz .004543b8 + * 004542f2 33ed xor ebp,ebp + * 004542f4 83c7 02 add edi,0x2 + * 004542f7 834424 18 01 add dword ptr ss:[esp+0x18],0x1 + * 004542fc eb 3c jmp short .0045433a + * 004542fe a1 18ad6c00 mov eax,dword ptr ds:[0x6cad18] + * 00454303 d1e8 shr eax,1 + * 00454305 03f0 add esi,eax + * 00454307 84db test bl,bl + * 00454309 74 03 je short .0045430e + * 0045430b 83c5 01 add ebp,0x1 + */ +bool Insert2RMHook() +{ + const BYTE bytes[] = { + 0x80,0x3f, 0x00, // 0045428d 803f 00 cmp byte ptr ds:[edi],0x0 + 0x0f,0x84, 0xdb,0x00,0x00,0x00, // 00454290 0f84 db000000 je .00454371 + 0x0f,0xb7,0x17, // 00454296 0fb717 movzx edx,word ptr ds:[edi] ; jichi: hook here + 0x8b,0x4c,0x24, 0x10, // 00454299 8b4c24 10 mov ecx,dword ptr ss:[esp+0x10] + 0x52, // 0045429d 52 push edx + 0x89,0x4c,0x24, 0x2c, // 0045429e 894c24 2c mov dword ptr ss:[esp+0x2c],ecx + 0xe8 //, 498a0100 // 004542a2 e8 498a0100 call .0046ccf0 + }; + enum { addr_offset = 0x00454296 - 0x0045428d }; + ULONG range = min(processStopAddress - processStartAddress, MAX_REL_ADDR); + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStartAddress + range); + //GROWL_DWORD(addr); // supposed to be 0x4010e0 + if (!addr) { + ConsoleOutput("2RM: pattern not found"); + return false; + } + + HookParam hp; + hp.address = addr + addr_offset; + hp.offset=get_reg(regs::edi); + hp.type = NO_CONTEXT|DATA_INDIRECT; + ConsoleOutput("INSERT 2RM"); + return NewHook(hp, "2RM"); +} +namespace{ +bool abalone(){ + //鬼孕の学園~スク水少女異種姦凌辱劇~ + BYTE bs[]={ + 0xD8,0x0D,XX4, + 0xd9,0x50,XX, + 0xd9,0x58,XX, + 0xdb,0x44,0x24,XX, + 0xD8,0x0D,XX4, + 0xd9,0x50,XX, + 0xd9,0x58,XX, + 0xdb,0x44,0x24,XX, + 0xD8,0x0D,XX4, + 0xd9,0x50,XX, + 0xd9,0x58,XX, + }; + auto addr=MemDbg::findBytes(bs,sizeof(bs),processStartAddress,processStopAddress); + if(addr==0)return 0; + addr=MemDbg::findEnclosingAlignedFunction(addr); + if(addr==0)return 0; + HookParam hp; + hp.address = addr ; + hp.offset=get_stack(3); + hp.split=get_stack(4); + hp.type = USING_SPLIT; + return NewHook(hp, "abalone"); + +} +} +bool Pensil::attach_function() { + bool _1=ScenarioHook::attach(processStartAddress,processStopAddress); + if(_1)OtherHook::attach(processStartAddress,processStopAddress); + bool _2rm=Insert2RMHook(); + auto _abalone=abalone(); + return InsertPensilHook()|| _1||_2rm||_abalone; +} \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine32/Pensil.h b/cpp/LunaHook/LunaHook/engine32/Pensil.h new file mode 100644 index 00000000..efdbefe1 --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/Pensil.h @@ -0,0 +1,24 @@ + + +class Pensil:public ENGINE{ + public: + Pensil(){ + is_engine_certain=false; + check_by=CHECK_BY::CUSTOM; + check_by_target=[](){ + // jichi 2/28/2015: Delay checking Pensil in case something went wrong + // File pattern observed in [Primula] 大正×対称アリス episode I + // - PSetup.exe no longer exists + // - MovieTexture.dll information shows MovieTex dynamic library, copyright Pensil 2013 + // - ta_trial.exe information shows 2XT - Primula Adventure Engine + return (Util::CheckFile(L"PSetup.exe") || + Util::CheckFile(L"PENCIL.*") || + Util::SearchResourceString(L"2XT -"))|| + Util::CheckFile(L"MovieTexture.dll")|| + ((Util::SearchResourceString(L"2RM") &&Util::SearchResourceString(L"Adventure Engine") ))|| + (Util::CheckFile(L"archive.dat")&&Util::CheckFile(L"bgm.dat")&&Util::CheckFile(L"se.dat")&&Util::CheckFile(L"voice.dat")&&Util::CheckFile(L"save\\syssave.dat"));//鬼孕の学園 スク水少女異種姦凌辱劇 + }; + }; + bool attach_function(); +}; + \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine32/Purple.cpp b/cpp/LunaHook/LunaHook/engine32/Purple.cpp new file mode 100644 index 00000000..40c5a9dd --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/Purple.cpp @@ -0,0 +1,39 @@ +#include"Purple.h" + + +bool Purple::attach_function() { + //夢幻 虚実と真実 + //世界の果ての物語 + const DWORD funcs[] = { + 0xCCCCCCCC, + 0xec8b55, + }; + enum { FunctionCount = sizeof(funcs) / sizeof(*funcs) }; + ULONG addr = MemDbg::findMultiCallerAddress((ULONG)::GetGlyphOutlineA, funcs, FunctionCount, processStartAddress, processStopAddress); + + if (!addr) return false; + if(*(DWORD*)addr==0xCCCCCCCC)addr+=4; + HookParam hp; + hp.address = addr; + hp.offset=get_stack(1); + hp.type = USING_STRING; + + return NewHook(hp, "Purple"); +} + + +bool Purple2::attach_function() { + //はっぴ~ぶり~でぃんぐ https://vndb.org/p132 + //夏色小町 + //はぴぶり いまさら ふぁんでぃすく + ULONG addr = MemDbg::findCallerAddress((ULONG)::TextOutA, 0x90909090 , processStartAddress, processStopAddress); + if (!addr) return false; + addr+=4; + HookParam hp; + hp.address = addr; + hp.offset=get_stack(1); + hp.index=0; + hp.type = DATA_INDIRECT; + + return NewHook(hp, "Purple2"); +} \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine32/Purple.h b/cpp/LunaHook/LunaHook/engine32/Purple.h new file mode 100644 index 00000000..93b45f65 --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/Purple.h @@ -0,0 +1,24 @@ + + +class Purple:public ENGINE{ + public: + Purple(){ + + check_by=CHECK_BY::FILE_ALL; + check_by_target=check_by_list{L"WAIT.TAM",L"data.hed",L"data.dat"}; + + + }; + bool attach_function(); +}; + +class Purple2:public ENGINE{ + public: + Purple2(){ + + check_by=CHECK_BY::FILE_ALL; + check_by_target=check_by_list{L"misc\\*.pk",L"music\\*.px"}; + + }; + bool attach_function(); +}; \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine32/QLIE.cpp b/cpp/LunaHook/LunaHook/engine32/QLIE.cpp new file mode 100644 index 00000000..9530fa90 --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/QLIE.cpp @@ -0,0 +1,996 @@ +#include"QLIE.h" +/** + * jichi 8/18/2013: QLIE identified by GameData/data0.pack + * + * The old hook cannot recognize new games. + */ + +namespace { // unnamed QLIE + +/** +* Artikash 8/1/2018: new QLIE hook. old one misses on https://vndb.org/v22308 and https://vndb.org/v19182 +* ExtTextOut hook misses characters because of font caching +* Method to find H-code: trace call stack from ExtTextOut until missing characters from default hook are found +* /HW-1C*0:-20@base address of pattern +* characterizing pattern: +kimimeza.exe+100D9C - 55 - push ebp +kimimeza.exe+100D9D - 8B EC - mov ebp,esp +kimimeza.exe+100D9F - 83 C4 E4 - add esp,-1C { 228 } +kimimeza.exe+100DA2 - 53 - push ebx +kimimeza.exe+100DA3 - 56 - push esi +kimimeza.exe+100DA4 - 57 - push edi +kimimeza.exe+100DA5 - 33 D2 - xor edx,edx +kimimeza.exe+100DA7 - 89 55 FC - mov [ebp-04],edx +*/ +bool InsertQLIE3Hook() +{ + const BYTE bytes[] = + { + 0x55, + 0x8b, 0xec, + 0x83, 0xc4, 0xe4, + 0x53, + 0x56, + 0x57, + 0x33, 0xd2, + 0x89, 0x55, 0xfc + }; + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStopAddress); + if (!addr) { + ConsoleOutput("QLIE3: pattern not found"); + //ConsoleOutput("Not QLIE2"); + return false; + } + + HookParam hp; + hp.type = CODEC_UTF16 | DATA_INDIRECT | USING_SPLIT; + hp.offset=get_reg(regs::esi); + hp.split=get_reg(regs::edi); + hp.address = addr; + + ConsoleOutput("INSERT QLIE3"); + return NewHook(hp, "QLiE3"); +} +/** + * jichi 8/18/2013: new QLIE hook + * See: http://www.hongfire.com/forum/showthread.php/420362-QLIE-engine-Hcode + * + * Ins: + * 55 8B EC 53 8B 5D 1C + * - 55 push ebp ; hook here + * - 8bec mov ebp, esp + * - 53 push ebx + * - 8B5d 1c mov ebx, dword ptr ss:[ebp+1c] + * + * /HBN14*0@4CC2C4 + * - addr: 5030596 (0x4cc2c4) + * - text_fun: 0x0 + * - function: 0 + * - hook_len: 0 + * - ind: 0 + * - length_offset: 1 + * - module: 0 + * - off: 20 (0x14) + * - recover_len: 0 + * - split: 0 + * - split_ind: 0 + * - type: 1032 (0x408) + */ +bool InsertQLIE2Hook() +{ + const BYTE bytes[] = { // size = 7 + 0x55, // 55 push ebp ; hook here + 0x8b,0xec, // 8bec mov ebp, esp + 0x53, // 53 push ebx + 0x8b,0x5d, 0x1c // 8b5d 1c mov ebx, dword ptr ss:[ebp+1c] + }; + //enum { addr_offset = 0 }; // current instruction is the first one + ULONG range = min(processStopAddress - processStartAddress, MAX_REL_ADDR); + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStartAddress + range); + if (!addr) { + ConsoleOutput("QLIE2: pattern not found"); + //ConsoleOutput("Not QLIE2"); + return false; + } + + HookParam hp; + hp.type = DATA_INDIRECT|NO_CONTEXT; // 0x408 + hp.offset=get_stack(5); + hp.address = addr; + + ConsoleOutput("INSERT QLIE2"); + return NewHook(hp, "QLiE2"); +} + +// jichi: 8/18/2013: Change return type to bool +bool InsertQLIE1Hook() +{ + for (DWORD i = processStartAddress + 0x1000; i < processStopAddress - 4; i++) + if (*(DWORD *)i == 0x7ffe8347) { // inc edi, cmp esi,7f + DWORD t = 0; + for (DWORD j = i; j < i + 0x10; j++) { + if (*(DWORD *)j == 0xa0) { // cmp esi,a0 + t = 1; + break; + } + } + if (t) + for (DWORD j = i; j > i - 0x100; j--) + if (*(DWORD *)j == 0x83ec8b55) { // push ebp, mov ebp,esp, sub esp,* + HookParam hp; + hp.address = j; + hp.offset =get_stack(6); + hp.split =get_reg(regs::esp); + hp.type = DATA_INDIRECT|USING_SPLIT; + ConsoleOutput("INSERT QLIE1"); + return NewHook(hp, "QLiE"); + } + } + + ConsoleOutput("QLIE1: failed"); + //ConsoleOutput("Unknown QLIE engine"); + return false; +} + +} // unnamed QLIE +namespace{ + bool _4(){ + //シスターシスター + //https://vndb.org/v653 + const BYTE bytes[] = { + 0x81,0xFB,0x80,0x00,0x00,0x00, + XX2, + 0x81,0xFB,0xa0,0x00,0x00,0x00, + XX2, + 0x81,0xFB,0xdf,0x00,0x00,0x00, + XX2, + 0x81,0xFB,0xff,0x00,0x00,0x00, + XX2, + }; + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStopAddress); + + if (addr == 0)return false; + const BYTE funcstart[] = { + 0x90,0x55,0x8b,0xec + }; + addr = reverseFindBytes(funcstart, sizeof(funcstart), addr-0x100, addr); + if (addr == 0)return false; + HookParam hp; + hp.address = addr+1 ; + hp.offset = get_stack(6); + hp.type = USING_STRING ; + return NewHook(hp, "QLIE4"); + } + bool _5(){ + //おしかけおさなづま3(3乗) + //School Festa-スクールフェスタ- + const BYTE bytes[] = { + 0x83,0xFF,0x7F, + XX2, + 0x81,0xFf,0xa0,0x00,0x00,0x00, + XX2, + 0x81,0xFf,0xdf,0x00,0x00,0x00, + XX2, + 0x81,0xFf,0xff,0x00,0x00,0x00, + XX2, + }; + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStopAddress); + + if (addr == 0)return false; + addr = findfuncstart(addr); + if (addr == 0)return false; + HookParam hp; + hp.address = addr; + hp.offset=get_reg(regs::ecx); + hp.type = USING_STRING ; + return NewHook(hp, "QLIE5"); + } +} +namespace{ + //(18禁ゲーム) [240426] [ωstar] 美少女万華鏡異聞 雪おんな + bool qlie4(){ + BYTE bytes[]={ + 0x55,0x8b,0xec, + 0x83,0xc4,0xe8, + 0x53,0x56,0x57, + 0x33,0xdb, + 0x89,0x5d,0xe8, + 0x89,0x5d,0xf8, + 0x89,0x4d,0xf0, + 0x89,0x55,0xfc, + 0x8b,0x45,0xfc, + 0xe8,XX4, + 0x33,0xc0, + 0x55, + 0x68,XX4, + 0x64,0xff,0x30, + 0x64,0x89,0x20, + 0x33,0xf6, + 0x8d,0x45,0xf8, + 0x33,0xd2, + 0xe8,XX4, + 0x8b,0x45,0xfc, + 0x85,0xc0, + 0x74,XX, + 0x8b,0xd0, + 0x83,0xea,0x0a, + 0x66,0x83,0x3a,0x02, + 0x74,XX, + 0x8d,0x45,0xfc, + 0x8b,0x55,0xfc + }; + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStopAddress); + if (addr == 0)return false; + HookParam hp; + hp.address = addr; + hp.type = USING_STRING|CODEC_UTF16; + hp.text_fun=[](hook_stack *stack, HookParam *hp, TextBuffer *buffer, uintptr_t *split){ + auto __s=std::wstring_view((wchar_t*)stack->esi); + if(startWith(__s,L"[f,3")){ + *split=2;//history + } + else if(startWith(__s,L"[f,0")){ + *split=1;//text + } + else if(startWith(__s,L"[f,1")){ + *split=0;//name + } + else if(startWith(__s,L"[s,")){ + *split=3;//[s,36,36]「ああああああああああああああああああああああああああああああああああああああああああああああああああああああああああああああああああああああああ」 + } + else if(startWith(__s,L"[pi,")||startWith(__s,L"[rp,")||startWith(__s,L"[rs,")||startWith(__s,L"[rpi,")){ + return; + } + buffer->from(__s); + }; + hp.filter_fun=[](void* data, size_t* len, HookParam* hp){ + //[f,1][rf,1][s,34,34][c,$FFFFFFFF][rc,$FFFFFFFF]雪之進 + //[f,0][rf,0][s,36,36][c,$FFFFFFFF][rc,$FFFFFFFF]一瞬が勝負だ。私は模造刀に手をかけ、立て膝の状態(いわゆる『[rb,座業,すわりわざ]』)で待機していた。 + + auto s = std::wstring((wchar_t*)data,*len/2); + s = std::regex_replace(s, std::wregex(L"\\[rb,(.*?),(.*?)\\]"), L"$1"); + s = std::regex_replace(s, std::wregex(L"\\[(.*?)\\]"), L""); + return write_string_overwrite(data,len,s); + }; + return NewHook(hp, "qlie4"); + } +} +bool InsertQLIEHook() +{ + bool _=_4()||_5(); + return InsertQLIE1Hook() || InsertQLIE2Hook() || qlie4()||InsertQLIE3Hook()||_; + +} + +namespace { // unnamed + +namespace ScenarioHook { +namespace Private { + + template + strT trim(strT text, int *size) + { + //int length = ::strlen(text); + int length = *size; + if (text[0] == '[') { + if (all_ascii(text)) + return nullptr; + if (text[length - 1] == ']' && ::CharPrevA(text, text + length) == text + length - 1) { + length--; + if (text[length - 1] == 'n' && text[length - 2] == '[') + length -= 2; + } + for (int i = 1; i < length; i++) + if ((signed char)text[i] <= 0) { + text += i; + length -= i - 1; + break; + } + length--; // skip the leading '[' + } + *size = length; + return text; + } + + /** + * Sample game: 月に寄りそう乙女の作法2 + * + * + * Name: + * + * 019D7688 5B 66 2C 31 5D 5B 72 66 2C 31 5D 5B 73 2C 32 30 [f,1][rf,1][s,20 + * 019D7698 2C 32 30 5D 5B 63 2C 24 46 46 46 46 46 46 46 46 ,20][c,$FFFFFFFF + * 019D76A8 5D 5B 72 63 2C 24 46 46 46 46 46 46 46 46 5D 81 ][rc,$FFFFFFFF]・ + * 019D76B8 79 8D F7 8F AC 98 48 83 41 83 67 83 8C 81 7A 00 y桜小路アトレ】. + * + * 0012FBCC 0055553D RETURN to .0055553D from .00513234 + * 0012FBD0 0012FDB8 Pointer to next SEH record + * 0012FBD4 005555A5 SE handler + * 0012FBD8 0012FD90 + * 0012FBDC 0E9F72D0 + * 0012FBE0 0E9F72D0 + * 0012FBE4 0A24AA90 + * 0012FBE8 00000000 + * 0012FBEC 00000000 + * 0012FBF0 0C7AE0C8 ASCII "st+cc+tt" + * 0012FBF4 00000000 + * 0012FBF8 00000000 + * 0012FBFC 00000000 + * 0012FC00 00000000 + * 0012FC04 00000000 + * 0012FC08 00000000 + * + * EAX 0E3885A0 + * ECX 00000002 + * EDX 019D7688 + * EBX 0041D17C .0041D17C + * ESP 0012FBCC + * EBP 0012FD90 + * ESI 0A24AA90 + * EDI 0E9F72D0 + * EIP 00513234 .00513234 + * + * + * Dialog's arg4: + * + * 04A9BAD0 48 DB 51 00 B8 BA A9 04 F8 BA A9 04 07 02 00 00 HロQ.クコゥゥ.. + * 04A9BAE0 B8 67 66 00 D0 AF A6 04 00 00 00 00 90 AC A9 04 クgf.ミッヲ....成ゥ + * 04A9BAF0 01 00 00 00 11 00 00 00 30 5F 64 69 61 6C 6F 67 ......0_dialog + * 04A9BB00 6D 65 73 73 61 67 65 2C 30 00 00 00 90 AC A9 04 message,0...成ゥ + * + * Scenario: + * + * 058DC708 5B 66 2C 30 5D 5B 72 66 2C 30 5D 5B 73 2C 32 34 [f,0][rf,0][s,24 + * 058DC718 2C 32 34 5D 5B 63 2C 24 46 46 46 46 46 46 46 46 ,24][c,$FFFFFFFF + * 058DC728 5D 5B 72 63 2C 24 46 46 46 46 46 46 46 46 5D 81 ][rc,$FFFFFFFF]・ + * 058DC738 75 82 CD 82 A2 81 41 82 B1 82 B1 82 CD 93 FA 96 uはい、ここは日・ + * 058DC748 7B 82 C5 82 B7 81 42 8B F3 8D 60 82 CC 90 45 88 {です。空港の職・ + * 058DC758 F5 82 E0 81 41 83 56 83 87 83 62 83 76 82 CC 93 焉Aショップの・ + * 058DC768 58 88 F5 82 E0 81 41 83 8D 83 72 81 5B 82 C9 8D X員も、ロビーに・ + * 058DC778 C0 82 E9 90 6C 82 E0 81 41 93 FA 96 7B 90 6C 82 タる人も、日本人・ + * 058DC788 E7 82 B5 82 AB 90 6C 82 CE 82 A9 82 E8 82 C5 82 轤オき人ばかりで・ + * 058DC798 B7 81 76 00 00 8E 8D 05 01 00 00 00 8C 00 00 00 キ」..詩...・.. + * 058DC7A8 81 75 8D A1 93 FA 82 CD 90 E2 8D 44 82 CC 93 DC 「今日は絶好の曇 + * 058DC7B8 82 E8 8B F3 82 BE 82 E6 81 41 82 C8 82 F1 82 C4 り空だよ、なんて + * 058DC7C8 91 66 93 47 82 C8 96 E9 8B F3 82 BE 82 EB 82 A4 素敵な夜空だろう + * 058DC7D8 81 49 81 40 96 6C 82 CC 8B 41 8D 91 82 C9 8D 87 ! 僕の帰国に合 + * 058DC7E8 82 ED 82 B9 82 C4 91 BE 97 7A 82 F0 89 42 82 B5 わせて太陽を隠し + * + * 0012FBCC 0055553D RETURN to .0055553D from .00513234 + * 0012FBD0 0012FDB8 Pointer to next SEH record + * 0012FBD4 005555A5 SE handler + * 0012FBD8 0012FD90 + * 0012FBDC 0E9F7110 + * 0012FBE0 0E9F7110 + * 0012FBE4 0A24AA90 + * 0012FBE8 00000000 + * 0012FBEC 00000000 + * 0012FBF0 0EA33460 ASCII "st+cc+tt" + * 0012FBF4 00000000 + * 0012FBF8 00000000 + * 0012FBFC 00000000 + * 0012FC00 00000000 + * + * EAX 0E9AD230 + * ECX 00000002 + * EDX 058DC708 + * EBX 0041D17C .0041D17C + * ESP 0012FBCC + * EBP 0012FD90 + * ESI 0A24AA90 + * EDI 0E9F7110 + * EIP 00513234 .00513234 + * + * Backlog: + * FIXME: I don't have a way to distinguish Backlog out. + * + * 0A9775D8 5B 66 2C 32 5D 5B 63 2C 24 46 46 65 64 64 31 66 [f,2][c,$FFedd1f + * 0A9775E8 66 5D 5B 72 63 2C 24 46 46 65 64 64 31 66 66 5D f][rc,$FFedd1ff] + * 0A9775F8 81 75 82 CD 82 A2 81 41 82 B1 82 B1 82 CD 93 FA 「はい、ここは日 + * 0A977608 96 7B 82 C5 82 B7 81 42 8B F3 8D 60 82 CC 90 45 本です。空港の職 + * 0A977618 88 F5 82 E0 81 41 83 56 83 87 83 62 83 76 82 CC 員も、ショップの + * 0A977628 93 58 88 F5 82 E0 81 41 83 8D 83 72 81 5B 82 C9 店員も、ロビーに + * + * EAX 0FF32FE0 + * ECX 00000002 + * EDX 0A9775D8 + * EBX 0041D17C .0041D17C + * ESP 0012FBCC + * EBP 0012FD90 + * ESI 0A909350 + * EDI 0B843690 + * EIP 00513234 .00513234 + * + * 0012FBCC 0055553D RETURN to .0055553D from .00513234 + * 0012FBD0 0012FDB8 Pointer to next SEH record + * 0012FBD4 005555A5 SE handler + * 0012FBD8 0012FD90 + * 0012FBDC 0B843690 + * 0012FBE0 0B843690 + * 0012FBE4 0A909350 + * 0012FBE8 00000000 + * 0012FBEC 00000000 + * 0012FBF0 0FF25558 ASCII ""[f,2][c,$FFedd1ff][rc,$FFedd1ff]"+text" + * 0012FBF4 00000000 + * 0012FBF8 00000000 + * 0012FBFC 00000000 + * + * Sample game ワルキューレロマンツェ more&more (QLiE2): + * Name: + * 0012FB84 00546877 RETURN to .00546877 from .00504AD0 + * 0012FB88 0012FDBC Pointer to next SEH record + * 0012FB8C 00546B1B SE handler + * 0012FB90 0012FD94 + * 0012FB94 11832DC0 + * 0012FB98 11832DC0 + * 0012FB9C 09278EA0 + * 0012FBA0 00000000 + * 0012FBA4 00000000 + * 0012FBA8 00000000 + * 0012FBAC 00000000 + * 0012FBB0 00000000 + * 0012FBB4 00000000 + * + * 0A702400 5B 70 63 2C 94 FC 8D F7 5D 00 00 00 70 B6 6F 0A [pc,美桜]...pカo. + * + * EAX 0C2763E0 ASCII "HHP" + * ECX 00000003 + * EDX 0A702400 + * EBX 0041D168 .0041D168 + * ESP 0012FB84 ASCII "whT" + * EBP 0012FD94 + * ESI 09278EA0 + * EDI 11832DC0 + * EIP 00504AD0 .00504AD0 + * + * Scenario: + * 09E0D7C8 5B 63 2C 24 46 46 46 46 46 46 44 44 5D 5B 72 63 [c,$FFFFFFDD][rc + * 09E0D7D8 2C 24 46 46 46 46 46 46 44 44 5D 81 75 82 A4 82 ,$FFFFFFDD]「う・ + * + * 0012FB84 00546877 RETURN to .00546877 from .00504AD0 + * 0012FB88 0012FDBC Pointer to next SEH record + * 0012FB8C 00546B1B SE handler + * 0012FB90 0012FD94 + * 0012FB94 118314E0 + * 0012FB98 118314E0 + * 0012FB9C 09278EA0 + * 0012FBA0 00000000 + * + * EAX 0A72D820 ASCII "HHP" + * ECX 00000002 + * EDX 09E0D7C8 + * EBX 0041D168 .0041D168 + * ESP 0012FB84 ASCII "whT" + * EBP 0012FD94 + * ESI 09278EA0 + * EDI 118314E0 + * EIP 00504AD0 .00504AD0 + * + * Sample game ワルキューレロマンツェ (QLiE1): + * Garbage: + * 0A5115D0 83 56 83 69 83 8A 83 49 5C 8B A4 92 CA 5C 6B 79 シナリオ\共通\ky + * 0A5115E0 6F 5F 30 30 31 5F 30 30 2E 73 00 00 50 FF 50 0A o_001_00.s..PP. + * + * Name: + * 0012FB84 00544913 RETURN to .00544913 from .004FFB04 + * 0012FB88 0012FDBC Pointer to next SEH record + * 0012FB8C 00544BB1 SE handler + * 0012FB90 0012FD94 + * 0012FB94 01A139A8 + * 0012FB98 01A139A8 + * 0012FB9C 07D35D00 + * 0012FBA0 00000000 + * + * EAX 0C303340 + * ECX 00000003 + * EDX 0ED8A620 + * EBX 0041D6A8 .0041D6A8 + * ESP 0012FB84 + * EBP 0012FD94 + * ESI 07D35D00 + * EDI 01A139A8 + * EIP 004FFB04 .004FFB04 + * + * 01A139A8 60 27 52 00 00 00 00 00 00 00 00 00 00 00 80 3F `'R...........€? + * 01A139B8 00 00 80 3F 00 00 00 00 00 00 00 00 00 00 80 3F ..€?..........€? + * 01A139C8 00 00 00 00 48 D9 14 0A 68 D9 14 0A 07 02 00 00 ....Hル.hル... + * 01A139D8 3C F1 07 00 93 9A 5C 00 1C 01 00 00 F4 01 00 00 <・.答\...・.. + * 01A139E8 40 33 30 0C A0 D9 A0 01 C0 29 52 00 00 00 00 00 @30.ルタ)R..... + * 01A139F8 00 00 00 00 00 00 80 3F 00 00 80 3F 00 00 00 00 ......€?..€?.... + * + * Scenario: + * 0012FB84 00544913 RETURN to .00544913 from .004FFB04 + * 0012FB88 0012FDBC Pointer to next SEH record + * 0012FB8C 00544BB1 SE handler + * 0012FB90 0012FD94 + * 0012FB94 01A13960 ; jichi: type string is saved here in edi and arg4/arg5 + * 0012FB98 01A13960 + * 0012FB9C 07D35D00 + * 0012FBA0 00000000 + * + * 0A14D7C8 30 5F 4D 65 73 73 61 67 65 54 65 78 74 2C 30 00 0_MessageText,0. + * + * EAX 0C308500 + * ECX 00000006 + * EDX 0B100590 + * EBX 0041D6A8 .0041D6A8 + * ESP 0012FB84 + * EBP 0012FD94 + * ESI 07D35D00 + * EDI 01A13960 + * EIP 004FFB04 .004FFB04 + * + * + * 01A13960 60 27 52 00 00 00 00 00 00 00 00 00 00 00 80 3F `'R...........€? + * 01A13970 00 00 80 3F 00 00 00 00 00 00 00 00 00 00 80 3F ..€?..........€? + * 01A13980 00 00 00 00 C8 D7 14 0A A8 D8 14 0A 07 02 00 00 ....ネラ.ィリ... + * 01A13990 34 90 3F 00 BE 0A 5B 00 D3 02 00 00 EC 01 00 00 4・.セ.[.モ..・.. + * 01A139A0 00 85 30 0C A0 D9 A0 01 60 27 52 00 00 00 00 00 .・.ル`'R..... + * 01A139B0 00 00 00 00 00 00 80 3F 00 00 80 3F 00 00 00 00 ......€?..€?.... + * + * 0A14D948 30 5F 4E 61 6D 65 54 65 78 74 2C 30 00 00 00 00 0_NameText,0.... + */ + + /** + * Known Type strings + * These strings seems to be different for different games + * + * ワルキューレロマンツェ(QLiE1) + * 七つのふしぎの終わるとき (QLiE1) + * + * 0_NameText,0 + * 0_MessageText,0 + * 0_Message,0 + * + * ワルキューレロマンツェ More&More (QLiE2) + * 0_nametext,0 + * 0_imo_message,0 + * + * 月に寄りそう乙女の作法2 (QLiE2): + * 0_dialogmessage,0 + * $windowapril + * fontsize:30:30 + * + */ + + struct TextArgument // root at [edx - 4] + { + DWORD size; // in [edx-4] + char text[1]; // in edx + + bool isValid() const + { + return text && size + && Engine::isAddressReadable(text, size) + && ::strlen(text) == size; + } + }; + + struct TypeArgument + { + DWORD unknown[8]; // 0x20 + + DWORD textFlag; // +0x20, 0 for QLiE1, 1 for QLie2 + LPCSTR textAddress; // for QLiE1 + char textData[1]; // for QLiE2 + + LPCSTR text() const + { + if (textFlag == 0) // QLiE1 + return Engine::isAddressReadable(textAddress) ? textAddress : nullptr; + else // QLiE2 + return textData; + } + + // Return UnknownRole(0) if not sure + Engine::TextRole role() const + { + if (textFlag > 0xff) + return Engine::OtherRole; + LPCSTR t = text(); + if (!t || !*t) + return Engine::UnknownRole; + for (int i = 0; t[i]; i++) { + if (i > 0x40) // text too large + return Engine::OtherRole; + BYTE ch = t[0]; + if (ch <= 32 || ch > 127) // non-printable or not ascii + return Engine::OtherRole; + } + + // Convert to lower case + std::string s = stolower(std::string(t)); + t = s.c_str(); + + if (::strchr(t, '_')) { + // QLiE2 + if (::strstr(t, "_imo_message,")) + return Engine::ScenarioRole; + if (::strstr(t, "_dialogmessage,")) + return Engine::OtherRole; + + // QLiE1 + if (::strstr(t, "_messagetext,")) + return Engine::ScenarioRole; + + if (::strstr(t, "_nametext,")) + return Engine::NameRole; + if (::strstr(t, "_message,") || // this is ambiguous and will overwrite imo_message + ::strstr(t, "_statetext,") || + //::strstr(t, "_databutton,") || + //::strstr(t, "_selectbutton,") || + ::strstr(t, "button,")) + return Engine::OtherRole; + } + + if (s.find_first_of(".[!@*\\") != std::string::npos) + return Engine::OtherRole; + + //DOUT("unknown text type:" << t); + return Engine::UnknownRole; + } + }; + int trimmedSize;char*trimmedText; + int endtype; + void hookBefore(hook_stack *s, HookParam *hp, TextBuffer *buffer, uintptr_t *role) + { + + auto arg = (TextArgument *)(s->edx - 4); + if (!arg->isValid()) + return ; + trimmedSize = arg->size; + trimmedText = trim(arg->text, &trimmedSize); + if (trimmedSize <= 0 || !trimmedText || !*trimmedText) + return ; + + if (::strstr(arg->text, "\x82\xa0\x82\xa0\x82\xa0\x82\xa0\x82\xa0")) /* Skip text containing あああああ */ + return ; + + if (all_ascii(trimmedText)) // This is optional, but I don't want to translate English + return ; + //role = Engine::OtherRole; + + enum { sig = 0 }; + * role = Engine::ScenarioRole; + + enum : uint16_t { + w_name_open = 0x7981, /* 【 */ + w_name_close = 0x7a81 /* 】 */ + }; + + // if (trimmedText[trimmedSize]) // text ending withb ']' is other text + // *role = Engine::OtherRole; + { + std::string oldData(trimmedText, trimmedSize); + endtype=0; + if(oldData.size()>3&&oldData.substr(oldData.size()-3)=="[n]"){ + endtype=1;trimmedSize-=3; + + }else if(oldData.size()>3&&oldData.substr(oldData.size()-3)=="[c]"){ + endtype=2;trimmedSize-=3; + } + } + + if (trimmedSize > 4 + && w_name_open == *(uint16_t *)trimmedText + && w_name_close == *(uint16_t *)(trimmedText + trimmedSize - 2)) { + trimmedText += 2; + trimmedSize -= 4; + if (*role == Engine::ScenarioRole) + *role = Engine::NameRole; // FIXME: This name recognition logic does not work for ワルキューレロマンツェ + } + + + // Skip sjis 名前 = 96bc914f + if (0 == ::strncmp(trimmedText, "\x96\xbc\x91\x4f", trimmedSize)) + return ; +/* + if (s->stack[4] == s->stack[5]) { // && s->edi == s->stack[4] + auto t = (TypeArgument *)s->stack[4]; + if (Engine::isAddressReadable(t)) { + //if (!t->isValid()) + // return true; + if (auto r = t->role()) + *role = r; + } + } +*/ + //auto split = s->stack[0]; // retaddr is always the same anyway + + buffer->from(trimmedText, trimmedSize); + } + void hookafter(hook_stack*s,void* data1, size_t len) + { + std::string newData=std::string((char*)data1,len); + + auto arg = (TextArgument *)(s->edx - 4); + int prefixSize = trimmedText - arg->text, + suffixSize = arg->size - prefixSize - trimmedSize; + if (prefixSize) + newData.insert(0,std::string(arg->text, prefixSize)); + if (suffixSize) + newData.append(trimmedText + trimmedSize, suffixSize); + if(endtype==1) + newData=newData+"[n]"; + else if(endtype==2) + newData=newData+"[c]"; + static std::string data_; + data_ = newData; + s->edx = (ULONG)data_.c_str(); // reset arg1 + *(DWORD *)(s->edx - 4) = data_.size(); + //arg->size = data_.size(); // no idea why this will crash ... + + //*(DWORD *)(s->edx - 4) = newData.size() + trimmedText - text; + //::strcpy(trimmedText, newData.constData()); + } +} // namespace Private + +/** + * Sample game: 月に寄りそう乙女の作法2 + * See: http://capita.tistory.com/m/post/236 + * + * This function is not aligned. + * Text in edx. Length in [edx - 4] + * + * 00513234 55 PUSH EBP + * 00513235 8BEC MOV EBP,ESP + * 00513237 6A 00 PUSH 0x0 + * 00513239 53 PUSH EBX + * 0051323A 56 PUSH ESI + * 0051323B 8BF2 MOV ESI,EDX + * 0051323D 8BD8 MOV EBX,EAX + * 0051323F 33C0 XOR EAX,EAX + * 00513241 55 PUSH EBP + * 00513242 68 AD325100 PUSH .005132AD + * 00513247 64:FF30 PUSH DWORD PTR FS:[EAX] + * 0051324A 64:8920 MOV DWORD PTR FS:[EAX],ESP + * 0051324D 80BB 0A160000 00 CMP BYTE PTR DS:[EBX+0x160A],0x0 ; jichi: can be used as pattern to distinguish QLiE1/2 + * 00513254 74 07 JE SHORT .0051325D + * 00513256 8BC3 MOV EAX,EBX + * 00513258 8B10 MOV EDX,DWORD PTR DS:[EAX] + * 0051325A FF52 24 CALL DWORD PTR DS:[EDX+0x24] + * 0051325D 8BC3 MOV EAX,EBX + * 0051325F E8 98C1FFFF CALL .0050F3FC + * 00513264 84C0 TEST AL,AL + * 00513266 74 07 JE SHORT .0051326F + * 00513268 8BC3 MOV EAX,EBX + * 0051326A 8B10 MOV EDX,DWORD PTR DS:[EAX] + * 0051326C FF52 24 CALL DWORD PTR DS:[EDX+0x24] + * 0051326F 8D4D FC LEA ECX,DWORD PTR SS:[EBP-0x4] + * 00513272 8BD6 MOV EDX,ESI + * 00513274 8BC3 MOV EAX,EBX + * 00513276 E8 5D310000 CALL .005163D8 + * 0051327B 8B55 FC MOV EDX,DWORD PTR SS:[EBP-0x4] + * 0051327E 8BC3 MOV EAX,EBX + * 00513280 E8 1B100000 CALL .005142A0 + * 00513285 8BC3 MOV EAX,EBX + * 00513287 E8 5C300000 CALL .005162E8 + * 0051328C 85C0 TEST EAX,EAX + * 0051328E 75 07 JNZ SHORT .00513297 + * 00513290 8BC3 MOV EAX,EBX + * 00513292 E8 B1070000 CALL .00513A48 + * 00513297 33C0 XOR EAX,EAX + * 00513299 5A POP EDX + * 0051329A 59 POP ECX + * 0051329B 59 POP ECX + * 0051329C 64:8910 MOV DWORD PTR FS:[EAX],EDX + * 0051329F 68 B4325100 PUSH .005132B4 + * 005132A4 8D45 FC LEA EAX,DWORD PTR SS:[EBP-0x4] + * 005132A7 E8 F421EFFF CALL .004054A0 + * 005132AC C3 RETN + * 005132AD ^E9 A21AEFFF JMP .00404D54 + * 005132B2 ^EB F0 JMP SHORT .005132A4 + * 005132B4 5E POP ESI + * 005132B5 5B POP EBX + * 005132B6 59 POP ECX + * 005132B7 5D POP EBP + * 005132B8 C3 RETN + * 005132B9 8D40 00 LEA EAX,DWORD PTR DS:[EAX] + * 005132BC 55 PUSH EBP + * 005132BD 8BEC MOV EBP,ESP + * 005132BF 8B45 08 MOV EAX,DWORD PTR SS:[EBP+0x8] + * 005132C2 8B40 FC MOV EAX,DWORD PTR DS:[EAX-0x4] + * 005132C5 80B8 6F180000 00 CMP BYTE PTR DS:[EAX+0x186F],0x0 + * 005132CC 74 23 JE SHORT .005132F1 + * 005132CE A1 C8EA5700 MOV EAX,DWORD PTR DS:[0x57EAC8] + * 005132D3 8B80 FC020000 MOV EAX,DWORD PTR DS:[EAX+0x2FC] + * 005132D9 8B15 C8EA5700 MOV EDX,DWORD PTR DS:[0x57EAC8] ; .00586178 + * 005132DF 8B92 E8020000 MOV EDX,DWORD PTR DS:[EDX+0x2E8] + * 005132E5 3BD0 CMP EDX,EAX + * 005132E7 7C 02 JL SHORT .005132EB + * 005132E9 8BC2 MOV EAX,EDX + * 005132EB 0105 B8E45700 ADD DWORD PTR DS:[0x57E4B8],EAX + * 005132F1 5D POP EBP + * 005132F2 C3 RETN + * 005132F3 90 NOP + * 005132F4 55 PUSH EBP + * 005132F5 8BEC MOV EBP,ESP + * 005132F7 53 PUSH EBX + * 005132F8 8B5D 08 MOV EBX,DWORD PTR SS:[EBP+0x8] + * ... + * + * {00528988(E9 73 FC 04 00 90),00578600(8D 45 FC 8B 4D FC 66 81 39 81 79 74 05 90 90 90 90 90 E9 77 03 FB FF)} + * {00528988(E9 73 FC 04 00 90),005785FE(EB 27 8D 45 FC 8B 4D FC 66 81 39 81 79 74 0A 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 68 8E 89 52 00 C3)} + * + * FORCEFONT(5),FONT(Gulim,-13),ENCODEKOR,HOOK(0x00513234,TRANS(EDX,LEN(-4),PTRCHEAT),RETNPOS(COPY)),HOOK(0x0057860D,TRANS(ECX,LEN(-4),PTRCHEAT),RETNPOS(SOURCE)) + * + * Character handled here, which is not used: + * 00528969 74 28 JE SHORT .00528993 + * 0052896B 3C 09 CMP AL,0x9 + * 0052896D 74 24 JE SHORT .00528993 + * 0052896F 3C 2F CMP AL,0x2F + * 00528971 74 20 JE SHORT .00528993 + * 00528973 3C 40 CMP AL,0x40 + * 00528975 74 1C JE SHORT .00528993 + * 00528977 8D45 E8 LEA EAX,DWORD PTR SS:[EBP-0x18] + * 0052897A 8D93 49010000 LEA EDX,DWORD PTR DS:[EBX+0x149] + * 00528980 E8 7FCDEDFF CALL .00405704 + * 00528985 8B55 E8 MOV EDX,DWORD PTR SS:[EBP-0x18] + * 00528988 8D45 FC LEA EAX,DWORD PTR SS:[EBP-0x4] ; jichi: 2-byte character in ecx + * 0052898B 8B4D FC MOV ECX,DWORD PTR SS:[EBP-0x4] + * 0052898E E8 25CEEDFF CALL .004057B8 + * 00528993 8D83 4C020000 LEA EAX,DWORD PTR DS:[EBX+0x24C] + * 00528999 8B55 FC MOV EDX,DWORD PTR SS:[EBP-0x4] + * 0052899C E8 53CBEDFF CALL .004054F4 + * 005289A1 8B83 4C020000 MOV EAX,DWORD PTR DS:[EBX+0x24C] + * 005289A7 85C0 TEST EAX,EAX + * 005289A9 74 05 JE SHORT .005289B0 + * 005289AB 83E8 04 SUB EAX,0x4 + * 005289AE 8B00 MOV EAX,DWORD PTR DS:[EAX] + * 005289B0 8983 50020000 MOV DWORD PTR DS:[EBX+0x250],EAX + * 005289B6 C645 F7 01 MOV BYTE PTR SS:[EBP-0x9],0x1 + * 005289BA 33C0 XOR EAX,EAX + * 005289BC 5A POP EDX + * 005289BD 59 POP ECX + * 005289BE 59 POP ECX + * 005289BF 64:8910 MOV DWORD PTR FS:[EAX],EDX + * 005289C2 68 E4895200 PUSH .005289E4 + * 005289C7 8D45 E8 LEA EAX,DWORD PTR SS:[EBP-0x18] + * 005289CA BA 03000000 MOV EDX,0x3 + * 005289CF E8 F0CAEDFF CALL .004054C4 + * 005289D4 8D45 FC LEA EAX,DWORD PTR SS:[EBP-0x4] + * 005289D7 E8 C4CAEDFF CALL .004054A0 + * 005289DC C3 RETN + * 005289DD ^E9 72C3EDFF JMP .00404D54 + * 005289E2 ^EB E3 JMP SHORT .005289C7 + * 005289E4 0FB645 F7 MOVZX EAX,BYTE PTR SS:[EBP-0x9] + * 005289E8 5F POP EDI + * 005289E9 5E POP ESI + * 005289EA 5B POP EBX + * 005289EB 8BE5 MOV ESP,EBP + * 005289ED 5D POP EBP + * 005289EE C3 RETN + * 005289EF 90 NOP + * 005289F0 55 PUSH EBP + * 005289F1 8BEC MOV EBP,ESP + * 005289F3 83C4 F8 ADD ESP,-0x8 + * 005289F6 53 PUSH EBX + * + * Sample game: ワルキューレロマンツェ (QLiE1) + * + * This function is found by looking all all matches of the following pattern + * And then lookup up for push ebp + * 005132E5 3BD0 CMP EDX,EAX + * 005132E7 7C 02 JL SHORT .005132EB + * 005132E9 8BC2 MOV EAX,EDX + * + * 004FFB04 55 PUSH EBP + * 004FFB05 8BEC MOV EBP,ESP + * 004FFB07 6A 00 PUSH 0x0 + * 004FFB09 53 PUSH EBX + * 004FFB0A 56 PUSH ESI + * 004FFB0B 8BF2 MOV ESI,EDX + * 004FFB0D 8BD8 MOV EBX,EAX + * 004FFB0F 33C0 XOR EAX,EAX + * 004FFB11 55 PUSH EBP + * 004FFB12 68 7DFB4F00 PUSH .004FFB7D + * 004FFB17 64:FF30 PUSH DWORD PTR FS:[EAX] + * 004FFB1A 64:8920 MOV DWORD PTR FS:[EAX],ESP + * 004FFB1D 80BB FA150000 00 CMP BYTE PTR DS:[EBX+0x15FA],0x0 + * 004FFB24 74 07 JE SHORT .004FFB2D + * 004FFB26 8BC3 MOV EAX,EBX + * 004FFB28 8B10 MOV EDX,DWORD PTR DS:[EAX] + * 004FFB2A FF52 1C CALL DWORD PTR DS:[EDX+0x1C] + * 004FFB2D 8BC3 MOV EAX,EBX + * 004FFB2F E8 04CFFFFF CALL .004FCA38 + * 004FFB34 84C0 TEST AL,AL + * 004FFB36 74 07 JE SHORT .004FFB3F + * 004FFB38 8BC3 MOV EAX,EBX + * 004FFB3A 8B10 MOV EDX,DWORD PTR DS:[EAX] + * 004FFB3C FF52 1C CALL DWORD PTR DS:[EDX+0x1C] + * 004FFB3F 8D4D FC LEA ECX,DWORD PTR SS:[EBP-0x4] + * 004FFB42 8BD6 MOV EDX,ESI + * 004FFB44 8BC3 MOV EAX,EBX + * 004FFB46 E8 69320000 CALL .00502DB4 + * 004FFB4B 8B55 FC MOV EDX,DWORD PTR SS:[EBP-0x4] + * 004FFB4E 8BC3 MOV EAX,EBX + * 004FFB50 E8 23120000 CALL .00500D78 + * 004FFB55 8BC3 MOV EAX,EBX + * 004FFB57 E8 58310000 CALL .00502CB4 + * 004FFB5C 85C0 TEST EAX,EAX + * 004FFB5E 75 07 JNZ SHORT .004FFB67 + * 004FFB60 8BC3 MOV EAX,EBX + * 004FFB62 E8 5D070000 CALL .005002C4 + * 004FFB67 33C0 XOR EAX,EAX + * 004FFB69 5A POP EDX + * 004FFB6A 59 POP ECX + * 004FFB6B 59 POP ECX + * 004FFB6C 64:8910 MOV DWORD PTR FS:[EAX],EDX + * 004FFB6F 68 84FB4F00 PUSH .004FFB84 + * 004FFB74 8D45 FC LEA EAX,DWORD PTR SS:[EBP-0x4] + * 004FFB77 E8 5859F0FF CALL .004054D4 + * 004FFB7C C3 RETN + * 004FFB7D ^E9 0652F0FF JMP .00404D88 + * 004FFB82 ^EB F0 JMP SHORT .004FFB74 + * 004FFB84 5E POP ESI + * 004FFB85 5B POP EBX + * 004FFB86 59 POP ECX + * 004FFB87 5D POP EBP + * 004FFB88 C3 RETN + * 004FFB89 8D40 00 LEA EAX,DWORD PTR DS:[EAX] + * 004FFB8C 55 PUSH EBP + * 004FFB8D 8BEC MOV EBP,ESP + * 004FFB8F 8B45 08 MOV EAX,DWORD PTR SS:[EBP+0x8] + * 004FFB92 8B40 FC MOV EAX,DWORD PTR DS:[EAX-0x4] + * 004FFB95 80B8 4F180000 00 CMP BYTE PTR DS:[EAX+0x184F],0x0 + * 004FFB9C 74 23 JE SHORT .004FFBC1 + * 004FFB9E A1 E4CA5600 MOV EAX,DWORD PTR DS:[0x56CAE4] + * 004FFBA3 8B80 CC020000 MOV EAX,DWORD PTR DS:[EAX+0x2CC] + * 004FFBA9 8B15 E4CA5600 MOV EDX,DWORD PTR DS:[0x56CAE4] ; .005740E8 + * 004FFBAF 8B92 B8020000 MOV EDX,DWORD PTR DS:[EDX+0x2B8] + * 004FFBB5 3BD0 CMP EDX,EAX + * 004FFBB7 7C 02 JL SHORT .004FFBBB + * 004FFBB9 8BC2 MOV EAX,EDX + * 004FFBBB 0105 64C45600 ADD DWORD PTR DS:[0x56C464],EAX + * 004FFBC1 5D POP EBP + * 004FFBC2 C3 RETN + * 004FFBC3 90 NOP + */ +bool attach(ULONG startAddress, ULONG stopAddress) +{ + // QLiE1 + // 004FFB1D 80BB FA150000 00 CMP BYTE PTR DS:[EBX+0x15FA],0x0 + // QLiE2 + // 0051324D 80BB 0A160000 00 CMP BYTE PTR DS:[EBX+0x160A],0x0 ; jichi: instruction used as pattern + + const uint8_t bytes[] = { // i.e. 3BD0 7C 02 8BC2 0105 + 0x3B,0xD0, // 004FFBB5 3BD0 CMP EDX,EAX + 0x7C, 0x02, // 004FFBB7 7C 02 JL SHORT .004FFBBB + 0x8B,0xC2, // 004FFBB9 8BC2 MOV EAX,EDX + 0x01,0x05 //64C45600 // 004FFBBB 0105 64C45600 ADD DWORD PTR DS:[0x56C464],EAX + }; + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), startAddress, stopAddress); + if (!addr) + return false; + // 00513234 55 PUSH EBP ; jichi: hook here + // 00513235 8BEC MOV EBP,ESP + // 00513237 6A 00 PUSH 0x0 + // 00513239 53 PUSH EBX + // 0051323A 56 PUSH ESI + enum : DWORD { sig = 0x6aec8b55 }; + enum { AlignedStep = 1 }; // function not aligned + addr = MemDbg::findEnclosingFunctionBeforeDword(sig, addr, MemDbg::MaximumFunctionSize, AlignedStep); + if (!addr) + return false; + HookParam hp; + hp.address=addr; + hp.text_fun=Private::hookBefore; + hp.hook_after=Private::hookafter; + hp.newlineseperator=L"[n]"; + hp.type=EMBED_ABLE|EMBED_DYNA_SJIS|USING_STRING|NO_CONTEXT; + hp.hook_font=F_ExtTextOutA|F_GetTextExtentPoint32A; + hp.filter_fun=[](void* data, size_t* len, HookParam* hp){ + write_string_overwrite(data,len,std::regex_replace(std::string((char*)data,*len), std::regex("\\[rb,(.*?),.+\\]"), "$1")); + return true; + }; + return NewHook(hp,"EmbedQLIE"); +} + +} // namespace ScenarioHook + +} // unnamed namespace + +bool QLIE::attach_function() { + auto embed=ScenarioHook::attach(processStartAddress, processStopAddress); + return InsertQLIEHook()||embed; +} \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine32/QLIE.h b/cpp/LunaHook/LunaHook/engine32/QLIE.h new file mode 100644 index 00000000..a30441a9 --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/QLIE.h @@ -0,0 +1,14 @@ + + +class QLIE:public ENGINE{ + public: + QLIE(){ + + check_by=CHECK_BY::FILE; + check_by_target=L"GameData\\*.pack"; + // jichi 12/25/2013: It may or may not be QLIE. + // AlterEgo also has GameData/sound.pack but is not QLIE + is_engine_certain=false; + }; + bool attach_function(); +}; \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine32/RPGMaker.cpp b/cpp/LunaHook/LunaHook/engine32/RPGMaker.cpp new file mode 100644 index 00000000..30b7d617 --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/RPGMaker.cpp @@ -0,0 +1,41 @@ +#include "RPGMaker.h" +// https://www.dlsite.com/maniax/work/=/product_id/RJ01240121.html +// ネクロマリア + +bool RPGMaker::attach_function() +{ + BYTE bytes2[] = { + 0x81, 0xf9, 0xff, 0xff, 0xff, 0x7f, + XX2, + 0xb9, 0xff, 0xff, 0xff, 0x7f, + XX2, + 0x8b, 0xc2, + 0xd1, 0xe8, + 0x89, 0x45, 0x0c, + 0xb8, 0xff, 0xff, 0xff, 0x7f, + 0x2b, 0x45, 0x0c, + 0x3b, 0xd0, + XX2, + 0xb9, 0xff, 0xff, 0xff, 0x7f}; + auto addr = MemDbg::findBytes(bytes2, sizeof(bytes2), processStartAddress, processStopAddress); + if (!addr) + return false; + addr = MemDbg::findEnclosingAlignedFunction(addr, 0x100); + if (!addr) + return false; + HookParam hp; + hp.address = addr; + hp.type = USING_STRING | CODEC_UTF8; + hp.offset=get_stack(1); + hp.length_offset=2; + hp.filter_fun = [](LPVOID data, size_t *size, HookParam *) + { + if (all_ascii((char *)data, *size)) + return false; + std::string result = std::string((char *)data, *size); + result = std::regex_replace(result, std::regex(R"(@c\[\](.*?)@c\[\])"), "$1"); + return write_string_overwrite(data, size, result); + }; + + return NewHook(hp, "RPGMaker"); +} \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine32/RPGMaker.h b/cpp/LunaHook/LunaHook/engine32/RPGMaker.h new file mode 100644 index 00000000..91158b1c --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/RPGMaker.h @@ -0,0 +1,18 @@ + + +class RPGMaker : public ENGINE +{ +public: + RPGMaker() + { + + check_by = CHECK_BY::CUSTOM; + check_by_target = []() + { + auto s = check_by_list{L"data/game.dat", L"data/psl.dat", L"data/scenario.dat", L"data/system.dat"}; + return (wcscmp(processName_lower, L"game.dat") == 0) && std::all_of(s.begin(), s.end(), Util::CheckFile); + }; + is_engine_certain = false; + }; + bool attach_function(); +}; diff --git a/cpp/LunaHook/LunaHook/engine32/RPGMakerRGSS3.cpp b/cpp/LunaHook/LunaHook/engine32/RPGMakerRGSS3.cpp new file mode 100644 index 00000000..fea80ec5 --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/RPGMakerRGSS3.cpp @@ -0,0 +1,1440 @@ +#include "RPGMakerRGSS3.h" +namespace +{ // unnamed + + namespace RGSS3 + { + + namespace Private + { + std::vector glob(const std::wstring &relpath) + { + std::wstring path = std::wstring(MAX_PATH, 0); + GetModuleFileNameW(nullptr, &path[0], MAX_PATH); + + size_t i = relpath.rfind(L'/'); + if (i != std::wstring::npos) + { + std::wstring dir_path = path + L"/" + relpath.substr(0, i); + WIN32_FIND_DATAW find_data; + HANDLE hFind = FindFirstFileW((dir_path + L"/*").c_str(), &find_data); + if (hFind == INVALID_HANDLE_VALUE) + return {}; + + std::vector results; + do + { + if ((find_data.dwFileAttributes & FILE_ATTRIBUTE_DIRECTORY) || + PathMatchSpecW(find_data.cFileName, relpath.substr(i + 1).c_str())) + { + results.push_back(dir_path + L"/" + find_data.cFileName); + } + } while (FindNextFileW(hFind, &find_data)); + FindClose(hFind); + + return results; + } + else + { + WIN32_FIND_DATAW find_data; + HANDLE hFind = FindFirstFileW(relpath.c_str(), &find_data); + if (hFind == INVALID_HANDLE_VALUE) + return {}; + + std::vector results; + do + { + if (!(find_data.dwFileAttributes & FILE_ATTRIBUTE_DIRECTORY)) + results.push_back(find_data.cFileName); + } while (FindNextFileW(hFind, &find_data)); + FindClose(hFind); + + return results; + } + } + std::wstring getDllModuleName() + { + for (const auto &dll : glob(L"System/RGSS3*.dll")) + if (::GetModuleHandleW((LPCWSTR)dll.c_str())) + return dll; + return {}; + } + + } // namespace Private + + bool getMemoryRange(ULONG *startAddress, ULONG *stopAddress) + { + std::wstring module = Private::getDllModuleName(); + if (module.empty()) + return false; + auto [_1, _2] = Util::QueryModuleLimits(GetModuleHandle(module.c_str())); + *startAddress = _1; + *stopAddress = _2; + return 1; + } + + namespace ScenarioHook + { + + /** + * Sample game: + * - Mogeko Castle with RGSS 3.01 + * - 魔鎧の少女騎士エルトリンデ with RGSS 3.02 + * + * 1004149D CC INT3 + * 1004149E CC INT3 + * 1004149F CC INT3 + * 100414A0 8B4C24 08 MOV ECX,DWORD PTR SS:[ESP+0x8] + * 100414A4 8BC1 MOV EAX,ECX + * 100414A6 E8 75030500 CALL RGSS301.10091820 + * 100414AB 83F8 05 CMP EAX,0x5 + * 100414AE 74 19 JE SHORT RGSS301.100414C9 + * 100414B0 68 649D1A10 PUSH RGSS301.101A9D64 ; ASCII "to_str" + * 100414B5 68 74931A10 PUSH RGSS301.101A9374 ; ASCII "String" + * 100414BA 6A 05 PUSH 0x5 + * 100414BC 51 PUSH ECX + * 100414BD E8 AE2FFFFF CALL RGSS301.10034470 + * 100414C2 83C4 10 ADD ESP,0x10 + * 100414C5 894424 08 MOV DWORD PTR SS:[ESP+0x8],EAX + * 100414C9 53 PUSH EBX + * 100414CA 55 PUSH EBP + * 100414CB 56 PUSH ESI + * 100414CC 8B7424 10 MOV ESI,DWORD PTR SS:[ESP+0x10] + * 100414D0 57 PUSH EDI + * 100414D1 8B7C24 18 MOV EDI,DWORD PTR SS:[ESP+0x18] + * 100414D5 57 PUSH EDI + * 100414D6 56 PUSH ESI + * 100414D7 E8 B4490100 CALL RGSS301.10055E90 + * 100414DC 8BE8 MOV EBP,EAX + * 100414DE 8B06 MOV EAX,DWORD PTR DS:[ESI] + * 100414E0 83C4 08 ADD ESP,0x8 + * 100414E3 A9 00200000 TEST EAX,0x2000 + * 100414E8 75 08 JNZ SHORT RGSS301.100414F2 + * 100414EA C1E8 0E SHR EAX,0xE + * 100414ED 83E0 1F AND EAX,0x1F + * 100414F0 EB 03 JMP SHORT RGSS301.100414F5 + * 100414F2 8B46 08 MOV EAX,DWORD PTR DS:[ESI+0x8] + * 100414F5 8B0F MOV ECX,DWORD PTR DS:[EDI] + * 100414F7 F7C1 00200000 TEST ECX,0x2000 + * 100414FD 75 08 JNZ SHORT RGSS301.10041507 + * 100414FF C1E9 0E SHR ECX,0xE + * 10041502 83E1 1F AND ECX,0x1F + * 10041505 EB 03 JMP SHORT RGSS301.1004150A + * 10041507 8B4F 08 MOV ECX,DWORD PTR DS:[EDI+0x8] + * 1004150A 8D3401 LEA ESI,DWORD PTR DS:[ECX+EAX] + * 1004150D A1 70C02A10 MOV EAX,DWORD PTR DS:[0x102AC070] + * 10041512 50 PUSH EAX + * 10041513 33FF XOR EDI,EDI + * 10041515 E8 B64EFFFF CALL RGSS301.100363D0 + * 1004151A 8B5424 18 MOV EDX,DWORD PTR SS:[ESP+0x18] ; jichi: edx = arg1 on the stack + * 1004151E 8BD8 MOV EBX,EAX + * 10041520 8B02 MOV EAX,DWORD PTR DS:[EDX] ; jichi: eax = ecx = [arg1] + * 10041522 8BC8 MOV ECX,EAX + * 10041524 83C4 04 ADD ESP,0x4 + * 10041527 81E1 00200000 AND ECX,0x2000 + * 1004152D 75 08 JNZ SHORT RGSS301.10041537 + * 1004152F C1E8 0E SHR EAX,0xE + * 10041532 83E0 1F AND EAX,0x1F + * 10041535 EB 03 JMP SHORT RGSS301.1004153A + * 10041537 8B42 08 MOV EAX,DWORD PTR DS:[EDX+0x8] ; jichi: [edx+0x8] text length + * 1004153A 85C9 TEST ECX,ECX + * 1004153C 75 05 JNZ SHORT RGSS301.10041543 + * 1004153E 83C2 08 ADD EDX,0x8 + * 10041541 EB 03 JMP SHORT RGSS301.10041546 + * 10041543 8B52 0C MOV EDX,DWORD PTR DS:[EDX+0xC] ; jichi: [edx + 0xc] could be the text address + * 10041546 F703 00200000 TEST DWORD PTR DS:[EBX],0x2000 + * 1004154C 8D4B 08 LEA ECX,DWORD PTR DS:[EBX+0x8] + * 1004154F 74 03 JE SHORT RGSS301.10041554 + * 10041551 8B4B 0C MOV ECX,DWORD PTR DS:[EBX+0xC] + * 10041554 50 PUSH EAX + * 10041555 52 PUSH EDX + * 10041556 51 PUSH ECX + * 10041557 E8 E4F21300 CALL RGSS301.10180840 ; jichi: text is in edx + * 1004155C 8B5424 24 MOV EDX,DWORD PTR SS:[ESP+0x24] + * 10041560 8B02 MOV EAX,DWORD PTR DS:[EDX] + * 10041562 8BC8 MOV ECX,EAX + * 10041564 83C4 0C ADD ESP,0xC + * 10041567 81E1 00200000 AND ECX,0x2000 + * 1004156D 75 08 JNZ SHORT RGSS301.10041577 + * + * Stack: + * 00828EB4 1002E5E6 RETURN to RGSS301.1002E5E6 from RGSS301.100414A0 + * 00828EB8 03F13B20 + * 00828EBC 069F42CC + * 00828EC0 00000000 + * 00828EC4 01699298 + * 00828EC8 01699298 + * 00828ECC 03EB41B8 + * 00828ED0 01692A00 + * 00828ED4 06A34548 + * 00828ED8 00000000 + * 00828EDC 00000168 + * 00828EE0 00000280 + * 00828EE4 000001E0 + * 00828EE8 1019150F RETURN to RGSS301.1019150F from RGSS301.1018DF45 + * + * Here's the strncpy-like function for UTF8 strings, which is found using hardware breakpoints + * Parameters: + * - arg1 char *dest + * - arg2 const char *src + * - arg3 size_t size length of src excluding \0 at the end + * + * 1018083A CC INT3 + * 1018083B CC INT3 + * 1018083C CC INT3 + * 1018083D CC INT3 + * 1018083E CC INT3 + * 1018083F CC INT3 + * 10180840 55 PUSH EBP + * 10180841 8BEC MOV EBP,ESP + * 10180843 57 PUSH EDI + * 10180844 56 PUSH ESI + * 10180845 8B75 0C MOV ESI,DWORD PTR SS:[EBP+0xC] + * 10180848 8B4D 10 MOV ECX,DWORD PTR SS:[EBP+0x10] + * 1018084B 8B7D 08 MOV EDI,DWORD PTR SS:[EBP+0x8] + * 1018084E 8BC1 MOV EAX,ECX + * 10180850 8BD1 MOV EDX,ECX + * 10180852 03C6 ADD EAX,ESI + * 10180854 3BFE CMP EDI,ESI + * 10180856 76 08 JBE SHORT RGSS301.10180860 + * 10180858 3BF8 CMP EDI,EAX + * 1018085A 0F82 A4010000 JB RGSS301.10180A04 + * 10180860 81F9 00010000 CMP ECX,0x100 + * 10180866 72 1F JB SHORT RGSS301.10180887 + * 10180868 833D 4CC12A10 00 CMP DWORD PTR DS:[0x102AC14C],0x0 + * 1018086F 74 16 JE SHORT RGSS301.10180887 + * 10180871 57 PUSH EDI + * 10180872 56 PUSH ESI + * 10180873 83E7 0F AND EDI,0xF + * 10180876 83E6 0F AND ESI,0xF + * 10180879 3BFE CMP EDI,ESI + * 1018087B 5E POP ESI + * 1018087C 5F POP EDI + * 1018087D 75 08 JNZ SHORT RGSS301.10180887 + * 1018087F 5E POP ESI + * 10180880 5F POP EDI + * 10180881 5D POP EBP + * 10180882 E9 05F80000 JMP RGSS301.1019008C + * 10180887 F7C7 03000000 TEST EDI,0x3 + * 1018088D 75 15 JNZ SHORT RGSS301.101808A4 + * 1018088F C1E9 02 SHR ECX,0x2 + * 10180892 83E2 03 AND EDX,0x3 + * 10180895 83F9 08 CMP ECX,0x8 + * 10180898 72 2A JB SHORT RGSS301.101808C4 + * 1018089A F3:A5 REP MOVS DWORD PTR ES:[EDI],DWORD PTR DS> + * 1018089C FF2495 B4091810 JMP DWORD PTR DS:[EDX*4+0x101809B4] + * 101808A3 90 NOP + * 101808A4 8BC7 MOV EAX,EDI + * 101808A6 BA 03000000 MOV EDX,0x3 + * 101808AB 83E9 04 SUB ECX,0x4 + * 101808AE 72 0C JB SHORT RGSS301.101808BC + * 101808B0 83E0 03 AND EAX,0x3 + * 101808B3 03C8 ADD ECX,EAX + * 101808B5 FF2485 C8081810 JMP DWORD PTR DS:[EAX*4+0x101808C8] + * 101808BC FF248D C4091810 JMP DWORD PTR DS:[ECX*4+0x101809C4] + * 101808C3 90 NOP + * 101808C4 FF248D 48091810 JMP DWORD PTR DS:[ECX*4+0x10180948] + * 101808CB 90 NOP + * 101808CC D808 FMUL DWORD PTR DS:[EAX] + * 101808CE 1810 SBB BYTE PTR DS:[EAX],DL + * 101808D0 04 09 ADD AL,0x9 + * 101808D2 1810 SBB BYTE PTR DS:[EAX],DL + * 101808D4 2809 SUB BYTE PTR DS:[ECX],CL + * 101808D6 1810 SBB BYTE PTR DS:[EAX],DL + * 101808D8 23D1 AND EDX,ECX + * 101808DA 8A06 MOV AL,BYTE PTR DS:[ESI] + * 101808DC 8807 MOV BYTE PTR DS:[EDI],AL + * 101808DE 8A46 01 MOV AL,BYTE PTR DS:[ESI+0x1] + * 101808E1 8847 01 MOV BYTE PTR DS:[EDI+0x1],AL + * 101808E4 8A46 02 MOV AL,BYTE PTR DS:[ESI+0x2] + * 101808E7 C1E9 02 SHR ECX,0x2 + * 101808EA 8847 02 MOV BYTE PTR DS:[EDI+0x2],AL + * 101808ED 83C6 03 ADD ESI,0x3 + * 101808F0 83C7 03 ADD EDI,0x3 + * 101808F3 83F9 08 CMP ECX,0x8 + * 101808F6 ^72 CC JB SHORT RGSS301.101808C4 + * 101808F8 F3:A5 REP MOVS DWORD PTR ES:[EDI],DWORD PTR DS> + * 101808FA FF2495 B4091810 JMP DWORD PTR DS:[EDX*4+0x101809B4] + * 10180901 8D49 00 LEA ECX,DWORD PTR DS:[ECX] + * 10180904 23D1 AND EDX,ECX + * 10180906 8A06 MOV AL,BYTE PTR DS:[ESI] + * 10180908 8807 MOV BYTE PTR DS:[EDI],AL + * 1018090A 8A46 01 MOV AL,BYTE PTR DS:[ESI+0x1] + * 1018090D C1E9 02 SHR ECX,0x2 + * 10180910 8847 01 MOV BYTE PTR DS:[EDI+0x1],AL + * 10180913 83C6 02 ADD ESI,0x2 + * 10180916 83C7 02 ADD EDI,0x2 + * 10180919 83F9 08 CMP ECX,0x8 + * 1018091C ^72 A6 JB SHORT RGSS301.101808C4 + * 1018091E F3:A5 REP MOVS DWORD PTR ES:[EDI],DWORD PTR DS> + * 10180920 FF2495 B4091810 JMP DWORD PTR DS:[EDX*4+0x101809B4] + * 10180927 90 NOP + * 10180928 23D1 AND EDX,ECX + * 1018092A 8A06 MOV AL,BYTE PTR DS:[ESI] + * 1018092C 8807 MOV BYTE PTR DS:[EDI],AL + * 1018092E 83C6 01 ADD ESI,0x1 + * 10180931 C1E9 02 SHR ECX,0x2 + * 10180934 83C7 01 ADD EDI,0x1 + * 10180937 83F9 08 CMP ECX,0x8 + * 1018093A ^72 88 JB SHORT RGSS301.101808C4 + * 1018093C F3:A5 REP MOVS DWORD PTR ES:[EDI],DWORD PTR DS> + * 1018093E FF2495 B4091810 JMP DWORD PTR DS:[EDX*4+0x101809B4] + * 10180945 8D49 00 LEA ECX,DWORD PTR DS:[ECX] + * 10180948 AB STOS DWORD PTR ES:[EDI] + * 10180949 0918 OR DWORD PTR DS:[EAX],EBX + * 1018094B 1098 09181090 ADC BYTE PTR DS:[EAX+0x90101809],BL + * 10180951 0918 OR DWORD PTR DS:[EAX],EBX + * 10180953 1088 09181080 ADC BYTE PTR DS:[EAX+0x80101809],CL + * 10180959 0918 OR DWORD PTR DS:[EAX],EBX + * 1018095B 1078 09 ADC BYTE PTR DS:[EAX+0x9],BH + * 1018095E 1810 SBB BYTE PTR DS:[EAX],DL + * 10180960 70 09 JO SHORT RGSS301.1018096B + * 10180962 1810 SBB BYTE PTR DS:[EAX],DL + * 10180964 68 0918108B PUSH 0x8B101809 + * 10180969 44 INC ESP + * 1018096A 8EE4 MOV FS,SP ; Modification of segment register + * 1018096C 89448F E4 MOV DWORD PTR DS:[EDI+ECX*4-0x1C],EAX + * 10180970 8B448E E8 MOV EAX,DWORD PTR DS:[ESI+ECX*4-0x18] + * 10180974 89448F E8 MOV DWORD PTR DS:[EDI+ECX*4-0x18],EAX + * 10180978 8B448E EC MOV EAX,DWORD PTR DS:[ESI+ECX*4-0x14] + * 1018097C 89448F EC MOV DWORD PTR DS:[EDI+ECX*4-0x14],EAX + * 10180980 8B448E F0 MOV EAX,DWORD PTR DS:[ESI+ECX*4-0x10] + * 10180984 89448F F0 MOV DWORD PTR DS:[EDI+ECX*4-0x10],EAX + * 10180988 8B448E F4 MOV EAX,DWORD PTR DS:[ESI+ECX*4-0xC] + * 1018098C 89448F F4 MOV DWORD PTR DS:[EDI+ECX*4-0xC],EAX + * 10180990 8B448E F8 MOV EAX,DWORD PTR DS:[ESI+ECX*4-0x8] + * 10180994 89448F F8 MOV DWORD PTR DS:[EDI+ECX*4-0x8],EAX + * 10180998 8B448E FC MOV EAX,DWORD PTR DS:[ESI+ECX*4-0x4] + * 1018099C 89448F FC MOV DWORD PTR DS:[EDI+ECX*4-0x4],EAX + * 101809A0 8D048D 00000000 LEA EAX,DWORD PTR DS:[ECX*4] + * 101809A7 03F0 ADD ESI,EAX + * 101809A9 03F8 ADD EDI,EAX + * 101809AB FF2495 B4091810 JMP DWORD PTR DS:[EDX*4+0x101809B4] + * 101809B2 8BFF MOV EDI,EDI + * 101809B4 C409 LES ECX,FWORD PTR DS:[ECX] ; Modification of segment register + * 101809B6 1810 SBB BYTE PTR DS:[EAX],DL + * 101809B8 CC INT3 + * 101809B9 0918 OR DWORD PTR DS:[EAX],EBX + * 101809BB 10D8 ADC AL,BL + * 101809BD 0918 OR DWORD PTR DS:[EAX],EBX + * 101809BF 10EC ADC AH,CH + * 101809C1 0918 OR DWORD PTR DS:[EAX],EBX + * 101809C3 108B 45085E5F ADC BYTE PTR DS:[EBX+0x5F5E0845],CL + * 101809C9 C9 LEAVE + * 101809CA C3 RETN + * 101809CB 90 NOP + * 101809CC 8A06 MOV AL,BYTE PTR DS:[ESI] + * 101809CE 8807 MOV BYTE PTR DS:[EDI],AL + * 101809D0 8B45 08 MOV EAX,DWORD PTR SS:[EBP+0x8] + * 101809D3 5E POP ESI + * 101809D4 5F POP EDI + * 101809D5 C9 LEAVE + * 101809D6 C3 RETN + * 101809D7 90 NOP + * 101809D8 8A06 MOV AL,BYTE PTR DS:[ESI] + * 101809DA 8807 MOV BYTE PTR DS:[EDI],AL + * 101809DC 8A46 01 MOV AL,BYTE PTR DS:[ESI+0x1] + * 101809DF 8847 01 MOV BYTE PTR DS:[EDI+0x1],AL + * 101809E2 8B45 08 MOV EAX,DWORD PTR SS:[EBP+0x8] + * 101809E5 5E POP ESI + * 101809E6 5F POP EDI + * 101809E7 C9 LEAVE + * 101809E8 C3 RETN + * 101809E9 8D49 00 LEA ECX,DWORD PTR DS:[ECX] + * 101809EC 8A06 MOV AL,BYTE PTR DS:[ESI] + * 101809EE 8807 MOV BYTE PTR DS:[EDI],AL + * 101809F0 8A46 01 MOV AL,BYTE PTR DS:[ESI+0x1] + * 101809F3 8847 01 MOV BYTE PTR DS:[EDI+0x1],AL + * 101809F6 8A46 02 MOV AL,BYTE PTR DS:[ESI+0x2] + * 101809F9 8847 02 MOV BYTE PTR DS:[EDI+0x2],AL + * 101809FC 8B45 08 MOV EAX,DWORD PTR SS:[EBP+0x8] + * 101809FF 5E POP ESI + * 10180A00 5F POP EDI + * 10180A01 C9 LEAVE + * 10180A02 C3 RETN + * 10180A03 90 NOP + * 10180A04 8D7431 FC LEA ESI,DWORD PTR DS:[ECX+ESI-0x4] + * 10180A08 8D7C39 FC LEA EDI,DWORD PTR DS:[ECX+EDI-0x4] + * 10180A0C F7C7 03000000 TEST EDI,0x3 + * 10180A12 75 24 JNZ SHORT RGSS301.10180A38 + * 10180A14 C1E9 02 SHR ECX,0x2 + * 10180A17 83E2 03 AND EDX,0x3 + * 10180A1A 83F9 08 CMP ECX,0x8 + * 10180A1D 72 0D JB SHORT RGSS301.10180A2C + * 10180A1F FD STD + * 10180A20 F3:A5 REP MOVS DWORD PTR ES:[EDI],DWORD PTR DS> + * 10180A22 FC CLD + * 10180A23 FF2495 500B1810 JMP DWORD PTR DS:[EDX*4+0x10180B50] + * 10180A2A 8BFF MOV EDI,EDI + * 10180A2C F7D9 NEG ECX + * 10180A2E FF248D 000B1810 JMP DWORD PTR DS:[ECX*4+0x10180B00] + * 10180A35 8D49 00 LEA ECX,DWORD PTR DS:[ECX] + * 10180A38 8BC7 MOV EAX,EDI + * 10180A3A BA 03000000 MOV EDX,0x3 + * 10180A3F 83F9 04 CMP ECX,0x4 + * 10180A42 72 0C JB SHORT RGSS301.10180A50 + * 10180A44 83E0 03 AND EAX,0x3 + * 10180A47 2BC8 SUB ECX,EAX + * 10180A49 FF2485 540A1810 JMP DWORD PTR DS:[EAX*4+0x10180A54] + * 10180A50 FF248D 500B1810 JMP DWORD PTR DS:[ECX*4+0x10180B50] + * 10180A57 90 NOP + * 10180A58 64:0A18 OR BL,BYTE PTR FS:[EAX] + * 10180A5B 1088 0A1810B0 ADC BYTE PTR DS:[EAX+0xB010180A],CL + * 10180A61 0A18 OR BL,BYTE PTR DS:[EAX] + * 10180A63 108A 460323D1 ADC BYTE PTR DS:[EDX+0xD1230346],CL + * 10180A69 8847 03 MOV BYTE PTR DS:[EDI+0x3],AL + * 10180A6C 83EE 01 SUB ESI,0x1 + * 10180A6F C1E9 02 SHR ECX,0x2 + * 10180A72 83EF 01 SUB EDI,0x1 + * 10180A75 83F9 08 CMP ECX,0x8 + * 10180A78 ^72 B2 JB SHORT RGSS301.10180A2C + * 10180A7A FD STD + * 10180A7B F3:A5 REP MOVS DWORD PTR ES:[EDI],DWORD PTR DS> + * 10180A7D FC CLD + * 10180A7E FF2495 500B1810 JMP DWORD PTR DS:[EDX*4+0x10180B50] + * 10180A85 8D49 00 LEA ECX,DWORD PTR DS:[ECX] + * 10180A88 8A46 03 MOV AL,BYTE PTR DS:[ESI+0x3] + * 10180A8B 23D1 AND EDX,ECX + * 10180A8D 8847 03 MOV BYTE PTR DS:[EDI+0x3],AL + * 10180A90 8A46 02 MOV AL,BYTE PTR DS:[ESI+0x2] + * 10180A93 C1E9 02 SHR ECX,0x2 + * 10180A96 8847 02 MOV BYTE PTR DS:[EDI+0x2],AL + * 10180A99 83EE 02 SUB ESI,0x2 + * 10180A9C 83EF 02 SUB EDI,0x2 + * 10180A9F 83F9 08 CMP ECX,0x8 + * 10180AA2 ^72 88 JB SHORT RGSS301.10180A2C + * 10180AA4 FD STD + * 10180AA5 F3:A5 REP MOVS DWORD PTR ES:[EDI],DWORD PTR DS> + * 10180AA7 FC CLD + * 10180AA8 FF2495 500B1810 JMP DWORD PTR DS:[EDX*4+0x10180B50] + * 10180AAF 90 NOP + * 10180AB0 8A46 03 MOV AL,BYTE PTR DS:[ESI+0x3] + * 10180AB3 23D1 AND EDX,ECX + * 10180AB5 8847 03 MOV BYTE PTR DS:[EDI+0x3],AL + * 10180AB8 8A46 02 MOV AL,BYTE PTR DS:[ESI+0x2] + * 10180ABB 8847 02 MOV BYTE PTR DS:[EDI+0x2],AL + * 10180ABE 8A46 01 MOV AL,BYTE PTR DS:[ESI+0x1] + * 10180AC1 C1E9 02 SHR ECX,0x2 + * 10180AC4 8847 01 MOV BYTE PTR DS:[EDI+0x1],AL + * 10180AC7 83EE 03 SUB ESI,0x3 + * 10180ACA 83EF 03 SUB EDI,0x3 + * 10180ACD 83F9 08 CMP ECX,0x8 + * 10180AD0 ^0F82 56FFFFFF JB RGSS301.10180A2C + * 10180AD6 FD STD + * 10180AD7 F3:A5 REP MOVS DWORD PTR ES:[EDI],DWORD PTR DS> + * 10180AD9 FC CLD + * 10180ADA FF2495 500B1810 JMP DWORD PTR DS:[EDX*4+0x10180B50] + * 10180AE1 8D49 00 LEA ECX,DWORD PTR DS:[ECX] + * 10180AE4 04 0B ADD AL,0xB + * 10180AE6 1810 SBB BYTE PTR DS:[EAX],DL + * 10180AE8 0C 0B OR AL,0xB + * 10180AEA 1810 SBB BYTE PTR DS:[EAX],DL + * 10180AEC 14 0B ADC AL,0xB + * 10180AEE 1810 SBB BYTE PTR DS:[EAX],DL + * 10180AF0 1C 0B SBB AL,0xB + * 10180AF2 1810 SBB BYTE PTR DS:[EAX],DL + * 10180AF4 24 0B AND AL,0xB + * 10180AF6 1810 SBB BYTE PTR DS:[EAX],DL + * 10180AF8 2C 0B SUB AL,0xB + * 10180AFA 1810 SBB BYTE PTR DS:[EAX],DL + * 10180AFC 34 0B XOR AL,0xB + * 10180AFE 1810 SBB BYTE PTR DS:[EAX],DL + * 10180B00 47 INC EDI + * 10180B01 0B18 OR EBX,DWORD PTR DS:[EAX] + * 10180B03 108B 448E1C89 ADC BYTE PTR DS:[EBX+0x891C8E44],CL + * 10180B09 44 INC ESP + * 10180B0A 8F ??? ; Unknown command + * 10180B0B 1C 8B SBB AL,0x8B + * 10180B0D 44 INC ESP + * 10180B0E 8E18 MOV DS,WORD PTR DS:[EAX] ; Modification of segment register + * 10180B10 89448F 18 MOV DWORD PTR DS:[EDI+ECX*4+0x18],EAX + * 10180B14 8B448E 14 MOV EAX,DWORD PTR DS:[ESI+ECX*4+0x14] + * 10180B18 89448F 14 MOV DWORD PTR DS:[EDI+ECX*4+0x14],EAX + * 10180B1C 8B448E 10 MOV EAX,DWORD PTR DS:[ESI+ECX*4+0x10] + * 10180B20 89448F 10 MOV DWORD PTR DS:[EDI+ECX*4+0x10],EAX + * 10180B24 8B448E 0C MOV EAX,DWORD PTR DS:[ESI+ECX*4+0xC] + * 10180B28 89448F 0C MOV DWORD PTR DS:[EDI+ECX*4+0xC],EAX + * 10180B2C 8B448E 08 MOV EAX,DWORD PTR DS:[ESI+ECX*4+0x8] + * 10180B30 89448F 08 MOV DWORD PTR DS:[EDI+ECX*4+0x8],EAX + * 10180B34 8B448E 04 MOV EAX,DWORD PTR DS:[ESI+ECX*4+0x4] + * 10180B38 89448F 04 MOV DWORD PTR DS:[EDI+ECX*4+0x4],EAX + * 10180B3C 8D048D 00000000 LEA EAX,DWORD PTR DS:[ECX*4] + * 10180B43 03F0 ADD ESI,EAX + * 10180B45 03F8 ADD EDI,EAX + * 10180B47 FF2495 500B1810 JMP DWORD PTR DS:[EDX*4+0x10180B50] + * 10180B4E 8BFF MOV EDI,EDI + * 10180B50 60 PUSHAD + * 10180B51 0B18 OR EBX,DWORD PTR DS:[EAX] + * 10180B53 1068 0B ADC BYTE PTR DS:[EAX+0xB],CH + * 10180B56 1810 SBB BYTE PTR DS:[EAX],DL + * 10180B58 78 0B JS SHORT RGSS301.10180B65 + * 10180B5A 1810 SBB BYTE PTR DS:[EAX],DL + * 10180B5C 8C0B MOV WORD PTR DS:[EBX],CS + * 10180B5E 1810 SBB BYTE PTR DS:[EAX],DL + * 10180B60 8B45 08 MOV EAX,DWORD PTR SS:[EBP+0x8] + * 10180B63 5E POP ESI + * 10180B64 5F POP EDI + * 10180B65 C9 LEAVE + * 10180B66 C3 RETN + * 10180B67 90 NOP + * 10180B68 8A46 03 MOV AL,BYTE PTR DS:[ESI+0x3] + * 10180B6B 8847 03 MOV BYTE PTR DS:[EDI+0x3],AL + * 10180B6E 8B45 08 MOV EAX,DWORD PTR SS:[EBP+0x8] + * 10180B71 5E POP ESI + * 10180B72 5F POP EDI + * 10180B73 C9 LEAVE + * 10180B74 C3 RETN + * 10180B75 8D49 00 LEA ECX,DWORD PTR DS:[ECX] + * 10180B78 8A46 03 MOV AL,BYTE PTR DS:[ESI+0x3] + * 10180B7B 8847 03 MOV BYTE PTR DS:[EDI+0x3],AL + * 10180B7E 8A46 02 MOV AL,BYTE PTR DS:[ESI+0x2] + * 10180B81 8847 02 MOV BYTE PTR DS:[EDI+0x2],AL + * 10180B84 8B45 08 MOV EAX,DWORD PTR SS:[EBP+0x8] + * 10180B87 5E POP ESI + * 10180B88 5F POP EDI + * 10180B89 C9 LEAVE + * 10180B8A C3 RETN + * 10180B8B 90 NOP + * 10180B8C 8A46 03 MOV AL,BYTE PTR DS:[ESI+0x3] + * 10180B8F 8847 03 MOV BYTE PTR DS:[EDI+0x3],AL + * 10180B92 8A46 02 MOV AL,BYTE PTR DS:[ESI+0x2] + * 10180B95 8847 02 MOV BYTE PTR DS:[EDI+0x2],AL + * 10180B98 8A46 01 MOV AL,BYTE PTR DS:[ESI+0x1] + * 10180B9B 8847 01 MOV BYTE PTR DS:[EDI+0x1],AL + * 10180B9E 8B45 08 MOV EAX,DWORD PTR SS:[EBP+0x8] + * 10180BA1 5E POP ESI + * 10180BA2 5F POP EDI + * 10180BA3 C9 LEAVE + * 10180BA4 C3 RETN + * 10180BA5 CC INT3 + * 10180BA6 CC INT3 + * 10180BA7 CC INT3 + * 10180BA8 CC INT3 + * 10180BA9 CC INT3 + * 10180BAA CC INT3 + * 10180BAB CC INT3 + */ + namespace Private + { + + // enum { MaxTextSize = 0x1000 }; + // char oldText_[MaxTextSize + 1]; // 1 extra 0 that is always 0 + // size_t oldSize_; + + struct HookArgument + { + LPDWORD type; // 0x0 + LPDWORD unknown; // 0x4 + size_t size; // 0x8 + LPCSTR text; // 0xc, editable though + + bool isValid() const + { + return Engine::isAddressReadable(type) && *type && size && size < 1500 && Engine::isAddressWritable(text, size + 1) && *text && text[size] == 0 && ::strlen(text) == size // validate size + //&& !::strchr(text, '/') + && !all_ascii(text); + } + + // int size() const { return (*type >> 0xe) & 0x1f; } + }; + + inline bool _trims(const wchar_t &ch) + { + return ch <= 127 || std::isspace(ch, std::locale("ja_JP.SJIS")); + } + + std::wstring trim(const std::wstring &text, std::wstring *prefix = nullptr, std::wstring *suffix = nullptr) + { + if (text.empty() || + !_trims(text[0]) && !_trims(text[text.size() - 1])) + return text; + std::wstring ret = text; + if (_trims(ret[0])) + { + int pos = 1; + for (; pos < ret.size() && _trims(ret[pos]); pos++) + ; + if (prefix) + *prefix = ret.substr(0, pos); + ret = ret.substr(pos); + } + if (!ret.empty() && _trims(ret[ret.size() - 1])) + { + int pos = ret.size() - 2; + for (; pos >= 0 && _trims(ret[pos]); pos--) + ; + if (suffix) + *suffix = ret.substr(pos + 1); + ret = ret.substr(0, pos + 1); + } + return ret; + } + + // bool textsContains(const QSet &texts, const QString &text) + //{ + // if (texts.contains(text)) + // return true; + // if (text.contains('\n')) // 0xa, skip translation if any of the part has been translated + // foreach (const QString &it, text.split('\n', QString::SkipEmptyParts)) + // if (texts.contains(it)) + // return true; + // return false; + // } + + int guessTextRole(const std::wstring &text) + { + enum + { + MaxNameSize = 100 + }; + enum : wchar_t + { + w_square_open = 0x3010 /* 【 */ + , + w_square_close = 0x3011 /* 】 */ + }; + if (text.size() > 2 && text.size() < MaxNameSize && text[0] == w_square_open && text[text.size() - 1] == w_square_close) + return Engine::NameRole; + return Engine::ScenarioRole; + } + + std::string data_; + HookArgument *arg_; + LPCSTR oldText_; + size_t oldSize_; + std::unordered_set texts_; + void hookafter2(hook_stack *s, void *data1, size_t len) + { + + enum + { + RecentTextCapacity = 4 + }; + static std::vector recentTexts_; // used to eliminate recent duplicates + + auto arg = (HookArgument *)s->stack[0]; // arg1 + if (arg && arg->isValid()) + { // && (quint8)arg->text[0] > 127) { // skip translate text beginning with ascii character + std::wstring oldText = StringToWideString(std::string(arg->text, arg->size), CP_UTF8).value(), // QString::fromUtf8(arg->text, arg->size), + prefix, + suffix, + trimmedText = trim(oldText, &prefix, &suffix); + + if (!trimmedText.empty() && (texts_.find(trimmedText) == texts_.end())) + { // skip text beginning with ascii character + + // ULONG split = arg->unknown2[0]; // always 2 + // ULONG split = s->stack[0]; // return address + std::wstring newText = std::wstring((wchar_t *)data1, len / 2); + + if (newText != trimmedText) + { + texts_.insert(newText); + texts_.insert(trim(newText)); // in case there are leading/trailing English letters in the translation + + if (!prefix.empty()) + newText.insert(0, prefix); + if (!suffix.empty()) + newText.append(suffix); + + // texts_.insert(newText); + + data_ = WideStringToString(newText, CP_UTF8); // newText.toUtf8(); + + arg_ = arg; + oldSize_ = arg->size; + oldText_ = arg->text; + //::memcpy(oldText_, arg->text, qMin(arg->size + 1, MaxTextSize)); // memcpy also works + + arg->size = data_.size(); + arg->text = data_.c_str(); + } + } + } + } + void hookBefore(hook_stack *s, HookParam *hp, TextBuffer *buffer, uintptr_t *role) + { + + enum + { + RecentTextCapacity = 4 + }; + static std::vector recentTexts_; // used to eliminate recent duplicates + + auto arg = (HookArgument *)s->stack[0]; // arg1 + if (arg && arg->isValid()) + { // && (quint8)arg->text[0] > 127) { // skip translate text beginning with ascii character + std::wstring oldText = StringToWideString(std::string(arg->text, arg->size), CP_UTF8).value(), // QString::fromUtf8(arg->text, arg->size), + prefix, + suffix, + trimmedText = trim(oldText, &prefix, &suffix); + + if (!trimmedText.empty() && (texts_.find(trimmedText) == texts_.end())) + { // skip text beginning with ascii character + + const bool sendAllowed = (std::find(recentTexts_.begin(), recentTexts_.end(), oldText) == recentTexts_.end()); + if (sendAllowed) + { + recentTexts_.push_back(oldText); + if (recentTexts_.size() > RecentTextCapacity) + recentTexts_.erase(recentTexts_.begin()); + } + + // ULONG split = arg->unknown2[0]; // always 2 + // ULONG split = s->stack[0]; // return address + buffer->from(trimmedText); + } + } + } + void hookAfter(hook_stack *stack, HookParam *hp, TextBuffer *buffer, uintptr_t *split) + { + if (arg_) + { + arg_->size = oldSize_; + arg_->text = oldText_; + //::strcpy(arg_->text, oldText_); + arg_ = nullptr; + } + } + } // namespace Private + + bool attach(ULONG startAddress, ULONG stopAddress) // attach scenario + { + const uint8_t bytes[] = { + 0x8b, 0x54, 0x24, 0x24, // 1004155c 8b5424 24 mov edx,dword ptr ss:[esp+0x24] + 0x8b, 0x02, // 10041560 8b02 mov eax,dword ptr ds:[edx] + 0x8b, 0xc8, // 10041562 8bc8 mov ecx,eax + 0x83, 0xc4, 0x0c, // 10041564 83c4 0c add esp,0xc + 0x81, 0xe1, 0x00, 0x20, 0x00, 0x00 // 10041567 81e1 00200000 and ecx,0x2000 + }; + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), startAddress, stopAddress); + if (!addr) + return false; + addr = MemDbg::findEnclosingAlignedFunction(addr); + if (!addr) + return false; + // addr = MemDbg::findPushAddress(addr, startAddress, stopAddress); + // addr = 0x10041557; + // addr = 0x100414a0; + // addr = 0x10056BC0; + // addr = 0x1002e5e1; + addr = MemDbg::findNearCallAddress(addr, startAddress, stopAddress); + if (!addr) + return false; + // return winhook::hook_both(addr, Private::hookBefore, Private::hookAfter); + HookParam hp; + hp.address = addr; + hp.text_fun = Private::hookBefore; + hp.hook_after = Private::hookafter2; + hp.type = USING_STRING | CODEC_UTF16 | EMBED_ABLE | NO_CONTEXT; + hp.hook_font = F_GetGlyphOutlineW; + auto succ = NewHook(hp, "EmbedRGSS3"); + hp.address = addr + 5; + hp.text_fun = Private::hookAfter; + succ |= NewHook(hp, "EmbedRGSS3"); + return succ; + } + } // namespace ScenarioHook + + namespace ChoiceHook + { + + namespace Private + { + + struct HookArgument + { + LPDWORD unknown1, + unknown2, + unknown3; + LPSTR text; // arg2 + 0xc + + bool isValid() const + { + return text && Engine::isAddressReadable(text) && *text && Engine::isAddressWritable(text, ::strlen(text)); + } + + // int size() const { return (*type >> 0xe) & 0x1f; } + }; + + void hookBefore(hook_stack *s, HookParam *hp, TextBuffer *buffer, uintptr_t *role) + { + *role = Engine::OtherRole; + auto arg = (HookArgument *)s->stack[2]; // arg2 + if (arg->isValid()) + { + auto oldText = StringToWideString(std::string(arg->text), CP_UTF8).value(); + auto split = s->stack[0]; // return address + buffer->from(oldText); + // std::wstring newText = EngineController::instance()->dispatchTextWSTD(oldText, role, sig); + // if (newText != oldText) { + // if (newText.size() < oldText.size()) + // ::memset(arg->text, 0, ::strlen(arg->text)); + // ::strcpy(arg->text, WideStringToString(newText, CP_UTF8).c_str());// newText.toUtf8()); + // } + } + } + void hookafter2(hook_stack *s, void *data1, size_t len) + { + { + auto arg = (HookArgument *)s->stack[2]; // arg2 + if (arg->isValid()) + { + auto oldText = StringToWideString(std::string(arg->text), CP_UTF8).value(); + auto split = s->stack[0]; // return address + std::wstring old = oldText; + + std::wstring newText = std::wstring((wchar_t *)data1, len / 2); + if (newText != oldText) + { + if (newText.size() < oldText.size()) + ::memset(arg->text, 0, ::strlen(arg->text)); + ::strcpy(arg->text, WideStringToString(newText, CP_UTF8).c_str()); // newText.toUtf8()); + } + } + } + } // namespace Private + + /** + * Sample game: Mogeko Castle + * + * One of the caller of the three GetGlyphOutlineW + * + * The paint function, where text get lost. Text in [[arg2]+0xc] in UTF8 encoding. + * 1000751D CC INT3 + * 1000751E CC INT3 + * 1000751F CC INT3 + * 10007520 55 PUSH EBP + * 10007521 8BEC MOV EBP,ESP + * 10007523 83EC 28 SUB ESP,0x28 + * 10007526 8B45 08 MOV EAX,DWORD PTR SS:[EBP+0x8] + * 10007529 50 PUSH EAX + * 1000752A E8 51E6FFFF CALL RGSS301.10005B80 + * 1000752F 83C4 04 ADD ESP,0x4 + * 10007532 8945 D8 MOV DWORD PTR SS:[EBP-0x28],EAX + * 10007535 68 08781A10 PUSH RGSS301.101A7808 ; ASCII "font" + * 1000753A 8B4D 08 MOV ECX,DWORD PTR SS:[EBP+0x8] + * 1000753D 51 PUSH ECX + * 1000753E E8 6D0E0600 CALL RGSS301.100683B0 + * 10007543 83C4 08 ADD ESP,0x8 + * 10007546 8945 E4 MOV DWORD PTR SS:[EBP-0x1C],EAX + * 10007549 8B55 E4 MOV EDX,DWORD PTR SS:[EBP-0x1C] + * 1000754C 8B42 10 MOV EAX,DWORD PTR DS:[EDX+0x10] + * 1000754F 8945 F8 MOV DWORD PTR SS:[EBP-0x8],EAX + * 10007552 8B4D 0C MOV ECX,DWORD PTR SS:[EBP+0xC] + * 10007555 51 PUSH ECX + * 10007556 E8 15F90200 CALL RGSS301.10036E70 + * 1000755B 83C4 04 ADD ESP,0x4 + * 1000755E 8945 E0 MOV DWORD PTR SS:[EBP-0x20],EAX + * 10007561 8D55 E0 LEA EDX,DWORD PTR SS:[EBP-0x20] + * 10007564 52 PUSH EDX + * 10007565 E8 36070300 CALL RGSS301.10037CA0 + * 1000756A 83C4 04 ADD ESP,0x4 + * 1000756D 8945 DC MOV DWORD PTR SS:[EBP-0x24],EAX + * 10007570 8B45 D8 MOV EAX,DWORD PTR SS:[EBP-0x28] + * 10007573 8B48 08 MOV ECX,DWORD PTR DS:[EAX+0x8] + * 10007576 E8 651F0100 CALL RGSS301.100194E0 + * 1000757B 8945 F4 MOV DWORD PTR SS:[EBP-0xC],EAX + * 1000757E 83EC 08 SUB ESP,0x8 + * 10007581 D9E8 FLD1 + * 10007583 DD1C24 FSTP QWORD PTR SS:[ESP] + * 10007586 8B4D F4 MOV ECX,DWORD PTR SS:[EBP-0xC] + * 10007589 E8 A2210100 CALL RGSS301.10019730 + * 1000758E 6A 00 PUSH 0x0 + * 10007590 6A 00 PUSH 0x0 + * 10007592 6A 00 PUSH 0x0 + * 10007594 8D4D EC LEA ECX,DWORD PTR SS:[EBP-0x14] + * 10007597 51 PUSH ECX + * 10007598 8B55 DC MOV EDX,DWORD PTR SS:[EBP-0x24] + * 1000759B 52 PUSH EDX + * 1000759C E8 CF500000 CALL RGSS301.1000C670 ; jichi: convert utf8 text in edx to utf16 in eax + * 100075A1 83C4 04 ADD ESP,0x4 + * 100075A4 50 PUSH EAX + * 100075A5 8B45 D8 MOV EAX,DWORD PTR SS:[EBP-0x28] + * 100075A8 8B48 08 MOV ECX,DWORD PTR DS:[EAX+0x8] + * 100075AB E8 A07B0100 CALL RGSS301.1001F150 ; jichi: utf16 text paint here + * 100075B0 E8 7BAB0000 CALL RGSS301.10012130 + * 100075B5 8945 FC MOV DWORD PTR SS:[EBP-0x4],EAX + * 100075B8 8B4D FC MOV ECX,DWORD PTR SS:[EBP-0x4] + * 100075BB 8B51 10 MOV EDX,DWORD PTR DS:[ECX+0x10] + * 100075BE 8955 E8 MOV DWORD PTR SS:[EBP-0x18],EDX + * 100075C1 8B45 E8 MOV EAX,DWORD PTR SS:[EBP-0x18] + * 100075C4 C740 08 00000000 MOV DWORD PTR DS:[EAX+0x8],0x0 + * 100075CB 8B4D E8 MOV ECX,DWORD PTR SS:[EBP-0x18] + * 100075CE C741 0C 00000000 MOV DWORD PTR DS:[ECX+0xC],0x0 + * 100075D5 8B55 E8 MOV EDX,DWORD PTR SS:[EBP-0x18] + * 100075D8 8B45 EC MOV EAX,DWORD PTR SS:[EBP-0x14] + * 100075DB 8942 10 MOV DWORD PTR DS:[EDX+0x10],EAX + * 100075DE 8B4D E8 MOV ECX,DWORD PTR SS:[EBP-0x18] + * 100075E1 8B55 F0 MOV EDX,DWORD PTR SS:[EBP-0x10] + * 100075E4 8951 14 MOV DWORD PTR DS:[ECX+0x14],EDX + * 100075E7 8B45 FC MOV EAX,DWORD PTR SS:[EBP-0x4] + * 100075EA 8BE5 MOV ESP,EBP + * 100075EC 5D POP EBP + * 100075ED C3 RETN + * 100075EE CC INT3 + */ + ULONG functionAddress; // the function address being hooked + bool attach(ULONG startAddress, ULONG stopAddress) // attach other text + { + const uint8_t bytes[] = { + 0x89, 0x45, 0xfc, // 100075b5 8945 fc mov dword ptr ss:[ebp-0x4],eax + 0x8b, 0x4d, 0xfc, // 100075b8 8b4d fc mov ecx,dword ptr ss:[ebp-0x4] + 0x8b, 0x51, 0x10, // 100075bb 8b51 10 mov edx,dword ptr ds:[ecx+0x10] + 0x89, 0x55, 0xe8, // 100075be 8955 e8 mov dword ptr ss:[ebp-0x18],edx + 0x8b, 0x45, 0xe8 // 100075c1 8b45 e8 mov eax,dword ptr ss:[ebp-0x18] + }; + if (ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), startAddress, stopAddress)) + if (addr = MemDbg::findEnclosingAlignedFunction(addr)) + { + HookParam hp; + hp.address = addr; + hp.text_fun = Private::hookBefore; + hp.hook_after = Private::hookafter2; + hp.type = USING_STRING | CODEC_UTF16 | EMBED_ABLE | NO_CONTEXT; + hp.hook_font = F_GetGlyphOutlineW; + + functionAddress = addr; + return NewHook(hp, "EmbedRGSS3Choice"); + } + + return false; + } + + } // namespace ChoiceHook + + } + namespace OtherHook + { + + namespace Private + { + + void hookBefore(hook_stack *s, HookParam *hp, TextBuffer *buffer, uintptr_t *role) + { + { + *role = Engine::OtherRole; + }; + auto retaddr = s->stack[0]; + if (retaddr > ChoiceHook::Private::functionAddress && retaddr - ChoiceHook::Private::functionAddress < 0xff) + return; // skip translate already-hooked function + + auto text = (LPWSTR)s->stack[1]; // arg1 + if (text && *text) + { + std::wstring_view oldText(text); + if (oldText.size() > 1) + { + buffer->from(oldText); + } + } + } + void hookafter2(hook_stack *s, void *data1, size_t len) + { + { + auto retaddr = s->stack[0]; + if (retaddr > ChoiceHook::Private::functionAddress && retaddr - ChoiceHook::Private::functionAddress < 0xff) + return; // skip translate already-hooked function + + auto text = (LPWSTR)s->stack[1]; // arg1 + if (text && *text) + { + std::wstring oldText(text); + if (oldText.size() > 1) + { + + std::wstring newText = std::wstring((wchar_t *)data1, len / 2); + ; + if (newText != oldText) + ::wcscpy(text, (LPCWSTR)newText.c_str()); + } + } + } + } // namespace Private + + /** + * Sample game: Mogeko Castle + * + * There are three GetGlyphIndicesW. + * The caller of the first one is hooked. + * + * The first caller of GetGlyphOutlineW, text in arg1, which is other thread: + * + * 00826D48 10007251 RETURN to RGSS301.10007251 from RGSS301.1001F150 + * 00826D4C 00826D9C ; jichi: text here + * 00826D50 00828DC8 ASCII "H?" + * 00826D54 00000001 + * 00826D58 00000001 + * 00826D5C 00828DEC + * 00826D60 40000000 + * 00826D64 008283A8 + * 00826D68 1018DF60 RGSS301.1018DF60 + * + * 1001F14B CC INT3 + * 1001F14C CC INT3 + * 1001F14D CC INT3 + * 1001F14E CC INT3 + * 1001F14F CC INT3 + * 1001F150 55 PUSH EBP + * 1001F151 8BEC MOV EBP,ESP + * 1001F153 81EC 88000000 SUB ESP,0x88 + * 1001F159 894D 8C MOV DWORD PTR SS:[EBP-0x74],ECX + * 1001F15C 837D 18 00 CMP DWORD PTR SS:[EBP+0x18],0x0 + * 1001F160 74 09 JE SHORT RGSS301.1001F16B + * 1001F162 8B45 18 MOV EAX,DWORD PTR SS:[EBP+0x18] + * 1001F165 C700 01000000 MOV DWORD PTR DS:[EAX],0x1 + * 1001F16B 8B4D 8C MOV ECX,DWORD PTR SS:[EBP-0x74] + * 1001F16E E8 6DA3FFFF CALL RGSS301.100194E0 + * 1001F173 85C0 TEST EAX,EAX + * 1001F175 75 07 JNZ SHORT RGSS301.1001F17E + * 1001F177 33C0 XOR EAX,EAX + * 1001F179 E9 D1010000 JMP RGSS301.1001F34F + * 1001F17E 8B4D 8C MOV ECX,DWORD PTR SS:[EBP-0x74] + * 1001F181 E8 5AA3FFFF CALL RGSS301.100194E0 + * 1001F186 8BC8 MOV ECX,EAX + * 1001F188 E8 D3A6FFFF CALL RGSS301.10019860 + * 1001F18D 8945 FC MOV DWORD PTR SS:[EBP-0x4],EAX + * 1001F190 837D FC 00 CMP DWORD PTR SS:[EBP-0x4],0x0 + * 1001F194 75 07 JNZ SHORT RGSS301.1001F19D + * 1001F196 33C0 XOR EAX,EAX + * 1001F198 E9 B2010000 JMP RGSS301.1001F34F + * 1001F19D 8D4D BC LEA ECX,DWORD PTR SS:[EBP-0x44] + * 1001F1A0 51 PUSH ECX + * 1001F1A1 8B55 FC MOV EDX,DWORD PTR SS:[EBP-0x4] + * 1001F1A4 52 PUSH EDX + * 1001F1A5 FF15 3C201A10 CALL DWORD PTR DS:[0x101A203C] ; gdi32.GetTextMetricsW + * 1001F1AB 8B45 0C MOV EAX,DWORD PTR SS:[EBP+0xC] + * 1001F1AE C700 00000000 MOV DWORD PTR DS:[EAX],0x0 + * 1001F1B4 8B4D 0C MOV ECX,DWORD PTR SS:[EBP+0xC] + * 1001F1B7 C741 04 00000000 MOV DWORD PTR DS:[ECX+0x4],0x0 + * 1001F1BE 33D2 XOR EDX,EDX + * 1001F1C0 66:8955 AC MOV WORD PTR SS:[EBP-0x54],DX + * 1001F1C4 B8 01000000 MOV EAX,0x1 + * 1001F1C9 66:8945 AE MOV WORD PTR SS:[EBP-0x52],AX + * 1001F1CD 33C9 XOR ECX,ECX + * 1001F1CF 66:894D B0 MOV WORD PTR SS:[EBP-0x50],CX + * 1001F1D3 33D2 XOR EDX,EDX + * 1001F1D5 66:8955 B2 MOV WORD PTR SS:[EBP-0x4E],DX + * 1001F1D9 33C0 XOR EAX,EAX + * 1001F1DB 66:8945 B4 MOV WORD PTR SS:[EBP-0x4C],AX + * 1001F1DF 33C9 XOR ECX,ECX + * 1001F1E1 66:894D B6 MOV WORD PTR SS:[EBP-0x4A],CX + * 1001F1E5 33D2 XOR EDX,EDX + * 1001F1E7 66:8955 B8 MOV WORD PTR SS:[EBP-0x48],DX + * 1001F1EB B8 01000000 MOV EAX,0x1 + * 1001F1F0 66:8945 BA MOV WORD PTR SS:[EBP-0x46],AX + * 1001F1F4 8B4D 08 MOV ECX,DWORD PTR SS:[EBP+0x8] + * 1001F1F7 894D 88 MOV DWORD PTR SS:[EBP-0x78],ECX + * 1001F1FA 8B55 88 MOV EDX,DWORD PTR SS:[EBP-0x78] + * 1001F1FD 83C2 02 ADD EDX,0x2 + * 1001F200 8955 84 MOV DWORD PTR SS:[EBP-0x7C],EDX + * 1001F203 8B45 88 MOV EAX,DWORD PTR SS:[EBP-0x78] + * 1001F206 66:8B08 MOV CX,WORD PTR DS:[EAX] + * 1001F209 66:894D 82 MOV WORD PTR SS:[EBP-0x7E],CX + * 1001F20D 8345 88 02 ADD DWORD PTR SS:[EBP-0x78],0x2 + * 1001F211 66:837D 82 00 CMP WORD PTR SS:[EBP-0x7E],0x0 + * 1001F216 ^75 EB JNZ SHORT RGSS301.1001F203 + * 1001F218 8B55 88 MOV EDX,DWORD PTR SS:[EBP-0x78] + * 1001F21B 2B55 84 SUB EDX,DWORD PTR SS:[EBP-0x7C] + * 1001F21E D1FA SAR EDX,1 + * 1001F220 8995 7CFFFFFF MOV DWORD PTR SS:[EBP-0x84],EDX + * 1001F226 8B85 7CFFFFFF MOV EAX,DWORD PTR SS:[EBP-0x84] + * 1001F22C 8945 F8 MOV DWORD PTR SS:[EBP-0x8],EAX + * 1001F22F C745 A8 00000000 MOV DWORD PTR SS:[EBP-0x58],0x0 + * 1001F236 EB 09 JMP SHORT RGSS301.1001F241 + * 1001F238 8B4D A8 MOV ECX,DWORD PTR SS:[EBP-0x58] + * 1001F23B 83C1 01 ADD ECX,0x1 + * 1001F23E 894D A8 MOV DWORD PTR SS:[EBP-0x58],ECX + * 1001F241 8B55 A8 MOV EDX,DWORD PTR SS:[EBP-0x58] + * 1001F244 3B55 F8 CMP EDX,DWORD PTR SS:[EBP-0x8] + * 1001F247 0F8D C2000000 JGE RGSS301.1001F30F + * 1001F24D 8D45 AC LEA EAX,DWORD PTR SS:[EBP-0x54] + * 1001F250 50 PUSH EAX + * 1001F251 6A 00 PUSH 0x0 + * 1001F253 6A 00 PUSH 0x0 + * 1001F255 8D4D 90 LEA ECX,DWORD PTR SS:[EBP-0x70] + * 1001F258 51 PUSH ECX + * 1001F259 6A 06 PUSH 0x6 + * 1001F25B 8B55 A8 MOV EDX,DWORD PTR SS:[EBP-0x58] + * 1001F25E 8B45 08 MOV EAX,DWORD PTR SS:[EBP+0x8] + * 1001F261 0FB70C50 MOVZX ECX,WORD PTR DS:[EAX+EDX*2] + * 1001F265 51 PUSH ECX + * 1001F266 8B55 FC MOV EDX,DWORD PTR SS:[EBP-0x4] + * 1001F269 52 PUSH EDX + * 1001F26A FF15 30201A10 CALL DWORD PTR DS:[0x101A2030] ; gdi32.GetGlyphOutlineW + * 1001F270 8945 A4 MOV DWORD PTR SS:[EBP-0x5C],EAX + * 1001F273 837D 18 00 CMP DWORD PTR SS:[EBP+0x18],0x0 + * 1001F277 74 12 JE SHORT RGSS301.1001F28B + * 1001F279 8B45 18 MOV EAX,DWORD PTR SS:[EBP+0x18] + * 1001F27C 8B4D A4 MOV ECX,DWORD PTR SS:[EBP-0x5C] + * 1001F27F 3B08 CMP ECX,DWORD PTR DS:[EAX] + * 1001F281 76 08 JBE SHORT RGSS301.1001F28B + * 1001F283 8B55 18 MOV EDX,DWORD PTR SS:[EBP+0x18] + * 1001F286 8B45 A4 MOV EAX,DWORD PTR SS:[EBP-0x5C] + * 1001F289 8902 MOV DWORD PTR DS:[EDX],EAX + * 1001F28B 8B4D 0C MOV ECX,DWORD PTR SS:[EBP+0xC] + * 1001F28E 8B11 MOV EDX,DWORD PTR DS:[ECX] + * 1001F290 0355 98 ADD EDX,DWORD PTR SS:[EBP-0x68] + * 1001F293 79 0A JNS SHORT RGSS301.1001F29F + * + * Caller of the other two GetGlyphOutlineW, where text is in arg5. + * + * 00826D34 100074F7 RETURN to RGSS301.100074F7 from RGSS301.1001F360 + * 00826D38 00000088 + * 00826D3C 000000E8 + * 00826D40 00000058 + * 00826D44 00000018 + * 00826D48 00826D9C ; jichi: text here + * 00826D4C FFFFFFFF + * 00826D50 80000000 + * 00826D54 00000001 + * 00826D58 00000000 + * 00826D5C 00000140 + * 00826D60 000000C0 + * 00826D64 008283A8 + * 00826D68 1018DF60 RGSS301.1018DF60 + * + * 1001F35C CC INT3 + * 1001F35D CC INT3 + * 1001F35E CC INT3 + * 1001F35F CC INT3 + * 1001F360 55 PUSH EBP + * 1001F361 8BEC MOV EBP,ESP + * 1001F363 81EC 4C010000 SUB ESP,0x14C + * 1001F369 898D C4FEFFFF MOV DWORD PTR SS:[EBP-0x13C],ECX + * 1001F36F 8B8D C4FEFFFF MOV ECX,DWORD PTR SS:[EBP-0x13C] + * 1001F375 E8 66A1FFFF CALL RGSS301.100194E0 + * 1001F37A 85C0 TEST EAX,EAX + * 1001F37C 75 07 JNZ SHORT RGSS301.1001F385 + * 1001F37E 33C0 XOR EAX,EAX + * 1001F380 E9 12060000 JMP RGSS301.1001F997 + * 1001F385 8B8D C4FEFFFF MOV ECX,DWORD PTR SS:[EBP-0x13C] + * 1001F38B E8 50A1FFFF CALL RGSS301.100194E0 + * 1001F390 8BC8 MOV ECX,EAX + * 1001F392 E8 C9A4FFFF CALL RGSS301.10019860 + * 1001F397 8945 F8 MOV DWORD PTR SS:[EBP-0x8],EAX + * 1001F39A 837D F8 00 CMP DWORD PTR SS:[EBP-0x8],0x0 + * 1001F39E 75 07 JNZ SHORT RGSS301.1001F3A7 + * 1001F3A0 33C0 XOR EAX,EAX + * 1001F3A2 E9 F0050000 JMP RGSS301.1001F997 + * 1001F3A7 8D45 A0 LEA EAX,DWORD PTR SS:[EBP-0x60] + * 1001F3AA 50 PUSH EAX + * 1001F3AB 8B4D F8 MOV ECX,DWORD PTR SS:[EBP-0x8] + * 1001F3AE 51 PUSH ECX + * 1001F3AF FF15 3C201A10 CALL DWORD PTR DS:[0x101A203C] ; gdi32.GetTextMetricsW + * 1001F3B5 837D 2C 00 CMP DWORD PTR SS:[EBP+0x2C],0x0 + * 1001F3B9 77 4C JA SHORT RGSS301.1001F407 + * 1001F3BB 8D55 2C LEA EDX,DWORD PTR SS:[EBP+0x2C] + * 1001F3BE 52 PUSH EDX + * 1001F3BF 8B45 24 MOV EAX,DWORD PTR SS:[EBP+0x24] + * 1001F3C2 50 PUSH EAX + * 1001F3C3 6A 01 PUSH 0x1 + * 1001F3C5 8D8D 3CFFFFFF LEA ECX,DWORD PTR SS:[EBP-0xC4] + * 1001F3CB 51 PUSH ECX + * 1001F3CC 8B55 18 MOV EDX,DWORD PTR SS:[EBP+0x18] + * 1001F3CF 52 PUSH EDX + * 1001F3D0 8B8D C4FEFFFF MOV ECX,DWORD PTR SS:[EBP-0x13C] + * 1001F3D6 E8 75FDFFFF CALL RGSS301.1001F150 + * 1001F3DB 83BD 3CFFFFFF 00 CMP DWORD PTR SS:[EBP-0xC4],0x0 + * 1001F3E2 74 09 JE SHORT RGSS301.1001F3ED + * 1001F3E4 83BD 40FFFFFF 00 CMP DWORD PTR SS:[EBP-0xC0],0x0 + * 1001F3EB 75 0A JNZ SHORT RGSS301.1001F3F7 + * 1001F3ED B8 01000000 MOV EAX,0x1 + * 1001F3F2 E9 A0050000 JMP RGSS301.1001F997 + * 1001F3F7 837D 2C 00 CMP DWORD PTR SS:[EBP+0x2C],0x0 + * 1001F3FB 77 0A JA SHORT RGSS301.1001F407 + * 1001F3FD B8 01000000 MOV EAX,0x1 + * 1001F402 E9 90050000 JMP RGSS301.1001F997 + * 1001F407 8B45 0C MOV EAX,DWORD PTR SS:[EBP+0xC] + * 1001F40A 8985 58FFFFFF MOV DWORD PTR SS:[EBP-0xA8],EAX + * 1001F410 8B4D 08 MOV ECX,DWORD PTR SS:[EBP+0x8] + * 1001F413 898D 54FFFFFF MOV DWORD PTR SS:[EBP-0xAC],ECX + * 1001F419 8B95 54FFFFFF MOV EDX,DWORD PTR SS:[EBP-0xAC] + * 1001F41F 0355 10 ADD EDX,DWORD PTR SS:[EBP+0x10] + * 1001F422 8995 5CFFFFFF MOV DWORD PTR SS:[EBP-0xA4],EDX + * 1001F428 8B85 58FFFFFF MOV EAX,DWORD PTR SS:[EBP-0xA8] + * 1001F42E 0345 14 ADD EAX,DWORD PTR SS:[EBP+0x14] + * 1001F431 8985 60FFFFFF MOV DWORD PTR SS:[EBP-0xA0],EAX + * 1001F437 C745 E0 00000000 MOV DWORD PTR SS:[EBP-0x20],0x0 + * 1001F43E C745 DC 00000000 MOV DWORD PTR SS:[EBP-0x24],0x0 + * 1001F445 8B4D 10 MOV ECX,DWORD PTR SS:[EBP+0x10] + * 1001F448 894D E4 MOV DWORD PTR SS:[EBP-0x1C],ECX + * 1001F44B 8B55 14 MOV EDX,DWORD PTR SS:[EBP+0x14] + * 1001F44E 8955 E8 MOV DWORD PTR SS:[EBP-0x18],EDX + * 1001F451 837D 24 00 CMP DWORD PTR SS:[EBP+0x24],0x0 + * 1001F455 74 1F JE SHORT RGSS301.1001F476 + * 1001F457 6A FF PUSH -0x1 + * 1001F459 6A FF PUSH -0x1 + * 1001F45B 8D85 54FFFFFF LEA EAX,DWORD PTR SS:[EBP-0xAC] + * 1001F461 50 PUSH EAX + * 1001F462 FF15 E8231A10 CALL DWORD PTR DS:[0x101A23E8] ; user32.InflateRect + * 1001F468 6A FF PUSH -0x1 + * 1001F46A 6A FF PUSH -0x1 + * 1001F46C 8D4D DC LEA ECX,DWORD PTR SS:[EBP-0x24] + * 1001F46F 51 PUSH ECX + * 1001F470 FF15 E8231A10 CALL DWORD PTR DS:[0x101A23E8] ; user32.InflateRect + * 1001F476 68 E0010000 PUSH 0x1E0 + * 1001F47B 68 80020000 PUSH 0x280 + * 1001F480 E8 DBFF0E00 CALL RGSS301.1010F460 + * 1001F485 8BC8 MOV ECX,EAX + * 1001F487 E8 54010F00 CALL RGSS301.1010F5E0 + * 1001F48C 8945 F0 MOV DWORD PTR SS:[EBP-0x10],EAX + * 1001F48F 837D F0 00 CMP DWORD PTR SS:[EBP-0x10],0x0 + * 1001F493 75 07 JNZ SHORT RGSS301.1001F49C + * 1001F495 33C0 XOR EAX,EAX + * 1001F497 E9 FB040000 JMP RGSS301.1001F997 + * 1001F49C 6A 00 PUSH 0x0 + * 1001F49E 8D55 DC LEA EDX,DWORD PTR SS:[EBP-0x24] + * 1001F4A1 52 PUSH EDX + * 1001F4A2 8B4D F0 MOV ECX,DWORD PTR SS:[EBP-0x10] + * 1001F4A5 E8 A6CF0E00 CALL RGSS301.1010C450 + * 1001F4AA 8B45 18 MOV EAX,DWORD PTR SS:[EBP+0x18] + * 1001F4AD 8985 C0FEFFFF MOV DWORD PTR SS:[EBP-0x140],EAX + * 1001F4B3 8B8D C0FEFFFF MOV ECX,DWORD PTR SS:[EBP-0x140] + * 1001F4B9 83C1 02 ADD ECX,0x2 + * 1001F4BC 898D BCFEFFFF MOV DWORD PTR SS:[EBP-0x144],ECX + * 1001F4C2 8B95 C0FEFFFF MOV EDX,DWORD PTR SS:[EBP-0x140] + * 1001F4C8 66:8B02 MOV AX,WORD PTR DS:[EDX] + * 1001F4CB 66:8985 BAFEFFFF MOV WORD PTR SS:[EBP-0x146],AX + * 1001F4D2 8385 C0FEFFFF 02 ADD DWORD PTR SS:[EBP-0x140],0x2 + * 1001F4D9 66:83BD BAFEFFFF>CMP WORD PTR SS:[EBP-0x146],0x0 + * 1001F4E1 ^75 DF JNZ SHORT RGSS301.1001F4C2 + * 1001F4E3 8B8D C0FEFFFF MOV ECX,DWORD PTR SS:[EBP-0x140] + * 1001F4E9 2B8D BCFEFFFF SUB ECX,DWORD PTR SS:[EBP-0x144] + * 1001F4EF D1F9 SAR ECX,1 + * 1001F4F1 898D B4FEFFFF MOV DWORD PTR SS:[EBP-0x14C],ECX + * 1001F4F7 8B95 B4FEFFFF MOV EDX,DWORD PTR SS:[EBP-0x14C] + * 1001F4FD 8955 EC MOV DWORD PTR SS:[EBP-0x14],EDX + * 1001F500 C745 F4 00000000 MOV DWORD PTR SS:[EBP-0xC],0x0 + * 1001F507 33C0 XOR EAX,EAX + * 1001F509 66:8985 44FFFFFF MOV WORD PTR SS:[EBP-0xBC],AX + * 1001F510 B9 01000000 MOV ECX,0x1 + * 1001F515 66:898D 46FFFFFF MOV WORD PTR SS:[EBP-0xBA],CX + * 1001F51C 33D2 XOR EDX,EDX + * 1001F51E 66:8995 48FFFFFF MOV WORD PTR SS:[EBP-0xB8],DX + * 1001F525 33C0 XOR EAX,EAX + * 1001F527 66:8985 4AFFFFFF MOV WORD PTR SS:[EBP-0xB6],AX + * 1001F52E 33C9 XOR ECX,ECX + * 1001F530 66:898D 4CFFFFFF MOV WORD PTR SS:[EBP-0xB4],CX + * 1001F537 33D2 XOR EDX,EDX + * 1001F539 66:8995 4EFFFFFF MOV WORD PTR SS:[EBP-0xB2],DX + * 1001F540 33C0 XOR EAX,EAX + * 1001F542 66:8985 50FFFFFF MOV WORD PTR SS:[EBP-0xB0],AX + * 1001F549 B9 01000000 MOV ECX,0x1 + * 1001F54E 66:898D 52FFFFFF MOV WORD PTR SS:[EBP-0xAE],CX + * 1001F555 8B55 2C MOV EDX,DWORD PTR SS:[EBP+0x2C] + * 1001F558 52 PUSH EDX + * 1001F559 E8 0EF31500 CALL RGSS301.1017E86C + * 1001F55E 83C4 04 ADD ESP,0x4 + * 1001F561 8985 D0FEFFFF MOV DWORD PTR SS:[EBP-0x130],EAX + * 1001F567 8B85 D0FEFFFF MOV EAX,DWORD PTR SS:[EBP-0x130] + * 1001F56D 8985 64FFFFFF MOV DWORD PTR SS:[EBP-0x9C],EAX + * 1001F573 C785 38FFFFFF 00>MOV DWORD PTR SS:[EBP-0xC8],0x0 + * 1001F57D EB 0F JMP SHORT RGSS301.1001F58E + * 1001F57F 8B8D 38FFFFFF MOV ECX,DWORD PTR SS:[EBP-0xC8] + * 1001F585 83C1 01 ADD ECX,0x1 + * 1001F588 898D 38FFFFFF MOV DWORD PTR SS:[EBP-0xC8],ECX + * 1001F58E 8B95 38FFFFFF MOV EDX,DWORD PTR SS:[EBP-0xC8] + * 1001F594 3B55 EC CMP EDX,DWORD PTR SS:[EBP-0x14] + * 1001F597 0F8D E6010000 JGE RGSS301.1001F783 + * 1001F59D 8B45 2C MOV EAX,DWORD PTR SS:[EBP+0x2C] + * 1001F5A0 50 PUSH EAX + * 1001F5A1 6A 00 PUSH 0x0 + * 1001F5A3 8B8D 64FFFFFF MOV ECX,DWORD PTR SS:[EBP-0x9C] + * 1001F5A9 51 PUSH ECX + * 1001F5AA E8 E1FC1500 CALL RGSS301.1017F290 + * 1001F5AF 83C4 0C ADD ESP,0xC + * 1001F5B2 8D95 44FFFFFF LEA EDX,DWORD PTR SS:[EBP-0xBC] + * 1001F5B8 52 PUSH EDX + * 1001F5B9 6A 00 PUSH 0x0 + * 1001F5BB 6A 00 PUSH 0x0 + * 1001F5BD 8D85 08FFFFFF LEA EAX,DWORD PTR SS:[EBP-0xF8] + * 1001F5C3 50 PUSH EAX + * 1001F5C4 6A 00 PUSH 0x0 + * 1001F5C6 8B8D 38FFFFFF MOV ECX,DWORD PTR SS:[EBP-0xC8] + * 1001F5CC 8B55 18 MOV EDX,DWORD PTR SS:[EBP+0x18] + * 1001F5CF 0FB7044A MOVZX EAX,WORD PTR DS:[EDX+ECX*2] + * 1001F5D3 50 PUSH EAX + * 1001F5D4 8B4D F8 MOV ECX,DWORD PTR SS:[EBP-0x8] + * 1001F5D7 51 PUSH ECX + * 1001F5D8 FF15 30201A10 CALL DWORD PTR DS:[0x101A2030] ; gdi32.GetGlyphOutlineW + * 1001F5DE 8D95 44FFFFFF LEA EDX,DWORD PTR SS:[EBP-0xBC] + * 1001F5E4 52 PUSH EDX + * 1001F5E5 8B85 64FFFFFF MOV EAX,DWORD PTR SS:[EBP-0x9C] + * 1001F5EB 50 PUSH EAX + * 1001F5EC 8B4D 2C MOV ECX,DWORD PTR SS:[EBP+0x2C] + * 1001F5EF 51 PUSH ECX + * 1001F5F0 8D95 08FFFFFF LEA EDX,DWORD PTR SS:[EBP-0xF8] + * 1001F5F6 52 PUSH EDX + * 1001F5F7 6A 06 PUSH 0x6 + * 1001F5F9 8B85 38FFFFFF MOV EAX,DWORD PTR SS:[EBP-0xC8] + * 1001F5FF 8B4D 18 MOV ECX,DWORD PTR SS:[EBP+0x18] + * 1001F602 0FB71441 MOVZX EDX,WORD PTR DS:[ECX+EAX*2] + * 1001F606 52 PUSH EDX + * 1001F607 8B45 F8 MOV EAX,DWORD PTR SS:[EBP-0x8] + * 1001F60A 50 PUSH EAX + * 1001F60B FF15 30201A10 CALL DWORD PTR DS:[0x101A2030] ; gdi32.GetGlyphOutlineW + * 1001F611 8B4D F4 MOV ECX,DWORD PTR SS:[EBP-0xC] + * 1001F614 038D 10FFFFFF ADD ECX,DWORD PTR SS:[EBP-0xF0] + * 1001F61A 79 0B JNS SHORT RGSS301.1001F627 + * 1001F61C 8B95 10FFFFFF MOV EDX,DWORD PTR SS:[EBP-0xF0] + * 1001F622 F7DA NEG EDX + * 1001F624 8955 F4 MOV DWORD PTR SS:[EBP-0xC],EDX + * 1001F627 8B85 08FFFFFF MOV EAX,DWORD PTR SS:[EBP-0xF8] + * 1001F62D 8985 28FFFFFF MOV DWORD PTR SS:[EBP-0xD8],EAX + * + * Additionally, text to paint is converted here from UTF-8 to UTF-16: + * 1000C62D CC INT3 + * 1000C62E CC INT3 + * 1000C62F CC INT3 + * 1000C630 55 PUSH EBP + * 1000C631 8BEC MOV EBP,ESP + * 1000C633 8B45 10 MOV EAX,DWORD PTR SS:[EBP+0x10] + * 1000C636 D1E0 SHL EAX,1 + * 1000C638 50 PUSH EAX + * 1000C639 6A 00 PUSH 0x0 + * 1000C63B 8B4D 0C MOV ECX,DWORD PTR SS:[EBP+0xC] + * 1000C63E 51 PUSH ECX + * 1000C63F E8 4C2C1700 CALL RGSS301.1017F290 + * 1000C644 83C4 0C ADD ESP,0xC + * 1000C647 8B55 10 MOV EDX,DWORD PTR SS:[EBP+0x10] + * 1000C64A 52 PUSH EDX + * 1000C64B 8B45 0C MOV EAX,DWORD PTR SS:[EBP+0xC] + * 1000C64E 50 PUSH EAX + * 1000C64F 6A FF PUSH -0x1 + * 1000C651 8B4D 08 MOV ECX,DWORD PTR SS:[EBP+0x8] + * 1000C654 51 PUSH ECX + * 1000C655 6A 00 PUSH 0x0 + * 1000C657 68 E9FD0000 PUSH 0xFDE9 + * 1000C65C FF15 38221A10 CALL DWORD PTR DS:[0x101A2238] ; kernel32.MultiByteToWideChar + * 1000C662 5D POP EBP + * 1000C663 C3 RETN + * 1000C664 CC INT3 + * 1000C665 CC INT3 + * 1000C666 CC INT3 + * 1000C667 CC INT3 + * 1000C668 CC INT3 + * 1000C669 CC INT3 + * 1000C66A CC INT3 + * 1000C66B CC INT3 + * 1000C66C CC INT3 + * 1000C66D CC INT3 + * 1000C66E CC INT3 + * 1000C66F CC INT3 + * 1000C670 55 PUSH EBP + * 1000C671 8BEC MOV EBP,ESP + * 1000C673 68 00100000 PUSH 0x1000 + * 1000C678 68 68302610 PUSH RGSS301.10263068 + * 1000C67D 8B45 08 MOV EAX,DWORD PTR SS:[EBP+0x8] + * 1000C680 50 PUSH EAX + * 1000C681 E8 AAFFFFFF CALL RGSS301.1000C630 + * 1000C686 83C4 0C ADD ESP,0xC + * 1000C689 33C9 XOR ECX,ECX + * 1000C68B 66:890D 66502610 MOV WORD PTR DS:[0x10265066],CX + * 1000C692 B8 68302610 MOV EAX,RGSS301.10263068 + * 1000C697 5D POP EBP + * 1000C698 C3 RETN + * 1000C699 CC INT3 + * 1000C69A CC INT3 + * 1000C69B CC INT3 + * 1000C69C CC INT3 + * 1000C69D CC INT3 + */ + ULONG functionAddress; // the beginning of the function being hooked + bool attach(ULONG startAddress, ULONG stopAddress) // attach other text + { + ULONG addr = MemDbg::findCallerAddressAfterInt3((ULONG)::GetGlyphOutlineW, startAddress, stopAddress); + if (addr == 0) + return 0; + HookParam hp; + hp.address = addr; + hp.text_fun = Private::hookBefore; + hp.hook_after = Private::hookafter2; + hp.type = USING_STRING | CODEC_UTF16 | EMBED_ABLE | NO_CONTEXT; + hp.hook_font = F_GetGlyphOutlineW; + + return NewHook(hp, "EmbedRGSS3Other"); + } + } + } // namespace OtherHook + + } // namespace RGSS3Hook + +#if 0 + +/** + * Sample game: Mogeko Castle with RGSS 3.01 + * 0x10036758: LOAD + * 0x1004155c: DATA + * + * Text accessed character by character + * 0x10036463: LOAD character by character + * + * 0x100378ed: $100 + * 0x100378ed: キャンセル + * + * 0x10038a44: 駅のホーム + */ +namespace DebugHook { + +bool beforeStrcpy(winhook::hook_stack *s) +{ + auto arg = (LPCSTR)s->stack[1]; // arg1 + auto sig = s->stack[0]; // retaddr + //enum { role = Engine::OtherRole }; + //if (!::strstr(arg, "\xe3\x82\xaa\xe3\x83\xac\xe3\x83\xb3\xe7\x97\x94")) + // return true; + QString text = QString::fromUtf16((LPCWSTR)arg); + //QString text = QString::fromUtf8((LPCSTR)arg, s->stack[3]); + //if (!text.isEmpty() && text[0].unicode() >= 128 && text.size() == 5) + //if (!text.isEmpty() && sig == 0x100378ed) + EngineController::instance()->dispatchTextW(text, role, sig); + return true; +} + +bool attach() +{ + //ULONG addr = 0x10180840; + ULONG addr = 0x1001f150; + winhook::hook_before(addr, beforeStrcpy); + return true; +} + +} // namespace DebugHook + +#endif // 0 + +} // unnamed namespace + +bool RPGMakerRGSS3::attach_function() +{ + ULONG startAddress, stopAddress; + if (!RGSS3::getMemoryRange(&startAddress, &stopAddress)) + return false; + + if (!RGSS3::ScenarioHook::attach(startAddress, stopAddress)) + return false; + RGSS3::ChoiceHook::Private::attach(startAddress, stopAddress); + RGSS3::OtherHook::Private::attach(startAddress, stopAddress); + + return true; +} +bool RPGMakerRGSS300::attach_function() +{ + trigger_fun = [](LPVOID addr1, hook_stack *stack) + { + if (addr1 != GetGlyphOutlineW) + return false; + auto addr = stack->retaddr; + addr = MemDbg::findEnclosingAlignedFunction(addr); + if (addr == 0) + return false; + HookParam hp; + hp.address = addr; + hp.type = USING_STRING | CODEC_UTF16; + hp.offset = get_stack(1); + NewHook(hp, "RGSS30x.dll"); + return true; + }; + return GetModuleHandle(L"RGSS300.dll") || GetModuleHandle(L"RGSS301.dll"); +} \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine32/RPGMakerRGSS3.h b/cpp/LunaHook/LunaHook/engine32/RPGMakerRGSS3.h new file mode 100644 index 00000000..0b8b2319 --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/RPGMakerRGSS3.h @@ -0,0 +1,26 @@ + + +class RPGMakerRGSS3 : public ENGINE +{ +public: + RPGMakerRGSS3() + { + + check_by = CHECK_BY::FILE_ALL; + check_by_target = check_by_list{L"*.rgss3a", L"System/RGSS3*.dll"}; + is_engine_certain = false; + }; + bool attach_function(); +}; + +class RPGMakerRGSS300 : public ENGINE +{ +public: + RPGMakerRGSS300() + { + check_by = CHECK_BY::FILE_ANY; + check_by_target = check_by_list{L"System/RGSS300.dll", L"System/RGSS301.dll"}; + is_engine_certain = false; + }; + bool attach_function(); +}; \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine32/RRE.cpp b/cpp/LunaHook/LunaHook/engine32/RRE.cpp new file mode 100644 index 00000000..997068a9 --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/RRE.cpp @@ -0,0 +1,38 @@ +#include"RRE.h" + +static void SpecialRunrunEngine(hook_stack *stack, HookParam *hp, TextBuffer *buffer, uintptr_t *split) +{ + //CC_UNUSED(split); + DWORD eax = stack->eax, // *(DWORD *)(esp_base - 0x8), + edx = stack->edx; // *(DWORD *)(esp_base - 0x10); + DWORD addr = eax + edx; // eax + edx + buffer->from_t(*(WORD *)(addr)); +} +bool InsertRREHook() +{ + ULONG addr = MemDbg::findCallAddress((ULONG)::IsDBCSLeadByte, processStartAddress, processStopAddress); + if (!addr) { + ConsoleOutput("RRE: function call does not exist"); + return false; + } + WORD sig = 0x51c3; + HookParam hp; + hp.address = addr; + hp.type = NO_CONTEXT|DATA_INDIRECT|USING_CHAR; + if ((*(WORD *)(addr-2) != sig)) { + hp.text_fun = SpecialRunrunEngine; + ConsoleOutput("INSERT Runrun#1"); + return NewHook(hp, "RunrunEngine Old"); + } else { + hp.offset=get_reg(regs::eax); + ConsoleOutput("INSERT Runrun#2"); + return NewHook(hp, "RunrunEngine"); + } + //ConsoleOutput("RunrunEngine, hook will only work with text speed set to slow or normal!"); + //else ConsoleOutput("Unknown RunrunEngine engine"); +} + +bool RRE::attach_function() { + + return InsertRREHook(); +} \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine32/RRE.h b/cpp/LunaHook/LunaHook/engine32/RRE.h new file mode 100644 index 00000000..91e61982 --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/RRE.h @@ -0,0 +1,11 @@ + + +class RRE:public ENGINE{ + public: + RRE(){ + + check_by=CHECK_BY::FILE; + check_by_target=L"rrecfg.rcf"; + }; + bool attach_function(); +}; \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine32/RUGP.cpp b/cpp/LunaHook/LunaHook/engine32/RUGP.cpp new file mode 100644 index 00000000..90069ced --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/RUGP.cpp @@ -0,0 +1,300 @@ +#include "RUGP.h" + +namespace +{ // unnamed rUGP + + /******************************************************************************************** + rUGP hook: + Process name is rugp.exe. Used by AGE/GIGA games. + + Font caching issue. Find call to GetGlyphOutlineA and keep stepping out functions. + After several tries we comes to address in rvmm.dll and everything is catched. + We see CALL [E*X+0x*] while EBP contains the character data. + It's not as simple to reverse in rugp at run time as like reallive since rugp dosen't set + up stack frame. In other words EBP is used for other purpose. We need to find alternative + approaches. + The way to the entry of that function gives us clue to find it. There is one CMP EBP,0x8140 + instruction in this function and that's enough! 0x8140 is the start of SHIFT-JIS + characters. It's determining if ebp contains a SHIFT-JIS character. This function is not likely + to be used in other ways. We simply search for this instruction and place hook around. + ********************************************************************************************/ + void SpecialHookRUGP1(hook_stack *stack, HookParam *hp, TextBuffer *buffer, uintptr_t *split) + { + // CC_UNUSED(split); + DWORD *_stack = (DWORD *)stack->base; + DWORD i, val; + for (i = 0; i < 4; i++) + { + val = *_stack++; + if ((val >> 16) == 0) + break; + } + if (i < 4) + { + hp->offset = i << 2; + if (i == 2 && hp->user_value != 1) + { + hp->split = get_stack(1); + hp->type |= USING_SPLIT; + } + buffer->from_t(val); + hp->text_fun = nullptr; + // hp->type &= ~EXTERN_HOOK; + } + + } + + // jichi 10/1/2013: Change return type to bool + bool InsertRUGP1Hook() + { + DWORD low; + if (!Util::CheckFile(L"rvmm.dll")) + { + ConsoleOutput("rUGP: rvmm.dll does not exist"); + return false; + } + // WCHAR str[0x40]; + LPVOID ch = (LPVOID)0x8140; + enum + { + range = 0x20000 + }; + low = (DWORD)GetModuleHandleW(L"rvmm.dll"); + DWORD t = SearchPattern(low + range, processStopAddress, &ch, 4) + range; + BYTE *s = (BYTE *)(low + t); + // if (t) { + if (t != range) + { // jichi 10/1/2013: Changed to compare with 0x20000 + if (*(s - 2) != 0x81) + return false; + if (DWORD i = SafeFindEnclosingAlignedFunction((DWORD)s, 0x200)) + { + auto [s, e] = Util::QueryModuleLimits((HMODULE)low); + auto refs = findxref_reverse_checkcallop(i, s, e, 0xe8); + if (refs.size() == 1) + { + auto f2 = findfuncstart(refs[0], 0x100, true); + if (f2) + { + HookParam hp; + hp.address = f2; + hp.text_fun = SpecialHookRUGP1; + hp.user_value = 1; + hp.type = CODEC_ANSI_BE | USING_CHAR; + return NewHook(hp, "rUGP"); + } + } + HookParam hp; + hp.address = i; + hp.text_fun = SpecialHookRUGP1; + hp.type = CODEC_ANSI_BE | USING_CHAR; + ConsoleOutput("INSERT rUGP#1"); + return NewHook(hp, "rUGP"); + } + } + else + { + t = SearchPattern(low, range, &s, 4); + if (!t) + { + ConsoleOutput("rUGP: pattern not found"); + // ConsoleOutput("Can't find characteristic instruction."); + return false; + } + + s = (BYTE *)(low + t); + for (int i = 0; i < 0x200; i++, s--) + if (s[0] == 0x90 && *(DWORD *)(s - 3) == 0x90909090) + { + t = low + t - i + 1; + // swprintf(str, L"HookAddr 0x%.8x", t); + // ConsoleOutput(str); + HookParam hp; + hp.address = t; + hp.offset = get_stack(1); + hp.type = CODEC_ANSI_BE; + ConsoleOutput("INSERT rUGP#2"); + return NewHook(hp, "rUGP"); + } + } + ConsoleOutput("rUGP: failed"); + return false; + // rt: + // ConsoleOutput("Unknown rUGP engine."); + } + + /** rUGP2 10/11/2014 jichi + * + * Sample game: マブラヴ オルタネイヂ�ヴ ト�タル・イクリプス + * The existing rUGP#1/#2 cannot be identified. + * H-codes: + * - /HAN-4@1E51D:VM60.DLL + * - addr: 124189 = 0x1e51d + * - length_offset: 1 + * - module: 3037492083 = 0xb50c7373 + * - off: 4294967288 = 0xfffffff8 = -8 + * - type: 1092 = 0x444 + * - /HAN-4@1001E51D ( alternative) + * - addr: 268559645 = 0x1001e51d + * - length_offset: 1 + * - type: 1028 = 0x404 + * + * This function is very long. + * 1001e4b2 ^e9 c0fcffff jmp _18.1001e177 + * 1001e4b7 8b45 14 mov eax,dword ptr ss:[ebp+0x14] + * 1001e4ba c745 08 08000000 mov dword ptr ss:[ebp+0x8],0x8 + * 1001e4c1 85c0 test eax,eax + * 1001e4c3 74 3c je short _18.1001e501 + * 1001e4c5 8378 04 00 cmp dword ptr ds:[eax+0x4],0x0 + * 1001e4c9 7f 36 jg short _18.1001e501 + * 1001e4cb 7c 05 jl short _18.1001e4d2 + * 1001e4cd 8338 00 cmp dword ptr ds:[eax],0x0 + * 1001e4d0 73 2f jnb short _18.1001e501 + * 1001e4d2 8b4d f0 mov ecx,dword ptr ss:[ebp-0x10] + * 1001e4d5 8b91 38a20000 mov edx,dword ptr ds:[ecx+0xa238] + * 1001e4db 8910 mov dword ptr ds:[eax],edx + * 1001e4dd 8b89 3ca20000 mov ecx,dword ptr ds:[ecx+0xa23c] + * 1001e4e3 8948 04 mov dword ptr ds:[eax+0x4],ecx + * 1001e4e6 eb 19 jmp short _18.1001e501 + * 1001e4e8 c745 08 09000000 mov dword ptr ss:[ebp+0x8],0x9 + * 1001e4ef eb 10 jmp short _18.1001e501 + * 1001e4f1 c745 08 16000000 mov dword ptr ss:[ebp+0x8],0x16 + * 1001e4f8 eb 07 jmp short _18.1001e501 + * 1001e4fa c745 08 1f000000 mov dword ptr ss:[ebp+0x8],0x1f + * 1001e501 8b45 08 mov eax,dword ptr ss:[ebp+0x8] + * 1001e504 8ad0 mov dl,al + * 1001e506 80f2 20 xor dl,0x20 + * 1001e509 80c2 5f add dl,0x5f + * 1001e50c 80fa 3b cmp dl,0x3b + * 1001e50f 0f87 80010000 ja _18.1001e695 + * 1001e515 0fb60e movzx ecx,byte ptr ds:[esi] + * 1001e518 c1e0 08 shl eax,0x8 + * 1001e51b 0bc1 or eax,ecx + * 1001e51d b9 01000000 mov ecx,0x1 ; jichi: hook here + * 1001e522 03f1 add esi,ecx + * 1001e524 8945 08 mov dword ptr ss:[ebp+0x8],eax + * 1001e527 8975 0c mov dword ptr ss:[ebp+0xc],esi + * 1001e52a 3d 79810000 cmp eax,0x8179 + * 1001e52f 0f85 9d000000 jnz _18.1001e5d2 + * 1001e535 8b4d f0 mov ecx,dword ptr ss:[ebp-0x10] + * 1001e538 56 push esi + * 1001e539 8d55 d0 lea edx,dword ptr ss:[ebp-0x30] + * 1001e53c 52 push edx + * 1001e53d e8 0e0bffff call _18.1000f050 + * 1001e542 8d4d d0 lea ecx,dword ptr ss:[ebp-0x30] + * 1001e545 c745 fc 07000000 mov dword ptr ss:[ebp-0x4],0x7 + * 1001e54c ff15 500a0e10 call dword ptr ds:[0x100e0a50] ; _19.6a712fa9 + * 1001e552 84c0 test al,al + * 1001e554 75 67 jnz short _18.1001e5bd + * 1001e556 8b75 f0 mov esi,dword ptr ss:[ebp-0x10] + * 1001e559 8d45 d0 lea eax,dword ptr ss:[ebp-0x30] + * 1001e55c 50 push eax + * 1001e55d 8bce mov ecx,esi + * 1001e55f c745 e4 01000000 mov dword ptr ss:[ebp-0x1c],0x1 + * 1001e566 c745 e0 00000000 mov dword ptr ss:[ebp-0x20],0x0 + * 1001e56d e8 5e80ffff call _18.100165d0 + * 1001e572 0fb7f8 movzx edi,ax + * 1001e575 57 push edi + * 1001e576 8bce mov ecx,esi + * 1001e578 e8 c380ffff call _18.10016640 + * 1001e57d 85c0 test eax,eax + * 1001e57f 74 0d je short _18.1001e58e + * 1001e581 f640 38 02 test byte ptr ds:[eax+0x38],0x2 + * 1001e585 74 07 je short _18.1001e58e + * 1001e587 c745 e0 01000000 mov dword ptr ss:[ebp-0x20],0x1 + * 1001e58e 837d bc 10 cmp dword ptr ss:[ebp-0x44],0x10 + * 1001e592 74 29 je short _18.1001e5bd + * 1001e594 8b43 28 mov eax,dword ptr ds:[ebx+0x28] + * 1001e597 85c0 test eax,eax + */ + bool InsertRUGP2Hook() + { + auto module = GetModuleHandleW(L"vm60.dll"); + if (!module /*|| !SafeFillRange(L"vm60.dll", &low, &high)*/) + { + ConsoleOutput("rUGP2: vm60.dll does not exist"); + return false; + } + const BYTE bytes[] = { + 0x0f, 0xb6, 0x0e, // 1001e515 0fb60e movzx ecx,byte ptr ds:[esi] + 0xc1, 0xe0, 0x08, // 1001e518 c1e0 08 shl eax,0x8 + 0x0b, 0xc1, // 1001e51b 0bc1 or eax,ecx + 0xb9, 0x01, 0x00, 0x00, 0x00, // 1001e51d b9 01000000 mov ecx,0x1 ; jichi: hook here + 0x03, 0xf1, // 1001e522 03f1 add esi,ecx + 0x89, 0x45, 0x08, // 1001e524 8945 08 mov dword ptr ss:[ebp+0x8],eax + 0x89, 0x75, 0x0c // 1001e527 8975 0c mov dword ptr ss:[ebp+0xc],esi + }; + enum + { + addr_offset = 0x1001e51d - 0x1001e515 + }; + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), (DWORD)module, Util::QueryModuleLimits(module).second); + // GROWL_DWORD(addr); + if (!addr) + { + ConsoleOutput("rUGP2: pattern not found"); + return false; + } + + HookParam hp; + hp.address = addr + addr_offset; + hp.offset = get_reg(regs::eax); + hp.type = NO_CONTEXT | CODEC_ANSI_BE; + ConsoleOutput("INSERT rUGP2"); + return NewHook(hp, "rUGP2"); + } + +} // unnamed namespace + +namespace +{ + // マブラヴ オルタネイティヴ クロニクルズ04 + bool h3() + { + + auto low = GetModuleHandleW(L"rvmm.dll"); + if (!low) + return false; + auto [s, e] = Util::QueryModuleLimits(low); + auto caller = findiatcallormov((DWORD)GetGlyphOutlineA, (DWORD)low, s, e); + ConsoleOutput("%p", caller); + if (!caller) + return false; + auto func = findfuncstart(caller, 0x200, true); + if (!func) + return false; + // a2 == 33088 + BYTE sig[] = {0x81, XX, 0x40, 0x81, 0x00, 0x00}; + if (!MemDbg::findBytes(sig, sizeof(sig), func, caller)) + return false; + auto refs = findxref_reverse_checkcallop(func, s, e, 0xe8); + if (refs.size() == 1) + { + auto f2 = findfuncstart(refs[0], 0x100, true); + if (f2) + { + HookParam hp; + hp.address = f2; + hp.offset = get_stack(2); + hp.type = CODEC_ANSI_BE; + return NewHook(hp, "rUGP3"); + } + } + HookParam hp; + hp.address = func; + hp.offset = get_stack(2); + hp.split = get_stack(1); + hp.type = NO_CONTEXT | CODEC_ANSI_BE | USING_SPLIT; + return NewHook(hp, "rUGP3"); + } +} +bool InsertRUGPHook() +{ + return InsertRUGP1Hook() || InsertRUGP2Hook(); +} + +bool RUGP::attach_function() +{ + + return InsertRUGPHook() || h3(); +} \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine32/RUGP.h b/cpp/LunaHook/LunaHook/engine32/RUGP.h new file mode 100644 index 00000000..655080be --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/RUGP.h @@ -0,0 +1,16 @@ + + +class RUGP : public ENGINE +{ +public: + RUGP() + { + + check_by = CHECK_BY::CUSTOM; + check_by_target = []() + { + return (wcsstr(processName_lower, L"rugp") || Util::CheckFile(L"rugp.exe")); + }; + }; + bool attach_function(); +}; \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine32/RUNE.cpp b/cpp/LunaHook/LunaHook/engine32/RUNE.cpp new file mode 100644 index 00000000..6c8cfbc1 --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/RUNE.cpp @@ -0,0 +1,75 @@ +#include"RUNE.h" + + +bool RUNE1() { + const BYTE bytes[] = { + //Ricotte~アルペンブルの歌姫~ + //初恋 + //思春期 + //Fifth + //unsigned __int8 *__cdecl _mbsinc(const unsigned __int8 *Ptr) + 0x8B,0x44,0x24,0x04, + 0x0F,0xB6,0x08, + 0x8A,0x89,XX4, + 0x80,0xE1,0x04, + 0x40, + 0x84,0xC9, + 0x74,XX + }; + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStopAddress); + + if (addr == 0)return false; + HookParam hp; + hp.address = addr; + hp.offset=get_reg(regs::eax); + hp.type = CODEC_ANSI_BE; + return NewHook(hp, "RUNE"); +} +bool RUNE2(){ + //ANGEL CORE + auto addr = findiatcallormov((DWORD)GetGlyphOutlineA,processStartAddress,processStartAddress, processStopAddress); + if (addr == 0)return false; + BYTE sig1[]={ 0x81,0xe1,0x01,0x00,0x00,0x80,XX2,0x49,0x83,0xc9,0xfe,0x41 }; + auto _=MemDbg::findBytes(sig1, sizeof(sig1), addr, addr+0x100); + if (_ == 0)return false; + addr = MemDbg::findEnclosingAlignedFunction(addr); + if (addr == 0)return false; + HookParam hp; + hp.address = addr; + hp.offset=get_stack(1); + hp.type = CODEC_ANSI_BE ; + return NewHook(hp, "RUNE"); +} +bool RUNE3(){ + //雪のち、ふるるっ!~ところにより、恋もよう~ + const BYTE bytes[] = { + 0x6a,0x05,0x6a,0x01 + }; + for (auto addr : Util::SearchMemory(bytes, sizeof(bytes), PAGE_EXECUTE_READWRITE)) + { + auto start= MemDbg::findEnclosingAlignedFunction(addr); + if(start==0)continue; + BYTE sig1[]={ 0x6a,0x00,0x6a,0x01,0x50 }; + BYTE sig2[]={ 0x6a,0x34,0xe8 }; + BYTE sig3[]={ 0xc1,0xe2,0x10,0x0b,0xc2 }; + bool ok=true; + for(auto p:std::vector>{{sig1,sizeof(sig1)},{sig2,sizeof(sig2)},{sig3,sizeof(sig3)}}){ + auto _=MemDbg::findBytes(p.first, p.second, start, addr); + + if(_==0)ok=ok&false; + } + + if(ok) { + HookParam hp; + hp.address = start; + hp.offset=get_stack(1); + hp.type = CODEC_ANSI_BE; + return NewHook(hp, "RUNE"); + } + } + + return false; +} +bool RUNE::attach_function(){ + return RUNE1()||RUNE2()||RUNE3(); +} diff --git a/cpp/LunaHook/LunaHook/engine32/RUNE.h b/cpp/LunaHook/LunaHook/engine32/RUNE.h new file mode 100644 index 00000000..330db769 --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/RUNE.h @@ -0,0 +1,12 @@ + + +class RUNE:public ENGINE{ + public: + RUNE(){ + + check_by=CHECK_BY::FILE_ALL; + check_by_target=check_by_list{L"vorbis.acm",L"r*d*.g*"}; + is_engine_certain=false; + }; + bool attach_function(); +}; diff --git a/cpp/LunaHook/LunaHook/engine32/Reallive.cpp b/cpp/LunaHook/LunaHook/engine32/Reallive.cpp new file mode 100644 index 00000000..d6f2afbf --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/Reallive.cpp @@ -0,0 +1,269 @@ +#include "Reallive.h" + +/******************************************************************************************** +Reallive hook: + Process name is reallive.exe or reallive*.exe. + + Technique to find Reallive hook is quite different from 2 above. + Usually Reallive engine has a font caching issue. This time we wait + until the first call to GetGlyphOutlineA. Reallive engine usually set + up stack frames so we can just refer to EBP to find function entry. + +********************************************************************************************/ +/** jichi 5/13/2015 + * RealLive does not work for 水着少女と媚薬アイス from 裸足少女 + * 012da80f cc int3 + * 012da810 55 push ebp ; jichi: change to hook here + * 012da811 8bec mov ebp,esp + * 012da813 83ec 10 sub esp,0x10 ; jichi: hook here by default + * 012da816 53 push ebx + * 012da817 56 push esi + * 012da818 57 push edi + * 012da819 8b7d 18 mov edi,dword ptr ss:[ebp+0x18] + * 012da81c 81ff 5c810000 cmp edi,0x815c + * 012da822 75 0a jnz short reallive.012da82e + * 012da824 c745 18 9f840000 mov dword ptr ss:[ebp+0x18],0x849f + * 012da82b 8b7d 18 mov edi,dword ptr ss:[ebp+0x18] + * 012da82e b8 9041e301 mov eax,reallive.01e34190 + * 012da833 b9 18a49001 mov ecx,reallive.0190a418 + * 012da838 e8 a38d0000 call reallive.012e35e0 + * 012da83d 85c0 test eax,eax + * 012da83f 74 14 je short reallive.012da855 + * 012da841 e8 6addffff call reallive.012d85b0 + * 012da846 ba 9041e301 mov edx,reallive.01e34190 + * 012da84b b8 18a49001 mov eax,reallive.0190a418 + * 012da850 e8 ab7c0000 call reallive.012e2500 + * 012da855 8d45 f0 lea eax,dword ptr ss:[ebp-0x10] + * 012da858 50 push eax + * 012da859 8d4d f4 lea ecx,dword ptr ss:[ebp-0xc] + * 012da85c 51 push ecx + * 012da85d 8d55 fc lea edx,dword ptr ss:[ebp-0x4] + * 012da860 52 push edx + * 012da861 8d45 f8 lea eax,dword ptr ss:[ebp-0x8] + * 012da864 50 push eax + * 012da865 8bc7 mov eax,edi + * 012da867 e8 54dfffff call reallive.012d87c0 + * 012da86c 8bf0 mov esi,eax + * 012da86e 83c4 10 add esp,0x10 + * 012da871 85f6 test esi,esi + * 012da873 75 4b jnz short reallive.012da8c0 + * 012da875 8d4d f4 lea ecx,dword ptr ss:[ebp-0xc] + * 012da878 51 push ecx + * 012da879 57 push edi + * 012da87a 8d4d f0 lea ecx,dword ptr ss:[ebp-0x10] + * 012da87d e8 cef0ffff call reallive.012d9950 + * 012da882 8bf0 mov esi,eax + * 012da884 83c4 08 add esp,0x8 + * 012da887 85f6 test esi,esi + */ +static bool InsertRealliveDynamicHook(LPVOID addr, hook_stack *stack) +{ + if (addr != ::GetGlyphOutlineA) + return false; + // jichi 5/13/2015: Find the enclosing caller of GetGlyphOutlineA + if (DWORD i = stack->ebp) + { + i = *(DWORD *)(i + 4); + for (DWORD j = i; j > i - 0x100; j--) + if (*(WORD *)j == 0xec83) + { // jichi 7/26/2014: function starts + // 012da80f cc int3 + // 012da810 55 push ebp ; jichi: change to hook here + // 012da811 8bec mov ebp,esp + // 012da813 83ec 10 sub esp,0x10 ; jichi: hook here by default + if (*(DWORD *)(j - 3) == 0x83ec8b55) + j -= 3; + + HookParam hp; + hp.address = j; + hp.offset = get_stack(5); + hp.split = get_reg(regs::esp); + hp.type = CODEC_ANSI_BE | USING_SPLIT; + // GROWL_DWORD(hp.address); + + // RegisterEngineType(ENGINE_REALLIVE); + ConsoleOutput("RealLive: disable GDI hooks"); + + return NewHook(hp, "RealLive"); + } + } + return true; // jichi 12/25/2013: return true +} +void InsertRealliveHook() +{ + // ConsoleOutput("Probably Reallive. Wait for text."); + ConsoleOutput("TRIGGER Reallive"); + trigger_fun = InsertRealliveDynamicHook; +} + +bool RlBabelFilter(LPVOID data, size_t *size, HookParam *) +{ + auto text = reinterpret_cast(data); + auto len = reinterpret_cast(size); + + if (text[0] == '\x01') + { + StringFilterBetween(text, len, "\x01", 1, "\x02", 1); // remove names + } + + CharReplacer(text, len, '\x08', '"'); + CharReplacer(text, len, '\x09', '\''); + CharReplacer(text, len, '\x0A', '\''); + CharFilter(text, len, '\x1F'); // remove color + StringReplacer(text, len, "\x89\x85", 2, "\x81\x63", 2); // "\x89\x85"-> shift-JIS"…" + StringReplacer(text, len, "\x89\x97", 2, "--", 2); + + return true; +} + +bool InsertRlBabelHook() +{ + + /* + * Sample games: + * https://vndb.org/r78318 + */ + const BYTE bytes[] = { + 0xCC, // int 3 + 0x55, // push ebp <- hook here + 0x8B, 0xEC, // mov ebp,esp + 0x83, 0xEC, 0x20, // sub esp,20 + 0xC7, 0x45, 0xFC, XX4 // mov [ebp-04],rlBabel.DLL+16804 + }; + + HMODULE module = GetModuleHandleW(L"rlBabel.dll"); + if (!module) + return false; + auto [minAddress, maxAddress] = Util::QueryModuleLimits(module); + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), minAddress, maxAddress); + if (!addr) + return false; + + HookParam hp; + hp.address = addr + 1; + hp.offset = get_reg(regs::eax); + hp.type = USING_STRING; + hp.filter_fun = RlBabelFilter; + ConsoleOutput("INSERT RealLive Babel"); + return NewHook(hp, "RealLive Babel"); +} +namespace +{ + bool clannad_en_steam() + { + // if ( v12 == 33116 || v12 == 33951 || v12 == 33962 ) + BYTE sig[] = { + 0x81, 0xFE, 0x5C, 0x81, 0x00, 0x00, + 0x74, 0x10, + 0x81, 0xFE, 0x9F, 0x84, 0x00, 0x00, + 0x74, 0x08, + 0x81, 0xFE, 0xAA, 0x84, 0x00, 0x00, + 0x75, XX}; + ULONG addr = MemDbg::findBytes(sig, sizeof(sig), processStartAddress, processStopAddress); + if (!addr) + return false; + + HookParam hp; + hp.address = addr; + hp.offset = get_reg(regs::esi); + hp.type = USING_CHAR | CODEC_ANSI_LE; + return NewHook(hp, "RealLiveX"); + } +} +namespace +{ + // https://vndb.org/r1944 + bool veryold() + { + HookParam hp; + hp.address = (DWORD)GetProcAddress(GetModuleHandleA("gdi32.dll"), "GetGlyphOutline"); + hp.type = HOOK_RETURN; + hp.text_fun = [](hook_stack *stack, HookParam *hps, TextBuffer *buffer, uintptr_t *split) + { + hps->type = HOOK_EMPTY; + auto addr = findfuncstart(hps->address); + if (!addr) + return; + auto addrs = findxref_reverse_checkcallop(addr, processStartAddress, processStopAddress, 0xe8); + if (addrs.size() != 1) + return; + addr = addrs[0]; + addr = MemDbg::findEnclosingAlignedFunction(addr); + if (!addr) + return; + HookParam hp; + hp.address = addr; + hp.offset = get_stack(5); + hp.type = USING_CHAR | CODEC_ANSI_BE; + NewHook(hp, "RealLiveOld"); + }; + return NewHook(hp, "GetGlyphOutline"); + } +} +bool Reallive::attach_function() +{ + InsertRealliveHook(); + InsertRlBabelHook() || clannad_en_steam() || veryold(); + return true; +} + +bool avg3216dattach_function() +{ + BYTE pattern1[] = { + 0x3c, 0x81, XX2, + 0x3c, 0x9f, XX2, + 0x3c, 0xe0, XX2, + 0x3c, 0xfc, XX2}; + BYTE pattern2[] = { + 0x8b, 0x75, 0x08, + 0x8a, 0x06, + 0x3c, 0x81, + 0x75, XX, + 0x80, 0x7e, 0x01, 0x7a}; + auto addr = MemDbg::findBytes(pattern2, sizeof(pattern2), processStartAddress, processStopAddress); + if (addr == 0) + return false; + addr = MemDbg::findEnclosingAlignedFunction(addr); + if (addr == 0) + return false; + auto check = MemDbg::findBytes(pattern1, sizeof(pattern1), addr, addr + 0x200); + if (check == 0) + return false; + HookParam hp; + hp.address = addr; + hp.offset = get_stack(1); + hp.type = NO_CONTEXT | DATA_INDIRECT; + // GROWL_DWORD(hp.address); + return NewHook(hp, "avg3216d"); +} + +bool avg3216dattach_function2() +{ + // https://vndb.org/v12860 + // effect~悪魔の仔~ + BYTE pattern2[] = { + 0x80, 0xf9, 0x81, + 0x72, 0x05, + 0x80, 0xf9, 0x9f, + 0x76, XX, // 76 17 + 0x80, 0xf9, 0xe0, + 0x72, 0x05, + 0x80, 0xf9, 0xfc, + 0x76, 0x0d}; + auto addr = MemDbg::findBytes(pattern2, sizeof(pattern2), processStartAddress, processStopAddress); + if (addr == 0) + return false; + addr = findfuncstart(addr, 0x200, true); + if (addr == 0) + return false; + HookParam hp; + hp.address = addr; + hp.offset = get_stack(1); + hp.type = USING_STRING; + // GROWL_DWORD(hp.address); + return NewHook(hp, "avg3217d"); +} +bool avg3216d::attach_function() +{ + return avg3216dattach_function() || avg3216dattach_function2(); +} \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine32/Reallive.h b/cpp/LunaHook/LunaHook/engine32/Reallive.h new file mode 100644 index 00000000..289e6838 --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/Reallive.h @@ -0,0 +1,51 @@ + + +class Reallive : public ENGINE +{ +public: + Reallive() + { + + check_by = CHECK_BY::CUSTOM; + check_by_target = []() + { + return (wcsstr(processName_lower, L"reallive") || Util::CheckFile(L"Reallive.exe") || Util::CheckFile(L"REALLIVEDATA\\Start.ini")); + }; + }; + bool attach_function(); +}; + +class Reallive_old : public Reallive +{ +public: + Reallive_old() + { + // DEVOTE2 いけない放課後 + check_by = CHECK_BY::FILE_ALL; + //,L"sys\\*",L"PDT\\*",L"Gameexe.ini"是独有的,其他siglus也有 + check_by_target = check_by_list{L"G00\\*.g00", L"bgm\\*.nwa", L"koe\\*", L"wav\\*", L"sys\\*", L"PDT\\*", L"Gameexe.ini"}; + }; +}; + +class avg3216d : public ENGINE +{ +public: + avg3216d() + { + //[980731][13cm] 好き好き大好き! + check_by = CHECK_BY::FILE_ALL; + check_by_target = check_by_list{L"koe\\*.koe", L"PDT\\*.pdt", L"Gameexe.ini"}; + }; + bool attach_function(); +}; + +class RealliveX : public Reallive +{ +public: + RealliveX() + { + // 部分远古版本 + check_by = CHECK_BY::RESOURCE_STR; + check_by_target = L"RealLive"; + }; +}; \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine32/Regista.cpp b/cpp/LunaHook/LunaHook/engine32/Regista.cpp new file mode 100644 index 00000000..0b4cc545 --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/Regista.cpp @@ -0,0 +1,51 @@ +#include"Regista.h" +namespace{ + //ルートダブル -Before Crime * After Days- +bool old() { + const BYTE bytes[] = { + 0x8a, 0x10, 0x83, 0xC0, 0x04, 0x83, 0xc1, 0x04, 0x84, 0xd2, 0x74 + }; + auto addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStopAddress); + ConsoleOutput("%p", addr); + if (addr == 0)return false; + + addr = findfuncstart(addr,0x40); + ConsoleOutput("%p", addr); + if (addr == 0)return false; + HookParam hp; + hp.address = addr; + hp.offset=get_stack(1); + hp.type = DATA_INDIRECT; + hp.index = 0; + return NewHook(hp, "Regista"); +} +bool _2(){ + const BYTE bytes[] = { + //old不是很好,old是strcmp,有很多乱七八糟的,这个是脚本的一些控制字符判断和shiftjis范围判断。 + 0x80 ,0xF9 ,0x81 , + XX2, + 0x80 ,0xF9 ,0x9F, + XX2, + 0x80 ,0xF9 ,0xE0, + XX2, + 0x80 ,0xF9 ,0xFC, + }; + auto addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStopAddress); + ConsoleOutput("%p", addr); + if (addr == 0)return false; + const BYTE start[] = { + 0xCC,0xCC,0xCC,0xCC + }; + addr = reverseFindBytes(start, sizeof(start), addr - 0x40, addr); + if (addr == 0)return false; + HookParam hp; + hp.address = addr+4; + hp.offset=get_reg(regs::edx); + hp.type=USING_STRING; + return NewHook(hp, "Regista"); +} +} + +bool Regista::attach_function() { + return _2()||old(); +} \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine32/Regista.h b/cpp/LunaHook/LunaHook/engine32/Regista.h new file mode 100644 index 00000000..733ecb43 --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/Regista.h @@ -0,0 +1,12 @@ + + +class Regista:public ENGINE{ + public: + Regista(){ + + check_by=CHECK_BY::FILE; + check_by_target=L"data\\*.afs"; + is_engine_certain=false; + }; + bool attach_function(); +}; \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine32/Rejet.cpp b/cpp/LunaHook/LunaHook/engine32/Rejet.cpp new file mode 100644 index 00000000..f91f556e --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/Rejet.cpp @@ -0,0 +1,270 @@ +#include"Rejet.h" + +namespace { // unnamed Rejet +/** + * jichi 12/22/2013: Rejet + * See (CaoNiMaGeBi): http://www.hongfire.com/forum/printthread.php?t=36807&pp=40&page=172 + * See (CaoNiMaGeBi): http://tieba.baidu.com/p/2506179113 + * Pattern: 2bce8bf8 + * 2bce sub ecx,esi ; hook here + * 8bf8 mov eds,eax + * 8bd1 mov edx,ecx + * + * Examples: + * - Type1: ドットカレシ-We're 8bit Lovers!: /HBN-4*0@A5332:DotKareshi.exe + * length_offset: 1 + * off: 0xfffffff8 (-0x8) + * type: 1096 (0x448) + * + * processStartAddress = 10e0000 (variant) + * hook_addr = processStartAddress + reladdr = 0xe55332 + * 01185311 . FFF0 PUSH EAX ; beginning of a new function + * 01185313 . 0FC111 XADD DWORD PTR DS:[ECX],EDX + * 01185316 . 4A DEC EDX + * 01185317 . 85D2 TEST EDX,EDX + * 01185319 . 0F8F 45020000 JG DotKares.01185564 + * 0118531F . 8B08 MOV ECX,DWORD PTR DS:[EAX] + * 01185321 . 8B11 MOV EDX,DWORD PTR DS:[ECX] + * 01185323 . 50 PUSH EAX + * 01185324 . 8B42 04 MOV EAX,DWORD PTR DS:[EDX+0x4] + * 01185327 . FFD0 CALL EAX + * 01185329 . E9 36020000 JMP DotKares.01185564 + * 0118532E . 8B7424 20 MOV ESI,DWORD PTR SS:[ESP+0x20] + * 01185332 . E8 99A9FBFF CALL DotKares.0113FCD0 ; hook here + * 01185337 . 8BF0 MOV ESI,EAX + * 01185339 . 8D4C24 14 LEA ECX,DWORD PTR SS:[ESP+0x14] + * 0118533D . 3BF7 CMP ESI,EDI + * 0118533F . 0F84 1A020000 JE DotKares.0118555F + * 01185345 . 51 PUSH ECX ; /Arg2 + * 01185346 . 68 E4FE5501 PUSH DotKares.0155FEE4 ; |Arg1 = 0155FEE4 + * 0118534B . E8 1023F9FF CALL DotKares.01117660 ; \DotKares.00377660 + * 01185350 . 83C4 08 ADD ESP,0x8 + * 01185353 . 84C0 TEST AL,AL + * + * - Type2: ドットカレシ-We're 8bit Lovers! II: /HBN-8*0@A7AF9:dotkareshi.exe + * off: 4294967284 (0xfffffff4 = -0xc) + * length_offset: 1 + * type: 1096 (0x448) + * + * processStartAddress: 0x12b0000 + * + * 01357ad2 . fff0 push eax ; beginning of a new function + * 01357ad4 . 0fc111 xadd dword ptr ds:[ecx],edx + * 01357ad7 . 4a dec edx + * 01357ad8 . 85d2 test edx,edx + * 01357ada . 7f 0a jg short dotkares.01357ae6 + * 01357adc . 8b08 mov ecx,dword ptr ds:[eax] + * 01357ade . 8b11 mov edx,dword ptr ds:[ecx] + * 01357ae0 . 50 push eax + * 01357ae1 . 8b42 04 mov eax,dword ptr ds:[edx+0x4] + * 01357ae4 . ffd0 call eax + * 01357ae6 > 8b4c24 14 mov ecx,dword ptr ss:[esp+0x14] + * 01357aea . 33ff xor edi,edi + * 01357aec . 3979 f4 cmp dword ptr ds:[ecx-0xc],edi + * 01357aef . 0f84 1e020000 je dotkares.01357d13 + * 01357af5 . 8b7424 20 mov esi,dword ptr ss:[esp+0x20] + * 01357af9 . e8 7283fbff call dotkares.0130fe70 ; jichi: hook here + * 01357afe . 8bf0 mov esi,eax + * 01357b00 . 3bf7 cmp esi,edi + * 01357b02 . 0f84 0b020000 je dotkares.01357d13 + * 01357b08 . 8d5424 14 lea edx,dword ptr ss:[esp+0x14] + * 01357b0c . 52 push edx ; /arg2 + * 01357b0d . 68 cc9f7501 push dotkares.01759fcc ; |arg1 = 01759fcc + * 01357b12 . e8 e9f9f8ff call dotkares.012e7500 ; \dotkares.012c7500 + * 01357b17 . 83c4 08 add esp,0x8 + * 01357b1a . 84c0 test al,al + * 01357b1c . 74 1d je short dotkares.01357b3b + * 01357b1e . 8d46 64 lea eax,dword ptr ds:[esi+0x64] + * 01357b21 . e8 bad0f8ff call dotkares.012e4be0 + * 01357b26 . 68 28a17501 push dotkares.0175a128 ; /arg1 = 0175a128 ascii "
" + * + * - Type2: Tiny×MACHINEGUN: /HBN-8*0@4CEB8:TinyMachinegun.exe + * processStartAddress: 0x12f0000 + * There are two possible places to hook + * + * 0133cea0 . fff0 push eax ; beginning of a new function + * 0133cea2 . 0fc111 xadd dword ptr ds:[ecx],edx + * 0133cea5 . 4a dec edx + * 0133cea6 . 85d2 test edx,edx + * 0133cea8 . 7f 0a jg short tinymach.0133ceb4 + * 0133ceaa . 8b08 mov ecx,dword ptr ds:[eax] + * 0133ceac . 8b11 mov edx,dword ptr ds:[ecx] + * 0133ceae . 50 push eax + * 0133ceaf . 8b42 04 mov eax,dword ptr ds:[edx+0x4] + * 0133ceb2 . ffd0 call eax + * 0133ceb4 > 8b4c24 14 mov ecx,dword ptr ss:[esp+0x14] + * 0133ceb8 . 33db xor ebx,ebx ; jichi: hook here + * 0133ceba . 3959 f4 cmp dword ptr ds:[ecx-0xc],ebx + * 0133cebd . 0f84 d4010000 je tinymach.0133d097 + * 0133cec3 . 8b7424 20 mov esi,dword ptr ss:[esp+0x20] + * 0133cec7 . e8 f4f90100 call tinymach.0135c8c0 ; jichi: or hook here + * 0133cecc . 8bf0 mov esi,eax + * 0133cece . 3bf3 cmp esi,ebx + * 0133ced0 . 0f84 c1010000 je tinymach.0133d097 + * 0133ced6 . 8d5424 14 lea edx,dword ptr ss:[esp+0x14] + * 0133ceda . 52 push edx ; /arg2 + * 0133cedb . 68 44847d01 push tinymach.017d8444 ; |arg1 = 017d8444 + * 0133cee0 . e8 eb5bfdff call tinymach.01312ad0 ; \tinymach.011b2ad0 + * + * - Type 3: 剣が君: /HBN-8*0@B357D:KenGaKimi.exe + * + * 01113550 . fff0 push eax + * 01113552 . 0fc111 xadd dword ptr ds:[ecx],edx + * 01113555 . 4a dec edx + * 01113556 . 85d2 test edx,edx + * 01113558 . 7f 0a jg short kengakim.01113564 + * 0111355a . 8b08 mov ecx,dword ptr ds:[eax] + * 0111355c . 8b11 mov edx,dword ptr ds:[ecx] + * 0111355e . 50 push eax + * 0111355f . 8b42 04 mov eax,dword ptr ds:[edx+0x4] + * 01113562 . ffd0 call eax + * 01113564 8b4c24 14 mov ecx,dword ptr ss:[esp+0x14] + * 01113568 33ff xor edi,edi + * 0111356a 3979 f4 cmp dword ptr ds:[ecx-0xc],edi + * 0111356d 0f84 09020000 je kengakim.0111377c + * 01113573 8d5424 14 lea edx,dword ptr ss:[esp+0x14] + * 01113577 52 push edx + * 01113578 68 dc6a5401 push kengakim.01546adc + * 0111357d e8 3eaff6ff call kengakim.0107e4c0 ; hook here + */ +bool FindRejetHook(LPCVOID pattern, DWORD pattern_size, DWORD hook_off, DWORD hook_offset, LPCSTR hook_name = "Rejet") +{ + // Offset to the function call from the beginning of the function + //enum { addr_offset = 0x21 }; // Type1: hex(0x01185332-0x01185311) + //const BYTE pattern[] = { // Type1: Function start + // 0xff,0xf0, // 01185311 . fff0 push eax ; beginning of a new function + // 0x0f,0xc1,0x11, // 01185313 . 0fc111 xadd dword ptr ds:[ecx],edx + // 0x4a, // 01185316 . 4a dec edx + // 0x85,0xd2, // 01185317 . 85d2 test edx,edx + // 0x0f,0x8f // 01185319 . 0f8f 45020000 jg DotKares.01185564 + //}; + //GROWL_DWORD(processStartAddress); + ULONG addr = processStartAddress; //- sizeof(pattern); + do { + //addr += sizeof(pattern); // ++ so that each time return diff address + ULONG range = min(processStopAddress - addr, MAX_REL_ADDR); + addr = MemDbg::findBytes(pattern, pattern_size, addr, addr + range); + if (!addr) { + //ITH_MSG(L"failed"); + ConsoleOutput("Rejet: pattern not found"); + return false; + } + + addr += hook_off; + //GROWL_DWORD(addr); + //GROWL_DWORD(*(DWORD *)(addr-3)); + //const BYTE hook_ins[] = { + // /*0x8b,*/0x74,0x24, 0x20, // mov esi,dword ptr ss:[esp+0x20] + // 0xe8 //??,??,??,??, 01357af9 e8 7283fbff call DotKares.0130fe70 ; jichi: hook here + //}; + } while(0xe8202474 != *(DWORD *)(addr - 3)); + + ConsoleOutput("INSERT Rejet"); + HookParam hp; + hp.address = addr; //- 0xf; + hp.type = NO_CONTEXT|DATA_INDIRECT|FIXING_SPLIT; + hp.offset = hook_offset; + + return NewHook(hp, hook_name); +} +bool InsertRejetHook1() // This type of hook has varied hook address +{ + const BYTE bytes[] = { // Type1: Function start + 0xff,0xf0, // 01185311 . fff0 push eax ; beginning of a new function + 0x0f,0xc1,0x11, // 01185313 . 0fc111 xadd dword ptr ds:[ecx],edx + 0x4a, // 01185316 . 4a dec edx + 0x85,0xd2, // 01185317 . 85d2 test edx,edx + 0x0f,0x8f // 01185319 . 0f8f 45020000 jg DotKares.01185564 + }; + // Offset to the function call from the beginning of the function + enum { addr_offset = 0x21 }; // Type1: hex(0x01185332-0x01185311) + enum { hook_offset = -0x8 }; // hook parameter + return FindRejetHook(bytes, sizeof(bytes), addr_offset, hook_offset); +} +bool InsertRejetHook2() // This type of hook has static hook address +{ + const BYTE bytes[] = { // Type2 Function start + 0xff,0xf0, // 01357ad2 fff0 push eax + 0x0f,0xc1,0x11, // 01357ad4 0fc111 xadd dword ptr ds:[ecx],edx + 0x4a, // 01357ad7 4a dec edx + 0x85,0xd2, // 01357ad8 85d2 test edx,edx + 0x7f, 0x0a, // 01357ada 7f 0a jg short DotKares.01357ae6 + 0x8b,0x08, // 01357adc 8b08 mov ecx,dword ptr ds:[eax] + 0x8b,0x11, // 01357ade 8b11 mov edx,dword ptr ds:[ecx] + 0x50, // 01357ae0 50 push eax + 0x8b,0x42, 0x04, // 01357ae1 8b42 04 mov eax,dword ptr ds:[edx+0x4] + 0xff,0xd0, // 01357ae4 ffd0 call eax + 0x8b,0x4c,0x24, 0x14 // 01357ae6 8b4c24 14 mov ecx,dword ptr ss:[esp+0x14] + }; + // Offset to the function call from the beginning of the function + enum { addr_offset = 0x27 }; // Type2: hex(0x0133CEC7-0x0133CEA0) = hex(0x01357af9-0x1357ad2) + enum { hook_offset = -0xc }; // hook parameter + return FindRejetHook(bytes, sizeof(bytes), addr_offset, hook_offset); +} +bool InsertRejetHook3() // jichi 12/28/2013: add for 剣が君 +{ + // The following pattern is the same as type2 + const BYTE bytes[] = { // Type2 Function start + 0xff,0xf0, // 01357ad2 fff0 push eax + 0x0f,0xc1,0x11, // 01357ad4 0fc111 xadd dword ptr ds:[ecx],edx + 0x4a, // 01357ad7 4a dec edx + 0x85,0xd2, // 01357ad8 85d2 test edx,edx + 0x7f, 0x0a, // 01357ada 7f 0a jg short DotKares.01357ae6 + 0x8b,0x08, // 01357adc 8b08 mov ecx,dword ptr ds:[eax] + 0x8b,0x11, // 01357ade 8b11 mov edx,dword ptr ds:[ecx] + 0x50, // 01357ae0 50 push eax + 0x8b,0x42, 0x04, // 01357ae1 8b42 04 mov eax,dword ptr ds:[edx+0x4] + 0xff,0xd0, // 01357ae4 ffd0 call eax + 0x8b,0x4c,0x24, 0x14 // 01357ae6 8b4c24 14 mov ecx,dword ptr ss:[esp+0x14] + }; + // Offset to the function call from the beginning of the function + //enum { addr_offset = 0x27 }; // Type2: hex(0x0133CEC7-0x0133CEA0) = hex(0x01357af9-0x1357ad2) + enum { hook_offset = -0xc }; // hook parameter + ULONG addr = processStartAddress; //- sizeof(bytes); + while (true) { + //addr += sizeof(bytes); // ++ so that each time return diff address + ULONG range = min(processStopAddress - addr, MAX_REL_ADDR); + addr = MemDbg::findBytes(bytes, sizeof(bytes), addr, addr + range); + if (!addr) { + //ITH_MSG(L"failed"); + ConsoleOutput("Rejet: pattern not found"); + return false; + } + addr += sizeof(bytes); + // Push and call at once, i.e. push (0x68) and call (0xe8) + // 01185345 52 push edx + // 01185346 . 68 e4fe5501 push dotkares.0155fee4 ; |arg1 = 0155fee4 + // 0118534b . e8 1023f9ff call dotkares.01117660 ; \dotkares.00377660 + enum { start = 0x10, stop = 0x50 }; + // Different from FindRejetHook + DWORD i; + for (i = start; i < stop; i++) + if (*(WORD *)(addr + i - 1) == 0x6852 && *(BYTE *)(addr + i + 5) == 0xe8) // 0118534B-01185346 + break; + if (i < stop) { + addr += i; + break; + } + } //while(0xe8202474 != *(DWORD *)(addr - 3)); + + //GROWL_DWORD(addr - processStartAddress); // = 0xb3578 for 剣が君 + + ConsoleOutput("INSERT Rejet"); + // The same as type2 + HookParam hp; + hp.address = addr; //- 0xf; + hp.type = NO_CONTEXT|DATA_INDIRECT|FIXING_SPLIT; + hp.offset = hook_offset; + + return NewHook(hp, "Rejet"); +} +} // unnamed Rejet + +bool InsertRejetHook() +{ return InsertRejetHook2() || InsertRejetHook1() || InsertRejetHook3(); } // insert hook2 first, since 2's pattern seems to be more unique + + +bool Rejet::attach_function() { + + return InsertRejetHook(); +} \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine32/Rejet.h b/cpp/LunaHook/LunaHook/engine32/Rejet.h new file mode 100644 index 00000000..db6d825b --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/Rejet.h @@ -0,0 +1,11 @@ + + +class Rejet:public ENGINE{ + public: + Rejet(){ + + check_by=CHECK_BY::FILE_ALL; + check_by_target=check_by_list{L"gd.dat",L"pf.dat",L"sd.dat"}; + }; + bool attach_function(); +}; \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine32/Retouch.cpp b/cpp/LunaHook/LunaHook/engine32/Retouch.cpp new file mode 100644 index 00000000..b3c5ab41 --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/Retouch.cpp @@ -0,0 +1,106 @@ +#include"Retouch.h" + +// jichi 6/21/2015 +namespace { // unnamed + +void SpecialHookRetouch1(hook_stack *stack, HookParam *hp, TextBuffer *buffer, uintptr_t *split) +{ + buffer->from_cs((char*)stack->stack[1]); + *split = + stack->eax == 0 ? FIXED_SPLIT_VALUE * 2 : // name + stack->ebx == 0 ? FIXED_SPLIT_VALUE * 1 : // scenario + stack->eax;//FIXED_SPLIT_VALUE * 3 ; // other //夏への方舟1体験版 +} + +bool InsertRetouch1Hook() +{ + HMODULE hModule = ::GetModuleHandleA("resident.dll"); + if (!hModule) { + ConsoleOutput("Retouch: failed, dll handle not loaded"); + return false; + } + // private: bool __thiscall RetouchPrintManager::printSub(char const *,class UxPrintData &,unsigned long) 0x10050650 0x00050650 2904 (0xb58) resident.dll C:\Local\箱庭ロジヂ�\resident.dll Exported Function + const char *sig = "?printSub@RetouchPrintManager@@AAE_NPBDAAVUxPrintData@@K@Z"; + DWORD addr = (DWORD)::GetProcAddress(hModule, sig); + if (!addr) { + ConsoleOutput("Retouch: failed, procedure not found"); + return false; + } + + HookParam hp; + hp.address = addr; + hp.offset=get_stack(1); + hp.type = USING_STRING|NO_CONTEXT|EMBED_ABLE|EMBED_AFTER_NEW|EMBED_DYNA_SJIS; + hp.hook_font=F_GetGlyphOutlineA; + hp.text_fun = SpecialHookRetouch1; + ConsoleOutput("INSERT Retouch"); + return NewHook(hp, "Retouch"); +} + +bool InsertRetouch2Hook() +{ + HMODULE hModule = ::GetModuleHandleA("resident.dll"); + if (!hModule) { + ConsoleOutput("Retouch2: failed, dll handle not loaded"); + return false; + } + // private: void __thiscall RetouchPrintManager::printSub(char const *,unsigned long,int &,int &) 0x10046560 0x00046560 2902 (0xb56) resident.dll C:\Local\箱庭ロジヂ�\resident.dll Exported Function + const char *sig = "?printSub@RetouchPrintManager@@AAEXPBDKAAH1@Z"; + DWORD addr = (DWORD)::GetProcAddress(hModule, sig); + if (!addr) { + ConsoleOutput("Retouch2: failed, procedure not found"); + return false; + } + + HookParam hp; + hp.address = addr; + hp.offset=get_stack(1); + hp.type = USING_STRING|NO_CONTEXT|EMBED_ABLE|EMBED_AFTER_NEW|EMBED_DYNA_SJIS; + hp.hook_font=F_GetGlyphOutlineA; + ConsoleOutput("INSERT Retouch"); + return NewHook(hp, "Retouch"); +} + +namespace HistoryHook { +inline ULONG get_jmp_absaddr(ULONG inst) +{ return inst + 5 + *(ULONG *)(inst + 1); } +bool attach() // attach scenario +{ + if(GetModuleHandle(L"resident.dll")==0)return false; + auto [startAddress, stopAddress] = Util::QueryModuleLimits(GetModuleHandle(L"resident.dll")); + const uint8_t bytes[] = { + 0x8b,0x44,0x24, 0x04, // 051cf2e0 8b4424 04 mov eax,dword ptr ss:[esp+0x4] + 0x6a, 0x02, // 051cf2e4 6a 02 push 0x2 + 0x6a, 0x00, // 051cf2e6 6a 00 push 0x0 + 0x6a, 0x00, // 051cf2e8 6a 00 push 0x0 + 0x6a, 0x00, // 051cf2ea 6a 00 push 0x0 + 0x50, // 051cf2ec 50 push eax + 0xe8 //9ef8ffff // 051cf2ed e8 9ef8ffff call _1locke2.051ceb90 + // 051cf2f2 c2 0400 retn 0x4 + }; + auto addr = MemDbg::findBytes(bytes, sizeof(bytes), startAddress, stopAddress); + if (!addr) + return false; + addr += sizeof(bytes) - 1; // move to the short call instruction + addr = get_jmp_absaddr(addr); + HookParam hp; + hp.address = addr; + hp.offset=get_stack(1); + hp.type = USING_STRING|NO_CONTEXT|EMBED_ABLE|EMBED_AFTER_NEW|EMBED_DYNA_SJIS; + hp.hook_font=F_GetGlyphOutlineA; + return NewHook(hp, "RetouchHistory"); +} + +} // namespace HistoryHook +} // unnamed namespace +bool InsertRetouchHook() +{ + bool ok = InsertRetouch1Hook(); + ok = InsertRetouch2Hook() || ok; + ok=HistoryHook::attach()||ok; + return ok; +} +bool Retouch::attach_function() { + + return InsertRetouchHook(); +} \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine32/Retouch.h b/cpp/LunaHook/LunaHook/engine32/Retouch.h new file mode 100644 index 00000000..34b48d24 --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/Retouch.h @@ -0,0 +1,11 @@ + + +class Retouch:public ENGINE{ + public: + Retouch(){ + + check_by=CHECK_BY::FILE; + check_by_target=L"resident.dll"; + }; + bool attach_function(); +}; \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine32/RpgmXP.cpp b/cpp/LunaHook/LunaHook/engine32/RpgmXP.cpp new file mode 100644 index 00000000..f32c0be8 --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/RpgmXP.cpp @@ -0,0 +1,29 @@ +#include"RpgmXP.h" + + + +bool InsertRpgmXPHook() +{ + + /* + * Sample games: + * セントヘレナ(RJ137364) + */ + HookParam hp; + wcsncpy_s(hp.module, L"gdi32.dll", MAX_MODULE_SIZE - 1); + strncpy_s(hp.function, "GetGlyphOutlineW", MAX_MODULE_SIZE - 1); + hp.address = 0; + hp.offset=get_stack(2); //arg2 + hp.index = 0; + hp.split = get_reg(regs::esi); + hp.split_index = 0; + hp.type = CODEC_UTF16 | USING_SPLIT | MODULE_OFFSET | FUNCTION_OFFSET; + ConsoleOutput(" INSERT RpgmXP"); + + return NewHook(hp, "RpgmXP"); +} + + +bool RpgmXP::attach_function() { + return InsertRpgmXPHook(); +} \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine32/RpgmXP.h b/cpp/LunaHook/LunaHook/engine32/RpgmXP.h new file mode 100644 index 00000000..68dd04ae --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/RpgmXP.h @@ -0,0 +1,12 @@ + + +class RpgmXP:public ENGINE{ + public: + RpgmXP(){ + + check_by=CHECK_BY::FILE; + check_by_target=L"*.rgssad"; + is_engine_certain=false; + }; + bool attach_function(); +}; \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine32/Ruf.cpp b/cpp/LunaHook/LunaHook/engine32/Ruf.cpp new file mode 100644 index 00000000..4f330575 --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/Ruf.cpp @@ -0,0 +1,28 @@ +#include"Ruf.h" + +bool Ruf::attach_function() { + const BYTE bytes[] = { + //奴隷市場Renaissance + 0x81,XX,0x00,0x01,0x00,0x00, + 0x8B,0xF0, + 0x76,0x07, + 0x81,0x6D,0xF4,0x00,0x80,0x00,0x00, + }; + const BYTE bytes2[] = { + //セイレムの魔女たち + 0x81,XX,0x00,0x01,0x00,0x00, + 0x76,0x07, + 0x81,0x6D,0xF4,0x00,0x80,0x00,0x00, + }; + auto addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStopAddress); + if (addr == 0) + addr = MemDbg::findBytes(bytes2, sizeof(bytes2), processStartAddress, processStopAddress); + if (addr == 0)return false; + addr = findfuncstart(addr); + if (addr == 0)return false; + HookParam hp; + hp.address = addr; + hp.offset=get_reg(regs::edx); + hp.type |= CODEC_ANSI_BE; + return NewHook(hp, "Ruf"); +} \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine32/Ruf.h b/cpp/LunaHook/LunaHook/engine32/Ruf.h new file mode 100644 index 00000000..d609038f --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/Ruf.h @@ -0,0 +1,11 @@ + + +class Ruf:public ENGINE{ + public: + Ruf(){ + is_engine_certain=false; + check_by=CHECK_BY::FILE_ALL; + check_by_target=check_by_list{L"*.arc",L"*.wsm",L"*.scb",L"*.bmx"}; + }; + bool attach_function(); +}; \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine32/Ryokucha.cpp b/cpp/LunaHook/LunaHook/engine32/Ryokucha.cpp new file mode 100644 index 00000000..f2118e1d --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/Ryokucha.cpp @@ -0,0 +1,367 @@ +#include"Ryokucha.h" +static void SpecialHookRyokucha(hook_stack *stack, HookParam *hp, TextBuffer *buffer, uintptr_t *split) +{ + for (DWORD i = 1; i < 5; i++) { + DWORD j = stack->stack[i]; + if ((j >> 16) == 0 && (j >> 8)) { + hp->offset = i << 2; + buffer->from_t(j); + //hp->type &= ~EXTERN_HOOK; + hp->text_fun = nullptr; + return; + } + } +} +bool InsertRyokuchaDynamicHook(LPVOID addr, hook_stack*) +{ + if (addr != ::GetGlyphOutlineA) + return false; + + auto tib = (NT_TIB*)__readfsdword(0); + auto exception = tib->ExceptionList; + for (int i = 0; i < 1; i++) { + exception = exception->Next; + } + auto handler=(DWORD)exception->Handler; + auto ptr=*(DWORD*)((DWORD)exception+0xC); + auto insert_addr=ptr+*(DWORD*)(ptr-4); + auto flag=(*(DWORD*)(insert_addr+3)==handler); + + if (flag) { + HookParam hp; + hp.address = insert_addr; + hp.text_fun = SpecialHookRyokucha; + hp.type = CODEC_ANSI_BE|USING_CHAR; + ConsoleOutput("INSERT StudioRyokucha"); + return NewHook(hp, "StudioRyokucha"); + } + //else ConsoleOutput("Unknown Ryokucha engine."); + ConsoleOutput("StudioRyokucha: failed"); + return true; +} +void InsertRyokuchaHook() +{ + //ConsoleOutput("Probably Ryokucha. Wait for text."); + trigger_fun = InsertRyokuchaDynamicHook; + ConsoleOutput("TRIGGER Ryokucha"); +} + +/** + * jichi 1/10/2014: Rai7 puk + * See: http://www.hongfire.com/forum/showthread.php/421909-%E3%80%90Space-Warfare-Sim%E3%80%91Rai-7-PUK/page10 + * See: www.hongfire.com/forum/showthread.php/421909-%E3%80%90Space-Warfare-Sim%E3%80%91Rai-7-PUK/page19 + * + * Version: R7P3-13v2(131220).rar, pass: sstm http://pan.baidu.com/share/home?uk=3727185265#category/type=0 + * /HS0@409524 + */ +//bool InsertRai7Hook() +//{ +//} + +/** + * jichi 10/1/2013: sol-fa-soft + * See (tryguy): http://www.hongfire.com/forum/printthread.php?t=36807&pp=10&page=639 + * + * @tryguy + * [sol-fa-soft] + * 17 スク水不要� /HA4@4AD140 + * 18 ななちも�とぁ�しょ: /HA4@5104A0 + * 19 発惁�んこぁ�� /HA4@51D720 + * 20 わたし�たまごさ� /HA4@4968E0 + * 21 修学旡�夜更かし� /HA4@49DC00 + * 22 おぼえたてキヂ�: /HA4@49DDB0 + * 23 ちっさい巫女さんSOS: /HA4@4B4AA0 + * 24 はじめてのお�ろやさん: /HA4@4B5600 + * 25 はきわすれ愛好� /HA4@57E360 + * 26 朝っぱらから発惮�� /HA4@57E360 + * 27 となり�ヴァンパイア: /HA4@5593B0 + * 28 麦わら帽子と水辺の妖精: /HA4@5593B0 + * 29 海と温泉と夏休み: /HA4@6DE8E0 + * 30 駏�子屋さん繁盛� /HA4@6DEC90 + * 31 浴衣の下�… �神社で発見�ノ�パン少女 /HA4@6DEC90 + * 32 プ�ルのじか�スク水不要�: /HA4@62AE10 + * 33 妹のお泊まり� /HA4@6087A0 + * 34 薝�少女: /HA4@6087A0 + * 35 あや�Princess Intermezzo: /HA4@609BF0 + * + * SG01 男湯�: /HA4@6087A0 + * + * c71 真�の大晦日CD: /HA4@516b50 + * c78 sol-fa-soft真夏�お気楽CD: /HA4@6DEC90 + * + * Example: 35 あや�Princess Intermezzo: /HA4@609BF0 + * - addr: 6331376 = 0x609bf0 + * - length_offset: 1 + * - off: 4 + * - type: 4 + * + * ASCII: あや� addr_offset = -50 + * Function starts + * 00609bef /> cc int3 + * 00609bf0 /> 55 push ebp + * 00609bf1 |. 8bec mov ebp,esp + * 00609bf3 |. 64:a1 00000000 mov eax,dword ptr fs:[0] + * 00609bf9 |. 6a ff push -0x1 + * 00609bfb |. 68 e1266300 push あや�006326e1 + * 00609c00 |. 50 push eax + * 00609c01 |. 64:8925 000000>mov dword ptr fs:[0],esp + * 00609c08 |. 81ec 80000000 sub esp,0x80 + * 00609c0e |. 53 push ebx + * 00609c0f |. 8b5d 08 mov ebx,dword ptr ss:[ebp+0x8] + * 00609c12 |. 57 push edi + * 00609c13 |. 8bf9 mov edi,ecx + * 00609c15 |. 8b07 mov eax,dword ptr ds:[edi] + * 00609c17 |. 83f8 02 cmp eax,0x2 + * 00609c1a |. 75 1f jnz short あや�00609c3b + * 00609c1c |. 3b5f 40 cmp ebx,dword ptr ds:[edi+0x40] + * 00609c1f |. 75 1a jnz short あや�00609c3b + * 00609c21 |. 837f 44 00 cmp dword ptr ds:[edi+0x44],0x0 + * 00609c25 |. 74 14 je short あや�00609c3b + * 00609c27 |. 5f pop edi + * 00609c28 |. b0 01 mov al,0x1 + * 00609c2a |. 5b pop ebx + * 00609c2b |. 8b4d f4 mov ecx,dword ptr ss:[ebp-0xc] + * 00609c2e |. 64:890d 000000>mov dword ptr fs:[0],ecx + * 00609c35 |. 8be5 mov esp,ebp + * 00609c37 |. 5d pop ebp + * 00609c38 |. c2 0400 retn 0x4 + * Function stops + * + * WideChar: こいな�小田舎で初恋x中出しセクシャルライ�, addr_offset = -53 + * 0040653a cc int3 + * 0040653b cc int3 + * 0040653c cc int3 + * 0040653d cc int3 + * 0040653e cc int3 + * 0040653f cc int3 + * 00406540 > 55 push ebp + * 00406541 . 8bec mov ebp,esp + * 00406543 . 64:a1 00000000 mov eax,dword ptr fs:[0] + * 00406549 . 6a ff push -0x1 + * 0040654b . 68 f1584300 push erondo01.004358f1 + * 00406550 . 50 push eax + * 00406551 . 64:8925 000000>mov dword ptr fs:[0],esp + * 00406558 . 83ec 6c sub esp,0x6c + * 0040655b . 53 push ebx + * 0040655c . 8bd9 mov ebx,ecx + * 0040655e . 57 push edi + * 0040655f . 8b03 mov eax,dword ptr ds:[ebx] + * 00406561 . 8b7d 08 mov edi,dword ptr ss:[ebp+0x8] + * 00406564 . 83f8 02 cmp eax,0x2 + * 00406567 . 75 1f jnz short erondo01.00406588 + * 00406569 . 3b7b 3c cmp edi,dword ptr ds:[ebx+0x3c] + * 0040656c . 75 1a jnz short erondo01.00406588 + * 0040656e . 837b 40 00 cmp dword ptr ds:[ebx+0x40],0x0 + * 00406572 . 74 14 je short erondo01.00406588 + * 00406574 . 5f pop edi + * 00406575 . b0 01 mov al,0x1 + * 00406577 . 5b pop ebx + * 00406578 . 8b4d f4 mov ecx,dword ptr ss:[ebp-0xc] + * 0040657b . 64:890d 000000>mov dword ptr fs:[0],ecx + * 00406582 . 8be5 mov esp,ebp + * 00406584 . 5d pop ebp + * 00406585 . c2 0400 retn 0x4 + * + * WideChar: 祝福�鐘�音は、桜色の風と共に, addr_offset = -50, + * FIXME: how to know if it is UTF16? This game has /H code, though: + * + * /HA-4@94D62:shukufuku_main.exe + * + * 011d619e cc int3 + * 011d619f cc int3 + * 011d61a0 55 push ebp + * 011d61a1 8bec mov ebp,esp + * 011d61a3 64:a1 00000000 mov eax,dword ptr fs:[0] + * 011d61a9 6a ff push -0x1 + * 011d61ab 68 d1811f01 push .011f81d1 + * 011d61b0 50 push eax + * 011d61b1 64:8925 00000000 mov dword ptr fs:[0],esp + * 011d61b8 81ec 80000000 sub esp,0x80 + * 011d61be 53 push ebx + * 011d61bf 8b5d 08 mov ebx,dword ptr ss:[ebp+0x8] + * 011d61c2 57 push edi + * 011d61c3 8bf9 mov edi,ecx + * 011d61c5 8b07 mov eax,dword ptr ds:[edi] + * 011d61c7 83f8 02 cmp eax,0x2 + * 011d61ca 75 1f jnz short .011d61eb + * 011d61cc 3b5f 40 cmp ebx,dword ptr ds:[edi+0x40] + * 011d61cf 75 1a jnz short .011d61eb + * 011d61d1 837f 44 00 cmp dword ptr ds:[edi+0x44],0x0 + * 011d61d5 74 14 je short .011d61eb + * 011d61d7 5f pop edi + * 011d61d8 b0 01 mov al,0x1 + * 011d61da 5b pop ebx + * 011d61db 8b4d f4 mov ecx,dword ptr ss:[ebp-0xc] + * 011d61de 64:890d 00000000 mov dword ptr fs:[0],ecx + * 011d61e5 8be5 mov esp,ebp + * 011d61e7 5d pop ebp + * 011d61e8 c2 0400 retn 0x4 + */ +bool InsertScenarioPlayerHook() +{ + PcHooks::hookOtherPcFunctions(); + //const BYTE bytes[] = { + // 0x53, // 00609c0e |. 53 push ebx + // 0x8b,0x5d,0x08, // 00609c0f |. 8b5d 08 mov ebx,dword ptr ss:[ebp+0x8] + // 0x57, // 00609c12 |. 57 push edi + // 0x8b,0xf9, // 00609c13 |. 8bf9 mov edi,ecx + // 0x8b,0x07, // 00609c15 |. 8b07 mov eax,dword ptr ds:[edi] + // 0x83,0xf8, 0x02, // 00609c17 |. 83f8 02 cmp eax,0x2 + // 0x75, 0x1f, // 00609c1a |. 75 1f jnz short あや�00609c3b + // 0x3b,0x5f, 0x40, // 00609c1c |. 3b5f 40 cmp ebx,dword ptr ds:[edi+0x40] + // 0x75, 0x1a, // 00609c1f |. 75 1a jnz short あや�00609c3b + // 0x83,0x7f, 0x44, 0x00, // 00609c21 |. 837f 44 00 cmp dword ptr ds:[edi+0x44],0x0 + // 0x74, 0x14, // 00609c25 |. 74 14 je short あや�00609c3b + //}; + //enum { addr_offset = 0x00609bf0 - 0x00609c0e }; // distance to the beginning of the function + + const BYTE bytes[] = { + 0x74, 0x14, // 00609c25 |. 74 14 je short あや�00609c3b + 0x5f, // 00609c27 |. 5f pop edi + 0xb0, 0x01, // 00609c28 |. b0 01 mov al,0x1 + 0x5b, // 00609c2a |. 5b pop ebx + 0x8b,0x4d, 0xf4 // 00609c2b |. 8b4d f4 mov ecx,dword ptr ss:[ebp-0xc] + }; + enum { // distance to the beginning of the function + addr_offset_A = 0x00609bf0 - 0x00609c25 // -53 + , addr_offset_W = 0x00406540 - 0x00406572 // -50 + }; + ULONG range = min(processStopAddress - processStartAddress, MAX_REL_ADDR); + ULONG start = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStartAddress + range); + if (!start) { + ConsoleOutput("ScenarioPlayer: pattern not found"); + return false; + } + + DWORD addr = MemDbg::findEnclosingAlignedFunction(start, 80); // range is around 50, use 80 + + enum : BYTE { push_ebp = 0x55 }; // 011d4c80 /$ 55 push ebp + if (!addr || *(BYTE *)addr != push_ebp) { + ConsoleOutput("ScenarioPlayer: pattern found but the function offset is invalid"); + return false; + } + auto succ=false; + HookParam hp; + hp.address = addr; + hp.offset=get_stack(1); + if ( + (addr - start == addr_offset_W)|| + ( + (Util::FindImportEntry(processStartAddress,(DWORD)GetGlyphOutlineA)==0)&& + (Util::FindImportEntry(processStartAddress,(DWORD)TextOutA)==0)&& + (Util::FindImportEntry(processStartAddress,(DWORD)ExtTextOutA)==0)&& + (Util::FindImportEntry(processStartAddress,(DWORD)GetTextExtentPoint32A)==0) + //祝福の鐘の音は、桜色の風と共に + ) + ) { + // Artikash 8/18/2018: can't figure out how to tell apart which hook is needed, so alert user + // (The method used to tell the hooks apart previously fails on https://vndb.org/v19713) + + hp.type = CODEC_UTF16; + ConsoleOutput("INSERT ScenarioPlayerW"); + succ=NewHook(hp, "ScenarioPlayerW"); + } else { + hp.type = CODEC_ANSI_BE; // 4 + ConsoleOutput("INSERT ScenarioPlayerA"); + succ=NewHook(hp, "ScenarioPlayerA"); + } + ConsoleOutput("Text encoding might be wrong: try changing it if this hook finds garbage!"); + return succ; +} + +bool InsertScenarioPlayerHookx() { + //夏彩恋呗 + //为避免和engine中的冲突,进行一次xref + const BYTE bytes[] = { + 0xC1,0xE8,0x02,0x25,0x01,0xFF,0xFF,0xFF,0x89,0x45,XX + }; + auto addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStopAddress); + ConsoleOutput("%p", addr); + if (addr == 0)return false; + addr = MemDbg::findEnclosingAlignedFunction(addr); + ConsoleOutput("%p", addr); + if (addr == 0)return false; + auto addrs = findxref_reverse_checkcallop(addr, addr - 0x1000, addr, 0xe9); + if (addrs.size() != 1)return false; + addr = addrs[0]; + addr = MemDbg::findEnclosingAlignedFunction(addr); + if (addr == 0)return false; + HookParam hp; + hp.address = addr; + hp.offset=get_stack(1); + hp.type = CODEC_UTF16; + return NewHook(hp, "sutajioryokutyaW"); +} +namespace{ + bool Iyashikei(){ + //癒し系ソープ嬢ヒロさん + const BYTE bytes[] = { + 0x6A,0xFF, + 0x68,XX4, + 0x64,0xA1,0x00,0x00,0x00,0x00, + 0x50, + 0x83,0xEC,0x08, + 0x56, + 0xA1,0x08,0x6E,0x6B,0x00, + 0x33,0xC4, + 0x50, + 0x8D,0x44,0x24,XX, + 0x64,0xA3,0x00,0x00,0x00,0x00, + 0x8B,0xF1, + 0x8B,0x44,0x24,XX, + 0x50, + 0x8D,0x4C,0x24,XX, + 0x51, + 0x8B,0xCE, + 0xE8,XX4 + }; + auto addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStopAddress); + if(addr==0)return false; + HookParam hp; + hp.address = addr; + hp.offset=get_stack(1); + hp.type = CODEC_ANSI_BE; + return NewHook(hp, "Iyashikei"); + } +} +bool InsertScenarioPlayerHook_all(){ + bool b1= InsertScenarioPlayerHook(); + bool b2=InsertScenarioPlayerHookx(); + return b1||b2||Iyashikei(); +} +bool Ryokucha::attach_function() { + InsertRyokuchaHook(); + + if (Util::CheckFile(L"*.iar") && Util::CheckFile(L"*.sec5")) // jichi 9/27/2014: For new Ryokucha games + InsertScenarioPlayerHook_all(); + + return true; +} + +bool ScenarioPlayer_last::attach_function() { + + return InsertScenarioPlayerHook_all(); +} +bool Ryokucha2::attach_function() { + //夏日 + const BYTE bytes[] = { + 0x8b,XX2,0x2b,0xd1,0xc1,0xfa,0x02,0x3b,0xd0,0x76 + }; + auto addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStopAddress); + ConsoleOutput("%p", addr); + if (addr == 0)return false; + addr = MemDbg::findEnclosingAlignedFunction(addr); + ConsoleOutput("%p", addr); + if (addr == 0)return false; + + HookParam hp; + hp.address = addr; + hp.offset =get_stack(6); + hp.type = USING_STRING; + hp.filter_fun = [](void* data, size_t* len, HookParam* hp) { + std::string s = std::string(reinterpret_cast(data), *len); + if (s[0] == '#')return false; + return true; + }; + return NewHook(hp, "sutajioryokutya"); +} \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine32/Ryokucha.h b/cpp/LunaHook/LunaHook/engine32/Ryokucha.h new file mode 100644 index 00000000..9699129b --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/Ryokucha.h @@ -0,0 +1,48 @@ + + +class Ryokucha:public ENGINE{ + public: + Ryokucha(){ + + check_by=CHECK_BY::FILE; + check_by_target=L"*_checksum.exe"; + }; + bool attach_function(); +}; +class Ryokucha2:public ENGINE{ + public: + Ryokucha2(){ + + check_by=CHECK_BY::FILE; + check_by_target=L"sc\\*.scc"; + is_engine_certain=false; + + }; + bool attach_function(); +}; + +class ScenarioPlayer_last:public ENGINE{ + public: + ScenarioPlayer_last(){ + + check_by=CHECK_BY::FILE_ALL; + check_by_target=check_by_list{ + L"*.iar", + L"*.sec5" + }; + + }; + bool attach_function(); +}; +class Ryokuchaold:public Ryokucha{ + public: + Ryokuchaold(){ + //巫女さんファイター!涼子ちゃん + check_by=CHECK_BY::FILE_ALL; + check_by_target=check_by_list{ + L"img\\*.iar", + L"*.sec5" + }; + is_engine_certain=false; + }; +}; \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine32/SRPGStudio.cpp b/cpp/LunaHook/LunaHook/engine32/SRPGStudio.cpp new file mode 100644 index 00000000..3f239838 --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/SRPGStudio.cpp @@ -0,0 +1,16 @@ +#include"SRPGStudio.h" + +bool SRPGStudio::attach_function() { + //NAGINATA SOFT + //HERO'S PARTY R + //https://store.steampowered.com/app/1804020/HEROS_PARTY_R/ + auto dll=GetModuleHandleW(L"OLEAUT32.dll"); + if(dll==0)return 0; + auto addr=GetProcAddress(dll,"SysAllocString"); + if(addr==0)return 0; + HookParam hp; + hp.address = (DWORD)addr; + hp.offset=get_stack(1); + hp.type = USING_STRING|CODEC_UTF16|EMBED_ABLE|EMBED_AFTER_NEW; + return NewHook(hp, "SRPGStudio"); +} \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine32/SRPGStudio.h b/cpp/LunaHook/LunaHook/engine32/SRPGStudio.h new file mode 100644 index 00000000..b389265f --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/SRPGStudio.h @@ -0,0 +1,11 @@ + + +class SRPGStudio:public ENGINE{ + public: + SRPGStudio(){ + + check_by=CHECK_BY::FILE; + check_by_target=L"runtime.rts"; + }; + bool attach_function(); +}; \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine32/SYSD.cpp b/cpp/LunaHook/LunaHook/engine32/SYSD.cpp new file mode 100644 index 00000000..362804ae --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/SYSD.cpp @@ -0,0 +1,42 @@ +#include"SYSD.h" + + +bool InsertSysdHook() { + + /* + * Sample games: + * https://vndb.org/v2069 + */ + const BYTE bytes[] = { + 0xC1, 0xE9, 0x02, // shr ecx,02 <- hook here + 0xF3, 0xA5, // repe movsd + 0x8B, 0xCA, // mov ecx,edx + 0x83, 0xE1, 0x03, // and ecx,03 + 0xF3, 0xA4, // repe movsb + 0x5F, // pop edi + 0xB8, 0x01, 0x00, 0x00, 0x00 // mov eax,00000001 + }; + + ULONG range = min(processStopAddress - processStartAddress, MAX_REL_ADDR); + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStartAddress + range); + if (!addr) { + ConsoleOutput("Sysd: pattern not found"); + return false; + } + + HookParam hp; + hp.address = addr; + hp.offset=get_reg(regs::esi); + hp.index = 0; + hp.padding = 0x12; + hp.split = get_stack(2); + hp.split_index = 0; + hp.type = USING_STRING | NO_CONTEXT | USING_SPLIT; + hp.filter_fun = NewLineCharFilterA; + ConsoleOutput("INSERT Sysd"); + return NewHook(hp, "Sysd"); +} + +bool SYSD::attach_function() { + return InsertSysdHook(); +} \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine32/SYSD.h b/cpp/LunaHook/LunaHook/engine32/SYSD.h new file mode 100644 index 00000000..31bc65a2 --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/SYSD.h @@ -0,0 +1,12 @@ + + +class SYSD:public ENGINE{ + public: + SYSD(){ + + check_by=CHECK_BY::FILE_ALL; + check_by_target=check_by_list{L"*.dpk",L"SYSD.INI"}; + is_engine_certain=false; + }; + bool attach_function(); +}; \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine32/Sakuradog.cpp b/cpp/LunaHook/LunaHook/engine32/Sakuradog.cpp new file mode 100644 index 00000000..a02a2031 --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/Sakuradog.cpp @@ -0,0 +1,26 @@ +#include"Sakuradog.h" + + +bool Sakuradog::attach_function() { + //綾瀬家のオンナ~淫華の血脈~ + + auto entry=Util::FindImportEntry(processStartAddress,(DWORD)GetGlyphOutlineA); + if(entry==0)return false; + BYTE bytes2[]={ + 0x57, + 0x50, + 0x6a,0x06, + 0x56, + 0x53, + 0xff,0x15,XX4 + }; + memcpy(bytes2+sizeof(bytes2)-4,&entry,4); + auto addr = MemDbg::findBytes(bytes2, sizeof(bytes2), processStartAddress, processStopAddress); + if (addr == 0)return false; + HookParam hp; + hp.address = addr+6; + hp.offset=get_reg(regs::esi); + hp.split=0xe4; + hp.type = CODEC_ANSI_BE|USING_SPLIT|NO_CONTEXT ; + return NewHook(hp, "Sakuradog"); +} \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine32/Sakuradog.h b/cpp/LunaHook/LunaHook/engine32/Sakuradog.h new file mode 100644 index 00000000..6867816b --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/Sakuradog.h @@ -0,0 +1,12 @@ + + +class Sakuradog:public ENGINE{ + public: + Sakuradog(){ + + check_by=CHECK_BY::FILE_ALL; + check_by_target=check_by_list{L"SE.dat",L"GRP.dat",L"SNR.dat",L"VOICE.dat",L"BGM.dat",L"DATA.dat",L"ADV.inf",L"ADV.exe"}; + is_engine_certain=false; + }; + bool attach_function(); +}; diff --git a/cpp/LunaHook/LunaHook/engine32/Sceplay.cpp b/cpp/LunaHook/LunaHook/engine32/Sceplay.cpp new file mode 100644 index 00000000..64c3a8b6 --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/Sceplay.cpp @@ -0,0 +1,24 @@ +#include "Sceplay.h" +// https://vndb.org/v10190 +// 想い出の彼方 + +bool Sceplay::attach_function() +{ + trigger_fun = [](LPVOID addr1, hook_stack *stack) + { + if (addr1 != GetGlyphOutlineA) + return false; + auto addr = MemDbg::findEnclosingAlignedFunction((DWORD)stack->retaddr); + ConsoleOutput("%p", addr); + if (!addr) + return true; + HookParam hp; + hp.address = addr; + hp.type = USING_CHAR | CODEC_ANSI_BE; + hp.offset = get_stack(6); + NewHook(hp, "Sceplay"); + return true; + }; + + return true; +} \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine32/Sceplay.h b/cpp/LunaHook/LunaHook/engine32/Sceplay.h new file mode 100644 index 00000000..e4a31be1 --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/Sceplay.h @@ -0,0 +1,49 @@ +// https://vndb.org/v10190 +// 想い出の彼方 + +/* +FILEVERSION 1,0,7,15 +PRODUCTVERSION 1,0,7,15 +FILEFLAGSMASK 0x3F +FILEFLAGS VS_FF_PRIVATEBUILD | VS_FF_SPECIALBUILD +FILEOS VOS_NT_WINDOWS32 +FILETYPE VFT_APP +FILESUBTYPE 0x0 +{ + BLOCK "StringFileInfo" + { + BLOCK "041104b0" + { + VALUE "Comments", "$" + VALUE "CompanyName", "yonie software" + VALUE "FileDescription", "シナリオプレイヤー" + VALUE "FileVersion", "1, 0, 7, 15" + VALUE "InternalName", "Sceplay" + VALUE "LegalCopyright", "Copyright (C) 2000 Youhei Sueda" + VALUE "LegalTrademarks", "$" + VALUE "OriginalFilename", "Sceplay.exe" + VALUE "PrivateBuild", "$" + VALUE "ProductName", "シナリオプレイヤー" + VALUE "ProductVersion", "1, 0, 7, 15" + VALUE "SpecialBuild", "$" + } + } + BLOCK "VarFileInfo" + { + VALUE "Translation", 0x411, 1200 + } +} + +*/ + +class Sceplay : public ENGINE +{ +public: + Sceplay() + { + + check_by = CHECK_BY::RESOURCE_STR; + check_by_target = L"Sceplay"; + }; + bool attach_function(); +}; \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine32/ScrPlayer.cpp b/cpp/LunaHook/LunaHook/engine32/ScrPlayer.cpp new file mode 100644 index 00000000..8323a069 --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/ScrPlayer.cpp @@ -0,0 +1,67 @@ +#include"ScrPlayer.h" + +bool ScrPlayer_attach_function1() { + auto func=MemDbg::findCallerAddress((ULONG)GetGlyphOutlineA,0x90909090,processStartAddress,processStopAddress); + if(func==0)return false; + func+=4; + BYTE check[]={ + 0x83,0xf8,0x20, + 0x74,XX, + 0x3d,0x40,0x81,0x00,0x00, + 0x74,XX + }; + auto addr=MemDbg::findBytes(check,sizeof(check),processStartAddress,processStopAddress); + if(addr==0)return false; + addr=MemDbg::findEnclosingAlignedFunction(addr); + if(addr==0)return false; + if(addr!=func)return false; + HookParam hp; + hp.address=func; + hp.offset=get_stack(5); + //会把多行分开导致翻译不对。 + hp.type=USING_STRING;//|EMBED_ABLE|EMBED_AFTER_NEW|EMBED_DYNA_SJIS; + //hp.hook_font=F_GetGlyphOutlineA; + hp.filter_fun=[](LPVOID data, size_t* size, HookParam*) { + static int idx=0; + idx+=1;//这个函数总是连续被调用两次,一个绘制上层文字,一个绘制阴影。 + return bool(idx%2); + }; + return NewHook(hp,"ScrPlayer"); +} + +bool ScrPlayer_attach_function2() { + //https://vndb.org/v7056 + //Rendezvous ~ランデブー~ + // _DWORD *__stdcall sub_41DC10( + // _DWORD *a1, + // int a2, + // int a3, + // int a4, + // int a5, + // unsigned __int8 *a6, <--- + // int a7, + // int a8, + // int a9, + // char a10, + // int a11) + BYTE bs[]={ + 0x51, + 0x56, + 0x8b,0x74,0x24,0x20, + 0x8a,0x06, + 0x84,0xc0, + 0x89,0x4c,0x24,0x04, + 0x0f,0x84,XX4 + }; + auto addr=MemDbg::findBytes(bs,sizeof(bs),processStartAddress,processStopAddress); + if(addr==0)return false; + HookParam hp; + hp.address=addr; + hp.offset=get_stack(6); + hp.type=USING_STRING;//有内部的multibyte函数使得无法内嵌显示中文字符 + return NewHook(hp,"ScrPlayer2"); +} +bool ScrPlayer::attach_function() +{ + return ScrPlayer_attach_function1()||ScrPlayer_attach_function2(); +} \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine32/ScrPlayer.h b/cpp/LunaHook/LunaHook/engine32/ScrPlayer.h new file mode 100644 index 00000000..e5e69068 --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/ScrPlayer.h @@ -0,0 +1,11 @@ + + +class ScrPlayer:public ENGINE{ + public: + ScrPlayer(){ + + check_by=CHECK_BY::FILE; + check_by_target=L"ScrPlayer.exe"; + }; + bool attach_function(); +}; \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine32/ShinaRio.cpp b/cpp/LunaHook/LunaHook/engine32/ShinaRio.cpp new file mode 100644 index 00000000..a4a0ad26 --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/ShinaRio.cpp @@ -0,0 +1,933 @@ +#include"ShinaRio.h" + template + bool StackSearchingTrigger(LPVOID funcAddr, DWORD, DWORD stack) + { + bool ret = false; + if (funcAddr != funcA && funcAddr != funcW) return false; + for (int i = 0; i < depth; ++i) + { + // Address of text is somewhere on stack in call to func. Search for it. + DWORD addr = *((DWORD*)stack + i); + //ConsoleOutput(std::to_string((DWORD)*addr).c_str()); + if (IthGetMemoryRange((void*)addr, nullptr, nullptr)) + { + if (strlen((char*)addr) > 9) + { + HookParam hp; + hp.type = DIRECT_READ; + if (funcAddr == funcW) hp.type |= CODEC_UTF16; + hp.address = addr; + ConsoleOutput("triggered: adding dynamic reader"); + ret|=NewHook(hp, "READ"); + } + }; + } + return ret; + } + + +/******************************************************************************************** +ShinaRio hook: + Game folder contains rio.ini. + Problem of default hook GetTextExtentPoint32A is that the text repeat one time. + But KF just can't resolve the issue. ShinaRio engine always perform integrity check. + So it's very difficult to insert a hook into the game module. Freaka suggests to refine + the default hook by adding split parameter on the stack. So far there is 2 different + version of ShinaRio engine that needs different split parameter. Seems this value is + fixed to the last stack frame. We just navigate to the entry. There should be a + sub esp,* instruction. This value plus 4 is just the offset we need. + + New ShinaRio engine (>=2.48) uses different approach. +********************************************************************************************/ +namespace { // unnamed +// jichi 3/1/2015: hook for new ShinaRio games + +char text_buffer_prev[0x1000]; +void SpecialHookShina2(hook_stack* stack, HookParam *, uintptr_t *data, uintptr_t *split, size_t*len) +{ + DWORD ptr = stack->esi ; // jichi: esi + *split = ptr; // [esi] + char* str = *(char**)(ptr+0x160); + strcpy(text_buffer, str); + int skip = 0; + for (str = text_buffer; *str; str++) + if (str[0] == 0x5f) { // jichi 7/10/2015: Skip _r (new line) + if (str[1] == 0x72) // jichi 7/10/2015: Skip _t until / + str[0] = str[1]=1; + else if (str[1] == 0x74) { + while (str[0] != 0x2f) + *str++ = 1; + *str=1; + } + } + + for (str = text_buffer; str[skip];) + if (str[skip] == 1) + skip++; + else { + str[0]=str[skip]; + str++; + } + + str[0] = 0; + if (strcmp(text_buffer, text_buffer_prev) == 0) + *len=0; + else { + for (skip = 0; text_buffer[skip]; skip++) + text_buffer_prev[skip] = text_buffer[skip]; + text_buffer_prev[skip] = 0; + *data = (DWORD)text_buffer_prev; + *len = skip; + } +} + +// jichi 3/1/2015: hook for old ShinaRio games +// Used to merge correct text thread. +// 1. Only keep threads with 0 and -1 split +// 2. Skip the thread withb 0 split and with minimum return address +//void SpecialHookShina1(hook_stack* stack, HookParam *hp, uintptr_t *data, uintptr_t *split, size_t*len) +//{ +// static DWORD min_retaddr = -1; +// DWORD s = *(DWORD *)(esp_base + hp->split); +// if (s == 0 || (s & 0xffff) == 0xffff) { // only keep threads with 0 and -1 split +// if (s == 0 && retof(esp_base) <= min_retaddr) { +// min_retaddr = retof(esp_base); +// return; +// } +// *split = FIXED_SPLIT_VALUE; +// // Follow the same logic as the hook. +// *data = *(DWORD *)*data; // DATA_INDIRECT +// *len = LeadByteTable[*data & 0xff]; +// } +//} + +// jichi 8/27/2013 +// Return ShinaRio version number +// The head of Rio.ini usually looks like: +// [椎名里�v2.49] +// This function will return 49 in the above case. +// +// Games from アトリエさく�do not have Rio.ini, but $procname.ini. +int GetShinaRioVersion() +{ + int ret = 0; + HANDLE hFile = CreateFileW(L"RIO.INI", FILE_READ_DATA, FILE_SHARE_READ, nullptr, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, nullptr); + if (hFile == INVALID_HANDLE_VALUE) { + size_t len = ::wcslen(processName); + if (len > 3) { + wchar_t fname[MAX_PATH]; + ::wcscpy(fname, processName); + fname[len -1] = 'i'; + fname[len -2] = 'n'; + fname[len -3] = 'i'; + hFile = CreateFileW(fname, FILE_READ_DATA, FILE_SHARE_READ, nullptr, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, nullptr); + } + } + + if (hFile != INVALID_HANDLE_VALUE) { + //char *buffer,*version;//,*ptr; + enum { BufferSize = 0x40 }; + char buffer[BufferSize]{}; + DWORD DUMMY; + ReadFile(hFile, buffer, BufferSize, &DUMMY, nullptr); + CloseHandle(hFile); + //if (buffer[0] == '[') { + buffer[0x3f] = 0; // jichi 8/24/2013: prevent strstr from overflow + if (char *version = ::strstr(buffer, "v2.")) + ::sscanf(version + 3, "%d", &ret); // +3 to skip "v2." + //} + } + return ret; +} + +bool IsSJIS(char* text) +{ + for (int i = 0; i < 3; ++i) if (!IsDBCSLeadByte(text[i * 2])) return false; + return true; +} + +} // unnamed namespace + +// jichi 8/24/2013: Rewrite ShinaRio logic. +// Test games: ���×S�� (PK), version ShinaRio 2.47 +bool InsertShinaHook(int ver ) +{ + + if (ver >= 50) { + //trigger_fun = StackSearchingTrigger; + trigger_fun = [](LPVOID funcAddr, hook_stack* stack) + { + bool ret = false; + if (funcAddr != GetGlyphOutlineA && funcAddr != GetTextExtentPoint32A) return false; + for (int i = 0; i < 100; ++i) + { + // Address of text is somewhere on stack in call to func. Search for it. + DWORD addr = *((DWORD*)stack->esp + i); + //ConsoleOutput(std::to_string((DWORD)*addr).c_str()); + if (IthGetMemoryRange((void*)addr, nullptr, nullptr) && strlen((char*)addr) > 9) + { + if (IsSJIS((char*)addr) || strstr((char*)addr, "_r")) + { + HookParam hp; + hp.type = DIRECT_READ; + hp.address = addr; + hp.filter_fun=[](LPVOID data, size_t *size, HookParam *) + { + StringFilter(reinterpret_cast(data), reinterpret_cast(size), "_r",2); + + write_string_overwrite(data,size,std::regex_replace(std::string((char*)data,*size), std::regex("_t!.*?[/>]"), "")); + return true; + }; + ConsoleOutput("triggered: adding dynamic reader"); + ret|=NewHook(hp, "ShinaRio READ"); + } + }; + } + return ret; + }; + ConsoleOutput("ShinaRio 2.50+: adding trigger"); + } + //被embedshinario取代 + /* + if (ver >= 48) { // v2.48, v2.49 + HookParam hp; + hp.address = (DWORD)::GetTextExtentPoint32A; + hp.text_fun = SpecialHookShina2; + hp.type = USING_STRING; + ConsoleOutput("INSERT ShinaRio > 2.47"); + NewHook(hp, "ShinaRio"); + //RegisterEngineType(ENGINE_SHINA); + return true; + + } else if (ver > 40) { // <= v2.47. Older games like あやかしびと does not require hcode + // jichi 3/13/2015: GetGlyphOutlineA is not hooked, which might produce correct text + // BOOL GetTextExtentPoint32(HDC hdc, LPCTSTR lpString, int c, LPSIZE lpSize); + enum stack { // current stack + arg0_retaddr = 0 // pseudo arg + , arg1_hdc = 4 * 1 + , arg2_lpString = 4 * 2 + , arg3_c = 4 * 3 + , arg4_lpSize = 4 * 4 + }; + + HookParam hp; + hp.address = (DWORD)::GetTextExtentPoint32A; + hp.offset = arg2_lpString; // 0x8 + hp.length_offset = 1; + hp.type = DATA_INDIRECT|USING_SPLIT; + + enum { sub_esp = 0xec81 }; // jichi: caller pattern: sub esp = 0x81,0xec + if (DWORD s = Util::FindCallAndEntryBoth((DWORD)GetTextExtentPoint32A, processStopAddress - processStartAddress, processStartAddress, sub_esp)) { + ConsoleOutput("INSERT ShinaRio <= 2.47 dynamic split"); + hp.split = *(DWORD *)(s + 2) + 4; + //RegisterEngineType(ENGINE_SHINA); + NewHook(hp, "ShinaRio"); + + } else { + // jichi 3/13/2015: GetTextExtentPoint32A is not statically invoked in ���×S�� (PK) + // See: http://sakuradite.com/topic/671 + // See: http://www.hongfire.com/forum/showthread.php/36807-AGTH-text-extraction-tool-for-games-translation/page347 + // + // [Guilty+]Rin x Sen �Hakudaku Onna Kyoushi to Yaroudomo /HB8*0:44@0:GDI32.dll:GetTextExtentPoint32A /Ftext@4339A2:0;choices@4339A2:ffffff + // + // addr: 0 , text_fun: 0x0 , function: 135408591 , hook_len: 0 , ind: 0 , length_of + // fset: 1 , module: 1409538707 , off: 8 , recover_len: 0 , split: 68 , split_ind: + // 0 , type: 216 + // + // Message speed needs to be set to something slower then fastest(instant) or text wont show up in agth. + // Last edited by Freaka; 09-29-2009 at 11:48 AM. + + // Issues: + // 1. The text speed must NOT to be set to the fastest. + // 2. There might be a wrong text thread that is almost correct, except that its first character is chopped. + // Otherwise, the first character will be split in another thread + ConsoleOutput("INSERT ShinaRio <= 2.47 static split"); + hp.split = 0x44; + //hp.type |= FIXING_SPLIT|NO_CONTEXT; // merge all threads + //hp.text_fun = SpecialHookShina1; + NewHook(hp, "ShinaRio2"); // jichi: mark as ShinaRio2 so that VNR is able to warn user about the text speed issue + } + return true; + } + ConsoleOutput("ShinaRio: unknown version"); + + */ + return false; +} + + + + + +namespace { // unnamed + + +namespace ScenarioHook { +namespace Private { + + bool isSkippedText(LPCSTR text) + { + return 0 == ::strcmp(text, "\x82\x6c\x82\x72\x20\x83\x53\x83\x56\x83\x62\x83\x4e"); // "MS ゴシック" + } + + class HookArgument + { + DWORD split_; + // offset_[0x57]; // [esi]+0x160 + //LPSTR text_; // current text address + + template + static strT nextText(strT t) + { + t += ::strlen(t); + return (t[6] && !t[5] && !t[4] && !t[3] && !t[2] && !t[1]) ? t + 6 : nullptr; // 6 continuous zeros + } + + //Engine::TextRole textRole() const + //{ + // static ULONG minSplit_ = UINT_MAX; + // minSplit_ = qMin(minSplit_, split_); + // return split_ == minSplit_ ? Engine::ScenarioRole : + // split_ == minSplit_ + 1 ? Engine::NameRole : + // Engine::OtherRole; + //} + + public: + static bool isTextList(LPCSTR text) { return nextText(text); } + + //LPSTR textAddress() const { return text_; } + + /** + * @param text + * @param paddingSpace prepend space to make the first character having two bytes + */ + void dispatchText(LPSTR text, bool paddingSpace,TextBuffer*b,uintptr_t*role) + { + enum { NameCapacity = 0x20 }; // including ending '\0' + static std::string data_; + + if (0 == ::strcmp(text, data_.c_str())) + return; + if (isSkippedText(text)) + return; + + //LPSIZE lpSize = (LPSIZE)s->stack[4]; // arg4 of GetTextExtentPoint32A + //int area = lpSize->cx * lpSize->cy; + //auto role = lpSize->cx || !lpSize->cy || area > 150 ? Engine::ScenarioRole : Engine::NameRole; + //auto role = textRole(); + // * role = Engine::ScenarioRole; + // if (::strlen(text) < NameCapacity + // && text[NameCapacity - 1] == 0 && text[NameCapacity]) + // *role = Engine::NameRole; + b->from_cs(text); + } + void dispatchText2(LPSTR text, bool paddingSpace,std::string newData) + { + enum { NameCapacity = 0x20 }; // including ending '\0' + static std::string data_; + + if (0 == ::strcmp(text, data_.c_str())) + return; + if (isSkippedText(text)) + return; + + //LPSIZE lpSize = (LPSIZE)s->stack[4]; // arg4 of GetTextExtentPoint32A + //int area = lpSize->cx * lpSize->cy; + //auto role = lpSize->cx || !lpSize->cy || area > 150 ? Engine::ScenarioRole : Engine::NameRole; + //auto role = textRole(); + auto role = Engine::ScenarioRole; + if (::strlen(text) < NameCapacity + && text[NameCapacity - 1] == 0 && text[NameCapacity]) + role = Engine::NameRole; + + std::string oldData = text; + // auto newData=oldData+"XX"; + if (newData == oldData) + return; + if (paddingSpace && !newData.empty() && (signed char)newData[0] > 0) // prepend space for thin char + newData.insert(0, " "); + // .prepend(' '); + data_ = newData; + + if (role == Engine::NameRole && newData.size() >= NameCapacity) { + data_ = newData.substr(0,NameCapacity - 1); + ::strncpy(text, newData.c_str(), NameCapacity); + text[NameCapacity] = 0; + } else { + ::strcpy(text, newData.c_str()); + if (oldData.size() > newData.size()) + ::memset(text + newData.size(), 0, oldData.size() - newData.size()); + } + } + + void dispatchTextList2(LPSTR text, bool paddingSpace,std::string newData1){ + + enum { role = Engine::OtherRole }; + std::vectorsave; + auto newdata=strSplit(newData1,"|"); + + for (auto p = text; p; p = nextText(p)) { + save.push_back(p); + } + if(save.size()!=newdata.size())return ; + int i=0; + for (auto p = text; p; p = nextText(p)) { + std::string oldData = p; + auto newData=newdata[i];i++; + if (newData != oldData) { + if (newData.size() > oldData.size()) + newData = newData.substr(0,oldData.size()); + else + while (newData.size() < oldData.size()) + newData.push_back(' '); + ::memcpy(p, newData.c_str(), oldData.size()); + } + } + } + void dispatchTextList(LPSTR text, bool paddingSpace, TextBuffer *buffer,uintptr_t*role) + { + static std::unordered_set hashes_; + // enum { role = Engine::OtherRole }; + std::string save; + for (auto p = text; p; p = nextText(p)) { + std::string oldData = p; + save+=("|"+oldData); + } + buffer->from(save); + } + + //void dispatch(LPSTR text) + //{ + // if (nextText(text)) + // dispatchTextList(text); + // else + // dispatchText(text); + //} + }; + + /** + * + * BOOL GetTextExtentPoint32(HDC hdc, LPCTSTR lpString, int c, LPSIZE lpSize); + * + * Scenario: + * 0012F4EC 0043784C /CALL to GetTextExtentPoint32A from .00437846 + * 0012F4F0 9A010C64 |hDC = 9A010C64 + * 0012F4F4 004C0F30 |Text = "Y" + * 0012F4F8 00000001 |TextLen = 0x1 + * 0012F4FC 00504DA4 \pSize = .00504DA4 + * 0012F500 00503778 .00503778 + * 0012F504 00439EBE RETURN to .00439EBE from .00437790 + * 0012F508 00503778 .00503778 + * 0012F50C 00914CC0 .00914CC0 + * 0012F510 00000001 + * 0012F514 00503778 .00503778 + * 0012F518 0069EB80 .0069EB80 + * 0012F51C 00000000 + * 0012F520 00914CC0 .00914CC0 + * 0012F524 0600A0AE + * 0012F528 0012F53C ASCII "ps" + * 0012F52C 76DD23CB user32.ClientToScreen + * 0012F530 75D0BA46 kernel32.Sleep + * + * pSize: + * 00504DA4 0C 00 00 00 18 00 00 00 18 00 00 00 15 00 00 00 ............. + * 00504DB4 03 00 00 00 00 00 00 00 00 00 00 00 0C 00 00 00 ............... + * 00504DC4 1B 00 00 00 90 01 00 00 00 00 00 00 60 00 00 00 ...・......`... + * 00504DD4 60 00 00 00 00 FF A5 02 00 00 00 36 80 00 00 00 `....・...6€... + * 00504DE4 01 00 00 00 00 00 00 00 00 00 00 00 0D 00 00 00 ............... + * 00504DF4 00 00 00 00 00 00 00 00 00 00 00 00 64 00 00 00 ............d... + * 00504E04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ + * 00504E14 82 6C 82 72 20 83 53 83 56 83 62 83 4E 00 00 00 MS ゴシック... + * 00504E24 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ + * + * Name: + * 0012F4EC 0043784C /CALL to GetTextExtentPoint32A from .00437846 + * 0012F4F0 9A010C64 |hDC = 9A010C64 + * 0012F4F4 004C0F30 |Text = "Y" + * 0012F4F8 00000001 |TextLen = 0x1 + * 0012F4FC 00506410 \pSize = .00506410 + * 0012F500 00504DE4 .00504DE4 + * 0012F504 00439EBE RETURN to .00439EBE from .00437790 + * 0012F508 00504DE4 .00504DE4 + * 0012F50C 00914CC0 .00914CC0 + * 0012F510 00000001 + * 0012F514 00504DE4 .00504DE4 + * 0012F518 006A1868 .006A1868 + * 0012F51C 00000000 + * 0012F520 00914CC0 .00914CC0 + * + * pSize: + * 00506410 07 00 00 00 0D 00 00 00 0D 00 00 00 0B 00 00 00 ........... ... + * 00506420 02 00 00 00 00 00 00 00 00 00 00 00 07 00 00 00 .............. + * 00506430 0F 00 00 00 90 01 00 00 00 00 00 00 60 00 00 00 ...・......`... + * 00506440 60 00 00 00 00 FF A5 02 00 00 00 36 80 00 00 00 `....・...6€... + * 00506450 02 00 00 00 00 00 00 00 00 00 00 00 18 00 00 00 .............. + * 00506460 00 00 00 00 00 00 00 00 00 00 00 00 64 00 00 00 ............d... + * 00506470 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ + * 00506480 82 6C 82 72 20 83 53 83 56 83 62 83 4E 00 00 00 MS ゴシック... + * 00506490 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ + * + * Values of esi: + * + * Name: + * 00504DE4 01 00 00 00 B6 0C 0A 76 02 00 00 00 0D 00 00 00 ...カ..v....... + * 00504DF4 00 00 00 00 00 00 00 00 00 00 00 00 64 00 00 00 ............d... + * 00504E04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ + * 00504E14 82 6C 82 72 20 83 53 83 56 83 62 83 4E 00 00 00 MS ゴシック... + * 00504E24 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ + * 00504E34 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ + * 00504E44 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ + * 00504E54 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ + * 00504E64 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ + * 00504E74 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ + * ... + * 00504F44 7C 78 FF 05 3E 00 00 00 3E 00 00 00 02 00 00 00 |x>...>...... + * 00504F54 3E 00 00 00 02 00 00 00 06 00 00 00 00 00 00 00 >............. + * 00504F64 0C 00 00 00 00 00 00 00 01 00 00 00 31 D9 D3 00 ...........1ルモ. + * 00504F74 00 00 00 00 00 00 00 00 00 00 00 00 00 05 00 00 ............... + * + * 00504DE4 01 00 00 00 35 06 0A 89 02 00 00 00 0D 00 00 00 ...5.・....... + * 00504DF4 00 00 00 00 00 00 00 00 00 00 00 00 64 00 00 00 ............d... + * 00504E04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ + * 00504E14 82 6C 82 72 20 83 53 83 56 83 62 83 4E 00 00 00 MS ゴシック... + * 00504E24 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ + * 00504E34 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ + * 00504E44 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ + * 00504E54 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ + * 00504E64 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ + * 00504E74 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ + * 00504E84 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ + * 00504E94 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ + * 00504EA4 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ + * 00504EB4 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ + * 00504EC4 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ + * 00504ED4 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ + * 00504EE4 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ + * 00504EF4 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ + * 00504F04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ + * 00504F14 FF FF FF FF 01 00 00 00 00 01 00 00 00 01 00 00 ......... + * 00504F24 00 01 00 00 FF FF FF 00 00 00 00 00 00 00 00 00 ............ + * 00504F34 01 00 00 00 01 00 00 00 01 00 00 00 01 00 00 00 ............ + * 00504F44 7C 78 0C 06 3E 00 00 00 3E 00 00 00 02 00 00 00 |x.>...>...... + * 00504F54 3E 00 00 00 02 00 00 00 06 00 00 00 00 00 00 00 >............. + * 00504F64 0C 00 00 00 00 00 00 00 01 00 00 00 C3 46 04 01 ...........テF + * 00504F74 00 00 00 00 00 00 00 00 00 00 00 00 00 05 00 00 ............... + * 00504F84 00 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 ............... + * 00504F94 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ + * + * Scenario: + * 00503778 00 00 00 00 99 12 0A 24 02 00 00 00 18 00 00 00 ....・.$...... + * 00503788 00 00 00 00 00 00 00 00 00 00 00 00 64 00 00 00 ............d... + * 00503798 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ + * 005037A8 82 6C 82 72 20 83 53 83 56 83 62 83 4E 00 00 00 MS ゴシック... + * 005037B8 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ + * ... + * 005038D8 7C 70 0C 06 24 01 00 00 24 01 00 00 17 00 00 00 |p.$..$..... + * 005038E8 24 01 00 00 17 00 00 00 0C 00 00 00 2A 00 00 00 $.........*... + * 005038F8 18 00 00 00 00 00 00 00 01 00 00 00 6D C6 05 01 ..........mニ + * 00503908 00 00 00 00 00 00 00 00 00 00 00 00 18 04 00 00 .............. + * 00503918 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ + * 00503928 0D 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ + * 00503938 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ + * 00503948 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ + * + * 00503778 00 00 00 00 40 12 0A 9A 02 00 00 00 18 00 00 00 ....@.・...... + * 00503788 00 00 00 00 00 00 00 00 00 00 00 00 64 00 00 00 ............d... + * 00503798 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ + * 005037A8 82 6C 82 72 20 83 53 83 56 83 62 83 4E 00 00 00 MS ゴシック... + * 005037B8 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ + * 005037C8 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ + * 005037D8 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ + * 005037E8 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ + * 005037F8 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ + * 00503808 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ + * 00503818 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ + * 00503828 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ + * 00503838 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ + * 00503848 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ + * 00503858 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ + * 00503868 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ + * 00503878 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ + * 00503888 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ + * 00503898 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ + * 005038A8 FF FF FF FF 01 00 00 00 00 01 00 00 00 01 00 00 ......... + * 005038B8 00 01 00 00 FF FF FF 00 00 00 00 00 00 00 00 00 ............ + * 005038C8 01 00 00 00 01 00 00 00 01 00 00 00 01 00 00 00 ............ + * 005038D8 7C 70 0C 06 E4 01 00 00 E4 01 00 00 2C 00 00 00 |p.・..・..,... + * 005038E8 E4 01 00 00 2C 00 00 00 0C 00 00 00 2A 00 00 00 ・..,.......*... + * 005038F8 18 00 00 00 00 00 00 00 01 00 00 00 5A F5 11 01 ..........Z・ + * 00503908 00 00 00 00 00 00 00 00 00 00 00 00 18 04 00 00 .............. + * 00503918 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ + * + * Sample game: あやかしびと (2.34) + * Scenario, value of ebp: + * 0012FD68 B1 69 3F 77 38 51 42 00 29 42 01 73 38 00 00 00 アi?w8QB.)Bs8... + * 0012FD78 BF 01 00 00 F4 7E 4F 00 02 00 00 00 29 42 01 73 ソ..O....)Bs + * 0012FD88 40 00 00 00 40 00 00 00 40 00 00 00 2C E1 71 00 @...@...@...,痃. + * 0012FD98 00 00 00 00 00 00 00 00 38 E1 71 00 38 00 8A 01 ........8痃.8.・ + * 0012FDA8 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ + * 0012FDB8 01 00 00 00 EE BA 92 05 F4 24 72 00 85 E9 40 00 ...鋓・・r.・@. ; jichi: text in 0x0592BAEE + * 0012FDC8 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ + * 0012FDD8 C6 08 42 00 02 00 00 00 01 00 00 00 00 00 00 00 ニB........... + * 0012FDE8 00 00 00 00 88 FF 12 00 00 F0 FD 7F 01 00 00 00 ....・..・... + * 0012FDF8 29 42 01 73 39 F8 B2 90 44 12 0D 64 40 12 0D 64 )Bs9織.d@.d + * 0012FE08 00 00 00 00 78 FF 12 00 00 00 00 00 00 00 00 00 ....x......... + * 0012FE18 00 00 00 00 FC FD 12 00 0D 6B E5 75 78 FF 12 00 ....・..k蛄x. + * 0012FE28 00 00 00 00 E8 3B 29 00 00 00 00 00 01 07 8F 00 ....・).....・ + * 0012FE38 6C FE 12 00 18 67 13 77 F1 31 B1 90 00 00 00 00 l.gw・ア・... + * 0012FE48 E8 3B 29 00 00 00 00 00 00 00 00 00 40 FE 12 00 ・).........@. + * 0012FE58 68 FE 12 00 F1 2F 13 77 FC 2F 13 77 E8 3B 29 00 h.・w・w・). + * 0012FE68 7C FE 12 00 25 47 0B 64 00 00 00 00 00 00 00 00 |.%G d........ + * 0012FE78 CC 3C 29 00 8C FE 12 00 B2 3D 0B 64 CC 3C 29 00 フ<).・.イ= dフ<). + * 0012FE88 E8 3B 29 00 AC FE 12 00 20 5B 0B 64 E8 3B 29 00 ・).ャ. [ d・). + * 0012FE98 00 00 00 00 00 00 00 00 A0 51 50 00 08 80 49 00 ........QP.€I. + * 0012FEA8 00 08 02 00 F8 FE 12 00 9B 28 40 00 EC 3B 29 00 ..・.・@.・). + * 0012FEB8 61 2B 1D 6F A0 D5 CF 11 BF C7 44 45 53 54 00 00 a+oユマソヌDEST.. + * 0012FEC8 01 67 40 00 68 07 8F 00 00 00 40 00 00 00 00 00 g@.h・..@..... + * 0012FED8 00 00 00 00 00 F0 FD 7F 8B 22 35 72 28 00 00 00 .....・・5r(... + * 0012FEE8 EF 7E E7 71 28 00 00 00 33 C4 B1 8D 00 01 00 00 ・輌(...3トア・.. + * + * Name: + * 0635C4D0 96 B3 90 FC 00 00 00 00 00 00 00 00 00 00 00 00 無線............ + * 0635C4E0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ + * 0635C4F0 96 B3 90 FC 00 00 00 00 00 00 00 00 00 00 00 00 無線............ + * 0635C500 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ + * 0635C510 CF 03 07 00 12 70 76 00 12 70 6E 00 12 6E 00 12 マ.pv.pn.n. + * 0635C520 70 6D 00 12 6D 6E 00 12 66 70 00 12 63 00 80 02 pm.mn.fp.c.€ + * 0635C530 06 00 12 70 76 00 12 70 6E 00 12 6E 00 12 70 6D .pv.pn.n.pm + * 0635C540 00 12 6D 6E 00 12 66 70 00 16 03 04 0A 00 00 00 .mn.fp..... + */ + int hookStackIndex_; // hook argument index on the stack + int textOffset_; // distance of the text from the hook argument + bool backtrackText_; // whether backtrack to find text address + void hookafter(hook_stack*s,void* data1, size_t len){ + + std::string newData=std::string((char*)data1,len); + + DWORD argaddr; + if(hookStackIndex_==1) + argaddr = s->esi; + else if(hookStackIndex_==2) + argaddr=s->ebp; + else return ; + auto arg = (HookArgument *)argaddr; + if(Engine::isAddressReadable((argaddr + textOffset_))==false){ + return; + } + LPSTR textAddress = (LPSTR)*(DWORD *)(argaddr + textOffset_), + charAddress = (LPSTR)s->stack[2]; // arg2 of GetTextExtentPoint32A is the current character's address + //charAddress = LPSTR(s->ebp + 0x60c); + if (Engine::isAddressWritable(textAddress)) { + LPSTR text = textAddress; + if (backtrackText_) { + for (int i = 0; i < 1500 && *--text; i++); + if (*text) + return ; + text++; + } + if (!*text) + return ; + if (arg->isTextList(text)) { + if (backtrackText_) // old shinario games have re-translate problems + return ; + return; + arg->dispatchTextList2(text,backtrackText_,newData); + } else + arg->dispatchText2(text, backtrackText_,newData); + if (backtrackText_ && Engine::isAddressWritable(charAddress)) { + if (textAddress - text == 2) { // for wide character + if ((signed char)textAddress[-2] < 0) { + charAddress[0] = textAddress[-2]; + charAddress[1] = textAddress[-1]; + } else { + charAddress[0] = textAddress[-1]; + charAddress[1] = 0; + } + } else if (textAddress - text == 1) { // for thin character + charAddress[0] = textAddress[-1]; + charAddress[1] = 0; + } + } + } + } + void hookBefore(hook_stack *s, HookParam *hp, TextBuffer *buffer, uintptr_t *role) + { + DWORD argaddr; + if(hookStackIndex_==1) + argaddr = s->esi; + else if(hookStackIndex_==2) + argaddr=s->ebp; + else return ; + *role=argaddr; + auto arg = (HookArgument *)argaddr; + if(Engine::isAddressReadable((argaddr + textOffset_))==false){ + buffer->from_cs((LPSTR)s->stack[2]); + return ; + } + LPSTR textAddress = (LPSTR)*(DWORD *)(argaddr + textOffset_), + charAddress = (LPSTR)s->stack[2]; // arg2 of GetTextExtentPoint32A is the current character's address + //charAddress = LPSTR(s->ebp + 0x60c); + if (Engine::isAddressWritable(textAddress)) { + LPSTR text = textAddress; + if (backtrackText_) { + for (int i = 0; i < 1500 && *--text; i++); + if (*text) + return ; + text++; + } + if (!*text) + return ; + + if (arg->isTextList(text)) { + if (backtrackText_) // old shinario games have re-translate problems + return ; + arg->dispatchTextList(text,backtrackText_,buffer,role); + } else + arg->dispatchText(text, backtrackText_,buffer,role); + return ; + if (backtrackText_ && Engine::isAddressWritable(charAddress)) { + if (textAddress - text == 2) { // for wide character + if ((signed char)textAddress[-2] < 0) { + charAddress[0] = textAddress[-2]; + charAddress[1] = textAddress[-1]; + } else { + charAddress[0] = textAddress[-1]; + charAddress[1] = 0; + } + } else if (textAddress - text == 1) { // for thin character + charAddress[0] = textAddress[-1]; + charAddress[1] = 0; + } + } + } + } + +} // namespace Private + +/** + * Sample game: 幻創のイデア (RIO 2.49) + * Text painted by GetGlyphOutlineA. + * Debugged by attaching to GetTextExtentPoint32A. + * There is only one GetTextExtentPoint32A in the game, where only 'Y' (0x59) is calculated. + * Text is in a large memory region that can be modified. + * + * When the text contains new line (_r), the same text will be invoked twice. + * Need to avoid immediate duplicate. + * + * Sample game: Vestige 体験版 (RIO 2.47) + * Text accessed character by character + * + * Scenario caller of get GetTextExtentPoint32A + * 0043372D 05 00010000 ADD EAX,0x100 + * 00433732 66:8B1445 045548>MOV DX,WORD PTR DS:[EAX*2+0x485504] + * 0043373A EB 2D JMP SHORT .00433769 + * 0043373C 33C9 XOR ECX,ECX + * 0043373E 8B8D 60010000 MOV ECX,DWORD PTR SS:[EBP+0x160] + * 00433744 8A09 MOV CL,BYTE PTR DS:[ECX] + * 00433746 80F9 20 CMP CL,0x20 + * 00433749 74 2E JE SHORT .00433779 + * 0043374B 8B85 C0050000 MOV EAX,DWORD PTR SS:[EBP+0x5C0] + * 00433751 81E1 FF000000 AND ECX,0xFF + * 00433757 85C0 TEST EAX,EAX + * 00433759 74 06 JE SHORT .00433761 + * 0043375B 81C1 00010000 ADD ECX,0x100 + * 00433761 66:8B144D 045548>MOV DX,WORD PTR DS:[ECX*2+0x485504] + * 00433769 B8 02000000 MOV EAX,0x2 + * 0043376E 66:8995 0C060000 MOV WORD PTR SS:[EBP+0x60C],DX + * 00433775 894424 58 MOV DWORD PTR SS:[ESP+0x58],EAX + * 00433779 8B4C24 1C MOV ECX,DWORD PTR SS:[ESP+0x1C] + * 0043377D 898D 60010000 MOV DWORD PTR SS:[EBP+0x160],ECX + * 00433783 8B8D 78010000 MOV ECX,DWORD PTR SS:[EBP+0x178] + * 00433789 83F9 FF CMP ECX,-0x1 + * 0043378C 8BB5 68010000 MOV ESI,DWORD PTR SS:[EBP+0x168] + * 00433792 75 3E JNZ SHORT .004337D2 + * 00433794 85DB TEST EBX,EBX + * 00433796 74 3A JE SHORT .004337D2 + * 00433798 8B85 10160000 MOV EAX,DWORD PTR SS:[EBP+0x1610] + * 0043379E 85C0 TEST EAX,EAX + * 004337A0 74 12 JE SHORT .004337B4 + * 004337A2 8B95 14160000 MOV EDX,DWORD PTR SS:[EBP+0x1614] + * 004337A8 894424 2C MOV DWORD PTR SS:[ESP+0x2C],EAX + * 004337AC 895424 30 MOV DWORD PTR SS:[ESP+0x30],EDX + * 004337B0 03F0 ADD ESI,EAX + * 004337B2 EB 36 JMP SHORT .004337EA + * 004337B4 8B4C24 58 MOV ECX,DWORD PTR SS:[ESP+0x58] + * 004337B8 8D4424 2C LEA EAX,DWORD PTR SS:[ESP+0x2C] + * 004337BC 50 PUSH EAX + * 004337BD 51 PUSH ECX + * 004337BE 8D85 0C060000 LEA EAX,DWORD PTR SS:[EBP+0x60C] + * 004337C4 50 PUSH EAX + * 004337C5 53 PUSH EBX + * 004337C6 FF15 A0B04700 CALL DWORD PTR DS:[0x47B0A0] ; gdi32.GetTextExtentPoint32A + * 004337CC 037424 2C ADD ESI,DWORD PTR SS:[ESP+0x2C] + * 004337D0 EB 18 JMP SHORT .004337EA + * 004337D2 83F8 02 CMP EAX,0x2 + * 004337D5 75 06 JNZ SHORT .004337DD + * 004337D7 8B8D 80010000 MOV ECX,DWORD PTR SS:[EBP+0x180] + * 004337DD 8B95 84010000 MOV EDX,DWORD PTR SS:[EBP+0x184] + * 004337E3 0FAFD0 IMUL EDX,EAX + * 004337E6 03F1 ADD ESI,ECX + * 004337E8 03F2 ADD ESI,EDX + * 004337EA 3BB5 9C010000 CMP ESI,DWORD PTR SS:[EBP+0x19C] + * 004337F0 72 68 JB SHORT .0043385A + * 004337F2 8D85 0C060000 LEA EAX,DWORD PTR SS:[EBP+0x60C] + * 004337F8 50 PUSH EAX + * 004337F9 8D85 B8020000 LEA EAX,DWORD PTR SS:[EBP+0x2B8] + * 004337FF 50 PUSH EAX + * 00433800 E8 6D230100 CALL .00445B72 + * 00433805 83C4 08 ADD ESP,0x8 + * 00433808 85C0 TEST EAX,EAX + * 0043380A 74 4E JE SHORT .0043385A + * 0043380C 8B8D 68010000 MOV ECX,DWORD PTR SS:[EBP+0x168] + * 00433812 8B95 6C010000 MOV EDX,DWORD PTR SS:[EBP+0x16C] + * 00433818 8B85 64010000 MOV EAX,DWORD PTR SS:[EBP+0x164] + * 0043381E 8985 68010000 MOV DWORD PTR SS:[EBP+0x168],EAX + * 00433824 8995 74010000 MOV DWORD PTR SS:[EBP+0x174],EDX + * 0043382A 8B95 6C010000 MOV EDX,DWORD PTR SS:[EBP+0x16C] + * 00433830 898D 70010000 MOV DWORD PTR SS:[EBP+0x170],ECX + * 00433836 8B8D 7C010000 MOV ECX,DWORD PTR SS:[EBP+0x17C] + * 0043383C 03D1 ADD EDX,ECX + * 0043383E 8995 6C010000 MOV DWORD PTR SS:[EBP+0x16C],EDX + * 00433844 8B95 A8010000 MOV EDX,DWORD PTR SS:[EBP+0x1A8] + * 0043384A 0195 68010000 ADD DWORD PTR SS:[EBP+0x168],EDX + * 00433850 C785 A4010000 01>MOV DWORD PTR SS:[EBP+0x1A4],0x1 + * 0043385A 8B85 B4010000 MOV EAX,DWORD PTR SS:[EBP+0x1B4] + * 00433860 85C0 TEST EAX,EAX + * 00433862 0F85 F6000000 JNZ .0043395E + * 00433868 8B85 68010000 MOV EAX,DWORD PTR SS:[EBP+0x168] + * 0043386E 3B85 64010000 CMP EAX,DWORD PTR SS:[EBP+0x164] + * 00433874 74 0E JE SHORT .00433884 + * 00433876 8B85 AC010000 MOV EAX,DWORD PTR SS:[EBP+0x1AC] + * 0043387C 85C0 TEST EAX,EAX + * 0043387E 0F84 E4000000 JE .00433968 + * 00433884 8B85 A4010000 MOV EAX,DWORD PTR SS:[EBP+0x1A4] + * 0043388A 85C0 TEST EAX,EAX + * 0043388C 0F84 D6000000 JE .00433968 + * 00433892 8BB5 60010000 MOV ESI,DWORD PTR SS:[EBP+0x160] + * 00433898 8A06 MOV AL,BYTE PTR DS:[ESI] + * 0043389A 3C 81 CMP AL,0x81 + * 0043389C 72 13 JB SHORT .004338B1 + * 0043389E 3C 9F CMP AL,0x9F + * 004338A0 76 08 JBE SHORT .004338AA + * 004338A2 3C E0 CMP AL,0xE0 + * 004338A4 72 0B JB SHORT .004338B1 + * 004338A6 3C FC CMP AL,0xFC + * 004338A8 77 07 JA SHORT .004338B1 + * 004338AA B8 01000000 MOV EAX,0x1 + * 004338AF EB 02 JMP SHORT .004338B3 + * 004338B1 33C0 XOR EAX,EAX + * 004338B3 8D48 01 LEA ECX,DWORD PTR DS:[EAX+0x1] + * 004338B6 8BD1 MOV EDX,ECX + * 004338B8 C1E9 02 SHR ECX,0x2 + * 004338BB C74424 18 000000>MOV DWORD PTR SS:[ESP+0x18],0x0 + * 004338C3 8D7C24 18 LEA EDI,DWORD PTR SS:[ESP+0x18] + * 004338C7 F3:A5 REP MOVS DWORD PTR ES:[EDI],DWORD PTR DS> + * 004338C9 8BCA MOV ECX,EDX + * 004338CB 83E1 03 AND ECX,0x3 + * 004338CE 8D85 0C060000 LEA EAX,DWORD PTR SS:[EBP+0x60C] + * 004338D4 F3:A4 REP MOVS BYTE PTR ES:[EDI],BYTE PTR DS:[> + * 004338D6 50 PUSH EAX + * 004338D7 8DB5 B8030000 LEA ESI,DWORD PTR SS:[EBP+0x3B8] + * 004338DD 56 PUSH ESI + * 004338DE E8 8F220100 CALL .00445B72 + * 004338E3 83C4 08 ADD ESP,0x8 + * 004338E6 85C0 TEST EAX,EAX + * 004338E8 74 2C JE SHORT .00433916 + * 004338EA 8D4424 18 LEA EAX,DWORD PTR SS:[ESP+0x18] + * 004338EE 50 PUSH EAX + * 004338EF 56 PUSH ESI + * 004338F0 E8 7D220100 CALL .00445B72 + * 004338F5 83C4 08 ADD ESP,0x8 + * 004338F8 85C0 TEST EAX,EAX + * 004338FA 75 34 JNZ SHORT .00433930 + * 004338FC 8D4C24 18 LEA ECX,DWORD PTR SS:[ESP+0x18] + * 00433900 51 PUSH ECX + * 00433901 8D95 B8010000 LEA EDX,DWORD PTR SS:[EBP+0x1B8] + * 00433907 52 PUSH EDX + * 00433908 E8 65220100 CALL .00445B72 + * 0043390D 83C4 08 ADD ESP,0x8 + * 00433910 85C0 TEST EAX,EAX + * 00433912 75 3E JNZ SHORT .00433952 + * 00433914 EB 1A JMP SHORT .00433930 + * 00433916 8D85 0C060000 LEA EAX,DWORD PTR SS:[EBP+0x60C] + * 0043391C 50 PUSH EAX + * 0043391D 8D95 B8010000 LEA EDX,DWORD PTR SS:[EBP+0x1B8] + * 00433923 52 PUSH EDX + * 00433924 E8 49220100 CALL .00445B72 + * 00433929 83C4 08 ADD ESP,0x8 + * 0043392C 85C0 TEST EAX,EAX + * 0043392E 74 22 JE SHORT .00433952 + * 00433930 8B85 70010000 MOV EAX,DWORD PTR SS:[EBP+0x170] + * 00433936 8B8D 74010000 MOV ECX,DWORD PTR SS:[EBP+0x174] + * 0043393C 8985 68010000 MOV DWORD PTR SS:[EBP+0x168],EAX + * 00433942 898D 6C010000 MOV DWORD PTR SS:[EBP+0x16C],ECX + * 00433948 C785 B4010000 01>MOV DWORD PTR SS:[EBP+0x1B4],0x1 + * 00433952 C785 AC010000 00>MOV DWORD PTR SS:[EBP+0x1AC],0x0 + * 0043395C EB 0A JMP SHORT .00433968 + * 0043395E C785 B4010000 00>MOV DWORD PTR SS:[EBP+0x1B4],0x0 + * 00433968 85DB TEST EBX,EBX + * 0043396A 0F84 1A070000 JE .0043408A + * 00433970 8B85 10160000 MOV EAX,DWORD PTR SS:[EBP+0x1610] + * 00433976 85C0 TEST EAX,EAX + * 00433978 74 10 JE SHORT .0043398A + * 0043397A 8B95 14160000 MOV EDX,DWORD PTR SS:[EBP+0x1614] + * 00433980 894424 2C MOV DWORD PTR SS:[ESP+0x2C],EAX + * 00433984 895424 30 MOV DWORD PTR SS:[ESP+0x30],EDX + * 00433988 EB 18 JMP SHORT .004339A2 + * 0043398A 8B4C24 58 MOV ECX,DWORD PTR SS:[ESP+0x58] + * 0043398E 8D4424 2C LEA EAX,DWORD PTR SS:[ESP+0x2C] + * 00433992 50 PUSH EAX + * 00433993 51 PUSH ECX + * 00433994 8D85 0C060000 LEA EAX,DWORD PTR SS:[EBP+0x60C] ; jichi: This is the individual character + * 0043399A 50 PUSH EAX + * 0043399B 53 PUSH EBX + * 0043399C FF15 A0B04700 CALL DWORD PTR DS:[0x47B0A0] ; gdi32.GetTextExtentPoint32A ; jichi: called here + * 004339A2 8B85 68010000 MOV EAX,DWORD PTR SS:[EBP+0x168] + * 004339A8 8B5424 2C MOV EDX,DWORD PTR SS:[ESP+0x2C] + * 004339AC 8B8D 6C010000 MOV ECX,DWORD PTR SS:[EBP+0x16C] + * 004339B2 8D3410 LEA ESI,DWORD PTR DS:[EAX+EDX] + * 004339B5 8B5424 30 MOV EDX,DWORD PTR SS:[ESP+0x30] + * 004339B9 8BF9 MOV EDI,ECX + * 004339BB 03CA ADD ECX,EDX + */ +bool attach(int ver) +{ + //if (ver < 247) // currently only >= 2.48 is supported + // return false; + + if (ver >= 248) { + Private::hookStackIndex_ =1;// winhook_stack_indexof(esi); + Private::backtrackText_ = false; + } else { // <= 247 + Private::hookStackIndex_ =2;// winhook_stack_indexof(ebp); + Private::backtrackText_ = true; + } + + if (ver >= 240) + Private::textOffset_ = 0x160; + else + Private::textOffset_ = 0x54; // Sample game: あやかしびと (2.34) + HookParam hp; + hp.address=(ULONG)::GetTextExtentPoint32A; + hp.text_fun=Private::hookBefore; + hp.hook_after=Private::hookafter; + hp.type=EMBED_ABLE|EMBED_DYNA_SJIS|NO_CONTEXT; + hp.newlineseperator=L"_r"; + hp.hook_font=F_GetGlyphOutlineA; + hp.filter_fun=[](void* data, size_t* len, HookParam* hp){ + write_string_overwrite(data,len,std::regex_replace(std::string((char*)data,*len), std::regex("_t!.*?[/>]"), "")); + return true; + }; + return NewHook(hp,"EmbedShario"); +} + +} // namespace ScenarioHook +} // unnamed namespace + +bool ShinaRio::attach_function(){ + int ver = GetShinaRioVersion(); + auto _h=InsertShinaHook(ver); + auto e=ScenarioHook::attach(ver+200); + return _h||e; + +} \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine32/ShinaRio.h b/cpp/LunaHook/LunaHook/engine32/ShinaRio.h new file mode 100644 index 00000000..5e1bea89 --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/ShinaRio.h @@ -0,0 +1,21 @@ + + +class ShinaRio:public ENGINE{ + public: + ShinaRio(){ + + check_by=CHECK_BY::FILE_ANY; + check_by_target=check_by_list{L"RIO.INI",L"*.war"}; + is_engine_certain=false; + //DWORD len = wcslen(str); + + // jichi 8/24/2013: Checking for Rio.ini or $procname.ini + //wcscpy(str+len-4, L"_?.war"); + //if (Util::CheckFile(str)) { + // InsertShinaHook(); + // return true; + //} + }; + bool attach_function(); +}; + \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine32/ShinyDaysGame.cpp b/cpp/LunaHook/LunaHook/engine32/ShinyDaysGame.cpp new file mode 100644 index 00000000..38c86cad --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/ShinyDaysGame.cpp @@ -0,0 +1,58 @@ +#include"ShinyDaysGame.h" + + +/** Game-specific engines */ + +//static char* ShinyDaysQueueString[0x10]; +//static int ShinyDaysQueueStringLen[0x10]; +//static int ShinyDaysQueueIndex, ShinyDaysQueueNext; +static void SpecialGameHookShinyDays(hook_stack *stack, HookParam *hp, TextBuffer *buffer, uintptr_t *split) +{ + static int ShinyDaysQueueStringLen; + LPWSTR fun_str,text_str; + DWORD l = 0; + auto esp_base=stack->base; + fun_str=(LPWSTR)stack->stack[0x13]; + auto esi=stack->stack[0x1C]+0x3C; + auto edi=stack->stack[0x1D]; + if(esi<=edi){ + auto tu=(TextUnionW*)esi; + text_str=(LPWSTR)tu->getText(); + l=tu->size*2; + } + if (::memcmp(fun_str, L"[PlayVoice]",0x18) == 0) { + buffer->from(text_buffer,ShinyDaysQueueStringLen); + } + else if (::memcmp(fun_str, L"[PrintText]",0x18) == 0) { + memcpy(text_buffer, text_str, l); + ShinyDaysQueueStringLen = l; + } +} +bool InsertShinyDaysGameHook() +{ + const BYTE bytes[] = { + 0xff,0x83,0x70,0x03,0x00,0x00,0x33,0xf6, + 0xc6,0x84,0x24,0x90,0x02,0x00,0x00,0x02 + }; + auto addr=MemDbg::findBytes(bytes, sizeof(bytes),processStartAddress,processStopAddress); + if(addr==0)return false; + + HookParam hp; + hp.address = addr + 0x8; + hp.text_fun = SpecialGameHookShinyDays; + hp.type = CODEC_UTF16 | USING_STRING | NO_CONTEXT; + hp.filter_fun=[](LPVOID data, size_t *size, HookParam *){ + auto text = reinterpret_cast(data); + auto len = reinterpret_cast(size); + StringCharReplacer(text,len,L"\\n",2,L'\n'); + return true; + }; + ConsoleOutput("INSERT ShinyDays"); + return NewHook(hp, "ShinyDays"); + +} + +bool ShinyDaysGame::attach_function() { + + return InsertShinyDaysGameHook(); +} \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine32/ShinyDaysGame.h b/cpp/LunaHook/LunaHook/engine32/ShinyDaysGame.h new file mode 100644 index 00000000..cf3e6704 --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/ShinyDaysGame.h @@ -0,0 +1,14 @@ + + +class ShinyDaysGame:public ENGINE{ + public: + ShinyDaysGame(){ + + check_by=CHECK_BY::CUSTOM; + check_by_target=[](){ + return (wcsstr(processName_lower, L"shinydays") || !wcsncmp(processName_lower, L"shinyd~", 7) || Util::CheckFile(L"ShinyDays.exe")); + + }; + }; + bool attach_function(); +}; \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine32/SideB.cpp b/cpp/LunaHook/LunaHook/engine32/SideB.cpp new file mode 100644 index 00000000..a8be1c00 --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/SideB.cpp @@ -0,0 +1,145 @@ +#include"SideB.h" + +/** jichi 8/2/2014 side-B + * Sample games: + * - [side-B] メルトピア -- /HS-4@B4452:Martopia.exe + * + * Observations: + * + * /HS-4@B4452:Martopia.exe + * - addr: 738386 = 0xb4452 + * - module: 3040177000 + * - off: 4294967288 = 0xfffffff8 = -0x8 + * - type: 65 = 0x41 + * + * Sample stack structure: + * - 0016F558 00EB74E9 RETURN to Martopia.00EB74E9 + * - 0016F55C 0060EE30 ; jichi: this is the text + * - 0016F560 0016F5C8 + * - 0016F564 082CAA98 + * - 0016F568 00EBE735 RETURN to Martopia.00EBE735 from Martopia.00EB74C0 + * + * 00f6440e cc int3 + * 00f6440f cc int3 + * 00f64410 55 push ebp ; jichi: hook here, text in arg1 ([EncodeSystemPointer(+4]) + * 00f64411 8bec mov ebp,esp + * 00f64413 6a ff push -0x1 + * 00f64415 68 c025fb00 push martopia.00fb25c0 + * 00f6441a 64:a1 00000000 mov eax,dword ptr fs:[0] + * 00f64420 50 push eax + * 00f64421 83ec 3c sub esp,0x3c + * 00f64424 a1 c8620101 mov eax,dword ptr ds:[0x10162c8] + * 00f64429 33c5 xor eax,ebp + * 00f6442b 8945 f0 mov dword ptr ss:[ebp-0x10],eax + * 00f6442e 53 push ebx + * 00f6442f 56 push esi + * 00f64430 57 push edi + * 00f64431 50 push eax + * 00f64432 8d45 f4 lea eax,dword ptr ss:[ebp-0xc] + * 00f64435 64:a3 00000000 mov dword ptr fs:[0],eax + * 00f6443b 8bf9 mov edi,ecx + * 00f6443d 8b4d 08 mov ecx,dword ptr ss:[ebp+0x8] + * 00f64440 33db xor ebx,ebx + * 00f64442 3bcb cmp ecx,ebx + * 00f64444 74 40 je short martopia.00f64486 + * 00f64446 8bc1 mov eax,ecx + * 00f64448 c745 e8 0f000000 mov dword ptr ss:[ebp-0x18],0xf + * 00f6444f 895d e4 mov dword ptr ss:[ebp-0x1c],ebx + * 00f64452 885d d4 mov byte ptr ss:[ebp-0x2c],bl ; jichi: or hook here, get text in eax + * 00f64455 8d70 01 lea esi,dword ptr ds:[eax+0x1] + * 00f64458 8a10 mov dl,byte ptr ds:[eax] + * 00f6445a 40 inc eax + * 00f6445b 3ad3 cmp dl,bl + * 00f6445d ^75 f9 jnz short martopia.00f64458 + * 00f6445f 2bc6 sub eax,esi + * 00f64461 50 push eax + * 00f64462 51 push ecx + * 00f64463 8d4d d4 lea ecx,dword ptr ss:[ebp-0x2c] + * 00f64466 e8 f543f5ff call martopia.00eb8860 + * 00f6446b 8d45 d4 lea eax,dword ptr ss:[ebp-0x2c] + * 00f6446e 50 push eax + * 00f6446f 8d4f 3c lea ecx,dword ptr ds:[edi+0x3c] + * 00f64472 895d fc mov dword ptr ss:[ebp-0x4],ebx + * 00f64475 e8 16d7f8ff call martopia.00ef1b90 + * 00f6447a 837d e8 10 cmp dword ptr ss:[ebp-0x18],0x10 + * 00f6447e 72 47 jb short martopia.00f644c7 + * 00f64480 8b4d d4 mov ecx,dword ptr ss:[ebp-0x2c] + * 00f64483 51 push ecx + * 00f64484 eb 38 jmp short martopia.00f644be + * 00f64486 53 push ebx + * 00f64487 68 a11efd00 push martopia.00fd1ea1 + * 00f6448c 8d4d b8 lea ecx,dword ptr ss:[ebp-0x48] + * 00f6448f c745 cc 0f000000 mov dword ptr ss:[ebp-0x34],0xf + * 00f64496 895d c8 mov dword ptr ss:[ebp-0x38],ebx + * 00f64499 885d b8 mov byte ptr ss:[ebp-0x48],bl + * 00f6449c e8 bf43f5ff call martopia.00eb8860 + * 00f644a1 8d55 b8 lea edx,dword ptr ss:[ebp-0x48] + * 00f644a4 52 push edx + * 00f644a5 8d4f 3c lea ecx,dword ptr ds:[edi+0x3c] + * 00f644a8 c745 fc 01000000 mov dword ptr ss:[ebp-0x4],0x1 + * 00f644af e8 dcd6f8ff call martopia.00ef1b90 + * 00f644b4 837d cc 10 cmp dword ptr ss:[ebp-0x34],0x10 + * 00f644b8 72 0d jb short martopia.00f644c7 + * 00f644ba 8b45 b8 mov eax,dword ptr ss:[ebp-0x48] + * 00f644bd 50 push eax + * 00f644be ff15 f891fc00 call dword ptr ds:[<&msvcr100.??3@yaxpax>; msvcr100.??3@yaxpax@z + * 00f644c4 83c4 04 add esp,0x4 + * 00f644c7 8b4d f4 mov ecx,dword ptr ss:[ebp-0xc] + * 00f644ca 64:890d 00000000 mov dword ptr fs:[0],ecx + * 00f644d1 59 pop ecx + * 00f644d2 5f pop edi + * 00f644d3 5e pop esi + * 00f644d4 5b pop ebx + * 00f644d5 8b4d f0 mov ecx,dword ptr ss:[ebp-0x10] + * 00f644d8 33cd xor ecx,ebp + * 00f644da e8 77510400 call martopia.00fa9656 + * 00f644df 8be5 mov esp,ebp + * 00f644e1 5d pop ebp + * 00f644e2 c2 0400 retn 0x4 + * 00f644e5 cc int3 + * 00f644e6 cc int3 + */ +bool InsertSideBHook() +{ + const BYTE bytes[] = { + 0x64,0xa3, 0x00,0x00,0x00,0x00, // 00f64435 64:a3 00000000 mov dword ptr fs:[0],eax + 0x8b,0xf9, // 00f6443b 8bf9 mov edi,ecx + 0x8b,0x4d, 0x08, // 00f6443d 8b4d 08 mov ecx,dword ptr ss:[ebp+0x8] + 0x33,0xdb, // 00f64440 33db xor ebx,ebx + 0x3b,0xcb, // 00f64442 3bcb cmp ecx,ebx + 0x74, 0x40, // 00f64444 74 40 je short martopia.00f64486 + 0x8b,0xc1, // 00f64446 8bc1 mov eax,ecx + 0xc7,0x45, 0xe8, 0x0f,0x00,0x00,0x00, // 00f64448 c745 e8 0f000000 mov dword ptr ss:[ebp-0x18],0xf + 0x89,0x5d, 0xe4, // 00f6444f 895d e4 mov dword ptr ss:[ebp-0x1c],ebx + 0x88,0x5d, 0xd4 // 00f64452 885d d4 mov byte ptr ss:[ebp-0x2c],bl + }; + enum { addr_offset = 0x00f64410 - 0x00f64435 }; // distance to the beginning of the function + ULONG range = min(processStopAddress - processStartAddress, MAX_REL_ADDR); + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStartAddress + range); + //GROWL_DWORD(addr); // supposed to be 0x4010e0 + if (!addr) { + ConsoleOutput("SideB: pattern not found"); + return false; + } + addr += addr_offset; + enum : BYTE { push_ebp = 0x55 }; // 011d4c80 /$ 55 push ebp + if (*(BYTE *)addr != push_ebp) { + ConsoleOutput("SideB: pattern found but the function offset is invalid"); + return false; + } + //GROWL_DWORD(addr); + + HookParam hp; + hp.address = addr; + //hp.length_offset = 1; + hp.offset=get_stack(1); // [esp+4] == arg1 + hp.type = USING_STRING|NO_CONTEXT|USING_SPLIT; // NO_CONTEXT && RELATIVE_SPLIT to get rid of floating return address + hp.split = 0; // use retaddr as split + ConsoleOutput("INSERT SideB"); + return NewHook(hp, "SideB"); +} + +bool SideB::attach_function() { + + return InsertSideBHook(); +} \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine32/SideB.h b/cpp/LunaHook/LunaHook/engine32/SideB.h new file mode 100644 index 00000000..0867dfbb --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/SideB.h @@ -0,0 +1,13 @@ + + +class SideB:public ENGINE{ + public: + SideB(){ + + check_by=CHECK_BY::RESOURCE_STR; + check_by_target=L"side-B"; + // // 8/2/2014 jichi: Copyright is side-B, a conf.dat will be generated after the game is launched + // It also contains lua5.1.dll and lua5.dll + }; + bool attach_function(); +}; diff --git a/cpp/LunaHook/LunaHook/engine32/Siglus.cpp b/cpp/LunaHook/LunaHook/engine32/Siglus.cpp new file mode 100644 index 00000000..5b5332bc --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/Siglus.cpp @@ -0,0 +1,1895 @@ +#include "Siglus.h" +namespace +{ // unnamed + + /** + * jichi 8/17/2013: SiglusEngine from siglusengine.exe + * The old hook does not work for new games. + * The new hook cannot recognize character names. + * Insert old first. As the pattern could also be found in the old engine. + */ + + /** jichi 10/25/2014: new SiglusEngine3 that can extract character name + * + * Sample game: リア兂�ラスメイト孕ませ催� -- /HW-4@F67DC:SiglusEngine.exe + * The character is in [edx+ecx*2]. Text in edx, and offset in ecx. + * + * 002667be cc int3 + * 002667bf cc int3 + * 002667c0 55 push ebp ; jichi: hook here + * 002667c1 8bec mov ebp,esp + * 002667c3 8bd1 mov edx,ecx + * 002667c5 8b4d 0c mov ecx,dword ptr ss:[ebp+0xc] + * 002667c8 83f9 01 cmp ecx,0x1 + * 002667cb 75 17 jnz short .002667e4 + * 002667cd 837a 14 08 cmp dword ptr ds:[edx+0x14],0x8 + * 002667d1 72 02 jb short .002667d5 + * 002667d3 8b12 mov edx,dword ptr ds:[edx] + * 002667d5 8b4d 08 mov ecx,dword ptr ss:[ebp+0x8] + * 002667d8 66:8b45 10 mov ax,word ptr ss:[ebp+0x10] + * 002667dc 66:89044a mov word ptr ds:[edx+ecx*2],ax ; jichi: wchar_t is in ax + * 002667e0 5d pop ebp + * 002667e1 c2 0c00 retn 0xc + * 002667e4 837a 14 08 cmp dword ptr ds:[edx+0x14],0x8 + * 002667e8 72 02 jb short .002667ec + * 002667ea 8b12 mov edx,dword ptr ds:[edx] + * 002667ec 8b45 08 mov eax,dword ptr ss:[ebp+0x8] + * 002667ef 57 push edi + * 002667f0 8d3c42 lea edi,dword ptr ds:[edx+eax*2] + * 002667f3 85c9 test ecx,ecx + * 002667f5 74 16 je short .0026680d + * 002667f7 8b45 10 mov eax,dword ptr ss:[ebp+0x10] + * 002667fa 0fb7d0 movzx edx,ax + * 002667fd 8bc2 mov eax,edx + * 002667ff c1e2 10 shl edx,0x10 + * 00266802 0bc2 or eax,edx + * 00266804 d1e9 shr ecx,1 + * 00266806 f3:ab rep stos dword ptr es:[edi] + * 00266808 13c9 adc ecx,ecx + * 0026680a 66:f3:ab rep stos word ptr es:[edi] + * 0026680d 5f pop edi + * 0026680e 5d pop ebp + * 0026680f c2 0c00 retn 0xc + * 00266812 cc int3 + * 00266813 cc int3 + * + * Stack when enter function call: + * 04cee270 00266870 return to .00266870 from .002667c0 + * 04cee274 00000002 jichi: arg1, ecx + * 04cee278 00000001 jichi: arg2, always 1 + * 04cee27c 000050ac jichi: arg3, wchar_t + * 04cee280 04cee4fc jichi: text address + * 04cee284 0ead055c arg5 + * 04cee288 0ead0568 arg6, last text when arg6 = arg5 = 2 + * 04cee28c /04cee2c0 + * 04cee290 |00266969 return to .00266969 from .00266820 + * 04cee294 |00000001 + * 04cee298 |000050ac + * 04cee29c |e1466fb2 + * 04cee2a0 |072f45f0 + * + * Target address (edx) is at [[ecx]] when enter function. + */ + + // jichi: 8/17/2013: Change return type to bool + bool InsertSiglus3Hook() + { + const BYTE bytes[] = { + 0x8b, 0x12, // 002667d3 8b12 mov edx,dword ptr ds:[edx] + 0x8b, 0x4d, 0x08, // 002667d5 8b4d 08 mov ecx,dword ptr ss:[ebp+0x8] + 0x66, 0x8b, 0x45, 0x10, // 002667d8 66:8b45 10 mov ax,word ptr ss:[ebp+0x10] + 0x66, 0x89, 0x04, 0x4a // 002667dc 66:89044a mov word ptr ds:[edx+ecx*2],ax ; jichi: wchar_t in ax + // 002667e0 5d pop ebp + // 002667e1 c2 0c00 retn 0xc + }; + enum + { + addr_offset = sizeof(bytes) - 4 + }; + ULONG range = max(processStopAddress - processStartAddress, MAX_REL_ADDR); + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStartAddress + range); + if (!addr) + { + // ConsoleOutput("Unknown SiglusEngine"); + ConsoleOutput("Siglus3: pattern not found"); + return false; + } + + // addr = MemDbg::findEnclosingAlignedFunction(addr, 50); // 0x002667dc - 0x002667c0 = 28 + // if (!addr) { + // ConsoleOutput("Siglus3: enclosing function not found"); + // return false; + // } + + HookParam hp; + hp.address = addr + addr_offset; + hp.offset = get_reg(regs::eax); + hp.type = CODEC_UTF16; + // hp.text_fun = SpecialHookSiglus3; + + ConsoleOutput("INSERT Siglus3"); + return NewHook(hp, "SiglusEngine3"); + } + + /** SiglusEngine4 5/23/2015 + * Sample game: AngleBeats trial + * Alternative ATcode from EGDB: + * UNIKOFILTER(30),FORCEFONT(5),HOOK(SiglusEngine.exe!0x0018CF39,TRANS(EAX,UNICODE,SMSTR,ADDNULL),RETNPOS(SOURCE)) + * Text address is [eax] + * + * 0042CEFD CC INT3 + * 0042CEFE CC INT3 + * 0042CEFF CC INT3 + * 0042CF00 55 PUSH EBP + * 0042CF01 8BEC MOV EBP,ESP + * 0042CF03 51 PUSH ECX + * 0042CF04 A1 005E8A00 MOV EAX,DWORD PTR DS:[0x8A5E00] + * 0042CF09 53 PUSH EBX + * 0042CF0A 56 PUSH ESI + * 0042CF0B 57 PUSH EDI + * 0042CF0C 8B40 10 MOV EAX,DWORD PTR DS:[EAX+0x10] + * 0042CF0F 8BF9 MOV EDI,ECX + * 0042CF11 33C9 XOR ECX,ECX + * 0042CF13 C745 FC 00000000 MOV DWORD PTR SS:[EBP-0x4],0x0 + * 0042CF1A 6A FF PUSH -0x1 + * 0042CF1C 51 PUSH ECX + * 0042CF1D 83E8 18 SUB EAX,0x18 + * 0042CF20 C747 14 07000000 MOV DWORD PTR DS:[EDI+0x14],0x7 + * 0042CF27 C747 10 00000000 MOV DWORD PTR DS:[EDI+0x10],0x0 + * 0042CF2E 66:890F MOV WORD PTR DS:[EDI],CX + * 0042CF31 8BCF MOV ECX,EDI + * 0042CF33 50 PUSH EAX + * 0042CF34 E8 E725F6FF CALL .0038F520 + * 0042CF39 8B1D 005E8A00 MOV EBX,DWORD PTR DS:[0x8A5E00] ; jichi: ATcode hooked here, text sometimes in eax sometimes address in eax, size in [eax+0x16] + * 0042CF3F 8B73 10 MOV ESI,DWORD PTR DS:[EBX+0x10] + * 0042CF42 837E FC 08 CMP DWORD PTR DS:[ESI-0x4],0x8 + * 0042CF46 72 0B JB SHORT .0042CF53 + * 0042CF48 FF76 E8 PUSH DWORD PTR DS:[ESI-0x18] + * 0042CF4B E8 EA131300 CALL .0055E33A + * 0042CF50 83C4 04 ADD ESP,0x4 + * 0042CF53 33C0 XOR EAX,EAX + * 0042CF55 C746 FC 07000000 MOV DWORD PTR DS:[ESI-0x4],0x7 + * 0042CF5C C746 F8 00000000 MOV DWORD PTR DS:[ESI-0x8],0x0 + * 0042CF63 66:8946 E8 MOV WORD PTR DS:[ESI-0x18],AX + * 0042CF67 8BC7 MOV EAX,EDI + * 0042CF69 8343 10 E8 ADD DWORD PTR DS:[EBX+0x10],-0x18 + * 0042CF6D 5F POP EDI + * 0042CF6E 5E POP ESI + * 0042CF6F 5B POP EBX + * 0042CF70 8BE5 MOV ESP,EBP + * 0042CF72 5D POP EBP + * 0042CF73 C3 RETN + * 0042CF74 CC INT3 + * 0042CF75 CC INT3 + * 0042CF76 CC INT3 + * 0042CF77 CC INT3 + */ + bool Siglus4Filter(LPVOID data, size_t *size, HookParam *) + { + auto text = reinterpret_cast(data); + auto len = reinterpret_cast(size); + // Remove "NNLI" + // if (*len > 2 && ::all_ascii(text)) + // return false; + // if (*len == 2 && *text == L'N') + // return false; + StringFilter(text, len, L"NLI", 3); + // Replace 『�(300e, 300f) with 「�(300c,300d) + // CharReplacer(text, len, 0x300e, 0x300c); + // CharReplacer(text, len, 0x300f, 0x300d); + return true; + } + void SpecialHookSiglus4(hook_stack *stack, HookParam *hp, TextBuffer *buffer, uintptr_t *split) + { + // static uint64_t lastTextHash_; + DWORD eax = stack->eax; // text + if (!eax || !*(const BYTE *)eax) // empty data + return; + DWORD size = *(DWORD *)(eax + 0x10); + if (!size) + return; + DWORD data; + if (size < 8) + data = eax; + else + data = *(DWORD *)eax; + + // Skip all ascii characters + if (all_ascii((LPCWSTR) data)) + return; + + // Avoid duplication + // LPCWSTR text = (LPCWSTR)*data; + // auto hash = hashstr(text); + // if (hash == lastTextHash_) + // return; + // lastTextHash_ = hash; + + buffer->from(data, size * 2);// UTF-16 + DWORD s0 = stack->retaddr; // use stack[0] as split + if (s0 <= 0xff) // scenario text + *split = FIXED_SPLIT_VALUE; + else if (::IsBadReadPtr((LPCVOID)s0, 4)) + *split = s0; + else + { + *split = *(DWORD *)s0; // This value is runtime dependent + if (*split == 0x54) + *split = FIXED_SPLIT_VALUE * 2; + } + *split += stack->stack[1]; // plus stack[1] as split + } + bool InsertSiglus4Hook() + { + const BYTE bytes[] = { + 0xc7, 0x47, 0x14, 0x07, 0x00, 0x00, 0x00, // 0042cf20 c747 14 07000000 mov dword ptr ds:[edi+0x14],0x7 + 0xc7, 0x47, 0x10, 0x00, 0x00, 0x00, 0x00, // 0042cf27 c747 10 00000000 mov dword ptr ds:[edi+0x10],0x0 + 0x66, 0x89, 0x0f, // 0042cf2e 66:890f mov word ptr ds:[edi],cx + 0x8b, 0xcf, // 0042cf31 8bcf mov ecx,edi + 0x50, // 0042cf33 50 push eax + 0xe8 // XX4 // 0042cf34 e8 e725f6ff call .0038f520 + // hook here + }; + enum + { + addr_offset = sizeof(bytes) + 4 + }; // +4 for the call address + ULONG range = max(processStopAddress - processStartAddress, MAX_REL_ADDR); + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStartAddress + range); + // ULONG addr = processStartAddress + 0x0018cf39; + if (!addr) + { + // ConsoleOutput("Unknown SiglusEngine"); + ConsoleOutput("Siglus4: pattern not found"); + return false; + } + + // addr = MemDbg::findEnclosingAlignedFunction(addr, 50); // 0x002667dc - 0x002667c0 = 28 + // if (!addr) { + // ConsoleOutput("Siglus3: enclosing function not found"); + // return false; + // } + + HookParam hp; + hp.address = addr + addr_offset; + hp.type = NO_CONTEXT | CODEC_UTF16; + hp.text_fun = SpecialHookSiglus4; + hp.filter_fun = Siglus4Filter; + // hp.offset=get_reg(regs::eax); + // hp.type = CODEC_UTF16|DATA_INDIRECT|USING_SPLIT|NO_CONTEXT; + // hp.type = CODEC_UTF16|USING_SPLIT|NO_CONTEXT; + + ConsoleOutput("INSERT Siglus4"); + return NewHook(hp, "SiglusEngine4"); + } + +#if 0 // not all text can be extracted +/** jichi: 6/16/2015 Siglus4Engine for Frill games + * Sample game: 冺�少女 + * + * This function is found by tracking where the text length is modified + * + * Base address: 0x070000 + * + * 0020F51B CC INT3 + * 0020F51C CC INT3 + * 0020F51D CC INT3 + * 0020F51E CC INT3 + * 0020F51F CC INT3 + * 0020F520 55 PUSH EBP ; jichi: memory address in [arg1+0x4], text length in arg1 + * 0020F521 8BEC MOV EBP,ESP + * 0020F523 6A FF PUSH -0x1 + * 0020F525 68 889B5900 PUSH .00599B88 + * 0020F52A 64:A1 00000000 MOV EAX,DWORD PTR FS:[0] + * 0020F530 50 PUSH EAX + * 0020F531 83EC 1C SUB ESP,0x1C + * 0020F534 53 PUSH EBX + * 0020F535 56 PUSH ESI + * 0020F536 57 PUSH EDI + * 0020F537 A1 E0946500 MOV EAX,DWORD PTR DS:[0x6594E0] + * 0020F53C 33C5 XOR EAX,EBP + * 0020F53E 50 PUSH EAX + * 0020F53F 8D45 F4 LEA EAX,DWORD PTR SS:[EBP-0xC] + * 0020F542 64:A3 00000000 MOV DWORD PTR FS:[0],EAX + * 0020F548 8BD1 MOV EDX,ECX + * 0020F54A 8955 F0 MOV DWORD PTR SS:[EBP-0x10],EDX + * 0020F54D 8B45 0C MOV EAX,DWORD PTR SS:[EBP+0xC] + * 0020F550 8B5D 10 MOV EBX,DWORD PTR SS:[EBP+0x10] + * 0020F553 3BC3 CMP EAX,EBX + * 0020F555 0F8D DF000000 JGE .0020F63A + * 0020F55B 8B75 08 MOV ESI,DWORD PTR SS:[EBP+0x8] + * 0020F55E 8D0C40 LEA ECX,DWORD PTR DS:[EAX+EAX*2] + * 0020F561 C1E1 03 SHL ECX,0x3 + * 0020F564 2BD8 SUB EBX,EAX + * 0020F566 894D 0C MOV DWORD PTR SS:[EBP+0xC],ECX + * 0020F569 8DA424 00000000 LEA ESP,DWORD PTR SS:[ESP] + * 0020F570 8B82 A4000000 MOV EAX,DWORD PTR DS:[EDX+0xA4] + * 0020F576 03C1 ADD EAX,ECX + * 0020F578 C745 EC 07000000 MOV DWORD PTR SS:[EBP-0x14],0x7 + * 0020F57F 33C9 XOR ECX,ECX + * 0020F581 C745 E8 00000000 MOV DWORD PTR SS:[EBP-0x18],0x0 + * 0020F588 6A FF PUSH -0x1 + * 0020F58A 51 PUSH ECX + * 0020F58B 66:894D D8 MOV WORD PTR SS:[EBP-0x28],CX + * 0020F58F 8D4D D8 LEA ECX,DWORD PTR SS:[EBP-0x28] + * 0020F592 50 PUSH EAX + * 0020F593 E8 68EFF4FF CALL .0015E500 + * 0020F598 C745 FC 00000000 MOV DWORD PTR SS:[EBP-0x4],0x0 + * 0020F59F 8BCE MOV ECX,ESI + * 0020F5A1 8B46 0C MOV EAX,DWORD PTR DS:[ESI+0xC] + * 0020F5A4 8B7D E8 MOV EDI,DWORD PTR SS:[EBP-0x18] + * 0020F5A7 83C0 04 ADD EAX,0x4 + * 0020F5AA 50 PUSH EAX + * 0020F5AB E8 209DF5FF CALL .001692D0 + * 0020F5B0 8B0E MOV ECX,DWORD PTR DS:[ESI] + * 0020F5B2 8D55 D8 LEA EDX,DWORD PTR SS:[EBP-0x28] + * 0020F5B5 33C0 XOR EAX,EAX + * 0020F5B7 3B4E 04 CMP ECX,DWORD PTR DS:[ESI+0x4] + * 0020F5BA 0F44C8 CMOVE ECX,EAX + * 0020F5BD 8B46 0C MOV EAX,DWORD PTR DS:[ESI+0xC] + * 0020F5C0 893C01 MOV DWORD PTR DS:[ECX+EAX],EDI ; jichi: text length modified here + * 0020F5C3 8B45 E8 MOV EAX,DWORD PTR SS:[EBP-0x18] + * 0020F5C6 8346 0C 04 ADD DWORD PTR DS:[ESI+0xC],0x4 + * 0020F5CA 8B4D D8 MOV ECX,DWORD PTR SS:[EBP-0x28] + * 0020F5CD 8D3C00 LEA EDI,DWORD PTR DS:[EAX+EAX] + * 0020F5D0 8B45 EC MOV EAX,DWORD PTR SS:[EBP-0x14] + * 0020F5D3 83F8 08 CMP EAX,0x8 + * 0020F5D6 0F43D1 CMOVNB EDX,ECX + * 0020F5D9 8955 10 MOV DWORD PTR SS:[EBP+0x10],EDX + * 0020F5DC 85FF TEST EDI,EDI + * 0020F5DE 7E 32 JLE SHORT .0020F612 + * 0020F5E0 8B46 0C MOV EAX,DWORD PTR DS:[ESI+0xC] + * 0020F5E3 8BCE MOV ECX,ESI + * 0020F5E5 03C7 ADD EAX,EDI + * 0020F5E7 50 PUSH EAX + * 0020F5E8 E8 E39CF5FF CALL .001692D0 + * 0020F5ED 8B0E MOV ECX,DWORD PTR DS:[ESI] + * 0020F5EF 33C0 XOR EAX,EAX + * 0020F5F1 3B4E 04 CMP ECX,DWORD PTR DS:[ESI+0x4] + * 0020F5F4 57 PUSH EDI + * 0020F5F5 FF75 10 PUSH DWORD PTR SS:[EBP+0x10] + * 0020F5F8 0F44C8 CMOVE ECX,EAX + * 0020F5FB 8B46 0C MOV EAX,DWORD PTR DS:[ESI+0xC] + * 0020F5FE 03C1 ADD EAX,ECX + * 0020F600 50 PUSH EAX + * 0020F601 E8 EA1B1200 CALL .003311F0 + * 0020F606 8B45 EC MOV EAX,DWORD PTR SS:[EBP-0x14] + * 0020F609 83C4 0C ADD ESP,0xC + * 0020F60C 017E 0C ADD DWORD PTR DS:[ESI+0xC],EDI + * 0020F60F 8B4D D8 MOV ECX,DWORD PTR SS:[EBP-0x28] + * 0020F612 C745 FC FFFFFFFF MOV DWORD PTR SS:[EBP-0x4],-0x1 + * 0020F619 83F8 08 CMP EAX,0x8 + * 0020F61C 72 09 JB SHORT .0020F627 + * 0020F61E 51 PUSH ECX + * 0020F61F E8 A6DC1100 CALL .0032D2CA + * 0020F624 83C4 04 ADD ESP,0x4 + * 0020F627 8B4D 0C MOV ECX,DWORD PTR SS:[EBP+0xC] + * 0020F62A 8B55 F0 MOV EDX,DWORD PTR SS:[EBP-0x10] + * 0020F62D 83C1 18 ADD ECX,0x18 + * 0020F630 894D 0C MOV DWORD PTR SS:[EBP+0xC],ECX + * 0020F633 4B DEC EBX + * 0020F634 ^0F85 36FFFFFF JNZ .0020F570 + * 0020F63A 8B4D F4 MOV ECX,DWORD PTR SS:[EBP-0xC] + * 0020F63D 64:890D 00000000 MOV DWORD PTR FS:[0],ECX + * 0020F644 59 POP ECX + * 0020F645 5F POP EDI + * 0020F646 5E POP ESI + * 0020F647 5B POP EBX + * 0020F648 8BE5 MOV ESP,EBP + * 0020F64A 5D POP EBP + * 0020F64B C2 0C00 RETN 0xC + * 0020F64E CC INT3 + * 0020F64F CC INT3 + */ +void SpecialHookSiglus4(hook_stack* stack, HookParam *hp, uintptr_t *data, uintptr_t *split, size_t*len) +{ + static uint64_t lastTextHash_; + DWORD arg1 = argof(1, esp_base); // arg1 + DWORD addr = *(DWORD *)(arg1 + 4); + int size = *(DWORD *)addr; + if (size <= 0 || size > VNR_TEXT_CAPACITY) + return; + auto text = LPWSTR(addr + 4); + if (!text || ::IsBadWritePtr(text, size * 2) || !*text || ::wcslen(text) != size || lastTextHash_ == hashstr(text)) // || text[size+1], skip if text's size + 1 is not empty + return; + lastTextHash_ = hashstr(text); // skip last repetition + *len = size * 2; + *data = (DWORD)text; + *split = argof(3, esp_base); // arg3 +} +bool InsertSiglus4Hook() +{ + ULONG processStartAddress, processStopAddress; + if (!FillRange(processName,&startAddress, &stopAddress)) { // need accurate stopAddress + ConsoleOutput("Siglus4: failed to get memory range"); + return false; + } + const BYTE bytes[] = { + 0x8b,0x75, 0x08, // 0020f55b 8b75 08 mov esi,dword ptr ss:[ebp+0x8] + 0x8d,0x0c,0x40, // 0020f55e 8d0c40 lea ecx,dword ptr ds:[eax+eax*2] + 0xc1,0xe1, 0x03, // 0020f561 c1e1 03 shl ecx,0x3 + 0x2b,0xd8, // 0020f564 2bd8 sub ebx,eax + 0x89,0x4d, 0x0c // 0020f566 894d 0c mov dword ptr ss:[ebp+0xc],ecx + + // The following pattern is not unique, there are at least four matches + // // 0020f5b7 3b4e 04 cmp ecx,dword ptr ds:[esi+0x4] + // // 0020f5ba 0f44c8 cmove ecx,eax + //0x8b,0x46, 0x0c, // 0020f5bd 8b46 0c mov eax,dword ptr ds:[esi+0xc] + //0x89,0x3c,0x01, // 0020f5c0 893c01 mov dword ptr ds:[ecx+eax],edi ; jichi: text length modified here + //0x8b,0x45, 0xe8, // 0020f5c3 8b45 e8 mov eax,dword ptr ss:[ebp-0x18] + //0x83,0x46, 0x0c, 0x04, // 0020f5c6 8346 0c 04 add dword ptr ds:[esi+0xc],0x4 + //0x8b,0x4d, 0xd8, // 0020f5ca 8b4d d8 mov ecx,dword ptr ss:[ebp-0x28] + //0x8d,0x3c,0x00 // 0020f5cd 8d3c00 lea edi,dword ptr ds:[eax+eax] + // // 0020f5d0 8b45 ec mov eax,dword ptr ss:[ebp-0x14] + }; + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStopAddress); + if (!addr) { + //ConsoleOutput("Unknown SiglusEngine"); + ConsoleOutput("Siglus4: pattern not found"); + return false; + } + addr = MemDbg::findEnclosingAlignedFunction(addr, 0x100); // 0x0020f55b - 0x0020F520 = 59 + if (!addr) { + ConsoleOutput("Siglus4: enclosing function not found"); + return false; + } + + //addr += 0x0020f64b - 0x0020f520; // hook to ret instead + + HookParam hp; + hp.address = addr; + //hp.type = CODEC_UTF16; + hp.type = NO_CONTEXT; + hp.text_fun = SpecialHookSiglus4; + hp.filter_fun = Siglus4Filter; // remove NLI from the game + + //GROWL_DWORD(addr); + + ConsoleOutput("INSERT Siglus4"); + NewHook(hp, "SiglusEngine4"); + + ConsoleOutput("Siglus4: disable GDI hooks"); + + return true; +} +#endif // 0 + + /** + * jichi 8/16/2013: Insert new siglus hook + * See (CaoNiMaGeBi): http://tieba.baidu.com/p/2531786952 + * Issue: floating text + * Example: + * 0153588b9534fdffff8b43583bd7 + * 0153 58 add dword ptr ds:[ebx+58],edx + * 8b95 34fdffff mov edx,dword ptr ss:[ebp-2cc] + * 8b43 58 mov eax,dword ptr ds:[ebx+58] + * 3bd7 cmp edx,edi ; hook here + * + * /HW-1C@D9DB2:SiglusEngine.exe + * - addr: 892338 (0xd9db2) + * - text_fun: 0x0 + * - function: 0 + * - hook_len: 0 + * - ind: 0 + * - length_offset: 1 + * - module: 356004490 (0x1538328a) + * - off: 4294967264 (0xffffffe0L, 0x-20) + * - recover_len: 0 + * - split: 0 + * - split_ind: 0 + * - type: 66 (0x42) + * + * 10/19/2014: There are currently two patterns to find the function to render scenario text. + * In the future, if both of them do not work again, try the following pattern instead. + * It is used to infer SiglusEngine2's logic in vnragent. + * + * 01140f8d 56 push esi + * 01140f8e 8d8b 0c010000 lea ecx,dword ptr ds:[ebx+0x10c] + * 01140f94 e8 67acfcff call .0110bc00 + * 01140f99 837f 14 08 cmp dword ptr ds:[edi+0x14],0x8 + * 01140f9d 72 04 jb short .01140fa3 + * 01140f9f 8b37 mov esi,dword ptr ds:[edi] + * 01140fa1 eb 02 jmp short .01140fa5 + * + * Type1 (聖娼女): + * + * 013aac6c cc int3 + * 013aac6d cc int3 + * 013aac6e cc int3 + * 013aac6f cc int3 + * 013aac70 55 push ebp ; jichi: vnragent hooked here + * 013aac71 8bec mov ebp,esp + * 013aac73 6a ff push -0x1 + * 013aac75 68 d8306101 push .016130d8 + * 013aac7a 64:a1 00000000 mov eax,dword ptr fs:[0] + * 013aac80 50 push eax + * 013aac81 81ec dc020000 sub esp,0x2dc + * 013aac87 a1 90f46a01 mov eax,dword ptr ds:[0x16af490] + * 013aac8c 33c5 xor eax,ebp + * 013aac8e 8945 f0 mov dword ptr ss:[ebp-0x10],eax + * 013aac91 53 push ebx + * 013aac92 56 push esi + * 013aac93 57 push edi + * 013aac94 50 push eax + * 013aac95 8d45 f4 lea eax,dword ptr ss:[ebp-0xc] + * 013aac98 64:a3 00000000 mov dword ptr fs:[0],eax + * 013aac9e 8b45 0c mov eax,dword ptr ss:[ebp+0xc] + * 013aaca1 8b5d 08 mov ebx,dword ptr ss:[ebp+0x8] + * 013aaca4 8bf9 mov edi,ecx + * 013aaca6 8b77 10 mov esi,dword ptr ds:[edi+0x10] + * 013aaca9 89bd 20fdffff mov dword ptr ss:[ebp-0x2e0],edi + * 013aacaf 8985 18fdffff mov dword ptr ss:[ebp-0x2e8],eax + * 013aacb5 85f6 test esi,esi + * 013aacb7 0f84 77040000 je .013ab134 + * 013aacbd 8b93 18010000 mov edx,dword ptr ds:[ebx+0x118] + * 013aacc3 2b93 14010000 sub edx,dword ptr ds:[ebx+0x114] + * 013aacc9 8d8b 14010000 lea ecx,dword ptr ds:[ebx+0x114] + * 013aaccf b8 67666666 mov eax,0x66666667 + * 013aacd4 f7ea imul edx + * 013aacd6 c1fa 08 sar edx,0x8 + * 013aacd9 8bc2 mov eax,edx + * 013aacdb c1e8 1f shr eax,0x1f + * 013aacde 03c2 add eax,edx + * 013aace0 03c6 add eax,esi + * 013aace2 50 push eax + * 013aace3 e8 5896fcff call .01374340 + * 013aace8 837f 14 08 cmp dword ptr ds:[edi+0x14],0x8 + * 013aacec 72 04 jb short .013aacf2 + * 013aacee 8b07 mov eax,dword ptr ds:[edi] + * 013aacf0 eb 02 jmp short .013aacf4 + * 013aacf2 8bc7 mov eax,edi + * 013aacf4 8985 24fdffff mov dword ptr ss:[ebp-0x2dc],eax + * 013aacfa 8b57 14 mov edx,dword ptr ds:[edi+0x14] + * 013aacfd 83fa 08 cmp edx,0x8 + * 013aad00 72 04 jb short .013aad06 + * 013aad02 8b0f mov ecx,dword ptr ds:[edi] + * 013aad04 eb 02 jmp short .013aad08 + * 013aad06 8bcf mov ecx,edi + * 013aad08 8b47 10 mov eax,dword ptr ds:[edi+0x10] + * 013aad0b 8bb5 24fdffff mov esi,dword ptr ss:[ebp-0x2dc] + * 013aad11 03c0 add eax,eax + * 013aad13 03c8 add ecx,eax + * 013aad15 3bf1 cmp esi,ecx + * 013aad17 0f84 17040000 je .013ab134 + * 013aad1d c785 34fdffff 00>mov dword ptr ss:[ebp-0x2cc],0x0 + * 013aad27 c785 2cfdffff ff>mov dword ptr ss:[ebp-0x2d4],-0x1 + * 013aad31 89b5 1cfdffff mov dword ptr ss:[ebp-0x2e4],esi + * 013aad37 83fa 08 cmp edx,0x8 + * 013aad3a 72 04 jb short .013aad40 + * 013aad3c 8b0f mov ecx,dword ptr ds:[edi] + * 013aad3e eb 02 jmp short .013aad42 + * 013aad40 8bcf mov ecx,edi + * 013aad42 03c1 add eax,ecx + * 013aad44 8d8d 2cfdffff lea ecx,dword ptr ss:[ebp-0x2d4] + * 013aad4a 51 push ecx + * 013aad4b 8d95 34fdffff lea edx,dword ptr ss:[ebp-0x2cc] + * 013aad51 52 push edx + * 013aad52 50 push eax + * 013aad53 8d85 24fdffff lea eax,dword ptr ss:[ebp-0x2dc] + * 013aad59 50 push eax + * 013aad5a e8 b183faff call .01353110 + * 013aad5f 8bb5 2cfdffff mov esi,dword ptr ss:[ebp-0x2d4] + * 013aad65 83c4 10 add esp,0x10 + * 013aad68 83fe 0a cmp esi,0xa + * 013aad6b 75 09 jnz short .013aad76 + * 013aad6d 8bcb mov ecx,ebx + * 013aad6f e8 ac050000 call .013ab320 + * 013aad74 ^eb 84 jmp short .013aacfa + * 013aad76 83fe 07 cmp esi,0x7 + * 013aad79 75 2a jnz short .013aada5 + * 013aad7b 33c9 xor ecx,ecx + * 013aad7d 33c0 xor eax,eax + * 013aad7f 66:898b ec000000 mov word ptr ds:[ebx+0xec],cx + * 013aad86 8bcb mov ecx,ebx + * 013aad88 8983 e8000000 mov dword ptr ds:[ebx+0xe8],eax + * 013aad8e 8983 f0000000 mov dword ptr ds:[ebx+0xf0],eax + * 013aad94 e8 87050000 call .013ab320 + * 013aad99 c683 f9000000 01 mov byte ptr ds:[ebx+0xf9],0x1 + * 013aada0 ^e9 55ffffff jmp .013aacfa + * 013aada5 8b85 34fdffff mov eax,dword ptr ss:[ebp-0x2cc] + * 013aadab 85c0 test eax,eax + * 013aadad 75 37 jnz short .013aade6 + * 013aadaf 85f6 test esi,esi + * 013aadb1 ^0f84 43ffffff je .013aacfa + * 013aadb7 85c0 test eax,eax + * 013aadb9 75 2b jnz short .013aade6 + * 013aadbb f605 c0be9f05 01 test byte ptr ds:[0x59fbec0],0x1 + * 013aadc2 75 0c jnz short .013aadd0 + * 013aadc4 830d c0be9f05 01 or dword ptr ds:[0x59fbec0],0x1 + * 013aadcb e8 f02a0b00 call .0145d8c0 + * 013aadd0 0fb7d6 movzx edx,si + * 013aadd3 80ba c0be9e05 01 cmp byte ptr ds:[edx+0x59ebec0],0x1 + * 013aadda 75 0a jnz short .013aade6 + * 013aaddc 8b43 68 mov eax,dword ptr ds:[ebx+0x68] + * 013aaddf 99 cdq + * 013aade0 2bc2 sub eax,edx + * 013aade2 d1f8 sar eax,1 + * 013aade4 eb 03 jmp short .013aade9 + * 013aade6 8b43 68 mov eax,dword ptr ds:[ebx+0x68] + * 013aade9 8b8b a0000000 mov ecx,dword ptr ds:[ebx+0xa0] + * 013aadef 8b53 18 mov edx,dword ptr ds:[ebx+0x18] + * 013aadf2 8985 30fdffff mov dword ptr ss:[ebp-0x2d0],eax + * 013aadf8 0343 58 add eax,dword ptr ds:[ebx+0x58] + * 013aadfb 03d1 add edx,ecx + * 013aadfd 3bc2 cmp eax,edx + * 013aadff 7f 0f jg short .013aae10 + * 013aae01 3bc1 cmp eax,ecx + * 013aae03 7e 30 jle short .013aae35 + * 013aae05 8bc6 mov eax,esi + * 013aae07 e8 94faffff call .013aa8a0 + * 013aae0c 84c0 test al,al + * 013aae0e 75 25 jnz short .013aae35 + * 013aae10 8bcb mov ecx,ebx + * 013aae12 e8 09050000 call .013ab320 + * 013aae17 83bd 34fdffff 00 cmp dword ptr ss:[ebp-0x2cc],0x0 + * 013aae1e 75 15 jnz short .013aae35 + * 013aae20 83fe 20 cmp esi,0x20 + * 013aae23 ^0f84 d1feffff je .013aacfa + * 013aae29 81fe 00300000 cmp esi,0x3000 + * 013aae2f ^0f84 c5feffff je .013aacfa + * 013aae35 8b43 5c mov eax,dword ptr ds:[ebx+0x5c] + * 013aae38 3b83 a4000000 cmp eax,dword ptr ds:[ebx+0xa4] + * 013aae3e 0f8d 7e020000 jge .013ab0c2 + * 013aae44 8d8d 38fdffff lea ecx,dword ptr ss:[ebp-0x2c8] + * 013aae4a 51 push ecx + * 013aae4b e8 30e4ffff call .013a9280 + * 013aae50 c745 fc 01000000 mov dword ptr ss:[ebp-0x4],0x1 + * 013aae57 8b43 74 mov eax,dword ptr ds:[ebx+0x74] + * 013aae5a 8b0d 88b26c01 mov ecx,dword ptr ds:[0x16cb288] + * 013aae60 83f8 ff cmp eax,-0x1 + * 013aae63 74 04 je short .013aae69 + * 013aae65 8bd0 mov edx,eax + * 013aae67 eb 19 jmp short .013aae82 + * 013aae69 80b9 60010000 00 cmp byte ptr ds:[ecx+0x160],0x0 + * 013aae70 74 0d je short .013aae7f + * 013aae72 8b83 e0000000 mov eax,dword ptr ds:[ebx+0xe0] + * 013aae78 8bd0 mov edx,eax + * 013aae7a 83f8 ff cmp eax,-0x1 + * 013aae7d 75 03 jnz short .013aae82 + * 013aae7f 8b53 24 mov edx,dword ptr ds:[ebx+0x24] + * 013aae82 8b43 78 mov eax,dword ptr ds:[ebx+0x78] + * 013aae85 83f8 ff cmp eax,-0x1 + * 013aae88 75 17 jnz short .013aaea1 + * 013aae8a 80b9 60010000 00 cmp byte ptr ds:[ecx+0x160],0x0 + * 013aae91 74 0b je short .013aae9e + * 013aae93 8b83 e4000000 mov eax,dword ptr ds:[ebx+0xe4] + * 013aae99 83f8 ff cmp eax,-0x1 + * 013aae9c 75 03 jnz short .013aaea1 + * 013aae9e 8b43 28 mov eax,dword ptr ds:[ebx+0x28] + * 013aaea1 8b4b 60 mov ecx,dword ptr ds:[ebx+0x60] + * 013aaea4 8bb5 34fdffff mov esi,dword ptr ss:[ebp-0x2cc] + * 013aaeaa 034b 58 add ecx,dword ptr ds:[ebx+0x58] + * 013aaead 8b7b 68 mov edi,dword ptr ds:[ebx+0x68] + * 013aaeb0 8985 28fdffff mov dword ptr ss:[ebp-0x2d8],eax + * 013aaeb6 8b43 5c mov eax,dword ptr ds:[ebx+0x5c] + * 013aaeb9 0343 64 add eax,dword ptr ds:[ebx+0x64] + * 013aaebc 83fe 01 cmp esi,0x1 + * 013aaebf 75 02 jnz short .013aaec3 + * 013aaec1 33d2 xor edx,edx + * 013aaec3 80bb fa000000 00 cmp byte ptr ds:[ebx+0xfa],0x0 + * 013aaeca 89b5 38fdffff mov dword ptr ss:[ebp-0x2c8],esi + * 013aaed0 8bb5 2cfdffff mov esi,dword ptr ss:[ebp-0x2d4] + * 013aaed6 8995 44fdffff mov dword ptr ss:[ebp-0x2bc],edx + * 013aaedc 8b95 28fdffff mov edx,dword ptr ss:[ebp-0x2d8] + * 013aaee2 89b5 3cfdffff mov dword ptr ss:[ebp-0x2c4],esi + * 013aaee8 89bd 40fdffff mov dword ptr ss:[ebp-0x2c0],edi + * 013aaeee 8995 48fdffff mov dword ptr ss:[ebp-0x2b8],edx + * 013aaef4 898d 4cfdffff mov dword ptr ss:[ebp-0x2b4],ecx + * 013aaefa 8985 50fdffff mov dword ptr ss:[ebp-0x2b0],eax + * 013aaf00 74 19 je short .013aaf1b + * 013aaf02 8b43 58 mov eax,dword ptr ds:[ebx+0x58] + * 013aaf05 8b4b 5c mov ecx,dword ptr ds:[ebx+0x5c] + * 013aaf08 8983 fc000000 mov dword ptr ds:[ebx+0xfc],eax + * 013aaf0e 898b 00010000 mov dword ptr ds:[ebx+0x100],ecx + * 013aaf14 c683 fa000000 00 mov byte ptr ds:[ebx+0xfa],0x0 + * 013aaf1b 8b53 6c mov edx,dword ptr ds:[ebx+0x6c] + * 013aaf1e 0395 30fdffff add edx,dword ptr ss:[ebp-0x2d0] + * 013aaf24 33ff xor edi,edi + * 013aaf26 0153 58 add dword ptr ds:[ebx+0x58],edx + * 013aaf29 8b95 34fdffff mov edx,dword ptr ss:[ebp-0x2cc] + * 013aaf2f 8b43 58 mov eax,dword ptr ds:[ebx+0x58] + * 013aaf32 3bd7 cmp edx,edi ; jichi: hook here + * 013aaf34 75 4b jnz short .013aaf81 + * 013aaf36 81fe 0c300000 cmp esi,0x300c ; jichi 10/18/2014: searched here found the new siglus function + * 013aaf3c 74 10 je short .013aaf4e + * 013aaf3e 81fe 0e300000 cmp esi,0x300e + * 013aaf44 74 08 je short .013aaf4e + * 013aaf46 81fe 08ff0000 cmp esi,0xff08 + * 013aaf4c 75 33 jnz short .013aaf81 + * 013aaf4e 80bb f9000000 00 cmp byte ptr ds:[ebx+0xf9],0x0 + * 013aaf55 74 19 je short .013aaf70 + * 013aaf57 8983 e8000000 mov dword ptr ds:[ebx+0xe8],eax + * 013aaf5d 66:89b3 ec000000 mov word ptr ds:[ebx+0xec],si + * 013aaf64 c783 f0000000 01>mov dword ptr ds:[ebx+0xf0],0x1 + * 013aaf6e eb 11 jmp short .013aaf81 + * 013aaf70 0fb783 ec000000 movzx eax,word ptr ds:[ebx+0xec] + * 013aaf77 3bf0 cmp esi,eax + * 013aaf79 75 06 jnz short .013aaf81 + * 013aaf7b ff83 f0000000 inc dword ptr ds:[ebx+0xf0] + * 013aaf81 8b8b f0000000 mov ecx,dword ptr ds:[ebx+0xf0] + * 013aaf87 3bcf cmp ecx,edi + * 013aaf89 7e 71 jle short .013aaffc + * 013aaf8b 3bd7 cmp edx,edi + * 013aaf8d 75 50 jnz short .013aafdf + * 013aaf8f 0fb783 ec000000 movzx eax,word ptr ds:[ebx+0xec] + * 013aaf96 ba 0c300000 mov edx,0x300c + * 013aaf9b 66:3bc2 cmp ax,dx + * 013aaf9e 75 0f jnz short .013aafaf + * 013aafa0 81fe 0d300000 cmp esi,0x300d + * 013aafa6 75 07 jnz short .013aafaf + * 013aafa8 49 dec ecx + * 013aafa9 898b f0000000 mov dword ptr ds:[ebx+0xf0],ecx + * 013aafaf b9 0e300000 mov ecx,0x300e + * 013aafb4 66:3bc1 cmp ax,cx + * 013aafb7 75 0e jnz short .013aafc7 + * 013aafb9 81fe 0f300000 cmp esi,0x300f + * 013aafbf 75 06 jnz short .013aafc7 + * 013aafc1 ff8b f0000000 dec dword ptr ds:[ebx+0xf0] + * 013aafc7 ba 08ff0000 mov edx,0xff08 + * 013aafcc 66:3bc2 cmp ax,dx + * 013aafcf 75 0e jnz short .013aafdf + * 013aafd1 81fe 09ff0000 cmp esi,0xff09 + * 013aafd7 75 06 jnz short .013aafdf + * 013aafd9 ff8b f0000000 dec dword ptr ds:[ebx+0xf0] + * 013aafdf 39bb f0000000 cmp dword ptr ds:[ebx+0xf0],edi + * 013aafe5 75 15 jnz short .013aaffc + * 013aafe7 33c0 xor eax,eax + * 013aafe9 89bb e8000000 mov dword ptr ds:[ebx+0xe8],edi + * 013aafef 66:8983 ec000000 mov word ptr ds:[ebx+0xec],ax + * 013aaff6 89bb f0000000 mov dword ptr ds:[ebx+0xf0],edi + * 013aaffc 8d8d 38fdffff lea ecx,dword ptr ss:[ebp-0x2c8] + * 013ab002 8dbb 14010000 lea edi,dword ptr ds:[ebx+0x114] + * 013ab008 e8 b390fcff call .013740c0 + * 013ab00d 33ff xor edi,edi + * 013ab00f 39bd 34fdffff cmp dword ptr ss:[ebp-0x2cc],edi + * 013ab015 75 0e jnz short .013ab025 + * 013ab017 56 push esi + * 013ab018 8d83 a8000000 lea eax,dword ptr ds:[ebx+0xa8] + * 013ab01e e8 5d080000 call .013ab880 + * 013ab023 eb 65 jmp short .013ab08a + * 013ab025 8b85 1cfdffff mov eax,dword ptr ss:[ebp-0x2e4] + * 013ab02b 33c9 xor ecx,ecx + * 013ab02d 66:894d d4 mov word ptr ss:[ebp-0x2c],cx + * 013ab031 8b8d 24fdffff mov ecx,dword ptr ss:[ebp-0x2dc] + * 013ab037 c745 e8 07000000 mov dword ptr ss:[ebp-0x18],0x7 + * 013ab03e 897d e4 mov dword ptr ss:[ebp-0x1c],edi + * 013ab041 3bc1 cmp eax,ecx + * 013ab043 74 0d je short .013ab052 + * 013ab045 2bc8 sub ecx,eax + * 013ab047 d1f9 sar ecx,1 + * 013ab049 51 push ecx + * 013ab04a 8d75 d4 lea esi,dword ptr ss:[ebp-0x2c] + * 013ab04d e8 de72f2ff call .012d2330 + * 013ab052 6a ff push -0x1 + * 013ab054 57 push edi + * 013ab055 8d55 d4 lea edx,dword ptr ss:[ebp-0x2c] + * 013ab058 52 push edx + * 013ab059 8db3 a8000000 lea esi,dword ptr ds:[ebx+0xa8] + * 013ab05f c645 fc 02 mov byte ptr ss:[ebp-0x4],0x2 + * 013ab063 e8 3879f2ff call .012d29a0 + * 013ab068 837d e8 08 cmp dword ptr ss:[ebp-0x18],0x8 + * 013ab06c 72 0c jb short .013ab07a + * 013ab06e 8b45 d4 mov eax,dword ptr ss:[ebp-0x2c] + * 013ab071 50 push eax + * 013ab072 e8 5fbe1900 call .01546ed6 + * 013ab077 83c4 04 add esp,0x4 + * 013ab07a 33c9 xor ecx,ecx + * 013ab07c c745 e8 07000000 mov dword ptr ss:[ebp-0x18],0x7 + * 013ab083 897d e4 mov dword ptr ss:[ebp-0x1c],edi + * 013ab086 66:894d d4 mov word ptr ss:[ebp-0x2c],cx + * 013ab08a 8bbd 20fdffff mov edi,dword ptr ss:[ebp-0x2e0] + * 013ab090 c683 f9000000 00 mov byte ptr ds:[ebx+0xf9],0x0 + * 013ab097 8d95 88feffff lea edx,dword ptr ss:[ebp-0x178] + * 013ab09d 52 push edx + * 013ab09e c745 fc 03000000 mov dword ptr ss:[ebp-0x4],0x3 + * 013ab0a5 e8 d6c70800 call .01437880 + * 013ab0aa 8d85 58fdffff lea eax,dword ptr ss:[ebp-0x2a8] + * 013ab0b0 50 push eax + * 013ab0b1 c745 fc ffffffff mov dword ptr ss:[ebp-0x4],-0x1 + * 013ab0b8 e8 c3c70800 call .01437880 + * 013ab0bd ^e9 38fcffff jmp .013aacfa + * 013ab0c2 8b9d 18fdffff mov ebx,dword ptr ss:[ebp-0x2e8] + * 013ab0c8 85db test ebx,ebx + * 013ab0ca 74 68 je short .013ab134 + * 013ab0cc 837f 14 08 cmp dword ptr ds:[edi+0x14],0x8 + * 013ab0d0 72 04 jb short .013ab0d6 + * 013ab0d2 8b07 mov eax,dword ptr ds:[edi] + * 013ab0d4 eb 02 jmp short .013ab0d8 + * 013ab0d6 8bc7 mov eax,edi + * 013ab0d8 8b4f 10 mov ecx,dword ptr ds:[edi+0x10] + * 013ab0db 8d0448 lea eax,dword ptr ds:[eax+ecx*2] + * 013ab0de 8b8d 1cfdffff mov ecx,dword ptr ss:[ebp-0x2e4] + * 013ab0e4 33d2 xor edx,edx + * 013ab0e6 c745 cc 07000000 mov dword ptr ss:[ebp-0x34],0x7 + * 013ab0ed c745 c8 00000000 mov dword ptr ss:[ebp-0x38],0x0 + * 013ab0f4 66:8955 b8 mov word ptr ss:[ebp-0x48],dx + * 013ab0f8 3bc8 cmp ecx,eax + * 013ab0fa 74 0f je short .013ab10b + * 013ab0fc 2bc1 sub eax,ecx + * 013ab0fe d1f8 sar eax,1 + * 013ab100 50 push eax + * 013ab101 8bc1 mov eax,ecx + * 013ab103 8d75 b8 lea esi,dword ptr ss:[ebp-0x48] + * 013ab106 e8 2572f2ff call .012d2330 + * 013ab10b 6a 00 push 0x0 + * 013ab10d 8d45 b8 lea eax,dword ptr ss:[ebp-0x48] + * 013ab110 50 push eax + * 013ab111 83c8 ff or eax,0xffffffff + * 013ab114 8bcb mov ecx,ebx + * 013ab116 c745 fc 00000000 mov dword ptr ss:[ebp-0x4],0x0 + * 013ab11d e8 2e6ef2ff call .012d1f50 + * 013ab122 837d cc 08 cmp dword ptr ss:[ebp-0x34],0x8 + * 013ab126 72 0c jb short .013ab134 + * 013ab128 8b4d b8 mov ecx,dword ptr ss:[ebp-0x48] + * 013ab12b 51 push ecx + * 013ab12c e8 a5bd1900 call .01546ed6 + * 013ab131 83c4 04 add esp,0x4 + * 013ab134 8b4d f4 mov ecx,dword ptr ss:[ebp-0xc] + * 013ab137 64:890d 00000000 mov dword ptr fs:[0],ecx + * 013ab13e 59 pop ecx + * 013ab13f 5f pop edi + * 013ab140 5e pop esi + * 013ab141 5b pop ebx + * 013ab142 8b4d f0 mov ecx,dword ptr ss:[ebp-0x10] + * 013ab145 33cd xor ecx,ebp + * 013ab147 e8 6ab30e00 call .014964b6 + * 013ab14c 8be5 mov esp,ebp + * 013ab14e 5d pop ebp + * 013ab14f c2 0800 retn 0x8 + * 013ab152 cc int3 + * 013ab153 cc int3 + * 013ab154 cc int3 + * + * 10/18/2014 Type2: リア兂�ラスメイト孕ませ催� + * + * 01140edb cc int3 + * 01140edc cc int3 + * 01140edd cc int3 + * 01140ede cc int3 + * 01140edf cc int3 + * 01140ee0 55 push ebp + * 01140ee1 8bec mov ebp,esp + * 01140ee3 6a ff push -0x1 + * 01140ee5 68 c6514a01 push .014a51c6 + * 01140eea 64:a1 00000000 mov eax,dword ptr fs:[0] + * 01140ef0 50 push eax + * 01140ef1 81ec dc020000 sub esp,0x2dc + * 01140ef7 a1 10745501 mov eax,dword ptr ds:[0x1557410] + * 01140efc 33c5 xor eax,ebp + * 01140efe 8945 f0 mov dword ptr ss:[ebp-0x10],eax + * 01140f01 53 push ebx + * 01140f02 56 push esi + * 01140f03 57 push edi + * 01140f04 50 push eax + * 01140f05 8d45 f4 lea eax,dword ptr ss:[ebp-0xc] + * 01140f08 64:a3 00000000 mov dword ptr fs:[0],eax + * 01140f0e 8bd9 mov ebx,ecx + * 01140f10 8b7d 08 mov edi,dword ptr ss:[ebp+0x8] + * 01140f13 837f 10 00 cmp dword ptr ds:[edi+0x10],0x0 + * 01140f17 8b45 0c mov eax,dword ptr ss:[ebp+0xc] + * 01140f1a 8985 1cfdffff mov dword ptr ss:[ebp-0x2e4],eax + * 01140f20 8d47 10 lea eax,dword ptr ds:[edi+0x10] + * 01140f23 89bd 38fdffff mov dword ptr ss:[ebp-0x2c8],edi + * 01140f29 8985 20fdffff mov dword ptr ss:[ebp-0x2e0],eax + * 01140f2f 0f84 2a050000 je .0114145f + * 01140f35 8b8b 10010000 mov ecx,dword ptr ds:[ebx+0x110] + * 01140f3b b8 67666666 mov eax,0x66666667 + * 01140f40 2b8b 0c010000 sub ecx,dword ptr ds:[ebx+0x10c] + * 01140f46 f7e9 imul ecx + * 01140f48 8b85 20fdffff mov eax,dword ptr ss:[ebp-0x2e0] + * 01140f4e 8b8b 14010000 mov ecx,dword ptr ds:[ebx+0x114] + * 01140f54 2b8b 0c010000 sub ecx,dword ptr ds:[ebx+0x10c] + * 01140f5a c1fa 08 sar edx,0x8 + * 01140f5d 8bf2 mov esi,edx + * 01140f5f c1ee 1f shr esi,0x1f + * 01140f62 03f2 add esi,edx + * 01140f64 0330 add esi,dword ptr ds:[eax] + * 01140f66 b8 67666666 mov eax,0x66666667 + * 01140f6b f7e9 imul ecx + * 01140f6d c1fa 08 sar edx,0x8 + * 01140f70 8bc2 mov eax,edx + * 01140f72 c1e8 1f shr eax,0x1f + * 01140f75 03c2 add eax,edx + * 01140f77 3bc6 cmp eax,esi + * 01140f79 73 1e jnb short .01140f99 + * 01140f7b 81fe 66666600 cmp esi,0x666666 ; unicode "s the data. + * 01140f81 76 0a jbe short .01140f8d + * 01140f83 68 c00f4f01 push .014f0fc0 ; ascii "vector too long" + * 01140f88 e8 b1a30e00 call .0122b33e + * 01140f8d 56 push esi + * 01140f8e 8d8b 0c010000 lea ecx,dword ptr ds:[ebx+0x10c] + * 01140f94 e8 67acfcff call .0110bc00 + * 01140f99 837f 14 08 cmp dword ptr ds:[edi+0x14],0x8 + * 01140f9d 72 04 jb short .01140fa3 + * 01140f9f 8b37 mov esi,dword ptr ds:[edi] + * 01140fa1 eb 02 jmp short .01140fa5 + * 01140fa3 8bf7 mov esi,edi + * 01140fa5 89b5 34fdffff mov dword ptr ss:[ebp-0x2cc],esi + * 01140fab eb 03 jmp short .01140fb0 + * 01140fad 8d49 00 lea ecx,dword ptr ds:[ecx] + * 01140fb0 8b57 14 mov edx,dword ptr ds:[edi+0x14] + * 01140fb3 83fa 08 cmp edx,0x8 + * 01140fb6 72 04 jb short .01140fbc + * 01140fb8 8b07 mov eax,dword ptr ds:[edi] + * 01140fba eb 02 jmp short .01140fbe + * 01140fbc 8bc7 mov eax,edi + * 01140fbe 8b8d 20fdffff mov ecx,dword ptr ss:[ebp-0x2e0] + * 01140fc4 8b09 mov ecx,dword ptr ds:[ecx] + * 01140fc6 03c9 add ecx,ecx + * 01140fc8 03c1 add eax,ecx + * 01140fca 3bf0 cmp esi,eax + * 01140fcc 0f84 8d040000 je .0114145f + * 01140fd2 8b85 38fdffff mov eax,dword ptr ss:[ebp-0x2c8] + * 01140fd8 8bfe mov edi,esi + * 01140fda c785 3cfdffff 00>mov dword ptr ss:[ebp-0x2c4],0x0 + * 01140fe4 c785 2cfdffff ff>mov dword ptr ss:[ebp-0x2d4],-0x1 + * 01140fee 83fa 08 cmp edx,0x8 + * 01140ff1 72 02 jb short .01140ff5 + * 01140ff3 8b00 mov eax,dword ptr ds:[eax] + * 01140ff5 03c1 add eax,ecx + * 01140ff7 8d95 3cfdffff lea edx,dword ptr ss:[ebp-0x2c4] + * 01140ffd 8d8d 2cfdffff lea ecx,dword ptr ss:[ebp-0x2d4] + * 01141003 51 push ecx + * 01141004 50 push eax + * 01141005 8d8d 34fdffff lea ecx,dword ptr ss:[ebp-0x2cc] + * 0114100b e8 e033fbff call .010f43f0 + * 01141010 8bb5 2cfdffff mov esi,dword ptr ss:[ebp-0x2d4] + * 01141016 83c4 08 add esp,0x8 + * 01141019 83fe 0a cmp esi,0xa + * 0114101c 75 18 jnz short .01141036 + * 0114101e 8bcb mov ecx,ebx + * 01141020 e8 2b060000 call .01141650 + * 01141025 8bb5 34fdffff mov esi,dword ptr ss:[ebp-0x2cc] + * 0114102b 8bbd 38fdffff mov edi,dword ptr ss:[ebp-0x2c8] + * 01141031 ^e9 7affffff jmp .01140fb0 + * 01141036 83fe 07 cmp esi,0x7 + * 01141039 75 38 jnz short .01141073 + * 0114103b 33c0 xor eax,eax + * 0114103d c783 e0000000 00>mov dword ptr ds:[ebx+0xe0],0x0 + * 01141047 8bcb mov ecx,ebx + * 01141049 66:8983 e4000000 mov word ptr ds:[ebx+0xe4],ax + * 01141050 8983 e8000000 mov dword ptr ds:[ebx+0xe8],eax + * 01141056 e8 f5050000 call .01141650 + * 0114105b 8bb5 34fdffff mov esi,dword ptr ss:[ebp-0x2cc] + * 01141061 8bbd 38fdffff mov edi,dword ptr ss:[ebp-0x2c8] + * 01141067 c683 f1000000 01 mov byte ptr ds:[ebx+0xf1],0x1 + * 0114106e ^e9 3dffffff jmp .01140fb0 + * 01141073 8b85 3cfdffff mov eax,dword ptr ss:[ebp-0x2c4] + * 01141079 85c0 test eax,eax + * 0114107b 75 36 jnz short .011410b3 + * 0114107d 85f6 test esi,esi + * 0114107f 74 7f je short .01141100 + * 01141081 85c0 test eax,eax + * 01141083 75 2e jnz short .011410b3 + * 01141085 a1 00358905 mov eax,dword ptr ds:[0x5893500] + * 0114108a a8 01 test al,0x1 + * 0114108c 75 0d jnz short .0114109b + * 0114108e 83c8 01 or eax,0x1 + * 01141091 a3 00358905 mov dword ptr ds:[0x5893500],eax + * 01141096 e8 65160b00 call .011f2700 + * 0114109b 0fb7c6 movzx eax,si + * 0114109e 80b8 10358905 01 cmp byte ptr ds:[eax+0x5893510],0x1 + * 011410a5 75 0c jnz short .011410b3 + * 011410a7 8b43 68 mov eax,dword ptr ds:[ebx+0x68] + * 011410aa 99 cdq + * 011410ab 2bc2 sub eax,edx + * 011410ad 8bc8 mov ecx,eax + * 011410af d1f9 sar ecx,1 + * 011410b1 eb 03 jmp short .011410b6 + * 011410b3 8b4b 68 mov ecx,dword ptr ds:[ebx+0x68] + * 011410b6 8b43 18 mov eax,dword ptr ds:[ebx+0x18] + * 011410b9 8b93 a0000000 mov edx,dword ptr ds:[ebx+0xa0] + * 011410bf 03c2 add eax,edx + * 011410c1 898d 28fdffff mov dword ptr ss:[ebp-0x2d8],ecx + * 011410c7 034b 58 add ecx,dword ptr ds:[ebx+0x58] + * 011410ca 3bc8 cmp ecx,eax + * 011410cc 7f 0f jg short .011410dd + * 011410ce 3bca cmp ecx,edx + * 011410d0 7e 3f jle short .01141111 + * 011410d2 8bce mov ecx,esi + * 011410d4 e8 37faffff call .01140b10 + * 011410d9 84c0 test al,al + * 011410db 75 34 jnz short .01141111 + * 011410dd 8bcb mov ecx,ebx + * 011410df e8 6c050000 call .01141650 + * 011410e4 83bd 3cfdffff 00 cmp dword ptr ss:[ebp-0x2c4],0x0 + * 011410eb 75 24 jnz short .01141111 + * 011410ed 83fe 20 cmp esi,0x20 + * 011410f0 74 0e je short .01141100 + * 011410f2 81fe 00300000 cmp esi,0x3000 + * 011410f8 75 17 jnz short .01141111 + * 011410fa 8d9b 00000000 lea ebx,dword ptr ds:[ebx] + * 01141100 8bb5 34fdffff mov esi,dword ptr ss:[ebp-0x2cc] + * 01141106 8bbd 38fdffff mov edi,dword ptr ss:[ebp-0x2c8] + * 0114110c ^e9 9ffeffff jmp .01140fb0 + * 01141111 8b43 5c mov eax,dword ptr ds:[ebx+0x5c] + * 01141114 3b83 a4000000 cmp eax,dword ptr ds:[ebx+0xa4] + * 0114111a 0f8d cb020000 jge .011413eb + * 01141120 8d8d 40fdffff lea ecx,dword ptr ss:[ebp-0x2c0] + * 01141126 e8 d5e3ffff call .0113f500 + * 0114112b c745 fc 01000000 mov dword ptr ss:[ebp-0x4],0x1 + * 01141132 8b4b 74 mov ecx,dword ptr ds:[ebx+0x74] + * 01141135 8b15 98285701 mov edx,dword ptr ds:[0x1572898] + * 0114113b 898d 30fdffff mov dword ptr ss:[ebp-0x2d0],ecx + * 01141141 83f9 ff cmp ecx,-0x1 + * 01141144 75 23 jnz short .01141169 + * 01141146 80ba 58010000 00 cmp byte ptr ds:[edx+0x158],0x0 + * 0114114d 74 11 je short .01141160 + * 0114114f 8b8b d8000000 mov ecx,dword ptr ds:[ebx+0xd8] + * 01141155 898d 30fdffff mov dword ptr ss:[ebp-0x2d0],ecx + * 0114115b 83f9 ff cmp ecx,-0x1 + * 0114115e 75 09 jnz short .01141169 + * 01141160 8b43 24 mov eax,dword ptr ds:[ebx+0x24] + * 01141163 8985 30fdffff mov dword ptr ss:[ebp-0x2d0],eax + * 01141169 8b43 78 mov eax,dword ptr ds:[ebx+0x78] + * 0114116c 8985 24fdffff mov dword ptr ss:[ebp-0x2dc],eax + * 01141172 83f8 ff cmp eax,-0x1 + * 01141175 75 23 jnz short .0114119a + * 01141177 80ba 58010000 00 cmp byte ptr ds:[edx+0x158],0x0 + * 0114117e 74 11 je short .01141191 + * 01141180 8b83 dc000000 mov eax,dword ptr ds:[ebx+0xdc] + * 01141186 8985 24fdffff mov dword ptr ss:[ebp-0x2dc],eax + * 0114118c 83f8 ff cmp eax,-0x1 + * 0114118f 75 09 jnz short .0114119a + * 01141191 8b43 28 mov eax,dword ptr ds:[ebx+0x28] + * 01141194 8985 24fdffff mov dword ptr ss:[ebp-0x2dc],eax + * 0114119a 8b53 64 mov edx,dword ptr ds:[ebx+0x64] + * 0114119d 0353 5c add edx,dword ptr ds:[ebx+0x5c] + * 011411a0 8b4b 60 mov ecx,dword ptr ds:[ebx+0x60] + * 011411a3 034b 58 add ecx,dword ptr ds:[ebx+0x58] + * 011411a6 83bd 3cfdffff 01 cmp dword ptr ss:[ebp-0x2c4],0x1 + * 011411ad 8bb5 30fdffff mov esi,dword ptr ss:[ebp-0x2d0] + * 011411b3 8b43 68 mov eax,dword ptr ds:[ebx+0x68] + * 011411b6 c785 18fdffff 00>mov dword ptr ss:[ebp-0x2e8],0x0 + * 011411c0 0f44b5 18fdffff cmove esi,dword ptr ss:[ebp-0x2e8] + * 011411c7 80bb f2000000 00 cmp byte ptr ds:[ebx+0xf2],0x0 + * 011411ce 89b5 30fdffff mov dword ptr ss:[ebp-0x2d0],esi + * 011411d4 8bb5 3cfdffff mov esi,dword ptr ss:[ebp-0x2c4] + * 011411da 8985 48fdffff mov dword ptr ss:[ebp-0x2b8],eax + * 011411e0 8b85 30fdffff mov eax,dword ptr ss:[ebp-0x2d0] + * 011411e6 89b5 40fdffff mov dword ptr ss:[ebp-0x2c0],esi + * 011411ec 8bb5 2cfdffff mov esi,dword ptr ss:[ebp-0x2d4] + * 011411f2 8985 4cfdffff mov dword ptr ss:[ebp-0x2b4],eax + * 011411f8 8b85 24fdffff mov eax,dword ptr ss:[ebp-0x2dc] + * 011411fe 89b5 44fdffff mov dword ptr ss:[ebp-0x2bc],esi + * 01141204 8985 50fdffff mov dword ptr ss:[ebp-0x2b0],eax + * 0114120a 898d 54fdffff mov dword ptr ss:[ebp-0x2ac],ecx + * 01141210 8995 58fdffff mov dword ptr ss:[ebp-0x2a8],edx + * 01141216 74 19 je short .01141231 + * 01141218 8b43 58 mov eax,dword ptr ds:[ebx+0x58] + * 0114121b 8983 f4000000 mov dword ptr ds:[ebx+0xf4],eax + * 01141221 8b43 5c mov eax,dword ptr ds:[ebx+0x5c] + * 01141224 8983 f8000000 mov dword ptr ds:[ebx+0xf8],eax + * 0114122a c683 f2000000 00 mov byte ptr ds:[ebx+0xf2],0x0 + * 01141231 8b43 6c mov eax,dword ptr ds:[ebx+0x6c] + * 01141234 0385 28fdffff add eax,dword ptr ss:[ebp-0x2d8] + * 0114123a 0143 58 add dword ptr ds:[ebx+0x58],eax + * 0114123d 8b85 3cfdffff mov eax,dword ptr ss:[ebp-0x2c4] + * 01141243 8b4b 58 mov ecx,dword ptr ds:[ebx+0x58] + * 01141246 85c0 test eax,eax + * 01141248 75 51 jnz short .0114129b + * 0114124a 81fe 0c300000 cmp esi,0x300c ; jichi: hook here, utf16 character is in esi + * 01141250 74 10 je short .01141262 + * 01141252 81fe 0e300000 cmp esi,0x300e + * 01141258 74 08 je short .01141262 + * 0114125a 81fe 08ff0000 cmp esi,0xff08 + * 01141260 75 39 jnz short .0114129b + * 01141262 80bb f1000000 00 cmp byte ptr ds:[ebx+0xf1],0x0 + * 01141269 74 19 je short .01141284 + * 0114126b 898b e0000000 mov dword ptr ds:[ebx+0xe0],ecx + * 01141271 66:89b3 e4000000 mov word ptr ds:[ebx+0xe4],si + * 01141278 c783 e8000000 01>mov dword ptr ds:[ebx+0xe8],0x1 + * 01141282 eb 17 jmp short .0114129b + * 01141284 0fb783 e4000000 movzx eax,word ptr ds:[ebx+0xe4] + * 0114128b 3bf0 cmp esi,eax + * 0114128d 8b85 3cfdffff mov eax,dword ptr ss:[ebp-0x2c4] + * 01141293 75 06 jnz short .0114129b + * 01141295 ff83 e8000000 inc dword ptr ds:[ebx+0xe8] + * 0114129b 8b93 e8000000 mov edx,dword ptr ds:[ebx+0xe8] + * 011412a1 85d2 test edx,edx + * 011412a3 7e 78 jle short .0114131d + * 011412a5 85c0 test eax,eax + * 011412a7 75 52 jnz short .011412fb + * 011412a9 0fb78b e4000000 movzx ecx,word ptr ds:[ebx+0xe4] + * 011412b0 b8 0c300000 mov eax,0x300c + * 011412b5 66:3bc8 cmp cx,ax + * 011412b8 75 11 jnz short .011412cb + * 011412ba 81fe 0d300000 cmp esi,0x300d + * 011412c0 75 09 jnz short .011412cb + * 011412c2 8d42 ff lea eax,dword ptr ds:[edx-0x1] + * 011412c5 8983 e8000000 mov dword ptr ds:[ebx+0xe8],eax + * 011412cb b8 0e300000 mov eax,0x300e + * 011412d0 66:3bc8 cmp cx,ax + * 011412d3 75 0e jnz short .011412e3 + * 011412d5 81fe 0f300000 cmp esi,0x300f + * 011412db 75 06 jnz short .011412e3 + * 011412dd ff8b e8000000 dec dword ptr ds:[ebx+0xe8] + * 011412e3 b8 08ff0000 mov eax,0xff08 + * 011412e8 66:3bc8 cmp cx,ax + * 011412eb 75 0e jnz short .011412fb + * 011412ed 81fe 09ff0000 cmp esi,0xff09 + * 011412f3 75 06 jnz short .011412fb + * 011412f5 ff8b e8000000 dec dword ptr ds:[ebx+0xe8] + * 011412fb 83bb e8000000 00 cmp dword ptr ds:[ebx+0xe8],0x0 + * 01141302 75 19 jnz short .0114131d + * 01141304 33c0 xor eax,eax + * 01141306 c783 e0000000 00>mov dword ptr ds:[ebx+0xe0],0x0 + * 01141310 66:8983 e4000000 mov word ptr ds:[ebx+0xe4],ax + * 01141317 8983 e8000000 mov dword ptr ds:[ebx+0xe8],eax + * 0114131d 8d85 40fdffff lea eax,dword ptr ss:[ebp-0x2c0] + * 01141323 50 push eax + * 01141324 8d8b 0c010000 lea ecx,dword ptr ds:[ebx+0x10c] + * 0114132a e8 31a6fcff call .0110b960 + * 0114132f 83bd 3cfdffff 00 cmp dword ptr ss:[ebp-0x2c4],0x0 + * 01141336 8bb5 34fdffff mov esi,dword ptr ss:[ebp-0x2cc] + * 0114133c 75 13 jnz short .01141351 + * 0114133e ffb5 2cfdffff push dword ptr ss:[ebp-0x2d4] + * 01141344 8d8b a8000000 lea ecx,dword ptr ds:[ebx+0xa8] + * 0114134a e8 010a0000 call .01141d50 + * 0114134f eb 64 jmp short .011413b5 + * 01141351 33c0 xor eax,eax + * 01141353 c745 ec 07000000 mov dword ptr ss:[ebp-0x14],0x7 + * 0114135a c745 e8 00000000 mov dword ptr ss:[ebp-0x18],0x0 + * 01141361 66:8945 d8 mov word ptr ss:[ebp-0x28],ax + * 01141365 3bfe cmp edi,esi + * 01141367 74 10 je short .01141379 + * 01141369 8bc6 mov eax,esi + * 0114136b 8d4d d8 lea ecx,dword ptr ss:[ebp-0x28] + * 0114136e 2bc7 sub eax,edi + * 01141370 d1f8 sar eax,1 + * 01141372 50 push eax + * 01141373 57 push edi + * 01141374 e8 b7daf2ff call .0106ee30 + * 01141379 6a ff push -0x1 + * 0114137b 6a 00 push 0x0 + * 0114137d 8d45 d8 lea eax,dword ptr ss:[ebp-0x28] + * 01141380 c645 fc 02 mov byte ptr ss:[ebp-0x4],0x2 + * 01141384 50 push eax + * 01141385 8d8b a8000000 lea ecx,dword ptr ds:[ebx+0xa8] + * 0114138b e8 205cf3ff call .01076fb0 + * 01141390 837d ec 08 cmp dword ptr ss:[ebp-0x14],0x8 + * 01141394 72 0b jb short .011413a1 + * 01141396 ff75 d8 push dword ptr ss:[ebp-0x28] + * 01141399 e8 fccb0e00 call .0122df9a + * 0114139e 83c4 04 add esp,0x4 + * 011413a1 33c0 xor eax,eax + * 011413a3 c745 ec 07000000 mov dword ptr ss:[ebp-0x14],0x7 + * 011413aa c745 e8 00000000 mov dword ptr ss:[ebp-0x18],0x0 + * 011413b1 66:8945 d8 mov word ptr ss:[ebp-0x28],ax + * 011413b5 c683 f1000000 00 mov byte ptr ds:[ebx+0xf1],0x0 + * 011413bc 8d8d 90feffff lea ecx,dword ptr ss:[ebp-0x170] + * 011413c2 c745 fc 03000000 mov dword ptr ss:[ebp-0x4],0x3 + * 011413c9 e8 42bb0800 call .011ccf10 + * 011413ce 8d8d 60fdffff lea ecx,dword ptr ss:[ebp-0x2a0] + * 011413d4 c745 fc ffffffff mov dword ptr ss:[ebp-0x4],-0x1 + * 011413db e8 30bb0800 call .011ccf10 + * 011413e0 8bbd 38fdffff mov edi,dword ptr ss:[ebp-0x2c8] + * 011413e6 ^e9 c5fbffff jmp .01140fb0 + * 011413eb 8b9d 1cfdffff mov ebx,dword ptr ss:[ebp-0x2e4] + * 011413f1 85db test ebx,ebx + * 011413f3 74 6a je short .0114145f + * 011413f5 8b8d 38fdffff mov ecx,dword ptr ss:[ebp-0x2c8] + * 011413fb 8379 14 08 cmp dword ptr ds:[ecx+0x14],0x8 + * 011413ff 72 02 jb short .01141403 + * 01141401 8b09 mov ecx,dword ptr ds:[ecx] + * 01141403 8b85 20fdffff mov eax,dword ptr ss:[ebp-0x2e0] + * 01141409 c745 d4 07000000 mov dword ptr ss:[ebp-0x2c],0x7 + * 01141410 c745 d0 00000000 mov dword ptr ss:[ebp-0x30],0x0 + * 01141417 8b00 mov eax,dword ptr ds:[eax] + * 01141419 8d0441 lea eax,dword ptr ds:[ecx+eax*2] + * 0114141c 33c9 xor ecx,ecx + * 0114141e 66:894d c0 mov word ptr ss:[ebp-0x40],cx + * 01141422 3bf8 cmp edi,eax + * 01141424 74 0e je short .01141434 + * 01141426 2bc7 sub eax,edi + * 01141428 8d4d c0 lea ecx,dword ptr ss:[ebp-0x40] + * 0114142b d1f8 sar eax,1 + * 0114142d 50 push eax + * 0114142e 57 push edi + * 0114142f e8 fcd9f2ff call .0106ee30 + * 01141434 8d45 c0 lea eax,dword ptr ss:[ebp-0x40] + * 01141437 c745 fc 00000000 mov dword ptr ss:[ebp-0x4],0x0 + * 0114143e 3bd8 cmp ebx,eax + * 01141440 74 0c je short .0114144e + * 01141442 6a ff push -0x1 + * 01141444 6a 00 push 0x0 + * 01141446 50 push eax + * 01141447 8bcb mov ecx,ebx + * 01141449 e8 c2def2ff call .0106f310 + * 0114144e 837d d4 08 cmp dword ptr ss:[ebp-0x2c],0x8 + * 01141452 72 0b jb short .0114145f + * 01141454 ff75 c0 push dword ptr ss:[ebp-0x40] + * 01141457 e8 3ecb0e00 call .0122df9a + * 0114145c 83c4 04 add esp,0x4 + * 0114145f 8b4d f4 mov ecx,dword ptr ss:[ebp-0xc] + * 01141462 64:890d 00000000 mov dword ptr fs:[0],ecx + * 01141469 59 pop ecx + * 0114146a 5f pop edi + * 0114146b 5e pop esi + * 0114146c 5b pop ebx + * 0114146d 8b4d f0 mov ecx,dword ptr ss:[ebp-0x10] + * 01141470 33cd xor ecx,ebp + * 01141472 e8 14cb0e00 call .0122df8b + * 01141477 8be5 mov esp,ebp + * 01141479 5d pop ebp + * 0114147a c2 0800 retn 0x8 + * 0114147d cc int3 + * 0114147e cc int3 + * + * In AngleBeats, base = 0x09a0000 + * 00B6B87C CC INT3 + * 00B6B87D CC INT3 + * 00B6B87E CC INT3 + * 00B6B87F CC INT3 + * 00B6B880 55 PUSH EBP + * 00B6B881 8BEC MOV EBP,ESP + * 00B6B883 6A FF PUSH -0x1 + * 00B6B885 68 7964ED00 PUSH .00ED6479 + * 00B6B88A 64:A1 00000000 MOV EAX,DWORD PTR FS:[0] + * 00B6B890 50 PUSH EAX + * 00B6B891 81EC 1C040000 SUB ESP,0x41C + * 00B6B897 A1 E0A4F800 MOV EAX,DWORD PTR DS:[0xF8A4E0] + * 00B6B89C 33C5 XOR EAX,EBP + * 00B6B89E 8945 F0 MOV DWORD PTR SS:[EBP-0x10],EAX + * 00B6B8A1 53 PUSH EBX + * 00B6B8A2 56 PUSH ESI + * 00B6B8A3 57 PUSH EDI + * 00B6B8A4 50 PUSH EAX + * 00B6B8A5 8D45 F4 LEA EAX,DWORD PTR SS:[EBP-0xC] + * 00B6B8A8 64:A3 00000000 MOV DWORD PTR FS:[0],EAX + * 00B6B8AE 8BD9 MOV EBX,ECX + * 00B6B8B0 8B7D 08 MOV EDI,DWORD PTR SS:[EBP+0x8] + * 00B6B8B3 837F 10 00 CMP DWORD PTR DS:[EDI+0x10],0x0 + * 00B6B8B7 8B45 0C MOV EAX,DWORD PTR SS:[EBP+0xC] + * 00B6B8BA 8985 E0FBFFFF MOV DWORD PTR SS:[EBP-0x420],EAX + * 00B6B8C0 8D47 10 LEA EAX,DWORD PTR DS:[EDI+0x10] + * 00B6B8C3 89BD FCFBFFFF MOV DWORD PTR SS:[EBP-0x404],EDI + * 00B6B8C9 8985 F0FBFFFF MOV DWORD PTR SS:[EBP-0x410],EAX + * 00B6B8CF 0F84 31060000 JE .00B6BF06 + * 00B6B8D5 8B8B 1C010000 MOV ECX,DWORD PTR DS:[EBX+0x11C] + * 00B6B8DB B8 71F8428A MOV EAX,0x8A42F871 + * 00B6B8E0 2B8B 18010000 SUB ECX,DWORD PTR DS:[EBX+0x118] + * 00B6B8E6 F7E9 IMUL ECX + * 00B6B8E8 8B85 F0FBFFFF MOV EAX,DWORD PTR SS:[EBP-0x410] + * 00B6B8EE 03D1 ADD EDX,ECX + * 00B6B8F0 8B8B 20010000 MOV ECX,DWORD PTR DS:[EBX+0x120] + * 00B6B8F6 2B8B 18010000 SUB ECX,DWORD PTR DS:[EBX+0x118] + * 00B6B8FC C1FA 09 SAR EDX,0x9 + * 00B6B8FF 8BF2 MOV ESI,EDX + * 00B6B901 C1EE 1F SHR ESI,0x1F + * 00B6B904 03F2 ADD ESI,EDX + * 00B6B906 0330 ADD ESI,DWORD PTR DS:[EAX] + * 00B6B908 B8 71F8428A MOV EAX,0x8A42F871 + * 00B6B90D F7E9 IMUL ECX + * 00B6B90F 03D1 ADD EDX,ECX + * 00B6B911 C1FA 09 SAR EDX,0x9 + * 00B6B914 8BC2 MOV EAX,EDX + * 00B6B916 C1E8 1F SHR EAX,0x1F + * 00B6B919 03C2 ADD EAX,EDX + * 00B6B91B 3BC6 CMP EAX,ESI + * 00B6B91D 73 1E JNB SHORT .00B6B93D + * 00B6B91F 81FE 7C214500 CMP ESI,0x45217C + * 00B6B925 76 0A JBE SHORT .00B6B931 + * 00B6B927 68 C031F200 PUSH .00F231C0 ; ASCII "vector too long" + * 00B6B92C E8 D2FC0E00 CALL .00C5B603 + * 00B6B931 56 PUSH ESI + * 00B6B932 8D8B 18010000 LEA ECX,DWORD PTR DS:[EBX+0x118] + * 00B6B938 E8 A38DFCFF CALL .00B346E0 + * 00B6B93D 837F 14 08 CMP DWORD PTR DS:[EDI+0x14],0x8 + * 00B6B941 72 04 JB SHORT .00B6B947 + * 00B6B943 8B37 MOV ESI,DWORD PTR DS:[EDI] + * 00B6B945 EB 02 JMP SHORT .00B6B949 + * 00B6B947 8BF7 MOV ESI,EDI + * 00B6B949 89B5 F8FBFFFF MOV DWORD PTR SS:[EBP-0x408],ESI + * 00B6B94F 90 NOP + * 00B6B950 8B57 14 MOV EDX,DWORD PTR DS:[EDI+0x14] + * 00B6B953 83FA 08 CMP EDX,0x8 + * 00B6B956 72 04 JB SHORT .00B6B95C + * 00B6B958 8B07 MOV EAX,DWORD PTR DS:[EDI] + * 00B6B95A EB 02 JMP SHORT .00B6B95E + * 00B6B95C 8BC7 MOV EAX,EDI + * 00B6B95E 8B8D F0FBFFFF MOV ECX,DWORD PTR SS:[EBP-0x410] + * 00B6B964 8B09 MOV ECX,DWORD PTR DS:[ECX] + * 00B6B966 03C9 ADD ECX,ECX + * 00B6B968 03C1 ADD EAX,ECX + * 00B6B96A 3BF0 CMP ESI,EAX + * 00B6B96C 0F84 94050000 JE .00B6BF06 + * 00B6B972 8B85 FCFBFFFF MOV EAX,DWORD PTR SS:[EBP-0x404] + * 00B6B978 8BFE MOV EDI,ESI + * 00B6B97A C785 00FCFFFF 00>MOV DWORD PTR SS:[EBP-0x400],0x0 + * 00B6B984 C785 E8FBFFFF FF>MOV DWORD PTR SS:[EBP-0x418],-0x1 + * 00B6B98E 83FA 08 CMP EDX,0x8 + * 00B6B991 72 02 JB SHORT .00B6B995 + * 00B6B993 8B00 MOV EAX,DWORD PTR DS:[EAX] + * 00B6B995 03C1 ADD EAX,ECX + * 00B6B997 8D95 00FCFFFF LEA EDX,DWORD PTR SS:[EBP-0x400] + * 00B6B99D 8D8D E8FBFFFF LEA ECX,DWORD PTR SS:[EBP-0x418] + * 00B6B9A3 51 PUSH ECX + * 00B6B9A4 50 PUSH EAX + * 00B6B9A5 8D8D F8FBFFFF LEA ECX,DWORD PTR SS:[EBP-0x408] + * 00B6B9AB E8 5025FBFF CALL .00B1DF00 + * 00B6B9B0 8BB5 E8FBFFFF MOV ESI,DWORD PTR SS:[EBP-0x418] + * 00B6B9B6 83C4 08 ADD ESP,0x8 + * 00B6B9B9 83FE 0A CMP ESI,0xA + * 00B6B9BC 75 18 JNZ SHORT .00B6B9D6 + * 00B6B9BE 8BCB MOV ECX,EBX + * 00B6B9C0 E8 FB070000 CALL .00B6C1C0 + * 00B6B9C5 8BB5 F8FBFFFF MOV ESI,DWORD PTR SS:[EBP-0x408] + * 00B6B9CB 8BBD FCFBFFFF MOV EDI,DWORD PTR SS:[EBP-0x404] + * 00B6B9D1 ^E9 7AFFFFFF JMP .00B6B950 + * 00B6B9D6 83FE 07 CMP ESI,0x7 + * 00B6B9D9 75 38 JNZ SHORT .00B6BA13 + * 00B6B9DB 33C0 XOR EAX,EAX + * 00B6B9DD C783 EC000000 00>MOV DWORD PTR DS:[EBX+0xEC],0x0 + * 00B6B9E7 8BCB MOV ECX,EBX + * 00B6B9E9 66:8983 F0000000 MOV WORD PTR DS:[EBX+0xF0],AX + * 00B6B9F0 8983 F4000000 MOV DWORD PTR DS:[EBX+0xF4],EAX + * 00B6B9F6 E8 C5070000 CALL .00B6C1C0 + * 00B6B9FB 8BB5 F8FBFFFF MOV ESI,DWORD PTR SS:[EBP-0x408] + * 00B6BA01 8BBD FCFBFFFF MOV EDI,DWORD PTR SS:[EBP-0x404] + * 00B6BA07 C683 FD000000 01 MOV BYTE PTR DS:[EBX+0xFD],0x1 + * 00B6BA0E ^E9 3DFFFFFF JMP .00B6B950 + * 00B6BA13 8B85 00FCFFFF MOV EAX,DWORD PTR SS:[EBP-0x400] + * 00B6BA19 85C0 TEST EAX,EAX + * 00B6BA1B 75 3A JNZ SHORT .00B6BA57 + * 00B6BA1D 85F6 TEST ESI,ESI + * 00B6BA1F 0F84 BE000000 JE .00B6BAE3 + * 00B6BA25 85C0 TEST EAX,EAX + * 00B6BA27 75 2E JNZ SHORT .00B6BA57 + * 00B6BA29 A1 486A2C05 MOV EAX,DWORD PTR DS:[0x52C6A48] + * 00B6BA2E A8 01 TEST AL,0x1 + * 00B6BA30 75 0D JNZ SHORT .00B6BA3F + * 00B6BA32 83C8 01 OR EAX,0x1 + * 00B6BA35 A3 486A2C05 MOV DWORD PTR DS:[0x52C6A48],EAX + * 00B6BA3A E8 B15F0B00 CALL .00C219F0 + * 00B6BA3F 0FB7C6 MOVZX EAX,SI + * 00B6BA42 80B8 506A2C05 01 CMP BYTE PTR DS:[EAX+0x52C6A50],0x1 + * 00B6BA49 75 0C JNZ SHORT .00B6BA57 + * 00B6BA4B 8B43 6C MOV EAX,DWORD PTR DS:[EBX+0x6C] + * 00B6BA4E 99 CDQ + * 00B6BA4F 2BC2 SUB EAX,EDX + * 00B6BA51 8BC8 MOV ECX,EAX + * 00B6BA53 D1F9 SAR ECX,1 + * 00B6BA55 EB 03 JMP SHORT .00B6BA5A + * 00B6BA57 8B4B 6C MOV ECX,DWORD PTR DS:[EBX+0x6C] + * 00B6BA5A 8B15 9C5DFA00 MOV EDX,DWORD PTR DS:[0xFA5D9C] + * 00B6BA60 898D ECFBFFFF MOV DWORD PTR SS:[EBP-0x414],ECX + * 00B6BA66 83BA 84CF0000 01 CMP DWORD PTR DS:[EDX+0xCF84],0x1 + * 00B6BA6D 75 26 JNZ SHORT .00B6BA95 + * 00B6BA6F 8B43 60 MOV EAX,DWORD PTR DS:[EBX+0x60] + * 00B6BA72 03C1 ADD EAX,ECX + * 00B6BA74 8B8B AC000000 MOV ECX,DWORD PTR DS:[EBX+0xAC] + * 00B6BA7A 8985 04FCFFFF MOV DWORD PTR SS:[EBP-0x3FC],EAX + * 00B6BA80 8B43 18 MOV EAX,DWORD PTR DS:[EBX+0x18] + * 00B6BA83 03C1 ADD EAX,ECX + * 00B6BA85 3985 04FCFFFF CMP DWORD PTR SS:[EBP-0x3FC],EAX + * 00B6BA8B 7F 39 JG SHORT .00B6BAC6 + * 00B6BA8D 398D 04FCFFFF CMP DWORD PTR SS:[EBP-0x3FC],ECX + * 00B6BA93 EB 24 JMP SHORT .00B6BAB9 + * 00B6BA95 8B43 5C MOV EAX,DWORD PTR DS:[EBX+0x5C] + * 00B6BA98 03C1 ADD EAX,ECX + * 00B6BA9A 8B8B A8000000 MOV ECX,DWORD PTR DS:[EBX+0xA8] + * 00B6BAA0 8985 04FCFFFF MOV DWORD PTR SS:[EBP-0x3FC],EAX + * 00B6BAA6 8B43 18 MOV EAX,DWORD PTR DS:[EBX+0x18] + * 00B6BAA9 03C1 ADD EAX,ECX + * 00B6BAAB 3985 04FCFFFF CMP DWORD PTR SS:[EBP-0x3FC],EAX + * 00B6BAB1 7F 13 JG SHORT .00B6BAC6 + * 00B6BAB3 398D 04FCFFFF CMP DWORD PTR SS:[EBP-0x3FC],ECX + * 00B6BAB9 7E 3F JLE SHORT .00B6BAFA + * 00B6BABB 8BCE MOV ECX,ESI + * 00B6BABD E8 EEF9FFFF CALL .00B6B4B0 + * 00B6BAC2 84C0 TEST AL,AL + * 00B6BAC4 75 34 JNZ SHORT .00B6BAFA + * 00B6BAC6 8BCB MOV ECX,EBX + * 00B6BAC8 E8 F3060000 CALL .00B6C1C0 + * 00B6BACD 83BD 00FCFFFF 00 CMP DWORD PTR SS:[EBP-0x400],0x0 + * 00B6BAD4 75 1E JNZ SHORT .00B6BAF4 + * 00B6BAD6 83FE 20 CMP ESI,0x20 + * 00B6BAD9 74 08 JE SHORT .00B6BAE3 + * 00B6BADB 81FE 00300000 CMP ESI,0x3000 + * 00B6BAE1 75 11 JNZ SHORT .00B6BAF4 + * 00B6BAE3 8BB5 F8FBFFFF MOV ESI,DWORD PTR SS:[EBP-0x408] + * 00B6BAE9 8BBD FCFBFFFF MOV EDI,DWORD PTR SS:[EBP-0x404] + * 00B6BAEF ^E9 5CFEFFFF JMP .00B6B950 + * 00B6BAF4 8B15 9C5DFA00 MOV EDX,DWORD PTR DS:[0xFA5D9C] + * 00B6BAFA 83BA 84CF0000 01 CMP DWORD PTR DS:[EDX+0xCF84],0x1 + * 00B6BB01 75 66 JNZ SHORT .00B6BB69 + * 00B6BB03 8B83 A8000000 MOV EAX,DWORD PTR DS:[EBX+0xA8] + * 00B6BB09 F7D8 NEG EAX + * 00B6BB0B 3943 5C CMP DWORD PTR DS:[EBX+0x5C],EAX + * 00B6BB0E 7F 68 JG SHORT .00B6BB78 + * 00B6BB10 8B9D E0FBFFFF MOV EBX,DWORD PTR SS:[EBP-0x420] + * 00B6BB16 85DB TEST EBX,EBX + * 00B6BB18 0F84 E8030000 JE .00B6BF06 + * 00B6BB1E 8B8D FCFBFFFF MOV ECX,DWORD PTR SS:[EBP-0x404] + * 00B6BB24 8379 14 08 CMP DWORD PTR DS:[ECX+0x14],0x8 + * 00B6BB28 72 02 JB SHORT .00B6BB2C + * 00B6BB2A 8B09 MOV ECX,DWORD PTR DS:[ECX] + * 00B6BB2C 8B85 F0FBFFFF MOV EAX,DWORD PTR SS:[EBP-0x410] + * 00B6BB32 C745 EC 07000000 MOV DWORD PTR SS:[EBP-0x14],0x7 + * 00B6BB39 C745 E8 00000000 MOV DWORD PTR SS:[EBP-0x18],0x0 + * 00B6BB40 8B00 MOV EAX,DWORD PTR DS:[EAX] + * 00B6BB42 8D0441 LEA EAX,DWORD PTR DS:[ECX+EAX*2] + * 00B6BB45 33C9 XOR ECX,ECX + * 00B6BB47 66:894D D8 MOV WORD PTR SS:[EBP-0x28],CX + * 00B6BB4B 3BF8 CMP EDI,EAX + * 00B6BB4D 74 0E JE SHORT .00B6BB5D + * 00B6BB4F 2BC7 SUB EAX,EDI + * 00B6BB51 8D4D D8 LEA ECX,DWORD PTR SS:[EBP-0x28] + * 00B6BB54 D1F8 SAR EAX,1 + * 00B6BB56 50 PUSH EAX + * 00B6BB57 57 PUSH EDI + * 00B6BB58 E8 E334F2FF CALL .00A8F040 + * 00B6BB5D C745 FC 00000000 MOV DWORD PTR SS:[EBP-0x4],0x0 + * 00B6BB64 E9 82030000 JMP .00B6BEEB + * 00B6BB69 8B43 60 MOV EAX,DWORD PTR DS:[EBX+0x60] + * 00B6BB6C 3B83 AC000000 CMP EAX,DWORD PTR DS:[EBX+0xAC] + * 00B6BB72 0F8D 23030000 JGE .00B6BE9B + * 00B6BB78 8D8D 08FCFFFF LEA ECX,DWORD PTR SS:[EBP-0x3F8] + * 00B6BB7E E8 EDDEFFFF CALL .00B69A70 + * 00B6BB83 C745 FC 02000000 MOV DWORD PTR SS:[EBP-0x4],0x2 + * 00B6BB8A 8B43 78 MOV EAX,DWORD PTR DS:[EBX+0x78] + * 00B6BB8D 8B15 C05DFA00 MOV EDX,DWORD PTR DS:[0xFA5DC0] + * 00B6BB93 8985 F4FBFFFF MOV DWORD PTR SS:[EBP-0x40C],EAX + * 00B6BB99 83F8 FF CMP EAX,-0x1 + * 00B6BB9C 75 23 JNZ SHORT .00B6BBC1 + * 00B6BB9E 80BA 60010000 00 CMP BYTE PTR DS:[EDX+0x160],0x0 + * 00B6BBA5 74 11 JE SHORT .00B6BBB8 + * 00B6BBA7 8B83 E0000000 MOV EAX,DWORD PTR DS:[EBX+0xE0] + * 00B6BBAD 8985 F4FBFFFF MOV DWORD PTR SS:[EBP-0x40C],EAX + * 00B6BBB3 83F8 FF CMP EAX,-0x1 + * 00B6BBB6 75 09 JNZ SHORT .00B6BBC1 + * 00B6BBB8 8B43 24 MOV EAX,DWORD PTR DS:[EBX+0x24] + * 00B6BBBB 8985 F4FBFFFF MOV DWORD PTR SS:[EBP-0x40C],EAX + * 00B6BBC1 8B4B 7C MOV ECX,DWORD PTR DS:[EBX+0x7C] + * 00B6BBC4 898D E4FBFFFF MOV DWORD PTR SS:[EBP-0x41C],ECX + * 00B6BBCA 83F9 FF CMP ECX,-0x1 + * 00B6BBCD 75 23 JNZ SHORT .00B6BBF2 + * 00B6BBCF 80BA 60010000 00 CMP BYTE PTR DS:[EDX+0x160],0x0 + * 00B6BBD6 74 11 JE SHORT .00B6BBE9 + * 00B6BBD8 8B8B E4000000 MOV ECX,DWORD PTR DS:[EBX+0xE4] + * 00B6BBDE 898D E4FBFFFF MOV DWORD PTR SS:[EBP-0x41C],ECX + * 00B6BBE4 83F9 FF CMP ECX,-0x1 + * 00B6BBE7 75 09 JNZ SHORT .00B6BBF2 + * 00B6BBE9 8B43 28 MOV EAX,DWORD PTR DS:[EBX+0x28] + * 00B6BBEC 8985 E4FBFFFF MOV DWORD PTR SS:[EBP-0x41C],EAX + * 00B6BBF2 8B83 80000000 MOV EAX,DWORD PTR DS:[EBX+0x80] + * 00B6BBF8 8985 04FCFFFF MOV DWORD PTR SS:[EBP-0x3FC],EAX + * 00B6BBFE 83F8 FF CMP EAX,-0x1 + * 00B6BC01 75 23 JNZ SHORT .00B6BC26 + * 00B6BC03 80BA 60010000 00 CMP BYTE PTR DS:[EDX+0x160],0x0 + * 00B6BC0A 74 11 JE SHORT .00B6BC1D + * 00B6BC0C 8B83 E8000000 MOV EAX,DWORD PTR DS:[EBX+0xE8] + * 00B6BC12 8985 04FCFFFF MOV DWORD PTR SS:[EBP-0x3FC],EAX + * 00B6BC18 83F8 FF CMP EAX,-0x1 + * 00B6BC1B 75 09 JNZ SHORT .00B6BC26 + * 00B6BC1D 8B43 2C MOV EAX,DWORD PTR DS:[EBX+0x2C] + * 00B6BC20 8985 04FCFFFF MOV DWORD PTR SS:[EBP-0x3FC],EAX + * 00B6BC26 8B53 68 MOV EDX,DWORD PTR DS:[EBX+0x68] + * 00B6BC29 0353 60 ADD EDX,DWORD PTR DS:[EBX+0x60] + * 00B6BC2C 8B4B 5C MOV ECX,DWORD PTR DS:[EBX+0x5C] + * 00B6BC2F 034B 64 ADD ECX,DWORD PTR DS:[EBX+0x64] + * 00B6BC32 83BD 00FCFFFF 01 CMP DWORD PTR SS:[EBP-0x400],0x1 + * 00B6BC39 8BB5 F4FBFFFF MOV ESI,DWORD PTR SS:[EBP-0x40C] + * 00B6BC3F 8B43 6C MOV EAX,DWORD PTR DS:[EBX+0x6C] + * 00B6BC42 C785 DCFBFFFF 00>MOV DWORD PTR SS:[EBP-0x424],0x0 + * 00B6BC4C 0F44B5 DCFBFFFF CMOVE ESI,DWORD PTR SS:[EBP-0x424] + * 00B6BC53 80BB FE000000 00 CMP BYTE PTR DS:[EBX+0xFE],0x0 + * 00B6BC5A 89B5 F4FBFFFF MOV DWORD PTR SS:[EBP-0x40C],ESI + * 00B6BC60 8BB5 00FCFFFF MOV ESI,DWORD PTR SS:[EBP-0x400] + * 00B6BC66 8985 10FCFFFF MOV DWORD PTR SS:[EBP-0x3F0],EAX + * 00B6BC6C 8B85 F4FBFFFF MOV EAX,DWORD PTR SS:[EBP-0x40C] + * 00B6BC72 8985 14FCFFFF MOV DWORD PTR SS:[EBP-0x3EC],EAX + * 00B6BC78 8B85 E4FBFFFF MOV EAX,DWORD PTR SS:[EBP-0x41C] + * 00B6BC7E 89B5 08FCFFFF MOV DWORD PTR SS:[EBP-0x3F8],ESI + * 00B6BC84 8BB5 E8FBFFFF MOV ESI,DWORD PTR SS:[EBP-0x418] + * 00B6BC8A 8985 18FCFFFF MOV DWORD PTR SS:[EBP-0x3E8],EAX + * 00B6BC90 8B85 04FCFFFF MOV EAX,DWORD PTR SS:[EBP-0x3FC] + * 00B6BC96 89B5 0CFCFFFF MOV DWORD PTR SS:[EBP-0x3F4],ESI + * 00B6BC9C 8985 1CFCFFFF MOV DWORD PTR SS:[EBP-0x3E4],EAX + * 00B6BCA2 898D 20FCFFFF MOV DWORD PTR SS:[EBP-0x3E0],ECX + * 00B6BCA8 8995 24FCFFFF MOV DWORD PTR SS:[EBP-0x3DC],EDX + * 00B6BCAE 74 19 JE SHORT .00B6BCC9 + * 00B6BCB0 8B43 5C MOV EAX,DWORD PTR DS:[EBX+0x5C] + * 00B6BCB3 8983 00010000 MOV DWORD PTR DS:[EBX+0x100],EAX + * 00B6BCB9 8B43 60 MOV EAX,DWORD PTR DS:[EBX+0x60] + * 00B6BCBC 8983 04010000 MOV DWORD PTR DS:[EBX+0x104],EAX + * 00B6BCC2 C683 FE000000 00 MOV BYTE PTR DS:[EBX+0xFE],0x0 + * 00B6BCC9 A1 9C5DFA00 MOV EAX,DWORD PTR DS:[0xFA5D9C] + * 00B6BCCE 83B8 84CF0000 01 CMP DWORD PTR DS:[EAX+0xCF84],0x1 + * 00B6BCD5 8B43 70 MOV EAX,DWORD PTR DS:[EBX+0x70] + * 00B6BCD8 75 0B JNZ SHORT .00B6BCE5 + * 00B6BCDA 0385 ECFBFFFF ADD EAX,DWORD PTR SS:[EBP-0x414] + * 00B6BCE0 0143 60 ADD DWORD PTR DS:[EBX+0x60],EAX + * 00B6BCE3 EB 09 JMP SHORT .00B6BCEE + * 00B6BCE5 0385 ECFBFFFF ADD EAX,DWORD PTR SS:[EBP-0x414] + * 00B6BCEB 0143 5C ADD DWORD PTR DS:[EBX+0x5C],EAX + * 00B6BCEE 8B8D 00FCFFFF MOV ECX,DWORD PTR SS:[EBP-0x400] + * 00B6BCF4 85C9 TEST ECX,ECX + * 00B6BCF6 75 42 JNZ SHORT .00B6BD3A + * 00B6BCF8 81FE 0C300000 CMP ESI,0x300C ; jichi: type2 found here + * 00B6BCFE 74 10 JE SHORT .00B6BD10 + * 00B6BD00 81FE 0E300000 CMP ESI,0x300E + * 00B6BD06 74 08 JE SHORT .00B6BD10 + * 00B6BD08 81FE 08FF0000 CMP ESI,0xFF08 + * 00B6BD0E 75 2A JNZ SHORT .00B6BD3A + * 00B6BD10 80BB FD000000 00 CMP BYTE PTR DS:[EBX+0xFD],0x0 + * 00B6BD17 74 10 JE SHORT .00B6BD29 + * 00B6BD19 56 PUSH ESI + */ + bool InsertSiglus2Hook() + { + // const BYTE bytes[] = { // size = 14 + // 0x01,0x53, 0x58, // 0153 58 add dword ptr ds:[ebx+58],edx + // 0x8b,0x95, 0x34,0xfd,0xff,0xff, // 8b95 34fdffff mov edx,dword ptr ss:[ebp-2cc] + // 0x8b,0x43, 0x58, // 8b43 58 mov eax,dword ptr ds:[ebx+58] + // 0x3b,0xd7 // 3bd7 cmp edx,edi ; hook here + // }; + // enum { cur_ins_size = 2 }; + // enum { addr_offset = sizeof(bytes) - cur_ins_size }; // = 14 - 2 = 12, current inst is the last one + + ULONG range = min(processStopAddress - processStartAddress, MAX_REL_ADDR); + ULONG addr; + { // type 1 + const BYTE bytes[] = { + 0x3b, 0xd7, // cmp edx,edi ; hook here + 0x75, 0x4b // jnz short + }; + // enum { addr_offset = 0 }; + addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStartAddress + range); + if (addr) + ConsoleOutput("Siglus2: type 1 pattern found"); + } + if (!addr) + { + // 81fe0c300000 + const BYTE bytes[] = { + 0x81, 0xfe, 0x0c, 0x30, 0x00, 0x00 // 0114124a 81fe 0c300000 cmp esi,0x300c ; jichi: hook here + }; + // enum { addr_offset = 0 }; + addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStartAddress + range); + if (addr) + ConsoleOutput("Siglus2: type 2 pattern found"); + } + + if (!addr) + { + ConsoleOutput("Siglus2: both type1 and type2 patterns not found"); + return false; + } + + HookParam hp; + hp.address = addr; + hp.offset = get_reg(regs::esi); + hp.type = CODEC_UTF16 | FIXING_SPLIT; // jichi 6/1/2014: fixing the split value + + ConsoleOutput("INSERT Siglus2"); + return NewHook(hp, "SiglusEngine2"); + } + static void SpecialHookSiglus1(hook_stack *stack, HookParam *hp, TextBuffer *buffer, uintptr_t *split) + { + // 写回有乱码 + auto textu = (TextUnionW *)(stack->ecx + 4); + buffer->from(textu->getText(),textu->size * 2); + } + + // jichi: 8/17/2013: Change return type to bool + bool InsertSiglus1Hook() + { + const BYTE bytes[] = {0x33, 0xc0, 0x8b, 0xf9, 0x89, 0x7c, 0x24}; + ULONG range = max(processStopAddress - processStartAddress, MAX_REL_ADDR); + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStartAddress + range); + if (!addr) + { // jichi 8/17/2013: Add "== 0" check to prevent breaking new games + // ConsoleOutput("Unknown SiglusEngine"); + ConsoleOutput("Siglus: pattern not found"); + return false; + } + + DWORD limit = addr - 0x100; + while (addr > limit) + { + if (*(WORD *)addr == 0xff6a) + { + HookParam hp; + hp.address = addr; + hp.text_fun = SpecialHookSiglus1; + hp.type = CODEC_UTF16; + ConsoleOutput("INSERT Siglus"); + return NewHook(hp, "SiglusEngine"); + } + addr--; + } + ConsoleOutput("Siglus: failed"); + return false; + } + +} // unnamed namespace + +// jichi 8/17/2013: Insert old first. As the pattern could also be found in the old engine. +bool InsertSiglusHook() +{ + if (InsertSiglus1Hook()) + return true; + bool ok = InsertSiglus2Hook(); + ok = InsertSiglus3Hook() || ok; + ok = InsertSiglus4Hook() || ok; + return ok; +} +bool InsertSiglusHookZ() +{ + BYTE bytes[] = { + 0x8b, 0x12, + 0x66, 0x89, 0x04, 0x72}; + auto addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStopAddress); + ConsoleOutput("SiglusHookZ %p", addr); + if (addr == 0) + return false; + HookParam hp; + hp.address = addr + 2; + hp.offset = get_reg(regs::eax); + hp.type = CODEC_UTF16; + return NewHook(hp, "SiglusHookZ"); +} +namespace +{ + namespace ScenarioHook + { + namespace Private + { + /** + * jichi 8/16/2013: Insert new siglus hook + * See (CaoNiMaGeBi): http://tieba.baidu.com/p/2531786952 + * + * 013bac6e cc int3 + * 013bac6f cc int3 + * 013bac70 /$ 55 push ebp ; jichi: function starts + * 013bac71 |. 8bec mov ebp,esp + * 013bac73 |. 6a ff push -0x1 + * 013bac75 |. 68 d8306201 push siglusen.016230d8 + * 013bac7a |. 64:a1 00000000 mov eax,dword ptr fs:[0] + * 013bac80 |. 50 push eax + * 013bac81 |. 81ec dc020000 sub esp,0x2dc + * 013bac87 |. a1 90f46b01 mov eax,dword ptr ds:[0x16bf490] + * 013bac8c |. 33c5 xor eax,ebp + * 013bac8e |. 8945 f0 mov dword ptr ss:[ebp-0x10],eax + * 013bac91 |. 53 push ebx + * 013bac92 |. 56 push esi + * 013bac93 |. 57 push edi + * 013bac94 |. 50 push eax + * ... + * 013baf32 |. 3bd7 |cmp edx,edi ; jichi: ITH hook here, char saved in edi + * 013baf34 |. 75 4b |jnz short siglusen.013baf81 + */ + enum Type + { + Type1 // Old SiglusEngine2, arg in ecx + , + Type2 // New SiglusENgine2, arg in arg1, since リア充クラスメイト孕ませ催眠 in 9/26/2014 + } type_; // static + /** + * Sample game: 聖娼女 体験版 + * + * IDA: sub_4DAC70 proc near ; Attributes: bp-based frame + * + * Observations: + * - return: number of bytes = 2 * number of size + * - arg1: unknown pointer, remains the same + * - arg2: unknown, remains the same + * - this (ecx) + * - union + * - char x 3: if size < (3 * 2 - 1) && + * - pointer x 4 + * - 0x0: UTF-16 text + * - 0x4: the same as 0x0 + * - 0x8: unknown variate pointer + * - 0xc: wchar_t pointer to a flag, the pointed value is zero when union is used as a char + * - 0x10: size of the text without null char + * - 0x14: unknown size, always slightly larger than size + * - 0x18: constant pointer + * ... + * + * Sample stack: + * 0025edf0 a8 f3 13 0a a8 f3 13 0a ィ・.ィ・. ; jichi: ecx = 0025edf0 + * LPCWSTR LPCWSTR + * 0025edf8 10 ee 25 00 d0 ee 37 01 ・.ミ・ + * LPCWSTR LPCWSTR + * 0025ee00 13 00 00 00 17 00 00 00 ...… + * SIZE_T SIZE_T + * + * 0025ee08 18 0c f6 09 27 00 00 00 .・'... ; jichi: following three lines are constants + * 0025ee10 01 00 00 00 01 00 00 00 ...... + * 0025ee18 d2 d9 5d 9f 1c a2 e7 09 メル]・「・ + * + * 0025ee20 40 8c 10 07 00 00 00 00 @・.... + * 0025ee28 00 00 00 00 00 00 00 00 ........ + * 0025ee30 b8 ee ce 0c b8 ee ce 0c ク﨩.ク﨩. + * 0025ee38 b8 ee ce 0c 00 00 00 00 ク﨩..... + * 0025ee40 00 00 00 00 01 00 00 00 ....... + * 0025ee48 00 00 00 00 00 00 00 00 ........ + * 0025ee50 00 00 00 00 00 00 00 00 ........ + * 0025ee58 00 00 00 00 00 00 00 00 ........ + * + * 0025ee60 01 00 00 00 01 00 00 00 ...... + */ + ULONG search(ULONG startAddress, ULONG stopAddress, Type *type) + { + ULONG addr; + { + const uint8_t bytes1[] = { + 0x3b, 0xd7, // 013baf32 |. 3bd7 |cmp edx,edi ; jichi: ITH hook here, char saved in edi + 0x75, 0x4b // 013baf34 |. 75 4b |jnz short siglusen.013baf81 + }; + addr = MemDbg::findBytes(bytes1, sizeof(bytes1), startAddress, stopAddress); + if (addr && type) + *type = Type1; + } + if (!addr) + { + const uint8_t bytes2[] = { + // 81fe0c300000 + 0x81, 0xfe, 0x0c, 0x30, 0x00, 0x00 // 0114124a 81fe 0c300000 cmp esi,0x300c ; jichi: hook here + }; + addr = MemDbg::findBytes(bytes2, sizeof(bytes2), startAddress, stopAddress); + if (addr && type) + *type = Type2; + } + if (!addr) + return 0; + + const uint8_t bytes[] = { + 0x55, // 013bac70 /$ 55 push ebp ; jichi: function starts + 0x8b, 0xec, // 013bac71 |. 8bec mov ebp,esp + 0x6a, 0xff // 013bac73 |. 6a ff push -0x1 + }; + // enum { range = 0x300 }; // 0x013baf32 - 0x013bac70 = 706 = 0x2c2 + // enum { range = 0x400 }; // 0x013baf32 - 0x013bac70 = 0x36a + enum + { + range = 0x500 + }; // 0x00b6bcf8 - 0x00b6b880 = 0x478 + return MemDbg::findBytes(bytes, sizeof(bytes), addr - range, addr); + // if (!reladdr) + // //ConsoleOutput("Siglus2: pattern not found"); + // return 0; + // addr += reladdr; + // return addr; + } + + void text_fun(hook_stack *s, HookParam *hp, TextBuffer *buffer, uintptr_t *split) + { + + auto arg = (TextUnionW *)(type_ == Type1 ? s->ecx : s->stack[1]); + if (!arg || !arg->isValid()) + return ; + buffer->from(arg->getText(), arg->size*2); + } + void hookafter(hook_stack *s, void *data, size_t len) + { + auto arg = (TextUnionW *)(type_ == Type1 ? s->ecx : s->stack[1]); + auto argValue = *arg; + auto newText = new std::wstring((wchar_t *)data, len / 2); + arg->setLongText(*newText); + + // Restoring is indispensible, and as a result, the default hook does not work + //*arg = argValue; + } + } + bool attach(ULONG startAddress, ULONG stopAddress) // attach scenario + { + ULONG addr = Private::search(startAddress, stopAddress, &Private::type_); + ConsoleOutput("%p", addr); + if (!addr) + return false; + // return Private::oldHookFun = (Private::hook_fun_t)winhook::replace_fun(addr, (ULONG)Private::newHookFun); + HookParam hp; + hp.address = addr; + hp.type = EMBED_ABLE | CODEC_UTF16 | EMBED_INSERT_SPACE_AFTER_UNENCODABLE|NO_CONTEXT; // 0x41 + hp.text_fun = Private::text_fun; + hp.hook_after = Private::hookafter; + hp.hook_font = F_GetGlyphOutlineW; + return NewHook(hp, "EmbedSiglus"); + } + } +} + +namespace OtherHook +{ + namespace Private + { + + TextUnionW *arg_, + argValue_; + void hookBefore(hook_stack *s, HookParam *hp, TextBuffer *buffer, uintptr_t *role) + { + static std::wstring text_; + auto arg = (TextUnionW *)s->stack[0]; + if (!arg || !arg->isValid()) + return ; + + LPCWSTR text = arg->getText(); + // Skip all ascii + if (!text || !*text || *text <= 127 || arg->size > 1500) // there could be garbage + return ; + + *role = Engine::OtherRole; + ULONG split = s->stack[3]; + if (split <= 0xffff || !Engine::isAddressReadable(split)) + { // skip modifying scenario thread + // role = Engine::ScenarioRole; + return ; + } + else + { + split = *(DWORD *)split; + switch (split) + { + case 0x54: + case 0x26: + *role = Engine::NameRole; + } + } + // auto sig = Engine::hashThreadSignature(role, split); + + buffer->from(text, arg->size*2); + // newText = EngineController::instance()->dispatchTextWSTD(oldText, role, sig); + } + void hookafter2(hook_stack *s, void *data, size_t len) + { + auto arg = (TextUnionW *)s->stack[0]; + arg_ = arg; + argValue_ = *arg; + static std::wstring text_; + auto newText = std::wstring((LPWSTR)data, len / 2); + text_ = newText; + arg->setLongText(text_); + } + + ULONG search(ULONG startAddress, ULONG stopAddress) + { + const uint8_t bytes[] = { + 0xc7, 0x47, 0x14, 0x07, 0x00, 0x00, 0x00, // 0042cf20 c747 14 07000000 mov dword ptr ds:[edi+0x14],0x7 + 0xc7, 0x47, 0x10, 0x00, 0x00, 0x00, 0x00, // 0042cf27 c747 10 00000000 mov dword ptr ds:[edi+0x10],0x0 + 0x66, 0x89, 0x0f, // 0042cf2e 66:890f mov word ptr ds:[edi],cx + 0x8b, 0xcf, // 0042cf31 8bcf mov ecx,edi + 0x50, // 0042cf33 50 push eax + 0xe8 // XX4 // 0042cf34 e8 e725f6ff call .0038f520 ; jichi: hook here + }; + enum + { + addr_offset = sizeof(bytes) - 1 + }; // +4 for the call address + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), startAddress, stopAddress); + if (!addr) + return 0; + return addr + addr_offset; + } + + } // namespace Private + + bool attach(ULONG startAddress, ULONG stopAddress) + { + ULONG addr = Private::search(startAddress, stopAddress); + if (addr == 0) + return false; + HookParam hp; + hp.address = addr; + hp.type = EMBED_ABLE | CODEC_UTF16 | EMBED_INSERT_SPACE_AFTER_UNENCODABLE|NO_CONTEXT; // 0x41 + hp.text_fun = Private::hookBefore; + hp.hook_after = Private::hookafter2; + hp.hook_font = F_GetGlyphOutlineW; + return NewHook(hp, "EmbedSiglus"); + } + +} // namespace OtherHook + +bool Siglus::attach_function() +{ + + bool b3 = ScenarioHook::attach(processStartAddress, processStopAddress); + if (b3) + OtherHook::attach(processStartAddress, processStopAddress); + bool b1 = InsertSiglusHook(); + bool b2 = InsertSiglusHookZ(); + return b1 || b2 || b3; +} \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine32/Siglus.h b/cpp/LunaHook/LunaHook/engine32/Siglus.h new file mode 100644 index 00000000..63728f56 --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/Siglus.h @@ -0,0 +1,13 @@ + + +class Siglus:public ENGINE{ + public: + Siglus(){ + + check_by=CHECK_BY::CUSTOM; + check_by_target=[](){ + return (wcsstr(processName_lower, L"siglusengine") || !wcsncmp(processName_lower, L"siglus~", 7) || Util::CheckFile(L"SiglusEngine.exe")); + }; + }; + bool attach_function(); +}; \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine32/Silkys.cpp b/cpp/LunaHook/LunaHook/engine32/Silkys.cpp new file mode 100644 index 00000000..4b0048f8 --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/Silkys.cpp @@ -0,0 +1,764 @@ +#include "Silkys.h" +#include "util/textunion.h" + +/** jichi: 6/17/2015 + * Sample games + * - 堕ちてぁ�新妻 trial + * - 根雪の幻影 trial + * + * This function is found by backtracking GetGlyphOutlineA. + * There are two GetGlyphOutlineA, which are in the same function. + * That function are called by two other functions. + * The second function is hooked. + * + * 堕ちてぁ�新妻 + * baseaddr = 08e0000 + * + * 0096652E CC INT3 + * 0096652F CC INT3 + * 00966530 55 PUSH EBP + * 00966531 8BEC MOV EBP,ESP + * 00966533 83EC 18 SUB ESP,0x18 + * 00966536 A1 00109F00 MOV EAX,DWORD PTR DS:[0x9F1000] + * 0096653B 33C5 XOR EAX,EBP + * 0096653D 8945 FC MOV DWORD PTR SS:[EBP-0x4],EAX + * 00966540 53 PUSH EBX + * 00966541 8B5D 0C MOV EBX,DWORD PTR SS:[EBP+0xC] + * 00966544 56 PUSH ESI + * 00966545 8B75 08 MOV ESI,DWORD PTR SS:[EBP+0x8] + * 00966548 57 PUSH EDI + * 00966549 6A 00 PUSH 0x0 + * 0096654B 894D EC MOV DWORD PTR SS:[EBP-0x14],ECX + * 0096654E 8B0D FCB7A200 MOV ECX,DWORD PTR DS:[0xA2B7FC] + * 00966554 68 90D29D00 PUSH .009DD290 ; ASCII "/Config/SceneSkip" + * 00966559 895D F0 MOV DWORD PTR SS:[EBP-0x10],EBX + * 0096655C E8 2F4A0100 CALL .0097AF90 + * 00966561 83F8 01 CMP EAX,0x1 + * 00966564 0F84 E0010000 JE .0096674A + * 0096656A 8B55 EC MOV EDX,DWORD PTR SS:[EBP-0x14] + * 0096656D 85DB TEST EBX,EBX + * 0096656F 75 09 JNZ SHORT .0096657A + * 00966571 8B42 04 MOV EAX,DWORD PTR DS:[EDX+0x4] + * 00966574 8B40 38 MOV EAX,DWORD PTR DS:[EAX+0x38] + * 00966577 8945 F0 MOV DWORD PTR SS:[EBP-0x10],EAX + * 0096657A 33C0 XOR EAX,EAX + * 0096657C C645 F8 00 MOV BYTE PTR SS:[EBP-0x8],0x0 + * 00966580 33C9 XOR ECX,ECX + * 00966582 66:8945 F9 MOV WORD PTR SS:[EBP-0x7],AX + * 00966586 3946 14 CMP DWORD PTR DS:[ESI+0x14],EAX + * 00966589 0F86 BB010000 JBE .0096674A + * + * Scenario stack: + * + * 002FF9DC 00955659 RETURN to .00955659 from .00966530 + * 002FF9E0 002FFA10 ; jichi: text in [arg1+4] + * 002FF9E4 00000000 ; arg2 is zero + * 002FF9E8 00000001 + * 002FF9EC 784B8FC7 + * + * Name stack: + * + * 002FF59C 00930A76 RETURN to .00930A76 from .00966530 + * 002FF5A0 002FF5D0 ; jichi: text in [arg1+4] + * 002FF5A4 004DDEC0 ; arg2 is a pointer + * 002FF5A8 00000001 + * 002FF5AC 784B8387 + * 002FF5B0 00000182 + * 002FF5B4 00000000 + * + * Scenario and Name are called by different callers. + * + * 根雪の幻影 + * + * 00A1A00E CC INT3 + * 00A1A00F CC INT3 + * 00A1A010 55 PUSH EBP + * 00A1A011 8BEC MOV EBP,ESP + * 00A1A013 83EC 18 SUB ESP,0x18 + * 00A1A016 A1 0050AA00 MOV EAX,DWORD PTR DS:[0xAA5000] + * 00A1A01B 33C5 XOR EAX,EBP + * 00A1A01D 8945 FC MOV DWORD PTR SS:[EBP-0x4],EAX + * 00A1A020 53 PUSH EBX + * 00A1A021 56 PUSH ESI + * 00A1A022 8B75 0C MOV ESI,DWORD PTR SS:[EBP+0xC] + * 00A1A025 57 PUSH EDI + * 00A1A026 8B7D 08 MOV EDI,DWORD PTR SS:[EBP+0x8] + * 00A1A029 6A 00 PUSH 0x0 + * 00A1A02B 894D F0 MOV DWORD PTR SS:[EBP-0x10],ECX + * 00A1A02E 8B0D C434AE00 MOV ECX,DWORD PTR DS:[0xAE34C4] + * 00A1A034 68 F816A900 PUSH .00A916F8 ; ASCII "/Config/SceneSkip" + * 00A1A039 8975 EC MOV DWORD PTR SS:[EBP-0x14],ESI + * 00A1A03C E8 7F510100 CALL .00A2F1C0 + * 00A1A041 83F8 01 CMP EAX,0x1 + * 00A1A044 0F84 3A010000 JE .00A1A184 + * 00A1A04A 8B4D F0 MOV ECX,DWORD PTR SS:[EBP-0x10] + * 00A1A04D 85F6 TEST ESI,ESI + * 00A1A04F 75 09 JNZ SHORT .00A1A05A + * 00A1A051 8B41 04 MOV EAX,DWORD PTR DS:[ECX+0x4] + * 00A1A054 8B40 38 MOV EAX,DWORD PTR DS:[EAX+0x38] + * 00A1A057 8945 EC MOV DWORD PTR SS:[EBP-0x14],EAX + * 00A1A05A 33C0 XOR EAX,EAX + * 00A1A05C C645 F8 00 MOV BYTE PTR SS:[EBP-0x8],0x0 + * 00A1A060 33DB XOR EBX,EBX + * 00A1A062 66:8945 F9 MOV WORD PTR SS:[EBP-0x7],AX + * 00A1A066 3947 14 CMP DWORD PTR DS:[EDI+0x14],EAX + * 00A1A069 0F86 15010000 JBE .00A1A184 + * 00A1A06F 90 NOP + * 00A1A070 837F 18 10 CMP DWORD PTR DS:[EDI+0x18],0x10 + * 00A1A074 72 05 JB SHORT .00A1A07B + * 00A1A076 8B47 04 MOV EAX,DWORD PTR DS:[EDI+0x4] + * 00A1A079 EB 03 JMP SHORT .00A1A07E + * 00A1A07B 8D47 04 LEA EAX,DWORD PTR DS:[EDI+0x4] + * 00A1A07E 803C18 00 CMP BYTE PTR DS:[EAX+EBX],0x0 + * 00A1A082 0F84 FC000000 JE .00A1A184 + * 00A1A088 837F 18 10 CMP DWORD PTR DS:[EDI+0x18],0x10 + * 00A1A08C 72 05 JB SHORT .00A1A093 + * 00A1A08E 8B47 04 MOV EAX,DWORD PTR DS:[EDI+0x4] + * 00A1A091 EB 03 JMP SHORT .00A1A096 + * 00A1A093 8D47 04 LEA EAX,DWORD PTR DS:[EDI+0x4] + * 00A1A096 8A0418 MOV AL,BYTE PTR DS:[EAX+EBX] + * 00A1A099 3C 81 CMP AL,0x81 + * 00A1A09B 72 04 JB SHORT .00A1A0A1 + * 00A1A09D 3C 9F CMP AL,0x9F + * 00A1A09F 76 06 JBE SHORT .00A1A0A7 + * 00A1A0A1 04 20 ADD AL,0x20 + * 00A1A0A3 3C 0F CMP AL,0xF + * 00A1A0A5 77 40 JA SHORT .00A1A0E7 + * 00A1A0A7 837F 18 10 CMP DWORD PTR DS:[EDI+0x18],0x10 + * 00A1A0AB 72 05 JB SHORT .00A1A0B2 + * 00A1A0AD 8B47 04 MOV EAX,DWORD PTR DS:[EDI+0x4] + * 00A1A0B0 EB 03 JMP SHORT .00A1A0B5 + * 00A1A0B2 8D47 04 LEA EAX,DWORD PTR DS:[EDI+0x4] + * 00A1A0B5 837F 18 10 CMP DWORD PTR DS:[EDI+0x18],0x10 + * 00A1A0B9 8A0418 MOV AL,BYTE PTR DS:[EAX+EBX] + * 00A1A0BC 8845 F8 MOV BYTE PTR SS:[EBP-0x8],AL + * 00A1A0BF 72 13 JB SHORT .00A1A0D4 + * 00A1A0C1 8B47 04 MOV EAX,DWORD PTR DS:[EDI+0x4] + * 00A1A0C4 C645 F7 02 MOV BYTE PTR SS:[EBP-0x9],0x2 + * 00A1A0C8 8A4418 01 MOV AL,BYTE PTR DS:[EAX+EBX+0x1] + * 00A1A0CC 83C3 02 ADD EBX,0x2 + * 00A1A0CF 8845 F9 MOV BYTE PTR SS:[EBP-0x7],AL + * 00A1A0D2 EB 30 JMP SHORT .00A1A104 + * 00A1A0D4 8D47 04 LEA EAX,DWORD PTR DS:[EDI+0x4] + * 00A1A0D7 C645 F7 02 MOV BYTE PTR SS:[EBP-0x9],0x2 + * 00A1A0DB 8A4418 01 MOV AL,BYTE PTR DS:[EAX+EBX+0x1] + * 00A1A0DF 83C3 02 ADD EBX,0x2 + * 00A1A0E2 8845 F9 MOV BYTE PTR SS:[EBP-0x7],AL + * 00A1A0E5 EB 1D JMP SHORT .00A1A104 + * 00A1A0E7 837F 18 10 CMP DWORD PTR DS:[EDI+0x18],0x10 + * 00A1A0EB 72 05 JB SHORT .00A1A0F2 + * 00A1A0ED 8B47 04 MOV EAX,DWORD PTR DS:[EDI+0x4] + * 00A1A0F0 EB 03 JMP SHORT .00A1A0F5 + * 00A1A0F2 8D47 04 LEA EAX,DWORD PTR DS:[EDI+0x4] + * 00A1A0F5 8A0418 MOV AL,BYTE PTR DS:[EAX+EBX] + * 00A1A0F8 43 INC EBX + * 00A1A0F9 8845 F8 MOV BYTE PTR SS:[EBP-0x8],AL + * 00A1A0FC C645 F9 00 MOV BYTE PTR SS:[EBP-0x7],0x0 + * 00A1A100 C645 F7 01 MOV BYTE PTR SS:[EBP-0x9],0x1 + * 00A1A104 807F 48 01 CMP BYTE PTR DS:[EDI+0x48],0x1 + * 00A1A108 75 21 JNZ SHORT .00A1A12B + * 00A1A10A 8B49 08 MOV ECX,DWORD PTR DS:[ECX+0x8] + * 00A1A10D 8D47 38 LEA EAX,DWORD PTR DS:[EDI+0x38] + * 00A1A110 50 PUSH EAX + * 00A1A111 FF77 28 PUSH DWORD PTR DS:[EDI+0x28] + * 00A1A114 8B47 24 MOV EAX,DWORD PTR DS:[EDI+0x24] + * 00A1A117 03C0 ADD EAX,EAX + * 00A1A119 50 PUSH EAX + * 00A1A11A 8D47 20 LEA EAX,DWORD PTR DS:[EDI+0x20] + * 00A1A11D 50 PUSH EAX + * 00A1A11E 8D47 1C LEA EAX,DWORD PTR DS:[EDI+0x1C] + * 00A1A121 50 PUSH EAX + * 00A1A122 8D45 F8 LEA EAX,DWORD PTR SS:[EBP-0x8] + * 00A1A125 50 PUSH EAX + * 00A1A126 E8 85220000 CALL .00A1C3B0 + * 00A1A12B FF77 34 PUSH DWORD PTR DS:[EDI+0x34] + * 00A1A12E 8B4D EC MOV ECX,DWORD PTR SS:[EBP-0x14] + * 00A1A131 8D45 F8 LEA EAX,DWORD PTR SS:[EBP-0x8] + * 00A1A134 FF77 4C PUSH DWORD PTR DS:[EDI+0x4C] + * 00A1A137 FF77 30 PUSH DWORD PTR DS:[EDI+0x30] + * 00A1A13A FF77 2C PUSH DWORD PTR DS:[EDI+0x2C] + * 00A1A13D FF77 20 PUSH DWORD PTR DS:[EDI+0x20] + * 00A1A140 FF77 1C PUSH DWORD PTR DS:[EDI+0x1C] + * 00A1A143 50 PUSH EAX + * 00A1A144 E8 1733FFFF CALL .00A0D460 + * 00A1A149 0FBE45 F7 MOVSX EAX,BYTE PTR SS:[EBP-0x9] + * 00A1A14D 0FAF47 24 IMUL EAX,DWORD PTR DS:[EDI+0x24] + * 00A1A151 0147 1C ADD DWORD PTR DS:[EDI+0x1C],EAX + * 00A1A154 807F 48 00 CMP BYTE PTR DS:[EDI+0x48],0x0 + * 00A1A158 8B47 1C MOV EAX,DWORD PTR DS:[EDI+0x1C] + * 00A1A15B 75 1B JNZ SHORT .00A1A178 + * 00A1A15D 3947 40 CMP DWORD PTR DS:[EDI+0x40],EAX + * 00A1A160 7F 16 JG SHORT .00A1A178 + * 00A1A162 8B47 38 MOV EAX,DWORD PTR DS:[EDI+0x38] + * 00A1A165 8B4F 28 MOV ECX,DWORD PTR DS:[EDI+0x28] + * 00A1A168 014F 20 ADD DWORD PTR DS:[EDI+0x20],ECX + * 00A1A16B 8947 1C MOV DWORD PTR DS:[EDI+0x1C],EAX + * 00A1A16E 8B47 20 MOV EAX,DWORD PTR DS:[EDI+0x20] + * 00A1A171 03C1 ADD EAX,ECX + * 00A1A173 3B47 44 CMP EAX,DWORD PTR DS:[EDI+0x44] + * 00A1A176 7D 0C JGE SHORT .00A1A184 + * 00A1A178 8B4D F0 MOV ECX,DWORD PTR SS:[EBP-0x10] + * 00A1A17B 3B5F 14 CMP EBX,DWORD PTR DS:[EDI+0x14] + * 00A1A17E ^0F82 ECFEFFFF JB .00A1A070 + * 00A1A184 8B4D FC MOV ECX,DWORD PTR SS:[EBP-0x4] + * 00A1A187 5F POP EDI + * 00A1A188 5E POP ESI + * 00A1A189 33CD XOR ECX,EBP + * 00A1A18B 5B POP EBX + * 00A1A18C E8 87600200 CALL .00A40218 + * 00A1A191 8BE5 MOV ESP,EBP + * 00A1A193 5D POP EBP + * 00A1A194 C2 0C00 RETN 0xC + * 00A1A197 CC INT3 + * 00A1A198 CC INT3 + */ +static void SpecialHookSilkys(hook_stack *stack, HookParam *hp, TextBuffer *buffer, uintptr_t *split) +{ + // DWORD arg1 = *(DWORD *)(esp_base + 0x4); + DWORD arg1 = stack->stack[1], + arg2 = stack->stack[2]; + + int size = *(DWORD *)(arg1 + 0x14); + if (size <= 0) + return; + + enum + { + ShortTextCapacity = 0x10 + }; + + DWORD text = 0; + // if (arg2 == 0) { + if (size >= ShortTextCapacity) + { + text = *(DWORD *)(arg1 + 4); + if (text && ::IsBadReadPtr((LPCVOID)text, size)) // this might not be needed though + text = 0; + } + if (!text) + { // short text + text = arg1 + 4; + size = min(size, ShortTextCapacity); + } + buffer->from(text,size); + *split = arg2 == 0 ? 1 : 2; // arg2 == 0 ? scenario : name +} +void hookBefore(hook_stack *s, HookParam *hp, TextBuffer *buffer, uintptr_t *role) +{ + auto arg = (TextUnionA *)(s->stack[0] + sizeof(DWORD)); // arg1 + if (!arg || !arg->isValid()) + return ; + + // FIXME: I am not able to distinguish choice out + *role = + s->stack[1] ? Engine::NameRole : // arg2 != 0 for name + // s->ebx > 0x0fffffff ? Engine::ChoiceRole : // edx is a pointer for choice + Engine::ScenarioRole; + + buffer->from(arg->getText(), arg->size); +} +TextUnionA *arg_, + argValue_; +void hookafter1(hook_stack *s, void *data1, size_t len) +{ + auto newData = std::string((char *)data1, len); + auto arg = (TextUnionA *)(s->stack[0] + sizeof(DWORD)); // arg1 + arg_ = arg; + argValue_ = *arg; + static std::string data_; + data_ = newData; + arg->setText(data_); +} + +void hookAfter(hook_stack *stack, HookParam *hp, TextBuffer *buffer, uintptr_t *split) +{ + if (arg_) + { + *arg_ = argValue_; + arg_ = nullptr; + } +} +bool InsertSilkysHook() +{ + const BYTE bytes[] = { + 0x66, 0x89, 0x45, 0xf9, // 00a1a062 66:8945 f9 mov word ptr ss:[ebp-0x7],ax + 0x39, 0x47, 0x14 // 00a1a066 3947 14 cmp dword ptr ds:[edi+0x14],eax + }; + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStopAddress); + if (!addr) + { + ConsoleOutput("Silkys: pattern not found"); + return false; + } + + addr = MemDbg::findEnclosingAlignedFunction(addr); + if (!addr) + { + ConsoleOutput("Silkys: function not found"); + return false; + } + + HookParam hp; + hp.address = addr; + hp.text_fun = SpecialHookSilkys; + hp.type = USING_STRING | NO_CONTEXT; // = 9 + + ConsoleOutput("INSERT Silkys"); + auto succ = NewHook(hp, "SilkysPlus"); + auto fun = [](ULONG addr) -> bool + { + auto succ_ = false; + { + HookParam hp; + hp.address = addr; + hp.type = USING_STRING | NO_CONTEXT | EMBED_ABLE | EMBED_DYNA_SJIS|NO_CONTEXT; + hp.text_fun = hookBefore; + hp.hook_after = hookafter1; + hp.hook_font = F_GetGlyphOutlineA; + succ_ |= NewHook(hp, "EmbedSilkys"); + } + { + HookParam hp; + hp.address = addr + 5; + hp.text_fun = hookAfter; + succ_ |= NewHook(hp, "EmbedSilkys"); + } + return succ_; // replace all functions + }; + succ |= MemDbg::iterNearCallAddress(fun, addr, processStartAddress, processStopAddress); + return succ; +} +bool InsertSilkysHook2() +{ + //[230825] [コンフィチュールソフト] ギャル×オタ ~織川きららはお世話したい~ + auto addr = MemDbg::findCallerAddressAfterInt3((DWORD)GetCharacterPlacementW, processStartAddress, processStopAddress); + if (addr == 0) + return false; + BYTE sig[] = { + 0x8b, 0x80, XX4, + 0xff, 0xd0, + 0x8b, 0xf0}; + addr = MemDbg::findBytes(sig, sizeof(sig), addr, addr + 0x100); + if (addr == 0) + return false; + HookParam hp; + hp.address = addr + 8; + hp.type = CODEC_UTF16 | USING_STRING; + hp.offset = get_reg(regs::eax); + hp.filter_fun = [](void *data, size_t *len, HookParam *hp) + { + static int idx = 0; + idx += 1; + return (bool)(idx % 2); + }; + return NewHook(hp, "SilkysPlus2"); +} +namespace +{ + bool _s() + { + /// https://vndb.org/r68491 + // 徒花異譚 / Adabana Odd Tales + BYTE sig[] = { + 0xBA, 0x00, 0x01, 0x00, 0x00, + 0xC7, 0x45, 0x08, 0x14, 0x20, 0x00, 0x00, + 0x8D, 0x49, 0x00}; + auto addr = MemDbg::findBytes(sig, sizeof(sig), processStartAddress, processStopAddress); + if (addr == 0) + return false; + addr = findfuncstart(addr); + if (!addr) + return 0; + HookParam hp; + hp.address = addr; + hp.offset = get_stack(1); + hp.newlineseperator = L"\\n"; + hp.type = USING_STRING | CODEC_UTF16 | EMBED_ABLE | EMBED_AFTER_NEW; + return NewHook(hp, "EmbedSilkysX"); + } +} +namespace +{ + bool Silkys2Filter(LPVOID data, size_t *size, HookParam *) + { + auto text = reinterpret_cast(data); + auto len = reinterpret_cast(size); + + StringCharReplacer(text, len, L"\\i", 2, L'\''); + + return true; + } + + bool InsertSilkys2Hook() + { + // https://vndb.org/r89173 + // 同级生Remake + const BYTE bytes[] = { + // (unsigned __int16)v13 < 0x100u || (_WORD)v13 == 8212 + 0xC7, 0x45, XX, 0x00, 0x01, 0x00, 0x00, + 0xC7, 0x45, XX, 0x14, 0x20, 0x00, 0x00}; + const BYTE bytes2[] = { + // v6 = (_WORD *)(*v8 + *(_DWORD *)(v7 + 4 * v27)); + // hook v6 + 0x8b, 0x4d, 0xf4, + 0x8b, 0x3c, 0x8f, + 0x03, 0x38}; + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStopAddress); + if (!addr) + return false; + addr = reverseFindBytes(bytes2, sizeof(bytes2), addr - 0x100, addr); + if (!addr) + return false; + HookParam hp; + hp.address = addr + sizeof(bytes2); + hp.offset = get_reg(regs::edi); + hp.filter_fun = Silkys2Filter; + hp.type = CODEC_UTF16 | USING_STRING | NO_CONTEXT; + return NewHook(hp, "Silkys2"); + } +} +namespace +{ + bool saiminset() + { + //[230929][1237052][シルキーズSAKURA] 催眠奪女Set パッケージ版 + auto addr1 = finddllfunctioncall((DWORD)GetGlyphOutlineA, processStartAddress, processStopAddress); + if (addr1 == 0) + return false; + auto func1 = MemDbg::findEnclosingAlignedFunction(addr1); + if (func1 == 0) + return false; + BYTE check[] = { + 0x80, 0xf9, 0x81, XX2, // cmp cl, 81h + 0x80, 0xf9, 0x9f, XX2, // cmp cl, 9Fh + }; + if (MemDbg::findBytes(check, sizeof(check), func1, addr1) == 0) + return false; + auto xrefs = findxref_reverse_checkcallop(func1, processStartAddress, processStopAddress, 0xe8); + if (xrefs.size() == 0) + return false; + auto addr2 = xrefs[0]; + auto addr = MemDbg::findEnclosingAlignedFunction(addr2); + if (addr == 0) + return false; + HookParam hp; + hp.address = addr; + hp.offset = get_stack(1); + hp.index = 0; + hp.split = get_stack(6); + hp.type = USING_SPLIT | DATA_INDIRECT; + return NewHook(hp, "Silkys3"); + } +} +namespace +{ + // 言の葉舞い散る夏の風鈴 + // https://vndb.org/v23466 + bool silkys4() + { + BYTE check[] = { + 0x80, 0xFA, 0x81, + 0x72, XX, + 0x80, 0xFA, 0x9F, + 0x76, XX}; + auto addr = MemDbg::findCallerAddress((ULONG)GetGlyphOutlineA, 0xec8b55, processStartAddress, processStopAddress); + if (addr == 0) + return false; + if (MemDbg::findBytes(check, sizeof(check), addr, addr + 0x100) == 0) + return false; + HookParam hp; + hp.address = addr; + hp.type = USING_CHAR | DATA_INDIRECT | USING_SPLIT; + hp.split = get_stack(1); + hp.offset = get_stack(1); // thiscall arg1 + hp.filter_fun = [](LPVOID data, size_t *size, HookParam *) + { + static int idx = 0; + return (bool)((idx++) % 2); + }; + return NewHook(hp, "Silkys4"); + } +} +namespace +{ + //[240531][1274293][シルキーズSAKURA] 淫魔淫姦 ~触手と合体して思い通りにやり返す~ DL版 + bool silkys5() + { + BYTE sig[] = { + 0xff, 0xd0, // call eax + //<-- eax + 0x8b, 0x0f, + 0x8b, 0xf0, // mov esi,eax + 0x68, 0x80, 0, 0, 0, + 0x68, 0x80, 0, 0, 0, + 0x6a, 0, + 0x8b, 0x11, + 0x6a, 0}; + auto addr = MemDbg::findBytes(sig, sizeof(sig), processStartAddress, processStopAddress); + if (!addr) + return false; + HookParam hp; + hp.address = addr + 2; + hp.type = USING_CHAR | DATA_INDIRECT | CODEC_UTF16; + hp.offset = get_reg(regs::eax); + hp.filter_fun = [](LPVOID data, size_t *size, HookParam *) + { + static int idx = 0; + return (bool)((idx++) % 2); + }; + return NewHook(hp, "silkys5"); + } +} +bool Silkys::attach_function() +{ + auto b1 = InsertSilkys2Hook(); + return InsertSilkysHook() || InsertSilkysHook2() || _s() || b1 || saiminset() || silkys4() || silkys5(); +} + +bool SilkysOld::attach_function() +{ + // 愛姉妹・蕾…汚してください + auto addr = MemDbg::findCallerAddressAfterInt3((DWORD)TextOutA, processStartAddress, processStopAddress); + if (addr == 0) + return false; + HookParam hp; + hp.address = addr; + hp.offset = get_stack(3); + hp.type = DATA_INDIRECT; + return NewHook(hp, "SilkysOld"); +} + +bool Siglusold::attach_function() +{ + // 女系家族 + // https://vndb.org/v5650 + // int __cdecl sub_410C20(char *a1, _DWORD *a2) + // { + // unsigned __int16 v2; // dx + // int v3; // edi + // int result; // eax + // int v5; // eax + + // HIBYTE(v2) = *a1; + // LOBYTE(v2) = a1[1]; + // v3 = *a1; + // *a2 = 24 * (v2 & 0xF); + // if ( v2 < 0x8140u || v2 > 0x84FFu ) + // { + // if ( v2 < 0x8740u || v2 > 0x879Fu ) + // { + // if ( v2 < 0x8890u || v2 > 0x88FFu ) + // { + // if ( v2 < 0x8940u || v2 > 0x9FFFu ) + // { + // if ( v2 < 0xE040u || v2 > 0xEAA4u ) + // { + // if ( v2 < 0xFA40u || v2 > 0xFAFCu ) + // { + // if ( v2 < 0xFB40u || v2 > 0xFBFCu ) + // { + // if ( v2 < 0xFC40u || v2 > 0xFC4Bu ) + // { + BYTE bytes[] = { + 0x66, + XX, + 0x40, + 0x87, + XX2, + 0x66, + XX, + 0x9f, + 0x87, + }; + auto addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStopAddress); + if (addr == 0) + return false; + addr = MemDbg::findEnclosingAlignedFunction_strict(addr); + if (addr == 0) + return false; + HookParam hp; + hp.address = addr; + hp.type = USING_CHAR | DATA_INDIRECT; + hp.offset = get_stack(1); + auto succ = NewHook(hp, "Siglusold_slow"); // 文本速度是慢速时这个有用,调成快速以后有无法过滤的重复 + auto addrs = findxref_reverse_checkcallop(addr, addr - 0x1000, addr + 0x1000, 0xe8); + for (auto addr : addrs) + { + // 寻找调用者,速度为快速时调用者有正确的文本 + addr = MemDbg::findEnclosingAlignedFunction_strict(addr); + if (addr == 0) + continue; + HookParam hpref; + hpref.address = addr; + hpref.text_fun = [](hook_stack *stack, HookParam *hp, TextBuffer *buffer, uintptr_t *split) + { + auto a2 = (DWORD *)stack->stack[2]; + + auto len1 = stack->stack[3]; // 慢速时是1 + auto len2 = a2[7] - a2[6]; + if (len1 == 0 || len2 == 0) + return; + DWORD data, len; + if (len1 == 1) + { // 慢速 + hp->type = USING_CHAR; + data = a2[5] + a2[6]; + data = *(WORD *) data; + auto check = (BYTE) data; // 换行符 + len = 1 + IsDBCSLeadByteEx(932, check); + } + else + { // 快速&&慢速下立即显示 + data = a2[5]; + len = len1; + } + buffer->from(data,len); + }; + hpref.type = USING_STRING; + succ |= NewHook(hpref, "Siglusold_fast"); + } + return succ; +} + +bool Silkyssakura::attach_function() +{ + auto addr = MemDbg::findCallerAddressAfterInt3((DWORD)GetGlyphOutlineW, processStartAddress, processStopAddress); + if (addr == 0) + return false; + HookParam hp; + hp.address = addr; + hp.offset = get_stack(3); + hp.split = get_stack(5); + hp.type = DATA_INDIRECT | USING_CHAR | USING_SPLIT | CODEC_UTF16; + + auto xrefs = findxref_reverse_checkcallop(addr, processStartAddress, processStopAddress, 0xe8); + if (xrefs.size() == 1) + { + addr = MemDbg::findEnclosingAlignedFunction(xrefs[0]); + if (addr) + { + xrefs = findxref_reverse_checkcallop(addr, processStartAddress, processStopAddress, 0xe8); + if (xrefs.size() == 1) + { + addr = MemDbg::findEnclosingAlignedFunction(xrefs[0]); + if (addr) + { + HookParam hp_embed; + hp_embed.address = addr; + hp_embed.offset = get_stack(2); + hp_embed.type = USING_STRING | EMBED_ABLE | EMBED_AFTER_NEW | CODEC_UTF16; + hp_embed.hook_font = F_GetGlyphOutlineW; + return NewHook(hp_embed, "embedSilkyssakura"); // 这个是分两层分别绘制文字和阴影,需要两个都内嵌。 + } + } + } + } + + return NewHook(hp, "Silkyssakura"); +} + +namespace +{ + // flutter of birds II 天使たちの翼 DMM版 + // EDSNHS932#-8@42650:Angel.exe √ + // HS932#-8@44D90:Angel.exe + bool fob2() + { + const BYTE bytes[] = { + 0x53, + 0x56, + 0x8b, 0xf1, + 0x8b, 0xde, + 0x8d, 0x4b, 0x01, + 0x8d, 0xa4, 0x24, 0x00, 0x00, 0x00, 0x00, + 0x8a, 0x03, + 0x43, + 0x84, 0xc0, + 0x75, XX, + 0x2b, 0xd9, + 0xb8, 0xa8, 0x00, 0x00, 0x00, + 0x3b, 0xd8, + 0x68, 0xac, 0x00, 0x00, 0x00}; + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStopAddress); + if (!addr) + return false; + HookParam hp; + hp.address = addr; + hp.offset = get_reg(regs::ecx); + hp.newlineseperator = L"\\n"; + hp.type = USING_STRING | EMBED_ABLE | EMBED_AFTER_NEW | EMBED_DYNA_SJIS; + return NewHook(hp, "SilkysX"); + } +} + +bool Silkysveryveryold_attach_function() +{ + // flutter of birds II 天使たちの翼 + // https://vndb.org/v2380 + const BYTE bytes[] = { + 0x8b, XX, XX, + 0x03, XX, XX, + 0x33, XX, + 0x8a, 0x02, + 0x83, XX, 0x5c, + 0x0f, 0x85, XX4, + 0x8b, XX, XX, + 0x03, XX, XX, + 0x33, XX, + 0x8a, XX, 0x01, + 0x83, XX, 0x6e}; + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStopAddress); + if (!addr) + return false; + addr = MemDbg::findEnclosingAlignedFunction(addr); + if (!addr) + return false; + HookParam hp; + hp.address = addr; + hp.offset = get_stack(1); + hp.newlineseperator = L"\\n"; + hp.type = USING_STRING; + return NewHook(hp, "SilkysX"); +} + +bool Silkysveryveryold::attach_function() +{ + return Silkysveryveryold_attach_function() || fob2(); +} + +bool Aisystem6::attach_function() +{ + // 肢体を洗う + const BYTE bytes[] = { + // if ( *(_WORD *)lpString == 0x9381 && v9 == 2 ) + 0x66, 0x8B, 0x01, 0xF7, // mov ax, [ecx] + 0xDD, 0x1B, + 0xED, 0x83, 0xC5, 0x02, + 0xD1, 0xEB, + 0x0F, 0xAF, 0xDD, + 0x66, 0x3D, 0x81, 0x93, // cmp ax, 9381h + }; + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStopAddress); + if (!addr) + return false; + addr = MemDbg::findEnclosingAlignedFunction(addr); + if (!addr) + return false; + // 有三个这个同型的函数,分别显示不同的内容,各自只调用一次,在xref里面分发。 + auto addrs = findxref_reverse_checkcallop(addr, addr - 0x1000, addr + 0x1000, 0xe8); + if (addrs.size() != 1) + return false; + addr = MemDbg::findEnclosingAlignedFunction(addrs[0]); + if (!addr) + return false; + HookParam hp; + hp.address = addr; + hp.offset = get_stack(1); + hp.type = USING_STRING | NO_CONTEXT; // 男主自定义人名会被分开 + hp.filter_fun = [](void *data, size_t *len, HookParam *hp) + { + StringCharReplacer((char *)data, len, "\x81\x93", 2, '\n'); + return true; + }; + return NewHook(hp, "Aisystem6"); +} \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine32/Silkys.h b/cpp/LunaHook/LunaHook/engine32/Silkys.h new file mode 100644 index 00000000..7a5a5ca1 --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/Silkys.h @@ -0,0 +1,84 @@ + + +class Silkys : public ENGINE +{ +public: + Silkys() + { + + check_by = CHECK_BY::FILE_ALL; + check_by_target = check_by_list{L"data.arc", L"effect.arc", L"Script.arc"}; + /// Almost the same as Silkys except mes.arc is replaced by Script.arc + }; + bool attach_function(); +}; +class SilkysOld : public ENGINE +{ +public: + SilkysOld() + { + + check_by = CHECK_BY::FILE_ALL; + check_by_target = check_by_list{L"bgm.AWF", L"effect.AWF", L"gcc.ARC", L"mes.ARC", L"sequence.ARC"}; + /// Almost the same as Silkys except mes.arc is replaced by Script.arc + }; + bool attach_function(); +}; + +class Siglusold : public ENGINE +{ +public: + Siglusold() + { + // 女系家族 + // https://vndb.org/v5650 + check_by = CHECK_BY::FILE_ALL; + check_by_target = check_by_list{L"*.mfg", L"*.mff", L"*.mfm", L"*.mfs"}; + }; + bool attach_function(); +}; + +class Silkyssakura : public ENGINE +{ +public: + Silkyssakura() + { + // いれかわ お姉ちゃん、ぼくの身体でオナニーしちゃうの! + check_by = CHECK_BY::FILE; + check_by_target = L"pak\\data001.pak"; + }; + bool attach_function(); +}; + +class Silkysveryveryold : public ENGINE +{ +public: + Silkysveryveryold() + { + // flutter of birds II 天使たちの翼 + // https://vndb.org/v2380 + check_by = CHECK_BY::CUSTOM; + check_by_target = []() + { return Util::CheckFile(L"*SYS.ifl") || Util::CheckFile_exits(L"ANSYS.ifl", true); }; // L"*SYS.ifl"; + }; + bool attach_function(); +}; + +class Aisystem6 : public ENGINE +{ +public: + Aisystem6() + { + // 肢体を洗う + check_by = CHECK_BY::CUSTOM; + check_by_target = []() + { + auto check1 = Util::CheckFile(L"script.arc") && Util::CheckFile(L"sequence.arc") && Util::CheckFile(L"mask.arc") && Util::CheckFile(L"bitmap.arc") && Util::CheckFile(L"flag0000"); + if (!check1) + return false; + char AISYSTEM_6[] = "AISYSTEM_6"; + return 0 != MemDbg::findBytes(AISYSTEM_6, sizeof(AISYSTEM_6), processStartAddress, min(processStopAddress, processStartAddress + 0x100000)); + }; + }; + bool attach_function(); +}; \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine32/Speed.cpp b/cpp/LunaHook/LunaHook/engine32/Speed.cpp new file mode 100644 index 00000000..933fe70d --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/Speed.cpp @@ -0,0 +1,23 @@ +#include"Speed.h" + +bool Speed::attach_function() { + // 藍色ノ狂詩曲~Deep Blue Rhapsody~ + //mov esi, ds:DrawTextA + auto addr = findiatcallormov((DWORD)DrawTextA,processStartAddress,processStartAddress,processStopAddress,false,0x35); + if (addr == 0)return false; + BYTE sig1[]={ 0x68,0x00,0x04,0x00,0x00 }; + BYTE sig2[]={ 0xFF,0xD6 }; + BYTE sig3[]={ 0x68,0x00,0x01,0x00,0x00 }; + BYTE sig4[]={ 0xFF,0xD6 }; + for(auto p:std::vector>{{sig1,sizeof(sig1)},{sig2,sizeof(sig2)},{sig3,sizeof(sig3)},{sig4,sizeof(sig4)}}){ + addr=MemDbg::findBytes(p.first, p.second, addr, addr+0x40); + if(addr==0)return false; + } + addr = MemDbg::findEnclosingAlignedFunction(addr); + if (addr == 0)return false; + HookParam hp; + hp.address = addr; + hp.offset=get_stack(1); + hp.type = CODEC_ANSI_BE ; + return NewHook(hp, "Speed"); +} \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine32/Speed.h b/cpp/LunaHook/LunaHook/engine32/Speed.h new file mode 100644 index 00000000..c88d97f5 --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/Speed.h @@ -0,0 +1,15 @@ + + +class Speed:public ENGINE{ + public: + Speed(){ + is_engine_certain=false; + check_by=CHECK_BY::CUSTOM; + check_by_target=[](){ + auto hcb=std::wstring(processName); + hcb=hcb.substr(0,hcb.size()-4)+L".hcb"; + return(Util::CheckFile(hcb.c_str())&&Util::CheckFile(L"bgm.bin")&&Util::CheckFile(L"cg.bin")&&Util::CheckFile(L"se.bin")&&Util::CheckFile(L"vo.bin")); + }; + }; + bool attach_function(); +}; \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine32/Sprite.cpp b/cpp/LunaHook/LunaHook/engine32/Sprite.cpp new file mode 100644 index 00000000..3533d5a9 --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/Sprite.cpp @@ -0,0 +1,142 @@ +#include "Sprite.h" + +bool Sprite_attach_function() +{ + // 恋と選挙とチョコレート + auto m = GetModuleHandle(L"dirapi.dll"); + auto [minAddress, maxAddress] = Util::QueryModuleLimits(m); + const BYTE bytes[] = { + 0x83, 0xF8, 0x40, + 0x74, XX, + 0x83, 0xF8, 0x43, + 0x74, XX, + 0x83, XX, 0xFF, + 0xEB, XX, + 0x8D, 0x45, 0xF8, + XX, + XX, + XX, + //+20 + 0xE8, XX4, + 0x89, 0x45, 0xF0, + 0x8D, 0x45, 0xF4, + 0x50, + XX, + 0xE8, XX4}; + auto addr = MemDbg::findBytes(bytes, sizeof(bytes), minAddress, maxAddress); + if (addr == 0) + return false; + if (((*(int *)(addr + 22)) + addr + 22) != ((*(int *)(addr + 35)) + addr + 35)) + return false; + HookParam hp; + hp.address = addr + sizeof(bytes); + hp.offset = get_reg(regs::eax); + hp.type = USING_STRING; + return NewHook(hp, "Sprite"); +} +namespace +{ + bool _h1() + { + // https://vndb.org/v1714 + //[Selen]はらみこ + auto FlashAssetx32 = GetModuleHandleW(L"Flash Asset.x32"); + if (FlashAssetx32 == 0) + return false; + auto [s, e] = Util::QueryModuleLimits(FlashAssetx32); + const BYTE bytes[] = { + 0x56, 0x57, 0x6a, 0xff, + 0xff, 0x75, 0x08, // ebp+8 + 0x53, + 0x68, 0xe4, 0x04, 0x00, 0x00, + 0xff, 0x15, XX4 // MultiByteToWideChar + }; + auto addr = MemDbg::findBytes(bytes, sizeof(bytes), s, e); + if (addr == 0) + return false; + HookParam hp; + hp.address = addr + sizeof(bytes); // 不知道从哪jump到call MultiByteToWideChar的 + hp.offset = get_stack(5); + hp.type = USING_STRING; + hp.filter_fun = [](LPVOID data, size_t *size, HookParam *) -> bool + { + static int idx = 0; + return (idx++) % 2; + }; + return NewHook(hp, "Flash Asset"); + } + + bool _h2() + { + auto TextXtra = GetModuleHandleW(L"TextXtra.x32"); + if (TextXtra == 0) + return false; + auto [s, e] = Util::QueryModuleLimits(TextXtra); + const BYTE bytes[] = { + 0xff, 0x75, 0x18, + 0x8d, 0x88, 0xb8, 0x00, 0x00, 0x00, + 0xff, 0x75, 0x14, + 0xff, 0x75, 0x10, + 0xff, 0x75, 0x0c, + 0xe8, XX4, + 0x66, 0x85, 0xc0, + 0x74}; + auto addr = MemDbg::findBytes(bytes, sizeof(bytes), s, e); + if (addr == 0) + return false; + addr = findfuncstart(addr, 0x100); + if (addr == 0) + return false; + HookParam hp; + hp.address = addr; + hp.offset = get_stack(2); + hp.type = USING_STRING | CODEC_UTF8 | EMBED_ABLE | EMBED_AFTER_NEW ; + return NewHook(hp, "TextXtra"); + } +} +bool Sprite::attach_function() +{ + return Sprite_attach_function() | _h1() | _h2(); +} +namespace +{ + bool h3() + { + // https://vndb.org/v5864 + // in white + + auto TextXtra = GetModuleHandleW(L"TextXtra.x32"); + if (TextXtra == 0) + return false; + auto [s, e] = Util::QueryModuleLimits(TextXtra); + // Text Asset.x32->this function + const BYTE bytes[] = { + 0x55, 0x8b, 0xec, + 0x56, + 0x8b, 0x75, 0x08, + 0x8b, 0x46, 0x04, + 0x66, 0x8b, 0x48, 0x32, + 0x51, + 0x6a, 0x00, + 0xff, 0x75, 0x18, + 0xff, 0x75, 0x14, + 0xff, 0x75, 0x10, + 0xff, 0x75, 0x0c, + 0xff, 0x70, 0x24, + 0xe8, XX4, + 0x66, 0x85, 0xc0, + 0x74, XX}; + auto addr = MemDbg::findBytes(bytes, sizeof(bytes), s, e); + if (addr == 0) + return false; + HookParam hp; + hp.address = addr; + hp.offset = get_stack(2); + hp.type = USING_STRING; + return NewHook(hp, "TextXtra2"); + } +} +bool TextXtra_x32::attach_function() +{ + return _h2() || h3(); +} \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine32/Sprite.h b/cpp/LunaHook/LunaHook/engine32/Sprite.h new file mode 100644 index 00000000..cee84084 --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/Sprite.h @@ -0,0 +1,28 @@ + + +class Sprite : public ENGINE +{ +public: + Sprite() + { + is_engine_certain = false; + check_by = CHECK_BY::FILE; + check_by_target = L"*.cct"; + }; + bool attach_function(); +}; +class TextXtra_x32 : public ENGINE +{ + +public: + TextXtra_x32() + { + is_engine_certain = false; + check_by = CHECK_BY::CUSTOM; + check_by_target = []() + { + return GetModuleHandle(L"TextXtra.x32"); + }; + }; + bool attach_function(); +}; \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine32/Stronger.cpp b/cpp/LunaHook/LunaHook/engine32/Stronger.cpp new file mode 100644 index 00000000..44636c22 --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/Stronger.cpp @@ -0,0 +1,31 @@ +#include "Stronger.h" +namespace +{ + // https://vndb.org/v1334 + // Pygmalion ~The Dark Romance~ + bool h1() + { + auto addr = findiatcallormov((DWORD)GetGlyphOutlineA, processStartAddress, processStartAddress, processStopAddress, false, 0x3d); // mov edi, ds:GetGlyphOutlineA + if (!addr) + return false; + addr = MemDbg::findEnclosingAlignedFunction(addr); + if (!addr) + return false; + auto addrs = findxref_reverse_checkcallop(addr, processStartAddress, processStopAddress, 0xe8); + if (addrs.size() != 1) + return false; + addr = addrs[0]; + addr = MemDbg::findEnclosingAlignedFunction(addr); + if (!addr) + return false; + HookParam hp; + hp.address = addr; + hp.offset = get_stack(1); + hp.type = DATA_INDIRECT | USING_CHAR; + return NewHook(hp, "Stronger"); + } +} +bool Stronger::attach_function() +{ + return h1(); +} \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine32/Stronger.h b/cpp/LunaHook/LunaHook/engine32/Stronger.h new file mode 100644 index 00000000..cfff33de --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/Stronger.h @@ -0,0 +1,13 @@ + + +class Stronger : public ENGINE +{ +public: + Stronger() + { + check_by = CHECK_BY::FILE; + check_by_target = L"data/sinario/*.spt"; + is_engine_certain = false; + }; + bool attach_function(); +}; \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine32/Suika2.cpp b/cpp/LunaHook/LunaHook/engine32/Suika2.cpp new file mode 100644 index 00000000..500b165a --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/Suika2.cpp @@ -0,0 +1,37 @@ +#include"Suika2.h" +//灰翼のロードピス +bool Suika2_msvcrt() { + auto msvcrt=GetModuleHandle(L"msvcrt.dll"); + if(msvcrt==0)return 0; + auto _strdup=GetProcAddress(msvcrt,"_strdup"); + if(_strdup==0)return 0; + HookParam hp; + hp.address=(DWORD)_strdup; + hp.type=USING_STRING|CODEC_UTF8; + hp.offset=get_stack(1); + return NewHook(hp,"Suika2_msvcrt"); + +} +bool Suika2_06x() { + char _s[]=R"(\#{%06x}%s\#{%06x}%s)"; + auto a06xS06xS=MemDbg::findBytes(_s,sizeof(_s),processStartAddress,processStopAddress); + if(a06xS06xS==0)return 0; + auto movoff=MemDbg::findBytes(&a06xS06xS,4,processStartAddress,processStopAddress); + if(movoff==0)return 0; + BYTE funcstart[]={ + 0x55,0x57,0x56 + }; + auto func=reverseFindBytes(funcstart,sizeof(funcstart),movoff-0x200,movoff); + if(func==0)return 0; + HookParam hp; + hp.address=func; + hp.type=USING_STRING|CODEC_UTF8|NO_CONTEXT; + hp.offset=get_stack(2); + return NewHook(hp,"Suika2_06x"); + +} +bool Suika2::attach_function() { + auto _1=Suika2_msvcrt(); + auto _2=Suika2_06x(); + return _1||_2; +} \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine32/Suika2.h b/cpp/LunaHook/LunaHook/engine32/Suika2.h new file mode 100644 index 00000000..25e69b18 --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/Suika2.h @@ -0,0 +1,15 @@ + + +class Suika2:public ENGINE{ + public: + Suika2(){ + is_engine_certain=false; + check_by=CHECK_BY::CUSTOM; + check_by_target=[](){ + if(wcscmp(processName_lower,L"suika.exe")==0)return true; + char suika2copyright[]="Suika2: Copyright"; + return 0!=MemDbg::findBytes(suika2copyright,sizeof(suika2copyright)-1,processStartAddress,min(processStopAddress,processStartAddress+0x200000)); + }; + }; + bool attach_function(); +}; \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine32/System4x.cpp b/cpp/LunaHook/LunaHook/engine32/System4x.cpp new file mode 100644 index 00000000..eeac35bc --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/System4x.cpp @@ -0,0 +1,1740 @@ +#include"System4x.h" + +/** + * jichi 12/26/2013: Rance hook + * + * ランス01 光をもとめて: /HSN4:-14@5506A9 + * - addr: 5572265 (0x5596a9) + * - off: 4 + * - split: 4294967272 (0xffffffe8 = -0x18) + * - type: 1041 (0x411) + * + * the above code has the same pattern except int3. + * 005506a9 |. e8 f2fb1600 call Rance01.006c02a0 ; hook here + * 005506ae |. 83c4 0c add esp,0xc + * 005506b1 |. 5f pop edi + * 005506b2 |. 5e pop esi + * 005506b3 |. b0 01 mov al,0x1 + * 005506b5 |. 5b pop ebx + * 005506b6 \. c2 0400 retn 0x4 + * 005506b9 cc int3 + * + * ランス・クエス� /hsn4:-14@42e08a + * 0042e08a |. e8 91ed1f00 call Ranceque.0062ce20 ; hook here + * 0042e08f |. 83c4 0c add esp,0xc + * 0042e092 |. 5f pop edi + * 0042e093 |. 5e pop esi + * 0042e094 |. b0 01 mov al,0x1 + * 0042e096 |. 5b pop ebx + * 0042e097 \. c2 0400 retn 0x4 + * 0042e09a cc int3 + * + * 5/7/2015 イブニクル version 1.0.1 + * The hooked function is no longer get called after loading AliceRunPatch.dll. + * The hooked function is below. + * See also ATcode: http://capita.tistory.com/m/post/256 + * 005C40AE CC INT3 + * 005C40AF CC INT3 + * 005C40B0 53 PUSH EBX + * 005C40B1 8B5C24 08 MOV EBX,DWORD PTR SS:[ESP+0x8] + * 005C40B5 56 PUSH ESI + * 005C40B6 57 PUSH EDI + * 005C40B7 8B7B 10 MOV EDI,DWORD PTR DS:[EBX+0x10] + * 005C40BA 8BF0 MOV ESI,EAX + * 005C40BC 47 INC EDI + * 005C40BD 3B7E 0C CMP EDI,DWORD PTR DS:[ESI+0xC] + * 005C40C0 76 0F JBE SHORT .005C40D1 + * 005C40C2 E8 79F8FFFF CALL .005C3940 + * 005C40C7 84C0 TEST AL,AL + * 005C40C9 75 06 JNZ SHORT .005C40D1 + * 005C40CB 5F POP EDI + * 005C40CC 5E POP ESI + * 005C40CD 5B POP EBX + * 005C40CE C2 0400 RETN 0x4 + * 005C40D1 837B 14 10 CMP DWORD PTR DS:[EBX+0x14],0x10 + * 005C40D5 72 02 JB SHORT .005C40D9 + * 005C40D7 8B1B MOV EBX,DWORD PTR DS:[EBX] + * 005C40D9 837E 0C 00 CMP DWORD PTR DS:[ESI+0xC],0x0 + * 005C40DD 75 15 JNZ SHORT .005C40F4 + * 005C40DF 57 PUSH EDI + * 005C40E0 33C0 XOR EAX,EAX + * 005C40E2 53 PUSH EBX + * 005C40E3 50 PUSH EAX + * 005C40E4 E8 B7400D00 CALL .006981A0 + * 005C40E9 83C4 0C ADD ESP,0xC + * 005C40EC 5F POP EDI + * 005C40ED 5E POP ESI + * 005C40EE B0 01 MOV AL,0x1 + * 005C40F0 5B POP EBX + * 005C40F1 C2 0400 RETN 0x4 + * 005C40F4 8B46 08 MOV EAX,DWORD PTR DS:[ESI+0x8] + * 005C40F7 57 PUSH EDI + * 005C40F8 53 PUSH EBX + * 005C40F9 50 PUSH EAX + * 005C40FA E8 A1400D00 CALL .006981A0 ; jichi: call here + * 005C40FF 83C4 0C ADD ESP,0xC + * 005C4102 5F POP EDI + * 005C4103 5E POP ESI + * 005C4104 B0 01 MOV AL,0x1 + * 005C4106 5B POP EBX + * 005C4107 C2 0400 RETN 0x4 + * 005C410A CC INT3 + * 005C410B CC INT3 + * 005C410C CC INT3 * + */ +static bool InsertSystem43OldHook(ULONG startAddress, ULONG stopAddress, LPCSTR hookName) +{ + // i.e. 83c40c5f5eb0015bc20400cccc without leading 0xe8 + //const BYTE ins[] = { // 005506a9 |. e8 f2fb1600 call rance01.006c02a0 ; hook here + // 0x83,0xc4, 0x0c, // 005506ae |. 83c4 0c add esp,0xc + // 0x5f, // 005506b1 |. 5f pop edi + // 0x5e, // 005506b2 |. 5e pop esi + // 0xb0, 0x01, // 005506b3 |. b0 01 mov al,0x1 + // 0x5b, // 005506b5 |. 5b pop ebx + // 0xc2, 0x04,0x00, // 005506b6 \. c2 0400 retn 0x4 + // 0xcc, 0xcc // patching a few int3 to make sure that this is at the end of the code block + //}; + //enum { addr_offset = -5 }; // the function call before the ins + //ULONG addr = processStartAddress; //- sizeof(ins); + ////addr = 0x5506a9; + //enum { near_call = 0xe8 }; // intra-module function call + //do { + // //addr += sizeof(ins); // so that each time return diff address -- not needed + // ULONG range = min(processStopAddress - addr, MAX_REL_ADDR); + // addr = MemDbg::findBytes(ins, sizeof(ins), addr, addr + range); + // if (!addr) { + // //ITH_MSG(L"failed"); + // ConsoleOutput("System43: pattern not found"); + // return false; + // } + // addr += addr_offset; + //} while(near_call != *(BYTE *)addr); // function call + //GROWL_DWORD(addr); + + // i.e. 83c40c5f5eb0015bc20400cccc without leading 0xe8 + const BYTE bytes[] = { + 0xe8, XX4, // 005506a9 |. e8 f2fb1600 call rance01.006c02a0 ; hook here + 0x83,0xc4, 0x0c, // 005506ae |. 83c4 0c add esp,0xc + XX, // 005506b1 |. 5f pop edi ; Artikash 2/9/2019 change these to wildcards: Evenicle 2 has the pops and moves switched order + XX, // 005506b2 |. 5e pop esi + XX, XX, // 005506b3 |. b0 01 mov al,0x1 + 0x5b, // 005506b5 |. 5b pop ebx + 0xc2, 0x04,0x00, // 005506b6 \. c2 0400 retn 0x4 + 0xcc, 0xcc // patching a few int3 to make sure that this is at the end of the code block + }; + enum { addr_offset = 0 }; + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStopAddress); + //GROWL_DWORD(addr); + if (!addr) { + ConsoleOutput("System43: pattern not found"); + return false; + } + + HookParam hp; + hp.address = addr + addr_offset; + hp.offset=get_stack(1); + hp.split = get_reg(regs::esp); + hp.type = NO_CONTEXT|USING_SPLIT|USING_STRING|EMBED_ABLE|EMBED_AFTER_NEW|EMBED_DYNA_SJIS; + ConsoleOutput("INSERT System43"); + ConsoleOutput("System43: disable GDI hooks"); // disable hooking to TextOutA, which is cached + return NewHook(hp, hookName); + + +} + +/** 5/13/2015 Add new hook for System43 engine that has no garbage threads and can detect character name + * Sample game: Evenicle + * See: http://capita.tistory.com/m/post/256 + * + * 004EEA6C CC INT3 + * 004EEA6D CC INT3 + * 004EEA6E CC INT3 + * 004EEA6F CC INT3 + * 004EEA70 6A FF PUSH -0x1 + * 004EEA72 68 E8267000 PUSH .007026E8 + * 004EEA77 64:A1 00000000 MOV EAX,DWORD PTR FS:[0] + * 004EEA7D 50 PUSH EAX + * 004EEA7E 83EC 20 SUB ESP,0x20 + * 004EEA81 A1 DCC47700 MOV EAX,DWORD PTR DS:[0x77C4DC] + * 004EEA86 33C4 XOR EAX,ESP + * 004EEA88 894424 1C MOV DWORD PTR SS:[ESP+0x1C],EAX + * 004EEA8C 53 PUSH EBX + * 004EEA8D 55 PUSH EBP + * 004EEA8E 56 PUSH ESI + * 004EEA8F 57 PUSH EDI + * 004EEA90 A1 DCC47700 MOV EAX,DWORD PTR DS:[0x77C4DC] + * 004EEA95 33C4 XOR EAX,ESP + * 004EEA97 50 PUSH EAX + * 004EEA98 8D4424 34 LEA EAX,DWORD PTR SS:[ESP+0x34] + * 004EEA9C 64:A3 00000000 MOV DWORD PTR FS:[0],EAX + * 004EEAA2 8B4424 44 MOV EAX,DWORD PTR SS:[ESP+0x44] + * 004EEAA6 8BF1 MOV ESI,ECX + * 004EEAA8 E8 8346FBFF CALL .004A3130 + * 004EEAAD 8BE8 MOV EBP,EAX + * 004EEAAF 33DB XOR EBX,EBX + * 004EEAB1 3BEB CMP EBP,EBX + * 004EEAB3 75 07 JNZ SHORT .004EEABC + * 004EEAB5 32C0 XOR AL,AL + * 004EEAB7 E9 92000000 JMP .004EEB4E + * 004EEABC 8B06 MOV EAX,DWORD PTR DS:[ESI] + * 004EEABE 8B10 MOV EDX,DWORD PTR DS:[EAX] + * 004EEAC0 8BCE MOV ECX,ESI + * 004EEAC2 FFD2 CALL EDX + * 004EEAC4 8BC8 MOV ECX,EAX + * 004EEAC6 C74424 28 0F0000>MOV DWORD PTR SS:[ESP+0x28],0xF + * 004EEACE 895C24 24 MOV DWORD PTR SS:[ESP+0x24],EBX + * 004EEAD2 885C24 14 MOV BYTE PTR SS:[ESP+0x14],BL + * 004EEAD6 8D71 01 LEA ESI,DWORD PTR DS:[ECX+0x1] + * 004EEAD9 8DA424 00000000 LEA ESP,DWORD PTR SS:[ESP] + * 004EEAE0 8A11 MOV DL,BYTE PTR DS:[ECX] + * 004EEAE2 41 INC ECX + * 004EEAE3 3AD3 CMP DL,BL + * 004EEAE5 ^75 F9 JNZ SHORT .004EEAE0 + * 004EEAE7 2BCE SUB ECX,ESI + * 004EEAE9 50 PUSH EAX + * 004EEAEA 8BF9 MOV EDI,ECX + * 004EEAEC 8D7424 18 LEA ESI,DWORD PTR SS:[ESP+0x18] + * 004EEAF0 E8 CB27F1FF CALL .004012C0 + * 004EEAF5 8B7C24 48 MOV EDI,DWORD PTR SS:[ESP+0x48] + * 004EEAF9 895C24 3C MOV DWORD PTR SS:[ESP+0x3C],EBX + * 004EEAFD 8B75 3C MOV ESI,DWORD PTR SS:[EBP+0x3C] + * 004EEB00 E8 1B4A0100 CALL .00503520 + * 004EEB05 8BF8 MOV EDI,EAX + * 004EEB07 8DB7 E4000000 LEA ESI,DWORD PTR DS:[EDI+0xE4] + * 004EEB0D 8D4424 14 LEA EAX,DWORD PTR SS:[ESP+0x14] + * 004EEB11 8BD6 MOV EDX,ESI + * 004EEB13 E8 985CF1FF CALL .004047B0 + * 004EEB18 BD 10000000 MOV EBP,0x10 + * 004EEB1D 84C0 TEST AL,AL + * 004EEB1F 75 18 JNZ SHORT .004EEB39 + * 004EEB21 895E 10 MOV DWORD PTR DS:[ESI+0x10],EBX + * 004EEB24 396E 14 CMP DWORD PTR DS:[ESI+0x14],EBP + * 004EEB27 72 02 JB SHORT .004EEB2B + * 004EEB29 8B36 MOV ESI,DWORD PTR DS:[ESI] + * 004EEB2B 8D4424 14 LEA EAX,DWORD PTR SS:[ESP+0x14] + * 004EEB2F 50 PUSH EAX + * 004EEB30 8BCF MOV ECX,EDI + * 004EEB32 881E MOV BYTE PTR DS:[ESI],BL + * 004EEB34 E8 67CB0100 CALL .0050B6A0 ; jichi: ATcode modified here, text is on the top of the stack + * 004EEB39 396C24 28 CMP DWORD PTR SS:[ESP+0x28],EBP + * 004EEB3D 72 0D JB SHORT .004EEB4C + * 004EEB3F 8B4C24 14 MOV ECX,DWORD PTR SS:[ESP+0x14] + * 004EEB43 51 PUSH ECX + * 004EEB44 E8 42DC1900 CALL .0068C78B + * 004EEB49 83C4 04 ADD ESP,0x4 + * 004EEB4C B0 01 MOV AL,0x1 + * 004EEB4E 8B4C24 34 MOV ECX,DWORD PTR SS:[ESP+0x34] + * 004EEB52 64:890D 00000000 MOV DWORD PTR FS:[0],ECX + * 004EEB59 59 POP ECX + * 004EEB5A 5F POP EDI + * 004EEB5B 5E POP ESI + * 004EEB5C 5D POP EBP + * 004EEB5D 5B POP EBX + * 004EEB5E 8B4C24 1C MOV ECX,DWORD PTR SS:[ESP+0x1C] + * 004EEB62 33CC XOR ECX,ESP + * 004EEB64 E8 9CD61900 CALL .0068C205 + * 004EEB69 83C4 2C ADD ESP,0x2C + * 004EEB6C C3 RETN + * 004EEB6D CC INT3 + * 004EEB6E CC INT3 + * + * Actual binary patch for Evenicle exe: http://capita.tistory.com/m/post/256 + * {005E393B(EB), 004EEB34(E9 13 B6 21 00), 005C71E0(E9 48 2F 14 00), 005B6494(E9 10 3D 15 00), 0070A10F(90 90 90 90 90 E8 F7 9F EB FF E9 C7 D0 EB FF 90 90 90 90 90 E8 78 15 E0 FF E9 0C 4A DE FF 50 8B 87 B0 00 00 00 66 81 38 84 00 75 0E 83 78 EA 5B 75 08 E8 A2 00 00 00 58 EB C6 58 EB C8 50 52 BA E0 0B 7A 00 60 89 D7 8B 74 E4 28 B9 06 00 00 00 F3 A5 61 8B 44 E4 08 8B 40 10 85 C0 74 29 8B 44 E4 08 8B 40 14 83 F8 0F 75 08 89 54 E4 08 5A 58 EB 9D 8D 42 20 60 89 C7 8B 32 8B 4A 14 83 C1 09 F3 A4 61 89 02 EB E3 5A 58 EB 89 90 90 90 90 90 E8 6C 9F EB FF E9 F0 C2 EA FF 50 8B 44 E4 04 83 78 0C 01 76 31 8B 87 84 02 00 00 66 83 78 FC 46 75 24 83 78 F8 22 74 16 83 78 F8 13 75 18 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 E8 06 00 00 00 58 EB B5 58 EB B7 60 8B 74 E4 28 BF E0 0B 7A 00 89 7C E4 28 B9 0C 00 00 00 F3 A5 61 C3)} + * + * ATcode: FORCEFONT(5),ENCODEKOR,FONT(Malgun Gothic,-13),HOOK(0x0070A10F,TRANS([[ESP]+0x8],LEN([ESP]+0XC),PTRCHEAT),RETNPOS(COPY)),HOOK(0x0070A11E,TRANS([ESP],SMSTR(IGNORE)),RETNPOS(COPY)),HOOK(0x0070A19A,TRANS([[ESP]+0x8],LEN([ESP]+0XC),PTRCHEAT),RETNPOS(COPY)) + * FilterCode: DenyWord{CUT(2)},FixLine{},KoFilter{},DumpText{},CustomDic{CDic},CustomScript{Write,Pass(-1),Cache} + * + * The second hooked address pointed to the text address. + * The logic here is simplify buffer the read text, and replace the text by zero + * Then translate/paint them together. + * Several variables near the text address is used to check if the text is finished or not. + * + * Function immediately before patched code: + * 0070A09E CC INT3 + * 0070A09F CC INT3 + * 0070A0A0 6A FF PUSH -0x1 + * 0070A0A2 68 358A7000 PUSH .00708A35 + * 0070A0A7 64:A1 00000000 MOV EAX,DWORD PTR FS:[0] + * 0070A0AD 50 PUSH EAX + * 0070A0AE 51 PUSH ECX + * 0070A0AF 56 PUSH ESI + * 0070A0B0 A1 DCC47700 MOV EAX,DWORD PTR DS:[0x77C4DC] + * 0070A0B5 33C4 XOR EAX,ESP + * 0070A0B7 50 PUSH EAX + * 0070A0B8 8D4424 0C LEA EAX,DWORD PTR SS:[ESP+0xC] + * 0070A0BC 64:A3 00000000 MOV DWORD PTR FS:[0],EAX + * 0070A0C2 C74424 14 000000>MOV DWORD PTR SS:[ESP+0x14],0x0 + * 0070A0CA A1 54D17900 MOV EAX,DWORD PTR DS:[0x79D154] + * 0070A0CF 8B08 MOV ECX,DWORD PTR DS:[EAX] + * 0070A0D1 50 PUSH EAX + * 0070A0D2 51 PUSH ECX + * 0070A0D3 8D7424 10 LEA ESI,DWORD PTR SS:[ESP+0x10] + * 0070A0D7 E8 6416F8FF CALL .0068B740 + * 0070A0DC A1 54D17900 MOV EAX,DWORD PTR DS:[0x79D154] + * 0070A0E1 50 PUSH EAX + * 0070A0E2 E8 A426F8FF CALL .0068C78B + * 0070A0E7 83C4 04 ADD ESP,0x4 + * 0070A0EA 8B4C24 0C MOV ECX,DWORD PTR SS:[ESP+0xC] + * 0070A0EE 64:890D 00000000 MOV DWORD PTR FS:[0],ECX + * 0070A0F5 59 POP ECX + * 0070A0F6 5E POP ESI + * 0070A0F7 83C4 10 ADD ESP,0x10 + * 0070A0FA C3 RETN + * 0070A0FB C705 C4C17900 64>MOV DWORD PTR DS:[0x79C1C4],.0070B664 + * 0070A105 B9 C4C17900 MOV ECX,.0079C1C4 + * 0070A10A ^E9 0722F8FF JMP .0068C316 + * + * Patched code: + * 0070A10F 90 NOP ; jichi: ATcode hooked here + * 0070A110 90 NOP + * 0070A111 90 NOP + * 0070A112 90 NOP + * 0070A113 90 NOP + * 0070A114 E8 F79FEBFF CALL .005C4110 + * 0070A119 ^E9 C7D0EBFF JMP .005C71E5 + * 0070A11E 90 NOP + * 0070A11F 90 NOP + * 0070A120 90 NOP + * 0070A121 90 NOP + * 0070A122 90 NOP + * 0070A123 E8 7815E0FF CALL .0050B6A0 ; jichi: call the original function for hookpoint #2 + * 0070A128 ^E9 0C4ADEFF JMP .004EEB39 ; jichi: come back to hookpoint#2 + * 0070A12D 50 PUSH EAX ; jichi: this is for hookpoint #3, translate the text before send it to paint + * 0070A12E 8B87 B0000000 MOV EAX,DWORD PTR DS:[EDI+0xB0] + * 0070A134 66:8138 8400 CMP WORD PTR DS:[EAX],0x84 + * 0070A139 75 0E JNZ SHORT .0070A149 + * 0070A13B 8378 EA 5B CMP DWORD PTR DS:[EAX-0x16],0x5B + * 0070A13F 75 08 JNZ SHORT .0070A149 + * 0070A141 E8 A2000000 CALL .0070A1E8 + * 0070A146 58 POP EAX + * 0070A147 ^EB C6 JMP SHORT .0070A10F + * 0070A149 58 POP EAX + * 0070A14A ^EB C8 JMP SHORT .0070A114 + * 0070A14C 50 PUSH EAX ; jichi: hookpoint#2 jmp here, text address is in [esp] + * 0070A14D 52 PUSH EDX + * 0070A14E BA E00B7A00 MOV EDX,.007A0BE0 ; jichi: 007A0BE0 points to unused zeroed memory + * 0070A153 60 PUSHAD ; jichi esp -= 0x20, now, esp[0x28] is text address, esp[0x24] = eax, and esp[0x20] = edx + * 0070A154 89D7 MOV EDI,EDX ; set 007A0BE0 as the target buffer to save text, edx is never modified + * 0070A156 8B74E4 28 MOV ESI,DWORD PTR SS:[ESP+0x28] ; set source text as target + * 0070A15A B9 06000000 MOV ECX,0x6 ; move for 6 bytes + * 0070A15F F3:A5 REP MOVS DWORD PTR ES:[EDI],DWORD PTR DS:[ESI] + * 0070A161 61 POPAD ; finished saving text, now [esp] is old edx, esp[0x4] is old eax, esp[0x8] is old text address + * 0070A162 8B44E4 08 MOV EAX,DWORD PTR SS:[ESP+0x8] ; eax = original text address + * 0070A166 8B40 10 MOV EAX,DWORD PTR DS:[EAX+0x10] ; eax = text[0x10] + * 0070A169 85C0 TEST EAX,EAX ; if end of text, + * 0070A16B 74 29 JE SHORT .0070A196 ; jump if eax is zero, comeback to hookpoint and ignore it + * 0070A16D 8B44E4 08 MOV EAX,DWORD PTR SS:[ESP+0x8] ; otherwise, if eax is not zero + * 0070A171 8B40 14 MOV EAX,DWORD PTR DS:[EAX+0x14] ; eax = text[0x14] + * 0070A174 83F8 0F CMP EAX,0xF ; jichi: compare text[0x14] with 0xf + * 0070A177 75 08 JNZ SHORT .0070A181 ; jump if not zero leaving text not modified, other continue and modify the text + * 0070A179 8954E4 08 MOV DWORD PTR SS:[ESP+0x8],EDX ; override esp+8 with edx, i.e. override text address by new text address and do translation + * 0070A17D 5A POP EDX + * 0070A17E 58 POP EAX ; jichi: restore edx and eax, now esp is back to normal. [esp] is the new text address + * 0070A17F ^EB 9D JMP SHORT .0070A11E ; jichi: jump to the top of the hooked place (nop) and do translation before coming back + * 0070A181 8D42 20 LEA EAX,DWORD PTR DS:[EDX+0x20] ; text is not modified, esp[0x8] is the text address, edx is the modified buffer, eax = buffer[0x20] address + * 0070A184 60 PUSHAD ; jichi: esp[0x28] is now the text address + * 0070A185 89C7 MOV EDI,EAX ; jichi: edx[0x20] is the target + * 0070A187 8B32 MOV ESI,DWORD PTR DS:[EDX] ; jichi: edx is the source + * 0070A189 8B4A 14 MOV ECX,DWORD PTR DS:[EDX+0x14] + * 0070A18C 83C1 09 ADD ECX,0x9 ; move for [edx+0x14]+0x9 time + * 0070A18F F3:A4 REP MOVS BYTE PTR ES:[EDI],BYTE PTR DS:[ESI] ; jichi: shift text by 0x14 dword ptr + * 0070A191 61 POPAD ; jichi: now esp[0x8] is the text address + * 0070A192 8902 MOV DWORD PTR DS:[EDX],EAX ; eax is the new text address (edx+0x20), move the address to beginning of buffer ([edx]), i.e. edx is pointed to zero memory now + * 0070A194 ^EB E3 JMP SHORT .0070A179 ; come bback to modify the text address + * 0070A196 5A POP EDX + * 0070A197 58 POP EAX + * 0070A198 ^EB 89 JMP SHORT .0070A123 ; jichi: come back to call + * 0070A19A 90 NOP + * 0070A19B 90 NOP + * 0070A19C 90 NOP + * 0070A19D 90 NOP + * 0070A19E 90 NOP + * 0070A19F E8 6C9FEBFF CALL .005C4110 + * 0070A1A4 ^E9 F0C2EAFF JMP .005B6499 + * 0070A1A9 50 PUSH EAX ; jichi: from hookpoint #4 + * 0070A1AA 8B44E4 04 MOV EAX,DWORD PTR SS:[ESP+0x4] ; jichi: move top of the old stack address to eax + * 0070A1AE 8378 0C 01 CMP DWORD PTR DS:[EAX+0xC],0x1 + * 0070A1B2 76 31 JBE SHORT .0070A1E5 ; jichi: jump to leave if text[0xc] <= 0x1 + * 0070A1B4 8B87 84020000 MOV EAX,DWORD PTR DS:[EDI+0x284] + * 0070A1BA 66:8378 FC 46 CMP WORD PTR DS:[EAX-0x4],0x46 + * 0070A1BF 75 24 JNZ SHORT .0070A1E5 + * 0070A1C1 8378 F8 22 CMP DWORD PTR DS:[EAX-0x8],0x22 + * 0070A1C5 74 16 JE SHORT .0070A1DD + * 0070A1C7 8378 F8 13 CMP DWORD PTR DS:[EAX-0x8],0x13 + * 0070A1CB 75 18 JNZ SHORT .0070A1E5 + * 0070A1CD 90 NOP + * 0070A1CE 90 NOP + * 0070A1CF 90 NOP + * 0070A1D0 90 NOP + * 0070A1D1 90 NOP + * 0070A1D2 90 NOP + * 0070A1D3 90 NOP + * 0070A1D4 90 NOP + * 0070A1D5 90 NOP + * 0070A1D6 90 NOP + * 0070A1D7 90 NOP + * 0070A1D8 90 NOP + * 0070A1D9 90 NOP + * 0070A1DA 90 NOP + * 0070A1DB 90 NOP + * 0070A1DC 90 NOP + * 0070A1DD E8 06000000 CALL .0070A1E8 + * 0070A1E2 58 POP EAX + * 0070A1E3 ^EB B5 JMP SHORT .0070A19A + * 0070A1E5 58 POP EAX + * 0070A1E6 ^EB B7 JMP SHORT .0070A19F + * 0070A1E8 60 PUSHAD + * 0070A1E9 8B74E4 28 MOV ESI,DWORD PTR SS:[ESP+0x28] + * 0070A1ED BF E00B7A00 MOV EDI,.007A0BE0 + * 0070A1F2 897CE4 28 MOV DWORD PTR SS:[ESP+0x28],EDI + * 0070A1F6 B9 0C000000 MOV ECX,0xC + * 0070A1FB F3:A5 REP MOVS DWORD PTR ES:[EDI],DWORD PTR DS:[ESI] + * 0070A1FD 61 POPAD + * 0070A1FE C3 RETN + * 0070A1FF 0000 ADD BYTE PTR DS:[EAX],AL + * 0070A201 0000 ADD BYTE PTR DS:[EAX],AL + * 0070A203 0000 ADD BYTE PTR DS:[EAX],AL + * + * Modified places: + * + * 005E391C CC INT3 + * 005E391D CC INT3 + * 005E391E CC INT3 + * 005E391F CC INT3 + * 005E3920 55 PUSH EBP + * 005E3921 8BEC MOV EBP,ESP + * 005E3923 83E4 C0 AND ESP,0xFFFFFFC0 + * 005E3926 83EC 34 SUB ESP,0x34 + * 005E3929 53 PUSH EBX + * 005E392A 8B5D 08 MOV EBX,DWORD PTR SS:[EBP+0x8] + * 005E392D 817B 04 00010000 CMP DWORD PTR DS:[EBX+0x4],0x100 + * 005E3934 56 PUSH ESI + * 005E3935 57 PUSH EDI + * 005E3936 8B7D 0C MOV EDI,DWORD PTR SS:[EBP+0xC] + * 005E3939 8BF0 MOV ESI,EAX + * 005E393B EB 67 JMP SHORT .005E39A4 ; jichi: here modified point#1, change to always jump to 5e39a4, when enabled it will change font size + * 005E393D 8D4424 28 LEA EAX,DWORD PTR SS:[ESP+0x28] + * 005E3941 50 PUSH EAX + * 005E3942 8D4C24 30 LEA ECX,DWORD PTR SS:[ESP+0x30] + * + * 004EEA6E CC INT3 + * 004EEA6F CC INT3 + * 004EEA70 6A FF PUSH -0x1 + * 004EEA72 68 E8267000 PUSH .007026E8 + * 004EEA77 64:A1 00000000 MOV EAX,DWORD PTR FS:[0] + * 004EEA7D 50 PUSH EAX + * 004EEA7E 83EC 20 SUB ESP,0x20 + * 004EEA81 A1 DCC47700 MOV EAX,DWORD PTR DS:[0x77C4DC] + * 004EEA86 33C4 XOR EAX,ESP + * 004EEA88 894424 1C MOV DWORD PTR SS:[ESP+0x1C],EAX + * 004EEA8C 53 PUSH EBX + * 004EEA8D 55 PUSH EBP + * 004EEA8E 56 PUSH ESI + * 004EEA8F 57 PUSH EDI + * 004EEA90 A1 DCC47700 MOV EAX,DWORD PTR DS:[0x77C4DC] + * 004EEA95 33C4 XOR EAX,ESP + * 004EEA97 50 PUSH EAX + * 004EEA98 8D4424 34 LEA EAX,DWORD PTR SS:[ESP+0x34] + * 004EEA9C 64:A3 00000000 MOV DWORD PTR FS:[0],EAX + * 004EEAA2 8B4424 44 MOV EAX,DWORD PTR SS:[ESP+0x44] + * 004EEAA6 8BF1 MOV ESI,ECX + * 004EEAA8 E8 8346FBFF CALL .004A3130 + * 004EEAAD 8BE8 MOV EBP,EAX + * 004EEAAF 33DB XOR EBX,EBX + * 004EEAB1 3BEB CMP EBP,EBX + * 004EEAB3 75 07 JNZ SHORT .004EEABC + * 004EEAB5 32C0 XOR AL,AL + * 004EEAB7 E9 92000000 JMP .004EEB4E + * 004EEABC 8B06 MOV EAX,DWORD PTR DS:[ESI] + * 004EEABE 8B10 MOV EDX,DWORD PTR DS:[EAX] + * 004EEAC0 8BCE MOV ECX,ESI + * 004EEAC2 FFD2 CALL EDX + * 004EEAC4 8BC8 MOV ECX,EAX + * 004EEAC6 C74424 28 0F0000>MOV DWORD PTR SS:[ESP+0x28],0xF + * 004EEACE 895C24 24 MOV DWORD PTR SS:[ESP+0x24],EBX + * 004EEAD2 885C24 14 MOV BYTE PTR SS:[ESP+0x14],BL + * 004EEAD6 8D71 01 LEA ESI,DWORD PTR DS:[ECX+0x1] + * 004EEAD9 8DA424 00000000 LEA ESP,DWORD PTR SS:[ESP] + * 004EEAE0 8A11 MOV DL,BYTE PTR DS:[ECX] + * 004EEAE2 41 INC ECX + * 004EEAE3 3AD3 CMP DL,BL + * 004EEAE5 ^75 F9 JNZ SHORT .004EEAE0 + * 004EEAE7 2BCE SUB ECX,ESI + * 004EEAE9 50 PUSH EAX + * 004EEAEA 8BF9 MOV EDI,ECX + * 004EEAEC 8D7424 18 LEA ESI,DWORD PTR SS:[ESP+0x18] + * 004EEAF0 E8 CB27F1FF CALL .004012C0 + * 004EEAF5 8B7C24 48 MOV EDI,DWORD PTR SS:[ESP+0x48] + * 004EEAF9 895C24 3C MOV DWORD PTR SS:[ESP+0x3C],EBX + * 004EEAFD 8B75 3C MOV ESI,DWORD PTR SS:[EBP+0x3C] + * 004EEB00 E8 1B4A0100 CALL .00503520 + * 004EEB05 8BF8 MOV EDI,EAX + * 004EEB07 8DB7 E4000000 LEA ESI,DWORD PTR DS:[EDI+0xE4] + * 004EEB0D 8D4424 14 LEA EAX,DWORD PTR SS:[ESP+0x14] + * 004EEB11 8BD6 MOV EDX,ESI + * 004EEB13 E8 985CF1FF CALL .004047B0 + * 004EEB18 BD 10000000 MOV EBP,0x10 + * 004EEB1D 84C0 TEST AL,AL + * 004EEB1F 75 18 JNZ SHORT .004EEB39 + * 004EEB21 895E 10 MOV DWORD PTR DS:[ESI+0x10],EBX + * 004EEB24 396E 14 CMP DWORD PTR DS:[ESI+0x14],EBP + * 004EEB27 72 02 JB SHORT .004EEB2B + * 004EEB29 8B36 MOV ESI,DWORD PTR DS:[ESI] + * 004EEB2B 8D4424 14 LEA EAX,DWORD PTR SS:[ESP+0x14] + * 004EEB2F 50 PUSH EAX + * 004EEB30 8BCF MOV ECX,EDI + * 004EEB32 881E MOV BYTE PTR DS:[ESI],BL + * 004EEB34 E9 13B62100 JMP .0070A14C ; jichi: here hookpoint#2, name is modified here, scenario and names are here accessed char by char on the top of the stack + * 004EEB39 396C24 28 CMP DWORD PTR SS:[ESP+0x28],EBP + * 004EEB3D 72 0D JB SHORT .004EEB4C + * 004EEB3F 8B4C24 14 MOV ECX,DWORD PTR SS:[ESP+0x14] + * 004EEB43 51 PUSH ECX + * 004EEB44 E8 42DC1900 CALL .0068C78B + * 004EEB49 83C4 04 ADD ESP,0x4 + * 004EEB4C B0 01 MOV AL,0x1 + * 004EEB4E 8B4C24 34 MOV ECX,DWORD PTR SS:[ESP+0x34] + * 004EEB52 64:890D 00000000 MOV DWORD PTR FS:[0],ECX + * 004EEB59 59 POP ECX + * 004EEB5A 5F POP EDI + * 004EEB5B 5E POP ESI + * 004EEB5C 5D POP EBP + * 004EEB5D 5B POP EBX + * 004EEB5E 8B4C24 1C MOV ECX,DWORD PTR SS:[ESP+0x1C] + * 004EEB62 33CC XOR ECX,ESP + * 004EEB64 E8 9CD61900 CALL .0068C205 + * 004EEB69 83C4 2C ADD ESP,0x2C + * 004EEB6C C3 RETN + * 004EEB6D CC INT3 + * 004EEB6E CC INT3 + * + * 005C70EE CC INT3 + * 005C70EF CC INT3 + * 005C70F0 83EC 18 SUB ESP,0x18 + * 005C70F3 A1 DCC47700 MOV EAX,DWORD PTR DS:[0x77C4DC] + * 005C70F8 33C4 XOR EAX,ESP + * 005C70FA 894424 14 MOV DWORD PTR SS:[ESP+0x14],EAX + * 005C70FE 53 PUSH EBX + * 005C70FF 8B5C24 20 MOV EBX,DWORD PTR SS:[ESP+0x20] + * 005C7103 55 PUSH EBP + * 005C7104 8B6C24 2C MOV EBP,DWORD PTR SS:[ESP+0x2C] + * 005C7108 8B45 1C MOV EAX,DWORD PTR SS:[EBP+0x1C] + * 005C710B 56 PUSH ESI + * 005C710C 8BF2 MOV ESI,EDX + * 005C710E 57 PUSH EDI + * 005C710F 8BF9 MOV EDI,ECX + * 005C7111 897424 10 MOV DWORD PTR SS:[ESP+0x10],ESI + * 005C7115 83F8 44 CMP EAX,0x44 + * 005C7118 77 7A JA SHORT .005C7194 + * 005C711A 0FB680 7C735C00 MOVZX EAX,BYTE PTR DS:[EAX+0x5C737C] + * 005C7121 FF2485 60735C00 JMP DWORD PTR DS:[EAX*4+0x5C7360] + * 005C7128 8B4B 0C MOV ECX,DWORD PTR DS:[EBX+0xC] + * 005C712B 8B4424 30 MOV EAX,DWORD PTR SS:[ESP+0x30] + * 005C712F C1E9 02 SHR ECX,0x2 + * 005C7132 3BC1 CMP EAX,ECX + * 005C7134 73 5E JNB SHORT .005C7194 + * 005C7136 837B 0C 00 CMP DWORD PTR DS:[EBX+0xC],0x0 + * 005C713A 75 1C JNZ SHORT .005C7158 + * 005C713C 33DB XOR EBX,EBX + * 005C713E 5F POP EDI + * 005C713F 893483 MOV DWORD PTR DS:[EBX+EAX*4],ESI + * 005C7142 5E POP ESI + * 005C7143 5D POP EBP + * 005C7144 B0 01 MOV AL,0x1 + * 005C7146 5B POP EBX + * 005C7147 8B4C24 14 MOV ECX,DWORD PTR SS:[ESP+0x14] + * 005C714B 33CC XOR ECX,ESP + * 005C714D E8 B3500C00 CALL .0068C205 + * 005C7152 83C4 18 ADD ESP,0x18 + * 005C7155 C2 0C00 RETN 0xC + * 005C7158 8B5B 08 MOV EBX,DWORD PTR DS:[EBX+0x8] + * 005C715B 5F POP EDI + * 005C715C 893483 MOV DWORD PTR DS:[EBX+EAX*4],ESI + * 005C715F 5E POP ESI + * 005C7160 5D POP EBP + * 005C7161 B0 01 MOV AL,0x1 + * 005C7163 5B POP EBX + * 005C7164 8B4C24 14 MOV ECX,DWORD PTR SS:[ESP+0x14] + * 005C7168 33CC XOR ECX,ESP + * 005C716A E8 96500C00 CALL .0068C205 + * 005C716F 83C4 18 ADD ESP,0x18 + * 005C7172 C2 0C00 RETN 0xC + * 005C7175 F3:0F104424 10 MOVSS XMM0,DWORD PTR SS:[ESP+0x10] + * 005C717B 51 PUSH ECX + * 005C717C 8B4C24 34 MOV ECX,DWORD PTR SS:[ESP+0x34] + * 005C7180 8BC3 MOV EAX,EBX + * 005C7182 F3:0F110424 MOVSS DWORD PTR SS:[ESP],XMM0 + * 005C7187 E8 14C7FFFF CALL .005C38A0 + * 005C718C 84C0 TEST AL,AL + * 005C718E 0F85 B2010000 JNZ .005C7346 + * 005C7194 5F POP EDI + * 005C7195 5E POP ESI + * 005C7196 5D POP EBP + * 005C7197 32C0 XOR AL,AL + * 005C7199 5B POP EBX + * 005C719A 8B4C24 14 MOV ECX,DWORD PTR SS:[ESP+0x14] + * 005C719E 33CC XOR ECX,ESP + * 005C71A0 E8 60500C00 CALL .0068C205 + * 005C71A5 83C4 18 ADD ESP,0x18 + * 005C71A8 C2 0C00 RETN 0xC + * 005C71AB 8B4C24 30 MOV ECX,DWORD PTR SS:[ESP+0x30] + * 005C71AF 8D5424 10 LEA EDX,DWORD PTR SS:[ESP+0x10] + * 005C71B3 52 PUSH EDX + * 005C71B4 8BC3 MOV EAX,EBX + * 005C71B6 E8 25C7FFFF CALL .005C38E0 + * 005C71BB 84C0 TEST AL,AL + * 005C71BD ^74 D5 JE SHORT .005C7194 + * 005C71BF 8B4C24 10 MOV ECX,DWORD PTR SS:[ESP+0x10] + * 005C71C3 8BC7 MOV EAX,EDI + * 005C71C5 E8 D6F0FFFF CALL .005C62A0 + * 005C71CA 8BD8 MOV EBX,EAX + * 005C71CC 8BCE MOV ECX,ESI + * 005C71CE 8BC7 MOV EAX,EDI + * 005C71D0 E8 CBF0FFFF CALL .005C62A0 + * 005C71D5 85DB TEST EBX,EBX + * 005C71D7 ^74 BB JE SHORT .005C7194 + * 005C71D9 85C0 TEST EAX,EAX + * 005C71DB ^74 B7 JE SHORT .005C7194 + * 005C71DD 50 PUSH EAX + * 005C71DE 8BC3 MOV EAX,EBX + * 005C71E0 E8 2BCFFFFF CALL .005C4110 ; original function call + * //005C71E0 E9 482F1400 JMP .0070A12D ; jichi: here hookpoint#3, text is modified here, text in [[esp]+0x8]], length in [esp]+0xc + * 005C71E5 ^EB A5 JMP SHORT .005C718C + * 005C71E7 8B47 08 MOV EAX,DWORD PTR DS:[EDI+0x8] + * 005C71EA 8B4F 0C MOV ECX,DWORD PTR DS:[EDI+0xC] + * 005C71ED 2BC8 SUB ECX,EAX + * 005C71EF C1F9 02 SAR ECX,0x2 + * 005C71F2 3BF1 CMP ESI,ECX + * 005C71F4 ^73 9E JNB SHORT .005C7194 + * 005C71F6 8B34B0 MOV ESI,DWORD PTR DS:[EAX+ESI*4] + * 005C71F9 85F6 TEST ESI,ESI + * 005C71FB ^74 97 JE SHORT .005C7194 + * + * 005B640E CC INT3 + * 005B640F CC INT3 + * 005B6410 53 PUSH EBX + * 005B6411 56 PUSH ESI + * 005B6412 B9 FCFFFFFF MOV ECX,-0x4 + * 005B6417 57 PUSH EDI + * 005B6418 8BF8 MOV EDI,EAX + * 005B641A 018F B0020000 ADD DWORD PTR DS:[EDI+0x2B0],ECX + * 005B6420 8B87 B0020000 MOV EAX,DWORD PTR DS:[EDI+0x2B0] + * 005B6426 8B30 MOV ESI,DWORD PTR DS:[EAX] + * 005B6428 018F B0020000 ADD DWORD PTR DS:[EDI+0x2B0],ECX + * 005B642E 8B87 B0020000 MOV EAX,DWORD PTR DS:[EDI+0x2B0] + * 005B6434 8B08 MOV ECX,DWORD PTR DS:[EAX] + * 005B6436 8B87 E0010000 MOV EAX,DWORD PTR DS:[EDI+0x1E0] + * 005B643C 2B87 DC010000 SUB EAX,DWORD PTR DS:[EDI+0x1DC] + * 005B6442 C1F8 02 SAR EAX,0x2 + * 005B6445 3BF0 CMP ESI,EAX + * 005B6447 73 0D JNB SHORT .005B6456 + * 005B6449 8B87 DC010000 MOV EAX,DWORD PTR DS:[EDI+0x1DC] + * 005B644F 8B14B0 MOV EDX,DWORD PTR DS:[EAX+ESI*4] + * 005B6452 85D2 TEST EDX,EDX + * 005B6454 75 13 JNZ SHORT .005B6469 + * 005B6456 68 70757200 PUSH .00727570 + * 005B645B 8BCF MOV ECX,EDI + * 005B645D E8 AEC9FFFF CALL .005B2E10 + * 005B6462 83C4 04 ADD ESP,0x4 + * 005B6465 5F POP EDI + * 005B6466 5E POP ESI + * 005B6467 5B POP EBX + * 005B6468 C3 RETN + * 005B6469 8B9F E0010000 MOV EBX,DWORD PTR DS:[EDI+0x1E0] + * 005B646F 2BD8 SUB EBX,EAX + * 005B6471 C1FB 02 SAR EBX,0x2 + * 005B6474 3BCB CMP ECX,EBX + * 005B6476 73 07 JNB SHORT .005B647F + * 005B6478 8B0488 MOV EAX,DWORD PTR DS:[EAX+ECX*4] + * 005B647B 85C0 TEST EAX,EAX + * 005B647D 75 14 JNZ SHORT .005B6493 + * 005B647F 51 PUSH ECX + * 005B6480 68 A0757200 PUSH .007275A0 + * 005B6485 8BCF MOV ECX,EDI + * 005B6487 E8 84C9FFFF CALL .005B2E10 + * 005B648C 83C4 08 ADD ESP,0x8 + * 005B648F 5F POP EDI + * 005B6490 5E POP ESI + * 005B6491 5B POP EBX + * 005B6492 C3 RETN + * 005B6493 52 PUSH EDX + * 005B6494 E8 77DC0000 CALL .005C4110 + * //005B6494 E9 103D1500 JMP .0070A1A9 ; jichi: here hookpoint#4 + * 005B6499 84C0 TEST AL,AL + * 005B649B 75 16 JNZ SHORT .005B64B3 + * 005B649D 68 D4757200 PUSH .007275D4 + * 005B64A2 B9 F0757200 MOV ECX,.007275F0 ; ASCII "S_ASSIGN" + * 005B64A7 E8 84C8FFFF CALL .005B2D30 + * 005B64AC 83C4 04 ADD ESP,0x4 + * 005B64AF 5F POP EDI + * 005B64B0 5E POP ESI + * 005B64B1 5B POP EBX + * 005B64B2 C3 RETN + * 005B64B3 8B8F B0020000 MOV ECX,DWORD PTR DS:[EDI+0x2B0] + * 005B64B9 8931 MOV DWORD PTR DS:[ECX],ESI + * 005B64BB 8387 B0020000 04 ADD DWORD PTR DS:[EDI+0x2B0],0x4 + * 005B64C2 5F POP EDI + * 005B64C3 5E POP ESI + * 005B64C4 5B POP EBX + * 005B64C5 C3 RETN + * 005B64C6 CC INT3 + * 005B64C7 CC INT3 + * 005B64C8 CC INT3 + * + * Slightly modified #4 in AliceRunPatch.dll + * 101B6C10 5B POP EBX + * 101B6C11 59 POP ECX + * 101B6C12 C3 RETN + * 101B6C13 52 PUSH EDX + * 101B6C14 8BC1 MOV EAX,ECX + * 101B6C16 E9 4E7D1600 JMP .1031E969 ; jichi: hook here + * 101B6C1B 84C0 TEST AL,AL + * 101B6C1D 75 18 JNZ SHORT .101B6C37 + * 101B6C1F 68 FCB53310 PUSH .1033B5FC + * 101B6C24 B9 18B63310 MOV ECX,.1033B618 ; ASCII "S_ASSIGN" + * 101B6C29 E8 92B8FFFF CALL .101B24C0 + * 101B6C2E 83C4 04 ADD ESP,0x4 + * 101B6C31 5F POP EDI + * 101B6C32 5E POP ESI + * 101B6C33 5D POP EBP + * 101B6C34 5B POP EBX + * 101B6C35 59 POP ECX + * 101B6C36 C3 RETN + * 101B6C37 53 PUSH EBX + * 101B6C38 56 PUSH ESI + * 101B6C39 E8 E29C0100 CALL .101D0920 + * 101B6C3E 5F POP EDI + * 101B6C3F 5E POP ESI + * 101B6C40 5D POP EBP + * 101B6C41 5B POP EBX + * 101B6C42 59 POP ECX + * 101B6C43 C3 RETN + * 101B6C44 CC INT3 + * 101B6C45 CC INT3 + * 101B6C46 CC INT3 + * + * The function get called to paint string of names for hookpoint #2, text in arg1: + * 0050B69E CC INT3 + * 0050B69F CC INT3 + * 0050B6A0 55 PUSH EBP + * 0050B6A1 8BEC MOV EBP,ESP + * 0050B6A3 83E4 F8 AND ESP,0xFFFFFFF8 + * 0050B6A6 6A FF PUSH -0x1 + * 0050B6A8 68 F8277000 PUSH .007027F8 + * 0050B6AD 64:A1 00000000 MOV EAX,DWORD PTR FS:[0] + * 0050B6B3 50 PUSH EAX + * 0050B6B4 83EC 18 SUB ESP,0x18 + * 0050B6B7 53 PUSH EBX + * 0050B6B8 56 PUSH ESI + * 0050B6B9 57 PUSH EDI + * 0050B6BA A1 DCC47700 MOV EAX,DWORD PTR DS:[0x77C4DC] + * 0050B6BF 33C4 XOR EAX,ESP + * 0050B6C1 50 PUSH EAX + * 0050B6C2 8D4424 28 LEA EAX,DWORD PTR SS:[ESP+0x28] + * 0050B6C6 64:A3 00000000 MOV DWORD PTR FS:[0],EAX + * 0050B6CC 8BF9 MOV EDI,ECX + * 0050B6CE 57 PUSH EDI + * 0050B6CF E8 5CEAFFFF CALL .0050A130 + * 0050B6D4 8B45 08 MOV EAX,DWORD PTR SS:[EBP+0x8] + * 0050B6D7 6A FF PUSH -0x1 + * 0050B6D9 33DB XOR EBX,EBX + * 0050B6DB 53 PUSH EBX + * 0050B6DC 8DB7 E4000000 LEA ESI,DWORD PTR DS:[EDI+0xE4] + * 0050B6E2 50 PUSH EAX + * 0050B6E3 E8 886BEFFF CALL .00402270 + * 0050B6E8 895C24 14 MOV DWORD PTR SS:[ESP+0x14],EBX + * 0050B6EC 895C24 18 MOV DWORD PTR SS:[ESP+0x18],EBX + * 0050B6F0 895C24 1C MOV DWORD PTR SS:[ESP+0x1C],EBX + * 0050B6F4 56 PUSH ESI + * 0050B6F5 8D4C24 18 LEA ECX,DWORD PTR SS:[ESP+0x18] + * 0050B6F9 51 PUSH ECX + * 0050B6FA 57 PUSH EDI + * 0050B6FB 895C24 3C MOV DWORD PTR SS:[ESP+0x3C],EBX + * 0050B6FF E8 6C290000 CALL .0050E070 + * 0050B704 8D5424 14 LEA EDX,DWORD PTR SS:[ESP+0x14] + * 0050B708 8BCF MOV ECX,EDI + * 0050B70A E8 B1010000 CALL .0050B8C0 + * 0050B70F 8B7424 14 MOV ESI,DWORD PTR SS:[ESP+0x14] + * 0050B713 C687 E0000000 01 MOV BYTE PTR DS:[EDI+0xE0],0x1 + * 0050B71A 3BF3 CMP ESI,EBX + * 0050B71C 74 14 JE SHORT .0050B732 + * 0050B71E 8B7C24 18 MOV EDI,DWORD PTR SS:[ESP+0x18] + * 0050B722 8BC6 MOV EAX,ESI + * 0050B724 E8 7751F0FF CALL .004108A0 + * 0050B729 56 PUSH ESI + * 0050B72A E8 5C101800 CALL .0068C78B + * 0050B72F 83C4 04 ADD ESP,0x4 + * 0050B732 8B4C24 28 MOV ECX,DWORD PTR SS:[ESP+0x28] + * 0050B736 64:890D 00000000 MOV DWORD PTR FS:[0],ECX + * 0050B73D 59 POP ECX + * 0050B73E 5F POP EDI + * 0050B73F 5E POP ESI + * 0050B740 5B POP EBX + * 0050B741 8BE5 MOV ESP,EBP + * 0050B743 5D POP EBP + * 0050B744 C2 0400 RETN 0x4 + * 0050B747 CC INT3 + * 0050B748 CC INT3 + * 0050B749 CC INT3 + * 0050B74A CC INT3 + * 0050B74B CC INT3 + * 0050B74C CC INT3 + * + * Function get called for hookpoint #3, text in [arg1+0x10], length in arg1+0xc, only for scenario, function call is looped + * 005C410D CC INT3 + * 005C410E CC INT3 + * 005C410F CC INT3 + * 005C4110 53 PUSH EBX + * 005C4111 8B5C24 08 MOV EBX,DWORD PTR SS:[ESP+0x8] + * 005C4115 837B 0C 00 CMP DWORD PTR DS:[EBX+0xC],0x0 + * 005C4119 56 PUSH ESI + * 005C411A 57 PUSH EDI + * 005C411B 8BF0 MOV ESI,EAX + * 005C411D 74 07 JE SHORT .005C4126 + * 005C411F 8B43 08 MOV EAX,DWORD PTR DS:[EBX+0x8] + * 005C4122 85C0 TEST EAX,EAX + * 005C4124 75 04 JNZ SHORT .005C412A + * 005C4126 33C0 XOR EAX,EAX + * 005C4128 EB 0F JMP SHORT .005C4139 + * 005C412A 8D50 01 LEA EDX,DWORD PTR DS:[EAX+0x1] + * 005C412D 8D49 00 LEA ECX,DWORD PTR DS:[ECX] + * 005C4130 8A08 MOV CL,BYTE PTR DS:[EAX] + * 005C4132 40 INC EAX + * 005C4133 84C9 TEST CL,CL + * 005C4135 ^75 F9 JNZ SHORT .005C4130 + * 005C4137 2BC2 SUB EAX,EDX + * 005C4139 8D78 01 LEA EDI,DWORD PTR DS:[EAX+0x1] + * 005C413C 3B7E 0C CMP EDI,DWORD PTR DS:[ESI+0xC] + * 005C413F 76 0F JBE SHORT .005C4150 + * 005C4141 E8 FAF7FFFF CALL .005C3940 + * 005C4146 84C0 TEST AL,AL + * 005C4148 75 06 JNZ SHORT .005C4150 + * 005C414A 5F POP EDI + * 005C414B 5E POP ESI + * 005C414C 5B POP EBX + * 005C414D C2 0400 RETN 0x4 + * 005C4150 837B 0C 00 CMP DWORD PTR DS:[EBX+0xC],0x0 + * 005C4154 75 04 JNZ SHORT .005C415A + * 005C4156 33C9 XOR ECX,ECX + * 005C4158 EB 03 JMP SHORT .005C415D + * 005C415A 8B4B 08 MOV ECX,DWORD PTR DS:[EBX+0x8] + * 005C415D 837E 0C 00 CMP DWORD PTR DS:[ESI+0xC],0x0 + * 005C4161 75 15 JNZ SHORT .005C4178 + * 005C4163 57 PUSH EDI + * 005C4164 33C0 XOR EAX,EAX + * 005C4166 51 PUSH ECX + * 005C4167 50 PUSH EAX + * 005C4168 E8 33400D00 CALL .006981A0 + * 005C416D 83C4 0C ADD ESP,0xC + * 005C4170 5F POP EDI + * 005C4171 5E POP ESI + * 005C4172 B0 01 MOV AL,0x1 + * 005C4174 5B POP EBX + * 005C4175 C2 0400 RETN 0x4 + * 005C4178 8B46 08 MOV EAX,DWORD PTR DS:[ESI+0x8] + * 005C417B 57 PUSH EDI + * 005C417C 51 PUSH ECX + * 005C417D 50 PUSH EAX + * 005C417E E8 1D400D00 CALL .006981A0 + * 005C4183 83C4 0C ADD ESP,0xC + * 005C4186 5F POP EDI + * 005C4187 5E POP ESI + * 005C4188 B0 01 MOV AL,0x1 + * 005C418A 5B POP EBX + * 005C418B C2 0400 RETN 0x4 + * 005C418E CC INT3 + */ +static bool InsertSystem43NewHook(ULONG startAddress, ULONG stopAddress, LPCSTR hookName) +{ + const BYTE bytes[] = { + 0xe8, XX4, // 004eeb34 e8 67cb0100 call .0050b6a0 ; jichi: hook here, text on the top of the stack + 0x39,0x6c,0x24, 0x28, // 004eeb39 396c24 28 cmp dword ptr ss:[esp+0x28],ebp + 0x72, 0x0d, // 004eeb3d 72 0d jb short .004eeb4c + 0x8b,0x4c,0x24, 0x14, // 004eeb3f 8b4c24 14 mov ecx,dword ptr ss:[esp+0x14] + 0x51, // 004eeb43 51 push ecx + 0xe8 //, XX4, // 004eeb44 e8 42dc1900 call .0068c78b + }; + enum { addr_offset = 0 }; + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStopAddress); + //GROWL_DWORD(addr); + if (!addr) { + ConsoleOutput("System43+: pattern not found"); + return false; + } + + //addr = *(DWORD *)(addr+1) + addr + 5; // change to hook to the actual address of function being called + + HookParam hp; + hp.address = addr; + hp.type = NO_CONTEXT|USING_STRING|USING_SPLIT|SPLIT_INDIRECT; + //hp.type = NO_CONTEXT|USING_STRING|FIXING_SPLIT; + hp.split_index = 0x10; // use [[esp]+0x10] to differentiate name and thread + + // Only name can be modified here, where the value of split is 0x6, and text in 0x2 + + ConsoleOutput("INSERT System43+"); + + + ConsoleOutput("System43+: disable GDI hooks"); // disable hooking to TextOutA, which is cached + + return NewHook(hp, hookName); +} +bool System43New2Filter(LPVOID data, size_t *size, HookParam *) +{ + auto text = reinterpret_cast(data); + auto len = reinterpret_cast(size); + + CharReplacer(text, len, '\n', ' '); + + if (cpp_strnstr(text, "${", *len)) { + StringFilterBetween(text, len, "${", 3, "}", 1); + } + + return true; +} + +bool InsertSystem43New2Hook() +{ + + /* + * Sample games: + * https://vndb.org/r84067 + */ + const BYTE bytes[] = { + 0xC7, 0x46, 0x10, XX4, // mov [esi+10],00000000 + 0x72, 0x02, // jb dohnadohna.exe+1BFA7E + 0x8B, 0x36, // mov esi,[esi] + 0x8B, 0x4C, 0x24, 0x14, // mov ecx,[esp+14] + 0x57, // push edi + 0xC6, 0x06, 0x00 // mov byte ptr [esi],00 << hook here + }; + enum { addr_offset = sizeof(bytes) - 3 }; + + ULONG range = min(processStopAddress - processStartAddress, MAX_REL_ADDR); + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStartAddress + range); + if (!addr) { + ConsoleOutput("System43new: pattern not found"); + return false; + } + HookParam hp; + hp.address = addr + addr_offset; + hp.offset=get_reg(regs::edx); + hp.split = get_reg(regs::esp); + hp.type = NO_CONTEXT | USING_STRING | USING_SPLIT; + hp.filter_fun = System43New2Filter; + ConsoleOutput("INSERT System43new"); + return NewHook(hp, "System43new"); +} +bool InsertSystem43Hook() +{ + if (InsertSystem43New2Hook()) + return true; + //bool patched = Util::CheckFile(L"AliceRunPatch.dll"); + bool patched = ::GetModuleHandleA("AliceRunPatch.dll"); + // Insert new hook first + bool ok = InsertSystem43OldHook(processStartAddress, processStopAddress, patched ? "AliceRunPatch43" : "System43"); + ok = InsertSystem43NewHook(processStartAddress, processStopAddress, "System43+") || ok; + return ok; +} + +namespace { // unnamed + +struct TextArgument // first argument of the scenario hook +{ + ULONG *unknown[2]; + LPCSTR text; + int size; // text data size including '\0', length = size - 1 + int capacity; + ULONG split; + + bool isValid() const + { + return size <= capacity && size >= 4 && text && ::strlen(text) + 1 == size // skip translating single text + //&& !Util::allAscii(text) + && (UINT8)text[0] > 127 && (UINT8)text[size - 3] > 127 // skip text beginning / ending with ascii + && !::strstr(text, "\x81\x5e"); // "/" + } +}; + +namespace ScenarioHook { + +namespace Private { + bool isOtherText(LPCSTR text) + { + static const char *s[] = { + "\x82\xa2\x82\xa2\x82\xa6" /* いいえ */ + , "\x82\xcd\x82\xa2" /* はい */ + }; + for (int i = 0; i < sizeof(s)/sizeof(*s); i++) + if (::strcmp(text, s[i]) == 0) + return true; + return false; + } + + TextArgument *arg_, + argValue_; + /** + * Sample game: Rance03 + * + * Caller that related to load/save, which is the only caller get kept: + * 005C68A7 8B86 74010000 MOV EAX,DWORD PTR DS:[ESI+0x174] + * 005C68AD 8B1CA8 MOV EBX,DWORD PTR DS:[EAX+EBP*4] + * 005C68B0 85DB TEST EBX,EBX + * 005C68B2 74 63 JE SHORT Rance03T.005C6917 + * 005C68B4 8B86 78010000 MOV EAX,DWORD PTR DS:[ESI+0x178] + * 005C68BA 2B86 74010000 SUB EAX,DWORD PTR DS:[ESI+0x174] + * 005C68C0 C1F8 02 SAR EAX,0x2 + * 005C68C3 3BD0 CMP EDX,EAX + * 005C68C5 73 3C JNB SHORT Rance03T.005C6903 + * 005C68C7 8B86 74010000 MOV EAX,DWORD PTR DS:[ESI+0x174] + * 005C68CD 8B0C90 MOV ECX,DWORD PTR DS:[EAX+EDX*4] + * 005C68D0 85C9 TEST ECX,ECX + * 005C68D2 74 2F JE SHORT Rance03T.005C6903 + * 005C68D4 53 PUSH EBX + * 005C68D5 -E9 26976B09 JMP 09C80000 ; jichi: called + * 005C68DA 84C0 TEST AL,AL + * 005C68DC 75 18 JNZ SHORT Rance03T.005C68F6 + * 005C68DE 68 94726E00 PUSH Rance03T.006E7294 + * 005C68E3 68 00736E00 PUSH Rance03T.006E7300 ; ASCII "S_ASSIGN" + * 005C68E8 56 PUSH ESI + * 005C68E9 E8 12BBFFFF CALL Rance03T.005C2400 + * 005C68EE 83C4 0C ADD ESP,0xC + * 005C68F1 5F POP EDI + * 005C68F2 5E POP ESI + * + * Caller of the scenario thread: + * + * 005D6F80 ^74 BE JE SHORT Rance03T.005D6F40 + * 005D6F82 85C0 TEST EAX,EAX + * 005D6F84 ^74 BA JE SHORT Rance03T.005D6F40 + * 005D6F86 50 PUSH EAX + * 005D6F87 8BCF MOV ECX,EDI + * 005D6F89 -E9 72907009 JMP 09CE0000 ; jichi: called here + * 005D6F8E ^EB A8 JMP SHORT Rance03T.005D6F38 + * 005D6F90 8B46 0C MOV EAX,DWORD PTR DS:[ESI+0xC] + * 005D6F93 2B46 08 SUB EAX,DWORD PTR DS:[ESI+0x8] + * 005D6F96 C1F8 02 SAR EAX,0x2 + * 005D6F99 3BD8 CMP EBX,EAX + * 005D6F9B ^73 A3 JNB SHORT Rance03T.005D6F40 + * 005D6F9D 8B46 08 MOV EAX,DWORD PTR DS:[ESI+0x8] + * 005D6FA0 8B1C98 MOV EBX,DWORD PTR DS:[EAX+EBX*4] + */ + std::unordered_set hashes_; + void hookafter2(hook_stack*s,void* data, size_t len){ + auto newData =std::string((char*)data,len); + static std::string data_; + data_ = newData; + auto arg = (TextArgument *)s->stack[0]; // arg1 + arg_ = arg; + argValue_ = *arg; + + arg->text = data_.c_str(); + arg->size = data_.size() + 1; + arg->capacity = arg->size; + + hashes_.insert(simplehash::hashCharArray(arg->text)); + } + void hookBefore(hook_stack *s, HookParam *hp, TextBuffer *buffer, uintptr_t *role) + { + static std::string data_; // persistent storage, which makes this function not thread-safe + + //auto split = s->stack[5]; // parent function return address + //auto split = s->stack[10]; // parent's parent function return address + //auto split = *(DWORD *)(s->ecx + 0x10); + auto split = *(DWORD *)(s->ecx + 0x34); + //auto split = *(DWORD *)(s->ecx + 0x48); + // 005C68DA 84C0 TEST AL,AL + //if (*(WORD *)retaddr == 0xc084) // otherwise system text will be translated + // return true; + //if (*(WORD *)retaddr != 0xc084) // only translate one caller + // return true; + // 005D6F8E ^EB A8 JMP SHORT Rance03T.005D6F38 + //if (*(WORD *)retaddr != 0xa8eb) // this function has 7 callers, and only one is kept + // return true; + if (split > 0xff || split && split < 0xf) + return ; + auto arg = (TextArgument *)s->stack[0]; // arg1 + if (!arg || !arg->isValid() + || hashes_.find(simplehash::hashCharArray(arg->text)) != hashes_.end()) + return ; + if (arg->size < 0xf && split > 0 && !isOtherText(arg->text)) + return ; + //auto sig = Engine::hashThreadSignature(role, split); + //auto role = Engine::OtherRole; + * role = Engine::OtherRole; + if (!isOtherText(arg->text)) { + if (split == 0 && arg->size <= 0x10) + *role = Engine::NameRole; + else if (split >= 2 && split <= 0x14 && split != 3 && split != 0xb || split == 0x22) + *role = Engine::ScenarioRole; + } + buffer->from_cs(arg->text); + } + void hookAfter(hook_stack *stack, HookParam *hp, TextBuffer *buffer, uintptr_t *split) + { + if (arg_) { + *arg_ = argValue_; + arg_ = nullptr; + } + } +} // namespace Private + +/** + * Sample game: Rance03 + * + * Function that is similar to memcpy, found by debugging where game text get modified: + * + * 0069D84F CC INT3 + * 0069D850 57 PUSH EDI + * 0069D851 56 PUSH ESI + * 0069D852 8B7424 10 MOV ESI,DWORD PTR SS:[ESP+0x10] + * 0069D856 8B4C24 14 MOV ECX,DWORD PTR SS:[ESP+0x14] + * 0069D85A 8B7C24 0C MOV EDI,DWORD PTR SS:[ESP+0xC] + * 0069D85E 8BC1 MOV EAX,ECX + * 0069D860 8BD1 MOV EDX,ECX + * 0069D862 03C6 ADD EAX,ESI + * 0069D864 3BFE CMP EDI,ESI + * 0069D866 76 08 JBE SHORT Rance03T.0069D870 + * 0069D868 3BF8 CMP EDI,EAX + * 0069D86A 0F82 68030000 JB Rance03T.0069DBD8 + * 0069D870 0FBA25 5CC97500 >BT DWORD PTR DS:[0x75C95C],0x1 + * 0069D878 73 07 JNB SHORT Rance03T.0069D881 + * 0069D87A F3:A4 REP MOVS BYTE PTR ES:[EDI],BYTE PTR DS:[ESI] + * 0069D87C E9 17030000 JMP Rance03T.0069DB98 + * 0069D881 81F9 80000000 CMP ECX,0x80 + * 0069D887 0F82 CE010000 JB Rance03T.0069DA5B + * 0069D88D 8BC7 MOV EAX,EDI + * 0069D88F 33C6 XOR EAX,ESI + * 0069D891 A9 0F000000 TEST EAX,0xF + * 0069D896 75 0E JNZ SHORT Rance03T.0069D8A6 + * 0069D898 0FBA25 10A47400 >BT DWORD PTR DS:[0x74A410],0x1 + * 0069D8A0 0F82 DA040000 JB Rance03T.0069DD80 + * 0069D8A6 0FBA25 5CC97500 >BT DWORD PTR DS:[0x75C95C],0x0 + * 0069D8AE 0F83 A7010000 JNB Rance03T.0069DA5B + * 0069D8B4 F7C7 03000000 TEST EDI,0x3 + * 0069D8BA 0F85 B8010000 JNZ Rance03T.0069DA78 + * 0069D8C0 F7C6 03000000 TEST ESI,0x3 + * 0069D8C6 0F85 97010000 JNZ Rance03T.0069DA63 + * 0069D8CC 0FBAE7 02 BT EDI,0x2 + * 0069D8D0 73 0D JNB SHORT Rance03T.0069D8DF + * 0069D8D2 8B06 MOV EAX,DWORD PTR DS:[ESI] + * 0069D8D4 83E9 04 SUB ECX,0x4 + * 0069D8D7 8D76 04 LEA ESI,DWORD PTR DS:[ESI+0x4] + * 0069D8DA 8907 MOV DWORD PTR DS:[EDI],EAX + * 0069D8DC 8D7F 04 LEA EDI,DWORD PTR DS:[EDI+0x4] + * 0069D8DF 0FBAE7 03 BT EDI,0x3 + * 0069D8E3 73 11 JNB SHORT Rance03T.0069D8F6 + * 0069D8E5 F3: PREFIX REP: ; Superfluous prefix + * 0069D8E6 0F7E0E MOVD DWORD PTR DS:[ESI],MM1 + * 0069D8E9 83E9 08 SUB ECX,0x8 + * 0069D8EC 8D76 08 LEA ESI,DWORD PTR DS:[ESI+0x8] + * 0069D8EF 66:0FD6 ??? ; Unknown command + * 0069D8F2 -0F8D 7F08F7C6 JGE C760E177 + * 0069D8F8 07 POP ES ; Modification of segment register + * 0069D8F9 0000 ADD BYTE PTR DS:[EAX],AL + * 0069D8FB 007463 0F ADD BYTE PTR DS:[EBX+0xF],DH + * 0069D8FF BA E6030F83 MOV EDX,0x830F03E6 + * 0069D904 B2 00 MOV DL,0x0 + * 0069D906 0000 ADD BYTE PTR DS:[EAX],AL + * 0069D908 66:0F6F4E F4 MOVQ MM1,QWORD PTR DS:[ESI-0xC] + * 0069D90D 8D76 F4 LEA ESI,DWORD PTR DS:[ESI-0xC] + * 0069D910 66:0F6F5E 10 MOVQ MM3,QWORD PTR DS:[ESI+0x10] + * 0069D915 83E9 30 SUB ECX,0x30 + * 0069D918 66:0F6F46 20 MOVQ MM0,QWORD PTR DS:[ESI+0x20] + * 0069D91D 66:0F6F6E 30 MOVQ MM5,QWORD PTR DS:[ESI+0x30] + * 0069D922 8D76 30 LEA ESI,DWORD PTR DS:[ESI+0x30] + * 0069D925 83F9 30 CMP ECX,0x30 + * 0069D928 66:0F6FD3 MOVQ MM2,MM3 + * 0069D92C 66:0F3A ??? ; Unknown command + * 0069D92F 0FD90C66 PSUBUSW MM1,QWORD PTR DS:[ESI] + * 0069D933 0F7F1F MOVQ QWORD PTR DS:[EDI],MM3 + * 0069D936 66:0F6FE0 MOVQ MM4,MM0 + * 0069D93A 66:0F3A ??? ; Unknown command + * 0069D93D 0FC20C66 0F CMPPS XMM1,DQWORD PTR DS:[ESI],0xF + * 0069D942 7F 47 JG SHORT Rance03T.0069D98B + * 0069D944 1066 0F ADC BYTE PTR DS:[ESI+0xF],AH + * 0069D947 6F OUTS DX,DWORD PTR ES:[EDI] ; I/O command + * 0069D948 CD 66 INT 0x66 + * 0069D94A 0F3A ??? ; Unknown command + * 0069D94C 0FEC0C66 PADDSB MM1,QWORD PTR DS:[ESI] + * 0069D950 0F7F6F 20 MOVQ QWORD PTR DS:[EDI+0x20],MM5 + * 0069D954 8D7F 30 LEA EDI,DWORD PTR DS:[EDI+0x30] + * 0069D957 ^7D B7 JGE SHORT Rance03T.0069D910 + * 0069D959 8D76 0C LEA ESI,DWORD PTR DS:[ESI+0xC] + * 0069D95C E9 AF000000 JMP Rance03T.0069DA10 + * 0069D961 66:0F6F4E F8 MOVQ MM1,QWORD PTR DS:[ESI-0x8] + * 0069D966 8D76 F8 LEA ESI,DWORD PTR DS:[ESI-0x8] + * 0069D969 8D49 00 LEA ECX,DWORD PTR DS:[ECX] + * 0069D96C 66:0F6F5E 10 MOVQ MM3,QWORD PTR DS:[ESI+0x10] + * 0069D971 83E9 30 SUB ECX,0x30 + * 0069D974 66:0F6F46 20 MOVQ MM0,QWORD PTR DS:[ESI+0x20] + * 0069D979 66:0F6F6E 30 MOVQ MM5,QWORD PTR DS:[ESI+0x30] + * 0069D97E 8D76 30 LEA ESI,DWORD PTR DS:[ESI+0x30] + * 0069D981 83F9 30 CMP ECX,0x30 + * 0069D984 66:0F6FD3 MOVQ MM2,MM3 + * 0069D988 66:0F3A ??? ; Unknown command + * 0069D98B 0FD908 PSUBUSW MM1,QWORD PTR DS:[EAX] + * 0069D98E 66:0F7F1F MOVQ QWORD PTR DS:[EDI],MM3 + * 0069D992 66:0F6FE0 MOVQ MM4,MM0 + * 0069D996 66:0F3A ??? ; Unknown command + * 0069D999 0FC208 66 CMPPS XMM1,DQWORD PTR DS:[EAX],0x66 + * 0069D99D 0F7F47 10 MOVQ QWORD PTR DS:[EDI+0x10],MM0 + * 0069D9A1 66:0F6FCD MOVQ MM1,MM5 + * 0069D9A5 66:0F3A ??? ; Unknown command + * 0069D9A8 0FEC08 PADDSB MM1,QWORD PTR DS:[EAX] + * 0069D9AB 66:0F7F6F 20 MOVQ QWORD PTR DS:[EDI+0x20],MM5 + * 0069D9B0 8D7F 30 LEA EDI,DWORD PTR DS:[EDI+0x30] + * 0069D9B3 ^7D B7 JGE SHORT Rance03T.0069D96C + * 0069D9B5 8D76 08 LEA ESI,DWORD PTR DS:[ESI+0x8] + * 0069D9B8 EB 56 JMP SHORT Rance03T.0069DA10 + * 0069D9BA 66:0F6F4E FC MOVQ MM1,QWORD PTR DS:[ESI-0x4] + * 0069D9BF 8D76 FC LEA ESI,DWORD PTR DS:[ESI-0x4] + * 0069D9C2 8BFF MOV EDI,EDI + * 0069D9C4 66:0F6F5E 10 MOVQ MM3,QWORD PTR DS:[ESI+0x10] + * 0069D9C9 83E9 30 SUB ECX,0x30 + * 0069D9CC 66:0F6F46 20 MOVQ MM0,QWORD PTR DS:[ESI+0x20] + * 0069D9D1 66:0F6F6E 30 MOVQ MM5,QWORD PTR DS:[ESI+0x30] + * 0069D9D6 8D76 30 LEA ESI,DWORD PTR DS:[ESI+0x30] + * 0069D9D9 83F9 30 CMP ECX,0x30 + * 0069D9DC 66:0F6FD3 MOVQ MM2,MM3 + * 0069D9E0 66:0F3A ??? ; Unknown command + * 0069D9E3 0FD90466 PSUBUSW MM0,QWORD PTR DS:[ESI] + * 0069D9E7 0F7F1F MOVQ QWORD PTR DS:[EDI],MM3 + * 0069D9EA 66:0F6FE0 MOVQ MM4,MM0 + * 0069D9EE 66:0F3A ??? ; Unknown command + * 0069D9F1 0FC20466 0F CMPPS XMM0,DQWORD PTR DS:[ESI],0xF + * 0069D9F6 7F 47 JG SHORT Rance03T.0069DA3F + * 0069D9F8 1066 0F ADC BYTE PTR DS:[ESI+0xF],AH + * 0069D9FB 6F OUTS DX,DWORD PTR ES:[EDI] ; I/O command + * 0069D9FC CD 66 INT 0x66 + * 0069D9FE 0F3A ??? ; Unknown command + * 0069DA00 0FEC0466 PADDSB MM0,QWORD PTR DS:[ESI] + * 0069DA04 0F7F6F 20 MOVQ QWORD PTR DS:[EDI+0x20],MM5 + * 0069DA08 8D7F 30 LEA EDI,DWORD PTR DS:[EDI+0x30] + * 0069DA0B ^7D B7 JGE SHORT Rance03T.0069D9C4 + * 0069DA0D 8D76 04 LEA ESI,DWORD PTR DS:[ESI+0x4] + * 0069DA10 83F9 10 CMP ECX,0x10 + * 0069DA13 7C 13 JL SHORT Rance03T.0069DA28 + * 0069DA15 F3: PREFIX REP: ; Superfluous prefix + * 0069DA16 0F6F0E MOVQ MM1,QWORD PTR DS:[ESI] + * 0069DA19 83E9 10 SUB ECX,0x10 + * 0069DA1C 8D76 10 LEA ESI,DWORD PTR DS:[ESI+0x10] + * 0069DA1F 66:0F7F0F MOVQ QWORD PTR DS:[EDI],MM1 + * 0069DA23 8D7F 10 LEA EDI,DWORD PTR DS:[EDI+0x10] + * 0069DA26 ^EB E8 JMP SHORT Rance03T.0069DA10 + * 0069DA28 0FBAE1 02 BT ECX,0x2 + * 0069DA2C 73 0D JNB SHORT Rance03T.0069DA3B + * 0069DA2E 8B06 MOV EAX,DWORD PTR DS:[ESI] + * 0069DA30 83E9 04 SUB ECX,0x4 + * 0069DA33 8D76 04 LEA ESI,DWORD PTR DS:[ESI+0x4] + * 0069DA36 8907 MOV DWORD PTR DS:[EDI],EAX + * 0069DA38 8D7F 04 LEA EDI,DWORD PTR DS:[EDI+0x4] + * 0069DA3B 0FBAE1 03 BT ECX,0x3 + * 0069DA3F 73 11 JNB SHORT Rance03T.0069DA52 + * 0069DA41 F3: PREFIX REP: ; Superfluous prefix + * 0069DA42 0F7E0E MOVD DWORD PTR DS:[ESI],MM1 + * 0069DA45 83E9 08 SUB ECX,0x8 + * 0069DA48 8D76 08 LEA ESI,DWORD PTR DS:[ESI+0x8] + * 0069DA4B 66:0FD6 ??? ; Unknown command + * 0069DA4E -0F8D 7F088B04 JGE 04F4E2D3 + * 0069DA54 8D88 DB6900FF LEA ECX,DWORD PTR DS:[EAX+0xFF0069DB] + * 0069DA5A ^E0 F7 LOOPDNE SHORT Rance03T.0069DA53 + * 0069DA5C C703 00000075 MOV DWORD PTR DS:[EBX],0x75000000 + * 0069DA62 15 C1E90283 ADC EAX,0x8302E9C1 + * 0069DA67 E2 03 LOOPD SHORT Rance03T.0069DA6C + * 0069DA69 83F9 08 CMP ECX,0x8 + * 0069DA6C 72 2A JB SHORT Rance03T.0069DA98 + * 0069DA6E F3:A5 REP MOVS DWORD PTR ES:[EDI],DWORD PTR DS:[ESI> + * 0069DA70 FF2495 88DB6900 JMP DWORD PTR DS:[EDX*4+0x69DB88] + * 0069DA77 90 NOP + * + * 0012F810 0B4D3F30 + * 0012F814 06128970 + * 0012F818 005D3E12 RETURN to Rance03T.005D3E12 from Rance03T.0069D850 + * 0012F81C 06160B98 ; jichi: target text + * 0012F820 07F8CA80 ; jichi: source text + * 0012F824 00000017 ; jichi: size including \0 + * 0012F828 00384460 + * 0012F82C 00384240 + * 0012F830 0B4D3F30 + * 0012F834 005C68DA RETURN to Rance03T.005C68DA from Rance03T.005D3D90 + * 0012F838 0B4D3F30 + * 0012F83C 0012FAA8 + * 0012F840 00384240 + * 0012F844 0012F85C + * 0012F848 0012FF18 + * 0012F84C 005C1693 RETURN to Rance03T.005C1693 from Rance03T.005C6870 + * 0012F850 0012FAA8 + * 0012F854 00384240 + * 0012F858 0000000F + * 0012F85C /0012FF3C + * + * Actual hooked function: + * 005D3D8B CC INT3 + * 005D3D8C CC INT3 + * 005D3D8D CC INT3 + * 005D3D8E CC INT3 + * 005D3D8F CC INT3 + * 005D3D90 53 PUSH EBX + * 005D3D91 56 PUSH ESI + * 005D3D92 8B7424 0C MOV ESI,DWORD PTR SS:[ESP+0xC] + * 005D3D96 57 PUSH EDI + * 005D3D97 8BF9 MOV EDI,ECX + * 005D3D99 837E 0C 00 CMP DWORD PTR DS:[ESI+0xC],0x0 + * 005D3D9D 74 1C JE SHORT Rance03T.005D3DBB + * 005D3D9F 8B56 08 MOV EDX,DWORD PTR DS:[ESI+0x8] + * 005D3DA2 85D2 TEST EDX,EDX + * 005D3DA4 74 15 JE SHORT Rance03T.005D3DBB + * 005D3DA6 8D4A 01 LEA ECX,DWORD PTR DS:[EDX+0x1] + * 005D3DA9 8DA424 00000000 LEA ESP,DWORD PTR SS:[ESP] + * 005D3DB0 8A02 MOV AL,BYTE PTR DS:[EDX] + * 005D3DB2 42 INC EDX + * 005D3DB3 84C0 TEST AL,AL + * 005D3DB5 ^75 F9 JNZ SHORT Rance03T.005D3DB0 + * 005D3DB7 2BD1 SUB EDX,ECX + * 005D3DB9 EB 02 JMP SHORT Rance03T.005D3DBD + * 005D3DBB 33D2 XOR EDX,EDX + * 005D3DBD 8D5A 01 LEA EBX,DWORD PTR DS:[EDX+0x1] + * 005D3DC0 3B5F 0C CMP EBX,DWORD PTR DS:[EDI+0xC] + * 005D3DC3 76 1A JBE SHORT Rance03T.005D3DDF + * 005D3DC5 53 PUSH EBX + * 005D3DC6 8D4F 04 LEA ECX,DWORD PTR DS:[EDI+0x4] + * 005D3DC9 C747 0C 00000000 MOV DWORD PTR DS:[EDI+0xC],0x0 + * 005D3DD0 E8 DB700700 CALL Rance03T.0064AEB0 + * 005D3DD5 84C0 TEST AL,AL + * 005D3DD7 75 06 JNZ SHORT Rance03T.005D3DDF + * 005D3DD9 5F POP EDI + * 005D3DDA 5E POP ESI + * 005D3DDB 5B POP EBX + * 005D3DDC C2 0400 RETN 0x4 + * 005D3DDF 837E 0C 00 CMP DWORD PTR DS:[ESI+0xC],0x0 + * 005D3DE3 75 04 JNZ SHORT Rance03T.005D3DE9 + * 005D3DE5 33C9 XOR ECX,ECX + * 005D3DE7 EB 03 JMP SHORT Rance03T.005D3DEC + * 005D3DE9 8B4E 08 MOV ECX,DWORD PTR DS:[ESI+0x8] + * 005D3DEC 837F 0C 00 CMP DWORD PTR DS:[EDI+0xC],0x0 + * 005D3DF0 75 15 JNZ SHORT Rance03T.005D3E07 + * 005D3DF2 53 PUSH EBX + * 005D3DF3 33C0 XOR EAX,EAX + * 005D3DF5 51 PUSH ECX + * 005D3DF6 50 PUSH EAX + * 005D3DF7 E8 549A0C00 CALL Rance03T.0069D850 + * 005D3DFC 83C4 0C ADD ESP,0xC + * 005D3DFF B0 01 MOV AL,0x1 + * 005D3E01 5F POP EDI + * 005D3E02 5E POP ESI + * 005D3E03 5B POP EBX + * 005D3E04 C2 0400 RETN 0x4 + * 005D3E07 8B47 08 MOV EAX,DWORD PTR DS:[EDI+0x8] + * 005D3E0A 53 PUSH EBX + * 005D3E0B 51 PUSH ECX + * 005D3E0C 50 PUSH EAX + * 005D3E0D -E9 EEC1A201 JMP 02000000 ; jichi: called here + * 005D3E12 83C4 0C ADD ESP,0xC + * 005D3E15 B0 01 MOV AL,0x1 + * 005D3E17 5F POP EDI + * 005D3E18 5E POP ESI + * 005D3E19 5B POP EBX + * 005D3E1A C2 0400 RETN 0x4 + * 005D3E1D CC INT3 + * 005D3E1E CC INT3 + * 005D3E1F CC INT3 + * + * Arg1 of this function: + * 07B743F8 90 7A 70 00 F4 87 70 00 70 0E 27 08 1B 00 00 00 諏p.p.p'... + * 07B74408 20 00 00 00 02 00 00 00 01 00 00 00 CC 7F 2D 00 .........フ-. + * 07B74418 B3 52 41 00 FF FF FF FF EC 87 70 00 10 E3 1D 08 ウRA.・p.・ + * + * Caller that preserved: + * 005C68A7 8B86 74010000 MOV EAX,DWORD PTR DS:[ESI+0x174] + * 005C68AD 8B1CA8 MOV EBX,DWORD PTR DS:[EAX+EBP*4] + * 005C68B0 85DB TEST EBX,EBX + * 005C68B2 74 63 JE SHORT Rance03T.005C6917 + * 005C68B4 8B86 78010000 MOV EAX,DWORD PTR DS:[ESI+0x178] + * 005C68BA 2B86 74010000 SUB EAX,DWORD PTR DS:[ESI+0x174] + * 005C68C0 C1F8 02 SAR EAX,0x2 + * 005C68C3 3BD0 CMP EDX,EAX + * 005C68C5 73 3C JNB SHORT Rance03T.005C6903 + * 005C68C7 8B86 74010000 MOV EAX,DWORD PTR DS:[ESI+0x174] + * 005C68CD 8B0C90 MOV ECX,DWORD PTR DS:[EAX+EDX*4] + * 005C68D0 85C9 TEST ECX,ECX + * 005C68D2 74 2F JE SHORT Rance03T.005C6903 + * 005C68D4 53 PUSH EBX + * 005C68D5 E8 B6D40000 CALL Rance03T.005D3D90 ; jichi: called + * 005C68DA 84C0 TEST AL,AL ; jichi: retaddr + * 005C68DC 75 18 JNZ SHORT Rance03T.005C68F6 + * 005C68DE 68 94726E00 PUSH Rance03T.006E7294 + * 005C68E3 68 00736E00 PUSH Rance03T.006E7300 ; ASCII "S_ASSIGN" + * 005C68E8 56 PUSH ESI + * 005C68E9 E8 12BBFFFF CALL Rance03T.005C2400 + * 005C68EE 83C4 0C ADD ESP,0xC + * 005C68F1 5F POP EDI + * 005C68F2 5E POP ESI + */ +bool attach(ULONG startAddress, ULONG stopAddress) +{ + const uint8_t bytes[] = { + 0x53, // 005D3D90 53 PUSH EBX + 0x56, // 005D3D91 56 PUSH ESI + 0x8B,0x74,0x24, 0x0C, // 005D3D92 8B7424 0C MOV ESI,DWORD PTR SS:[ESP+0xC] + 0x57, // 005D3D96 57 PUSH EDI + 0x8B,0xF9, // 005D3D97 8BF9 MOV EDI,ECX + 0x83,0x7E, 0x0C, 0x00, // 005D3D99 837E 0C 00 CMP DWORD PTR DS:[ESI+0xC],0x0 + 0x74, 0x1C, // 005D3D9D 74 1C JE SHORT Rance03T.005D3DBB + 0x8B,0x56, 0x08, // 005D3D9F 8B56 08 MOV EDX,DWORD PTR DS:[ESI+0x8] + 0x85,0xD2, // 005D3DA2 85D2 TEST EDX,EDX + 0x74, 0x15, // 005D3DA4 74 15 JE SHORT Rance03T.005D3DBB + 0x8D,0x4A, 0x01, // 005D3DA6 8D4A 01 LEA ECX,DWORD PTR DS:[EDX+0x1] + 0x8D,0xA4,0x24, 0x00,0x00,0x00,0x00, // 005D3DA9 8DA424 00000000 LEA ESP,DWORD PTR SS:[ESP] + 0x8A,0x02, // 005D3DB0 8A02 MOV AL,BYTE PTR DS:[EDX] + 0x42, // 005D3DB2 42 INC EDX + 0x84,0xC0 // 005D3DB3 84C0 TEST AL,AL + }; + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), startAddress, stopAddress); + if (!addr) + return false; + //addr = MemDbg::findEnclosingAlignedFunction(addr); + //if (!addr) + // return false; + //addr = 0x005D3D90; + //return winhook::hook_before(addr, Private::hookBefore); + + int count = 0; + auto fun = [&count](ULONG addr) -> bool { + auto retaddr = addr + 5; + // 005C68DA 84C0 TEST AL,AL + if (*(WORD *)retaddr == 0xc084) + //auto before = std::bind(Private::hookBefore, addr + 5, std::placeholders::_1); + count +=1; + HookParam hp; + hp.address=addr; + hp.type=EMBED_ABLE|EMBED_DYNA_SJIS|NO_CONTEXT; + hp.text_fun=Private::hookBefore; + hp.hook_after=Private::hookafter2; + auto succ=NewHook(hp,"EmbedSysmtem44"); + hp.address=addr+5; + hp.text_fun=Private::hookAfter; + succ|=NewHook(hp,"EmbedSysmtem44"); + return succ; // replace all functions + }; + MemDbg::iterNearCallAddress(fun, addr, startAddress, stopAddress); + + return count; +} + +} // namespace ScenarioHook + +} // unnamed namespace + +bool attachSystem44(ULONG startAddress, ULONG stopAddress) +{ return ScenarioHook::attach(startAddress, stopAddress); } +namespace { // unnamed + +// - Search - + +ULONG searchScenarioAddress(ULONG startAddress, ULONG stopAddress) +{ + const uint8_t bytes[] = { + 0xe8, XX4, // 005c71e0 e8 2bcfffff call .005c4110 ; original function call + 0xeb, 0xa5, // 005c71e5 ^eb a5 jmp short .005c718c + 0x8b,0x47, 0x08, // 005c71e7 8b47 08 mov eax,dword ptr ds:[edi+0x8] + 0x8b,0x4f, 0x0c // 005c71ea 8b4f 0c mov ecx,dword ptr ds:[edi+0xc] + }; + return MemDbg::findBytes(bytes, sizeof(bytes), startAddress, stopAddress); +} + +ULONG searchNameAddress(ULONG startAddress, ULONG stopAddress) +{ + const uint8_t bytes[] = { + 0xe8, XX4, // 004eeb34 e8 67cb0100 call .0050b6a0 ; jichi: hook here + 0x39,0x6c,0x24, 0x28, // 004eeb39 396c24 28 cmp dword ptr ss:[esp+0x28],ebp + 0x72, 0x0d, // 004eeb3d 72 0d jb short .004eeb4c + 0x8b,0x4c,0x24, 0x14, // 004eeb3f 8b4c24 14 mov ecx,dword ptr ss:[esp+0x14] + 0x51, // 004eeb43 51 push ecx + 0xe8 //, XX4, // 004eeb44 e8 42dc1900 call .0068c78b + }; + return MemDbg::findBytes(bytes, sizeof(bytes), startAddress, stopAddress); +} + +ULONG searchOtherAddress(ULONG startAddress, ULONG stopAddress) +{ + const char *pattern = "S_ASSIGN"; + const uint8_t bytes[] = { + //0xc3, // 005b6492 c3 retn + //0x52, // 005b6493 52 push edx + 0xe8, XX4, // 005b6494 e8 77dc0000 call .005c4110 ; jichi: hook here + 0x84,0xc0, // 005b6499 84c0 test al,al + 0x75, XX, // 005b649b 75 16 jnz short .005b64b3 + 0x68, XX4, // 005b649d 68 d4757200 push .007275d4 + 0xb9 //, XX4, // 005b64a2 b9 f0757200 mov ecx,.007275f0 ; ascii "S_ASSIGN" + //0xe8, XX4 // 005b64a7 e8 84c8ffff call .005b2d30 + }; + + for (ULONG addr = startAddress; addr < stopAddress;) { + addr = MemDbg::findBytes(bytes, sizeof(bytes), addr, stopAddress); + if (!addr) + return 0; + addr += sizeof(bytes); + DWORD ecx = *(DWORD *)addr; + if (::strcmp((LPCSTR)ecx, pattern) == 0) + return addr - sizeof(bytes); + }; + return 0; +} + +// - Hook - + +struct TextHookBase +{ + struct TextArgument // first argument of the scenario hook + { + DWORD unknown1, + unknown2; + LPCSTR text; + DWORD size; // text data size, length = size - 1 + //DWORD split; // not a good split to distinguish translable text out + }; + + bool enabled_, + editable_; // for debugging only, whether text is not read-only + std::string buffer_; // persistent storage, which makes this function not thread-safe + TextArgument *arg_; // last argument + LPCSTR text_; // last text + DWORD size_; // last size + + TextHookBase() + : enabled_(true) + , editable_(true) + , arg_(nullptr) + , text_(nullptr) + , size_(0) + {} +}; +/* +class ScenarioHook43 : protected TextHookBase +{ +public: + bool hookBefore(hook_stack*s,void* data, size_t* len,uintptr_t*role) + { + // See ATcode patch: + // 0070A12E 8B87 B0000000 MOV EAX,DWORD PTR DS:[EDI+0xB0] + // 0070A134 66:8138 8400 CMP WORD PTR DS:[EAX],0x84 + // 0070A139 75 0E JNZ SHORT .0070A149 + // 0070A13B 8378 EA 5B CMP DWORD PTR DS:[EAX-0x16],0x5B + // 0070A13F 75 08 JNZ SHORT .0070A149 + DWORD split = *(WORD *)(s->edi + 0xb0); + if (split && split != 0x27f2) // new System43 after Evenicle + return false; + if (!split) { // old System43 before Evenicle where edi split is zero + split = s->stack[1]; + if (split != 0x84) + return false; + // Stack structure observed from 武想少女隊 + // 0012F4BC 07EAFD48 ; text address + // 0012F4C0 000002EC ; use this value as split + // 0012F4C4 00000011 + // 0012F4C8 0012F510 + // 0012F4CC 00000012 + // 0012F4D0 00001BAA + // 0012F4D4 00000012 + // 0012F4D8 06D2E24C + // 0012F4DC 00581125 RETURN to .00581125 from .0057DC30 + //if (s->stack[1] != 0x84) + // return true; + //if (s->stack[2] != 0x3) + // return true; + } + + auto arg = (TextArgument *)s->stack[0]; // top of the stack + LPCSTR text = arg->text; + if (arg->size <= 1 || !text || !*text || all_ascii(text)) + return false; + + *role = Engine::ScenarioRole ; + return write_string_overwrite(data,len,text); + } + + bool hookAfter(hook_stack*s,void* data, size_t* len,uintptr_t*role) + { + if (arg_) { + arg_->text = text_; + arg_->size = size_; + arg_ = nullptr; + } + return true; + } +}; + +class OtherHook43 : protected TextHookBase +{ +public: + bool hookBefore(hook_stack*s,void* data, size_t* len,uintptr_t*role) + { + if (!enabled_) + return false; + DWORD splitBase = *(DWORD *)(s->edi + 0x284); // [edi + 0x284] + if (!Engine::isAddressReadable(splitBase)) { + enabled_ = false; + return false; + } + DWORD split1 = *(WORD *)(splitBase - 0x4), // word [[edi + 0x284] - 0x4] + split2 = *(WORD *)(splitBase - 0x8); // word [[edi + 0x284] - 0x8] + enum : WORD { OtherSplit = 0x46 }; // 0x440046 if use dword split + if (split1 != OtherSplit || split2 <= 2) // split internal system messages + return false; + + auto arg = (TextArgument *)s->stack[0]; // top of the stack + + // auto g = EngineController::instance(); + LPCSTR text = arg->text; + if (arg->size <= 1 || !text || !*text || all_ascii(text)) + return false; + return write_string_overwrite(data,len,text); + } + + bool hookAfter(hook_stack*s,void* data, size_t* len,uintptr_t*role) + { + if (arg_) { + arg_->text = text_; + arg_->size = size_; + arg_ = nullptr; + } + return false; + } +}; + +// Text with fixed size +bool fixedTextHook(hook_stack*s,void* data, size_t* len,uintptr_t*role) +{ + enum { FixedSize = 0x10 }; + struct FixedArgument // first argument of the name hook + { + char text[FixedSize]; // 0x10 + DWORD type, // [[esp]+0x10] + type2; // [[esp]+0x14] + }; + + auto arg = (FixedArgument *)s->stack[0]; + if (arg->type2 != 0xf) // non 0xf is garbage text + return false; + + char *text = arg->text; + if (!text || !*text || all_ascii(text)) + return false; + + * role; + long sig; + if (arg->type == 0x6 || arg->type == 0xc) { + *role = Engine::NameRole; + } else if (::strlen(text) <= 2) // skip translating very short other text + return false; + else { + *role = Engine::OtherRole; + + } + return write_string_overwrite(data,len,text); +} +*/ +} // unnamed namespace + +bool attachSystem43(ULONG startAddress, ULONG stopAddress) +{ + //太麻煩 放棄。 + return false; + { + //ULONG addr = 0x005c71e0; + ULONG addr = ::searchScenarioAddress(startAddress, stopAddress); + if (!addr) + return false; + /* static auto h = new ScenarioHook43; // never deleted + if (!winhook::hook_both(addr, + std::bind(&ScenarioHook43::hookBefore, h, _1), + std::bind(&ScenarioHook43::hookAfter, h, _1))) + return false; + */ + } +/* + if (ULONG addr = ::searchOtherAddress(startAddress, stopAddress)) { + static auto h = new OtherHook; // never deleted + if (!winhook::hook_both(addr, + std::bind(&OtherHook43::hookBefore, h, _1), + std::bind(&OtherHook43::hookAfter, h, _1))) + DOUT("other text NOT FOUND"); + else + DOUT("other text address" << QString::number(addr, 16)); + } + + if (ULONG addr = ::searchNameAddress(startAddress, stopAddress)) { + if (winhook::hook_before(addr, ::fixedTextHook)) + DOUT("name text address" << QString::number(addr, 16)); + else + DOUT("name text NOT FOUND"); + } +*/ + //HijackManager::instance()->attachFunction((ULONG)::MultiByteToWideChar); + + return true; +} +namespace{ + bool system4X(ULONG startAddress, ULONG stopAddress){ + if (attachSystem43(startAddress, stopAddress)) { + return true; + } else if (attachSystem44(startAddress, stopAddress)) { + return true; + } else + return false; + } +} +namespace{ + bool System42Filter(LPVOID data, size_t *size, HookParam *) +{ + auto text = reinterpret_cast(data); + auto len = reinterpret_cast(size); + + if (*len == 1) + return false; + if (all_ascii(text, *len)) { + CharReplacer(text, len, '`', ' '); + CharReplacer(text, len, '\x7D', '-'); + } + + return true; +} + +bool InsertSystem42Hook() { + + /* + * Sample games: + * https://vndb.org/v1427 + */ + const BYTE bytes[] = { + 0x8B, 0x46, 0x04, // mov eax,[esi+04] + 0x57, // push edi + 0x52, // push edx + 0x50, // push eax + 0xE8, XX4 // call Sys42VM.DLL+4B5B0 + }; + + HMODULE module = GetModuleHandleW(L"Sys42VM.dll"); + auto [minAddress, maxAddress] = Util::QueryModuleLimits(module); + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), minAddress, maxAddress); + if (!addr) + return false; + + HookParam hp; + hp.address = addr; + hp.offset=get_reg(regs::edx); + hp.split =get_reg(regs::esp); + hp.type = NO_CONTEXT | USING_STRING | USING_SPLIT; + hp.filter_fun = System42Filter; + ConsoleOutput("INSERT System42"); + return NewHook(hp, "System42"); + +} +} +bool System4x::attach_function() { + if (Util::CheckFile(L"DLL/Sys42VM.dll")) + if (InsertSystem42Hook()) + return true; + auto _=system4X(processStartAddress,processStopAddress); + return InsertSystem43Hook()||_; +} \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine32/System4x.h b/cpp/LunaHook/LunaHook/engine32/System4x.h new file mode 100644 index 00000000..ce6fb765 --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/System4x.h @@ -0,0 +1,12 @@ + + +class System4x:public ENGINE{ + public: + System4x(){ + + check_by=CHECK_BY::FILE; + // jichi 12/26/2013: Add this after alicehook + check_by_target=L"AliceStart.ini"; + }; + bool attach_function(); +}; \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine32/SystemAoi.cpp b/cpp/LunaHook/LunaHook/engine32/SystemAoi.cpp new file mode 100644 index 00000000..f1be4d52 --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/SystemAoi.cpp @@ -0,0 +1,781 @@ +#include"SystemAoi.h" +/* 7/8/2014: The engine name is supposed to be: AoiGameSystem Engine + * See: http://capita.tistory.com/m/post/205 + * + * BUNNYBLACK Trial2 (SystemAoi4) + * baseaddr: 0x01d0000 + * + * 1002472e cc int3 + * 1002472f cc int3 + * 10024730 55 push ebp ; jichi: hook here + * 10024731 8bec mov ebp,esp + * 10024733 51 push ecx + * 10024734 c745 fc 00000000 mov dword ptr ss:[ebp-0x4],0x0 + * 1002473b 8b45 08 mov eax,dword ptr ss:[ebp+0x8] + * 1002473e 0fb708 movzx ecx,word ptr ds:[eax] + * 10024741 85c9 test ecx,ecx + * 10024743 74 34 je short _8.10024779 + * 10024745 6a 00 push 0x0 + * 10024747 6a 00 push 0x0 + * 10024749 6a 01 push 0x1 + * 1002474b 8b55 14 mov edx,dword ptr ss:[ebp+0x14] + * 1002474e 52 push edx + * 1002474f 0fb645 10 movzx eax,byte ptr ss:[ebp+0x10] + * 10024753 50 push eax + * 10024754 0fb74d 0c movzx ecx,word ptr ss:[ebp+0xc] + * 10024758 51 push ecx + * 10024759 8b55 08 mov edx,dword ptr ss:[ebp+0x8] + * 1002475c 52 push edx + * 1002475d e8 8eddffff call _8.100224f0 + * 10024762 83c4 1c add esp,0x1c + * 10024765 8945 fc mov dword ptr ss:[ebp-0x4],eax + * 10024768 8b45 1c mov eax,dword ptr ss:[ebp+0x1c] + * 1002476b 50 push eax + * 1002476c 8b4d 18 mov ecx,dword ptr ss:[ebp+0x18] + * 1002476f 51 push ecx + * 10024770 8b55 fc mov edx,dword ptr ss:[ebp-0x4] + * 10024773 52 push edx + * 10024774 e8 77c6ffff call _8.10020df0 + * 10024779 8b45 fc mov eax,dword ptr ss:[ebp-0x4] + * 1002477c 8be5 mov esp,ebp + * 1002477e 5d pop ebp + * 1002477f c2 1800 retn 0x18 + * 10024782 cc int3 + * 10024783 cc int3 + * 10024784 cc int3 + * + * 2/12/2015 jichi: SystemAoi5 + * + * Note that BUNNYBLACK 3 also has SystemAoi5 version 4.1 + * + * Hooked to PgsvTd.dll for all SystemAoi engine, which contains GDI functions. + * - Old: AoiLib.dll from DrawTextExA + * - SystemAoi4: Aoi4.dll from DrawTextExW + * - SystemAoi5: Aoi5.dll from GetGlyphOutlineW + * + * Logic: + * - Find GDI function (DrawTextExW, etc.) used to paint text in PgsvTd.dll + * - Then search the function call stack, to find where the exe module invoke PgsvTd + * - Finally insert to the call address, and text is on the top of the stack. + * + * Sample hooked call in 悪魔娘�看板料理 Aoi5 + * + * 00B6D085 56 PUSH ESI + * 00B6D086 52 PUSH EDX + * 00B6D087 51 PUSH ECX + * 00B6D088 68 9E630000 PUSH 0x639E + * 00B6D08D 50 PUSH EAX + * 00B6D08E FF15 54D0BC00 CALL DWORD PTR DS:[0xBCD054] ; _12.0039E890, jichi: hook here + * 00B6D094 8B57 20 MOV EDX,DWORD PTR DS:[EDI+0x20] + * 00B6D097 89049A MOV DWORD PTR DS:[EDX+EBX*4],EAX + * 00B6D09A 8B4F 20 MOV ECX,DWORD PTR DS:[EDI+0x20] + * 00B6D09D 8B1499 MOV EDX,DWORD PTR DS:[ECX+EBX*4] + * 00B6D0A0 8D85 50FDFFFF LEA EAX,DWORD PTR SS:[EBP-0x2B0] + * 00B6D0A6 50 PUSH EAX + * 00B6D0A7 52 PUSH EDX + * 00B6D0A8 FF15 18D0BC00 CALL DWORD PTR DS:[0xBCD018] ; _12.003A14A0 + * + * Special hook is needed, since the utf16 text is like this: + * [f9S30e0u] が、それ�人間相手�話�� */ +namespace { // unnamed +void SpecialHookSystemAoi(hook_stack *stack, HookParam *hp, TextBuffer *buffer, uintptr_t *split) +{ + *split = 0; // 8/3/2014 jichi: split is zero, so return address is used as split + if (hp->type & CODEC_UTF16) { + LPCWSTR wcs = (LPWSTR)stack->stack[1]; // jichi: text on the top of the stack + size_t size = ::wcslen(wcs); + for (DWORD i = 0; i < size; i++) + if (wcs[i] == L'>' || wcs[i] == L']') { // skip leading ] for scenario and > for name threads + i++; + if (wcs[i] == 0x3000) // \u3000 + i++; + size -= i; + buffer->from(wcs + i, size*2); + return; + } + } else { + LPCSTR cs = (LPCSTR)stack->stack[1]; // jichi: text on the top of the stack + size_t size = ::strlen(cs); + for (DWORD i = 0; i < size; i++) + if (cs[i] == '>' || cs[i] == ']') { + i++; + if ((unsigned char)cs[i] == 0x81 && cs[i+1] == 0x40) // \u3000 + i += 2; + size -= i; + buffer->from(cs + i, size); + return; + } + } +} + +int GetSystemAoiVersion() // return result is cached +{ + static int ret = 0; + if (!ret) { + if (Util::CheckFile(L"Aoi4.dll")) + ret = 4; + else if (Util::CheckFile(L"Aoi5.dll")) + ret = 5; + else if (Util::CheckFile(L"Aoi6.dll")) // not exist yet, for future version + ret = 6; + else if (Util::CheckFile(L"Aoi7.dll")) // not exist yet, for future version + ret = 7; + else // AoiLib.dll, etc + ret = 3; + } + return ret; +} + +bool InsertSystemAoiDynamicHook(LPVOID addr, hook_stack* stack) +{ + int version = GetSystemAoiVersion(); + bool utf16 = true; + if (addr == ::DrawTextExA) // < 4 + utf16 = false; + if (addr == ::DrawTextExW) // 4~5 + ; // pass + else if (addr == ::GetGlyphOutlineW && version >= 5) + ; // pass + else + return false; + + DWORD high, low; + Util::GetCodeRange(processStartAddress, &low, &high); + + // jichi 2/15/2015: Traverse the stack to dynamically find the ancestor call from the main module + const DWORD stop = (stack->esp & 0xffff0000) + 0x10000; // range to traverse the stack + for (DWORD i = stack->esp; i < stop; i += 4) { + DWORD k = *(DWORD *)i; + if (k > low && k < high && // jichi: if the stack address falls into the code region of the main exe module + ((*(WORD *)(k - 6) == 0x15ff) || *(BYTE *)(k - 5) == 0xe8)) { // jichi 10/20/2014: call dword ptr ds + + HookParam hp; + hp.offset=get_stack(1); + hp.text_fun = SpecialHookSystemAoi; // need to remove garbage + hp.type = utf16 ? (USING_STRING|CODEC_UTF16) : USING_STRING; + + i = *(DWORD *)(k - 4); // get function call address + if (*(DWORD *)(k - 5) == 0xe8) // short jump + hp.address = i + k; + else + hp.address = *(DWORD *)i; // jichi: long jump, this is what is happening in Aoi5 + //NewHook(hp, "SofthouseChara"); + //GROWL_DWORD(hp.address); // BUNNYBLACK: 0x10024730, base 0x01d0000 + auto succ=false; + if (hp.address) { + ConsoleOutput("INSERT SystemAoi"); + if (addr == ::GetGlyphOutlineW) + succ|=NewHook(hp, "SystemAoi2"); // jichi 2/12/2015 + else + succ|=NewHook(hp, "SystemAoi"); // jichi 7/8/2014: renamed, see: ja.wikipedia.org/wiki/ソフトハウスキャラ + ConsoleOutput("SystemAoi: disable GDI hooks"); + + } else + ConsoleOutput("failed to detect SystemAoi"); + //RegisterEngineType(ENGINE_SOFTHOUSE); + return succ; + } + } + ConsoleOutput("SystemAoi: failed"); + return true; // jichi 12/25/2013: return true +} + +bool InsertSystemAoiDynamic() +{ + ConsoleOutput("DYNAMIC SystemAoi"); + //ConsoleOutput("Probably SoftHouseChara. Wait for text."); + trigger_fun = InsertSystemAoiDynamicHook; + return true; +} + +ULONG findAoiProc(HMODULE hModule, LPCSTR functionName, int minParamNum = 0, int maxParamNum = 10) +{ + for (int i = minParamNum; i < maxParamNum; i++) { + std::string sig; // function signature name, such as _AgsSpriteCreateText@20 + sig.push_back('_'); + sig += functionName; + sig.push_back('@'); + sig += std::to_string(4ll * i); + if (auto proc = ::GetProcAddress(hModule, sig.c_str())) + return (ULONG)proc; + } + return 0; +} +namespace{ + template + wstrT ltrimA(wstrT text) + { + static const char *quotes[] = { "<>", "[]" }; // skip leading quotes + for each (const char *q in quotes) + while (text[0] == q[0]) { + if (auto p = ::strchr(text, q[1])) { + text = p + 1; + if ((UINT8)text[0] == 0x81 && (UINT8)text[1] == 0x40) // skip \u3000 leading space, assuming sjis encoding + text += 2; + } else + break; + } + return text; + } + template + wstrT ltrimW(wstrT text) + { + static const char *quotes[] = { "<>", "[]" }; // skip leading quotes + for each (const char *q in quotes) + while (text[0] == q[0]) { + if (auto p = ::wcschr(text, q[1])) { + text = p + 1; + if (*text == 0x3000) // skip \u3000 leading space + text++; + } else + break; + } + return text; + } + void beforeAgsSpriteCreateTextExW(hook_stack *s, HookParam *hp, TextBuffer *buffer, uintptr_t *role) + { + auto text = (LPWSTR)s->stack[2]; // arg2 + if (!text || !*text || !Engine::isAddressWritable(text)) + return ; + + text = ltrimW(text); + if (!*text) + return ; + + *role = Engine::OtherRole ; + buffer->from_cs(text); + } + void afterAgsSpriteCreateTextExW(hook_stack*s,void* data1, size_t len) + { + auto text = (LPWSTR)s->stack[2]; + text = ltrimW(text); + std::wstring _=std::wstring((LPWSTR)data1,len); + wcscpy((LPWSTR)text,_.c_str()); + } + void beforeAgsSpriteCreateTextW(hook_stack *s, HookParam *hp, TextBuffer *buffer, uintptr_t *role) + { + // All threads including character names are linked together + + auto text = (LPWSTR)s->stack[1]; // arg1 + if (!text || !*text || !Engine::isAddressWritable(text)) // skip modifying readonly text in code region + return ; + + bool containsTags = ::wcsstr(text, L"[u]"); + + text = ltrimW(text); + if (!*text) + return ; + + * role = Engine::OtherRole; + //ULONG split = s->stack[0]; // retaddr + ULONG split = s->stack[2]; // arg2 + if (!containsTags) + switch (split) { + case 0x63a1: + *role = Engine::NameRole; + break; + case 0x639e: + *role = Engine::ScenarioRole; + break; + } + buffer->from_cs(text); + } + void afterAgsSpriteCreateTextW(hook_stack*s,void* data1, size_t len) + { + auto text = (LPWSTR)s->stack[1]; + text = ltrimW(text); + std::wstring _=std::wstring((LPWSTR)data1,len); + wcscpy((LPWSTR)text,_.c_str()); + } + void afterAgsSpriteCreateTextA(hook_stack*s,void* data1, size_t len) + { + auto text = (LPSTR)s->stack[1]; // arg1 + text = ltrimA(text); + std::string _=std::string((char*)data1,len); + strcpy((char*)text,_.c_str()); + } + void beforeAgsSpriteCreateTextA(hook_stack *s, HookParam *hp, TextBuffer *buffer, uintptr_t *role) + { + // All threads including character names are linked together + + auto text = (LPSTR)s->stack[1]; // arg1 + if (!text || !*text || !Engine::isAddressWritable(text)) // skip modifying readonly text in code region + return ; + + bool containsTags = ::strstr(text, "[u]"); + + text = ltrimA(text); + if (!*text) + return ; + + * role = Engine::OtherRole; + //ULONG split = s->stack[0]; // retaddr + ULONG split = s->stack[2]; // arg2 + if (!containsTags) + switch (split) { + case 0x639d: + *role = Engine::NameRole; + break; + case 0x639c: + *role = Engine::ScenarioRole; + break; + } + buffer->from_cs(text); + } +} +// jichi 7/26/2015: Backport logic in vnragent to vnrhook +namespace AgsPatchA { +namespace Private { + + struct HookArgument { + ULONG unknown[13]; // + 0x34 + LPCSTR text; + }; + HookArgument *arg_; + LPCSTR text_; + + void hookBefore(hook_stack *s, HookParam *hp, TextBuffer *buffer, uintptr_t *split) + { + LPCSTR src = (LPCSTR)s->stack[6]; // original text in arg7 + //LPSTR dest = *(LPSTR *)(s->stack[0] + 0x34); // bad text in arg1+0x34 + arg_ = (HookArgument *)s->stack[0]; + text_ = arg_->text; + arg_->text = src; + } + + void hookAfter(hook_stack *stack, HookParam *hp, TextBuffer *buffer, uintptr_t *split) + { + if (arg_) { + arg_->text = text_; + arg_ = nullptr; + } + } + +} // namespace Private + +/** + * Sample game: 王賊 + * + * Prevent Aoi engine from modifying illegal characters. + * + * Function found by hijack DrawTextExA. + * + * 100173BD CC INT3 + * 100173BE CC INT3 + * 100173BF CC INT3 + * 100173C0 83EC 28 SUB ESP,0x28 + * 100173C3 53 PUSH EBX + * 100173C4 33DB XOR EBX,EBX + * 100173C6 55 PUSH EBP + * 100173C7 8B6C24 34 MOV EBP,DWORD PTR SS:[ESP+0x34] + * 100173CB 56 PUSH ESI + * 100173CC 57 PUSH EDI + * 100173CD 8BF8 MOV EDI,EAX + * 100173CF C745 30 18000000 MOV DWORD PTR SS:[EBP+0x30],0x18 + * 100173D6 381F CMP BYTE PTR DS:[EDI],BL + * 100173D8 895C24 28 MOV DWORD PTR SS:[ESP+0x28],EBX + * 100173DC C74424 2C FFFFFF>MOV DWORD PTR SS:[ESP+0x2C],0x7FFFFFFF + * 100173E4 895C24 1C MOV DWORD PTR SS:[ESP+0x1C],EBX + * 100173E8 895C24 20 MOV DWORD PTR SS:[ESP+0x20],EBX + * 100173EC 895C24 30 MOV DWORD PTR SS:[ESP+0x30],EBX + * 100173F0 895C24 34 MOV DWORD PTR SS:[ESP+0x34],EBX + * 100173F4 895C24 24 MOV DWORD PTR SS:[ESP+0x24],EBX + * 100173F8 895C24 14 MOV DWORD PTR SS:[ESP+0x14],EBX + * 100173FC 895C24 18 MOV DWORD PTR SS:[ESP+0x18],EBX + * 10017400 8BF7 MOV ESI,EDI + * 10017402 74 12 JE SHORT Ags.10017416 + * 10017404 56 PUSH ESI + * 10017405 FF15 90A00210 CALL DWORD PTR DS:[<&AoiLib._AoiString2B>; AoiLib._AoiString2ByteIs@4 + * 1001740B 85C0 TEST EAX,EAX + * 1001740D 74 7D JE SHORT Ags.1001748C + * 1001740F 83C6 02 ADD ESI,0x2 + * 10017412 381E CMP BYTE PTR DS:[ESI],BL + * 10017414 ^75 EE JNZ SHORT Ags.10017404 + * 10017416 57 PUSH EDI + * 10017417 FF15 94A00210 CALL DWORD PTR DS:[<&AoiLib._AoiStrlen@4>; AoiLib._AoiStrlen@4 + * 1001741D 8BC8 MOV ECX,EAX + * 1001741F 83C1 02 ADD ECX,0x2 + * 10017422 395C24 1C CMP DWORD PTR SS:[ESP+0x1C],EBX + * 10017426 74 0C JE SHORT Ags.10017434 + * 10017428 8BC1 MOV EAX,ECX + * 1001742A 33D2 XOR EDX,EDX + * 1001742C F77424 2C DIV DWORD PTR SS:[ESP+0x2C] + * 10017430 8D4C01 01 LEA ECX,DWORD PTR DS:[ECX+EAX+0x1] + * 10017434 395C24 28 CMP DWORD PTR SS:[ESP+0x28],EBX + * 10017438 74 07 JE SHORT Ags.10017441 + * 1001743A 8B4424 24 MOV EAX,DWORD PTR SS:[ESP+0x24] + * 1001743E 8D0C41 LEA ECX,DWORD PTR DS:[ECX+EAX*2] + * 10017441 51 PUSH ECX + * 10017442 FF15 18A00210 CALL DWORD PTR DS:[<&AoiLib._AoiMemoryAl>; AoiLib._AoiMemoryAlloc@4 + * 10017448 8945 34 MOV DWORD PTR SS:[EBP+0x34],EAX + * 1001744B 381F CMP BYTE PTR DS:[EDI],BL + * 1001744D 8BF0 MOV ESI,EAX + * 1001744F 0F84 6C020000 JE Ags.100176C1 + * 10017455 8B2D 50A10210 MOV EBP,DWORD PTR DS:[<&AoiLib._AoiStrin>; AoiLib._AoiString1to2Byte@8 + * 1001745B EB 03 JMP SHORT Ags.10017460 + * 1001745D 8D49 00 LEA ECX,DWORD PTR DS:[ECX] + * 10017460 57 PUSH EDI + * 10017461 FF15 90A00210 CALL DWORD PTR DS:[<&AoiLib._AoiString2B>; AoiLib._AoiString2ByteIs@4 + * 10017467 85C0 TEST EAX,EAX + * 10017469 0F84 99010000 JE Ags.10017608 + * 1001746F 8A0F MOV CL,BYTE PTR DS:[EDI] + * 10017471 880E MOV BYTE PTR DS:[ESI],CL + * 10017473 8A57 01 MOV DL,BYTE PTR DS:[EDI+0x1] + * 10017476 83C7 01 ADD EDI,0x1 + * 10017479 83C6 01 ADD ESI,0x1 + * 1001747C 8816 MOV BYTE PTR DS:[ESI],DL + * 1001747E 83C6 01 ADD ESI,0x1 + * 10017481 83C7 01 ADD EDI,0x1 + * 10017484 83C3 02 ADD EBX,0x2 + * 10017487 E9 F8010000 JMP Ags.10017684 + * 1001748C 803E 3C CMP BYTE PTR DS:[ESI],0x3C + * 1001748F 74 0D JE SHORT Ags.1001749E + * 10017491 83C6 01 ADD ESI,0x1 + * 10017494 834424 24 01 ADD DWORD PTR SS:[ESP+0x24],0x1 + * 10017499 ^E9 74FFFFFF JMP Ags.10017412 + * 1001749E 8A46 01 MOV AL,BYTE PTR DS:[ESI+0x1] + * 100174A1 83C6 01 ADD ESI,0x1 + * 100174A4 84C0 TEST AL,AL + * 100174A6 ^0F84 6AFFFFFF JE Ags.10017416 + * 100174AC 8D6424 00 LEA ESP,DWORD PTR SS:[ESP] + * 100174B0 3C 3E CMP AL,0x3E + * 100174B2 ^0F84 5AFFFFFF JE Ags.10017412 + * 100174B8 0FBEC0 MOVSX EAX,AL + * 100174BB 83C0 B5 ADD EAX,-0x4B + * 100174BE 83F8 2A CMP EAX,0x2A + * 100174C1 77 52 JA SHORT Ags.10017515 + * 100174C3 0FB680 70770110 MOVZX EAX,BYTE PTR DS:[EAX+0x10017770] + * 100174CA FF2485 50770110 JMP DWORD PTR DS:[EAX*4+0x10017750] + * 100174D1 8A46 01 MOV AL,BYTE PTR DS:[ESI+0x1] + * 100174D4 83C6 01 ADD ESI,0x1 + * 100174D7 33C9 XOR ECX,ECX + * 100174D9 3C 30 CMP AL,0x30 + * 100174DB 7C 1A JL SHORT Ags.100174F7 + * 100174DD 8D49 00 LEA ECX,DWORD PTR DS:[ECX] + * 100174E0 3C 39 CMP AL,0x39 + * 100174E2 7F 13 JG SHORT Ags.100174F7 + * 100174E4 83C6 01 ADD ESI,0x1 + * 100174E7 0FBED0 MOVSX EDX,AL + * 100174EA 8A06 MOV AL,BYTE PTR DS:[ESI] + * 100174EC 3C 30 CMP AL,0x30 + * 100174EE 8D0C89 LEA ECX,DWORD PTR DS:[ECX+ECX*4] + * 100174F1 8D4C4A D0 LEA ECX,DWORD PTR DS:[EDX+ECX*2-0x30] + * 100174F5 ^7D E9 JGE SHORT Ags.100174E0 + * 100174F7 6A 0A PUSH 0xA + * 100174F9 53 PUSH EBX + * 100174FA 51 PUSH ECX + * 100174FB FF15 88A00210 CALL DWORD PTR DS:[<&AoiLib._AoiMathLimi>; AoiLib._AoiMathLimit@12 + * 10017501 8B0485 08CB0210 MOV EAX,DWORD PTR DS:[EAX*4+0x1002CB08] + * 10017508 8945 30 MOV DWORD PTR SS:[EBP+0x30],EAX + * 1001750B EB 0B JMP SHORT Ags.10017518 + * 1001750D C74424 28 010000>MOV DWORD PTR SS:[ESP+0x28],0x1 + * 10017515 83C6 01 ADD ESI,0x1 + * 10017518 8A06 MOV AL,BYTE PTR DS:[ESI] + * 1001751A 84C0 TEST AL,AL + * 1001751C ^75 92 JNZ SHORT Ags.100174B0 + * 1001751E ^E9 F3FEFFFF JMP Ags.10017416 + * 10017523 8A46 01 MOV AL,BYTE PTR DS:[ESI+0x1] + * 10017526 83C6 01 ADD ESI,0x1 + * 10017529 33C9 XOR ECX,ECX + * 1001752B 3C 30 CMP AL,0x30 + * 1001752D C74424 1C 010000>MOV DWORD PTR SS:[ESP+0x1C],0x1 + * 10017535 ^7C E1 JL SHORT Ags.10017518 + * 10017537 3C 39 CMP AL,0x39 + * 10017539 7F 13 JG SHORT Ags.1001754E + * 1001753B 83C6 01 ADD ESI,0x1 + * 1001753E 0FBED0 MOVSX EDX,AL + * 10017541 8A06 MOV AL,BYTE PTR DS:[ESI] + * 10017543 3C 30 CMP AL,0x30 + * 10017545 8D0C89 LEA ECX,DWORD PTR DS:[ECX+ECX*4] + * 10017548 8D4C4A D0 LEA ECX,DWORD PTR DS:[EDX+ECX*2-0x30] + * 1001754C ^7D E9 JGE SHORT Ags.10017537 + * 1001754E 3BCB CMP ECX,EBX + * 10017550 ^74 C6 JE SHORT Ags.10017518 + * 10017552 894C24 2C MOV DWORD PTR SS:[ESP+0x2C],ECX + * 10017556 ^EB C0 JMP SHORT Ags.10017518 + * 10017558 8A46 01 MOV AL,BYTE PTR DS:[ESI+0x1] + * 1001755B 83C6 01 ADD ESI,0x1 + * 1001755E 3C 30 CMP AL,0x30 + * 10017560 ^7C B6 JL SHORT Ags.10017518 + * 10017562 3C 39 CMP AL,0x39 + * 10017564 ^7F B2 JG SHORT Ags.10017518 + * 10017566 0FBEC0 MOVSX EAX,AL + * 10017569 66:8B0C45 94CA02>MOV CX,WORD PTR DS:[EAX*2+0x1002CA94] + * 10017571 66:81C9 0080 OR CX,0x8000 + * 10017576 0FB7D1 MOVZX EDX,CX + * 10017579 895424 20 MOV DWORD PTR SS:[ESP+0x20],EDX + * 1001757D ^EB 96 JMP SHORT Ags.10017515 + * 1001757F 8A46 01 MOV AL,BYTE PTR DS:[ESI+0x1] + * 10017582 83C6 01 ADD ESI,0x1 + * 10017585 3C 30 CMP AL,0x30 + * 10017587 ^7C 8F JL SHORT Ags.10017518 + * 10017589 3C 39 CMP AL,0x39 + * 1001758B ^7F 8B JG SHORT Ags.10017518 + * 1001758D 0FBEC0 MOVSX EAX,AL + * 10017590 0FB70C45 94CA021>MOVZX ECX,WORD PTR DS:[EAX*2+0x1002CA94] + * 10017598 894C24 20 MOV DWORD PTR SS:[ESP+0x20],ECX + * 1001759C ^E9 74FFFFFF JMP Ags.10017515 + * 100175A1 8A46 01 MOV AL,BYTE PTR DS:[ESI+0x1] + * 100175A4 83C6 01 ADD ESI,0x1 + * 100175A7 3C 30 CMP AL,0x30 + * 100175A9 ^0F8C 69FFFFFF JL Ags.10017518 + * 100175AF 3C 39 CMP AL,0x39 + * 100175B1 ^0F8F 61FFFFFF JG Ags.10017518 + * 100175B7 0FBED0 MOVSX EDX,AL + * 100175BA 0FB70455 94CA021>MOVZX EAX,WORD PTR DS:[EDX*2+0x1002CA94] + * 100175C2 894424 30 MOV DWORD PTR SS:[ESP+0x30],EAX + * 100175C6 ^E9 4AFFFFFF JMP Ags.10017515 + * 100175CB 8A46 01 MOV AL,BYTE PTR DS:[ESI+0x1] + * 100175CE 83C6 01 ADD ESI,0x1 + * 100175D1 33C9 XOR ECX,ECX + * 100175D3 3C 30 CMP AL,0x30 + * 100175D5 ^0F8C 3DFFFFFF JL Ags.10017518 + * 100175DB EB 03 JMP SHORT Ags.100175E0 + * 100175DD 8D49 00 LEA ECX,DWORD PTR DS:[ECX] + * 100175E0 3C 39 CMP AL,0x39 + * 100175E2 7F 13 JG SHORT Ags.100175F7 + * 100175E4 83C6 01 ADD ESI,0x1 + * 100175E7 0FBED0 MOVSX EDX,AL + * 100175EA 8A06 MOV AL,BYTE PTR DS:[ESI] + * 100175EC 3C 30 CMP AL,0x30 + * 100175EE 8D0C89 LEA ECX,DWORD PTR DS:[ECX+ECX*4] + * 100175F1 8D4C4A D0 LEA ECX,DWORD PTR DS:[EDX+ECX*2-0x30] + * 100175F5 ^7D E9 JGE SHORT Ags.100175E0 + * 100175F7 3BCB CMP ECX,EBX + * 100175F9 ^0F84 19FFFFFF JE Ags.10017518 + * 100175FF 894C24 34 MOV DWORD PTR SS:[ESP+0x34],ECX + * 10017603 ^E9 10FFFFFF JMP Ags.10017518 + * 10017608 8A07 MOV AL,BYTE PTR DS:[EDI] + * 1001760A 3C 3C CMP AL,0x3C + * 1001760C 75 2A JNZ SHORT Ags.10017638 + * 1001760E 83C7 01 ADD EDI,0x1 + * 10017611 8806 MOV BYTE PTR DS:[ESI],AL + * 10017613 8A07 MOV AL,BYTE PTR DS:[EDI] + * 10017615 83C6 01 ADD ESI,0x1 + * 10017618 84C0 TEST AL,AL + * 1001761A 74 16 JE SHORT Ags.10017632 + * 1001761C 8D6424 00 LEA ESP,DWORD PTR SS:[ESP] + * 10017620 3C 3E CMP AL,0x3E + * 10017622 74 0E JE SHORT Ags.10017632 + * 10017624 83C7 01 ADD EDI,0x1 + * 10017627 8806 MOV BYTE PTR DS:[ESI],AL + * 10017629 8A07 MOV AL,BYTE PTR DS:[EDI] + * 1001762B 83C6 01 ADD ESI,0x1 + * 1001762E 84C0 TEST AL,AL + * 10017630 ^75 EE JNZ SHORT Ags.10017620 + * 10017632 8A07 MOV AL,BYTE PTR DS:[EDI] + * 10017634 8806 MOV BYTE PTR DS:[ESI],AL + * 10017636 EB 46 JMP SHORT Ags.1001767E + * 10017638 3C 0A CMP AL,0xA + * 1001763A 74 27 JE SHORT Ags.10017663 + * 1001763C 3C 7C CMP AL,0x7C + * 1001763E 74 23 JE SHORT Ags.10017663 + * 10017640 837C24 28 00 CMP DWORD PTR SS:[ESP+0x28],0x0 + * 10017645 74 0F JE SHORT Ags.10017656 + * 10017647 50 PUSH EAX + * 10017648 56 PUSH ESI + * 10017649 FFD5 CALL EBP + * 1001764B 83C6 02 ADD ESI,0x2 + * 1001764E 83C7 01 ADD EDI,0x1 + * 10017651 83C3 02 ADD EBX,0x2 + * 10017654 EB 2E JMP SHORT Ags.10017684 + * 10017656 8806 MOV BYTE PTR DS:[ESI],AL + * 10017658 83C6 01 ADD ESI,0x1 + * 1001765B 83C7 01 ADD EDI,0x1 + * 1001765E 83C3 01 ADD EBX,0x1 + * 10017661 EB 21 JMP SHORT Ags.10017684 + * 10017663 395C24 14 CMP DWORD PTR SS:[ESP+0x14],EBX + * 10017667 73 04 JNB SHORT Ags.1001766D + * 10017669 895C24 14 MOV DWORD PTR SS:[ESP+0x14],EBX + * 1001766D 837C24 1C 00 CMP DWORD PTR SS:[ESP+0x1C],0x0 + * 10017672 74 3D JE SHORT Ags.100176B1 + * 10017674 33DB XOR EBX,EBX + * 10017676 834424 18 01 ADD DWORD PTR SS:[ESP+0x18],0x1 + * 1001767B C606 0A MOV BYTE PTR DS:[ESI],0xA + * 1001767E 83C6 01 ADD ESI,0x1 + * 10017681 83C7 01 ADD EDI,0x1 + * 10017684 3B5C24 2C CMP EBX,DWORD PTR SS:[ESP+0x2C] + * 10017688 72 1E JB SHORT Ags.100176A8 + * 1001768A 395C24 14 CMP DWORD PTR SS:[ESP+0x14],EBX + * 1001768E 73 04 JNB SHORT Ags.10017694 + * 10017690 895C24 14 MOV DWORD PTR SS:[ESP+0x14],EBX + * 10017694 837C24 1C 00 CMP DWORD PTR SS:[ESP+0x1C],0x0 + * 10017699 74 16 JE SHORT Ags.100176B1 + * 1001769B 834424 18 01 ADD DWORD PTR SS:[ESP+0x18],0x1 + * 100176A0 33DB XOR EBX,EBX + * 100176A2 C606 0A MOV BYTE PTR DS:[ESI],0xA + * 100176A5 83C6 01 ADD ESI,0x1 + * 100176A8 803F 00 CMP BYTE PTR DS:[EDI],0x0 + * 100176AB ^0F85 AFFDFFFF JNZ Ags.10017460 + * 100176B1 395C24 14 CMP DWORD PTR SS:[ESP+0x14],EBX + * 100176B5 8B6C24 3C MOV EBP,DWORD PTR SS:[ESP+0x3C] + * 100176B9 73 04 JNB SHORT Ags.100176BF + * 100176BB 895C24 14 MOV DWORD PTR SS:[ESP+0x14],EBX + * 100176BF 33DB XOR EBX,EBX + * 100176C1 8B4C24 18 MOV ECX,DWORD PTR SS:[ESP+0x18] + * 100176C5 83C1 01 ADD ECX,0x1 + * 100176C8 807E FF 0A CMP BYTE PTR DS:[ESI-0x1],0xA + * 100176CC 75 03 JNZ SHORT Ags.100176D1 + * 100176CE 83C6 FF ADD ESI,-0x1 + * 100176D1 C606 00 MOV BYTE PTR DS:[ESI],0x0 + * 100176D4 8B45 30 MOV EAX,DWORD PTR SS:[EBP+0x30] + * 100176D7 8BD0 MOV EDX,EAX + * 100176D9 0FAFC1 IMUL EAX,ECX + * 100176DC 0FAF5424 14 IMUL EDX,DWORD PTR SS:[ESP+0x14] + * 100176E1 8945 10 MOV DWORD PTR SS:[EBP+0x10],EAX + * 100176E4 A1 BC3F0310 MOV EAX,DWORD PTR DS:[0x10033FBC] + * 100176E9 D1EA SHR EDX,1 + * 100176EB 8955 0C MOV DWORD PTR SS:[EBP+0xC],EDX + * 100176EE 8B88 44010000 MOV ECX,DWORD PTR DS:[EAX+0x144] + * 100176F4 3999 28010000 CMP DWORD PTR DS:[ECX+0x128],EBX + * 100176FA 74 19 JE SHORT Ags.10017715 + * 100176FC 8B5424 30 MOV EDX,DWORD PTR SS:[ESP+0x30] + * 10017700 8B4424 20 MOV EAX,DWORD PTR SS:[ESP+0x20] + * 10017704 52 PUSH EDX + * 10017705 50 PUSH EAX + * 10017706 8B4424 3C MOV EAX,DWORD PTR SS:[ESP+0x3C] + * 1001770A 55 PUSH EBP + * 1001770B E8 90F5FFFF CALL Ags.10016CA0 ; jichi: the paint function, bad text address in arg1 + 0x34, good text in arg7 + * 10017710 83C4 0C ADD ESP,0xC + * 10017713 EB 1B JMP SHORT Ags.10017730 + * 10017715 8B4C24 30 MOV ECX,DWORD PTR SS:[ESP+0x30] + * 10017719 8B5424 20 MOV EDX,DWORD PTR SS:[ESP+0x20] + * 1001771D 8B45 34 MOV EAX,DWORD PTR SS:[EBP+0x34] + * 10017720 51 PUSH ECX + * 10017721 8B4C24 38 MOV ECX,DWORD PTR SS:[ESP+0x38] + * 10017725 52 PUSH EDX + * 10017726 50 PUSH EAX + * 10017727 55 PUSH EBP + * 10017728 E8 33F9FFFF CALL Ags.10017060 + * 1001772D 83C4 10 ADD ESP,0x10 + * 10017730 8B4D 30 MOV ECX,DWORD PTR SS:[EBP+0x30] + * 10017733 8BC1 MOV EAX,ECX + * 10017735 99 CDQ + * 10017736 2BC2 SUB EAX,EDX + * 10017738 5F POP EDI + * 10017739 D1F8 SAR EAX,1 + * 1001773B 5E POP ESI + * 1001773C 8945 1C MOV DWORD PTR SS:[EBP+0x1C],EAX + * 1001773F 894D 20 MOV DWORD PTR SS:[EBP+0x20],ECX + * 10017742 5D POP EBP + * 10017743 B8 01000000 MOV EAX,0x1 + * 10017748 5B POP EBX + * 10017749 83C4 28 ADD ESP,0x28 + * 1001774C C3 RETN + * 1001774D 8D49 00 LEA ECX,DWORD PTR DS:[ECX] + * 10017750 7F 75 JG SHORT Ags.100177C7 + * 10017752 0110 ADD DWORD PTR DS:[EAX],EDX + * 10017754 CB RETF ; Far return + * 10017755 75 01 JNZ SHORT Ags.10017758 + * 10017757 1058 75 ADC BYTE PTR DS:[EAX+0x75],BL + * 1001775A 0110 ADD DWORD PTR DS:[EAX],EDX + * 1001775C A1 75011023 MOV EAX,DWORD PTR DS:[0x23100175] + * 10017761 75 01 JNZ SHORT Ags.10017764 + * 10017763 10D1 ADC CL,DL + * 10017765 74 01 JE SHORT Ags.10017768 + * 10017767 100D 75011015 ADC BYTE PTR DS:[0x15100175],CL + * 1001776D 75 01 JNZ SHORT Ags.10017770 + * 1001776F 1000 ADC BYTE PTR DS:[EAX],AL + * 10017771 0107 ADD DWORD PTR DS:[EDI],EAX + * 10017773 07 POP ES ; Modification of segment register + * 10017774 07 POP ES ; Modification of segment register + * 10017775 07 POP ES ; Modification of segment register + * 10017776 07 POP ES ; Modification of segment register + * 10017777 07 POP ES ; Modification of segment register + * 10017778 07 POP ES ; Modification of segment register + * 10017779 07 POP ES ; Modification of segment register + * 1001777A 07 POP ES ; Modification of segment register + * 1001777B 07 POP ES ; Modification of segment register + * 1001777C 07 POP ES ; Modification of segment register + * 1001777D 07 POP ES ; Modification of segment register + */ +bool attach(ULONG startAddress, ULONG stopAddress) +{ + const uint8_t bytes[] = { + 0x8b,0x44,0x24, 0x3c, // 10017706 8b4424 3c mov eax,dword ptr ss:[esp+0x3c] + 0x55, // 1001770a 55 push ebp + 0xe8, XX4, // 1001770b e8 90f5ffff call ags.10016ca0 ; jichi: the paint function, bad text address in arg1 + 0x34, good text in arg7 + 0x83,0xc4, 0x0c, // 10017710 83c4 0c add esp,0xc + 0xeb, 0x1b // 10017713 eb 1b jmp short ags.10017730 + }; + enum { addr_offset = 0x1001770b - 0x10017706 }; // == 5 + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), startAddress, stopAddress); + if (!addr) + return false; + HookParam hp; + hp.address=addr; + hp.text_fun=Private::hookBefore; + auto succ=NewHook(hp,"AgsPatchA"); + hp.address+=5; + hp.text_fun=Private::hookAfter; + + succ|=NewHook(hp,"AgsPatchA"); + return succ; +} +} // namespace AgsPatchA +bool InsertSystemAoiStatic(HMODULE hModule, bool wideChar) // attach scenario +{ + ULONG addr = findAoiProc(hModule, "AgsSpriteCreateText", 1); + if (!addr) { + ConsoleOutput("SystemAoiStatic: function found"); + return false; + } + HookParam hp; + hp.address = addr; + hp.offset=get_stack(1); + hp.text_fun = SpecialHookSystemAoi; //其实已无效(在before的lstrim里有一样的功能。但保留。 + + hp.type=EMBED_ABLE|USING_STRING|NO_CONTEXT;//|EMBED_AFTER_OVERWRITE; + //hp.type |= NO_CONTEXT|USING_SPLIT|SPLIT_INDIRECT; + ConsoleOutput("INSERT static SystemAoi"); + auto succ=false; + if (wideChar){ + hp.type |=CODEC_UTF16 ; + hp.text_fun=beforeAgsSpriteCreateTextW; + hp.hook_after=afterAgsSpriteCreateTextW; + succ|=NewHook(hp, "SystemAoiW"); + + ULONG addr = findAoiProc(hModule, "AgsSpriteCreateTextEx", 1); + if (addr) { + HookParam hp; + hp.address = addr; + hp.offset=get_stack(2); + hp.type=CODEC_UTF16|EMBED_ABLE;//|EMBED_AFTER_OVERWRITE; + hp.text_fun=beforeAgsSpriteCreateTextExW; + hp.hook_after=afterAgsSpriteCreateTextExW; + succ|=NewHook(hp, "SystemAoiExW"); + } + + return succ; + } + else{ + hp.text_fun=beforeAgsSpriteCreateTextA; + hp.hook_after=afterAgsSpriteCreateTextA; + hp.hook_font=F_DrawTextExA; + if(AgsPatchA::attach(processStartAddress,processStopAddress)==false) + hp.type|=EMBED_DYNA_SJIS; + succ|=NewHook(hp, "SystemAoiA"); + } + return succ; +} +} // unnamed namespace + +bool InsertSystemAoiHook() // this function always returns true +{ + HMODULE hModule = ::GetModuleHandleA("Ags.dll"); + bool wideChar = true; + if (hModule) // Aoi <= 3 + wideChar = false; + else { // Aoi >= 4 + hModule = ::GetModuleHandleA("Ags5.dll"); + if (!hModule) + hModule = ::GetModuleHandleA("Ags4.dll"); + } + return hModule && InsertSystemAoiStatic(hModule, wideChar) + || InsertSystemAoiDynamic(); +} + +bool SystemAoi::attach_function() { + + return InsertSystemAoiHook(); +} \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine32/SystemAoi.h b/cpp/LunaHook/LunaHook/engine32/SystemAoi.h new file mode 100644 index 00000000..0d3b4249 --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/SystemAoi.h @@ -0,0 +1,12 @@ + + +class SystemAoi:public ENGINE{ + public: + SystemAoi(){ + + check_by=CHECK_BY::FILE; + check_by_target=L"*.vfs"; + // jichi 7/6/2014: Better to test AoiLib.dll? ja.wikipedia.org/wiki/ソフトハウスキャラ + }; + bool attach_function(); +}; \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine32/Syuntada.cpp b/cpp/LunaHook/LunaHook/engine32/Syuntada.cpp new file mode 100644 index 00000000..288ef509 --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/Syuntada.cpp @@ -0,0 +1,201 @@ +#include"Syuntada.h" + + +/** jichi 2/6/2015 Syuntada + * Sample game: [140816] [平安亭] カノジョのお母さん�好きですか-- /HA-18@6944C:kanojo.exe + * + * /HA-18@6944C:kanojo.exe + * - addr: 431180 = 0x6944c + * - module: 1301076281 + * - off: 4294967268 = 0xffffffe4 = - 0x1c + * - length_offset: 1 + * - type: 68 = 0x44 + * + * 004692bd cc int3 + * 004692be cc int3 + * 004692bf cc int3 + * 004692c0 83ec 48 sub esp,0x48 + * 004692c3 53 push ebx + * 004692c4 55 push ebp + * 004692c5 56 push esi + * 004692c6 8bf1 mov esi,ecx + * 004692c8 8b86 d4000000 mov eax,dword ptr ds:[esi+0xd4] + * 004692ce 0386 8c040000 add eax,dword ptr ds:[esi+0x48c] + * 004692d4 8b8e c8010000 mov ecx,dword ptr ds:[esi+0x1c8] + * 004692da 8b9e 90040000 mov ebx,dword ptr ds:[esi+0x490] + * 004692e0 03c0 add eax,eax + * 004692e2 03c0 add eax,eax + * 004692e4 894424 24 mov dword ptr ss:[esp+0x24],eax + * 004692e8 8b86 c4010000 mov eax,dword ptr ds:[esi+0x1c4] + * 004692ee 8986 94040000 mov dword ptr ds:[esi+0x494],eax + * 004692f4 8b4424 60 mov eax,dword ptr ss:[esp+0x60] + * 004692f8 898e 98040000 mov dword ptr ds:[esi+0x498],ecx + * 004692fe 0fb628 movzx ebp,byte ptr ds:[eax] + * 00469301 0fb650 01 movzx edx,byte ptr ds:[eax+0x1] + * 00469305 c1e5 08 shl ebp,0x8 + * 00469308 0bea or ebp,edx + * 0046930a 03db add ebx,ebx + * 0046930c 03db add ebx,ebx + * 0046930e 8d8d 617dffff lea ecx,dword ptr ss:[ebp+0xffff7d61] + * 00469314 57 push edi + * 00469315 895c24 30 mov dword ptr ss:[esp+0x30],ebx + * 00469319 c74424 38 100000>mov dword ptr ss:[esp+0x38],0x10 + * 00469321 896c24 34 mov dword ptr ss:[esp+0x34],ebp + * 00469325 b8 02000000 mov eax,0x2 + * 0046932a 83f9 52 cmp ecx,0x52 + * 0046932d 77 02 ja short .00469331 + * 0046932f 33c0 xor eax,eax + * 00469331 81fd 41810000 cmp ebp,0x8141 + * 00469337 7c 08 jl short .00469341 + * 00469339 81fd 9a820000 cmp ebp,0x829a + * 0046933f 7e 0e jle short .0046934f + * 00469341 8d95 c07cffff lea edx,dword ptr ss:[ebp+0xffff7cc0] + * 00469347 81fa 4f040000 cmp edx,0x44f + * 0046934d 77 09 ja short .00469358 + * 0046934f bf 01000000 mov edi,0x1 + * 00469354 8bc7 mov eax,edi + * 00469356 eb 05 jmp short .0046935d + * 00469358 bf 01000000 mov edi,0x1 + * 0046935d 83e8 00 sub eax,0x0 + * 00469360 74 2a je short .0046938c + * 00469362 2bc7 sub eax,edi + * 00469364 74 0c je short .00469372 + * 00469366 2bc7 sub eax,edi + * 00469368 75 3a jnz short .004693a4 + * 0046936a 8b96 68010000 mov edx,dword ptr ds:[esi+0x168] + * 00469370 eb 20 jmp short .00469392 + * 00469372 8b96 7c090000 mov edx,dword ptr ds:[esi+0x97c] + * 00469378 8b86 64010000 mov eax,dword ptr ds:[esi+0x164] + * 0046937e 8b52 28 mov edx,dword ptr ds:[edx+0x28] + * 00469381 8d8e 7c090000 lea ecx,dword ptr ds:[esi+0x97c] + * 00469387 50 push eax + * 00469388 ffd2 call edx + * 0046938a eb 18 jmp short .004693a4 + * 0046938c 8b96 60010000 mov edx,dword ptr ds:[esi+0x160] + * 00469392 8b86 7c090000 mov eax,dword ptr ds:[esi+0x97c] + * 00469398 8b40 28 mov eax,dword ptr ds:[eax+0x28] + * 0046939b 8d8e 7c090000 lea ecx,dword ptr ds:[esi+0x97c] + * 004693a1 52 push edx + * 004693a2 ffd0 call eax + * 004693a4 39be d40f0000 cmp dword ptr ds:[esi+0xfd4],edi + * 004693aa 75 45 jnz short .004693f1 + * 004693ac 8b8e 90040000 mov ecx,dword ptr ds:[esi+0x490] + * 004693b2 b8 d0020000 mov eax,0x2d0 + * 004693b7 2bc1 sub eax,ecx + * 004693b9 2b86 c8010000 sub eax,dword ptr ds:[esi+0x1c8] + * 004693bf 68 000f0000 push 0xf00 + * 004693c4 8d0480 lea eax,dword ptr ds:[eax+eax*4] + * 004693c7 c1e0 08 shl eax,0x8 + * 004693ca 0386 c4010000 add eax,dword ptr ds:[esi+0x1c4] + * 004693d0 8d1440 lea edx,dword ptr ds:[eax+eax*2] + * 004693d3 8b4424 60 mov eax,dword ptr ss:[esp+0x60] + * 004693d7 52 push edx + * 004693d8 8b50 40 mov edx,dword ptr ds:[eax+0x40] + * 004693db 8b86 c8000000 mov eax,dword ptr ds:[esi+0xc8] + * 004693e1 0386 8c040000 add eax,dword ptr ds:[esi+0x48c] + * 004693e7 52 push edx + * 004693e8 50 push eax + * 004693e9 51 push ecx + * 004693ea 8bce mov ecx,esi + * 004693ec e8 9fc4ffff call .00465890 + * 004693f1 39be d00f0000 cmp dword ptr ds:[esi+0xfd0],edi + * 004693f7 0f85 f2010000 jnz .004695ef + * 004693fd 8d86 20100000 lea eax,dword ptr ds:[esi+0x1020] + * 00469403 50 push eax + * 00469404 55 push ebp + * 00469405 8bce mov ecx,esi + * 00469407 e8 64f4ffff call .00468870 + * 0046940c 8a4e 25 mov cl,byte ptr ds:[esi+0x25] + * 0046940f 8a56 26 mov dl,byte ptr ds:[esi+0x26] + * 00469412 884c24 18 mov byte ptr ss:[esp+0x18],cl + * 00469416 8b4c24 5c mov ecx,dword ptr ss:[esp+0x5c] + * 0046941a 885424 14 mov byte ptr ss:[esp+0x14],dl + * 0046941e 8b51 40 mov edx,dword ptr ds:[ecx+0x40] + * 00469421 895424 20 mov dword ptr ss:[esp+0x20],edx + * 00469425 b9 d0020000 mov ecx,0x2d0 + * 0046942a 2bcb sub ecx,ebx + * 0046942c ba 00000000 mov edx,0x0 + * 00469431 0f98c2 sets dl + * 00469434 8bf8 mov edi,eax + * 00469436 8a46 24 mov al,byte ptr ds:[esi+0x24] + * 00469439 884424 1c mov byte ptr ss:[esp+0x1c],al + * 0046943d 4a dec edx + * 0046943e 23d1 and edx,ecx + * 00469440 69d2 000f0000 imul edx,edx,0xf00 + * 00469446 8bca mov ecx,edx + * 00469448 894c24 24 mov dword ptr ss:[esp+0x24],ecx + * 0046944c 85ff test edi,edi ; jichi: hook here + * 0046944e 74 3a je short .0046948a + * 00469450 8b5424 14 mov edx,dword ptr ss:[esp+0x14] + * 00469454 6a 00 push 0x0 + * 00469456 57 push edi + * 00469457 8d86 c80c0000 lea eax,dword ptr ds:[esi+0xcc8] + * 0046945d 50 push eax + * 0046945e 8b4424 24 mov eax,dword ptr ss:[esp+0x24] + * 00469462 6a 10 push 0x10 + * 00469464 52 push edx + * 00469465 8b5424 30 mov edx,dword ptr ss:[esp+0x30] + * 00469469 50 push eax + * 0046946a 8b4424 38 mov eax,dword ptr ss:[esp+0x38] + * 0046946e 52 push edx + * 0046946f 68 000f0000 push 0xf00 + * 00469474 51 push ecx + * 00469475 8b4c24 4c mov ecx,dword ptr ss:[esp+0x4c] + */ +bool InsertSyuntadaHook() +{ + const BYTE bytes[] = { + 0x4a, // 0046943d 4a dec edx + 0x23,0xd1, // 0046943e 23d1 and edx,ecx + 0x69,0xd2, 0x00,0x0f,0x00,0x00, // 00469440 69d2 000f0000 imul edx,edx,0xf00 + 0x8b,0xca, // 00469446 8bca mov ecx,edx + 0x89,0x4c,0x24, 0x24, // 00469448 894c24 24 mov dword ptr ss:[esp+0x24],ecx + 0x85,0xff, // 0046944c 85ff test edi,edi ; jichi: hook here + 0x74, 0x3a // 0046944e 74 3a je short .0046948a + }; + enum { addr_offset = 0x0046944c - 0x0046943d }; + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStopAddress); + //GROWL(addr); + if (!addr) { + ConsoleOutput("Syuntada: pattern not found"); + return false; + } + HookParam hp; + hp.address = addr + addr_offset; + hp.offset=get_reg(regs::ebp); + hp.type = CODEC_ANSI_BE; // 0x4 + ConsoleOutput("INSERT Syuntada"); + + + // TextOutA will produce repeated texts + ConsoleOutput("Syuntada: disable GDI hooks"); + + return NewHook(hp, "Syuntada"); +} +namespace{ + bool __(){ + //平凡な奥さんは好きですか~真面目な主婦をエッチ漬けにしちゃおう!~ + //奪母姦 + //友達のお母さんは好きですか?~息子の友人にハマったオバちゃん妻~ + const BYTE bytes[] = { + 0x81,0xFD,0x41,0x81,0x00,0x00 , + 0x7C,XX, + 0x81 ,0xFD ,0x9A ,0x82 ,0x00 ,0x00 , + 0x7E + }; + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStopAddress); + + if (!addr) return false; + addr = MemDbg::findEnclosingAlignedFunction(addr,0x1000); + if (!addr) return false; + HookParam hp; + hp.address = addr ; + hp.offset=get_stack(3); + hp.type = USING_STRING ; + return NewHook(hp, "Syuntada"); + } +} +bool Syuntada::attach_function() { + + return InsertSyuntadaHook()||__(); +} \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine32/Syuntada.h b/cpp/LunaHook/LunaHook/engine32/Syuntada.h new file mode 100644 index 00000000..f68a7809 --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/Syuntada.h @@ -0,0 +1,14 @@ + + +class Syuntada:public ENGINE{ + public: + Syuntada(){ + + check_by=CHECK_BY::FILE; + check_by_target=L"dSch.dat"; + // jichi 2/6/2015 平安亭 + // dPi.dat, dPih.dat, dSc.dat, dSch.dat, dSo.dat, dSoh.dat, dSy.dat + //if (Util::CheckFile(L"dSoh.dat")) { // no idea why this file does not work + }; + bool attach_function(); +}; \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine32/TACTICS.cpp b/cpp/LunaHook/LunaHook/engine32/TACTICS.cpp new file mode 100644 index 00000000..a95f1321 --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/TACTICS.cpp @@ -0,0 +1,211 @@ +#include "TACTICS.h" +// 鈴がうたう日 +// https://vndb.org/v8528 + +/* +不同的速度有不同的函数,但这几个函数核心完全一样,且都是读一个固定的全局指针 +__int16 sub_40488C() +{ + UINT v0; // ebx + + if ( !word_4ABF8E ) + { + word_4ABF8E = 1; + word_4ABF88 = strlen(&Str) + 1; + word_4ABF8A = 0; + word_4ABF8C = 0; + dword_43ACE4 = 0; + } +LABEL_35: + while ( word_4ABF8E < word_4ABF88 ) + { + if ( IsDBCSLeadByteEx(0, *(&Str + word_4ABF8E)) ) + { + v0 = (unsigned __int8)byte_4ABB89[word_4ABF8E] + ((unsigned __int8)*(&Str + word_4ABF8E) << 8); + word_4ABF8E += 2; + } + else + { + v0 = *(&Str + word_4ABF8E++); + } + switch ( v0 ) + { + case 0u: + if ( !dword_43ACE4 ) + sub_401334(v0); + return 3; + case 1u: + word_4ABF8A = word_4ABF8C; + word_4ABF90 = word_438956 + 19 * word_4ABF8C; + word_4ABF92 += 28; + goto LABEL_35; + case 2u: + sub_4012B4(v0); + sub_4150CC(&unk_48966C, 50); + word_4ABF90 = word_438956; + word_4ABF92 = 343; + goto LABEL_35; + case 3u: + goto LABEL_35; + case 4u: + dword_43ACE4 = 1; + goto LABEL_35; + case 5u: + sub_401334(v0); + dword_43ACE4 = 1; + goto LABEL_35; + case 0x11u: + strcpy(byte_4ABD88, &Str + word_4ABF8E); + strcat(&Str, byte_4ABD88); + word_4ABF88 = strlen(&Str) + 1; + goto LABEL_35; + default: + if ( v0 == 33141 || v0 == 33156 ) + word_4ABF8C = word_4ABF8A + 1; + if ( v0 == 33142 || v0 == 33156 ) + { + word_4ABF8C = 0; + dword_43ACDC = 0; + } + if ( v0 == 33155 ) + v0 = 33129; + if ( v0 == 33156 ) + v0 = 33130; + if ( word_438958 >= ++word_4ABF8A ) + goto LABEL_34; + if ( (unsigned __int16)v0 > 0x816Au ) + { + if ( (unsigned __int16)v0 != 33142 && (unsigned __int16)v0 != 33144 ) + { +LABEL_33: + word_4ABF8A = word_4ABF8C + 1; + word_4ABF90 = word_438956 + 19 * word_4ABF8C; + word_4ABF92 += 28; + } + } + else if ( (unsigned __int16)v0 != 33130 + && (unsigned __int16)v0 != 41 + && (unsigned int)(unsigned __int16)v0 - 33089 >= 2 ) + { + goto LABEL_33; + } +LABEL_34: + sub_4155DC((int)&unk_4BC804, dword_47D52C, word_4ABF90, word_4ABF92, v0, 1); + sub_4155DC((int)&unk_4BC804, dword_48967C, word_4ABF90 - 45, word_4ABF92 - 322, v0, 1); + word_4ABF90 += 19; + break; + } + } + return 0; +} +*/ +bool TACTICSattach_function1() +{ + BYTE sig[] = { + 0x0f, 0xbf, 0x05, XX4, + 0X33, 0XD2, + 0X8A, 0x98, XX4, + 0x80, 0xe3, 0xff, + 0x8a, 0x80, XX4, + 0x81, 0xe3, 0xff, 0x00, 0x00, 0x00, + 0x24, 0xff, + 0xc1, 0xe3, 0x08, + 0x8a, 0xd0, + 0x03, 0xda, + 0x66, 0x83, 0x05, XX4, 0x02, + 0xeb, 0x15, + 0x0f, 0xbf, 0x0d, XX4, + 0x0f, 0xbe, 0x99, XX4, + 0x66, 0xff, 0x05, XX4}; + auto addr = MemDbg::findBytes(sig, sizeof(sig), processStartAddress, processStopAddress); + if (!addr) + return false; + addr = addr + 7 + 2 + 6 + 3 + 2; + + HookParam hp; + hp.address = *(DWORD *)addr; + hp.type = USING_STRING | DIRECT_READ; + hp.filter_fun = [](void *data, size_t *len, HookParam *hp) + { + CharFilter((char *)data, len, 1); + CharFilter((char *)data, len, 2); + CharFilter((char *)data, len, 3); + CharFilter((char *)data, len, 4); + CharFilter((char *)data, len, 5); + CharFilter((char *)data, len, 0x11); + return true; + }; + return NewHook(hp, "TACTICS_R"); +} + +bool TACTICSattach_function2() +{ + BYTE sig[] = { + 0x2d, 0x40, 0x81, 0x00, 0x00, + 0x89, 0x83, XX, 0x00, 0x00, 0x00, + 0x3d, 0x57, 0x02, 0x00, 0x00, + 0x0f, 0x82, XX4, + 0xbf, 0x57, 0x02, 0x00, 0x00}; + auto addr = MemDbg::findBytes(sig, sizeof(sig), processStartAddress, processStopAddress); + if (!addr) + return false; + HookParam hp; + hp.address = addr; + hp.type = USING_CHAR | CODEC_ANSI_BE; + hp.offset = get_reg(regs::eax); + hp.filter_fun = [](void *data, size_t *len, HookParam *hp) + { + static int idx = 0; + return 0 == ((idx++) % 2); + }; + return NewHook(hp, "TACTICS_H"); +} + +namespace +{ + // https://vndb.org/v2274 + //[010119][Tactics] Cheerio! ~ちぇりお~ (bin+cue) + bool h3() + { + /* + if ( a5 != 33088 ) + { + v6 = a5 - 33088; + if ( a5 - 33088 < 0 || v6 > 597 ) + { + v6 = 598; + sub_417F5C(a1, a5, 598); + } + */ + BYTE sig[] = { + 0x3d, 0x40, 0x81, 0x00, 0x00, + 0x0f, 0x84, XX4, + 0x8b, 0xf0, + 0x81, 0xee, 0x40, 0x81, 0x00, 0x00, + 0x85, 0xf6, + 0x7c, 0x08, + 0x81, 0xfe, 0x55, 0x02, 0x00, 0x00, + 0x7e, XX, + 0xbe, 0x56, 0x02, 0x00, 0x00}; + auto addr = MemDbg::findBytes(sig, sizeof(sig), processStartAddress, processStopAddress); + if (!addr) + return false; + addr = findfuncstart(addr, 0x20); // v1.0不对齐 + if (!addr) + return false; + HookParam hp; + hp.address = addr; + hp.type = USING_CHAR | CODEC_ANSI_BE | NO_CONTEXT; + hp.offset = get_stack(5); + hp.filter_fun = [](void *data, size_t *len, HookParam *hp) + { + static int idx = 0; + return 0 == ((idx++) % 2); + }; + return NewHook(hp, "TACTICS_2"); + } +} +bool TACTICS::attach_function() +{ + return (TACTICSattach_function1() | TACTICSattach_function2()) || h3(); +} \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine32/TACTICS.h b/cpp/LunaHook/LunaHook/engine32/TACTICS.h new file mode 100644 index 00000000..099ba059 --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/TACTICS.h @@ -0,0 +1,74 @@ +/* +FILEVERSION 1,0,0,1 +PRODUCTVERSION 1,0,0,1 +FILEFLAGSMASK 0x3F +FILEFLAGS 0x0 +FILEOS VOS_NT_WINDOWS32 +FILETYPE VFT_APP +FILESUBTYPE 0x0 +{ + BLOCK "StringFileInfo" + { + BLOCK "041104b0" + { + VALUE "CompanyName", "タクティクス" + VALUE "FileDescription", "すずがうたう日" + VALUE "FileVersion", "1.00" + VALUE "InternalName", "SUZUUTA" + VALUE "LegalCopyright", "Copyright (C) 1999" + VALUE "OriginalFilename", "SUZU.EXEC" + VALUE "ProductName", "SuzuGaUtauHi" + VALUE "ProductVersion", "1.00" + } + } + BLOCK "VarFileInfo" + { + VALUE "Translation", 0x411, 1200 + } +} + +*/ + +/* +FILEVERSION 1,1,0,0 +PRODUCTVERSION 1,1,0,0 +FILEFLAGSMASK 0x3F +FILEFLAGS 0x0 +FILEOS VOS_UNKNOWN | VOS__WINDOWS32 +FILETYPE VFT_APP +FILESUBTYPE 0x0 +{ + BLOCK "StringFileInfo" + { + BLOCK "041103A4" + { + VALUE "CompanyName", "Tactics" + VALUE "FileDescription", "Cheerio! ver1.1" + VALUE "FileVersion", "1.1.0.0" + VALUE "InternalName", "Tactics Game System" + VALUE "LegalCopyright", "(c)Tactics 2000" + VALUE "LegalTrademarks", "" + VALUE "OriginalFilename", "CHEERIO.EXE" + VALUE "ProductName", "Cheerio! ver1.1" + VALUE "ProductVersion", "1.1.0.0" + VALUE "Comments", "" + } + } + BLOCK "VarFileInfo" + { + VALUE "Translation", 0x411, 932 + } +} + +*/ +class TACTICS : public ENGINE +{ +public: + TACTICS() + { + check_by = CHECK_BY::CUSTOM; + check_by_target = []() + { return Util::SearchResourceString(L"タクティクス") || Util::SearchResourceString(L"Tactics"); }; + }; + bool attach_function(); +}; \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine32/TSSystem.cpp b/cpp/LunaHook/LunaHook/engine32/TSSystem.cpp new file mode 100644 index 00000000..364eb4fc --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/TSSystem.cpp @@ -0,0 +1,22 @@ +#include"TSSystem.h" +bool TSSystem::attach_function() { + //D-EVE in you + //トロピカルKISS + const BYTE bytes[] = { + 0xB9,0x42,0x00,0x00,0x00, + 0xF3,0xA5 + } ; + bool ok=false; + auto addrs = Util::SearchMemory(bytes, sizeof(bytes), PAGE_EXECUTE, processStartAddress, processStopAddress); + for (auto addr : addrs) { + addr=MemDbg::findEnclosingAlignedFunction(addr); + if(addr==0)continue; + HookParam hp; + hp.address = addr; + hp.offset=get_stack(1); + hp.type = USING_STRING; + ok|=NewHook(hp, "TSSystem"); + } + return ok; +} + \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine32/TSSystem.h b/cpp/LunaHook/LunaHook/engine32/TSSystem.h new file mode 100644 index 00000000..49debb0b --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/TSSystem.h @@ -0,0 +1,14 @@ + + +class TSSystem:public ENGINE{ + public: + TSSystem(){ + + is_engine_certain=false; + check_by=CHECK_BY::CUSTOM; + check_by_target=[](){ + return (wcsstr(processName, L"TSSystem") || Util::CheckFile(L"TSSystem.exe")); + }; + }; + bool attach_function(); +}; \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine32/Tamamo.cpp b/cpp/LunaHook/LunaHook/engine32/Tamamo.cpp new file mode 100644 index 00000000..2007ae7b --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/Tamamo.cpp @@ -0,0 +1,354 @@ +#include"Tamamo.h" + + +/** jichi 8/23/2015 Tamamo + * Sample game: 閃光の騎士 ~カリスティアナイト~ Ver1.03 + * + * Debugging method: insert hw breakpoint to the text in memory + * + * 006107A6 76 08 JBE SHORT .006107B0 + * 006107A8 3BF8 CMP EDI,EAX + * 006107AA 0F82 68030000 JB .00610B18 + * 006107B0 0FBA25 F88E7300 01 BT DWORD PTR DS:[0x738EF8],0x1 + * 006107B8 73 07 JNB SHORT .006107C1 + * 006107BA F3:A4 REP MOVS BYTE PTR ES:[EDI],BYTE PTR DS:[ESI] ; jichi: accessed here + * 006107BC E9 17030000 JMP .00610AD8 + * 006107C1 81F9 80000000 CMP ECX,0x80 + * 006107C7 0F82 CE010000 JB .0061099B + * 006107CD 8BC7 MOV EAX,EDI + * 006107CF 33C6 XOR EAX,ESI + * 006107D1 A9 0F000000 TEST EAX,0xF + * 006107D6 75 0E JNZ SHORT .006107E6 + * + * 0012FD7C 0012FE1C + * 0012FD80 00000059 + * 0012FD84 0051C298 RETURN to .0051C298 from .00610790 + * 0012FD88 0207E490 ; jichi: target + * 0012FD8C 0C0BE768 ; jichi: source text + * 0012FD90 00000059 ; jichi: source size + * 0012FD94 002A7C58 + * 0012FD98 0C1E7338 + * 0012FD9C 0012FE1C + * 0012FDA0 /0012FDC0 ; jichi: split + * 0012FDA4 |0056A83F RETURN to .0056A83F from .0051C1C0 + * 0012FDA8 |0C1E733C + * 0012FDAC |00000000 + * 0012FDB0 |FFFFFFFF + * 0012FDB4 |020EDAD0 + * 0012FDB8 |0220CC28 + * 0012FDBC |020EDAD0 + * 0012FDC0 ]0012FE44 + * 0012FDC4 |0055EF84 RETURN to .0055EF84 from .0056A7B0 + * 0012FDC8 |0012FE1C + * 0012FDCC |ED1BC1C5 + * 0012FDD0 |020EDAD0 + * 0012FDD4 |002998A8 + * 0012FDD8 |020EDAD0 + * + * Hooked call: + * 0051C283 5D POP EBP + * 0051C284 C2 0C00 RETN 0xC + * 0051C287 8BD6 MOV EDX,ESI + * 0051C289 85FF TEST EDI,EDI + * 0051C28B 74 0E JE SHORT .0051C29B + * 0051C28D 57 PUSH EDI + * 0051C28E 8D040B LEA EAX,DWORD PTR DS:[EBX+ECX] + * 0051C291 50 PUSH EAX + * 0051C292 52 PUSH EDX + * 0051C293 E8 F8440F00 CALL .00610790 ; jichi: copy invoked here + * 0051C298 83C4 0C ADD ESP,0xC + * 0051C29B 837E 14 10 CMP DWORD PTR DS:[ESI+0x14],0x10 + * 0051C29F 897E 10 MOV DWORD PTR DS:[ESI+0x10],EDI + * 0051C2A2 72 0F JB SHORT .0051C2B3 + * 0051C2A4 8B06 MOV EAX,DWORD PTR DS:[ESI] + * 0051C2A6 C60438 00 MOV BYTE PTR DS:[EAX+EDI],0x0 + * 0051C2AA 8BC6 MOV EAX,ESI + * 0051C2AC 5F POP EDI + * 0051C2AD 5E POP ESI + * 0051C2AE 5B POP EBX + * 0051C2AF 5D POP EBP + * 0051C2B0 C2 0C00 RETN 0xC + * 0051C2B3 8BC6 MOV EAX,ESI + * + * Sample text with new lines: + * + * 0C0BE748 70 00 69 00 2E 00 64 00 6C 00 6C 00 00 00 6C 00 p.i...d.l.l...l. + * 0C0BE758 00 00 00 00 0F 00 00 00 8B 91 3F 66 00 00 00 88 .......拒?f...・ + * 0C0BE768 83 4E 83 8B 83 67 83 93 81 75 8E 84 82 C9 82 CD クルトン「私には + * 0C0BE778 95 90 91 95 82 AA 82 C2 82 A2 82 C4 82 A2 82 DC 武装がついていま + * 0C0BE788 82 B9 82 F1 82 A9 82 E7 81 41 0D 0A 81 40 8D 55 せんから、.. 攻 + * 0C0BE798 82 DF 82 C4 82 B1 82 E7 82 EA 82 BD 82 E7 82 D0 めてこられたらひ + * 0C0BE7A8 82 C6 82 BD 82 DC 82 E8 82 E0 82 A0 82 E8 82 DC とたまりもありま + * 0C0BE7B8 82 B9 82 F1 81 76 3C 65 3E 00 3E 00 3E 00 00 00 せん」.>.>... + * 0C0BE7C8 9E 91 3F 66 99 82 00 88 83 53 83 8D 81 5B 83 93 梠?f凾.・Sローン + * 0C0BE7D8 8C 5A 81 75 82 D6 82 D6 81 42 95 D4 82 B5 82 C4 兄「へへ。返して + * 0C0BE7E8 82 D9 82 B5 82 AF 82 E8 82 E1 82 C2 82 A2 82 C4 ほしけりゃついて + * 0C0BE7F8 82 AB 82 C8 81 42 83 49 83 8C 82 B3 82 DC 82 CC きな。オレさまの + * + * Sample game: 冒険者の町を作ろう!2 Ver1.01 + * + * 0068028B CC INT3 + * 0068028C CC INT3 + * 0068028D CC INT3 + * 0068028E CC INT3 + * 0068028F CC INT3 + * 00680290 55 PUSH EBP + * 00680291 8BEC MOV EBP,ESP + * 00680293 57 PUSH EDI + * 00680294 56 PUSH ESI + * 00680295 8B75 0C MOV ESI,DWORD PTR SS:[EBP+0xC] + * 00680298 8B4D 10 MOV ECX,DWORD PTR SS:[EBP+0x10] + * 0068029B 8B7D 08 MOV EDI,DWORD PTR SS:[EBP+0x8] + * 0068029E 8BC1 MOV EAX,ECX + * 006802A0 8BD1 MOV EDX,ECX + * 006802A2 03C6 ADD EAX,ESI + * 006802A4 3BFE CMP EDI,ESI + * 006802A6 76 08 JBE SHORT .006802B0 + * 006802A8 3BF8 CMP EDI,EAX + * 006802AA 0F82 A4010000 JB .00680454 + * 006802B0 81F9 00010000 CMP ECX,0x100 + * 006802B6 72 1F JB SHORT .006802D7 + * 006802B8 833D 64FB8C00 00 CMP DWORD PTR DS:[0x8CFB64],0x0 + * 006802BF 74 16 JE SHORT .006802D7 + * 006802C1 57 PUSH EDI + * 006802C2 56 PUSH ESI + * 006802C3 83E7 0F AND EDI,0xF + * 006802C6 83E6 0F AND ESI,0xF + * 006802C9 3BFE CMP EDI,ESI + * 006802CB 5E POP ESI + * 006802CC 5F POP EDI + * 006802CD 75 08 JNZ SHORT .006802D7 + * 006802CF 5E POP ESI + * 006802D0 5F POP EDI + * 006802D1 5D POP EBP + * 006802D2 E9 FC090100 JMP .00690CD3 + * 006802D7 F7C7 03000000 TEST EDI,0x3 + * 006802DD 75 15 JNZ SHORT .006802F4 + * 006802DF C1E9 02 SHR ECX,0x2 + * 006802E2 83E2 03 AND EDX,0x3 + * 006802E5 83F9 08 CMP ECX,0x8 + * 006802E8 72 2A JB SHORT .00680314 + * 006802EA F3:A5 REP MOVS DWORD PTR ES:[EDI],DWORD PTR DS:[ESI] jichi: here + * 006802EC FF2495 04046800 JMP DWORD PTR DS:[EDX*4+0x680404] + * 006802F3 90 NOP + * 006802F4 8BC7 MOV EAX,EDI + * 006802F6 BA 03000000 MOV EDX,0x3 + * 006802FB 83E9 04 SUB ECX,0x4 + * 006802FE 72 0C JB SHORT .0068030C + * 00680300 83E0 03 AND EAX,0x3 + * 00680303 03C8 ADD ECX,EAX + * 00680305 FF2485 18036800 JMP DWORD PTR DS:[EAX*4+0x680318] + * 0068030C FF248D 14046800 JMP DWORD PTR DS:[ECX*4+0x680414] + * 00680313 90 NOP + * 00680314 FF248D 98036800 JMP DWORD PTR DS:[ECX*4+0x680398] + * 0068031B 90 NOP + * 0068031C 2803 SUB BYTE PTR DS:[EBX],AL + * 0068031E 68 00540368 PUSH 0x68035400 + * 00680323 0078 03 ADD BYTE PTR DS:[EAX+0x3],BH + * 00680326 68 0023D18A PUSH 0x8AD12300 + * 0068032B 06 PUSH ES + * 0068032C 8807 MOV BYTE PTR DS:[EDI],AL + * 0068032E 8A46 01 MOV AL,BYTE PTR DS:[ESI+0x1] + * 00680331 8847 01 MOV BYTE PTR DS:[EDI+0x1],AL + * 00680334 8A46 02 MOV AL,BYTE PTR DS:[ESI+0x2] + * + * 0067FA4F 8BC6 MOV EAX,ESI + * 0067FA51 EB 45 JMP SHORT .0067FA98 + * 0067FA53 397D 10 CMP DWORD PTR SS:[EBP+0x10],EDI + * 0067FA56 74 16 JE SHORT .0067FA6E + * 0067FA58 3975 0C CMP DWORD PTR SS:[EBP+0xC],ESI + * 0067FA5B 72 11 JB SHORT .0067FA6E + * 0067FA5D 56 PUSH ESI + * 0067FA5E FF75 10 PUSH DWORD PTR SS:[EBP+0x10] + * 0067FA61 FF75 08 PUSH DWORD PTR SS:[EBP+0x8] + * 0067FA64 E8 27080000 CALL .00680290 ; jichi: copy invoked here + * 0067FA69 83C4 0C ADD ESP,0xC + * 0067FA6C ^EB C1 JMP SHORT .0067FA2F + * 0067FA6E FF75 0C PUSH DWORD PTR SS:[EBP+0xC] + * 0067FA71 57 PUSH EDI + * 0067FA72 FF75 08 PUSH DWORD PTR SS:[EBP+0x8] + * + * 0012FC04 00000059 + * 0012FC08 00000000 + * 0012FC0C /0012FC28 + * 0012FC10 |0067FA69 RETURN to .0067FA69 from .00680290 + * 0012FC14 |072CEF78 ; jichi: target text + * 0012FC18 |07261840 ; jichi: source text + * 0012FC1C |00000059 ; jichi: source size + * 0012FC20 |FFFFFFFE + * 0012FC24 |00000000 + * 0012FC28 ]0012FC40 ; jichi: split + * 0012FC2C |00404E58 RETURN to .00404E58 from .0067FA1F + * 0012FC30 |072CEF78 ; jichi: target text + * 0012FC34 |0000005F ; jichi: target capacity + * 0012FC38 |07261840 ; jichi: source text + * 0012FC3C |00000059 ; jichi: source size + * 0012FC40 ]0012FC58 + * 0012FC44 |00404E38 RETURN to .00404E38 from .00404E40 + * 0012FC48 |072CEF78 + * 0012FC4C |0000005F + * 0012FC50 |07261840 + * 0012FC54 |00000059 + * 0012FC58 ]0012FC78 + * 0012FC5C |00404B06 RETURN to .00404B06 from .00404E20 + * 0012FC60 |072CEF78 + * 0012FC64 |0000005F + * 0012FC68 |07261840 + * 0012FC6C |00000059 + * 0012FC70 |00000000 + * 0012FC74 |0012FD30 + * 0012FC78 ]0012FC98 + * 0012FC7C |004025FE RETURN to .004025FE from .00404AE0 + * 0012FC80 |072CEF78 + * 0012FC84 |0000005F + * 0012FC88 |07261840 + * 0012FC8C |00000059 + * 0012FC90 |0012FD30 + * 0012FC94 |00000059 + * 0012FC98 ]0012FCB0 + * 0012FC9C |0040254B RETURN to .0040254B from .00402560 + * 0012FCA0 |074B6EA4 + * 0012FCA4 |00000000 + * 0012FCA8 |FFFFFFFF + * + * 07261840 83 4A 83 43 81 75 82 A0 82 C6 82 CD 82 B1 82 EA カイ「あとはこれ + * 07261850 82 C9 81 41 91 BA 92 B7 82 CC 83 54 83 43 83 93 に、村長のサイン + * 07261860 82 C6 88 F3 8A D3 82 F0 81 63 81 63 82 C1 82 C6 と印鑑を……っと + * 07261870 81 42 0D 0A 81 40 82 6E 82 6A 81 41 82 AB 82 E5 。.. OK、きょ + * 07261880 82 A4 82 CC 83 66 83 58 83 4E 83 8F 81 5B 83 4E うのデスクワーク + * 07261890 8F 49 97 B9 81 76 3C 65 3E 00 81 76 3C 65 3E 00 終了」.」. + * 072618A0 98 DD 95 48 00 40 00 88 83 4A 83 43 81 75 81 63 俤菱.@.・Jイ「… + * 072618B0 81 63 82 A4 82 F1 81 41 82 BB 82 A4 82 B5 82 E6 …うん、そうしよ + */ +namespace { // unnamed +bool TamamoFilter(LPVOID data, size_t *size, HookParam *) +{ + LPSTR text = (LPSTR)data; + if (::memchr(text, '<', *size)) + StringFilter(text, reinterpret_cast(size), "", 3); + StringFilter(text, reinterpret_cast(size), "\x0d\x0a\x81\x40", 4); // remove \n before space + StringFilterBetween(text,size,"<",1,">",1); + StringFilterBetween(text,size,"{",1,"}",1); + return true; +} +void SpecialHookTamamo(hook_stack *stack, HookParam *hp, TextBuffer *buffer, uintptr_t *split) +{ + auto text = (LPCSTR)stack->stack[1]; // arg2 + auto size = stack->stack[2]; // arg3 + if (0 < size && size < VNR_TEXT_CAPACITY && size == ::strlen(text) && !all_ascii(text)) { + + //*len = argof(esp_base, 3 - 1); + + //*split = argof(8 - 1, esp_base); // use parent return address as split + //*split = argof(7 - 1, esp_base); // use the address just before parent retaddr + *split = stack->stack[5]; + //if (hp.split) + // *split = *(DWORD *)(esp_base + hp.split); + buffer->from(text, size); + } +} +} // unnamed namespace +bool InsertTamamoHook() +{ + ULONG addr = 0; + { // for new games + const BYTE bytes[] = { + 0x8b,0xd6, // 0051c287 8bd6 mov edx,esi + 0x85,0xff, // 0051c289 85ff test edi,edi + 0x74, 0x0e, // 0051c28b 74 0e je short .0051c29b + 0x57, // 0051c28d 57 push edi + 0x8d,0x04,0x0b, // 0051c28e 8d040b lea eax,dword ptr ds:[ebx+ecx] + 0x50, // 0051c291 50 push eax + 0x52, // 0051c292 52 push edx + 0xe8 //f8440f00 // 0051c293 e8 f8440f00 call .00610790 ; jichi: copy invoked here + }; + enum { addr_offset = sizeof(bytes) - 1 }; + addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStopAddress); + if (addr) { + addr += addr_offset; + ConsoleOutput("Tamamo: pattern for new version found"); + } + } + if (!addr) { // for old games + const BYTE bytes[] = { + 0x72, 0x11, // 0067fa5b 72 11 jb short .0067fa6e + 0x56, // 0067fa5d 56 push esi + 0xff,0x75, 0x10, // 0067fa5e ff75 10 push dword ptr ss:[ebp+0x10] + 0xff,0x75, 0x08, // 0067fa61 ff75 08 push dword ptr ss:[ebp+0x8] + 0xe8 // 27080000 // 0067fa64 e8 27080000 call .00680290 ; jichi: copy invoked here + }; + enum { addr_offset = sizeof(bytes) - 1 }; + addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStopAddress); + if (addr) { + addr += addr_offset; + ConsoleOutput("Tamamo: pattern for old version found"); + } + } + if (!addr) { + ConsoleOutput("Tamamo: pattern not found"); + return false; + } + HookParam hp; + hp.address = addr; + hp.text_fun = SpecialHookTamamo; + hp.filter_fun = TamamoFilter; + hp.type = USING_STRING|USING_SPLIT|NO_CONTEXT; + ConsoleOutput("INSERT Tamamo"); + return NewHook(hp, "Tamamo"); +} +namespace{ + bool Tamamogettext(LPVOID data, size_t *size, HookParam *) + { + auto s=std::string((char*)data,*size); + + s=std::regex_replace(s, std::regex("\\{#(.*?)\\}"), ""); + s = std::regex_replace(s, std::regex("<(.*?)>"), ""); + + s = std::regex_replace(s, std::regex("(.*)\x81u([\\s\\S]*?)\x81v(.*)"), "\x81u$2\x81v"); //「 」 + s = std::regex_replace(s, std::regex("(.*)\x81i([\\s\\S]*?)\x81j(.*)"), "\x81i$2\x81j"); //( ) + + return write_string_overwrite(data,size,s); + } + bool Tamamogetname(LPVOID data, size_t *size, HookParam *) + { + auto s=std::string((char*)data,*size); + + s=std::regex_replace(s, std::regex("\\{#(.*?)\\}"), ""); + s = std::regex_replace(s, std::regex("<(.*?)>"), ""); + if(s.find("\x81u")!=s.npos && s.find("\x81v")!=s.npos) + s = std::regex_replace(s, std::regex("(.*)\x81u([\\s\\S]*?)\x81v(.*)"), "$1"); //「 」 + else if (s.find("\x81i")!=s.npos && s.find("\x81j")!=s.npos) + s = std::regex_replace(s, std::regex("(.*)\x81i([\\s\\S]*?)\x81j(.*)"), "$1"); //( ) + else return false; + return write_string_overwrite(data,size,s); + } + bool tamamo3(){ + //閃光の騎士 ~カリスティアナイト~ + char face[]="face_%s_%s.png"; + auto addr = MemDbg::findBytes(face, sizeof(face), processStartAddress, processStopAddress); + if(addr==0)return false; + bool ok=false; + + BYTE bytes[]={0x68,XX4}; + memcpy(bytes+1,&addr,4); + for(auto addr:Util::SearchMemory(bytes, sizeof(bytes), PAGE_EXECUTE, processStartAddress, processStopAddress)){ + addr = MemDbg::findEnclosingAlignedFunction(addr); + if (!addr) continue; + HookParam hp; + hp.address = addr ; + hp.offset=get_stack(1); + hp.type = USING_STRING; + hp.filter_fun=Tamamogettext; + ok|=NewHook(hp, "tamamo_text"); + hp.address = addr+5 ; + hp.offset=get_stack(3); + hp.filter_fun=Tamamogetname; + ok|=NewHook(hp, "tamamo_name"); + } + return ok; + } +} +bool Tamamo::attach_function() { + bool aa=tamamo3(); + return InsertTamamoHook()||aa; +} \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine32/Tamamo.h b/cpp/LunaHook/LunaHook/engine32/Tamamo.h new file mode 100644 index 00000000..d87e4887 --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/Tamamo.h @@ -0,0 +1,15 @@ + + +class Tamamo:public ENGINE{ + public: + Tamamo(){ + + check_by=CHECK_BY::FILE_ALL; + check_by_target=check_by_list{ + L"data.pck", + L"image.pck", + L"script.pck" + }; + }; + bool attach_function(); +}; \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine32/Tanuki.cpp b/cpp/LunaHook/LunaHook/engine32/Tanuki.cpp new file mode 100644 index 00000000..c08c636a --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/Tanuki.cpp @@ -0,0 +1,70 @@ +#include"Tanuki.h" + +/** jichi 9/14/2013 + * TanukiSoft (*.tac) + * + * Seems to be broken for new games in 2012 such like となり� + * + * 微少女: /HSN4@004983E0 + * This is the same hook as ITH + * - addr: 4817888 (0x4983e0) + * - text_fun: 0x0 + * - off: 4 + * - type: 1025 (0x401) + * + * 隣り�ぷ�さ� /HSN-8@200FE7:TONARINO.EXE + * - addr: 2101223 (0x200fe7) + * - module: 2343491905 (0x8baed941) + * - off: 4294967284 = 0xfffffff4 = -0xc + * - type: 1089 (0x441) + */ +bool InsertTanukiHook() +{ + ConsoleOutput("trying TanukiSoft"); + for (DWORD i = processStartAddress; i < processStopAddress - 4; i++) + if (*(DWORD *)i == 0x8140) + if (DWORD j = SafeFindEnclosingAlignedFunction(i, 0x400)) { // jichi 9/14/2013: might crash the game without admin priv + //GROWL_DWORD2(i, j); + HookParam hp; + hp.address = j; + hp.offset=get_stack(1); + hp.type = USING_STRING | NO_CONTEXT|EMBED_ABLE|EMBED_AFTER_NEW|EMBED_DYNA_SJIS; + hp.hook_font=F_GetGlyphOutlineA; + ConsoleOutput("INSERT TanukiSoft"); + return NewHook(hp, "TanukiSoft"); + } + + //ConsoleOutput("Unknown TanukiSoft engine."); + ConsoleOutput("TanukiSoft: failed"); + return false; +} +bool InsertTanukiHook2() { + const BYTE bytes[] = { + //0x55,0x8b,0xec,0x53,0x8b,0x5d,0x08,0x56,0x8b,0xf1,0x85,0xdb string too long hook。但是这个会把所有字符串全提出来 + XX,0x9F,0x88,0x00,0x00, + 0x66 + }; + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStopAddress); + ConsoleOutput("Tanuki %p", addr); + if (addr == 0)return false; + addr = MemDbg::findEnclosingAlignedFunction(addr,0x1000); + + if (addr == 0)return false; + HookParam hp; + hp.address = addr; + hp.offset=get_stack(2); + hp.type = USING_STRING; + ConsoleOutput("Tanuki %p", addr); + return NewHook(hp, "Tanuki"); +} +bool Tanuki::attach_function() { + + bool b1= InsertTanukiHook(); + bool b2=InsertTanukiHook2(); + return b1||b2; +} +bool Tanuki_last::attach_function() { + + bool b1= InsertTanukiHook(); + return b1; +} \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine32/Tanuki.h b/cpp/LunaHook/LunaHook/engine32/Tanuki.h new file mode 100644 index 00000000..f4e55bb4 --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/Tanuki.h @@ -0,0 +1,21 @@ + + +class Tanuki:public ENGINE{ + public: + Tanuki(){ + + check_by=CHECK_BY::FILE; + check_by_target=L"*.tac"; + }; + bool attach_function(); +}; + +class Tanuki_last:public Tanuki{ + public: + Tanuki_last(){ + + check_by=CHECK_BY::FILE; + check_by_target=L"*.g2"; + }; + bool attach_function(); +}; \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine32/Tarte.cpp b/cpp/LunaHook/LunaHook/engine32/Tarte.cpp new file mode 100644 index 00000000..c2f41a6b --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/Tarte.cpp @@ -0,0 +1,39 @@ +#include"Tarte.h" + +bool Tarte::attach_function() { + //ひなたぼっこ + //ひなたると~ひなたぼっこファンディスク~ + //スクールぱにっく! + //こいじばし https://vndb.org/v4247 + for(auto addr: findiatcallormov_all((DWORD)GetGlyphOutlineA,processStartAddress,processStartAddress,processStopAddress,PAGE_EXECUTE)){ + addr = MemDbg::findEnclosingAlignedFunction(addr); + if (!addr) continue; + auto xrefs=findxref_reverse_checkcallop(addr,addr-0x1000,addr+0x1000,0xe8); + for(auto addrx:xrefs){ + auto addrx1 = MemDbg::findEnclosingAlignedFunction(addrx); + if (!addrx1) continue; + BYTE __[]={0x3C,0x81}; + auto _ = MemDbg::findBytes(__, 2, addrx1, addrx); + if(_==0)continue; + HookParam hp; + hp.address = addrx1; + hp.offset=get_stack(2); + hp.type = CODEC_ANSI_BE; + auto succ=NewHook(hp, "Tarte"); + + auto xrefs1=findxref_reverse_checkcallop(addrx1,addrx1-0x1000,addrx1+0x1000,0xe8); + for(auto addrx11:xrefs1){ + auto addrx12 = MemDbg::findEnclosingAlignedFunction(addrx11); + if(addrx11-addrx12<0x30){ + HookParam hp; + hp.address = addrx12; + hp.offset=get_stack(5); + hp.type = CODEC_ANSI_BE; + succ|=NewHook(hp, "Tarte"); + } + } + return succ; + } + } + return false; +} \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine32/Tarte.h b/cpp/LunaHook/LunaHook/engine32/Tarte.h new file mode 100644 index 00000000..3de652f2 --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/Tarte.h @@ -0,0 +1,12 @@ + + +class Tarte:public ENGINE{ + public: + Tarte(){ + + check_by=CHECK_BY::FILE; + check_by_target=L"caf\\script.caf"; + is_engine_certain=false; + }; + bool attach_function(); +}; \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine32/Taskforce2.cpp b/cpp/LunaHook/LunaHook/engine32/Taskforce2.cpp new file mode 100644 index 00000000..157a7e28 --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/Taskforce2.cpp @@ -0,0 +1,397 @@ +#include"Taskforce2.h" +/** + * jichi 1/2/2014: Taskforce2 Engine + * + * Examples: + * 神�仮)-カミサマカヂ�カリ- 路地裏繚乱編 (1.1) + * /HS-8@178872:Taskforce2.exe + * + * 00578819 . 50 push eax ; |arg1 + * 0057881a . c745 f4 cc636b>mov dword ptr ss:[ebp-0xc],taskforc.006b>; | + * 00578821 . e8 31870000 call taskforc.00580f57 ; \taskforc.00580f57 + * 00578826 . cc int3 + * 00578827 /$ 8b4c24 04 mov ecx,dword ptr ss:[esp+0x4] + * 0057882b |. 53 push ebx + * 0057882c |. 33db xor ebx,ebx + * 0057882e |. 3bcb cmp ecx,ebx + * 00578830 |. 56 push esi + * 00578831 |. 57 push edi + * 00578832 |. 74 08 je short taskforc.0057883c + * 00578834 |. 8b7c24 14 mov edi,dword ptr ss:[esp+0x14] + * 00578838 |. 3bfb cmp edi,ebx + * 0057883a |. 77 1b ja short taskforc.00578857 + * 0057883c |> e8 28360000 call taskforc.0057be69 + * 00578841 |. 6a 16 push 0x16 + * 00578843 |. 5e pop esi + * 00578844 |. 8930 mov dword ptr ds:[eax],esi + * 00578846 |> 53 push ebx + * 00578847 |. 53 push ebx + * 00578848 |. 53 push ebx + * 00578849 |. 53 push ebx + * 0057884a |. 53 push ebx + * 0057884b |. e8 6a050000 call taskforc.00578dba + * 00578850 |. 83c4 14 add esp,0x14 + * 00578853 |. 8bc6 mov eax,esi + * 00578855 |. eb 31 jmp short taskforc.00578888 + * 00578857 |> 8b7424 18 mov esi,dword ptr ss:[esp+0x18] + * 0057885b |. 3bf3 cmp esi,ebx + * 0057885d |. 75 04 jnz short taskforc.00578863 + * 0057885f |. 8819 mov byte ptr ds:[ecx],bl + * 00578861 |.^eb d9 jmp short taskforc.0057883c + * 00578863 |> 8bd1 mov edx,ecx + * 00578865 |> 8a06 /mov al,byte ptr ds:[esi] + * 00578867 |. 8802 |mov byte ptr ds:[edx],al + * 00578869 |. 42 |inc edx + * 0057886a |. 46 |inc esi + * 0057886b |. 3ac3 |cmp al,bl + * 0057886d |. 74 03 |je short taskforc.00578872 + * 0057886f |. 4f |dec edi + * 00578870 |.^75 f3 \jnz short taskforc.00578865 + * 00578872 |> 3bfb cmp edi,ebx ; jichi: hook here + * 00578874 |. 75 10 jnz short taskforc.00578886 + * 00578876 |. 8819 mov byte ptr ds:[ecx],bl + * 00578878 |. e8 ec350000 call taskforc.0057be69 + * 0057887d |. 6a 22 push 0x22 + * 0057887f |. 59 pop ecx + * 00578880 |. 8908 mov dword ptr ds:[eax],ecx + * 00578882 |. 8bf1 mov esi,ecx + * 00578884 |.^eb c0 jmp short taskforc.00578846 + * 00578886 |> 33c0 xor eax,eax + * 00578888 |> 5f pop edi + * 00578889 |. 5e pop esi + * 0057888a |. 5b pop ebx + * 0057888b \. c3 retn + * + * [131129] [Digital Cute] オトメスイッ� -OtomeSwitch- �彼が持ってる彼女のリモコン(1.1) + * /HS-8@1948E9:Taskforce2.exe + * - addr: 0x1948e9 + * - off: 4294967284 (0xfffffff4 = -0xc) + * - type: 65 (0x41) + * + * 00594890 . 50 push eax ; |arg1 + * 00594891 . c745 f4 64c56d>mov dword ptr ss:[ebp-0xc],taskforc.006d>; | + * 00594898 . e8 88880000 call taskforc.0059d125 ; \taskforc.0059d125 + * 0059489d . cc int3 + * 0059489e /$ 8b4c24 04 mov ecx,dword ptr ss:[esp+0x4] + * 005948a2 |. 53 push ebx + * 005948a3 |. 33db xor ebx,ebx + * 005948a5 |. 3bcb cmp ecx,ebx + * 005948a7 |. 56 push esi + * 005948a8 |. 57 push edi + * 005948a9 |. 74 08 je short taskforc.005948b3 + * 005948ab |. 8b7c24 14 mov edi,dword ptr ss:[esp+0x14] + * 005948af |. 3bfb cmp edi,ebx + * 005948b1 |. 77 1b ja short taskforc.005948ce + * 005948b3 |> e8 91350000 call taskforc.00597e49 + * 005948b8 |. 6a 16 push 0x16 + * 005948ba |. 5e pop esi + * 005948bb |. 8930 mov dword ptr ds:[eax],esi + * 005948bd |> 53 push ebx + * 005948be |. 53 push ebx + * 005948bf |. 53 push ebx + * 005948c0 |. 53 push ebx + * 005948c1 |. 53 push ebx + * 005948c2 |. e8 7e010000 call taskforc.00594a45 + * 005948c7 |. 83c4 14 add esp,0x14 + * 005948ca |. 8bc6 mov eax,esi + * 005948cc |. eb 31 jmp short taskforc.005948ff + * 005948ce |> 8b7424 18 mov esi,dword ptr ss:[esp+0x18] + * 005948d2 |. 3bf3 cmp esi,ebx + * 005948d4 |. 75 04 jnz short taskforc.005948da + * 005948d6 |. 8819 mov byte ptr ds:[ecx],bl + * 005948d8 |.^eb d9 jmp short taskforc.005948b3 + * 005948da |> 8bd1 mov edx,ecx + * 005948dc |> 8a06 /mov al,byte ptr ds:[esi] + * 005948de |. 8802 |mov byte ptr ds:[edx],al + * 005948e0 |. 42 |inc edx + * 005948e1 |. 46 |inc esi + * 005948e2 |. 3ac3 |cmp al,bl + * 005948e4 |. 74 03 |je short taskforc.005948e9 + * 005948e6 |. 4f |dec edi + * 005948e7 |.^75 f3 \jnz short taskforc.005948dc + * 005948e9 |> 3bfb cmp edi,ebx ; jichi: hook here + * 005948eb |. 75 10 jnz short taskforc.005948fd + * 005948ed |. 8819 mov byte ptr ds:[ecx],bl + * 005948ef |. e8 55350000 call taskforc.00597e49 + * 005948f4 |. 6a 22 push 0x22 + * 005948f6 |. 59 pop ecx + * 005948f7 |. 8908 mov dword ptr ds:[eax],ecx + * 005948f9 |. 8bf1 mov esi,ecx + * 005948fb |.^eb c0 jmp short taskforc.005948bd + * 005948fd |> 33c0 xor eax,eax + * 005948ff |> 5f pop edi + * 00594900 |. 5e pop esi + * 00594901 |. 5b pop ebx + * 00594902 \. c3 retn + * + * Use this if that hook fails, try this one for future engines: + * /HS0@44CADA + */ +bool InsertTaskforce2Hook() +{ + const BYTE bytes[] = { + 0x88,0x02, // 005948de |. 8802 |mov byte ptr ds:[edx],al + 0x42, // 005948e0 |. 42 |inc edx + 0x46, // 005948e1 |. 46 |inc esi + 0x3a,0xc3, // 005948e2 |. 3ac3 |cmp al,bl + 0x74, 0x03, // 005948e4 |. 74 03 |je short taskforc.005948e9 + 0x4f, // 005948e6 |. 4f |dec edi + 0x75, 0xf3, // 005948e7 |.^75 f3 \jnz short taskforc.005948dc + 0x3b,0xfb // 005948e9 |> 3bfb cmp edi,ebx ; jichi: hook here + }; + enum { addr_offset = sizeof(bytes) - 2 }; + ULONG range = min(processStopAddress - processStartAddress, MAX_REL_ADDR); + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStartAddress + range); + //GROWL_DWORD3(reladdr, processStartAddress, range); + if (!addr) { + ConsoleOutput("Taskforce2: pattern not exist"); + return false; + } + + HookParam hp; + hp.address = addr + addr_offset; + hp.offset=get_reg(regs::ecx); // text in ecx + hp.type = USING_STRING; // 0x41 + hp.filter_fun=all_ascii_Filter; + //GROWL_DWORD(hp.address); + //hp.address = 0x1948e9 + processStartAddress; + + ConsoleOutput("INSERT Taskforce2"); + return NewHook(hp, "Taskforce2"); +} +bool InsertTaskforce2XHook() +{ + //ちんくる★ツインクル フェスティバル! + const BYTE bytes[] = { + 0X8A,0X07,0X89,0x7d,XX,0X84,0XC0,0x0F + }; + + auto addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStopAddress); + + if (!addr) { + ConsoleOutput("Taskforce2: pattern not exist"); + return false; + } + + HookParam hp; + hp.address = addr ; + hp.offset=get_reg(regs::edi); + hp.type = USING_STRING|USING_SPLIT; // 0x41 + hp.split=get_reg(regs::eax); + hp.filter_fun=all_ascii_Filter; + + ConsoleOutput("INSERT Taskforce2"); + return NewHook(hp, "Taskforce2"); +} +namespace { // unnamed +namespace ScenarioHook { +namespace Private { + void hookBefore(hook_stack *s, HookParam *hp, TextBuffer *buffer, uintptr_t *split) + { + + int capacity = s->stack[1]; // arg 2, should always be 0x1000 + auto text = (LPCSTR)s->stack[2]; // arg 3 + if (capacity <= 0 || !text || !*text) + return ; + * split = s->stack[2] == s->stack[12] ? Engine::ScenarioRole : Engine::OtherRole; + //auto split = s->edx; + //auto sig = Engine::hashThreadSignature(role, split); + enum { sig = 0 }; // split not used + buffer->from_cs(text); + } + void hookafter(hook_stack*s,void* data1, size_t len) + { + static std::string data_; + std::string newData=std::string((char*)data1,len); + data_ = newData; + int capacity = s->stack[1]; // arg 2, should always be 0x1000 + if (data_.size() >= capacity) + data_ = data_.substr(0,capacity - 1); + s->stack[2] = (ULONG)data_.c_str(); // arg 3 + } +} // namespace Private + +/** + * Sample game: オトメスイッチ + * + * Debugging method: hook to the ITH function, and then check stack + * strncpy is not hooked as it is also used to copy system text + * + * 0012D0D0 1A72224C + * 0012D0D4 1A721FA4 + * 0012D0D8 00000000 + * 0012D0DC 0044A61A RETURN to .0044A61A from .0058F477 + * 0012D0E0 1A72224C ; jichi: target text + * 0012D0E4 00001000 ; jichi: this value is different for different callers + * 0012D0E8 0D4CFA70 ; jichi: source text here + * 0012D0EC 00A53E0E .00A53E0E + * 0012D0F0 1A721F80 + * 0012D0F4 1AD70020 + * 0012D0F8 00000000 + * 0012D0FC 0012D138 Pointer to next SEH record + * 0012D100 0069D878 SE handler + * 0012D104 00000000 + * 0012D108 00451436 RETURN to .00451436 from .0044A5B0 + * 0012D10C 0D4CFAE8 + * 0012D110 0D4CFA70 + * 0012D114 0D4CF908 + * 0012D118 00000016 + * 0012D11C 00FFFFFF .00FFFFFF + * 0012D120 00000016 + * 0012D124 0000001F + * 0012D128 00A53FD2 .00A53FD2 + * 0012D12C 006E3BC8 .006E3BC8 + * 0012D130 00000000 + * 0012D134 0012D10C + * 0012D138 0012D8AC Pointer to next SEH record + * 0012D13C 0069D878 SE handler + * 0012D140 00000000 + * 0012D144 004617DD RETURN to .004617DD from .004513D0 + * 0012D148 00000000 + * 0012D14C 0D4CFAE8 + * 0012D150 00000000 + * 0012D154 00000000 + * 0012D158 006E3BC8 .006E3BC8 + * 0012D15C 00000016 + * 0012D160 0000001F + * + * Caller of the strncpy function + * 0044A5AF CC INT3 + * 0044A5B0 6A FF PUSH -0x1 + * 0044A5B2 68 78D86900 PUSH .0069D878 + * 0044A5B7 64:A1 00000000 MOV EAX,DWORD PTR FS:[0] + * 0044A5BD 50 PUSH EAX + * 0044A5BE 53 PUSH EBX + * 0044A5BF 55 PUSH EBP + * 0044A5C0 57 PUSH EDI + * 0044A5C1 A1 4C3F7F00 MOV EAX,DWORD PTR DS:[0x7F3F4C] + * 0044A5C6 33C4 XOR EAX,ESP + * 0044A5C8 50 PUSH EAX + * 0044A5C9 8D4424 10 LEA EAX,DWORD PTR SS:[ESP+0x10] + * 0044A5CD 64:A3 00000000 MOV DWORD PTR FS:[0],EAX + * 0044A5D3 33DB XOR EBX,EBX + * 0044A5D5 895C24 18 MOV DWORD PTR SS:[ESP+0x18],EBX + * 0044A5D9 8D7E 5C LEA EDI,DWORD PTR DS:[ESI+0x5C] + * 0044A5DC 8D6B 14 LEA EBP,DWORD PTR DS:[EBX+0x14] + * 0044A5DF 90 NOP + * 0044A5E0 53 PUSH EBX + * 0044A5E1 68 C83B6E00 PUSH .006E3BC8 + * 0044A5E6 8BCF MOV ECX,EDI + * 0044A5E8 E8 A376FBFF CALL .00401C90 + * 0044A5ED 83C7 1C ADD EDI,0x1C + * 0044A5F0 83ED 01 SUB EBP,0x1 + * 0044A5F3 ^75 EB JNZ SHORT .0044A5E0 + * 0044A5F5 8B4424 24 MOV EAX,DWORD PTR SS:[ESP+0x24] + * 0044A5F9 BD 10000000 MOV EBP,0x10 + * 0044A5FE 396C24 38 CMP DWORD PTR SS:[ESP+0x38],EBP + * 0044A602 73 04 JNB SHORT .0044A608 + * 0044A604 8D4424 24 LEA EAX,DWORD PTR SS:[ESP+0x24] + * 0044A608 50 PUSH EAX + * + * 0044A609 8DBE A8020000 LEA EDI,DWORD PTR DS:[ESI+0x2A8] + * 0044A60F 68 00100000 PUSH 0x1000 + * 0044A614 57 PUSH EDI + * + * 0044A615 E8 5D4E1400 CALL .0058F477 ; jichi: called here + * 0044A61A 8BC7 MOV EAX,EDI + * 0044A61C 83C4 0C ADD ESP,0xC + * 0044A61F 895E 58 MOV DWORD PTR DS:[ESI+0x58],EBX + * 0044A622 899E A8120000 MOV DWORD PTR DS:[ESI+0x12A8],EBX + * 0044A628 899E AC120000 MOV DWORD PTR DS:[ESI+0x12AC],EBX + * 0044A62E 8D50 01 LEA EDX,DWORD PTR DS:[EAX+0x1] + * 0044A631 8A08 MOV CL,BYTE PTR DS:[EAX] + * 0044A633 83C0 01 ADD EAX,0x1 + * 0044A636 3ACB CMP CL,BL + * 0044A638 ^75 F7 JNZ SHORT .0044A631 + * 0044A63A 2BC2 SUB EAX,EDX + * 0044A63C 6A FF PUSH -0x1 + * 0044A63E 8986 B0120000 MOV DWORD PTR DS:[ESI+0x12B0],EAX + * 0044A644 53 PUSH EBX + * 0044A645 8D4424 28 LEA EAX,DWORD PTR SS:[ESP+0x28] + * 0044A649 50 PUSH EAX + * 0044A64A 8D8E 8C020000 LEA ECX,DWORD PTR DS:[ESI+0x28C] + * 0044A650 899E B8120000 MOV DWORD PTR DS:[ESI+0x12B8],EBX + * 0044A656 E8 0575FBFF CALL .00401B60 + * 0044A65B 396C24 38 CMP DWORD PTR SS:[ESP+0x38],EBP + * 0044A65F 899E C8120000 MOV DWORD PTR DS:[ESI+0x12C8],EBX + * 0044A665 72 0D JB SHORT .0044A674 + * 0044A667 8B4C24 24 MOV ECX,DWORD PTR SS:[ESP+0x24] + * 0044A66B 51 PUSH ECX + * 0044A66C E8 C14A1400 CALL .0058F132 + * 0044A671 83C4 04 ADD ESP,0x4 + * 0044A674 8B4C24 10 MOV ECX,DWORD PTR SS:[ESP+0x10] + * 0044A678 64:890D 00000000 MOV DWORD PTR FS:[0],ECX + * 0044A67F 59 POP ECX + * 0044A680 5F POP EDI + * 0044A681 5D POP EBP + * 0044A682 5B POP EBX + * 0044A683 83C4 0C ADD ESP,0xC + * 0044A686 C2 1C00 RETN 0x1C + * 0044A689 CC INT3 + * + * This is properly the strncpy function. Capacity in arg2. Target in arg1. Source in arg3. + * 0058F476 CC INT3 + * 0058F477 8B4C24 04 MOV ECX,DWORD PTR SS:[ESP+0x4] + * 0058F47B 53 PUSH EBX + * 0058F47C 33DB XOR EBX,EBX + * 0058F47E 3BCB CMP ECX,EBX + * 0058F480 56 PUSH ESI + * 0058F481 57 PUSH EDI + * 0058F482 74 08 JE SHORT .0058F48C + * 0058F484 8B7C24 14 MOV EDI,DWORD PTR SS:[ESP+0x14] + * 0058F488 3BFB CMP EDI,EBX + * 0058F48A 77 1B JA SHORT .0058F4A7 + * 0058F48C E8 D8390000 CALL .00592E69 + * 0058F491 6A 16 PUSH 0x16 + * 0058F493 5E POP ESI + * 0058F494 8930 MOV DWORD PTR DS:[EAX],ESI + * 0058F496 53 PUSH EBX + * 0058F497 53 PUSH EBX + * 0058F498 53 PUSH EBX + * 0058F499 53 PUSH EBX + * 0058F49A 53 PUSH EBX + * 0058F49B E8 D9010000 CALL .0058F679 + * 0058F4A0 83C4 14 ADD ESP,0x14 + * 0058F4A3 8BC6 MOV EAX,ESI + * 0058F4A5 EB 31 JMP SHORT .0058F4D8 + * 0058F4A7 8B7424 18 MOV ESI,DWORD PTR SS:[ESP+0x18] + * 0058F4AB 3BF3 CMP ESI,EBX + * 0058F4AD 75 04 JNZ SHORT .0058F4B3 + * 0058F4AF 8819 MOV BYTE PTR DS:[ECX],BL + * 0058F4B1 ^EB D9 JMP SHORT .0058F48C + * 0058F4B3 8BD1 MOV EDX,ECX + * + * Sample game: 神様(仮)-カミサマカッコカリ-路地裏繚乱編 + */ + +bool attach(ULONG startAddress, ULONG stopAddress) +{ + const uint8_t bytes[] = { + 0x8d,0xbe, 0xa8,0x02,0x00,0x00, // 0044a609 8dbe a8020000 lea edi,dword ptr ds:[esi+0x2a8] + 0x68, 0x00,0x10,0x00,0x00, // 0044a60f 68 00100000 push 0x1000 + 0x57, // 0044a614 57 push edi + 0xe8 // 0044a615 e8 5d4e1400 call .0058f477 ; jichi: called here + }; + enum { addr_offset = sizeof(bytes) - 1 }; + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), startAddress, stopAddress); + if(addr==0)return false; + HookParam hp; + hp.address=addr + addr_offset; + hp.text_fun=Private::hookBefore; + hp.hook_after=Private::hookafter; + hp.hook_font=F_GetGlyphOutlineA; + hp.type=USING_STRING|EMBED_ABLE|EMBED_DYNA_SJIS|NO_CONTEXT; + return NewHook(hp,"EmbedTaskforce"); +} + +} // namespace ScenarioHook +} // unnamed namespace + + +bool Taskforce2::attach_function() { + + bool b1= InsertTaskforce2Hook(); + bool b2=InsertTaskforce2XHook(); + bool b3=ScenarioHook::attach(processStartAddress,processStopAddress); + return b1||b2||b3; +} \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine32/Taskforce2.h b/cpp/LunaHook/LunaHook/engine32/Taskforce2.h new file mode 100644 index 00000000..05f3a7b5 --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/Taskforce2.h @@ -0,0 +1,13 @@ + + +class Taskforce2:public ENGINE{ + public: + Taskforce2(){ + + check_by=CHECK_BY::CUSTOM; + check_by_target=[](){ + return (wcsstr(processName_lower, L"taskforce2") || !wcsncmp(processName_lower, L"taskfo~", 7) || Util::CheckFile(L"Taskforce2.exe")); + }; + }; + bool attach_function(); +}; \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine32/TeethingRing.cpp b/cpp/LunaHook/LunaHook/engine32/TeethingRing.cpp new file mode 100644 index 00000000..3c4e26f1 --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/TeethingRing.cpp @@ -0,0 +1,114 @@ +#include "TeethingRing.h" + +bool TeethingRing_attach_function() +{ + // https://vndb.org/v5635 + // キミとボクとエデンの林檎 + // HSF932#-C@85FB0:EDEN.exe + BYTE bytes[] = { + 0x8B,0x0A,0x8B,0xC1,0x83,0xF8,0x20 , + 0x0F,0x8F,XX4, + 0x0F,0x84,XX4, + 0x48 , + 0xBE,0x0F,0x00,0x00,0x00,0x3B,0xC6 , + 0x77,XX, + }; + auto addr=MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStopAddress); + if(addr==0)return false; + BYTE sehstart[]={ + 0x6a,0xff, + 0x68,XX4, + 0x64,0xa1,0,0,0,0 + }; + addr=reverseFindBytes(sehstart,sizeof(sehstart),addr-0x100,addr); + if(addr==0)return false; + HookParam hp; + hp.address = addr;//0x84C70+(DWORD)GetModuleHandle(0); + hp.type=USING_STRING|NO_CONTEXT|FULL_STRING; + hp.text_fun = [](hook_stack *stack, HookParam *hp, TextBuffer *buffer, uintptr_t *split) + { + auto _this = (void *)stack->THISCALLTHIS; + auto a2 = (DWORD *)stack->ARG1; + + auto v2 = *a2; + if ((int)*a2 <= 32) + { + if (*a2 != 32) + { + switch (v2) + { + + case 16: + auto v4 = (char *)(*(int(__thiscall **)(void *, DWORD))(*(DWORD *)_this + 60))(_this, a2[1]); + buffer->from_cs(v4); + } + } + } + }; + hp.filter_fun=[](void* data, size_t* len, HookParam* hp){ + //#F【琉星】#F + if(all_ascii((char*)data,*len))return false; + auto str=std::string((char*)data,*len); + strReplace(str,"#F",""); + return write_string_overwrite(data,len,str); + }; + return NewHook(hp, "TeethingRing"); +} + + +bool TeethingRing_attach_function2() +{ + //https://vndb.org/v791 + //きると + + BYTE bytes[] = { + 0x8b,0x4e,0x18, + 0x83,0xf9,0x10, + 0x53, + 0x8d,0x5e,0x04, + 0x72,0x04, + 0x8b,0x13, + 0xeb,0x02, + 0x8b,0xd3, + 0x83,0xf9,0x10, + 0x72,0x04, + 0x8b,0x0b, + 0xeb,0x02, + }; + auto addr=MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStopAddress); + if(addr==0)return false; + addr = MemDbg::findEnclosingAlignedFunction(addr); + if (addr == 0)return false; + HookParam hp; + hp.address = addr; + hp.type=USING_STRING|NO_CONTEXT|FULL_STRING; + hp.text_fun = [](hook_stack *stack, HookParam *hp, TextBuffer *buffer, uintptr_t *split) + { + auto _this=(DWORD*)stack->THISCALLTHIS; + auto v13 = _this[6]; + auto v14 = _this + 1; + DWORD* v16; + if ( v13 < 0x10 ) + v16 = _this + 1; + else + v16 = (DWORD *)*v14; + auto a2=stack->ARG1; + *split=(DWORD)_this; + buffer->from_cs((char*)((DWORD)v16+a2)); + }; + hp.filter_fun=[](void* data, size_t* len, HookParam* hp){ + if(all_ascii((char*)data,*len))return false; + auto str=std::string((char*)data,*len); + strReplace(str,"#F",""); + //俺はこのアクシデントが、何か幸#<さい>先#<さき>のいいもののように思えて、鞄を抱え直してギルドへの階段を昇り始めた。 + str = std::regex_replace(str, std::regex("#<(.*?)>"), ""); + return write_string_overwrite(data,len,str); + }; + return NewHook(hp, "TeethingRing"); +} + + +bool TeethingRing::attach_function() +{ + return TeethingRing_attach_function()||TeethingRing_attach_function2(); +} \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine32/TeethingRing.h b/cpp/LunaHook/LunaHook/engine32/TeethingRing.h new file mode 100644 index 00000000..3ab4d5d4 --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/TeethingRing.h @@ -0,0 +1,11 @@ + + +class TeethingRing:public ENGINE{ + public: + TeethingRing(){ + is_engine_certain=false; + check_by=CHECK_BY::RESOURCE_STR; + check_by_target=L"TeethingRing"; + }; + bool attach_function(); +}; \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine32/Tenco.cpp b/cpp/LunaHook/LunaHook/engine32/Tenco.cpp new file mode 100644 index 00000000..8098050b --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/Tenco.cpp @@ -0,0 +1,154 @@ +#include"Tenco.h" + +/** + * jichi 4/1/2014: Insert AU hook + * Sample games: + * 英雼�戦姫: /HBN-8*4@4AD807 + * 英雼�戦姫GOLD: /HB-8*4@4ADB50 (alternative) + * + * /HBN-8*4@4AD807 + * - addr: 4904967 = 0x4ad807 + * - ind: 4 + * - length_offset: 1 + * - off: 4294967284 = 0xfffffff4 = -0xc + * - type: 1032 = 0x408 + * + * 004ad76a |. ff50 04 |call dword ptr ds:[eax+0x4] + * 004ad76d |. 48 |dec eax ; switch (cases 1..a) + * 004ad76e |. 83f8 09 |cmp eax,0x9 + * 004ad771 |. 0f87 37020000 |ja 英雼�戦.004ad9ae + * 004ad777 |. ff2485 2cda4a0>|jmp dword ptr ds:[eax*4+0x4ada2c] + * 004ad77e |> 83bf c4000000 >|cmp dword ptr ds:[edi+0xc4],0x1 ; case 1 of switch 004ad76d + * 004ad785 |. 75 35 |jnz short 英雼�戦.004ad7bc + * 004ad787 |. 39af c8000000 |cmp dword ptr ds:[edi+0xc8],ebp + * 004ad78d |. 72 08 |jb short 英雼�戦.004ad797 + * 004ad78f |. 8b87 b4000000 |mov eax,dword ptr ds:[edi+0xb4] + * 004ad795 |. eb 06 |jmp short 英雼�戦.004ad79d + * 004ad797 |> 8d87 b4000000 |lea eax,dword ptr ds:[edi+0xb4] + * 004ad79d |> 0fb608 |movzx ecx,byte ptr ds:[eax] + * 004ad7a0 |. 51 |push ecx + * 004ad7a1 |. e8 d15b2a00 |call 英雼�戦.00753377 + * 004ad7a6 |. 83c4 04 |add esp,0x4 + * 004ad7a9 |. 85c0 |test eax,eax + * 004ad7ab |. 74 0f |je short 英雼�戦.004ad7bc + * 004ad7ad |. 8d5424 20 |lea edx,dword ptr ss:[esp+0x20] + * 004ad7b1 |. 52 |push edx + * 004ad7b2 |. b9 88567a00 |mov ecx,英雼�戦.007a5688 + * 004ad7b7 |. e8 a40cf6ff |call 英雼�戦.0040e460 + * 004ad7bc |> 8b8424 e400000>|mov eax,dword ptr ss:[esp+0xe4] + * 004ad7c3 |. 8a48 01 |mov cl,byte ptr ds:[eax+0x1] + * 004ad7c6 |. 84c9 |test cl,cl + * 004ad7c8 |. 75 2e |jnz short 英雼�戦.004ad7f8 + * 004ad7ca |. 8d9f b0000000 |lea ebx,dword ptr ds:[edi+0xb0] + * 004ad7d0 |. be ac6e7a00 |mov esi,英雼�戦.007a6eac + * 004ad7d5 |. 8bcb |mov ecx,ebx + * 004ad7d7 |. e8 e40af6ff |call 英雼�戦.0040e2c0 + * 004ad7dc |. 84c0 |test al,al + * 004ad7de |. 0f84 ca010000 |je 英雼�戦.004ad9ae + * 004ad7e4 |. be a86e7a00 |mov esi,英雼�戦.007a6ea8 + * 004ad7e9 |. 8bcb |mov ecx,ebx + * 004ad7eb |. e8 d00af6ff |call 英雼�戦.0040e2c0 + * 004ad7f0 |. 84c0 |test al,al + * 004ad7f2 |. 0f84 b6010000 |je 英雼�戦.004ad9ae + * 004ad7f8 |> 6a 00 |push 0x0 + * 004ad7fa |. 8d8f b0000000 |lea ecx,dword ptr ds:[edi+0xb0] + * 004ad800 |. 83c8 ff |or eax,0xffffffff + * 004ad803 |. 8d5c24 24 |lea ebx,dword ptr ss:[esp+0x24] + * 004ad807 |. e8 740cf6ff |call 英雼�戦.0040e480 ; jichi: hook here + * 004ad80c |. e9 9d010000 |jmp 英雼�戦.004ad9ae + * 004ad811 |> 8b8c24 e400000>|mov ecx,dword ptr ss:[esp+0xe4] ; case 4 of switch 004ad76d + * 004ad818 |. 8039 00 |cmp byte ptr ds:[ecx],0x0 + * 004ad81b |. 0f84 8d010000 |je 英雼�戦.004ad9ae + * 004ad821 |. b8 04000000 |mov eax,0x4 + * 004ad826 |. b9 c86e7a00 |mov ecx,英雼�戦.007a6ec8 ; ascii "
" + * 004ad82b |. 8d5424 20 |lea edx,dword ptr ss:[esp+0x20] + * 004ad82f |. e8 3c0df6ff |call 英雼�戦.0040e570 + * 004ad834 |. e9 75010000 |jmp 英雼�戦.004ad9ae + * 004ad839 |> 8bbf b4000000 |mov edi,dword ptr ds:[edi+0xb4] ; case 5 of switch 004ad76d + */ +bool InsertTencoHook() +{ + const BYTE bytes[] = { + 0x6a, 0x00, // 004ad7f8 |> 6a 00 |push 0x0 + 0x8d,0x8f, 0xb0,0x00,0x00,0x00, // 004ad7fa |. 8d8f b0000000 |lea ecx,dword ptr ds:[edi+0xb0] + 0x83,0xc8, 0xff, // 004ad800 |. 83c8 ff |or eax,0xffffffff + 0x8d,0x5c,0x24, 0x24, // 004ad803 |. 8d5c24 24 |lea ebx,dword ptr ss:[esp+0x24] + 0xe8 //740cf6ff // 004ad807 |. e8 740cf6ff |call 英雼�戦.0040e480 ; jichi: hook here + }; + enum { addr_offset = sizeof(bytes) - 1 }; + ULONG range = min(processStopAddress - processStartAddress, MAX_REL_ADDR); + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStartAddress + range); + //reladdr = 0x4ad807; + if (!addr) { + ConsoleOutput("Tenco: pattern not found"); + return false; + } + + HookParam hp; + hp.address = addr + addr_offset; + hp.index = 4; + hp.offset=get_reg(regs::ecx); + hp.type = NO_CONTEXT|DATA_INDIRECT; + + ConsoleOutput("INSERT Tenco"); + return NewHook(hp, "Tenco"); +} +bool LWScript() { + BYTE bytes[] = { + 0x33,0xdb, + 0x53, + 0x8d,0x87,XX4, + 0x50, + 0x55, + 0x57, + 0xe8 + }; + auto addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStopAddress); + ConsoleOutput("LWScript %p", addr); + if (addr == 0)return false; + HookParam hp; + hp.address = addr; + hp.offset=get_reg(regs::edx); + hp.type = USING_STRING; + return NewHook(hp, "LWScript"); +} +bool LWScript2() { + BYTE bytes[] = { + 0x66,0xC1,0xE8,0x08, + 0x3C,0x81 + }; + auto addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStopAddress); + ConsoleOutput("LWScript2 %p", addr); + if (addr == 0)return false; + addr = MemDbg::findEnclosingAlignedFunction(addr); + if (addr == 0)return false; + int off; + if (*(BYTE*)(addr + 3) == 0x4C)get_stack(2); + else off=get_reg(regs::ecx); + HookParam hp; + hp.address = addr; + hp.offset = off; + hp.type = CODEC_ANSI_BE; + auto succ=NewHook(hp, "LWScript2"); + + auto addrs=findxref_reverse(addr, addr - 0x10000,addr); + for (auto addr : addrs) { + addr = MemDbg::findEnclosingAlignedFunction(addr); + if (addr == 0)continue; + HookParam hp; + hp.address = addr; + hp.offset=get_stack(5); + hp.type = CODEC_ANSI_BE; + ConsoleOutput("LWScript2_xref %p", addr); + succ|=NewHook(hp, "LWScript2_xref"); + } + return succ; +} + +bool Tenco::attach_function() { + + bool b3= InsertTencoHook(); + bool b1=LWScript(); + bool b2=LWScript2(); + return b1||b2||b3; +} \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine32/Tenco.h b/cpp/LunaHook/LunaHook/engine32/Tenco.h new file mode 100644 index 00000000..87b6949d --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/Tenco.h @@ -0,0 +1,11 @@ + + +class Tenco:public ENGINE{ + public: + Tenco(){ + + check_by=CHECK_BY::FILE; + check_by_target=L"Check.mdx"; + }; + bool attach_function(); +}; \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine32/TerraLunar.cpp b/cpp/LunaHook/LunaHook/engine32/TerraLunar.cpp new file mode 100644 index 00000000..41063ca6 --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/TerraLunar.cpp @@ -0,0 +1,25 @@ +#include"TerraLunar.h" + + +bool TerraLunar::attach_function() { + const BYTE bytes[] = { + //らくえん~あいかわらずなぼく。の場合~ + 0x8A,0x08, + 0x81,0xF9,0x9F,0x00,0x00,0x00, + 0x7E + }; + auto addrs = Util::SearchMemory(bytes, sizeof(bytes), PAGE_EXECUTE, processStartAddress, processStopAddress); + auto succ=false; + for (auto addr : addrs) { + HookParam hp; + hp.address = addr; + hp.offset=get_reg(regs::eax); + hp.type = USING_STRING; + hp.filter_fun=[](void* data, size_t* len, HookParam* hp){ + StringFilter(reinterpret_cast(data), len , "[w]", 3); + return true; + }; + succ|=NewHook(hp, "TerraLunar"); + } + return succ; +} \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine32/TerraLunar.h b/cpp/LunaHook/LunaHook/engine32/TerraLunar.h new file mode 100644 index 00000000..f5884d81 --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/TerraLunar.h @@ -0,0 +1,11 @@ + + +class TerraLunar:public ENGINE{ + public: + TerraLunar(){ + + check_by=CHECK_BY::FILE; + check_by_target=L"data_script.pac"; + }; + bool attach_function(); +}; diff --git a/cpp/LunaHook/LunaHook/engine32/TinkerBell.cpp b/cpp/LunaHook/LunaHook/engine32/TinkerBell.cpp new file mode 100644 index 00000000..3f3f6d28 --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/TinkerBell.cpp @@ -0,0 +1,273 @@ +#include"TinkerBell.h" +bool InsertTinkerBellHook() +{ + //DWORD s1,s2,i; + //DWORD ch=0x8141; + DWORD i; + WORD count; + count = 0; + HookParam hp; + hp.type = CODEC_ANSI_BE|NO_CONTEXT; + for (i = processStartAddress; i< processStopAddress - 4; i++) { + if (*(DWORD*)i == 0x8141) { + BYTE t = *(BYTE*)(i - 1); + if (t == 0x3d || t == 0x2d) { + hp.offset=get_reg(regs::eax); + hp.address = i - 1; + } else if (*(BYTE*)(i-2) == 0x81) { + t &= 0xf8; + if (t == 0xf8 || t == 0xe8) { + hp.offset = -8 - ((*(BYTE*)(i-1) & 7) << 2); + hp.address = i - 2; + } + } + if (hp.address) { + char hook_name[0x20]; + ::strcpy(hook_name, "TinkerBell"); // size = 0xa + hook_name[0xa] = '0' + count; + hook_name[0xb] = 0; + ConsoleOutput("INSERT TinkerBell"); + count+=NewHook(hp, hook_name); + hp.address = 0; + } + } + } + if (count) return true; + ConsoleOutput("TinkerBell: failed"); + return false; +} + +// s1=SearchPattern(processStartAddress,processStopAddress-processStartAddress-4,&ch,4); +// if (s1) +// { +// for (i=s1;i>s1-0x400;i--) +// { +// if (*(WORD*)(processStartAddress+i)==0xec83) +// { +// hp.address=processStartAddress+i; +// NewHook(hp, "C.System"); +// break; +// } +// } +// } +// s2=s1+SearchPattern(processStartAddress+s1+4,processStopAddress-s1-8,&ch,4); +// if (s2) +// { +// for (i=s2;i>s2-0x400;i--) +// { +// if (*(WORD*)(processStartAddress+i)==0xec83) +// { +// hp.address=processStartAddress+i; +// NewHook(hp, "TinkerBell"); +// break; +// } +// } +// } +// //if (count) + //RegisterEngineType(ENGINE_TINKER); +namespace{ +bool WendyBell_filter(void* data, size_t* len, HookParam* hp){ + + auto wc=std::wstring(reinterpret_cast(data),*len/2); + + for(int i=0;i(data), reinterpret_cast(len), L"\x26bc\x65\x25\xffff", 4);//移除心形 + + WendyBell_filter(data,len,hp); + auto str=std::wstring(reinterpret_cast(data),*len/2 -1); //末尾存在一个换行符 + + if(last==str)return false; + last=str; + + write_string_overwrite(data,len,str); + return true; +} +bool tkbl(){ + // せをはやみ + const BYTE bytes[] = { + 0x55,0x8b,0xec, + 0x83,0xec,0x0c, + 0x53,0x56, + 0x8b,0xf1, + 0x8b,0x5e,0x10, + 0x8b,0x4e,0x14, + 0x89,0x5d,0xf4, + 0x89,0x4d,0xfc, + 0x3b,0xd9 + }; + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStopAddress); + if (!addr) return false; + + HookParam hp; + hp.type = USING_STRING|CODEC_UTF16|NO_CONTEXT; + hp.address = addr; + hp.filter_fun=tkbl_filter; + hp.text_fun = [](hook_stack *stack, HookParam *hp, TextBuffer *buffer, uintptr_t *split) + { + auto str=(wchar_t*)stack->ebx; + *split = (wcschr(str ,0x3010) != nullptr)&&(wcschr(str, 0x3011) != nullptr); + buffer->from_cs(str); + }; + hp.offset=get_reg(regs::ebx); + return NewHook(hp, "tkbl"); +} +} + +bool InsertWendyBellHook() { + const BYTE bytes[] = { + + 0x83,0xbe,XX4,0x00, + 0x8b,XX2, + 0x0f,0x85,XX4, + 0x83,0xbe,XX4,0x00, + 0x0f,0x85,XX4, + 0x83,0xbe,XX4,0x00, + 0x0f,0x84,XX4 +/*.always:0048E4CA 83 BE F8 04 00 00 00 cmp dword ptr[esi + 4F8h], 0 +.always : 0048E4D1 8B 5D 84 mov ebx,[ebp + Src] +.always : 0048E4D4 0F 85 86 F8 FF FF jnz loc_48DD60 +.always : 0048E4D4 +.always : 0048E4DA 83 BE F4 04 00 00 00 cmp dword ptr[esi + 4F4h], 0 +.always : 0048E4E1 0F 85 79 F8 FF FF jnz loc_48DD60 +.always : 0048E4E1 +.always : 0048E4E7 83 BE 00 05 00 00 00 cmp dword ptr[esi + 500h], 0 +.always : 0048E4EE 0F 84 6C F8 FF FF jz loc_48DD60*/ + + }; + const BYTE bytes2[] = { + //夢幻のさくら ~緋艶姫淫辱孕蝕譚~ + //妖花の園 + 0x8b,0x86,XX4, + 0x6a,0x00, + 0x8b,0x80,XX4, + 0x50, + 0x8b,0x08, + 0xff,0x91,XX4, + 0x8b,0x45,XX, + 0x83,0xF8,0x08 + // +//.always:0048E51D 8B 86 58 0A 00 00 mov eax,[esi + 0A58h] +//.always : 0048E523 6A 00 push 0 +//.always : 0048E525 8B 80 B8 01 00 00 mov eax,[eax + 1B8h] +//.always : 0048E52B 50 push eax +//.always : 0048E52C 8B 08 mov ecx,[eax] +//.always:0048E52E FF 91 C4 00 00 00 call dword ptr[ecx + 0C4h] +//.always : 0048E52E +//.always : 0048E534 8B 45 DC mov eax,[ebp + var_24] +//.always : 0048E537 83 F8 08 cmp eax, 8 + }; + + auto addrs = Util::SearchMemory(bytes, sizeof(bytes), PAGE_EXECUTE, processStartAddress, processStopAddress); + auto addrs2 = Util::SearchMemory(bytes2, sizeof(bytes2), PAGE_EXECUTE, processStartAddress, processStopAddress); + addrs.insert(addrs.end(), addrs2.begin(), addrs2.end()); + auto succ=false; + for (auto addr : addrs) { + HookParam hp; + hp.address = addr; + hp.offset=get_reg(regs::ebx); + hp.filter_fun=WendyBell_filter; + hp.type = USING_STRING | CODEC_UTF16 | NO_CONTEXT; + ConsoleOutput("%p",addr); + succ|=NewHook(hp, "WendyBell"); + if(*(WORD*)(6+addr)==0x006a){ + //https://vndb.org/r94776 + //悪魔と夜と異世界と パッケージ版 + hp.address=6+addr; + hp.offset=get_reg(regs::edx); + succ|=NewHook(hp, "WendyBell"); + } + } + + + return succ; +} + +namespace{ +bool _2() { + + const BYTE bytes[] = { + //夢幻のさくら2 + 0x55,0x8b,0xec, + 0x53, + 0x8b,0x5d,0x08, + 0x56,0x8b,0xf1, + 0x57, + 0x8b,0x4e,0x10, + 0x8b,0xc1, + 0xf7,0xd0, + 0x3b,0xc3 + }; + auto addrs = Util::SearchMemory(bytes, sizeof(bytes), PAGE_EXECUTE, processStartAddress, processStopAddress); + auto succ=false; + for (auto addr : addrs) { + HookParam hp; + hp.address = addr; + hp.offset=get_stack(2); + hp.type = CODEC_UTF16|USING_CHAR|NO_CONTEXT; + struct savecontext{ + int cnt=0; + int cntx=0; + }; + hp.user_value=(uintptr_t)new savecontext; + hp.filter_fun=[](void* data, size_t* len, HookParam* hp){ + //ff ff 4 305f 305f 304b 304b 306a 306a 3057 3057 3 5c0f 5c0f 9ce5 9ce5 904a 904a + auto wc=*(wchar_t*)data; + switch(wc){ + case L'\xfe':return false;//换行 + case L'\xff':((savecontext*)hp->user_value)->cnt+=1;return false; + default: + if(((savecontext*)hp->user_value)->cntx==0 && ((savecontext*)hp->user_value)->cnt){ + ((savecontext*)hp->user_value)->cntx=wc*2; + ((savecontext*)hp->user_value)->cnt-=1; + return false; + } + if(((savecontext*)hp->user_value)->cntx && ((savecontext*)hp->user_value)->cnt==1){ + ((savecontext*)hp->user_value)->cntx-=1; + return false; + } + if(((savecontext*)hp->user_value)->cntx && ((savecontext*)hp->user_value)->cnt==0){ + ((savecontext*)hp->user_value)->cntx-=1; + if(((savecontext*)hp->user_value)->cntx%2)return true; + return false; + } + return true; + } + + }; + succ|=NewHook(hp, "TinkerBell"); + } + return succ; +} +} +bool TinkerBell::attach_function() { + return InsertTinkerBellHook()||tkbl()||(InsertWendyBellHook()|_2()); +} +bool TinkerBellold::attach_function(){ + HookParam hp; + hp.address =(DWORD) ExtTextOutA; + + hp.offset =get_stack(6); + hp.type = USING_STRING|USING_SPLIT; + hp.split=get_stack(5); + return NewHook(hp, "TinkerBell"); +} diff --git a/cpp/LunaHook/LunaHook/engine32/TinkerBell.h b/cpp/LunaHook/LunaHook/engine32/TinkerBell.h new file mode 100644 index 00000000..989c6b41 --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/TinkerBell.h @@ -0,0 +1,45 @@ + + +class TinkerBell:public ENGINE{ + public: + TinkerBell(){ + + check_by=CHECK_BY::CUSTOM; + is_engine_certain=false; + check_by_target=[](){ + wchar_t arcdatpattern[] = L"Arc0%d.dat"; + wchar_t arcdat[20]; + bool iswendybell = false; + for (int i = 0; i < 10; i++) { + wsprintf(arcdat, arcdatpattern, i); + if (Util::CheckFile(arcdat)) { + iswendybell = true; break; + } + } + return (wcsstr(processName_lower, L"c,system"))||iswendybell || Util::SearchResourceString(L"TinkerBell"); + }; + }; + bool attach_function(); +}; + +class TinkerBellold:public ENGINE{ + public: + TinkerBellold(){ + + check_by=CHECK_BY::CUSTOM; + is_engine_certain=false; + check_by_target=[](){ + wchar_t arcdatpattern[] = L"arc%c.dat"; + wchar_t arcdat[20]; + bool iswendybell = false; + for (int i = 'a'; i <='z'; i++) { + wsprintf(arcdat, arcdatpattern, i); + if (Util::CheckFile(arcdat)) { + iswendybell = true; break; + } + } + return iswendybell &&Util::CheckFile(L"head.dat"); + }; + }; + bool attach_function(); +}; \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine32/Tomato.cpp b/cpp/LunaHook/LunaHook/engine32/Tomato.cpp new file mode 100644 index 00000000..ddf2da52 --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/Tomato.cpp @@ -0,0 +1,17 @@ +#include"Tomato.h" +bool Tomato::attach_function() { + //姫武者 + bool ok=false; + for(auto addr:findiatcallormov_all((DWORD)TextOutA,processStartAddress,processStartAddress,processStopAddress,PAGE_EXECUTE)){ + addr = MemDbg::findEnclosingAlignedFunction(addr); + if (!addr) continue; + HookParam hp; + hp.address = addr; + hp.offset=get_reg(regs::edx); + hp.type = DATA_INDIRECT; + hp.index = 0; + ok|=NewHook(hp, "Tomato"); + } + return ok; +} + \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine32/Tomato.h b/cpp/LunaHook/LunaHook/engine32/Tomato.h new file mode 100644 index 00000000..fdab39be --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/Tomato.h @@ -0,0 +1,12 @@ + + +class Tomato:public ENGINE{ + public: + Tomato(){ + + is_engine_certain=false; + check_by=CHECK_BY::FILE_ALL; + check_by_target=check_by_list{L"*.kun",L"*.arc"}; + }; + bool attach_function(); +}; \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine32/Triangle.cpp b/cpp/LunaHook/LunaHook/engine32/Triangle.cpp new file mode 100644 index 00000000..b0f768f0 --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/Triangle.cpp @@ -0,0 +1,146 @@ +#include"Triangle.h" +bool InsertTriangleHook() +{ + for (DWORD i = processStartAddress; i < processStopAddress - 4; i++){ + DWORD j=0; + if ((*(DWORD *)i & 0xffffff) == 0x75403c){ + j=i + 4 + *(BYTE*)(i+3); + } + else if((*(DWORD *)i & 0xffffffff) == 0x850f403c) + //长跳转 + //エグゼクタースクリプト + j = i + 4 + *(int*)(i+4); + + if(j){ + for (DWORD k = j + 0x20; j < k; j++) + if (*(BYTE*)j == 0xe8) { + DWORD t = j + 5 + *(DWORD *)(j + 1); + if (t > processStartAddress && t < processStopAddress) { + HookParam hp; + hp.address = t; + hp.offset=get_stack(1); + hp.type = USING_STRING; + ConsoleOutput("INSERT Triangle"); + return NewHook(hp, "Triangle"); + } + } + } + } + + //ConsoleOutput("Old/Unknown Triangle engine."); + ConsoleOutput("Triangle: failed"); + return false; +} + + +bool Triangle::attach_function() { + trigger_fun=[](LPVOID addr, hook_stack* stack){ + //Triangle やっぱり妹がすきっ! + if((DWORD)addr!=(DWORD)TextOutA)return false; + if(auto addr=MemDbg::findEnclosingAlignedFunction(stack->retaddr)) + { + if(*(BYTE*)(addr-2)==0xeb)//jmp xx, MONSTER PARK~化け物に魅入られし姫~,在函数中间中断 + addr=MemDbg::findEnclosingAlignedFunction_strict(stack->retaddr); + if(!addr)return true; + HookParam hp; + hp.address=addr; + hp.offset=get_stack(4); + hp.split=get_stack(1); + hp.type=USING_STRING|USING_SPLIT; + hp.hook_font=F_TextOutA; + hp.filter_fun=[](void* data, size_t* len, HookParam* hp){ + //▼ + auto s=std::string((char*)data,*len); + return s.find("\x81\xa5")==s.npos; + }; + NewHook(hp,"Triangle2_TextOutA"); + } + return true; + }; + return InsertTriangleHook(); +} + +bool InsertTrianglePixHook() +{ + + /* + * Sample games: + * https://vndb.org/v38070 + * https://vndb.org/v42090 + * https://vndb.org/v41025 + */ + const BYTE bytes[] = { + 0x50, // push eax << hook here + 0xE8, XX4, // call FinalIgnition.exe+4DE10 + 0x8B, 0x83, XX4, // mov eax,[ebx+0000DCA0] + 0x8D, 0x8D, XX4, // lea ecx,[ebp-0000022C] + 0x83, 0x7D, 0x44, 0x10, // cmp dword ptr [ebp+44],10 + 0xFF, 0x75, 0x40 // push [ebp+40] + }; + + ULONG range = min(processStopAddress - processStartAddress, MAX_REL_ADDR); + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStartAddress + range); + if (!addr) return false; + + HookParam hp; + hp.address = addr; + hp.offset=get_reg(regs::eax); + hp.index = 0; + hp.type = CODEC_UTF8 | USING_STRING | NO_CONTEXT; + hp.filter_fun = NewLineCharToSpaceFilterA; + return NewHook(hp, "TrianglePix"); +} +bool Triangle2_attach_function(){ + const BYTE bytes[] = { + 0x0f,0x57,XX, + 0x68,0x0F,0x27,0x00,0x00, + 0x0f,0x57,XX + }; + auto addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStopAddress); + ConsoleOutput("%p", addr); + if (addr == 0)return false; + addr = MemDbg::findEnclosingAlignedFunction(addr); + ConsoleOutput("%p", addr); + if (addr == 0)return false; + HookParam hp; + hp.address = addr; + hp.offset=get_stack(5); + hp.type = USING_STRING|CODEC_UTF8|NO_CONTEXT; + return NewHook(hp, "triangle"); +} +bool Triangle2::attach_function(){ + return Triangle2_attach_function()||InsertTrianglePixHook(); +} +bool TriangleM1(){ + auto _=L"${FirstName}"; + ULONG addr = MemDbg::findBytes(_, sizeof(_), processStartAddress, processStopAddress); + if (!addr) return false; + + BYTE pushoffset[]={0x68,XX4}; + *(DWORD*)(pushoffset+1)=addr; + addr = MemDbg::findBytes(pushoffset, sizeof(pushoffset), processStartAddress, processStopAddress); + if (!addr) return false; + addr = MemDbg::findEnclosingAlignedFunction(addr); + if (addr == 0)return false; + HookParam hp; + hp.address = addr; + hp.offset=get_stack(2); + hp.type = USING_STRING|CODEC_UTF16; + return NewHook(hp, "TriangleM"); +} +bool TriangleM2(){ + BYTE _[]={0x33,0xff,0x66,0x39,0x3b,0x74}; + ULONG addr = MemDbg::findBytes(_, sizeof(_), processStartAddress, processStopAddress); + if (!addr) return false; + HookParam hp; + hp.address = addr; + hp.offset=get_reg(regs::ebx); + hp.type = USING_STRING|CODEC_UTF16|NO_CONTEXT; + return NewHook(hp, "TriangleM"); +} +bool TriangleM::attach_function(){ + //蛇香のライラ ~Allure of MUSK~ 第一夜 ヨーロピアン・ナイト 体験版 + auto _1=TriangleM1(); + auto _2=TriangleM2(); + return _1||_2; +} \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine32/Triangle.h b/cpp/LunaHook/LunaHook/engine32/Triangle.h new file mode 100644 index 00000000..b9639174 --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/Triangle.h @@ -0,0 +1,41 @@ + + +class Triangle:public ENGINE{ + public: + Triangle(){ + + check_by=CHECK_BY::FILE; + check_by_target=L"Execle.exe"; + }; + bool attach_function(); +}; + + +class Triangle2:public ENGINE{ + public: + Triangle2(){ + + check_by=CHECK_BY::FILE_ALL; + check_by_target=check_by_list{L"pix.bin",L"pix.xml"}; + }; + bool attach_function(); +}; + + +class TriangleM:public ENGINE{ + public: + TriangleM(){ + + check_by=CHECK_BY::CUSTOM; + check_by_target=[]{ + wchar_t _[]=L"fsroot_\\common\\app_info.rson"; + + for(int i=0;i<10;i++){ + _[6]=L'0'+i; + if(Util::CheckFile(_))return 1; + } + return 0; + }; + }; + bool attach_function(); +}; \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine32/Troy.cpp b/cpp/LunaHook/LunaHook/engine32/Troy.cpp new file mode 100644 index 00000000..1d09e8c0 --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/Troy.cpp @@ -0,0 +1,24 @@ +#include"Troy.h" + +bool Troy::attach_function() { + //Reverse desire~裏返る欲望~ + auto dll=GetModuleHandleW(L"sfe.dll"); + if(dll==0)return false; + auto [minaddr,maxaddr]=Util::QueryModuleLimits(dll); + BYTE bytes[] = { + 0x3C,0x82, + XX2, + 0x80,0xFB,0x9F, + XX2, + 0x80,0xFB,0xF1 + }; + auto addr = MemDbg::findBytes(bytes, sizeof(bytes), minaddr, maxaddr); + if (addr == 0)return false; + addr=MemDbg::findEnclosingAlignedFunction(addr); + if (addr == 0)return false; + HookParam hp; + hp.address = addr; + hp.offset=get_stack(2); + hp.type = CODEC_ANSI_BE; + return NewHook(hp, "Troy"); +} \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine32/Troy.h b/cpp/LunaHook/LunaHook/engine32/Troy.h new file mode 100644 index 00000000..2f252367 --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/Troy.h @@ -0,0 +1,12 @@ + + +class Troy:public ENGINE{ + public: + Troy(){ + + check_by=CHECK_BY::FILE_ALL; + check_by_target=check_by_list{L"*.mma",L"sfe.dll"}; + is_engine_certain=false; + }; + bool attach_function(); +}; \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine32/Unicorn.cpp b/cpp/LunaHook/LunaHook/engine32/Unicorn.cpp new file mode 100644 index 00000000..abb3f089 --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/Unicorn.cpp @@ -0,0 +1,832 @@ +#include "Unicorn.h" +/** + * jichi 9/16/2013: a-unicorn / gesen18 + * See (CaoNiMaGeBi): http://tieba.baidu.com/p/2586681823 + * Pattern: 2bce8bf8 + * 2bce sub ecx,esi ; hook here + * 8bf8 mov eds,eax + * 8bd1 mov edx,ecx + * + * /HBN-20*0@xxoo + * - length_offset: 1 + * - off: 4294967260 (0xffffffdc) + * - type: 1032 (0x408) + */ +bool InsertUnicornHook() +{ + // pattern: 2bce8bf8 + const BYTE bytes[] = { + 0x2b, 0xce, // sub ecx,esi ; hook here + 0x8b, 0xf8 // mov edi,eax + }; + // enum { addr_offset = 0 }; + ULONG range = min(processStopAddress - processStartAddress, MAX_REL_ADDR); + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStartAddress + range); + if (!addr) + { + ConsoleOutput("Unicorn: pattern not exist"); + return false; + } + + HookParam hp; + hp.type = NO_CONTEXT | DATA_INDIRECT; + hp.offset = get_reg(regs::edi); + hp.address = addr; + + // index = SearchPattern(processStartAddress, size,ins, sizeof(ins)); + // GROWL_DWORD2(base, index); + + ConsoleOutput("INSERT Unicorn"); + return NewHook(hp, "Unicorn"); +} +namespace +{ // unnamed + // A simple but very inefficient implementation for LRU cache. + + namespace ScenarioHook + { + + lru_cache textCache_(30); // capacity = 30 + + namespace Private + { + + class TextStorage + { + LPSTR text_; + std::string oldData_, + newData_; + int lineCount_; + bool saved_; + + public: + TextStorage() + : text_(nullptr), lineCount_(0), saved_(false) {} + + bool isEmpty() const + { + return lineCount_ == 0; + } + + void clear() + { + text_ = nullptr; + lineCount_ = 0; + saved_ = false; + oldData_.clear(); + newData_.clear(); + } + + std::string load(char *textAddress); + void save(); + bool restore(); // recover old text + } textStorage_; + + // Hook + + ULONG textOffset_; // = 0x114; + + std::string sourceData_; + LPSTR targetText_; + void hookBefore(hook_stack *s, HookParam *hp, TextBuffer *buffer, uintptr_t *role) + { + // Sample game: 三極姫4 ~天華繚乱 天命の恋絵巻~ + // 004B76BB 51 PUSH ECX + // 004B76BC 8BCB MOV ECX,EBX + // 004B76BE 894424 14 MOV DWORD PTR SS:[ESP+0x14],EAX + // 004B76C2 E8 89A5FFFF CALL Sangokuh.004B1C50 ; jichi: name caller + // 004B76C7 E8 44A5FFFF CALL Sangokuh.004B1C10 + // 004B76CC 85C0 TEST EAX,EAX + // 004B76CE 0F8E F6000000 JLE Sangokuh.004B77CA + // 004B76D4 8BF8 MOV EDI,EAX + // 004B76D6 EB 08 JMP SHORT Sangokuh.004B76E0 + // 004B76D8 8DA424 00000000 LEA ESP,DWORD PTR SS:[ESP] + // 004B76DF 90 NOP + // 004B76E0 33C0 XOR EAX,EAX + // 004B76E2 B9 0F000000 MOV ECX,0xF + // 004B76E7 898C24 FC000000 MOV DWORD PTR SS:[ESP+0xFC],ECX + // 004B76EE 898424 F8000000 MOV DWORD PTR SS:[ESP+0xF8],EAX + // 004B76F5 888424 E8000000 MOV BYTE PTR SS:[ESP+0xE8],AL + // 004B76FC 898C24 18010000 MOV DWORD PTR SS:[ESP+0x118],ECX + // 004B7703 898424 14010000 MOV DWORD PTR SS:[ESP+0x114],EAX + // 004B770A 888424 04010000 MOV BYTE PTR SS:[ESP+0x104],AL + // 004B7711 8D9424 84040000 LEA EDX,DWORD PTR SS:[ESP+0x484] + // 004B7718 52 PUSH EDX + // 004B7719 8BCB MOV ECX,EBX + // 004B771B C68424 AC060000 01 MOV BYTE PTR SS:[ESP+0x6AC],0x1 + // 004B7723 E8 28A5FFFF CALL Sangokuh.004B1C50 ; jichi: scenario caller + // 004B7728 8D8424 84040000 LEA EAX,DWORD PTR SS:[ESP+0x484] + // 004B772F 50 PUSH EAX + // 004B7730 8D8C24 E8000000 LEA ECX,DWORD PTR SS:[ESP+0xE8] + // + // Sample game: 天極姫 ~新世大乱・双界の覇者達~ + // Name caller: + // 0049A83B E8 D0AFFFFF CALL .00495810 + // 0049A840 894424 14 MOV DWORD PTR SS:[ESP+0x14],EAX + // 0049A844 8D8424 EC010000 LEA EAX,DWORD PTR SS:[ESP+0x1EC] + // 0049A84B 50 PUSH EAX + // 0049A84C E8 DFAFFFFF CALL .00495830 ; jichi: name caller + // 0049A851 E8 9AAFFFFF CALL .004957F0 + // 0049A856 BD 0F000000 MOV EBP,0xF + // 0049A85B 85C0 TEST EAX,EAX + // 0049A85D 0F8E E3000000 JLE .0049A946 + + auto retaddr = s->stack[0]; + *role = 0; + // if (retaddr == 0x4b7728) + if ((*(DWORD *)(retaddr - 5 - 8) & 0x00ffffff) == 0x2484c6) // 004B771B C68424 AC060000 01 MOV BYTE PTR SS:[ESP+0x6AC],0x1 + *role = Engine::ScenarioRole; + // else if (retaddr == 0x4b76c7) + else if ((*(DWORD *)(retaddr - 5 - 8) & 0x00ffffff) == 0x0024848d // 0049A844 8D8424 EC010000 LEA EAX,DWORD PTR SS:[ESP+0x1EC] + || (*(DWORD *)(retaddr - 5 - 4) & 0x00ffffff) == 0x00244489) // 004B76BE 894424 14 MOV DWORD PTR SS:[ESP+0x14],EAX + *role = Engine::NameRole; + // else + // return true; + if (*role != Engine::ScenarioRole && !textStorage_.isEmpty()) + { + textStorage_.restore(); + textStorage_.clear(); + } + if (!*role) + return ; + + auto text = (LPSTR) * (DWORD *)(s->ecx + textOffset_); // [ecx+0x114] + if (!*text || all_ascii(text)) // allspaces is only needed when textstorage is enabled though + return ; + + if (!textStorage_.isEmpty()) + { + textStorage_.restore(); + textStorage_.clear(); + } + + bool textStorageEnabled = *role == Engine::ScenarioRole && Engine::isAddressWritable(text); + std::string oldData; + if (textStorageEnabled) + oldData = textStorage_.load(text); + else + oldData = text; + + if (*role == Engine::NameRole) + strReplace(oldData, "\x81\x40", ""); + // oldData.replace("\x81\x40", ""); // remove spaces in the middle of names + buffer->from(oldData); + } + void hookafter2(hook_stack *s, void *data, size_t len) + { + + auto newData = std::string((char *)data, len); + auto retaddr = s->stack[0]; + int role = 0; + // if (retaddr == 0x4b7728) + if ((*(DWORD *)(retaddr - 5 - 8) & 0x00ffffff) == 0x2484c6) // 004B771B C68424 AC060000 01 MOV BYTE PTR SS:[ESP+0x6AC],0x1 + role = Engine::ScenarioRole; + // else if (retaddr == 0x4b76c7) + else if ((*(DWORD *)(retaddr - 5 - 8) & 0x00ffffff) == 0x0024848d // 0049A844 8D8424 EC010000 LEA EAX,DWORD PTR SS:[ESP+0x1EC] + || (*(DWORD *)(retaddr - 5 - 4) & 0x00ffffff) == 0x00244489) // 004B76BE 894424 14 MOV DWORD PTR SS:[ESP+0x14],EAX + role = Engine::NameRole; + // else + // return true; + if (role != Engine::ScenarioRole && !textStorage_.isEmpty()) + { + textStorage_.restore(); + textStorage_.clear(); + } + if (!role) + return; + auto text = (LPSTR) * (DWORD *)(s->ecx + textOffset_); // [ecx+0x114] + if (!*text || all_ascii(text)) // allspaces is only needed when textstorage is enabled though + return; + if (!textStorage_.isEmpty()) + { + textStorage_.restore(); + textStorage_.clear(); + } + bool textStorageEnabled = role == Engine::ScenarioRole && Engine::isAddressWritable(text); + std::string oldData; + if (textStorageEnabled) + oldData = textStorage_.load(text); + else + oldData = text; + if (role == Engine::NameRole) + strReplace(oldData, "\x81\x40", ""); + // oldData.replace("\x81\x40", ""); // remove spaces in the middle of names + if (oldData == newData) + { + if (textStorageEnabled) + textStorage_.clear(); + return; + } + if (textStorageEnabled) + textStorage_.save(); + sourceData_ = newData; + targetText_ = (LPSTR)s->stack[1]; // arg1 + textCache_.put(simplehash::hashByteArraySTD(newData)); + } + void hookAfter(hook_stack *stack, HookParam *hp, TextBuffer *buffer, uintptr_t *split) + { + if (targetText_) + { + ::strcpy(targetText_, sourceData_.c_str()); + targetText_ = nullptr; + } + } + + } // namespace Private + + /** + * Sample text + * + * Sample game: 三極姫4 ~天華繚乱 天命の恋絵巻~ + * + * 01FE881C 81 40 92 6A 81 40 00 01 81 75 82 BB 81 41 82 BB  男 .「そ、そ + * 01FE882C 82 F1 82 C8 81 63 81 63 82 BB 82 EA 82 AA 8D C5 んな……それが最 + * 01FE883C 8C E3 82 CC 90 48 97 BF 82 C8 82 CC 82 C9 81 63 後の食料なのに… + * 01FE884C 81 63 81 49 81 76 00 00 00 00 FF FF FF FF FF FF …!」.... + * 01FE885C FF FF 11 19 00 1B 00 0F 19 00 1D 00 03 00 00 00 ....... + * 01FE886C 03 00 00 00 00 01 97 AA 92 44 81 5C 81 5C 00 00 ....略奪――.. + * + * 01FE8758 01 00 00 00 01 00 00 00 93 90 81 40 91 AF 00 02 ......盗 賊. + * 01FE8768 81 75 82 C7 82 A4 82 B9 82 B1 82 EA 82 C1 82 DB 「どうせこれっぽ + * 01FE8778 82 C1 82 BF 82 CC 90 48 97 BF 82 AA 82 A0 82 C1 っちの食料があっ + * 01FE8788 82 BD 82 C6 82 B1 82 EB 82 C5 81 41 8B 51 82 A6 たところで、飢え + * 01FE8798 82 C4 8E 80 00 00 00 00 FF FF FF FF FF FF FF FF て死.... + * 01FE87A8 0A 82 CA 82 CC 82 CD 93 AF 82 B6 82 BE 82 EB 81 .ぬのは同じだろ・ + * 01FE87B8 49 81 40 82 D9 82 E7 91 53 95 94 82 E6 82 B1 82 I ほら全部よこ・ + * 01FE87C8 B9 82 C1 81 49 81 76 00 00 00 00 FF FF FF FF FF ケっ!」.... + * 01FE87D8 FF FF FF 11 19 00 16 00 19 19 00 18 00 32 00 00 ....2.. + * 01FE87E8 00 44 61 74 61 5C 76 6F 69 63 65 5C 65 74 63 5C .Data\voice\etc\ + * 01FE87F8 65 74 63 4A 5F 70 63 41 5F 30 30 30 31 2E 76 6F etcJ_pcA_0001.vo + * 01FE8808 69 00 00 00 00 00 00 0F 19 00 19 00 02 00 00 00 i........... + * + * Sample game: 戦極姫6 + * + * 023AF0E8 82 BB 82 CC 90 BA 82 F0 95 B7 82 AB 81 41 90 B0 その声を聞き、晴 + * 023AF0F8 90 4D 82 CD 82 B7 82 C1 82 C6 95 5C 8F EE 82 F0 信はすっと表情を + * 023AF108 88 F8 82 AB 92 F7 82 DF 82 BD 81 42 00 00 00 00 引き締めた。.... + * 023AF118 BE BE BE FF FF FF FF FF 11 0E 00 1E 00 0F 0E 00 セセセ... + * 023AF128 20 00 03 00 00 00 03 00 00 00 95 90 93 63 90 4D .......武田信 + * 023AF138 94 C9 00 01 81 75 90 4D 8C D5 97 6C 82 CD 81 41 繁.「信虎様は、 + * 023AF148 97 5C 92 E8 82 C7 82 A8 82 E8 82 BE 82 BB 82 A4 予定どおりだそう + * 023AF158 82 BE 81 76 00 00 00 00 BE BE BE FF FF FF FF FF だ」....セセセ + * 023AF168 11 0E 00 22 00 0F 0E 00 24 00 04 00 00 00 04 00 ."..$..... + * 023AF178 00 00 00 02 95 94 89 AE 82 C9 82 CD 82 A2 82 C1 ...部屋にはいっ + * 023AF188 82 C4 82 AB 82 BD 90 4D 94 C9 82 CD 81 41 90 B0 てきた信繁は、晴 + * 023AF198 90 4D 82 CC 91 4F 82 D6 82 C6 8D 98 82 F0 82 A8 信の前へと腰をお + * 023AF1A8 82 EB 82 B5 8C FC 82 A9 00 00 00 00 BE BE BE FF ろし向か....セセセ + * 023AF1B8 FF FF FF FF 0A 82 A2 82 A0 82 A4 81 42 00 00 00 .いあう。... + * 023AF1C8 00 BE BE BE FF FF FF FF FF 11 0E 00 27 00 01 0E .セセセ.'. + * 023AF1D8 00 2A 00 84 D9 07 00 02 00 00 00 E8 18 00 00 01 .*.・....・.. + * 023AF1E8 60 00 00 00 E9 18 00 00 01 5B 00 00 00 19 0E 00 `...・..[.... + * 023AF1F8 2C 00 06 00 00 00 44 61 74 61 5C 76 6F 69 63 65 ,....Data\voice + * 023AF208 5C 73 69 6E 67 65 6E 5C 73 69 6E 67 65 6E 5F 30 \singen\singen_0 + * 023AF218 30 34 33 2E 76 6F 69 00 00 00 00 00 00 0F 0E 00 043.voi....... + * + * Sample game: 天極姫 ~新世大乱・双界の覇者達~ + * 0211F8AA 82 91 80 82 BD 82 BF 82 CD 82 B1 82 CC 90 A2 8A q€たちはこの世・ + * 0211F8BA 45 82 C9 93 CB 91 52 8C BB 82 EA 82 BD 81 42 82 Eに突然現れた。・ + * 0211F8CA BB 82 B5 82 C4 82 B1 82 B1 82 CC 96 AF 82 BD 82 サしてここの民た・ + * 0211F8DA BF 82 CD 00 00 00 00 BE BE BE FF FF FF FF FF 0A ソは....セセセ. + * 0211F8EA 91 82 91 80 82 BD 82 BF 82 F0 81 41 92 B7 82 AD 曹操たちを、長く + * 0211F8FA 91 B1 82 A2 82 BD 90 ED 97 90 82 F0 8F 49 82 ED 続いた戦乱を終わ + * 0211F90A 82 E7 82 B9 82 E9 89 70 97 59 82 C6 81 41 96 7B らせる英雄と、本 + * 0211F91A 8B 43 82 C5 00 00 00 00 BE BE BE FF FF FF FF FF 気で....セセセ + * 0211F92A 0A 90 4D 82 B6 82 C4 82 A2 82 E9 82 C6 82 A2 82 .信じているとい・ + * 0211F93A A4 82 B1 82 C6 82 BE 82 C1 82 BD 81 42 00 00 00 、ことだった。... + */ + // 三極姫4: 00 00 00 00 ff ff ff ff ff ff ff ff 0a + // 戦極姫6: 00 00 00 00 be be be ff ff ff ff ff 0a + // enum { TextSeparatorSize = 12 }; + static inline bool isTextSeparator(LPCSTR text) + { + // return 0 == ::memcmp(p, "\x00\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\x0a", 13); + return 0 == ::memcmp(text, "\x00\x00\x00\x00", 4) && 0 == ::memcmp(text + 8, "\xff\xff\xff\xff\x0a", 5); + } + std::string Private::TextStorage::load(char *text) + { + text_ = text; + std::string data = text; + lineCount_ = 1; + LPCSTR p = text + ::strlen(text); + for (; isTextSeparator(p); p += ::strlen(p)) + { + lineCount_++; + p += 12; + data.append(p); + } + oldData_ = std::string(text, p - text); + return data; + } + + void Private::TextStorage::save() + { + if (lineCount_ <= 1) + return; + LPSTR p = text_ + ::strlen(text_); + while (isTextSeparator(p)) + { + p += 12 + 1; // +1 for the extra 0xa + if (size_t size = ::strlen(p)) + { + ::memset(p, ' ', size); + p += size; + } + } + newData_ = std::string(text_, p - text_); + } + + bool Private::TextStorage::restore() + { + if (!saved_ || !Engine::isAddressWritable(text_, oldData_.size()) || ::memcmp(text_, newData_.c_str(), newData_.size())) + return false; + if (::memcmp(text_, oldData_.c_str(), oldData_.size())) + ::memcpy(text_, oldData_.c_str(), oldData_.size()); + saved_ = false; + return true; + } + + /** + * Sample game: 三極姫4 ~天華繚乱 天命の恋絵巻~ + * + * Function found by hardware breakpoint scenario text. + * + * The memory copy function: + * 004B1C4D CC INT3 + * 004B1C4E CC INT3 + * 004B1C4F CC INT3 + * 004B1C50 8B81 14010000 MOV EAX,DWORD PTR DS:[ECX+0x114] ; jichi: source text in eax, beforeAddress + * 004B1C56 8B5424 04 MOV EDX,DWORD PTR SS:[ESP+0x4] ; jichi: target address in edx + * 004B1C5A 56 PUSH ESI + * 004B1C5B 33F6 XOR ESI,ESI + * 004B1C5D 8038 00 CMP BYTE PTR DS:[EAX],0x0 + * 004B1C60 74 1D JE SHORT Sangokuh.004B1C7F + * 004B1C62 8B81 14010000 MOV EAX,DWORD PTR DS:[ECX+0x114] + * 004B1C68 8A00 MOV AL,BYTE PTR DS:[EAX] + * 004B1C6A 8802 MOV BYTE PTR DS:[EDX],AL + * 004B1C6C FF81 14010000 INC DWORD PTR DS:[ECX+0x114] + * 004B1C72 8B81 14010000 MOV EAX,DWORD PTR DS:[ECX+0x114] + * 004B1C78 42 INC EDX + * 004B1C79 46 INC ESI + * 004B1C7A 8038 00 CMP BYTE PTR DS:[EAX],0x0 + * 004B1C7D ^75 E3 JNZ SHORT Sangokuh.004B1C62 + * 004B1C7F 8B81 14010000 MOV EAX,DWORD PTR DS:[ECX+0x114] + * 004B1C85 8A00 MOV AL,BYTE PTR DS:[EAX] + * 004B1C87 8802 MOV BYTE PTR DS:[EDX],AL + * 004B1C89 FF81 14010000 INC DWORD PTR DS:[ECX+0x114] + * 004B1C8F 8BC6 MOV EAX,ESI ; jichi: copied count + * 004B1C91 5E POP ESI + * 004B1C92 C2 0400 RETN 0x4 ; jichi: afterAddress + * 004B1C95 CC INT3 + * 004B1C96 CC INT3 + * 004B1C97 CC INT3 + * + * The very large caller function: + * + * 004B76AB 894424 1C MOV DWORD PTR SS:[ESP+0x1C],EAX + * 004B76AF E8 7CA5FFFF CALL Sangokuh.004B1C30 + * 004B76B4 8D8C24 7C030000 LEA ECX,DWORD PTR SS:[ESP+0x37C] + * 004B76BB 51 PUSH ECX + * 004B76BC 8BCB MOV ECX,EBX + * 004B76BE 894424 14 MOV DWORD PTR SS:[ESP+0x14],EAX + * 004B76C2 E8 89A5FFFF CALL Sangokuh.004B1C50 ; jichi: name caller + * 004B76C7 E8 44A5FFFF CALL Sangokuh.004B1C10 + * 004B76CC 85C0 TEST EAX,EAX + * 004B76CE 0F8E F6000000 JLE Sangokuh.004B77CA + * 004B76D4 8BF8 MOV EDI,EAX + * 004B76D6 EB 08 JMP SHORT Sangokuh.004B76E0 + * 004B76D8 8DA424 00000000 LEA ESP,DWORD PTR SS:[ESP] + * 004B76DF 90 NOP + * 004B76E0 33C0 XOR EAX,EAX + * 004B76E2 B9 0F000000 MOV ECX,0xF + * 004B76E7 898C24 FC000000 MOV DWORD PTR SS:[ESP+0xFC],ECX + * 004B76EE 898424 F8000000 MOV DWORD PTR SS:[ESP+0xF8],EAX + * 004B76F5 888424 E8000000 MOV BYTE PTR SS:[ESP+0xE8],AL + * 004B76FC 898C24 18010000 MOV DWORD PTR SS:[ESP+0x118],ECX + * 004B7703 898424 14010000 MOV DWORD PTR SS:[ESP+0x114],EAX + * 004B770A 888424 04010000 MOV BYTE PTR SS:[ESP+0x104],AL + * 004B7711 8D9424 84040000 LEA EDX,DWORD PTR SS:[ESP+0x484] + * 004B7718 52 PUSH EDX + * 004B7719 8BCB MOV ECX,EBX + * 004B771B C68424 AC060000 01 MOV BYTE PTR SS:[ESP+0x6AC],0x1 + * 004B7723 E8 28A5FFFF CALL Sangokuh.004B1C50 ; jichi: scenario caller + * 004B7728 8D8424 84040000 LEA EAX,DWORD PTR SS:[ESP+0x484] + * 004B772F 50 PUSH EAX + * 004B7730 8D8C24 E8000000 LEA ECX,DWORD PTR SS:[ESP+0xE8] + * + * Sample game: 戦極姫6 + * 004A6C88 CC INT3 + * 004A6C89 CC INT3 + * 004A6C8A CC INT3 + * 004A6C8B CC INT3 + * 004A6C8C CC INT3 + * 004A6C8D CC INT3 + * 004A6C8E CC INT3 + * 004A6C8F CC INT3 + * 004A6C90 8B81 14010000 MOV EAX,DWORD PTR DS:[ECX+0x114] + * 004A6C96 8B5424 04 MOV EDX,DWORD PTR SS:[ESP+0x4] + * 004A6C9A 56 PUSH ESI + * 004A6C9B 33F6 XOR ESI,ESI + * 004A6C9D 8038 00 CMP BYTE PTR DS:[EAX],0x0 + * 004A6CA0 74 1D JE SHORT .004A6CBF + * 004A6CA2 8B81 14010000 MOV EAX,DWORD PTR DS:[ECX+0x114] + * 004A6CA8 8A00 MOV AL,BYTE PTR DS:[EAX] + * 004A6CAA 8802 MOV BYTE PTR DS:[EDX],AL + * 004A6CAC FF81 14010000 INC DWORD PTR DS:[ECX+0x114] + * 004A6CB2 8B81 14010000 MOV EAX,DWORD PTR DS:[ECX+0x114] + * 004A6CB8 42 INC EDX + * 004A6CB9 46 INC ESI + * 004A6CBA 8038 00 CMP BYTE PTR DS:[EAX],0x0 + * 004A6CBD ^75 E3 JNZ SHORT .004A6CA2 + * 004A6CBF 8B81 14010000 MOV EAX,DWORD PTR DS:[ECX+0x114] + * 004A6CC5 8A00 MOV AL,BYTE PTR DS:[EAX] + * 004A6CC7 8802 MOV BYTE PTR DS:[EDX],AL + * 004A6CC9 FF81 14010000 INC DWORD PTR DS:[ECX+0x114] + * 004A6CCF 8BC6 MOV EAX,ESI + * 004A6CD1 5E POP ESI + * 004A6CD2 C2 0400 RETN 0x4 + * 004A6CD5 CC INT3 + * 004A6CD6 CC INT3 + * 004A6CD7 CC INT3 + * 004A6CD8 CC INT3 + * 004A6CD9 CC INT3 + */ + bool attach(ULONG startAddress, ULONG stopAddress) + { + ULONG beforeAddress; + { + const uint8_t bytes[] = { + 0x8b, 0x81, XX4, // 004b1c50 8b81 14010000 mov eax,dword ptr ds:[ecx+0x114] ; jichi: source text in eax + 0x8b, 0x54, 0x24, 0x04, // 004b1c56 8b5424 04 mov edx,dword ptr ss:[esp+0x4] ; jichi: target address in edx + 0x56, // 004b1c5a 56 push esi + 0x33, 0xf6, // 004b1c5b 33f6 xor esi,esi + 0x80, 0x38, 0x00 // 004b1c5d 8038 00 cmp byte ptr ds:[eax],0x0 + }; + beforeAddress = MemDbg::findBytes(bytes, sizeof(bytes), startAddress, stopAddress); + if (!beforeAddress) + return false; + } + + ULONG afterAddress; + { + // 004B1C92 C2 0400 RETN 0x4 ; jichi: afterAddress + // 004B1C95 CC INT3 + DWORD bytes = 0xcc0004c2; + afterAddress = MemDbg::findBytes(&bytes, sizeof(bytes), beforeAddress, stopAddress); + if (!afterAddress || afterAddress - beforeAddress > 0x200) // should within 0x42 + return false; + } + + // 004b1c50 8b81 14010000 mov eax,dword ptr ds:[ecx+0x114] ; jichi: source text in eax + Private::textOffset_ = *(DWORD *)(beforeAddress + 2); // 0x114 + HookParam hp; + hp.address = beforeAddress; + hp.text_fun = Private::hookBefore; + hp.hook_after = Private::hookafter2; + hp.offset = get_stack(1); + hp.newlineseperator = L"\\n"; + hp.type = EMBED_ABLE | EMBED_DYNA_SJIS; + hp.hook_font = F_GetGlyphOutlineA; + auto suc = NewHook(hp, "EMbedUnicorn"); + hp.address = afterAddress; + hp.text_fun = Private::hookAfter; + suc |= NewHook(hp, "EMbedUnicorn"); + return suc; + } + + } // namespace ScenarioHook + + namespace OtherHook + { + namespace Private + { + + // bool isSkippedText(LPCSTR text) + //{ + // return 0 == ::strcmp(text, "\x82\x6c\x82\x72\x20\x83\x53\x83\x56\x83\x62\x83\x4e"); // "MS ゴシック" + // } + + /** + * Sample game: 戦極姫6 + * + */ + void hookBefore(hook_stack *s, HookParam *hp, TextBuffer *buffer, uintptr_t *role) + { + static std::string data_; + auto retaddr = s->stack[0]; + // 0052FDCE 83C4 0C ADD ESP,0xC + // 0052FDD1 ^EB C1 JMP SHORT .0052FD94 + // if (*(DWORD *)retaddr != 0xeb0cc483) + // return true; + // retaddr = s->stack[7]; // parent caller + + // Scenario/name/other threads to skip: + // - 0x404062 // there are so many other texts in this thread + // + // Other thread to keep: + // - 0x4769f8: message + // - 0x4135ba: in-game text that split into lines + // + // 004769E9 2BC7 SUB EAX,EDI + // 004769EB 50 PUSH EAX + // 004769EC 51 PUSH ECX + // 004769ED 8D8E C4080000 LEA ECX,DWORD PTR DS:[ESI+0x8C4] + // 004769F3 E8 B8D1F8FF CALL .00403BB0 ; jichi; message + // 004769F8 D9EE FLDZ + // 004769FA 8B6C24 18 MOV EBP,DWORD PTR SS:[ESP+0x18] + // 004769FE D996 04090000 FST DWORD PTR DS:[ESI+0x904] + // + // 004135B1 52 PUSH EDX + // 004135B2 8D4E 3C LEA ECX,DWORD PTR DS:[ESI+0x3C] + // 004135B5 E8 F605FFFF CALL .00403BB0 ; jichi: in-game caller + // 004135BA EB 08 JMP SHORT .004135C4 + // 004135BC 8D4E 3C LEA ECX,DWORD PTR DS:[ESI+0x3C] + // if (retaddr != 0x4769f8 && retaddr != 0x4135ba) + // return true; + switch (*(WORD *)retaddr) + { + case 0xeed9: // 004769F8 D9EE FLDZ + case 0x08eb: // 004135BA EB 08 JMP SHORT .004135C4 + break; + default: + return ; + } + auto text = (LPCSTR)s->stack[1]; // arg1 + int size = s->stack[2]; // arg2 + if (!text || size <= 2 // avoid painting individual character + || ::strlen(text) != size || all_ascii(text) || ScenarioHook::textCache_.exists(simplehash::hashCharArray(text))) + //|| !q->isTextDecodable(text)) // avoid re-translation + //|| isascii(text[::strlen(text) - 2]) + //|| isSkippedText(text)) + return ; + enum + { + role = Engine::OtherRole + }; + buffer->from(text, size); + /* //oldData.replace("\\n", "\n"); // Remove new line. FIXME: automatically adjust line width + std::string newData = EngineController::instance()->dispatchTextASTD(oldData, role, retaddr); + if (newData == oldData) + return true; + data_ = newData; + s->stack[1] = (ULONG)data_.c_str(); + s->stack[2] = data_.size(); + return true;*/ + } + + void hookafter(hook_stack *s, void *data, size_t len) + { + + auto newData = std::string((char *)data, len); + static std::string data_; + data_ = newData; + s->stack[1] = (ULONG)data_.c_str(); + s->stack[2] = data_.size(); + } + } // namespace Private + + /** + * Sample game: 戦極姫6 + * Function found by debugging caller of GetGlyphOutlineA. + * 0052F2DC CC INT3 + * 0052F2DD CC INT3 + * 0052F2DE CC INT3 + * 0052F2DF CC INT3 + * 0052F2E0 55 PUSH EBP + * 0052F2E1 8BEC MOV EBP,ESP + * 0052F2E3 57 PUSH EDI + * 0052F2E4 56 PUSH ESI + * 0052F2E5 8B75 0C MOV ESI,DWORD PTR SS:[EBP+0xC] ; jichi: arg2, source text + * 0052F2E8 8B4D 10 MOV ECX,DWORD PTR SS:[EBP+0x10] ; jichi: arg3, count? + * 0052F2EB 8B7D 08 MOV EDI,DWORD PTR SS:[EBP+0x8] ; jichi: arg1, target location + * 0052F2EE 8BC1 MOV EAX,ECX + * 0052F2F0 8BD1 MOV EDX,ECX + * 0052F2F2 03C6 ADD EAX,ESI + * 0052F2F4 3BFE CMP EDI,ESI + * 0052F2F6 76 08 JBE SHORT .0052F300 + * 0052F2F8 3BF8 CMP EDI,EAX + * 0052F2FA 0F82 A4010000 JB .0052F4A4 + * 0052F300 81F9 00010000 CMP ECX,0x100 ; jichi: 0x100 is the threshold + * 0052F306 72 1F JB SHORT .0052F327 + * 0052F308 833D 6472D800 00 CMP DWORD PTR DS:[0xD87264],0x0 + * 0052F30F 74 16 JE SHORT .0052F327 + * 0052F311 57 PUSH EDI + * 0052F312 56 PUSH ESI + * 0052F313 83E7 0F AND EDI,0xF + * 0052F316 83E6 0F AND ESI,0xF + * 0052F319 3BFE CMP EDI,ESI + * 0052F31B 5E POP ESI + * 0052F31C 5F POP EDI + * 0052F31D 75 08 JNZ SHORT .0052F327 + * 0052F31F 5E POP ESI + * 0052F320 5F POP EDI + * 0052F321 5D POP EBP + * 0052F322 E9 7C5F0000 JMP .005352A3 + * 0052F327 F7C7 03000000 TEST EDI,0x3 + * 0052F32D 75 15 JNZ SHORT .0052F344 + * 0052F32F C1E9 02 SHR ECX,0x2 + * 0052F332 83E2 03 AND EDX,0x3 + * 0052F335 83F9 08 CMP ECX,0x8 + * 0052F338 72 2A JB SHORT .0052F364 + * 0052F33A F3:A5 REP MOVS DWORD PTR ES:[EDI],DWORD PTR DS> + * 0052F33C FF2495 54F45200 JMP DWORD PTR DS:[EDX*4+0x52F454] + * 0052F343 90 NOP + * + * Here's its parent parent caller: + * - arg1: jichi: source text + * - arg2: jichi: source size + * + * 00403BAB CC INT3 + * 00403BAC CC INT3 + * 00403BAD CC INT3 + * 00403BAE CC INT3 + * 00403BAF CC INT3 + * 00403BB0 55 PUSH EBP + * 00403BB1 8B6C24 08 MOV EBP,DWORD PTR SS:[ESP+0x8] + * 00403BB5 56 PUSH ESI + * 00403BB6 57 PUSH EDI + * 00403BB7 8BF1 MOV ESI,ECX + * 00403BB9 85ED TEST EBP,EBP + * 00403BBB 74 46 JE SHORT .00403C03 + * 00403BBD 8B56 18 MOV EDX,DWORD PTR DS:[ESI+0x18] + * 00403BC0 8D46 04 LEA EAX,DWORD PTR DS:[ESI+0x4] + * 00403BC3 83FA 10 CMP EDX,0x10 + * 00403BC6 72 04 JB SHORT .00403BCC + * 00403BC8 8B08 MOV ECX,DWORD PTR DS:[EAX] + * 00403BCA EB 02 JMP SHORT .00403BCE + * 00403BCC 8BC8 MOV ECX,EAX + * 00403BCE 3BE9 CMP EBP,ECX + * 00403BD0 72 31 JB SHORT .00403C03 + * 00403BD2 83FA 10 CMP EDX,0x10 + * 00403BD5 72 04 JB SHORT .00403BDB + * 00403BD7 8B08 MOV ECX,DWORD PTR DS:[EAX] + * 00403BD9 EB 02 JMP SHORT .00403BDD + * 00403BDB 8BC8 MOV ECX,EAX + * 00403BDD 8B7E 14 MOV EDI,DWORD PTR DS:[ESI+0x14] + * 00403BE0 03F9 ADD EDI,ECX + * 00403BE2 3BFD CMP EDI,EBP + * 00403BE4 76 1D JBE SHORT .00403C03 + * 00403BE6 83FA 10 CMP EDX,0x10 + * 00403BE9 72 02 JB SHORT .00403BED + * 00403BEB 8B00 MOV EAX,DWORD PTR DS:[EAX] + * 00403BED 8B4C24 14 MOV ECX,DWORD PTR SS:[ESP+0x14] + * 00403BF1 51 PUSH ECX + * 00403BF2 2BE8 SUB EBP,EAX + * 00403BF4 55 PUSH EBP + * 00403BF5 56 PUSH ESI + * 00403BF6 8BCE MOV ECX,ESI + * 00403BF8 E8 D3FEFFFF CALL .00403AD0 + * 00403BFD 5F POP EDI + * 00403BFE 5E POP ESI + * 00403BFF 5D POP EBP + * 00403C00 C2 0800 RETN 0x8 + * 00403C03 8B7C24 14 MOV EDI,DWORD PTR SS:[ESP+0x14] + * 00403C07 83FF FE CMP EDI,-0x2 + * 00403C0A 76 05 JBE SHORT .00403C11 + * 00403C0C E8 B94F1500 CALL .00558BCA + * 00403C11 8B46 18 MOV EAX,DWORD PTR DS:[ESI+0x18] + * 00403C14 3BC7 CMP EAX,EDI + * 00403C16 73 20 JNB SHORT .00403C38 + * 00403C18 8B56 14 MOV EDX,DWORD PTR DS:[ESI+0x14] + * 00403C1B 52 PUSH EDX + * 00403C1C 57 PUSH EDI + * 00403C1D 8BCE MOV ECX,ESI + * 00403C1F E8 5CFDFFFF CALL .00403980 + * 00403C24 85FF TEST EDI,EDI + * 00403C26 76 56 JBE SHORT .00403C7E + * 00403C28 8B4E 18 MOV ECX,DWORD PTR DS:[ESI+0x18] + * 00403C2B 53 PUSH EBX + * 00403C2C 8D5E 04 LEA EBX,DWORD PTR DS:[ESI+0x4] + * 00403C2F 83F9 10 CMP ECX,0x10 + * 00403C32 72 2C JB SHORT .00403C60 + * 00403C34 8B03 MOV EAX,DWORD PTR DS:[EBX] + * 00403C36 EB 2A JMP SHORT .00403C62 + * 00403C38 85FF TEST EDI,EDI + * 00403C3A ^75 EA JNZ SHORT .00403C26 + * 00403C3C 897E 14 MOV DWORD PTR DS:[ESI+0x14],EDI + * 00403C3F 83F8 10 CMP EAX,0x10 + * 00403C42 72 0E JB SHORT .00403C52 + * 00403C44 8B46 04 MOV EAX,DWORD PTR DS:[ESI+0x4] + * 00403C47 5F POP EDI + * 00403C48 C600 00 MOV BYTE PTR DS:[EAX],0x0 + * 00403C4B 8BC6 MOV EAX,ESI + * 00403C4D 5E POP ESI + * 00403C4E 5D POP EBP + * 00403C4F C2 0800 RETN 0x8 + * 00403C52 8D46 04 LEA EAX,DWORD PTR DS:[ESI+0x4] + * 00403C55 5F POP EDI + * 00403C56 C600 00 MOV BYTE PTR DS:[EAX],0x0 + * 00403C59 8BC6 MOV EAX,ESI + * 00403C5B 5E POP ESI + * 00403C5C 5D POP EBP + * 00403C5D C2 0800 RETN 0x8 + * 00403C60 8BC3 MOV EAX,EBX + * 00403C62 57 PUSH EDI + * 00403C63 55 PUSH EBP + * 00403C64 51 PUSH ECX + * 00403C65 50 PUSH EAX + * 00403C66 E8 19C11200 CALL .0052FD84 ; jichi: actual paint function + * 00403C6B 83C4 10 ADD ESP,0x10 + * 00403C6E 837E 18 10 CMP DWORD PTR DS:[ESI+0x18],0x10 + * 00403C72 897E 14 MOV DWORD PTR DS:[ESI+0x14],EDI + * 00403C75 72 02 JB SHORT .00403C79 + * 00403C77 8B1B MOV EBX,DWORD PTR DS:[EBX] + * 00403C79 C6043B 00 MOV BYTE PTR DS:[EBX+EDI],0x0 + * 00403C7D 5B POP EBX + * 00403C7E 5F POP EDI + * 00403C7F 8BC6 MOV EAX,ESI + * 00403C81 5E POP ESI + * 00403C82 5D POP EBP + * 00403C83 C2 0800 RETN 0x8 + * 00403C86 CC INT3 + * 00403C87 CC INT3 + * 00403C88 CC INT3 + * 00403C89 CC INT3 + * 00403C8A CC INT3 + * 00403C8B CC INT3 + * + * 08BCF938 00403C6B RETURN to .00403C6B from .0052FD84 + * 08BCF93C 088DC7F0 ; jichi: target location + * 08BCF940 0000001F ; jichi: target capacity + * 08BCF944 08BCFC68 ; jichi: source size + * 08BCF948 00000010 ; jichi: source size + * 08BCF94C 00000001 + * 08BCF950 08BCFC69 + * 08BCF954 08BCFC68 + * 08BCF958 0000000F + * 08BCF95C 00404870 RETURN to .00404870 from .00403BB0 + * 08BCF960 08BCFC68 ; jichi: source text + * 08BCF964 00000010 ; jichi: source size + * 08BCF968 0000000F ; jichi: extra capacity + * 08BCF96C 008B68F8 .008B68F8 + * 08BCF970 004AC441 RETURN to .004AC441 from .00404850 + * 08BCF974 08BCFC68 + * 08BCF978 2AE30C3B + * 08BCF97C 004A5710 .004A5710 + * 08BCF980 088D5448 + */ + bool attach(ULONG startAddress, ULONG stopAddress) + { + const uint8_t bytes[] = { + 0x72, 0x0E, // 00403C42 72 0E JB SHORT .00403C52 + 0x8B, 0x46, 0x04, // 00403C44 8B46 04 MOV EAX,DWORD PTR DS:[ESI+0x4] + 0x5F, // 00403C47 5F POP EDI + 0xC6, 0x00, 0x00, // 00403C48 C600 00 MOV BYTE PTR DS:[EAX],0x0 + 0x8B, 0xC6, // 00403C4B 8BC6 MOV EAX,ESI + 0x5E, // 00403C4D 5E POP ESI + 0x5D, // 00403C4E 5D POP EBP + 0xC2, 0x08, 0x00 // 00403C4F C2 0800 RETN 0x8 + }; + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), startAddress, stopAddress); + if (!addr) + return false; + addr = MemDbg::findEnclosingAlignedFunction(addr); + if (!addr) + return false; + // addr = 0x00403BB0; + HookParam hp; + hp.address = addr; + hp.text_fun = Private::hookBefore; + hp.hook_after = Private::hookafter; + hp.type = EMBED_ABLE | EMBED_DYNA_SJIS|NO_CONTEXT; + hp.newlineseperator = L"\\n"; + hp.hook_font = F_GetGlyphOutlineA; + return NewHook(hp, "EMbedUnicornOther"); + } + + } // namespace OtherHook +} // unnamed namespace +bool Unicorn::attach_function() +{ + auto embed = ScenarioHook::attach(processStartAddress, processStopAddress); + if (embed) + { + OtherHook::attach(processStartAddress, processStopAddress); + } + return InsertUnicornHook() || embed; +} + +bool Unicorn_Anesen::attach_function() +{ + //[060908][あねせん] あまからツインズ~双姉といっしょ~ + //[071012][あねせん] おしえて巫女先生弐 + //[071214][あねせん] おしえて巫女先生弐 外伝~ハーレム編~ + const BYTE bytes[] = { + 0x83, 0xFF, 0x20, + XX2, + 0x0F, 0x84, XX4, + 0x81, 0xFF, 0x40, 0x81, 0x00, 0x00, + 0x0F, 0x84}; + auto addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStopAddress); + if (addr == 0) + return false; + addr = MemDbg::findEnclosingAlignedFunction(addr); + if (addr == 0) + return false; + + HookParam hp; + hp.type = USING_STRING; + hp.offset = get_stack(4); + hp.address = addr; + + return NewHook(hp, "Unicorn_Anesen"); +} \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine32/Unicorn.h b/cpp/LunaHook/LunaHook/engine32/Unicorn.h new file mode 100644 index 00000000..cbc8d791 --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/Unicorn.h @@ -0,0 +1,22 @@ + + +class Unicorn:public ENGINE{ + public: + Unicorn(){ + + check_by=CHECK_BY::FILE_ANY; + check_by_target=check_by_list{L"*.szs",L"Data\\*.szs"}; + }; + bool attach_function(); +}; + + +class Unicorn_Anesen:public ENGINE{ + public: + Unicorn_Anesen(){ + + check_by=CHECK_BY::FILE_ALL; + check_by_target=check_by_list{L"BGM",L"DATA",L"MGD",L"MSD",L"SE",L"VOICE"}; + }; + bool attach_function(); +}; \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine32/UnisonShift.cpp b/cpp/LunaHook/LunaHook/engine32/UnisonShift.cpp new file mode 100644 index 00000000..aa0ec244 --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/UnisonShift.cpp @@ -0,0 +1,117 @@ +#include"UnisonShift.h" + +bool InsertUnisonShiftHook() { + BYTE bytes[] = { + 0x83,0xec,0x14, + 0x8b,0x44,0x24,0x10, + 0x53, + 0x55, + 0x8b,0x6c,0x24,0x20 + + }; + auto addr1 = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStopAddress); + if (addr1 == 0) return false; + ConsoleOutput("UnisonShift %p", addr1); + HookParam hp; + hp.address = addr1; + hp.offset=get_stack(3); + return NewHook(hp, "UnisonShift"); +} +bool UnisonShift::attach_function() { + return InsertUnisonShiftHook(); +} + + +bool InsertUnisonShift2Hook() { + BYTE bytes[] = { + //80 FB A0 cmp bl, 0A0h + 0x80,0xfb,0xa0 + }; + auto addr1 = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStopAddress); + if (addr1 == 0)return false; + ConsoleOutput("UnisonShift2 %p", addr1); + BYTE start[] = { 0x83 ,0xEC ,0x08 }; + addr1 = reverseFindBytes(start, sizeof(start), addr1 - 0x100, addr1); + if (addr1 == 0)return false; + HookParam hp; + hp.address = addr1; + hp.offset=get_reg(regs::eax); + hp.type = DATA_INDIRECT; + hp.index = 0; + return NewHook(hp, "UnisonShift2"); +} +bool InsertUnisonShift3Hook() { + + BYTE bytes2[] = { + 0x80,0xF9,XX + }; + auto addrs=Util::SearchMemory(bytes2,sizeof(bytes2),PAGE_EXECUTE, processStartAddress, processStopAddress); + BYTE moveaxoffset[] = { 0xb8 ,XX,XX,XX, 0x00 }; + auto succ=false; + for (auto addr : addrs) { + ConsoleOutput("UnisonShift3 %p", addr); + addr = (DWORD)((BYTE*)addr -5); + int x = -1; + for (int i = 0; i < 0x20; i++) { + if (*((BYTE*)addr-i) == 0xb8 && *((BYTE*)(addr)+4-i) == 0) { + x = i; break; + } + } + if (x == -1)continue; + ConsoleOutput("UnisonShift3 found %p", addr-x); + addr = (DWORD)((BYTE*)addr + 1-x); + auto raddr = *(int*)addr; + ConsoleOutput("UnisonShift3 raddr %p", raddr); + HookParam hp; + hp.address = raddr; + hp.type = DIRECT_READ; + succ|=NewHook(hp, "UnisonShift3"); + } + + + return succ; +} +namespace +{ + //https://vndb.org/v7123 + //凌辱人妻温泉 + + bool _056(){ + BYTE bytes[] = { + 0x83,0xc4,0x0c, + 0x83,0xc1,0x1e, + 0x80,0xfb,0x81, + 0x89,XX,XX4, + 0x0f,0x85,XX4, + 0x8a,0x44,0x24,0x08, + 0x3c,0x76, + 0x74,0x08, + 0x3c,0x78, + 0x0f,0x85,XX4 + }; + auto addr1 = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStopAddress); + if (addr1 == 0)return false; + BYTE start[] = { 0x83 ,0xEC ,0x08 }; + addr1 = MemDbg::findEnclosingAlignedFunction(addr1); + if (addr1 == 0)return false; + HookParam hp; + hp.address = addr1; + hp.offset=get_reg(regs::edx); + hp.type=USING_STRING; + hp.filter_fun=[](LPVOID data, size_t* size, HookParam*){ + auto xx=std::string((char*)data,*size); + static std::string last; + if(xx==last)return false; + last=xx; + return true; + }; + return NewHook(hp, "_056"); + } +} + +bool UnisonShift2::attach_function() { + bool b1=InsertUnisonShift2Hook(); + bool b2=InsertUnisonShift3Hook(); + auto __=_056(); + return b1||b2||__; +} \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine32/UnisonShift.h b/cpp/LunaHook/LunaHook/engine32/UnisonShift.h new file mode 100644 index 00000000..c9227a96 --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/UnisonShift.h @@ -0,0 +1,22 @@ + + +class UnisonShift:public ENGINE{ + public: + UnisonShift(){ + + check_by=CHECK_BY::FILE; + check_by_target=L"*.dat"; + is_engine_certain=false; + }; + bool attach_function(); +}; + +class UnisonShift2:public ENGINE{ + public: + UnisonShift2(){ + + check_by=CHECK_BY::FILE_ALL; + check_by_target=check_by_list{L"PIC.*",L"TP.*",L"GR.*",L"BGM.*"}; + }; + bool attach_function(); +}; \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine32/UnknownEngine.cpp b/cpp/LunaHook/LunaHook/engine32/UnknownEngine.cpp new file mode 100644 index 00000000..31162ea9 --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/UnknownEngine.cpp @@ -0,0 +1,30 @@ +#include"UnknownEngine.h" +bool UnknownEngine::attach_function() { + //ABANDONER - THE SEVERED DREAMS + //https://vndb.org/v1182 + const BYTE bytes[] = { + 0x8B,0x44,0x24,0x04, + 0x85,0xC0, + 0x75,0x03, + 0xC2,0x08,0x00, + 0x33,0xD2, + 0x8A,0x50,0x01, + 0x8A,0x30, + 0x8B,0xC2, + 0x50, + 0xE8,XX4, + 0xC2,0x08,0x00 + } ; + auto addrs = Util::SearchMemory(bytes, sizeof(bytes), PAGE_EXECUTE, processStartAddress, processStopAddress); + auto succ=false; + for (auto addr : addrs) { + HookParam hp; + hp.address = addr; + hp.offset=get_stack(1); + hp.index=0; + hp.type = DATA_INDIRECT; + succ|=NewHook(hp, "Unknown"); + } + return succ; +} + \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine32/UnknownEngine.h b/cpp/LunaHook/LunaHook/engine32/UnknownEngine.h new file mode 100644 index 00000000..f1bc1c20 --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/UnknownEngine.h @@ -0,0 +1,12 @@ + + +class UnknownEngine:public ENGINE{ + public: + UnknownEngine(){ + + check_by=CHECK_BY::FILE; + is_engine_certain=false; + check_by_target=L"*.aqa"; + }; + bool attach_function(); +}; \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine32/V8.cpp b/cpp/LunaHook/LunaHook/engine32/V8.cpp new file mode 100644 index 00000000..f7f1f2dc --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/V8.cpp @@ -0,0 +1,102 @@ +#include"V8.h" +#include"v8/v8.h" +#if 0 +/** +* Artikash 7/15/2018: Insert Tyranobuilder hook +* Sample game: https://vndb.org/v22252: /HWN-8:-1C@233A54:yuika_t.exe +* Artikash 9/11/2018: This is more than just Tyranobuilder. It's actually a hook for the V8 JavaScript runtime +* Sample game: https://www.freem.ne.jp/win/game/9672: /HQ8@2317A0:Prison.exe This new hook seems more reliable +* Nevermind both of those, just hook v8::String::Write https://v8docs.nodesource.com/node-0.8/d2/db3/classv8_1_1_string.html +* v8::String::Write - 55 - push ebp +* v8::String::Write+1- 8B EC - mov ebp,esp +* v8::String::Write+3- 8B 45 14 - mov eax,[ebp+14] +* v8::String::Write+6- 8B 55 10 - mov edx,[ebp+10] +* v8::String::Write+9- 50 - push eax +* v8::String::Write+A- 8B 45 0C - mov eax,[ebp+0C] +* v8::String::Write+D- 52 - push edx +* v8::String::Write+E- 8B 55 08 - mov edx,[ebp+08] +* v8::String::Write+11- 50 - push eax +* v8::String::Write+12- 52 - push edx +* v8::String::Write+13- 51 - push ecx +* v8::String::Write+14- E8 B7C7FFFF - call 6EF630 ; actual writing happens in this function, hooking after is possible +* v8::String::Write+19- 83 C4 14 - add esp,14 { 20 } +* v8::String::Write+1C- 5D - pop ebp +* v8::String::Write+1D- C2 1000 - ret 0010 { 16 } +*/ +void SpecialHookV8String(hook_stack*, HookParam *hp, uintptr_t* data, uintptr_t* split, size_t* len) +{ + DWORD ecx = *data; + DWORD strPtr = *(DWORD*)ecx; + *data = strPtr + 0xb; + *len = *(short*)(strPtr + 7); + if(wcslen((wchar_t*)*data)*2<*len)*len=0; + + //if (*len < 12) *split = 1; // To ensure this is caught by cyclic repetition detection, split if there's 6+ wide chars + //*split = *(DWORD*)((BYTE*)hp->split + dwDatabase); +} + +bool InsertV8Hook(HMODULE module) +{ + auto [minAddress, maxAddress] = Util::QueryModuleLimits(module); + for (const auto& pattern : Array{ { 0x55, 0x8b, 0xec }, { 0x55, 0x89, 0xe5 } }) + { + int matches = Util::SearchMemory(pattern, sizeof(pattern), PAGE_EXECUTE, minAddress, maxAddress).size(), requiredRecords = matches * 20; + if (matches > 10'000 && requiredRecords > spDefault.maxRecords) + { + memcpy(spDefault.pattern, pattern, spDefault.length = sizeof(pattern)); + spDefault.maxRecords = requiredRecords; + } + } + std::tie(spDefault.minAddress, spDefault.maxAddress) = std::tuple{ minAddress, maxAddress }; + ConsoleOutput("JavaScript hook is known to be low quality: try searching for hooks if you don't like it"); + HookParam hp; + hp.address = (DWORD)GetProcAddress(module, "?Write@String@v8@@QBEHPAGHHH@Z"); + hp.offset=get_reg(regs::ecx); + hp.type = CODEC_UTF16 | USING_STRING; + hp.text_fun = SpecialHookV8String; + auto succ=NewHook(hp, "JavaScript"); + const BYTE bytes[] = { + 0x83, 0xc4, XX, // add esp,XX + 0x5d, // pop ebp + 0xc2 // ret + }; + if (DWORD addr = MemDbg::findBytes(bytes, sizeof(bytes), hp.address, hp.address + 0x30)) + { + hp.address = addr; + hp.offset = 0x8 + *(BYTE*)(addr + 2); // second argument + amount that the stack pointer is offset from arguments + hp.type = CODEC_UTF16 | USING_STRING | NO_CONTEXT; + hp.length_offset = (0x10 + *(BYTE*)(addr + 2)) / 4; // fourth argument + amount that the stack pointer is offset from arguments + hp.text_fun = nullptr; + succ|=NewHook(hp, "JavaScript2"); + } + return succ; +} +bool hookv8addr(HMODULE module) { + if (GetProcAddress(module, "?Write@String@v8@@QBEHPAGHHH@Z")==0)false; + auto [minAddress, maxAddress] = Util::QueryModuleLimits(module); + const BYTE bytes[] = { + 0x89,0xc1, + 0x0f,0xb7,0xd8, + 0x81,0xe1,0x00,0xfc,0x00,0x00, + 0x81,0xf9,0x00,0xd8,0x00,0x00 + }; + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), minAddress, maxAddress); + if (!addr) { + return false; + } + HookParam hp; + hp.address = addr; + + hp.offset=get_reg(regs::eax); + + hp.type = CODEC_UTF16 | NO_CONTEXT; + + return NewHook(hp, "electronW"); +} + + +#endif +bool V8::attach_function_() { + + return tryhookv8(); +} diff --git a/cpp/LunaHook/LunaHook/engine32/V8.h b/cpp/LunaHook/LunaHook/engine32/V8.h new file mode 100644 index 00000000..7c779f1e --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/V8.h @@ -0,0 +1,12 @@ + + +class V8:public ENGINE{ + public: + V8(){ + check_by=CHECK_BY::CUSTOM; + check_by_target=[this](){return attach_function_();}; + }; + bool attach_function_(); + bool attach_function(){return true;} +}; + diff --git a/cpp/LunaHook/LunaHook/engine32/VALKYRIA.cpp b/cpp/LunaHook/LunaHook/engine32/VALKYRIA.cpp new file mode 100644 index 00000000..c666844d --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/VALKYRIA.cpp @@ -0,0 +1,51 @@ +#include"VALKYRIA.h" + +bool VALKYRIA::attach_function() { + auto addr=findiatcallormov((DWORD)GetTextExtentPoint32A,processStartAddress,processStartAddress, processStopAddress); + ConsoleOutput("%p",addr); + if(addr==0)return false; + BYTE sehstart[]={ + 0x6a,0xff, + 0x68,XX4, + 0x64,0xa1,0,0,0,0, + 0x50, + 0x81,0xec,XX4, + 0xa1,XX4 + }; + addr=reverseFindBytes(sehstart,sizeof(sehstart),addr-0x400,addr,0,true); + if(addr==0)return false; + HookParam hp; + hp.address=addr; + hp.type=USING_STRING; + hp.offset=get_stack(5); + hp.filter_fun=[](void* data, size_t* len, HookParam* hp){ + //实际上是单字符 + auto str=std::string((char*)data,*len); + if(str=="\\r"||str=="\\R"){ + strcpy((char*)data, "\n");*len=1; + } + return true; + // switch ( v12 ) + // { + // case 'U': + // case 'u': + // String[0] = strtol(a6 + 2, 0, 16); + // String[1] = 0; + // HIBYTE(v92) = v14; + // LOWORD(v92) = a4; + // BYTE2(v92) = BYTE2(a4); + // return sub_454C40(a2, a3, v92, a5, String, (int)lprcDst, a8); + // case 'R': + // case 'r': + // sub_453E20(); + // return 0; + // case '\\': + // wcscpy(String, L"\\"); + // HIBYTE(v91) = HIBYTE(this); + // LOWORD(v91) = a4; + // BYTE2(v91) = BYTE2(a4); + // return sub_454C40(a2, a3, v91, a5, String, (int)a7, a8); + // } + }; + return NewHook(hp,"VALKYRIA"); +} \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine32/VALKYRIA.h b/cpp/LunaHook/LunaHook/engine32/VALKYRIA.h new file mode 100644 index 00000000..93afd5d9 --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/VALKYRIA.h @@ -0,0 +1,15 @@ + + +class VALKYRIA:public ENGINE{ + public: + VALKYRIA(){ + + check_by=CHECK_BY::CUSTOM; + is_engine_certain=true; + check_by_target=[](){ + return Util::SearchResourceString(L"Copyright(C)VALKYRIA") && Util::CheckFile(L"data0*-00.dat"); + + }; + } + bool attach_function(); +}; \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine32/VanillawareGC.cpp b/cpp/LunaHook/LunaHook/engine32/VanillawareGC.cpp new file mode 100644 index 00000000..923b68a6 --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/VanillawareGC.cpp @@ -0,0 +1,192 @@ +#include"VanillawareGC.h" + + +/** jichi 7/20/2014 Vanillaware + * Tested game: 朧村正 + * + * Debugging method: grep the saving message + * + * 1609415e cc int3 + * 1609415f cc int3 + * 16094160 77 0f ja short 16094171 + * 16094162 c705 00fb6701 80>mov dword ptr ds:[0x167fb00],0x80216b80 + * 1609416c -e9 f9be06f1 jmp 0710006a + * 16094171 8b35 8cf86701 mov esi,dword ptr ds:[0x167f88c] + * 16094177 81c6 ffffffff add esi,-0x1 + * 1609417d 8bce mov ecx,esi + * 1609417f 81c1 01000000 add ecx,0x1 + * 16094185 f7c1 0000000c test ecx,0xc000000 + * 1609418b 74 0b je short 16094198 + * 1609418d 51 push ecx + * 1609418e e8 36bff9f2 call 090300c9 + * 16094193 83c4 04 add esp,0x4 + * 16094196 eb 11 jmp short 160941a9 + * 16094198 8bc1 mov eax,ecx + * 1609419a 81e0 ffffff3f and eax,0x3fffffff + * 160941a0 0fb680 00000810 movzx eax,byte ptr ds:[eax+0x10080000] ; jichi: hook here + * 160941a7 66:90 nop + * 160941a9 81c6 01000000 add esi,0x1 + * 160941af 8905 80f86701 mov dword ptr ds:[0x167f880],eax + * 160941b5 813d 80f86701 00>cmp dword ptr ds:[0x167f880],0x0 + * 160941bf c705 8cf86701 00>mov dword ptr ds:[0x167f88c],0x0 + * 160941c9 8935 90f86701 mov dword ptr ds:[0x167f890],esi + * 160941cf 7c 14 jl short 160941e5 + * 160941d1 7f 09 jg short 160941dc + * 160941d3 c605 0cfb6701 02 mov byte ptr ds:[0x167fb0c],0x2 + * 160941da eb 26 jmp short 16094202 + * 160941dc c605 0cfb6701 04 mov byte ptr ds:[0x167fb0c],0x4 + * 160941e3 eb 07 jmp short 160941ec + * 160941e5 c605 0cfb6701 08 mov byte ptr ds:[0x167fb0c],0x8 + * 160941ec 832d 7c4cb101 06 sub dword ptr ds:[0x1b14c7c],0x6 + * 160941f3 e9 20000000 jmp 16094218 + * 160941f8 0188 6b2180e9 add dword ptr ds:[eax+0xe980216b],ecx + * 160941fe 0e push cs + * 160941ff be 06f1832d mov esi,0x2d83f106 + * 16094204 7c 4c jl short 16094252 + * 16094206 b1 01 mov cl,0x1 + * 16094208 06 push es + * 16094209 e9 c2000000 jmp 160942d0 + * 1609420e 0198 6b2180e9 add dword ptr ds:[eax+0xe980216b],ebx + * 16094214 f8 clc + * 16094215 bd 06f1770f mov ebp,0xf77f106 + * 1609421a c705 00fb6701 88>mov dword ptr ds:[0x167fb00],0x80216b88 + * 16094224 -e9 41be06f1 jmp 0710006a + * 16094229 8b0d 90f86701 mov ecx,dword ptr ds:[0x167f890] + * 1609422f 81c1 01000000 add ecx,0x1 + * 16094235 f7c1 0000000c test ecx,0xc000000 + * 1609423b 74 0b je short 16094248 + * 1609423d 51 push ecx + * 1609423e e8 86bef9f2 call 090300c9 + * 16094243 83c4 04 add esp,0x4 + * 16094246 eb 11 jmp short 16094259 + * 16094248 8bc1 mov eax,ecx + * 1609424a 81e0 ffffff3f and eax,0x3fffffff + * 16094250 0fb680 00000810 movzx eax,byte ptr ds:[eax+0x10080000] + * 16094257 66:90 nop + * 16094259 8b35 90f86701 mov esi,dword ptr ds:[0x167f890] + * 1609425f 81c6 01000000 add esi,0x1 + * 16094265 8905 80f86701 mov dword ptr ds:[0x167f880],eax + * 1609426b 8105 8cf86701 01>add dword ptr ds:[0x167f88c],0x1 + * 16094275 813d 80f86701 00>cmp dword ptr ds:[0x167f880],0x0 + * 1609427f 8935 90f86701 mov dword ptr ds:[0x167f890],esi + * 16094285 7c 14 jl short 1609429b + * 16094287 7f 09 jg short 16094292 + * 16094289 c605 0cfb6701 02 mov byte ptr ds:[0x167fb0c],0x2 + * 16094290 eb 26 jmp short 160942b8 + * 16094292 c605 0cfb6701 04 mov byte ptr ds:[0x167fb0c],0x4 + * 16094299 eb 07 jmp short 160942a2 + * 1609429b c605 0cfb6701 08 mov byte ptr ds:[0x167fb0c],0x8 + * 160942a2 832d 7c4cb101 04 sub dword ptr ds:[0x1b14c7c],0x4 + * 160942a9 ^e9 6affffff jmp 16094218 + * 160942ae 0188 6b2180e9 add dword ptr ds:[eax+0xe980216b],ecx + * 160942b4 58 pop eax + * 160942b5 bd 06f1832d mov ebp,0x2d83f106 + * 160942ba 7c 4c jl short 16094308 + * 160942bc b1 01 mov cl,0x1 + * 160942be 04 e9 add al,0xe9 + * 160942c0 0c 00 or al,0x0 + * 160942c2 0000 add byte ptr ds:[eax],al + * 160942c4 0198 6b2180e9 add dword ptr ds:[eax+0xe980216b],ebx + * 160942ca 42 inc edx + * 160942cb bd 06f1cccc mov ebp,0xccccf106 + * 160942d0 77 0f ja short 160942e1 + * 160942d2 c705 00fb6701 98>mov dword ptr ds:[0x167fb00],0x80216b98 + * 160942dc -e9 89bd06f1 jmp 0710006a + * 160942e1 8b05 84fb6701 mov eax,dword ptr ds:[0x167fb84] + * 160942e7 81e0 fcffffff and eax,0xfffffffc + * 160942ed 8905 00fb6701 mov dword ptr ds:[0x167fb00],eax + * 160942f3 832d 7c4cb101 01 sub dword ptr ds:[0x1b14c7c],0x1 + * 160942fa -e9 11bd06f1 jmp 07100010 + * 160942ff 832d 7c4cb101 01 sub dword ptr ds:[0x1b14c7c],0x1 + * 16094306 ^e9 91f8ffff jmp 16093b9c + * 1609430b cc int3 + */ +namespace { // unnamed + +// Return true if the text is a garbage character +inline bool _vanillawaregarbage_ch(char c) +{ + return c == ' ' || c == '.' || c == '/' + || c >= '0' && c <= '9' + || c >= 'A' && c <= 'z' // also ignore ASCII 91-96: [ \ ] ^ _ ` + ; +} + +// Return true if the text is full of garbage characters +bool _vanillawaregarbage(LPCSTR p) +{ + enum { MAX_LENGTH = VNR_TEXT_CAPACITY }; + for (int count = 0; *p && count < MAX_LENGTH; count++, p++) + if (!_vanillawaregarbage_ch(*p)) + return false; + return true; +} +} // unnamed namespace + +static void SpecialGCHookVanillaware(hook_stack *stack, HookParam *hp, TextBuffer *buffer, uintptr_t *split) +{ + DWORD eax = stack->eax; + LPCSTR text = LPCSTR(eax + hp->user_value); + static LPCSTR lasttext; + if (lasttext != text && *text && !_vanillawaregarbage(text)) { + lasttext = text; + *split = stack->ecx; + buffer->from_cs(text); + //*split = FIXED_SPLIT_VALUE; + } +} + +bool InsertVanillawareGCHook() +{ + ConsoleOutput("Vanillaware GC: enter"); + + const BYTE bytes[] = { + 0x83,0xc4, 0x04, // 16094193 83c4 04 add esp,0x4 + 0xeb, 0x11, // 16094196 eb 11 jmp short 160941a9 + 0x8b,0xc1, // 16094198 8bc1 mov eax,ecx + 0x81,0xe0, 0xff,0xff,0xff,0x3f, // 1609419a 81e0 ffffff3f and eax,0x3fffffff + 0x0f,0xb6,0x80, XX4, // 160941a0 0fb680 00000810 movzx eax,byte ptr ds:[eax+0x10080000] ; jichi: hook here + 0x66,0x90, // 160941a7 66:90 nop + 0x81,0xc6, 0x01,0x00,0x00,0x00 // 160941a9 81c6 01000000 add esi,0x1 + //0x89,05 80f86701 // 160941af 8905 80f86701 mov dword ptr ds:[0x167f880],eax + //0x81,3d 80f86701 00 // 160941b5 813d 80f86701 00>cmp dword ptr ds:[0x167f880],0x0 + //0xc7,05 8cf86701 00 // 160941bf c705 8cf86701 00>mov dword ptr ds:[0x167f88c],0x0 + //0x89,35 90f86701 // 160941c9 8935 90f86701 mov dword ptr ds:[0x167f890],esi + //0x7c, 14 // 160941cf 7c 14 jl short 160941e5 + //0x7f, 09 // 160941d1 7f 09 jg short 160941dc + //0xc6,05 0cfb6701 02 // 160941d3 c605 0cfb6701 02 mov byte ptr ds:[0x167fb0c],0x2 + //0xeb, 26 // 160941da eb 26 jmp short 16094202 + }; + enum { memory_offset = 3 }; // 160941a0 0fb680 00000810 movzx eax,byte ptr ds:[eax+0x10080000] + enum { addr_offset = 0x160941a0 - 0x16094193 }; + + DWORD addr = SafeMatchBytesInGCMemory(bytes, sizeof(bytes)); + auto succ=false; + if (!addr) + ConsoleOutput("Vanillaware GC: pattern not found"); + else { + HookParam hp; + hp.address = addr + addr_offset; + hp.user_value = *(DWORD *)(hp.address + memory_offset); + hp.text_fun = SpecialGCHookVanillaware; + hp.type = USING_STRING|NO_CONTEXT; // no context is needed to get rid of variant retaddr + ConsoleOutput("Vanillaware GC: INSERT"); + succ|=NewHook(hp, "Vanillaware GC"); + } + + ConsoleOutput("Vanillaware GC: leave"); + return succ; +} +/** jichi 7/20/2014 Dolphin + * Tested with Dolphin 4.0 + */ +bool InsertGCHooks() +{ + // TODO: Add generic hooks + return InsertVanillawareGCHook(); + //return false; +} + +bool VanillawareGC::attach_function() { + return InsertGCHooks(); +} \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine32/VanillawareGC.h b/cpp/LunaHook/LunaHook/engine32/VanillawareGC.h new file mode 100644 index 00000000..9f8887f8 --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/VanillawareGC.h @@ -0,0 +1,11 @@ + + +class VanillawareGC:public ENGINE{ + public: + VanillawareGC(){ + + check_by=CHECK_BY::FILE; + check_by_target=L"Dolphin.exe"; + }; + bool attach_function(); +}; diff --git a/cpp/LunaHook/LunaHook/engine32/VitaminSoft.cpp b/cpp/LunaHook/LunaHook/engine32/VitaminSoft.cpp new file mode 100644 index 00000000..f8cef0ca --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/VitaminSoft.cpp @@ -0,0 +1,39 @@ +#include"VitaminSoft.h" + +namespace{ + bool _1(){ + //どうして?いじってプリンセスFinalRoad~もう!またこんなところで3~ + bool ok=false; + for(auto addr:findiatcallormov_all((DWORD)ExtTextOutA,processStartAddress,processStartAddress,processStopAddress,PAGE_EXECUTE)){ + addr = MemDbg::findEnclosingAlignedFunction(addr); + if (!addr) continue; + HookParam hp; + hp.address = addr; + hp.offset=get_stack(3); + hp.type = DATA_INDIRECT; + hp.index = 0; + ok|=NewHook(hp, "VitaminSoft"); + } + return ok; + } + bool _2(){ + //ねとって女神 + //ねとって女神 NEO + bool ok=false; + for(auto addr:findiatcallormov_all((DWORD)TextOutA,processStartAddress,processStartAddress,processStopAddress,PAGE_EXECUTE)){ + addr = MemDbg::findEnclosingAlignedFunction(addr); + if (!addr) continue; + HookParam hp; + hp.address = addr; + hp.offset=get_stack(1); + hp.type = USING_STRING; + ok|=NewHook(hp, "VitaminSoft"); + } + return ok; + } +} + +bool VitaminSoft::attach_function(){ + + return _2()||_1(); +} \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine32/VitaminSoft.h b/cpp/LunaHook/LunaHook/engine32/VitaminSoft.h new file mode 100644 index 00000000..db2575e3 --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/VitaminSoft.h @@ -0,0 +1,13 @@ + + + +class VitaminSoft:public ENGINE{ + public: + VitaminSoft(){ + + check_by=CHECK_BY::FILE; + check_by_target=L"*.fpk"; + is_engine_certain=false; + }; + bool attach_function(); +}; \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine32/Waffle.cpp b/cpp/LunaHook/LunaHook/engine32/Waffle.cpp new file mode 100644 index 00000000..f912f3ae --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/Waffle.cpp @@ -0,0 +1,593 @@ +#include"Waffle.h" + +bool InsertWaffleDynamicHook(LPVOID addr, hook_stack* stack) +{ + ConsoleOutput("WaffleDynamic:triggered"); + if (addr != ::GetTextExtentPoint32A) + return false; + + auto tib = (NT_TIB*)__readfsdword(0); + auto exception = tib->ExceptionList; + for (int i = 0; i < 4; i++) { + exception = exception->Next; + } + auto handler=(DWORD)exception->Handler; + + union { + DWORD i; + BYTE *ib; + DWORD *id; + }; + // jichi 9/30/2013: Fix the bug in ITH logic where j is uninitialized + for (i = processStartAddress + 0x1000; i < processStopAddress - 4; i++) + if (*id == handler && *(ib - 1) == 0x68) + if (DWORD t = SafeFindEnclosingAlignedFunction(i, 0x40)) { + HookParam hp; + hp.address = t; + hp.offset=get_stack(2); + hp.index = 4; + hp.type = DATA_INDIRECT; + ConsoleOutput("INSERT Dynamic Waffle"); + return NewHook(hp, "Waffle"); + } + ConsoleOutput("DynamicWaffle: failed"); + //ConsoleOutput("Unknown waffle engine."); + return true; // jichi 12/25/2013: return true +} + +/** jichi 8/18/2015 + * Sample game: 完全時間停止 体験版 + * GDI text: TextOutA and GetTextExtentPoint32A + */ +bool InsertWaffleHook() +{ + bool found = false; + for (DWORD i = processStartAddress + 0x1000; i < processStopAddress - 4; i++) + if (*(DWORD *)i == 0xac68 && *(BYTE*)(i + 4) == 0) { + HookParam hp; + hp.address = i; + hp.offset=get_stack(2); + hp.index = 4; + hp.split = 0x1e8; + hp.type = DATA_INDIRECT|USING_SPLIT; + ConsoleOutput("INSERT WAFFLE"); + found|=NewHook(hp, "WAFFLE"); + } + +/** new waffle? +* test on 母三人とアナあそび https://vndb.org/v24214 +* and 変態エルフ姉妹と真面目オーク https://vndb.org/v24215 +* and いかにして俺の妻は孕んだか…… https://vndb.org/v26205 +* and 俺の知らぬ間に彼女が… https://vndb.org/v27781 +*/ + const BYTE bytes[] = { + 0x50, //50 push eax + 0x8b, 0xce, //8BCE mov ecx,esi + 0xc6, 0x45, 0xfc, XX, //C645 FC 01 move byte ptr ss:[ebp-4],? + 0x89, 0x75, 0xd4, //8975 D4 move dword ptr ss:[ebp-0x2c],esi + 0xe8, XX4, //E8 ?? call ?? + 0x8d, 0x45, 0xdc //8D45 DC lea eax,dword ptr ss:[ebp-0x24] + }; + if (DWORD addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStopAddress)) + { + HookParam hp; + hp.address = addr; + hp.offset=get_reg(regs::eax); + hp.type = DATA_INDIRECT; + ConsoleOutput("INSERT WAFFLE2"); + found|=NewHook(hp, "WAFFLE2"); + } + //ConsoleOutput("Probably Waffle. Wait for text."); + if (!found) trigger_fun = InsertWaffleDynamicHook; + return found; + //ConsoleOutput("WAFFLE: failed"); +} +bool InsertWaffleHookx(){ + //[180928] [WAFFLE] 性欲が止まらないご主人様と三人のメイドたち + const BYTE bytes[] = { + 0xFF,0x75,0x40, + 0x8D,0x8D,0xDC,000,0x00,0x00, + 0xE8,0x72,0x53,0xF4,0xFF + //没有很好的特征可捕获。暂且这样吧。 + //HBN-4*0@12F147:maid3.exe + }; + auto addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStopAddress); + if (addr == 0)return false; + HookParam hp; + hp.address=addr+=sizeof(bytes); + hp.type=NO_CONTEXT|DATA_INDIRECT; + hp.offset=get_reg(regs::eax); + hp.index=0; + return NewHook(hp, "waffle"); +} +namespace { // unnamed +//ULONG moduleBaseAddress_; +namespace ScenarioHook { +namespace Private { + /** + * Arg1 for long text also on the stack: + * 03E5EC14 30 D1 5C 01 B8 99 C6 08 A0 88 BB 08 50 EC E5 03 0ム\ク卮綾P・ + * jichi: source text here + * 03E5EC24 68 EC E5 03 42 00 00 00 4F 00 00 00 84 F9 A3 00 h・B...O...・」. + * jichi: source size here + * 03E5EC34 A0 F7 7C 00 2C D1 5C 01 38 64 AA 00 10 0B F4 C9 .,ム\8dェ.  + * 03E5EC44 13 00 00 00 1F 00 00 00 64 00 00 00 00 00 00 00 ......d....... + * + * Arg1 for short text: + * 023E10E8 61 C1 9A 35 8E 9E 8A D4 82 F0 8E 7E 82 DF 82 BD aチ・時間を止めた + * 023E10F8 81 42 00 16 0E 00 00 00 0F 00 00 00 9C 98 10 3F 。.......恫? + * 023E1108 00 EE ED 98 A8 59 11 33 C2 C3 42 83 DF 9C FC C6 .・乖Y3ツテB・戛ニ + * 023E1118 00 00 00 00 0F 00 00 00 79 7B BA 93 00 DA 8B 46 .......y{コ・レ祈 + */ + TextUnionA *arg_, + argValue_; + void hookBefore(hook_stack *s, HookParam *hp, TextBuffer *buffer, uintptr_t *role) + { + static std::string data_; // persistent storage, which makes this function not thread-safe + + //auto reladdr = retaddr - moduleBaseAddress_; + // Sample game: 完全時間停止 ~無理やり時間を止められた世界でハメられる女たち~ + // Scenario: 0xbfd4d + // Name: 0xbfd36 + //if (reladdr == 0xc6e75 || + // reladdr == 0xc6e1f || + // reladdr == 0x61a57 || + // reladdr == 0xe762d || + // reladdr == 0xe768a || + // reladdr == 0xe76a6 || + // reladdr == 0xe78d5 || + // reladdr == 0x446e7 || + // reladdr == 0x177317 || + // reladdr == 0x52ca || + // reladdr == 0x529c || + // reladdr == 0x55df) + // return true; + + // Sample game: 漫喫ハプニング + // Scenario: 0x1174bc + // Name: 0x1174a6 + //if (reladdr == 0x450f || + // reladdr == 0x1b45c || + // reladdr == 0x1b48a || + // reladdr == 0x10fe77 || + // reladdr == 0x11d0c9 || + // reladdr == 0x1100e0 || + // reladdr == 0x10fe93 || + // reladdr == 0x10fde1 || + // reladdr == 0x11d073) + // return true; + + //DOUT(retaddr); + + + + auto arg = (TextUnionA *)(s->stack[0] + 4); + if (!arg || !arg->isValid()) + return ; + + //enum { role = Engine::ScenarioRole }; + //auto role = Engine::OtherRole; + //if (reladdr == 0xbfd4d) // scenario thread, only hook to this call instead + // role = Engine::ScenarioRole; + //else if (reladdr == 0xbfd36) + // role = Engine::NameRole; + //else if (reladdr == 0x60285) + // role = Engine::FontRole; + //else + // return true; + //DOUT(retaddr); + + //auto sig = Engine::hashThreadSignature(role, reladdr); + buffer->from_cs(arg->getText()); + } + void hookafter(hook_stack*s,void* data, size_t len){ + + auto newData =std::string((char*)data,len); + auto arg = (TextUnionA *)(s->stack[0] + sizeof(DWORD)); // arg1 + arg_ = arg; + argValue_ = *arg; + static std::string data_; + data_ = newData; + arg->setText(data_.c_str(), data_.size()); + } + void hookAfter1(hook_stack *stack, HookParam *hp, TextBuffer *buffer, uintptr_t *split) + { + if (arg_) { + *arg_ = argValue_; + arg_ = nullptr; + } + } +} // namespace Private + +/** + * Sample game: 完全時間停止 ~無理やり時間を止められた世界でハメられる女たち~ + * + * Base addr: 09e0000 + * + * Debugging method: + * - First find the function like memcpy_s by debugging where scenario text is modified. + * arg1: target text + * arg2: target capacity + * arg3: source text + * arg4: source size + * + * 009E59FA CC INT3 + * 009E59FB CC INT3 + * 009E59FC CC INT3 + * 009E59FD CC INT3 + * 009E59FE CC INT3 + * 009E59FF CC INT3 + * 009E5A00 53 PUSH EBX + * 009E5A01 8B5C24 08 MOV EBX,DWORD PTR SS:[ESP+0x8] + * 009E5A05 55 PUSH EBP + * 009E5A06 8B6C24 10 MOV EBP,DWORD PTR SS:[ESP+0x10] + * 009E5A0A 56 PUSH ESI + * 009E5A0B 57 PUSH EDI + * 009E5A0C 8BF1 MOV ESI,ECX + * 009E5A0E 396B 14 CMP DWORD PTR DS:[EBX+0x14],EBP + * 009E5A11 73 05 JNB SHORT play.009E5A18 + * 009E5A13 E8 66B71B00 CALL play.00BA117E + * 009E5A18 8B7B 14 MOV EDI,DWORD PTR DS:[EBX+0x14] + * 009E5A1B 8B4424 1C MOV EAX,DWORD PTR SS:[ESP+0x1C] + * 009E5A1F 2BFD SUB EDI,EBP + * 009E5A21 3BC7 CMP EAX,EDI + * 009E5A23 73 02 JNB SHORT play.009E5A27 + * 009E5A25 8BF8 MOV EDI,EAX + * 009E5A27 3BF3 CMP ESI,EBX + * 009E5A29 75 1F JNZ SHORT play.009E5A4A + * 009E5A2B 6A FF PUSH -0x1 + * 009E5A2D 03FD ADD EDI,EBP + * 009E5A2F 57 PUSH EDI + * 009E5A30 8BCE MOV ECX,ESI + * 009E5A32 E8 39FFFFFF CALL play.009E5970 + * 009E5A37 55 PUSH EBP + * 009E5A38 6A 00 PUSH 0x0 + * 009E5A3A 8BCE MOV ECX,ESI + * 009E5A3C E8 2FFFFFFF CALL play.009E5970 + * 009E5A41 5F POP EDI + * 009E5A42 8BC6 MOV EAX,ESI + * 009E5A44 5E POP ESI + * 009E5A45 5D POP EBP + * 009E5A46 5B POP EBX + * 009E5A47 C2 0C00 RETN 0xC + * 009E5A4A 83FF FE CMP EDI,-0x2 + * 009E5A4D 76 05 JBE SHORT play.009E5A54 + * 009E5A4F E8 F2B61B00 CALL play.00BA1146 + * 009E5A54 8B46 18 MOV EAX,DWORD PTR DS:[ESI+0x18] + * 009E5A57 3BC7 CMP EAX,EDI + * 009E5A59 73 1B JNB SHORT play.009E5A76 + * 009E5A5B 8B46 14 MOV EAX,DWORD PTR DS:[ESI+0x14] + * 009E5A5E 50 PUSH EAX + * 009E5A5F 57 PUSH EDI + * 009E5A60 8BCE MOV ECX,ESI + * 009E5A62 E8 69010000 CALL play.009E5BD0 + * 009E5A67 85FF TEST EDI,EDI + * 009E5A69 76 66 JBE SHORT play.009E5AD1 + * 009E5A6B 837B 18 10 CMP DWORD PTR DS:[EBX+0x18],0x10 + * 009E5A6F 72 2F JB SHORT play.009E5AA0 + * 009E5A71 8B53 04 MOV EDX,DWORD PTR DS:[EBX+0x4] + * 009E5A74 EB 2D JMP SHORT play.009E5AA3 + * 009E5A76 85FF TEST EDI,EDI + * 009E5A78 ^75 EF JNZ SHORT play.009E5A69 + * 009E5A7A 897E 14 MOV DWORD PTR DS:[ESI+0x14],EDI + * 009E5A7D 83F8 10 CMP EAX,0x10 + * 009E5A80 72 0F JB SHORT play.009E5A91 + * 009E5A82 8B46 04 MOV EAX,DWORD PTR DS:[ESI+0x4] + * 009E5A85 5F POP EDI + * 009E5A86 C600 00 MOV BYTE PTR DS:[EAX],0x0 + * 009E5A89 8BC6 MOV EAX,ESI + * 009E5A8B 5E POP ESI + * 009E5A8C 5D POP EBP + * 009E5A8D 5B POP EBX + * 009E5A8E C2 0C00 RETN 0xC + * 009E5A91 8D46 04 LEA EAX,DWORD PTR DS:[ESI+0x4] + * 009E5A94 5F POP EDI + * 009E5A95 C600 00 MOV BYTE PTR DS:[EAX],0x0 + * 009E5A98 8BC6 MOV EAX,ESI + * 009E5A9A 5E POP ESI + * 009E5A9B 5D POP EBP + * 009E5A9C 5B POP EBX + * 009E5A9D C2 0C00 RETN 0xC + * 009E5AA0 8D53 04 LEA EDX,DWORD PTR DS:[EBX+0x4] + * 009E5AA3 8B4E 18 MOV ECX,DWORD PTR DS:[ESI+0x18] + * 009E5AA6 8D5E 04 LEA EBX,DWORD PTR DS:[ESI+0x4] + * 009E5AA9 83F9 10 CMP ECX,0x10 + * 009E5AAC 72 04 JB SHORT play.009E5AB2 + * 009E5AAE 8B03 MOV EAX,DWORD PTR DS:[EBX] + * 009E5AB0 EB 02 JMP SHORT play.009E5AB4 + * 009E5AB2 8BC3 MOV EAX,EBX + * 009E5AB4 57 PUSH EDI ; jichi: source size + * 009E5AB5 03D5 ADD EDX,EBP + * 009E5AB7 52 PUSH EDX ; jichi: source text + * 009E5AB8 51 PUSH ECX ; jichi: target size + * 009E5AB9 50 PUSH EAX ; jichi: target text + * 009E5ABA E8 F9A91F00 CALL play.00BE04B8 ; jichi: called + * 009E5ABF 83C4 10 ADD ESP,0x10 + * 009E5AC2 837E 18 10 CMP DWORD PTR DS:[ESI+0x18],0x10 + * 009E5AC6 897E 14 MOV DWORD PTR DS:[ESI+0x14],EDI + * 009E5AC9 72 02 JB SHORT play.009E5ACD + * 009E5ACB 8B1B MOV EBX,DWORD PTR DS:[EBX] + * 009E5ACD C6043B 00 MOV BYTE PTR DS:[EBX+EDI],0x0 + * 009E5AD1 5F POP EDI + * 009E5AD2 8BC6 MOV EAX,ESI + * 009E5AD4 5E POP ESI + * 009E5AD5 5D POP EBP + * 009E5AD6 5B POP EBX + * 009E5AD7 C2 0C00 RETN 0xC + * 009E5ADA CC INT3 + * 009E5ADB CC INT3 + * 009E5ADC CC INT3 + * 009E5ADD CC INT3 + * + * Callers of that function: + * + * 0112FCFE E8 A0670200 CALL 完全時間.011564A3 + * 0112FD03 8B7424 18 MOV ESI,DWORD PTR SS:[ESP+0x18] + * 0112FD07 8D8424 9C000000 LEA EAX,DWORD PTR SS:[ESP+0x9C] + * 0112FD0E 50 PUSH EAX + * 0112FD0F E8 AC9EF4FF CALL 完全時間.01079BC0 + * 0112FD14 6A FF PUSH -0x1 + * 0112FD16 6A 00 PUSH 0x0 + * 0112FD18 8DBE 84000000 LEA EDI,DWORD PTR DS:[ESI+0x84] + * 0112FD1E 57 PUSH EDI + * 0112FD1F 8D8C24 B0000000 LEA ECX,DWORD PTR SS:[ESP+0xB0] + * 0112FD26 C78424 24010000 0B000000 MOV DWORD PTR SS:[ESP+0x124],0xB + * 0112FD31 -E9 CA02A90C JMP 0DBC0000 ; jichi: name caller + * 0112FD36 6A FF PUSH -0x1 + * 0112FD38 6A 00 PUSH 0x0 + * 0112FD3A 8D86 A0000000 LEA EAX,DWORD PTR DS:[ESI+0xA0] + * 0112FD40 50 PUSH EAX + * 0112FD41 8D8C24 CC000000 LEA ECX,DWORD PTR SS:[ESP+0xCC] + * 0112FD48 -E9 B302AA0C JMP 0DBD0000 ; jichi: scenario caller + * 0112FD4D 6A FF PUSH -0x1 + * 0112FD4F 6A 00 PUSH 0x0 + * 0112FD51 53 PUSH EBX + * 0112FD52 8D8C24 E8000000 LEA ECX,DWORD PTR SS:[ESP+0xE8] + * 0112FD59 -E9 A202AB0C JMP 0DBE0000 + * 0112FD5E 8B46 04 MOV EAX,DWORD PTR DS:[ESI+0x4] + * 0112FD61 898424 F8000000 MOV DWORD PTR SS:[ESP+0xF8],EAX + * 0112FD68 8B46 08 MOV EAX,DWORD PTR DS:[ESI+0x8] + * 0112FD6B 8B7424 1C MOV ESI,DWORD PTR SS:[ESP+0x1C] + * 0112FD6F 898424 FC000000 MOV DWORD PTR SS:[ESP+0xFC],EAX + * 0112FD76 8B46 08 MOV EAX,DWORD PTR DS:[ESI+0x8] + * 0112FD79 FFB0 00010000 PUSH DWORD PTR DS:[EAX+0x100] + * 0112FD7F 8BCB MOV ECX,EBX + * 0112FD81 E8 8DFAF8FF CALL 完全時間.010BF813 + * 0112FD86 898424 A0000000 MOV DWORD PTR SS:[ESP+0xA0],EAX + * 0112FD8D 83F8 FF CMP EAX,-0x1 + * 0112FD90 75 2B JNZ SHORT 完全時間.0112FDBD + * 0112FD92 837B 18 10 CMP DWORD PTR DS:[EBX+0x18],0x10 + * 0112FD96 72 05 JB SHORT 完全時間.0112FD9D + * 0112FD98 8B5B 04 MOV EBX,DWORD PTR DS:[EBX+0x4] + * 0112FD9B EB 03 JMP SHORT 完全時間.0112FDA0 + * 0112FD9D 83C3 04 ADD EBX,0x4 + * 0112FDA0 837F 18 10 CMP DWORD PTR DS:[EDI+0x18],0x10 + * 0112FDA4 72 05 JB SHORT 完全時間.0112FDAB + * 0112FDA6 8B7F 04 MOV EDI,DWORD PTR DS:[EDI+0x4] + * 0112FDA9 EB 03 JMP SHORT 完全時間.0112FDAE + * 0112FDAB 83C7 04 ADD EDI,0x4 + * 0112FDAE 53 PUSH EBX + * 0112FDAF 57 PUSH EDI + * 0112FDB0 68 E4BF2D01 PUSH 完全時間.012DBFE4 + * 0112FDB5 E8 A65AF4FF CALL 完全時間.01075860 + * 0112FDBA 83C4 0C ADD ESP,0xC + * 0112FDBD 8B46 08 MOV EAX,DWORD PTR DS:[ESI+0x8] + * 0112FDC0 8B98 E8000000 MOV EBX,DWORD PTR DS:[EAX+0xE8] + * 0112FDC6 8B4B 14 MOV ECX,DWORD PTR DS:[EBX+0x14] + * 0112FDC9 894424 18 MOV DWORD PTR SS:[ESP+0x18],EAX + * 0112FDCD 8D8424 9C000000 LEA EAX,DWORD PTR SS:[ESP+0x9C] + * 0112FDD4 E8 F792FCFF CALL 完全時間.010F90D0 + * 0112FDD9 8D8424 9C000000 LEA EAX,DWORD PTR SS:[ESP+0x9C] + * 0112FDE0 50 PUSH EAX + * 0112FDE1 8B43 18 MOV EAX,DWORD PTR DS:[EBX+0x18] + * 0112FDE4 E8 399AFCFF CALL 完全時間.010F9822 + * 0112FDE9 8D73 38 LEA ESI,DWORD PTR DS:[EBX+0x38] + * 0112FDEC 8DBC24 9C000000 LEA EDI,DWORD PTR SS:[ESP+0x9C] + * 0112FDF3 E8 C8BFF4FF CALL 完全時間.0107BDC0 + * 0112FDF8 8BC7 MOV EAX,EDI + * 0112FDFA 50 PUSH EAX + * 0112FDFB 8D43 30 LEA EAX,DWORD PTR DS:[EBX+0x30] + * 0112FDFE E8 2D4AFAFF CALL 完全時間.010D4830 + * + * Sample game: 漫喫ハプニング + * + * Scenario callers: + * + * 0039746D E8 3ED2EEFF CALL .002846B0 + * 00397472 8B7424 18 MOV ESI,DWORD PTR SS:[ESP+0x18] + * 00397476 33FF XOR EDI,EDI + * 00397478 8D8424 B4000000 LEA EAX,DWORD PTR SS:[ESP+0xB4] + * 0039747F 50 PUSH EAX + * 00397480 E8 9BC5F0FF CALL .002A3A20 + * 00397485 6A FF PUSH -0x1 + * 00397487 57 PUSH EDI + * 00397488 8D83 84000000 LEA EAX,DWORD PTR DS:[EBX+0x84] + * 0039748E 50 PUSH EAX + * 0039748F 8D8C24 C8000000 LEA ECX,DWORD PTR SS:[ESP+0xC8] + * 00397496 C78424 3C010000 12000000 MOV DWORD PTR SS:[ESP+0x13C],0x12 + * 003974A1 -E9 5A8BB410 JMP 10EE0000 ; jichi: name + * 003974A6 6A FF PUSH -0x1 + * 003974A8 57 PUSH EDI + * 003974A9 8D83 A0000000 LEA EAX,DWORD PTR DS:[EBX+0xA0] + * 003974AF 50 PUSH EAX + * 003974B0 8D8C24 E4000000 LEA ECX,DWORD PTR SS:[ESP+0xE4] + * 003974B7 -E9 448BB510 JMP 10EF0000 ; jichi: scenario + * 003974BC 6A FF PUSH -0x1 + * 003974BE 57 PUSH EDI + * 003974BF 8DBB BC000000 LEA EDI,DWORD PTR DS:[EBX+0xBC] + * 003974C5 57 PUSH EDI + * 003974C6 8D8C24 00010000 LEA ECX,DWORD PTR SS:[ESP+0x100] + * 003974CD -E9 2E8BB610 JMP 10F00000 + * 003974D2 8B43 04 MOV EAX,DWORD PTR DS:[EBX+0x4] + * 003974D5 898424 10010000 MOV DWORD PTR SS:[ESP+0x110],EAX + * 003974DC 8B43 08 MOV EAX,DWORD PTR DS:[EBX+0x8] + * 003974DF 898424 14010000 MOV DWORD PTR SS:[ESP+0x114],EAX + * 003974E6 8B46 08 MOV EAX,DWORD PTR DS:[ESI+0x8] + * 003974E9 FFB0 00010000 PUSH DWORD PTR DS:[EAX+0x100] + * 003974EF 8BCF MOV ECX,EDI + * 003974F1 E8 D333F5FF CALL .002EA8C9 + * 003974F6 8B76 08 MOV ESI,DWORD PTR DS:[ESI+0x8] + * 003974F9 898424 B8000000 MOV DWORD PTR SS:[ESP+0xB8],EAX + * 00397500 8B9E E8000000 MOV EBX,DWORD PTR DS:[ESI+0xE8] + * 00397506 8B4B 14 MOV ECX,DWORD PTR DS:[EBX+0x14] + * 00397509 8D8424 B4000000 LEA EAX,DWORD PTR SS:[ESP+0xB4] + * 00397510 897424 1C MOV DWORD PTR SS:[ESP+0x1C],ESI + * 00397514 E8 C897FCFF CALL .00360CE1 + * 00397519 8D8424 B4000000 LEA EAX,DWORD PTR SS:[ESP+0xB4] + */ +bool attach(ULONG startAddress, ULONG stopAddress) +{ + const uint8_t bytes[] = { + 0x8b,0xf1, // 009e5a0c 8bf1 mov esi,ecx + 0x39,0x6b, 0x14, // 009e5a0e 396b 14 cmp dword ptr ds:[ebx+0x14],ebp + 0x73, 0x05 // 009e5a11 73 05 jnb short play.009e5a18 + }; + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), startAddress, stopAddress); + if (!addr) + return false; + addr = MemDbg::findEnclosingAlignedFunction(addr); + if (!addr) + return false; + int count = 0; + auto fun = [&count, startAddress](ULONG addr) -> bool { + // 00397496 C78424 3C010000 12000000 MOV DWORD PTR SS:[ESP+0x13C],0x12 + // 003974A1 -E9 5A8BB410 JMP 10EE0000 ; jichi: name + // 003974A6 6A FF PUSH -0x1 + // 003974A8 57 PUSH EDI + // 003974A9 8D83 A0000000 LEA EAX,DWORD PTR DS:[EBX+0xA0] + // 003974AF 50 PUSH EAX + // 003974B0 8D8C24 E4000000 LEA ECX,DWORD PTR SS:[ESP+0xE4] + // 003974B7 -E9 448BB510 JMP 10EF0000 ; jichi: scenario + // 003974BC 6A FF PUSH -0x1 + // 003974BE 57 PUSH EDI + auto role = Engine::OtherRole; + if (*(DWORD *)(addr - 8) == 0x248c8d50) + role = Engine::ScenarioRole; + else if ((*(DWORD *)(addr - 11) & 0x00ffffff) == 0x002484c7) + role = Engine::NameRole; + else + return true; + auto reladdr = addr + 5 - startAddress; + { + HookParam hp; + hp.address=addr; + hp.text_fun=Private::hookBefore; + hp.hook_after=Private::hookafter; + hp.index=4; + hp.hook_font=F_TextOutA|F_GetTextExtentPoint32A; + hp.type=DATA_INDIRECT|USING_STRING|EMBED_ABLE|NO_CONTEXT|EMBED_DYNA_SJIS; + if(role==Engine::NameRole) + count+=NewHook(hp,"EmbedWaffle_name"); + else + count+=NewHook(hp,"EmbedWaffle_Scenario"); + } + { + HookParam hp; + hp.address=addr+5; + hp.text_fun=Private::hookAfter1; + count+=NewHook(hp,"EmbedWaffle_clear"); + } + // auto before = std::bind(Private::hookBefore, reladdr, role, std::placeholders::_1); + // count += winhook::hook_both(addr, before, Private::hookAfter); + return true; + }; + MemDbg::iterNearCallAddress(fun, addr, startAddress, stopAddress); + + return count; +} +} // namespace ScenarioHook +} // unnamed namespace +namespace{ + //Waffle「妹と彼女~それぞれの選択~ 」体験版 + //https://www.net-ride.com/free_dl/index.php?R_km_url=W062 + bool h1(){ + const uint8_t bytes[] = { + 0x8b,0x5d,0x08, + 0x42, + 0x8b,0xc3, + 0x2b,0xc7, + 0x03,0xd0, + 0x8b,0x45,0x14, + 0x8d,0x0c,0x33, + 0x89,0x55,0x18, + 0x2b,0xd1, + 0x52, + 0x0f,0xbe,0x30, + 0x56, + 0x89,0x75,0x0c, + 0x51 + }; + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStopAddress); + if (!addr) return false; + addr = findfuncstart(addr,0x200); + if (!addr) return false; + HookParam hp; + hp.address=addr; + hp.offset=get_stack(1); + hp.type=USING_STRING; + hp.filter_fun=[](void* data, size_t* size, HookParam*) { + + if(all_ascii((char*)data,*size))return false; + static std::string str; + if(str==std::string((char*)data))return false; + str=std::string((char*)data); + return true; + }; + return NewHook(hp,"waffle3"); + } + bool h2(){ + const uint8_t bytes[] = { + 0x8a,0x01,0x41,0x84,0xc0,XX,XX,0x2b,0xca,0x8d,0x45,0xec,0x51,0x50,0x8b,0xcf,0xe8,XX4 + }; + bool ok=false; + for(auto addr:Util::SearchMemory(bytes,sizeof(bytes),PAGE_EXECUTE_READWRITE,processStartAddress,processStopAddress)){ + HookParam hp; + hp.address=addr+sizeof(bytes)-5; + hp.offset=get_reg(regs::eax); + hp.type=USING_STRING; + ok|=NewHook(hp,"waffle4"); + } + return ok; + } + bool hh(){ + auto _=h1(); + _=h2()||_; + return _; + } +} +namespace{ + bool waffle3(){ + //[190329] [WAFFLE] 変態エルフ姉妹と真面目オーク + //https://vndb.org/v24215 + const uint8_t bytes[] = { + 0xC7,XX2,0x01,0,0,0, + 0xe8,XX4, + 0xeb,XX, + 0x8d,0x4d,XX, + 0xe8,XX4, + //-> + 0x8a,0x08, + 0x88,0x4d,XX, + 0xff,0x75,XX, + 0xe8,XX4, + 0x83,0xc4,0x04, + 0x84,0xc0, + 0x75,XX + }; + auto addr=MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStopAddress); + if(addr==0)return false; + HookParam hp; + hp.address=addr+sizeof(bytes)-20; + hp.type=DATA_INDIRECT; + hp.offset=get_reg(regs::eax); + return NewHook(hp,"waffle3"); + } +} +bool Waffle::attach_function() { + bool embed=ScenarioHook::attach(processStartAddress,processStopAddress); + bool b1= InsertWaffleHook(); + bool b2=InsertWaffleHookx(); + bool b3=hh(); + b3|=waffle3(); + return b1||b2||embed||b3; +} \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine32/Waffle.h b/cpp/LunaHook/LunaHook/engine32/Waffle.h new file mode 100644 index 00000000..db632bb5 --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/Waffle.h @@ -0,0 +1,11 @@ + + +class Waffle:public ENGINE{ + public: + Waffle(){ + + check_by=CHECK_BY::FILE; + check_by_target=L"cfg.pak"; + }; + bool attach_function(); +}; \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine32/WillPlus.cpp b/cpp/LunaHook/LunaHook/engine32/WillPlus.cpp new file mode 100644 index 00000000..3237eba3 --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/WillPlus.cpp @@ -0,0 +1,1773 @@ +#include "WillPlus.h" +/** 1/18/2015 jichi Add new WillPlus + * The old hook no longer works for new game. + * Sample game: [150129] [honeybee] RE:BIRTHDAY SONG + * + * Note, WillPlus engine is migrating to UTF16 using GetGlyphOutlineW such as: + * [141218] [Guily] 手�めにされる九人の堕女 + * This engine does not work for GetGlyphOutlineW, which, however, does not need a H-code. + * + * See: http://sakuradite.com/topic/615 + * + * There WillPlus games have many hookable threads. + * But it is kind of important to find the best one. + * + * By inserting hw point: + * - There is a clean text thread with fixed memory address. + * However, it cannot extract character name like GetGlyphOutlineA. + * - This is a non-clean text thread, but it contains garbage such as %LC. + * + * By backtracking from GetGlyphOutlineA: + * - GetGlyphOutlineA sometimes can extract all text, sometimes not. + * - There are two GetGlyphOutlineA functions. + * Both of them are called statically in the same function. + * That function is hooked. + * + * Hooked function: + * 0041820c cc int3 + * 0041820d cc int3 + * 0041820e cc int3 + * 0041820f cc int3 + * 00418210 81ec b4000000 sub esp,0xb4 + * 00418216 8b8424 c4000000 mov eax,dword ptr ss:[esp+0xc4] + * 0041821d 53 push ebx + * 0041821e 8b9c24 d0000000 mov ebx,dword ptr ss:[esp+0xd0] + * 00418225 55 push ebp + * 00418226 33ed xor ebp,ebp + * 00418228 56 push esi + * 00418229 8bb424 dc000000 mov esi,dword ptr ss:[esp+0xdc] + * 00418230 03c3 add eax,ebx + * 00418232 57 push edi + * 00418233 8bbc24 d8000000 mov edi,dword ptr ss:[esp+0xd8] + * 0041823a 896c24 14 mov dword ptr ss:[esp+0x14],ebp + * 0041823e 894424 4c mov dword ptr ss:[esp+0x4c],eax + * 00418242 896c24 24 mov dword ptr ss:[esp+0x24],ebp + * 00418246 39ac24 e8000000 cmp dword ptr ss:[esp+0xe8],ebp + * 0041824d 75 29 jnz short .00418278 + * 0041824f c74424 24 010000>mov dword ptr ss:[esp+0x24],0x1 + * + * ... + * + * 00418400 56 push esi + * 00418401 52 push edx + * 00418402 ff15 64c04b00 call dword ptr ds:[0x4bc064] ; gdi32.getglyphoutlinea + * 00418408 8bf8 mov edi,eax + * + * The old WillPlus engine can also be inserted to the new games. + * But it has no effects. + * + * A split value is used to get saving message out. + * + * Runtime stack for the scenario thread: + * 0012d9ec 00417371 return to .00417371 from .00418210 + * 0012d9f0 00000003 1 + * 0012d9f4 00000000 2 + * 0012d9f8 00000130 3 + * 0012d9fc 0000001a 4 + * 0012da00 0000000b 5 + * 0012da04 00000016 6 + * 0012da08 0092fc00 .0092fc00 ms gothic ; jichi: here's font + * 0012da0c 00500aa0 .00500aa0 shun ; jichi: text is here in arg8 + * 0012da10 0217dcc0 + * + * Runtime stack for name: + * 0012d9ec 00417371 return to .00417371 from .00418210 + * 0012d9f0 00000003 + * 0012d9f4 00000000 + * 0012d9f8 00000130 + * 0012d9fc 0000001a + * 0012da00 0000000b + * 0012da04 00000016 + * 0012da08 0092fc00 .0092fc00 + * 0012da0c 00500aa0 .00500aa0 + * 0012da10 0217dcc0 + * 0012da14 00000000 + * 0012da18 00000000 + * + * Runtime stack for non-dialog scenario text. + * 0012e5bc 00438c1b return to .00438c1b from .00418210 + * 0012e5c0 00000006 + * 0012e5c4 00000000 + * 0012e5c8 000001ae + * 0012e5cc 000000c8 + * 0012e5d0 0000000c + * 0012e5d4 00000018 + * 0012e5d8 0092fc00 .0092fc00 + * 0012e5dc 0012e628 + * 0012e5e0 0b0d0020 + * 0012e5e4 004fda98 .004fda98 + * + * Runtime stack for saving message + * 0012ed44 00426003 return to .00426003 from .00418210 + * 0012ed48 000003c7 + * 0012ed4c 00000000 + * 0012ed50 000000d8 + * 0012ed54 0000012f + * 0012ed58 00000008 + * 0012ed5c 00000010 + * 0012ed60 0092fc00 .0092fc00 + * 0012ed64 00951d88 ascii "2015/01/18" + */ + +namespace +{ // unnamed + + void SpecialHookWillPlus(hook_stack *stack, HookParam *hp, TextBuffer *buffer, uintptr_t *split) + { + // static DWORD detect_offset; // jichi 1/18/2015: this makes sure it only runs once + // if (detect_offset) + // return; + DWORD i, l; + union + { + DWORD retn; + WORD *pw; + BYTE *pb; + }; + retn = stack->retaddr; // jichi 1/18/2015: dynamically find function return address + i = 0; + while (*pw != 0xc483) + { // add esp, $ + l = ::disasm(pb); + if (++i == 5) + // ConsoleOutput("Fail to detect offset."); + break; + retn += l; + } + // jichi 2/11/2015: Check baddaddr which might crash the game on Windows XP. + if (*pw == 0xc483 && !::IsBadReadPtr((LPCVOID)(pb + 2), 1) && !::IsBadReadPtr((LPCVOID)(*(pb + 2) - 8), 1)) + { + ConsoleOutput("WillPlus1 pattern found"); + // jichi 1/18/2015: + // By studying [honeybee] RE:BIRTHDAY SONG, it seems the scenario text is at fixed address + // This offset might be used to find fixed address + // However, this method cannot extract character name like GetGlyphOutlineA + hp->offset = *(pb + 2) - 8; + + // Still extract the first text + // hp->type ^= EXTERN_HOOK; + char *str = *(char **)(stack->base + hp->offset); + buffer->from_cs(str); + *split = 0; // 8/3/2014 jichi: use return address as split + } + else + { // jichi 1/19/2015: Try willplus2 + ConsoleOutput("WillPlus1 pattern not found, try WillPlus2 instead"); + hp->offset = 4 * 8; // arg8, address of text + hp->type = USING_STRING | NO_CONTEXT | USING_SPLIT; // merge different scenario threads + hp->split = 4 * 1; // arg1 as split to get rid of saving message + // The first text is skipped here + // char *str = *(char **)(esp_base + hp->offset); + //*data = (DWORD)str; + //*len = ::strlen(str); + } + hp->text_fun = nullptr; // stop using text_fun any more + // detect_offset = 1; + } + + // Although the new hook also works for the old game, the old hook is still used by default for compatibility + bool InsertOldWillPlusHook() + { + //__debugbreak(); + enum + { + sub_esp = 0xec81 + }; // jichi: caller pattern: sub esp = 0x81,0xec byte + ULONG addr = MemDbg::findCallerAddress((ULONG)::GetGlyphOutlineA, sub_esp, processStartAddress, processStopAddress); + if (!addr) + { + ConsoleOutput("WillPlus: function call not found"); + return false; + } + + HookParam hp; + hp.address = addr; + hp.text_fun = SpecialHookWillPlus; + hp.type = USING_STRING; + ConsoleOutput("INSERT WillPlus"); + return NewHook(hp, "WillPlus"); + } + + const char *_willplus_trim_a(const char *text, size_t *size) + { + int textSize = ::strlen(text); + int prefix = 0; + if (text[0] == '%') + { + while (prefix < textSize - 1 && text[prefix] == '%' && ::isupper(text[prefix + 1])) + { + prefix += 2; + while (::isupper(text[prefix])) + prefix++; + } + } + { + int pos = textSize; + for (int i = textSize - 1; i >= prefix; i--) + { + char ch = text[i]; + if (::isupper(ch)) + ; + else if (ch == '%') + pos = i; + else + break; + } + int suffix = textSize - pos; + if (size) + *size = textSize - prefix - suffix; + } + return text + prefix; + } + + const wchar_t *_willplus_trim_w(const wchar_t *text, size_t *size) + { + int textSize = ::wcslen(text); + int prefix = 0; + if (text[0] == '%') + { + while (prefix < textSize - 1 && text[prefix] == '%' && ::isupper(text[prefix + 1])) + { + prefix += 2; + while (::isupper(text[prefix])) + prefix++; + } + } + { + int pos = textSize; + for (int i = textSize - 1; i >= prefix; i--) + { + wchar_t ch = text[i]; + if (::isupper(ch)) + ; + else if (ch == '%') + pos = i; + else + break; + } + int suffix = textSize - pos; + if (size) + *size = textSize - prefix - suffix; + } + return text + prefix; + } + + void SpecialHookWillPlusA(hook_stack *stack, HookParam *hp, TextBuffer *buffer, uintptr_t *split) + { + int index = 0; + auto text = (LPCSTR)stack->eax; + if (!text) + return; + if (index) // index == 1 is name + text -= 1024; + if (!*text) + return; + size_t len; + text = _willplus_trim_a(text, &len); + buffer->from(text, len); + *split = FIXED_SPLIT_VALUE << index; + } + bool WillPlus_extra_filter(void *data, size_t *size, HookParam *) + { + + auto text = reinterpret_cast(data); + StringFilter(text, size, L"%XS", 5); // remove %XS followed by 2 chars + std::wstring str = text; + str = str.substr(0, *size / 2); + strReplace(str, L"\\n", L"\n"); + std::wregex reg1(L"\\{(.*?):(.*?)\\}"); + std::wstring result1 = std::regex_replace(str, reg1, L"$1"); + + std::wregex reg11(L"\\{(.*?);(.*?)\\}"); + result1 = std::regex_replace(result1, reg11, L"$1"); + + std::wregex reg2(L"%[A-Z]+"); + result1 = std::regex_replace(result1, reg2, L""); + + write_string_overwrite(data, size, result1); + return true; + }; + bool InsertWillPlusAHook() + { + // by iov + const BYTE bytes2[] = {0x8B, 0x00, 0xFF, 0x76, 0xFC, 0x8B, 0xCF, 0x50}; + ULONG range2 = min(processStopAddress - processStartAddress, MAX_REL_ADDR); + ULONG addr2 = MemDbg::findBytes(bytes2, sizeof(bytes2), processStartAddress, processStartAddress + range2); + if (addr2) + { + HookParam myhp; + myhp.address = addr2 + 2; + + myhp.type = CODEC_UTF16 | NO_CONTEXT | USING_STRING; + + myhp.offset = get_reg(regs::eax); + myhp.filter_fun = WillPlus_extra_filter; + char nameForUser[HOOK_NAME_SIZE] = "WillPlus3_memcpy"; + + ConsoleOutput("Insert: WillPlus3_memcpy Hook"); + return NewHook(myhp, nameForUser); + } + + const BYTE bytes[] = { + 0x81, 0xec, 0x14, 0x08, 0x00, 0x00 // 0042B5E0 81EC 14080000 SUB ESP,0x814 ; jichi: text in eax, name in eax - 1024, able to copy + }; + DWORD addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStopAddress); + if (!addr) + { + ConsoleOutput("WillPlusA: pattern not found"); + return false; + } + HookParam hp; + hp.address = addr; + hp.text_fun = SpecialHookWillPlusA; + hp.type = NO_CONTEXT; + hp.filter_fun = NewLineStringFilterA; // remove two characters of "\\n" + ConsoleOutput("INSERT WillPlusA"); + return NewHook(hp, "WillPlusA"); + } + + void SpecialHookWillPlusW(hook_stack *stack, HookParam *hp, TextBuffer *buffer, uintptr_t *split) + { + auto text = (LPCWSTR)stack->ecx; + if (!text || !*text) + return; + size_t len; + text = _willplus_trim_w(text, &len); + *split = FIXED_SPLIT_VALUE << hp->user_value; + buffer->from(text, len*2); + } + + bool InsertWillPlusWHook() + { + const BYTE bytes1[] = { + // scenario + 0x83, 0xc0, 0x20, // 00452b02 83c0 20 add eax,0x20 ; jichi: hook before here, text in ecx + 0x33, 0xd2, // 00452b05 33d2 xor edx,edx + 0x8b, 0xc1, // 00452b07 8bc1 mov eax,ecx + 0xc7, 0x84, 0x24, 0xe0, 0x01, 0x00, 0x00, 0x07, 0x00, 0x00, 0x00 // 00452b09 c78424 e0010000 07000000 mov dword ptr ss:[esp+0x1e0],0x7 + // 00452b14 c78424 dc010000 00000000 mov dword ptr ss:[esp+0x1dc],0x0 + }; + const BYTE bytes2[] = { + // name + 0x33, 0xdb, // 00453521 33db xor ebx,ebx ; jichi: hook here, text in ecx + 0x33, 0xd2, // 00453523 33d2 xor edx,edx + 0x8b, 0xc1, // 00453525 8bc1 mov eax,ecx + 0xc7, 0x84, 0x24, 0x88, 0x00, 0x00, 0x00, 0x07, 0x00, 0x00, 0x00 // 00453527 c78424 88000000 07000000 mov dword ptr ss:[esp+0x88],0x7 + // 00453532 899c24 84000000 mov dword ptr ss:[esp+0x84],ebx + }; + const BYTE *bytes[] = {bytes1, bytes2}; + const size_t sizes[] = {sizeof(bytes1), sizeof(bytes2)}; + auto succ = false; + for (int i = 0; i < 2; i++) + { + DWORD addr = MemDbg::findBytes(bytes[i], sizes[i], processStartAddress, processStopAddress); + if (!addr) + { + ConsoleOutput("WillPlusW: pattern not found"); + return false; + } + HookParam hp; + hp.address = addr; + hp.text_fun = SpecialHookWillPlusW; + hp.type = NO_CONTEXT | CODEC_UTF16; + hp.user_value = i; + hp.filter_fun = NewLineStringFilterW; // remove two characters of "\\n" + ConsoleOutput("INSERT WillPlusW"); + succ |= NewHook(hp, "WillPlusW"); + } + return succ; + } + /* + Artikash 9/29/2018: Updated WillPlus hook + Sample games: https://vndb.org/r54549 https://vndb.org/v22705 + Not too sure about the stability of this pattern, but it works for both of the above + Hook code for first game: /HQ-8*0@43D620. This seems fairly stable: __thiscall calling convention and first member points to string + Method to find hook code: trace call stack from GetGlyphOutlineW + Disassembly from first game (damekoi). The first few instructions are actually a common function prologue: not enough to locate hook + Hooking SysAllocString also seems to work, but has some garbage + 0043D61D - C2 0800 - ret 0008 { 8 } + 0043D620 - 55 - push ebp + 0043D621 - 8B EC - mov ebp,esp + 0043D623 - 6A FF - push -01 { 255 } + 0043D625 - 68 6B6D5400 - push 00546D6B { [139] } + 0043D62A - 64 A1 00000000 - mov eax,fs:[00000000] { 0 } + 0043D630 - 50 - push eax + 0043D631 - 81 EC 30010000 - sub esp,00000130 { 304 } + 0043D637 - A1 08E05800 - mov eax,[0058E008] { [6A9138CD] } + 0043D63C - 33 C5 - xor eax,ebp + 0043D63E - 89 45 EC - mov [ebp-14],eax + 0043D641 - 53 - push ebx + 0043D642 - 56 - push esi + 0043D643 - 57 - push edi + 0043D644 - 50 - push eax + 0043D645 - 8D 45 F4 - lea eax,[ebp-0C] + 0043D648 - 64 A3 00000000 - mov fs:[00000000],eax { 0 } + 0043D64E - 8B F9 - mov edi,ecx + 0043D650 - 89 BD E8FEFFFF - mov [ebp-00000118],edi + 0043D656 - 8B 45 08 - mov eax,[ebp+08] + 0043D659 - 8B 4D 14 - mov ecx,[ebp+14] + 0043D65C - F3 0F10 45 1C - movss xmm0,[ebp+1C] + 0043D661 - 8B 5D 18 - mov ebx,[ebp+18] + 0043D664 - 89 85 10FFFFFF - mov [ebp-000000F0],eax + 0043D66A - 8B 45 10 - mov eax,[ebp+10] + 0043D66D - 89 85 08FFFFFF - mov [ebp-000000F8],eax + 0043D673 - 89 47 68 - mov [edi+68],eax + 0043D676 - 8B 45 20 - mov eax,[ebp+20] + 0043D679 - 51 - push ecx + ... + */ + static bool InsertNewWillPlusHook() + { + bool found = false; + const BYTE characteristicInstructions[] = + { + 0xc2, 0x08, 0, // ret 0008; Seems to always be ret 8 before the hookable function. not sure why, not sure if stable. + 0x55, // push ebp; hook here + 0x8b, 0xec, // mov ebp,esp + 0x6a, 0xff, // push -01 + 0x68, XX4, // push ? + 0x64, 0xa1, 0, 0, 0, 0, // mov eax,fs:[0] + 0x50, // push eax + 0x81, 0xec, XX4, // sub esp,? + 0xa1, XX4, // mov eax,[?] + 0x33, 0xc5, // xor eax,ebp + // 0x89, 0x45, 0xec // mov [ebp-14],eax; not sure if 0x14 is stable + }; + for (auto addr : Util::SearchMemory(characteristicInstructions, sizeof(characteristicInstructions), PAGE_EXECUTE, processStartAddress, processStopAddress)) + { + HookParam hp; + hp.address = addr + 3; + hp.type = USING_STRING | CODEC_UTF16 | DATA_INDIRECT; + hp.offset = get_reg(regs::ecx); + hp.index = 0; + found |= NewHook(hp, "WillPlus2"); + } + /* + hook cmp reg,0x3000 + Sample games: + https://vndb.org/r54549 + https://vndb.org/v22705 + https://vndb.org/v24852 + https://vndb.org/v25719 + https://vndb.org/v27227 + https://vndb.org/v27385 + https://vndb.org/v34544 + https://vndb.org/v35279 + https://vndb.org/v36011 + */ + const BYTE pattern[] = + { + 0x81, XX, 0x00, 0x30, 0x00, 0x00 // 81FE 00300000 cmp esi,0x3000 + // or 81FB 00300000 cmp ebx,0x3000 + // or 81FF 00300000 cmp edi,0x3000 + // je xx + // 8b4D A8 mov ecx,dword ptr ss:[ebp-??] hook here + // 85C9 test ecx,ecx + }; + for (auto addr : Util::SearchMemory(pattern, sizeof(pattern), PAGE_EXECUTE, processStartAddress, processStopAddress)) + { + if (*(WORD *)(addr + 0xb) != 0xC985) + continue; + + BYTE byte = *(BYTE *)(addr + 1); + regs offset = regs::invalid; + switch (byte) + { + case 0xf9: + offset = regs::ecx; + break; + case 0xfa: + offset = regs::edx; + break; + case 0xfb: + offset = regs::ebx; + break; + case 0xfc: + offset = regs::esp; + break; + case 0xfd: + offset = regs::ebp; + break; + case 0xfe: + offset = regs::esi; + break; + case 0xff: + offset = regs::edi; + break; + }; + if (offset != regs::invalid) + { + HookParam hp; + hp.address = addr + 8; + hp.type = CODEC_UTF16; + hp.offset = get_reg(offset); + found |= NewHook(hp, "WillPlus3"); + } + } + if (!found) + ConsoleOutput("WillPlus: failed to find instructions"); + return found; + } + +} // unnamed namespace + +bool InsertWillPlusHook() +{ + bool ok = InsertOldWillPlusHook(); + ok = InsertWillPlusWHook() || InsertNewWillPlusHook() || InsertWillPlusAHook() || ok; + return ok; +} +namespace will3 +{ + + int kp = 0; + int lf = 0; + int lc = 0; + void hookBefore(hook_stack *s, HookParam *hp, TextBuffer *buffer, uintptr_t *split) + { + // DOUT(QString::fromUtf16((LPWSTR)s->stack[6]));//"MS UI Gothic" + // DOUT(QString::fromUtf16((LPWSTR)s->stack[7]));//"���������ˤˤʤꤿ����%K%P" + auto text = (LPWSTR)s->stack[7]; // text in arg1 + + if (!text || !*text) + return ; + + std::wstring str = ((LPWSTR)s->stack[7]); + kp = 0; + lf = 0; + if (endWith(str, L"%K%P")) + { + kp = 1; + + str = str.substr(0, str.size() - 4); + } + if (startWith(str, L"%LF")) + { + lf = 1; + str = str.substr(3); + } + if (startWith(str, L"%LC")) + { + lc = 1; + str = str.substr(3); + } + std::wregex reg1(L"\\{(.*?):(.*?)\\}"); + str = std::regex_replace(str, reg1, L"$1"); + + std::wregex reg11(L"\\{(.*?);(.*?)\\}"); + str = std::regex_replace(str, reg11, L"$1"); + + buffer->from(str); + } + void hookafter(hook_stack *s, void *data, size_t len) + { + auto data_ = std::wstring((wchar_t *)data, len / 2); // EngineController::instance()->dispatchTextWSTD(innner, Engine::ScenarioRole, 0); + if (kp) + { + data_.append(L"%K%P"); + } + if (lf) + { + data_ = L"%LF" + data_; + } + if (lc) + { + data_ = L"%LC" + data_; + } + s->stack[7] = (ULONG)(data_.c_str()); + } +} +bool InsertWillPlus4Hook() +{ + // 星の乙女と六華の姉妹 + const BYTE bytes[] = { + 0xc7, 0x45, 0xfc, 0x00, 0x00, 0x00, 0x00, + 0x33, 0xc9, + 0xc7, 0x47, 0x78, 0x00, 0x00, 0x00, 0x00}; + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStopAddress); + + if (addr == 0) + return false; + + addr = MemDbg::findEnclosingFunctionBeforeDword(0x83dc8b53, addr, MemDbg::MaximumFunctionSize, 1); + + if (addr == 0) + return false; + HookParam hp; + hp.address = addr; + hp.offset = get_stack(7); + // hp.filter_fun = WillPlus_extra_filter; + hp.type = USING_STRING | CODEC_UTF16 | EMBED_ABLE; + hp.text_fun = will3::hookBefore; + hp.newlineseperator = L"\\n"; + hp.hook_after = will3::hookafter; + return NewHook(hp, "EmbedWillplus3"); +} +bool InsertWillPlus5Hook() +{ + // ensemble 29th Project『乙女の剣と秘めごとコンチェルト』オフィシャルサイト 体验版 + + const BYTE bytes[] = { + 0x3d, XX2, 0x00, 0x00, + 0x72, XX, + 0x3d, XX2, 0x00, 0x00, + 0x77}; + /*if (v26 >= 0xE63E) + { + if (v26 <= 0xE757)*/ + /*3D 3E E6 00 00 cmp eax, 0E63Eh +.text:0040A24B 72 6C jb short loc_40A2B9 +.text : 0040A24B +.text : 0040A24D 3D 57 E7 00 00 cmp eax, 0E757h +.text : 0040A252 77 71 ja short loc_40A2C5*/ + + bool ok = false; + auto addrs = Util::SearchMemory(bytes, sizeof(bytes), PAGE_EXECUTE, processStartAddress, processStopAddress); + for (auto addr : addrs) + { + HookParam hp; + hp.address = addr; + hp.offset = get_reg(regs::eax); + hp.type = CODEC_UTF16; + ConsoleOutput("INSERT WillPlus_extra2"); + ok |= NewHook(hp, "WillPlus_extra2"); + } + return ok; +} +bool insertwillplus6() +{ + + /* 0x00492870 + 0: 50 push eax + 1: b8 01 00 00 00 mov eax,0x1 + 6: 8d 74 24 18 lea esi,[esp+0x18] + a: e8 f1 f5 f6 ff call 0xfff6f600 + f: 6a 01 push 0x1 + 11: 68 7c 47 55 00 push 0x55477c + 16: 33 c0 xor eax,eax + 18: 8b d6 mov edx,esi + 1a: e8 21 8c f7 ff call 0xfff78c40 + //hook after call,但有的句子没有 + 1f: 83 f8 ff cmp eax,0xffffffff + 22: 75 dc jne 0x0 + //这里 + 24: 8d 44 24 14 lea eax,[esp+0x14] + 28: 8b cd mov ecx,ebp + 2a: e8 81 f3 04 00 call 0x4f3b0 + 2f: 83 7c 24 2c 08 cmp DWORD PTR [esp+0x2c],0x8 + 34: 8b f0 mov esi,eax + 36: 72 0d jb 0x45 + 38: 8b 44 24 18 mov eax,DWORD PTR [esp+0x18] + 3c: 50 push eax + 3d: e8 5e d6 09 00 call 0x9d6a0 + 42: 83 c4 04 add esp,0x4 + 45: 33 c9 xor ecx,ecx + 47: c7 44 24 2c 07 00 00 mov DWORD PTR [esp+0x2c],0x7 + */ + // 想いを捧げる乙女のメロディー + const BYTE bytes[] = { + 0x6a, 0x01, + 0x68, 0x7c, 0x47, 0x55, 0x00, + 0x33, 0xc0, + 0x8b, 0xd6, + 0xe8, XX4, + 0x83, 0xf8, + 0xff, 0x75, 0xdc}; + auto addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStopAddress); + + if (addr == 0) + return false; + addr += sizeof(bytes); + ConsoleOutput("%p %p %p", addr, processStartAddress, processStopAddress); + HookParam hp; + hp.address = addr; + hp.offset = get_stack(6); + hp.type = CODEC_UTF16 | USING_STRING; + ConsoleOutput("INSERT WillPlus6"); + return NewHook(hp, "WillPlus6"); +} +bool willX() +{ + // 世界でいちばんNGな恋 + // .text:0040EAE9 81 FE 94 81 00 00 cmp esi, 8194h + // .text:0040EAEF 74 2C jz short loc_40EB1D + // .text:0040EAEF + // .text:0040EAF1 81 FE 74 84 00 00 cmp esi, 8474h + // .text:0040EAF7 74 24 jz short loc_40EB1D + // .text:0040EAF7 + // .text:0040EAF9 81 FE 97 81 00 00 cmp esi, 8197h + // .text:0040EAFF 74 1C jz short loc_40EB1D + // .text:0040EAFF + // .text:0040EB01 81 FE 90 81 00 00 cmp esi, 8190h + // .text:0040EB07 74 14 jz short loc_40EB1D + // .text:0040EB07 + // .text:0040EB09 81 FE 59 81 00 00 cmp esi, 8159h + // .text:0040EB0F 74 0C jz short loc_40EB1D + // .text:0040EB0F + // .text:0040EB11 81 FE 96 81 00 00 cmp esi, 8196h + // .text:0040EB17 0F 85 FF 00 00 00 jnz loc_40EC1C + const BYTE bytes[] = { + 0x81, 0xFE, 0x94, 0x81, 0x00, 0x00, + 0x74, XX, + 0x81, 0xFE, 0x74, 0x84, 0x00, 0x00, + 0x74, XX, + 0x81, 0xFE, 0x97, 0x81, 0x00, 0x00, + 0x74, XX, + 0x81, 0xFE, 0x90, 0x81, 0x00, 0x00, + 0x74, XX, + 0x81, 0xFE, 0x59, 0x81, 0x00, 0x00, + 0x74, XX, + 0x81, 0xFE, 0x96, 0x81, 0x00, 0x00}; + auto addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStopAddress); + + if (addr == 0) + return false; + auto succ = false; + { + HookParam hp; + hp.address = addr; + hp.offset = get_reg(regs::esi); + hp.type = NO_CONTEXT | CODEC_ANSI_BE; + succ |= NewHook(hp, "willAN"); + } + + addr = MemDbg::findEnclosingAlignedFunction(addr); + + if (addr) + { + HookParam hp; + hp.address = addr; + hp.offset = get_stack(7); + hp.type = USING_STRING; + succ |= NewHook(hp, "willS"); + } + return succ; +} + +namespace +{ // unnamed + + // Sample prefix: %LF + // Sample suffix: %L%P%W + template + strT trim(strT text, int *size) + { + int length = *size; + if (text[0] == '%') + { // handle prefix + int pos = 0; + while (pos < length - 1 && text[pos] == '%' && ::isupper(text[pos + 1])) + { + pos += 2; + while (::isupper(text[pos])) + pos++; + } + if (pos) + { + length -= pos; + text += pos; + } + } + { // handle suffix + int pos = length; + for (int i = length - 1; i >= 0; i--) + { + if (::isupper(text[i])) + ; + else if (text[i] == '%' && ::isupper(text[i + 1])) + pos = i; + else + break; + } + length = pos; + } + *size = length; + return text; + } + struct textinfo + { + std::wstring text_; + int stackIndex_; + int role_; + }; + std::unordered_map savetyperef; + namespace TextHookW + { + + // typedef TextHookW Self; + + template + void hookBefore(hook_stack *s, HookParam *hp, TextBuffer *buffer, uintptr_t *role) + { + auto info = savetyperef.at(idx); + enum + { + sig = 0 + }; + auto text = (LPCWSTR)s->stack[info->stackIndex_]; + if (!text || !*text) + return ; + int size = ::wcslen(text), + trimmedSize = size; + auto trimmedText = trim(text, &trimmedSize); + if (!trimmedSize || !*trimmedText) + return ; + buffer->from(trimmedText, trimmedSize*2); + } + template + void hookafter(hook_stack *s, void *data, size_t len) + { + auto newText = std::wstring((LPWSTR)data, len / 2); + auto info = savetyperef.at(idx); + enum + { + sig = 0 + }; + auto text = (LPCWSTR)s->stack[info->stackIndex_]; + if (!text || !*text) + return; + int size = ::wcslen(text), + trimmedSize = size; + auto trimmedText = trim(text, &trimmedSize); + if (!trimmedSize || !*trimmedText) + return; + std::wstring oldText = std::wstring(trimmedText, trimmedSize); + if (newText == oldText) + return; + int prefixSize = trimmedText - text, + suffixSize = size - prefixSize - trimmedSize; + if (prefixSize) + newText.insert(0, std::wstring(text, prefixSize)); + if (suffixSize) + newText.append(std::wstring(trimmedText + trimmedSize, suffixSize)); + info->text_ = newText; + s->stack[info->stackIndex_] = (ULONG)info->text_.c_str(); + } + // explicit TextHookW(int hookStackIndex, int role = Engine::UnknownRole) : stackIndex_(hookStackIndex), role_(role) {} + template + bool attach(const uint8_t *pattern, size_t patternSize, ULONG startAddress, ULONG stopAddress, int hookStackIndex, int role = Engine::UnknownRole) + { + ULONG addr = MemDbg::findBytes(pattern, patternSize, startAddress, stopAddress); + if (addr == 0) + return false; + HookParam hp; + hp.address = addr; + auto _tinfo = new textinfo{}; + _tinfo->role_ = role; + _tinfo->stackIndex_ = hookStackIndex; + savetyperef[_type] = _tinfo; + hp.text_fun = hookBefore<_type>; + hp.type = EMBED_ABLE | CODEC_UTF16|NO_CONTEXT; + hp.newlineseperator = L"\\n"; + hp.hook_after = hookafter<_type>; + hp.hook_font = F_MultiByteToWideChar | F_GetGlyphOutlineW; + char _[] = "EmbedWillplusW0"; + _[sizeof(_) - 2] += _type; + return NewHook(hp, _); + } + }; + + /** + * Sample game: なついろレシピ + * See: http://capita.tistory.com/m/post/251 + * + * Scenario: + * 00452A8F 77 05 JA SHORT .00452A96 + * 00452A91 E8 A25B0B00 CALL .00508638 ; JMP to msvcr90._invalid_parameter_noinfo + * 00452A96 8B43 0C MOV EAX,DWORD PTR DS:[EBX+0xC] + * 00452A99 8B48 18 MOV ECX,DWORD PTR DS:[EAX+0x18] + * 00452A9C 83C0 10 ADD EAX,0x10 + * 00452A9F 33D2 XOR EDX,EDX + * 00452AA1 8BC1 MOV EAX,ECX + * 00452AA3 C78424 C4010000 >MOV DWORD PTR SS:[ESP+0x1C4],0x7 + * 00452AAE C78424 C0010000 >MOV DWORD PTR SS:[ESP+0x1C0],0x0 + * 00452AB9 66:899424 B00100>MOV WORD PTR SS:[ESP+0x1B0],DX + * 00452AC1 8D70 02 LEA ESI,DWORD PTR DS:[EAX+0x2] + * 00452AC4 66:8B10 MOV DX,WORD PTR DS:[EAX] + * 00452AC7 83C0 02 ADD EAX,0x2 + * 00452ACA 66:85D2 TEST DX,DX + * 00452ACD ^75 F5 JNZ SHORT .00452AC4 + * 00452ACF 2BC6 SUB EAX,ESI + * 00452AD1 D1F8 SAR EAX,1 + * 00452AD3 50 PUSH EAX + * 00452AD4 51 PUSH ECX + * 00452AD5 8DB424 B4010000 LEA ESI,DWORD PTR SS:[ESP+0x1B4] + * 00452ADC E8 DF4DFBFF CALL .004078C0 + * 00452AE1 C68424 B8020000 >MOV BYTE PTR SS:[ESP+0x2B8],0x8 + * 00452AE9 8B43 10 MOV EAX,DWORD PTR DS:[EBX+0x10] + * 00452AEC 2B43 0C SUB EAX,DWORD PTR DS:[EBX+0xC] + * 00452AEF C1F8 04 SAR EAX,0x4 + * 00452AF2 83F8 02 CMP EAX,0x2 + * 00452AF5 77 05 JA SHORT .00452AFC + * 00452AF7 E8 3C5B0B00 CALL .00508638 ; JMP to msvcr90._invalid_parameter_noinfo + * 00452AFC 8B43 0C MOV EAX,DWORD PTR DS:[EBX+0xC] + * 00452AFF 8B48 28 MOV ECX,DWORD PTR DS:[EAX+0x28] + * 00452B02 83C0 20 ADD EAX,0x20 ; jichi: hook before here, text in ecx + * 00452B05 33D2 XOR EDX,EDX + * 00452B07 8BC1 MOV EAX,ECX + * 00452B09 C78424 E0010000 07000000 MOV DWORD PTR SS:[ESP+0x1E0],0x7 ; jichi: key pattern is here, text in eax + * 00452B14 C78424 DC010000 00000000 MOV DWORD PTR SS:[ESP+0x1DC],0x0 + * 00452B27 8D70 02 LEA ESI,DWORD PTR DS:[EAX+0x2] + * 00452B2A 33DB XOR EBX,EBX + * 00452B2C 8D6424 00 LEA ESP,DWORD PTR SS:[ESP] + * 00452B30 66:8B10 MOV DX,WORD PTR DS:[EAX] + * 00452B33 83C0 02 ADD EAX,0x2 + * 00452B36 66:3BD3 CMP DX,BX + * 00452B39 ^75 F5 JNZ SHORT .00452B30 + * 00452B3B 2BC6 SUB EAX,ESI + * 00452B3D D1F8 SAR EAX,1 + * 00452B3F 50 PUSH EAX + * 00452B40 51 PUSH ECX + * 00452B41 8DB424 D0010000 LEA ESI,DWORD PTR SS:[ESP+0x1D0] + * 00452B48 E8 734DFBFF CALL .004078C0 + * 00452B4D C68424 B8020000 >MOV BYTE PTR SS:[ESP+0x2B8],0x9 + * 00452B55 895C24 1C MOV DWORD PTR SS:[ESP+0x1C],EBX + * 00452B59 395C24 14 CMP DWORD PTR SS:[ESP+0x14],EBX + * 00452B5D 0F84 77080000 JE .004533DA + * 00452B63 BE 07000000 MOV ESI,0x7 + * 00452B68 33C0 XOR EAX,EAX + * 00452B6A 895C24 20 MOV DWORD PTR SS:[ESP+0x20],EBX + * 00452B6E 89B424 FC010000 MOV DWORD PTR SS:[ESP+0x1FC],ESI + * 00452B75 899C24 F8010000 MOV DWORD PTR SS:[ESP+0x1F8],EBX + * 00452B7C 66:898424 E80100>MOV WORD PTR SS:[ESP+0x1E8],AX + * 00452B84 8D4C24 3C LEA ECX,DWORD PTR SS:[ESP+0x3C] + * 00452B88 51 PUSH ECX + * 00452B89 C68424 BC020000 >MOV BYTE PTR SS:[ESP+0x2BC],0xA + * 00452B91 E8 7AACFCFF CALL .0041D810 + * 00452B96 C68424 B8020000 >MOV BYTE PTR SS:[ESP+0x2B8],0xB + * 00452B9E 399C24 C0010000 CMP DWORD PTR SS:[ESP+0x1C0],EBX + * 00452BA5 0F84 BB020000 JE .00452E66 + * 00452BAB 81C7 14010000 ADD EDI,0x114 + */ + bool attachScenarioHookW1(ULONG startAddress, ULONG stopAddress) + { + // ECX PTR: 83 C0 20 33 D2 8B C1 C7 84 24 E0 01 00 00 07 00 00 00 + const uint8_t bytes[] = { + 0x83, 0xc0, 0x20, // 00452b02 83c0 20 add eax,0x20 ; jichi: hook before here, text in ecx + 0x33, 0xd2, // 00452b05 33d2 xor edx,edx + 0x8b, 0xc1, // 00452b07 8bc1 mov eax,ecx + 0xc7, 0x84, 0x24, 0xe0, 0x01, 0x00, 0x00, 0x07, 0x00, 0x00, 0x00 // 00452b09 c78424 e0010000 07000000 mov dword ptr ss:[esp+0x1e0],0x7 + // 00452b14 c78424 dc010000 00000000 mov dword ptr ss:[esp+0x1dc],0x0 + }; + int ecx = get_reg(regs::ecx) / 4; + return TextHookW::attach<1>(bytes, sizeof(bytes), startAddress, stopAddress, ecx, Engine::ScenarioRole); + } + + /** + * 1/9/2016: 見上げてごらん、夜空の星を 体験版 + * + * 0045580D C68424 B8020000 08 MOV BYTE PTR SS:[ESP+0x2B8],0x8 + * 00455815 8B47 10 MOV EAX,DWORD PTR DS:[EDI+0x10] + * 00455818 2B47 0C SUB EAX,DWORD PTR DS:[EDI+0xC] + * 0045581B C1F8 04 SAR EAX,0x4 + * 0045581E 83F8 02 CMP EAX,0x2 + * 00455821 77 05 JA SHORT .00455828 + * 00455823 E8 A0F70B00 CALL .00514FC8 ; JMP to msvcr90._invalid_parameter_noinfo + * 00455828 8B7F 0C MOV EDI,DWORD PTR DS:[EDI+0xC] + * 0045582B 83C7 20 ADD EDI,0x20 + * 0045582E 8B7F 08 MOV EDI,DWORD PTR DS:[EDI+0x8] + * 00455831 33C9 XOR ECX,ECX + * 00455833 8BC7 MOV EAX,EDI ; jichi: hook befoe here, text in eax assigned from edi + * 00455835 C78424 E0010000 07000000 MOV DWORD PTR SS:[ESP+0x1E0],0x7 ; jichi: key pattern is here, text i eax + * 00455840 899C24 DC010000 MOV DWORD PTR SS:[ESP+0x1DC],EBX + * 00455847 66:898C24 CC010000 MOV WORD PTR SS:[ESP+0x1CC],CX + * 0045584F 8D50 02 LEA EDX,DWORD PTR DS:[EAX+0x2] + * 00455852 66:8B08 MOV CX,WORD PTR DS:[EAX] + * 00455855 83C0 02 ADD EAX,0x2 + * 00455858 66:3BCB CMP CX,BX + * 0045585B ^75 F5 JNZ SHORT .00455852 + * 0045585D 2BC2 SUB EAX,EDX + * 0045585F D1F8 SAR EAX,1 + * 00455861 50 PUSH EAX + * 00455862 57 PUSH EDI + * 00455863 8DB424 D0010000 LEA ESI,DWORD PTR SS:[ESP+0x1D0] + * 0045586A E8 2120FBFF CALL .00407890 + * 0045586F C68424 B8020000 09 MOV BYTE PTR SS:[ESP+0x2B8],0x9 + * 00455877 895C24 30 MOV DWORD PTR SS:[ESP+0x30],EBX + * 0045587B 395C24 18 CMP DWORD PTR SS:[ESP+0x18],EBX + * 0045587F 0F84 D1080000 JE .00456156 + * 00455885 33D2 XOR EDX,EDX + * 00455887 895C24 24 MOV DWORD PTR SS:[ESP+0x24],EBX + * 0045588B C78424 FC010000 07000000 MOV DWORD PTR SS:[ESP+0x1FC],0x7 + * 00455896 899C24 F8010000 MOV DWORD PTR SS:[ESP+0x1F8],EBX + * 0045589D 66:899424 E8010000 MOV WORD PTR SS:[ESP+0x1E8],DX + * 004558A5 8D4424 3C LEA EAX,DWORD PTR SS:[ESP+0x3C] + */ + bool attachScenarioHookW2(ULONG startAddress, ULONG stopAddress) + { + // key pattern: C78424 E0010000 07000000 + const uint8_t bytes[] = { + 0x8b, 0xc7, // 00455833 8bc7 mov eax,edi ; jichi: text in eax assigned from edi + 0xc7, 0x84, 0x24, 0xe0, 0x01, 0x00, 0x00, 0x07, 0x00, 0x00, 0x00 // 00455835 c78424 e0010000 07000000 mov dword ptr ss:[esp+0x1e0],0x7 ; jichi: key pattern is here, text i eax + }; + int edi = get_reg(regs::edi) / 4; + return TextHookW::attach<2>(bytes, sizeof(bytes), startAddress, stopAddress, edi, Engine::ScenarioRole); + } + /** + * Sample game: なついろレシピ + * See: http://capita.tistory.com/m/post/251 + * + * Name: + * + * 004534FA 64:A3 00000000 MOV DWORD PTR FS:[0],EAX + * 00453500 8B75 14 MOV ESI,DWORD PTR SS:[EBP+0x14] + * 00453503 8B46 10 MOV EAX,DWORD PTR DS:[ESI+0x10] + * 00453506 2B46 0C SUB EAX,DWORD PTR DS:[ESI+0xC] + * 00453509 8BF9 MOV EDI,ECX + * 0045350B C1F8 04 SAR EAX,0x4 + * 0045350E 897C24 14 MOV DWORD PTR SS:[ESP+0x14],EDI + * 00453512 85C0 TEST EAX,EAX + * 00453514 77 05 JA SHORT .0045351B + * 00453516 E8 1D510B00 CALL .00508638 ; JMP to msvcr90._invalid_parameter_noinfo + * 0045351B 8B76 0C MOV ESI,DWORD PTR DS:[ESI+0xC] + * 0045351E 8B4E 08 MOV ECX,DWORD PTR DS:[ESI+0x8] + * 00453521 33DB XOR EBX,EBX ; jichi: hook here, text in ecx + * 00453523 33D2 XOR EDX,EDX + * 00453525 8BC1 MOV EAX,ECX + * 00453527 C78424 88000000 07000000 MOV DWORD PTR SS:[ESP+0x88],0x7 + * 00453532 899C24 84000000 MOV DWORD PTR SS:[ESP+0x84],EBX + * 00453539 66:895424 74 MOV WORD PTR SS:[ESP+0x74],DX + * 0045353E 8D70 02 LEA ESI,DWORD PTR DS:[EAX+0x2] + * 00453541 66:8B10 MOV DX,WORD PTR DS:[EAX] + * 00453544 83C0 02 ADD EAX,0x2 + * 00453547 66:3BD3 CMP DX,BX + * 0045354A ^75 F5 JNZ SHORT .00453541 + * 0045354C 2BC6 SUB EAX,ESI + * 0045354E D1F8 SAR EAX,1 + * 00453550 50 PUSH EAX + * 00453551 51 PUSH ECX + * 00453552 8D7424 78 LEA ESI,DWORD PTR SS:[ESP+0x78] + * 00453556 E8 6543FBFF CALL .004078C0 + * 0045355B 899C24 70010000 MOV DWORD PTR SS:[ESP+0x170],EBX + * 00453562 A1 DCAA5500 MOV EAX,DWORD PTR DS:[0x55AADC] + * 00453567 894424 1C MOV DWORD PTR SS:[ESP+0x1C],EAX + * 0045356B B8 0F000000 MOV EAX,0xF + * 00453570 894424 6C MOV DWORD PTR SS:[ESP+0x6C],EAX + * 00453574 895C24 68 MOV DWORD PTR SS:[ESP+0x68],EBX + * 00453578 885C24 58 MOV BYTE PTR SS:[ESP+0x58],BL + * 0045357C 894424 50 MOV DWORD PTR SS:[ESP+0x50],EAX + * 00453580 895C24 4C MOV DWORD PTR SS:[ESP+0x4C],EBX + * 00453584 885C24 3C MOV BYTE PTR SS:[ESP+0x3C],BL + * 00453588 C68424 70010000 02 MOV BYTE PTR SS:[ESP+0x170],0x2 + * 00453590 8B8424 84000000 MOV EAX,DWORD PTR SS:[ESP+0x84] + * 00453597 8BF0 MOV ESI,EAX + * 00453599 3BC3 CMP EAX,EBX + * 0045359B 74 3D JE SHORT .004535DA + * 0045359D 83BC24 88000000 08 CMP DWORD PTR SS:[ESP+0x88],0x8 + * 004535A5 8B5424 74 MOV EDX,DWORD PTR SS:[ESP+0x74] + * 004535A9 73 04 JNB SHORT .004535AF + * 004535AB 8D5424 74 LEA EDX,DWORD PTR SS:[ESP+0x74] + */ + bool attachNameHookW(ULONG startAddress, ULONG stopAddress) + { + // ECX PTR: 33 DB 33 D2 8B C1 C7 84 24 88 00 00 00 07 00 00 00 + const uint8_t bytes[] = { + 0x33, 0xdb, // 00453521 33db xor ebx,ebx ; jichi: hook here, text in ecx + 0x33, 0xd2, // 00453523 33d2 xor edx,edx + 0x8b, 0xc1, // 00453525 8bc1 mov eax,ecx + 0xc7, 0x84, 0x24, 0x88, 0x00, 0x00, 0x00, 0x07, 0x00, 0x00, 0x00 // 00453527 c78424 88000000 07000000 mov dword ptr ss:[esp+0x88],0x7 + // 00453532 899c24 84000000 mov dword ptr ss:[esp+0x84],ebx + }; + + int ecx = get_reg(regs::ecx) / 4; + return TextHookW::attach<3>(bytes, sizeof(bytes), startAddress, stopAddress, ecx, Engine::NameRole); + } + + /** + * Sample game: なついろレシピ + * See: http://capita.tistory.com/m/post/251 + * + * Choice: + * 00470D95 72 05 JB SHORT .00470D9C + * 00470D97 E8 9C780900 CALL .00508638 ; JMP to msvcr90._invalid_parameter_noinfo + * 00470D9C 8BB5 EC020000 MOV ESI,DWORD PTR SS:[EBP+0x2EC] + * 00470DA2 037424 14 ADD ESI,DWORD PTR SS:[ESP+0x14] + * 00470DA6 8B4E 10 MOV ECX,DWORD PTR DS:[ESI+0x10] + * 00470DA9 2B4E 0C SUB ECX,DWORD PTR DS:[ESI+0xC] + * 00470DAC C1F9 04 SAR ECX,0x4 + * 00470DAF 83F9 01 CMP ECX,0x1 + * 00470DB2 77 05 JA SHORT .00470DB9 + * 00470DB4 E8 7F780900 CALL .00508638 ; JMP to msvcr90._invalid_parameter_noinfo + * 00470DB9 8B46 0C MOV EAX,DWORD PTR DS:[ESI+0xC] + * 00470DBC 8B50 18 MOV EDX,DWORD PTR DS:[EAX+0x18] + * 00470DBF 83C0 10 ADD EAX,0x10 ; jichi: text in edx + * 00470DC2 52 PUSH EDX + * 00470DC3 8D8C24 7C040000 LEA ECX,DWORD PTR SS:[ESP+0x47C] + * 00470DCA 8D7424 4C LEA ESI,DWORD PTR SS:[ESP+0x4C] + * 00470DCE E8 EDA3F9FF CALL .0040B1C0 + * 00470DD3 83C4 04 ADD ESP,0x4 + * 00470DD6 6A FF PUSH -0x1 + * 00470DD8 53 PUSH EBX + * 00470DD9 50 PUSH EAX + * 00470DDA 8D8424 84040000 LEA EAX,DWORD PTR SS:[ESP+0x484] + * 00470DE1 C68424 B0040000 07 MOV BYTE PTR SS:[ESP+0x4B0],0x7 + * 00470DE9 E8 1251F9FF CALL .00405F00 + * 00470DEE BE 08000000 MOV ESI,0x8 + * 00470DF3 C68424 A4040000 06 MOV BYTE PTR SS:[ESP+0x4A4],0x6 + * 00470DFB 397424 60 CMP DWORD PTR SS:[ESP+0x60],ESI + * 00470DFF 72 0D JB SHORT .00470E0E + * 00470E01 8B4424 4C MOV EAX,DWORD PTR SS:[ESP+0x4C] + * 00470E05 50 PUSH EAX + * 00470E06 E8 65770900 CALL .00508570 ; JMP to msvcr90.??3@YAXPAX@Z + * 00470E0B 83C4 04 ADD ESP,0x4 + * 00470E0E 8B9424 7C040000 MOV EDX,DWORD PTR SS:[ESP+0x47C] + * 00470E15 33C9 XOR ECX,ECX + * 00470E17 C74424 60 07000000 MOV DWORD PTR SS:[ESP+0x60],0x7 + * 00470E1F 895C24 5C MOV DWORD PTR SS:[ESP+0x5C],EBX + * 00470E23 66:894C24 4C MOV WORD PTR SS:[ESP+0x4C],CX + * 00470E28 39B424 90040000 CMP DWORD PTR SS:[ESP+0x490],ESI + * 00470E2F 73 07 JNB SHORT .00470E38 + * 00470E31 8D9424 7C040000 LEA EDX,DWORD PTR SS:[ESP+0x47C] + * 00470E38 8B8424 44040000 MOV EAX,DWORD PTR SS:[ESP+0x444] + * 00470E3F B9 10000000 MOV ECX,0x10 + * 00470E44 398C24 58040000 CMP DWORD PTR SS:[ESP+0x458],ECX + * 00470E4B 73 07 JNB SHORT .00470E54 + * 00470E4D 8D8424 44040000 LEA EAX,DWORD PTR SS:[ESP+0x444] + * 00470E54 398C24 74040000 CMP DWORD PTR SS:[ESP+0x474],ECX + * 00470E5B 8B8C24 60040000 MOV ECX,DWORD PTR SS:[ESP+0x460] + */ + bool attachOtherHookW(ULONG startAddress, ULONG stopAddress) + { + // EDX PTR : 83 C0 10 52 8D 8C 24 7C 04 00 00 8D 74 24 4C + const uint8_t bytes[] = { + 0x83, 0xc0, 0x10, // 00470dbf 83c0 10 add eax,0x10 ; jichi: text in edx + 0x52, // 00470dc2 52 push edx + 0x8d, 0x8c, 0x24, 0x7c, 0x04, 0x00, 0x00, // 00470dc3 8d8c24 7c040000 lea ecx,dword ptr ss:[esp+0x47c] + 0x8d, 0x74, 0x24, 0x4c // 00470dca 8d7424 4c lea esi,dword ptr ss:[esp+0x4c] + }; + + int edx = get_reg(regs::edx) / 4; + return TextHookW::attach<4>(bytes, sizeof(bytes), startAddress, stopAddress, edx, Engine::OtherRole); + } + + namespace PatchA + { + + namespace Private + { + // The second argument is always 0 and not used + bool isLeadByteChar(int ch, int) + { + return dynsjis::isleadchar(ch); + // return ::IsDBCSLeadByte(HIBYTE(testChar)); + } + + } // namespace Private + + /** + * Sample game: Re:BIRTHDAY SONG + * + * 0x8140 is found by tracing the call of the caller of GetGlyphOutlineA. + + * 00487F8D 25 FF7F0000 AND EAX,0x7FFF + * 00487F92 C3 RETN + * 00487F93 8BFF MOV EDI,EDI + * 00487F95 55 PUSH EBP + * 00487F96 8BEC MOV EBP,ESP + * 00487F98 83EC 10 SUB ESP,0x10 + * 00487F9B FF75 0C PUSH DWORD PTR SS:[EBP+0xC] + * 00487F9E 8D4D F0 LEA ECX,DWORD PTR SS:[EBP-0x10] + * 00487FA1 E8 02EEFFFF CALL .00486DA8 + * 00487FA6 8B45 08 MOV EAX,DWORD PTR SS:[EBP+0x8] + * 00487FA9 C1E8 08 SHR EAX,0x8 + * 00487FAC 0FB6C8 MOVZX ECX,AL + * 00487FAF 8B45 F4 MOV EAX,DWORD PTR SS:[EBP-0xC] + * 00487FB2 F64401 1D 04 TEST BYTE PTR DS:[ECX+EAX+0x1D],0x4 + * 00487FB7 74 10 JE SHORT .00487FC9 + * 00487FB9 0FB64D 08 MOVZX ECX,BYTE PTR SS:[EBP+0x8] + * 00487FBD F64401 1D 08 TEST BYTE PTR DS:[ECX+EAX+0x1D],0x8 + * 00487FC2 74 05 JE SHORT .00487FC9 + * 00487FC4 33C0 XOR EAX,EAX + * 00487FC6 40 INC EAX + * 00487FC7 EB 02 JMP SHORT .00487FCB + * 00487FC9 33C0 XOR EAX,EAX + * 00487FCB 807D FC 00 CMP BYTE PTR SS:[EBP-0x4],0x0 + * 00487FCF 74 07 JE SHORT .00487FD8 + * 00487FD1 8B4D F8 MOV ECX,DWORD PTR SS:[EBP-0x8] + * 00487FD4 8361 70 FD AND DWORD PTR DS:[ECX+0x70],0xFFFFFFFD + * 00487FD8 C9 LEAVE + * 00487FD9 C3 RETN + * 00487FDA 8BFF MOV EDI,EDI ; jichi: called here, text in arg1 + * 00487FDC 55 PUSH EBP + * 00487FDD 8BEC MOV EBP,ESP + * 00487FDF 6A 00 PUSH 0x0 + * 00487FE1 FF75 08 PUSH DWORD PTR SS:[EBP+0x8] + * 00487FE4 E8 AAFFFFFF CALL .00487F93 ; jichi: called here + * 00487FE9 59 POP ECX + * 00487FEA 59 POP ECX + * 00487FEB 5D POP EBP + * 00487FEC C3 RETN + */ + using ulong = ULONG; +#define s1_call_ 0xe8 // near call, incomplete +#define s1_nop 0x90 // nop + + bool csmemcpy(void *dst, const void *src, size_t size) + { + // return memcpy_(dst, src, size); + + DWORD oldProtect; + if (!::VirtualProtect(dst, size, PAGE_EXECUTE_READWRITE, &oldProtect)) + return false; + // HANDLE hProc = OpenProcess(PROCESS_VM_OPERATION|PROCESS_VM_READ|PROCESS_VM_WRITE, FALSE, ::GetCurrentProcessId()); + // VirtualProtectEx(hProc, dst, size, PAGE_EXECUTE_READWRITE, &oldProtect); + + memcpy(dst, src, size); + + DWORD newProtect; + ::VirtualProtect(dst, size, oldProtect, &newProtect); // the error code is not checked for this function + // hProc = OpenProcess(PROCESS_VM_OPERATION|PROCESS_VM_READ|PROCESS_VM_WRITE, FALSE, ::GetCurrentProcessId()); + // VirtualProtectEx(hProc, dst, size, oldProtect, &newProtect); + + return true; + } + ulong replace_near_call(ulong addr, ulong val) + { + DWORD ret; + switch (::disasm((LPCVOID)addr)) + { + case 5: // near call / short jmp: relative address + ret = *(DWORD *)(addr + 1) + (addr + 5); + val -= addr + 5; + return csmemcpy((LPVOID)(addr + 1), &val, sizeof(val)) ? ret : 0; + case 6: // far car / long jmp: absolute address + { + ret = *(DWORD *)(addr + 2); + BYTE data[6]; + data[0] = s1_call_; + data[5] = s1_nop; + *(DWORD *)(data + 1) = val - (addr + 5); + return csmemcpy((LPVOID)addr, data, sizeof(data)) ? ret : 0; + } + default: + return 0; + } + } + ULONG patchEncoding(ULONG startAddress, ULONG stopAddress) + { + const uint8_t bytes[] = { + 0x6a, 0x00, // 00487fdf 6a 00 push 0x0 + 0xff, 0x75, 0x08, // 00487fe1 ff75 08 push dword ptr ss:[ebp+0x8] + 0xe8, 0xaa, 0xff, 0xff, 0xff // 00487fe4 e8 aaffffff call .00487f93 ; jichi: called here + }; + enum + { + addr_offset = 5 + }; + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), startAddress, stopAddress); + + return addr; //&& replace_near_call(addr + addr_offset, (ULONG)Private::isLeadByteChar); + } + + } // namespace PatchA + + namespace ScenarioHookA + { + + namespace Private + { + /* + void dispatch(LPSTR text, int role) + { + enum { sig = 0 }; + if (!Engine::isAddressWritable(text) || !*text) // isAddressWritable is not needed for correct games + return; + int size = ::strlen(text), + trimmedSize = size; + auto trimmedText = trim(text, &trimmedSize); + if (!trimmedSize || !*trimmedText) + return; + std::string oldData(trimmedText, trimmedSize), + newData = EngineController::instance()->dispatchTextASTD(oldData, role, sig); + if (newData == oldData) + return; + if (trimmedText[trimmedSize]) + newData.append(trimmedText + trimmedSize); //, size - trimmedSize - (trimmedText - text)); + ::strcpy(text, newData.c_str()); + } + */ + void hookBefore(hook_stack *s, HookParam *hp, TextBuffer *buffer, uintptr_t *role) + { + auto text = (LPSTR)s->eax; + if (!text) + return ; + // dispatch(text - 1024, Engine::NameRole); + // dispatch(text, Engine::ScenarioRole); + + enum + { + sig = 0 + }; + if (!Engine::isAddressWritable(text) || !*text) // isAddressWritable is not needed for correct games + return ; + int size = ::strlen(text), + trimmedSize = size; + auto trimmedText = trim(text, &trimmedSize); + if (!trimmedSize || !*trimmedText) + return ; + buffer->from(trimmedText, trimmedSize); + /*newData = EngineController::instance()->dispatchTextASTD(oldData, role, sig); + if (newData == oldData) + return; + if (trimmedText[trimmedSize]) + newData.append(trimmedText + trimmedSize); //, size - trimmedSize - (trimmedText - text)); + ::strcpy(text, newData.c_str()); + return true;*/ + } + void hookafter(hook_stack *s, void *data, size_t len) + { + + auto newData = std::string((char *)data, len); + auto text = (LPSTR)s->eax; + int size = ::strlen(text), + trimmedSize = size; + auto trimmedText = trim(text, &trimmedSize); + if (trimmedText[trimmedSize]) + newData.append(trimmedText + trimmedSize); //, size - trimmedSize - (trimmedText - text)); + ::strcpy(text, newData.c_str()); + } + } // namespace Private + + /** + * Sample games + * - [111028][PULLTOP] 神聖にして侵すべからず + * - Re:BIRTHDAY SONG~恋を唄う死神~(体験版) + * See: http://capita.tistory.com/m/post/84 + * + * ENCODEKOR,FORCEFONT(5),HOOK(0x0042B5E0,TRANS(0x004FFBF8,OVERWRITE(IGNORE)),RETNPOS(COPY),TRANS(0x004FF7F8,OVERWRITE(IGNORE))),HOOK(0x00413204,TRANS([ESP+0x1c],PTRCHEAT),RETNPOS(SOURCE)),HOOK(0x00424004,TRANS([ESP+0x1c],PTRCHEAT),RETNPOS(SOURCE)),HOOK(0x004242B9,TRANS([ESP+0x1c],PTRCHEAT),RETNPOS(SOURCE)),HOOK(0x00424109,TRANS([ESP+0x1c],PTRCHEAT),RETNPOS(SOURCE)) + * + * Scenario in eax + * Name in (eax - 1024) + * Memory can be directly overridden. + * + * 0042B5DE CC INT3 + * 0042B5DF CC INT3 + * 0042B5E0 81EC 14080000 SUB ESP,0x814 ; jichi: text in eax, name in eax - 1024, able to copy + * 0042B5E6 53 PUSH EBX + * 0042B5E7 55 PUSH EBP + * 0042B5E8 56 PUSH ESI + * 0042B5E9 33DB XOR EBX,EBX + * 0042B5EB 57 PUSH EDI + * 0042B5EC 8BF8 MOV EDI,EAX + * 0042B5EE 399C24 28080000 CMP DWORD PTR SS:[ESP+0x828],EBX + * 0042B5F5 75 13 JNZ SHORT .0042B60A + * 0042B5F7 68 74030000 PUSH 0x374 + * 0042B5FC 53 PUSH EBX + * 0042B5FD 68 7CC44F00 PUSH .004FC47C + * 0042B602 E8 09E60500 CALL .00489C10 + * 0042B607 83C4 0C ADD ESP,0xC + * 0042B60A 33F6 XOR ESI,ESI + * 0042B60C 895C24 1C MOV DWORD PTR SS:[ESP+0x1C],EBX + * 0042B610 895C24 10 MOV DWORD PTR SS:[ESP+0x10],EBX + * 0042B614 381F CMP BYTE PTR DS:[EDI],BL + * 0042B616 0F84 0D020000 JE .0042B829 + * 0042B61C 8D6424 00 LEA ESP,DWORD PTR SS:[ESP] + * 0042B620 8A4C37 01 MOV CL,BYTE PTR DS:[EDI+ESI+0x1] + * 0042B624 84C9 TEST CL,CL + * 0042B626 0F84 E6010000 JE .0042B812 + * 0042B62C 66:0FB6043E MOVZX AX,BYTE PTR DS:[ESI+EDI] + * 0042B631 8D2C3E LEA EBP,DWORD PTR DS:[ESI+EDI] + * 0042B634 66:C1E0 08 SHL AX,0x8 + * 0042B638 0FB7C0 MOVZX EAX,AX + * 0042B63B 0FB6C9 MOVZX ECX,CL + * 0042B63E 0BC1 OR EAX,ECX + * 0042B640 50 PUSH EAX + * 0042B641 E8 34B40500 CALL .00486A7A + * 0042B646 83C4 04 ADD ESP,0x4 + * 0042B649 85C0 TEST EAX,EAX + * 0042B64B 74 14 JE SHORT .0042B661 + * 0042B64D 66:8B55 00 MOV DX,WORD PTR SS:[EBP] + * 0042B651 66:89541C 24 MOV WORD PTR SS:[ESP+EBX+0x24],DX + * 0042B656 83C3 02 ADD EBX,0x2 + * 0042B659 83C6 02 ADD ESI,0x2 + * 0042B65C E9 BA010000 JMP .0042B81B + * 0042B661 807D 00 7B CMP BYTE PTR SS:[EBP],0x7B + * 0042B665 0F85 60010000 JNZ .0042B7CB + * 0042B66B 8BC3 MOV EAX,EBX + * 0042B66D 2B4424 1C SUB EAX,DWORD PTR SS:[ESP+0x1C] + * 0042B671 46 INC ESI + * 0042B672 33ED XOR EBP,EBP + * 0042B674 894424 20 MOV DWORD PTR SS:[ESP+0x20],EAX + * 0042B678 896C24 14 MOV DWORD PTR SS:[ESP+0x14],EBP + * 0042B67C 8D6424 00 LEA ESP,DWORD PTR SS:[ESP] + * 0042B680 8A0C3E MOV CL,BYTE PTR DS:[ESI+EDI] + * 0042B683 84C9 TEST CL,CL + * 0042B685 0F84 B5010000 JE .0042B840 + * 0042B68B 0FB64437 01 MOVZX EAX,BYTE PTR DS:[EDI+ESI+0x1] + * 0042B690 66:0FB6C9 MOVZX CX,CL + * 0042B694 66:C1E1 08 SHL CX,0x8 + * 0042B698 0FB7D1 MOVZX EDX,CX + * 0042B69B 0BC2 OR EAX,EDX + * 0042B69D 50 PUSH EAX + * 0042B69E E8 D7B30500 CALL .00486A7A + * 0042B6A3 83C4 04 ADD ESP,0x4 + * 0042B6A6 85C0 TEST EAX,EAX + * 0042B6A8 74 1A JE SHORT .0042B6C4 + * 0042B6AA 66:8B043E MOV AX,WORD PTR DS:[ESI+EDI] + * 0042B6AE 834424 14 02 ADD DWORD PTR SS:[ESP+0x14],0x2 + * 0042B6B3 66:89441C 24 MOV WORD PTR SS:[ESP+EBX+0x24],AX + * 0042B6B8 83C3 02 ADD EBX,0x2 + * 0042B6BB 895C24 10 MOV DWORD PTR SS:[ESP+0x10],EBX + * 0042B6BF 83C6 02 ADD ESI,0x2 + * 0042B6C2 ^EB BC JMP SHORT .0042B680 + * 0042B6C4 8A043E MOV AL,BYTE PTR DS:[ESI+EDI] + * 0042B6C7 3C 3A CMP AL,0x3A + * 0042B6C9 74 10 JE SHORT .0042B6DB + * 0042B6CB FF4424 14 INC DWORD PTR SS:[ESP+0x14] + * 0042B6CF 88441C 24 MOV BYTE PTR SS:[ESP+EBX+0x24],AL + * 0042B6D3 43 INC EBX + * 0042B6D4 895C24 10 MOV DWORD PTR SS:[ESP+0x10],EBX + * 0042B6D8 46 INC ESI + * 0042B6D9 ^EB A5 JMP SHORT .0042B680 + * 0042B6DB 896C24 18 MOV DWORD PTR SS:[ESP+0x18],EBP + * 0042B6DF 46 INC ESI + * 0042B6E0 8A0C3E MOV CL,BYTE PTR DS:[ESI+EDI] + * 0042B6E3 84C9 TEST CL,CL + * 0042B6E5 0F84 55010000 JE .0042B840 + * 0042B6EB 0FB64437 01 MOVZX EAX,BYTE PTR DS:[EDI+ESI+0x1] + * 0042B6F0 66:0FB6C9 MOVZX CX,CL + * 0042B6F4 66:C1E1 08 SHL CX,0x8 + * 0042B6F8 0FB7D1 MOVZX EDX,CX + * 0042B6FB 0BC2 OR EAX,EDX + * 0042B6FD 50 PUSH EAX + * 0042B6FE E8 77B30500 CALL .00486A7A + * 0042B703 83C4 04 ADD ESP,0x4 + * 0042B706 85C0 TEST EAX,EAX + * 0042B708 74 18 JE SHORT .0042B722 + * 0042B70A 66:8B043E MOV AX,WORD PTR DS:[ESI+EDI] + * 0042B70E FF4424 18 INC DWORD PTR SS:[ESP+0x18] + * 0042B712 66:89842C 240400>MOV WORD PTR SS:[ESP+EBP+0x424],AX + * 0042B71A 83C5 02 ADD EBP,0x2 + * 0042B71D 83C6 02 ADD ESI,0x2 + * 0042B720 ^EB BE JMP SHORT .0042B6E0 + * 0042B722 8A043E MOV AL,BYTE PTR DS:[ESI+EDI] + * 0042B725 3C 7D CMP AL,0x7D + * 0042B727 74 0E JE SHORT .0042B737 + * 0042B729 FF4424 18 INC DWORD PTR SS:[ESP+0x18] + * 0042B72D 88842C 24040000 MOV BYTE PTR SS:[ESP+EBP+0x424],AL + * 0042B734 45 INC EBP + * 0042B735 ^EB A8 JMP SHORT .0042B6DF + * 0042B737 8D8424 24040000 LEA EAX,DWORD PTR SS:[ESP+0x424] + * 0042B73E 46 INC ESI + * 0042B73F C6842C 24040000 >MOV BYTE PTR SS:[ESP+EBP+0x424],0x0 + * 0042B747 8D50 01 LEA EDX,DWORD PTR DS:[EAX+0x1] + * 0042B74A 8D9B 00000000 LEA EBX,DWORD PTR DS:[EBX] + * 0042B750 8A08 MOV CL,BYTE PTR DS:[EAX] + * 0042B752 40 INC EAX + * 0042B753 84C9 TEST CL,CL + * 0042B755 ^75 F9 JNZ SHORT .0042B750 + * 0042B757 2BC2 SUB EAX,EDX + * 0042B759 83F8 1E CMP EAX,0x1E + * 0042B75C 0F87 DE000000 JA .0042B840 + * 0042B762 8B15 7CC44F00 MOV EDX,DWORD PTR DS:[0x4FC47C] + * 0042B768 83FA 14 CMP EDX,0x14 + * 0042B76B 0F8D AE000000 JGE .0042B81F + * 0042B771 6BD2 2C IMUL EDX,EDX,0x2C + * 0042B774 8D8C24 24040000 LEA ECX,DWORD PTR SS:[ESP+0x424] + * 0042B77B 81C2 8CC44F00 ADD EDX,.004FC48C + * 0042B781 8A01 MOV AL,BYTE PTR DS:[ECX] + * 0042B783 8802 MOV BYTE PTR DS:[EDX],AL + * 0042B785 41 INC ECX + * 0042B786 42 INC EDX + * 0042B787 84C0 TEST AL,AL + * 0042B789 ^75 F6 JNZ SHORT .0042B781 + * 0042B78B 8B0D 7CC44F00 MOV ECX,DWORD PTR DS:[0x4FC47C] + * 0042B791 8B5424 14 MOV EDX,DWORD PTR SS:[ESP+0x14] + * 0042B795 6BC9 2C IMUL ECX,ECX,0x2C + * 0042B798 8991 88C44F00 MOV DWORD PTR DS:[ECX+0x4FC488],EDX + * 0042B79E A1 7CC44F00 MOV EAX,DWORD PTR DS:[0x4FC47C] + * 0042B7A3 8B4C24 20 MOV ECX,DWORD PTR SS:[ESP+0x20] + * 0042B7A7 6BC0 2C IMUL EAX,EAX,0x2C + * 0042B7AA 8988 80C44F00 MOV DWORD PTR DS:[EAX+0x4FC480],ECX + * 0042B7B0 8B15 7CC44F00 MOV EDX,DWORD PTR DS:[0x4FC47C] + * 0042B7B6 8B4424 18 MOV EAX,DWORD PTR SS:[ESP+0x18] + * 0042B7BA 6BD2 2C IMUL EDX,EDX,0x2C + * 0042B7BD 8982 84C44F00 MOV DWORD PTR DS:[EDX+0x4FC484],EAX + * 0042B7C3 FF05 7CC44F00 INC DWORD PTR DS:[0x4FC47C] + * 0042B7C9 EB 54 JMP SHORT .0042B81F + * 0042B7CB 55 PUSH EBP + * 0042B7CC E8 7F000000 CALL .0042B850 + * 0042B7D1 8BD8 MOV EBX,EAX + * 0042B7D3 83C4 04 ADD ESP,0x4 + * 0042B7D6 85DB TEST EBX,EBX + * 0042B7D8 74 23 JE SHORT .0042B7FD + * 0042B7DA 53 PUSH EBX + * 0042B7DB 55 PUSH EBP + * 0042B7DC 8B6C24 18 MOV EBP,DWORD PTR SS:[ESP+0x18] + * 0042B7E0 8D4C2C 2C LEA ECX,DWORD PTR SS:[ESP+EBP+0x2C] + * 0042B7E4 51 PUSH ECX + * 0042B7E5 E8 A6E40500 CALL .00489C90 + * 0042B7EA 03EB ADD EBP,EBX + * 0042B7EC 03F3 ADD ESI,EBX + * 0042B7EE 83C4 0C ADD ESP,0xC + * 0042B7F1 015C24 1C ADD DWORD PTR SS:[ESP+0x1C],EBX + * 0042B7F5 896C24 10 MOV DWORD PTR SS:[ESP+0x10],EBP + * 0042B7F9 8BDD MOV EBX,EBP + * 0042B7FB EB 22 JMP SHORT .0042B81F + * 0042B7FD 8B4424 10 MOV EAX,DWORD PTR SS:[ESP+0x10] + * 0042B801 8A55 00 MOV DL,BYTE PTR SS:[EBP] + * 0042B804 40 INC EAX + * 0042B805 885404 23 MOV BYTE PTR SS:[ESP+EAX+0x23],DL + * 0042B809 894424 10 MOV DWORD PTR SS:[ESP+0x10],EAX + * 0042B80D 46 INC ESI + * 0042B80E 8BD8 MOV EBX,EAX + * 0042B810 EB 0D JMP SHORT .0042B81F + * 0042B812 8A043E MOV AL,BYTE PTR DS:[ESI+EDI] + * 0042B815 88441C 24 MOV BYTE PTR SS:[ESP+EBX+0x24],AL + * 0042B819 43 INC EBX + * 0042B81A 46 INC ESI + * 0042B81B 895C24 10 MOV DWORD PTR SS:[ESP+0x10],EBX + * 0042B81F 803C3E 00 CMP BYTE PTR DS:[ESI+EDI],0x0 + * 0042B823 ^0F85 F7FDFFFF JNZ .0042B620 + * 0042B829 8D4424 24 LEA EAX,DWORD PTR SS:[ESP+0x24] + * 0042B82D 8BC8 MOV ECX,EAX + * 0042B82F C6441C 24 00 MOV BYTE PTR SS:[ESP+EBX+0x24],0x0 + * 0042B834 2BF9 SUB EDI,ECX + * 0042B836 8A08 MOV CL,BYTE PTR DS:[EAX] + * 0042B838 880C07 MOV BYTE PTR DS:[EDI+EAX],CL + * 0042B83B 40 INC EAX + * 0042B83C 84C9 TEST CL,CL + * 0042B83E ^75 F6 JNZ SHORT .0042B836 + * 0042B840 5F POP EDI + * 0042B841 5E POP ESI + * 0042B842 5D POP EBP + * 0042B843 5B POP EBX + * 0042B844 81C4 14080000 ADD ESP,0x814 + * 0042B84A C3 RETN + * 0042B84B CC INT3 + * 0042B84C CC INT3 + * 0042B84D CC INT3 + * 0042B84E CC INT3 + * + * Skip scenario text: + * 00438EF1 51 PUSH ECX + * 00438EF2 56 PUSH ESI + * 00438EF3 57 PUSH EDI + * 00438EF4 52 PUSH EDX + * 00438EF5 6A 03 PUSH 0x3 ; jichi: scenario arg1 is always 3 + * 00438EF7 E8 14F3FDFF CALL .00418210 ; jichi: text called here + * 00438EFC 894424 4C MOV DWORD PTR SS:[ESP+0x4C],EAX + * 00438F00 8D4424 78 LEA EAX,DWORD PTR SS:[ESP+0x78] + * 00438F04 83C4 30 ADD ESP,0x30 + * 00438F07 897C24 34 MOV DWORD PTR SS:[ESP+0x34],EDI + * 00438F0B 897424 38 MOV DWORD PTR SS:[ESP+0x38],ESI + * 00438F0F 8D48 01 LEA ECX,DWORD PTR DS:[EAX+0x1] + * 00438F12 8A10 MOV DL,BYTE PTR DS:[EAX] + * 00438F14 40 INC EAX + * 00438F15 84D2 TEST DL,DL + */ + bool attach(ULONG startAddress, ULONG stopAddress) + { + const uint8_t bytes[] = { + 0x81, 0xec, 0x14, 0x08, 0x00, 0x00 // 0042B5E0 81EC 14080000 SUB ESP,0x814 ; jichi: text in eax, name in eax - 1024, able to copy + }; + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), startAddress, stopAddress); + if (addr == 0) + return false; + HookParam hp; + hp.address = addr; + + hp.text_fun = Private::hookBefore; + hp.type = EMBED_ABLE|NO_CONTEXT; + hp.newlineseperator = L"\\n"; + hp.hook_after = Private::hookafter; + hp.hook_font = F_GetGlyphOutlineA | F_TextOutA; + static ULONG paddr = (PatchA::patchEncoding(startAddress, stopAddress)); + ConsoleOutput("%p", paddr); + if (paddr) + { + hp.type |= EMBED_DYNA_SJIS; + hp.hook_font = F_GetGlyphOutlineA | F_TextOutA; + patch_fun = []() + { + PatchA::replace_near_call(paddr + 5, (ULONG)PatchA::Private::isLeadByteChar); + }; + } + return NewHook(hp, "EmbedWillplusA"); + } + + } // namespace ScenarioHookA + + namespace OtherHookA + { + + namespace Private + { + + void hookBefore(hook_stack *s, HookParam *hp, TextBuffer *buffer, uintptr_t *role) + { + static std::string data_; + if (s->stack[1] == 3) // skip scenario hook where arg1 is 3 + return ; + auto text = (LPCSTR)s->stack[8]; // text in arg8 + if (!Engine::isAddressReadable(text) || !*text || ::strlen(text) <= 2) // do not translate single character + return ; + *role = Engine::OtherRole; + buffer->from_cs(text); + } + + } // namespace Private + + /** + * Sample games: Re:BIRTHDAY SONG~恋を唄う死神~(体験版) + * + * There are two GetGlyphOutlineA, that are called in the same functions. + * + * Caller of GetGlyphOutlineA, text in arg8. + */ + bool attach(ULONG startAddress, ULONG stopAddress) + { + ULONG addr = MemDbg::findCallerAddressAfterInt3((ULONG)::GetGlyphOutlineA, startAddress, stopAddress); + if (addr == 0) + return false; + HookParam hp; + hp.address = addr; + hp.text_fun = Private::hookBefore; + hp.type = EMBED_ABLE | EMBED_DYNA_SJIS | EMBED_AFTER_OVERWRITE|NO_CONTEXT; + hp.offset = get_stack(8); + return NewHook(hp, "EmbedWillplus_other"); + } + + } // namespace OtherHookA + +} // unnamed namespace + +/** Public class */ +namespace WillPlusEngine +{ + bool attach() + { + ULONG startAddress = processStartAddress, stopAddress = processStopAddress; + + if (::attachScenarioHookW1(startAddress, stopAddress) || ::attachScenarioHookW2(startAddress, stopAddress)) + { + + (::attachNameHookW(startAddress, stopAddress)); + + (::attachOtherHookW(startAddress, stopAddress)); + + return true; + } + else if (ScenarioHookA::attach(startAddress, stopAddress)) + { // try widechar pattern first, which is more unique + + (OtherHookA::attach(startAddress, stopAddress)); + // HijackManager::instance()->attachFunction((ULONG)::GetGlyphOutlineA); + // HijackManager::instance()->attachFunction((ULONG)::TextOutA); // not called. hijack in case it is used + return true; + } + + return false; + } +} + +namespace +{ + + static bool InsertWillPlus4() + { + // by Blu3train + /* + * Sample games: + * https://vndb.org/r71235 + */ + const BYTE bytes[] = { + 0x33, 0xC9, // xor ecx,ecx <-- hook + 0x8B, 0xC7, // mov eax,edi + 0xC7, 0x84, 0x24, XX4, XX4, // mov [esp+000001E0],00000007 + 0x89, 0x9C, 0x24, XX4 // mov [esp+000001DC],ebx + }; + ULONG range = min(processStopAddress - processStartAddress, MAX_REL_ADDR); + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStartAddress + range); + if (!addr) + { + ConsoleOutput("WillPlus4: pattern not found"); + return false; + } + + HookParam hp = {}; + hp.address = addr; + hp.offset = get_reg(regs::edi); + hp.type = CODEC_UTF16 | USING_STRING; + hp.filter_fun = WillPlus_extra_filter; + ConsoleOutput("INSERT WillPlus4"); + NewHook(hp, "WillPlus4"); + return true; + } + + static bool InsertWillPlus5() + { + // by Blu3train + /* + * Sample games: + * https://vndb.org/v29881 + */ + const BYTE bytes[] = { + 0xE8, XX4, // call AdvHD.exe+38550 <-- hook here + 0x8B, 0x4B, 0x08, // mov ecx,[ebx+08] + 0x89, 0x8F, XX4, // mov [edi+0000014C],ecx + 0x85, 0xC9, // test ecx,ecx + 0x74, 0x04 // je AdvHD.exe+396C6 + }; + ULONG range = min(processStopAddress - processStartAddress, MAX_REL_ADDR); + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStartAddress + range); + if (!addr) + { + ConsoleOutput("WillPlus5: pattern not found"); + return false; + } + + HookParam hp = {}; + hp.address = addr; + hp.offset = get_reg(regs::esi); + hp.index = 0; + hp.split = get_reg(regs::ebx); + hp.split_index = 0; + hp.type = CODEC_UTF16 | USING_STRING | NO_CONTEXT | USING_SPLIT; + hp.filter_fun = WillPlus_extra_filter; + ConsoleOutput("INSERT WillPlus5"); + NewHook(hp, "WillPlus5"); + return true; + } + + bool _xxx() + { + bool ok = false; + ok = InsertWillPlus4() || ok; + ok = InsertWillPlus5() || ok; + return ok; + } +} + +bool WillPlus::attach_function() +{ + bool succ = WillPlusEngine::attach(); + succ |= InsertWillPlusHook(); + succ |= InsertWillPlus4Hook(); + succ |= InsertWillPlus5Hook(); + succ |= insertwillplus6(); + succ |= willX(); + succ |= _xxx(); + + return succ; +} + +bool Willold::attach_function() +{ + // https://vndb.org/v17755 + // 凌辱鬼 + auto addr = MemDbg::findLongJumpAddress((ULONG)TextOutA, processStartAddress, processStopAddress); + if (addr == 0) + return false; + addr = MemDbg::findNearCallAddress(addr, processStartAddress, processStopAddress); + if (addr == 0) + return false; + addr = findfuncstart(addr, 0x200); + if (addr == 0) + return false; + HookParam hp; + hp.address = addr; + hp.type = USING_CHAR | CODEC_ANSI_BE; + hp.offset = get_stack(1); + return NewHook(hp, "will"); +} \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine32/WillPlus.h b/cpp/LunaHook/LunaHook/engine32/WillPlus.h new file mode 100644 index 00000000..e5001e9d --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/WillPlus.h @@ -0,0 +1,31 @@ + + +class WillPlus:public ENGINE{ + public: + WillPlus(){ + + check_by=CHECK_BY::FILE_ALL; + check_by_target=check_by_list{L"Rio.arc",L"Chip*.arc"}; + }; + bool attach_function(); +}; + +class Willold:public ENGINE{ + public: + Willold(){ + //https://vndb.org/v17755 + //凌辱鬼 + check_by=CHECK_BY::CUSTOM; + check_by_target=[](){ + auto _={L"*.BIN",L"DATA\\*.ENV",L"DATA\\*.WBP"}; + auto checkfile= std::all_of(_.begin(),_.end(),Util::CheckFile); + if(checkfile){ + auto __=R"(Software\WILL\)"; + checkfile&=!!MemDbg::findBytes(__,strlen(__),processStartAddress,processStopAddress); + } + return checkfile; + }; + + } + bool attach_function(); +}; \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine32/Wolf.cpp b/cpp/LunaHook/LunaHook/engine32/Wolf.cpp new file mode 100644 index 00000000..913547a1 --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/Wolf.cpp @@ -0,0 +1,918 @@ +#include "Wolf.h" +/** + * jichi 10/12/2014 + * P.S.: Another approach + * See: http://tieba.baidu.com/p/2425786155 + * Quote: + * I guess this post should go in here. I got sick of AGTH throwing a fit when entering the menus in Wolf RPG games, so I did some debugging. This is tested and working properly with lots of games. If you find one that isn't covered then please PM me and I'll look into it. + * + * Wolf RPG H-code - Use whichever closest matches your Game.exe + * /HBN*0@454C6C (2010/10/09 : 2,344KB : v1.31) + * /HBN*0@46BA03 (2011/11/22 : 2,700KB : v2.01) + * /HBN*0@470CEA (2012/05/07 : 3,020KB : v2.02) + * /HBN*0@470D5A (2012/06/10 : 3,020KB : v2.02a) + * + * ith_p.cc:Ith::parseHookCode: enter: code = "/HBN*0@470CEA" + * - addr: 4656362 , + * - length_offset: 1 + * - type: 1032 = 0x408 + * + * Use /HB instead of /HBN if you want to split dialogue text and menu text into separate threads. + * Also set the repetition trace parameters in AGTH higher or it won't work properly with text-heavy menus. 64 x 16 seems to work fine. + * + * Issues: + * AGTH still causes a bit of lag when translating menus if you have a lot of skills or items. + * Using ITH avoids this problem, but it sometimes has issues with repetition detection which can be fixed by quickly deselecting and reselecting the game window; Personally I find this preferable to menu and battle slowdown that AGTH sometimes causes, but then my PC is pretty slow so you might not have that problem. + * + * Minimising the AGTH/ITH window generally makes the game run a bit smoother as windows doesn't need to keep scrolling the text box as new text is added. + * + * RPG Maker VX H-code: + * Most games are detected automatically and if not then by using the AGTH /X or /X2 or /X3 parameters. + * + * Games that use TRGSSX.dll may have issues with detection (especially with ITH). + * If TRGSSX.dll is included with the game then this code should work: + * /HQN@D3CF:TRGSSX.dll + * + * With this code, using AGTH to start the process will not work. You must start the game normally and then hook the process afterwards. + * ITH has this functionality built into the interface. AGTH requires the /PN command line argument, for example: + * agth /PNGame.exe /HQN@D3CF:TRGSSX.dll /C + * + * Again, drop the N to split dialogue and menu text into separate threads. + */ +namespace +{ // WolfRPG + // jichi 10/13/2013: restored + bool InsertOldWolfHook() + { + // jichi 10/12/2013: + // Step 1: find the address of GetTextMetricsA + // Step 2: find where this function is called + // Step 3: search "sub esp, XX" after where it is called + enum + { + sub_esp = 0xec81 + }; // jichi: caller pattern: sub esp = 0x81,0xec + if (DWORD c1 = Util::FindCallAndEntryAbs((DWORD)GetTextMetricsA, processStopAddress - processStartAddress, processStartAddress, sub_esp)) + if (DWORD c2 = Util::FindCallOrJmpRel(c1, processStopAddress - processStartAddress, processStartAddress, 0)) + { + union + { + DWORD i; + WORD *k; + }; + DWORD j; + for (i = c2 - 0x100, j = c2 - 0x400; i > j; i--) + if (*k == 0xec83) + { // jichi 10/12/2013: 83 EC XX sub esp, XX See: http://lists.cs.uiuc.edu/pipermail/llvm-commits/Week-of-Mon-20120312.txt + HookParam hp; + hp.address = i; + hp.offset = get_reg(regs::ecx); + hp.split = get_reg(regs::esp); + hp.type = DATA_INDIRECT | USING_SPLIT; + // GROWL_DWORD(hp.address); // jichi 6/5/2014: 淫乱勀��フィのRPG = 0x50a400 + ConsoleOutput("INSERT WolfRPG"); + return NewHook(hp, "WolfRPG"); + } + } + + // ConsoleOutput("Unknown WolfRPG engine."); + ConsoleOutput("WolfRPG: failed"); + return false; + } + + // example-game:妹!せいかつ~ファンタジー~ by:iov + bool InsertWolf3Hook() + { + const BYTE bytes[] = {0xC7, 0x45, 0xFC, 0x00, 0x00, 0x00, 0x00, 0x8B, 0x45, 0x94, 0x83, 0xE0, 0x01}; + ULONG range = min(processStopAddress - processStartAddress, MAX_REL_ADDR); + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStartAddress + range); + if (!addr) + { + ConsoleOutput("WolfRPG: pattern3 not found"); + return false; + } + + HookParam myhp; + myhp.address = addr + 41; + + myhp.type = USING_STRING | NO_CONTEXT; + myhp.offset = get_reg(regs::eax); + myhp.type |= DATA_INDIRECT; + + myhp.index = 4; + + char nameForUser[HOOK_NAME_SIZE] = "WolfRPG_String_Copy"; + + ConsoleOutput("Insert: WolfRPG_String_Copy Hook"); + return NewHook(myhp, nameForUser); + } + + bool InsertWolf4Hook() + { + const BYTE bytes[] = {0xC6, 0x45, 0xFC, 0x29, 0x8B, 0x8D, 0xE0, 0xEF, 0xFF, 0xFF, 0xE8, XX4, 0x50, 0x8B, 0x4D, 0xE8, 0x2B, 0x4D, 0xEC}; + ULONG range = min(processStopAddress - processStartAddress, MAX_REL_ADDR); + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStartAddress + range); + if (!addr) + { + ConsoleOutput("WolfRPG: pattern4 not found"); + return false; + } + + HookParam myhp; + myhp.address = addr + 16; + + myhp.type = USING_STRING | NO_CONTEXT; + myhp.offset = get_reg(regs::eax); + // myhp.type |= DATA_INDIRECT; + + // myhp.index = 4; + + char nameForUser[HOOK_NAME_SIZE] = "WolfRPG4"; + + ConsoleOutput("Insert: WolfRPG4 Hook"); + return NewHook(myhp, nameForUser); + } + +} // WolfRPG namespace + +bool InsertWolfHook() +{ + // return InsertOldWolfHook(), InsertWolf2Hook(), InsertWolf3Hook(), InsertWolf4Hook(); + return InsertOldWolfHook(), InsertWolf3Hook(), InsertWolf4Hook(); +} +namespace +{ + + bool commonfilter(void *data, size_t *len, HookParam *hp) + { + auto str = std::string(reinterpret_cast(data), *len); + bool checkchaos = WideStringToString(StringToWideString(str)) != str; + if (checkchaos) + return false; + bool check1 = str.find("/") != str.npos || str.find("\\") != str.npos; + auto hashsuffix = [str]() + { + auto filterpath = { + ".png", ".jpg", ".bmp", + ".mp3", ".ogg", + ".webm", ".mp4", + ".otf", ".mps"}; + for (auto _ : filterpath) + if (str.find(_) != str.npos) + return true; + return false; + }; + bool check2 = hashsuffix(); + bool check3 = all_ascii((const char *)data, *len); + if (check1 && (check2 || check3)) + return false; + return true; + } + bool hook5_1(DWORD addr_1) + { + // RJ338582 + // 妹!せいかつ ~ファンタジー~1.4.5 + const BYTE bytes[] = { + 0x6a, 0x01, + 0x68, XX4, + 0x68, XX4, + 0x6a, 0x01, + 0x6a, 0x00, + 0xFF, 0x77, 0x10, + 0xFF, 0x77, 0x18, + 0xE8}; + auto addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStopAddress); + if (addr == 0) + return false; + auto off = (*((DWORD *)(sizeof(bytes) + addr))); + auto _calladdr = addr + sizeof(bytes) + 4 + off; + if (addr_1 != _calladdr) + return false; + + HookParam hp; + hp.address = addr + sizeof(bytes) - 1; + hp.offset = get_stack(7); + hp.type = USING_STRING | CODEC_UTF8 | EMBED_ABLE | EMBED_AFTER_OVERWRITE ; + hp.filter_fun = commonfilter; + return NewHook(hp, "Wolf5_1"); + } + bool hook5() + { + //[220901][あせろら] 寝取られ新妻モニカ~ツンデレな奥さんのHなお仕事~ + const BYTE bytes[] = { + 0x80, 0x38, 0x40, + 0x0f, 0x85, XX4, + 0x57, + 0x68, XX4, + 0x8d, XX2, + 0xe8}; + auto addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStopAddress); + if (addr == 0) + return false; + addr = MemDbg::findEnclosingAlignedFunction(addr); + + if (addr == 0) + return false; + if (hook5_1(addr)) + return true; + HookParam hp; + hp.address = addr; + hp.offset = get_stack(8); + hp.type = USING_STRING | CODEC_UTF8 | EMBED_ABLE | EMBED_AFTER_OVERWRITE ; + hp.filter_fun = commonfilter; + return NewHook(hp, "Wolf5"); + } + bool hook6() + { + //[220901][あせろら] 寝取られ新妻モニカ~ツンデレな奥さんのHなお仕事~ + const BYTE bytes[] = { + 0xB8, 0x00, 0x00, 0x00, 0x80, + 0x83, 0xC0, 0x23}; + bool ok = false; + auto addrs = Util::SearchMemory(bytes, sizeof(bytes), PAGE_EXECUTE, processStartAddress, processStopAddress); + for (auto addr : addrs) + { + addr = MemDbg::findEnclosingAlignedFunction(addr); + + if (addr == 0) + continue; + HookParam hp; + hp.address = (DWORD)addr; + hp.offset = get_stack(3); + hp.type = USING_STRING | CODEC_UTF8; + hp.filter_fun = commonfilter; + ok |= NewHook(hp, "Wolf6"); + } + + return ok; + } + bool hook56() + { + bool _1 = hook5(); + bool _2 = hook6(); + return _1 || _2; + } +} + +namespace +{ // unnamed + + namespace ScenarioHook + { + + namespace Private + { + + struct TextListElement // ecx, this structure saved a list of element + { + DWORD flag1; // should be zero when text is valid + LPSTR text; + DWORD flag2; + DWORD flag3; + DWORD flag4; + int size, + capacity; // 0xe8, capacity of the data including \0 + + bool isScenarioText() const + { + return flag1 == 0 && flag2 == 0 && flag3 == 0 && flag4 == 0; + } + + bool isValid() const + { + return size > 0 && size <= capacity && Engine::isAddressReadable(text, capacity) && size == ::strlen(text); + } + }; + + // Skip non-printable and special ASCII characters on the left + inline char *ltrim(char *s) + { + while (*s && (uint8_t)*s <= 39) + s++; + return s; + } + std::unordered_set dataSet_; + void hookBefore(hook_stack *s, HookParam *hp, TextBuffer *buffer, uintptr_t *role) + { + // enum { DataQueueCapacity = 30 }; + + auto self = (TextListElement *)s->ecx; // ecx is actually a list of element + if (self->isValid()) + { + char *text = ltrim(self->text); + if (*text) + { + std::string data = text; + if (dataSet_.find(data) == dataSet_.end()) + { + auto role = text == self->text && self->isScenarioText() ? Engine::ScenarioRole : Engine::OtherRole; + auto split = s->stack[0]; // retaddr + // auto sig = Engine::hashThreadSignature(role, split); + + enum + { + SendAllowed = true + }; + bool timeout; + int prefixSize = text - self->text, + capacity = self->capacity - prefixSize; + buffer->from(data); + return ; + + // data = EngineController::instance()->dispatchTextASTD(data, role, sig, capacity, SendAllowed, &timeout); + // if (timeout) + // return true; + + // dataSet_.insert(data); + + // ::memcpy(text, data.c_str(), min(data.size() + 1, capacity)); + // self->size = data.size() + prefixSize; + } + } + } + } + void hookafter2(hook_stack *s, void *data1, size_t len) + { + + auto newData = std::string((char *)data1, len); + + auto self = (TextListElement *)s->ecx; // ecx is actually a list of element + if (self->isValid()) + { + char *text = ltrim(self->text); + if (*text) + { + std::string data = text; + if (dataSet_.find(data) == dataSet_.end()) + { + auto role = text == self->text && self->isScenarioText() ? Engine::ScenarioRole : Engine::OtherRole; + auto split = s->stack[0]; // retaddr + // auto sig = Engine::hashThreadSignature(role, split); + + enum + { + SendAllowed = true + }; + bool timeout; + int prefixSize = text - self->text, + capacity = self->capacity - prefixSize; + + data = newData; + dataSet_.insert(data); + + ::memcpy(text, data.c_str(), min(data.size() + 1, capacity)); + self->size = data.size() + prefixSize; + } + } + } + } + } // namespace Private + + /** + * Sample game: DRAGON SLAVE + * + * This function is very long and contains many CharNextA. + * + * 0046CCBD CC INT3 + * 0046CCBE CC INT3 + * 0046CCBF CC INT3 + * 0046CCC0 55 PUSH EBP ; jichi: hook here, text list in ecx + * 0046CCC1 8BEC MOV EBP,ESP + * 0046CCC3 6A FF PUSH -0x1 + * 0046CCC5 68 62496900 PUSH Game.00694962 + * 0046CCCA 64:A1 00000000 MOV EAX,DWORD PTR FS:[0] + * 0046CCD0 50 PUSH EAX + * 0046CCD1 64:8925 00000000 MOV DWORD PTR FS:[0],ESP + * 0046CCD8 81EC A4030000 SUB ESP,0x3A4 + * 0046CCDE A1 6CE36C00 MOV EAX,DWORD PTR DS:[0x6CE36C] + * 0046CCE3 33C5 XOR EAX,EBP + * 0046CCE5 8945 F0 MOV DWORD PTR SS:[EBP-0x10],EAX + * 0046CCE8 56 PUSH ESI + * 0046CCE9 57 PUSH EDI + * 0046CCEA 898D C4FDFFFF MOV DWORD PTR SS:[EBP-0x23C],ECX + * 0046CCF0 68 F9D86900 PUSH Game.0069D8F9 + * 0046CCF5 8B85 C4FDFFFF MOV EAX,DWORD PTR SS:[EBP-0x23C] + * 0046CCFB 83C0 1C ADD EAX,0x1C + * 0046CCFE 50 PUSH EAX + * 0046CCFF E8 4CF10400 CALL Game.004BBE50 + * 0046CD04 83C4 08 ADD ESP,0x8 + * 0046CD07 0FB6C8 MOVZX ECX,AL + * 0046CD0A 85C9 TEST ECX,ECX + * 0046CD0C 74 05 JE SHORT Game.0046CD13 + * 0046CD0E E9 CD460000 JMP Game.004713E0 + * 0046CD13 8B95 C4FDFFFF MOV EDX,DWORD PTR SS:[EBP-0x23C] + * 0046CD19 83C2 38 ADD EDX,0x38 + * 0046CD1C 52 PUSH EDX + * 0046CD1D 8B85 C4FDFFFF MOV EAX,DWORD PTR SS:[EBP-0x23C] + * 0046CD23 83C0 1C ADD EAX,0x1C + * 0046CD26 50 PUSH EAX + * 0046CD27 E8 04F30400 CALL Game.004BC030 + * 0046CD2C 83C4 08 ADD ESP,0x8 + * 0046CD2F 0FB6C8 MOVZX ECX,AL + * 0046CD32 85C9 TEST ECX,ECX + * 0046CD34 74 0B JE SHORT Game.0046CD41 + * 0046CD36 8B8D C4FDFFFF MOV ECX,DWORD PTR SS:[EBP-0x23C] + * 0046CD3C E8 4F490000 CALL Game.00471690 ; jichi: hook after here + * 0046CD41 A1 30456F00 MOV EAX,DWORD PTR DS:[0x6F4530] + * 0046CD46 99 CDQ + * 0046CD47 B9 64000000 MOV ECX,0x64 + * 0046CD4C F7F9 IDIV ECX + * 0046CD4E 8985 C0FDFFFF MOV DWORD PTR SS:[EBP-0x240],EAX + * 0046CD54 DB85 C0FDFFFF FILD DWORD PTR SS:[EBP-0x240] + * 0046CD5A DC4D 0C FMUL QWORD PTR SS:[EBP+0xC] + * 0046CD5D DD5D 0C FSTP QWORD PTR SS:[EBP+0xC] + * 0046CD60 A1 30456F00 MOV EAX,DWORD PTR DS:[0x6F4530] + * 0046CD65 99 CDQ + * 0046CD66 B9 64000000 MOV ECX,0x64 + * 0046CD6B F7F9 IDIV ECX + * 0046CD6D 8985 BCFDFFFF MOV DWORD PTR SS:[EBP-0x244],EAX + * 0046CD73 DB85 BCFDFFFF FILD DWORD PTR SS:[EBP-0x244] + * 0046CD79 DC4D 14 FMUL QWORD PTR SS:[EBP+0x14] + * 0046CD7C DD5D 14 FSTP QWORD PTR SS:[EBP+0x14] + * 0046CD7F 8B15 C0A86F00 MOV EDX,DWORD PTR DS:[0x6FA8C0] + * 0046CD85 83E2 01 AND EDX,0x1 + * 0046CD88 75 32 JNZ SHORT Game.0046CDBC + * 0046CD8A A1 C0A86F00 MOV EAX,DWORD PTR DS:[0x6FA8C0] + * 0046CD8F 83C8 01 OR EAX,0x1 + * 0046CD92 A3 C0A86F00 MOV DWORD PTR DS:[0x6FA8C0],EAX + * 0046CD97 C745 FC 00000000 MOV DWORD PTR SS:[EBP-0x4],0x0 + * 0046CD9E B9 B0A86F00 MOV ECX,Game.006FA8B0 + * 0046CDA3 E8 78210300 CALL Game.0049EF20 + * 0046CDA8 68 20806900 PUSH Game.00698020 + * 0046CDAD E8 0B020600 CALL Game.004CCFBD + * 0046CDB2 83C4 04 ADD ESP,0x4 + * 0046CDB5 C745 FC FFFFFFFF MOV DWORD PTR SS:[EBP-0x4],-0x1 + * 0046CDBC 0FB60D C0E26C00 MOVZX ECX,BYTE PTR DS:[0x6CE2C0] + * 0046CDC3 85C9 TEST ECX,ECX + * 0046CDC5 0F84 63010000 JE Game.0046CF2E + * 0046CDCB C605 C0E26C00 00 MOV BYTE PTR DS:[0x6CE2C0],0x0 + * 0046CDD2 6A 50 PUSH 0x50 + * 0046CDD4 B9 90436F00 MOV ECX,Game.006F4390 + * 0046CDD9 E8 C2190300 CALL Game.0049E7A0 + * 0046CDDE 6A 50 PUSH 0x50 + * 0046CDE0 B9 B0436F00 MOV ECX,Game.006F43B0 + * 0046CDE5 E8 B6190300 CALL Game.0049E7A0 + * 0046CDEA 6A 50 PUSH 0x50 + * 0046CDEC B9 A0436F00 MOV ECX,Game.006F43A0 + * 0046CDF1 E8 AA190300 CALL Game.0049E7A0 + * 0046CDF6 6A 50 PUSH 0x50 + * 0046CDF8 B9 C0436F00 MOV ECX,Game.006F43C0 + * 0046CDFD E8 9E190300 CALL Game.0049E7A0 + * 0046CE02 6A 0C PUSH 0xC + * 0046CE04 B9 003B6F00 MOV ECX,Game.006F3B00 + * 0046CE09 E8 F20CFEFF CALL Game.0044DB00 + * 0046CE0E 50 PUSH EAX + * 0046CE0F B9 B0A86F00 MOV ECX,Game.006FA8B0 + * 0046CE14 E8 87190300 CALL Game.0049E7A0 + * 0046CE19 C745 80 00000000 MOV DWORD PTR SS:[EBP-0x80],0x0 + * 0046CE20 EB 09 JMP SHORT Game.0046CE2B + * 0046CE22 8B55 80 MOV EDX,DWORD PTR SS:[EBP-0x80] + * 0046CE25 83C2 01 ADD EDX,0x1 + * 0046CE28 8955 80 MOV DWORD PTR SS:[EBP-0x80],EDX + * 0046CE2B 6A 0C PUSH 0xC + * 0046CE2D B9 003B6F00 MOV ECX,Game.006F3B00 + * 0046CE32 E8 C90CFEFF CALL Game.0044DB00 + * 0046CE37 3945 80 CMP DWORD PTR SS:[EBP-0x80],EAX + * 0046CE3A 0F8D EE000000 JGE Game.0046CF2E + * 0046CE40 6A 00 PUSH 0x0 + * 0046CE42 6A 02 PUSH 0x2 + * 0046CE44 8B45 80 MOV EAX,DWORD PTR SS:[EBP-0x80] + * 0046CE47 50 PUSH EAX + * 0046CE48 6A 0C PUSH 0xC + * 0046CE4A B9 003B6F00 MOV ECX,Game.006F3B00 + * 0046CE4F E8 0CF2FDFF CALL Game.0044C060 + * 0046CE54 85C0 TEST EAX,EAX + * 0046CE56 7D 0C JGE SHORT Game.0046CE64 + * 0046CE58 C785 B8FDFFFF 00>MOV DWORD PTR SS:[EBP-0x248],0x0 + * 0046CE62 EB 1A JMP SHORT Game.0046CE7E + * 0046CE64 6A 00 PUSH 0x0 + * 0046CE66 6A 02 PUSH 0x2 + * 0046CE68 8B4D 80 MOV ECX,DWORD PTR SS:[EBP-0x80] + * 0046CE6B 51 PUSH ECX + * 0046CE6C 6A 0C PUSH 0xC + * 0046CE6E B9 003B6F00 MOV ECX,Game.006F3B00 + * 0046CE73 E8 E8F1FDFF CALL Game.0044C060 + * 0046CE78 8985 B8FDFFFF MOV DWORD PTR SS:[EBP-0x248],EAX + * 0046CE7E 6A 00 PUSH 0x0 + * 0046CE80 6A 01 PUSH 0x1 + * 0046CE82 8B55 80 MOV EDX,DWORD PTR SS:[EBP-0x80] + * 0046CE85 52 PUSH EDX + * 0046CE86 6A 0C PUSH 0xC + * 0046CE88 B9 003B6F00 MOV ECX,Game.006F3B00 + * 0046CE8D E8 CEF1FDFF CALL Game.0044C060 + * 0046CE92 85C0 TEST EAX,EAX + * 0046CE94 7D 0C JGE SHORT Game.0046CEA2 + * 0046CE96 C785 B4FDFFFF 00>MOV DWORD PTR SS:[EBP-0x24C],0x0 + * 0046CEA0 EB 1A JMP SHORT Game.0046CEBC + * 0046CEA2 6A 00 PUSH 0x0 + * 0046CEA4 6A 01 PUSH 0x1 + * 0046CEA6 8B45 80 MOV EAX,DWORD PTR SS:[EBP-0x80] + * 0046CEA9 50 PUSH EAX + * 0046CEAA 6A 0C PUSH 0xC + * 0046CEAC B9 003B6F00 MOV ECX,Game.006F3B00 + * 0046CEB1 E8 AAF1FDFF CALL Game.0044C060 + * 0046CEB6 8985 B4FDFFFF MOV DWORD PTR SS:[EBP-0x24C],EAX + * 0046CEBC 6A 00 PUSH 0x0 + * 0046CEBE 6A 00 PUSH 0x0 + * 0046CEC0 8B4D 80 MOV ECX,DWORD PTR SS:[EBP-0x80] + * 0046CEC3 51 PUSH ECX + * 0046CEC4 6A 0C PUSH 0xC + * 0046CEC6 B9 003B6F00 MOV ECX,Game.006F3B00 + * 0046CECB E8 90F1FDFF CALL Game.0044C060 + * 0046CED0 85C0 TEST EAX,EAX + * 0046CED2 7D 0C JGE SHORT Game.0046CEE0 + * 0046CED4 C785 B0FDFFFF 00>MOV DWORD PTR SS:[EBP-0x250],0x0 + * 0046CEDE EB 1A JMP SHORT Game.0046CEFA + * 0046CEE0 6A 00 PUSH 0x0 + * 0046CEE2 6A 00 PUSH 0x0 + * 0046CEE4 8B55 80 MOV EDX,DWORD PTR SS:[EBP-0x80] + * 0046CEE7 52 PUSH EDX + * 0046CEE8 6A 0C PUSH 0xC + * 0046CEEA B9 003B6F00 MOV ECX,Game.006F3B00 + * 0046CEEF E8 6CF1FDFF CALL Game.0044C060 + * 0046CEF4 8985 B0FDFFFF MOV DWORD PTR SS:[EBP-0x250],EAX + * 0046CEFA 8B85 B8FDFFFF MOV EAX,DWORD PTR SS:[EBP-0x248] + * 0046CF00 50 PUSH EAX + * 0046CF01 8B8D B4FDFFFF MOV ECX,DWORD PTR SS:[EBP-0x24C] + * 0046CF07 51 PUSH ECX + * 0046CF08 8B95 B0FDFFFF MOV EDX,DWORD PTR SS:[EBP-0x250] + * 0046CF0E 52 PUSH EDX + * 0046CF0F E8 4CE10700 CALL Game.004EB060 + * 0046CF14 83C4 0C ADD ESP,0xC + * 0046CF17 8BF0 MOV ESI,EAX + * 0046CF19 8B45 80 MOV EAX,DWORD PTR SS:[EBP-0x80] + * 0046CF1C 50 PUSH EAX + * 0046CF1D B9 B0A86F00 MOV ECX,Game.006FA8B0 + * 0046CF22 E8 D9180300 CALL Game.0049E800 + * 0046CF27 8930 MOV DWORD PTR DS:[EAX],ESI + * 0046CF29 ^E9 F4FEFFFF JMP Game.0046CE22 + * 0046CF2E C745 84 00000000 MOV DWORD PTR SS:[EBP-0x7C],0x0 + * 0046CF35 8B8D C4FDFFFF MOV ECX,DWORD PTR SS:[EBP-0x23C] + * 0046CF3B C741 68 00000000 MOV DWORD PTR DS:[ECX+0x68],0x0 + * 0046CF42 8B8D C4FDFFFF MOV ECX,DWORD PTR SS:[EBP-0x23C] + * 0046CF48 E8 23FE0200 CALL Game.0049CD70 + * 0046CF4D 8945 C4 MOV DWORD PTR SS:[EBP-0x3C],EAX + * 0046CF50 8D4D 9C LEA ECX,DWORD PTR SS:[EBP-0x64] + * 0046CF53 E8 D8FA0200 CALL Game.0049CA30 + * 0046CF58 C745 FC 01000000 MOV DWORD PTR SS:[EBP-0x4],0x1 + * 0046CF5F 8D4D D4 LEA ECX,DWORD PTR SS:[EBP-0x2C] + * 0046CF62 E8 C9FA0200 CALL Game.0049CA30 + * 0046CF67 C645 FC 02 MOV BYTE PTR SS:[EBP-0x4],0x2 + * 0046CF6B 8B95 C4FDFFFF MOV EDX,DWORD PTR SS:[EBP-0x23C] + * 0046CF71 C742 70 00000000 MOV DWORD PTR DS:[EDX+0x70],0x0 + * 0046CF78 8B85 C4FDFFFF MOV EAX,DWORD PTR SS:[EBP-0x23C] + * 0046CF7E C780 DC000000 00>MOV DWORD PTR DS:[EAX+0xDC],0x0 + * 0046CF88 8B8D C4FDFFFF MOV ECX,DWORD PTR SS:[EBP-0x23C] + * 0046CF8E C741 78 00000000 MOV DWORD PTR DS:[ECX+0x78],0x0 + * 0046CF95 8B15 4C546F00 MOV EDX,DWORD PTR DS:[0x6F544C] + * 0046CF9B 52 PUSH EDX + * 0046CF9C 8B8D C4FDFFFF MOV ECX,DWORD PTR SS:[EBP-0x23C] + * 0046CFA2 E8 F9480000 CALL Game.004718A0 + * 0046CFA7 8B8D C4FDFFFF MOV ECX,DWORD PTR SS:[EBP-0x23C] + * 0046CFAD 8941 74 MOV DWORD PTR DS:[ECX+0x74],EAX + * 0046CFB0 6A FF PUSH -0x1 + * 0046CFB2 8B95 C4FDFFFF MOV EDX,DWORD PTR SS:[EBP-0x23C] + * 0046CFB8 8B42 78 MOV EAX,DWORD PTR DS:[EDX+0x78] + * 0046CFBB 50 PUSH EAX + * 0046CFBC 8B8D C4FDFFFF MOV ECX,DWORD PTR SS:[EBP-0x23C] + * 0046CFC2 E8 A9460000 CALL Game.00471670 + * 0046CFC7 50 PUSH EAX + * 0046CFC8 8B8D C4FDFFFF MOV ECX,DWORD PTR SS:[EBP-0x23C] + * 0046CFCE 8B51 74 MOV EDX,DWORD PTR DS:[ECX+0x74] + * 0046CFD1 52 PUSH EDX + * 0046CFD2 8B85 C4FDFFFF MOV EAX,DWORD PTR SS:[EBP-0x23C] + * 0046CFD8 8B88 DC000000 MOV ECX,DWORD PTR DS:[EAX+0xDC] + * 0046CFDE 51 PUSH ECX + * 0046CFDF B9 90436F00 MOV ECX,Game.006F4390 + * 0046CFE4 E8 17440000 CALL Game.00471400 + * 0046CFE9 8B95 C4FDFFFF MOV EDX,DWORD PTR SS:[EBP-0x23C] + * 0046CFEF C742 5C 00000000 MOV DWORD PTR DS:[EDX+0x5C],0x0 + * 0046CFF6 8B85 C4FDFFFF MOV EAX,DWORD PTR SS:[EBP-0x23C] + * 0046CFFC C740 60 00000000 MOV DWORD PTR DS:[EAX+0x60],0x0 + * 0046D003 8B8D C4FDFFFF MOV ECX,DWORD PTR SS:[EBP-0x23C] + * 0046D009 C741 64 00000000 MOV DWORD PTR DS:[ECX+0x64],0x0 + * 0046D010 C745 8C 00000000 MOV DWORD PTR SS:[EBP-0x74],0x0 + * 0046D017 C745 C8 00000000 MOV DWORD PTR SS:[EBP-0x38],0x0 + * 0046D01E 8B15 EC446F00 MOV EDX,DWORD PTR DS:[0x6F44EC] + * 0046D024 8955 CC MOV DWORD PTR SS:[EBP-0x34],EDX + * 0046D027 A1 8C576F00 MOV EAX,DWORD PTR DS:[0x6F578C] + * 0046D02C 0FBE08 MOVSX ECX,BYTE PTR DS:[EAX] + * 0046D02F 894D 88 MOV DWORD PTR SS:[EBP-0x78],ECX + * 0046D032 8B95 C4FDFFFF MOV EDX,DWORD PTR SS:[EBP-0x23C] + * 0046D038 0FB682 E0000000 MOVZX EAX,BYTE PTR DS:[EDX+0xE0] + * 0046D03F 85C0 TEST EAX,EAX + * 0046D041 74 07 JE SHORT Game.0046D04A + * 0046D043 C745 8C 00000000 MOV DWORD PTR SS:[EBP-0x74],0x0 + * 0046D04A C745 B8 C0BDF0FF MOV DWORD PTR SS:[EBP-0x48],0xFFF0BDC0 + * 0046D051 8B8D C4FDFFFF MOV ECX,DWORD PTR SS:[EBP-0x23C] + * 0046D057 C781 F8000000 00>MOV DWORD PTR DS:[ECX+0xF8],0x0 + * 0046D061 C745 BC 00000000 MOV DWORD PTR SS:[EBP-0x44],0x0 + * 0046D068 C645 9B 00 MOV BYTE PTR SS:[EBP-0x65],0x0 + * 0046D06C C745 90 00000000 MOV DWORD PTR SS:[EBP-0x70],0x0 + * 0046D073 C745 94 00000000 MOV DWORD PTR SS:[EBP-0x6C],0x0 + * 0046D07A C745 C0 00000000 MOV DWORD PTR SS:[EBP-0x40],0x0 + * 0046D081 8B15 28E26C00 MOV EDX,DWORD PTR DS:[0x6CE228] + * 0046D087 D1E2 SHL EDX,1 + * 0046D089 8B85 C4FDFFFF MOV EAX,DWORD PTR SS:[EBP-0x23C] + * 0046D08F 8990 00010000 MOV DWORD PTR DS:[EAX+0x100],EDX + * 0046D095 813D 30456F00 C8>CMP DWORD PTR DS:[0x6F4530],0xC8 + * 0046D09F 75 1D JNZ SHORT Game.0046D0BE + * 0046D0A1 8B8D C4FDFFFF MOV ECX,DWORD PTR SS:[EBP-0x23C] + * 0046D0A7 8B81 00010000 MOV EAX,DWORD PTR DS:[ECX+0x100] + * 0046D0AD 99 CDQ + * 0046D0AE 2BC2 SUB EAX,EDX + * 0046D0B0 D1F8 SAR EAX,1 + * 0046D0B2 8B95 C4FDFFFF MOV EDX,DWORD PTR SS:[EBP-0x23C] + * 0046D0B8 8982 00010000 MOV DWORD PTR DS:[EDX+0x100],EAX + * 0046D0BE 8B8D C4FDFFFF MOV ECX,DWORD PTR SS:[EBP-0x23C] + * 0046D0C4 E8 C7FC0200 CALL Game.0049CD90 + * 0046D0C9 8B8D C4FDFFFF MOV ECX,DWORD PTR SS:[EBP-0x23C] + * 0046D0CF 3941 68 CMP DWORD PTR DS:[ECX+0x68],EAX + * 0046D0D2 0F8D ED420000 JGE Game.004713C5 + * 0046D0D8 8B55 C4 MOV EDX,DWORD PTR SS:[EBP-0x3C] + * 0046D0DB 8955 D0 MOV DWORD PTR SS:[EBP-0x30],EDX + * 0046D0DE 8B85 C4FDFFFF MOV EAX,DWORD PTR SS:[EBP-0x23C] + * 0046D0E4 8B48 68 MOV ECX,DWORD PTR DS:[EAX+0x68] + * 0046D0E7 894D 84 MOV DWORD PTR SS:[EBP-0x7C],ECX + * 0046D0EA 8B55 C4 MOV EDX,DWORD PTR SS:[EBP-0x3C] + * 0046D0ED 52 PUSH EDX + * 0046D0EE FF15 94926900 CALL DWORD PTR DS:[<&USER32.CharNextA>] ; user32.CharNextA + * 0046D0F4 8945 90 MOV DWORD PTR SS:[EBP-0x70],EAX + * 0046D0F7 8B45 90 MOV EAX,DWORD PTR SS:[EBP-0x70] + * 0046D0FA 2B45 C4 SUB EAX,DWORD PTR SS:[EBP-0x3C] + * 0046D0FD 8945 94 MOV DWORD PTR SS:[EBP-0x6C],EAX + * 0046D100 8B8D C4FDFFFF MOV ECX,DWORD PTR SS:[EBP-0x23C] + * 0046D106 8B51 68 MOV EDX,DWORD PTR DS:[ECX+0x68] + * 0046D109 0355 94 ADD EDX,DWORD PTR SS:[EBP-0x6C] + * 0046D10C 8B85 C4FDFFFF MOV EAX,DWORD PTR SS:[EBP-0x23C] + * 0046D112 8950 68 MOV DWORD PTR DS:[EAX+0x68],EDX + * 0046D115 8B4D D0 MOV ECX,DWORD PTR SS:[EBP-0x30] + * 0046D118 51 PUSH ECX + * 0046D119 FF15 94926900 CALL DWORD PTR DS:[<&USER32.CharNextA>] ; user32.CharNextA + * 0046D11F 8945 C4 MOV DWORD PTR SS:[EBP-0x3C],EAX + * 0046D122 0FB655 08 MOVZX EDX,BYTE PTR SS:[EBP+0x8] + * 0046D126 85D2 TEST EDX,EDX + * 0046D128 74 51 JE SHORT Game.0046D17B + * 0046D12A 0FB645 9B MOVZX EAX,BYTE PTR SS:[EBP-0x65] + * 0046D12E 85C0 TEST EAX,EAX + * 0046D130 74 49 JE SHORT Game.0046D17B + * 0046D132 8B8D C4FDFFFF MOV ECX,DWORD PTR SS:[EBP-0x23C] + * 0046D138 DB41 68 FILD DWORD PTR DS:[ECX+0x68] + * 0046D13B 8B95 C4FDFFFF MOV EDX,DWORD PTR SS:[EBP-0x23C] + * 0046D141 DAA2 F8000000 FISUB DWORD PTR DS:[EDX+0xF8] + * 0046D147 8B85 C4FDFFFF MOV EAX,DWORD PTR SS:[EBP-0x23C] + * 0046D14D DC98 88000000 FCOMP QWORD PTR DS:[EAX+0x88] + * 0046D153 DFE0 FSTSW AX + * 0046D155 F6C4 41 TEST AH,0x41 + * 0046D158 75 21 JNZ SHORT Game.0046D17B + * 0046D15A 8B8D C4FDFFFF MOV ECX,DWORD PTR SS:[EBP-0x23C] + * 0046D160 DB41 68 FILD DWORD PTR DS:[ECX+0x68] + * 0046D163 8B95 C4FDFFFF MOV EDX,DWORD PTR SS:[EBP-0x23C] + * 0046D169 DAA2 F8000000 FISUB DWORD PTR DS:[EDX+0xF8] + * 0046D16F 8B85 C4FDFFFF MOV EAX,DWORD PTR SS:[EBP-0x23C] + * 0046D175 DD98 88000000 FSTP QWORD PTR DS:[EAX+0x88] + * 0046D17B 0FB64D 08 MOVZX ECX,BYTE PTR SS:[EBP+0x8] + * 0046D17F 85C9 TEST ECX,ECX + * 0046D181 74 35 JE SHORT Game.0046D1B8 + * 0046D183 0FB655 9B MOVZX EDX,BYTE PTR SS:[EBP-0x65] + * 0046D187 85D2 TEST EDX,EDX + * 0046D189 75 2D JNZ SHORT Game.0046D1B8 + * 0046D18B 8B85 C4FDFFFF MOV EAX,DWORD PTR SS:[EBP-0x23C] + * 0046D191 DD80 88000000 FLD QWORD PTR DS:[EAX+0x88] + * 0046D197 E8 54FF0500 CALL Game.004CD0F0 + * 0046D19C 8B8D C4FDFFFF MOV ECX,DWORD PTR SS:[EBP-0x23C] + * 0046D1A2 0381 F8000000 ADD EAX,DWORD PTR DS:[ECX+0xF8] + * 0046D1A8 8B95 C4FDFFFF MOV EDX,DWORD PTR SS:[EBP-0x23C] + * 0046D1AE 3942 68 CMP DWORD PTR DS:[EDX+0x68],EAX + * 0046D1B1 7E 05 JLE SHORT Game.0046D1B8 + * 0046D1B3 E9 0D420000 JMP Game.004713C5 + * 0046D1B8 8B85 C4FDFFFF MOV EAX,DWORD PTR SS:[EBP-0x23C] + * 0046D1BE 0FB688 E2000000 MOVZX ECX,BYTE PTR DS:[EAX+0xE2] + * 0046D1C5 85C9 TEST ECX,ECX + * 0046D1C7 74 1C JE SHORT Game.0046D1E5 + * 0046D1C9 8B95 C4FDFFFF MOV EDX,DWORD PTR SS:[EBP-0x23C] + * 0046D1CF 8B85 C4FDFFFF MOV EAX,DWORD PTR SS:[EBP-0x23C] + * 0046D1D5 8B8A EC000000 MOV ECX,DWORD PTR DS:[EDX+0xEC] + * 0046D1DB 3B48 68 CMP ECX,DWORD PTR DS:[EAX+0x68] + * 0046D1DE 7D 05 JGE SHORT Game.0046D1E5 + * 0046D1E0 E9 E0410000 JMP Game.004713C5 + * 0046D1E5 8B95 C4FDFFFF MOV EDX,DWORD PTR SS:[EBP-0x23C] + * 0046D1EB 83BA E8000000 00 CMP DWORD PTR DS:[EDX+0xE8],0x0 + * 0046D1F2 7E 1F JLE SHORT Game.0046D213 + * 0046D1F4 8B85 C4FDFFFF MOV EAX,DWORD PTR SS:[EBP-0x23C] + * 0046D1FA 8B88 E4000000 MOV ECX,DWORD PTR DS:[EAX+0xE4] + * 0046D200 83E9 01 SUB ECX,0x1 + * 0046D203 8B95 C4FDFFFF MOV EDX,DWORD PTR SS:[EBP-0x23C] + * 0046D209 3B4A 68 CMP ECX,DWORD PTR DS:[EDX+0x68] + * 0046D20C 7D 05 JGE SHORT Game.0046D213 + * 0046D20E E9 B2410000 JMP Game.004713C5 + * 0046D213 8B85 C4FDFFFF MOV EAX,DWORD PTR SS:[EBP-0x23C] + * 0046D219 8B48 68 MOV ECX,DWORD PTR DS:[EAX+0x68] + * 0046D21C 2B4D 84 SUB ECX,DWORD PTR SS:[EBP-0x7C] + * 0046D21F 51 PUSH ECX + * 0046D220 8B55 84 MOV EDX,DWORD PTR SS:[EBP-0x7C] + * 0046D223 52 PUSH EDX + * 0046D224 8D85 84FEFFFF LEA EAX,DWORD PTR SS:[EBP-0x17C] + * 0046D22A 50 PUSH EAX + * 0046D22B 8B8D C4FDFFFF MOV ECX,DWORD PTR SS:[EBP-0x23C] + * 0046D231 E8 4AFC0200 CALL Game.0049CE80 ; jichi; text in [arg1 + 0x4] + * 0046D236 8985 ACFDFFFF MOV DWORD PTR SS:[EBP-0x254],EAX + * 0046D23C 8B8D ACFDFFFF MOV ECX,DWORD PTR SS:[EBP-0x254] + * 0046D242 898D A8FDFFFF MOV DWORD PTR SS:[EBP-0x258],ECX + * 0046D248 C645 FC 03 MOV BYTE PTR SS:[EBP-0x4],0x3 + * 0046D24C 8B95 A8FDFFFF MOV EDX,DWORD PTR SS:[EBP-0x258] + * 0046D252 52 PUSH EDX + * + * This is the function being called + * 0047168D CC INT3 + * 0047168E CC INT3 + * 0047168F CC INT3 + * 00471690 55 PUSH EBP + * 00471691 8BEC MOV EBP,ESP + * 00471693 83EC 3C SUB ESP,0x3C + * 00471696 894D EC MOV DWORD PTR SS:[EBP-0x14],ECX + * 00471699 8B45 EC MOV EAX,DWORD PTR SS:[EBP-0x14] + * 0047169C 83C0 1C ADD EAX,0x1C + * 0047169F 50 PUSH EAX + * 004716A0 8B4D EC MOV ECX,DWORD PTR SS:[EBP-0x14] + * 004716A3 83C1 38 ADD ECX,0x38 + * 004716A6 E8 65B40200 CALL Game.0049CB10 + * 004716AB 8B4D EC MOV ECX,DWORD PTR SS:[EBP-0x14] + * 004716AE 81C1 9C000000 ADD ECX,0x9C + * 004716B4 E8 47CF0200 CALL Game.0049E600 + * 004716B9 8B4D EC MOV ECX,DWORD PTR SS:[EBP-0x14] + * 004716BC 81C1 AC000000 ADD ECX,0xAC + * 004716C2 E8 39CF0200 CALL Game.0049E600 + * 004716C7 8B4D EC MOV ECX,DWORD PTR SS:[EBP-0x14] + * 004716CA 81C1 BC000000 ADD ECX,0xBC + * 004716D0 E8 2BCF0200 CALL Game.0049E600 + * 004716D5 8B4D EC MOV ECX,DWORD PTR SS:[EBP-0x14] + * 004716D8 C781 F0000000 00>MOV DWORD PTR DS:[ECX+0xF0],0x0 + * 004716E2 8B55 EC MOV EDX,DWORD PTR SS:[EBP-0x14] + * 004716E5 C782 F4000000 00>MOV DWORD PTR DS:[EDX+0xF4],0x0 + * 004716EF 8B45 EC MOV EAX,DWORD PTR SS:[EBP-0x14] + * 004716F2 0FB688 98000000 MOVZX ECX,BYTE PTR DS:[EAX+0x98] + * 004716F9 85C9 TEST ECX,ECX + * 004716FB 75 20 JNZ SHORT Game.0047171D + * 004716FD 8B55 EC MOV EDX,DWORD PTR SS:[EBP-0x14] + * 00471700 DD05 10DD6900 FLD QWORD PTR DS:[0x69DD10] + * 00471706 DD9A 88000000 FSTP QWORD PTR DS:[EDX+0x88] + * 0047170C 8B45 EC MOV EAX,DWORD PTR SS:[EBP-0x14] + * 0047170F DD05 10DD6900 FLD QWORD PTR DS:[0x69DD10] + * 00471715 DD98 90000000 FSTP QWORD PTR DS:[EAX+0x90] + * 0047171B EB 0F JMP SHORT Game.0047172C + * 0047171D 8B4D EC MOV ECX,DWORD PTR SS:[EBP-0x14] + * 00471720 DD05 B8E26900 FLD QWORD PTR DS:[0x69E2B8] + * 00471726 DD99 88000000 FSTP QWORD PTR DS:[ECX+0x88] + * 0047172C 8B55 EC MOV EDX,DWORD PTR SS:[EBP-0x14] + * 0047172F 83C2 1C ADD EDX,0x1C + * 00471732 52 PUSH EDX + * 00471733 8B4D EC MOV ECX,DWORD PTR SS:[EBP-0x14] + * 00471736 E8 D5B30200 CALL Game.0049CB10 + * 0047173B C745 F8 00000000 MOV DWORD PTR SS:[EBP-0x8],0x0 + * 00471742 C745 F0 00000000 MOV DWORD PTR SS:[EBP-0x10],0x0 + * 00471749 C745 FC 00000000 MOV DWORD PTR SS:[EBP-0x4],0x0 + * 00471750 8B45 EC MOV EAX,DWORD PTR SS:[EBP-0x14] + * 00471753 C780 E4000000 00>MOV DWORD PTR DS:[EAX+0xE4],0x0 + * 0047175D 8B4D EC MOV ECX,DWORD PTR SS:[EBP-0x14] + * 00471760 C781 E8000000 00>MOV DWORD PTR DS:[ECX+0xE8],0x0 + * 0047176A 8B55 EC MOV EDX,DWORD PTR SS:[EBP-0x14] + * 0047176D C782 EC000000 00>MOV DWORD PTR DS:[EDX+0xEC],0x0 + * 00471777 8B45 EC MOV EAX,DWORD PTR SS:[EBP-0x14] + * 0047177A C780 F8000000 00>MOV DWORD PTR DS:[EAX+0xF8],0x0 + * 00471784 8B4D EC MOV ECX,DWORD PTR SS:[EBP-0x14] + * 00471787 C681 E2000000 00 MOV BYTE PTR DS:[ECX+0xE2],0x0 + * 0047178E 8B55 EC MOV EDX,DWORD PTR SS:[EBP-0x14] + * 00471791 C682 E3000000 00 MOV BYTE PTR DS:[EDX+0xE3],0x0 + * 00471798 C745 F4 00000000 MOV DWORD PTR SS:[EBP-0xC],0x0 + * 0047179F 6A 00 PUSH 0x0 + * 004717A1 68 B4E26900 PUSH Game.0069E2B4 + * 004717A6 8B4D EC MOV ECX,DWORD PTR SS:[EBP-0x14] + * 004717A9 E8 72B60200 CALL Game.0049CE20 + * 004717AE 8945 F4 MOV DWORD PTR SS:[EBP-0xC],EAX + * 004717B1 8B45 F4 MOV EAX,DWORD PTR SS:[EBP-0xC] + * 004717B4 3B05 FCD86900 CMP EAX,DWORD PTR DS:[0x69D8FC] + * 004717BA 0F84 D3000000 JE Game.00471893 + * 004717C0 8B4D EC MOV ECX,DWORD PTR SS:[EBP-0x14] + * 004717C3 DD81 80000000 FLD QWORD PTR DS:[ECX+0x80] + * 004717C9 8B55 F4 MOV EDX,DWORD PTR SS:[EBP-0xC] + * 004717CC 83C2 01 ADD EDX,0x1 + * 004717CF 8955 E8 MOV DWORD PTR SS:[EBP-0x18],EDX + * 004717D2 DB45 E8 FILD DWORD PTR SS:[EBP-0x18] + * 004717D5 DC0D 28716B00 FMUL QWORD PTR DS:[0x6B7128] + * 004717DB DA35 24E26C00 FIDIV DWORD PTR DS:[0x6CE224] + * 004717E1 DED9 FCOMPP + * 004717E3 DFE0 FSTSW AX + * 004717E5 F6C4 41 TEST AH,0x41 + * 004717E8 75 0E JNZ SHORT Game.004717F8 + * 004717EA 8B45 EC MOV EAX,DWORD PTR SS:[EBP-0x14] + * 004717ED DD80 80000000 FLD QWORD PTR DS:[EAX+0x80] + * 004717F3 DD5D E0 FSTP QWORD PTR SS:[EBP-0x20] + * 004717F6 EB 1B JMP SHORT Game.00471813 + * 004717F8 8B4D F4 MOV ECX,DWORD PTR SS:[EBP-0xC] + * 004717FB 83C1 01 ADD ECX,0x1 + * 004717FE 894D DC MOV DWORD PTR SS:[EBP-0x24],ECX + * 00471801 DB45 DC FILD DWORD PTR SS:[EBP-0x24] + * 00471804 DC0D 28716B00 FMUL QWORD PTR DS:[0x6B7128] + * 0047180A DA35 24E26C00 FIDIV DWORD PTR DS:[0x6CE224] + * 00471810 DD5D E0 FSTP QWORD PTR SS:[EBP-0x20] + * 00471813 DD05 58AB6A00 FLD QWORD PTR DS:[0x6AAB58] + * 00471819 DC5D E0 FCOMP QWORD PTR SS:[EBP-0x20] + * 0047181C DFE0 FSTSW AX + * 0047181E F6C4 41 TEST AH,0x41 + * 00471821 75 0B JNZ SHORT Game.0047182E + * 00471823 DD05 58AB6A00 FLD QWORD PTR DS:[0x6AAB58] + * 00471829 DD5D D4 FSTP QWORD PTR SS:[EBP-0x2C] + * 0047182C EB 59 JMP SHORT Game.00471887 + * 0047182E 8B55 EC MOV EDX,DWORD PTR SS:[EBP-0x14] + * 00471831 DD82 80000000 FLD QWORD PTR DS:[EDX+0x80] + * 00471837 8B45 F4 MOV EAX,DWORD PTR SS:[EBP-0xC] + * 0047183A 83C0 01 ADD EAX,0x1 + * 0047183D 8945 D0 MOV DWORD PTR SS:[EBP-0x30],EAX + * 00471840 DB45 D0 FILD DWORD PTR SS:[EBP-0x30] + * 00471843 DC0D 28716B00 FMUL QWORD PTR DS:[0x6B7128] + * 00471849 DA35 24E26C00 FIDIV DWORD PTR DS:[0x6CE224] + * 0047184F DED9 FCOMPP + * 00471851 DFE0 FSTSW AX + * 00471853 F6C4 41 TEST AH,0x41 + * 00471856 75 0E JNZ SHORT Game.00471866 + * 00471858 8B4D EC MOV ECX,DWORD PTR SS:[EBP-0x14] + * 0047185B DD81 80000000 FLD QWORD PTR DS:[ECX+0x80] + * 00471861 DD5D C8 FSTP QWORD PTR SS:[EBP-0x38] + * 00471864 EB 1B JMP SHORT Game.00471881 + * 00471866 8B55 F4 MOV EDX,DWORD PTR SS:[EBP-0xC] + * 00471869 83C2 01 ADD EDX,0x1 + * 0047186C 8955 C4 MOV DWORD PTR SS:[EBP-0x3C],EDX + * 0047186F DB45 C4 FILD DWORD PTR SS:[EBP-0x3C] + * 00471872 DC0D 28716B00 FMUL QWORD PTR DS:[0x6B7128] + * 00471878 DA35 24E26C00 FIDIV DWORD PTR DS:[0x6CE224] + * 0047187E DD5D C8 FSTP QWORD PTR SS:[EBP-0x38] + * 00471881 DD45 C8 FLD QWORD PTR SS:[EBP-0x38] + * 00471884 DD5D D4 FSTP QWORD PTR SS:[EBP-0x2C] + * 00471887 8B45 EC MOV EAX,DWORD PTR SS:[EBP-0x14] + * 0047188A DD45 D4 FLD QWORD PTR SS:[EBP-0x2C] + * 0047188D DD98 80000000 FSTP QWORD PTR DS:[EAX+0x80] + * 00471893 8BE5 MOV ESP,EBP + * 00471895 5D POP EBP + * 00471896 C3 RETN + * 00471897 CC INT3 + * 00471898 CC INT3 + * 00471899 CC INT3 + */ + bool attach(ULONG startAddress, ULONG stopAddress) // attach other text + { + ULONG addr = MemDbg::findCallerAddressAfterInt3((ULONG)::CharNextA, startAddress, stopAddress); + // addr = MemDbg::findNearCallAddress(addr, startAddress, stopAddress); + // if (!addr) + // return false; + if (addr == 0) + return 0; + HookParam hp; + hp.address = addr; + hp.offset = get_reg(regs::ecx); + hp.index = 4; + hp.text_fun = Private::hookBefore; + hp.hook_after = Private::hookafter2; + hp.type = USING_STRING | DATA_INDIRECT | EMBED_ABLE | EMBED_DYNA_SJIS|NO_CONTEXT; + hp.hook_font = F_GetGlyphOutlineA; + return NewHook(hp, "EmbedWolf"); + } + + } // namespace ScenarioHook + +} // unnamed namespace +namespace +{ + bool wolf7() + { + BYTE sig[] = { + 0x52, + 0x8b, 0x4d, 0xf4, + 0xe8, XX4, + 0x03, 0x45, 0x08, + 0x03, 0x45, 0x0c, + 0x50, + 0x8b, 0x4d, 0xf4, + 0xe8, XX4, + 0x03, 0x45, 0x08, + 0x03, 0x45, 0x14, + 0x50, + 0xe8, XX4, + 0x83, 0xc4, 0x0c, + 0x8b, 0x45, 0x14}; + auto addr = MemDbg::findBytes(sig, sizeof(sig), processStartAddress, processStopAddress); + if (!addr) + return false; + addr += 31; + HookParam hp; + hp.address = addr; + hp.offset = get_stack(1); + hp.type = USING_STRING | NO_CONTEXT; + return NewHook(hp, "Wolf7"); + } +} +bool Wolf::attach_function() +{ + auto _ = ScenarioHook::attach(processStartAddress, processStopAddress); + return InsertWolfHook() || hook56() || _ || wolf7(); +} \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine32/Wolf.h b/cpp/LunaHook/LunaHook/engine32/Wolf.h new file mode 100644 index 00000000..f0fe6209 --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/Wolf.h @@ -0,0 +1,13 @@ + + +class Wolf : public ENGINE +{ +public: + Wolf() + { + is_engine_certain = false; + check_by = CHECK_BY::FILE_ANY; + check_by_target = check_by_list{L"data.wolf", L"data\\*.wolf", L"data\\basicdata\\cdatabase.dat"}; + }; + bool attach_function(); +}; \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine32/XUSE.cpp b/cpp/LunaHook/LunaHook/engine32/XUSE.cpp new file mode 100644 index 00000000..f07246f8 --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/XUSE.cpp @@ -0,0 +1,65 @@ +#include"XUSE.h" + +bool InsertXUSEHook2() { + //最果てのイマ -COMPLETE- + ConsoleOutput("maybe XUSE2"); + + BYTE bytes[] = { + 0x68,0x34,0x01,0x00,0x00 + //v39 = v16; + //v40 = v15; <----- v15 ,eax + //v41 = (const char*)operator new(0x134u); + }; + auto succ=false; + auto addrs = Util::SearchMemory(bytes, sizeof(bytes), PAGE_EXECUTE, processStartAddress, processStopAddress); + for (auto addr : addrs) { + + HookParam hp; + hp.address = addr ; + hp.offset=get_reg(regs::eax); + hp.type = CODEC_ANSI_BE|NO_CONTEXT | USING_SPLIT; + hp.split = 0; + ConsoleOutput("XUSE2 %p", addr); + + succ|=NewHook(hp, "XUSE2"); + } + return succ; + +} +bool InsertXUSEHook() { + //詩乃先生の誘惑授業 + //憂ちゃんの新妻だいあり~ + ConsoleOutput("maybe XUSE"); + BYTE bytes[] = { + 0x6a,0x00, + XX, + 0x6a,0x05, + XX, + XX, + 0xff,0x15,XX4, + 0x8b,0xf0, + 0x83,0xfe,0xff + + }; + auto succ=false; + auto addrs = Util::SearchMemory(bytes, sizeof(bytes), PAGE_EXECUTE, processStartAddress, processStopAddress); + for(auto addr : addrs){ + + HookParam hp; + hp.address = addr + 7; + hp.offset=get_reg(regs::edi); + hp.type = CODEC_ANSI_BE | NO_CONTEXT | USING_SPLIT; + hp.split = get_stack(3); + + ConsoleOutput("XUSE %p", addr); + + succ|=NewHook(hp, "XUSE"); + } + return succ; + +} + +bool XUSE::attach_function() { + + return InsertXUSEHook() || InsertXUSEHook2(); +} \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine32/XUSE.h b/cpp/LunaHook/LunaHook/engine32/XUSE.h new file mode 100644 index 00000000..c5c8fb5b --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/XUSE.h @@ -0,0 +1,12 @@ + + +class XUSE:public ENGINE{ + public: + XUSE(){ + + check_by=CHECK_BY::FILE; + check_by_target=L"CD/BV*"; + is_engine_certain=false; + }; + bool attach_function(); +}; \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine32/Xbangbang.cpp b/cpp/LunaHook/LunaHook/engine32/Xbangbang.cpp new file mode 100644 index 00000000..6b8215c0 --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/Xbangbang.cpp @@ -0,0 +1,17 @@ +#include"Xbangbang.h" + +bool Xbangbang::attach_function() { + //さわさわ絵にっき + //さわさわ絵にっき2 + bool ok=false; + for(auto addr:findiatcallormov_all((DWORD)GetTextExtentPoint32A,processStartAddress,processStartAddress,processStopAddress,PAGE_EXECUTE)){ + addr = MemDbg::findEnclosingAlignedFunction(addr); + if (!addr) continue; + HookParam hp; + hp.address = addr; + hp.offset=get_stack(2); + hp.type=USING_STRING; + ok|=NewHook(hp, "Xbangbang"); + } + return ok; +} \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine32/Xbangbang.h b/cpp/LunaHook/LunaHook/engine32/Xbangbang.h new file mode 100644 index 00000000..6066f213 --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/Xbangbang.h @@ -0,0 +1,12 @@ + + +class Xbangbang:public ENGINE{ + public: + Xbangbang(){ + + check_by=CHECK_BY::FILE; + check_by_target=L"fastdata.arc"; + is_engine_certain=false; + }; + bool attach_function(); +}; \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine32/YukaSystem2.cpp b/cpp/LunaHook/LunaHook/engine32/YukaSystem2.cpp new file mode 100644 index 00000000..450f7921 --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/YukaSystem2.cpp @@ -0,0 +1,300 @@ +#include "YukaSystem2.h" +/** jichi 7/6/2014 YukaSystem2 + * Sample game: セミラミスの天秤 + * + * Observations from Debug: + * - Ollydbg got UTF8 text memory address + * - Hardware break points have loops on 0x4010ED + * - The hooked function seems to take 3 parameters, and arg3 is the right text + * - The text appears character by character + * + * Runtime stack: + * - return address + * - arg1 pointer's pointer + * - arg2 text + * - arg3 pointer's pointer + * - code address or -1, maybe a handle + * - unknown pointer + * - return address + * - usually zero + * + * 0040109d cc int3 + * 0040109e cc int3 + * 0040109f cc int3 + * 004010a0 /$ 55 push ebp + * 004010a1 |. 8bec mov ebp,esp + * 004010a3 |. 8b45 14 mov eax,dword ptr ss:[ebp+0x14] + * 004010a6 |. 50 push eax ; /arg4 + * 004010a7 |. 8b4d 10 mov ecx,dword ptr ss:[ebp+0x10] ; | + * 004010aa |. 51 push ecx ; |arg3 + * 004010ab |. 8b55 0c mov edx,dword ptr ss:[ebp+0xc] ; | + * 004010ae |. 52 push edx ; |arg2 + * 004010af |. 8b45 08 mov eax,dword ptr ss:[ebp+0x8] ; | + * 004010b2 |. 50 push eax ; |arg1 + * 004010b3 |. e8 48ffffff call semirami.00401000 ; \semirami.00401000 + * 004010b8 |. 83c4 10 add esp,0x10 + * 004010bb |. 8b45 08 mov eax,dword ptr ss:[ebp+0x8] + * 004010be |. 5d pop ebp + * 004010bf \. c3 retn + * 004010c0 /$ 55 push ebp + * 004010c1 |. 8bec mov ebp,esp + * 004010c3 |. 8b45 14 mov eax,dword ptr ss:[ebp+0x14] + * 004010c6 |. 50 push eax ; /arg4 + * 004010c7 |. 8b4d 10 mov ecx,dword ptr ss:[ebp+0x10] ; | + * 004010ca |. 51 push ecx ; |arg3 + * 004010cb |. 8b55 0c mov edx,dword ptr ss:[ebp+0xc] ; | + * 004010ce |. 52 push edx ; |arg2 + * 004010cf |. 8b45 08 mov eax,dword ptr ss:[ebp+0x8] ; | + * 004010d2 |. 50 push eax ; |arg1 + * 004010d3 |. e8 58ffffff call semirami.00401030 ; \semirami.00401030 + * 004010d8 |. 83c4 10 add esp,0x10 + * 004010db |. 8b45 08 mov eax,dword ptr ss:[ebp+0x8] + * 004010de |. 5d pop ebp + * 004010df \. c3 retn + * 004010e0 /$ 55 push ebp ; jichi: function begin, hook here, bp-based frame, arg2 is the text + * 004010e1 |. 8bec mov ebp,esp + * 004010e3 |. 8b45 08 mov eax,dword ptr ss:[ebp+0x8] ; jichi: ebp+0x8 = arg2 + * 004010e6 |. 8b4d 0c mov ecx,dword ptr ss:[ebp+0xc] ; jichi: arg3 is also a pointer of pointer + * 004010e9 |. 8a11 mov dl,byte ptr ds:[ecx] + * 004010eb |. 8810 mov byte ptr ds:[eax],dl ; jichi: eax is the data + * 004010ed |. 5d pop ebp + * 004010ee \. c3 retn + * 004010ef cc int3 + */ + +// Ignore image and music file names +// Sample text: "Voice\tou00012.ogg""運命論って云うのかなあ……神さまを信じてる人が多かったからだろうね、何があっても、それ�神さまが�刁�ちに与えられた試練なんだって、そ぀�ってたみたい。勿論、今でもそ぀��てあ�人はぁ�ぱぁ�るん�けど� +// Though the input string is UTF-8, it should be ASCII compatible. +static bool _yk2garbage(const char *p) +{ + // Q_ASSERT(p); + while (char ch = *p++) + { + if (!( + ch >= '0' && ch <= '9' || + ch >= 'A' && ch <= 'z' || // also ignore ASCII 91-96: [ \ ] ^ _ ` + ch == '"' || ch == '.' || ch == '-' || ch == '#')) + return false; + } + return true; +} + +// Get text from arg2 +static void SpecialHookYukaSystem2(hook_stack *stack, HookParam *hp, uintptr_t *data, uintptr_t *split, size_t *len) +{ + DWORD arg2 = stack->stack[2], // [esp+0x8] + arg3 = stack->stack[3]; // [esp+0xc] + // arg4 = argof(4, esp_base); // there is no arg4. arg4 is properlly a function pointer + LPCSTR text = (LPCSTR)arg2; + if (*text && !_yk2garbage(text)) + { // I am sure this could be null + *data = (DWORD)text; + *len = ::strlen(text); // UTF-8 is null-terminated + if (arg3) + *split = *(DWORD *)arg3; + } +} + +bool InsertYukaSystem2Hook() +{ + const BYTE bytes[] = { + 0x55, // 004010e0 /$ 55 push ebp ; jichi; hook here + 0x8b, 0xec, // 004010e1 |. 8bec mov ebp,esp + 0x8b, 0x45, 0x08, // 004010e3 |. 8b45 08 mov eax,dword ptr ss:[ebp+0x8] ; jichi: ebp+0x8 = arg2 + 0x8b, 0x4d, 0x0c, // 004010e6 |. 8b4d 0c mov ecx,dword ptr ss:[ebp+0xc] + 0x8a, 0x11, // 004010e9 |. 8a11 mov dl,byte ptr ds:[ecx] + 0x88, 0x10, // 004010eb |. 8810 mov byte ptr ds:[eax],dl ; jichi: eax is the address to text + 0x5d, // 004010ed |. 5d pop ebp + 0xc3 // 004010ee \. c3 retn + }; + // enum { addr_offset = 0 }; + ULONG range = min(processStopAddress - processStartAddress, MAX_REL_ADDR); + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStartAddress + range); + // GROWL_DWORD(addr); // supposed to be 0x4010e0 + if (!addr) + return false; + + HookParam hp; + hp.address = addr; + hp.offset = get_stack(1); + hp.split = get_stack(2); + hp.type = USING_SPLIT | USING_STRING | CODEC_UTF8; // UTF-8, though + hp.filter_fun = [](void *data, size_t *len, HookParam *hp) + { + // セミラミスの天秤 + // セミラミスの天秤 Fated Dolls + if (data == 0) + return false; + + if (all_ascii(reinterpret_cast(data), *len)) + return false; + auto str = std::string(reinterpret_cast(data), *len); + + str = std::regex_replace(str, std::regex(R"(@r\((.*?),(.*?)\))"), "$1"); + + auto wstr = StringToWideString(str); + + if (wstr.size() == 1) + return false; + + for (auto wc : wstr) + { + if ((wc >= 'A' && wc <= 'z') || + (wc >= '0' && wc <= '9') || + (wc == '"') || (wc == '.') || (wc == '-') || (wc == '#') || + (wc == 65533) || (wc == 2)) + return false; + } + + return write_string_overwrite(data, len, str); + }; + // hp.text_fun = SpecialHookYukaSystem2; + ConsoleOutput("INSERT YukaSystem2"); + return NewHook(hp, "YukaSystem2"); +} +namespace +{ + bool hook2() + { + // 君を仰ぎ乙女は姫に + // ずっとつくしてあげるの! + const BYTE bytes[] = { + 0x0F, 0xB6, 0x07, + 0x83, 0xE8, 0x40, + 0x75, XX, + 0x0F, 0xB6, 0x47, 0x01, + 0x83, 0xE8, 0x67, + 0x8D, 0x4F, 0x01, + 0x75, XX, + 0x0F, 0xB6, 0x41, 0x01, + 0x83, 0xC1, 0x01, + 0x83, 0xE8, 0x66, + 0x74, XX}; + // enum { addr_offset = 0 }; + ULONG range = min(processStopAddress - processStartAddress, MAX_REL_ADDR); + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStartAddress + range); + // GROWL_DWORD(addr); // supposed to be 0x4010e0 + if (!addr) + return false; + addr = MemDbg::findEnclosingAlignedFunction(addr); + if (!addr) + return false; + HookParam hp; + hp.address = addr; + hp.offset = get_stack(2); + hp.type = USING_SPLIT | DATA_INDIRECT; + hp.index = 0; + hp.split = get_stack(1); + return NewHook(hp, "YukaSystem2"); + } +} +namespace __ +{ + bool YukaSystem1Filter(LPVOID data, size_t *size, HookParam *) + { + auto text = reinterpret_cast(data); + auto len = reinterpret_cast(size); + + if (*len == 0) + return false; + + // if acii add a space at the end of the sentence overwriting null terminator + if (*len >= 2 && text[*len - 2] > 0) + text[(*len)++] = ' '; + + if (cpp_strnstr(text, "@r(", *len)) + { + StringFilterBetween(text, len, "@r(", 3, ")", 1); // @r(2,はと) + } + + return true; + } + + bool InsertYukaSystem1Hook() + { + /* + * Sample games: + * https://vndb.org/r71601 + * https://vndb.org/v7507 + */ + const BYTE bytes[] = { + 0x80, 0x3D, XX4, 0x01, // cmp byte ptr [kimihime.exe+16809C],01 << hook here + 0x75, 0x11, // jne kimihime.exe+42D74 + 0xB9, XX4, // mov ecx,kimihime.exe+C7F8C + 0xC6, 0x05, XX4, 0x00 // mov byte ptr [kimihime.exe+1516C5],00 + }; + ULONG range = min(processStopAddress - processStartAddress, MAX_REL_ADDR); + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStartAddress + range); + if (!addr) + { + ConsoleOutput("YukaSystem1: pattern not found"); + return false; + } + + HookParam hp; + hp.address = addr; + hp.offset = get_reg(regs::eax); + hp.type = USING_STRING | KNOWN_UNSTABLE; + hp.filter_fun = YukaSystem1Filter; + ConsoleOutput("INSERT YukaSystem1"); + return NewHook(hp, "YukaSystem1"); + } +} +namespace +{ + bool h1() + { + // https://vndb.org/v540 + // シャマナシャマナ~月とこころと太陽の魔法~ + auto addr = Util::FindImportEntry(processStartAddress, (DWORD)IsDBCSLeadByteEx); + if (!addr) + return false; + const BYTE bytes[] = { + 0xff, 0x15, XX4, + 0x83, 0xf8, 0x01, + 0x0f, 0x85, XX4, + 0x33, 0xd2, + 0xb9, 0x02, 0x00, 0x00, 0x00, + 0xbf, XX4, + 0x8b, 0xf3, + 0x33, 0xc0, + 0xf3, 0xa6, + 0x74, XX, + 0xb8, XX4, + 0x8a, 0x48, 0x02, + 0x83, 0xc0, 0x02, + 0x83, 0xc2, 0x02, + 0x84, 0xc9, + 0x74, XX, + 0xb9, 0x02, 0x00, 0x00, 0x00, + 0x8b, 0xf8, + 0x8b, 0xf3, + 0x33, 0xed, + 0xf3, 0xa6}; + memcpy((void *)(bytes + 2), &addr, 4); + addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStopAddress); + if (!addr) + return false; + addr = MemDbg::findEnclosingAlignedFunction(addr, 0x100); + if (!addr) + return false; + HookParam hp; + hp.address = addr; + hp.offset = get_stack(2); + hp.type = USING_CHAR | DATA_INDIRECT; + hp.filter_fun = [](LPVOID data, size_t *size, HookParam *) + { + auto text = reinterpret_cast(data); + auto len = reinterpret_cast(size); + CharFilter(text, len, '@'); + + return true; + }; + return NewHook(hp, "caramelbox"); + } +} +bool YukaSystem2::attach_function() +{ + bool _1 = h1() || __::InsertYukaSystem1Hook(); + return InsertYukaSystem2Hook() || hook2() || _1; +} \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine32/YukaSystem2.h b/cpp/LunaHook/LunaHook/engine32/YukaSystem2.h new file mode 100644 index 00000000..48ed0b85 --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/YukaSystem2.h @@ -0,0 +1,11 @@ + + +class YukaSystem2:public ENGINE{ + public: + YukaSystem2(){ + + check_by=CHECK_BY::FILE; + check_by_target=L"*.ykc"; + }; + bool attach_function(); +}; \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine32/Yuris.cpp b/cpp/LunaHook/LunaHook/engine32/Yuris.cpp new file mode 100644 index 00000000..973e5121 --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/Yuris.cpp @@ -0,0 +1,387 @@ +#include"Yuris.h" +/******************************************************************************************** +YU-RIS hook: + Becomes common recently. I first encounter this game in Whirlpool games. + Problem is name is repeated multiple times. + Step out of function call to TextOuA, just before call to this function, + there should be a piece of code to calculate the length of the name. + This length is 2 for single character name and text, + For a usual name this value is greater than 2. +********************************************************************************************/ + +//bool InsertWhirlpoolHook() // jichi: 12/27/2014: Renamed to YU-RIS +static bool InsertYuris1Hook() +{ + //IthBreak(); + DWORD entry = Util::FindCallAndEntryBoth((DWORD)TextOutA, processStopAddress - processStartAddress, processStartAddress, 0xec83); + //GROWL_DWORD(entry); + if (!entry) { + ConsoleOutput("YU-RIS: function entry does not exist"); + return false; + } + entry = Util::FindCallAndEntryRel(entry - 4, processStopAddress - processStartAddress, processStartAddress, 0xec83); + //GROWL_DWORD(entry); + if (!entry) { + ConsoleOutput("YU-RIS: function entry does not exist"); + return false; + } + entry = Util::FindCallOrJmpRel(entry - 4,processStopAddress - processStartAddress - 0x10000, processStartAddress + 0x10000, false); + DWORD i, + t = 0; + //GROWL_DWORD(entry); + __try { // jichi 12/27/2014 + for (i = entry - 4; i > entry - 0x100; i--) + if (::IsBadReadPtr((LPCVOID)i, 4)) { // jichi 12/27/2014: might raise in new YU-RIS, 4 = sizeof(DWORD) + ConsoleOutput("YU-RIS: do not have read permission"); + return false; + } else if (*(WORD *)i == 0xc085) { + t = *(WORD *)(i + 2); + if ((t & 0xff) == 0x76) { + t = 4; + break; + } else if ((t & 0xffff) == 0x860f) { + t = 8; + break; + } + } + + } __except(EXCEPTION_EXECUTE_HANDLER) { + ConsoleOutput("YU-RIS: illegal access exception"); + return false; + } + if (i == entry - 0x100) { + ConsoleOutput("YU-RIS: pattern not exist"); + return false; + } + //GROWL_DWORD2(i,t); + HookParam hp; + hp.address = i + t; + hp.offset=get_reg(regs::edi); + hp.split = get_reg(regs::eax); + hp.type = USING_STRING|USING_SPLIT; + ConsoleOutput("INSERT YU-RIS"); + //GROWL_DWORD(hp.address); + return NewHook(hp, "YU-RIS"); +} + +/** jichi 12/27/2014 + * + * Sample game: [Whirlpool] [150217] 鯨神�ヂ�アスヂ�ラ + * Call site of TextOutA. + * 00441811 90 nop + * 00441812 90 nop + * 00441813 90 nop + * 00441814 8b4424 04 mov eax,dword ptr ss:[esp+0x4] + * 00441818 8b5424 08 mov edx,dword ptr ss:[esp+0x8] + * 0044181c 8b4c24 0c mov ecx,dword ptr ss:[esp+0xc] + * 00441820 57 push edi + * 00441821 56 push esi + * 00441822 55 push ebp + * 00441823 53 push ebx + * 00441824 83ec 50 sub esp,0x50 + * 00441827 8bf9 mov edi,ecx + * 00441829 897c24 1c mov dword ptr ss:[esp+0x1c],edi + * 0044182d 8bda mov ebx,edx + * 0044182f 8be8 mov ebp,eax + * 00441831 8b349d 603f7b00 mov esi,dword ptr ds:[ebx*4+0x7b3f60] + * 00441838 807c24 74 01 cmp byte ptr ss:[esp+0x74],0x1 + * 0044183d b9 00000000 mov ecx,0x0 + * 00441842 0f94c1 sete cl + * 00441845 8d041b lea eax,dword ptr ds:[ebx+ebx] + * 00441848 03c3 add eax,ebx + * 0044184a 0fafc1 imul eax,ecx + * 0044184d 03c3 add eax,ebx + * 0044184f 894424 0c mov dword ptr ss:[esp+0xc],eax + * 00441853 897424 10 mov dword ptr ss:[esp+0x10],esi + * 00441857 8bc3 mov eax,ebx + * 00441859 8bd7 mov edx,edi + * 0044185b 0fbe4c24 70 movsx ecx,byte ptr ss:[esp+0x70] + * 00441860 e8 0c030000 call .00441b71 + * 00441865 0fbec8 movsx ecx,al + * 00441868 83f9 ff cmp ecx,-0x1 + * 0044186b 0f84 db020000 je .00441b4c + * 00441871 8bce mov ecx,esi + * 00441873 0fafc9 imul ecx,ecx + * 00441876 a1 64365d00 mov eax,dword ptr ds:[0x5d3664] + * 0044187b 8bf9 mov edi,ecx + * 0044187d c1ff 02 sar edi,0x2 + * 00441880 c1ef 1d shr edi,0x1d + * 00441883 03f9 add edi,ecx + * 00441885 c1ff 03 sar edi,0x3 + * 00441888 68 ff000000 push 0xff + * 0044188d 57 push edi + * 0044188e ff3485 70b48300 push dword ptr ds:[eax*4+0x83b470] + * 00441895 ff15 a4355d00 call dword ptr ds:[0x5d35a4] ; .00401c88 + * 0044189b 83c4 0c add esp,0xc + * 0044189e 8b0d 64365d00 mov ecx,dword ptr ds:[0x5d3664] + * 004418a4 ff348d b4b48300 push dword ptr ds:[ecx*4+0x83b4b4] + * 004418ab ff348d d4b48300 push dword ptr ds:[ecx*4+0x83b4d4] + * 004418b2 ff15 54e05800 call dword ptr ds:[0x58e054] ; gdi32.selectobject + * 004418b8 a3 b0b48300 mov dword ptr ds:[0x83b4b0],eax + * 004418bd 8b0d 64365d00 mov ecx,dword ptr ds:[0x5d3664] + * 004418c3 ff348d 30b48300 push dword ptr ds:[ecx*4+0x83b430] + * 004418ca ff348d d4b48300 push dword ptr ds:[ecx*4+0x83b4d4] + * 004418d1 ff15 54e05800 call dword ptr ds:[0x58e054] ; gdi32.selectobject + * 004418d7 a3 2cb48300 mov dword ptr ds:[0x83b42c],eax + * 004418dc 8b3d 64365d00 mov edi,dword ptr ds:[0x5d3664] + * 004418e2 33c9 xor ecx,ecx + * 004418e4 880cbd f5b48300 mov byte ptr ds:[edi*4+0x83b4f5],cl + * 004418eb 880cbd f6b48300 mov byte ptr ds:[edi*4+0x83b4f6],cl + * 004418f2 0fb64d 00 movzx ecx,byte ptr ss:[ebp] + * 004418f6 0fb689 a0645b00 movzx ecx,byte ptr ds:[ecx+0x5b64a0] + * 004418fd 41 inc ecx + * 004418fe 0fbec9 movsx ecx,cl + * 00441901 51 push ecx + * 00441902 55 push ebp + * 00441903 33c9 xor ecx,ecx + * 00441905 51 push ecx + * 00441906 51 push ecx + * 00441907 ff34bd d4b48300 push dword ptr ds:[edi*4+0x83b4d4] + * 0044190e ff15 74e05800 call dword ptr ds:[0x58e074] ; gdi32.textouta, jichi: TextOutA here + * 00441914 0fb67d 00 movzx edi,byte ptr ss:[ebp] + * 00441918 0fb68f a0645b00 movzx ecx,byte ptr ds:[edi+0x5b64a0] + * 0044191f 41 inc ecx + * 00441920 0fbef9 movsx edi,cl + * 00441923 8b0d 64365d00 mov ecx,dword ptr ds:[0x5d3664] + * 00441929 03c9 add ecx,ecx + * 0044192b 8d8c09 f4b48300 lea ecx,dword ptr ds:[ecx+ecx+0x83b4f4] + * + * Runtime stack: The first dword after arguments on the stack seems to be good split value. + */ +static bool InsertYuris2Hook() +{ + ULONG addr = MemDbg::findCallAddress((ULONG)::TextOutA, processStartAddress, processStopAddress); + if (!addr) { + ConsoleOutput("YU-RIS2: failed"); + return false; + } + + // BOOL TextOut( + // _In_ HDC hdc, + // _In_ int nXStart, + // _In_ int nYStart, + // _In_ LPCTSTR lpString, + // _In_ int cchString + // ); + HookParam hp; + hp.address = addr; + hp.type = USING_STRING|USING_SPLIT|NO_CONTEXT; // disable context that will cause thread split + hp.offset = get_stack(3); + hp.split = get_stack(5); + + ConsoleOutput("INSERT YU-RIS 2"); + return NewHook(hp, "YU-RIS2"); +} + +bool InsertYuris4Hook() +{ + + /* + * Sample games: + * https://vndb.org/v6540 + */ + bool found = false; + const BYTE pattern[] = { + 0x52, // 52 push edx + 0x68, 0x00, 0x42, 0x5C, 0x00, // 68 00425C00 push euphoria.exe+1C4200 + 0xFF, 0x15, 0x90, 0x44, 0x7E, 0x00, // FF 15 90447E00 call dword ptr [euphoria.exe+3E4490] + 0x83, 0xC4, 0x0C, // 83 C4 0C add esp,0C + 0xEB, 0x5F, // EB 5F jmp euphoria.exe+4F4C5 + 0xFF, 0x35, 0xA4, 0x19, 0x66, 0x00, // FF 35 A4196600 push [euphoria.exe+2619A4] + 0x52 // 52 push edx + }; + enum { addr_offset = 12 }; // distance to the beginning of the function, which is 0x83, 0xC4, 0x0C (add esp,0C) + + for (auto addr : Util::SearchMemory(pattern, sizeof(pattern), PAGE_EXECUTE, processStartAddress, processStopAddress)) + { + HookParam hp; + hp.address = addr+addr_offset; + hp.offset=get_reg(regs::edx); + hp.type = USING_STRING ; + ConsoleOutput("INSERT YU-RIS 4"); + found|=NewHook(hp, "YU-RIS4"); + } + if (!found) ConsoleOutput("YU-RIS 4: pattern not found"); + return found; +} + +bool InsertYuris5Hook() +{ + + /* + * Sample games: + * https://vndb.org/v4037 + */ + const BYTE bytes[] = { + 0x33, 0xD2, // xor edx,edx + 0x88, 0x14, 0x0F, // mov [edi+ecx],dl + 0xA1, XX4, // mov eax,[exe+2DE630] + 0x8B, 0x78, 0x3C, // mov edi,[eax+3C] + 0x8B, 0x58, 0x5C, // mov ebx,[eax+5C] + 0x88, 0x14, 0x3B // mov [ebx+edi],dl + }; + + enum { addr_offset = 0 }; // distance to the beginning of the function, which is 0x55 (push ebp) + ULONG range = min(processStopAddress - processStartAddress, MAX_REL_ADDR); + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStartAddress + range); + if (!addr) + return false; + + HookParam hp; + hp.address = addr + addr_offset; + hp.offset=get_reg(regs::ecx); + hp.type = USING_STRING | NO_CONTEXT; + + ConsoleOutput("INSERT YU-RIS 5"); + return NewHook(hp, "YU-RIS5"); +} + +static bool Yuris6Filter(LPVOID data, size_t *size, HookParam *) +{ + auto text = reinterpret_cast(data); + auto len = reinterpret_cast(size); + static std::string prevText; + + if (prevText.length()==*len && prevText.find(text, 0, *len) != std::string::npos) // Check if the string is present in the previous one + return false; + prevText.assign(text, *len); + + // ruby <手水舎/ちょうずや> + if (cpp_strnstr(text, "\x81\x83", *len)) { // \x81\x83 -> '<' + StringFilterBetween(text, len, "\x81\x5E", 2, "\x81\x84", 2); // \x81\x5E -> '/' , \x81\x84 -> '>' + StringFilter(text, len, "\x81\x83", 2); // \x81\x83 -> '<' + } + // ruby ≪美桜/姉さん≫ + else if (cpp_strnstr(text, "\x81\xE1", *len)) { // \x81\xE1 -> '≪' + StringFilterBetween(text, len, "\x81\x5E", 2, "\x81\xE2", 2); // \x81\x5E -> '/' , \x81\xE2 -> '≫' + StringFilter(text, len, "\x81\xE1", 2); // \x81\xE1 -> '≪' + } + + CharReplacer(text, len, '=', '-'); + StringCharReplacer(text, len, "\xEF\xF0", 2, ' '); + StringFilter(text, len, "\xEF\xF2", 2); + StringFilter(text, len, "\xEF\xF5", 2); + StringFilter(text, len, "\x81\x98", 2); + + return true; +} +bool InsertYuris6Hook() +{ + + /* + * work with Windows 11 + * Sample games: + * https://vndb.org/v40058 + * https://vndb.org/v42883 + * https://vndb.org/v44092 + * https://vndb.org/v21171 + * https://vndb.org/r46910 + */ + const BYTE bytes[] = { + 0xE9, XX4, // jmp oshitona01.exe+1B629 << hook here + 0xBF, XX4, // mov edi,oshitona01.exe+24EEA0 + 0x8A, 0x17, // mov dl,[edi] + 0x47, // inc edi + 0x88, 0x16, // mov [esi],dl + 0x46, // inc esi + 0x84, 0xD2 // test dl,dl + }; + + enum { addr_offset = 0 }; + ULONG range = min(processStopAddress - processStartAddress, MAX_REL_ADDR); + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStartAddress + range); + if (!addr) + return false; + + HookParam hp; + hp.address = addr; + hp.offset=get_reg(regs::eax); + hp.index = 0x38; + hp.filter_fun = Yuris6Filter; + hp.type = USING_STRING | NO_CONTEXT | DATA_INDIRECT; + + ConsoleOutput("INSERT YU-RIS 6"); + return NewHook(hp, "YU-RIS6"); +} +bool yuris7(){ + //猫忍えくすはーとSPIN! + //夏空あすてりずむ + + //https://vndb.org/r111807 + //[210924][1139364][Liquid] 黒獣2改 ~淫欲に染まる背徳の都、再び~ 多国語版 Chinese-English DL版 (files) + const BYTE bytes[] = { + 0x57,0x56,0x55,0x53,0x83,0xec,0x10, + 0x8b,0x5c,0x24,0x24, + 0x8b,0x15,XX4, + 0x8b,0x0c,0x9a, + 0xc6,0x41,0x01,0x03, + 0x8b,0xc3, + 0xe8 + }; + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStopAddress); + if (!addr) return false; + + HookParam hp; + hp.address = addr; + hp.offset=get_reg(regs::edx); + hp.type = USING_STRING; + hp.text_fun = [](hook_stack *stack, HookParam *hp, TextBuffer *buffer, uintptr_t *split) + { + if(stack->edi>0x100)return; + //if(stack->eax==1)return; + if(stack->edi<0x60||stack->edi>0x80)return; + if(strlen((char*)stack->edx)>2)return; + if(strcmp((char*)stack->edx,"BG")==0||strcmp((char*)stack->edx,"VO")==0)return; + + *split=stack->edi;//|(stack->eax*0x100);//会把人名的引号分开 + buffer->from(stack->edx, min(2,strlen((char*)stack->edx))); + }; + return NewHook(hp,"yuris8"); +} +bool yuris8(){ + //けもの道☆ガーリッシュスクエア LOVE+PLUS + //https://vndb.org/v36773 + //codepage 950 + const BYTE bytes[] = { + 0x8b,XX, + 0x8b,0x94,0x24,XX,0,0,0, + 0x8b,0x8c,0x24,XX,0,0,0, + 0xe8,XX4, + 0xeb,XX, + 0x8b,XX, + 0x8b,0x94,0x24,XX,0,0,0, + 0x8b,0x8c,0x24,XX,0,0,0, + 0xe8,XX4, + }; + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStopAddress); + if (!addr) return false; + + HookParam hp; + hp.address = addr+sizeof(bytes)-5; + hp.type = USING_STRING; + hp.offset=get_reg(regs::ecx); + hp.filter_fun=[](void* data, size_t* len, HookParam* hp){ + + auto text=std::string((char*)data,*len); + if(std::all_of(text.begin(),text.end(),[](char c){return c=='1'||c=='2'||c=='E';}))return false; + return true; + }; + return NewHook(hp,"yuris8"); +} +bool InsertYurisHook() +{ + bool ok = InsertYuris1Hook(); + ok = InsertYuris2Hook() || ok; + ok = InsertYuris4Hook() || ok; + ok = InsertYuris5Hook() || ok; + ok = InsertYuris6Hook() || ok; + ok=yuris7()||ok; + ok=yuris8()||ok; + return ok; +} + + +bool Yuris::attach_function() { + + return InsertYurisHook(); +} \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine32/Yuris.h b/cpp/LunaHook/LunaHook/engine32/Yuris.h new file mode 100644 index 00000000..a12424df --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/Yuris.h @@ -0,0 +1,16 @@ + + +class Yuris:public ENGINE{ + public: + Yuris(){ + + check_by=CHECK_BY::CUSTOM; + is_engine_certain=false; + check_by_target=[](){ + // jichi 8/1/2014: YU-RIS engine, lots of clockup game also has this pattern + // jichi 8/14/2013: CLOCLUP: "ノーブレスオブリージュ" would crash the game. + return (Util::CheckFile(L"pac\\*.ypf") || Util::CheckFile(L"*.ypf")) &&(!Util::CheckFile(L"noblesse.exe")); + }; + }; + bool attach_function(); +}; \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine32/akatombo.cpp b/cpp/LunaHook/LunaHook/engine32/akatombo.cpp new file mode 100644 index 00000000..8f5cb1f3 --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/akatombo.cpp @@ -0,0 +1,20 @@ +#include "akatombo.h" + +bool akatombo::attach_function() +{ + // サキュヴァス ~堕ちた天使~ + // https://vndb.org/v7387 + BYTE bytes[] = { + 0x3C, 0x80, 0x72, XX, 0x3C, 0x9F, 0x76, XX, 0x3C, 0xE0, 0x72, XX, 0x3C, 0xEF, 0x77, XX}; + auto addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStopAddress); + if (addr == 0) + return false; + addr = findfuncstart(addr, 0x200); + if (addr == 0) + return false; + HookParam hp; + hp.address = addr; + hp.offset = get_stack(1); + hp.type = USING_STRING | EMBED_ABLE | EMBED_AFTER_NEW | EMBED_DYNA_SJIS; + return NewHook(hp, "akatombo"); +} \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine32/akatombo.h b/cpp/LunaHook/LunaHook/engine32/akatombo.h new file mode 100644 index 00000000..82b8af73 --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/akatombo.h @@ -0,0 +1,14 @@ + + +class akatombo : public ENGINE +{ +public: + akatombo() + { + + check_by = CHECK_BY::RESOURCE_STR; + check_by_target = L"akatombo"; + is_engine_certain = false; + }; + bool attach_function(); +}; \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine32/cef.cpp b/cpp/LunaHook/LunaHook/engine32/cef.cpp new file mode 100644 index 00000000..eb59fffd --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/cef.cpp @@ -0,0 +1,220 @@ +#include "cef.h" +typedef wchar_t char16; + +typedef struct _cef_string_wide_t +{ + wchar_t *str; + size_t length; + void (*dtor)(wchar_t *str); +} cef_string_wide_t; + +typedef struct _cef_string_utf8_t +{ + char *str; + size_t length; + void (*dtor)(char *str); +} cef_string_utf8_t; + +typedef struct _cef_string_utf16_t +{ + char16 *str; + size_t length; + void (*dtor)(char16 *str); +} cef_string_utf16_t; +static void hook_cef_string_utf16_t(hook_stack *stack, HookParam *hp, uintptr_t *data, uintptr_t *split, size_t *len) +{ + if (auto p = (_cef_string_utf16_t *)stack->stack[1]) + { + *data = (DWORD)p->str; + *len = p->length; // for widechar + + auto s = stack->ecx; + for (int i = 0; i < 0x10; i++) // traverse pointers until a non-readable address is met + if (s && !::IsBadReadPtr((LPCVOID)s, sizeof(DWORD))) + s = *(DWORD *)s; + else + break; + if (!s) + s = hp->address; + if (hp->type & USING_SPLIT) + *split = s; + } +} +static void hook_cef_string_wide_t(hook_stack *stack, HookParam *hp, uintptr_t *data, uintptr_t *split, size_t *len) +{ + if (auto p = (_cef_string_wide_t *)stack->stack[1]) + { + *data = (DWORD)p->str; + *len = p->length; // for widechar + + auto s = stack->ecx; + for (int i = 0; i < 0x10; i++) // traverse pointers until a non-readable address is met + if (s && !::IsBadReadPtr((LPCVOID)s, sizeof(DWORD))) + s = *(DWORD *)s; + else + break; + if (!s) + s = hp->address; + if (hp->type & USING_SPLIT) + *split = s; + } +} +static void hook_cef_string_utf8_t(hook_stack *stack, HookParam *hp, uintptr_t *data, uintptr_t *split, size_t *len) +{ + if (auto p = (_cef_string_utf8_t *)stack->stack[1]) + { + *data = (DWORD)p->str; + *len = p->length; // for widechar + + auto s = stack->ecx; + for (int i = 0; i < 0x10; i++) // traverse pointers until a non-readable address is met + if (s && !::IsBadReadPtr((LPCVOID)s, sizeof(DWORD))) + s = *(DWORD *)s; + else + break; + if (!s) + s = hp->address; + if (hp->type & USING_SPLIT) + *split = s; + } +} +bool InsertlibcefHook(HMODULE module) +{ + if (!module) + return false; + bool ret = false; + + struct libcefFunction + { // argument indices start from 0 for SpecialHookMonoString, otherwise 1 + const char *functionName; + size_t textIndex; // argument index + short lengthIndex; // argument index + unsigned long hookType; // HookParam type + void *text_fun; // HookParam::text_fun_t + }; + + HookParam hp; + const libcefFunction funcs[] = { + {"cef_string_utf8_set", 1, 0, USING_STRING | CODEC_UTF8 | NO_CONTEXT, NULL}, // ok + {"cef_string_utf8_to_utf16", 1, 0, USING_STRING | CODEC_UTF8 | NO_CONTEXT, NULL}, + {"cef_string_utf8_to_wide", 1, 0, USING_STRING | CODEC_UTF8 | NO_CONTEXT, NULL}, // ok + {"cef_string_utf8_clear", 0, 0, USING_STRING | CODEC_UTF8 | NO_CONTEXT, hook_cef_string_utf8_t}, + + {"cef_string_utf16_set", 1, 0, USING_STRING | CODEC_UTF16 | NO_CONTEXT, NULL}, // ok + {"cef_string_utf16_clear", 0, 0, USING_STRING | CODEC_UTF16, hook_cef_string_utf16_t}, // ok + {"cef_string_utf16_to_utf8", 1, 0, USING_STRING | CODEC_UTF16 | NO_CONTEXT, NULL}, // ok + {"cef_string_utf16_to_wide", 1, 0, USING_STRING | CODEC_UTF16 | NO_CONTEXT, NULL}, + + {"cef_string_ascii_to_utf16", 1, 0, USING_STRING | NO_CONTEXT, NULL}, + {"cef_string_ascii_to_wide", 1, 0, USING_STRING | NO_CONTEXT, NULL}, + + {"cef_string_wide_set", 1, 0, USING_STRING | CODEC_UTF16 | NO_CONTEXT, NULL}, // ok + {"cef_string_wide_to_utf16", 1, 0, USING_STRING | CODEC_UTF16 | NO_CONTEXT, NULL}, + {"cef_string_wide_to_utf8", 1, 0, USING_STRING | CODEC_UTF16 | NO_CONTEXT, NULL}, + {"cef_string_wide_clear", 0, 0, USING_STRING | CODEC_UTF16, hook_cef_string_wide_t}}; + for (auto func : funcs) + { + if (FARPROC addr = ::GetProcAddress(module, func.functionName)) + { + if (addr == 0) + continue; + hp.address = (DWORD)addr; + hp.type = func.hookType; + hp.offset = func.textIndex * 4; + hp.length_offset = func.lengthIndex * 4; + hp.text_fun = (decltype(hp.text_fun))func.text_fun; + ConsoleOutput("libcef: INSERT"); + ret |= NewHook(hp, func.functionName); + } + } + + if (!ret) + ConsoleOutput("libcef: failed to find function address"); + return ret; +} +namespace +{ + bool ceffileter(void *data, uintptr_t *size, HookParam *hp) + { + auto s = std::wstring((wchar_t *)data, *size / 2); + if (s == *(std::wstring *)(hp->user_value)) + return false; + *(std::wstring *)(hp->user_value) = s; + return true; + }; +} +bool libcefhook(HMODULE module) +{ + // https://vndb.org/v12297 + // 魔降ル夜ノ凜 Animation ダウンロード版 + + auto [minAddress, maxAddress] = Util::QueryModuleLimits(module); + ConsoleOutput("check v8libcefhook %p %p", minAddress, maxAddress); + const BYTE bytes[] = { + 0x50, + 0x51, + 0x52, + 0x57, + 0xff, 0xd6, + 0x83, 0xc4, 0x10, + 0x8b, 0x4d, XX, + 0x89, 0xc6, + 0x31, 0xe9, + 0xe8, XX4, + 0x89, 0xF0, + 0x83, 0xC4, 0x18, + 0x5e, + 0x5f, + 0x5d, + 0xc3 + + }; + // 対魔忍ユキカゼ2Animation + const BYTE bytes2[] = { + 0x51, + 0x57, + 0x52, + 0x50, + 0xff, 0xd6, + 0x83, 0xc4, 0x10, + 0x8b, 0x4d, XX, + 0x89, 0xc6, + 0x31, 0xe9, + 0xe8, XX4, + 0x89, 0xF0, + 0x83, 0xC4, 0x18, + 0x5e, + 0x5f, + 0x5b, + 0x5d, + 0xc3 + + }; + bool succ = false; + for (auto addrs : {Util::SearchMemory(bytes, sizeof(bytes), PAGE_EXECUTE_READWRITE, minAddress, maxAddress), Util::SearchMemory(bytes2, sizeof(bytes2), PAGE_EXECUTE_READWRITE, minAddress, maxAddress)}) + { + for (auto addr : addrs) + { + HookParam hp; + hp.address = addr + 4; + hp.offset = get_stack(1); + hp.filter_fun = ceffileter; + hp.newlineseperator = L"
"; + hp.length_offset = 2; + hp.type = USING_STRING | CODEC_UTF16 | NO_CONTEXT; + hp.user_value = (DWORD) new std::wstring; + succ |= NewHook(hp, "libcef"); + } + } + return succ; +} +bool cef::attach_function() +{ + auto hm = GetModuleHandleW(L"libcef.dll"); + + if (!hm) + return false; + // InsertlibcefHook(hm); + + return libcefhook(hm); +} \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine32/cef.h b/cpp/LunaHook/LunaHook/engine32/cef.h new file mode 100644 index 00000000..1065e8f9 --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/cef.h @@ -0,0 +1,14 @@ + + +class cef:public ENGINE{ + public: + cef(){ + + check_by=CHECK_BY::CUSTOM; + is_engine_certain=false; + check_by_target=[](){ + return GetModuleHandleW(L"libcef.dll"); + }; + }; + bool attach_function(); +}; diff --git a/cpp/LunaHook/LunaHook/engine32/godot.cpp b/cpp/LunaHook/LunaHook/engine32/godot.cpp new file mode 100644 index 00000000..38dd2e19 --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/godot.cpp @@ -0,0 +1,203 @@ +#include"godot.h" + +bool queryversion(WORD *_1, WORD *_2, WORD *_3, WORD *_4) +{ + wchar_t fileName[MAX_PATH]; + GetModuleFileNameW(NULL, fileName, MAX_PATH); + DWORD dwHandle; + DWORD dwSize = GetFileVersionInfoSizeW(fileName, &dwHandle); + if (dwSize == 0) + { + return false; + } + + std::vector versionInfoBuffer(dwSize); + if (!GetFileVersionInfoW(fileName, dwHandle, dwSize, versionInfoBuffer.data())) + { + return false; + } + + VS_FIXEDFILEINFO *pFileInfo; + UINT fileInfoSize; + if (!VerQueryValueW(versionInfoBuffer.data(), L"\\", reinterpret_cast(&pFileInfo), &fileInfoSize)) + { + return false; + } + + DWORD ms = pFileInfo->dwFileVersionMS; + DWORD ls = pFileInfo->dwFileVersionLS; + + WORD majorVersion = HIWORD(ms); + WORD minorVersion = LOWORD(ms); + WORD buildNumber = HIWORD(ls); + WORD revisionNumber = LOWORD(ls); + *_1 = majorVersion; + *_2 = minorVersion; + *_3 = buildNumber; + *_4 = revisionNumber; + return true; +} +namespace{ +bool godot35(){ + //https://store.steampowered.com/app/1713610/__Purrgatory/ + //喵的炼狱 / Purrgatory + /* + int __userpurge sub_C49270@( + int a1@, + int a2, + int a3, + float *a4, + int *a5, + int a6, + int a7, + int a8, + int *a9, + float *a10, + float *a11, + char a12, + float *a13, + int *a14, + int *a15, + int *a16, + _BYTE *a17, + int a18) + */ +/* +特征 + v90 = *v81; + if ( (unsigned __int16)(v90 - 11784) > 0x71F7u + && (unsigned __int16)(v90 + 21504) > 0x2BFFu + && (unsigned __int16)(v90 + 1792) > 0x1FFu + && (unsigned __int16)(v90 + 464) > 0x1Fu + && (unsigned __int16)(v90 + 155) > 0x77u ) + + + */ + /* + const CharType current = c[end]; + const bool separatable = (current >= 0x2E08 && current <= 0x9FFF) || // CJK scripts and symbols. + (current >= 0xAC00 && current <= 0xD7FF) || // Hangul Syllables and Hangul Jamo Extended-B. + (current >= 0xF900 && current <= 0xFAFF) || // CJK Compatibility Ideographs. + (current >= 0xFE30 && current <= 0xFE4F) || // CJK Compatibility Forms. + (current >= 0xFF65 && current <= 0xFF9F) || // Halfwidth forms of katakana + (current >= 0xFFA0 && current <= 0xFFDC) || // Halfwidth forms of compatibility jamo characters for Hangul + (current >= 0x20000 && current <= 0x2FA1F) || // CJK Unified Ideographs Extension B ~ F and CJK Compatibility Ideographs Supplement. + (current >= 0x30000 && current <= 0x3134F); // CJK Unified Ideographs Extension G. + */ + /* + 这个函数是scene/gui/rich_text_label.cpp + int RichTextLabel::_process_line(ItemFrame *p_frame, const Vector2 &p_ofs, int &y, int p_width, int p_line, ProcessMode p_mode, const Ref &p_base_font, const Color &p_base_color, const Color &p_font_color_shadow, bool p_shadow_as_outline, const Point2 &shadow_ofs, const Point2i &p_click_pos, Item **r_click_item, int *r_click_char, bool *r_outside, int p_char_count) + */ + BYTE sig[]={ + /* + .text:017FA34C movzx eax, word ptr [esi] +.text:017FA34F lea edx, [eax-2E08h] +.text:017FA355 cmp dx, 71F7h +.text:017FA35A lea edx, [eax+5400h] +.text:017FA360 setbe cl +.text:017FA363 cmp dx, 2BFFh +.text:017FA368 setbe dl +.text:017FA36B or dl, cl +.text:017FA36D jz loc_17FA230 + */ + 0x0f,0xb7,0x06, + 0x8D,0x90,0xF8,0xD1,0xFF,0xFF, + 0x66,0x81,0xFA,0xF7,0x71, + 0x8D,0x90,0x00,0x54,0x00,0x00, + 0x0F,0x96,0xC1, + 0x66,0x81,0xFA,0xFF,0x2B, + 0x0F,0x96,0xc2,0x08,0xca, + 0x0f,0x84, + }; + auto addr=MemDbg::findBytes(sig,sizeof(sig),processStartAddress,processStopAddress); + if(!addr)return false; + BYTE sig2[]={ + // shl esi, 6 + 0xC1,0xE6,0x06 + }; + addr=reverseFindBytes(sig2,sizeof(sig2),addr-0x1800,addr); + if(!addr)return false; + BYTE sig3[]={0x01,0xF0};//add eax, esi + addr=MemDbg::findBytes(sig3,sizeof(sig3),addr,addr+0x40); + + if(!addr)return false; + + HookParam hp; + hp.address = addr+sizeof(sig3); + + hp.type = USING_STRING|CODEC_UTF16; + hp.text_fun=[](hook_stack *stack, HookParam *hp, TextBuffer *buffer, uintptr_t *split){ + /* + Line &l = p_frame->lines.write[p_line]; + Item *it = l.from; + */ + /* + while (it) { + switch (it->type) { + case ITEM_ALIGN: { + ItemAlign *align_it = static_cast(it); + + align = align_it->align; + + } break; + case ITEM_INDENT: { + if (it != l.from) { + ItemIndent *indent_it = static_cast(it); + + float indent = indent_it->level * tab_size * cfont->get_char_size(' ').width; + margin += indent; + begin += indent; + wofs += indent; + } + + } break; + case ITEM_TEXT: { + ItemText *text = static_cast(it); + + Ref font = _find_font(it); + if (font.is_null()) { + font = p_base_font; + } + + const CharType *c = text->text.c_str(); + const CharType *cf = c; + */ +/* +struct ItemText : public Item { + String text; + ItemText() { type = ITEM_TEXT; } + }; +*/ + /* + const CharType *String::c_str() const { + static const CharType zero = 0; + + return size() ? &operator[](0) : &zero; +} + */ + + + //Line &l = p_frame->lines.write[p_line]; + //Item *it = l.from; + + //auto v471 = (int *)((a7 << 6) + *(DWORD *)(a3 + 40)); + + if(stack->retaddr!=1)return;//不懂为什么这个是1,按理说返回地址应该一样才对。不管了无所谓 + auto v471= (DWORD*)stack->eax; + auto v481 = *v471; + auto ptr=*(WCHAR**)(v481 + 28); + buffer->from_cs(ptr); + }; + + return NewHook(hp, "godot35"); +} +} +bool godot::attach_function() { + WORD _1,_2,_3,_4; + queryversion(&_1,&_2,&_3,&_4); + ConsoleOutput("%d %d %d %d",_1,_2,_3,_4); + if(_1==3&&_2==5){ + return godot35(); + } + return false; +} \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine32/godot.h b/cpp/LunaHook/LunaHook/engine32/godot.h new file mode 100644 index 00000000..423e73b7 --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/godot.h @@ -0,0 +1,11 @@ + + +class godot:public ENGINE{ + public: + godot(){ + + check_by=CHECK_BY::RESOURCE_STR; + check_by_target=L"Godot Engine"; + }; + bool attach_function(); +}; \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine32/hibiki.cpp b/cpp/LunaHook/LunaHook/engine32/hibiki.cpp new file mode 100644 index 00000000..c1a39d13 --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/hibiki.cpp @@ -0,0 +1,101 @@ +#include"hibiki.h" + +bool hibikihook() { + //LOVELY×C∧TION +/*seg000:0044FC05 83 FF 20 cmp edi, 20h ; ' ' +seg000:0044FC08 0F 84 E6 00 00 00 jz loc_44FCF4 +seg000:0044FC08 +seg000:0044FC0E 81 FF 00 30 00 00 cmp edi, 3000h +seg000:0044FC14 0F 84 E9 00 00 00 jz loc_44FD03*/ + const BYTE bytes[] = { + 0x83,0xff,0x20, + 0x0f,0x84,XX4, + 0x81,0xff,0x00,0x30,0x00,0x00, + 0x0f,0x84,XX4 + }; + + auto addrs = Util::SearchMemory(bytes, sizeof(bytes), PAGE_EXECUTE, processStartAddress, processStopAddress); + bool succ=false; + for (auto addr :addrs) { + addr = MemDbg::findEnclosingAlignedFunction(addr); + if (!addr) { continue; } + HookParam hp; + hp.address = addr; + + hp.offset =get_stack(3); + hp.type = CODEC_UTF16; + + + ConsoleOutput("INSERT hibiki_extra %p",addr); + + succ|=NewHook(hp, "hibiki_extra"); + } + + + + return succ; + +} +bool YaneSDKFilter(LPVOID data, size_t *size, HookParam *) +{ + auto text = reinterpret_cast(data); + auto len = reinterpret_cast(size); + static std::wstring prevText; + + if (!*len) + return false; + text[*len/sizeof(wchar_t)] = L'\0'; // clean text + + if (!prevText.compare(text)) + return false; + prevText = text; + + StringCharReplacer(text, len, L"[r]", 3, L' '); + StringFilter(text, len, L"[np]", 4); + + if (cpp_wcsnstr(text, L"'", *len/sizeof(wchar_t))) { // [桜木'さくらぎ] + StringFilterBetween(text, len, L"'", 1, L"]", 1); + } + CharFilter(text, len, L'['); + CharFilter(text, len, L']'); + + return true; +} + +bool InsertYaneSDKHook() +{ + + /* + * Sample games: + * https://vndb.org/v21734 + * https://vndb.org/v21455 + * https://vndb.org/v20406 + */ + const BYTE bytes[] = { + 0x83, 0xF9, 0x08, // cmp ecx,08 << hook here + 0x8D, 0x45, 0x0C, // lea eax,[ebp+0C] + 0x8D, 0x4D, 0xBC, // lea ecx,[ebp-44] + 0x0F, 0x43, 0xC2, // cmovae eax,edx + 0x0F, 0xB7, 0x04, 0x70 // movzx eax,word ptr [eax+esi*2] + }; + + ULONG range = min(processStopAddress - processStartAddress, MAX_REL_ADDR); + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStartAddress + range); + if (!addr) { + ConsoleOutput("YaneSDK: pattern not found"); + return false; + } + + HookParam hp; + hp.address = addr; + hp.offset=get_reg(regs::eax); + hp.filter_fun = YaneSDKFilter; + hp.type = CODEC_UTF16 | USING_STRING | NO_CONTEXT; + ConsoleOutput("INSERT YaneSDK"); + + return NewHook(hp, "YaneSDK"); +} +bool hibiki::attach_function() { + + return hibikihook()||InsertYaneSDKHook(); +} \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine32/hibiki.h b/cpp/LunaHook/LunaHook/engine32/hibiki.h new file mode 100644 index 00000000..bf9ced1e --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/hibiki.h @@ -0,0 +1,12 @@ + + +class hibiki:public ENGINE{ + public: + hibiki(){ + + check_by=CHECK_BY::FILE; + check_by_target=L"arc/*.dat"; + is_engine_certain=false; + }; + bool attach_function(); +}; \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine32/jukujojidai.cpp b/cpp/LunaHook/LunaHook/engine32/jukujojidai.cpp new file mode 100644 index 00000000..30f23963 --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/jukujojidai.cpp @@ -0,0 +1,23 @@ +#include"jukujojidai.h" + +bool jukujojidai::attach_function() { + + const BYTE bytes[] = { + //撫乳~今夜、あなたのお掃除しましょうか?~ + //https://vndb.org/v15867 + 0x41, + 0x83,0xC0,0x20, + 0x81,0xF9,0xC8,0x00,0x00,0x00, + 0x7C + }; + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStopAddress); + if (addr == 0)return false; + addr = MemDbg::findEnclosingAlignedFunction(addr,0x1000); + if (addr == 0)return false; + HookParam hp; + hp.address = addr; + hp.offset=get_stack(1); + hp.type = CODEC_UTF16|DATA_INDIRECT; + + return NewHook(hp, "jukujojidai"); +} \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine32/jukujojidai.h b/cpp/LunaHook/LunaHook/engine32/jukujojidai.h new file mode 100644 index 00000000..49ca6f41 --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/jukujojidai.h @@ -0,0 +1,12 @@ + + +class jukujojidai:public ENGINE{ + public: + jukujojidai(){ + + check_by=CHECK_BY::FILE_ALL; + check_by_target=check_by_list{L"adv",L"bg",L"bgm",L"ch",L"ev",L"se",L"system",L"voice"}; + }; + bool attach_function(); +}; + \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine32/littlecheese.cpp b/cpp/LunaHook/LunaHook/engine32/littlecheese.cpp new file mode 100644 index 00000000..b62d464d --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/littlecheese.cpp @@ -0,0 +1,21 @@ +#include"littlecheese.h" + +bool littlecheese::attach_function() { + //黒と金の開かない鍵 + /*if ( a3 == 33088 ) + cmp edx, 8140h*/ + const BYTE bytes81[] = { + 0x81,0xFA,0x40,0x81,0x00,0x00,0x75 + }; + auto addr = MemDbg::findBytes(bytes81, sizeof(bytes81), processStartAddress, processStopAddress); + if (addr == 0)return false; + const BYTE align[] = { 0x83,0xC4 };//add esp xxx + addr = reverseFindBytes(align, sizeof(align), addr - 0x100, addr); + if (addr == 0)return false; + HookParam hp; + hp.address = addr; + ConsoleOutput("%p", addr); + hp.offset =get_reg(regs::ecx); + hp.type |= CODEC_ANSI_BE; + return NewHook(hp, "littlecheese"); +} \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine32/littlecheese.h b/cpp/LunaHook/LunaHook/engine32/littlecheese.h new file mode 100644 index 00000000..cd928340 --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/littlecheese.h @@ -0,0 +1,12 @@ + + +class littlecheese:public ENGINE{ + public: + littlecheese(){ + + check_by=CHECK_BY::FILE; + check_by_target=L"*.bmx"; + is_engine_certain=false; + }; + bool attach_function(); +}; \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine32/lucifen.cpp b/cpp/LunaHook/LunaHook/engine32/lucifen.cpp new file mode 100644 index 00000000..9136654d --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/lucifen.cpp @@ -0,0 +1,1012 @@ +#include"Lucifen.h" +/******************************************************************************************** +Lucifen hook: + Game folder contains *.lpk. Used by Navel games. + Hook is same to GetTextExtentPoint32A, use ESP to split name. +********************************************************************************************/ +bool InsertLucifenHook() +{ + // BOOL GetTextExtentPoint32( + // _In_ HDC hdc, + // _In_ LPCTSTR lpString, + // _In_ int c, + // _Out_ LPSIZE lpSize + // ); + HookParam hp; + hp.address = (DWORD)::GetTextExtentPoint32A; + hp.offset=get_stack(2); // arg2 lpString + hp.split = get_reg(regs::esp); + hp.length_offset = 3; + hp.type = USING_STRING|USING_SPLIT; + ConsoleOutput("INSERT Lucifen"); + return NewHook(hp, "Lucifen"); + //RegisterEngineType(ENGINE_LUCIFEN); +} +namespace{ + bool hook(){ + //まじかるカナン -RISEA- + auto oldoutline=(ULONG)GetProcAddress(GetModuleHandle(L"gdi32.dll"),"GetGlyphOutline"); + auto addr=MemDbg::findCallerAddress(oldoutline, 0xec8b55,processStartAddress, processStopAddress); + if (addr == 0) + addr=MemDbg::findCallerAddress((ULONG)GetGlyphOutlineA, 0xec8b55,processStartAddress, processStopAddress); + if (addr == 0) + return false; + HookParam hp; + hp.address = addr; + hp.offset=get_stack(1); + hp.split=get_stack(6); + hp.type = CODEC_ANSI_BE |USING_SPLIT; + return NewHook(hp, "Lucifen2"); + } +} + + void hookBefore_navel(hook_stack *s, HookParam *hp, TextBuffer *buffer, uintptr_t *split) + { + + auto text = std::string((char*)s->stack[1]); // text in arg1 + + + if(text.find("$&")!=text.npos){ + text=text.substr(text.find("$&")+2); + } + if(text[text.size()-1]=='$') + text=text.substr(0,text.size()-1); + + buffer->from(text); + } + void hookafter_navel(hook_stack*s,void* data, size_t len) + { + auto text = std::string((char*)s->stack[1]); // text in arg1 + auto split = s->stack[0]; // retaddr + + std::string newData = std::string((char*)data,len); + + if(text.find("$&")!=text.npos){ + newData=text.substr(0,text.find("$&")+2)+newData; + } + if(text[text.size()-1]=='$') + newData=newData+"$"; + + strcpy((char*)s->stack[1], newData.c_str()); + //s->stack[1] = (ULONG)newData.data(); + } + +bool attach_navel(ULONG startAddress, ULONG stopAddress) // attach scenario +{ +// 通过搜索3C 9F(i > 0x9Fu shiftjis范围判断)找到。 +// int __thiscall sub_455AB0(int this, _BYTE *a2) +// { +// LPCSTR **v2; // ebx +// int v3; // edi +// _BYTE *v4; // ebp +// char v5; // cl +// _BYTE *v6; // ebx +// int v7; // esi +// unsigned __int8 v8; // al +// char v9; // al +// const CHAR **v10; // ebx +// bool v11; // zf +// const CHAR *v12; // eax +// unsigned int v13; // esi +// char *v14; // eax +// char *v16; // ecx +// unsigned __int8 v17; // al +// char v18; // al +// const CHAR ***v19; // ebp +// const CHAR *v20; // esi +// int v21; // eax +// unsigned __int8 v22; // al +// char v23; // cl +// int v24; // esi +// LPCSTR **j; // ebp +// char v26; // al +// LPCSTR **v27; // ebx +// char v28; // al +// char v29; // al +// char v30; // al +// unsigned int v31; // esi +// unsigned __int8 *v32; // eax +// char v33; // al +// int v34; // eax +// unsigned __int8 *v35; // ebx +// unsigned __int8 v36; // al +// char v37; // al +// const CHAR ***v38; // ebp +// const CHAR *v39; // esi +// int v40; // eax +// CHAR *v41; // edi +// char v42; // al +// unsigned __int8 v43; // al +// unsigned __int8 v44; // al +// unsigned __int16 *v45; // ebp +// unsigned __int16 *v46; // edi +// unsigned int v47; // eax +// __int16 v48; // dx +// unsigned __int16 *v49; // esi +// unsigned int v51; // [esp+14h] [ebp-4h] +// char *i; // [esp+1Ch] [ebp+4h] +// unsigned int v53; // [esp+1Ch] [ebp+4h] + + const uint8_t bytes[] = { + 0x50, + 0xff,0x15,0xfc,0xd0,0x4e,0x00, + 0x03,0xf0, + 0x83,0xc3,0x04, + 0xb1,0x01 + }; + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), startAddress, stopAddress); + if (addr == 0)return false; + + addr = MemDbg::findEnclosingAlignedFunction(addr); + if (!addr) return false; + HookParam hp; + hp.address = addr; + hp.type = EMBED_ABLE|EMBED_DYNA_SJIS|NO_CONTEXT; + hp.text_fun=hookBefore_navel; + hp.hook_after=hookafter_navel; + hp.hook_font=F_GetGlyphOutlineA|F_GetTextExtentPoint32A; + return NewHook(hp, "LucifenEmbed"); +} +namespace { // unnamed +namespace ScenarioHook { + +std::unordered_set textHashes_; + +namespace Private { + + ULONG scenarioOffset_, + nameOffset_; + + std::string replaceNewLines(const std::string &data) + { + std::string ret; + //ret.replace("\n", 1, "\x00\x5b\x0c\x00\x00\x00\x0e\x00\x00\x00\x00\x00\x00\x00", 0xc + 2); + for (auto p = data.c_str(); *p;) + if (*p == '\n') { + ret.append("\x00\x5b\x0c\x00\x00\x00\x0e\x00\x00\x00\x00\x00\x00\x00", 0xc + 2); + p++; + } else { + ret.push_back(*p++); + if (*p && dynsjis::isleadbyte(p[-1])) + ret.push_back(*p++); + } + + //std::string ret; + //do { + // ret.append(start, p - start); + // if (dynsjis::prevchar(p, start) == p - 1) { + // ret.append("\x00\x5b\x0c\x00\x00\x00\x0e\x00\x00\x00\x00\x00\x00\x00", 0xc + 2); + // p++; + // } else { + // start = p; + // p = ::strchr(p, '\n'); + // } + //} while (p && *p); + return ret; + } + + /** + * Sample game: 猫撫ディストーション + * + * 0x5b is the text to skip next character + * + * Ruby: + * 014BB52C 81 77 8C F5 00 5B 1C 00 00 00 1B 00 00 00 01 00 『光.[....... + * 014BB53C 00 00 03 0B 00 00 00 83 72 83 62 83 4F 83 6F 83 .. ...ビッグバ・ + * 014BB54C 93 00 81 78 82 CC 91 4F 81 5C 81 5C 00 5B 0C 00 ・』の前――.[.. + * 014BB55C 00 00 0E 00 00 00 00 00 00 00 82 C2 82 DC 82 E8 .........つまり + * 014BB56C 81 41 89 46 92 88 82 AA 90 B6 82 DC 82 EA 82 E9 、宇宙が生まれる + * 014BB57C 91 4F 82 A9 82 E7 82 A0 82 C1 82 BD 82 E0 82 CC 前からあったもの + * 014BB58C 81 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 。.............. + * 014BB59C 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ + * + * No ruby: + * 014BB52C 82 B6 82 E1 82 A0 81 41 81 77 8C BE 97 74 81 78 じゃあ、『言葉』 + * 014BB53C 82 C1 82 C4 89 BD 82 C8 82 F1 82 BE 81 48 6F 83 って何なんだ?o・ + * 014BB54C 93 00 81 78 82 CC 91 4F 81 5C 81 5C 00 5B 0C 00 ・』の前――.[.. + * 014BB55C 00 00 0E 00 00 00 00 00 00 00 82 C2 82 DC 82 E8 .........つまり + * 014BB56C 81 41 89 46 92 88 82 AA 90 B6 82 DC 82 EA 82 E9 、宇宙が生まれる + * 014BB57C 91 4F 82 A9 82 E7 82 A0 82 C1 82 BD 82 E0 82 CC 前からあったもの + * 014BB58C 81 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 。.............. + * 014BB59C 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ + * 014BB5AC 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ + * 014BB5BC 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ + * 014BB5CC 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ + * + * 014BB52C 96 85 82 CC 8B D5 00 5B 16 00 00 00 1B 00 00 00 妹の琴.[...... + * 014BB53C 01 00 00 00 03 05 00 00 00 82 B1 82 C6 00 8E 71 ......こと.子 + * 014BB54C 00 5B 14 00 00 00 1B 00 00 00 01 00 00 00 03 03 .[......... + * 014BB55C 00 00 00 82 B1 00 82 CD 82 BB 82 A4 8C BE 82 C1 ...こ.はそう言っ + * 014BB56C 82 BD 81 42 82 C6 82 A2 82 A4 88 D3 96 A1 82 F0 た。という意味を + * 014BB57C 97 5E 82 A6 82 BD 82 CC 81 76 82 BD 82 E0 82 CC 与えたの」たもの + * 014BB58C 81 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 。.............. + * 014BB59C 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ + * 014BB5AC 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ + * 014BB5BC 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ + * 014BB5CC 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ + * + * New line: + * 014D7D39 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ + * 014D7D49 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ + * 014D7D59 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ + * 014D7D69 00 00 00 00 00 01 00 E6 01 00 00 54 01 00 00 00 ......・..T... + * 014D7D79 00 00 00 B0 11 52 00 D8 CD 4D 01 44 EE E9 07 D8 ...ーR.リヘMD鵫リ + * 014D7D89 CD 4D 01 00 00 00 00 00 00 00 00 00 00 00 00 00 ヘM............. + * 014D7D99 00 00 00 F0 50 4E 01 0C 53 4E 01 F0 54 4E 01 10 ...N.SNN + * 014D7DA9 00 00 00 00 00 00 00 82 BB 82 B5 82 C4 89 B4 82 .......そして俺・ + * 014D7DB9 C9 82 E0 81 41 00 5B 0C 00 00 00 0E 00 00 00 00 ノも、.[........ + * 014D7DC9 00 00 00 90 7E 96 5B 82 CC 82 B1 82 EB 82 A9 82 ...厨房のころか・ + * 014D7DD9 E7 8E 6C 94 4E 8A D4 81 41 96 88 93 FA 91 B1 82 邇l年間、毎日続・ + * 014D7DE9 AF 82 C4 82 A2 82 E9 82 B1 82 C6 82 AA 82 A0 82 ッていることがあ・ + * 014D7DF9 E9 81 42 00 00 00 00 00 00 00 00 00 00 00 00 00 驕B............. + * 014D7E09 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ + * 014D7E19 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ + * 014D7E29 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ + * 014D7E39 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ + * 014D7E49 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ + * 014D7E59 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ + * 014D7E69 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ + * 014D7E79 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ + * 014D7E89 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ + * 014D7E99 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ + */ + template + strT ltrimScenarioText(strT p) + { + while (p[0] == 0 && p[1] == 0x5b && p[2] > 0) + p += p[2] + 2; + return p; + } + std::string parseScenarioText(const char *p, const char *end) + { + int size = ::strlen(p); + if (end > p && end - p < size) + size = end - p; + std::string ret; + if (size) + ret=std::string(p, size); + //if ((uint8_t)p[ret.size() - 1] == 0x93 && (uint8_t)p[ret.size() - 1] == 0x83)// trim encindg \x83\x93 + // return ret.left(ret.size() - 2); + for (p += ret.size(); (!end || p < end) && p[1] == 0x5b && p[2] > 0; p += ret.size()) { + //if (p[2] == 0xc && p[6] == 0xe) { + // ret.push_back('\n'); + // ret.push_back('\n'); // insert double new lines + //} + p += p[2] + 2; + size = ::strlen(p); + if (end > p && end - p < size) + size = end - p; + ret.append(p, size); + } + return ret; + } + + // bool dispatchNameText(char *text, ULONG split,hook_stack*s,void* data, size_t* len1,uintptr_t*role) + // { + // enum { capacity = 0x10 }; // excluding '\0' + // *role = Engine::NameRole ; + + // if (!*text) + // return false; + + // write_string_overwrite(data,len1,text); + // return true; + // } + + void dispatchScenarioText(char *text, ULONG split,hook_stack*s,TextBuffer* buffer,uintptr_t*role) + { + // text[0] could be \0 + * role = Engine::ScenarioRole ; + auto scenarioEndAddress = (LPSTR *)(text + 0x1000); + auto scenarioEnd = *scenarioEndAddress; + if (!Engine::isAddressReadable(scenarioEnd)) + scenarioEnd = nullptr; + //DOUT("warning: scenario end NOT FOUND"); + + + text = ltrimScenarioText(text); + if (!*text) + return ; + std::string oldData = parseScenarioText(text, scenarioEnd); + buffer->from(oldData); + } +bool dispatchNameTextafter(char *text, ULONG split,hook_stack*s,void* data, uintptr_t len1 ) + { + std::string oldData = text; + auto newData=std::string((char*)data,len1); + enum { capacity = 0x10 }; // excluding '\0' + int size = newData.size(); + if (size > capacity) + size = capacity; + else if (size < oldData.size()) + ::memset(text + size, 0, oldData.size() - size); + + ::memcpy(text, newData.c_str(), size); + return true; + } + + void dispatchScenarioTextafter(char *text, ULONG split,hook_stack*s,void* data, uintptr_t len1 ) + { + auto scenarioEndAddress = (LPSTR *)(text + 0x1000); + auto scenarioEnd = *scenarioEndAddress; + if (!Engine::isAddressReadable(scenarioEnd)) + scenarioEnd = nullptr; + //DOUT("warning: scenario end NOT FOUND"); + + text = ltrimScenarioText(text); + if (!*text) + return; + std::string oldData = parseScenarioText(text, scenarioEnd); + auto newData=std::string((char*)data,len1); + if (newData.empty() || newData == oldData) + return; + + if (newData.find('\n')!=newData.npos) + newData = replaceNewLines(newData); + + if (scenarioEnd > text && scenarioEnd - text > newData.size()) + ::memset(text + newData.size(), 0, scenarioEnd - text - newData.size()); + else if (oldData.size() > newData.size()) + ::memset(text + newData.size(), 0, oldData.size() - newData.size()); + + //::strcpy(text, newData.constData()); + ::memcpy(text, newData.c_str(), newData.size() + 1); + + *scenarioEndAddress = text + newData.size(); // FIXME: THis sometimes does not work + } + void hookBefore(hook_stack *s, HookParam *hp, TextBuffer *buffer, uintptr_t *split) + { + auto self = (LPSTR)s->ecx; + ULONG retaddr = s->stack[0]; + // bool b1= dispatchNameText(self + nameOffset_, retaddr,s,data,len1,role); + dispatchScenarioText(self + scenarioOffset_, retaddr,s,buffer,split); + } + void hookafter(hook_stack*s,void* data, uintptr_t len1) + { + auto self = (LPSTR)s->ecx; + ULONG retaddr = s->stack[0]; + // dispatchNameTextafter(self + nameOffset_, retaddr,s,data,len1); + dispatchScenarioTextafter(self + scenarioOffset_, retaddr,s,data,len1); + } +} // namespace Private + +/** + * Debugging method: + * - Hijack GetGlyphOutlineA + * There is only one GetGlyphOutlineA + * - Find all text in memory + * There are two matches. + * One is current text with fixed address + * One is all text with fixed address + * - Find all text address on the stack + * There is one function use it as arg1 and as future text + * ecx is the current text instead + * + * Sample game: プリズム・プリンセス + * name = ecx + 0xadd1 + * scenario = ecx + 0xae48 + * scenario end = ecx + 0xbe48 + * + * 00441E3F 90 NOP + * 00441E40 83EC 1C SUB ESP,0x1C + * 00441E43 53 PUSH EBX + * 00441E44 56 PUSH ESI + * 00441E45 8BF1 MOV ESI,ECX + * 00441E47 8B9E 48BE0000 MOV EBX,DWORD PTR DS:[ESI+0xBE48] + * 00441E4D 2BDE SUB EBX,ESI + * 00441E4F 81EB 48AE0000 SUB EBX,0xAE48 + * 00441E55 75 0B JNZ SHORT .00441E62 + * 00441E57 5E POP ESI + * 00441E58 B8 01000000 MOV EAX,0x1 + * 00441E5D 5B POP EBX + * 00441E5E 83C4 1C ADD ESP,0x1C + * 00441E61 C3 RETN + * 00441E62 8B86 AC040000 MOV EAX,DWORD PTR DS:[ESI+0x4AC] + * 00441E68 55 PUSH EBP + * 00441E69 57 PUSH EDI + * 00441E6A 50 PUSH EAX + * 00441E6B 8BCE MOV ECX,ESI + * 00441E6D E8 9E6CFFFF CALL .00438B10 + * 00441E72 8A96 DE050000 MOV DL,BYTE PTR DS:[ESI+0x5DE] + * 00441E78 8B8E 909E0000 MOV ECX,DWORD PTR DS:[ESI+0x9E90] + * 00441E7E 8BBE 489E0000 MOV EDI,DWORD PTR DS:[ESI+0x9E48] + * 00441E84 84D2 TEST DL,DL + * 00441E86 0F94C0 SETE AL + * 00441E89 84C0 TEST AL,AL + * 00441E8B 884424 13 MOV BYTE PTR SS:[ESP+0x13],AL + * 00441E8F C741 20 00000000 MOV DWORD PTR DS:[ECX+0x20],0x0 + * 00441E96 74 0D JE SHORT .00441EA5 + * 00441E98 8BCE MOV ECX,ESI + * + * 00441E9A E8 4136FFFF CALL .004354E0 + * 00441E9F 8987 A8030000 MOV DWORD PTR DS:[EDI+0x3A8],EAX + * 00441EA5 8D86 48AE0000 LEA EAX,DWORD PTR DS:[ESI+0xAE48] ; jichi: this is the scenari text + * 00441EAB 53 PUSH EBX + * 00441EAC 50 PUSH EAX + * 00441EAD 8BCF MOV ECX,EDI + * 00441EAF E8 EC6B0000 CALL .00448AA0 + * 00441EB4 8D9E E2AD0000 LEA EBX,DWORD PTR DS:[ESI+0xADE2] ; jichi: this is the character name + * 00441EBA 8D86 D1AD0000 LEA EAX,DWORD PTR DS:[ESI+0xADD1] ; jichi: this is the name text + * 00441EC0 53 PUSH EBX + * 00441EC1 50 PUSH EAX + * 00441EC2 8BCF MOV ECX,EDI + * 00441EC4 894424 1C MOV DWORD PTR SS:[ESP+0x1C],EAX + * 00441EC8 E8 836B0000 CALL .00448A50 + * + * 00441ECD 8A4424 13 MOV AL,BYTE PTR SS:[ESP+0x13] + * 00441ED1 84C0 TEST AL,AL + * 00441ED3 74 30 JE SHORT .00441F05 + * 00441ED5 6A 01 PUSH 0x1 + * 00441ED7 8BCF MOV ECX,EDI + * 00441ED9 E8 726D0000 CALL .00448C50 + * 00441EDE 803B 00 CMP BYTE PTR DS:[EBX],0x0 + * 00441EE1 74 22 JE SHORT .00441F05 + * 00441EE3 8B86 00AE0000 MOV EAX,DWORD PTR DS:[ESI+0xAE00] + * 00441EE9 85C0 TEST EAX,EAX + * 00441EEB 75 18 JNZ SHORT .00441F05 + * 00441EED 8B86 AC040000 MOV EAX,DWORD PTR DS:[ESI+0x4AC] + * 00441EF3 8D97 D1030000 LEA EDX,DWORD PTR DS:[EDI+0x3D1] + * 00441EF9 8996 00AE0000 MOV DWORD PTR DS:[ESI+0xAE00],EDX + * 00441EFF 8986 C0040000 MOV DWORD PTR DS:[ESI+0x4C0],EAX + * 00441F05 8A86 30A60000 MOV AL,BYTE PTR DS:[ESI+0xA630] + * 00441F0B 84C0 TEST AL,AL + * 00441F0D 0F84 DB000000 JE .00441FEE + * 00441F13 8B86 C0A00000 MOV EAX,DWORD PTR DS:[ESI+0xA0C0] + * 00441F19 85C0 TEST EAX,EAX + * 00441F1B 0F84 CD000000 JE .00441FEE + * 00441F21 8B96 E0A00000 MOV EDX,DWORD PTR DS:[ESI+0xA0E0] + * 00441F27 8DAE E0A00000 LEA EBP,DWORD PTR DS:[ESI+0xA0E0] + * 00441F2D 6A 00 PUSH 0x0 + * 00441F2F 8BCD MOV ECX,EBP + * 00441F31 FF92 B4000000 CALL DWORD PTR DS:[EDX+0xB4] + * 00441F37 8B86 489E0000 MOV EAX,DWORD PTR DS:[ESI+0x9E48] + * 00441F3D 8D8E 5C470000 LEA ECX,DWORD PTR DS:[ESI+0x475C] + * 00441F43 8D96 14680000 LEA EDX,DWORD PTR DS:[ESI+0x6814] + * 00441F49 898E E4050000 MOV DWORD PTR DS:[ESI+0x5E4],ECX + * 00441F4F 894424 18 MOV DWORD PTR SS:[ESP+0x18],EAX + * 00441F53 89AE 489E0000 MOV DWORD PTR DS:[ESI+0x9E48],EBP + * 00441F59 C686 D8A00000 01 MOV BYTE PTR DS:[ESI+0xA0D8],0x1 + * 00441F60 8996 E8050000 MOV DWORD PTR DS:[ESI+0x5E8],EDX + * 00441F66 8B87 B4030000 MOV EAX,DWORD PTR DS:[EDI+0x3B4] + * 00441F6C 6A 01 PUSH 0x1 + * 00441F6E 8D4C24 20 LEA ECX,DWORD PTR SS:[ESP+0x20] + * 00441F72 6A 01 PUSH 0x1 + * 00441F74 51 PUSH ECX + * 00441F75 50 PUSH EAX + * 00441F76 8BCD MOV ECX,EBP + * 00441F78 E8 935D0000 CALL .00447D10 + * 00441F7D 8B5424 18 MOV EDX,DWORD PTR SS:[ESP+0x18] + * 00441F81 8D8E EC050000 LEA ECX,DWORD PTR DS:[ESI+0x5EC] + * 00441F87 8996 489E0000 MOV DWORD PTR DS:[ESI+0x9E48],EDX + * 00441F8D 8D96 A4260000 LEA EDX,DWORD PTR DS:[ESI+0x26A4] + * 00441F93 85C0 TEST EAX,EAX + * 00441F95 C686 D8A00000 00 MOV BYTE PTR DS:[ESI+0xA0D8],0x0 + * 00441F9C 898E E4050000 MOV DWORD PTR DS:[ESI+0x5E4],ECX + * 00441FA2 8996 E8050000 MOV DWORD PTR DS:[ESI+0x5E8],EDX + * 00441FA8 7E 44 JLE SHORT .00441FEE + * 00441FAA 8A86 31A60000 MOV AL,BYTE PTR DS:[ESI+0xA631] + * 00441FB0 84C0 TEST AL,AL + * 00441FB2 74 0A JE SHORT .00441FBE + * 00441FB4 33C0 XOR EAX,EAX + * 00441FB6 8A86 32A60000 MOV AL,BYTE PTR DS:[ESI+0xA632] + * 00441FBC EB 02 JMP SHORT .00441FC0 + * 00441FBE 33C0 XOR EAX,EAX + * 00441FC0 8B4C24 28 MOV ECX,DWORD PTR SS:[ESP+0x28] + * 00441FC4 8B6C24 20 MOV EBP,DWORD PTR SS:[ESP+0x20] + * 00441FC8 8B97 B8030000 MOV EDX,DWORD PTR DS:[EDI+0x3B8] + * 00441FCE 50 PUSH EAX + * 00441FCF 8B4424 18 MOV EAX,DWORD PTR SS:[ESP+0x18] + * 00441FD3 2BCD SUB ECX,EBP + * 00441FD5 53 PUSH EBX + * 00441FD6 83C1 04 ADD ECX,0x4 + * 00441FD9 50 PUSH EAX + * 00441FDA 8B87 B4030000 MOV EAX,DWORD PTR DS:[EDI+0x3B4] + * 00441FE0 51 PUSH ECX + * 00441FE1 52 PUSH EDX + * 00441FE2 50 PUSH EAX + * 00441FE3 8D8E B8A00000 LEA ECX,DWORD PTR DS:[ESI+0xA0B8] + * 00441FE9 E8 72290000 CALL .00444960 + * 00441FEE 8B4C24 14 MOV ECX,DWORD PTR SS:[ESP+0x14] + * 00441FF2 8D86 48AE0000 LEA EAX,DWORD PTR DS:[ESI+0xAE48] + * 00441FF8 5F POP EDI + * 00441FF9 8986 48BE0000 MOV DWORD PTR DS:[ESI+0xBE48],EAX + * 00441FFF 5D POP EBP + * 00442000 C603 00 MOV BYTE PTR DS:[EBX],0x0 + * 00442003 5E POP ESI + * 00442004 C601 00 MOV BYTE PTR DS:[ECX],0x0 + * 00442007 33C0 XOR EAX,EAX + * 00442009 5B POP EBX + * 0044200A 83C4 1C ADD ESP,0x1C + * 0044200D C3 RETN + * 0044200E 90 NOP + * 0044200F 90 NOP + * + * Sample game: 猫撫ディストーション + * name = ecx + 0xc60f + * scenario = ecx + 0xc684 + * scenario end = ecx + 0xd684 + * + * 0043E11E 90 NOP + * 0043E11F 90 NOP + * 0043E120 83EC 18 SUB ESP,0x18 + * 0043E123 53 PUSH EBX + * 0043E124 55 PUSH EBP + * 0043E125 56 PUSH ESI + * 0043E126 8BF1 MOV ESI,ECX + * 0043E128 57 PUSH EDI + * 0043E129 8BAE 84D60000 MOV EBP,DWORD PTR DS:[ESI+0xD684] ; jichi: overall offset is around 0xD684 + * 0043E12F 2BEE SUB EBP,ESI + * 0043E131 81ED 84C60000 SUB EBP,0xC684 + * 0043E137 896C24 10 MOV DWORD PTR SS:[ESP+0x10],EBP + * 0043E13B 75 0D JNZ SHORT .0043E14A + * 0043E13D 5F POP EDI + * 0043E13E 5E POP ESI + * 0043E13F 5D POP EBP + * 0043E140 B8 01000000 MOV EAX,0x1 + * 0043E145 5B POP EBX + * 0043E146 83C4 18 ADD ESP,0x18 + * 0043E149 C3 RETN + * 0043E14A 8B86 A8040000 MOV EAX,DWORD PTR DS:[ESI+0x4A8] + * 0043E150 8BCE MOV ECX,ESI + * 0043E152 50 PUSH EAX + * 0043E153 E8 3875FFFF CALL .00435690 + * 0043E158 8B9E F4B20000 MOV EBX,DWORD PTR DS:[ESI+0xB2F4] + * 0043E15E 8BBE D8B10000 MOV EDI,DWORD PTR DS:[ESI+0xB1D8] + * 0043E164 8B43 14 MOV EAX,DWORD PTR DS:[EBX+0x14] + * 0043E167 85C0 TEST EAX,EAX + * 0043E169 7D 7C JGE SHORT .0043E1E7 + * 0043E16B 8B8E 70040000 MOV ECX,DWORD PTR DS:[ESI+0x470] + * 0043E171 6A 00 PUSH 0x0 + * 0043E173 8D96 20C60000 LEA EDX,DWORD PTR DS:[ESI+0xC620] ; jichi: 0xc620 is the nearest position + * 0043E179 6A 00 PUSH 0x0 + * 0043E17B 52 PUSH EDX + * 0043E17C 6A FE PUSH -0x2 + * 0043E17E E8 ED93FEFF CALL .00427570 + * 0043E183 8BE8 MOV EBP,EAX + * 0043E185 85ED TEST EBP,EBP + * 0043E187 7C 0D JL SHORT .0043E196 + * 0043E189 45 INC EBP + * 0043E18A 83FD 08 CMP EBP,0x8 + * 0043E18D 7C 09 JL SHORT .0043E198 + * 0043E18F BD 07000000 MOV EBP,0x7 + * 0043E194 EB 02 JMP SHORT .0043E198 + * 0043E196 33ED XOR EBP,EBP + * 0043E198 396B 1C CMP DWORD PTR DS:[EBX+0x1C],EBP + * 0043E19B 74 46 JE SHORT .0043E1E3 + * 0043E19D 8B8F 4C020000 MOV ECX,DWORD PTR DS:[EDI+0x24C] + * 0043E1A3 85C9 TEST ECX,ECX + * 0043E1A5 75 0D JNZ SHORT .0043E1B4 + * 0043E1A7 5F POP EDI + * 0043E1A8 5E POP ESI + * 0043E1A9 5D POP EBP + * 0043E1AA B8 02000000 MOV EAX,0x2 + * 0043E1AF 5B POP EBX + * 0043E1B0 83C4 18 ADD ESP,0x18 + * 0043E1B3 C3 RETN + * 0043E1B4 8BC5 MOV EAX,EBP + * 0043E1B6 6A 00 PUSH 0x0 + * 0043E1B8 C1E0 04 SHL EAX,0x4 + * 0043E1BB 03C5 ADD EAX,EBP + * 0043E1BD 6A 00 PUSH 0x0 + * 0043E1BF 6A 00 PUSH 0x0 + * 0043E1C1 6A 00 PUSH 0x0 + * 0043E1C3 8D94C6 48BA0000 LEA EDX,DWORD PTR DS:[ESI+EAX*8+0xBA48] + * 0043E1CA 52 PUSH EDX + * 0043E1CB E8 E0DD0200 CALL .0046BFB0 + * 0043E1D0 896B 1C MOV DWORD PTR DS:[EBX+0x1C],EBP + * 0043E1D3 8B07 MOV EAX,DWORD PTR DS:[EDI] + * 0043E1D5 6A 01 PUSH 0x1 + * 0043E1D7 6A 01 PUSH 0x1 + * 0043E1D9 6A 01 PUSH 0x1 + * 0043E1DB 8BCF MOV ECX,EDI + * 0043E1DD FF90 4C010000 CALL DWORD PTR DS:[EAX+0x14C] + * 0043E1E3 8B6C24 10 MOV EBP,DWORD PTR SS:[ESP+0x10] + * 0043E1E7 8BCE MOV ECX,ESI + * 0043E1E9 C743 20 00000000 MOV DWORD PTR DS:[EBX+0x20],0x0 + * + * 0043E1F0 E8 3B46FFFF CALL .00432830 + * 0043E1F5 8987 A0030000 MOV DWORD PTR DS:[EDI+0x3A0],EAX + * 0043E1FB 8D86 84C60000 LEA EAX,DWORD PTR DS:[ESI+0xC684] ; jichi: this is scenario + * 0043E201 55 PUSH EBP + * 0043E202 50 PUSH EAX + * 0043E203 8BCF MOV ECX,EDI + * 0043E205 E8 765F0000 CALL .00444180 + * 0043E20A 8D9E 20C60000 LEA EBX,DWORD PTR DS:[ESI+0xC620] ; jichi: this is the chara name, such as KOT0 + * 0043E210 8D86 0FC60000 LEA EAX,DWORD PTR DS:[ESI+0xC60F] ; jichi: this is the name address + * 0043E216 53 PUSH EBX + * 0043E217 50 PUSH EAX + * 0043E218 8BCF MOV ECX,EDI + * 0043E21A 894424 18 MOV DWORD PTR SS:[ESP+0x18],EAX + * 0043E21E E8 0D5F0000 CALL .00444130 + * + * 0043E223 6A 01 PUSH 0x1 + * 0043E225 8BCF MOV ECX,EDI + * 0043E227 E8 04600000 CALL .00444230 + * 0043E22C 8A86 40BA0000 MOV AL,BYTE PTR DS:[ESI+0xBA40] + * 0043E232 84C0 TEST AL,AL + * 0043E234 0F84 DB000000 JE .0043E315 + * 0043E23A 8B86 18B50000 MOV EAX,DWORD PTR DS:[ESI+0xB518] + * 0043E240 85C0 TEST EAX,EAX + * 0043E242 0F84 CD000000 JE .0043E315 + * 0043E248 8B96 38B50000 MOV EDX,DWORD PTR DS:[ESI+0xB538] + * 0043E24E 8DAE 38B50000 LEA EBP,DWORD PTR DS:[ESI+0xB538] + * 0043E254 6A 00 PUSH 0x0 + * 0043E256 8BCD MOV ECX,EBP + * 0043E258 FF92 B4000000 CALL DWORD PTR DS:[EDX+0xB4] + * 0043E25E 8B86 D8B10000 MOV EAX,DWORD PTR DS:[ESI+0xB1D8] + * 0043E264 8D8E 70460000 LEA ECX,DWORD PTR DS:[ESI+0x4670] + * 0043E26A 8D96 28670000 LEA EDX,DWORD PTR DS:[ESI+0x6728] + * 0043E270 898E F8040000 MOV DWORD PTR DS:[ESI+0x4F8],ECX + * 0043E276 894424 14 MOV DWORD PTR SS:[ESP+0x14],EAX + * 0043E27A 89AE D8B10000 MOV DWORD PTR DS:[ESI+0xB1D8],EBP + * 0043E280 C686 30B50000 01 MOV BYTE PTR DS:[ESI+0xB530],0x1 + * 0043E287 8996 FC040000 MOV DWORD PTR DS:[ESI+0x4FC],EDX + * 0043E28D 8B87 AC030000 MOV EAX,DWORD PTR DS:[EDI+0x3AC] + * 0043E293 6A 01 PUSH 0x1 + * 0043E295 8D4C24 1C LEA ECX,DWORD PTR SS:[ESP+0x1C] + * 0043E299 6A 01 PUSH 0x1 + * 0043E29B 51 PUSH ECX + * 0043E29C 50 PUSH EAX + * 0043E29D 8BCD MOV ECX,EBP + * 0043E29F E8 DC570000 CALL .00443A80 + * 0043E2A4 8B5424 14 MOV EDX,DWORD PTR SS:[ESP+0x14] + * 0043E2A8 8D8E 00050000 LEA ECX,DWORD PTR DS:[ESI+0x500] + * 0043E2AE 8996 D8B10000 MOV DWORD PTR DS:[ESI+0xB1D8],EDX + * 0043E2B4 8D96 B8250000 LEA EDX,DWORD PTR DS:[ESI+0x25B8] + * 0043E2BA 85C0 TEST EAX,EAX + * 0043E2BC C686 30B50000 00 MOV BYTE PTR DS:[ESI+0xB530],0x0 + * 0043E2C3 898E F8040000 MOV DWORD PTR DS:[ESI+0x4F8],ECX + * 0043E2C9 8996 FC040000 MOV DWORD PTR DS:[ESI+0x4FC],EDX + * 0043E2CF 7E 44 JLE SHORT .0043E315 + * 0043E2D1 8A86 41BA0000 MOV AL,BYTE PTR DS:[ESI+0xBA41] + * 0043E2D7 84C0 TEST AL,AL + * 0043E2D9 74 0A JE SHORT .0043E2E5 + * 0043E2DB 33C0 XOR EAX,EAX + * 0043E2DD 8A86 42BA0000 MOV AL,BYTE PTR DS:[ESI+0xBA42] + * 0043E2E3 EB 02 JMP SHORT .0043E2E7 + * 0043E2E5 33C0 XOR EAX,EAX + * 0043E2E7 8B4C24 24 MOV ECX,DWORD PTR SS:[ESP+0x24] + * 0043E2EB 8B6C24 1C MOV EBP,DWORD PTR SS:[ESP+0x1C] + * 0043E2EF 8B97 B0030000 MOV EDX,DWORD PTR DS:[EDI+0x3B0] + * 0043E2F5 50 PUSH EAX + * 0043E2F6 8B4424 14 MOV EAX,DWORD PTR SS:[ESP+0x14] + * 0043E2FA 2BCD SUB ECX,EBP + * 0043E2FC 53 PUSH EBX + * 0043E2FD 83C1 04 ADD ECX,0x4 + * 0043E300 50 PUSH EAX + * 0043E301 8B87 AC030000 MOV EAX,DWORD PTR DS:[EDI+0x3AC] + * 0043E307 51 PUSH ECX + * 0043E308 52 PUSH EDX + * 0043E309 50 PUSH EAX + * 0043E30A 8D8E 10B50000 LEA ECX,DWORD PTR DS:[ESI+0xB510] + * 0043E310 E8 7B270000 CALL .00440A90 + * 0043E315 803B 00 CMP BYTE PTR DS:[EBX],0x0 + * 0043E318 74 0C JE SHORT .0043E326 + * 0043E31A 81C7 C9030000 ADD EDI,0x3C9 + * 0043E320 89BE 3CC60000 MOV DWORD PTR DS:[ESI+0xC63C],EDI + * 0043E326 8B4C24 10 MOV ECX,DWORD PTR SS:[ESP+0x10] + * 0043E32A 8D86 84C60000 LEA EAX,DWORD PTR DS:[ESI+0xC684] + * 0043E330 8986 84D60000 MOV DWORD PTR DS:[ESI+0xD684],EAX + * 0043E336 5F POP EDI + * 0043E337 5E POP ESI + * 0043E338 C603 00 MOV BYTE PTR DS:[EBX],0x0 + * 0043E33B 5D POP EBP + * 0043E33C C601 00 MOV BYTE PTR DS:[ECX],0x0 + * 0043E33F 33C0 XOR EAX,EAX + * 0043E341 5B POP EBX + * 0043E342 83C4 18 ADD ESP,0x18 + * 0043E345 C3 RETN + * 0043E346 90 NOP + * 0043E347 90 NOP + * 0043E348 90 NOP + * 0043E349 90 NOP + * 0043E34A 90 NOP + * 0043E34B 90 NOP + */ +bool attach(ULONG startAddress, ULONG stopAddress) // attach scenario +{ + const uint8_t bytes[] = { + 0xe8, XX4, // 0043e1f0 e8 3b46ffff call .00432830 + 0x89,0x87, XX4, // 0043e1f5 8987 a0030000 mov dword ptr ds:[edi+0x3a0],eax + 0x8d,0x86, XX4, // 0043e1fb 8d86 84c60000 lea eax,dword ptr ds:[esi+0xc684] ; jichi: this is scenario + // 0043e201 55 push ebp + // 0043e202 50 push eax + XX4, // 0043e203 8bcf mov ecx,edi + 0xe8, XX4, // 0043e205 e8 765f0000 call .00444180 + 0x8d,0x9e, XX4, // 0043e20a 8d9e 20c60000 lea ebx,dword ptr ds:[esi+0xc620] ; jichi: this is the chara name, such as kot0 + 0x8d,0x86, XX4, // 0043e210 8d86 0fc60000 lea eax,dword ptr ds:[esi+0xc60f] ; jichi: this is the name address + 0x53, // 0043e216 53 push ebx + 0x50, // 0043e217 50 push eax + 0x8b,0xcf, // 0043e218 8bcf mov ecx,edi + 0x89,0x44,0x24, XX, // 0043e21a 894424 18 mov dword ptr ss:[esp+0x18],eax + 0xe8 //, XX4 // 0043e21e e8 0d5f0000 call .00444130 + }; + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), startAddress, stopAddress); + if (!addr) + return false; + + Private::scenarioOffset_ = *(DWORD *)(addr + 2 + 0x0043e1fb - 0x0043e1f0); + Private::nameOffset_ = *(DWORD *)(addr + 2 + 0x0043e210 - 0x0043e1f0); + if ((Private::scenarioOffset_ >> 16) || // offset high bits are zero + (Private::nameOffset_ >> 16)) + return false; + + addr = MemDbg::findEnclosingAlignedFunction(addr); + if (!addr) + return false; + HookParam hp; + hp.address=addr; + hp.type=EMBED_ABLE|EMBED_DYNA_SJIS|NO_CONTEXT; + hp.text_fun=Private::hookBefore; + hp.hook_after=Private::hookafter; + hp.hook_font=F_GetGlyphOutlineA|F_GetTextExtentPoint32A; + return NewHook(hp,"EmbedLucifen"); +} +} // namespace ScenarioHook + +namespace ChoiceHook { +namespace Private { + + void hookBefore(hook_stack *s, HookParam *hp, TextBuffer *buffer, uintptr_t *split) + { + static std::string data_; + auto text = (LPCSTR)s->stack[0]; // arg1 is text + if (!text || !*text) + return ; + *split=Engine::ChoiceRole; + buffer->from_cs(text); + } + void hookafter(hook_stack*s,void* data, size_t len1){ + + auto newData =std::string((char*)data,len1); + strcpy((char*)s->stack[0], newData.c_str()); + } + +} // namespace Private + +/** + * Debugging method: + * - Hijack GetGlyphOutlineA + * - Backtrack stack to find text that used as argument + * + * Sample game: プリズム・プリンセス + * + * Text in arg1. + * + * The function is only called by one caller. + * I suspect it is a virtual function, and hence caller is hooked. + * + * 0044235E 90 NOP + * 0044235F 90 NOP + * 00442360 83EC 08 SUB ESP,0x8 + * 00442363 53 PUSH EBX + * 00442364 56 PUSH ESI + * 00442365 8BF1 MOV ESI,ECX + * 00442367 BB 01000000 MOV EBX,0x1 + * 0044236C 8A86 E2050000 MOV AL,BYTE PTR DS:[ESI+0x5E2] + * 00442372 84C0 TEST AL,AL + * 00442374 75 14 JNZ SHORT .0044238A + * 00442376 889E BD040000 MOV BYTE PTR DS:[ESI+0x4BD],BL + * 0044237C E8 BFFAFFFF CALL .00441E40 + * 00442381 85C0 TEST EAX,EAX + * 00442383 0F94C0 SETE AL + * 00442386 84C0 TEST AL,AL + * 00442388 74 16 JE SHORT .004423A0 + * 0044238A 53 PUSH EBX + * 0044238B 6A 00 PUSH 0x0 + * 0044238D 8BCE MOV ECX,ESI + * 0044238F E8 2C80FFFF CALL .0043A3C0 + * 00442394 85C0 TEST EAX,EAX + * 00442396 74 16 JE SHORT .004423AE + * 00442398 5E POP ESI + * 00442399 5B POP EBX + * 0044239A 83C4 08 ADD ESP,0x8 + * 0044239D C2 0400 RETN 0x4 + * 004423A0 8B86 88040000 MOV EAX,DWORD PTR DS:[ESI+0x488] + * 004423A6 8BCE MOV ECX,ESI + * 004423A8 50 PUSH EAX + * 004423A9 E8 32120700 CALL .004B35E0 + * 004423AE 8B96 949E0000 MOV EDX,DWORD PTR DS:[ESI+0x9E94] + * 004423B4 55 PUSH EBP + * 004423B5 8DAE 949E0000 LEA EBP,DWORD PTR DS:[ESI+0x9E94] + * 004423BB 57 PUSH EDI + * 004423BC 8BCD MOV ECX,EBP + * 004423BE C686 BD040000 00 MOV BYTE PTR DS:[ESI+0x4BD],0x0 + * 004423C5 FF92 80000000 CALL DWORD PTR DS:[EDX+0x80] + * 004423CB 8B86 44040000 MOV EAX,DWORD PTR DS:[ESI+0x444] + * 004423D1 85C0 TEST EAX,EAX + * 004423D3 74 05 JE SHORT .004423DA + * 004423D5 83C0 18 ADD EAX,0x18 + * 004423D8 EB 02 JMP SHORT .004423DC + * 004423DA 33C0 XOR EAX,EAX + * 004423DC 8B8E A0A00000 MOV ECX,DWORD PTR DS:[ESI+0xA0A0] + * 004423E2 8B7C24 1C MOV EDI,DWORD PTR SS:[ESP+0x1C] + * 004423E6 8B55 00 MOV EDX,DWORD PTR SS:[EBP] + * 004423E9 51 PUSH ECX + * 004423EA 8B4F 4C MOV ECX,DWORD PTR DS:[EDI+0x4C] + * 004423ED 51 PUSH ECX + * 004423EE 50 PUSH EAX + * 004423EF 8BCD MOV ECX,EBP + * 004423F1 FF92 AC000000 CALL DWORD PTR DS:[EDX+0xAC] + * 004423F7 B8 02000000 MOV EAX,0x2 + * 004423FC 8D4F 08 LEA ECX,DWORD PTR DS:[EDI+0x8] + * 004423FF 8339 00 CMP DWORD PTR DS:[ECX],0x0 + * 00442402 74 0B JE SHORT .0044240F + * 00442404 83C0 02 ADD EAX,0x2 + * 00442407 83C1 08 ADD ECX,0x8 + * 0044240A 83F8 12 CMP EAX,0x12 + * 0044240D ^7C F0 JL SHORT .004423FF + * 0044240F D1F8 SAR EAX,1 + * 00442411 48 DEC EAX + * 00442412 8BF8 MOV EDI,EAX + * 00442414 8A86 30A60000 MOV AL,BYTE PTR DS:[ESI+0xA630] + * 0044241A 84C0 TEST AL,AL + * 0044241C 897C24 14 MOV DWORD PTR SS:[ESP+0x14],EDI + * 00442420 89BE 9CA00000 MOV DWORD PTR DS:[ESI+0xA09C],EDI + * 00442426 0F84 B9000000 JE .004424E5 + * 0044242C 8B86 C0A00000 MOV EAX,DWORD PTR DS:[ESI+0xA0C0] + * 00442432 85C0 TEST EAX,EAX + * 00442434 0F84 AB000000 JE .004424E5 + * 0044243A 57 PUSH EDI + * 0044243B 8D8E B8A00000 LEA ECX,DWORD PTR DS:[ESI+0xA0B8] + * 00442441 885C24 17 MOV BYTE PTR SS:[ESP+0x17],BL + * 00442445 E8 46270000 CALL .00444B90 + * 0044244A 33DB XOR EBX,EBX + * 0044244C 85FF TEST EDI,EDI + * 0044244E 7E 64 JLE SHORT .004424B4 + * 00442450 8B5424 1C MOV EDX,DWORD PTR SS:[ESP+0x1C] + * 00442454 8D7A 0C LEA EDI,DWORD PTR DS:[EDX+0xC] + * 00442457 8A941E B8040000 MOV DL,BYTE PTR DS:[ESI+EBX+0x4B8] + * 0044245E 8B45 00 MOV EAX,DWORD PTR SS:[EBP] + * 00442461 6A 00 PUSH 0x0 + * 00442463 6A 00 PUSH 0x0 + * 00442465 84D2 TEST DL,DL + * 00442467 8B17 MOV EDX,DWORD PTR DS:[EDI] + * 00442469 6A 00 PUSH 0x0 + * 0044246B 0F954424 28 SETNE BYTE PTR SS:[ESP+0x28] + * 00442470 8B4C24 28 MOV ECX,DWORD PTR SS:[ESP+0x28] + * 00442474 6A 00 PUSH 0x0 + * 00442476 6A FF PUSH -0x1 + * 00442478 6A 00 PUSH 0x0 + * 0044247A 6A FF PUSH -0x1 + * 0044247C 51 PUSH ECX + * 0044247D 6A 00 PUSH 0x0 + * 0044247F 52 PUSH EDX + * 00442480 8BCD MOV ECX,EBP + * 00442482 FF90 84000000 CALL DWORD PTR DS:[EAX+0x84] ; .004BBD00 ; jichi: text called here, text on the top + * 00442488 8A4424 13 MOV AL,BYTE PTR SS:[ESP+0x13] + * 0044248C 84C0 TEST AL,AL + * 0044248E 74 18 JE SHORT .004424A8 + * 00442490 8A5424 1C MOV DL,BYTE PTR SS:[ESP+0x1C] + * 00442494 8B0F MOV ECX,DWORD PTR DS:[EDI] + * 00442496 84D2 TEST DL,DL + * 00442498 0F94C0 SETE AL + * 0044249B 50 PUSH EAX + * 0044249C 51 PUSH ECX + * 0044249D 8D8E B8A00000 LEA ECX,DWORD PTR DS:[ESI+0xA0B8] + * 004424A3 E8 48280000 CALL .00444CF0 + * 004424A8 8B4424 14 MOV EAX,DWORD PTR SS:[ESP+0x14] + * 004424AC 83C7 08 ADD EDI,0x8 + * 004424AF 43 INC EBX + * 004424B0 3BD8 CMP EBX,EAX + * 004424B2 ^7C A3 JL SHORT .00442457 + * 004424B4 8A4424 13 MOV AL,BYTE PTR SS:[ESP+0x13] + * 004424B8 5F POP EDI + * 004424B9 84C0 TEST AL,AL + * 004424BB 5D POP EBP + * 004424BC 74 12 JE SHORT .004424D0 + * 004424BE 8D96 34A60000 LEA EDX,DWORD PTR DS:[ESI+0xA634] + * 004424C4 8D8E B8A00000 LEA ECX,DWORD PTR DS:[ESI+0xA0B8] + * 004424CA 52 PUSH EDX + * 004424CB E8 B0280000 CALL .00444D80 + * 004424D0 33C0 XOR EAX,EAX + * 004424D2 81C6 B8040000 ADD ESI,0x4B8 + * 004424D8 8906 MOV DWORD PTR DS:[ESI],EAX + * 004424DA 8846 04 MOV BYTE PTR DS:[ESI+0x4],AL + * 004424DD 5E POP ESI + * 004424DE 5B POP EBX + * 004424DF 83C4 08 ADD ESP,0x8 + * 004424E2 C2 0400 RETN 0x4 + * 004424E5 C64424 13 00 MOV BYTE PTR SS:[ESP+0x13],0x0 + * 004424EA ^E9 5BFFFFFF JMP .0044244A + * 004424EF 90 NOP + * 004424F0 8B4424 04 MOV EAX,DWORD PTR SS:[ESP+0x4] + * 004424F4 8B40 04 MOV EAX,DWORD PTR DS:[EAX+0x4] + * 004424F7 85C0 TEST EAX,EAX + * 004424F9 7C 0D JL SHORT .00442508 + * 004424FB 83F8 05 CMP EAX,0x5 + * 004424FE 7D 08 JGE SHORT .00442508 + * 00442500 C68408 B8040000 >MOV BYTE PTR DS:[EAX+ECX+0x4B8],0x1 + * 00442508 33C0 XOR EAX,EAX + * 0044250A C2 0400 RETN 0x4 + * 0044250D 90 NOP + * 0044250E 90 NOP + */ +bool attach(ULONG startAddress, ULONG stopAddress) // attach scenario +{ + const uint8_t bytes[] = { + 0xff,0x90, 0x84,0x00,0x00,0x00, // 00442482 ff90 84000000 call dword ptr ds:[eax+0x84] ; .004bbd00 ; jichi: text called here, text on the top + 0x8a,0x44,0x24, 0x13 // 00442488 8a4424 13 mov al,byte ptr ss:[esp+0x13] + }; + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), startAddress, stopAddress); + if(addr==0)return false; + HookParam hp; + hp.address=addr; + hp.type=EMBED_ABLE|EMBED_DYNA_SJIS|NO_CONTEXT; + hp.text_fun=Private::hookBefore; + hp.hook_after=Private::hookafter; + hp.hook_font=F_GetGlyphOutlineA|F_GetTextExtentPoint32A; + return NewHook(hp,"lucifen_choice"); +} +} // namespace ChoiceHook + + size_t countZero(const char *s, size_t limit=1500) +{ + size_t count = 0; + for (auto p = s; !*p && count < limit; p++, count++); + return count == limit ? 0 : count; +}void hookBefore(hook_stack *s, HookParam *hp, TextBuffer *buffer, uintptr_t *split) + { + auto text = (LPSTR)s->stack[1]; // arg1 is text + if (!text || ::strlen(text) <= 2 ) + return ; + *split=Engine::OtherRole; + buffer->from_cs(text); + } + void hookafter(hook_stack*s,void* data, size_t len1){ + auto text = (LPSTR)s->stack[1]; // arg1 is text + + enum { role = Engine::OtherRole };std::string oldData = text ; + auto split = s->stack[0]; + auto newData =std::string((char*)data,len1); + size_t capacity = countZero(text + oldData.size()); + if (!capacity) + return ; + capacity += oldData.size() - 1; + if (newData.size() > capacity) + newData = newData.substr(0,capacity); + if (newData.size() < oldData.size()) + ::memset(text + newData.size(), 0, oldData.size() - newData.size()); + ::strcpy(text, newData.c_str()); + return ; + } +bool attach11(ULONG startAddress, ULONG stopAddress) // attach scenario +{ + //这个的对话都是一个个字的,但是名字是连续的。 + const uint8_t bytes[] = { + 0x83,0xec, 0x14, // 00461ca0 83ec 14 sub esp,0x14 + 0x33,0xd2, // 00461ca3 33d2 xor edx,edx + 0x55, // 00461ca5 55 push ebp + 0x56, // 00461ca6 56 push esi + 0x8b,0x74,0x24, 0x20, // 00461ca7 8b7424 20 mov esi,dword ptr ss:[esp+0x20] + 0x8b,0xe9, // 00461cab 8be9 mov ebp,ecx + 0x3b,0xf2, // 00461cad 3bf2 cmp esi,edx + 0x0f,0x84, 0x55,0x02,0x00,0x00, // 00461caf 0f84 55020000 je .00461f0a + 0x39,0x55, 0x08, // 00461cb5 3955 08 cmp dword ptr ss:[ebp+0x8],edx + 0x0f,0x84, 0x4c,0x02,0x00,0x00, // 00461cb8 0f84 4c020000 je .00461f0a + 0x8b,0x85, 0x74,0x20,0x00,0x00 // 00461cbe 8b85 74200000 mov eax,dword ptr ss:[ebp+0x2074] + }; + ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), startAddress, stopAddress); + if(addr==0)return false; + HookParam hp; + hp.address=addr; + hp.offset=get_stack(1); + hp.type=EMBED_ABLE|EMBED_DYNA_SJIS|NO_CONTEXT; + hp.hook_after=hookafter; + hp.text_fun=hookBefore; + hp.hook_font=F_GetGlyphOutlineA|F_GetTextExtentPoint32A; + return NewHook(hp,"Embedlucifen2"); + +} +} +bool Lucifen::attach_function() { + bool b1=ScenarioHook::attach(processStartAddress,processStopAddress)|| attach_navel(processStartAddress,processStopAddress); + if(b1){ + ChoiceHook::attach(processStartAddress,processStopAddress); + attach11(processStartAddress,processStopAddress); + } + + bool succ=InsertLucifenHook(); + succ|=hook(); + return succ; +} \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine32/lucifen.h b/cpp/LunaHook/LunaHook/engine32/lucifen.h new file mode 100644 index 00000000..fc033f20 --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/lucifen.h @@ -0,0 +1,11 @@ + + +class Lucifen:public ENGINE{ + public: + Lucifen(){ + + check_by=CHECK_BY::FILE; + check_by_target=L"*.lpk"; + }; + bool attach_function(); +}; \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine32/mirage.cpp b/cpp/LunaHook/LunaHook/engine32/mirage.cpp new file mode 100644 index 00000000..bd547737 --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/mirage.cpp @@ -0,0 +1,12 @@ +#include"mirage.h" + +bool mirage::attach_function() { + //[031219][mirage] そこに海があって + ULONG addr = MemDbg::findCallerAddress((DWORD)TextOutA,0x90909090,processStartAddress,processStopAddress); + if (!addr) return false; + HookParam hp; + hp.address = addr+4; + hp.offset=get_stack(1); + hp.type = DATA_INDIRECT|USING_CHAR; + return NewHook(hp, "mirage"); +} \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine32/mirage.h b/cpp/LunaHook/LunaHook/engine32/mirage.h new file mode 100644 index 00000000..fe9d3544 --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/mirage.h @@ -0,0 +1,17 @@ + + +class mirage : public ENGINE +{ +public: + mirage() + { + + check_by = CHECK_BY::FILE_ALL; + check_by_target = check_by_list{L"anim/anm.pk", L"misc/*.pk",// bg.pk,script.pk,chr.pk,thumb.pk,se.pk,grp.pk,system.px,eff.pk + L"movie/*.mj", + L"sound/*.pk",//env.pk,music.pk + L"voice/voice.pk" + }; + }; + bool attach_function(); +}; \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine32/mono.cpp b/cpp/LunaHook/LunaHook/engine32/mono.cpp new file mode 100644 index 00000000..1703a9e8 --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/mono.cpp @@ -0,0 +1,54 @@ +#include"mono.h" +#include"mono/monocommon.hpp" + +bool monobdwgc() { + + HMODULE module = GetModuleHandleW(L"mono-2.0-bdwgc.dll"); + if (module == 0)return false; + auto [minAddress, maxAddress] = Util::QueryModuleLimits(module); + BYTE bytes[] = { + 0x3D,0x00,0x00,0x01,0x00, + 0x73,XX, + 0xb8,0x03,0x00,0x00,0x00, + 0xEB,XX + }; + auto addrs =Util::SearchMemory(bytes, sizeof(bytes),PAGE_EXECUTE, minAddress, maxAddress); + auto succ=false; + for (auto addr : addrs) { + ConsoleOutput("monobdwgcdll %p", addr); + HookParam hp; + hp.address = (DWORD)addr; + hp.offset=get_reg(regs::eax); + hp.type = CODEC_UTF16|NO_CONTEXT; + succ|=NewHook(hp, "monobdwgcdll"); + } + return succ; +} +bool monodll() { + + HMODULE module = GetModuleHandleW(L"mono.dll"); + if (module == 0)return false; + auto [minAddress, maxAddress] = Util::QueryModuleLimits(module); + BYTE bytes[] = { + 0x81,0xFB,XX4, + 0x73 + }; + auto addrs = Util::SearchMemory(bytes, sizeof(bytes), PAGE_EXECUTE, minAddress, maxAddress); + auto succ=false; + for (auto addr : addrs) { + ConsoleOutput("monodll %p", addr); + HookParam hp; + hp.address = (DWORD)addr; + hp.offset=get_reg(regs::ebx); + hp.type = CODEC_UTF16|NO_CONTEXT; + succ|=NewHook(hp, "monodll"); + } + return succ; +} + + +bool mono::attach_function() { + + bool common=monocommon::hook_mono_il2cpp(); + return common; +} \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine32/mono.h b/cpp/LunaHook/LunaHook/engine32/mono.h new file mode 100644 index 00000000..b3efd09b --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/mono.h @@ -0,0 +1,10 @@ + + +class mono:public ENGINE{ + public: + mono(){ + + check_by=CHECK_BY::ALL_TRUE; + }; + bool attach_function(); +}; diff --git a/cpp/LunaHook/LunaHook/engine32/morning.cpp b/cpp/LunaHook/LunaHook/engine32/morning.cpp new file mode 100644 index 00000000..8e918bd8 --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/morning.cpp @@ -0,0 +1,61 @@ +#include"morning.h" + +regs mov_xl_exx(int reg) { + auto off = regs::invalid; + reg = reg & 7; + switch (reg) { + case 3: + off = regs::ebx; break; + case 0: + off = regs::eax; break; + case 1: + off = regs::ecx; break; + case 2: + off = regs::edx; break; + case 6: + off = regs::esi; break; + case 7: + off = regs::edi; break; + } + return off; +} + +bool shiftjis81() { + //morning + /*if (((unsigned __int8)*a7 < 0x81u || (unsigned __int8)*a7 > 0x9Fu) + && ((unsigned __int8)*a7 < 0xE0u || (unsigned __int8)*a7 > 0xFCu))*/ + const BYTE bytes81[] = { + 0x8A,XX, + 0x81,XX,0x81,0x00,0x00,0x00 + }; + const BYTE bytes81eax[] = { + 0x8A,XX, + XX,0x81,0x00,0x00,0x00 + }; + + int idx = 0; + auto succ=false; + for (auto bs : { bytes81,bytes81eax}) { + for (auto addr : Util::SearchMemory(bs, idx ? 7 : 8, PAGE_EXECUTE, processStartAddress, processStopAddress)) { + + int jumpxxop = *(((BYTE*)addr) + (idx ? 7 : 8)); + if (jumpxxop < 0x7c || jumpxxop>0x7f)continue; + auto off = mov_xl_exx(*(((BYTE*)addr) + 1)); + if (off == regs::invalid)continue; + HookParam hp; + hp.address = addr; + hp.offset =get_reg(off); + hp.type = USING_STRING | NO_CONTEXT; + succ|=NewHook(hp, "shiftjis819fefc"); + } + idx += 1; + } + + + return succ; +} + + +bool morning::attach_function() { + return shiftjis81(); +} \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine32/morning.h b/cpp/LunaHook/LunaHook/engine32/morning.h new file mode 100644 index 00000000..ec44569b --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/morning.h @@ -0,0 +1,12 @@ + + +class morning:public ENGINE{ + public: + morning(){ + + check_by=CHECK_BY::FILE; + check_by_target=L"*.ttd"; + is_engine_certain=false; + }; + bool attach_function(); +}; \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine32/pchooks.cpp b/cpp/LunaHook/LunaHook/engine32/pchooks.cpp new file mode 100644 index 00000000..2b256032 --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/pchooks.cpp @@ -0,0 +1,11 @@ +#include"pchooks.h" + +bool pchooks::attach_function() { + for (std::wstring DXVersion : { L"d3dx9", L"d3dx10" }) + if (HMODULE module = GetModuleHandleW(DXVersion.c_str())) PcHooks::hookD3DXFunctions(module); + else for (int i = 0; i < 50; ++i) + if (HMODULE module = GetModuleHandleW((DXVersion + L"_" + std::to_wstring(i)).c_str())) PcHooks::hookD3DXFunctions(module); + PcHooks::hookGDIFunctions(); + PcHooks::hookGDIPlusFunctions(); + return true; +} \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine32/pchooks.h b/cpp/LunaHook/LunaHook/engine32/pchooks.h new file mode 100644 index 00000000..8bc4239f --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/pchooks.h @@ -0,0 +1,11 @@ + + +class pchooks:public ENGINE{ + public: + pchooks(){ + + check_by=CHECK_BY::ALL_TRUE; + dontstop=true; + }; + bool attach_function(); +}; diff --git a/cpp/LunaHook/LunaHook/engine32/ransel.cpp b/cpp/LunaHook/LunaHook/engine32/ransel.cpp new file mode 100644 index 00000000..0178efd9 --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/ransel.cpp @@ -0,0 +1,54 @@ +#include"ransel.h" +// [020726][苺みるく] たんぽぽ ~Everything Nice~ (bin+cue) +// HS-8@4B377C +// int __fastcall sub_4B377C(int a1, char *a2) +// { +// char *v3; // eax +// int v4; // ebx +// HWND v6; // [esp-10h] [ebp-18h] +// unsigned int v7[2]; // [esp-Ch] [ebp-14h] BYREF +// int *v8; // [esp-4h] [ebp-Ch] +// char *v9; // [esp+4h] [ebp-4h] BYREF +// int savedregs; // [esp+8h] [ebp+0h] BYREF + +// v9 = a2; +// sub_4E2260(a2); +// v8 = &savedregs; +// v7[1] = (unsigned int)&loc_4B37CC; +// v7[0] = (unsigned int)NtCurrentTeb()->NtTib.ExceptionList; +// __writefsdword(0, (unsigned int)v7); +// v6 = (HWND)sub_49B474(a1); +// v3 = sub_4E2270(v9); +// v4 = sub_4BEAC4(v6, (LPARAM)v3); +// __writefsdword(0, v7[0]); +// v8 = (int *)&loc_4B37D3; +// sub_4E1DC0(&v9); +// return v4; +// } +// HS-1C@4BECCC +// LRESULT __fastcall sub_4BECCC(HWND hWnd, WPARAM wParam, LPARAM a3, int a4) +// { +// LPARAM lParam[10]; // [esp+8h] [ebp-28h] BYREF + +// lParam[2] = a3; +// lParam[5] = a4; +// return SendMessageA(hWnd, 0x102Eu, wParam, (LPARAM)lParam); +// } +bool ransel::attach_function() { + BYTE sig[]={ + XX, + XX, + 0x68,0x2e,0x10,0x00,0x00, + XX, + 0xe8,XX4 //SendMessageA->__imp_SendMessageA + }; + auto addr=MemDbg::findBytes(sig,sizeof(sig),processStartAddress,processStopAddress); + if(addr==0)return false; + addr=findfuncstart(addr,0x20); + if(addr==0)return false; + HookParam hp; + hp.address=addr; + hp.type=USING_STRING; + hp.offset=get_reg(regs::esi); + return NewHook(hp,"ransel"); +} diff --git a/cpp/LunaHook/LunaHook/engine32/ransel.h b/cpp/LunaHook/LunaHook/engine32/ransel.h new file mode 100644 index 00000000..10ebf2df --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/ransel.h @@ -0,0 +1,40 @@ + +// FILEVERSION 1,1,2,42 +// PRODUCTVERSION 1,1,2,42 +// FILEFLAGSMASK 0x3F +// FILEFLAGS 0x0 +// FILEOS VOS_UNKNOWN | VOS__WINDOWS32 +// FILETYPE VFT_APP +// FILESUBTYPE 0x0 +// { +// BLOCK "StringFileInfo" +// { +// BLOCK "041103A4" +// { +// VALUE "CompanyName", "" +// VALUE "FileDescription", "Adventure Game Engine" +// VALUE "FileVersion", "1.1.2.42" +// VALUE "InternalName", "ransel" +// VALUE "LegalCopyright", "Copyright (c) 2001-2002 苦魔鬼轟丸 KUMAKI,Todorokimaru all right reserved." +// VALUE "LegalTrademarks", "" +// VALUE "OriginalFilename", "ransel.exe" +// VALUE "ProductName", "ransel" +// VALUE "ProductVersion", "1.1" +// VALUE "Comments", "ranselとはランドセルの語源でオランダ語です。" +// } +// } +// BLOCK "VarFileInfo" +// { +// VALUE "Translation", 0x411, 932 +// } +// } + +class ransel:public ENGINE{ + public: + ransel(){ + is_engine_certain=false; + check_by=CHECK_BY::RESOURCE_STR; + check_by_target=L"Adventure Game Engine"; + }; + bool attach_function(); +}; \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine32/sakanagl.cpp b/cpp/LunaHook/LunaHook/engine32/sakanagl.cpp new file mode 100644 index 00000000..c670c3bc --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/sakanagl.cpp @@ -0,0 +1,20 @@ +#include"sakanagl.h" + +bool sakanagl::attach_function() { + //年上お姉さんを独り占めしたい! + //https://store.steampowered.com/app/2541470/__Possessing_My_Older_Sister/?l=japanese + HMODULE module = GetModuleHandleW(L"sakanagl.dll"); + if (module == 0)return false; + auto [minAddress, maxAddress] = Util::QueryModuleLimits(module); + BYTE bytes[] = { + 0x89,0x01,0x33,0xc9,0x85,0xdb + }; + auto addr = MemDbg::findBytes(bytes, sizeof(bytes), minAddress, maxAddress); + + ConsoleOutput("sakanagldll %p", addr); + HookParam hp; + hp.address = (DWORD)addr; + hp.offset=get_reg(regs::edx); + hp.type = USING_STRING|CODEC_UTF8|EMBED_ABLE|EMBED_AFTER_OVERWRITE; + return NewHook(hp, "sakanagldll"); +} \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine32/sakanagl.h b/cpp/LunaHook/LunaHook/engine32/sakanagl.h new file mode 100644 index 00000000..36efb172 --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/sakanagl.h @@ -0,0 +1,14 @@ + + +class sakanagl:public ENGINE{ + public: + sakanagl(){ + + check_by=CHECK_BY::CUSTOM; + is_engine_certain=false; + check_by_target=[](){ + return GetModuleHandleW(L"sakanagl.dll"); + }; + }; + bool attach_function(); +}; diff --git a/cpp/LunaHook/LunaHook/engine32/sakusesu.cpp b/cpp/LunaHook/LunaHook/engine32/sakusesu.cpp new file mode 100644 index 00000000..9161d4df --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/sakusesu.cpp @@ -0,0 +1,44 @@ +#include"sakusesu.h" + +bool sakusesu::attach_function() { + + +//if ((unsigned __int8)v1 >= 0x20u) +// { +// if ((unsigned __int8)v1 >= 0x80u) +// { +// if ((unsigned __int8)v1 >= 0xA0u) +// { +// if ((unsigned __int8)v1 < 0xC0u) + const BYTE bytesa0[] = { + 0x3C,0xA0,0x73 + }; + const BYTE bytesc0[] = { + 0x3C,0xc0,0x73 + }; + const BYTE bytes80[] = { + 0x3C,0x80,0x73 + }; + auto succ=false; + for (auto bs : { bytesa0,bytes80,bytesc0 }) { + auto addr = MemDbg::findBytes(bs, 3, processStartAddress, processStopAddress); + if (addr == 0)continue; + addr = MemDbg::findEnclosingAlignedFunction(addr); + if (addr == 0)continue; + HookParam hp; + hp.address = addr; + hp.offset=get_stack(1); + hp.type = USING_STRING; + succ|=NewHook(hp, "sakusesu"); + for (auto xrefaddr : findxref_reverse(addr, addr - 0x10000, addr + 0x10000)) { + xrefaddr = MemDbg::findEnclosingAlignedFunction(xrefaddr); + if (xrefaddr == 0)continue; + HookParam hp; + hp.address = xrefaddr; + hp.offset=get_stack(1); + hp.type = USING_STRING; + succ|=NewHook(hp, "sakusesu"); + } + } + return succ; +} \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine32/sakusesu.h b/cpp/LunaHook/LunaHook/engine32/sakusesu.h new file mode 100644 index 00000000..13c3d908 --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/sakusesu.h @@ -0,0 +1,13 @@ + + +class sakusesu:public ENGINE{ + public: + sakusesu(){ + //サクセス + + check_by=CHECK_BY::FILE; + check_by_target=L"SCRIPT/*.AFS"; + is_engine_certain=false; + }; + bool attach_function(); +}; \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine32/shyakunage.cpp b/cpp/LunaHook/LunaHook/engine32/shyakunage.cpp new file mode 100644 index 00000000..d68ad1ac --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/shyakunage.cpp @@ -0,0 +1,17 @@ +#include"shyakunage.h" + +bool shyakunage::attach_function() { + //しゃくなげ + const BYTE bytes[] = { + 0x25,0xff,0xff,0x00,0x00,0xc1,0xe8,0x04 + }; + auto addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStopAddress); + if (addr == 0)return false; + addr = MemDbg::findEnclosingAlignedFunction(addr); + if (addr == 0)return false; + HookParam hp; + hp.address = addr; + hp.offset=get_reg(regs::edx); + hp.type = USING_STRING; + return NewHook(hp, "shyakunage"); +} \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine32/shyakunage.h b/cpp/LunaHook/LunaHook/engine32/shyakunage.h new file mode 100644 index 00000000..56e85e50 --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/shyakunage.h @@ -0,0 +1,12 @@ + + +class shyakunage:public ENGINE{ + public: + shyakunage(){ + + check_by=CHECK_BY::FILE; + check_by_target=L"image.dat"; + is_engine_certain=false; + }; + bool attach_function(); +}; diff --git a/cpp/LunaHook/LunaHook/engine32/solfasys.cpp b/cpp/LunaHook/LunaHook/engine32/solfasys.cpp new file mode 100644 index 00000000..559de53a --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/solfasys.cpp @@ -0,0 +1,53 @@ +#include"solfasys.h" + +bool solfasys1() { + auto addr=MemDbg::findCallerAddressAfterInt3((DWORD)GetGlyphOutlineA,processStartAddress,processStopAddress); + ConsoleOutput("%p",addr); + if(!addr)return false; + addr=MemDbg::findShortJumpAddress(addr,processStartAddress,processStopAddress); + ConsoleOutput("%p",addr); + if(!addr)return false; + addr=MemDbg::findEnclosingAlignedFunction(addr,0x10);//actually only 2 + ConsoleOutput("%p",addr); + if(!addr)return false; + auto addrs=findxref_reverse_checkcallop(addr,processStartAddress,processStopAddress,0xe8); + if(addrs.size()!=2)return false; + addr=addrs[0]; + ConsoleOutput("%p",addr); + addr=MemDbg::findEnclosingAlignedFunction(addr); + ConsoleOutput("%p",addr); + if(!addr)return false; + HookParam hp; + hp.address=addr; + hp.type=CODEC_ANSI_BE|USING_CHAR; + hp.offset=get_stack(1); + return NewHook(hp,"solfasys"); +} + + +bool solfasys2() { + //https://vndb.org/v5173 + //Princess Fortissimo + auto addr=findiatcallormov((DWORD)GetGlyphOutlineA,processStartAddress,processStartAddress,processStopAddress); + ConsoleOutput("%p",addr); + if(!addr)return false; + addr=MemDbg::findEnclosingAlignedFunction(addr); + ConsoleOutput("%p",addr); + if(!addr)return false; + auto addrs=findxref_reverse_checkcallop(addr,processStartAddress,processStopAddress,0xe8); + if(addrs.size()!=2)return false; + addr=addrs[1];//仅这作是第一个,其他作都是第二个 + ConsoleOutput("%p",addr); + addr=MemDbg::findEnclosingAlignedFunction(addr); + ConsoleOutput("%p",addr); + if(!addr)return false; + HookParam hp; + hp.address=addr; + hp.type=CODEC_ANSI_BE|USING_CHAR; + hp.offset=get_stack(1); + return NewHook(hp,"solfasys"); +} + +bool solfasys::attach_function() { + return solfasys1()||solfasys2(); +} \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine32/solfasys.h b/cpp/LunaHook/LunaHook/engine32/solfasys.h new file mode 100644 index 00000000..533c385b --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/solfasys.h @@ -0,0 +1,66 @@ + +//https://vndb.org/v5183 +//朝っぱらから発情家族 + +/* +{ + BLOCK "StringFileInfo" + { + BLOCK "041104b0" + { + VALUE "Comments", "Solfa Novel System(Based on STUDIO SELDOM Adventure System Version 5.29/(c)AKIYAMA Kouhei)" + VALUE "CompanyName", "sol-fa-soft" + VALUE "FileDescription", "solfasys" + VALUE "FileVersion", "5, 29, 0, 0" + VALUE "InternalName", "solfasys" + VALUE "LegalCopyright", "sol-fa-soft" + VALUE "OriginalFilename", "solfasys.exe" + VALUE "ProductName", "solfa25" + VALUE "ProductVersion", "5, 29, 0, 0" + } + } + BLOCK "VarFileInfo" + { + VALUE "Translation", 0x411, 1200 + } +} +*/ + +//https://vndb.org/v5175 +//ななちゃんといっしょ + +/* +{ + BLOCK "StringFileInfo" + { + BLOCK "041104b0" + { + VALUE "Comments", "Solfa Standard Novel System(Based on STUDIO SELDOM Adventure System Version 5.20/(c)AKIYAMA Kouhei)" + VALUE "CompanyName", "sol-fa-soft" + VALUE "FileDescription", "solfasys" + VALUE "FileVersion", "1, 0, 0, 0" + VALUE "InternalName", "solfasys" + VALUE "LegalCopyright", "sol-fa-soft" + VALUE "OriginalFilename", "solfasys.exe" + VALUE "ProductName", "solfasys" + VALUE "ProductVersion", "1, 0, 0, 0" + } + } + BLOCK "VarFileInfo" + { + VALUE "Translation", 0x411, 1200 + } +} +*/ +class solfasys:public ENGINE{ + public: + solfasys(){ + + check_by=CHECK_BY::CUSTOM; + check_by_target=[](){ + return Util::SearchResourceString(L"Solfa Novel System")||Util::SearchResourceString(L"Solfa Standard Novel System"); + }; + is_engine_certain=false; + }; + bool attach_function(); +}; \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine32/splushwave.cpp b/cpp/LunaHook/LunaHook/engine32/splushwave.cpp new file mode 100644 index 00000000..9427b12a --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/splushwave.cpp @@ -0,0 +1,43 @@ +#include"splushwave.h" +bool splushwave_(const char* buf,int size){ + auto addr = MemDbg::findBytes(buf, size, processStartAddress, processStopAddress); + ConsoleOutput("%p",addr); + if(addr==0)return false; + addr=MemDbg::findPushAddress(addr,processStartAddress, processStopAddress); + ConsoleOutput("%p",addr); + if(addr==0)return false; + addr=MemDbg::findEnclosingAlignedFunction(addr); + ConsoleOutput("%p",addr); + if(addr==0)return false; + HookParam hp; + hp.address=addr; + hp.offset=get_reg(regs::eax); + hp.type=USING_STRING; + hp.filter_fun=[](void* data, size_t* len, HookParam* hp){ + /* +[VID_Z_RIZ_016]リーゼロッテ「知ってるわ。でも、これから徐々に――」 +提督「強くなれないのに強敵と戦うのか? それではいつか死ぬだけだ」 +#STM:リーゼロッテ_怒り[VID_Z_RIZ_017]リーゼロッテ「…………」 +提督「プリンセスクラスとは名ばかりで、今のままでは、君は使い物にならないと上層部は思っている」 +[VID_Z_RIZ_018]リーゼロッテ「評価なんて、覆せばいいだけよ」 +提督「その通りだ。上層部が考えを改めるほどに、俺が君を強くする」 + +#EVENT_FLAG_ON:E_OP_終了#BGM_FADEOUT#FADE_SET#FADEOUT_BK +#BGM:KM_強化#FADE_SET#MES_CLR#MES_OFF#CG_CLR#BG:調教部屋#FADE_IN +*/ + if(*len==0)return false; + if((*(char*)data)=='#')return false; + StringFilterBetween((char*)data,len,"[",1,"]",1); + return true; + }; + return NewHook(hp,"splushwave"); +} +bool splushwave::attach_function() { + //https://vndb.org/r113134 + //天色戦姫 体験版 https://gyutto.com/i/item128979?select_uaflag=1 + char aErrMesbufS[]="err:mesbuf %s\0"; + //ドラゴンアカデミー http://gyutto.com/i/item98617?select_uaflag=1 + //ドラゴンアカデミー3 http://gyutto.com/i/item208616?select_uaflag=1 + char aCidS[]="CID_%s\0"; + return splushwave_(aErrMesbufS,sizeof(aErrMesbufS)) | splushwave_(aCidS,sizeof(aCidS)); +} \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine32/splushwave.h b/cpp/LunaHook/LunaHook/engine32/splushwave.h new file mode 100644 index 00000000..f1857188 --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/splushwave.h @@ -0,0 +1,12 @@ + + +class splushwave:public ENGINE{ + public: + splushwave(){ + + check_by=CHECK_BY::RESOURCE_STR; + check_by_target=L"splush wave"; + is_engine_certain=false; + }; + bool attach_function(); +}; \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine32/tamasoft.cpp b/cpp/LunaHook/LunaHook/engine32/tamasoft.cpp new file mode 100644 index 00000000..dd86925a --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/tamasoft.cpp @@ -0,0 +1,9 @@ +#include"tamasoft.h" +bool tamasoft::attach_function() { + HookParam hp; + hp.address=(DWORD)TextOutA; + hp.offset=get_stack(4); + hp.split=get_stack(4); + hp.type=USING_STRING|USING_SPLIT; + return NewHook(hp,"tamasoft"); +} \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine32/tamasoft.h b/cpp/LunaHook/LunaHook/engine32/tamasoft.h new file mode 100644 index 00000000..7bca340f --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/tamasoft.h @@ -0,0 +1,12 @@ + + +class tamasoft:public ENGINE{ + public: + tamasoft(){ + //世界ノ全テノ全テ 通常版 + //https://vndb.org/r21299 + check_by=CHECK_BY::FILE_ALL; + check_by_target=check_by_list{L"ac.acv",L"bg.acv",L"char.acv",L"ed.acv",L"info.acv",L"op.acv",L"se.acv",L"snr.acv",L"voice.acv"}; + }; + bool attach_function(); +}; \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine32/utawarerumono.cpp b/cpp/LunaHook/LunaHook/engine32/utawarerumono.cpp new file mode 100644 index 00000000..d2fa83e0 --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/utawarerumono.cpp @@ -0,0 +1,55 @@ +#include"utawarerumono.h" + +bool utawarerumonoh() { + const BYTE bytes[] = { + 0x80,XX,0x5C, + 0x75 + //*a2 != 92 || a2[1] != 107 + }; + const BYTE bytes2[] = { + 0x80,XX,XX,XX,0x5C, + 0x75 + }; + auto addr1 = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStopAddress); + auto addr2 = MemDbg::findBytes(bytes2, sizeof(bytes2), processStartAddress, processStopAddress); + auto succ=false; + for (auto addr : { addr1,addr2 }) { + if (addr == 0)continue; + const BYTE funcstart[] = { + 0x51,0x53 + }; + addr = reverseFindBytes(funcstart, sizeof(funcstart), addr - 0x100, addr); + if (addr == 0)return false; + HookParam hp; + hp.address = addr; + hp.offset=get_stack(1); + hp.type = CODEC_UTF8 | USING_STRING | NO_CONTEXT; + ConsoleOutput("utawarerumono"); + succ|=NewHook(hp, "utawarerumono"); + } + return succ; +} +bool utawarerumonoh2() { + const BYTE bytes2[] = { + 0x8b,0xca, + 0xc1,0xe9,0x02, + 0xf3,0xa5 + }; + auto addr2 = Util::SearchMemory(bytes2, sizeof(bytes2),PAGE_EXECUTE, processStartAddress, processStopAddress); + auto succ=false; + for (auto addr : addr2) { + HookParam hp; + hp.address = addr+2; + hp.offset=get_reg(regs::esi); + hp.type = CODEC_UTF8 | USING_STRING|NO_CONTEXT; + ConsoleOutput("utawarerumono %p",addr); + succ|=NewHook(hp, "utawarerumono"); + } + return succ; +} + +bool utawarerumono::attach_function() { + bool b1=utawarerumonoh(); + bool b2=utawarerumonoh2(); + return b1||b2; +} \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine32/utawarerumono.h b/cpp/LunaHook/LunaHook/engine32/utawarerumono.h new file mode 100644 index 00000000..fb005100 --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine32/utawarerumono.h @@ -0,0 +1,12 @@ + + +class utawarerumono:public ENGINE{ + public: + utawarerumono(){ + + check_by=CHECK_BY::FILE; + check_by_target=L"Data/*.sdat"; + is_engine_certain=false; + }; + bool attach_function(); +}; \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine64/5pb.cpp b/cpp/LunaHook/LunaHook/engine64/5pb.cpp new file mode 100644 index 00000000..56df75d1 --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine64/5pb.cpp @@ -0,0 +1,31 @@ +#include "5pb.h" +#include "mages/mages.h" +namespace +{ + // https://vndb.org/v46553 + // 新宿葬命 + bool _strncat() + { + HookParam hp; + hp.address = (uintptr_t)GetProcAddress(GetModuleHandleA("ucrtbase.dll"), "strncat"); + hp.type = USING_STRING | CODEC_UTF8 | NO_CONTEXT | USING_SPLIT; + hp.offset = get_stack(2); + hp.split = get_stack(1); + hp.length_offset = 3; + hp.filter_fun = [](void *data, size_t *len, HookParam *hp) + { + auto s = std::string((char *)data, *len); + strReplace(s, "%N", "\n"); + // sub_140096E80 + //%I %B %C %R( %Z %% + return write_string_overwrite(data, len, s); + }; + return NewHook(hp, "strncat"); + } +} +bool _5pb::attach_function() +{ + // CHAOS;HEAD_NOAH + bool b3 = hookmages::MAGES(); + return b3 || _strncat(); +} \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine64/5pb.h b/cpp/LunaHook/LunaHook/engine64/5pb.h new file mode 100644 index 00000000..ad52fcaa --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine64/5pb.h @@ -0,0 +1,13 @@ + + +class _5pb : public ENGINE +{ +public: + _5pb() + { + is_engine_certain = false; + check_by = CHECK_BY::FILE_ANY; + check_by_target = check_by_list{L"data\\*.cpk", L"*.cpk"}; + }; + bool attach_function(); +}; diff --git a/cpp/LunaHook/LunaHook/engine64/AGES7.cpp b/cpp/LunaHook/LunaHook/engine64/AGES7.cpp new file mode 100644 index 00000000..4beb47fa --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine64/AGES7.cpp @@ -0,0 +1,88 @@ +#include "AGES7.h" +namespace +{ + // Muv-Luv Alternative - Total Eclipse + // https://vndb.org/v7052 + bool _1() + { + // HSN65001#-44@234699:te-win64vc14-release.exe + BYTE b1[] = { + 0x48, XX2, 0xb0, 0xfe, 0xff, 0xff, + 0x4c, XX2, 0xb8, 0x01, 0x00, 0x00 + + }; + auto addr = MemDbg::findBytes(b1, sizeof(b1), processStartAddress, processStopAddress); + if (addr == 0) + return false; + HookParam hp; + hp.address = addr; + hp.type = USING_STRING | CODEC_UTF8 | NO_CONTEXT; + hp.offset = get_reg(regs::rdi); + auto succ = NewHook(hp, "Ages7_1"); + if (addr = MemDbg::findEnclosingAlignedFunction(addr)) + { + hp.address = addr; + hp.type = USING_STRING | CODEC_UTF8 | NO_CONTEXT; + hp.offset = get_reg(regs::rbx); + succ |= NewHook(hp, "Ages7_3"); + } + return succ; + } + bool _2() + { + // HSN65001#-44@2346AC:te-win64vc14-release.exe + BYTE b1[] = { + 0x48, XX2, 0x10, + 0x48, XX2, 0xb0, 0x01, 0x00, 0x00, + XX2, 0xc0, 0x08, 0x00, 0x00}; + auto addr = MemDbg::findBytes(b1, sizeof(b1), processStartAddress, processStopAddress); + if (addr == 0) + return false; + HookParam hp; + hp.address = addr; + hp.type = USING_STRING | CODEC_UTF8 | NO_CONTEXT; + hp.offset = get_reg(regs::rdi); + auto suc = NewHook(hp, "Ages7_2"); + if (addr = MemDbg::findEnclosingAlignedFunction(addr)) + { + hp.address = addr; + hp.type = USING_STRING | CODEC_UTF8 | NO_CONTEXT; + hp.offset = get_reg(regs::rbx); + suc |= NewHook(hp, "Ages7_3"); + } + return suc; + } + bool _3() + { + // HSN65001#-14@3D9814:te-win64vc14-release.exe + BYTE b1[] = { + 0x48, 0x8b, 0x1b, + 0x48, 0x8b, 0x01, + 0x48, 0x8b, 0xd3, + 0xff, 0x10, + 0x48, 0x8b, 0x45, 0xc8, + 0x48, 0x8b, 0x4d, 0xc0, + 0x48, 0x2b, 0xc1, + 0x48, 0xc1, 0xf8, 0x03, + 0x48, 0x85, 0xc0}; + auto addr = MemDbg::findBytes(b1, sizeof(b1), processStartAddress, processStopAddress); + if (addr == 0) + return false; + HookParam hp; + hp.address = addr + 3; + hp.type = USING_STRING | CODEC_UTF8 | NO_CONTEXT; + hp.offset = get_reg(regs::rbx); + return NewHook(hp, "Ages7_4"); + } + bool all() + { + auto _ = _1(); + _ = _2() || _; + _ = _3() || _; + return _; + } +} +bool AGES7::attach_function() +{ + return all(); +} \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine64/AGES7.h b/cpp/LunaHook/LunaHook/engine64/AGES7.h new file mode 100644 index 00000000..41d8c640 --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine64/AGES7.h @@ -0,0 +1,13 @@ + + +class AGES7 : public ENGINE +{ +public: + AGES7() + { + + check_by = CHECK_BY::FILE_ALL; + check_by_target = check_by_list{L"obb\\pack.bin", L"erc_nospfx.dll"}; + }; + bool attach_function(); +}; \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine64/Artemis.cpp b/cpp/LunaHook/LunaHook/engine64/Artemis.cpp new file mode 100644 index 00000000..ddd9b1ed --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine64/Artemis.cpp @@ -0,0 +1,111 @@ +#include "Artemis.h" + +bool InsertArtemisHook() +{ + + /* + * Sample games: + * https://vndb.org/v45247 + */ + const BYTE bytes[] = { + 0xCC, // int 3 + 0x40, 0x57, // push rdi <- hook here + 0x48, 0x83, 0xEC, 0x40, // sub rsp,40 + 0x48, 0xC7, 0x44, 0x24, 0x30, XX4, // mov qword ptr [rsp+30],FFFFFFFFFFFFFFFE + 0x48, 0x89, 0x5C, 0x24, 0x50 // mov [rsp+50],rbx + }; + + for (auto addr : Util::SearchMemory(bytes, sizeof(bytes), PAGE_EXECUTE, processStartAddress, processStopAddress)) + { + HookParam hp; + hp.address = addr + 1; + hp.offset = get_reg(regs::rdx); + hp.type = USING_STRING | CODEC_UTF8 | NO_CONTEXT; + ConsoleOutput("INSERT Artemis Hook "); + return NewHook(hp, "Artemis"); + } + + ConsoleOutput("Artemis: pattern not found"); + return false; +} +bool Artemis64() +{ + + const BYTE BYTES[] = { + 0x48, 0x89, 0x5C, 0x24, 0x20, 0x55, 0x56, 0x57, 0x41, 0x54, 0x41, 0x55, 0x41, 0x56, 0x41, 0x57, 0x48, 0x83, 0xec, 0x60 + //__int64 __fastcall sub_14017A760(__int64 a1, char *a2, char **a3) + // FLIP FLOP IO + }; + auto addrs = Util::SearchMemory(BYTES, sizeof(BYTES), PAGE_EXECUTE_READ, processStartAddress, processStopAddress); + for (auto addr : addrs) + { + char info[1000] = {}; + ConsoleOutput("InsertArtemis64Hook %p", addr); + HookParam hp; + hp.address = addr; + hp.type = CODEC_UTF8 | USING_STRING | EMBED_ABLE | EMBED_AFTER_NEW; + hp.offset = get_reg(regs::rdx); // rdx + return NewHook(hp, "Artemis64"); + } + + ConsoleOutput("InsertArtemis64Hook failed"); + return false; +} + +bool Artemis64x() +{ + // https://vndb.org/v50832 + // きら☆かの 体验版 + + /* + __int64 __fastcall sub_1401B13F0(__int64 a1, unsigned __int64 a2, char **a3) + v4 = (char *)a2; + v9 = *v4; + if ( (unsigned __int8)(v9 + 95) <= 0x53u || (_BYTE)v9 == 0x8E ) + else if ( v8 == 2 && (v9 & 0x80u) != 0 ) + else if ( ((unsigned __int8)v9 ^ 0x20u) - 161 < 0x3C ) + if ( (unsigned __int8)(a2 - 65) > 0x19u && (unsigned __int8)(a2 - 97) > 0x19u ) + if ( (unsigned __int8)(*v4 + 95) > 0x53u && *v4 != -114 ) + */ + + // else if ( ((unsigned __int8)v9 ^ 0x20u) - 161 < 0x3C ) + /* + .text:00000001401B1477 movzx eax, dl +.text:00000001401B147A xor eax, 20h +.text:00000001401B147D sub eax, 0A1h +.text:00000001401B1482 cmp eax, 3Ch ; '<' +.text:00000001401B1485 jnb loc_1401B1510 + */ + + const BYTE BYTES[] = { + 0x0f, 0xb6, 0xc2, + 0x83, 0xf0, 0x20, + 0x2d, 0xa1, 0x00, 0x00, 0x00, + 0x83, 0xf8, 0x3c, + 0x0f, 0x83, XX4 + + }; + auto succ = false; + auto addrs = Util::SearchMemory(BYTES, sizeof(BYTES), PAGE_EXECUTE_READ, processStartAddress, processStopAddress); + for (auto addr : addrs) + { + BYTE start[] = {0xCC, 0xCC, 0x48, 0x89}; + addr = reverseFindBytes(start, sizeof(start), addr - 0x200, addr); + if (!addr) + continue; + HookParam hp; + hp.address = addr + 2; + hp.type = CODEC_UTF8 | USING_STRING | EMBED_ABLE | EMBED_AFTER_NEW | USING_SPLIT | NO_CONTEXT; + hp.offset = get_reg(regs::rdx); + hp.split = get_reg(regs::rcx); + succ |= NewHook(hp, "Artemis64x"); + } + + return succ; +} +bool Artemis::attach_function() +{ + bool b1 = Artemis64(); + b1 = InsertArtemisHook() || b1; + return b1 || Artemis64x(); +} \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine64/Artemis.h b/cpp/LunaHook/LunaHook/engine64/Artemis.h new file mode 100644 index 00000000..95d97d2e --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine64/Artemis.h @@ -0,0 +1,13 @@ + + +class Artemis : public ENGINE +{ +public: + Artemis() + { + + check_by = CHECK_BY::FILE; + check_by_target = L"*.pfs"; + }; + bool attach_function(); +}; \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine64/CMVS.cpp b/cpp/LunaHook/LunaHook/engine64/CMVS.cpp new file mode 100644 index 00000000..6e715e30 --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine64/CMVS.cpp @@ -0,0 +1,65 @@ +#include "CMVS.h" +namespace +{ + bool EMbed() + { + // 有多个,但是只有最后一个是有效的 + const uint8_t bytes[] = { + 0xB8, 0x42, 0x81, 0x00, 0x00, + 0x66, XX2, 0x74, XX, + 0xB8, 0x76, 0x81, 0x00, 0x00, + 0x66, XX2, 0x74, XX, + 0xB8, 0x78, 0x81, 0x00, 0x00, + 0x66, XX2, 0x74, XX}; + bool res = false; + auto addr = processStartAddress; + + std::vector already; + + while (addr) + { + addr = MemDbg::findBytes(bytes, sizeof(bytes), addr + 1, processStopAddress); + if (addr == 0) + continue; + auto f = MemDbg::findEnclosingAlignedFunction(addr); + if (f == 0) + continue; + if (std::find(already.begin(), already.end(), f) != already.end()) + continue; + already.push_back(f); + } + if (already.size()) + { + HookParam hp; + hp.address = already.back(); + hp.offset = get_reg(regs::rdx); + + hp.type = EMBED_ABLE | USING_STRING | EMBED_AFTER_NEW | EMBED_DYNA_SJIS; + hp.hook_font = F_GetGlyphOutlineA; + res |= NewHook(hp, "EmbedCMVS"); + } + return res; + } + + bool CMVSh() + { + + DWORD align = 0xCCCCCCCC; + auto addr = MemDbg::findCallerAddress((uintptr_t)::GetGlyphOutlineA, align, processStartAddress, processStopAddress); + if (!addr) + return false; + + HookParam hp; + hp.address = addr + 4; + hp.offset = get_reg(regs::r8); + hp.type = CODEC_ANSI_BE; + + return NewHook(hp, "CMVS"); + } +} +bool CMVS::attach_function() +{ + bool b1 = CMVSh(); + bool b2 = EMbed(); + return b1 || b2; +} \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine64/CMVS.h b/cpp/LunaHook/LunaHook/engine64/CMVS.h new file mode 100644 index 00000000..65fca6a2 --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine64/CMVS.h @@ -0,0 +1,19 @@ + + +class CMVS : public ENGINE +{ +public: + CMVS() + { + + check_by = CHECK_BY::FILE; + check_by_target = L"data\\pack\\*.cpz"; + + // jichi 8/19/2013: DO NOT WORK for games like「ハピメア」 + // if (wcsstr(str,L"cmvs32") || wcsstr(str,L"cmvs64")) { + // InsertCMVSHook(); + // return true; + //} + }; + bool attach_function(); +}; \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine64/Godot.cpp b/cpp/LunaHook/LunaHook/engine64/Godot.cpp new file mode 100644 index 00000000..d15dc74a --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine64/Godot.cpp @@ -0,0 +1,69 @@ +#include "Godot.h" + +bool InsertGodotHook_X64() +{ + const BYTE bytes[] = {0x8B, 0x40, 0xFC, 0x83, 0xF8, 0x01, 0x83, 0xD0, 0xFF, 0x41, 0x39, 0xC6}; + + ULONG64 range = min(processStopAddress - processStartAddress, MAX_REL_ADDR); + for (auto addr : Util::SearchMemory(bytes, sizeof(bytes), PAGE_EXECUTE, processStartAddress, processStartAddress + range)) + { + HookParam myhp; + myhp.address = addr; + + myhp.type = USING_STRING | CODEC_UTF16 | NO_CONTEXT; // /HQ 不使用上下文区分 把所有线程的文本都提取 + // myhp.padding = 0xc;//[esp+4]+padding + // data_offset + myhp.offset = get_reg(regs::rax); + myhp.text_fun = [](hook_stack *stack, HookParam *hp, TextBuffer *buffer, uintptr_t *split) + { + int len = *(int *)(stack->rax - 4); + if (len != wcslen((wchar_t *)stack->rax)) + return; + buffer->from(stack->rax, len*2); + }; + char nameForUser[HOOK_NAME_SIZE] = "RichTextLabel_add_text"; + + ConsoleOutput("Insert: Godot_add_text_X64 Hook "); + return NewHook(myhp, nameForUser); + } + + ConsoleOutput("Godot_x64: pattern not found"); + return false; +} +bool InsertGodotHook2_X64() +{ + + /* + * Sample games: + * https://vndb.org/r109138 + */ + const BYTE bytes[] = { + 0x48, 0x8B, 0x94, 0x24, XX4, // mov rdx,[rsp+000001C0] <- hook here + 0x4C, 0x89, 0xE1, // mov rcx,r12 + 0xE8, XX4, // call NULL-Windows.exe+D150 + 0x49, 0x8B, 0x06, // mov rax,[r14] + 0x48, 0x85, 0xC0, // test rax,rax + 0x0F, 0x85, XX4 // jne NULL-Windows.exe+A359D4 + + }; + + ULONG64 range = min(processStopAddress - processStartAddress, X64_MAX_REL_ADDR); + for (auto addr : Util::SearchMemory(bytes, sizeof(bytes), PAGE_EXECUTE, processStartAddress, processStartAddress + range)) + { + HookParam hp; + hp.address = addr; + hp.offset = get_reg(regs::rcx); + hp.type = USING_STRING | CODEC_UTF16; + ConsoleOutput("INSERT Godot2_x64 Hook "); + return NewHook(hp, "Godot2_x64"); + } + + ConsoleOutput("Godot2_x64: pattern not found"); + return false; +} +bool Godot::attach_function() +{ + auto _ = InsertGodotHook_X64(); + _ = InsertGodotHook2_X64() || _; + return _; +} \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine64/Godot.h b/cpp/LunaHook/LunaHook/engine64/Godot.h new file mode 100644 index 00000000..c86ad2a6 --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine64/Godot.h @@ -0,0 +1,13 @@ + + +class Godot : public ENGINE +{ +public: + Godot() + { + + check_by = CHECK_BY::FILE; + check_by_target = L"*.pck"; + }; + bool attach_function(); +}; diff --git a/cpp/LunaHook/LunaHook/engine64/Kincaid.cpp b/cpp/LunaHook/LunaHook/engine64/Kincaid.cpp new file mode 100644 index 00000000..de22cdf0 --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine64/Kincaid.cpp @@ -0,0 +1,42 @@ +#include "Kincaid.h" +namespace +{ + bool _1() + { + // .text:0000000140230D80 mov rsi, rax + // .text:0000000140230D83 mov edx, 1 + // .text:0000000140230D88 mov rcx, rdi + // .text:0000000140230D8B call sub_1402B35B0 + // .text:0000000140230D90 lea ebx, [rax-1] + // .text:0000000140230D93 mov edx, 2 + // .text:0000000140230D98 mov rcx, rdi + // .text:0000000140230D9B call sub_1402B35B0 + BYTE b1[] = { + 0x48, 0x8b, 0xf0, + 0xba, 0x01, 0x00, 0x00, 0x00, + 0x48, 0x8b, 0xcf, + 0xe8, XX4, + 0x8d, 0x58, 0xff, + 0xba, 0x02, 0x00, 0x00, 0x00, + 0x48, 0x8b, 0xcf, + 0xe8, XX4}; + auto addr = MemDbg::findBytes(b1, sizeof(b1), processStartAddress, processStopAddress); + if (addr == 0) + return false; + HookParam hp; + hp.address = addr; + hp.type = USING_STRING | CODEC_UTF8; + hp.offset = get_reg(regs::rax); + hp.text_fun = [](hook_stack *stack, HookParam *hp, TextBuffer *buffer, uintptr_t *split) + { + if (stack->retaddr == (DWORD)-1){ + buffer->from_cs((char *)stack->rax); + } + }; + return NewHook(hp, "Kincaid"); + } +} +bool Kincaid::attach_function() +{ + return _1(); +} \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine64/Kincaid.h b/cpp/LunaHook/LunaHook/engine64/Kincaid.h new file mode 100644 index 00000000..387492c4 --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine64/Kincaid.h @@ -0,0 +1,42 @@ + +// FILEVERSION 0,0,0,1 +// PRODUCTVERSION 0,0,0,1 +// FILEFLAGSMASK 0x3F +// FILEFLAGS 0x0 +// FILEOS VOS_UNKNOWN | VOS__WINDOWS32 +// FILETYPE VFT_DLL +// FILESUBTYPE 0x0 +// { +// BLOCK "StringFileInfo" +// { +// BLOCK "080904b0" +// { +// VALUE "CompanyName", "Cookiedraggy" +// VALUE "FileDescription", "The Adventures of Kincaid" +// VALUE "FileVersion", "0.0.0.1" +// VALUE "LegalCopyright", "(c) 2019 Cookiedraggy" +// VALUE "PrivateBuild", "01.00.00.00" +// VALUE "ProductName", "The Adventures of Kincaid" +// VALUE "ProductVersion", "0.0.0.1" +// } +// } +// BLOCK "VarFileInfo" +// { +// VALUE "Translation", 0x809, 1200 +// } +// } + +class Kincaid : public ENGINE +{ +public: + Kincaid() + { + + check_by = CHECK_BY::CUSTOM; + check_by_target = []() + { + return Util::SearchResourceString(L"Cookiedraggy") || Util::SearchResourceString(L"The Adventures of Kincaid"); + }; + }; + bool attach_function(); +}; \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine64/KiriKiri.cpp b/cpp/LunaHook/LunaHook/engine64/KiriKiri.cpp new file mode 100644 index 00000000..2f3cdd5d --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine64/KiriKiri.cpp @@ -0,0 +1,70 @@ +#include "KiriKiri.h" +bool InsertKiriKiriZHook() +{ + + /* + * Sample games: + * RJ351843 + */ + const BYTE bytes[] = { + 0xCC, // int 3 + 0x4C, 0x89, 0x44, 0x24, 0x18, // mov [rsp+18],r8 <- hook here + 0x48, 0x89, 0x54, 0x24, 0x10, // mov [rsp+10],rdx + 0x53, // push rbx + 0x56, // push rsi + 0x57, // push rdi + 0x41, 0x54, // push r12 + 0x41, 0x55, // push r13 + 0x41, 0x56, // push r14 + 0x41, 0x57, // push r15 + 0x48, 0x83, 0xEC, 0x40, // sub rsp,40 + 0x48, 0xC7, 0x44, 0x24, 0x30, 0xFE, 0xFF, 0xFF, 0xFF // mov qword ptr [rsp+30],FFFFFFFFFFFFFFFE + }; + + ULONG64 range = min(processStopAddress - processStartAddress, X64_MAX_REL_ADDR); + for (auto addr : Util::SearchMemory(bytes, sizeof(bytes), PAGE_EXECUTE, processStartAddress, processStartAddress + range)) + { + HookParam hp; + hp.address = addr + 1; + hp.offset = get_reg(regs::rcx); + hp.index = 0x18; + hp.type = CODEC_UTF16 | DATA_INDIRECT; + return NewHook(hp, "KiriKiriZ"); + } + return false; +} +bool Insertkrkrz64Hook() +{ + const BYTE BYTES[] = { + 0x41, 0x0F, 0xB7, 0x44, 0x24, 0x04, + 0x89, 0x43, 0x20, + 0x41, 0x0F, 0xB7, 0x44, 0x24, 0x06, + 0x89, 0x43, 0x24, + 0x41, 0x0F, 0xBF, 0x44, 0x24, 0x0C, + 0x89, 0x43, 0x14}; + auto addrs = Util::SearchMemory(BYTES, sizeof(BYTES), PAGE_EXECUTE_READ, processStartAddress, processStopAddress); + ConsoleOutput("%p %p", processStartAddress, processStopAddress); + for (auto addr : addrs) + { + ConsoleOutput("krkrz64 %p", addr); + const BYTE funcstart[] = {0xcc, 0xcc, 0xcc, 0xcc}; + addr = reverseFindBytes(funcstart, sizeof(funcstart), addr - 0x1000, addr); + if (addr == 0) + continue; + addr += 4; + HookParam hp; + hp.address = addr; + hp.type = CODEC_UTF16 | DATA_INDIRECT; + hp.offset = get_reg(regs::rcx); + hp.index = 0x18; + ConsoleOutput("krkrz64 %p %x", addr); + return NewHook(hp, "krkrz64"); + } + + ConsoleOutput("krkrz64 failed"); + return false; +} +bool KiriKiri::attach_function() +{ + return Insertkrkrz64Hook() || InsertKiriKiriZHook(); +} diff --git a/cpp/LunaHook/LunaHook/engine64/KiriKiri.h b/cpp/LunaHook/LunaHook/engine64/KiriKiri.h new file mode 100644 index 00000000..50f51cca --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine64/KiriKiri.h @@ -0,0 +1,17 @@ + + +class KiriKiri : public ENGINE +{ +public: + KiriKiri() + { + + check_by = CHECK_BY::CUSTOM; + is_engine_certain = false; + check_by_target = []() + { + return Util::CheckFile(L"*.xp3") || Util::SearchResourceString(L"TVP(KIRIKIRI)"); + }; + }; + bool attach_function(); +}; diff --git a/cpp/LunaHook/LunaHook/engine64/LightVN.cpp b/cpp/LunaHook/LunaHook/engine64/LightVN.cpp new file mode 100644 index 00000000..1f277342 --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine64/LightVN.cpp @@ -0,0 +1,191 @@ +#include "LightVN.h" +namespace +{ + bool _1() + { + // void __fastcall sub_1404B7960(void **Src) + // HQ-1C*0@4B7960:LightApp.exe + const BYTE BYTES[] = { + 0x90, + XX4, + XX4, + 0x48, 0x8b, 0xce, + 0xe8, XX4, + 0x90, + 0x48, 0x8b, XX2, + 0x48, 0x83, 0xfa, 0x08, + 0x72, 0x36, + 0x48, 0x8D, 0x14, 0x55, 0x02, 0x00, 0x00, 0x00, + 0x48, 0x8b, XX2, + 0x48, 0x8b, 0xc1, + 0x48, 0x81, 0xFA, 0x00, 0x10, 0x00, 0x00, + 0x72, 0x19, + 0x48, 0x83, 0xC2, 0x27, + 0x48, 0x8b, XX2, + 0x48, 0x2b, 0xc1, + 0x48, 0x83, 0xC0, 0xF8, + 0x48, 0x83, 0xF8, 0x1F, + 0x0f, 0x87, XX4, + 0xe8, XX4 + + }; + auto suc = false; + auto addrs = Util::SearchMemory(BYTES, sizeof(BYTES), PAGE_EXECUTE, processStartAddress, processStopAddress); + for (auto addr : addrs) + { + ConsoleOutput("LightVN %p", addr); + const BYTE aligned[] = {0xCC, 0xCC, 0xCC, 0xCC}; + addr = reverseFindBytes(aligned, sizeof(aligned), addr - 0x100, addr); + if (addr == 0) + continue; + addr += 4; + ConsoleOutput("LightVN %p", addr); + HookParam hp; + hp.address = addr; + hp.type = CODEC_UTF16 | USING_STRING | DATA_INDIRECT; + hp.index = 0; + hp.offset = get_reg(regs::rcx); + hp.filter_fun = [](void *data, size_t *len, HookParam *hp) + { + std::wstring s((wchar_t *)data, *len / 2); + if (s.substr(s.size() - 2, 2) == L"\\w") + *len -= 4; + return true; + }; + suc |= NewHook(hp, "LightVN"); + } + return suc; + } + bool _2() + { + // 有太多乱的输出了,而且基本不需要它,所以先放到后面。 + + BYTE sig[] = { + 0x48, XX, 0xFE, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x7F, + 0x48, 0x3B, 0xC3, + 0x76, XX, + 0x48, XX, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x7F}; + auto addr = MemDbg::findBytes(sig, sizeof(sig), processStartAddress, processStopAddress); + if (addr == 0) + return 0; + addr = MemDbg::findEnclosingAlignedFunction(addr); + if (addr == 0) + return 0; + HookParam hp; + hp.address = addr; + hp.type = CODEC_UTF16 | USING_STRING; + hp.offset = get_stack(6); + hp.filter_fun = [](void *data, size_t *len, HookParam *hp) + { + if (all_ascii((wchar_t *)data, *len)) + return false; + // 高架下に広がる[瀟洒]<しょうしゃ>な店内には、あたしたちのような学生の他に、 + auto str = std::wstring(reinterpret_cast(data), *len / 2); + auto filterpath = { + L".rpy", L".rpa", L".py", L".pyc", L".txt", + L".png", L".jpg", L".bmp", + L".mp3", L".ogg", + L".webm", L".mp4", + L".otf", L".ttf", L"Data/"}; + for (auto _ : filterpath) + if (str.find(_) != str.npos) + return false; + str = std::regex_replace(str, std::wregex(L"\\[(.*?)\\]<(.*?)>"), L"$1"); + return write_string_overwrite(data, len, str); + }; + return NewHook(hp, "LightVN2"); + } +} +namespace +{ + bool commonfilter(LPVOID data, size_t *size, HookParam *) + { + auto str = std::wstring((wchar_t *)data, *size / 2); + std::wregex pattern(L"-{2,}"); + str = std::regex_replace(str, pattern, L""); + str = std::regex_replace(str, std::wregex(L"\\[(.*?)\\]<(.*?)>"), L"$1"); + return write_string_overwrite(data, size, str); + } + bool lightvnparsestring() + { + BYTE sig[] = { + 0x4c, 0x8b, 0x47, 0x10, + 0x48, 0x83, 0x7f, 0x18, 0x08, + 0x72, 0x03, + 0x48, 0x8b, 0x3f, + 0x48, 0x8b, 0xd7, + 0x48, 0x8b, 0xcb, + 0xe8}; + auto addr = MemDbg::findBytes(sig, sizeof(sig), processStartAddress, processStopAddress); + if (addr == 0) + return 0; + addr = MemDbg::findEnclosingAlignedFunction_strict(addr); + if (addr == 0) + return 0; + HookParam hp; + hp.address = addr; + hp.type = CODEC_UTF16 | USING_STRING | NO_CONTEXT; + // 包含太多短句,所以无法内嵌 + hp.text_fun = [](hook_stack *stack, HookParam *hp, TextBuffer *buffer, uintptr_t *split) + { + auto tu = (TextUnionW *)stack->rdx; + auto str = std::wstring_view(tu->getText(), tu->size); + if (startWith(str, L"\\n") && endWith(str, L"\\n")) + { + *split = 1; + } + buffer->from(str); + }; + hp.filter_fun = commonfilter; + hp.newlineseperator = L"\\n"; + return NewHook(hp, "Light.VN.16"); + } + + bool xreflightvnparsestring() + { + // ver16 是上面的xref + // ver12 找不到上面的函数 + auto checkstrings = { + L"backlog voice already exists at line: {}", + L"attempting to log to backlog when backlog showing"}; //. likely you faded it out."}; + auto succ = false; + for (auto str : checkstrings) + { + auto straddr = MemDbg::findBytes(str, wcslen(str) * 2, processStartAddress, processStopAddress); + if (straddr == 0) + continue; + // 140CADC30 + // 48 8D 0D C5 94 AB 00 + // 1401F4764 + BYTE lea[] = {0x48, 0x8d, XX}; + for (auto leaaddr : Util::SearchMemory(lea, sizeof(lea), PAGE_EXECUTE, processStartAddress, processStopAddress)) + { + auto refaddr = (*(DWORD *)(leaaddr + 3)) + leaaddr + 7; + if (refaddr != straddr) + continue; + auto funcaddr = MemDbg::findEnclosingAlignedFunction_strict(leaaddr, 0x2000); + if (funcaddr == 0) + continue; + HookParam hp; + hp.address = funcaddr; + hp.type = CODEC_UTF16 | USING_STRING | NO_CONTEXT; + hp.text_fun = [](hook_stack *stack, HookParam *hp, TextBuffer *buffer, uintptr_t *split) + { + // wstring=TextUnionW for msvc c++17 + auto tu=(TextUnionW *)stack->rdx; + buffer->from(std::wstring_view(tu->getText(), tu->size)); + }; + hp.filter_fun = commonfilter; + succ |= NewHook(hp, "Light.VN.12"); + } + } + return succ; + } +} +bool LightVN::attach_function() +{ + bool ok = _1(); + ok |= lightvnparsestring(); + ok |= xreflightvnparsestring(); + return ok || _2(); +} \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine64/LightVN.h b/cpp/LunaHook/LunaHook/engine64/LightVN.h new file mode 100644 index 00000000..2a9b9913 --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine64/LightVN.h @@ -0,0 +1,19 @@ + + +class LightVN : public ENGINE +{ +public: + LightVN() + { + + check_by = CHECK_BY::CUSTOM; + is_engine_certain = false; + check_by_target = []() + { + auto s = check_by_list{L"Data/Scripts/title.txt", L"Data/data*.vndat", L"Scripts/000_title.txt"}; + auto s2 = check_by_list{L"LightTests.exe", L"BugTrap.dll", L"libGLESv2.dll", L"libEGL.dll"}; + return std::any_of(s.begin(), s.end(), Util::CheckFile) || std::all_of(s2.begin(), s2.end(), Util::CheckFile); + }; + }; + bool attach_function(); +}; diff --git a/cpp/LunaHook/LunaHook/engine64/MKXPZ.cpp b/cpp/LunaHook/LunaHook/engine64/MKXPZ.cpp new file mode 100644 index 00000000..4fad1ffb --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine64/MKXPZ.cpp @@ -0,0 +1,35 @@ +#include "MKXPZ.h" + +bool MKXPZ::attach_function() +{ + auto hmod = GetModuleHandle(L"x64-msvcrt-ruby310.dll"); + if (!hmod) + return false; + + auto onigenc_get_right_adjust_char_head_with_prev = GetProcAddress(hmod, "onigenc_get_right_adjust_char_head_with_prev"); + auto onigenc_get_prev_char_head = GetProcAddress(hmod, "onigenc_get_prev_char_head"); + bool succ = false; + HookParam hp; + hp.type = CODEC_UTF8 | USING_STRING | FULL_STRING; + hp.offset = get_reg(regs::rdx); + hp.filter_fun = [](void *data, size_t *size, HookParam *) + { + auto s = std::string((char *)data, *size); + if (startWith(s, "Characters/")) + return false; + if (startWith(s, "Pictures/")) + return false; + if (startWith(s, "Graphics/")) + return false; + s = std::regex_replace(s, std::regex("<.*?>"), ""); + s = std::regex_replace(s, std::regex(R"(\\tg\[(.*?)\])"), "$1\n"); // 人名 + s = std::regex_replace(s, std::regex(R"(\\\w+\[\d+\])"), ""); + strReplace(s, "\\|", ""); + return write_string_overwrite((char *)data, size, s); + }; + hp.address = (uintptr_t)onigenc_get_right_adjust_char_head_with_prev; // 这个比较纯粹,但有时候会缺 + succ |= NewHook(hp, "MKXPZ"); + hp.address = (uintptr_t)onigenc_get_prev_char_head; + succ |= NewHook(hp, "MKXPZ"); + return succ; +} \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine64/MKXPZ.h b/cpp/LunaHook/LunaHook/engine64/MKXPZ.h new file mode 100644 index 00000000..51aec1e4 --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine64/MKXPZ.h @@ -0,0 +1,37 @@ +/* +FILEVERSION 2,4,2,0 +PRODUCTVERSION 2,4,2,0 +FILEFLAGSMASK 0x0 +FILEFLAGS 0x0 +FILEOS VOS_UNKNOWN +FILETYPE VFT_UNKNOWN +FILESUBTYPE 0x0 +{ + BLOCK "StringFileInfo" + { + BLOCK "040904b0" + { + VALUE "FileVersion", "2.4.2" + VALUE "OriginalFilename", "mkxp-z.exe" + VALUE "ProductName", "mkxp-z" + VALUE "ProductVersion", "2.4.2" + } + } + BLOCK "VarFileInfo" + { + VALUE "Translation", 0x409, 1200 + } +} + +*/ + +class MKXPZ : public ENGINE +{ +public: + MKXPZ() + { + check_by = CHECK_BY::RESOURCE_STR; + check_by_target = L"mkxp-z"; + }; + bool attach_function(); +}; \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine64/PPSSPP.cpp b/cpp/LunaHook/LunaHook/engine64/PPSSPP.cpp new file mode 100644 index 00000000..d88eebf8 --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine64/PPSSPP.cpp @@ -0,0 +1,7 @@ +#include "PPSSPP.h" +#include "ppsspp/psputils.hpp" + +bool PPSSPPengine::attach_function() +{ + return InsertPPSSPPcommonhooks(); +} diff --git a/cpp/LunaHook/LunaHook/engine64/PPSSPP.h b/cpp/LunaHook/LunaHook/engine64/PPSSPP.h new file mode 100644 index 00000000..22a23583 --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine64/PPSSPP.h @@ -0,0 +1,14 @@ + + +class PPSSPPengine : public ENGINE +{ +public: + PPSSPPengine() + { + + check_by = CHECK_BY::FILE; + is_engine_certain = false; + check_by_target = L"PPSSPP*.exe"; + }; + bool attach_function(); +}; diff --git a/cpp/LunaHook/LunaHook/engine64/Ryujinx.cpp b/cpp/LunaHook/LunaHook/engine64/Ryujinx.cpp new file mode 100644 index 00000000..91036176 --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine64/Ryujinx.cpp @@ -0,0 +1,85 @@ +#include "Ryujinx.h" + +namespace +{ + /* + const char* CEEInfo::getMethodNameFromMetadata(CORINFO_METHOD_HANDLE ftnHnd, + const char** className, + const char** namespaceName, + const char** enclosingClassNames, + size_t maxEnclosingClassNames) + */ + /* + CorJitResult CILJit::compileMethod(ICorJitInfo* compHnd, + CORINFO_METHOD_INFO* methodInfo, + unsigned flags, + uint8_t** entryAddress, + uint32_t* nativeSizeOfCode) + */ + /* + CorJitResult invokeCompileMethodHelper(EEJitManager *jitMgr, + CEEInfo *comp, + struct CORINFO_METHOD_INFO *info, + CORJIT_FLAGS jitFlags, + BYTE **nativeEntry, + uint32_t *nativeSizeOfCode) + */ + struct CEEInfo; + struct CORINFO_METHOD_HANDLE; + struct CORINFO_METHOD_INFO + { + CORINFO_METHOD_HANDLE *ftn; + // CORINFO_MODULE_HANDLE scope; + // uint8_t *ILCode; + // unsigned ILCodeSize; + // unsigned maxStack; + // unsigned EHcount; + // CorInfoOptions options; + // CorInfoRegionKind regionKind; + // CORINFO_SIG_INFO args; + // CORINFO_SIG_INFO locals; + }; + const char *(*getMethodNameFromMetadata)(CEEInfo *, CORINFO_METHOD_HANDLE *, const char **, const char **, const char **) = 0; + +} +bool Ryujinx::attach_function() +{ + WarningOutput("not support ryuujinx, please use yuzu/sudachi instead."); + return true; + auto invokeCompileMethodHelper = processStartAddress + 0x84CC0; + getMethodNameFromMetadata = (decltype(getMethodNameFromMetadata))(processStartAddress + 0x7AED0); + HookParam hp; + hp.address = invokeCompileMethodHelper; + hp.text_fun = [](hook_stack *stack, HookParam *hp, TextBuffer *buffer, uintptr_t *split) + { + auto methodInfo = (CORINFO_METHOD_INFO *)stack->r8; + + const char *className; + const char *namespaceName; + const char *enclosingClassName; + auto methodname = getMethodNameFromMetadata((CEEInfo *)stack->rdx, methodInfo->ftn, &className, &namespaceName, &enclosingClassName); + if (!methodname) + return; + if (strcmp(methodname, "RegisterFunction") != 0) + return; + + ConsoleOutput("%s %s %s %s", className, namespaceName, enclosingClassName, methodname); + HookParam hpinternal; + hpinternal.user_value = stack->stack[5]; // entryAddress->RegisterFunction + hpinternal.address = stack->retaddr; + hpinternal.text_fun = [](hook_stack *stack, HookParam *hp, TextBuffer *buffer, uintptr_t *split) + { + HookParam hp_cs_function; + hp_cs_function.address = *(uintptr_t *)hp->user_value; + hp_cs_function.text_fun = [](hook_stack *stack, HookParam *hp, TextBuffer *buffer, uintptr_t *split) + { + ConsoleOutput("%p %p %p %p %p %p", stack->rcx, stack->rdx, stack->r8, stack->r9, stack->r10, stack->r11); + }; + NewHook(hp_cs_function, "RegisterFunction"); + + hp->type = HOOK_EMPTY; + }; + NewHook(hpinternal, "invokeCompileMethodHelper Return"); + }; + return NewHook(hp, "invokeCompileMethodHelper"); +} \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine64/Ryujinx.h b/cpp/LunaHook/LunaHook/engine64/Ryujinx.h new file mode 100644 index 00000000..46cbad80 --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine64/Ryujinx.h @@ -0,0 +1,18 @@ + + +class Ryujinx : public ENGINE +{ +public: + Ryujinx() + { + + check_by = CHECK_BY::FILE; + is_engine_certain = false; + check_by = CHECK_BY::CUSTOM; + check_by_target = []() + { + return wcscmp(processName_lower, L"ryujinx.exe") == 0; + }; + }; + bool attach_function(); +}; diff --git a/cpp/LunaHook/LunaHook/engine64/Suika2.cpp b/cpp/LunaHook/LunaHook/engine64/Suika2.cpp new file mode 100644 index 00000000..f7ea54ff --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine64/Suika2.cpp @@ -0,0 +1,21 @@ +#include "Suika2.h" + +bool Suika2_msvcrt() +{ + auto msvcrt = GetModuleHandle(L"msvcrt.dll"); + if (msvcrt == 0) + return 0; + auto _strdup = GetProcAddress(msvcrt, "_strdup"); + if (_strdup == 0) + return 0; + HookParam hp; + hp.address = (uintptr_t)_strdup; + hp.type = USING_STRING | CODEC_UTF8; + hp.offset = get_reg(regs::rcx); + return NewHook(hp, "Suika2_msvcrt"); +} +bool Suika2::attach_function() +{ + auto _1 = Suika2_msvcrt(); + return _1; +} \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine64/Suika2.h b/cpp/LunaHook/LunaHook/engine64/Suika2.h new file mode 100644 index 00000000..3cc5a38f --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine64/Suika2.h @@ -0,0 +1,13 @@ + + +class Suika2 : public ENGINE +{ +public: + Suika2() + { + is_engine_certain = false; + check_by = CHECK_BY::FILE_ANY; + check_by_target = check_by_list{L"suika.exe", L"conf/config.txt"}; + }; + bool attach_function(); +}; \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine64/TYPEMOON.cpp b/cpp/LunaHook/LunaHook/engine64/TYPEMOON.cpp new file mode 100644 index 00000000..b21fb4eb --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine64/TYPEMOON.cpp @@ -0,0 +1,29 @@ +#include "TYPEMOON.h" +namespace +{ + bool _h() + { + // TYPE-MOON 魔法使いの夜 多国語版 中文-英文-日文 + BYTE bytes[] = { + 0xBA, 0x08, 0xFF, 0x00, 0x00, + 0x41, 0xB8, 0x1C, 0x20, 0x00, 0x00, + 0x66, 0x90}; + auto addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStopAddress); + ConsoleOutput("%p", addr); + if (addr == 0) + return false; + addr = MemDbg::findEnclosingAlignedFunction(addr); + ConsoleOutput("%p", addr); + if (addr == 0) + return false; + HookParam hp; + hp.address = addr; + hp.type = CODEC_UTF16 | USING_STRING | EMBED_ABLE | EMBED_AFTER_NEW ; + hp.offset = get_reg(regs::r8); + return NewHook(hp, "typemoon"); + } +} +bool TYPEMOON::attach_function() +{ + return _h(); +} diff --git a/cpp/LunaHook/LunaHook/engine64/TYPEMOON.h b/cpp/LunaHook/LunaHook/engine64/TYPEMOON.h new file mode 100644 index 00000000..244b1f68 --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine64/TYPEMOON.h @@ -0,0 +1,14 @@ + + +class TYPEMOON : public ENGINE +{ +public: + TYPEMOON() + { + + check_by = CHECK_BY::FILE; + is_engine_certain = false; + check_by_target = L"data*.hfa"; + }; + bool attach_function(); +}; diff --git a/cpp/LunaHook/LunaHook/engine64/UnrealEngine.cpp b/cpp/LunaHook/LunaHook/engine64/UnrealEngine.cpp new file mode 100644 index 00000000..a8a2d605 --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine64/UnrealEngine.cpp @@ -0,0 +1,42 @@ +#include "UnrealEngine.h" + +bool ENTERGRAMfilter(void *data, size_t *size, HookParam *hp) +{ + + auto text = reinterpret_cast(data); + std::wstring str = std::wstring(text, *size / 2); + std::wregex reg1(L"\\|(.*?)\x300a(.*?)\x300b"); + std::wstring result1 = std::regex_replace(str, reg1, L"$1"); + std::wregex reg2(L"\x3000|\n"); + std::wstring result2 = std::regex_replace(result1, reg2, L""); + write_string_overwrite(text, size, result2); + return true; +}; +bool InsertENTERGRAM() +{ + // https://vndb.org/v40521 + //[240125][1208048][エンターグラム] すだまリレイシヨン パッケージ版 (mdf+mds) + + const BYTE BYTES[] = { + 0x48, 0x8B, 0x43, 0x38, + 0x48, 0x8D, 0x7C, 0x24, 0x30, + 0x48, 0x8B, 0x74, 0x24, 0x20, + 0x48, 0x85, 0xC0, + 0x48, 0x8B, 0xCD, + 0x48, 0x89, 0x6C, 0x24, 0x40, + 0x48, 0x0F, 0x45, 0xF8}; + auto addr = MemDbg::findBytes(BYTES, sizeof(BYTES), processStartAddress, processStopAddress); + if (addr == 0) + return false; + HookParam hp; + hp.address = addr + 14; + hp.type = USING_STRING | CODEC_UTF16 | NO_CONTEXT; + hp.filter_fun = ENTERGRAMfilter; + hp.offset = get_reg(regs::rsi); + hp.newlineseperator = L"\\n"; + return NewHook(hp, "UnrealEngine"); +} +bool UnrealEngine::attach_function() +{ + return InsertENTERGRAM(); +} diff --git a/cpp/LunaHook/LunaHook/engine64/UnrealEngine.h b/cpp/LunaHook/LunaHook/engine64/UnrealEngine.h new file mode 100644 index 00000000..47083113 --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine64/UnrealEngine.h @@ -0,0 +1,19 @@ + + +class UnrealEngine : public ENGINE +{ +public: + UnrealEngine() + { + + check_by = CHECK_BY::CUSTOM; + is_engine_certain = false; + check_by_target = []() + { + // Copyright Epic Games, Inc. All Rights Reserved. + //++UE4+Release-4.27-CL-0 + return Util::SearchResourceString(L"Copyright Epic Games") || Util::SearchResourceString(L"UnrealEngine") || GetProcAddress(GetModuleHandleA(0), "agsCheckDriverVersion"); + }; + }; + bool attach_function(); +}; diff --git a/cpp/LunaHook/LunaHook/engine64/V8.cpp b/cpp/LunaHook/LunaHook/engine64/V8.cpp new file mode 100644 index 00000000..912d2f9f --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine64/V8.cpp @@ -0,0 +1,215 @@ +#include "V8.h" +#include "v8/v8.h" +#if 0 +// Artikash 6/23/2019: V8 (JavaScript runtime) has rcx = string** at v8::String::Write +// sample game https://www.freem.ne.jp/dl/win/18963 +bool InsertV8Hook(HMODULE module) +{ + uint64_t addr1 = (uint64_t)GetProcAddress(module, "?Write@String@v8@@QEBAHPEAGHHH@Z"), + // Artikash 6/7/2021: Add new hook for new version of V8 used by RPG Maker MZ + addr2 = (uint64_t)GetProcAddress(module, "??$WriteToFlat@G@String@internal@v8@@SAXV012@PEAGHH@Z"); + + if (addr1 || addr2) + { + std::tie(spDefault.minAddress, spDefault.maxAddress) = Util::QueryModuleLimits(module); + spDefault.maxRecords = Util::SearchMemory(spDefault.pattern, spDefault.length, PAGE_EXECUTE, spDefault.minAddress, spDefault.maxAddress).size() * 20; + ConsoleOutput("JavaScript hook is known to be low quality: try searching for hooks if you don't like it"); + } + auto succ=false; + if (addr1) + { + HookParam hp; + hp.type = USING_STRING | CODEC_UTF16; + hp.address = addr1; + hp.text_fun = [](hook_stack* stack, HookParam *hp, uintptr_t* data, uintptr_t* split, size_t* count) + { + *data=(*(uintptr_t*)(stack->rcx))+23; + int len = *(int*)(*data - 4); + if(wcslen((wchar_t*)*data)*2rcx)+11; + int len = *(int*)(*data - 4); + if(wcslen((wchar_t*)*data)*2 hookw(HMODULE module){ + const BYTE BYTES[] = { + 0x81,XX,0x00,0xf8,0x00,0x00 + }; + std::vectorsave; + auto addrs = Util::SearchMemory(BYTES, sizeof(BYTES), PAGE_EXECUTE, processStartAddress, processStopAddress); + for(auto addr:addrs){ + auto addrsave=addr; + BYTE sig1[]={0x81,XX,0x00,0xD8,0x00,0x00}; + BYTE sig2[]={0x81,XX,0x00,0xFC,0x00,0x00}; + BYTE sig3[]={0x81,XX,0x00,0xDC,0x00,0x00}; + BYTE sig4[]={XX,0x00,0x24,0xA0,0xFC}; + + addr=forwardsearch(sig1,sizeof(sig1),addr,0x20); + if(addr==0)continue; + + addr=forwardsearch(sig2,sizeof(sig2),addr,0x100); + if(addr==0)continue; + + addr=forwardsearch(sig3,sizeof(sig3),addr,0x20); + if(addr==0)continue; + + addr=forwardsearch(sig4,sizeof(sig4),addr,0x20); + if(addr==0)continue; + auto off=andregimm((BYTE*)addrsave); + if(off==regs::invalid)continue; + HookParam hp; + hp.address = (uint64_t)addrsave ; + hp.type = CODEC_UTF16|NO_CONTEXT ; + hp.offset =get_reg(off); + save.push_back(hp); + + } + return save; + } +#if 0 + std::vector v8hook1(HMODULE module) { + + const BYTE BYTES[] = { + 0x81,0xE1,0x00,0xF8,0x00,0x00, + 0x41,0xBE,0x01,0x00,0x00,0x00, + 0x81,0xF9,0x00,0xD8,0x00,0x00 + }; + auto addrs = Util::SearchMemory(BYTES, sizeof(BYTES), PAGE_EXECUTE, processStartAddress, processStopAddress); + if (addrs.size() != 1)return {}; + auto addr = (uint64_t)addrs[0]; + const BYTE start[] = { + 0xCC + }; + const BYTE start2[] = { + 0x41,0x57,0x41,0x56,0x41,0x55,0x41,0x54 + }; + addr=reverseFindBytes(start, sizeof(start), addr - 0x1000, addr); + if (addr == 0)return {}; + addr += 1; + addrs = findxref_reverse(addr, addr - 0x10000, addr + 0x10000); + if (addrs.size() != 1)return {}; + addr = addrs[0]; + + addr = reverseFindBytes(start2, sizeof(start2), addr - 0x1000, addr); + if (addr == 0)return {}; + addrs = findxref_reverse(addr, addr - 0x10000, addr + 0x10000); + std::vector save; + for (auto addr : addrs) { + addr = reverseFindBytes(start2, sizeof(start2), addr - 0x1000, addr); + if (addr == 0)continue; + HookParam hp; + hp.address = (uint64_t)addr; + hp.type = USING_STRING | CODEC_UTF16 | DATA_INDIRECT; + hp.offset=get_reg(regs::rcx); + hp.padding = 0xC; + hp.index = 0; + + save.push_back(hp); + } + return save; + } +#endif + bool innerHTML(HMODULE module) { + //花葬 + //result = sub_142DF3CA0(a2, v5, 1u, (__int64)"innerHTML", a3); + //r10当全为ascii是普通string,否则为wchar_t + //a3是一个callback,并不是字符串。 + char innerHTML[]="innerHTML"; + auto addr = MemDbg::findBytes(innerHTML, sizeof(innerHTML), processStartAddress, processStopAddress); + ConsoleOutput("%x",addr); + if(addr==0)return false; + bool ok=false; + for(auto _addr=processStartAddress+4;_addrr10; + if(strlen((char*) text)>1){ + hp->type=USING_STRING|CODEC_UTF8|NO_CONTEXT; + *split=0x1; + *len=strrchr((char*)text,'>')+1-(char*)text; + } + else{ + hp->type=USING_STRING|CODEC_UTF16|NO_CONTEXT; + *split=0x10; + *len=wcsrchr((wchar_t*)text,L'>')+1-(wchar_t*)text; + *len*=2; + } + }; + ok|=NewHook(hp,"innerHTML"); + } + } + } + } + return ok; + } + bool addhooks(HMODULE module){ + if (GetProcAddress(module, "?Write@String@v8@@QEBAHPEAVIsolate@2@PEAGHHH@Z") == 0)return false; + bool success=false; + for(auto h:hookw(module)){ + success|=NewHook(h,"electronW"); + } + return innerHTML(module)|| success; + } +} + +#endif +bool V8::attach_function_() +{ + + return tryhookv8(); +} diff --git a/cpp/LunaHook/LunaHook/engine64/V8.h b/cpp/LunaHook/LunaHook/engine64/V8.h new file mode 100644 index 00000000..e357f9d9 --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine64/V8.h @@ -0,0 +1,14 @@ + + +class V8 : public ENGINE +{ +public: + V8() + { + check_by = CHECK_BY::CUSTOM; + check_by_target = [this]() + { return attach_function_(); }; + }; + bool attach_function_(); + bool attach_function() { return true; } +}; diff --git a/cpp/LunaHook/LunaHook/engine64/YOX.cpp b/cpp/LunaHook/LunaHook/engine64/YOX.cpp new file mode 100644 index 00000000..df72667f --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine64/YOX.cpp @@ -0,0 +1,22 @@ +#include "YOX.h" +bool YOX::attach_function() +{ + const BYTE BYTES[] = { + 0x48, 0x8B, 0x0F, + 0x48, 0x8d, 0x54, 0x24, 0x50}; + auto addrs = Util::SearchMemory(BYTES, sizeof(BYTES), PAGE_EXECUTE_READ, processStartAddress, processStopAddress); + ConsoleOutput("%p %p", processStartAddress, processStopAddress); + for (auto addr : addrs) + { + if (addr == 0) + continue; + HookParam hp; + hp.address = addr; + hp.type = USING_STRING; + hp.offset = get_stack(26); + ConsoleOutput("yox64 %p", addr); + return NewHook(hp, "yox64"); + } + ConsoleOutput("yox64 failed"); + return false; +} \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine64/YOX.h b/cpp/LunaHook/LunaHook/engine64/YOX.h new file mode 100644 index 00000000..55a3782c --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine64/YOX.h @@ -0,0 +1,14 @@ + + +class YOX : public ENGINE +{ +public: + YOX() + { + + check_by = CHECK_BY::FILE; + is_engine_certain = false; + check_by_target = L"base/*.dat"; + }; + bool attach_function(); +}; diff --git a/cpp/LunaHook/LunaHook/engine64/livecaptions.cpp b/cpp/LunaHook/LunaHook/engine64/livecaptions.cpp new file mode 100644 index 00000000..568a5fb6 --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine64/livecaptions.cpp @@ -0,0 +1,39 @@ +#include "livecaptions.h" + +bool livecaptions::attach_function() +{ + auto srdll = GetModuleHandle(L"Microsoft.CognitiveServices.Speech.extension.embedded.sr.dll"); + if (!srdll) + return false; + auto [s, e] = Util::QueryModuleLimits(srdll); + bool succ = false; + // std::_Char_traits::copy(void *, const void *, size_t) + // std::_Char_traits::move(void *, const void *, size_t) + BYTE sig[] = { + 0x40, 0x53, // push rbx + 0x48, 0x83, 0xec, 0x20, // sub rsp,0x20 + 0x48, 0x8b, 0xd9, // mov rbx,rcx + 0xe8, XX4, // call memmove_0 ,新版本改成call memcpy_0了 + 0x48, 0x8b, 0xc3, // mov rax,rbx + 0x48, 0x83, 0xc4, 0x20, // add rsp,0x20 + 0x5b, // pop rbx + 0xc3 // ret + }; + for (auto addr : Util::SearchMemory(sig, sizeof(sig), PAGE_EXECUTE, s, e)) + { + auto target = addr + 2 + 4 + 3 + 5 + *(int *)(addr + 2 + 4 + 3 + 1); + if (*(WORD *)target != 0x25ff) + continue; + HookParam hp; + hp.address = addr; + hp.type = USING_STRING | CODEC_UTF8 | FULL_STRING; + hp.text_fun = [](hook_stack *stack, HookParam *hp, TextBuffer *buffer, uintptr_t *split) + { + auto ptr = stack->rdx; + auto size = stack->r8; + buffer->from(ptr, size); + }; + succ |= NewHook(hp, "LiveCaptions"); + } + return succ; +} \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine64/livecaptions.h b/cpp/LunaHook/LunaHook/engine64/livecaptions.h new file mode 100644 index 00000000..4a3f461c --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine64/livecaptions.h @@ -0,0 +1,16 @@ + + +class livecaptions : public ENGINE +{ +public: + livecaptions() + { + + check_by = CHECK_BY::CUSTOM; + check_by_target = []() + { + return GetModuleHandle(L"vcruntime140_app.dll") && GetModuleHandle(L"Microsoft.CognitiveServices.Speech.extension.embedded.sr.dll"); + }; + }; + bool attach_function(); +}; diff --git a/cpp/LunaHook/LunaHook/engine64/lucasystem.cpp b/cpp/LunaHook/LunaHook/engine64/lucasystem.cpp new file mode 100644 index 00000000..47fecf7b --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine64/lucasystem.cpp @@ -0,0 +1,55 @@ +#include "lucasystem.h" + +bool IG64filter(void *data, size_t *size, HookParam *) +{ + + auto text = reinterpret_cast(data); + std::wstring str = std::wstring(text, *size / 2); + std::wregex reg1(L"\\$\\[(.*?)\\$/(.*?)\\$\\]"); + std::wstring result1 = std::regex_replace(str, reg1, L"$1"); + + std::wregex reg2(L"@[^@]*@"); + std::wstring result2 = std::regex_replace(result1, reg2, L""); + write_string_overwrite(text, size, result2); + return true; +}; +bool InsertIG64Hook2() +{ + const BYTE BYTES[] = { + 0xBA, 0x3F, 0xFF, 0x00, 0x00, + XX, 0x8B, XX, + 0xE8, XX2, 0x00, 0x00}; + bool ok = false; + auto addrs = Util::SearchMemory(BYTES, sizeof(BYTES), PAGE_EXECUTE, processStartAddress, processStopAddress); + std::set collect; + for (auto addr : addrs) + { + ConsoleOutput("%p", addr); + const BYTE aligned[] = {0xCC, 0xCC}; + auto addr1 = reverseFindBytes(aligned, sizeof(aligned), addr - 0x10000, addr); + //[240830][1150510][Key] LUNARiA -Virtualized Moonchild- 多国語版 Chinese-English-Japanese DL版 (files) + const BYTE sig2[] = {0x48, 0x89, XX, XX, XX, 0x55, 0x56, 0x57, 0x41, 0x54, 0x41, 0x55, 0x41, 0x56, 0x41, 0x57}; + auto addr2 = reverseFindBytes(sig2, sizeof(sig2), addr - 0x10000, addr); + ConsoleOutput("%p %p", addr1, addr2); + addr = max(addr1, addr2); + if (addr == 0) + continue; + if (addr == addr1) + addr += 2; + collect.insert(addr); + } + for (auto addr : collect) + { + HookParam hp; + hp.address = addr; + hp.type = CODEC_UTF16 | USING_STRING | EMBED_ABLE | EMBED_AFTER_NEW; // 可以内嵌英文 + hp.filter_fun = IG64filter; + hp.offset = get_reg(regs::rdx); // rdx + ok |= NewHook(hp, "IG642"); + } + return ok; +} +bool lucasystem::attach_function() +{ + return InsertIG64Hook2(); +} diff --git a/cpp/LunaHook/LunaHook/engine64/lucasystem.h b/cpp/LunaHook/LunaHook/engine64/lucasystem.h new file mode 100644 index 00000000..7d0ff4aa --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine64/lucasystem.h @@ -0,0 +1,14 @@ + + +class lucasystem : public ENGINE +{ +public: + lucasystem() + { + + check_by = CHECK_BY::FILE; + is_engine_certain = false; + check_by_target = L"files/*.PAK"; + }; + bool attach_function(); +}; diff --git a/cpp/LunaHook/LunaHook/engine64/mono.cpp b/cpp/LunaHook/LunaHook/engine64/mono.cpp new file mode 100644 index 00000000..f607687d --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine64/mono.cpp @@ -0,0 +1,89 @@ +#include "mono.h" +#include "mono/monocommon.hpp" + +namespace +{ + bool monobdwgc() + { + + HMODULE module = GetModuleHandleW(L"mono-2.0-bdwgc.dll"); + if (module == 0) + return false; + auto [minAddress, maxAddress] = Util::QueryModuleLimits(module); + BYTE bytes[] = { + 0x81, 0xF9, 0x80, 0x00, 0x00, 0x00, + 0x73, 0x05, + 0x49, 0x8B, 0xCC + /* + _BYTE *__fastcall sub_18005B290( + _WORD *a1, + int a2, + __int64 a3, + _DWORD *a4, + __int64 (__fastcall *a5)(__int64, __int64), + __int64 a6, + __int64 a7) + + if ( (_DWORD)v26 ) + { + if ( (unsigned int)v26 >= 0x80 ) + { + if ( (unsigned int)v26 >= 0x800 ) + { + if ( (unsigned int)v26 >= 0x10000 ) + { + if ( (unsigned int)v26 >= 0x200000 ) + { + if ( (unsigned int)v26 >= 0x4000000 ) + { + v17 = 6i64; + if ( (unsigned int)v26 >= 0x80000000 ) + */ + }; + auto addrs = Util::SearchMemory(bytes, sizeof(bytes), PAGE_EXECUTE, minAddress, maxAddress); + auto suc = false; + for (auto addr : addrs) + { + const BYTE align[] = {0xCC, 0xCC, 0xCC, 0xCC}; + addr = reverseFindBytes(align, sizeof(align), addr - 0x100, addr); + if (addr == 0) + continue; + + ConsoleOutput("monobdwgcdll %p", addr); + HookParam hp; + hp.address = addr + 4; + hp.offset = get_reg(regs::rcx); + hp.type = CODEC_UTF16 | USING_STRING; + hp.text_fun = [](hook_stack *stack, HookParam *hp, TextBuffer *buffer, uintptr_t *split) + { + auto str = std::wstring_view((LPWSTR)stack->rcx); + *split = str.find(L"OnShowComplete") != str.npos; + buffer->from(str); + }; + hp.filter_fun = [](void *data, size_t *len, HookParam *hp) + { + std::wstring str = std::wstring((LPWSTR)data, *len / 2); + if (str.find(L"OnShowComplete") != str.npos) + { + str = std::regex_replace(str, std::wregex(L"\n"), L""); + std::wregex reg1(L"\\((.*?)\\)"); + std::wsmatch match; + std::regex_search(str, match, reg1); + auto result1 = match[1].str(); + + std::regex_search(str, match, std::wregex(L" Text:(.*?)Next:(.*?)")); + result1 = match[1].str(); + write_string_overwrite(data, len, result1); + } + return true; + }; + suc |= NewHook(hp, "monobdwgcdll"); + } + return suc; + } +} +bool mono::attach_function() +{ + bool common = monocommon::hook_mono_il2cpp(); + return common; +} \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine64/mono.h b/cpp/LunaHook/LunaHook/engine64/mono.h new file mode 100644 index 00000000..333f835e --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine64/mono.h @@ -0,0 +1,12 @@ + + +class mono : public ENGINE +{ +public: + mono() + { + + check_by = CHECK_BY::ALL_TRUE; + }; + bool attach_function(); +}; diff --git a/cpp/LunaHook/LunaHook/engine64/pchooks.cpp b/cpp/LunaHook/LunaHook/engine64/pchooks.cpp new file mode 100644 index 00000000..55887372 --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine64/pchooks.cpp @@ -0,0 +1,16 @@ +#include "pchooks.h" + +bool pchooks::attach_function() +{ + for (std::wstring DXVersion : {L"d3dx9", L"d3dx10"}) + if (HMODULE module = GetModuleHandleW(DXVersion.c_str())) + PcHooks::hookD3DXFunctions(module); + else + for (int i = 0; i < 50; ++i) + if (HMODULE module = GetModuleHandleW((DXVersion + L"_" + std::to_wstring(i)).c_str())) + PcHooks::hookD3DXFunctions(module); + + PcHooks::hookGDIFunctions(); + PcHooks::hookGDIPlusFunctions(); + return true; +} \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine64/pchooks.h b/cpp/LunaHook/LunaHook/engine64/pchooks.h new file mode 100644 index 00000000..8fe116e1 --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine64/pchooks.h @@ -0,0 +1,13 @@ + + +class pchooks : public ENGINE +{ +public: + pchooks() + { + + check_by = CHECK_BY::ALL_TRUE; + dontstop = true; + }; + bool attach_function(); +}; diff --git a/cpp/LunaHook/LunaHook/engine64/rpcs3.cpp b/cpp/LunaHook/LunaHook/engine64/rpcs3.cpp new file mode 100644 index 00000000..e4c6fdd0 --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine64/rpcs3.cpp @@ -0,0 +1,286 @@ +#include "rpcs3.h" +namespace +{ +#if 0 // only support0.0.20-0.0.27 + int emoffset; + int jitoffset; + uintptr_t getDoJitAddress_() { + auto installFunctionPatt1 = "0F8? ???????? 488D?? ?00?0000 E8 ???????? 4?83C? 68"; // MSVC + auto DoJitMatch = find_pattern(installFunctionPatt1,processStartAddress,processStopAddress); + if(DoJitMatch)return DoJitMatch; + + auto installFunctionPatt2 = "660F 1F440000 488D?? ?00?0000 E8 ???????? 4?83C? 68"; // patched + DoJitMatch = find_pattern(installFunctionPatt2,processStartAddress,processStopAddress); + if(DoJitMatch)return DoJitMatch; + return 0; + } + uintptr_t getDoJitAddress() { + auto DoJitPtr=getDoJitAddress_(); + + ConsoleOutput("DoJitPtr %p",DoJitPtr); + if(!DoJitPtr)return 0; + //<--DoJitPtr + //0f85 1b050000 // jbe 0x00 ; long jump + //48 8d 8d 40020000 // lea r?x, ss:[rbp+0x1?0] + //e8 cc39acff //call + //48 83 c3 68 // add r?x, 0x68 + auto checkaddr=DoJitPtr+0x6+7+5; + switch (*(BYTE*)checkaddr) + { + case 0x48:{ + switch(*(BYTE*)(checkaddr+2)){ + case 0xc0:emoffset=get_reg(regs::rax);break; + case 0xc3:emoffset=get_reg(regs::rbx);break; + case 0xc1:emoffset=get_reg(regs::rcx);break; + case 0xc2:emoffset=get_reg(regs::rdx);break; + case 0xc4:emoffset=get_reg(regs::rsp);break; + case 0xc5:emoffset=get_reg(regs::rbp);break; + case 0xc6:emoffset=get_reg(regs::rsi);break; + case 0xc7:emoffset=get_reg(regs::rdi);break; + default:emoffset=0; + } + } + break; + case 0x49:{ + switch(*(BYTE*)(checkaddr+2)){ + case 0xc0:emoffset=get_reg(regs::r8);break; + case 0xc1:emoffset=get_reg(regs::r9);break; + case 0xc2:emoffset=get_reg(regs::r10);break; + case 0xc3:emoffset=get_reg(regs::r11);break; + case 0xc4:emoffset=get_reg(regs::r12);break; + case 0xc5:emoffset=get_reg(regs::r13);break; + case 0xc6:emoffset=get_reg(regs::r14);break; + case 0xc7:emoffset=get_reg(regs::r15);break; + default:emoffset=0; + } + } + break; + default:emoffset=0; + } + ConsoleOutput("emoffset %d",emoffset); + if(emoffset==0)return 0; + + auto isPPUDebugIfPtr = find_pattern("84C0 ???? 8B",DoJitPtr-0x40,DoJitPtr); // je + //84 c0 //test al,al + //74 21 //je + //8b 0b //mov ecx[rbx] + //48 8b 05 XX4 // mov rax[] + //4c 8d 34 48 //lea r14,[rax+rcx*2] + if(isPPUDebugIfPtr==0)return 0; + + checkaddr= isPPUDebugIfPtr+2+2+2+7; + switch (*(BYTE*)checkaddr) + { + case 0x48:{ + switch(*(BYTE*)(checkaddr+2)){ + case 0x14:jitoffset=get_reg(regs::rdx);break; + case 0x04:jitoffset=get_reg(regs::rax);break; + case 0x1c:jitoffset=get_reg(regs::rbx);break; + case 0x0c:jitoffset=get_reg(regs::rcx);break; + case 0x24:jitoffset=get_reg(regs::rsp);break; + case 0x2c:jitoffset=get_reg(regs::rbp);break; + case 0x34:jitoffset=get_reg(regs::rsi);break; + case 0x3c:jitoffset=get_reg(regs::rdi);break; + default:jitoffset=0; + } + } + break; + case 0x4c:{ + switch(*(BYTE*)(checkaddr+2)){ + case 0x04:jitoffset=get_reg(regs::r8);break; + case 0x0c:jitoffset=get_reg(regs::r9);break; + case 0x14:jitoffset=get_reg(regs::r10);break; + case 0x1c:jitoffset=get_reg(regs::r11);break; + case 0x24:jitoffset=get_reg(regs::r12);break; + case 0x2c:jitoffset=get_reg(regs::r13);break; + case 0x34:jitoffset=get_reg(regs::r14);break; + case 0x3c:jitoffset=get_reg(regs::r15);break; + default:jitoffset=0; + } + } + break; + default:jitoffset=0; + } + ConsoleOutput("jitoffset %d",jitoffset); + if(jitoffset==0)return 0; + + DWORD _; + BYTE bs1[]={0x66, 0x0F, 0x1F, 0x44, 0x00, 0x00}; + VirtualProtect((void*)DoJitPtr,sizeof(bs1),PAGE_EXECUTE_READWRITE,&_); + memcpy((void*)DoJitPtr,bs1,sizeof(bs1)); + BYTE bs2[]={0x66, 0x90}; + VirtualProtect((void*)(isPPUDebugIfPtr+2),sizeof(bs2),PAGE_EXECUTE_READWRITE,&_); + memcpy((void*)(isPPUDebugIfPtr+2),bs2,sizeof(bs2)); + + return DoJitPtr+6; + } +#endif + + uintptr_t getDoJitAddress() + { + // rpcs3/Emu/Cell/PPUThread.cpp + /* + extern void ppu_register_function_at(u32 addr, u32 size, ppu_intrp_func_t ptr = nullptr) + { + // Initialize specific function + if (ptr) + { + ppu_ref(addr) = reinterpret_cast((reinterpret_cast(ptr) & 0xffff'ffff'ffffu) | (uptr(ppu_ref(addr)) & ~0xffff'ffff'ffffu)); + return; + } + + if (!size) + { + if (g_cfg.core.ppu_debug) + { + ppu_log.error("ppu_register_function_at(0x%x): empty range", addr); + } + + return; + } + …… + */ + char log[] = "ppu_register_function_at(0x%x): empty range"; + auto logstrptr = MemDbg::findBytes(log, sizeof(log), processStartAddress, processStopAddress); + ConsoleOutput("%p", logstrptr); + if (logstrptr == 0) + return 0; + auto addr = MemDbg::findleaaddr(logstrptr, processStartAddress, processStopAddress); + ConsoleOutput("%p", addr); + if (addr == 0) + return 0; + // ff cc cc cc,find不到。。 + BYTE start[] = {XX, 0xCC, 0xCC, 0xCC}; + addr = reverseFindBytes(start, sizeof(start), addr - 0x200, addr, 4, true); + ConsoleOutput("%p", addr); + return addr; + } + struct emfuncinfo + { + uint64_t type; + int argidx; + int padding; + decltype(HookParam::text_fun) hookfunc; + decltype(HookParam::filter_fun) filterfun; + const char *_id; + }; + std::unordered_map emfunctionhooks; + + bool checkiscurrentgame(const emfuncinfo &em) + { + auto wininfos = get_proc_windows(); + for (auto &&info : wininfos) + { + if (info.title.find(acastw(em._id)) != info.title.npos) + return true; + } + return false; + } + + static std::set> timeoutbreaks; + + void dohookemaddr(uintptr_t em_address, uintptr_t ret) + { + jitaddraddr(em_address, ret, JITTYPE::RPCS3); + if (emfunctionhooks.find(em_address) == emfunctionhooks.end()) + return; + if (!(checkiscurrentgame(emfunctionhooks.at(em_address)))) + return; + timeoutbreaks.insert(std::make_pair(em_address, ret)); + auto op = emfunctionhooks.at(em_address); + HookParam hpinternal; + hpinternal.address = ret; + hpinternal.emu_addr = em_address; // 用于生成hcode + hpinternal.type = USING_STRING | NO_CONTEXT | BREAK_POINT | op.type; + hpinternal.text_fun = op.hookfunc; + hpinternal.filter_fun = op.filterfun; + hpinternal.argidx = op.argidx; + hpinternal.padding = op.padding; + hpinternal.jittype = JITTYPE::RPCS3; + NewHook(hpinternal, op._id); + } + + bool unsafeinithooks() + { + // rpcs0.0.30,不知道为什么ppu_register_function_at不全。不过看代码得到映射表了,直接弄吧。 + // rpcs3/Emu/Cell/PPUThread.cpp + // Get pointer to executable cache + /* + static inline u8* ppu_ptr(u32 addr) + { + return vm::g_exec_addr + u64{addr} * 2; + } + */ + HookParam hp; + hp.type = DIRECT_READ; + hp.address = 0x500000000; + hp.text_fun = [](hook_stack *stack, HookParam *hp, TextBuffer *buffer, uintptr_t *split) + { + for (auto [addr, info] : emfunctionhooks) + { + auto table = addr * 2 + 0x500000000; + if (IsBadReadPtr((void *)table, sizeof(uintptr_t))) + continue; + auto funcaddr = *(uintptr_t *)table; + funcaddr &= 0x0000ffffffffffff; + if (!funcaddr) + continue; + auto p = std::make_pair(addr, funcaddr); + if (timeoutbreaks.find(p) != timeoutbreaks.end()) + continue; + dohookemaddr(addr, funcaddr); + delayinsertNewHook(addr); + } + }; + return NewHook(hp, "g_exec_addr"); + } +} +bool rpcs3::attach_function() +{ + ConsoleOutput("[Compatibility] RPCS3"); + auto DoJitPtr = getDoJitAddress(); + if (DoJitPtr == 0) + return false; + unsafeinithooks(); + spDefault.jittype = JITTYPE::RPCS3; + spDefault.minAddress = 0; + spDefault.maxAddress = -1; + HookParam hp; + hp.address = DoJitPtr; + hp.text_fun = [](hook_stack *stack, HookParam *hp, TextBuffer *buffer, uintptr_t *split) + { + auto em_address = stack->rcx; // *(uint32_t*)*(uintptr_t*)(stack->base+emoffset); + auto entrypoint = stack->r8; //*(uintptr_t*)*(uintptr_t*)(stack->base+jitoffset)-0x0008000000000000; + if (!em_address || !entrypoint) + return; + dohookemaddr(em_address, entrypoint); + delayinsertNewHook(em_address); + }; + return NewHook(hp, "vita3kjit"); +} + +namespace +{ + + bool FBLJM61131(void *data, size_t *len, HookParam *hp) + { + auto s = std::string((char *)data, *len); + std::regex pattern("\\[[^\\]]+."); + s = std::regex_replace(s, pattern, ""); + s = std::regex_replace(s, std::regex("\\\\k|\\\\x|%C|%B"), ""); + s = std::regex_replace(s, std::regex("\\%\\d+\\#[0-9a-fA-F]*\\;"), ""); + s = std::regex_replace(s, std::regex("\\n+"), " "); + return write_string_overwrite(data, len, s); + } + auto _ = []() + { + emfunctionhooks = { + //'&' -Sora no Mukou de Sakimasu you ni- + {0x46328, {CODEC_UTF8, 1, 0, 0, FBLJM61131, "BLJM61131"}}, + // Dunamis15 + {0x42c90, {CODEC_UTF8, 1, 0, 0, FBLJM61131, "BLJM60347"}}, + + }; + return 1; + }(); +} \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine64/rpcs3.h b/cpp/LunaHook/LunaHook/engine64/rpcs3.h new file mode 100644 index 00000000..fc8ae091 --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine64/rpcs3.h @@ -0,0 +1,14 @@ + + +class rpcs3 : public ENGINE +{ +public: + rpcs3() + { + + check_by = CHECK_BY::FILE; + is_engine_certain = false; + check_by_target = L"rpcs3.exe"; + }; + bool attach_function(); +}; diff --git a/cpp/LunaHook/LunaHook/engine64/vita3k.cpp b/cpp/LunaHook/LunaHook/engine64/vita3k.cpp new file mode 100644 index 00000000..67c6f9f7 --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine64/vita3k.cpp @@ -0,0 +1,587 @@ +#include "vita3k.h" +namespace +{ + auto isVirtual = true; + auto idxDescriptor = isVirtual == true ? 2 : 1; + auto idxEntrypoint = idxDescriptor + 1; + uintptr_t getDoJitAddress() + { + auto RegisterBlockSig1 = "40 55 53 56 57 41 54 41 56 41 57 48 8D 6C 24 E9 48 81 EC 90 00 00 00 48 8B ?? ?? ?? ?? ?? 48 33 C4 48 89 45 07 4D 8B F1 49 8B F0 48 8B FA 48 8B D9 4C 8B 7D 77 48 8B 01 48 8D 55 C7 FF 50 10"; + auto first = find_pattern(RegisterBlockSig1, processStartAddress, processStopAddress); + if (first) + return first; + /* + // DebugSymbol: RegisterBlock + // ?RegisterBlock@EmitX64@X64@Backend@Dynarmic@@IEAA?AUBlockDescriptor@1234@AEBVLocationDescriptor@IR@4@PEBX_K@Z <- new + // ?RegisterBlock@EmitX64@X64@Backend@Dynarmic@@IEAA?AUBlockDescriptor@1234@AEBVLocationDescriptor@IR@4@PEBX1_K@Z + const symbols = DebugSymbol.findFunctionsMatching( + 'Dynarmic::Backend::X64::EmitX64::RegisterBlock' + ); + if (symbols.length !== 0) { + console.warn('Sym RegisterBlock'); + return symbols[0]; + } + */ + auto PatchBlockSig1 = "4C 8B DC 49 89 5B 10 49 89 6B 18 56 57 41 54 41 56 41 57"; // "4C 8B DC 49 89 5B ?? 49 89 6B ?? 56 57 41 54 41 56 41 57"; + first = find_pattern(PatchBlockSig1, processStartAddress, processStopAddress); + if (first) + { + idxDescriptor = 1; + idxEntrypoint = 2; + return first; + } + return 0; + } + struct emfuncinfo + { + uint64_t type; + int argidx; + int padding; + decltype(HookParam::text_fun) hookfunc; + decltype(HookParam::filter_fun) filterfun; + const char *_id; + }; + std::unordered_map emfunctionhooks; + + bool checkiscurrentgame(const emfuncinfo &em) + { + auto wininfos = get_proc_windows(); + for (auto &&info : wininfos) + { + if (info.title.find(acastw(em._id)) != info.title.npos) + return true; + } + return false; + } +} + +bool vita3k::attach_function() +{ + ConsoleOutput("[Compatibility] Vita3k 0.1.9 3520+"); + auto DoJitPtr = getDoJitAddress(); + if (DoJitPtr == 0) + return false; + ConsoleOutput("DoJitPtr %p", DoJitPtr); + spDefault.jittype = JITTYPE::VITA3K; + spDefault.minAddress = 0; + spDefault.maxAddress = -1; + HookParam hp; + hp.address = DoJitPtr; + hp.text_fun = [](hook_stack *stack, HookParam *hp, TextBuffer *buffer, uintptr_t *split) + { + auto descriptor = *argidx(stack, idxDescriptor + 1); // r8 + auto entrypoint = *argidx(stack, idxEntrypoint + 1); // r9 + auto em_address = *(uint32_t *)descriptor; + if (!entrypoint) + return; + // ConsoleOutput("%p",em_address); + jitaddraddr(em_address, entrypoint, JITTYPE::VITA3K); + [&]() + { + if (emfunctionhooks.find(em_address) == emfunctionhooks.end()) + return; + auto op = emfunctionhooks.at(em_address); + if (!(checkiscurrentgame(op))) + return; + + HookParam hpinternal; + hpinternal.address = entrypoint; + hpinternal.emu_addr = em_address; // 用于生成hcode + hpinternal.type = USING_STRING | NO_CONTEXT | BREAK_POINT | op.type; + hpinternal.text_fun = op.hookfunc; + hpinternal.filter_fun = op.filterfun; + hpinternal.argidx = op.argidx; + hpinternal.padding = op.padding; + hpinternal.jittype = JITTYPE::VITA3K; + NewHook(hpinternal, op._id); + }(); + delayinsertNewHook(em_address); + }; + return NewHook(hp, "vita3kjit"); +} + +namespace +{ + bool FPCSG01023(void *data, size_t *len, HookParam *hp) + { + auto s = std::string((char *)data, *len); + s = std::regex_replace(s, std::regex("
"), ""); + s = std::regex_replace(s, std::regex("%CF11F"), ""); + s = std::regex_replace(s, std::regex("%CFFFF"), ""); + s = std::regex_replace(s, std::regex("%K%P"), ""); + s = std::regex_replace(s, std::regex("%K%N"), ""); + s = std::regex_replace(s, std::regex("\n"), ""); + return write_string_overwrite(data, len, s); + } + template + bool FPCSG01282(void *data, size_t *len, HookParam *hp) + { + auto s = std::string((char *)data, *len); + s = std::regex_replace(s, std::regex("(\\n)+"), " "); + s = std::regex_replace(s, std::regex("\\d$|^@[a-z]+|#.*?#|\\$"), ""); + static std::string last; + if (last == s) + return false; + last = s; + return write_string_overwrite(data, len, s); + } + + template + void ReadU16TextAndLenDW(hook_stack *stack, HookParam *hp, TextBuffer *buffer, uintptr_t *split) + { + auto address = VITA3K::emu_arg(stack)[index]; + buffer->from(address + 0xC, (*(DWORD *)(address + 0x8)) * 2); + } + + bool FPCSG00410(void *data, size_t *len, HookParam *hp) + { + auto s = std::string((char *)data, *len); + s = std::regex_replace(s, std::regex("#[A-Za-z]+\\[(\\d*[.])?\\d+\\]"), ""); + s = std::regex_replace(s, std::regex("#Pos\\[[\\s\\S]*?\\]"), ""); + s = std::regex_replace(s, std::regex("#n"), " "); + // .replaceAll("④", "!?").replaceAll("②", "!!").replaceAll("⑥", "。").replaceAll("⑪", "【") + // .replaceAll("⑫", "】").replaceAll("⑤", "、").replaceAll("①", "・・・") + strReplace(s, "\x87\x43", "!?"); + strReplace(s, "\x87\x41", "!!"); + strReplace(s, "\x87\x45", "\x81\x42"); + strReplace(s, "\x87\x4a", "\x81\x79"); + strReplace(s, "\x87\x4b", "\x81\x7a"); + strReplace(s, "\x87\x44", "\x81\x41"); + strReplace(s, "\x87\x40", "\x81\x45\x81\x45\x81\x45"); + return write_string_overwrite(data, len, s); + } + bool FPCSG00448(void *data, size_t *len, HookParam *hp) + { + auto s = std::string((char *)data, *len); + s = std::regex_replace(s, std::regex("[\\s]"), ""); + s = std::regex_replace(s, std::regex("(#n)+"), ""); + s = std::regex_replace(s, std::regex("#[A-Za-z]+\\[(\\d*[.])?\\d+\\]"), ""); + s = std::regex_replace(s, std::regex("#Pos[\\s\\S]*?\\]"), ""); + return write_string_overwrite(data, len, s); + } + bool FPCSG01008(void *data, size_t *len, HookParam *hp) + { + auto s = std::string((char *)data, *len); + s = std::regex_replace(s, std::regex("#Ruby\\[([^,]+)\\.([^\\]]+)\\]."), "$1"); + s = std::regex_replace(s, std::regex("(#n)+"), " "); + s = std::regex_replace(s, std::regex("#[A-Za-z]+\\[(\\d*[.])?\\d+\\]"), ""); + return write_string_overwrite(data, len, s); + } + void TPCSG00903(hook_stack *stack, HookParam *hp, TextBuffer *buffer, uintptr_t *split) + { + auto address = VITA3K::emu_arg(stack)[0]; + buffer->from(address + 0x1C, (*(DWORD *)(address + 0x14))); + } + bool FPCSG00903(void *data, size_t *len, HookParam *hp) + { + auto s = std::string((char *)data, *len); + s = std::regex_replace(s, std::regex("\\\\n"), " "); + return write_string_overwrite(data, len, s); + } + bool FPCSG01180(void *data, size_t *len, HookParam *hp) + { + auto s = std::string((char *)data, *len); + s = std::regex_replace(s, std::regex(R"(\\n)"), " "); + s = std::regex_replace(s, std::regex(R"(,.*$)"), " "); + return write_string_overwrite(data, len, s); + } + bool FPCSG00839(void *data, size_t *len, HookParam *hp) + { + auto s = std::wstring((wchar_t *)data, *len / 2); + s = std::regex_replace(s, std::wregex(L"\\[[^\\]]+."), L""); + s = std::regex_replace(s, std::wregex(L"\\\\k|\\\\x|%C|%B|%p-1;"), L""); + s = std::regex_replace(s, std::wregex(L"#[0-9a-fA-F]+;([^%#]+)(%r)?"), L"$1"); + s = std::regex_replace(s, std::wregex(L"\\\\n"), L""); + static std::wstring last; + if (last.find(s) != last.npos) + return false; + last = s; + return write_string_overwrite(data, len, s); + } + bool FPCSG00751(void *data, size_t *len, HookParam *hp) + { + auto s = std::string((char *)data, *len); + s = std::regex_replace(s, std::regex("[\\s]"), ""); + s = std::regex_replace(s, std::regex("@[a-z]"), ""); + // s = std::regex_replace(s, std::regex("$"), ""); + strReplace(s, "\x81\x90", ""); + return write_string_overwrite(data, len, s); + } + bool FPCSG00401(void *data, size_t *len, HookParam *hp) + { + auto s = std::string((char *)data, *len); + s = std::regex_replace(s, std::regex(R"([\s])"), ""); + s = std::regex_replace(s, std::regex(R"(\c)"), ""); + s = std::regex_replace(s, std::regex(R"(\\n)"), ""); + return write_string_overwrite(data, len, s); + } + bool FPCSG00912(void *data, size_t *len, HookParam *hp) + { + auto s = std::string((char *)data, *len); + s = std::regex_replace(s, std::regex("%N"), ""); + return write_string_overwrite(data, len, s); + } + bool FPCSG00706(void *data, size_t *len, HookParam *hp) + { + auto s = std::wstring((wchar_t *)data, *len / 2); + s = std::regex_replace(s, std::wregex(L"
"), L""); + return write_string_overwrite(data, len, s); + } + bool FPCSG00696(void *data, size_t *len, HookParam *hp) + { + auto s = std::string((char *)data, *len); + //.replace(/㌔/g, '⁉') + //.replace(/㍉/g, '!!') + strReplace(s, "\x87\x60", ""); + strReplace(s, "\x87\x5f", ""); + return write_string_overwrite(data, len, s); + } + bool FPCSG00389(void *data, size_t *len, HookParam *hp) + { + auto s = std::string((char *)data, *len); + s = std::regex_replace(s, std::regex("[\\s]"), ""); + s = std::regex_replace(s, std::regex("(#n)+"), ""); + s = std::regex_replace(s, std::regex("#[A-Za-z]+\\[(\\d*[.])?\\d+\\]"), ""); + s = std::regex_replace(s, std::regex("#Pos\\[[\\s\\S]*?\\]"), ""); + return write_string_overwrite(data, len, s); + } + bool FPCSG00216(void *data, size_t *len, HookParam *hp) + { + auto s = std::string((char *)data, *len); + s = std::regex_replace(s, std::regex("[\\s]"), ""); + s = std::regex_replace(s, std::regex("(#n)+"), ""); + s = std::regex_replace(s, std::regex("#[A-Za-z]+\\[(\\d*[.])?\\d+\\]"), ""); + s = std::regex_replace(s, std::regex("#Pos\\[[\\s\\S]*?\\]"), ""); + return write_string_overwrite(data, len, s); + } + bool FPCSG00405(void *data, size_t *len, HookParam *hp) + { + auto s = std::string((char *)data, *len); + s = std::regex_replace(s, std::regex("[\\s]"), ""); + return write_string_overwrite(data, len, s); + } + bool PCSG00776(void *data, size_t *len, HookParam *hp) + { + auto s = std::string((char *)data, *len); + auto ws = StringToWideString(s, 932).value(); + strReplace(ws, L"\x02", L""); + Trim(ws); + return write_string_overwrite(data, len, WideStringToString(ws)); + } + void PCSG00912(hook_stack *stack, HookParam *hp, TextBuffer *buffer, uintptr_t *split) + { + auto address = VITA3K::emu_arg(stack)[1]; + std::string final_string = ""; + BYTE pattern[] = {0x47, 0xff, 0xff}; + auto results = MemDbg::findBytes(pattern, sizeof(pattern), address, address + 0x50); + if (!results) + return; + + address = results + 5; + + while (true) + { + std::string text = (char *)address; + final_string += text; + address = address + (text.size() + 1); + + auto bytes = (BYTE *)address; + + if (!(bytes[0] == 0x48 && bytes[1] == 0xFF && bytes[2] == 0xFF)) + break; + address = address + (3); + bytes = (BYTE *)address; + if (!(bytes[0] == 0x47 && bytes[1] == 0xFF && bytes[2] == 0xFF)) + break; + + address = address + (5); + } + buffer->from(final_string); + } + void TPCSG00291(hook_stack *stack, HookParam *hp, TextBuffer *buffer, uintptr_t *split) + { + auto a2 = VITA3K::emu_arg(stack)[0]; + + auto vm = *(DWORD *)(a2 + (0x28)); + vm = *(DWORD *)VITA3K::emu_addr(stack, vm); + vm = *(DWORD *)VITA3K::emu_addr(stack, vm + 8); + uintptr_t address = VITA3K::emu_addr(stack, vm); + auto len1 = *(DWORD *)(address + 4); + auto p = address + 0x20; + if (len1 > 4 && *(WORD *)(p + 2) == 0) + { + auto p1 = *(DWORD *)(address + 8); + vm = *(DWORD *)VITA3K::emu_addr(stack, vm); + vm = *(DWORD *)VITA3K::emu_addr(stack, vm + 0xC); + p = VITA3K::emu_addr(stack, vm); + } + static int fm = 0; + static std::string pre; + auto b = fm; + auto s = [](uintptr_t address) + { + auto frist = *(WORD *)address; + auto lo = frist & 0xFF; // uppercase: 41->5A + auto hi = frist >> 8; + if (hi == 0 && (lo > 0x5a || lo < 0x41) /* T,W,? */) + { + return std::string(); + } + std::string s; + int i = 0; + WORD c; + char buf[3] = {0}; + while ((c = *(WORD *)(address + i)) != 0) + { + // reverse endian: ShiftJIS BE => LE + buf[0] = c >> 8; + buf[1] = c & 0xFF; + + if (c == 0x815e /* / */) + { + s += ' '; // single line + } + else if (buf[0] == 0) + { + //// UTF16 LE turned BE: 5700=>0057, 3100, 3500 + //// 4e00 6d00=>PLAYER + // do nothing + if (buf[1] == 0x4e) + { + s += "PLAYER"; + fm++; + } + } + else + { + s += buf; + } + i += 2; + } + return s; + }(p); + if (b > 0) + { + fm--; + return; + } + if (s == pre) + return; + pre = std::move(s); + buffer->from(pre); + } + + bool FPCSG00468(void *data, size_t *len, HookParam *hp) + { + auto s = std::string((char *)data, *len); + s = std::regex_replace(s, std::regex(u8R"(\\n( )*|\\k)"), ""); + s = std::regex_replace(s, std::regex(R"(\[|\*[^\]]+])"), ""); + s = std::regex_replace(s, std::regex(u8"×"), ""); + return write_string_overwrite(data, len, s); + } + bool FPCSG00808(void *data, size_t *len, HookParam *hp) + { + auto s = std::string((char *)data, *len); + s = std::regex_replace(s, std::regex(R"(^\s+|\s+$)"), ""); + s = std::regex_replace(s, std::regex(R"(\s*(#n)*\s*)"), ""); + s = std::regex_replace(s, std::regex(R"(#\w+(\[.+?\])?)"), ""); + return write_string_overwrite(data, len, s); + } + bool F010088B01A8FC000(void *data, size_t *len, HookParam *hp) + { + auto s = std::string((char *)data, *len); + static std::string last; + s = std::regex_replace(s, std::regex(R"(#\w+(\[.+?\])?)"), ""); + s = std::regex_replace(s, std::regex(u8" "), ""); + if (last == s) + return false; + last = s; + return write_string_overwrite(data, len, s); + } + bool FPCSG00815(void *data, size_t *len, HookParam *hp) + { + auto s = std::string((char *)data, *len); + s = std::regex_replace(s, std::regex(R"(\s*(#n)*\s*)"), ""); + s = std::regex_replace(s, std::regex(R"(#\w+(\[.+?\])?)"), ""); + return write_string_overwrite(data, len, s); + } + bool FPCSG00855(void *data, size_t *len, HookParam *hp) + { + auto s = std::string((char *)data, *len); + s = std::regex_replace(s, std::regex(u8R"(#n( )*)"), ""); + s = std::regex_replace(s, std::regex(R"(#\w.+?])"), ""); + return write_string_overwrite(data, len, s); + } + template + bool FPCSG00855_2(void *data, size_t *len, HookParam *hp) + { + auto s = std::string((char *)data, *len); + static std::string last; + if (last == s) + return false; + last = s; + strReplace(s, u8"Χ", u8"、"); + strReplace(s, u8"Δ", u8"。"); + strReplace(s, u8"Λ", u8"っ"); + strReplace(s, u8"《", u8"("); + strReplace(s, u8"》", u8")"); + strReplace(s, u8"∫", u8"「"); + strReplace(s, u8"∨", u8"」"); + strReplace(s, u8"∴", u8"『"); + strReplace(s, u8"∵", u8"』"); + strReplace(s, u8"П", u8"【"); + strReplace(s, u8"Ц", u8"】"); + if (write_string_overwrite(data, len, s)) + return FPCSG00855(data, len, hp); + else + return false; + } + bool FPCSG00477(void *data, size_t *len, HookParam *hp) + { + auto s = std::string((char *)data, *len); + auto ws = StringToWideString(s, 932).value(); + ws = std::regex_replace(ws, std::wregex(LR"(#n\u3000*)"), L""); + ws = std::regex_replace(ws, std::wregex(LR"(#\w.+?])"), L""); + s = WideStringToString(ws, 932); + return write_string_overwrite(data, len, s); + } + bool FPCSG00852(void *data, size_t *len, HookParam *hp) + { + auto s = std::string((char *)data, *len); + auto ws = StringToWideString(s, 932).value(); + ws = std::regex_replace(ws, std::wregex(LR"(\^)"), L""); + s = WideStringToString(ws, 932); + return write_string_overwrite(data, len, s); + } + bool FPCSG01066(void *data, size_t *len, HookParam *hp) + { + auto s = std::string((char *)data, *len); + s = std::regex_replace(s, std::regex(u8R"(\n( )*)"), ""); + return write_string_overwrite(data, len, s); + } + bool FPCSG01075(void *data, size_t *len, HookParam *hp) + { + if (!FPCSG00808(data, len, hp)) + return false; + auto s = std::string((char *)data, *len); + static std::string last; + if (last == s) + return false; + last = s; + return true; + } + auto _ = []() + { + emfunctionhooks = { + // Tsuihou Senkyo + {0x8002e176, {0, 0, 0, 0, FPCSG01023, "PCSG01023"}}, // dialogue+name,sjis + // 死神と少女 Shinigami to Shoujo + {0x800204ba, {0, 2, 0, 0, FPCSG01282<0>, "PCSG01282"}}, // dialogueNVL,sjis + {0x8000f00e, {0, 1, 0, 0, FPCSG01282<1>, "PCSG01282"}}, // dialogue main + {0x80011f1a, {0, 0, 0, 0, FPCSG01282<2>, "PCSG01282"}}, // Name + {0x8001ebac, {0, 1, 0, 0, FPCSG01282<3>, "PCSG01282"}}, // choices + // 神凪ノ杜 Kannagi no Mori Satsukiame Tsuzuri + {0x828bb50c, {CODEC_UTF16, 0, 0, ReadU16TextAndLenDW<0>, 0, "PCSG01268"}}, // dialogue + {0x828ba9b6, {CODEC_UTF16, 0, 0, ReadU16TextAndLenDW<0>, 0, "PCSG01268"}}, // name + {0x8060D376, {CODEC_UTF8, 0, 0, 0, 0, "PCSG01268"}}, // vita3k v0.2.0 can't find 0x828bb50c && 0x828ba9b6, unknown reason. + // Sanzen Sekai Yuugi ~MultiUniverse Myself~ + {0x8005ae24, {0, 0, 0, 0, 0, "PCSG01194"}}, // dialouge+name,sjis,need remap jis char,to complex + // Marginal #4 Road to Galaxy + {0x8002ff90, {CODEC_UTF8, 0, 0, 0, FPCSG01008, "PCSG01008"}}, // text + // BLACK WOLVES SAGA -Weiβ und Schwarz- + {0x800581a2, {CODEC_UTF8, 0, 0, 0, FPCSG01008, "PCSG00935"}}, // text + // New Game! The Challenge Stage! + {0x8012674c, {CODEC_UTF8, 0, 0, TPCSG00903, FPCSG00903, "PCSG00903"}}, + // Kenka Banchou Otome + {0x80009722, {CODEC_UTF16, 0, 0, 0, FPCSG00839, "PCSG00839"}}, + // Arcana famiglia -La storia della Arcana Famiglia- + {0x80070e30, {0, 2, 0, 0, FPCSG00751, "PCSG00751"}}, // all,sjis + {0x80070cdc, {0, 1, 0, 0, FPCSG00751, "PCSG00751"}}, // text + // もし、この世界に神様がいるとするならば。 Moshi, Kono Sekai ni Kami-sama ga Iru to Suru Naraba. + {0x80c1f270, {CODEC_UTF16, 0, 0, ReadU16TextAndLenDW<0>, FPCSG00706, "PCSG00706"}}, // dialogue + {0x80d48bfc, {CODEC_UTF16, 0, 0, ReadU16TextAndLenDW<1>, FPCSG00706, "PCSG00706"}}, // Dictionary1 + {0x80d48c20, {CODEC_UTF16, 0, 0, ReadU16TextAndLenDW<0>, FPCSG00706, "PCSG00706"}}, // Dictionary2 + // Angelique Retour + {0x8008bd1a, {0, 1, 0, 0, FPCSG00696, "PCSG00696"}}, // text1,sjis + {0x8008cd48, {0, 0, 0, 0, FPCSG00696, "PCSG00696"}}, // text2 + {0x8008f75a, {0, 0, 0, 0, FPCSG00696, "PCSG00696"}}, // choice + // Tsuki ni Yorisou Otome no Sahou + {0x8002aefa, {0, 2, 0, 0, 0, "PCSG00648"}}, // dialogue,sjis + // MARGINAL#4 IDOL OF SUPERNOVA + {0x800718f8, {0, 0, 0, 0, FPCSG00448, "PCSG00448"}}, // dialogue,sjis + // Nekketsu Inou Bukatsu-tan Trigger Kiss + {0x8004e44a, {0, 0, 0, 0, FPCSG00410, "PCSG00410"}}, // dialogue,sjis + // バイナリースター Binary Star + {0x80058606, {0, 1, 0xd, 0, FPCSG00389, "PCSG00389"}}, // dialogue,sjis + // Amagami + {0x80070658, {0, 0, 0, TPCSG00291, 0, "PCSG00291"}}, + // Rui wa Tomo o Yobu + {0x81003db0, {CODEC_UTF8, 1, 0, 0, FPCSG00839, "PCSG00216"}}, // dialogue + // Reine des Fleurs + {0x8001bff2, {0, 0, 0, 0, FPCSG00405, "PCSG00405"}}, // dialogue,sjis + // Muv-Luv + {0x80118f10, {0, 5, 0, 0, PCSG00776, "PCSG00776"}}, // dialogue, choices + {0x80126e7e, {0, 0, 0, 0, PCSG00776, "PCSG00776"}}, // dialogue + // Re:Birthday Song ~Koi o Utau Shinigami~ + {0x80033af6, {0, 0, 2, 0, 0, "PCSG00911"}}, // dialogue + // Un:Birthday Song ~Ai o Utau Shinigami~ + {0x80038538, {0, 0, 0, PCSG00912, 0, "PCSG00912"}}, + {0x80033d66, {0, 3, 4, 0, FPCSG00912, "PCSG00912"}}, + // Sora*yume + {0x8000bad4, {0, 1, 0, 0, FPCSG00401, "PCSG00401"}}, + // Tengai ni Mau, Iki na Hana + + {0x8006808e, {CODEC_UTF8, 0, 0, 0, FPCSG01180, "PCSG01180"}}, + {0x80089408, {CODEC_UTF8, 0, 0, 0, FPCSG01180, "PCSG01180"}}, + + // Kokuchou no Psychedelica (黒蝶のサイケデリカ) + {0x80043538, {CODEC_UTF8, 1, 0, 0, FPCSG00468, "PCSG00468"}}, + // Haitaka no Psychedelica (灰鷹のサイケデリカ) + {0x80022c06, {CODEC_UTF8, 4, 0, 0, FPCSG00468, "PCSG00812"}}, + // Yuukyuu no Tierblade -Lost Chronicle- (悠久のティアブレイド -Lost Chronicle-) + {0x8003542a, {CODEC_UTF8, 10, 0, 0, FPCSG00808, "PCSG00808"}}, + {0x8002a95a, {CODEC_UTF8, 6, 0, 0, FPCSG00808, "PCSG00808"}}, + {0x801a98aa, {CODEC_UTF8, 9, 0, 0, FPCSG00808, "PCSG00808"}}, + {0x801a42bc, {CODEC_UTF8, 9, 0, 0, FPCSG00808, "PCSG00808"}}, + {0x801a42d0, {CODEC_UTF8, 7, 0, 0, FPCSG00808, "PCSG00808"}}, + // Yuukyuu no Tierblade -Fragments of Memory- (悠久のティアブレイド -Fragments of Memory-) + {0x80035f44, {CODEC_UTF8, 10, 0, 0, FPCSG01075, "PCSG01075"}}, + {0x8000d868, {CODEC_UTF8, 9, 0, 0, FPCSG01075, "PCSG01075"}}, + {0x8004598e, {CODEC_UTF8, 0, 0, 0, FPCSG01075, "PCSG01075"}}, + {0x801b1d16, {CODEC_UTF8, 9, 0, 0, FPCSG01075, "PCSG01075"}}, + {0x801ac31e, {CODEC_UTF8, 9, 0, 0, FPCSG01075, "PCSG01075"}}, + {0x801ac33a, {CODEC_UTF8, 7, 0, 0, FPCSG01075, "PCSG01075"}}, + {0x801b879a, {CODEC_UTF8, 5, 0, 0, FPCSG01075, "PCSG01075"}}, + {0x8009f570, {CODEC_UTF8, 5, 0, 0, FPCSG01075, "PCSG01075"}}, + // Magic Kyun! Renaissance (マジきゅんっ!ルネッサンス) + {0x8008375a, {0, 1, 0, 0, FPCSG00852, "PCSG00852"}}, + {0x8001c194, {0, 1, 0, 0, FPCSG00852, "PCSG00852"}}, + // Chouchou Jiken Lovesodic / Chouchou Jiken Rhapsodic (蝶々事件ラブソディック) + {0x8008dea2, {CODEC_UTF8, 4, 0, 0, FPCSG01066, "PCSG01066"}}, + {0x8008eb38, {CODEC_UTF8, 0, 0, 0, FPCSG01066, "PCSG01066"}}, + // Hyakka Yakou (百華夜光) + {0x80032b30, {0, 8, 0, 0, 0, "PCSG00477"}}, + {0x80019c5a, {0, 5, 0, 0, 0, "PCSG00477"}}, + {0x80031a46, {0, 6, 0, 0, 0, "PCSG00477"}}, + {0x8003a49a, {0, 0, 0, 0, FPCSG00477, "PCSG00477"}}, + {0x80182532, {0, 7, 0, 0, FPCSG00477, "PCSG00477"}}, + {0x8017d1da, {0, 5, 0, 0, 0, "PCSG00477"}}, + {0x8017d478, {0, 4, 0, 0, 0, "PCSG00477"}}, + {0x8017a6aa, {0, 6, 0, 0, 0, "PCSG00477"}}, + // Hana Oboro ~Sengoku-den Ranki~ (花朧 ~戦国伝乱奇~) + {0x80037600, {CODEC_UTF8, 6, 0, 0, FPCSG00855, "PCSG00855"}}, + {0x80036580, {CODEC_UTF8, 6, 0, 0, FPCSG00855, "PCSG00855"}}, + {0x801a2ada, {CODEC_UTF8, 0, 0, 0, FPCSG00855_2<0>, "PCSG00855"}}, + {0x801a2ba8, {CODEC_UTF8, 0, 0, 0, FPCSG00855_2<1>, "PCSG00855"}}, + {0x801a2d9e, {CODEC_UTF8, 0, 0, 0, FPCSG00855_2<2>, "PCSG00855"}}, + {0x801a2e68, {CODEC_UTF8, 0, 0, 0, FPCSG00855_2<3>, "PCSG00855"}}, + // PsychicEmotion6 (サイキックエモーション ムー) + {0x80035948, {CODEC_UTF8, 9, 0, 0, FPCSG00815, "PCSG00815"}}, + {0x80034580, {CODEC_UTF8, 6, 0, 0, FPCSG00815, "PCSG00815"}}, + // Code: Realize ~Shirogane no Kiseki~ (Code:Realize ~白銀の奇跡~) + {0x80015bcc, {CODEC_UTF8, 0, 0x1c, 0, F010088B01A8FC000, "PCSG01110"}}, + {0x80038e76, {CODEC_UTF8, 8, 0, 0, F010088B01A8FC000, "PCSG01110"}}, + }; + return 1; + }(); +} \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine64/vita3k.h b/cpp/LunaHook/LunaHook/engine64/vita3k.h new file mode 100644 index 00000000..20162d07 --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine64/vita3k.h @@ -0,0 +1,14 @@ + + +class vita3k : public ENGINE +{ +public: + vita3k() + { + + check_by = CHECK_BY::FILE; + is_engine_certain = false; + check_by_target = L"Vita3K.exe"; + }; + bool attach_function(); +}; diff --git a/cpp/LunaHook/LunaHook/engine64/yuzu.cpp b/cpp/LunaHook/LunaHook/engine64/yuzu.cpp new file mode 100644 index 00000000..c7d13962 --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine64/yuzu.cpp @@ -0,0 +1,3267 @@ +#include "yuzu.h" +#include "mages/mages.h" +namespace +{ + auto isFastMem = true; + + auto isVirtual = true; // Process.arch === 'x64' && Process.platform === 'windows'; + auto idxDescriptor = isVirtual == true ? 2 : 1; + auto idxEntrypoint = idxDescriptor + 1; + + uintptr_t getDoJitAddress() + { + auto RegisterBlockSig1 = "E8 ?? ?? ?? ?? 4? 8B ?? 4? 8B ?? 4? 8B ?? E8 ?? ?? ?? ?? 4? 89?? 4? 8B???? ???????? 4? 89?? ?? 4? 8B?? 4? 89"; + auto RegisterBlock = find_pattern(RegisterBlockSig1, processStartAddress, processStopAddress); + if (RegisterBlock) + { + auto beginSubSig1 = "CC 40 5? 5? 5?"; + auto lookbackSize = 0x400; + auto address = RegisterBlock - lookbackSize; + auto subs = find_pattern(beginSubSig1, address, address + lookbackSize); + if (subs) + { + return subs + 1; + } + } + + auto PatchSig1 = "4????? 4????? 4????? FF?? ?? 4????? ?? 4????? 75 ?? 4????? ?? 4????? ?? 4?"; + auto Patch = find_pattern(PatchSig1, processStartAddress, processStopAddress); + if (Patch) + { + auto beginSubSig1 = "4883EC ?? 48"; + auto lookbackSize = 0x80; + auto address = Patch - lookbackSize; + auto subs = find_pattern(beginSubSig1, address, address + lookbackSize); + if (subs) + { + idxDescriptor = 1; + idxEntrypoint = 2; + return subs; + } + } + return 0; + /* + 这块不知道怎么实现。 + // DebugSymbol: RegisterBlock + // ?RegisterBlock@EmitX64@X64@Backend@Dynarmic@@IEAA?AUBlockDescriptor@1234@AEBVLocationDescriptor@IR@4@PEBX_K@Z <- new + // ?RegisterBlock@EmitX64@X64@Backend@Dynarmic@@IEAA?AUBlockDescriptor@1234@AEBVLocationDescriptor@IR@4@PEBX1_K@Z + const symbols = DebugSymbol.findFunctionsMatching('Dynarmic::Backend::X64::EmitX64::RegisterBlock'); + if (symbols.length !== 0) { + return symbols[0]; + } + + // DebugSymbol: Patch + // ?Patch@EmitX64@X64@Backend@Dynarmic@@IEAAXAEBVLocationDescriptor@IR@4@PEBX@Z + const patchs = DebugSymbol.findFunctionsMatching('Dynarmic::Backend::X64::EmitX64::Patch'); + if (patchs.length !== 0) { + idxDescriptor = 1; + idxEntrypoint = 2; + return patchs[0]; + } + */ + } + + struct emfuncinfo + { + uint64_t type; + int argidx; + int padding; + decltype(HookParam::text_fun) hookfunc; + decltype(HookParam::filter_fun) filterfun; + const char *_id; + const char *_version; + }; + std::unordered_map emfunctionhooks; + + struct GameInfo + { + std::string name{""}; + uint64_t id{0}; + std::string version{""}; + } game_info; + bool checkiscurrentgame(const emfuncinfo &em) + { + auto wininfos = get_proc_windows(); + for (auto &&info : wininfos) + { + if ((game_info.version.size()) && game_info.name.size() && (game_info.id != 0)) + { + // 判断是有效的info + auto checkversion = (em._version == 0) || (std::string(em._version) == (game_info.version)); + auto checkid = (std::stoll(em._id, 0, 16) == game_info.id); + if (checkid && checkversion) + return true; + } + else if ((em._version == 0) || (info.title.find(acastw(em._version)) != info.title.npos)) + return true; + } + return false; + } +} +bool Hook_Network_RoomMember_SendGameInfo() +{ + // void RoomMember::SendGameInfo(const GameInfo& game_info) { + // room_member_impl->current_game_info = game_info; + // if (!IsConnected()) + // return; + + // Packet packet; + // packet.Write(static_cast(IdSetGameInfo)); + // packet.Write(game_info.name); + // packet.Write(game_info.id); + // packet.Write(game_info.version); + // room_member_impl->Send(std::move(packet)); + // } + BYTE pattern[] = { + 0x49, 0x8B, XX, + 0x0F, 0xB6, 0x81, 0x28, 0x01, 0x00, 0x00, + 0x90, + 0x3C, 0x02, + 0x74, 0x1C, + 0x0F, 0xB6, 0x81, 0x28, 0x01, 0x00, 0x00, + 0x90, + 0x3C, 0x03, + 0x74, 0x10, + 0x0F, 0xB6, 0x81, 0x28, 0x01, 0x00, 0x00, + 0x90, + 0x3C, 0x04, + 0x0F, 0x85, XX4}; + for (auto addr : Util::SearchMemory(pattern, sizeof(pattern), PAGE_EXECUTE, processStartAddress, processStopAddress)) + { + addr = MemDbg::findEnclosingAlignedFunction_strict(addr, 0x100); + // 有两个,但另一个离起始很远 + if (addr == 0) + continue; + HookParam hp; + hp.address = addr; + hp.text_fun = [](hook_stack *stack, HookParam *hp, TextBuffer *buffer, uintptr_t *split) + { + // void __fastcall Network::RoomMember::SendGameInfo( + // Network::RoomMember *this, + // const AnnounceMultiplayerRoom::GameInfo *game_info) + game_info = *(GameInfo *)stack->rdx; + std::stringstream num; + num << std::uppercase + << std::hex + << std::setw(16) + << std::setfill('0') + << game_info.id; + ConsoleOutput("%s %s %s", game_info.name.c_str(), num.str().c_str(), game_info.version.c_str()); + }; + return NewHook(hp, "yuzuGameInfo"); + } + return false; +} +bool yuzu::attach_function() +{ + Hook_Network_RoomMember_SendGameInfo(); + ConsoleOutput("[Compatibility] Yuzu 1616+"); + auto DoJitPtr = getDoJitAddress(); + if (DoJitPtr == 0) + return false; + spDefault.jittype = JITTYPE::YUZU; + spDefault.minAddress = 0; + spDefault.maxAddress = -1; + ConsoleOutput("DoJitPtr %p", DoJitPtr); + HookParam hp; + hp.address = DoJitPtr; + hp.text_fun = [](hook_stack *stack, HookParam *hp, TextBuffer *buffer, uintptr_t *split) + { + auto descriptor = *argidx(stack, idxDescriptor + 1); // r8 + auto entrypoint = *argidx(stack, idxEntrypoint + 1); // r9 + auto em_address = *(uint64_t *)descriptor; + if (!entrypoint) + return; + jitaddraddr(em_address, entrypoint, JITTYPE::YUZU); + [&]() + { + if (emfunctionhooks.find(em_address) == emfunctionhooks.end()) + return; + auto op = emfunctionhooks.at(em_address); + if (!(checkiscurrentgame(op))) + return; + + HookParam hpinternal; + hpinternal.address = entrypoint; + hpinternal.emu_addr = em_address; // 用于生成hcode + hpinternal.type = NO_CONTEXT | BREAK_POINT | op.type; + if (!(op.type & USING_CHAR)) + hpinternal.type |= USING_STRING; + hpinternal.text_fun = op.hookfunc; + hpinternal.filter_fun = op.filterfun; + hpinternal.argidx = op.argidx; + hpinternal.padding = op.padding; + hpinternal.jittype = JITTYPE::YUZU; + NewHook(hpinternal, op._id); + }(); + delayinsertNewHook(em_address); + }; + return NewHook(hp, "YuzuDoJit"); +} + +namespace +{ + int readu8(BYTE *addr) + { + int numBytes = 0; + auto firstByte = *addr; + if (firstByte <= 0x7F) + { + numBytes = 1; + } + else if ((firstByte & 0xE0) == 0xC0) + { + numBytes = 2; + } + else if ((firstByte & 0xF0) == 0xE0) + { + numBytes = 3; + } + else if ((firstByte & 0xF8) == 0xF0) + { + numBytes = 4; + } + return numBytes; + } + void T010012A017F18000(hook_stack *stack, HookParam *hp, TextBuffer *buffer, uintptr_t *split) + { + auto address = YUZU::emu_arg(stack)[2]; + std::string s, bottom; + uint32_t c; + while (true) + { + c = *(BYTE *)(address); + if (c == 0) + break; + if (c >= 0x20) + { + auto l = readu8((BYTE *)address); + s += std::string((char *)address, l); + address += l; + } + else + { + address += 1; + if (c == 1) + { + bottom = ""; + while (true) + { + auto l = readu8((BYTE *)address); + auto ss = std::string((char *)address, l); + address += l; + if (ss[0] < 0xa) + break; + bottom += ss; + s += ss; + } + } + else if (c == 3) + { + while (true) + { + auto l = readu8((BYTE *)address); + auto ss = std::string((char *)address, l); + address += l; + if (ss[0] < 0xa) + break; + } + } + else if (c == 7) + { + address += 1; + } + else if (c == 0xa) + { + return; + } + else if (c == 0xd) + { + c = *(uint32_t *)address; + auto count = c & 0xFF; + c = c & 0xFFFFFF00; + if (c == 0x0692c500) + { + for (int _ = 0; _ < count; _++) + s += '-'; + address += 4; + } + } + } + } + buffer->from(s); + } + + template + void ReadTextAndLenDW(hook_stack *stack, HookParam *hp, TextBuffer *buffer, uintptr_t *split) + { + auto address = YUZU::emu_arg(stack)[index]; + buffer->from(address + 0x14, (*(DWORD *)(address + 0x10)) * 2); + } + + template + void ReadTextAndLenW(hook_stack *stack, HookParam *hp, TextBuffer *buffer, uintptr_t *split) + { + auto address = YUZU::emu_arg(stack)[index]; + buffer->from(address + 0x14, (*(WORD *)(address + 0x10)) * 2); + } + template + void mages_readstring(hook_stack *stack, HookParam *hp, TextBuffer *buffer, uintptr_t *split) + { + auto s = mages::readString(YUZU::emu_arg(stack)[0], idx); + buffer->from(s); + } + + bool F0100A3A00CC7E000(void *data, size_t *len, HookParam *hp) + { + auto s = std::wstring((wchar_t *)data, *len / 2); + + std::wregex pattern1(L"^`([^@]+)."); + s = std::regex_replace(s, pattern1, L"$1: "); + + s = std::regex_replace(s, std::wregex(L"\\$[A-Z]\\d*(,\\d*)*"), L""); + + std::wregex pattern2(L"\\$\\[([^$]+)..([^$]+).."); + s = std::regex_replace(s, pattern2, L"$1"); + return write_string_overwrite(data, len, s); + } + + bool F010045C0109F2000(void *data, size_t *len, HookParam *hp) + { + auto s = std::string((char *)data, *len); + s = std::regex_replace(s, std::regex("#[^\\]]*\\]"), ""); + s = std::regex_replace(s, std::regex("#[^\\n]*\\n"), ""); + s = std::regex_replace(s, std::regex(u8" "), ""); + s = std::regex_replace(s, std::regex(u8"Save[\\s\\S]*データ"), ""); + return write_string_overwrite(data, len, s); + } + + bool F0100A1E00BFEA000(void *data, size_t *len, HookParam *hp) + { + auto s = std::wstring((wchar_t *)data, *len / 2); + s = std::regex_replace(s, std::wregex(L"[\\s]"), L""); + s = std::regex_replace(s, std::wregex(L"(.+? \")"), L""); + s = std::regex_replace(s, std::wregex(L"(\",.*)"), L""); + s = std::regex_replace(s, std::wregex(L"(\" .*)"), L""); + return write_string_overwrite(data, len, s); + } + + bool F0100A1200CA3C000(void *data, size_t *len, HookParam *hp) + { + auto s = std::wstring((wchar_t *)data, *len / 2); + s = std::regex_replace(s, std::wregex(L"\\$d"), L"\n"); + s = std::regex_replace(s, std::wregex(L"_"), L" "); + s = std::regex_replace(s, std::wregex(L"@"), L" "); + s = std::regex_replace(s, std::wregex(L"\\[([^\\/\\]]+)\\/[^\\/\\]]+\\]"), L"$1"); + s = std::regex_replace(s, std::wregex(L"[~^$❝.❞'?,(-)!—:;-❛ ❜]"), L""); + s = std::regex_replace(s, std::wregex(L"[A-Za-z0-9]"), L""); + s = std::regex_replace(s, std::wregex(L"^\\s+"), L""); + while (std::regex_search(s, std::wregex(L"^\\s*$"))) + { + s = std::regex_replace(s, std::wregex(L"^\\s*$"), L""); + } + return write_string_overwrite(data, len, s); + } + + bool F0100F6A00A684000(void *data, size_t *len, HookParam *hp) + { + auto s = std::string((char *)data, *len); + + std::regex regex("(?=@.)"); + std::sregex_token_iterator it(s.begin(), s.end(), regex, -1); + std::sregex_token_iterator end; + + std::vector parts(it, end); + s = ""; + for (auto part : parts) + { + if (startWith(part, "@") == false) + { + s += part; + continue; + } + std::string tag = part.substr(0, 2); + std::string content = part.substr(2); + if (tag == "@r") + { + if (s == "") + s = content; + else + s += '\n' + content; + } + else if (tag == "@u" || tag == "@v" || tag == "@w" || tag == "@o" || tag == "@a" || tag == "@z" || tag == "@c" || tag == "@s") + { + auto splited = strSplit(content, "."); + if (splited.size() == 2) + s += splited[1]; + } + else if (tag == "@b") + { + } + else + { + s += content; + } + } + static auto katakanaMap = std::map{ + {L"「", L"「"}, {L"」", L"」"}, {L"ァ", L"ぁ"}, {L"ィ", L"ぃ"}, {L"ゥ", L"ぅ"}, {L"ェ", L"ぇ"}, {L"ォ", L"ぉ"}, {L"ャ", L"ゃ"}, {L"ュ", L"ゅ"}, {L"ョ", L"ょ"}, {L"ア", L"あ"}, {L"イ", L"い"}, {L"ウ", L"う"}, {L"エ", L"え"}, {L"オ", L"お"}, {L"カ", L"か"}, {L"キ", L"き"}, {L"ク", L"く"}, {L"ケ", L"け"}, {L"コ", L"こ"}, {L"サ", L"さ"}, {L"シ", L"し"}, {L"ス", L"す"}, {L"セ", L"せ"}, {L"ソ", L"そ"}, {L"タ", L"た"}, {L"チ", L"ち"}, {L"ツ", L"つ"}, {L"テ", L"て"}, {L"ト", L"と"}, {L"ナ", L"な"}, {L"ニ", L"に"}, {L"ヌ", L"ぬ"}, {L"ネ", L"ね"}, {L"ノ", L"の"}, {L"ハ", L"は"}, {L"ヒ", L"ひ"}, {L"フ", L"ふ"}, {L"ヘ", L"へ"}, {L"ホ", L"ほ"}, {L"マ", L"ま"}, {L"ミ", L"み"}, {L"ム", L"む"}, {L"メ", L"め"}, {L"モ", L"も"}, {L"ヤ", L"や"}, {L"ユ", L"ゆ"}, {L"ヨ", L"よ"}, {L"ラ", L"ら"}, {L"リ", L"り"}, {L"ル", L"る"}, {L"レ", L"れ"}, {L"ロ", L"ろ"}, {L"ワ", L"わ"}, {L"ヲ", L"を"}, {L"ン", L"ん"}, {L"ー", L"ー"}, {L"ッ", L"っ"}, {L"、", L"、"}, {L"゚", L"?"}, {L"゙", L"!"}, {L"・", L"…"}, {L"?", L" "}, {L"。", L"。"}, {L"\uF8F0", L""}, {L"\uFFFD", L""} // invalid (shift_jis A0 <=> EF A3 B0) | FF FD - F8 F0) + }; + + auto remap = [](std::string s) + { + std::wstring result; + auto ws = StringToWideString(s, 932).value(); + for (auto _c : ws) + { + std::wstring c; + c.push_back(_c); + if (katakanaMap.find(c) != katakanaMap.end()) + { + result += katakanaMap[c]; + } + else + result += c; + } + return WideStringToString(result, 932); + }; + return write_string_overwrite(data, len, remap(s)); + } + bool F01006590155AC000(void *data, size_t *len, HookParam *hp) + { + auto s = std::string((char *)data, *len); + + std::regex regex("(?=@.)"); + std::sregex_token_iterator it(s.begin(), s.end(), regex, -1); + std::sregex_token_iterator end; + + std::vector parts(it, end); + s = ""; + int counter = 0; + while (counter < parts.size()) + { + std::string part = parts[counter]; + if (part[0] != '@') + { + s += part; + counter++; + continue; + } + std::string tag = part.substr(0, 2); + std::string content = part.substr(2); + if (tag == "@s" || tag == "@t") + { + s += content.substr(4); + counter++; + continue; + } + else if (tag == "@m") + { + s += content.substr(2); + counter++; + continue; + } + else if (tag == "@n") + { + s += '\n' + content; + counter++; + continue; + } + else if (tag == "@b" || tag == "@a" || tag == "@p" || tag == "@k") + { + s += content; + counter++; + continue; + } + else if (tag == "@v" || tag == "@h") + { + std::regex regex("[\\w_-]+"); + s += std::regex_replace(content, regex, ""); + counter++; + continue; + } + else if (tag == "@r") + { + s += content + parts[counter + 2].substr(1); + counter += 3; + continue; + } + else if (tag == "@I") + { + if (content == "@" || parts[counter + 1].substr(0, 2) == "@r") + { + counter++; + continue; + } + std::regex regex(u8"[\\d+─]"); + s += std::regex_replace(content, regex, ""); + counter += 3; + continue; + } + else + { + s += content; + counter++; + continue; + } + } + return write_string_overwrite(data, len, s); + } + bool F01000200194AE000(void *data, size_t *len, HookParam *hp) + { + auto s = std::string((char *)data, *len); + + static std::string readString_savedSentence = ""; + static bool readString_playerNameFlag = false; + static std::string readString_playerName = u8"ラピス"; + + std::regex regex("(?=@.)"); + std::sregex_token_iterator it(s.begin(), s.end(), regex, -1); + std::sregex_token_iterator end; + + std::vector parts(it, end); + s = ""; + size_t counter = 0; + + while (counter < parts.size()) + { + const std::string &part = parts[counter]; + + if (part.empty() || part[0] != '@') + { + s += part; + counter++; + continue; + } + + std::string tag = part.substr(0, 2); + std::string content = part.substr(2); + + if (tag == "@*") + { + if (content.find("name") == 0) + { + if (readString_playerName == u8"ラピス") + { + s += content.substr(4) + readString_playerName + parts[counter + 4].substr(1); + } + else + { + s += content.substr(4) + parts[counter + 3].substr(1) + parts[counter + 4].substr(1); + } + counter += 5; + continue; + } + } + else if (tag == "@s" || tag == "@t") + { + s += content.substr(4); + counter++; + continue; + } + else if (tag == "@m") + { + s += content.substr(2); + counter++; + continue; + } + else if (tag == "@u") + { + readString_playerNameFlag = true; + readString_savedSentence = ""; + counter++; + return false; + } + else if (tag == "@n" || tag == "@b" || tag == "@a" || tag == "@p" || tag == "@k") + { + s += content; + counter++; + continue; + } + else if (tag == "@v" || tag == "@h") + { + std::regex regex("[\\w_-]+"); + s += std::regex_replace(content, regex, ""); + counter++; + continue; + } + else if (tag == "@r") + { + s += content + parts[counter + 2].substr(1); + counter += 3; + continue; + } + else if (tag == "@I") + { + if (content == "@" || parts[counter + 1].substr(0, 2) == "@r") + { + counter++; + continue; + } + std::regex regex(u8"[\\d+─]"); + s += std::regex_replace(content, regex, ""); + counter += 3; + continue; + } + else + { + s += content; + counter++; + continue; + } + } + + if (!readString_playerNameFlag) + { + ; + } + else if (readString_savedSentence.empty()) + { + readString_savedSentence = s; + s = ""; + } + else + { + std::string savedSentence = readString_savedSentence; + readString_playerNameFlag = false; + readString_savedSentence = ""; + readString_playerName = s; + s = s + "\n" + savedSentence; + } + return write_string_overwrite(data, len, s); + } + bool F0100EA001A626000(void *data, size_t *len, HookParam *hp) + { + auto s = utf32_to_utf16((uint32_t *)data, *len / 4); + if (s == L"  ") + { + return false; + } + s = std::regex_replace(s, std::wregex(L"\n+"), L" "); + + s = std::regex_replace(s, std::wregex(L"\\$\\{FirstName\\}"), L"ナーヤ"); + + if (startWith(s, L"#T")) + { + s = std::regex_replace(s, std::wregex(L"#T2[^#]+"), L""); + s = std::regex_replace(s, std::wregex(L"#T\\d"), L""); + } + auto u32 = utf16_to_utf32(s.c_str(), s.size()); + return write_string_overwrite(data, len, u32); + } + bool F010093800DB1C000(void *data, size_t *len, HookParam *hp) + { + auto s = utf32_to_utf16((uint32_t *)data, *len / 4); + s = std::regex_replace(s, std::wregex(L"\\n+"), L" "); + s = std::regex_replace(s, std::wregex(L"\\$\\{FirstName\\}"), L"シリーン"); + if (startWith(s, L"#T")) + { + s = std::regex_replace(s, std::wregex(L"\\#T2[^#]+"), L""); + s = std::regex_replace(s, std::wregex(L"\\#T\\d"), L""); + } + auto u32 = utf16_to_utf32(s.c_str(), s.size()); + return write_string_overwrite(data, len, u32); + } + bool F0100F7E00DFC8000(void *data, size_t *len, HookParam *hp) + { + auto s = utf32_to_utf16((uint32_t *)data, *len / 4); + s = std::regex_replace(s, std::wregex(L"[\\s]"), L" "); + s = std::regex_replace(s, std::wregex(L"#KW"), L""); + s = std::regex_replace(s, std::wregex(L"#C\\(TR,0xff0000ff\\)"), L""); + s = std::regex_replace(s, std::wregex(L"#P\\(.*\\)"), L""); + auto u32 = utf16_to_utf32(s.c_str(), s.size()); + return write_string_overwrite(data, len, u32); + } + + bool F0100982015606000(void *data, size_t *len, HookParam *hp) + { + auto s = std::wstring((wchar_t *)data, *len / 2); + s = std::regex_replace(s, std::wregex(L"\\n+|(\\\\n)+"), L" "); + return write_string_overwrite(data, len, s); + } + bool F0100C4E013E5E000(void *data, size_t *len, HookParam *hp) + { + auto s = std::wstring((wchar_t *)data, *len / 2); + s = std::regex_replace(s, std::wregex(L"\\\\n"), L" "); + return write_string_overwrite(data, len, s); + } + + bool F010001D015260000(void *data, size_t *len, HookParam *hp) + { + auto s = std::string((char *)data, *len); + if (startWith(s, "#Key")) + return false; + strReplace(s, "#n", "\n"); + return write_string_overwrite(data, len, s); + } + bool F0100E1E00E2AE000(void *data, size_t *len, HookParam *hp) + { + auto s = std::string((char *)data, *len); + s = std::regex_replace(s, std::regex("#n"), "\n"); + s = std::regex_replace(s, std::regex("[A-Za-z0-9]"), ""); + s = std::regex_replace(s, std::regex("[~^,\\-\\[\\]#]"), ""); + return write_string_overwrite(data, len, s); + } + bool F0100DE200C0DA000(void *data, size_t *len, HookParam *hp) + { + StringReplacer((char *)data, len, "#n", 2, " ", 1); + StringReplacer((char *)data, len, "\n", 1, " ", 1); + return true; + } + bool F0100AEC013DDA000(void *data, size_t *len, HookParam *hp) + { + auto s = std::string((char *)data, *len); + static std::string ss; + if (ss == s) + return false; + ss = s; + return true; + } + + bool F0100F7801B5DC000(void *data, size_t *len, HookParam *hp) + { + if (!all_ascii((wchar_t *)data)) + return false; // chaos on first load. + StringReplacer((wchar_t *)data, len, L"
", 4, L"\n", 1); + return true; + } + + bool F01006CC015ECA000(void *data, size_t *len, HookParam *hp) + { + StringCharReplacer((wchar_t *)data, len, L"#
", 5, L'\n'); + return true; + } + bool F0100925014864000(void *data, size_t *len, HookParam *hp) + { + auto s = std::string((char *)data, *len); + s = std::regex_replace(s, std::regex("(#n)+"), " "); + s = std::regex_replace(s, std::regex("(#[A-Za-z]+\\[(\\d*[.])?\\d+\\])+"), ""); + return write_string_overwrite(data, len, s); + } + + bool F0100936018EB4000(void *data, size_t *len, HookParam *hp) + { + auto s = utf32_to_utf16((uint32_t *)data, *len / 4); + s = std::regex_replace(s, std::wregex(L"<[^>]+>"), L""); + s = std::regex_replace(s, std::wregex(L"\n+"), L" "); + auto u32 = utf16_to_utf32(s.c_str(), s.size()); + return write_string_overwrite(data, len, u32); + } + template + void T01000BB01CB8A000(hook_stack *stack, HookParam *hp, TextBuffer *buffer, uintptr_t *split) + { + auto address = YUZU::emu_arg(stack)[index]; + std::wstring s; + while (auto c = *(uint16_t *)address) + { + if (c == 0x0 || c == 0xcccc) + { + break; + } + else if (c == 0xa || c == 0xd) + ; + else + { + s += c; + } + address += 4; + } + buffer->from(s); + } + std::unordered_map T0100DEF01D0C6000_dict; + + void T0100DEF01D0C6000_2(hook_stack *stack, HookParam *hp, TextBuffer *buffer, uintptr_t *split) + { + auto address1 = YUZU::emu_arg(stack)[0] + 0x14; + auto address2 = YUZU::emu_arg(stack)[1] + 0x14; + auto word = std::wstring((wchar_t *)address1); + auto meaning = std::wstring((wchar_t *)address2); + T0100DEF01D0C6000_dict[word] = meaning; + } + void T010061300DF48000(hook_stack *stack, HookParam *hp, TextBuffer *buffer, uintptr_t *split) + { + auto address1 = YUZU::emu_arg(stack)[0]; + auto address2 = YUZU::emu_arg(stack)[1]; + auto word = std::string((char *)address1); + word = std::regex_replace(word, std::regex(R"(\w+\.\w+)"), ""); + while (!(*(BYTE *)address2)) + address2 += 1; + auto meaning = std::string((char *)address2); + meaning = std::regex_replace(meaning, std::regex(R"(%\w+)"), ""); + auto s = word + '\n' + meaning; + buffer->from(s); + } + + template + void T0100B0100E26C000(hook_stack *stack, HookParam *hp, TextBuffer *buffer, uintptr_t *split) + { + auto address = YUZU::emu_arg(stack)[index]; + if (type == 2) + address += 0xA; + auto length = (*(DWORD *)(address + 0x10)) * 2; + buffer->from(address + 0x14, length); + } + + bool F010045C014650000(void *data, size_t *len, HookParam *hp) + { + auto s = std::string((char *)data, *len); + std::regex pattern("(@(\\/)?[a-zA-Z#](\\(\\d+\\))?|)[*<>]+"); + s = std::regex_replace(s, pattern, ""); + return write_string_overwrite(data, len, s); + } + + bool F0100AB100E2FA000(void *data, size_t *len, HookParam *hp) + { + auto s = std::wstring((wchar_t *)data, *len / 2); + s = std::regex_replace(s, std::wregex(LR"(\n)"), L""); + s = std::regex_replace(s, std::wregex(LR"(\u3000)"), L""); + s = std::regex_replace(s, std::wregex(LR"(<[^>]*>)"), L""); + return write_string_overwrite(data, len, s); + } + bool F01008C0016544000(void *data, size_t *len, HookParam *hp) + { + auto s = std::wstring((wchar_t *)data, *len / 2); + s = std::regex_replace(s, std::wregex(L"<[^>]+>"), L" "); + return write_string_overwrite(data, len, s); + } + bool F0100FB7019ADE000(void *data, size_t *len, HookParam *hp) + { + static int idx = 0; + return ((++idx) % 2 == 1); + } + bool F01006F000B056000(void *data, size_t *len, HookParam *hp) + { + auto s = std::wstring((wchar_t *)data, *len / 2); + s = std::regex_replace(s, std::wregex(L"\\[.*?\\]"), L" "); + return write_string_overwrite(data, len, s); + } + bool F0100068019996000(void *data, size_t *len, HookParam *hp) + { + auto s = std::string((char *)data, *len); + s = std::regex_replace(s, std::regex("%N"), "\n"); + return write_string_overwrite(data, len, s); + } + bool F0100ADC014DA0000(void *data, size_t *len, HookParam *hp) + { + auto s = std::wstring((wchar_t *)data, *len / 2); + std::wregex symbolRegex(L"[~^$(,)]"); + std::wregex alphanumericRegex(L"[A-Za-z0-9]"); + std::wregex atRegex(L"@"); + std::wregex leadingSpaceRegex(L"^\\s+"); + s = std::regex_replace(s, symbolRegex, L""); + s = std::regex_replace(s, alphanumericRegex, L""); + s = std::regex_replace(s, atRegex, L" "); + s = std::regex_replace(s, leadingSpaceRegex, L""); + return write_string_overwrite(data, len, s); + } + bool F0100AFA01750C000(void *data, size_t *len, HookParam *hp) + { + auto s = std::string((char *)data, *len); + std::regex newlineRegex("(\\\\n)+"); + std::regex specialCharsRegex("\\\\d$|^\\@[a-z]+|#.*?#|\\$"); + s = std::regex_replace(s, newlineRegex, " "); + s = std::regex_replace(s, specialCharsRegex, ""); + return write_string_overwrite(data, len, s); + } + bool F0100C1E0102B8000(void *data, size_t *len, HookParam *hp) + { + auto s = std::string((char *)data, *len); + s = std::regex_replace(s, std::regex("#N"), "\n"); + std::regex colorRegex("#Color\\[[\\d]+\\]"); + s = std::regex_replace(s, colorRegex, ""); + return write_string_overwrite(data, len, s); + } + bool F0100BD700E648000(void *data, size_t *len, HookParam *hp) + { + StringReplacer((char *)data, len, "*", 1, " ", 1); + StringReplacer((char *)data, len, u8"ゞ", sizeof(u8"ゞ"), u8"!?", sizeof(u8"!?")); + return true; + } + bool F0100D9500A0F6000(void *data, size_t *len, HookParam *hp) + { + StringReplacer((char *)data, len, u8"㊤", sizeof(u8"㊤"), u8"―", sizeof(u8"―")); + StringReplacer((char *)data, len, u8"㊥", sizeof(u8"㊥"), u8"―", sizeof(u8"―")); + StringReplacer((char *)data, len, u8"^㌻", sizeof(u8"^㌻"), u8" ", sizeof(u8" ")); // \n + return true; + } + + bool F0100DA201E0DA000(void *data, size_t *len, HookParam *hp) + { + auto s = std::wstring((wchar_t *)data, *len / 2); + s = std::regex_replace(s, std::wregex(L"[\\s]"), L""); + return write_string_overwrite(data, len, s); + } + bool F01002C0008E52000(void *data, size_t *len, HookParam *hp) + { + auto s = std::string((char *)data, *len); + s = std::regex_replace(s, std::regex("(YUR)"), u8"ユーリ"); + s = std::regex_replace(s, std::regex("(FRE)"), u8"フレン"); + s = std::regex_replace(s, std::regex("(RAP)"), u8"ラピード"); + s = std::regex_replace(s, std::regex("(EST|ESU)"), u8"エステル"); + s = std::regex_replace(s, std::regex("(KAR)"), u8"カロル"); + s = std::regex_replace(s, std::regex("(RIT)"), u8"リタ"); + s = std::regex_replace(s, std::regex("(RAV|REI)"), u8"レイヴン"); + s = std::regex_replace(s, std::regex("(JUD)"), u8"ジュディス"); + s = std::regex_replace(s, std::regex("(PAT)"), u8"パティ"); + s = std::regex_replace(s, std::regex("(DUK|DYU)"), u8"デューク"); + s = std::regex_replace(s, std::regex("[A-Za-z0-9]"), ""); + s = std::regex_replace(s, std::regex("[,(-)_]"), ""); + s = std::regex_replace(s, std::regex("^\\s+"), ""); + while (std::regex_search(s, std::regex("^\\s*$"))) + { + s = std::regex_replace(s, std::regex("^\\s*$"), ""); + } + return write_string_overwrite(data, len, s); + } + + bool F01005940182EC000(void *data, size_t *len, HookParam *hp) + { + auto s = std::wstring((wchar_t *)data, *len / 2); + std::wregex whitespaceRegex(L"\\s"); + s = std::regex_replace(s, whitespaceRegex, L""); + std::wregex colorRegex(L"(.*?)<\\/color>"); + s = std::regex_replace(s, colorRegex, L"$1"); + return write_string_overwrite(data, len, s); + } + bool F0100B0601852A000(void *data, size_t *len, HookParam *hp) + { + auto s = std::wstring((wchar_t *)data, *len / 2); + static std::wstring last; + if (last == s) + return false; + last = s; + return true; + } + bool F010027100C79A000(void *data, size_t *len, HookParam *hp) + { + auto s = std::string((char *)data, *len); + static std::string last; + if (last == s) + return false; + last = s; + return true; + } + bool F0100B0C016164000(void *data, size_t *len, HookParam *hp) + { + auto s = std::wstring((wchar_t *)data, *len / 2); + std::wregex htmlTagsPattern(L"<[^>]*>"); + std::wregex lettersAndNumbersPattern(L"[A-Za-z0-9]"); + s = std::regex_replace(s, htmlTagsPattern, L""); + s = std::regex_replace(s, lettersAndNumbersPattern, L""); + static std::wstring last; + if (last == s) + return false; + last = s; + return write_string_overwrite(data, len, s); + } + + bool F010043B013C5C000(void *data, size_t *len, HookParam *hp) + { + auto s = std::wstring((wchar_t *)data, *len / 2); + std::wregex htmlTagsPattern(L"<[^>]*>"); + s = std::regex_replace(s, htmlTagsPattern, L""); + static std::wstring last; + if (last == s) + return false; + last = s; + return write_string_overwrite(data, len, s); + } + bool F010055D009F78000(void *data, size_t *len, HookParam *hp) + { + auto s = std::string((char *)data, *len); + std::regex pattern3("\\d+"); + s = std::regex_replace(s, pattern3, ""); + static std::string last; + if (last == s) + return false; + last = s; + return write_string_overwrite(data, len, s); + } + + bool F010080C01AA22000(void *data, size_t *len, HookParam *hp) + { + auto s = std::string((char *)data, *len); + std::regex furiganaRegex("#\\d+R.*?#"); + s = std::regex_replace(s, furiganaRegex, ""); + std::regex lettersNumbersRegex("[A-Za-z0-9]"); + s = std::regex_replace(s, lettersNumbersRegex, ""); + std::regex symbolsRegex(u8"[().%,_!#©&:?/]"); + s = std::regex_replace(s, symbolsRegex, ""); + return write_string_overwrite(data, len, s); + } + bool F0100CB700D438000(void *data, size_t *len, HookParam *hp) + { + auto s = std::string((char *)data, *len); + std::regex furiganaRegex("(.*?)<\\/RB>(.*?)<\\/RT><\\/RUBY>"); + s = std::regex_replace(s, furiganaRegex, "$1"); + std::regex htmlTagRegex("<[^>]*>"); + s = std::regex_replace(s, htmlTagRegex, ""); + static std::string last; + if (last == s) + return false; + last = s; + return write_string_overwrite(data, len, s); + } + bool F01005C301AC5E000(void *data, size_t *len, HookParam *hp) + { + auto s = std::string((char *)data, *len); + s = std::regex_replace(s, std::regex(".*_.*_.*"), ""); // SIR_C01_016,ERU_C00_000 + s = std::regex_replace(s, std::regex("\\.mp4"), ""); + s = std::regex_replace(s, std::regex("@v"), ""); + s = std::regex_replace(s, std::regex("@n"), "\n"); + return write_string_overwrite(data, len, s); + } + bool F0100815019488000_text(void *data, size_t *len, HookParam *hp) + { + //@n@vaoi_s01_0110「うんうん、そうかも!」 + auto s = std::string((char *)data, *len); + s = std::regex_replace(s, std::regex("@.*_.*_\\d+"), ""); + s = std::regex_replace(s, std::regex("@n"), ""); + return write_string_overwrite(data, len, s); + } + bool F0100815019488000_name(void *data, size_t *len, HookParam *hp) + { + // あおい@n@vaoi_s01_0110「うんうん、そうかも!」 + auto s = std::string((char *)data, *len); + if (s.find("@n") == s.npos) + return false; + s = std::regex_replace(s, std::regex("(.*)@n.*"), "$1"); + return write_string_overwrite(data, len, s); + } + bool F010072000BD32000(void *data, size_t *len, HookParam *hp) + { + auto s = std::string((char *)data, *len); + std::regex lineBreakRegex("\\[~\\]"); + s = std::regex_replace(s, lineBreakRegex, "\n"); + std::regex romRegex("rom:[\\s\\S]*$"); + s = std::regex_replace(s, romRegex, ""); + std::regex furiganaRegex("\\[[\\w\\d]*\\[[\\w\\d]*\\].*?\\[\\/\\[\\w\\d]*\\]\\]"); + s = std::regex_replace(s, furiganaRegex, ""); + std::regex bracketsRegex("\\[.*?\\]"); + s = std::regex_replace(s, bracketsRegex, ""); + static std::string last; + if (last == s) + return false; + last = s; + return write_string_overwrite(data, len, s); + } + bool F01009B50139A8000(void *data, size_t *len, HookParam *hp) + { + auto s = std::wstring((wchar_t *)data, *len / 2); + std::wregex htmlTagRegex(L"<[^>]*>"); + s = std::regex_replace(s, htmlTagRegex, L""); + std::wregex hoursRegex(L"\\b\\d{2}:\\d{2}\\b"); + s = std::regex_replace(s, hoursRegex, L""); + + auto _ = L"^(?:スキップ|むしる|取り出す|話す|選ぶ|ならびかえ|閉じる|やめる|undefined|決定|ボロのクワ|拾う)$(\\r?\\n|\\r)?"; + while (std::regex_search(s, std::wregex(_))) + { + s = std::regex_replace(s, std::wregex(_), L""); + } + while (std::regex_search(s, std::wregex(L"^\\s*$"))) + { + s = std::regex_replace(s, std::wregex(L"^\\s*$"), L""); + } + static std::wstring last; + if (last == s) + return false; + last = s; + return write_string_overwrite(data, len, s); + } + bool F010032300C562000(void *data, size_t *len, HookParam *hp) + { + auto s = std::string((char *)data, *len); + static std::string last; + s = std::regex_replace(s, std::regex(R"((#Ruby\[)([^,]+),(#\w+\[.\])?(.+?]))"), "$2"); + s = std::regex_replace(s, std::regex(R"(#\w+(\[.+?\])?)"), ""); + s = std::regex_replace(s, std::regex(u8" "), ""); + if (last == s) + return false; + last = s; + return write_string_overwrite(data, len, s); + } + bool F010088B01A8FC000(void *data, size_t *len, HookParam *hp) + { + auto s = std::string((char *)data, *len); + static std::string last; + s = std::regex_replace(s, std::regex(R"(#\w+(\[.+?\])?)"), ""); + s = std::regex_replace(s, std::regex(u8" "), ""); + if (last == s) + return false; + last = s; + return write_string_overwrite(data, len, s); + } + bool FF010061300DF48000_2(void *data, size_t *len, HookParam *hp) + { + auto s = std::string((char *)data, *len); + static std::string last; + if (last == s) + return false; + last = s; + return true; + } + bool F0100DEF01D0C6000_2(void *data, size_t *len, HookParam *hp) + { + auto s = std::wstring((wchar_t *)data, *len / 2); + static std::wstring last; + if (last == s) + return false; + last = s; + if (T0100DEF01D0C6000_dict.find(s) == T0100DEF01D0C6000_dict.end()) + return false; + s += L'\n' + T0100DEF01D0C6000_dict[s]; + return write_string_overwrite(data, len, s); + } + bool F0100CEF0152DE000(void *data, size_t *len, HookParam *hp) + { + auto s = std::string((char *)data, *len); + s = std::regex_replace(s, std::regex(u8" "), ""); + s = std::regex_replace(s, std::regex(R"(#n)"), ""); + s = std::regex_replace(s, std::regex(R"(#\w.+?])"), ""); + return write_string_overwrite(data, len, s); + } + bool F010061300DF48000(void *data, size_t *len, HookParam *hp) + { + auto s = std::string((char *)data, *len); + s = std::regex_replace(s, std::regex(R"(%\w+)"), ""); + s = std::regex_replace(s, std::regex(u8" "), ""); + return write_string_overwrite(data, len, s); + } + bool F0100E4000F616000(void *data, size_t *len, HookParam *hp) + { + auto s = std::string((char *)data, *len); + auto ws = StringToWideString(s, 932).value(); + ws = std::regex_replace(ws, std::wregex(LR"(\\\w)"), L""); + s = WideStringToString(ws, 932); + return write_string_overwrite(data, len, s); + } + bool F01005A401D766000(void *data, size_t *len, HookParam *hp) + { + auto s = std::string((char *)data, *len); + s = std::regex_replace(s, std::regex(R"(\\n)"), ""); + s = std::regex_replace(s, std::regex(R"(\|(.*?)\|(.*?)\|)"), "$1"); + return write_string_overwrite(data, len, s); + } + bool F01005A401D766000_2(void *data, size_t *len, HookParam *hp) + { + auto s = std::string((char *)data, *len); + s = std::regex_replace(s, std::regex(R"((#Ruby\[)([^,]+).([^\]]+).)"), "$2"); + s = std::regex_replace(s, std::regex(R"((\\n)+)"), ""); + s = std::regex_replace(s, std::regex(R"((#[A-Za-z]+\[(\d*[.])?\d+\])+)"), ""); + s = std::regex_replace(s, std::regex(R"(((.*)<\/color>)"), "$1"); + return write_string_overwrite(data, len, s); + } + bool F010027300A660000(void *data, size_t *len, HookParam *hp) + { + auto s = std::string((char *)data, *len); + s = std::regex_replace(s, std::regex(u8R"(#n( )*)"), ""); + return write_string_overwrite(data, len, s); + } + bool F0100FA10185B0000(void *data, size_t *len, HookParam *hp) + { + auto s = std::string((char *)data, *len); + s = std::regex_replace(s, std::regex(R"(#.+?])"), ""); + return write_string_overwrite(data, len, s); + } + bool F010095E01581C000(void *data, size_t *len, HookParam *hp) + { + auto s = std::string((char *)data, *len); + s = std::regex_replace(s, std::regex(R"(\n)"), ""); + s = std::regex_replace(s, std::regex(R"(\\\w+)"), ""); + return write_string_overwrite(data, len, s); + } + bool F0100943010310000(void *data, size_t *len, HookParam *hp) + { + auto s = std::string((char *)data, *len); + strReplace(s, u8"❞", "\""); + strReplace(s, u8"❝", "\""); + s = std::regex_replace(s, std::regex("@(.*?)@"), "$1\n"); + return write_string_overwrite(data, len, s); + } + template + bool F010027401A2A2000(void *data, size_t *len, HookParam *hp) + { + auto s = std::wstring((wchar_t *)data, *len / 2); + std::wregex dicRegex(L"\\[dic.*?text="); + s = std::regex_replace(s, dicRegex, L""); + std::wregex rubyRegex(L"\\[|'.*?\\]"); + s = std::regex_replace(s, rubyRegex, L""); + std::wregex closingBraceRegex(L"\\]"); + s = std::regex_replace(s, closingBraceRegex, L""); + if (choice) + { + std::wregex whitespaceRegex(LR"([^\S\n]| )"); + s = std::regex_replace(s, whitespaceRegex, L""); + } + else + { + std::wregex whitespaceRegex(L"\\s| "); + s = std::regex_replace(s, whitespaceRegex, L""); + } + return write_string_overwrite(data, len, s); + } + bool F010027401A2A2000_2(void *data, size_t *len, HookParam *hp) + { + auto s = std::wstring((wchar_t *)data, *len / 2); + static std::wstring last; + auto x = endWith(last, s); + last = s; + if (x) + return false; + return F010027401A2A2000(data, len, hp); + } + + bool F0100BD4014D8C000(void *data, size_t *len, HookParam *hp) + { + auto s = std::wstring((wchar_t *)data, *len / 2); + s = std::regex_replace(s, std::wregex(L"<[^>]*>"), L""); + s = std::regex_replace(s, std::wregex(L".*?_"), L""); + static std::wstring last; + if (last == s) + return false; + last = s; + return write_string_overwrite(data, len, s); + } + bool F01007FD00DB20000(void *data, size_t *len, HookParam *hp) + { + auto s = utf32_to_utf16((uint32_t *)data, *len / 4); + s = std::regex_replace(s, std::wregex(LR"(\n+)"), L" "); + s = std::regex_replace(s, std::wregex(LR"(\#T1[^#]+)"), L""); + s = std::regex_replace(s, std::wregex(LR"(\#T\d)"), L""); + if (s == L"  ") + return false; + auto u32 = utf16_to_utf32(s.c_str(), s.size()); + return write_string_overwrite(data, len, u32); + } + bool F010021D01474E000(void *data, size_t *len, HookParam *hp) + { + auto s = utf32_to_utf16((uint32_t *)data, *len / 4); + s = std::regex_replace(s, std::wregex(LR"(#\w\(.+?\)|#\w{2})"), L""); + s = std::regex_replace(s, std::wregex(LR"(\n)"), L""); + s = std::regex_replace(s, std::wregex(LR"(\u3000)"), L""); + static std::wstring last; + if (last == s) + return false; + last = s; + auto u32 = utf16_to_utf32(s.c_str(), s.size()); + return write_string_overwrite(data, len, u32); + } + bool F010021D01474E000_2(void *data, size_t *len, HookParam *hp) + { + auto s = utf32_to_utf16((uint32_t *)data, *len / 4); + s = std::regex_replace(s, std::wregex(LR"(\u3000)"), L""); + s = std::regex_replace(s, std::wregex(LR"(#\w.+?\)|#\w+)"), L""); + static std::wstring last; + if (last == s) + return false; + last = s; + auto u32 = utf16_to_utf32(s.c_str(), s.size()); + return write_string_overwrite(data, len, u32); + } + bool F01002C00177AE000(void *data, size_t *len, HookParam *hp) + { + auto s = utf32_to_utf16((uint32_t *)data, *len / 4); + s = std::regex_replace(s, std::wregex(LR"(\u3000)"), L""); + s = std::regex_replace(s, std::wregex(LR"(\n)"), L""); + static std::wstring last; + if (last == s) + return false; + last = s; + auto u32 = utf16_to_utf32(s.c_str(), s.size()); + return write_string_overwrite(data, len, u32); + } + bool F0100EA100DF92000(void *data, size_t *len, HookParam *hp) + { + auto s = std::string((char *)data, *len); + static std::string last; + if (last.find(s) != last.npos) + return false; + last = s; + s = std::regex_replace(s, std::regex(R"([~^$(,)R])"), ""); + s = std::regex_replace(s, std::regex(R"(\\n)"), ""); + return write_string_overwrite(data, len, s); + } + template + bool F010079200C26E000(void *data, size_t *len, HookParam *hp) + { + auto s = std::string((char *)data, *len); + s = std::regex_replace(s, std::regex(R"(#n)"), ""); + static std::string last; + if (last == s) + return false; + last = s; + return write_string_overwrite(data, len, s); + } + bool F010037500DF38000(void *data, size_t *len, HookParam *hp) + { + auto s = std::wstring((wchar_t *)data, *len / 2); + s = std::regex_replace(s, std::wregex(LR"(\n)"), L""); + static std::wstring last; + if (last == s) + return false; + last = s; + return write_string_overwrite(data, len, s); + } + bool F0100C7400CFB4000(void *data, size_t *len, HookParam *hp) + { + auto s = std::wstring((wchar_t *)data, *len / 2); + s = std::regex_replace(s, std::wregex(L"\\d"), L""); + s = std::regex_replace(s, std::wregex(L"<[^>]*>"), L""); + while (std::regex_search(s, std::wregex(L"^\\s*$"))) + { + s = std::regex_replace(s, std::wregex(L"^\\s*$"), L""); + } + static std::wstring last; + if (last == s) + return false; + last = s; + return write_string_overwrite(data, len, s); + } + bool F0100CB9018F5A000(void *data, size_t *len, HookParam *hp) + { + auto s = std::wstring((wchar_t *)data, *len / 2); + s = std::regex_replace(s, std::wregex(L"<[^>]*>"), L""); + s = std::regex_replace(s, std::wregex(L"\\{([^{}]+):[^{}]+\\}"), L"$1"); + return write_string_overwrite(data, len, s); + } + + bool F010028D0148E6000(void *data, size_t *len, HookParam *hp) + { + auto s = std::string((char *)data, *len); + s = std::regex_replace(s, std::regex("{|\\/.*?}|\\[.*?]", std::regex_constants::grep), ""); + s = std::regex_replace(s, std::regex("(\\\\\\\\c|\\\\\\\\n)+"), " "); + s = std::regex_replace(s, std::regex(",.*$"), " "); + return write_string_overwrite(data, len, s); + } + + bool F0100F4401940A000(void *data, size_t *len, HookParam *hp) + { + auto s = std::wstring((wchar_t *)data, *len / 2); + s = std::regex_replace(s, std::wregex(L"[\\r\\n]+"), L""); + s = std::regex_replace(s, std::wregex(L"<[^>]+>|\\[\\[[^]]+\\]\\]"), L""); + return write_string_overwrite(data, len, s); + } + + bool F0100B5500CA0C000(void *data, size_t *len, HookParam *hp) + { + auto s = std::string((char *)data, *len); + // std::regex pattern1("\\\\u0000+$"); + std::regex pattern2("\\\\"); + std::regex pattern3("\\$"); + // s = std::regex_replace(s, pattern1, ""); + s = std::regex_replace(s, pattern2, ""); + s = std::regex_replace(s, pattern3, ""); + return write_string_overwrite(data, len, s); + } + void T0100B5500CA0C000(hook_stack *stack, HookParam *hp, TextBuffer *buffer, uintptr_t *split) + { + auto address = YUZU::emu_arg(stack, hp->emu_addr)[6]; + buffer->from(address, *(WORD *)(address - 2)); + } + bool F0100A8401A0A8000(void *data, size_t *len, HookParam *hp) + { + auto s = std::wstring((wchar_t *)data, *len / 2); + std::wregex samePageNewLineRegex(L"[\r\n]+"); + s = std::regex_replace(s, samePageNewLineRegex, L""); + std::wregex newPageTextRegex(L"(<.+?>)+"); + s = std::regex_replace(s, newPageTextRegex, L"\r\n"); + strReplace(s, L"", L"(L)"); + strReplace(s, L"", L"(ZL)"); + strReplace(s, L"", L"(Y)"); + strReplace(s, L"", L"(X)"); + strReplace(s, L"", L"(A)"); + strReplace(s, L"", L"(B)"); + strReplace(s, L"", L"(+)"); + strReplace(s, L"", L"(-)"); + strReplace(s, L"", L"(DPAD_DOWN)"); + strReplace(s, L"", L"(DPAD_LEFT)"); + strReplace(s, L"", L"(LSTICK)"); + strReplace(s, L"", L"(L3)"); + return write_string_overwrite(data, len, s); + } + bool F0100BC0018138000(void *data, size_t *len, HookParam *hp) + { + auto s = std::wstring((wchar_t *)data, *len / 2); + std::wregex tagContentRegex(L"<[^>]*>([^<]*)<\\/[^>]*>"); + s = std::regex_replace(s, tagContentRegex, L""); + s = std::regex_replace(s, std::wregex(L""), L"L"); + s = std::regex_replace(s, std::wregex(L""), L"R"); + s = std::regex_replace(s, std::wregex(L""), L"A"); + s = std::regex_replace(s, std::wregex(L""), L"B"); + s = std::regex_replace(s, std::wregex(L""), L"X"); + s = std::regex_replace(s, std::wregex(L""), L"Y"); + s = std::regex_replace(s, std::wregex(L""), L"+"); + s = std::regex_replace(s, std::wregex(L""), L"-"); + s = std::regex_replace(s, std::wregex(L"<[^>]+>"), L""); + return write_string_overwrite(data, len, s); + } + bool F0100D7800E9E0000(void *data, size_t *len, HookParam *hp) + { + auto s = std::wstring((wchar_t *)data, *len / 2); + s = std::regex_replace(s, std::wregex(L"[A-Za-z0-9]"), L""); + s = std::regex_replace(s, std::wregex(L"<[^>]*>"), L""); + s = std::regex_replace(s, std::wregex(L"^二十五字二.*(\r?\n|\r)?"), L""); + s = std::regex_replace(s, std::wregex(L"^操作を割り当てる.*(\r?\n|\r)?"), L""); + s = std::regex_replace(s, std::wregex(L"^上記アイコンが出.*(\r?\n|\r)?"), L""); + s = std::regex_replace(s, std::wregex(L"[()~^,ö.!]"), L""); + static std::wstring last; + if (last == s) + return false; + last = s; + return write_string_overwrite(data, len, s); + } + void TF0100AA1013B96000(hook_stack *stack, HookParam *hp, TextBuffer *buffer, uintptr_t *split) + { + auto ptr = (char *)(YUZU::emu_arg(stack, hp->emu_addr)[0] + 0xb); + std::string collect; + while (*ptr || *(ptr - 1)) + ptr--; + while (!(*ptr && *(ptr + 1))) + ptr++; + do + { + if (!(*ptr)) + { + ptr++; + } + else + { + collect += std::string(ptr); + ptr += strlen(ptr); + } + } while (*ptr || *(ptr + 1)); + strReplace(collect, "\x87\x85", "\x81\x5c"); + strReplace(collect, "\x87\x86", "\x81\x5c"); + strReplace(collect, "\x87\x87", "\x81\x5c"); + strReplace(collect, "\n", ""); + strReplace(collect, "\x81\x40", ""); + buffer->from(collect); + } + template + void T0100CF400F7CE000(hook_stack *stack, HookParam *hp, TextBuffer *buffer, uintptr_t *split) + { + auto address = YUZU::emu_arg(stack)[idx]; + std::string s; + int i = 0; + while (1) + { + auto c = *(BYTE *)(address + i); + if (c == 0) + break; + if (c < 0x20 && c > 0x10) + { + auto command = *(BYTE *)(address + i + 1); + if (command == 0x80) + i += 3; + else if (command == 0xb8) + i += 4; + else + { + auto sz = *(BYTE *)(address + i + 2); + i += 3 + sz; + } + } + else if (c == 0xaa) + { + i += 1; + } + else if (c == 0xff) + { + i += 0x30; + } + else + { + auto l = 1 + IsDBCSLeadByteEx(932, c); + s += std::string((char *)(address + i), l); + i += l; + } + } + buffer->from(s); + } + void T0100DB300B996000(hook_stack *stack, HookParam *hp, TextBuffer *buffer, uintptr_t *split) + { + auto address = YUZU::emu_arg(stack)[8] + 1; + std::string s; + int i = 0; + while (1) + { + auto c = *(BYTE *)(address + i); + if (c == 0) + break; + if (c < 0x20 && c > 0x10) + { + auto sz = *(BYTE *)(address + i + 2); + i += 3 + sz; + } + else + { + auto l = 1 + IsDBCSLeadByteEx(932, c); + s += std::string((char *)(address + i), l); + i += l; + } + } + buffer->from(s); + } + bool F0100CBA014014000(void *data, size_t *len, HookParam *hp) + { + auto s = std::string((char *)data, *len); + s = std::regex_replace(s, std::regex(u8"《.*?》"), ""); + s = std::regex_replace(s, std::regex("<[^>]*>"), ""); + return write_string_overwrite(data, len, s); + } + template + bool F0100CC401A16C000(void *data, size_t *len, HookParam *hp) + { + auto s = std::string((char *)data, *len); + s = std::regex_replace(s, std::regex("<[^>]*>"), ""); + s = std::regex_replace(s, std::regex("\\d+"), ""); + if (s == "") + return false; + static std::string last; + if (last == s) + return false; + last = s; + return write_string_overwrite(data, len, s); + } + bool F0100BDD01AAE4000(void *data, size_t *len, HookParam *hp) + { + auto s = std::string((char *)data, *len); + s = std::regex_replace(s, std::regex("(#Ruby\\[)([^,]+).([^\\]]+)."), "$2"); + s = std::regex_replace(s, std::regex("(#n)+"), " "); + s = std::regex_replace(s, std::regex("(#[A-Za-z]+[(\\d*[.])?\\d+])+"), ""); + return write_string_overwrite(data, len, s); + } + bool F0100C310110B4000(void *data, size_t *len, HookParam *hp) + { + auto s = std::string((char *)data, *len); + s = std::regex_replace(s, std::regex("(#Ruby\\[)([^,]+).([^\\]]+)."), "$2"); + s = std::regex_replace(s, std::regex("#Color\\[[\\d]+\\]"), ""); + s = std::regex_replace(s, std::regex(u8"( #n)+"), "#n"); + s = std::regex_replace(s, std::regex("#n+"), " "); + return write_string_overwrite(data, len, s); + } + bool F010003F003A34000(void *data, size_t *len, HookParam *hp) + { + auto s = std::wstring((wchar_t *)data, *len / 2); + s = std::regex_replace(s, std::wregex(L"[\\s\\S]*$"), L""); + s = std::regex_replace(s, std::wregex(L"\n+"), L" "); + s = std::regex_replace(s, std::wregex(L"\\s"), L""); + s = std::regex_replace(s, std::wregex(L"[＀븅]"), L""); + return write_string_overwrite(data, len, s); + } + + bool F01007B601C608000(void *data, size_t *len, HookParam *hp) + { + auto s = std::wstring((wchar_t *)data, *len / 2); + s = std::regex_replace(s, std::wregex(L"<[^>]*>"), L""); + s = std::regex_replace(s, std::wregex(L"\\[.*?\\]"), L""); + std::vector lines = strSplit(s, L"\n"); + std::wstring result; + for (const std::wstring &line : lines) + { + if (result.empty() == false) + result += L"\n"; + std::wregex commandRegex(L"^(?:メニュー|システム|Ver\\.)$(\\r?\\n|\\r)?"); + s = std::regex_replace(s, commandRegex, L""); + std::wregex emptyLineRegex(L"^\\s*$"); + s = std::regex_replace(s, emptyLineRegex, L""); + } + static std::wstring last; + if (last == s) + return false; + last = s; + return write_string_overwrite(data, len, s); + } + + bool F010046601125A000(void *data, size_t *len, HookParam *hp) + { + auto s = utf32_to_utf16((uint32_t *)data, *len / 4); + s = std::regex_replace(s, std::wregex(L"(.+?).+?"), L"$1"); + s = std::regex_replace(s, std::wregex(L"\n+"), L" "); + auto u32 = utf16_to_utf32(s.c_str(), s.size()); + return write_string_overwrite(data, len, u32); + } + bool F0100771013FA8000(void *data, size_t *len, HookParam *hp) + { + auto s = std::wstring((wchar_t *)data, *len / 2); + s = std::regex_replace(s, std::wregex(L"
"), L"\n"); + s = std::regex_replace(s, std::wregex(L"^(\\s+)"), L""); + return write_string_overwrite(data, len, s); + } + bool F0100556015CCC000(void *data, size_t *len, HookParam *hp) + { + auto s = std::string((char *)data, *len); + std::regex rubiRegex("\\[[^\\]]+."); + s = std::regex_replace(s, rubiRegex, ""); + s = std::regex_replace(s, std::regex("\\\\k|\\\\x|%C|%B|%p-1;"), ""); + std::regex colorRegex("#[0-9a-fA-F]+;([^%#]+)(%r)?"); + s = std::regex_replace(s, colorRegex, "$1"); + static std::set dump; + if (dump.find(s) != dump.end()) + return false; + dump.insert(s); + return write_string_overwrite(data, len, s); + } + template + bool F0100CC80140F8000(void *data, size_t *len, HookParam *hp) + { + auto s = std::wstring((wchar_t *)data, *len / 2); + s = std::regex_replace(s, std::wregex(L"^(?:スキップ|メニュー|バックログ|ズームイン|ズームアウト|ガイド OFF|早送り|オート|人物情報|ユニット表示切替|カメラリセット|ガイド表示切替|ページ切替|閉じる|コマンド選択|詳細|シミュレーション|移動)$([\\r?\\n|\\r])?"), L""); + + s = std::regex_replace(s, std::wregex(L"[A-Za-z0-9]"), L""); + s = std::regex_replace(s, std::wregex(L"[().%,_!#©&:?/]"), L""); + while (std::regex_search(s, std::wregex(L"^\\s*$"))) + { + s = std::regex_replace(s, std::wregex(L"^\\s*$"), L""); + } + static std::wstring last; + if (last == s) + return false; + last = s; + return write_string_overwrite(data, len, s); + } + + bool F0100D9A01BD86000(void *data, size_t *len, HookParam *hp) + { + auto s = std::wstring((wchar_t *)data, *len / 2); + s = std::regex_replace(s, std::wregex(L"[\\s]"), L""); + s = std::regex_replace(s, std::wregex(L"\\\\n"), L""); + return write_string_overwrite(data, len, s); + } + bool F010042300C4F6000(void *data, size_t *len, HookParam *hp) + { + auto s = std::wstring((wchar_t *)data, *len / 2); + s = std::regex_replace(s, std::wregex(L"[\\s]"), L""); + s = std::regex_replace(s, std::wregex(L"(.+?/)"), L""); + s = std::regex_replace(s, std::wregex(L"(\" .*)"), L""); + s = std::regex_replace(s, std::wregex(L"^(.+?\")"), L""); + return write_string_overwrite(data, len, s); + } + bool F010044800D2EC000(void *data, size_t *len, HookParam *hp) + { + auto s = std::wstring((wchar_t *)data, *len / 2); + s = std::regex_replace(s, std::wregex(L"\\n+"), L" "); + s = std::regex_replace(s, std::wregex(L"\\"), L"???"); + s = std::regex_replace(s, std::wregex(L"<.+?>"), L""); + return write_string_overwrite(data, len, s); + } + template + bool F010021300F69E000(void *data, size_t *len, HookParam *hp) + { + auto s = std::wstring((wchar_t *)data, *len / 2); + s = std::regex_replace(s, std::wregex(L"\\$[a-z]"), L""); + s = std::regex_replace(s, std::wregex(L"@"), L""); + static std::wstring last; + if (last == s) + return false; + last = s; + return write_string_overwrite(data, len, s); + } + bool F010050000705E000(void *data, size_t *len, HookParam *hp) + { + auto s = std::string((char *)data, *len); + s = std::regex_replace(s, std::regex("\\s"), ""); + s = std::regex_replace(s, std::regex("
"), "\n"); + s = std::regex_replace(s, std::regex("<([^:>]+):[^>]+>"), "$1"); + s = std::regex_replace(s, std::regex("<[^>]+>"), ""); + return write_string_overwrite(data, len, s); + } + bool F01001B900C0E2000(void *data, size_t *len, HookParam *hp) + { + auto s = std::string((char *)data, *len); + std::regex whitespaceRegex("\\s"); + s = std::regex_replace(s, whitespaceRegex, ""); + std::regex hashRegex("#[A-Za-z]+(\\[(\\d*\\.)?\\d+\\])+"); + s = std::regex_replace(s, hashRegex, ""); + std::regex hashLetterRegex("#[a-z]"); + s = std::regex_replace(s, hashLetterRegex, ""); + std::regex lowercaseRegex("[a-z]"); + s = std::regex_replace(s, lowercaseRegex, ""); + return write_string_overwrite(data, len, s); + } + + bool F0100217014266000(void *data, size_t *len, HookParam *hp) + { + auto s = std::wstring((wchar_t *)data, *len / 2); + std::wregex htmlTagRegex(L"<[^>]*>"); + s = std::regex_replace(s, htmlTagRegex, L""); + std::wregex furiganaRegex(L"{([^{}]+):[^{}]+}"); + s = std::regex_replace(s, furiganaRegex, L"$1"); + while (std::regex_search(s, std::wregex(L"^\\s+"))) + { + s = std::regex_replace(s, std::wregex(L"^\\s+"), L""); + } + return write_string_overwrite(data, len, s); + } + bool F010007500F27C000(void *data, size_t *len, HookParam *hp) + { + auto s = std::wstring((wchar_t *)data, *len / 2); + std::wregex htmlTagRegex(L"<[^>]*>"); + s = std::regex_replace(s, htmlTagRegex, L""); + auto _ = L"^(?:決定|進む|ページ移動|ノート全体図|閉じる|もどる|セーブ中)$(\\r?\\n|\\r)?"; + while (std::regex_search(s, std::wregex(_))) + { + s = std::regex_replace(s, std::wregex(_), L""); + } + while (std::regex_search(s, std::wregex(L"^\\s*$"))) + { + s = std::regex_replace(s, std::wregex(L"^\\s*$"), L""); + } + static std::wstring last; + if (last == s) + return false; + last = s; + return write_string_overwrite(data, len, s); + } + bool F0100874017BE2000(void *data, size_t *len, HookParam *hp) + { + auto s = std::wstring((wchar_t *)data, *len / 2); + s = std::regex_replace(s, std::wregex(L"\\n+|(\\\\n)+"), L" "); + s = std::regex_replace(s, std::wregex(L"#n"), L""); + return write_string_overwrite(data, len, s); + } + bool F010094601D910000(void *data, size_t *len, HookParam *hp) + { + auto s = std::wstring((wchar_t *)data, *len / 2); + s = std::regex_replace(s, std::wregex(L"\\<.*?\\>"), L""); + s = std::regex_replace(s, std::wregex(L"\\[.*?\\]"), L""); + s = std::regex_replace(s, std::wregex(L"\\s"), L""); + return write_string_overwrite(data, len, s); + } + bool F010079201BD88000(void *data, size_t *len, HookParam *hp) + { + auto s = std::wstring((wchar_t *)data, *len / 2); + s = std::regex_replace(s, std::wregex(L"[\\s]"), L""); + s = std::regex_replace(s, std::wregex(L"\\\\n"), L""); + return write_string_overwrite(data, len, s); + } + bool F010086C00AF7C000(void *data, size_t *len, HookParam *hp) + { + auto s = std::string((char *)data, *len); + s = std::regex_replace(s, std::regex("\\[([^\\]]+)\\/[^\\]]+\\]"), "$1"); + s = std::regex_replace(s, std::regex("\\s+"), " "); + s = std::regex_replace(s, std::regex("\\\\n"), " "); + s = std::regex_replace(s, std::regex("<[^>]+>|\\[[^\\]]+\\]"), ""); + return write_string_overwrite(data, len, s); + } + bool F010079C017B98000(void *data, size_t *len, HookParam *hp) + { + auto s = utf32_to_utf16((uint32_t *)data, *len / 4); + s = std::regex_replace(s, std::wregex(L"[\\s]"), L""); + s = std::regex_replace(s, std::wregex(L"#KW"), L""); + s = std::regex_replace(s, std::wregex(L"#C\\(TR,0xff0000ff\\)"), L""); + s = std::regex_replace(s, std::wregex(L"【SW】"), L""); + s = std::regex_replace(s, std::wregex(L"【SP】"), L""); + s = std::regex_replace(s, std::wregex(L"#P\\(.*\\)"), L""); + auto u32 = utf16_to_utf32(s.c_str(), s.size()); + return write_string_overwrite(data, len, u32); + } + bool F010061A01C1CE000(void *data, size_t *len, HookParam *hp) + { + auto s = std::wstring((wchar_t *)data, *len / 2); + s = std::regex_replace(s, std::wregex(L"[\\s]"), L""); + s = std::regex_replace(s, std::wregex(L"sound"), L" "); + return write_string_overwrite(data, len, s); + } + bool F0100F7401AA74000(void *data, size_t *len, HookParam *hp) + { + auto s = std::string((char *)data, *len); + s = std::regex_replace(s, std::regex("[\\s]"), ""); + s = std::regex_replace(s, std::regex("@[a-z]"), ""); + s = std::regex_replace(s, std::regex("@[0-9]"), ""); + return write_string_overwrite(data, len, s); + } + bool F010060301588A000(void *data, size_t *len, HookParam *hp) + { + auto s = std::string((char *)data, *len); + static lru_cache cache(4); + static std::string last; + if (cache.touch(s)) + return false; + if (startWith(s, last)) + { + write_string_overwrite(data, len, s.substr(last.size(), s.size() - last.size())); + } + last = s; + return true; + } + + bool F010005F00E036000_1(void *data, size_t *len, HookParam *hp) + { + static lru_cache cache(5); + static std::string last; + auto s = std::string((char *)data, *len); + + if (endWith(last, s)) + { + last = s; + return false; + } + if (cache.touch(s)) + { + last = s; + return false; + } + last = s; + return write_string_overwrite(data, len, s); + } + bool F010005F00E036000(void *data, size_t *len, HookParam *hp) + { + if (!F010005F00E036000_1(data, len, hp)) + return false; + static std::string last; + auto s = std::string((char *)data, *len); + + auto parse = [](std::string &s) + { + strReplace(s, u8"㊤", u8"―"); + strReplace(s, u8"㊥", u8"―"); + strReplace(s, u8"㊦", u8"―"); + return s; + }; + if (startWith(s, last)) + { + write_string_overwrite(data, len, parse(s.substr(last.size(), s.size() - last.size()))); + last = s; + return true; + } + last = s; + return write_string_overwrite(data, len, parse(s)); + } + bool F0100FC2019346000(void *data, size_t *len, HookParam *hp) + { + StringFilter((char *)data, len, "#n", 2); + auto s = std::string((char *)data, *len); + s = std::regex_replace(s, std::regex(R"((#[A-Za-z]+\[(\d*[.])?\d+\])+)"), ""); + return write_string_overwrite(data, len, s); + } + template + bool F0100E5200D1A2000(void *data, size_t *len, HookParam *hp) + { + auto s = std::string((char *)data, *len); + auto ws = StringToWideString(s, 932).value(); + ws = std::regex_replace(ws, std::wregex(LR"((\\n)+)"), L" "); + ws = std::regex_replace(ws, std::wregex(LR"(\\d$|^\@[a-z]+|#.*?#|\$)"), L""); + ws = std::regex_replace(ws, std::wregex(LR"(\u3000+)"), L""); + if (choice) + ws = std::regex_replace(ws, std::wregex(LR"(, ?\w+)"), L""); + s = WideStringToString(ws, 932); + return write_string_overwrite(data, len, s); + } + bool F010028D0148E6000_2(void *data, size_t *len, HookParam *hp) + { + StringFilter((char *)data, len, "@w", 2); + return true; + } + namespace + { +#pragma optimize("", off) + // 必须禁止优化这个函数,或者引用一下参数,否则参数被优化没了。 + void F01009E600FAF6000_collect(const char *_) {} +#pragma optimize("", on) + bool F01009E600FAF6000(void *data, size_t *len, HookParam *hpx) + { + auto s = std::string((char *)data, *len); + HookParam hp; + hp.address = (uintptr_t)F01009E600FAF6000_collect; + hp.offset = GETARG1; + hp.type = USING_STRING; + hp.filter_fun = [](void *data, size_t *size, HookParam *hp) + { + StringFilter((char *)data, size, "@1r", 3); + StringFilter((char *)data, size, "@-1r", 4); + return true; + }; + static auto _ = NewHook(hp, "01009E600FAF6000"); + static std::map mp; + // 这个address会被触发两次。 + if (mp.find(hpx->emu_addr) == mp.end()) + mp[hpx->emu_addr] = hpx->address; + if (mp[hpx->emu_addr] != hpx->address) + return false; + F01009E600FAF6000_collect(s.c_str()); + return false; + } + } + template + bool F0100EFE0159C6000(void *data, size_t *len, HookParam *hp) + { + auto s = std::string((char *)data, *len); + auto ws = StringToWideString(s, 932).value(); + ws = std::regex_replace(ws, std::wregex(LR"((\\n)+)"), L" "); + ws = std::regex_replace(ws, std::wregex(LR"(\\d$|^\@[a-z]+|#.*?#|\$)"), L""); + ws = std::regex_replace(ws, std::wregex(LR"(\u3000+)"), L""); + ws = std::regex_replace(ws, std::wregex(LR"(@w|\\c)"), L""); + if (choice) + ws = std::regex_replace(ws, std::wregex(LR"(, ?\w+)"), L""); + s = WideStringToString(ws, 932); + return write_string_overwrite(data, len, s); + } + + bool F0100FDB00AA80000(void *data, size_t *len, HookParam *hp) + { + auto s = std::string((char *)data, *len); + s = std::regex_replace(s, std::regex("\\[([^\\]]+)\\/[^\\]]+\\]"), "$1"); + s = std::regex_replace(s, std::regex("<[^>]*>"), ""); + return write_string_overwrite(data, len, s); + } + bool F0100FF500E34A000(void *data, size_t *len, HookParam *hp) + { + auto s = std::string((char *)data, *len); + s = std::regex_replace(s, std::regex("\\[.*?\\]"), ""); + s = std::regex_replace(s, std::regex("\\n+"), " "); + return write_string_overwrite(data, len, s); + } + bool F010076501DAEA000(void *data, size_t *len, HookParam *hp) + { + StringFilter((char *)data, len, "\\n", 2); + return true; + } + bool F01005E9016BDE000(void *data, size_t *len, HookParam *hp) + { + auto s = std::string((char *)data, *len); + std::regex patt("/\\/\\/ remove rubi\\n\\ss = s.replace\\(patt, ''\\);/"); + s = std::regex_replace(s, patt, ""); + s = std::regex_replace(s, std::regex("\\\\k|\\\\x|%C|%B|%p-1;"), ""); + s = std::regex_replace(s, std::regex("#[0-9a-fA-F]+;([^%#]+)(%r)?"), "$1"); + s = std::regex_replace(s, std::regex("\\\\n"), " "); + return write_string_overwrite(data, len, s); + } + + bool F010065301A2E0000(void *data, size_t *len, HookParam *hp) + { + auto s = std::wstring((wchar_t *)data, *len / 2); + s = std::regex_replace(s, std::wregex(L"\\d+"), L""); + s = std::regex_replace(s, std::wregex(L"<[^>]*>"), L""); + return write_string_overwrite(data, len, s); + } + bool F01002AE00F442000(void *data, size_t *len, HookParam *hp) + { + auto s = std::wstring((wchar_t *)data, *len / 2); + std::wregex pattern1(L"\\[([^\\]\\/]+)\\/[^\\]]+\\]"); + s = std::regex_replace(s, pattern1, L"$1"); + std::wregex pattern2(L"(\\S*)@"); + s = std::regex_replace(s, pattern2, L"$1"); + std::wregex pattern3(L"\\$"); + s = std::regex_replace(s, pattern3, L""); + return write_string_overwrite(data, len, s); + } + bool F01000A400AF2A000(void *data, size_t *len, HookParam *hp) + { + auto s = std::wstring((wchar_t *)data, *len / 2); + s = std::regex_replace(s, std::wregex(L"@[a-zA-Z]|%[a-zA-Z]+"), L""); + static std::wstring last; + if (last == s) + return false; + last = s; + return write_string_overwrite(data, len, s); + } + + bool F01006B5014E2E000(void *data, size_t *len, HookParam *hp) + { + auto s = std::string((char *)data, *len); + s = std::regex_replace(s, std::regex("@r(.*?)@(.*?)@"), "$1"); + s = std::regex_replace(s, std::regex("@n"), ""); + s = std::regex_replace(s, std::regex("@v"), ""); + s = std::regex_replace(s, std::regex("TKY[0-9]{6}_[A-Z][0-9]{2}"), ""); + return write_string_overwrite(data, len, s); + } + bool F0100CF400F7CE000(void *data, size_t *len, HookParam *hp) + { + auto s = std::string((char *)data, *len); + s = std::regex_replace(s, std::regex("\\n+"), " "); + return write_string_overwrite(data, len, s); + } + bool F01000AE01954A000(void *data, size_t *len, HookParam *hp) + { + auto s = std::string((char *)data, *len); + s = std::regex_replace(s, std::regex("[A-Za-z0-9]"), ""); + s = std::regex_replace(s, std::regex("[~^(-).%,!:#@$/*&;+_]"), ""); + return write_string_overwrite(data, len, s); + } + bool F01003BD013E30000(void *data, size_t *len, HookParam *hp) + { + auto s = std::string((char *)data, *len); + s = std::regex_replace(s, std::regex("{|\\/.*?}|\\[.*?]"), ""); + return write_string_overwrite(data, len, s); + } + bool F010074F013262000(void *data, size_t *len, HookParam *hp) + { + auto s = std::string((char *)data, *len); + s = std::regex_replace(s, std::regex("\\[.*?]"), ""); + return write_string_overwrite(data, len, s); + } + bool F010057E00AC56000(void *data, size_t *len, HookParam *hp) + { + auto s = std::string((char *)data, *len); + s = std::regex_replace(s, std::regex("<[^>]*>"), ""); + s = std::regex_replace(s, std::regex(u8"ズーム|回転|身長|体重"), ""); + s = std::regex_replace(s, std::regex("[A-Za-z0-9]"), ""); + s = std::regex_replace(s, std::regex("[().%,!#/]"), ""); + while (std::regex_search(s, std::regex("^\\s*$"))) + { + s = std::regex_replace(s, std::regex("^\\s*$"), ""); + } + static std::string last; + if (last == s) + return false; + last = s; + return write_string_overwrite(data, len, s); + } + bool F010051D010FC2000(void *data, size_t *len, HookParam *hp) + { + auto s = std::string((char *)data, *len); + s = std::regex_replace(s, std::regex("\\[([^\\]]+)\\/[^\\]]+\\]"), "$1"); + s = std::regex_replace(s, std::regex("\\s+"), " "); + s = std::regex_replace(s, std::regex("\\\\n"), " "); + s = std::regex_replace(s, std::regex("<[^>]+>|\\[[^\\]]+\\]"), ""); + return write_string_overwrite(data, len, s); + } + + bool F010096000CA38000(void *data, size_t *len, HookParam *hp) + { + auto s = std::wstring((wchar_t *)data, *len / 2); + s = std::regex_replace(s, std::wregex(LR"(\$\w{1,2})"), L""); + s = std::regex_replace(s, std::wregex(LR"(\$\[|\$\/.+?])"), L""); + return write_string_overwrite(data, len, s); + } + bool F0100EC001DE7E000(void *data, size_t *len, HookParam *hp) + { + auto s = std::wstring((wchar_t *)data, *len / 2); + s = std::regex_replace(s, std::wregex(LR"(<\w+=[^>]+>|<\/\w+>)"), L""); + return write_string_overwrite(data, len, s); + } + bool F0100DEF01D0C6000(void *data, size_t *len, HookParam *hp) + { + auto s = std::wstring((wchar_t *)data, *len / 2); + s = std::regex_replace(s, std::wregex(LR"(\n)"), L""); + s = std::regex_replace(s, std::wregex(LR"(\u3000)"), L""); + s = std::regex_replace(s, std::wregex(LR"(<.+?>)"), L""); + return write_string_overwrite(data, len, s); + } + bool F01005AF00E9DC000(void *data, size_t *len, HookParam *hp) + { + auto s = std::string((char *)data, *len); + s = std::regex_replace(s, std::regex(R"(#n)"), ""); + s = std::regex_replace(s, std::regex(R"(#\w+(\[.+?\])?)"), ""); + return write_string_overwrite(data, len, s); + } + bool F010031C01F410000(void *data, size_t *len, HookParam *hp) + { + auto s = std::wstring((wchar_t *)data, *len / 2); + s += L"\n"; + return write_string_overwrite(data, len, s); + } + namespace + { +#pragma optimize("", off) + // 必须禁止优化这个函数,或者引用一下参数,否则参数被优化没了。 + void F01006530151F0000_collect(const wchar_t *_) {} +#pragma optimize("", on) + bool F01006530151F0000(void *data, size_t *len, HookParam *) + { + auto s = std::wstring((wchar_t *)data, *len / 2); + strReplace(s, L"/player", L""); + HookParam hp; + hp.address = (uintptr_t)F01006530151F0000_collect; + hp.offset = GETARG1; + hp.type = CODEC_UTF16 | USING_STRING; + static auto _ = NewHook(hp, "01006530151F0000"); + F01006530151F0000_collect(s.c_str()); + return false; + } + } + bool F010043901E972000(void *data, size_t *len, HookParam *hp) + { + auto s = std::wstring((wchar_t *)data, *len / 2); + strReplace(s, L"
", L"\n"); + return write_string_overwrite(data, len, s); + } + bool wF0100A9B01D4AE000(void *data, size_t *len, HookParam *hp) + { + auto s = std::wstring((wchar_t *)data, *len / 2); + s = std::regex_replace(s, std::wregex(LR"(@(.*?)@)"), L"$1\n"); + return write_string_overwrite(data, len, s); + } + bool aF0100A9B01D4AE000(void *data, size_t *len, HookParam *hp) + { + auto s = std::string((char *)data, *len); + strReplace(s, u8"❛", "'"); + strReplace(s, u8"❜", "'"); + strReplace(s, u8"❝", "\""); + strReplace(s, u8"❞", "\""); + s = std::regex_replace(s, std::regex(R"(@(.*?)@)"), "$1\n"); + s = std::regex_replace(s, std::regex(R"(\$s\(i?\))"), ""); + s = std::regex_replace(s, std::regex(R"(\$[<>]\d+)"), ""); + return write_string_overwrite(data, len, s); + } + bool F0100FB301E70A000(void *data, size_t *len, HookParam *hp) + { + auto s = std::wstring((wchar_t *)data, *len / 2); + return s != L"\uc5d0\u4bad\u0012"; + } + bool F0100F0A01F112000(void *data, size_t *len, HookParam *hp) + { + auto s = std::wstring((wchar_t *)data, *len / 2); + static std::wstring last; + if (last == s) + return false; + last = s; + s = std::regex_replace(s, std::wregex(LR"(\$\[(.*?)\$/(.*?)\$\])"), L"$1"); + return write_string_overwrite(data, len, s); + } + bool F0100C9001E10C000(void *data, size_t *len, HookParam *hp) + { + auto s = std::wstring((wchar_t *)data, *len / 2); + s = std::regex_replace(s, std::wregex(LR"(<(.*?)>)"), L""); // + return write_string_overwrite(data, len, s); + } + bool F01001BA01EBFC000(void *data, size_t *len, HookParam *hp) + { + auto s = std::wstring((wchar_t *)data, *len / 2); + s = std::regex_replace(s, std::wregex(LR"(#n)"), L""); + s = std::regex_replace(s, std::wregex(LR"(#\w+(\[.+?\])?)"), L""); + return write_string_overwrite(data, len, s); + } + bool F01000BB01CB8A000(void *data, size_t *len, HookParam *hp) + { + auto s = std::wstring((wchar_t *)data, *len / 2); + static std::wstring last; + if (last == s) + return false; + last = s; + s = std::regex_replace(s, std::wregex(LR"(\u3000)"), L""); + return write_string_overwrite(data, len, s); + } + bool F010044701E9BC000(void *data, size_t *len, HookParam *hp) + { + auto s = std::wstring((wchar_t *)data, *len / 2); + s = std::regex_replace(s, std::wregex(LR"(\<.*?\>)"), L""); + s = std::regex_replace(s, std::wregex(LR"(\s)"), L""); + return write_string_overwrite(data, len, s); + } + bool F01003BB01DF54000(void *data, size_t *len, HookParam *hp) + { + auto s = std::wstring((wchar_t *)data, *len / 2); + s = std::regex_replace(s, std::wregex(LR"(\\\u3000*)"), L""); + s = std::regex_replace(s, std::wregex(LR"(\$)"), L""); + return write_string_overwrite(data, len, s); + } + bool F01004E5017C54000(void *data, size_t *len, HookParam *hp) + { + auto s = std::wstring((wchar_t *)data, *len / 2); + s = std::regex_replace(s, std::wregex(LR"(<.+?>)"), L""); + s = std::regex_replace(s, std::wregex(LR"(\u3000)"), L""); + return write_string_overwrite(data, len, s); + } + bool F0100FA001E160000(void *data, size_t *len, HookParam *hp) + { + auto s = std::wstring((wchar_t *)data, *len / 2); + s = std::regex_replace(s, std::wregex(LR"(\r\n)"), L""); + s = std::regex_replace(s, std::wregex(LR"(\u3000)"), L""); + return write_string_overwrite(data, len, s); + } + template + bool F0100A250191E8000(void *data, size_t *len, HookParam *hp) + { + auto s = std::string((char *)data, *len); + strReplace(s, "\n", ""); + s = std::regex_replace(s, std::regex(R"(\\d$|^\@[a-z]+|#.*?#|\$)"), ""); + strReplace(s, "\x81\x40", ""); + s = std::regex_replace(s, std::regex(R"(@w|\\c)"), ""); + if (choice) + s = std::regex_replace(s, std::regex(R"(, ?\w+)"), ""); + return write_string_overwrite(data, len, s); + } + bool F0100B1F0123B6000(void *data, size_t *len, HookParam *hp) + { + if (all_ascii((wchar_t *)data)) + return false; + return F010096000CA38000(data, len, hp); + } + bool F0100A62019078000(void *data, size_t *len, HookParam *hp) + { + auto s = std::wstring((wchar_t *)data, *len / 2); + s = std::regex_replace(s, std::wregex(LR"([\s])"), L""); + s = std::regex_replace(s, std::wregex(LR"($$R)"), L""); + s = std::regex_replace(s, std::wregex(LR"(%)"), L""); + return write_string_overwrite(data, len, s); + } + bool F01001EF017BE6000(void *data, size_t *len, HookParam *hp) + { + auto s = std::wstring((wchar_t *)data, *len / 2); + while (std::regex_search(s, std::wregex(L"^\\s*$"))) + { + s = std::regex_replace(s, std::wregex(L"^\\s*$"), L""); + } + return write_string_overwrite(data, len, s); + } + bool F01000EA00D2EE000(void *data, size_t *len, HookParam *hp) + { + auto s = std::wstring((wchar_t *)data, *len / 2); + s = std::regex_replace(s, std::wregex(L"\\n+"), L" "); + s = std::regex_replace(s, std::wregex(L"\\"), L"???"); + s = std::regex_replace(s, std::wregex(L"\\"), L"chiaki_washa"); + s = std::regex_replace(s, std::wregex(L"<.+?>"), L""); + return write_string_overwrite(data, len, s); + } + auto _ = []() + { + emfunctionhooks = { + // Memories Off + {0x8003eeac, {CODEC_UTF16, 0, 0, mages_readstring<0>, 0, "0100978013276000", "1.0.0"}}, + {0x8003eebc, {CODEC_UTF16, 0, 0, mages_readstring<0>, 0, "0100978013276000", "1.0.1"}}, + // Memories Off ~Sorekara~ + {0x8003fb7c, {CODEC_UTF16, 0, 0, mages_readstring<0>, 0, "0100B4A01326E000", "1.0.0"}}, + {0x8003fb8c, {CODEC_UTF16, 0, 0, mages_readstring<0>, 0, "0100B4A01326E000", "1.0.1"}}, + // Famicom Tantei Club: Kieta Koukeisha + {0x80052a10, {CODEC_UTF16, 0, 0, mages_readstring<3>, 0, "0100B4500F7AE000", "1.0.0"}}, + // Famicom Tantei Club Part: Ushiro ni Tatsu Shoujo + {0x8004cb30, {CODEC_UTF16, 0, 0, mages_readstring<3>, 0, "010078400F7B0000", "1.0.0"}}, + // Memories Off 2nd + {0x8003ee0c, {CODEC_UTF16, 0, 0, mages_readstring<0>, 0, "0100D31013274000", "1.0.0"}}, + {0x8003ee1c, {CODEC_UTF16, 0, 0, mages_readstring<0>, 0, "0100D31013274000", "1.0.1"}}, + // Omoide ni Kawaru Kimi ~Memories Off~ + {0x8003ef6c, {CODEC_UTF16, 0, 0, mages_readstring<0>, 0, "0100FFA013272000", "1.0.0"}}, + {0x8003ef7c, {CODEC_UTF16, 0, 0, mages_readstring<0>, 0, "0100FFA013272000", "1.0.1"}}, + // Memories Off 6 ~T-Wave~ + {0x80043d7c, {CODEC_UTF16, 0, 0, mages_readstring<0>, 0, "010047A013268000", "1.0.0"}}, + {0x80043d5c, {CODEC_UTF16, 0, 0, mages_readstring<0>, 0, "010047A013268000", "1.0.1"}}, + // Memories Off: Yubikiri no Kioku + {0x800440ec, {CODEC_UTF16, 0, 0, mages_readstring<0>, 0, "010079C012896000", "1.0.0"}}, + // Memories Off #5 Togireta Film + {0x8003f6ac, {CODEC_UTF16, 0, 0, mages_readstring<0>, 0, "010073901326C000", "1.0.0"}}, + {0x8003f5fc, {CODEC_UTF16, 0, 0, mages_readstring<0>, 0, "010073901326C000", "1.0.1"}}, + // SINce Memories: Hoshi no Sora no Shita de + {0x80048cc8, {CODEC_UTF16, 0, 0, mages_readstring<4>, 0, "0100E94014792000", 0}}, // line + name => join + {0x8004f44c, {CODEC_UTF16, 0, 0, mages_readstring<4>, 0, "0100E94014792000", 0}}, // fast trophy + {0x8004f474, {CODEC_UTF16, 0, 0, mages_readstring<4>, 0, "0100E94014792000", 0}}, // prompt + {0x80039dc0, {CODEC_UTF16, 0, 0, mages_readstring<4>, 0, "0100E94014792000", 0}}, // choice + + // Yahari Game demo Ore no Seishun Love Come wa Machigatteiru. + {0x8005DFB8, {CODEC_UTF16, 0, 0, mages_readstring<0>, 0, "0100E0D0154BC000", "1.0.0"}}, + // CHAOS;HEAD NOAH + {0x80046700, {CODEC_UTF16, 0, 0, mages_readstring<0>, 0, "0100957016B90000", "1.0.0"}}, + {0x8003A2c0, {CODEC_UTF16, 0, 0, mages_readstring<0>, 0, "0100957016B90000", "1.0.0"}}, // choice + {0x8003EAB0, {CODEC_UTF16, 0, 0, mages_readstring<0>, 0, "0100957016B90000", "1.0.0"}}, // TIPS list (menu) + {0x8004C648, {CODEC_UTF16, 0, 0, mages_readstring<0>, 0, "0100957016B90000", "1.0.0"}}, // system message + {0x80050374, {CODEC_UTF16, 0, 0, mages_readstring<0>, 0, "0100957016B90000", "1.0.0"}}, // TIPS (red) + // Shiro to Kuro no Alice + {0x80013f20, {CODEC_UTF8, 0, 0, 0, NewLineCharFilterW, "0100A460141B8000", "1.0.0"}}, + {0x80013f94, {CODEC_UTF8, 0, 0, 0, NewLineCharFilterW, "0100A460141B8000", "1.0.0"}}, + {0x8001419c, {CODEC_UTF8, 0, 0, 0, NewLineCharFilterW, "0100A460141B8000", "1.0.0"}}, + // Shiro to Kuro no Alice -Twilight line- + {0x80014260, {CODEC_UTF8, 0, 0, 0, NewLineCharFilterW, "0100A460141B8000", "1.0.0"}}, + {0x800142d4, {CODEC_UTF8, 0, 0, 0, NewLineCharFilterW, "0100A460141B8000", "1.0.0"}}, + {0x800144dc, {CODEC_UTF8, 0, 0, 0, NewLineCharFilterW, "0100A460141B8000", "1.0.0"}}, + // CLANNAD + {0x80072d00, {CODEC_UTF16 | FULL_STRING, 1, 0, 0, F0100A3A00CC7E000, "0100A3A00CC7E000", "1.0.0"}}, + {0x80072d30, {CODEC_UTF16 | FULL_STRING, 1, 0, 0, F0100A3A00CC7E000, "0100A3A00CC7E000", "1.0.7"}}, + // VARIABLE BARRICADE NS + {0x800e3424, {CODEC_UTF8, 0, 0, 0, F010045C0109F2000, "010045C0109F2000", "1.0.1"}}, //"System Messages + Choices"), //Also includes the names of characters, + {0x800fb080, {CODEC_UTF8, 3, 0, 0, F010045C0109F2000, "010045C0109F2000", "1.0.1"}}, // Main Text + // AMNESIA for Nintendo Switch + {0x805bba5c, {CODEC_UTF16, 0, 0, ReadTextAndLenDW<2>, F0100A1E00BFEA000, "0100A1E00BFEA000", "1.0.1"}}, // dialogue + {0x805e9930, {CODEC_UTF16, 0, 0, ReadTextAndLenDW<1>, F0100A1E00BFEA000, "0100A1E00BFEA000", "1.0.1"}}, // choice + {0x805e7fd8, {CODEC_UTF16, 0, 0, ReadTextAndLenDW<1>, F0100A1E00BFEA000, "0100A1E00BFEA000", "1.0.1"}}, // name + + // Chou no Doku Hana no Kusari Taishou Tsuya Koi Ibun + {0x80095010, {CODEC_UTF16, 1, 0, 0, F0100A1200CA3C000, "0100A1200CA3C000", "2.0.1"}}, // Main Text + Names + // Live a Live + {0x80a05170, {CODEC_UTF16, 0, 0, 0, F0100982015606000, "0100C29017106000", "1.0.0"}}, + // Sakura no Kumo * Scarlet no Koi + {0x804e4858, {CODEC_UTF8, 3, 1, 0, F01006590155AC000, "01006590155AC000", "1.0.0"}}, // name + {0x804e4870, {CODEC_UTF8, 0, 0, 0, F01006590155AC000, "01006590155AC000", "1.0.0"}}, // dialogue + // Majestic Majolical + {0x80557408, {CODEC_UTF8, 0, 0, 0, F01000200194AE000, "01000200194AE000", "1.0.0"}}, // name + {0x8059ee94, {CODEC_UTF8, 3, 0, 0, F01000200194AE000, "01000200194AE000", "1.0.0"}}, // player name + {0x80557420, {CODEC_UTF8, 0, 0, 0, F01000200194AE000, "01000200194AE000", "1.0.0"}}, // dialogue + + // Matsurika no Kei + {0x8017ad54, {CODEC_UTF32, 1, 0, 0, F0100EA001A626000, "0100EA001A626000", "1.0.0"}}, // text + {0x80174d4c, {CODEC_UTF32, 1, 0, 0, F0100EA001A626000, "0100EA001A626000", "1.0.0"}}, // name + // Cupid Parasite + {0x80057910, {CODEC_UTF32, 2, 0, 0, F0100F7E00DFC8000, "0100F7E00DFC8000", "1.0.1"}}, // name + text + {0x80169df0, {CODEC_UTF32, 0, 0, 0, F0100F7E00DFC8000, "0100F7E00DFC8000", "1.0.1"}}, // choice + // Radiant Tale + {0x80075190, {CODEC_UTF8, 1, 0, 0, F0100925014864000, "0100925014864000", "1.0.0"}}, // prompt + {0x8002fb18, {CODEC_UTF8, 0, 0, 0, F0100925014864000, "0100925014864000", "1.0.0"}}, // name + {0x8002fd7c, {CODEC_UTF8, 0, 0, 0, F0100925014864000, "0100925014864000", "1.0.0"}}, // text + {0x8004cf28, {CODEC_UTF8, 1, 0, 0, F0100925014864000, "0100925014864000", "1.0.0"}}, // text + // MUSICUS + {0x80462DD4, {CODEC_UTF8, 0, 1, 0, F01006590155AC000, "01000130150FA000", "1.0.0"}}, // name + {0x80462DEC, {CODEC_UTF8, 0, 0, 0, F01006590155AC000, "01000130150FA000", "1.0.0"}}, // dialogue 1 + {0x80480d4c, {CODEC_UTF8, 0, 0, 0, F01006590155AC000, "01000130150FA000", "1.0.0"}}, // dialogue 2 + {0x804798e0, {CODEC_UTF8, 0, 0, 0, F01006590155AC000, "01000130150FA000", "1.0.0"}}, // choice + // Story of Seasons a Wonderful Life + {0x80ac4d88, {CODEC_UTF32, 0, 0, 0, F0100936018EB4000, "0100936018EB4000", "1.0.3"}}, // Main text + {0x808f7e84, {CODEC_UTF32, 0, 0, 0, F0100936018EB4000, "0100936018EB4000", "1.0.3"}}, // Item name + {0x80bdf804, {CODEC_UTF32, 0, 0, 0, F0100936018EB4000, "0100936018EB4000", "1.0.3"}}, // Item description + // Hamefura Pirates 乙女ゲームの破滅フラグしかない悪役令嬢に転生してしまった… 〜波乱を呼ぶ海賊〜 + {0x81e75940, {CODEC_UTF16, 0, 0, ReadTextAndLenDW<1>, F0100982015606000, "0100982015606000", "1.0.0"}}, // Hamekai.TalkPresenter$$AddMessageBacklog + {0x81c9ae60, {CODEC_UTF16, 0, 0, ReadTextAndLenDW<1>, F0100982015606000, "0100982015606000", "1.0.0"}}, // Hamekai.ChoicesText$$SetText + {0x81eb7dc0, {CODEC_UTF16, 0, 0, ReadTextAndLenDW<1>, F0100982015606000, "0100982015606000", "1.0.0"}}, // Hamekai.ShortStoryTextView$$AddText + // Death end re;Quest + {0x80241088, {CODEC_UTF8, 8, 0, 0, F0100AEC013DDA000, "0100AEC013DDA000", "1.0.0"}}, // english ver + // Death end re;Quest 2 + {0x80225C3C, {CODEC_UTF8, 8, 0, 0, F010001D015260000, "010001D015260000", "1.0.0"}}, + // Death end re;Quest Code Z + {0x82349188, {CODEC_UTF16, 1, 0, 0, 0, "010054B01BE90000", "1.0.0"}}, + {0x823DC128, {CODEC_UTF16, 1, 0, 0, 0, "010054B01BE90000", "1.0.2"}}, + // Meta Meet Cute!!!+ + {0x81DD6010, {CODEC_UTF16, 1, -32, 0, 0, "01009A401C1B0000", "1.02"}}, // english ver, only long string, short string can't find. + // Of the Red, the Light, and the Ayakashi Tsuzuri + {0x8176D78C, {CODEC_UTF16, 3, 0, 0, 0, "0100F7801B5DC000", "1.0.0"}}, + // Tokimeki Memorial Girl's Side: 4th Heart + {0x817e7da8, {CODEC_UTF16, 0, 0, T0100B0100E26C000<2, 0>, 0, "0100B0100E26C000", "1.0.0"}}, // name (x1) + dialogue (x2) + {0x81429f54, {CODEC_UTF16, 0, 0, T0100B0100E26C000<0, 1>, 0, "0100B0100E26C000", "1.0.0"}}, // choice (x0) + {0x8180633c, {CODEC_UTF16, 0, 0, T0100B0100E26C000<1, 2>, 0, "0100B0100E26C000", "1.0.0"}}, // help (x1) + // 13 Sentinels: Aegis Rim + {0x80057d18, {CODEC_UTF8, 0, 0, 0, F010045C014650000, "010045C014650000", "1.0.0"}}, // cutscene text + {0x8026fec0, {CODEC_UTF8, 1, 0, 0, F010045C014650000, "010045C014650000", "1.0.0"}}, // prompt + {0x8014eab4, {CODEC_UTF8, 0, 0, 0, F010045C014650000, "010045C014650000", "1.0.0"}}, // name (combat) + {0x801528ec, {CODEC_UTF8, 3, 0, 0, F010045C014650000, "010045C014650000", "1.0.0"}}, // dialogue (combat) + {0x80055acc, {CODEC_UTF8, 0, 0, 0, F010045C014650000, "010045C014650000", "1.0.0"}}, // dialogue 2 (speech bubble) + {0x802679c8, {CODEC_UTF8, 1, 0, 0, F010045C014650000, "010045C014650000", "1.0.0"}}, // notification + {0x8025e210, {CODEC_UTF8, 2, 0, 0, F010045C014650000, "010045C014650000", "1.0.0"}}, // scene context example: 数日前 咲良高校 1年B組 教室 1985年5月" + {0x8005c518, {CODEC_UTF8, 0, 0, 0, F010045C014650000, "010045C014650000", "1.0.0"}}, // game help + // Sea of Stars + {0x83e93ca0, {CODEC_UTF16, 0, 0, ReadTextAndLenDW<0>, F01008C0016544000, "01008C0016544000", "1.0.45861"}}, // Main text + {0x820c3fa0, {CODEC_UTF16, 0, 0, ReadTextAndLenDW<0>, F01008C0016544000, "01008C0016544000", "1.0.47140"}}, // Main text + // Final Fantasy I + {0x81e88040, {CODEC_UTF16, 0, 0, ReadTextAndLenDW<0>, 0, "01000EA014150000", "1.0.1"}}, // Main text + {0x81cae54c, {CODEC_UTF16, 0, 0, ReadTextAndLenDW<0>, 0, "01000EA014150000", "1.0.1"}}, // Intro text + {0x81a3e494, {CODEC_UTF16, 0, 0, ReadTextAndLenDW<0>, 0, "01000EA014150000", "1.0.1"}}, // battle text + {0x81952c28, {CODEC_UTF16, 0, 0, ReadTextAndLenDW<0>, 0, "01000EA014150000", "1.0.1"}}, // Location + // Final Fantasy II + {0x8208f4cc, {CODEC_UTF16, 0, 0, ReadTextAndLenDW<0>, 0, "01006B7014156000", "1.0.1"}}, // Main text + {0x817e464c, {CODEC_UTF16, 0, 0, ReadTextAndLenDW<0>, 0, "01006B7014156000", "1.0.1"}}, // Intro text + {0x81fb6414, {CODEC_UTF16, 0, 0, ReadTextAndLenDW<0>, 0, "01006B7014156000", "1.0.1"}}, // battle text + // Final Fantasy III + {0x82019e84, {CODEC_UTF16, 0, 0, ReadTextAndLenDW<0>, 0, "01002E2014158000", "1.0.1"}}, // Main text1 + {0x817ffcfc, {CODEC_UTF16, 0, 0, ReadTextAndLenDW<0>, 0, "01002E2014158000", "1.0.1"}}, // Main text2 + {0x81b8b7e4, {CODEC_UTF16, 0, 0, ReadTextAndLenDW<0>, 0, "01002E2014158000", "1.0.1"}}, // battle text + {0x8192c4a8, {CODEC_UTF16, 0, 0, ReadTextAndLenDW<0>, 0, "01002E2014158000", "1.0.1"}}, // Location + // Final Fantasy IV + {0x81e44bf4, {CODEC_UTF16, 0, 0, ReadTextAndLenDW<0>, 0, "01004B301415A000", "1.0.2"}}, // Main text + {0x819f92c4, {CODEC_UTF16, 0, 0, ReadTextAndLenDW<0>, 0, "01004B301415A000", "1.0.2"}}, // Rolling text + {0x81e2e798, {CODEC_UTF16, 0, 0, ReadTextAndLenDW<0>, 0, "01004B301415A000", "1.0.2"}}, // Battle text + {0x81b1e6a8, {CODEC_UTF16, 0, 0, ReadTextAndLenDW<0>, 0, "01004B301415A000", "1.0.2"}}, // Location + // Final Fantasy V + {0x81d63e24, {CODEC_UTF16, 0, 0, ReadTextAndLenDW<0>, 0, "0100AA201415C000", "1.0.2"}}, // Main text + {0x81adfb3c, {CODEC_UTF16, 0, 0, ReadTextAndLenDW<0>, 0, "0100AA201415C000", "1.0.2"}}, // Location + {0x81a8fda8, {CODEC_UTF16, 0, 0, ReadTextAndLenDW<0>, 0, "0100AA201415C000", "1.0.2"}}, // Battle text + // Final Fantasy VI + {0x81e6b350, {CODEC_UTF16, 0, 0, ReadTextAndLenDW<0>, 0, "0100AA001415E000", "1.0.2"}}, // Main text + {0x81ab40ec, {CODEC_UTF16, 0, 0, ReadTextAndLenDW<0>, 0, "0100AA001415E000", "1.0.2"}}, // Location + {0x819b8c88, {CODEC_UTF16, 0, 0, ReadTextAndLenDW<0>, 0, "0100AA001415E000", "1.0.2"}}, // Battle text + // Final Fantasy IX + {0x80034b90, {CODEC_UTF16, 0, 0, ReadTextAndLenDW<1>, F01006F000B056000, "01006F000B056000", "1.0.1"}}, // Main Text + {0x802ade64, {CODEC_UTF16, 0, 0, ReadTextAndLenDW<0>, F01006F000B056000, "01006F000B056000", "1.0.1"}}, // Battle Text + {0x801b1b84, {CODEC_UTF16, 0, 0, ReadTextAndLenDW<0>, F01006F000B056000, "01006F000B056000", "1.0.1"}}, // Descriptions + {0x805aa0b0, {CODEC_UTF16, 0, 0, ReadTextAndLenDW<0>, F01006F000B056000, "01006F000B056000", "1.0.1"}}, // Key Item Name + {0x805a75d8, {CODEC_UTF16, 0, 0, ReadTextAndLenDW<0>, F01006F000B056000, "01006F000B056000", "1.0.1"}}, // Key Item Content + {0x8002f79c, {CODEC_UTF16, 0, 0, ReadTextAndLenDW<0>, F01006F000B056000, "01006F000B056000", "1.0.1"}}, // Menu + {0x80ca88b0, {CODEC_UTF16, 0, 0, ReadTextAndLenDW<0>, F01006F000B056000, "01006F000B056000", "1.0.1"}}, // Tutorial1 + {0x80ca892c, {CODEC_UTF16, 0, 0, ReadTextAndLenDW<0>, F01006F000B056000, "01006F000B056000", "1.0.1"}}, // Tutorial2 + {0x80008d88, {CODEC_UTF16, 0, 0, ReadTextAndLenDW<1>, F01006F000B056000, "01006F000B056000", "1.0.1"}}, // Location + // Norn9 Var Commons + {0x8003E874, {CODEC_UTF8, 0, 0, 0, F0100068019996000, "0100068019996000", "1.0.0"}}, // English + // 薄桜鬼 真改 万葉ノ抄 + {0x8004E8F0, {CODEC_UTF8, 1, 0, 0, F010001D015260000, "0100EA601A0A0000", "1.0.0"}}, + // Hakuouki Shinkai: Tsukikage no Shou / 薄桜鬼 真改 月影ノ抄 + {0x8019ecd0, {CODEC_UTF8, 1, 0, 0, F0100E1E00E2AE000, "0100E1E00E2AE000", "1.0.0"}}, // Text + // Chrono Cross: The Radical Dreamers Edition + {0x802b1254, {CODEC_UTF32, 1, 0, 0, 0, "0100AC20128AC000", "1.0.2"}}, // Text + // AIR + {0x800a6b10, {CODEC_UTF16, 1, 0, 0, F0100ADC014DA0000, "0100ADC014DA0000", "1.0.1"}}, // Text + Name + // Shinigami to Shoujo + {0x21cb08, {0, 1, 0, 0, F0100AFA01750C000, "0100AFA01750C000", "1.0.2"}}, // Text,sjis + // Octopath Traveler II + {0x8088a4d4, {CODEC_UTF16, 0, 0, 0, 0, "0100A3501946E000", "1.0.0"}}, // main text + // NieR:Automata The End of YoRHa Edition + {0x808e7068, {CODEC_UTF16, 3, 0, 0, 0, "0100B8E016F76000", "1.0.2"}}, // Text + // Reine des Fleurs + {0x80026434, {CODEC_UTF8, 0, 0, 0, 0, "0100B5800C0E4000", "1.0.0"}}, // Dialogue text + // Code: Realize ~Saikou no Hanataba~ (Code:Realize ~彩虹の花束~) + {0x80019c14, {CODEC_UTF8, 0, 0x1c, 0, F010088B01A8FC000, "0100B6900A668000", "1.0.0"}}, + {0x80041560, {CODEC_UTF8, 1, 0, 0, F010088B01A8FC000, "0100B6900A668000", "1.0.0"}}, + {0x800458c8, {CODEC_UTF8, 0, 0, 0, F010088B01A8FC000, "0100B6900A668000", "1.0.0"}}, + // Diabolik Lovers Grand Edition + {0x80041080, {CODEC_UTF8, 1, 0, 0, F0100BD700E648000, "0100BD700E648000", "1.0.0"}}, // name + {0x80041080, {CODEC_UTF8, 0, 0, 0, F0100BD700E648000, "0100BD700E648000", "1.0.0"}}, // dialogue + {0x80041080, {CODEC_UTF8, 2, 0, 0, F0100BD700E648000, "0100BD700E648000", "1.0.0"}}, // choice1 + // Shinobi, Koi Utsutsu + {0x8002aca0, {CODEC_UTF8, 0, 0, 0, F0100C1E0102B8000, "0100C1E0102B8000", "1.0.0"}}, // name + {0x8002aea4, {CODEC_UTF8, 0, 0, 0, F0100C1E0102B8000, "0100C1E0102B8000", "1.0.0"}}, // dialogue1 + {0x8001ca90, {CODEC_UTF8, 2, 0, 0, F0100C1E0102B8000, "0100C1E0102B8000", "1.0.0"}}, // dialogue2 + {0x80049dbc, {CODEC_UTF8, 1, 0, 0, F0100C1E0102B8000, "0100C1E0102B8000", "1.0.0"}}, // choice + // Yoru, Tomosu + {0xe2748eb0, {CODEC_UTF32, 1, 0, 0, 0, "0100C2901153C000", "1.0.0"}}, // text1 + // Closed Nightmare + {0x800c0918, {CODEC_UTF8, 0, 0, 0, F0100D9500A0F6000, "0100D9500A0F6000", "1.0.0"}}, // line + name + {0x80070b98, {CODEC_UTF8, 0, 0, 0, F0100D9500A0F6000, "0100D9500A0F6000", "1.0.0"}}, // fast trophy + {0x800878fc, {CODEC_UTF8, 0, 0, 0, F0100D9500A0F6000, "0100D9500A0F6000", "1.0.0"}}, // prompt + {0x80087aa0, {CODEC_UTF8, 0, 0, 0, F0100D9500A0F6000, "0100D9500A0F6000", "1.0.0"}}, // choice + // Yuru Camp△ - Have a Nice Day! + {0x816d03f8, {CODEC_UTF16, 0, 0, ReadTextAndLenDW<0>, F0100982015606000, "0100D12014FC2000", "1.0.0"}}, // dialog / backlog + // Akuyaku Reijou wa Ringoku no Outaishi ni Dekiai Sareru + {0x817b35c4, {CODEC_UTF8, 1, 0, 0, F0100DA201E0DA000, "0100DA201E0DA000", "1.0.0"}}, // Dialogue + // Yunohana Spring! ~Mellow Times~ + {0x80028178, {CODEC_UTF8, 0, 0, 0, F0100DE200C0DA000, "0100DE200C0DA000", "1.0.0"}}, // name + {0x8001b9d8, {CODEC_UTF8, 2, 0, 0, F0100DE200C0DA000, "0100DE200C0DA000", "1.0.0"}}, // dialogue1 + {0x8001b9b0, {CODEC_UTF8, 2, 0, 0, F0100DE200C0DA000, "0100DE200C0DA000", "1.0.0"}}, // dialogue2 + {0x8004b940, {CODEC_UTF8, 2, 0, 0, F0100DE200C0DA000, "0100DE200C0DA000", "1.0.0"}}, // dialogue3 + {0x8004a8d0, {CODEC_UTF8, 1, 0, 0, F0100DE200C0DA000, "0100DE200C0DA000", "1.0.0"}}, // choice + // サマータイムレンダ Another Horizon + {0x818ebaf0, {CODEC_UTF16, 0, 0x14, 0, F01005940182EC000, "01005940182EC000", "1.0.0"}}, // dialogue + // Aquarium + {0x8051a990, {CODEC_UTF8, 0, 1, 0, F01006590155AC000, "0100D11018A7E000", "1.0.0"}}, // name + {0x8051a9a8, {CODEC_UTF8, 0, 0, 0, F01006590155AC000, "0100D11018A7E000", "1.0.0"}}, // dialogue + {0x80500178, {CODEC_UTF8, 0, 0, 0, F01006590155AC000, "0100D11018A7E000", "1.0.0"}}, // choice + // AKA + {0x8166eb80, {CODEC_UTF16, 0, 0, ReadTextAndLenDW<0>, F0100B0601852A000, "0100B0601852A000", "1.0.0"}}, // Main text + {0x817d44a4, {CODEC_UTF16, 0, 0, ReadTextAndLenDW<0>, F0100B0601852A000, "0100B0601852A000", "1.0.0"}}, // Letter + {0x815cb0f4, {CODEC_UTF16, 0, 0, ReadTextAndLenDW<0>, F0100B0601852A000, "0100B0601852A000", "1.0.0"}}, // Mission title + {0x815cde30, {CODEC_UTF16, 0, 0, ReadTextAndLenDW<0>, F0100B0601852A000, "0100B0601852A000", "1.0.0"}}, // Mission description + {0x8162a910, {CODEC_UTF16, 0, 0, ReadTextAndLenDW<0>, F0100B0601852A000, "0100B0601852A000", "1.0.0"}}, // Craft description + {0x817fdca8, {CODEC_UTF16, 0, 0, ReadTextAndLenDW<0>, F0100B0601852A000, "0100B0601852A000", "1.0.0"}}, // Inventory item name + // Etrian Odyssey I HD + {0x82d57550, {CODEC_UTF16, 0, 0, ReadTextAndLenDW<0>, F0100B0C016164000, "01008A3016162000", "1.0.2"}}, // Text + {0x824ff408, {CODEC_UTF16, 0, 0, ReadTextAndLenDW<0>, F0100B0C016164000, "01008A3016162000", "1.0.2"}}, // Config Description + {0x8296b4e4, {CODEC_UTF16, 0, 0, ReadTextAndLenDW<0>, F0100B0C016164000, "01008A3016162000", "1.0.2"}}, // Class Description + {0x81b2204c, {CODEC_UTF16, 0, 0, ReadTextAndLenDW<0>, F0100B0C016164000, "01008A3016162000", "1.0.2"}}, // Item Description + // Etrian Odyssey II HD + {0x82f24c70, {CODEC_UTF16, 0, 0, ReadTextAndLenDW<0>, F0100B0C016164000, "0100B0C016164000", "1.0.2"}}, // Text + {0x82cc0988, {CODEC_UTF16, 0, 0, ReadTextAndLenDW<0>, F0100B0C016164000, "0100B0C016164000", "1.0.2"}}, // Config Description + {0x8249acd4, {CODEC_UTF16, 0, 0, ReadTextAndLenDW<0>, F0100B0C016164000, "0100B0C016164000", "1.0.2"}}, // Class Description + {0x81b27644, {CODEC_UTF16, 0, 0, ReadTextAndLenDW<0>, F0100B0C016164000, "0100B0C016164000", "1.0.2"}}, // Item Description + // Etrian Odyssey III HD + {0x83787f04, {CODEC_UTF16, 0, 0, ReadTextAndLenDW<0>, F0100B0C016164000, "0100D32015A52000", "1.0.2"}}, // Text + {0x8206915c, {CODEC_UTF16, 0, 0, ReadTextAndLenDW<0>, F0100B0C016164000, "0100D32015A52000", "1.0.2"}}, // Config Description + {0x82e6d1d4, {CODEC_UTF16, 0, 0, ReadTextAndLenDW<0>, F0100B0C016164000, "0100D32015A52000", "1.0.2"}}, // Class Description + {0x82bf5d48, {CODEC_UTF16, 0, 0, ReadTextAndLenDW<0>, F0100B0C016164000, "0100D32015A52000", "1.0.2"}}, // Item Description + // Fire Emblem Engage + {0x8248c550, {CODEC_UTF16, 0, 0, ReadTextAndLenDW<2>, 0, "0100A6301214E000", "1.3.0"}}, // App.Talk3D.TalkLog$$AddLog + {0x820C6530, {CODEC_UTF16, 0, 0, ReadTextAndLenDW<2>, 0, "0100A6301214E000", "2.0.0"}}, // App.Talk3D.TalkLog$$AddLog + // AMNESIA LATER×CROWD for Nintendo Switch + {0x800ebc34, {CODEC_UTF16, 0, 0, ReadTextAndLenDW<1>, F0100982015606000, "0100B5700CDFC000", "1.0.0"}}, // waterfall + {0x8014dc64, {CODEC_UTF16, 0, 0, ReadTextAndLenDW<1>, F0100982015606000, "0100B5700CDFC000", "1.0.0"}}, // name + {0x80149b10, {CODEC_UTF16, 0, 0, ReadTextAndLenDW<1>, F0100982015606000, "0100B5700CDFC000", "1.0.0"}}, // dialogue + {0x803add50, {CODEC_UTF16, 0, 0, ReadTextAndLenDW<1>, F0100982015606000, "0100B5700CDFC000", "1.0.0"}}, // choice + // Natsumon! 20th Century Summer Vacation + {0x80db5d34, {CODEC_UTF16, 0, 0, 0, F0100A8401A0A8000, "0100A8401A0A8000", "1.1.0"}}, // tutorial + {0x846fa578, {CODEC_UTF16, 0, 0, 0, F0100A8401A0A8000, "0100A8401A0A8000", "1.1.0"}}, // choice + {0x8441e800, {CODEC_UTF16, 0, 0, 0, F0100A8401A0A8000, "0100A8401A0A8000", "1.1.0"}}, // examine + dialog + // Super Mario RPG + {0x81d78c58, {CODEC_UTF16, 0, 0, ReadTextAndLenDW<0>, F0100BC0018138000, "0100BC0018138000", "1.0.0"}}, // Main Text + {0x81dc9cf8, {CODEC_UTF16, 0, 0, ReadTextAndLenDW<0>, F0100BC0018138000, "0100BC0018138000", "1.0.0"}}, // Name + {0x81c16b80, {CODEC_UTF16, 0, 0, ReadTextAndLenDW<1>, F0100BC0018138000, "0100BC0018138000", "1.0.0"}}, // Cutscene + {0x821281f0, {CODEC_UTF16, 0, 0, ReadTextAndLenDW<1>, F0100BC0018138000, "0100BC0018138000", "1.0.0"}}, // Special/Item/Menu/Objective Description + {0x81cd8148, {CODEC_UTF16, 0, 0, ReadTextAndLenDW<1>, F0100BC0018138000, "0100BC0018138000", "1.0.0"}}, // Special Name + {0x81fc2820, {CODEC_UTF16, 0, 0, ReadTextAndLenDW<0>, F0100BC0018138000, "0100BC0018138000", "1.0.0"}}, // Item Name Battle + {0x81d08d28, {CODEC_UTF16, 0, 0, ReadTextAndLenDW<0>, F0100BC0018138000, "0100BC0018138000", "1.0.0"}}, // Item Name Off-battle + {0x82151aac, {CODEC_UTF16, 0, 0, ReadTextAndLenDW<0>, F0100BC0018138000, "0100BC0018138000", "1.0.0"}}, // Shop Item Name + {0x81fcc870, {CODEC_UTF16, 0, 0, ReadTextAndLenDW<1>, F0100BC0018138000, "0100BC0018138000", "1.0.0"}}, // Objective Title + {0x821bd328, {CODEC_UTF16, 0, 0, ReadTextAndLenDW<0>, F0100BC0018138000, "0100BC0018138000", "1.0.0"}}, // Monster List - Name + {0x820919b8, {CODEC_UTF16, 0, 0, ReadTextAndLenDW<0>, F0100BC0018138000, "0100BC0018138000", "1.0.0"}}, // Monster List - Description + {0x81f56518, {CODEC_UTF16, 0, 0, ReadTextAndLenDW<0>, F0100BC0018138000, "0100BC0018138000", "1.0.0"}}, // Info + {0x82134ce0, {CODEC_UTF16, 0, 0, ReadTextAndLenDW<0>, F0100BC0018138000, "0100BC0018138000", "1.0.0"}}, // Help Category + {0x82134f30, {CODEC_UTF16, 0, 0, ReadTextAndLenDW<0>, F0100BC0018138000, "0100BC0018138000", "1.0.0"}}, // Help Name + {0x821372e4, {CODEC_UTF16, 0, 0, ReadTextAndLenDW<0>, F0100BC0018138000, "0100BC0018138000", "1.0.0"}}, // Help Description 1 + {0x82137344, {CODEC_UTF16, 0, 0, ReadTextAndLenDW<0>, F0100BC0018138000, "0100BC0018138000", "1.0.0"}}, // Help Description 2 + {0x81d0ee80, {CODEC_UTF16, 0, 0, ReadTextAndLenDW<2>, F0100BC0018138000, "0100BC0018138000", "1.0.0"}}, // Location + {0x82128f64, {CODEC_UTF16, 0, 0, ReadTextAndLenDW<0>, F0100BC0018138000, "0100BC0018138000", "1.0.0"}}, // Album Title + {0x81f572a0, {CODEC_UTF16, 0, 0, ReadTextAndLenDW<3>, F0100BC0018138000, "0100BC0018138000", "1.0.0"}}, // Load/Save Text + {0x81d040a8, {CODEC_UTF16, 0, 0, ReadTextAndLenDW<0>, F0100BC0018138000, "0100BC0018138000", "1.0.0"}}, // Levelup First Part + {0x81d043fc, {CODEC_UTF16, 0, 0, ReadTextAndLenDW<0>, F0100BC0018138000, "0100BC0018138000", "1.0.0"}}, // Levelup Second Part + {0x81d04550, {CODEC_UTF16, 0, 0, ReadTextAndLenDW<0>, F0100BC0018138000, "0100BC0018138000", "1.0.0"}}, // Levelup New Ability Description + {0x81fbfa18, {CODEC_UTF16, 0, 0, ReadTextAndLenDW<0>, F0100BC0018138000, "0100BC0018138000", "1.0.0"}}, // Yoshi Mini-Game Header + {0x81fbfa74, {CODEC_UTF16, 0, 0, ReadTextAndLenDW<0>, F0100BC0018138000, "0100BC0018138000", "1.0.0"}}, // Yoshi Mini-Game Text + {0x81cf41b4, {CODEC_UTF16, 0, 0, ReadTextAndLenDW<0>, F0100BC0018138000, "0100BC0018138000", "1.0.0"}}, // Enemy Special Attacks + // Trials of Mana + {0x800e8abc, {CODEC_UTF16, 1, 0, 0, F0100D7800E9E0000, "0100D7800E9E0000", "1.1.1"}}, // Text + // Utsusemi no Meguri + {0x821b452c, {CODEC_UTF16, 0, 0, ReadTextAndLenDW<0>, 0, "0100DA101D9AA000", "1.0.0"}}, // text1 + {0x821b456c, {CODEC_UTF16, 0, 0, ReadTextAndLenDW<0>, 0, "0100DA101D9AA000", "1.0.0"}}, // text2 + {0x821b45ac, {CODEC_UTF16, 0, 0, ReadTextAndLenDW<0>, 0, "0100DA101D9AA000", "1.0.0"}}, // text3 + // Buddy Mission BOND + {0x80046dd0, {0, 0, 0, T0100DB300B996000, 0, "0100DB300B996000", 0}}, // 1.0.0, 1.0.1,sjis + {0x80046de0, {0, 0, 0, T0100DB300B996000, 0, "0100DB300B996000", 0}}, + // Bravely Default II + {0x80b97700, {CODEC_UTF16, 0, 0, 0, 0, "010056F00C7B4000", "1.0.0"}}, // Main Text + {0x80bb8d3c, {CODEC_UTF16, 0, 0, 0, 0, "010056F00C7B4000", "1.0.0"}}, // Main Ptc Text + {0x810add68, {CODEC_UTF16, 0, 0, 0, 0, "010056F00C7B4000", "1.0.0"}}, // Secondary Text + // Tantei Bokumetsu / 探偵撲滅 + {0x8011c340, {CODEC_UTF8, 1, 0, 0, F0100CBA014014000, "0100CBA014014000", "1.0.0"}}, // Text + {0x80064f20, {CODEC_UTF8, 1, 0, 0, F0100CBA014014000, "0100CBA014014000", "1.0.0"}}, // Choices + // Ys X: Nordics + {0x80817758, {CODEC_UTF8, 1, 0, 0, F0100CC401A16C000<0>, "0100CC401A16C000", "1.0.4"}}, // Main Text + {0x80981e3c, {CODEC_UTF8, 0, 0, 0, F0100CC401A16C000<1>, "0100CC401A16C000", "1.0.4"}}, // Secondary Text + // 9 R.I.P + {0x80025360, {CODEC_UTF8, 2, 0, 0, F0100BDD01AAE4000, "0100BDD01AAE4000", "1.0.0"}}, // name + {0x80023c60, {CODEC_UTF8, 0, 0, 0, F0100BDD01AAE4000, "0100BDD01AAE4000", "1.0.0"}}, // text + {0x8005388c, {CODEC_UTF8, 1, 0, 0, F0100BDD01AAE4000, "0100BDD01AAE4000", "1.0.0"}}, // choice + {0x80065010, {CODEC_UTF8, 0, 0, 0, F0100BDD01AAE4000, "0100BDD01AAE4000", "1.0.0"}}, // character description + {0x8009c780, {CODEC_UTF8, 0, 0, 0, F0100BDD01AAE4000, "0100BDD01AAE4000", "1.0.0"}}, // prompt + // Kiss Bell - Let's sound the kissing-bell of the promise / キスベル + {0x8049d958, {CODEC_UTF8, 1, 0, 0, F01006590155AC000, "0100BD7015E6C000", "1.0.0"}}, // text + // Piofiore no Banshou -Ricordo- CN + {0x80015fa0, {CODEC_UTF8, 2, 0, 0, F0100C310110B4000, "0100C310110B4000", "1.0.0"}}, // handlerMsg + {0x80050d50, {CODEC_UTF8, 0, 0, 0, F0100C310110B4000, "0100C310110B4000", "1.0.0"}}, // handlerName + {0x8002F430, {CODEC_UTF8, 0, 0, 0, F0100C310110B4000, "0100C310110B4000", "1.0.0"}}, // handlerPrompt + {0x8002F4F0, {CODEC_UTF8, 0, 0, 0, F0100C310110B4000, "0100C310110B4000", "1.0.0"}}, // handlerPrompt + {0x8002F540, {CODEC_UTF8, 0, 0, 0, F0100C310110B4000, "0100C310110B4000", "1.0.0"}}, // handlerPrompt + // Piofiore no Banshou -Ricordo- + {0x800141d0, {CODEC_UTF8, 2, 0, 0, F0100C310110B4000, "01005F700DC56000", "1.0.0"}}, // handlerMsg + {0x8004ce20, {CODEC_UTF8, 0, 0, 0, F0100C310110B4000, "01005F700DC56000", "1.0.0"}}, // handlerName + {0x8002be90, {CODEC_UTF8, 0, 0, 0, F0100C310110B4000, "01005F700DC56000", "1.0.0"}}, // handlerPrompt + {0x8002bf50, {CODEC_UTF8, 0, 0, 0, F0100C310110B4000, "01005F700DC56000", "1.0.0"}}, // handlerPrompt + {0x8002bfa0, {CODEC_UTF8, 0, 0, 0, F0100C310110B4000, "01005F700DC56000", "1.0.0"}}, // handlerPrompt + // Piofiore no Banshou -Episodio1926- + {0x80019630, {CODEC_UTF8, 2, 0, 0, F0100C310110B4000, "01009E30120F4000", "1.0.0"}}, // handlerMsg + {0x8005B7B0, {CODEC_UTF8, 0, 0, 0, F0100C310110B4000, "01009E30120F4000", "1.0.0"}}, // handlerName + {0x80039230, {CODEC_UTF8, 0, 0, 0, F0100C310110B4000, "01009E30120F4000", "1.0.0"}}, // handlerPrompt + {0x800392F0, {CODEC_UTF8, 0, 0, 0, F0100C310110B4000, "01009E30120F4000", "1.0.0"}}, // handlerPrompt + {0x80039340, {CODEC_UTF8, 0, 0, 0, F0100C310110B4000, "01009E30120F4000", "1.0.0"}}, // handlerPrompt + // Pokémon Let’s Go, Pikachu! + {0x8067d9fc, {CODEC_UTF16, 0, 0, 0, F010003F003A34000, "010003F003A34000", "1.0.2"}}, // Text + // Ikemen Sengoku Toki o Kakeru Koi / イケメン戦国◆時をかける恋 新たなる出逢い + {0x813e4fb4, {CODEC_UTF16, 0, 0, ReadTextAndLenDW<0>, 0, "01008BE016CE2000", "1.0.0"}}, // Main Text + {0x813e4c60, {CODEC_UTF16, 0, 0, ReadTextAndLenDW<0>, 0, "01008BE016CE2000", "1.0.0"}}, // Name + {0x813b5360, {CODEC_UTF16, 0, 0, ReadTextAndLenDW<0>, 0, "01008BE016CE2000", "1.0.0"}}, // Choices + {0x81bab9ac, {CODEC_UTF16, 0, 0, ReadTextAndLenDW<1>, 0, "01008BE016CE2000", "1.0.0"}}, // Info + // Shin Megami Tensei V + {0x80ce01a4, {CODEC_UTF16, 0, 0, 0, 0, "01006BD0095F4000", "1.0.2"}}, // Text + // The Legend of Zelda: Link's Awakening + {0x80f57910, {CODEC_UTF8, 1, 0, 0, 0, "01006BB00C6F0000", "1.0.1"}}, // Main Text + // Cendrillon palikA + {0x8001ab8c, {CODEC_UTF8, 2, 0, 0, F0100DE200C0DA000, "01006B000A666000", "1.0.0"}}, // name + {0x80027b30, {CODEC_UTF8, 0, 0, 0, F0100DE200C0DA000, "01006B000A666000", "1.0.0"}}, // dialogue + // Crayon Shin-chan Shiro of Coal Town + {0x83fab4bc, {CODEC_UTF16, 0, 0, ReadTextAndLenW<0>, F01007B601C608000, "01007B601C608000", "1.0.1"}}, + // Fuuraiki 4 + {0x80008c80, {CODEC_UTF32, 1, 0, 0, F010046601125A000, "010046601125A000", "1.0.0"}}, // Main + {0x80012b1c, {CODEC_UTF32, 1, 0, 0, F010046601125A000, "010046601125A000", "1.0.0"}}, // Wordpad + {0x80012ccc, {CODEC_UTF32, 1, 0, 0, F010046601125A000, "010046601125A000", "1.0.0"}}, // Comments + {0x80009f74, {CODEC_UTF32, 1, 0, 0, F010046601125A000, "010046601125A000", "1.0.0"}}, // Choices + {0x80023d64, {CODEC_UTF32, 0, 0, 0, F010046601125A000, "010046601125A000", "1.0.0"}}, // Location + // Ken ga Kimi for S / 剣が君 for S + {0x81477128, {CODEC_UTF16, 0, 0, ReadTextAndLenDW<0>, F0100771013FA8000, "0100771013FA8000", "1.1"}}, // Main Text + {0x81470e38, {CODEC_UTF16, 0, 0, ReadTextAndLenDW<0>, F0100771013FA8000, "0100771013FA8000", "1.1"}}, // Secondary Text + // ANONYMOUS;CODE + {0x80011608, {CODEC_UTF8, 1, 0, 0, F0100556015CCC000, "0100556015CCC000", "1.0.0"}}, // dialouge, menu + // Sugar * Style (シュガー*スタイル) + {0x800ccbc8, {0, 0, 0, 0, 0, "0100325012B70000", "1.0.0"}}, // ret x0 name + text (readShiftJisString), filter is to complex, quit. + // Nightshade/百花百狼 + {0x802999c8, {CODEC_UTF16, 0, 0, ReadTextAndLenDW<1>, F010042300C4F6000, "010042300C4F6000", "1.0.1"}}, // dialogue + {0x8015b544, {CODEC_UTF16, 0, 0, ReadTextAndLenDW<0>, F010042300C4F6000, "010042300C4F6000", "1.0.1"}}, // name + {0x802a2fd4, {CODEC_UTF16, 0, 0, ReadTextAndLenDW<1>, F010042300C4F6000, "010042300C4F6000", "1.0.1"}}, // choice1 + {0x802b7900, {CODEC_UTF16, 0, 0, ReadTextAndLenDW<1>, F010042300C4F6000, "010042300C4F6000", "1.0.1"}}, // choice2 + // Toraware no Paruma + {0x8015b7a8, {CODEC_UTF16, 0, 0, ReadTextAndLenDW<0>, F010044800D2EC000, "010044800D2EC000", "1.0.0"}}, // text x0 + {0x8015b46c, {CODEC_UTF16, 0, 0, ReadTextAndLenDW<1>, F010044800D2EC000, "010044800D2EC000", "1.0.0"}}, // name x1 + // Brothers Conflict: Precious Baby + {0x8016aecc, {CODEC_UTF16, 0, 0, ReadTextAndLenW<0>, F0100982015606000, "010037400DAAE000", "1.0.0"}}, // name + {0x80126b9c, {CODEC_UTF16, 0, 0, ReadTextAndLenW<0>, F0100982015606000, "010037400DAAE000", "1.0.0"}}, // dialogue + {0x80129160, {CODEC_UTF16, 0, 0, ReadTextAndLenW<2>, F0100982015606000, "010037400DAAE000", "1.0.0"}}, // choice + // Zettai Kaikyu Gakuen + {0x80067b5c, {CODEC_UTF16, 1, 0, 0, F010021300F69E000<0>, "010021300F69E000", "1.0.0"}}, // name+ dialogue main(ADV)+choices + {0x80067cd4, {CODEC_UTF16, 1, 0, 0, F010021300F69E000<1>, "010021300F69E000", "1.0.0"}}, // dialogueNVL + // Dragon Quest Builders 2 + {0x805f8900, {CODEC_UTF8, 1, 0, 0, F010050000705E000, "010050000705E000", "1.7.3"}}, // Main text textbox + {0x8068a698, {CODEC_UTF8, 0, 0, 0, F010050000705E000, "010050000705E000", "1.7.3"}}, // Not press to continue text + {0x806e4118, {CODEC_UTF8, 3, 0, 0, F010050000705E000, "010050000705E000", "1.7.3"}}, // Character creation text + {0x8067459c, {CODEC_UTF8, 1, 0, 0, F010050000705E000, "010050000705E000", "1.7.3"}}, // Objective progress1 + {0x800a4f90, {CODEC_UTF8, 0, 0, 0, F010050000705E000, "010050000705E000", "1.7.3"}}, // Objective progress2 + {0x8060a1c0, {CODEC_UTF8, 0, 0, 0, F010050000705E000, "010050000705E000", "1.7.3"}}, // Infos1 + {0x805f6130, {CODEC_UTF8, 1, 0, 0, F010050000705E000, "010050000705E000", "1.7.3"}}, // Infos2 + {0x80639b6c, {CODEC_UTF8, 2, 0, 0, F010050000705E000, "010050000705E000", "1.7.3"}}, // Item description + {0x807185ac, {CODEC_UTF8, 1, 0, 0, F010050000705E000, "010050000705E000", "1.7.3"}}, // Mission1 + {0x80657e4c, {CODEC_UTF8, 1, 0, 0, F010050000705E000, "010050000705E000", "1.7.3"}}, // Mission2 + {0x80713be0, {CODEC_UTF8, 1, 0, 0, F010050000705E000, "010050000705E000", "1.7.3"}}, // Mission3 + {0x8076ab04, {CODEC_UTF8, 1, 0, 0, F010050000705E000, "010050000705E000", "1.7.3"}}, // Tutorial header + {0x8076ab2c, {CODEC_UTF8, 1, 0, 0, F010050000705E000, "010050000705E000", "1.7.3"}}, // Tutorial explanation + // BUSTAFELLOWS season2 + {0x819ed3e4, {CODEC_UTF16, 0, 0, ReadTextAndLenW<0>, F0100874017BE2000, "010037400DAAE000", "1.0.0"}}, // dialogue + {0x82159cd0, {CODEC_UTF16, 0, 0, ReadTextAndLenW<1>, F0100874017BE2000, "010037400DAAE000", "1.0.0"}}, // textmessage + {0x81e17530, {CODEC_UTF16, 0, 0, ReadTextAndLenW<0>, F0100874017BE2000, "010037400DAAE000", "1.0.0"}}, // option + {0x81e99d64, {CODEC_UTF16, 0, 0, ReadTextAndLenW<0>, F0100874017BE2000, "010037400DAAE000", "1.0.0"}}, // choice + {0x8186f81c, {CODEC_UTF16, 0, 0, ReadTextAndLenW<0>, F0100874017BE2000, "010037400DAAE000", "1.0.0"}}, // archives + // 5分後に意外な結末 モノクロームの図書館 + {0x81fa4890, {CODEC_UTF16, 1, 0X14, 0, F010094601D910000, "010094601D910000", "1.0.1"}}, // book text + {0x81fa5250, {CODEC_UTF16, 1, 0X14, 0, F010094601D910000, "010094601D910000", "1.0.1"}}, // book text + {0x81b1c68c, {CODEC_UTF16, 0, 0X14, 0, F010094601D910000, "010094601D910000", "1.0.1"}}, // choice1 + {0x81b1c664, {CODEC_UTF16, 0, 0X14, 0, F010094601D910000, "010094601D910000", "1.0.1"}}, // choice2 + {0x81b1e5b0, {CODEC_UTF16, 3, 0X14, 0, F010094601D910000, "010094601D910000", "1.0.1"}}, // dialogue + // Tokimeki Memorial Girl’s Side 2nd Season for Nintendo Switch + {0x82058848, {CODEC_UTF16, 0, 0, ReadTextAndLenDW<0>, F010079201BD88000, "010079201BD88000", "1.0.1"}}, // dialogue1 + {0x82058aa0, {CODEC_UTF16, 0, 0, ReadTextAndLenDW<0>, F010079201BD88000, "010079201BD88000", "1.0.1"}}, // dialogue2 + {0x8205a244, {CODEC_UTF16, 0, 0, ReadTextAndLenDW<0>, F010079201BD88000, "010079201BD88000", "1.0.1"}}, // dialogue3 + {0x826ee1d8, {CODEC_UTF16, 0, 0, ReadTextAndLenDW<0>, F010079201BD88000, "010079201BD88000", "1.0.1"}}, // choice + {0x8218e258, {CODEC_UTF16, 0, 0, ReadTextAndLenDW<0>, F010079201BD88000, "010079201BD88000", "1.0.1"}}, // news + {0x823b61d4, {CODEC_UTF16, 0, 0, ReadTextAndLenDW<0>, F010079201BD88000, "010079201BD88000", "1.0.1"}}, // mail + {0x82253454, {CODEC_UTF16, 0, 0, ReadTextAndLenDW<0>, F010079201BD88000, "010079201BD88000", "1.0.1"}}, // luckyitem + {0x82269240, {CODEC_UTF16, 0, 0, ReadTextAndLenDW<0>, F010079201BD88000, "010079201BD88000", "1.0.1"}}, // profile1 + {0x82269138, {CODEC_UTF16, 0, 0, ReadTextAndLenDW<0>, F010079201BD88000, "010079201BD88000", "1.0.1"}}, // profile2 + {0x822691ec, {CODEC_UTF16, 0, 0, ReadTextAndLenDW<0>, F010079201BD88000, "010079201BD88000", "1.0.1"}}, // profile3 + {0x82269198, {CODEC_UTF16, 0, 0, ReadTextAndLenDW<0>, F010079201BD88000, "010079201BD88000", "1.0.1"}}, // profile4 + // Uta no☆Prince-sama♪ Repeat Love / うたの☆プリンスさまっ♪Repeat LOVE + {0x800374a0, {0, 0, 0, 0, F0100068019996000, "010024200E00A000", "1.0.0"}}, // Main Text + Name,sjis + {0x8002ea08, {0, 0, 0, 0, F0100068019996000, "010024200E00A000", "1.0.0"}}, // Choices,sjis + // ワンド オブ フォーチュン R~ for Nintendo Switch + {0x81ed0580, {CODEC_UTF16, 0, 0, ReadTextAndLenDW<0>, F0100DA201E0DA000, "01000C7019E1C000", "1.0.0"}}, // dialogue + {0x81f96bac, {CODEC_UTF16, 0, 0, ReadTextAndLenDW<0>, F0100DA201E0DA000, "01000C7019E1C000", "1.0.0"}}, // name + {0x8250ac28, {CODEC_UTF16, 0, 0, ReadTextAndLenDW<0>, F0100DA201E0DA000, "01000C7019E1C000", "1.0.0"}}, // choice + // ワンド オブ フォーチュン R2 ~時空に沈む黙示録~ for Nintendo Switch + {0x821540c4, {CODEC_UTF16, 0, 0, ReadTextAndLenW<0>, F0100DA201E0DA000, "010088A01A774000", "1.0.0"}}, // dialogue + {0x8353e674, {CODEC_UTF16, 0, 0, ReadTextAndLenW<0>, F0100DA201E0DA000, "010088A01A774000", "1.0.0"}}, // choice + {0x835015e8, {CODEC_UTF16, 0, 0, ReadTextAndLenW<0>, F0100DA201E0DA000, "010088A01A774000", "1.0.0"}}, // name + // Yo-kai Watch 4++ + {0x80a88080, {CODEC_UTF8, 1, 0, 0, F010086C00AF7C000, "010086C00AF7C000", "2.2.0"}}, // All Text + // Cupid Parasite -Sweet & Spicy Darling- + {0x80138150, {CODEC_UTF32, 2, 0, 0, F010079C017B98000, "010079C017B98000", "1.0.0"}}, // name + text + {0x801a1bf0, {CODEC_UTF32, 0, 0, 0, F010079C017B98000, "010079C017B98000", "1.0.0"}}, // choice + // DesperaDrops + {0x8199c95c, {CODEC_UTF16, 0, 0, ReadTextAndLenDW<1>, F010061A01C1CE000, "010061A01C1CE000", "1.0.0"}}, // text1 + {0x81d5c900, {CODEC_UTF16, 0, 0, ReadTextAndLenDW<1>, F010061A01C1CE000, "010061A01C1CE000", "1.0.0"}}, // text2 + {0x820d6324, {CODEC_UTF16, 0, 0, ReadTextAndLenDW<1>, F010061A01C1CE000, "010061A01C1CE000", "1.0.0"}}, // choice + // Dragon Ball Z: Kakarot + {0x812a8e28, {CODEC_UTF16, 0, 0, 0, F01008C0016544000, "0100EF00134F4000", "1.50"}}, // Main Text + {0x812a8c90, {CODEC_UTF16, 0, 0, 0, F01008C0016544000, "0100EF00134F4000", "1.50"}}, // Name + {0x80bfbff0, {CODEC_UTF16, 0, 0, 0, F01008C0016544000, "0100EF00134F4000", "1.50"}}, // Ptc Text + {0x80bfbfd4, {CODEC_UTF16, 0, 0, 0, F01008C0016544000, "0100EF00134F4000", "1.50"}}, // Ptc Name + {0x8126a538, {CODEC_UTF16, 0, 0, 0, F01008C0016544000, "0100EF00134F4000", "1.50"}}, // Info + {0x8106fcbc, {CODEC_UTF16, 0, 0, 0, F01008C0016544000, "0100EF00134F4000", "1.50"}}, // More Info + {0x80fad204, {CODEC_UTF16, 0, 0, 0, F01008C0016544000, "0100EF00134F4000", "1.50"}}, // Hint Part1 + {0x80fad2d0, {CODEC_UTF16, 0, 0, 0, F01008C0016544000, "0100EF00134F4000", "1.50"}}, // Hint Part2 + {0x80facf1c, {CODEC_UTF16, 0, 0, 0, F01008C0016544000, "0100EF00134F4000", "1.50"}}, // Loading Title + {0x80fad018, {CODEC_UTF16, 0, 0, 0, F01008C0016544000, "0100EF00134F4000", "1.50"}}, // Loading Description + {0x81250c50, {CODEC_UTF16, 0, 0, 0, F01008C0016544000, "0100EF00134F4000", "1.50"}}, // Tutorial h1 + {0x81250df0, {CODEC_UTF16, 0, 0, 0, F01008C0016544000, "0100EF00134F4000", "1.50"}}, // Tutorial h2 + {0x81251e80, {CODEC_UTF16, 0, 0, 0, F01008C0016544000, "0100EF00134F4000", "1.50"}}, // Tutorial Description1 + {0x81252214, {CODEC_UTF16, 0, 0, 0, F01008C0016544000, "0100EF00134F4000", "1.50"}}, // Tutorial Description2 + {0x810ae1c4, {CODEC_UTF16, 0, 0, 0, F01008C0016544000, "0100EF00134F4000", "1.50"}}, // Config Description + {0x812a9bb8, {CODEC_UTF16, 0, 0, 0, F01008C0016544000, "0100EF00134F4000", "1.50"}}, // Menu Talk + {0x812a9b78, {CODEC_UTF16, 0, 0, 0, F01008C0016544000, "0100EF00134F4000", "1.50"}}, // Menu Name + // Harvestella + {0x80af7abc, {CODEC_UTF16, 0, 0, 0, F0100B0601852A000, "0100EDD018032000", "1.0.1"}}, // Main Text + {0x80c0beb8, {CODEC_UTF16, 0, 0, 0, F0100B0601852A000, "0100EDD018032000", "1.0.1"}}, // Tutorial + News + {0x80b87f94, {CODEC_UTF16, 0, 0, 0, F0100B0601852A000, "0100EDD018032000", "1.0.1"}}, // Tutorial Part 2 + {0x80e1c378, {CODEC_UTF16, 0, 0, 0, F0100B0601852A000, "0100EDD018032000", "1.0.1"}}, // Mission Title + {0x80a7d7f4, {CODEC_UTF16, 0, 0, 0, F0100B0601852A000, "0100EDD018032000", "1.0.1"}}, // Mission Description + {0x80e39130, {CODEC_UTF16, 0, 0, 0, F0100B0601852A000, "0100EDD018032000", "1.0.1"}}, // Item Name + {0x80e38f80, {CODEC_UTF16, 0, 0, 0, F0100B0601852A000, "0100EDD018032000", "1.0.1"}}, // Item Description Part1 + {0x80e38ea8, {CODEC_UTF16, 0, 0, 0, F0100B0601852A000, "0100EDD018032000", "1.0.1"}}, // Item Description Part2 + // Sen no Hatou, Tsukisome no Kouki + {0x8003fc90, {CODEC_UTF8, 1, 0, 0, 0, "0100F8A017BAA000", "1.0.0"}}, // text1 + {0x8017a740, {CODEC_UTF8, 0, 0, 0, 0, "0100F8A017BAA000", "1.0.0"}}, // text2 + // Olympia Soiree + {0x8002ad60, {CODEC_UTF8, 31, 0, 0, F0100C310110B4000, "0100F9D00C186000", "1.0.0"}}, + {0x8004b9e0, {CODEC_UTF8, 1, 0, 0, F0100C310110B4000, "0100F9D00C186000", "1.0.0"}}, + // Getsuei no Kusari -Sakuran Paranoia- + {0x21801c, {0, 2, 0, 0, F0100F7401AA74000, "0100F7401AA74000", "1.0.0"}}, // text,sjis + {0x228fac, {0, 1, 0, 0, F0100F7401AA74000, "0100F7401AA74000", "1.0.0"}}, // choices + {0x267f24, {0, 1, 0, 0, F0100F7401AA74000, "0100F7401AA74000", "1.0.0"}}, // dictionary + // Xenoblade Chronicles 2 + {0x8010b180, {CODEC_UTF8, 1, 0, 0, F01006F000B056000, "0100F3400332C000", "2.0.2"}}, // Text + // Kanon + {0x800dc524, {CODEC_UTF16, 0, 0, 0, F0100FB7019ADE000, "0100FB7019ADE000", "1.0.0"}}, // Text + // Princess Arthur + {0x80066e10, {0, 2, 0, 0, F0100FC2019346000, "0100FC2019346000", "1.0.0"}}, // Dialogue text ,sjis + {0x8001f7d0, {0, 0, 0, 0, F0100FC2019346000, "0100FC2019346000", "1.0.0"}}, // Name + // Layton’s Mystery Journey: Katrielle and the Millionaires’ Conspiracy + {0x8025d520, {0, 2, 0, 0, F0100FDB00AA80000, "0100FDB00AA80000", "1.1.0"}}, // All Text ,sjis + // Xenoblade Chronicles: Definitive Edition + {0x808a5670, {CODEC_UTF8, 1, 0, 0, F0100FF500E34A000, "0100FF500E34A000", "1.1.2"}}, // Main Text + {0x80305968, {CODEC_UTF8, 1, 0, 0, F0100FF500E34A000, "0100FF500E34A000", "1.1.2"}}, // Choices + {0x8029edc8, {CODEC_UTF8, 0, 0, 0, F0100FF500E34A000, "0100FF500E34A000", "1.1.2"}}, // Item Name + {0x8029ede8, {CODEC_UTF8, 0, 0, 0, F0100FF500E34A000, "0100FF500E34A000", "1.1.2"}}, // Item Description + {0x8026a454, {CODEC_UTF8, 0, 0, 0, F0100FF500E34A000, "0100FF500E34A000", "1.1.2"}}, // Acquired Item Name + {0x803c725c, {CODEC_UTF8, 0, 0, 0, F0100FF500E34A000, "0100FF500E34A000", "1.1.2"}}, // Acquired Item Notification + {0x802794cc, {CODEC_UTF8, 0, 0, 0, F0100FF500E34A000, "0100FF500E34A000", "1.1.2"}}, // Location Discovered + // Unicorn Overlord + {0x805ae1f8, {CODEC_UTF8, 1, 0, 0, F01000AE01954A000, "01000AE01954A000", "1.00"}}, // Text + // Octopath Traveler + {0x8005ef78, {CODEC_UTF32, 0, 0, 0, 0, "01000E200DC58000", "1.0.0"}}, // Text + // The World Ends with You: Final Remix + {0x80706ab8, {CODEC_UTF16, 2, 0, 0, F01006F000B056000, "01001C1009892000", "1.0.0"}}, // Text + // JackJanne + {0x81f02cd8, {CODEC_UTF16, 0, 0, ReadTextAndLenDW<0>, F0100982015606000, "01001DD010A2E800", "1.0.5"}}, // Text + {0x821db028, {CODEC_UTF16, 0, 0, ReadTextAndLenDW<0>, F0100982015606000, "01001DD010A2E800", "1.0.5"}}, // choice + // Collar x Malice + {0x800444c4, {CODEC_UTF8, 0, 0, 0, 0, "01002B400E9DA000", "1.0.0"}}, // Text + // Kanda Alice mo Suiri Suru. + {0x80041db0, {0, 0, 0, 0, F01003BD013E30000, "01003BD013E30000", "1.0.0"}}, // sjis + // Rune Factory 3 Special + {0x81fb3364, {CODEC_UTF16, 0, 0, ReadTextAndLenDW<0>, F01001EF017BE6000, "01001EF017BE6000", "1.0.4"}}, // Main Text + {0x826c0f20, {CODEC_UTF16, 0, 0, ReadTextAndLenDW<1>, F01001EF017BE6000, "01001EF017BE6000", "1.0.4"}}, // Aproach + {0x81fb3320, {CODEC_UTF16, 0, 0, ReadTextAndLenDW<0>, F01001EF017BE6000, "01001EF017BE6000", "1.0.4"}}, // Choices + {0x821497e8, {CODEC_UTF16, 0, 0, ReadTextAndLenDW<1>, F01001EF017BE6000, "01001EF017BE6000", "1.0.4"}}, // Calendar + {0x826ba1a0, {CODEC_UTF16, 0, 0, ReadTextAndLenDW<1>, F01001EF017BE6000, "01001EF017BE6000", "1.0.4"}}, // Info + {0x823f6200, {CODEC_UTF16, 0, 0, ReadTextAndLenDW<0>, F01001EF017BE6000, "01001EF017BE6000", "1.0.4"}}, // More Info + {0x826c381c, {CODEC_UTF16, 0, 0, ReadTextAndLenDW<1>, F01001EF017BE6000, "01001EF017BE6000", "1.0.4"}}, // Item Select Name + // Toraware no Paruma -Refrain- + {0x80697300, {CODEC_UTF16, 0, 0, ReadTextAndLenDW<1>, F01000EA00D2EE000, "01000EA00D2EE000", "1.0.0"}}, // text x1 + {0x806f43c0, {CODEC_UTF16, 0, 0, ReadTextAndLenDW<0>, F01000EA00D2EE000, "01000EA00D2EE000", "1.0.0"}}, // name x0 + {0x80d2aca4, {CODEC_UTF16, 0, 0, ReadTextAndLenDW<0>, F01000EA00D2EE000, "01000EA00D2EE000", "1.0.0"}}, // choice x0 + {0x804b04c8, {CODEC_UTF16, 0, 0, ReadTextAndLenDW<0>, F01000EA00D2EE000, "01000EA00D2EE000", "1.0.0"}}, // alert x0 + {0x804b725c, {CODEC_UTF16, 0, 0, ReadTextAndLenDW<0>, F01000EA00D2EE000, "01000EA00D2EE000", "1.0.0"}}, // prompt x0 + // Aiyoku no Eustia + {0x804BEFD0, {CODEC_UTF8, 0, 0, 0, F01006590155AC000, "01001CC017BB2000", "1.0.0"}}, // x0 - name + {0x804BEFE8, {CODEC_UTF8, 0, 0, 0, F01006590155AC000, "01001CC017BB2000", "1.0.0"}}, // x0 - dialogue + {0x804d043c, {CODEC_UTF8, 0, 0, 0, F01006590155AC000, "01001CC017BB2000", "1.0.0"}}, // x0 - choice + // Jakou no Lyla ~Trap of MUSK~ + {0x80167100, {CODEC_UTF32, 1, 0, 0, F010093800DB1C000, "010093800DB1C000", "1.0.0"}}, // x1 text + name (unformated), #T1 #T2, #T0 1. European night + {0x801589a0, {CODEC_UTF32, 1, 0, 0, F010093800DB1C000, "010093800DB1C000", "1.0.0"}}, // x0=x1=choice (sig=SltAdd) + {0x801b4300, {CODEC_UTF32, 1, 0, 0, F010093800DB1C000, "010093800DB1C000", "1.0.0"}}, // x1 text + name (unformated), #T1 #T2, #T0 2. Asian night + {0x802a9170, {CODEC_UTF32, 1, 0, 0, F010093800DB1C000, "010093800DB1C000", "1.0.0"}}, // x0=x1=choice (sig=SltAdd) + {0x80301e80, {CODEC_UTF32, 1, 0, 0, F010093800DB1C000, "010093800DB1C000", "1.0.0"}}, // x1 text + name (unformated), #T1 #T2, #T0 3. Arabic night + {0x803f7a90, {CODEC_UTF32, 1, 0, 0, F010093800DB1C000, "010093800DB1C000", "1.0.0"}}, // x0=x1=choice (sig=SltAdd) + // Galleria no Chika Meikyuu to Majo no Ryodan ガレリアの地下迷宮と魔女ノ旅団 + {0x8002f64c, {CODEC_UTF8, 0, 0, 0, 0, "01007010157B4000", "1.0.1"}}, // Main Text + // Dragon's Dogma: Dark Arisen + {0x81023a80, {CODEC_UTF8, 1, 0, 0, F010057E00AC56000, "010057E00AC56000", "1.0.1"}}, // Main Text + {0x8103e140, {CODEC_UTF8, 1, 0, 0, F010057E00AC56000, "010057E00AC56000", "1.0.1"}}, // Allies + Cutscene Text + {0x8103bb10, {CODEC_UTF8, 1, 0, 0, F010057E00AC56000, "010057E00AC56000", "1.0.1"}}, // NPC Text + {0x80150720, {CODEC_UTF8, 0, 0, 0, F010057E00AC56000, "010057E00AC56000", "1.0.1"}}, // Intro Message + {0x80df90a8, {CODEC_UTF8, 0, 0, 0, F010057E00AC56000, "010057E00AC56000", "1.0.1"}}, // Info1 + {0x80ce2bb8, {CODEC_UTF8, 0, 0, 0, F010057E00AC56000, "010057E00AC56000", "1.0.1"}}, // Info2 + {0x80292d84, {CODEC_UTF8, 0, 0, 0, F010057E00AC56000, "010057E00AC56000", "1.0.1"}}, // Info Popup1 + {0x80cfac6c, {CODEC_UTF8, 0, 0, 0, F010057E00AC56000, "010057E00AC56000", "1.0.1"}}, // Info Popup2 + {0x8102d460, {CODEC_UTF8, 1, 0, 0, F010057E00AC56000, "010057E00AC56000", "1.0.1"}}, // Description + // Yo-kai Watch Jam - Yo-kai Academy Y: Waiwai Gakuen + {0x80dd0cec, {CODEC_UTF8, 0, 0, 0, F010051D010FC2000, "010051D010FC2000", "4.0.0"}}, // Dialogue text + {0x80e33450, {CODEC_UTF8, 3, 0, 0, F010051D010FC2000, "010051D010FC2000", "4.0.0"}}, // Other Dialogue text + {0x80c807c0, {CODEC_UTF8, 0, 0, 0, F010051D010FC2000, "010051D010FC2000", "4.0.0"}}, // Item description etc text + {0x808d9a30, {CODEC_UTF8, 0, 0, 0, F010051D010FC2000, "010051D010FC2000", "4.0.0"}}, // Tutorial Text + {0x811b95ac, {CODEC_UTF8, 3, 0, 0, F010051D010FC2000, "010051D010FC2000", "4.0.0"}}, // Menu screen + {0x80e20290, {CODEC_UTF8, 3, 0, 0, F010051D010FC2000, "010051D010FC2000", "4.0.0"}}, // Opening Song Text etc + {0x80c43680, {CODEC_UTF8, 3, 0, 0, F010051D010FC2000, "010051D010FC2000", "4.0.0"}}, // Cutscene Text + // NEO: The World Ends With You + {0x81581d6c, {CODEC_UTF16, 0, 0, ReadTextAndLenDW<1>, F010043B013C5C000, "010043B013C5C000", "1.03"}}, // Text + {0x818eb248, {CODEC_UTF16, 0, 0, ReadTextAndLenDW<0>, F010043B013C5C000, "010043B013C5C000", "1.03"}}, // Objective + {0x81db84a4, {CODEC_UTF16, 0, 0, ReadTextAndLenDW<0>, F010043B013C5C000, "010043B013C5C000", "1.03"}}, // Menu: Collection Item Name + {0x81db8660, {CODEC_UTF16, 0, 0, ReadTextAndLenDW<1>, F010043B013C5C000, "010043B013C5C000", "1.03"}}, // Menu: Collection Item Description + {0x81c71a48, {CODEC_UTF16, 0, 0, ReadTextAndLenDW<0>, F010043B013C5C000, "010043B013C5C000", "1.03"}}, // Tutorial Title + {0x81c71b28, {CODEC_UTF16, 0, 0, ReadTextAndLenDW<0>, F010043B013C5C000, "010043B013C5C000", "1.03"}}, // Tutorial Description + // Eiyuden Chronicle: Rising + {0x82480190, {CODEC_UTF16, 0, 0, ReadTextAndLenDW<1>, 0, "010039B015CB6000", "1.02"}}, // Main Text + {0x824805d0, {CODEC_UTF16, 0, 0, ReadTextAndLenDW<1>, 0, "010039B015CB6000", "1.02"}}, // Name + {0x81f05c44, {CODEC_UTF16, 0, 0, ReadTextAndLenDW<0>, 0, "010039B015CB6000", "1.02"}}, // Intro Text + {0x82522ac4, {CODEC_UTF16, 0, 0, ReadTextAndLenDW<0>, 0, "010039B015CB6000", "1.02"}}, // Character Info + {0x81b715f4, {CODEC_UTF16, 0, 0, ReadTextAndLenDW<0>, 0, "010039B015CB6000", "1.02"}}, // Info + {0x825274d0, {CODEC_UTF16, 0, 0, ReadTextAndLenDW<1>, 0, "010039B015CB6000", "1.02"}}, // Info2 + {0x825269b0, {CODEC_UTF16, 0, 0, ReadTextAndLenDW<0>, 0, "010039B015CB6000", "1.02"}}, // Tutorial Title + {0x82526a0c, {CODEC_UTF16, 0, 0, ReadTextAndLenDW<0>, 0, "010039B015CB6000", "1.02"}}, // Tutorial Description + {0x82523e04, {CODEC_UTF16, 0, 0, ReadTextAndLenDW<0>, 0, "010039B015CB6000", "1.02"}}, // Objective Title + {0x82524160, {CODEC_UTF16, 0, 0, ReadTextAndLenDW<0>, 0, "010039B015CB6000", "1.02"}}, // Objective Description + {0x81f0351c, {CODEC_UTF16, 0, 0, ReadTextAndLenDW<0>, 0, "010039B015CB6000", "1.02"}}, // Location Selection Title + {0x81f0358c, {CODEC_UTF16, 0, 0, ReadTextAndLenDW<0>, 0, "010039B015CB6000", "1.02"}}, // Location Selection Description + {0x81f0d520, {CODEC_UTF16, 0, 0, ReadTextAndLenDW<0>, 0, "010039B015CB6000", "1.02"}}, // Quest Title + {0x81f0d58c, {CODEC_UTF16, 0, 0, ReadTextAndLenDW<0>, 0, "010039B015CB6000", "1.02"}}, // Quest Description + {0x81f00318, {CODEC_UTF16, 0, 0, ReadTextAndLenDW<0>, 0, "010039B015CB6000", "1.02"}}, // Help Title + {0x81f00368, {CODEC_UTF16, 0, 0, ReadTextAndLenDW<0>, 0, "010039B015CB6000", "1.02"}}, // Help Description + {0x81f0866c, {CODEC_UTF16, 0, 0, ReadTextAndLenDW<0>, 0, "010039B015CB6000", "1.02"}}, // Config Description + // Ghost Trick: Phantom Detective + {0x81448898, {CODEC_UTF16, 0, 0, 0, F010043B013C5C000, "010029B018432000", "1.0.0"}}, // Main Text + {0x80c540d4, {CODEC_UTF16, 0, 0, 0, F010043B013C5C000, "010029B018432000", "1.0.0"}}, // Secondary Text + {0x80e50dd4, {CODEC_UTF16, 0, 0, 0, F010043B013C5C000, "010029B018432000", "1.0.0"}}, // Object Name + {0x80f91c08, {CODEC_UTF16, 0, 0, 0, F010043B013C5C000, "010029B018432000", "1.0.0"}}, // Language Selection + {0x805c9014, {CODEC_UTF16, 0, 0, 0, F010043B013C5C000, "010029B018432000", "1.0.0"}}, // Story/Character Info + // Higurashi no Naku Koro ni Hou + {0x800bd6c8, {0, 0, 0, 0, F0100F6A00A684000, "0100F6A00A684000", "1.0.0"}}, // sjis + {0x800c2d20, {0, 0, 0, 0, F0100F6A00A684000, "0100F6A00A684000", "1.2.0"}}, // sjis + // Umineko no Naku Koro ni Saku ~Nekobako to Musou no Koukyoukyoku~ + {0x800b4560, {CODEC_UTF8, 0, 0, 0, 0, "01006A300BA2C000", "1.0.0"}}, // x0 name + text (bottom, center) - whole line. filter is to complex, quit. + {0x801049c0, {CODEC_UTF8, 0, 0, 0, 0, "01006A300BA2C000", "1.0.0"}}, // x0 prompt, bottomLeft + {0x80026378, {CODEC_UTF8, 0, 0, 0, 0, "01006A300BA2C000", "1.0.0"}}, // x0 Yes|No + {0x801049a8, {CODEC_UTF8, 0, 0, 0, 0, "01006A300BA2C000", "1.0.0"}}, // x0 topLeft (double: ♪ + text) + + // Koroshiya to Strawberry- Plus + {0x81322cec, {CODEC_UTF16, 0, 0, ReadTextAndLenW<0>, F010042300C4F6000, "0100E390145C8000", "1.0.0"}}, // dialogue + {0x819b1a78, {CODEC_UTF16, 0, 0, ReadTextAndLenW<2>, F010042300C4F6000, "0100E390145C8000", "1.0.0"}}, // dialogue + {0x81314e8c, {CODEC_UTF16, 0, 0, ReadTextAndLenW<0>, F010042300C4F6000, "0100E390145C8000", "1.0.0"}}, // dialogue + // Tokimeki Memorial Girl's Side 1st Love for Nintendo Switch + {0x822454a4, {CODEC_UTF16, 0, 0, ReadTextAndLenDW<0>, F0100D9A01BD86000, "0100D9A01BD86000", "1.0.1"}}, // dialogue1 + {0x82247138, {CODEC_UTF16, 0, 0, ReadTextAndLenDW<0>, F0100D9A01BD86000, "0100D9A01BD86000", "1.0.1"}}, // dialogue2 + {0x822472e0, {CODEC_UTF16, 0, 0, ReadTextAndLenDW<0>, F0100D9A01BD86000, "0100D9A01BD86000", "1.0.1"}}, // dialogue3 + {0x82156988, {CODEC_UTF16, 0, 0, ReadTextAndLenDW<0>, F0100D9A01BD86000, "0100D9A01BD86000", "1.0.1"}}, // choice + {0x82642200, {CODEC_UTF16, 0, 0, ReadTextAndLenDW<2>, F0100D9A01BD86000, "0100D9A01BD86000", "1.0.1"}}, // option1 + {0x81ecd758, {CODEC_UTF16, 0, 0, ReadTextAndLenDW<0>, F0100D9A01BD86000, "0100D9A01BD86000", "1.0.1"}}, // option2 + {0x823185e4, {CODEC_UTF16, 0, 0, ReadTextAndLenDW<0>, F0100D9A01BD86000, "0100D9A01BD86000", "1.0.1"}}, // mail + {0x823f2edc, {CODEC_UTF16, 0, 0, ReadTextAndLenDW<0>, F0100D9A01BD86000, "0100D9A01BD86000", "1.0.1"}}, // roomDescript + {0x821e3cf0, {CODEC_UTF16, 0, 0, ReadTextAndLenDW<0>, F0100D9A01BD86000, "0100D9A01BD86000", "1.0.1"}}, // dateDescript + {0x81e20050, {CODEC_UTF16, 0, 0, ReadTextAndLenDW<0>, F0100D9A01BD86000, "0100D9A01BD86000", "1.0.1"}}, // characterDesc1 + {0x81e1fe50, {CODEC_UTF16, 0, 0, ReadTextAndLenDW<0>, F0100D9A01BD86000, "0100D9A01BD86000", "1.0.1"}}, // characterDesc2 + {0x81e1feb0, {CODEC_UTF16, 0, 0, ReadTextAndLenDW<0>, F0100D9A01BD86000, "0100D9A01BD86000", "1.0.1"}}, // characterDesc3 + {0x81e1ff04, {CODEC_UTF16, 0, 0, ReadTextAndLenDW<0>, F0100D9A01BD86000, "0100D9A01BD86000", "1.0.1"}}, // characterDesc4 + {0x821d03b0, {CODEC_UTF16, 0, 0, ReadTextAndLenDW<3>, F0100D9A01BD86000, "0100D9A01BD86000", "1.0.1"}}, // news + {0x82312008, {CODEC_UTF16, 0, 0, ReadTextAndLenDW<0>, F0100D9A01BD86000, "0100D9A01BD86000", "1.0.1"}}, // luckyitem + // Triangle Strategy + {0x80aadebc, {CODEC_UTF16, 0, 0, 0, F0100CC80140F8000<0>, "0100CC80140F8000", "1.1.0"}}, // Main Text + {0x81358ce4, {CODEC_UTF16, 3, 0, 0, F0100CC80140F8000<1>, "0100CC80140F8000", "1.1.0"}}, // Secondary Text + {0x80a38988, {CODEC_UTF16, 0, 0, 0, F0100CC80140F8000<2>, "0100CC80140F8000", "1.1.0"}}, // Info Contents + {0x80aa4aec, {CODEC_UTF16, 0, 0, 0, F0100CC80140F8000<3>, "0100CC80140F8000", "1.1.0"}}, // Info + {0x80b1f300, {CODEC_UTF16, 0, 0, 0, F0100CC80140F8000<4>, "0100CC80140F8000", "1.1.0"}}, // Difficulty Selection Part1 + {0x80b1f670, {CODEC_UTF16, 0, 0, 0, F0100CC80140F8000<5>, "0100CC80140F8000", "1.1.0"}}, // Difficulty Selection Part2 + {0x80aa48f0, {CODEC_UTF16, 0, 0, 0, F0100CC80140F8000<6>, "0100CC80140F8000", "1.1.0"}}, // PopUp Message + // Xenoblade Chronicles 3 + {0x80cf6ddc, {CODEC_UTF8, 0, 0, 0, F010074F013262000, "010074F013262000", "2.2.0"}}, // Main Text + {0x80e76150, {CODEC_UTF8, 0, 0, 0, F010074F013262000, "010074F013262000", "2.2.0"}}, // Secondary Text + {0x807b4ee4, {CODEC_UTF8, 1, 0, 0, F010074F013262000, "010074F013262000", "2.2.0"}}, // Tutorial Description + {0x80850218, {CODEC_UTF8, 0, 0, 0, F010074F013262000, "010074F013262000", "2.2.0"}}, // Objective + // CLOCK ZERO ~Shuuen no Ichibyou~ Devote + {0x8003c290, {0, 0, 0, 0, F0100BDD01AAE4000, "01008C100C572000", "1.0.0"}}, // name,sjis + {0x8003c184, {0, 0, 0, 0, F0100BDD01AAE4000, "01008C100C572000", "1.0.0"}}, // dialogue + {0x8001f6d0, {0, 0, 0, 0, F0100BDD01AAE4000, "01008C100C572000", "1.0.0"}}, // prompt + // Shuuen no Virche -ErroR:salvation + {0x8001f594, {CODEC_UTF8, 0, 0x1C, 0, F0100C310110B4000, "01005B9014BE0000", "1.0.0"}}, // dialog + {0x8001f668, {CODEC_UTF8, 0, 0x1C, 0, F0100C310110B4000, "01005B9014BE0000", "1.0.0"}}, // center + {0x8003d540, {CODEC_UTF8, 0, 0, 0, F0100C310110B4000, "01005B9014BE0000", "1.0.0"}}, // choice + // Shuuen no Virche -EpiC:lycoris- + {0x8002bf6c, {CODEC_UTF8, 0, 0x1c, 0, FF010061300DF48000_2, "01004D601B0AA000", "1.0.1"}}, + {0x8004e720, {CODEC_UTF8, 1, 0, 0, FF010061300DF48000_2, "01004D601B0AA000", "1.0.1"}}, + // Spade no Kuni no Alice ~Wonderful White World~ / スペードの国のアリス ~Wonderful White World~ + {0x8135d018, {CODEC_UTF16, 0, 0, ReadTextAndLenDW<1>, F01008C0016544000, "01003FE00E2F8000", "1.0.0"}}, // Text + Name + // Spade no Kuni no Alice ~Wonderful Black World~ (スペードの国のアリス ~Wonderful Black World~) + {0x819dbdc8, {CODEC_UTF16, 0, 0x14, 0, F0100AB100E2FA000, "0100AB100E2FA000", "1.0.0"}}, + {0x81f8e564, {CODEC_UTF16, 1, 0x14, 0, F0100AB100E2FA000, "0100AB100E2FA000", "1.0.0"}}, + // 十三支演義 偃月三国伝1・2 for Nintendo Switch (Juuzaengi ~Engetsu Sangokuden~) + {0x82031f20, {CODEC_UTF16, 0, 0, ReadTextAndLenDW<2>, F0100DA201E0DA000, "01003D2017FEA000", "1.0.0"}}, // name + {0x82ef9550, {CODEC_UTF16, 0, 0, ReadTextAndLenDW<1>, F0100DA201E0DA000, "01003D2017FEA000", "1.0.0"}}, // dialogue + {0x83252e0c, {CODEC_UTF16, 0, 0, ReadTextAndLenDW<0>, F0100DA201E0DA000, "01003D2017FEA000", "1.0.0"}}, // choice + // Tales of Vesperia: Definitive Edition + {0x802de170, {CODEC_UTF8, 2, 0, 0, F01002C0008E52000, "01002C0008E52000", "1.0.2"}}, // Ptc Text + {0x802cf170, {CODEC_UTF8, 3, 0, 0, F01002C0008E52000, "01002C0008E52000", "1.0.2"}}, // Cutscene + {0x8019957c, {CODEC_UTF8, 0, 0, 0, F01002C0008E52000, "01002C0008E52000", "1.0.2"}}, // Conversation + {0x802c0600, {CODEC_UTF8, 2, 0, 0, F01002C0008E52000, "01002C0008E52000", "1.0.2"}}, // Info + {0x801135fc, {CODEC_UTF8, 0, 0, 0, F01002C0008E52000, "01002C0008E52000", "1.0.2"}}, // Post Battle Text + // Nil Adminari no Tenbin Irodori Nadeshiko + {0x8005fd5c, {CODEC_UTF8, 0, 0, 0, F0100BDD01AAE4000, "01002BB00A662000", "1.0.0"}}, // name + {0x800db0d8, {CODEC_UTF8, 0, 20, 0, F0100BDD01AAE4000, "01002BB00A662000", "1.0.0"}}, // name + // Hanayaka Nari, Waga Ichizoku Modern Nostalgie + {0x2509ac, {CODEC_UTF8, 0, 0, T0100B5500CA0C000, F0100B5500CA0C000, "01008DE00C022000", "1.0.0"}}, + // Hanayaka Nari, Waga Ichizoku Gentou Nostalgie + {0x27ca10, {CODEC_UTF8, 0, 0, T0100B5500CA0C000, F0100B5500CA0C000, "0100B5500CA0C000", "1.0.0"}}, // x3 (double trigged), name+text, onscreen + // Master Detective Archives: Rain Code + {0x80bf2034, {CODEC_UTF16, 0, 0, 0, F0100F4401940A000, "0100F4401940A000", "1.3.3"}}, // Dialogue text + {0x80c099d4, {CODEC_UTF16, 0, 0, 0, F0100F4401940A000, "0100F4401940A000", "1.3.3"}}, // Cutscene text + {0x80cbf1f4, {CODEC_UTF16, 0, 0, 0, F0100F4401940A000, "0100F4401940A000", "1.3.3"}}, // Menu + {0x80cbc11c, {CODEC_UTF16, 0, 0, 0, F0100DA201E0DA000, "0100F4401940A000", "1.3.3"}}, // Menu Item Description + {0x80cacc14, {CODEC_UTF16, 0, 0, 0, F0100DA201E0DA000, "0100F4401940A000", "1.3.3"}}, // Menu Item Description 2 + {0x80cd6410, {CODEC_UTF16, 0, 0, 0, F0100DA201E0DA000, "0100F4401940A000", "1.3.3"}}, // Menu Item Description 3 + {0x80c214d4, {CODEC_UTF16, 0, 0, 0, F0100F4401940A000, "0100F4401940A000", "1.3.3"}}, // Description + {0x80cc9908, {CODEC_UTF16, 0, 0, 0, F0100DA201E0DA000, "0100F4401940A000", "1.3.3"}}, // Mini game item description + {0x80bce36c, {CODEC_UTF16, 0, 0, 0, F0100F4401940A000, "0100F4401940A000", "1.3.3"}}, // Tutorial + {0x80bcb7d4, {CODEC_UTF16, 0, 0, 0, F0100F4401940A000, "0100F4401940A000", "1.3.3"}}, // Loading Screen information + {0x80bf32d8, {CODEC_UTF16, 0, 0, 0, F0100F4401940A000, "0100F4401940A000", "1.3.3"}}, // Choices + // Fire Emblem: Three Houses + {0x8041e6bc, {CODEC_UTF8, 0, 0, 0, F010055D009F78000, "010055D009F78000", "1.2.0"}}, // Main Text + {0x805ca570, {CODEC_UTF8, 0, 0, 0, F010055D009F78000, "010055D009F78000", "1.2.0"}}, // Cutscene Text + {0x8049f1e8, {CODEC_UTF8, 0, 0, 0, F010055D009F78000, "010055D009F78000", "1.2.0"}}, // Cutscene Text Scroll + {0x805ee730, {CODEC_UTF8, 0, 0, 0, F010055D009F78000, "010055D009F78000", "1.2.0"}}, // Info + {0x805ee810, {CODEC_UTF8, 0, 0, 0, F010055D009F78000, "010055D009F78000", "1.2.0"}}, // Info Choice + {0x80467a60, {CODEC_UTF8, 0, 0, 0, F010055D009F78000, "010055D009F78000", "1.2.0"}}, // Location First Part + {0x805f0340, {CODEC_UTF8, 0, 0, 0, F010055D009F78000, "010055D009F78000", "1.2.0"}}, // Location Second Part + {0x801faae4, {CODEC_UTF8, 0, 0, 0, F010055D009F78000, "010055D009F78000", "1.2.0"}}, // Action Location + {0x803375e8, {CODEC_UTF8, 0, 0, 0, F010055D009F78000, "010055D009F78000", "1.2.0"}}, // Objective + {0x805fd870, {CODEC_UTF8, 0, 0, 0, F010055D009F78000, "010055D009F78000", "1.2.0"}}, // Tutorial + {0x804022f8, {CODEC_UTF8, 0, 0, 0, F010055D009F78000, "010055D009F78000", "1.2.0"}}, // Request + {0x802f7df4, {CODEC_UTF8, 0, 0, 0, F010055D009F78000, "010055D009F78000", "1.2.0"}}, // Quest Description + {0x8031af0c, {CODEC_UTF8, 0, 0, 0, F010055D009F78000, "010055D009F78000", "1.2.0"}}, // Aproach Text + // Sweet Clown ~Gozen San-ji no Okashi na Doukeshi~ + {0x20dbfc, {0, 0, 0x28, 0, F010028D0148E6000, "010028D0148E6000", "1.2.0"}}, // dialog, sjis + {0x214978, {0, 2, 0xC, 0, F010028D0148E6000, "010028D0148E6000", "1.2.0"}}, // choices + // SWEET CLOWN ~午前三時のオカシな道化師~ + {0x218B40, {FULL_STRING, 1, 0, 0, F010028D0148E6000_2, "010028D0148E6000", "1.0.1"}}, // TEXT + {0x20D420, {0, 0, 0, 0, 0, "010028D0148E6000", "1.0.1"}}, // NAME+TEXT + // Another Code: Recollection + {0x82dcad30, {CODEC_UTF16, 0, 0, ReadTextAndLenDW<1>, F0100CB9018F5A000, "0100CB9018F5A000", "1.0.0"}}, // Main Text + {0x82f2cfb0, {CODEC_UTF16, 0, 0, ReadTextAndLenDW<0>, F0100CB9018F5A000, "0100CB9018F5A000", "1.0.0"}}, // Item Description + {0x82dcc5fc, {CODEC_UTF16, 0, 0, ReadTextAndLenDW<0>, F0100CB9018F5A000, "0100CB9018F5A000", "1.0.0"}}, // Tutorial PopUp Header + {0x82dcc61c, {CODEC_UTF16, 0, 0, ReadTextAndLenDW<0>, F0100CB9018F5A000, "0100CB9018F5A000", "1.0.0"}}, // Tutorial PopUp Description + {0x82f89e78, {CODEC_UTF16, 0, 0, ReadTextAndLenDW<0>, F0100CB9018F5A000, "0100CB9018F5A000", "1.0.0"}}, // Aproach Text + {0x82973300, {CODEC_UTF16, 0, 0, ReadTextAndLenDW<1>, F0100CB9018F5A000, "0100CB9018F5A000", "1.0.0"}}, // Chapter + {0x82dd2604, {CODEC_UTF16, 0, 0, ReadTextAndLenDW<0>, F0100CB9018F5A000, "0100CB9018F5A000", "1.0.0"}}, // Location + {0x82bcb77c, {CODEC_UTF16, 0, 0, ReadTextAndLenDW<1>, F0100CB9018F5A000, "0100CB9018F5A000", "1.0.0"}}, // Save Message + {0x828ccfec, {CODEC_UTF16, 0, 0, ReadTextAndLenDW<0>, F0100CB9018F5A000, "0100CB9018F5A000", "1.0.0"}}, // Acquired Item + {0x83237b14, {CODEC_UTF16, 0, 0, ReadTextAndLenDW<0>, F0100CB9018F5A000, "0100CB9018F5A000", "1.0.0"}}, // Question Options + {0x82dcee10, {CODEC_UTF16, 0, 0, ReadTextAndLenDW<0>, F0100CB9018F5A000, "0100CB9018F5A000", "1.0.0"}}, // Tutorial Header + {0x82dcee38, {CODEC_UTF16, 0, 0, ReadTextAndLenDW<0>, F0100CB9018F5A000, "0100CB9018F5A000", "1.0.0"}}, // Tutorial Description + {0x82e5cadc, {CODEC_UTF16, 0, 0, ReadTextAndLenDW<0>, F0100CB9018F5A000, "0100CB9018F5A000", "1.0.0"}}, // Character Info Name + {0x82e5cc38, {CODEC_UTF16, 0, 0, ReadTextAndLenDW<0>, F0100CB9018F5A000, "0100CB9018F5A000", "1.0.0"}}, // Character Info Description + {0x82871ac8, {CODEC_UTF16, 0, 0, ReadTextAndLenDW<0>, F0100CB9018F5A000, "0100CB9018F5A000", "1.0.0"}}, // Letter Message + {0x82e4dad4, {CODEC_UTF16, 0, 0, ReadTextAndLenDW<0>, F0100CB9018F5A000, "0100CB9018F5A000", "1.0.0"}}, // アナザーキー + {0x82bd65d0, {CODEC_UTF16, 0, 0, ReadTextAndLenDW<0>, F0100CB9018F5A000, "0100CB9018F5A000", "1.0.0"}}, // Message Title + {0x82bd65f0, {CODEC_UTF16, 0, 0, ReadTextAndLenDW<0>, F0100CB9018F5A000, "0100CB9018F5A000", "1.0.0"}}, // Message Content + {0x82c1ccf0, {CODEC_UTF16, 0, 0, ReadTextAndLenDW<0>, F0100CB9018F5A000, "0100CB9018F5A000", "1.0.0"}}, // Decision Header + {0x82c1d218, {CODEC_UTF16, 0, 0, ReadTextAndLenDW<0>, F0100CB9018F5A000, "0100CB9018F5A000", "1.0.0"}}, // Decision1 + {0x82c1e43c, {CODEC_UTF16, 0, 0, ReadTextAndLenDW<0>, F0100CB9018F5A000, "0100CB9018F5A000", "1.0.0"}}, // Decision2 + // AI: The Somnium Files + {0x8165a9a4, {CODEC_UTF16, 0, 0, ReadTextAndLenDW<0>, F0100C7400CFB4000, "0100C7400CFB4000", "1.0.2"}}, // Main Text + Tutorial + {0x80320dd4, {CODEC_UTF16, 0, 0, ReadTextAndLenDW<1>, F0100C7400CFB4000, "0100C7400CFB4000", "1.0.2"}}, // Menu Interface Text1 + {0x80320e20, {CODEC_UTF16, 0, 0, ReadTextAndLenDW<1>, F0100C7400CFB4000, "0100C7400CFB4000", "1.0.2"}}, // Menu Interface Text2 + // AI: The Somnium Files - nirvanA Initiative + {0x8189ae64, {CODEC_UTF16, 0, 0, ReadTextAndLenDW<0>, F0100BD4014D8C000, "0100BD4014D8C000", "1.0.1"}}, // Main Text + Tutorial + {0x81813428, {CODEC_UTF16, 0, 0, ReadTextAndLenDW<0>, F0100BD4014D8C000, "0100BD4014D8C000", "1.0.1"}}, // Hover Investigation Text + {0x82e122b8, {CODEC_UTF16, 0, 0, ReadTextAndLenDW<0>, F0100BD4014D8C000, "0100BD4014D8C000", "1.0.1"}}, // Info + {0x82cffff8, {CODEC_UTF16, 0, 0, ReadTextAndLenDW<0>, F0100BD4014D8C000, "0100BD4014D8C000", "1.0.1"}}, // Config Description + {0x818c3cd8, {CODEC_UTF16, 0, 0, ReadTextAndLenDW<0>, F0100BD4014D8C000, "0100BD4014D8C000", "1.0.1"}}, // File: Names + {0x82ea1a38, {CODEC_UTF16, 0, 0, ReadTextAndLenDW<0>, F0100BD4014D8C000, "0100BD4014D8C000", "1.0.1"}}, // File: Contents + {0x82cbb1fc, {CODEC_UTF16, 0, 0, ReadTextAndLenDW<0>, F0100BD4014D8C000, "0100BD4014D8C000", "1.0.1"}}, // Investigation Choices + // Fata morgana no Yakata ~Dreams of the Revenants Edition~ / ファタモ + {0x8025a998, {CODEC_UTF16, 0, 0, ReadTextAndLenDW<0>, F01008C0016544000, "0100BE40138B8000", "1.0.1"}}, // Main Text + {0x801d6050, {CODEC_UTF16, 0, 0, ReadTextAndLenDW<0>, F01008C0016544000, "0100BE40138B8000", "1.0.1"}}, // Choices + // Ni no Kuni II: Revenant Kingdom + {0x80ac651c, {CODEC_UTF8, 0, 0, 0, F0100C4E013E5E000, "0100C4E013E5E000", "1.0.0"}}, // Main Text + {0x80335ea0, {CODEC_UTF8, 0, 0, 0, F0100C4E013E5E000, "0100C4E013E5E000", "1.0.0"}}, // Name + // Harukanaru Toki no Naka de 7 + {0x800102bc, {0, 0, 0, T0100CF400F7CE000<0>, F0100CF400F7CE000, "0100CF400F7CE000", "1.0.0"}}, // name, sjis + {0x80051f90, {0, 0, 0, T0100CF400F7CE000<1>, F0100CF400F7CE000, "0100CF400F7CE000", "1.0.0"}}, // text + {0x80010b48, {0, 0, 0, T0100CF400F7CE000<0>, F0100CF400F7CE000, "0100CF400F7CE000", "1.0.0"}}, // prompt + {0x80010c80, {0, 0, 0, T0100CF400F7CE000<0>, F0100CF400F7CE000, "0100CF400F7CE000", "1.0.0"}}, // choice + // Angelique Luminarise + {0x80046c04, {0, 0, 0, T0100CF400F7CE000<0>, F0100CF400F7CE000, "0100D11018A7E000", "1.0.0"}}, // ingameDialogue, sjis + {0x80011284, {0, 0, 0, T0100CF400F7CE000<0>, F0100CF400F7CE000, "0100D11018A7E000", "1.0.0"}}, // choice + {0x80011140, {0, 0, 0, T0100CF400F7CE000<0>, F0100CF400F7CE000, "0100D11018A7E000", "1.0.0"}}, // prompt first + // Star Ocean The Second Story R + {0x81d5e4d0, {0, 0, 0, ReadTextAndLenDW<1>, F010065301A2E0000, "010065301A2E0000", "1.0.2"}}, // Main Text + Tutorial + {0x81d641b4, {0, 0, 0, ReadTextAndLenDW<0>, F010065301A2E0000, "010065301A2E0000", "1.0.2"}}, // Intro Cutscene + {0x824b1f00, {0, 0, 0, ReadTextAndLenDW<0>, F010065301A2E0000, "010065301A2E0000", "1.0.2"}}, // Character Selection Name + {0x81d4c670, {0, 0, 0, ReadTextAndLenDW<0>, F010065301A2E0000, "010065301A2E0000", "1.0.2"}}, // Character Selection Lore + {0x8203a048, {0, 0, 0, ReadTextAndLenDW<0>, F010065301A2E0000, "010065301A2E0000", "1.0.2"}}, // General Description + {0x82108cd0, {0, 0, 0, ReadTextAndLenDW<1>, F010065301A2E0000, "010065301A2E0000", "1.0.2"}}, // Unique Spot Title + {0x827a9848, {0, 0, 0, ReadTextAndLenDW<0>, F010065301A2E0000, "010065301A2E0000", "1.0.2"}}, // Chest Item + {0x82756890, {0, 0, 0, ReadTextAndLenDW<1>, F010065301A2E0000, "010065301A2E0000", "1.0.2"}}, // Info + {0x82241410, {0, 0, 0, ReadTextAndLenDW<0>, F010065301A2E0000, "010065301A2E0000", "1.0.2"}}, // Menu Talk + {0x81d76404, {0, 0, 0, ReadTextAndLenDW<0>, F010065301A2E0000, "010065301A2E0000", "1.0.2"}}, // Secondary Talk + {0x821112e0, {0, 0, 0, ReadTextAndLenDW<0>, F010065301A2E0000, "010065301A2E0000", "1.0.2"}}, // Location + {0x82111320, {0, 0, 0, ReadTextAndLenDW<0>, F010065301A2E0000, "010065301A2E0000", "1.0.2"}}, // Location Interior + {0x81d6ea24, {0, 0, 0, ReadTextAndLenDW<1>, F010065301A2E0000, "010065301A2E0000", "1.0.2"}}, // Special Arts/Spells Name + {0x81d6ea68, {0, 0, 0, ReadTextAndLenDW<0>, F010065301A2E0000, "010065301A2E0000", "1.0.2"}}, // Special Arts/Spells Description + {0x81d6ed48, {0, 0, 0, ReadTextAndLenDW<0>, F010065301A2E0000, "010065301A2E0000", "1.0.2"}}, // Special Arts/Spells Range + {0x81d6eb3c, {0, 0, 0, ReadTextAndLenDW<0>, F010065301A2E0000, "010065301A2E0000", "1.0.2"}}, // Special Arts/Spells Effect + {0x81d6f880, {0, 0, 0, ReadTextAndLenDW<0>, F010065301A2E0000, "010065301A2E0000", "1.0.2"}}, // Special Arts/Spells Bonus + {0x8246d81c, {0, 0, 0, ReadTextAndLenDW<0>, F010065301A2E0000, "010065301A2E0000", "1.0.2"}}, // Tactics Name + {0x8246d83c, {0, 0, 0, ReadTextAndLenDW<0>, F010065301A2E0000, "010065301A2E0000", "1.0.2"}}, // Tactics Description + {0x8212101c, {0, 0, 0, ReadTextAndLenDW<0>, F010065301A2E0000, "010065301A2E0000", "1.0.2"}}, // Achievements Name + {0x82121088, {0, 0, 0, ReadTextAndLenDW<0>, F010065301A2E0000, "010065301A2E0000", "1.0.2"}}, // Achievements Description + {0x81d6c480, {0, 0, 0, ReadTextAndLenDW<0>, F010065301A2E0000, "010065301A2E0000", "1.0.2"}}, // Acquired Item1 + {0x821143f0, {0, 0, 0, ReadTextAndLenDW<0>, F010065301A2E0000, "010065301A2E0000", "1.0.2"}}, // Acquired Item2 + {0x81d6fb18, {0, 0, 0, ReadTextAndLenDW<1>, F010065301A2E0000, "010065301A2E0000", "1.0.2"}}, // Battle Skill Name + {0x81d6fb4c, {0, 0, 0, ReadTextAndLenDW<0>, F010065301A2E0000, "010065301A2E0000", "1.0.2"}}, // Battle Skill Description + {0x81d6fb7c, {0, 0, 0, ReadTextAndLenDW<0>, F010065301A2E0000, "010065301A2E0000", "1.0.2"}}, // Battle Skill Bonus Description + {0x8212775c, {0, 0, 0, ReadTextAndLenDW<0>, F010065301A2E0000, "010065301A2E0000", "1.0.2"}}, // Battle Item Name + {0x82127788, {0, 0, 0, ReadTextAndLenDW<0>, F010065301A2E0000, "010065301A2E0000", "1.0.2"}}, // Battle Item Description + {0x821361ac, {0, 0, 0, ReadTextAndLenDW<0>, F010065301A2E0000, "010065301A2E0000", "1.0.2"}}, // Battle Ability Name + {0x821361f4, {0, 0, 0, ReadTextAndLenDW<0>, F010065301A2E0000, "010065301A2E0000", "1.0.2"}}, // Battle Ability Range + {0x82136218, {0, 0, 0, ReadTextAndLenDW<0>, F010065301A2E0000, "010065301A2E0000", "1.0.2"}}, // Battle Ability Effect + {0x8238451c, {0, 0, 0, ReadTextAndLenDW<0>, F010065301A2E0000, "010065301A2E0000", "1.0.2"}}, // Battle Strategy Name + {0x82134610, {0, 0, 0, ReadTextAndLenDW<0>, F010065301A2E0000, "010065301A2E0000", "1.0.2"}}, // Battle Acquired Item + {0x824b5eac, {0, 0, 0, ReadTextAndLenDW<0>, F010065301A2E0000, "010065301A2E0000", "1.0.2"}}, // Item Name + {0x824b5f04, {0, 0, 0, ReadTextAndLenDW<0>, F010065301A2E0000, "010065301A2E0000", "1.0.2"}}, // Item Description + {0x824b5f54, {0, 0, 0, ReadTextAndLenDW<0>, F010065301A2E0000, "010065301A2E0000", "1.0.2"}}, // Item Effect + {0x81d71790, {0, 0, 0, ReadTextAndLenDW<0>, F010065301A2E0000, "010065301A2E0000", "1.0.2"}}, // Item Factor Title + {0x824b62c0, {0, 0, 0, ReadTextAndLenDW<0>, F010065301A2E0000, "010065301A2E0000", "1.0.2"}}, // Item Factor Description + {0x824c2e2c, {0, 0, 0, ReadTextAndLenDW<1>, F010065301A2E0000, "010065301A2E0000", "1.0.2"}}, // IC/Specialty Skills Name + {0x824c2e54, {0, 0, 0, ReadTextAndLenDW<0>, F010065301A2E0000, "010065301A2E0000", "1.0.2"}}, // IC/Specialty Skills Description + {0x824c2fbc, {0, 0, 0, ReadTextAndLenDW<1>, F010065301A2E0000, "010065301A2E0000", "1.0.2"}}, // IC/Specialty Skills Level + {0x823e7230, {0, 0, 0, ReadTextAndLenDW<0>, F010065301A2E0000, "010065301A2E0000", "1.0.2"}}, // IC/Specialty Name + {0x823e94bc, {0, 0, 0, ReadTextAndLenDW<0>, F010065301A2E0000, "010065301A2E0000", "1.0.2"}}, // IC/Specialty Description + {0x823e9980, {0, 0, 0, ReadTextAndLenDW<0>, F010065301A2E0000, "010065301A2E0000", "1.0.2"}}, // IC/Specialty Talent + {0x823ea9c4, {0, 0, 0, ReadTextAndLenDW<0>, F010065301A2E0000, "010065301A2E0000", "1.0.2"}}, // IC/Specialty Support Item + {0x82243b18, {0, 0, 0, ReadTextAndLenDW<1>, F010065301A2E0000, "010065301A2E0000", "1.0.2"}}, // Enemy Info Skills + {0x81d64540, {0, 0, 0, ReadTextAndLenDW<0>, F010065301A2E0000, "010065301A2E0000", "1.0.2"}}, // Guild Mission Description + {0x823b4f6c, {0, 0, 0, ReadTextAndLenDW<0>, F010065301A2E0000, "010065301A2E0000", "1.0.2"}}, // Guild Mission Reward + {0x826facd8, {0, 0, 0, ReadTextAndLenDW<0>, F010065301A2E0000, "010065301A2E0000", "1.0.2"}}, // Challenge Mission Description + {0x826f98f8, {0, 0, 0, ReadTextAndLenDW<0>, F010065301A2E0000, "010065301A2E0000", "1.0.2"}}, // Challenge Mission Reward + {0x8244af2c, {0, 0, 0, ReadTextAndLenDW<0>, F010065301A2E0000, "010065301A2E0000", "1.0.2"}}, // Formation Name + {0x8244ae90, {0, 0, 0, ReadTextAndLenDW<0>, F010065301A2E0000, "010065301A2E0000", "1.0.2"}}, // Formation Description + // 魔法使いの夜 通常版 + {0x80086ba0, {CODEC_UTF8, 0, 0, T010012A017F18000, 0, "010012A017F18000", "1.0.0"}}, + {0x80086e70, {CODEC_UTF8, 0, 0, T010012A017F18000, 0, "010012A017F18000", "1.0.2"}}, + // 月姫 -A piece of blue glass moon- + {0x800ac290, {CODEC_UTF8, 0, 0, T010012A017F18000, 0, "01001DC01486A000", 0}}, // 1.0.1,1.0.2 + // The Quintessential Quintuplets the Movie: Five Memories of My Time with You (JP) + {0x80011688, {CODEC_UTF8, 1, 0, 0, F01005E9016BDE000, "01005E9016BDE000", "1.0.0"}}, // dialogue, menu, choice, name + // Flowers: Les Quatre Saisons + {0x8006f940, {CODEC_UTF16, 1, 0, 0, F01002AE00F442000, "01002AE00F442000", "1.0.1"}}, + // 最悪なる災厄人間に捧ぐ eSHOP [01000A400AF2A000][v0] + {0x8034EB44, {CODEC_UTF16, 8, 0, 0, F01000A400AF2A000, "01000A400AF2A000", "1.0.0"}}, // text + // 神様のような君へ + {0x80487CD0, {CODEC_UTF8, 0, 0, 0, F01006B5014E2E000, "01006B5014E2E000", "1.0.0"}}, // text + // BUSTAFELLOWS + {0x80191b18, {CODEC_UTF16, 0, 0, ReadTextAndLenW<0>, F0100874017BE2000, "010060800B7A8000", "1.1.3"}}, // Dialogue + {0x80191f88, {CODEC_UTF16, 0, 0, ReadTextAndLenW<0>, F0100874017BE2000, "010060800B7A8000", "1.1.3"}}, // Choice + {0x801921a4, {CODEC_UTF16, 0, 0, ReadTextAndLenW<0>, F0100874017BE2000, "010060800B7A8000", "1.1.3"}}, // Choice 2 + {0x801935f0, {CODEC_UTF16, 0, 0, ReadTextAndLenW<0>, F0100874017BE2000, "010060800B7A8000", "1.1.3"}}, // option + // Moujuutsukai to Ouji-sama ~Flower & Snow~ + {0x800a1a10, {CODEC_UTF8, 1, 0, 0, F01001B900C0E2000, "01001B900C0E2000", "1.0.0"}}, // Dialogue 1 + {0x80058f80, {CODEC_UTF8, 1, 0, 0, F01001B900C0E2000, "01001B900C0E2000", "1.0.0"}}, // Dialogue 2 + // Detective Pikachu Returns + {0x81585750, {CODEC_UTF16, 0, 0, ReadTextAndLenDW<2>, F010007500F27C000, "010007500F27C000", "1.0.0"}}, // All Text + // Dragon Quest Treasures + {0x80bd62c4, {CODEC_UTF16, 0, 0, 0, F0100217014266000, "0100217014266000", "1.0.1"}}, // Cutscene + {0x80a74b64, {CODEC_UTF16, 0, 0, 0, F0100217014266000, "0100217014266000", "1.0.1"}}, // Ptc Text + {0x80a36d18, {CODEC_UTF16, 0, 0, 0, F0100217014266000, "0100217014266000", "1.0.1"}}, // Info + {0x80c43878, {CODEC_UTF16, 0, 0, 0, F0100217014266000, "0100217014266000", "1.0.1"}}, // Tutorial Title + {0x80c43d50, {CODEC_UTF16, 0, 0, 0, F0100217014266000, "0100217014266000", "1.0.1"}}, // Tutorial Description + {0x80a72598, {CODEC_UTF16, 0, 0, 0, F0100217014266000, "0100217014266000", "1.0.1"}}, // Aproach Text + // Rune Factory 4 Special + {0x48b268, {CODEC_UTF8, 3, 0, 0, F010027100C79A000, "010027100C79A000", "1.0.1"}}, // All Text + // The Legend of Zelda: Skyward Sword HD + {0x80dc36dc, {CODEC_UTF16 | FULL_STRING, 3, 0, 0, F01001EF017BE6000, "01002DA013484000", "1.0.1"}}, // All Text + // World of Final Fantasy Maxima + {0x8068fea0, {CODEC_UTF8, 0, 0, 0, F010072000BD32000, "010072000BD32000", "1.0.0"}}, // Cutscene + {0x802c6a48, {CODEC_UTF8, 0, 0, 0, F010072000BD32000, "010072000BD32000", "1.0.0"}}, // Action Text + {0x803a523c, {CODEC_UTF8, 1, 0, 0, F010072000BD32000, "010072000BD32000", "1.0.0"}}, // Location + {0x8041ed64, {CODEC_UTF8, 0, 0, 0, F010072000BD32000, "010072000BD32000", "1.0.0"}}, // Info + {0x802c9f1c, {CODEC_UTF8, 0, 0, 0, F010072000BD32000, "010072000BD32000", "1.0.0"}}, // Chapter First Part + {0x802c9f6c, {CODEC_UTF8, 0, 0, 0, F010072000BD32000, "010072000BD32000", "1.0.0"}}, // Chapter Second Part + // Tokyo Xanadu eX+ + {0x8025135c, {CODEC_UTF8, 1, 0, 0, F010080C01AA22000, "010080C01AA22000", "1.0.0"}}, // Name + {0x80251068, {CODEC_UTF8, 0, 0, 0, F010080C01AA22000, "010080C01AA22000", "1.0.0"}}, // Main Text + {0x802ac86c, {CODEC_UTF8, 0, 0, 0, F010080C01AA22000, "010080C01AA22000", "1.0.0"}}, // Action Text + {0x802b04b4, {CODEC_UTF8, 0, 0, 0, F010080C01AA22000, "010080C01AA22000", "1.0.0"}}, // Choices + {0x8013243c, {CODEC_UTF8, 0, 0, 0, F010080C01AA22000, "010080C01AA22000", "1.0.0"}}, // Location + {0x802b1f3c, {CODEC_UTF8, 0, 0, 0, F010080C01AA22000, "010080C01AA22000", "1.0.0"}}, // Info + {0x802ab46c, {CODEC_UTF8, 0, 0, 0, F010080C01AA22000, "010080C01AA22000", "1.0.0"}}, // Documents + // DORAEMON STORY OF SEASONS: Friends of the Great Kingdom + {0x839558e4, {CODEC_UTF16, 0, 0, ReadTextAndLenDW<1>, F01009B50139A8000, "01009B50139A8000", "1.1.1"}}, // Text + {0x8202a9b0, {CODEC_UTF16, 0, 0, ReadTextAndLenDW<0>, F01009B50139A8000, "01009B50139A8000", "1.1.1"}}, // Tutorial + // Monster Hunter Stories 2: Wings of Ruin + {0x8042fe60, {CODEC_UTF8, 1, 0, 0, F0100CB700D438000, "0100CB700D438000", "1.5.2"}}, // Cutscene + {0x804326c0, {CODEC_UTF8, 1, 0, 0, F0100CB700D438000, "0100CB700D438000", "1.5.2"}}, // Ptc Text + {0x804d3d44, {CODEC_UTF8, 0, 0, 0, F0100CB700D438000, "0100CB700D438000", "1.5.2"}}, // Info + {0x8045e7c8, {CODEC_UTF8, 0, 0, 0, F0100CB700D438000, "0100CB700D438000", "1.5.2"}}, // Info Choice + {0x805cec4c, {CODEC_UTF8, 0, 0, 0, F0100CB700D438000, "0100CB700D438000", "1.5.2"}}, // Config Header + {0x8078c2d0, {CODEC_UTF8, 0, 0, 0, F0100CB700D438000, "0100CB700D438000", "1.5.2"}}, // Config Name+ + {0x805d0858, {CODEC_UTF8, 0, 0, 0, F0100CB700D438000, "0100CB700D438000", "1.5.2"}}, // Config Description + {0x807612d4, {CODEC_UTF8, 0, 0, 0, F0100CB700D438000, "0100CB700D438000", "1.5.2"}}, // Notice + {0x807194a0, {CODEC_UTF8, 1, 0, 0, F0100CB700D438000, "0100CB700D438000", "1.5.2"}}, // Update Content + Tutorial + {0x804d687c, {CODEC_UTF8, 0, 0, 0, F0100CB700D438000, "0100CB700D438000", "1.5.2"}}, // Objective Title + {0x804d6a7c, {CODEC_UTF8, 0, 0, 0, F0100CB700D438000, "0100CB700D438000", "1.5.2"}}, // Objective Description + {0x80509900, {CODEC_UTF8, 0, 0, 0, F0100CB700D438000, "0100CB700D438000", "1.5.2"}}, // Aproach Text + {0x8060ee90, {CODEC_UTF8, 1, 0, 0, F0100CB700D438000, "0100CB700D438000", "1.5.2"}}, // Acquired Item + // 2045、月より。 + {0x80016334, {CODEC_UTF8, 1, 0, 0, F01005C301AC5E000, "01005C301AC5E000", "1.0.1"}}, + // ヤマノススメ Next Summit ~あの山に、もう一度~ + {0x806E1444, {CODEC_UTF8, 0, 0, 0, F0100815019488000_text, "0100815019488000", "1.0.0"}}, + {0x80659EE0, {CODEC_UTF8, 1, 0, 0, F0100815019488000_name, "0100815019488000", "1.0.0"}}, + // Prison Princess + {0x800eba00, {CODEC_UTF16, 2, 0x14, 0, 0, "0100F4800F872000", "1.0.0"}}, + // 泡沫のユークロニア Utakata no Uchronia + {0x8180de40, {CODEC_UTF16, 0, 0, ReadTextAndLenW<0>, F010027401A2A2000, "010027401A2A2000", "1.0.0"}}, // text box + {0x816b61c0, {CODEC_UTF16, 0, 0, ReadTextAndLenW<0>, F010027401A2A2000, "010027401A2A2000", "1.0.0"}}, // dictionary + {0x815fe594, {CODEC_UTF16, 0, 0, ReadTextAndLenW<0>, F010027401A2A2000, "010027401A2A2000", "1.0.0"}}, // choices + {0x81836E0C, {CODEC_UTF16, 1, 0, 0, F010027401A2A2000_2, "010027401A2A2000", "1.0.1"}}, + // Little Busters! Converted Edition + {0x800A97C8, {CODEC_UTF8, 9, 0, 0, F0100943010310000, "0100943010310000", "1.0.0"}}, + // GrimGrimoire OnceMore + {0x80020bd4, {CODEC_UTF8, 0, 0, 0, 0, "01003F5017760000", "1.0.0"}}, + {0x800375a0, {CODEC_UTF8, 2, 0, 0, 0, "01003F5017760000", "1.0.0"}}, // tutorial + {0x800781dc, {CODEC_UTF8, 0, 0, 0, 0, "01003F5017760000", "1.0.0"}}, // Chapter + // Temirana Koku no Tsuiteru Hime to Tsuitenai Kishidan + {0x82457970, {CODEC_UTF16, 0, 0x14, 0, F0100A62019078000, "0100A62019078000", "1.0.1"}}, + // Doukoku Soshite + {0x8008171c, {0, 0, 0, 0, 0, "01007F000EB36000", "1.0.0"}}, + // Mistonia no Kibou - The Lost Delight + {0x8246c4ac, {CODEC_UTF16, 0, 0, 0, 0, "01007AD01CB42000", "1.0.0"}}, + // even if TEMPEST: Tsuranaru Toki no Akatsuki + {0x80031008, {CODEC_UTF8, 0, 0, 0, F010095E01581C000, "0100DEF01D0C2000", "1.0.2"}}, + {0x8002e2cc, {CODEC_UTF8, 0, 0, 0, F010095E01581C000, "0100DEF01D0C2000", "1.0.2"}}, + {0x8002e2cc, {CODEC_UTF8, 0, 0, 0, F010095E01581C000, "0100DEF01D0C2000", "1.0.2"}}, + // even if TEMPEST: Yoiyami ni Kaku Katariki Majo + {0x8001cf80, {CODEC_UTF8, 0, 0, 0, F010095E01581C000, "010095E01581C000", "1.0.8"}}, + {0x800297d0, {CODEC_UTF8, 0, 0, 0, F010095E01581C000, "010095E01581C000", "1.0.8"}}, + {0x8000edcc, {CODEC_UTF8, 0, 0, 0, F010095E01581C000, "010095E01581C000", "1.0.8"}}, + // Taishou x Alice all in one + {0x80064ab8, {CODEC_UTF16, 1, 0, 0, F010096000CA38000, "010096000CA38000", "1.0.2"}}, + {0x80064bd4, {CODEC_UTF16, 1, 0, 0, F010096000CA38000, "010096000CA38000", "1.0.2"}}, + {0x8015f968, {CODEC_UTF16, 0, 0, 0, F010096000CA38000, "010096000CA38000", "1.0.2"}}, + // Taishou x Alice: HEADS & TAILS + {0x8009bb3c, {CODEC_UTF16, 1, 0, 0, F0100B1F0123B6000, "0100B1F0123B6000", "2.0.0"}}, + {0x8009bc58, {CODEC_UTF16, 1, 0, 0, F0100B1F0123B6000, "0100B1F0123B6000", "2.0.0"}}, + // Hiiro_no_Kakera_Tamayorihime_Kitan_Omoiiro_no_Kioku + {0x81922ce8, {CODEC_UTF16, 0, 0x14, 0, F0100EC001DE7E000, "0100EC001DE7E000", "1.0.0"}}, + // Gensou Manège + {0x8124f690, {CODEC_UTF16, 0, 0x14, 0, F010037500DF38000, "010037500DF38000", "1.0.4"}}, + {0x811f63f0, {CODEC_UTF16, 0, 0x14, 0, F010037500DF38000, "010037500DF38000", "1.0.4"}}, + {0x811917f4, {CODEC_UTF16, 0, 0x14, 0, F010037500DF38000, "010037500DF38000", "1.0.4"}}, + {0x81595f90, {CODEC_UTF16, 0, 0x14, 0, F010037500DF38000, "010037500DF38000", "1.0.4"}}, + // Gensou Kissa Enchanté + {0x8002863c, {CODEC_UTF8, 0, 0, 0, 0, "010079200C26E000", "1.0.0"}}, + {0x80044360, {CODEC_UTF8, 1, 0, 0, 0, "010079200C26E000", "1.0.0"}}, + {0x8004a1a4, {CODEC_UTF8, 0, 0, 0, F010079200C26E000<0>, "010079200C26E000", "1.0.0"}}, + {0x8004a394, {CODEC_UTF8, 0, 0, 0, F010079200C26E000<1>, "010079200C26E000", "1.0.0"}}, + // Tengoku Struggle -strayside- + {0x801bc678, {CODEC_UTF32, 0, 0, 0, F01002C00177AE000, "01002C00177AE000", "1.0.0"}}, + {0x8016a05c, {CODEC_UTF32, 0, 0, 0, F01002C00177AE000, "01002C00177AE000", "1.0.0"}}, + {0x80140cac, {CODEC_UTF32, 1, 0, 0, F01002C00177AE000, "01002C00177AE000", "1.0.0"}}, + {0x800e08dc, {CODEC_UTF32, 0, 0, 0, F01002C00177AE000, "01002C00177AE000", "1.0.0"}}, + // Meiji Katsugeki Haikara Ryuuseigumi -Seibai Shimaseu, Yonaoshi Kagyou- + {0x802ab2fc, {CODEC_UTF8, 6, 0, 0, F0100EA100DF92000, "0100EA100DF92000", "1.0.0"}}, + // 7'scarlet + {0x8177ec00, {CODEC_UTF16, 0, 0x14, 0, F0100FA001E160000, "0100FA001E160000", "1.0.0"}}, + {0x817754ac, {CODEC_UTF16, 0, 0x14, 0, F0100FA001E160000, "0100FA001E160000", "1.0.0"}}, + // SympathyKiss / Sympathy Kiss (JP) + {0x80037d90, {CODEC_UTF8, 0, 0, 0, F0100FA10185B0000, "0100FA10185B0000", "1.0.0"}}, + {0x80030f24, {CODEC_UTF8, 0, 0, 0, F0100FA10185B0000, "0100FA10185B0000", "1.0.0"}}, + {0x80054804, {CODEC_UTF8, 1, 0, 0, F0100FA10185B0000, "0100FA10185B0000", "1.0.0"}}, + {0x80054290, {CODEC_UTF8, 1, 0, 0, F0100FA10185B0000, "0100FA10185B0000", "1.0.0"}}, + // Kimi wa Yukima ni Koinegau (君は雪間に希う) + {0x8013a0f0, {CODEC_UTF32, 0, 0, 0, F010021D01474E000, "010021D01474E000", "1.0.0"}}, + {0x800319f8, {CODEC_UTF32, 0, 0, 0, F010021D01474E000_2, "010021D01474E000", "1.0.0"}}, + {0x800488e4, {CODEC_UTF32, 1, 0, 0, F010021D01474E000, "010021D01474E000", "1.0.0"}}, + {0x800bdb84, {CODEC_UTF32, 0, 0, 0, F010021D01474E000, "010021D01474E000", "1.0.0"}}, + {0x800e4540, {CODEC_UTF32, 0, 0, 0, F010021D01474E000, "010021D01474E000", "1.0.0"}}, + // Dairoku: Ayakashimori (DAIROKU:AYAKASHIMORI) + {0x800e35ec, {CODEC_UTF8, 0, 0, 0, F010061300DF48000, "010061300DF48000", "1.0.1"}}, + {0x800d103c, {CODEC_UTF8, 0, 0, 0, F010061300DF48000, "010061300DF48000", "1.0.1"}}, + {0x800f1320, {CODEC_UTF8, 0, 0, T010061300DF48000, FF010061300DF48000_2, "010061300DF48000", "1.0.1"}}, + // Charade Maniacs / CharadeManiacs + {0x8001c460, {CODEC_UTF8, 0, 0x5c, 0, F0100CEF0152DE000, "0100CEF0152DE000", "1.0.0"}}, + {0x8004c390, {CODEC_UTF8, 1, 0, 0, F0100CEF0152DE000, "0100CEF0152DE000", "1.0.0"}}, + {0x80050d60, {CODEC_UTF8, 0, 0, 0, F0100CEF0152DE000, "0100CEF0152DE000", "1.0.0"}}, + {0x8007ee20, {CODEC_UTF8, 0, 0, 0, F0100CEF0152DE000, "0100CEF0152DE000", "1.0.0"}}, + // Hanaemu Kare to & bloom (花笑む彼と & bloom) + {0x833e4d84, {CODEC_UTF16, 0, 0x14, 0, F0100DEF01D0C6000, "0100DEF01D0C6000", "1.0.0"}}, + {0x8335f650, {CODEC_UTF16, 0, 0x14, 0, F0100DEF01D0C6000, "0100DEF01D0C6000", "1.0.0"}}, + {0x81729520, {CODEC_UTF16, 1, 0x14, 0, F0100DEF01D0C6000_2, "0100DEF01D0C6000", "1.0.0"}}, + {0x83375938, {CODEC_UTF16, 0, 0, T0100DEF01D0C6000_2, 0, "0100DEF01D0C6000", "1.0.0"}}, + // Dance with Devils + {0x81616034, {CODEC_UTF16, 0, 0x14, 0, F01004E5017C54000, "01004E5017C54000", "1.0.0"}}, + {0x8185a800, {CODEC_UTF16, 0, 0x14, 0, F01004E5017C54000, "01004E5017C54000", "1.0.0"}}, + // My9Swallows TOPSTARS LEAGUE + {0x818554ac, {CODEC_UTF16, 0, 0x14, 0, F01003BB01DF54000, "01003BB01DF54000", "1.0.0"}}, + {0x817b76d4, {CODEC_UTF16, 0, 0x14, 0, F01003BB01DF54000, "01003BB01DF54000", "1.0.0"}}, + {0x8187882c, {CODEC_UTF16, 0, 0x14, 0, F01003BB01DF54000, "01003BB01DF54000", "1.0.1"}}, + {0x817b8f64, {CODEC_UTF16, 0, 0x14, 0, F01003BB01DF54000, "01003BB01DF54000", "1.0.1"}}, + // Tokeijikake no Apocalypse (時計仕掛けのアポカリプス) + {0x8001d9c4, {CODEC_UTF8, 0, 0x1c, 0, F01005AF00E9DC000, "01005AF00E9DC000", "1.0.0"}}, + {0x8004ca84, {CODEC_UTF8, 1, 0, 0, F01005AF00E9DC000, "01005AF00E9DC000", "1.0.0"}}, + {0x8005b304, {CODEC_UTF8, 0, 0, 0, F01005AF00E9DC000, "01005AF00E9DC000", "1.0.0"}}, + {0x8005b310, {CODEC_UTF8, 0, 0, 0, F01005AF00E9DC000, "01005AF00E9DC000", "1.0.0"}}, + // Radiant Tale ~Fanfare!~ (ラディアンテイル ~ファンファーレ!~) + {0x8003a880, {CODEC_UTF8, 0, 0, 0, F010088B01A8FC000, "010088B01A8FC000", "1.0.1"}}, + {0x8004eb08, {CODEC_UTF8, 1, 0, 0, F010088B01A8FC000, "010088B01A8FC000", "1.0.1"}}, + {0x8005bff4, {CODEC_UTF8, 0, 0, 0, F010088B01A8FC000, "010088B01A8FC000", "1.0.1"}}, + {0x8005f0d4, {CODEC_UTF8, 3, 0, 0, F010088B01A8FC000, "010088B01A8FC000", "1.0.1"}}, + // LoverPretend / Lover Pretend + {0x80034ad0, {CODEC_UTF8, 0, 0, 0, F010032300C562000, "010032300C562000", "1.0.0"}}, + {0x8004e950, {CODEC_UTF8, 1, 0, 0, F010032300C562000, "010032300C562000", "1.0.0"}}, + {0x8002e6c4, {CODEC_UTF8, 0, 0, 0, F010032300C562000, "010032300C562000", "1.0.0"}}, + {0x8005f6ec, {CODEC_UTF8, 0, 0, 0, F010032300C562000, "010032300C562000", "1.0.0"}}, + // Norn9 ~Norn + Nonette~ LOFN (NORN9 ~ノルン+ノネット~ LOFN) + {0x8002b200, {CODEC_UTF8, 1, 0x18, 0, F010061300DF48000, "01001A500AD6A000", "1.0.0"}}, + {0x8003d83c, {CODEC_UTF8, 0, 0, 0, F010061300DF48000, "01001A500AD6A000", "1.0.0"}}, + {0x80047850, {CODEC_UTF8, 0, 0, 0, F010061300DF48000, "01001A500AD6A000", "1.0.0"}}, + // Shiritsu Berubara Gakuen ~Versailles no Bara Re*imagination~ (私立ベルばら学園 ~ベルサイユのばらRe*imagination~) + {0x8001b68c, {CODEC_UTF8, 0, 0x1c, 0, F010027300A660000, "010027300A660000", "1.0.0"}}, + {0x800460f0, {CODEC_UTF8, 1, 0, 0, F010027300A660000, "010027300A660000", "1.0.0"}}, + // Himehibi Another Princess Days -White or Black- (ひめひび Another Princess Days – White or Black –) + {0x219ed0, {0, 0, 0, 0, F0100E4000F616000, "0100E4000F616000", "1.0.0"}}, + {0x21a3e0, {0, 0, 0, 0, F0100E4000F616000, "0100E4000F616000", "1.0.0"}}, + // Himehibi -Princess Days- (ひめひび -Princess Days-) + {0x20d7b8, {0, 0, 0, 0, F0100E4000F616000, "0100F8D0129F4000", "1.0.0"}}, + {0x20da9c, {0, 0, 0, 0, F0100E4000F616000, "0100E4000F616000", "1.0.0"}}, + {0x20d834, {0, 0, 0, 0, F0100E4000F616000, "0100F8D0129F4000", "1.0.1"}}, + {0x20dae8, {0, 0, 0, 0, F0100E4000F616000, "0100E4000F616000", "1.0.1"}}, + // オホーツクに消ゆ ~追憶の流氷・涙のニポポ人形~ + {0x83d4bda0, {CODEC_UTF16, 1, 0x14, 0, F010044701E9BC000, "010044701E9BC000", "1.2.0"}}, + {0x83d59320, {CODEC_UTF16, 0, 0x14, 0, F010044701E9BC000, "010044701E9BC000", "1.2.0"}}, + {0x83d22530, {CODEC_UTF16, 0, 0x14, 0, F010044701E9BC000, "010044701E9BC000", "1.2.0"}}, + {0x83d225c0, {CODEC_UTF16, 0, 0x14, 0, F010044701E9BC000, "010044701E9BC000", "1.2.0"}}, + {0x83d26fd8, {CODEC_UTF16, 0, 0x14, 0, F010044701E9BC000, "010044701E9BC000", "1.2.0"}}, + // Trouble Magia ~Wakeari Shoujo wa Mirai o Kachitoru Tame ni Ikoku no Mahou Gakkou e Ryuugaku Shimasu~ (トラブル・マギア ~訳アリ少女は未来を勝ち取るために異国の魔法学校へ留学します~) + {0x8017e6b0, {CODEC_UTF16, 0, 0, T01000BB01CB8A000<1>, F01000BB01CB8A000, "01000BB01CB8A000", "1.0.0"}}, + {0x80177ae0, {CODEC_UTF16, 0, 0, T01000BB01CB8A000<0>, F01000BB01CB8A000, "01000BB01CB8A000", "1.0.0"}}, + {0x80122a4c, {CODEC_UTF16, 0, 0, T01000BB01CB8A000<0>, F01000BB01CB8A000, "01000BB01CB8A000", "1.0.0"}}, + {0x800ba088, {CODEC_UTF16, 0, 0, T01000BB01CB8A000<0>, F01000BB01CB8A000, "01000BB01CB8A000", "1.0.0"}}, + // Moeyo! Otome Doushi ~Kayuu Koigatari~ (燃えよ! 乙女道士 ~華遊恋語~) + {0x8005c698, {CODEC_UTF16, 1, 0x20, 0, F01001BA01EBFC000, "01001BA01EBFC000", "1.0.0"}}, + {0x80051cd0, {CODEC_UTF16, 1, 0, 0, F01001BA01EBFC000, "01001BA01EBFC000", "1.0.0"}}, + // planetarian: Snow Globe + {0x800F32A0, {CODEC_UTF16 | FULL_STRING, 1, 0, 0, 0, "010031C01F410000", "1.0.0"}}, // 各种语言一起都提取出来了 + // planetarian: The Reverie of a Little Planet & Snow Globe 英文版 + {0x801253EC, {CODEC_UTF16, 0xA, 0, 0, 0, "0100F0A01F112000", nullptr}}, // 1.0.0 && 1.0.1 // 中文 + {0x8012441C, {CODEC_UTF16, 8, 0, 0, F0100F0A01F112000, "0100F0A01F112000", nullptr}}, // 1.0.0 && 1.0.1 // 日文 + // The Town of Nie + {0x818B6078, {CODEC_UTF16, 1, 0, 0, F0100C9001E10C000, "0100C9001E10C000", "1.0.0"}}, + // Honey Vibes + {0x81845F80, {CODEC_UTF16 | FULL_STRING, 1, 0, 0, F0100FB301E70A000, "0100FB301E70A000", "1.0.0"}}, + // WORLDEND SYNDROME + {0x805F5F04, {CODEC_UTF16, 2, 0, 0, 0, "01008A30083E2000", "1.0.0"}}, + {0x800FBA84, {CODEC_UTF16, 2, 0, 0, 0, "01008A30083E2000", "1.0.1"}}, + // Hatsumira -From the Future Undying- + {0x8017BE0C, {CODEC_UTF8, 8, 0, 0, aF0100A9B01D4AE000, "0100A9B01D4AE000", "1.0.0"}}, // 英文 + {0x8017C0B4, {CODEC_UTF16, 8, 0, 0, wF0100A9B01D4AE000, "0100A9B01D4AE000", "1.0.0"}}, // 日文 + // Meiji Tokyo Renka Full Moon + {0x81898840, {CODEC_UTF16, 3, 0, 0, F010043901E972000, "010043901E972000", "1.0.0"}}, // 日文 + // 月影の鎖~狂爛モラトリアム~ + {0x2170B4, {0, 1, 0, 0, F010076501DAEA000, "010076501DAEA000", "1.0.0"}}, // text + {0x2179A8, {0, 2, 0, 0, 0, "010076501DAEA000", "1.0.0"}}, // name+text + {0x217950, {0, 0, 0, 0, F0100A250191E8000, "010076501DAEA000", "1.0.0"}}, + {0x217f64, {0, 0, 0, 0, F0100A250191E8000, "010076501DAEA000", "1.0.0"}}, + // 神々の悪戯 Unite Edition + {0x812BFF40, {CODEC_UTF16, 1, -2, 0, F01006530151F0000, "01006530151F0000", "1.0.0"}}, // 只有第一行 + {0x812BCEB8, {CODEC_UTF16, 1, -2, 0, F01006530151F0000, "01006530151F0000", "1.0.0"}}, // 只有2&3行 + // 新宿羅生門 ―Rashomon of Shinjuku― + {0x80062158, {CODEC_UTF8, 0, 0, 0, F01005A401D766000, "01005A401D766000", "1.0.0"}}, + {0x80062a74, {CODEC_UTF8, 0, 0, 0, F01005A401D766000_2, "01005A401D766000", "1.0.0"}}, + {0x800629f4, {CODEC_UTF8, 0, 0, 0, F01005A401D766000_2, "01005A401D766000", "1.0.0"}}, + {0x800ea870, {CODEC_UTF8, 1, 0, 0, F01005A401D766000_2, "01005A401D766000", "1.0.0"}}, + // 夏空のモノローグ ~Another Memory~ + {0x8006007c, {0, 0, 0, 0, F0100FC2019346000, "01000E701DAE8000", "1.0.0"}}, + {0x800578c4, {0, 1, 0, 0, F0100FC2019346000, "01000E701DAE8000", "1.0.0"}}, + // 真紅の焔 真田忍法帳 for Nintendo Switch + {0x800170a0, {CODEC_UTF8, 0, 0, 0, F0100FC2019346000, "01008A001C79A000", "1.0.0"}}, + {0x800220a0, {CODEC_UTF8, 2, 0, 0, F0100FC2019346000, "01008A001C79A000", "1.0.0"}}, + {0x8004bbd0, {CODEC_UTF8, 1, 0, 0, F0100FC2019346000, "01008A001C79A000", "1.0.0"}}, + {0x80062a20, {CODEC_UTF8, 0, 0, 0, F0100FC2019346000, "01008A001C79A000", "1.0.0"}}, + {0x80064c48, {CODEC_UTF8, 3, 0, 0, F0100FC2019346000, "01008A001C79A000", "1.0.0"}}, + // 神さまと恋ゴコロ + {0x20D838, {0, 7, 0, 0, 0, "0100612019F12000", "1.0.0"}}, // name+text + {0x20D030, {0, 1, 0, 0, 0, "0100612019F12000", "1.0.0"}}, + // KLAP!! for Nintendo Switch + {0x8004a2d0, {CODEC_UTF8, 1, 0, 0, F0100FC2019346000, "0100E8E016D82000", "1.0.0"}}, + {0x8004970c, {CODEC_UTF8, 1, 0, 0, F0100FC2019346000, "0100E8E016D82000", "1.0.0"}}, + {0x800da5e0, {CODEC_UTF8, 0, 0, 0, F0100FC2019346000, "0100E8E016D82000", "1.0.0"}}, + {0x8003dfac, {CODEC_UTF8, 0, 0, 0, F0100FC2019346000, "0100E8E016D82000", "1.0.0"}}, + // PSYCHIC ECLIPSE -reload- + {0x8091B41C, {CODEC_UTF8, 8, 0, 0, 0, "0100A0001B9F0000", "1.0.0"}}, // 提取不到短字符串 + {0x804FAF5C, {CODEC_UTF8 | FULL_STRING, 1, 0, 0, 0, "0100A0001B9F0000", "1.1.0"}}, // 提取不到短字符串 text+name + {0x80887ABC, {CODEC_UTF8, 8, 0, 0, 0, "0100A0001B9F0000", "1.1.0"}}, // 提取不到短字符串 + // アイ★チュウ + {0x824865C4, {CODEC_UTF16, 3, 0, 0, F01006CC015ECA000, "01006CC015ECA000", "1.14"}}, + // Kaeru Batake DE Tsukamaete☆ (カエル畑DEつかまえて☆彡) + {0x2206bc, {0, 0, 0, 0, F0100E5200D1A2000, "0100E5200D1A2000", "1.0.0"}}, + {0x220cfc, {0, 0, 0, 0, F0100E5200D1A2000, "0100E5200D1A2000", "1.0.0"}}, + {0x2372b0, {0, 1, 0, 0, F0100E5200D1A2000, "0100E5200D1A2000", "1.0.0"}}, + // Kaeru Batake DE Tsukamaete: Natsu Chigira Sansen! (カエル畑DEつかまえて・夏 千木良参戦!) + {0x2210d0, {0, 0, 0, 0, F0100EFE0159C6000, "0100EFE0159C6000", "1.0.0"}}, + {0x221768, {0, 0, 0, 0, F0100EFE0159C6000, "0100EFE0159C6000", "1.0.0"}}, + // Katakoi Contrast -collection of branch- (片恋いコントラスト ―collection of branch―) + {0x8004ba20, {CODEC_UTF32, 0, 0, 0, F01007FD00DB20000, "01007FD00DB20000", "1.0.0"}}, + {0x800c6eb0, {CODEC_UTF32, 1, 0, 0, F01007FD00DB20000, "01007FD00DB20000", "1.0.0"}}, + {0x8017e560, {CODEC_UTF32, 0, 0, 0, F01007FD00DB20000, "01007FD00DB20000", "1.0.0"}}, + {0x801f67c0, {CODEC_UTF32, 1, 0, 0, F01007FD00DB20000, "01007FD00DB20000", "1.0.0"}}, + {0x802a76c0, {CODEC_UTF32, 0, 0, 0, F01007FD00DB20000, "01007FD00DB20000", "1.0.0"}}, + {0x8031fc80, {CODEC_UTF32, 1, 0, 0, F01007FD00DB20000, "01007FD00DB20000", "1.0.0"}}, + // 真 流行り神1・2パック + {0x80072720, {CODEC_UTF8, 1, 0, 0, F010005F00E036000, "010005F00E036000", "1.0.0"}}, + // 真流行り神3 + {0x80082F70, {0, 0, 0, TF0100AA1013B96000, 0, "0100AA1013B96000", nullptr}}, //"1.0.0", "1.0.1" + // NG + {0x228AA4, {0, 6, 0, 0, F01009E600FAF6000, "01009E600FAF6000", "1.0.0"}}, + {0x228C0C, {0, 6, 0, 0, F01009E600FAF6000, "01009E600FAF6000", "1.0.0"}}, + // アサツグトリ + {0x8012C824, {CODEC_UTF8, 1, 0, 0, F010060301588A000, "010060301588A000", "1.0.0"}}, + {0x80095370, {CODEC_UTF8, 4, 0, 0, F010060301588A000, "010060301588A000", "1.0.2"}}, // text only + // Money Parasite ~Usotsuki na Onna~ + {0x2169ac, {0, 0, 0, 0, F0100A250191E8000, "0100A250191E8000", "1.0.0"}}, + {0x217030, {0, 0, 0, 0, F0100A250191E8000, "0100A250191E8000", "1.0.0"}}, + }; + return 1; + }(); +} \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engine64/yuzu.h b/cpp/LunaHook/LunaHook/engine64/yuzu.h new file mode 100644 index 00000000..e7cfdb85 --- /dev/null +++ b/cpp/LunaHook/LunaHook/engine64/yuzu.h @@ -0,0 +1,17 @@ + + +class yuzu : public ENGINE +{ +public: + yuzu() + { + + is_engine_certain = false; + check_by = CHECK_BY::CUSTOM; + check_by_target = []() + { + return (wcscmp(processName_lower, L"suyu.exe") == 0 || wcscmp(processName_lower, L"yuzu.exe") == 0 || wcscmp(processName_lower, L"sudachi.exe") == 0); + }; + }; + bool attach_function(); +}; diff --git a/cpp/LunaHook/LunaHook/enginecollection32.cpp b/cpp/LunaHook/LunaHook/enginecollection32.cpp new file mode 100644 index 00000000..797b9791 --- /dev/null +++ b/cpp/LunaHook/LunaHook/enginecollection32.cpp @@ -0,0 +1,416 @@ +#include "engine32/PPSSPP.h" +#include "engine32/LovaGame.h" +#include "engine32/PCSX2.h" +#include "engine32/VanillawareGC.h" +#include "engine32/V8.h" +#include "engine32/cef.h" +#include "engine32/KISS.h" +#include "engine32/mono.h" +#include "engine32/Tarte.h" +#include "engine32/sakanagl.h" +#include "engine32/LCScript.h" +#include "engine32/Cage.h" +#include "engine32/ONScripterru.h" +#include "engine32/CoffeeMaker.h" +#include "engine32/TACTICS.h" +#include "engine32/splushwave.h" +#include "engine32/FrontWing.h" +#include "engine32/GSX.h" +#include "engine32/pchooks.h" +#include "engine32/VALKYRIA.h" +#include "engine32/mirage.h" +#include "engine32/Sprite.h" +#include "engine32/PONScripter.h" +#include "engine32/Stronger.h" +#include "engine32/Fizz.h" +#include "engine32/Ruf.h" +#include "engine32/SYSD.h" +#include "engine32/Diskdream.h" +#include "engine32/RPGMakerRGSS3.h" +#include "engine32/RUNE.h" +#include "engine32/Lightvn.h" +#include "engine32/KiriKiri.h" +#include "engine32/ransel.h" +#include "engine32/Bishop.h" +#include "engine32/HXP.h" +#include "engine32/morning.h" +#include "engine32/IGScript.h" +#include "engine32/TSSystem.h" +#include "engine32/ScrPlayer.h" +#include "engine32/Aksys.h" +#include "engine32/utawarerumono.h" +#include "engine32/SideB.h" +#include "engine32/BGI.h" +#include "engine32/Bootup.h" +#include "engine32/Troy.h" +#include "engine32/Tomato.h" +#include "engine32/shyakunage.h" +#include "engine32/Eushully.h" +#include "engine32/Majiro.h" +#include "engine32/Elf.h" +#include "engine32/Silkys.h" +#include "engine32/Speed.h" +#include "engine32/FVP.h" +#include "engine32/Interlude.h" +#include "engine32/CMVS.h" +#include "engine32/Wolf.h" +#include "engine32/Circus1.h" +#include "engine32/Circus2.h" +#include "engine32/Cotopha.h" +#include "engine32/Xbangbang.h" +#include "engine32/TeethingRing.h" +#include "engine32/UnknownEngine.h" +#include "engine32/Artemis.h" +#include "engine32/CatSystem.h" +#include "engine32/Atelier.h" +#include "engine32/BKEngine.h" +#include "engine32/VitaminSoft.h" +#include "engine32/Abalone.h" +#include "engine32/Tenco.h" +#include "engine32/QLIE.h" +#include "engine32/sakusesu.h" +#include "engine32/Anisetta.h" +#include "engine32/Regista.h" +#include "engine32/Pal.h" +#include "engine32/Footy2.h" +#include "engine32/NeXAS.h" +#include "engine32/Interheart.h" +#include "engine32/LunaSoft.h" +#include "engine32/Unicorn.h" +#include "engine32/Rejet.h" +#include "engine32/tamasoft.h" +#include "engine32/AdobeAir.h" +#include "engine32/DISCOVERY.h" +#include "engine32/Retouch.h" +#include "engine32/Malie.h" +#include "engine32/Live.h" +#include "engine32/Jellyfish.h" +#include "engine32/Nexton.h" +#include "engine32/Lucifen.h" +#include "engine32/Waffle.h" +#include "engine32/AksysGames.h" +#include "engine32/AGE_System.h" +#include "engine32/Sakuradog.h" +#include "engine32/TinkerBell.h" +#include "engine32/Jisatu101.h" +#include "engine32/TerraLunar.h" +#include "engine32/Palette.h" +#include "engine32/SystemAoi.h" +#include "engine32/Nijyuei.h" +#include "engine32/MBLMED.h" +#include "engine32/NNNConfig.h" +#include "engine32/Erogos.h" +#include "engine32/godot.h" +#include "engine32/Yuris.h" +#include "engine32/Nitroplus.h" +#include "engine32/Bruns.h" +#include "engine32/XUSE.h" +#include "engine32/RPGMaker.h" +#include "engine32/EME.h" +#include "engine32/RRE.h" +#include "engine32/Sceplay.h" +#include "engine32/Onscripter.h" +#include "engine32/Candy.h" +#include "engine32/AIL2.h" +#include "engine32/ApricoT.h" +#include "engine32/Triangle.h" +#include "engine32/GASTRO.h" +#include "engine32/akatombo.h" +#include "engine32/AB2Try.h" +#include "engine32/GameMaker.h" +#include "engine32/DxLib.h" +#include "engine32/CodeX.h" +#include "engine32/Purple.h" +#include "engine32/Minori.h" +#include "engine32/SRPGStudio.h" +#include "engine32/RpgmXP.h" +#include "engine32/littlecheese.h" +#include "engine32/Eagls.h" +#include "engine32/Debonosu.h" +#include "engine32/C4.h" +#include "engine32/WillPlus.h" +#include "engine32/Tanuki.h" +#include "engine32/hibiki.h" +#include "engine32/GXP.h" +#include "engine32/Giga.h" +#include "engine32/AOS.h" +#include "engine32/Mink.h" +#include "engine32/AGS.h" +#include "engine32/YukaSystem2.h" +#include "engine32/Exp.h" +#include "engine32/Syuntada.h" +#include "engine32/Pensil.h" +#include "engine32/solfasys.h" +#include "engine32/Anim.h" +#include "engine32/Nitroplus2.h" +#include "engine32/Reallive.h" +#include "engine32/jukujojidai.h" +#include "engine32/Siglus.h" +#include "engine32/Taskforce2.h" +#include "engine32/RUGP.h" +#include "engine32/IronGameSystem.h" +#include "engine32/Anex86.h" +#include "engine32/ShinyDaysGame.h" +#include "engine32/MarineHeart.h" +#include "engine32/ShinaRio.h" +#include "engine32/CaramelBox.h" +#include "engine32/Escude.h" +#include "engine32/Ryokucha.h" +#include "engine32/Alice.h" +#include "engine32/System4x.h" +#include "engine32/Abel.h" +#include "engine32/5pb.h" +#include "engine32/HorkEye.h" +#include "engine32/Ohgetsu.h" +#include "engine32/OVERDRIVE.h" +#include "engine32/Leaf.h" +#include "engine32/Nekopack.h" +#include "engine32/AdobeFlash10.h" +#include "engine32/FocasLens.h" +#include "engine32/Tamamo.h" +#include "engine32/Suika2.h" +#include "engine32/Overflow.h" +#include "engine32/Ages3ResT.h" +#include "engine32/AXL.h" +#include "engine32/UnisonShift.h" +#include "engine32/EntisGLS.h" +#include "engine32/Ciel.h" +#include "engine32/CisLugI.h" +#include "engine32/A98SYS.h" +#include "engine32/ACTGS.h" +#include "engine32/GuruGuruSMF4.h" +#include "NoEngine.h" +#include "engines/lua/lua51.h" +#include "engines/python/Renpy.h" +std::vector check_engines() +{ + return { + new LovaGame, + new PPSSPPengine, + new PCSX2, + new VanillawareGC, + new V8, + new cef, + new mono, + new sakanagl, + new pchooks, + new PONScripter, + new Renpy, + new Lightvn, + new KiriKiri, + new morning, + new utawarerumono, + new SideB, + new BGI, + new Bootup, + new shyakunage, + new Eushully, + new Majiro, + new Elf, + new Elf2, + new Silkys, + new SilkysOld, + new CMVS, + new Wolf, + new Circus1, + new Circus2, + new Cotopha, + new Artemis, + new CatSystem, + new Atelier, + new Atelier2, + new Tenco, + new QLIE, + new sakusesu, + new Regista, + new Pal, + new Footy2, + new NeXAS, + new LunaSoft, + new Unicorn, + new Unicorn_Anesen, + new Rejet, + new AdobeAir, + new Retouch, + new Malie, + new Live, + new Nexton, + new Lucifen, + new Waffle, + new TinkerBell, + new TinkerBellold, + new SystemAoi, + new MBLMED, + new NNNConfig, + new Yuris, + new Nitroplus, + new Bruns, + new XUSE, + new EME, + new RRE, + new Candy, + new WillowSoft, + new AIL2, + new ApricoT, + new Triangle2, + new Triangle, + new AB2Try, + new UnisonShift2, + new GameMaker, + new DxLib, + new CodeX, + new _5pb_2, + new Minori, + new RpgmXP, + new littlecheese, + new Eagls, + new Debonosu, + new C4, + new WillPlus, + new Tanuki, + new GXP, + new AOS, + new Mink, + new Mink2, + new YukaSystem2, + new Exp, + new Syuntada, + new Pensil, + new Anim, + new Nitroplus2, + new Reallive, + new Siglus, + new Taskforce2, + new RUGP, + new IronGameSystem, + new Anex86, + new ShinyDaysGame, + new MarineHeart, + new CaramelBox, + new CaramelBoxMilkAji, + new Escude, + new Ryokucha, + new Ryokucha2, + new Ryokuchaold, + new Alice, + new System4x, + new Ages3ResT, + new AXL, + new Ciel, + new ACTGS, + new Nijyuei, + new Xbangbang, + new UnknownEngine, + new TSSystem, + new Troy, + new Tomato, + new TerraLunar, + new Tarte, + new Bishop, + new Bishop2, + new Sprite, + new Speed, + new FVP, + new RUNE, + new Ruf, + new Purple, + new Purple2, + new OVERDRIVE, + new Ohgetsu, + new HXP, + new ONScripterru, + new TriangleM, + new SRPGStudio, + new Overflow, + new BKEngine, + new Nitroplusplus, + new Jellyfish, + new SYSD, + new IGScript, + new ScrPlayer, + new ElfFunClubFinal, + new Aksys, + new Siglusold, + new Willold, + new GSX, + new GASTRO, + new akatombo, + new ransel, + new Silkyssakura, + new splushwave, + new Diskdream, + new solfasys, + new FrontWing, + new tamasoft, + new CisLugI, + new mirage, + new VALKYRIA, + new CoffeeMaker, + new Fizz, + new CaramelBox2, + new TeethingRing, + new lua51, + new GuruGuruSMF4, + new A98SYS, + new godot, + new Erogos, + new Silkysveryveryold, + new gazelle, + // ignore engines + new oldSystem40ini, + new AdvPlayerHD, + new DPM, + new Escude_ignore, + new Chartreux, + // + // Put the patterns that might break other games at last + new UnisonShift, + new Interheart, + new Abalone, + new Jisatu101, + new AGS, + new hibiki, + new Tanuki_last, + new Abel, + new _5pb, + new ScenarioPlayer_last, + new HorkEye, + new Nexton1, + new ApricoTlast, + new Leaf, + new Nekopack, + new AdobeFlash10, + new Giga, + new FocasLens, + new Tamamo, + new jukujojidai, + new Anisetta, + new VitaminSoft, + new Interlude, + new Sakuradog, + new Palette, + new LCScript, + new RPGMakerRGSS3, + new Reallive_old, + new avg3216d, + new ShinaRio, + new Suika2, + new KISS, + new EntisGLS, + // + // + new DISCOVERY, + new RPGMakerRGSS300, + new Sceplay, + new Onscripter, + new TACTICS, + new RealliveX, + new TextXtra_x32, + new Stronger, + new RPGMaker, + new Aisystem6, + new AksysGames, + new AGE_System, + new Cage, + }; +} \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/enginecollection64.cpp b/cpp/LunaHook/LunaHook/enginecollection64.cpp new file mode 100644 index 00000000..5c07a5c1 --- /dev/null +++ b/cpp/LunaHook/LunaHook/enginecollection64.cpp @@ -0,0 +1,54 @@ +#include "engine64/PPSSPP.h" +#include "engine64/Godot.h" +#include "engine64/V8.h" +#include "engine64/mono.h" +#include "engine64/AGES7.h" +#include "engine64/pchooks.h" +#include "engine64/Artemis.h" +#include "engine64/KiriKiri.h" +#include "engine64/YOX.h" +#include "engine64/Suika2.h" +#include "engine64/livecaptions.h" +#include "engine64/CMVS.h" +#include "engine64/5pb.h" +#include "engine64/lucasystem.h" +#include "engine64/UnrealEngine.h" +#include "engine64/TYPEMOON.h" +#include "engine64/Kincaid.h" +#include "engine64/LightVN.h" +#include "engine64/yuzu.h" +#include "engine64/Ryujinx.h" +#include "engine64/vita3k.h" +#include "engine64/rpcs3.h" +#include "engine64/MKXPZ.h" +#include "engines/lua/lua51.h" +#include "engines/python/Renpy.h" +std::vector check_engines() +{ + return { + new Godot, + new V8, + new Renpy, + new mono, + new yuzu, + new Ryujinx, + new PPSSPPengine, + new vita3k, + new rpcs3, + new livecaptions, + new Suika2, + new lucasystem, + new LightVN, + new Artemis, + new pchooks, + new KiriKiri, + new YOX, + new CMVS, + new AGES7, + new _5pb, + new TYPEMOON, + new UnrealEngine, + new Kincaid, + new lua51, + new MKXPZ}; +} diff --git a/cpp/LunaHook/LunaHook/enginecontrol.cpp b/cpp/LunaHook/LunaHook/enginecontrol.cpp new file mode 100644 index 00000000..5aaf9a18 --- /dev/null +++ b/cpp/LunaHook/LunaHook/enginecontrol.cpp @@ -0,0 +1,148 @@ + +WCHAR *processName, // cached + processPath[MAX_PATH]; // cached +WCHAR processName_lower[MAX_PATH]; +uintptr_t processStartAddress, processStopAddress; + +std::vector check_engines(); + +bool ENGINE::check_function() +{ + switch (check_by) + { + case CHECK_BY::ALL_TRUE: + { + is_engine_certain = false; + return true; + } + case CHECK_BY::FILE: + { + return (Util::CheckFile(std::get(check_by_target))); + } + case CHECK_BY::FILE_ALL: + { + auto _list = std::get(check_by_target); + return std::all_of(_list.begin(), _list.end(), Util::CheckFile); + } + case CHECK_BY::FILE_ANY: + { + auto _list = std::get(check_by_target); + return std::any_of(_list.begin(), _list.end(), Util::CheckFile); + } + case CHECK_BY::RESOURCE_STR: + { + return (Util::SearchResourceString(std::get(check_by_target))); + } + + case CHECK_BY::CUSTOM: + { + return std::get(check_by_target)(); + } + default: + return false; + } +} +bool safematch(ENGINE *m) +{ + bool matched = false; + __try + { + matched = m->check_function(); + } + __except (EXCEPTION_EXECUTE_HANDLER) + { + ConsoleOutput(Match_Error, m->getenginename()); + // ConsoleOutput("match ERROR"); + } + return matched; +} +bool safeattach(ENGINE *m) +{ + bool attached = false; + __try + { + attached = m->attach_function(); + } + __except (EXCEPTION_EXECUTE_HANDLER) + { + ConsoleOutput(Attach_Error, m->getenginename()); + // ConsoleOutput("attach ERROR"); + } + return attached; +} +bool checkengine() +{ + + auto engines = check_engines(); + std::vector infomations = { + "match failed", + "attach failed", + "attach success"}; + int current = 0; + for (auto m : engines) + { + current += 1; + + bool matched = safematch(m); + bool attached = matched && safeattach(m); + + // ConsoleOutput("Progress %d/%d, checked engine %s, %s",current,total,m->getenginename(),infomations[matched+attached]); + // ConsoleOutput("Progress %d/%d, %s",current,total,infomations[matched+attached]); + if (matched == false) + continue; + ConsoleOutput(MatchedEngine, m->getenginename()); + if (m->dontstop) + { + continue; + } + + if (m->is_engine_certain) + { + ConsoleOutput(ConfirmStop, m->getenginename()); + return attached; + } + + if (attached) + { + ConsoleOutput(Attach_Stop, m->getenginename()); + return true; + } + } + + return false; +} +void HIJACK() +{ + static bool once = false; + if (once) + return; + once = true; + GetModuleFileNameW(nullptr, processPath, MAX_PATH); + processName = wcsrchr(processPath, L'\\') + 1; + + wcscpy_s(processName_lower, processName); + _wcslwr_s(processName_lower); // lower case + + std::tie(processStartAddress, processStopAddress) = Util::QueryModuleLimits(GetModuleHandleW(nullptr), 0, 1 + PAGE_NOACCESS); + spDefault.minAddress = processStartAddress; + spDefault.maxAddress = processStopAddress; + ConsoleOutput(ProcessRange, processStartAddress, processStopAddress); + + if (processStartAddress + 0x40000 > processStopAddress) + ConsoleOutput(WarningDummy); + + bool result = false; + __try + { + result = checkengine(); + } + __except (EXCEPTION_EXECUTE_HANDLER) + { + ConsoleOutput(HIJACK_ERROR); + } + + if (result == false) + { + PcHooks::hookOtherPcFunctions(); + } +} \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engines/CMakeLists.txt b/cpp/LunaHook/LunaHook/engines/CMakeLists.txt new file mode 100644 index 00000000..63c0e162 --- /dev/null +++ b/cpp/LunaHook/LunaHook/engines/CMakeLists.txt @@ -0,0 +1,4 @@ + +add_library(commonengine mono/impl_mono.cpp mono/monoil2cpp.cpp mono/impl_il2cpp.cpp ppsspp/ppsspp.cpp mages/mages.cpp v8/v8.cpp v8/httpserver.cpp python/python2.cpp python/python3.cpp python/python.cpp pchooks/pchooks.cpp lua/lua51.cpp) +target_precompile_headers(commonengine REUSE_FROM pchhook) + diff --git a/cpp/LunaHook/LunaHook/engines/emujitarg.hpp b/cpp/LunaHook/LunaHook/engines/emujitarg.hpp new file mode 100644 index 00000000..43adaf77 --- /dev/null +++ b/cpp/LunaHook/LunaHook/engines/emujitarg.hpp @@ -0,0 +1,120 @@ +#pragma once +#ifdef _WIN64 +namespace RPCS3 +{ + class emu_arg + { + hook_stack *stack; + + public: + emu_arg(hook_stack *stack_) : stack(stack_) {}; + uintptr_t operator[](int idx) + { + auto base = stack->rbx; + auto args = (uintptr_t *)(stack->rbp + 0x18 + 8 * 3); + return base + args[idx]; + } + }; +} +namespace YUZU +{ + class emu_arg + { + hook_stack *stack; + bool is64; + + public: + emu_arg(hook_stack *stack_, uint64_t em_addr = 0) : stack(stack_), is64(em_addr == 0 || em_addr > 0x80004000) {}; + uintptr_t operator[](int idx) + { + auto base = stack->r13; + if (is64) + { + auto args = (uintptr_t *)stack->r15; + return base + args[idx]; + } + else + { + // 0x204000 + auto args = (DWORD *)stack->r15; + return base + args[idx]; + } + } + }; +} +namespace VITA3K +{ + class emu_addr + { + hook_stack *stack; + DWORD addr; + + public: + emu_addr(hook_stack *stack_, DWORD addr_) : stack(stack_), addr(addr_) {}; + operator uintptr_t() + { + auto base = stack->r13; + return base + addr; + } + operator DWORD *() + { + return (DWORD *)(uintptr_t) * this; + } + }; + class emu_arg + { + hook_stack *stack; + + public: + emu_arg(hook_stack *stack_) : stack(stack_) {}; + uintptr_t operator[](int idx) + { + auto args = (uint32_t *)stack->r15; + return emu_addr(stack, args[idx]); + } + }; +} +#endif +namespace PPSSPP +{ + inline DWORD x86_baseaddr; + class emu_addr + { + hook_stack *stack; + DWORD addr; + + public: + emu_addr(hook_stack *stack_, DWORD addr_) : stack(stack_), addr(addr_) {}; + operator uintptr_t() + { +#ifndef _WIN64 + auto base = x86_baseaddr; +#else + auto base = stack->rbx; +#endif + return base + addr; + } + operator DWORD *() + { + return (DWORD *)(uintptr_t) * this; + } + }; + class emu_arg + { + hook_stack *stack; + + public: + emu_arg(hook_stack *stack_) : stack(stack_) {}; + uintptr_t operator[](int idx) + { +#ifndef _WIN64 + auto args = stack->ebp; +#else + auto args = stack->r14; +#endif + auto offR = -0x80; + auto offset = offR + 0x10 + idx * 4; + return (uintptr_t)emu_addr(stack, *(uint32_t *)(args + offset)); + } + }; +} \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engines/lua/lua51.cpp b/cpp/LunaHook/LunaHook/engines/lua/lua51.cpp new file mode 100644 index 00000000..7e085342 --- /dev/null +++ b/cpp/LunaHook/LunaHook/engines/lua/lua51.cpp @@ -0,0 +1,20 @@ +#include"lua51.h" + +bool lua51::attach_function() { + //[180330][TOUCHABLE] 想聖天使クロスエモーション外伝5 (認証回避済) + auto hlua51=GetModuleHandleW(L"lua5.1.dll"); + if(hlua51==0) + hlua51=GetModuleHandleW(L"lua51.dll"); + if(hlua51==0)return false; + auto lua_pushstring=GetProcAddress(hlua51,"lua_pushstring"); + if(lua_pushstring==0)return false; + HookParam hp; + hp.address =(uintptr_t) lua_pushstring; + hp.type = CODEC_UTF8 | USING_STRING; + hp.text_fun=[](hook_stack *stack, HookParam *hp, TextBuffer *buffer, uintptr_t *split){ + auto text=(char*)stack->ARG2; + *split=all_ascii(text); + buffer->from_cs(text); + }; + return NewHook(hp,"lua51"); +} \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engines/lua/lua51.h b/cpp/LunaHook/LunaHook/engines/lua/lua51.h new file mode 100644 index 00000000..f224b771 --- /dev/null +++ b/cpp/LunaHook/LunaHook/engines/lua/lua51.h @@ -0,0 +1,13 @@ + + +class lua51:public ENGINE{ + public: + lua51(){ + + check_by=CHECK_BY::FILE_ANY; + check_by_target=check_by_list{L"lua5.1.dll",L"lua51.dll"}; + is_engine_certain=false; + //dontstop=true; + }; + bool attach_function(); +}; \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engines/mages/mages.cpp b/cpp/LunaHook/LunaHook/engines/mages/mages.cpp new file mode 100644 index 00000000..1b7ecf06 --- /dev/null +++ b/cpp/LunaHook/LunaHook/engines/mages/mages.cpp @@ -0,0 +1,354 @@ +#include"mages/mages.h" + +namespace mages{ + + std::map createTable(int _idx) { + ConsoleOutput("%d",_idx); + auto compound_charsA=LoadResData(std::vector{ + L"compound_chars_default", + L"compound_chars_Robotics_Notes_Elite", + L"compound_chars_Robotics_Notes_Dash", + L"", + L"", + L"", + L"compound_chars_SGHD", + }[_idx],L"COMPOUND_CHARS"); + auto charsetA=LoadResData(std::vector{ + L"charset_default", + L"charset_Robotics_Notes_Elite", + L"charset_Robotics_Notes_Dash", + L"charset_Famicom_Tantei_Club", + L"charset_SINce_Memories", + L"charset_SG_My_Darlings_Embrace", + L"charset_SG_Linear_Bounded_Phenogram", + L"charset_SGHD" + }[_idx],L"CHARSET"); + + + auto compound_chars=StringToWideString(compound_charsA); + auto charset=StringToWideString(charsetA); + strReplace(charset,L"\n",L""); + strReplace(charset,L"\r",L""); + std::map table = {}; + + for (auto line : strSplit(compound_chars, L"\n")) { + auto pair = strSplit(line, L"="); + if (pair.size() != 2) continue; + auto key = pair[0].substr(1, pair[0].size() - 2); + auto val = pair[1]; + auto keys = strSplit(key, L"-"); + if (keys.size() == 1)keys.push_back(key); + size_t _; + auto start = std::stoi(keys[0], &_, 16); + auto end = std::stoi(keys[1], &_, 16); + for (auto i = start; i <= end; i++) { + auto charCode = ((i & 0xFF) << 8) | i >> 8; // swap endian + table[charCode] = val; + } + } + + + WORD charCode; + for (auto i = 0; i < charset.size(); i++) { + charCode = 0x8000 + i; + charCode = ((charCode & 0xFF) << 8) | charCode >> 8; // swap endian (0x8001 -> 0x0180) + table[charCode] = charset[i]; + } + return table; + } + +std::wstring mages_decode(WORD charCode,int _idx) { + static auto table = createTable(_idx); + if (table.find(charCode) == table.end()) { + std::wstringstream _; + _ << std::hex << charCode; + return L"[" + _.str() + L"]"; + } + else { + return table[charCode]; + } +} +std::wstring readString(uintptr_t address,int _idx) { + auto edx=address; + std::wstring s = L"", bottom = L""; + while (1) { + auto c = *(BYTE*)edx; + if (c == 0xff)break; // terminated + if (c >= 0xb0) {// b4: next page? + edx += 1; + continue; + } + if (c >= 0x80) {// readChar + auto charCode = *(WORD*)edx; + edx += 2; + s += mages_decode(charCode,_idx); + } + else {// readControl + edx += 1; + if (c == 0) { + s += L' '; + } + else if (c == 1) {// speaker + bottom = L""; + while (1) + { + auto c2 = *(BYTE*)edx; + if (c2 == 2) { + edx += 1; break; + } + else if (c2 < 0x20)edx += 1; + else { + auto charCode = *(WORD*)edx; + edx += 2; + bottom += mages_decode(charCode,_idx); + } + } + if(bottom.size()) s = s + bottom + L": "; + } + else if (c == 2) { // line + // do nothing -> back to readChar + } + else if (c == 4 || c == 0x15) { // SetColor, EvaluateExpression => SKIP + ////if (c !== 4) console.warn('Warning: ', c, hexdump(address)); + // https://github.com/CommitteeOfZero/SciAdv.Net/blob/32489cd21921079975291dbdce9151ad66f1b06a/src/SciAdvNet.SC3/Text/SC3StringDecoder.cs#L98 + // https://github.com/CommitteeOfZero/SciAdv.Net/blob/32489cd21921079975291dbdce9151ad66f1b06a/src/SciAdvNet.SC3/Text/StringSegmentCodes.cs#L3 + // https://github.com/shiiion/steinsgate_textractor/blob/master/steinsgatetextractor/sg_text_extractor.cpp#L46 + auto token = *(BYTE*)edx; // BYTE token = read_single(cur_index); + if (!token) { + edx +=1; // return cur_index + 1; + } + else { + do { + if (token & 0x80) { + switch (token & 0x60) { + case 0: + edx +=2 ; //cur_index += 2; + break; + case 0x20: + edx +=3; //cur_index += 3; + break; + case 0x40: + edx +=4; //cur_index += 4; + break; + case 0x60: + edx +=5; //cur_index += 5; + break; + default: + // impossible + break; + } + } else { + edx +=2; //cur_index += 2; + } + token = *(BYTE*)edx; //token = read_single(cur_index); + } while (token); + } + } + else if (c == 0x0C // SetFontSize + || c == 0x11 // SetTopMargin + || c == 0x12 // SetLeftMargin + || c == 0x13 // STT_GetHardcodedValue: https://github.com/CommitteeOfZero/impacto/blob/master/src/text.cpp#L43 + ) { + edx+=2; + } + else if (c == 9) { // ruby (09_text_0A_rubi_0B) + std::wstring rubi = L""; + bottom = L""; + while (true) { + auto c2 = *(BYTE*)edx; + if (c2 == 0x0A) { // rubi + edx+=1; + while (true) { + c2 = *(BYTE*)edx; + if (c2 == 0x0B) { // end rubi + // address = address.add(1); + break; // break lv2 loop + } + else if (c2 < 0x20) { // another control + edx+=1; + } + else { // rubi + auto charCode = *(WORD*)edx; + edx+=2; + + rubi += mages_decode(charCode,_idx); + } + } // end while + } + else if (c2 == 0x0B) { // end rubi + edx+=1; + break; // break lv1 loop + } + else if (c2 < 0x20) { // another control (color?) + edx+=1; + } + else { // char (text) + auto charCode = *(WORD*)edx; + edx+=2; + + auto cc = mages_decode(charCode,_idx); + bottom += cc; + s += cc; + } + } + if (rubi != L"") { + //console.log('rubi: ', rubi); + //console.log('char: ', bottom); + } + } + else { + // do nothing (one byte control) + } + } + } + return s; +} + +} + +namespace hookmages{ + + regs reg=regs::invalid; + int gametype=0; + +template +void SpecialHookMAGES(hook_stack *stack, HookParam *hp, TextBuffer *buffer, uintptr_t *split) +{ + auto edx = regof(reg,stack);//regof(edx, esp_base); + + auto s=mages::readString(edx,gametype); + + if(filter){ + static std::wstring last=L""; + if(last==s)return; + last=s; + } + buffer->from(s); +} + +bool MAGES() { +#ifndef _WIN64 + auto dialogSigOffset = 2; + BYTE dialogSig1 []={ + 0x85,XX,0x74,XX,0x83,XX,0x01,0x74,XX,0x83,XX,0x04,0x74,XX,0xc7,0x05,XX,XX,XX,XX,0x01,0x00,0x00,0x00 + }; + auto addr=MemDbg::findBytes(dialogSig1,sizeof(dialogSig1),processStartAddress,processStopAddress); + if(addr==0){ + dialogSigOffset = 3; + BYTE dialogSig2 []={ + 0x57,0x85,XX,0x74,XX,0x83,XX,0x01,0x74,XX,0x83,XX,0x04 + }; + addr=MemDbg::findBytes(dialogSig2,sizeof(dialogSig2),processStartAddress,processStopAddress); + + } + if(addr==0)return false; + auto pos = addr+dialogSigOffset; + //.text:00431D3F 74 16 jz short loc_431D57 + auto jzoff=*(BYTE*)(pos+1); + pos+=jzoff+2; + auto hookaddr=pos; + for(int i=0;i<0x200;i++){ + if(((*(BYTE*)(pos))==0x8a)){ + + switch(((*(BYTE*)(pos+1)))){ + // case 0:reg=pusha_eax_off;break; + //YU-NO + //.text:00431D63 89 0D 20 A9 BF 00 mov dword_BFA920, ecx + //在加载到内存后,有时变成89 0d 20 a9 8a 00,导致崩溃,且这个没有遇到过,故注释掉。 + case 3:reg=regs::ebx;break; + case 1:reg=regs::ecx;break; + case 2:reg=regs::edx;break; + case 6:reg=regs::esi;break; + case 7:reg=regs::edi;break; + default:reg=regs::invalid; + } + if(reg!=regs::invalid)break; + } + pos+=1; + } + if(reg==regs::invalid)return false; + ConsoleOutput("%p",pos-processStartAddress); + switch(pos-processStartAddress){ + case 0x6e69b://SG My Darling's Embrace 破解版 + case 0x6e77b://SG My Darling's Embrace + gametype=5;break; + case 0x4ef60://STEINS;GATE: Linear Bounded Phenogram + gametype=6;break; + case 0x498b0://STEINS;GATE + gametype=7;break; + case 0x9f723://Robotics;Notes-Elite + gametype=1;break; + case 0xf70a6://Robotics;Notes-Dash + gametype=2;break; + + default: + //YU-NO + //测试无效: + //Steins;Gate-0 + //Steins;Gate + //未测试: + //Steins;Gate-Elite + //Chaos;Child + //CHAOS;HEAD_NOAH + //Memories_Off_-Innocent_Fille + //Memories_Off_-Innocent_Fille-_for_Dearest + gametype=0; + } + //ConsoleOutput("%x",pos-processStartAddress); + HookParam hp; + //hp.address = hookaddr; + hp.address=hookaddr; + //想い出にかわる君 ~メモリーズオフ~ 想君:秋之回忆3在hookaddr上无法正确读取。 + //hookaddr上是没有重复的,pos上是都能读到但有重复。 + hp.text_fun = SpecialHookMAGES<0>; + hp.type = CODEC_UTF16 | USING_STRING|NO_CONTEXT; + auto _=NewHook(hp, "5pb_MAGES"); + hp.address=pos; + hp.text_fun = SpecialHookMAGES<1>; + _|=NewHook(hp, "5pb_MAGES"); + ConsoleOutput("%p %p",hookaddr,pos); + return _; + +#else + + auto dialogSigOffset = 2; + BYTE dialogSig1 []={ + 0x85,XX,0x74,XX,0x41,0x83,XX,0x01,0x74,XX,0x41,0x83,XX,0x04,0x74,XX,0x41 + }; + auto addr=MemDbg::findBytes(dialogSig1,sizeof(dialogSig1),processStartAddress,processStopAddress); + ConsoleOutput("%p",addr); + if(addr==0)return false; + auto pos = addr+dialogSigOffset; + auto jzoff=*(BYTE*)(pos+1); + pos+=jzoff+2; + auto hookaddr=pos; + // + for(int i=0;i<0x200;i++){ + //.text:000000014004116B 0F B6 13 movzx edx, byte ptr [rbx] + //->rbx + if((((*(DWORD*)(pos))&0xffffff)==0x13b60f)){ + reg=regs::rbx;//rbx + //ConsoleOutput("%p",pos-processStartAddress); + break; + } + pos+=1; + } + if(reg==regs::invalid)return false; + switch(pos-processStartAddress){ + + default: + //CHAOS;HEAD_NOAH + gametype=0; + } + HookParam hp; + hp.address=hookaddr; + hp.text_fun = SpecialHookMAGES<0>; + hp.type = CODEC_UTF16 | USING_STRING|NO_CONTEXT; + return NewHook(hp, "5pb_MAGES"); + + +#endif +} + + +} \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engines/mages/mages.h b/cpp/LunaHook/LunaHook/engines/mages/mages.h new file mode 100644 index 00000000..33c27bbf --- /dev/null +++ b/cpp/LunaHook/LunaHook/engines/mages/mages.h @@ -0,0 +1,8 @@ + +namespace mages{ + + std::wstring readString(uintptr_t address,int _idx) ; +} +namespace hookmages{ + bool MAGES(); +} \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engines/mono/def_il2cpp.hpp b/cpp/LunaHook/LunaHook/engines/mono/def_il2cpp.hpp new file mode 100644 index 00000000..7ca2b2d9 --- /dev/null +++ b/cpp/LunaHook/LunaHook/engines/mono/def_il2cpp.hpp @@ -0,0 +1,599 @@ +#pragma once + +#if _MSC_VER +typedef wchar_t Il2CppChar; +#elif __has_feature(cxx_unicode_literals) +typedef char16_t Il2CppChar; +#else +typedef uint16_t Il2CppChar; +#endif + +struct Int32Object; + +struct Boolean +{ + bool m_value; +}; + +struct Byte +{ + uint8_t m_value; +}; + +// UnityEngine.Color +struct Color_t +{ +public: + // System.Single UnityEngine.Color::r + float r; + // System.Single UnityEngine.Color::g + float g; + // System.Single UnityEngine.Color::b + float b; + // System.Single UnityEngine.Color::a + float a; +}; + +// UnityEngine.Color32 +struct Color32_t +{ +public: + // System.Single UnityEngine.Color32::rgba + unsigned int rgba; +}; + +// UnityEngine.ScreenOrientation +enum class ScreenOrientation +{ + Unknown, + Portrait, + PortraitUpsideDown, + LandscapeLeft, + LandscapeRight, + AutoRotation, + Landscape = 3 +}; + +// UnityEngine.Vector2 +struct Vector2_t +{ +public: + // System.Single UnityEngine.Vector2::x + float x; + // System.Single UnityEngine.Vector2::y + float y; +}; + +// UnityEngine.Vector2Int +struct Vector2Int_t +{ +public: + // System.Int32 UnityEngine.Vector2Int::m_X + int x; + // System.Int32 UnityEngine.Vector2Int::m_Y + int y; +}; + +// UnityEngine.Vector3 +struct Vector3_t +{ +public: + // System.Single UnityEngine.Vector3::x + float x; + // System.Single UnityEngine.Vector3::y + float y; + // System.Single UnityEngine.Vector3::z + float z; +}; + +// UnityEngine.Vector4 +struct Vector4_t +{ +public: + // System.Single UnityEngine.Vector4::x + float x; + // System.Single UnityEngine.Vector4::y + float y; + // System.Single UnityEngine.Vector4::z + float z; + // System.Single UnityEngine.Vector4::w + float w; +}; + +struct Rect_t +{ +public: + short x; + short y; + short width; + short height; +}; + +struct Resolution_t +{ +public: + int width; + int height; + int herz; +}; + +// UnityEngine.TextGenerationSettings +struct TextGenerationSettings_t +{ +public: + // UnityEngine.Font UnityEngine.TextGenerationSettings::font + void *font; + // UnityEngine.Color UnityEngine.TextGenerationSettings::color + Color_t color; + // System.Int32 UnityEngine.TextGenerationSettings::fontSize + int32_t fontSize; + // System.Single UnityEngine.TextGenerationSettings::lineSpacing + float lineSpacing; + // System.Boolean UnityEngine.TextGenerationSettings::richText + bool richText; + // System.Single UnityEngine.TextGenerationSettings::scaleFactor + float scaleFactor; + // UnityEngine.FontStyle UnityEngine.TextGenerationSettings::fontStyle + int32_t fontStyle; + // UnityEngine.TextAnchor UnityEngine.TextGenerationSettings::textAnchor + int32_t textAnchor; + // System.Boolean UnityEngine.TextGenerationSettings::alignByGeometry + bool alignByGeometry; + // System.Boolean UnityEngine.TextGenerationSettings::resizeTextForBestFit + bool resizeTextForBestFit; + // System.Int32 UnityEngine.TextGenerationSettings::resizeTextMinSize + int32_t resizeTextMinSize; + // System.Int32 UnityEngine.TextGenerationSettings::resizeTextMaxSize + int32_t resizeTextMaxSize; + // System.Boolean UnityEngine.TextGenerationSettings::updateBounds + bool updateBounds; + // UnityEngine.VerticalWrapMode UnityEngine.TextGenerationSettings::verticalOverflow + int32_t verticalOverflow; + // UnityEngine.HorizontalWrapMode UnityEngine.TextGenerationSettings::horizontalOverflow + int32_t horizontalOverflow; + // UnityEngine.Vector2 UnityEngine.TextGenerationSettings::generationExtents + Vector2_t generationExtents; + // UnityEngine.Vector2 UnityEngine.TextGenerationSettings::pivot + Vector2_t pivot; + // System.Boolean UnityEngine.TextGenerationSettings::generateOutOfBounds + bool generateOutOfBounds; +}; + +enum Il2CppTypeEnum +{ + IL2CPP_TYPE_END = 0x00, /* End of List */ + IL2CPP_TYPE_VOID = 0x01, + IL2CPP_TYPE_BOOLEAN = 0x02, + IL2CPP_TYPE_CHAR = 0x03, + IL2CPP_TYPE_I1 = 0x04, + IL2CPP_TYPE_U1 = 0x05, + IL2CPP_TYPE_I2 = 0x06, + IL2CPP_TYPE_U2 = 0x07, + IL2CPP_TYPE_I4 = 0x08, + IL2CPP_TYPE_U4 = 0x09, + IL2CPP_TYPE_I8 = 0x0a, + IL2CPP_TYPE_U8 = 0x0b, + IL2CPP_TYPE_R4 = 0x0c, + IL2CPP_TYPE_R8 = 0x0d, + IL2CPP_TYPE_STRING = 0x0e, + IL2CPP_TYPE_PTR = 0x0f, + IL2CPP_TYPE_BYREF = 0x10, + IL2CPP_TYPE_VALUETYPE = 0x11, + IL2CPP_TYPE_CLASS = 0x12, + IL2CPP_TYPE_VAR = 0x13, + IL2CPP_TYPE_ARRAY = 0x14, + IL2CPP_TYPE_GENERICINST = 0x15, + IL2CPP_TYPE_TYPEDBYREF = 0x16, + IL2CPP_TYPE_I = 0x18, + IL2CPP_TYPE_U = 0x19, + IL2CPP_TYPE_FNPTR = 0x1b, + IL2CPP_TYPE_OBJECT = 0x1c, + IL2CPP_TYPE_SZARRAY = 0x1d, + IL2CPP_TYPE_MVAR = 0x1e, + IL2CPP_TYPE_CMOD_REQD = 0x1f, + IL2CPP_TYPE_CMOD_OPT = 0x20, + IL2CPP_TYPE_INTERNAL = 0x21, + + IL2CPP_TYPE_MODIFIER = 0x40, + IL2CPP_TYPE_SENTINEL = 0x41, + IL2CPP_TYPE_PINNED = 0x45, + + IL2CPP_TYPE_ENUM = 0x55 +}; + +typedef struct Il2CppType +{ + void *dummy; + unsigned int attrs : 16; + Il2CppTypeEnum type : 8; + unsigned int num_mods : 6; + unsigned int byref : 1; + unsigned int pinned : 1; +} Il2CppType; + +typedef struct FieldInfo +{ + const char *name; + const Il2CppType *type; + void *parent; + int32_t offset; // If offset is -1, then it's thread static + uint32_t token; +} FieldInfo; + +struct MethodInfo; + +typedef struct Il2CppClass +{ + // The following fields are always valid for a Il2CppClass structure + const void *image; + void *gc_desc; + const char *name; + const char *namespaze; + Il2CppType byval_arg; + Il2CppType this_arg; + Il2CppClass *element_class; + Il2CppClass *castClass; + Il2CppClass *declaringType; + Il2CppClass *parent; + void *generic_class; + void *typeMetadataHandle; // non-NULL for Il2CppClass's constructed from type defintions + const void *interopData; + Il2CppClass *klass; // hack to pretend we are a MonoVTable. Points to ourself + // End always valid fields + + // The following fields need initialized before access. This can be done per field or as an aggregate via a call to Class::Init + FieldInfo *fields; // Initialized in SetupFields + const void *events; // Initialized in SetupEvents + const void *properties; // Initialized in SetupProperties + const MethodInfo **methods; // Initialized in SetupMethods + Il2CppClass **nestedTypes; // Initialized in SetupNestedTypes + Il2CppClass **implementedInterfaces; // Initialized in SetupInterfaces + void *interfaceOffsets; // Initialized in Init + void *static_fields; // Initialized in Init + const void *rgctx_data; // Initialized in Init + // used for fast parent checks + Il2CppClass **typeHierarchy; // Initialized in SetupTypeHierachy + // End initialization required fields + + void *unity_user_data; + + uint32_t initializationExceptionGCHandle; + + uint32_t cctor_started; + uint32_t cctor_finished; + size_t cctor_thread; + + // Remaining fields are always valid except where noted + void *genericContainerHandle; + uint32_t instance_size; // valid when size_inited is true + uint32_t actualSize; + uint32_t element_size; + int32_t native_size; + uint32_t static_fields_size; + uint32_t thread_static_fields_size; + int32_t thread_static_fields_offset; + uint32_t flags; + uint32_t token; + + uint16_t method_count; // lazily calculated for arrays, i.e. when rank > 0 + uint16_t property_count; + uint16_t field_count; + uint16_t event_count; + uint16_t nested_type_count; + uint16_t vtable_count; // lazily calculated for arrays, i.e. when rank > 0 + uint16_t interfaces_count; + uint16_t interface_offsets_count; // lazily calculated for arrays, i.e. when rank > 0 + + uint8_t typeHierarchyDepth; // Initialized in SetupTypeHierachy + uint8_t genericRecursionDepth; + uint8_t rank; + uint8_t minimumAlignment; // Alignment of this type + uint8_t naturalAligment; // Alignment of this type without accounting for packing + uint8_t packingSize; + + // this is critical for performance of Class::InitFromCodegen. Equals to initialized && !has_initialization_error at all times. + // Use Class::UpdateInitializedAndNoError to update + uint8_t initialized_and_no_error : 1; + + uint8_t valuetype : 1; + uint8_t initialized : 1; + uint8_t enumtype : 1; + uint8_t is_generic : 1; + uint8_t has_references : 1; // valid when size_inited is true + uint8_t init_pending : 1; + uint8_t size_init_pending : 1; + uint8_t size_inited : 1; + uint8_t has_finalize : 1; + uint8_t has_cctor : 1; + uint8_t is_blittable : 1; + uint8_t is_import_or_windows_runtime : 1; + uint8_t is_vtable_initialized : 1; + uint8_t has_initialization_error : 1; + void *vtable[0]; +} Il2CppClass; + +struct ParameterInfo +{ + const char *name; + int32_t position; + uint32_t token; + const Il2CppType *parameter_type; +}; + +typedef struct Il2CppGenericContainer +{ + /* index of the generic type definition or the generic method definition corresponding to this container */ + int32_t ownerIndex; // either index into Il2CppClass metadata array or Il2CppMethodDefinition array + int32_t type_argc; + /* If true, we're a generic method, otherwise a generic type definition. */ + int32_t is_method; + /* Our type parameters. */ + int32_t genericParameterStart; +} Il2CppGenericContainer; + +struct MethodInfo +{ + uintptr_t methodPointer; + uintptr_t invoker_method; + const char *name; + Il2CppClass *klass; + const Il2CppType *return_type; + const ParameterInfo *parameters; + union + { + uintptr_t rgctx_data; + uintptr_t methodDefinition; + }; + union + { + uintptr_t genericMethod; + Il2CppGenericContainer *genericContainer; + }; + uint32_t token; + uint16_t flags; + uint16_t iflags; + uint16_t slot; + uint8_t parameters_count; + uint8_t is_generic : 1; + uint8_t is_inflated : 1; + uint8_t wrapper_type : 1; + uint8_t is_marshaled_from_native : 1; +}; + +struct Il2CppObject +{ + union + { + Il2CppClass *klass; + void *vtable; + }; + void *monitor; +}; + +// not real Il2CppString class +struct Il2CppString +{ + Il2CppObject object; + int32_t length; ///< Length of string *excluding* the trailing null (which is included in 'chars'). + Il2CppChar start_char[0]; +}; + +typedef struct PropertyInfo +{ + Il2CppClass *parent; + const char *name; + const MethodInfo *get; + const MethodInfo *set; + uint32_t attrs; + uint32_t token; +} PropertyInfo; + +typedef struct Il2CppArraySize +{ + Il2CppObject obj; + void *bounds; + uintptr_t max_length; + alignas(8) void *vector[0]; +} Il2CppArraySize; + +static const size_t kIl2CppSizeOfArray = (offsetof(Il2CppArraySize, vector)); + +struct CourseBaseObjectContext +{ + Il2CppObject *coursePrefab; + Il2CppObject *courseGrassFurPrefab; + Il2CppObject *monitorRenderTexture; + Il2CppArraySize *swapTextures; + Il2CppArraySize *swapSubTextures; + Il2CppObject *postFilmSetGroup; + Il2CppObject *grassParam; +}; + +struct RaceLoaderManagerCourceContext +{ + int courseId; + int timeEnum; + int seasonEnum; + int turfGoalGate; + int turfGoalFlower; + int dirtGoalGate; + int dirtGoalFlower; + int skydomeCourseId; + int skydomeSeasonEnum; + int skydomeWeatherEnum; + int skydomeTimeEnum; + int audienceEnum; + int audienceWeatherEnum; + int audienceSeasonEnum; + int treeWeaterEnum; + int treeTimeEnum; + int RotationCategoryEnum; + int lightProbeId; + Il2CppArraySize *materialTeturePairs; + Il2CppArraySize *materialSubTexturePairs; + bool halfStartGate; + int CourseStartGateBaseId; +}; + +struct CriAtomExPlayback +{ + uint32_t id; +}; + +struct AudioPlayback +{ + CriAtomExPlayback criAtomExPlayback; + bool isError; + int soundGroup; +}; + +typedef struct Il2CppReflectionMethod Il2CppReflectionMethod; + +typedef void (*Il2CppMethodPointer)(); + +typedef void *(*InvokerMethod)(Il2CppMethodPointer, const MethodInfo *, void *, void **); + +typedef struct Il2CppDelegate +{ + Il2CppObject object; + /* The compiled code of the target method */ + Il2CppMethodPointer method_ptr; + /* The invoke code */ + InvokerMethod invoke_impl; + Il2CppObject *target; + const MethodInfo *method; + + void *delegate_trampoline; + + intptr_t extraArg; + + /* + * If non-NULL, this points to a memory location which stores the address of + * the compiled code of the method, or NULL if it is not yet compiled. + */ + uint8_t **method_code; + Il2CppReflectionMethod *method_info; + Il2CppReflectionMethod *original_method_info; + Il2CppObject *data; + + bool method_is_virtual; +} Il2CppDelegate; + +typedef struct MulticastDelegate : Il2CppDelegate +{ + Il2CppArraySize *delegates; +} MulticastDelegate; + +// UnityEngine.Quaternion +struct Quaternion_t +{ +public: + float w; + float x; + float y; + float z; +}; + +template +struct TypedField +{ + FieldInfo *Field; + + constexpr FieldInfo *operator->() const noexcept + { + return Field; + } +}; + +struct Il2CppClassHead +{ + const void *image; + void *gc_desc; + const char *name; + const char *namespaze; +}; + +struct Il2CppReflectionType +{ + Il2CppObject object; + const Il2CppType *type; +}; + +inline void **(*il2cpp_domain_get_assemblies)(void *domain, std::size_t *size); +inline Il2CppClass *(*il2cpp_class_from_name)(void *image, const char *namespaze, const char *name); +inline MethodInfo *(*il2cpp_class_get_methods)(Il2CppClass *klass, void **iter); +inline MethodInfo *(*il2cpp_class_get_method_from_name)(Il2CppClass *klass, const char *name, int argsCount); +inline MethodInfo *(*il2cpp_method_get_from_reflection)(Il2CppObject *ref); +inline const Il2CppType *(*il2cpp_method_get_param)(const MethodInfo *method, uint32_t index); +inline Il2CppObject *(*il2cpp_object_new)(Il2CppClass *klass); +inline void (*il2cpp_add_internal_call)(const char *name, uintptr_t pointer); +inline Il2CppArraySize *(*il2cpp_array_new)(Il2CppClass *klass, uintptr_t count); +inline const Il2CppType *(*il2cpp_class_get_type)(Il2CppClass *klass); +inline uint32_t (*il2cpp_class_get_type_token)(Il2CppClass *klass); +inline FieldInfo *(*il2cpp_class_get_field_from_name)(Il2CppClass *klass, const char *name); +inline void (*il2cpp_field_get_value)(Il2CppObject *obj, FieldInfo *field, void *value); +inline void (*il2cpp_field_set_value)(Il2CppObject *obj, FieldInfo *field, void *value); +inline void (*il2cpp_field_static_get_value)(FieldInfo *field, void *value); +inline void (*il2cpp_field_static_set_value)(FieldInfo *field, void *value); +inline const Il2CppType *(*il2cpp_field_get_type)(FieldInfo *field); +inline Il2CppObject *(*il2cpp_type_get_object)(const Il2CppType *type); +inline const char *(*il2cpp_image_get_name)(void *image); +inline size_t (*il2cpp_image_get_class_count)(void *image); +inline const Il2CppClass *(*il2cpp_image_get_class)(void *image, size_t index); +inline bool (*il2cpp_type_is_byref)(const Il2CppType *type); +inline uint32_t (*il2cpp_method_get_flags)(const MethodInfo *mehod, uint32_t *iflags); +inline const Il2CppType *(*il2cpp_method_get_return_type)(const MethodInfo *method); +inline Il2CppClass *(*il2cpp_class_from_type)(const Il2CppType *type); +inline const char *(*il2cpp_class_get_name)(Il2CppClass *klass); +inline const PropertyInfo *(*il2cpp_class_get_properties)(Il2CppClass *klass, void **iter); +inline bool (*il2cpp_class_is_enum)(const Il2CppClass *klass); +inline FieldInfo *(*il2cpp_class_get_fields)(Il2CppClass *klass, void **iter); +inline const char *(*il2cpp_method_get_name)(const MethodInfo *method); +inline uint32_t (*il2cpp_method_get_param_count)(const MethodInfo *method); +inline const char *(*il2cpp_method_get_param_name)(const MethodInfo *method, uint32_t index); +inline Il2CppClass *(*il2cpp_class_get_parent)(Il2CppClass *klass); +inline Il2CppClass *(*il2cpp_class_get_interfaces)(Il2CppClass *klass, void **iter); +inline const char *(*il2cpp_class_get_namespace)(Il2CppClass *klass); +inline void *(*il2cpp_class_get_image)(Il2CppClass *klass); +inline int (*il2cpp_class_get_flags)(const Il2CppClass *klass); +inline bool (*il2cpp_class_is_valuetype)(const Il2CppClass *klass); +inline uint32_t (*il2cpp_property_get_flags)(PropertyInfo *prop); +inline const MethodInfo *(*il2cpp_property_get_get_method)(const PropertyInfo *prop); +inline const MethodInfo *(*il2cpp_property_get_set_method)(const PropertyInfo *prop); +inline const char *(*il2cpp_property_get_name)(const PropertyInfo *prop); +inline Il2CppClass *(*il2cpp_property_get_parent)(const PropertyInfo *prop); +inline int (*il2cpp_field_get_flags)(FieldInfo *field); +inline const char *(*il2cpp_field_get_name)(FieldInfo *field); +inline Il2CppClass *(*il2cpp_field_get_parent)(FieldInfo *field); +inline size_t (*il2cpp_field_get_offset)(FieldInfo *field); +inline const PropertyInfo *(*il2cpp_class_get_property_from_name)(Il2CppClass *klass, const char *name); +inline void (*il2cpp_runtime_object_init)(Il2CppObject *obj); +inline Il2CppObject *(*il2cpp_value_box)(Il2CppClass *klass, void *data); +inline void *(*il2cpp_object_unbox)(Il2CppObject *obj); +inline Il2CppString *(*il2cpp_string_new_utf16)(const wchar_t *str, unsigned int len); +inline Il2CppString *(*il2cpp_string_new)(const char *str); +inline void *(*il2cpp_domain_get)(); +inline void *(*il2cpp_domain_assembly_open)(void *domain, const char *name); +inline void *(*il2cpp_assembly_get_image)(void *assembly); +inline void *(*il2cpp_resolve_icall)(const char *name); +inline void *(*il2cpp_thread_attach)(void *domain); +inline void (*il2cpp_thread_detach)(void *thread); +inline bool (*il2cpp_class_is_assignable_from)(void *klass, void *oklass); +inline void (*il2cpp_class_for_each)(void (*klassReportFunc)(Il2CppClass *klass, void *userData), void *userData); +inline void *(*il2cpp_class_get_nested_types)(void *klass, void **iter); +inline uint32_t (*il2cpp_gchandle_new)(void *obj, bool pinned); +inline void (*il2cpp_gchandle_free)(uint32_t gchandle); +inline void *(*il2cpp_gchandle_get_target)(uint32_t gchandle); +inline void (*il2cpp_runtime_class_init)(void *klass); +inline void *(*il2cpp_runtime_invoke)(MethodInfo *method, void *obj, void **params, Il2CppObject **exc); +inline Il2CppChar *(*il2cpp_string_chars)(Il2CppString *str); +inline int (*il2cpp_string_length)(Il2CppString *str); + +namespace il2cppfunctions +{ + void init(HMODULE dll); + uintptr_t get_method_pointer(const char *assemblyName, const char *namespaze, + const char *klassName, const char *name, int argsCount, bool strict); + std::optional get_string(void *); + void *create_string(std::wstring_view ws); +} \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engines/mono/def_mono.hpp b/cpp/LunaHook/LunaHook/engines/mono/def_mono.hpp new file mode 100644 index 00000000..c2b40926 --- /dev/null +++ b/cpp/LunaHook/LunaHook/engines/mono/def_mono.hpp @@ -0,0 +1,427 @@ +#pragma once + +typedef signed long SInt32; +typedef unsigned long UInt32; +typedef signed short SInt16; +typedef unsigned short UInt16; +typedef unsigned char UInt8; +typedef signed char SInt8; +typedef unsigned long long UInt64; +typedef signed long long SInt64; +#define MONO_ZERO_LEN_ARRAY 1 +#define MONO_TOKEN_TYPE_DEF 0x02000000 +#define MONO_TABLE_TYPEDEF 0x2 +struct MonoException; +struct MonoAssembly; +struct MonoClassField; +struct MonoClass; +struct MonoDomain; +struct MonoImage; +struct MonoType; +struct MonoMethodSignature; +struct MonoArray; +struct MonoThread; +struct MonoThreadsSync; +struct MonoVTable; +struct MonoProperty; +struct MonoReflectionAssembly; +struct MonoReflectionMethod; +struct MonoAppDomain; +struct MonoCustomAttrInfo; +struct MonoTableInfo; +struct MonoReflectionType +{ + UInt32 offset[2]; + MonoType *type; +}; + +typedef void *gconstpointer; +typedef void *gpointer; +typedef int gboolean; +typedef unsigned int guint32; +typedef int gint32; +typedef long gint64; +typedef unsigned char guchar; +typedef UInt16 gunichar2; + +struct MonoObject +{ + MonoVTable *vtable; + MonoThreadsSync *synchronisation; +}; + +typedef MonoObject *MonoStruct; +typedef MonoObject **MonoStruct_out; + +struct MonoString +{ + MonoObject object; + gint32 length; + gunichar2 chars[0]; +}; + +struct MonoMethod +{ + UInt16 flags; + UInt16 iflags; +}; + +typedef enum +{ + MONO_VERIFIER_MODE_OFF, + MONO_VERIFIER_MODE_VALID, + MONO_VERIFIER_MODE_VERIFIABLE, + MONO_VERIFIER_MODE_STRICT +} MiniVerifierMode; + +typedef enum +{ + MONO_SECURITY_MODE_NONE, + MONO_SECURITY_MODE_CORE_CLR, + MONO_SECURITY_MODE_CAS, + MONO_SECURITY_MODE_SMCS_HACK +} MonoSecurityMode; + +typedef void GFuncRef(void *, void *); +typedef GFuncRef *GFunc; + +typedef enum +{ + MONO_UNHANDLED_POLICY_LEGACY, + MONO_UNHANDLED_POLICY_CURRENT +} MonoRuntimeUnhandledExceptionPolicy; + +struct MonoMethodDesc +{ + char *namespace2; + char *klass; + char *name; + char *args1; + UInt32 num_args; + gboolean include_namespace, klass_glob, name_glob; +}; + +struct MonoJitInfo; +struct MonoAssemblyName; +struct MonoDebugSourceLocation; +struct MonoLoaderError; +struct MonoDlFallbackHandler; +struct LivenessState; + +struct MonoBreakPolicy; + +typedef bool (*MonoCoreClrPlatformCB)(const char *image_name); + +typedef unsigned int guint; +typedef void (*register_object_callback)(gpointer *arr, int size, void *callback_userdata); +typedef gboolean (*MonoStackWalk)(MonoMethod *method, gint32 native_offset, gint32 il_offset, gboolean managed, gpointer data); +typedef MonoBreakPolicy (*MonoBreakPolicyFunc)(MonoMethod *method); +typedef void *(*MonoDlFallbackLoad)(const char *name, int flags, char **err, void *user_data); +typedef void *(*MonoDlFallbackSymbol)(void *handle, const char *name, char **err, void *user_data); +typedef void *(*MonoDlFallbackClose)(void *handle, void *user_data); + +typedef enum +{ + MONO_TYPE_NAME_FORMAT_IL, + MONO_TYPE_NAME_FORMAT_REFLECTION, + MONO_TYPE_NAME_FORMAT_FULL_NAME, + MONO_TYPE_NAME_FORMAT_ASSEMBLY_QUALIFIED +} MonoTypeNameFormat; + +// typedef void (*vprintf_func)(const char* msg, va_list args); + +struct MonoProfiler; +typedef void (*MonoProfileFunc)(MonoProfiler *prof); + +typedef enum +{ + MONO_PROFILE_NONE = 0, + MONO_PROFILE_APPDOMAIN_EVENTS = 1 << 0, + MONO_PROFILE_ASSEMBLY_EVENTS = 1 << 1, + MONO_PROFILE_MODULE_EVENTS = 1 << 2, + MONO_PROFILE_CLASS_EVENTS = 1 << 3, + MONO_PROFILE_JIT_COMPILATION = 1 << 4, + MONO_PROFILE_INLINING = 1 << 5, + MONO_PROFILE_EXCEPTIONS = 1 << 6, + MONO_PROFILE_ALLOCATIONS = 1 << 7, + MONO_PROFILE_GC = 1 << 8, + MONO_PROFILE_THREADS = 1 << 9, + MONO_PROFILE_REMOTING = 1 << 10, + MONO_PROFILE_TRANSITIONS = 1 << 11, + MONO_PROFILE_ENTER_LEAVE = 1 << 12, + MONO_PROFILE_COVERAGE = 1 << 13, + MONO_PROFILE_INS_COVERAGE = 1 << 14, + MONO_PROFILE_STATISTICAL = 1 << 15, + MONO_PROFILE_METHOD_EVENTS = 1 << 16, + MONO_PROFILE_MONITOR_EVENTS = 1 << 17, + MONO_PROFILE_IOMAP_EVENTS = 1 << 18, /* this should likely be removed, too */ + MONO_PROFILE_GC_MOVES = 1 << 19 +} MonoProfileFlags; + +typedef enum +{ + MONO_GC_EVENT_START, + MONO_GC_EVENT_MARK_START, + MONO_GC_EVENT_MARK_END, + MONO_GC_EVENT_RECLAIM_START, + MONO_GC_EVENT_RECLAIM_END, + MONO_GC_EVENT_END, + MONO_GC_EVENT_PRE_STOP_WORLD, + MONO_GC_EVENT_POST_STOP_WORLD, + MONO_GC_EVENT_PRE_START_WORLD, + MONO_GC_EVENT_POST_START_WORLD +} MonoGCEvent; + +typedef void (*MonoProfileMethodFunc)(MonoProfiler *prof, MonoMethod *method); +typedef void (*MonoProfileGCFunc)(MonoProfiler *prof, MonoGCEvent event, int generation); +typedef void (*MonoProfileGCMoveFunc)(MonoProfiler *prof, void **objects, int num); +typedef void (*MonoProfileGCResizeFunc)(MonoProfiler *prof, gint64 new_size); +typedef void (*MonoProfileAllocFunc)(MonoProfiler *prof, MonoObject *obj, MonoClass *klass); +typedef void (*MonoProfileJitResult)(MonoProfiler *prof, MonoMethod *method, MonoJitInfo *jinfo, int result); +typedef void (*MonoProfileExceptionFunc)(MonoProfiler *prof, MonoObject *object); +typedef void (*MonoProfileExceptionClauseFunc)(MonoProfiler *prof, MonoMethod *method, int clause_type, int clause_num); +typedef void (*MonoProfileThreadFunc)(MonoProfiler *prof, uint32_t tid); + +inline void (*mono_thread_suspend_all_other_threads)(); +inline void (*mono_thread_pool_cleanup)(); +inline void (*mono_threads_set_shutting_down)(); +inline void (*mono_runtime_set_shutting_down)(); +inline gboolean (*mono_domain_finalize)(MonoDomain *domain, int timeout); +inline void (*mono_runtime_cleanup)(MonoDomain *domain); +inline MonoMethodDesc *(*mono_method_desc_new)(const char *name, gboolean include_namespace); +inline MonoMethod *(*mono_method_desc_search_in_image)(MonoMethodDesc *desc, MonoImage *image); +inline void (*mono_verifier_set_mode)(MiniVerifierMode m); +inline void (*mono_security_set_mode)(MonoSecurityMode m); +inline void (*mono_add_internal_call)(const char *name, gconstpointer method); +inline void (*mono_jit_cleanup)(MonoDomain *domain); +inline MonoDomain *(*mono_jit_init)(const char *file); +inline MonoDomain *(*mono_jit_init_version)(const char *file, const char *runtime_version); +inline int (*mono_jit_exec)(MonoDomain *domain, MonoAssembly *assembly, int argc, char *argv[]); +inline MonoClass *(*mono_class_from_name)(MonoImage *image, const char *name_space, const char *name); +inline MonoAssembly *(*mono_domain_assembly_open)(MonoDomain *domain, const char *name); +inline MonoDomain *(*mono_domain_create_appdomain)(const char *domainname, const char *configfile); +inline void (*mono_domain_unload)(MonoDomain *domain); +inline MonoObject *(*mono_object_new)(MonoDomain *domain, MonoClass *klass); +inline void (*mono_runtime_object_init)(MonoObject *this_obj); +inline MonoObject *(*mono_runtime_invoke)(MonoMethod *method, void *obj, void **params, MonoObject **exc); +inline void (*mono_field_set_value)(MonoObject *obj, MonoClassField *field, void *value); +inline void (*mono_field_get_value)(MonoObject *obj, MonoClassField *field, void *value); +inline int (*mono_field_get_offset)(MonoClassField *field); +inline MonoClassField *(*mono_class_get_fields)(MonoClass *klass, gpointer *iter); +inline MonoMethod *(*mono_class_get_methods)(MonoClass *klass, gpointer *iter); +inline MonoDomain *(*mono_domain_get)(); +inline MonoDomain *(*mono_get_root_domain)(); +inline gint32 (*mono_domain_get_id)(MonoDomain *domain); +inline void (*mono_assembly_foreach)(GFunc func, gpointer user_data); +inline void (*mono_image_close)(MonoImage *image); +inline void (*mono_unity_socket_security_enabled_set)(gboolean b); +inline const char *(*mono_image_get_name)(MonoImage *image); +inline MonoClass *(*mono_get_object_class)(); +inline void (*mono_set_commandline_arguments)(int i, const char *argv[], const char *s); +inline const char *(*mono_field_get_name)(MonoClassField *field); +inline MonoType *(*mono_field_get_type)(MonoClassField *field); +inline int (*mono_type_get_type)(MonoType *type); +inline const char *(*mono_method_get_name)(MonoMethod *method); +inline MonoImage *(*mono_assembly_get_image)(MonoAssembly *assembly); +inline MonoClass *(*mono_method_get_class)(MonoMethod *method); +inline MonoClass *(*mono_object_get_class)(MonoObject *obj); +inline gboolean (*mono_class_is_valuetype)(MonoClass *klass); +inline guint32 (*mono_signature_get_param_count)(MonoMethodSignature *sig); +inline char *(*mono_string_to_utf8)(MonoString *string_obj); +inline MonoString *(*mono_string_new_wrapper)(const char *text); +inline MonoClass *(*mono_class_get_parent)(MonoClass *klass); +inline const char *(*mono_class_get_namespace)(MonoClass *klass); +inline gboolean (*mono_class_is_subclass_of)(MonoClass *klass, MonoClass *klassc, gboolean check_interfaces); +inline const char *(*mono_class_get_name)(MonoClass *klass); +inline char *(*mono_type_get_name)(MonoType *type); +inline MonoClass *(*mono_type_get_class)(MonoType *type); +inline MonoException *(*mono_exception_from_name_msg)(MonoImage *image, const char *name_space, const char *name, const char *msg); +inline void (*mono_raise_exception)(MonoException *ex); +inline MonoClass *(*mono_get_exception_class)(); +inline MonoClass *(*mono_get_array_class)(); +inline MonoClass *(*mono_get_string_class)(); +inline MonoClass *(*mono_get_int32_class)(); +inline MonoArray *(*mono_array_new)(MonoDomain *domain, MonoClass *eclass, guint32 n); +inline MonoArray *(*mono_array_new_full)(MonoDomain *domain, MonoClass *array_class, guint32 *lengths, guint32 *lower_bounds); +inline MonoClass *(*mono_array_class_get)(MonoClass *eclass, guint32 rank); +inline gint32 (*mono_class_array_element_size)(MonoClass *ac); +inline MonoObject *(*mono_type_get_object)(MonoDomain *domain, MonoType *type); +inline MonoThread *(*mono_thread_attach)(MonoDomain *domain); +inline void (*mono_thread_detach)(MonoThread *thread); +inline MonoThread *(*mono_thread_exit)(); +inline MonoThread *(*mono_thread_current)(); +inline void (*mono_thread_set_main)(MonoThread *thread); +inline void (*mono_set_find_plugin_callback)(gconstpointer method); +inline void (*mono_security_enable_core_clr)(); +inline bool (*mono_security_set_core_clr_platform_callback)(MonoCoreClrPlatformCB a); +inline MonoRuntimeUnhandledExceptionPolicy (*mono_runtime_unhandled_exception_policy_get)(); +inline void (*mono_runtime_unhandled_exception_policy_set)(MonoRuntimeUnhandledExceptionPolicy policy); +inline MonoClass *(*mono_class_get_nesting_type)(MonoClass *klass); +inline MonoVTable *(*mono_class_vtable)(MonoDomain *domain, MonoClass *klass); +inline MonoReflectionMethod *(*mono_method_get_object)(MonoDomain *domain, MonoMethod *method, MonoClass *refclass); +inline MonoMethodSignature *(*mono_method_signature)(MonoMethod *method); +inline MonoType *(*mono_signature_get_params)(MonoMethodSignature *sig, gpointer *iter); +inline MonoType *(*mono_signature_get_return_type)(MonoMethodSignature *sig); +inline MonoType *(*mono_class_get_type)(MonoClass *klass); +inline void (*mono_set_ignore_version_and_key_when_finding_assemblies_already_loaded)(gboolean value); +inline void (*mono_debug_init)(int format); +inline void (*mono_debug_open_image_from_memory)(MonoImage *image, const char *raw_contents, int size); +inline guint32 (*mono_field_get_flags)(MonoClassField *field); +inline MonoImage *(*mono_image_open_from_data_full)(const void *data, guint32 data_len, gboolean need_copy, int *status, gboolean ref_only); +inline MonoImage *(*mono_image_open_from_data_with_name)(char *data, guint32 data_len, gboolean need_copy, int *status, gboolean refonly, const char *name); +inline MonoAssembly *(*mono_assembly_load_from)(MonoImage *image, const char *fname, int *status); +inline MonoObject *(*mono_value_box)(MonoDomain *domain, MonoClass *klass, gpointer val); +inline MonoImage *(*mono_class_get_image)(MonoClass *klass); +inline char (*mono_signature_is_instance)(MonoMethodSignature *signature); +inline MonoMethod *(*mono_method_get_last_managed)(); +inline MonoClass *(*mono_get_enum_class)(); +inline MonoType *(*mono_class_get_byref_type)(MonoClass *klass); +inline void (*mono_field_static_get_value)(MonoVTable *vt, MonoClassField *field, void *value); +inline void (*mono_unity_set_embeddinghostname)(const char *name); +inline void (*mono_set_assemblies_path)(const char *name); +inline guint32 (*mono_gchandle_new)(MonoObject *obj, gboolean pinned); +inline MonoObject *(*mono_gchandle_get_target)(guint32 gchandle); +inline guint32 (*mono_gchandle_new_weakref)(MonoObject *obj, gboolean track_resurrection); +inline MonoObject *(*mono_assembly_get_object)(MonoDomain *domain, MonoAssembly *assembly); +inline void (*mono_gchandle_free)(guint32 gchandle); +inline MonoProperty *(*mono_class_get_properties)(MonoClass *klass, gpointer *iter); +inline MonoMethod *(*mono_property_get_get_method)(MonoProperty *prop); +inline MonoObject *(*mono_object_new_alloc_specific)(MonoVTable *vtable); +inline MonoObject *(*mono_object_new_specific)(MonoVTable *vtable); +inline void (*mono_gc_collect)(int generation); +inline int (*mono_gc_max_generation)(); +inline MonoAssembly *(*mono_image_get_assembly)(MonoImage *image); +inline MonoAssembly *(*mono_assembly_open)(const char *filename, int *status); +inline gboolean (*mono_class_is_enum)(MonoClass *klass); +inline gint32 (*mono_class_instance_size)(MonoClass *klass); +inline guint32 (*mono_object_get_size)(MonoObject *obj); +inline const char *(*mono_image_get_filename)(MonoImage *image); +inline MonoAssembly *(*mono_assembly_load_from_full)(MonoImage *image, const char *fname, int *status, gboolean refonly); +inline MonoClass *(*mono_class_get_interfaces)(MonoClass *klass, gpointer *iter); +inline void (*mono_assembly_close)(MonoAssembly *assembly); +inline MonoProperty *(*mono_class_get_property_from_name)(MonoClass *klass, const char *name); +inline MonoMethod *(*mono_class_get_method_from_name)(MonoClass *klass, const char *name, int param_count); +inline MonoClass *(*mono_class_from_mono_type)(MonoType *image); +inline gboolean (*mono_domain_set)(MonoDomain *domain, gboolean force); +inline void (*mono_thread_push_appdomain_ref)(MonoDomain *domain); +inline void (*mono_thread_pop_appdomain_ref)(); +inline int (*mono_runtime_exec_main)(MonoMethod *method, MonoArray *args, MonoObject **exc); +inline MonoImage *(*mono_get_corlib)(); +inline MonoClassField *(*mono_class_get_field_from_name)(MonoClass *klass, const char *name); +inline guint32 (*mono_class_get_flags)(MonoClass *klass); +inline int (*mono_parse_default_optimizations)(const char *p); +inline void (*mono_set_defaults)(int verbose_level, guint32 opts); +inline void (*mono_set_dirs)(const char *assembly_dir, const char *config_dir); +inline void (*mono_jit_parse_options)(int argc, char *argv[]); +inline gpointer (*mono_object_unbox)(MonoObject *o); +inline MonoObject *(*mono_custom_attrs_get_attr)(MonoCustomAttrInfo *ainfo, MonoClass *attr_klass); +inline gboolean (*mono_custom_attrs_has_attr)(MonoCustomAttrInfo *ainfo, MonoClass *attr_klass); +inline MonoCustomAttrInfo *(*mono_custom_attrs_from_field)(MonoClass *klass, MonoClassField *field); +inline MonoCustomAttrInfo *(*mono_custom_attrs_from_method)(MonoMethod *method); +inline MonoCustomAttrInfo *(*mono_custom_attrs_from_class)(MonoClass *klass); +inline void (*mono_custom_attrs_free)(MonoCustomAttrInfo *attr); +inline void (*g_free)(void *p); +inline gboolean (*mono_runtime_is_shutting_down)(); +inline MonoMethod *(*mono_object_get_virtual_method)(MonoObject *obj, MonoMethod *method); +inline gpointer (*mono_jit_info_get_code_start)(MonoJitInfo *ji); +inline int (*mono_jit_info_get_code_size)(MonoJitInfo *ji); +inline MonoClass *(*mono_class_from_name_case)(MonoImage *image, const char *name_space, const char *name); +inline MonoClass *(*mono_class_get_nested_types)(MonoClass *klass, gpointer *iter); +inline int (*mono_class_get_userdata_offset)(); +inline void *(*mono_class_get_userdata)(MonoClass *klass); +inline void (*mono_class_set_userdata)(MonoClass *klass, void *userdata); +inline void (*mono_set_signal_chaining)(gboolean chain_signals); +inline void (*mono_unity_set_unhandled_exception_handler)(void *handler); +inline MonoObject *(*mono_runtime_invoke_array)(MonoMethod *method, void *obj, MonoArray *params, MonoObject **exc); +inline char *(*mono_array_addr_with_size)(MonoArray *array, int size, uintptr_t idx); +inline gunichar2 *(*mono_string_to_utf16)(MonoString *string_obj); +inline MonoClass *(*mono_field_get_parent)(MonoClassField *field); +inline char *(*mono_method_full_name)(MonoMethod *method, gboolean signature); +inline MonoObject *(*mono_object_isinst)(MonoObject *obj, MonoClass *klass); +inline MonoString *(*mono_string_new_len)(MonoDomain *domain, const char *text, guint length); +inline MonoString *(*mono_string_from_utf16)(gunichar2 *data); +inline MonoString *(*mono_string_new_utf16)(MonoDomain *domain, const gunichar2 *text, int32_t len); +inline MonoException *(*mono_get_exception_argument_null)(const char *arg); +inline MonoClass *(*mono_get_boolean_class)(); +inline MonoClass *(*mono_get_byte_class)(); +inline MonoClass *(*mono_get_char_class)(); +inline MonoClass *(*mono_get_int16_class)(); +inline MonoClass *(*mono_get_int64_class)(); +inline MonoClass *(*mono_get_single_class)(); +inline MonoClass *(*mono_get_double_class)(); +inline gboolean (*mono_class_is_generic)(MonoClass *klass); +inline gboolean (*mono_class_is_inflated)(MonoClass *klass); +inline gboolean (*unity_mono_method_is_generic)(MonoMethod *method); +inline gboolean (*unity_mono_method_is_inflated)(MonoMethod *method); +inline gboolean (*mono_is_debugger_attached)(); +inline gboolean (*mono_assembly_fill_assembly_name)(MonoImage *image, MonoAssemblyName *aname); +inline char *(*mono_stringify_assembly_name)(MonoAssemblyName *aname); +inline gboolean (*mono_assembly_name_parse)(const char *name, MonoAssemblyName *aname); +inline MonoAssembly *(*mono_assembly_loaded)(MonoAssemblyName *aname); +inline int (*mono_image_get_table_rows)(MonoImage *image, int table_id); +inline MonoClass *(*mono_class_get)(MonoImage *image, guint32 type_token); +inline gboolean (*mono_metadata_signature_equal)(MonoMethodSignature *sig1, MonoMethodSignature *sig2); +inline gboolean (*mono_gchandle_is_in_domain)(guint32 gchandle, MonoDomain *domain); +inline void (*mono_stack_walk)(MonoStackWalk func, gpointer user_data); +inline char *(*mono_pmip)(void *ip); +inline MonoObject *(*mono_runtime_delegate_invoke)(MonoObject *delegate, void **params, MonoObject **exc); +inline MonoJitInfo *(*mono_jit_info_table_find)(MonoDomain *domain, char *addr); +inline MonoDebugSourceLocation *(*mono_debug_lookup_source_location)(MonoMethod *method, guint32 address, MonoDomain *domain); +inline void (*mono_debug_free_source_location)(MonoDebugSourceLocation *location); +inline void (*mono_gc_wbarrier_generic_store)(gpointer ptr, MonoObject *value); +inline MonoType *(*mono_class_enum_basetype)(MonoClass *klass); +inline guint32 (*mono_class_get_type_token)(MonoClass *klass); +inline int (*mono_class_get_rank)(MonoClass *klass); +inline MonoClass *(*mono_class_get_element_class)(MonoClass *klass); +inline gboolean (*mono_unity_class_is_interface)(MonoClass *klass); +inline gboolean (*mono_unity_class_is_abstract)(MonoClass *klass); +inline gint32 (*mono_array_element_size)(MonoClass *ac); +inline void (*mono_config_parse)(const char *filename); +inline void (*mono_set_break_policy)(MonoBreakPolicyFunc policy_callback); +inline MonoArray *(*mono_custom_attrs_construct)(MonoCustomAttrInfo *cinfo); +inline MonoCustomAttrInfo *(*mono_custom_attrs_from_assembly)(MonoAssembly *assembly); +inline MonoArray *(*mono_reflection_get_custom_attrs_by_type)(MonoObject *obj, MonoClass *attr_klass); +inline MonoLoaderError *(*mono_loader_get_last_error)(); +inline MonoException *(*mono_loader_error_prepare_exception)(MonoLoaderError *error); +inline MonoDlFallbackHandler *(*mono_dl_fallback_register)(MonoDlFallbackLoad load_func, MonoDlFallbackSymbol symbol_func, MonoDlFallbackClose close_func, void *user_data); +inline void (*mono_dl_fallback_unregister)(MonoDlFallbackHandler *handler); +inline LivenessState *(*mono_unity_liveness_allocate_struct)(MonoClass *filter, guint max_count, register_object_callback callback, void *callback_userdata); +inline void (*mono_unity_liveness_stop_gc_world)(); +inline void (*mono_unity_liveness_finalize)(LivenessState *state); +inline void (*mono_unity_liveness_start_gc_world)(); +inline void (*mono_unity_liveness_free_struct)(LivenessState *state); +inline LivenessState *(*mono_unity_liveness_calculation_begin)(MonoClass *filter, guint max_count, register_object_callback callback, void *callback_userdata); +inline void (*mono_unity_liveness_calculation_end)(LivenessState *state); +inline void (*mono_unity_liveness_calculation_from_root)(MonoObject *root, LivenessState *state); +inline void (*mono_unity_liveness_calculation_from_statics)(LivenessState *state); +inline void (*mono_trace_set_level_string)(const char *value); +inline void (*mono_trace_set_mask_string)(char *value); +inline gint64 (*mono_gc_get_used_size)(); +inline gint64 (*mono_gc_get_heap_size)(); +inline MonoMethod *(*mono_method_desc_search_in_class)(MonoMethodDesc *desc, MonoClass *klass); +inline void (*mono_method_desc_free)(MonoMethodDesc *desc); +inline char *(*mono_type_get_name_full)(MonoType *type, MonoTypeNameFormat format); +inline void (*mono_unity_thread_clear_domain_fields)(); +inline void (*mono_profiler_install)(MonoProfiler *prof, MonoProfileFunc shutdown_callback); +inline void (*mono_profiler_set_events)(MonoProfileFlags events); +inline void (*mono_profiler_install_enter_leave)(MonoProfileMethodFunc enter, MonoProfileMethodFunc fleave); +inline void (*mono_profiler_install_gc)(MonoProfileGCFunc callback, MonoProfileGCResizeFunc heap_resize_callback); +inline void (*mono_profiler_install_allocation)(MonoProfileAllocFunc callback); +inline void (*mono_profiler_install_jit_end)(MonoProfileJitResult end); +inline void (*mono_profiler_install_exception)(MonoProfileExceptionFunc throw_callback, MonoProfileMethodFunc exc_method_leave, MonoProfileExceptionClauseFunc clause_callback); +inline void (*mono_profiler_install_thread)(MonoProfileThreadFunc start, MonoProfileThreadFunc end); +inline uint64_t *(*mono_compile_method)(MonoMethod *); +inline MonoTableInfo *(*mono_image_get_table_info)(MonoImage *, int); +inline int (*mono_table_info_get_rows)(MonoTableInfo *); +inline gunichar2 *(*mono_string_chars)(MonoString *str); +inline int (*mono_string_length)(MonoString *str); + +namespace monofunctions +{ + void init(HMODULE dll); + uintptr_t get_method_pointer(const char *assemblyName, const char *namespaze, + const char *klassName, const char *name, int argsCount, bool strict); + + std::optional get_string(void *); + void *create_string(std::wstring_view ws); +} \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engines/mono/impl_il2cpp.cpp b/cpp/LunaHook/LunaHook/engines/mono/impl_il2cpp.cpp new file mode 100644 index 00000000..58932d83 --- /dev/null +++ b/cpp/LunaHook/LunaHook/engines/mono/impl_il2cpp.cpp @@ -0,0 +1,183 @@ +#include "def_il2cpp.hpp" +namespace +{ + + Il2CppClass *get_il2cppclass1(const char *assemblyName, const char *namespaze, + const char *klassName, bool strict) + { + auto il2cpp_domain = (SafeFptr(il2cpp_domain_get))(); + if (!il2cpp_domain) + return NULL; + void *assembly = 0; + do + { + assembly = (SafeFptr(il2cpp_domain_assembly_open))(il2cpp_domain, assemblyName); + if (!assembly) + break; + auto image = (SafeFptr(il2cpp_assembly_get_image))(assembly); + if (!image) + break; + auto klass = (SafeFptr(il2cpp_class_from_name))(image, namespaze, klassName); + if (klass) + return klass; + } while (0); + if (strict) + return NULL; + + int _ = 0; + size_t sz = 0; + auto assemblies = (SafeFptr(il2cpp_domain_get_assemblies))(il2cpp_domain, &sz); + if (assemblies) + for (auto i = 0; i < sz; i++, assemblies++) + { + auto image = (SafeFptr(il2cpp_assembly_get_image))(*assemblies); + if (!image) + continue; + auto cls = (SafeFptr(il2cpp_class_from_name))(image, namespaze, klassName); + if (cls) + return cls; + } + return NULL; + } + void foreach_func(Il2CppClass *klass, void *userData) + { + auto st = (std::vector *)userData; + st->push_back(klass); + } + std::vector get_il2cppclass2(const char *namespaze, + const char *klassName) + { + std::vector maybes; + std::vector klasses; + (SafeFptr(il2cpp_class_for_each))(foreach_func, &klasses); + + for (auto klass : klasses) + { + auto classname = (SafeFptr(il2cpp_class_get_name))(klass); + if (!classname) + continue; + if (strcmp(classname, klassName) != 0) + continue; + maybes.push_back(klass); + auto namespacename = (SafeFptr(il2cpp_class_get_namespace))(klass); + if (!namespacename) + continue; + if (strlen(namespaze) && (strcmp(namespacename, namespaze) == 0)) + { + return {klass}; + } + } + return maybes; + } + struct AutoThread + { + void *thread = NULL; + AutoThread() + { + auto il2cpp_domain = (SafeFptr(il2cpp_domain_get))(); + if (!il2cpp_domain) + return; + thread = (SafeFptr(il2cpp_thread_attach))(il2cpp_domain); + } + ~AutoThread() + { + if (!thread) + return; + (SafeFptr(il2cpp_thread_detach))(thread); + } + }; + void tryprintimage(Il2CppClass *klass) + { + auto image = (SafeFptr(il2cpp_class_get_image))(klass); + if (!image) + return; + auto imagen = (SafeFptr(il2cpp_image_get_name))(image); + auto names = (SafeFptr(il2cpp_class_get_namespace))(klass); + if (imagen && names) + ConsoleOutput("%s:%s", imagen, names); + } + uintptr_t getmethodofklass(Il2CppClass *klass, const char *name, int argsCount) + { + if (!klass) + return NULL; + auto ret = (SafeFptr(il2cpp_class_get_method_from_name))(klass, name, argsCount); + if (!ret) + return NULL; + tryprintimage(klass); + return ret->methodPointer; + } +} +void il2cppfunctions::init(HMODULE game_module) +{ + RESOLVE_IMPORT(il2cpp_string_new_utf16); + RESOLVE_IMPORT(il2cpp_string_chars); + RESOLVE_IMPORT(il2cpp_string_length); + RESOLVE_IMPORT(il2cpp_image_get_name); + RESOLVE_IMPORT(il2cpp_class_get_image); + RESOLVE_IMPORT(il2cpp_string_new_utf16); + RESOLVE_IMPORT(il2cpp_string_new); + RESOLVE_IMPORT(il2cpp_domain_get); + RESOLVE_IMPORT(il2cpp_domain_assembly_open); + RESOLVE_IMPORT(il2cpp_assembly_get_image); + RESOLVE_IMPORT(il2cpp_class_from_name); + RESOLVE_IMPORT(il2cpp_class_get_methods); + RESOLVE_IMPORT(il2cpp_class_get_method_from_name); + RESOLVE_IMPORT(il2cpp_method_get_param); + RESOLVE_IMPORT(il2cpp_object_new); + RESOLVE_IMPORT(il2cpp_resolve_icall); + RESOLVE_IMPORT(il2cpp_array_new); + RESOLVE_IMPORT(il2cpp_thread_attach); + RESOLVE_IMPORT(il2cpp_thread_detach); + RESOLVE_IMPORT(il2cpp_class_get_field_from_name); + RESOLVE_IMPORT(il2cpp_class_is_assignable_from); + RESOLVE_IMPORT(il2cpp_class_for_each); + RESOLVE_IMPORT(il2cpp_class_get_nested_types); + RESOLVE_IMPORT(il2cpp_class_get_type); + RESOLVE_IMPORT(il2cpp_type_get_object); + RESOLVE_IMPORT(il2cpp_gchandle_new); + RESOLVE_IMPORT(il2cpp_gchandle_free); + RESOLVE_IMPORT(il2cpp_gchandle_get_target); + RESOLVE_IMPORT(il2cpp_class_from_type); + RESOLVE_IMPORT(il2cpp_runtime_class_init); + RESOLVE_IMPORT(il2cpp_runtime_invoke); + RESOLVE_IMPORT(il2cpp_class_get_name); + RESOLVE_IMPORT(il2cpp_class_get_namespace); + RESOLVE_IMPORT(il2cpp_domain_get_assemblies); +} +uintptr_t il2cppfunctions::get_method_pointer(const char *assemblyName, const char *namespaze, + const char *klassName, const char *name, int argsCount, bool strict) +{ + auto thread = AutoThread(); + if (!thread.thread) + return NULL; + + auto klass = get_il2cppclass1(assemblyName, namespaze, klassName, strict); // 正向查询,assemblyName可以为空 + if (klass) + return getmethodofklass(klass, name, argsCount); + if (strict) + return NULL; + auto klasses = get_il2cppclass2(namespaze, klassName); // 反向查询,namespace可以为空 + for (auto klass : klasses) + { + auto method = getmethodofklass(klass, name, argsCount); + if (method) + return method; + } + return NULL; +} + +std::optional il2cppfunctions::get_string(void *ptr) +{ + auto str = reinterpret_cast(ptr); + if (!str) + return {}; + auto wc = (SafeFptr(il2cpp_string_chars))(str); + auto len = (SafeFptr(il2cpp_string_length))(str); + if (!(wc && len)) + return {}; + return std::wstring_view(wc, len); +} +void *il2cppfunctions::create_string(std::wstring_view ws) +{ + return (SafeFptr(il2cpp_string_new_utf16))(ws.data(), ws.length()); +} \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engines/mono/impl_mono.cpp b/cpp/LunaHook/LunaHook/engines/mono/impl_mono.cpp new file mode 100644 index 00000000..bab33980 --- /dev/null +++ b/cpp/LunaHook/LunaHook/engines/mono/impl_mono.cpp @@ -0,0 +1,283 @@ +#include "def_mono.hpp" +namespace +{ + + void MonoCallBack(void *assembly, void *userData) + { + auto Image = (SafeFptr(mono_assembly_get_image))((MonoAssembly *)assembly); + if (!Image) + return; + auto st = reinterpret_cast *>(userData); + st->push_back(Image); + } + std::vector mono_loop_images() + { + std::vector images; + (SafeFptr(mono_assembly_foreach))(MonoCallBack, (void *)&images); + return images; + } + MonoClass *mono_findklassby_ass_namespace(std::vector &images, const char *_dll, const char *_namespace, const char *_class, bool strict) + { + MonoClass *maybe = NULL; + + for (auto Image : images) + { + auto tmp = (SafeFptr(mono_class_from_name))(Image, _namespace, _class); + if (!tmp) + continue; + + maybe = tmp; + auto name = (SafeFptr(mono_image_get_name))(Image); + if (!name) + continue; + if (strcmp(_dll, name) == 0) + return tmp; + } + if (strict) + return NULL; + return maybe; + } + std::vector mono_findklassby_class(std::vector &images, const char *_namespace, const char *_class) + { + + std::vector maybes; + for (auto image : images) + { + auto _1 = (SafeFptr(mono_image_get_table_info))(image, MONO_TABLE_TYPEDEF); + if (!_1) + continue; + auto tdefcount = (SafeFptr(mono_table_info_get_rows))(_1); + if (!tdefcount) + continue; + for (int i = 0; i < tdefcount; i++) + { + auto klass = (MonoClass *)(SafeFptr(mono_class_get))(image, MONO_TOKEN_TYPE_DEF | i + 1); + if (!klass) + continue; + auto name = (SafeFptr(mono_class_get_name))(klass); + if (!name) + continue; + if (strcmp(name, _class) != 0) + continue; + maybes.push_back(klass); + auto namespacename = (SafeFptr(mono_class_get_namespace))(klass); + if (!namespacename) + continue; + if (strlen(_namespace) && (strcmp(namespacename, _namespace) == 0)) + { + return {klass}; + } + } + } + return maybes; + } + void tryprintimage(MonoClass *klass) + { + auto image = (SafeFptr(mono_class_get_image))(klass); + if (!image) + return; + auto imagen = (SafeFptr(mono_image_get_name))(image); + auto names = (SafeFptr(mono_class_get_namespace))(klass); + if (imagen && names) + ConsoleOutput("%s:%s", imagen, names); + } + uintptr_t getmethodofklass(MonoClass *klass, const char *name, int argsCount) + { + if (!klass) + return NULL; + auto MonoClassMethod = (SafeFptr(mono_class_get_method_from_name))(klass, name, argsCount); + if (!MonoClassMethod) + return NULL; + tryprintimage(klass); + return (uintptr_t)(SafeFptr(mono_compile_method))(MonoClassMethod); + } + struct AutoThread + { + MonoThread *thread = NULL; + AutoThread() + { + auto _root = (SafeFptr(mono_get_root_domain))(); + if (!_root) + return; + thread = (SafeFptr(mono_thread_attach))(_root); + } + ~AutoThread() + { + if (!thread) + return; + (SafeFptr(mono_thread_detach))(thread); + } + }; +} +void monofunctions::init(HMODULE game_module) +{ + RESOLVE_IMPORT(mono_string_chars); + RESOLVE_IMPORT(mono_string_length); + RESOLVE_IMPORT(mono_table_info_get_rows); + RESOLVE_IMPORT(mono_image_get_table_info); + RESOLVE_IMPORT(mono_compile_method); + RESOLVE_IMPORT(mono_class_from_name); + RESOLVE_IMPORT(mono_domain_get); + RESOLVE_IMPORT(mono_get_root_domain); + RESOLVE_IMPORT(mono_assembly_foreach); + RESOLVE_IMPORT(mono_image_get_name); + RESOLVE_IMPORT(mono_assembly_get_image); + RESOLVE_IMPORT(mono_class_is_valuetype); + RESOLVE_IMPORT(mono_signature_get_param_count); + RESOLVE_IMPORT(mono_string_to_utf8); + RESOLVE_IMPORT(mono_string_new_wrapper); + RESOLVE_IMPORT(mono_class_get_parent); + RESOLVE_IMPORT(mono_class_get_namespace); + RESOLVE_IMPORT(mono_class_is_subclass_of); + RESOLVE_IMPORT(mono_class_get_name); + RESOLVE_IMPORT(mono_type_get_name); + RESOLVE_IMPORT(mono_type_get_class); + RESOLVE_IMPORT(mono_exception_from_name_msg); + RESOLVE_IMPORT(mono_raise_exception); + RESOLVE_IMPORT(mono_get_exception_class); + RESOLVE_IMPORT(mono_get_array_class); + RESOLVE_IMPORT(mono_get_string_class); + RESOLVE_IMPORT(mono_get_int32_class); + RESOLVE_IMPORT(mono_array_new); + RESOLVE_IMPORT(mono_array_new_full); + RESOLVE_IMPORT(mono_array_class_get); + RESOLVE_IMPORT(mono_class_array_element_size); + RESOLVE_IMPORT(mono_type_get_object); + RESOLVE_IMPORT(mono_thread_attach); + RESOLVE_IMPORT(mono_thread_detach); + RESOLVE_IMPORT(mono_thread_exit); + RESOLVE_IMPORT(mono_thread_current); + RESOLVE_IMPORT(mono_thread_set_main); + RESOLVE_IMPORT(mono_set_find_plugin_callback); + RESOLVE_IMPORT(mono_security_enable_core_clr); + RESOLVE_IMPORT(mono_security_set_core_clr_platform_callback); + RESOLVE_IMPORT(mono_runtime_unhandled_exception_policy_get); + RESOLVE_IMPORT(mono_runtime_unhandled_exception_policy_set); + RESOLVE_IMPORT(mono_class_get_nesting_type); + RESOLVE_IMPORT(mono_class_vtable); + RESOLVE_IMPORT(mono_method_get_object); + RESOLVE_IMPORT(mono_method_signature); + RESOLVE_IMPORT(mono_signature_get_params); + RESOLVE_IMPORT(mono_signature_get_return_type); + RESOLVE_IMPORT(mono_class_get_type); + RESOLVE_IMPORT(mono_set_ignore_version_and_key_when_finding_assemblies_already_loaded); + RESOLVE_IMPORT(mono_debug_init); + RESOLVE_IMPORT(mono_debug_open_image_from_memory); + RESOLVE_IMPORT(mono_field_get_flags); + RESOLVE_IMPORT(mono_image_open_from_data_full); + RESOLVE_IMPORT(mono_image_open_from_data_with_name); + RESOLVE_IMPORT(mono_assembly_load_from); + RESOLVE_IMPORT(mono_value_box); + RESOLVE_IMPORT(mono_class_get_image); + RESOLVE_IMPORT(mono_signature_is_instance); + RESOLVE_IMPORT(mono_method_get_last_managed); + RESOLVE_IMPORT(mono_get_enum_class); + RESOLVE_IMPORT(mono_class_get_byref_type); + RESOLVE_IMPORT(mono_field_static_get_value); + RESOLVE_IMPORT(mono_unity_set_embeddinghostname); + RESOLVE_IMPORT(mono_set_assemblies_path); + RESOLVE_IMPORT(mono_gchandle_new); + RESOLVE_IMPORT(mono_gchandle_get_target); + RESOLVE_IMPORT(mono_gchandle_new_weakref); + RESOLVE_IMPORT(mono_assembly_get_object); + RESOLVE_IMPORT(mono_gchandle_free); + RESOLVE_IMPORT(mono_class_get_properties); + RESOLVE_IMPORT(mono_property_get_get_method); + RESOLVE_IMPORT(mono_object_new_alloc_specific); + RESOLVE_IMPORT(mono_object_new_specific); + RESOLVE_IMPORT(mono_gc_collect); + RESOLVE_IMPORT(mono_gc_max_generation); + RESOLVE_IMPORT(mono_image_get_assembly); + RESOLVE_IMPORT(mono_assembly_open); + RESOLVE_IMPORT(mono_class_is_enum); + RESOLVE_IMPORT(mono_class_instance_size); + RESOLVE_IMPORT(mono_object_get_size); + RESOLVE_IMPORT(mono_image_get_filename); + RESOLVE_IMPORT(mono_assembly_load_from_full); + RESOLVE_IMPORT(mono_class_get_interfaces); + RESOLVE_IMPORT(mono_assembly_close); + RESOLVE_IMPORT(mono_class_get_property_from_name); + RESOLVE_IMPORT(mono_class_get_method_from_name); + RESOLVE_IMPORT(mono_class_from_mono_type); + RESOLVE_IMPORT(mono_domain_set); + RESOLVE_IMPORT(mono_thread_push_appdomain_ref); + RESOLVE_IMPORT(mono_thread_pop_appdomain_ref); + RESOLVE_IMPORT(mono_runtime_exec_main); + RESOLVE_IMPORT(mono_get_corlib); + RESOLVE_IMPORT(mono_class_get_field_from_name); + RESOLVE_IMPORT(mono_class_get_flags); + RESOLVE_IMPORT(mono_parse_default_optimizations); + RESOLVE_IMPORT(mono_set_defaults); + RESOLVE_IMPORT(mono_set_dirs); + RESOLVE_IMPORT(mono_jit_parse_options); + RESOLVE_IMPORT(mono_object_unbox); + RESOLVE_IMPORT(mono_custom_attrs_get_attr); + RESOLVE_IMPORT(mono_custom_attrs_has_attr); + RESOLVE_IMPORT(mono_custom_attrs_from_field); + RESOLVE_IMPORT(mono_custom_attrs_from_method); + RESOLVE_IMPORT(mono_custom_attrs_from_class); + RESOLVE_IMPORT(mono_custom_attrs_free); + RESOLVE_IMPORT(g_free); + RESOLVE_IMPORT(mono_runtime_is_shutting_down); + RESOLVE_IMPORT(mono_object_get_virtual_method); + RESOLVE_IMPORT(mono_jit_info_get_code_start); + RESOLVE_IMPORT(mono_jit_info_get_code_size); + RESOLVE_IMPORT(mono_class_from_name_case); + RESOLVE_IMPORT(mono_class_get_nested_types); + RESOLVE_IMPORT(mono_class_get_userdata_offset); + RESOLVE_IMPORT(mono_class_get_userdata); + RESOLVE_IMPORT(mono_class_set_userdata); + RESOLVE_IMPORT(mono_set_signal_chaining); + RESOLVE_IMPORT(mono_unity_set_unhandled_exception_handler); + RESOLVE_IMPORT(mono_runtime_invoke_array); + RESOLVE_IMPORT(mono_array_addr_with_size); + RESOLVE_IMPORT(mono_string_to_utf16); + RESOLVE_IMPORT(mono_field_get_parent); + RESOLVE_IMPORT(mono_method_full_name); + RESOLVE_IMPORT(mono_object_isinst); + RESOLVE_IMPORT(mono_string_new_len); + RESOLVE_IMPORT(mono_string_from_utf16); + RESOLVE_IMPORT(mono_class_get); + RESOLVE_IMPORT(mono_string_new_utf16); +} +uintptr_t monofunctions::get_method_pointer(const char *_dll, const char *_namespace, const char *_class, const char *_method, int paramCount, bool strict) +{ + auto thread = AutoThread(); + if (!thread.thread) + return NULL; + + auto images = mono_loop_images(); + + auto pClass = mono_findklassby_ass_namespace(images, _dll, _namespace, _class, strict); // dll可以为空 + if (pClass) + return getmethodofklass(pClass, _method, paramCount); + if (strict) + return NULL; + auto klasses = mono_findklassby_class(images, _namespace, _class); // namespace可以为空 + for (auto klass : klasses) + { + auto method = getmethodofklass(klass, _method, paramCount); + if (method) + return method; + } + return NULL; +} + +std::optional monofunctions::get_string(void *ptr) +{ + auto str = reinterpret_cast(ptr); + if (!str) + return {}; + auto wc = (SafeFptr(mono_string_chars))(str); + auto len = (SafeFptr(mono_string_length))(str); + if (!(wc && len)) + return {}; + return std::wstring_view((wchar_t *)wc, len); +} +void *monofunctions::create_string(std::wstring_view ws) +{ + auto domain = (SafeFptr(mono_domain_get))(); + if (!domain) + return nullptr; + return (SafeFptr(mono_string_new_utf16))(domain, (gunichar2 *)ws.data(), ws.length()); +} \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engines/mono/monocommon.hpp b/cpp/LunaHook/LunaHook/engines/mono/monocommon.hpp new file mode 100644 index 00000000..582abd44 --- /dev/null +++ b/cpp/LunaHook/LunaHook/engines/mono/monocommon.hpp @@ -0,0 +1,178 @@ +#include "def_mono.hpp" +#include "def_il2cpp.hpp" +#include "monostringapis.h" +namespace +{ + + void mscorlib_system_string_InternalSubString_hook_fun(hook_stack *stack, HookParam *hp, uintptr_t *data, uintptr_t *split, size_t *len) + { + uintptr_t offset = stack->ARG1; + uintptr_t startIndex = stack->ARG2; + uintptr_t length = stack->ARG3; + + MonoString *string = (MonoString *)offset; + if (string == 0) + return; + *data = (uintptr_t)(startIndex + string->chars); + if (wcslen((wchar_t *)*data) < length) + return; + *len = length * 2; + } + + /** jichi 12/26/2014 Mono + * Sample game: [141226] ハ�レ�めいと + */ + void SpecialHookMonoString(hook_stack *stack, HookParam *hp, uintptr_t *data, uintptr_t *split, size_t *len) + { + commonsolvemonostring(stack->ARG1, data, len); + +#ifndef _WIN64 + auto s = stack->ecx; + for (int i = 0; i < 0x10; i++) // traverse pointers until a non-readable address is met + if (s && !::IsBadReadPtr((LPCVOID)s, sizeof(DWORD))) + s = *(DWORD *)s; + else + break; + if (!s) + s = hp->address; + if (hp->type & USING_SPLIT) + *split = s; +#endif + } + +} + +namespace monocommon +{ + + bool monodllhook(HMODULE module) + { + HookParam hp; + const MonoFunction funcs[] = {MONO_FUNCTIONS_INITIALIZER}; + for (auto func : funcs) + { + if (FARPROC addr = GetProcAddress(module, func.functionName)) + { + hp.address = (uintptr_t)addr; + hp.type = USING_STRING | func.hookType; + hp.filter_fun = all_ascii_Filter; + hp.offset = get_stack(func.textIndex); + hp.text_fun = (decltype(hp.text_fun))func.text_fun; + ConsoleOutput("Mono: INSERT"); + NewHook(hp, func.functionName); + } + } + return true; + } + struct functioninfo + { + const char *assemblyName; + const char *namespaze; + const char *klassName; + const char *name; + int argsCount; + int argidx; + void *text_fun = nullptr; + bool Embed = false; + bool isstring = true; + std::string hookname() + { + char tmp[1024]; + sprintf(tmp, "%s:%s", klassName, name); + return tmp; + } + std::string info() + { + char tmp[1024]; + sprintf(tmp, "%s:%s:%s:%s:%d", assemblyName, namespaze, klassName, name, argsCount); + return tmp; + } + }; + bool NewHook_check(uintptr_t addr, functioninfo &hook) + { + + HookParam hp; + hp.address = addr; + hp.argidx = hook.argidx; + hp.text_fun = (decltype(hp.text_fun))hook.text_fun; + if (hook.isstring) + { + hp.type = USING_STRING | CODEC_UTF16 | FULL_STRING; + if (!hp.text_fun) + hp.type |= SPECIAL_JIT_STRING; + if (hook.Embed) + hp.type |= EMBED_ABLE; + } + else + { + hp.type = USING_CHAR | CODEC_UTF16; + } + hp.jittype = JITTYPE::UNITY; + strcpy(hp.unityfunctioninfo, hook.info().c_str()); + auto succ = NewHook(hp, hook.hookname().c_str()); +#ifdef _WIN64 + if (!succ) + { + hp.type |= BREAK_POINT; + succ |= NewHook(hp, hook.hookname().c_str()); + } +#endif + return succ; + } + std::vector commonhooks{ + {"mscorlib", "System", "String", "ToCharArray", 0, 1}, + {"mscorlib", "System", "String", "Replace", 2, 1}, + //{"mscorlib","System","String","ToString",0,1}, + // 虽然可能会有少量误伤,但这个乱码太多了,而且不知道原因,为了大多数更好,还是删了吧。 + // 一定要用的话,用特殊码:HMF1@mscorlib:System:String:ToString:0:JIT:UNITY + {"mscorlib", "System", "String", "IndexOf", 1, 1}, + {"mscorlib", "System", "String", "Substring", 2, 1, mscorlib_system_string_InternalSubString_hook_fun}, // 这个如果不加截断,对于部分游戏,会导致host.output内存占用爆炸多,直接爆内存。可能会影响部分游戏,待测试。 + {"mscorlib", "System", "String", "op_Inequality", 2, 1}, + {"mscorlib", "System", "String", "InternalSubString", 2, 1, mscorlib_system_string_InternalSubString_hook_fun}, + + {"Unity.TextMeshPro", "TMPro", "TMP_Text", "set_text", 1, 2, nullptr, true}, + {"Unity.TextMeshPro", "TMPro", "TextMeshPro", "set_text", 1, 2, nullptr, true}, + {"Unity.TextMeshPro", "TMPro", "TextMeshProUGUI", "SetText", 2, 2, nullptr, true}, + {"UnityEngine.UI", "UnityEngine.UI", "Text", "set_text", 1, 2, nullptr, true}, + {"UnityEngine.UIElementsModule", "UnityEngine.UIElements", "TextElement", "set_text", 1, 2, nullptr, true}, + {"UnityEngine.UIElementsModule", "UnityEngine.UIElements", "TextField", "set_value", 1, 2, nullptr, true}, + {"UnityEngine.TextRenderingModule", "UnityEngine", "GUIText", "set_text", 1, 2, nullptr, true}, + {"UnityEngine.TextRenderingModule", "UnityEngine", "TextMesh", "set_text", 1, 2, nullptr, true}, + {"UGUI", "", "UILabel", "set_text", 1, 2, nullptr, true}, + }; + std::vector extrahooks{ + // https://vndb.org/r37234 && https://vndb.org/r37235 + // Higurashi When They Cry Hou - Ch.2 Watanagashi && Higurashi When They Cry Hou - Ch.3 Tatarigoroshi + {"Assembly-CSharp", "Assets.Scripts.Core.TextWindow", "TextController", "SetText", 4, 3, nullptr, true}, + // 逆転裁判123 成歩堂セレクション + {"Assembly-CSharp", "", "MessageText", "Append", 1, 2, nullptr, false, false}, + }; + bool hook_mono_il2cpp() + { + for (const wchar_t *monoName : {L"mono.dll", L"mono-2.0-bdwgc.dll", L"GameAssembly.dll"}) + if (HMODULE module = GetModuleHandleW(monoName)) + { + // bool b2=monodllhook(module); + il2cppfunctions::init(module); + monofunctions::init(module); + bool succ = false; + for (auto hook : commonhooks) + { + auto addr = tryfindmonoil2cpp(hook.assemblyName, hook.namespaze, hook.klassName, hook.name, hook.argsCount); + if (!addr) + continue; + succ |= NewHook_check(addr, hook); + } + for (auto hook : extrahooks) + { + auto addr = tryfindmonoil2cpp(hook.assemblyName, hook.namespaze, hook.klassName, hook.name, hook.argsCount, true); + if (!addr) + continue; + succ |= NewHook_check(addr, hook); + } + if (succ) + return true; + } + return false; + } +} \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engines/mono/monoil2cpp.cpp b/cpp/LunaHook/LunaHook/engines/mono/monoil2cpp.cpp new file mode 100644 index 00000000..134704d7 --- /dev/null +++ b/cpp/LunaHook/LunaHook/engines/mono/monoil2cpp.cpp @@ -0,0 +1,63 @@ +#include "def_mono.hpp" +#include "def_il2cpp.hpp" +namespace +{ + std::optional readmonostring(void *ptr) + { + if (!ptr) + return {}; + MonoString *string = (MonoString *)ptr; + auto data = (wchar_t *)string->chars; + auto len = string->length; + if (!(len && data)) + return {}; + if (wcslen(data) != len) + return {}; + return std::wstring_view(data, len); + } + void *createmonostring(std::wstring_view ws, MonoString *origin) + { + auto newstring = (MonoString *)malloc(sizeof(MonoString) + ws.size() + 2); + memcpy(newstring, origin, sizeof(MonoString)); + memcpy((wchar_t *)newstring->chars, ws.data(), ws.size() * 2); + newstring->length = ws.size(); + return newstring; + } +} +void commonsolvemonostring(uintptr_t offset, uintptr_t *data, size_t *len) +{ + auto sw = il2cppfunctions::get_string((void *)offset); + if (!sw) + sw = monofunctions::get_string((void *)offset); + if (!sw) + sw = readmonostring((void *)offset); + if (!sw) + return; + auto sw_v = sw.value(); + *data = (uintptr_t)sw_v.data(); + *len = sw_v.length() * sizeof(wchar_t); + if (*len > TEXT_BUFFER_SIZE) + { + *len = 0; + return; + } +} + +void unity_ui_string_hook_after(uintptr_t *offset, void *data, size_t len) +{ + auto view = std::wstring_view((wchar_t *)data, len / 2); + auto newstring = il2cppfunctions::create_string(view); + if (!newstring) + newstring = monofunctions::create_string(view); + if (!newstring) + newstring = createmonostring(view, (MonoString *)*offset); + *offset = (uintptr_t)newstring; +} + +uintptr_t tryfindmonoil2cpp(const char *_dll, const char *_namespace, const char *_class, const char *_method, int paramCoun, bool strict) +{ + auto addr = il2cppfunctions::get_method_pointer(_dll, _namespace, _class, _method, paramCoun, strict); + if (addr) + return addr; + return monofunctions::get_method_pointer(_dll, _namespace, _class, _method, paramCoun, strict); +} \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engines/mono/monoil2cpp.h b/cpp/LunaHook/LunaHook/engines/mono/monoil2cpp.h new file mode 100644 index 00000000..3500f209 --- /dev/null +++ b/cpp/LunaHook/LunaHook/engines/mono/monoil2cpp.h @@ -0,0 +1,7 @@ +#define RESOLVE_IMPORT(name) name = (decltype(name))(GetProcAddress(game_module, #name)) + +void commonsolvemonostring(uintptr_t offset, uintptr_t *data, size_t *len); + +void unity_ui_string_hook_after(uintptr_t *offset, void *data, size_t len); + +uintptr_t tryfindmonoil2cpp(const char *_dll, const char *_namespace, const char *_class, const char *_method, int paramCoun, bool strict = false); \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engines/mono/monostringapis.h b/cpp/LunaHook/LunaHook/engines/mono/monostringapis.h new file mode 100644 index 00000000..627afce7 --- /dev/null +++ b/cpp/LunaHook/LunaHook/engines/mono/monostringapis.h @@ -0,0 +1,69 @@ +#pragma once + +// mono/funcinfo.h +// 12/26/2014 +// https://github.com/mono/mono/blob/master/mono/metadata/object.h +// http://api.xamarin.com/index.aspx?link=xhtml%3Adeploy%2Fmono-api-string.html +// http://docs.go-mono.com/index.aspx?link=xhtml%3Adeploy%2Fmono-api-string.html + +//#include "ith/import/mono/types.h" + +// MonoString* mono_string_new (MonoDomain *domain, +// const char *text); +// MonoString* mono_string_new_len (MonoDomain *domain, +// const char *text, +// guint length); +// MonoString* mono_string_new_size (MonoDomain *domain, +// gint32 len); +// MonoString* mono_string_new_utf16 (MonoDomain *domain, +// const guint16 *text, +// gint32 len); +// MonoString* mono_string_from_utf16 (gunichar2 *data); +// mono_unichar2* mono_string_to_utf16 (MonoString *s); +// char* mono_string_to_utf8 (MonoString *s); +// gboolean mono_string_equal (MonoString *s1, +// MonoString *s2); +// guint mono_string_hash (MonoString *s); +// MonoString* mono_string_intern (MonoString *str); +// MonoString* mono_string_is_interned (MonoString *o); +// MonoString* mono_string_new_wrapper (const char *text); +// gunichar2* mono_string_chars (MonoString *s); +// int mono_string_length (MonoString *s); +// gunichar2* mono_unicode_from_external (const gchar *in, gsize *bytes); +// gchar* mono_unicode_to_external (const gunichar2 *uni); +// gchar* mono_utf8_from_external (const gchar *in); + +struct MonoFunction { // argument indices start from 0 for SpecialHookMonoString, otherwise 1 + const char *functionName; + size_t textIndex; // argument index + unsigned long hookType; // HookParam type + void *text_fun;// HookParam::text_fun_t +}; + +#ifndef _WIN64 + +#define MONO_FUNCTIONS_INITIALIZER \ + { "mono_string_to_utf8", 0, CODEC_UTF16|NO_CONTEXT, SpecialHookMonoString } \ + , { "mono_string_to_utf8_checked", 0, CODEC_UTF16|NO_CONTEXT, SpecialHookMonoString } \ + , { "mono_string_to_utf16", 0, CODEC_UTF16|NO_CONTEXT, SpecialHookMonoString } \ + , { "mono_string_intern", 0, CODEC_UTF16|NO_CONTEXT, SpecialHookMonoString } \ + , { "mono_string_is_interned", 0, CODEC_UTF16|NO_CONTEXT, SpecialHookMonoString } \ + , { "mono_marshal_string_to_utf16", 0, CODEC_UTF16|NO_CONTEXT, SpecialHookMonoString } \ + , { "mono_string_hash", 0, CODEC_UTF16, SpecialHookMonoString } \ + , { "mono_string_chars", 0, CODEC_UTF16, SpecialHookMonoString } \ + , { "mono_string_length", 0, CODEC_UTF16, SpecialHookMonoString } \ + , { "mono_utf8_from_external", 1, USING_STRING|CODEC_UTF8, nullptr } \ + , { "mono_string_from_utf16", 1, CODEC_UTF16, nullptr } \ + , { "mono_unicode_from_external", 1, CODEC_UTF16, nullptr } \ + , { "mono_unicode_to_external", 1, CODEC_UTF16, nullptr } \ + , { "mono_string_new", 2, USING_STRING|CODEC_UTF8, nullptr } \ + , { "mono_string_new_wrapper", 1, USING_STRING|CODEC_UTF8, nullptr } + // , { "mono_string_new_len", 2, 3, USING_STRING | CODEC_UTF8, nullptr } \ + // , { "mono_string_new_utf16", 2, 3, CODEC_UTF16, nullptr } \ +// EOF +#else + +#define MONO_FUNCTIONS_INITIALIZER \ + { "mono_string_to_utf8", 0, USING_STRING|CODEC_UTF16|NO_CONTEXT, SpecialHookMonoString } \ + , { "mono_string_to_utf16", 0, USING_STRING|CODEC_UTF16|NO_CONTEXT, SpecialHookMonoString } +#endif \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engines/pchooks/pchooks.cpp b/cpp/LunaHook/LunaHook/engines/pchooks/pchooks.cpp new file mode 100644 index 00000000..60941984 --- /dev/null +++ b/cpp/LunaHook/LunaHook/engines/pchooks/pchooks.cpp @@ -0,0 +1,316 @@ +// pchooks.cc +// 8/1/2014 jichi + +#include "pchooks.h" +//#include + + +// 8/1/2014 jichi: Split is not used. +// Although split is specified, USING_SPLIT is not assigned. + +// Use LPASTE to convert to wchar_t +// http://bytes.com/topic/c/answers/135834-defining-wide-character-strings-macros +//#define LPASTE(s) L##s +//#define L(s) LPASTE(s) +#define NEW_HOOK(_dll, _fun, _data, _data_ind, _split_off, _split_ind, _type, _len_off) \ + { \ + HookParam hp; \ + wcsncpy_s(hp.module, _dll, MAX_MODULE_SIZE - 1); \ + strncpy_s(hp.function, #_fun, MAX_MODULE_SIZE - 1); \ + hp.offset = _data; \ + hp.index = _data_ind; \ + hp.split = _split_off; \ + hp.split_index = _split_ind; \ + hp.type = _type | MODULE_OFFSET | FUNCTION_OFFSET; \ + hp.length_offset = _len_off; \ + NewHook(hp, #_fun); \ + } + +#define NEW_MODULE_HOOK(_module, _fun, _data, _data_ind, _split_off, _split_ind, _type, _len_off) \ + { \ + HookParam hp; \ + wchar_t path[MAX_PATH]; \ + if (GetModuleFileNameW(_module, path, MAX_PATH)) \ + wcsncpy_s(hp.module, wcsrchr(path, L'\\') + 1, MAX_MODULE_SIZE - 1); \ + strncpy_s(hp.function, #_fun, MAX_MODULE_SIZE - 1); \ + hp.offset = _data; \ + hp.index = _data_ind; \ + hp.split = _split_off; \ + hp.split_index = _split_ind; \ + hp.type = _type | MODULE_OFFSET | FUNCTION_OFFSET; \ + hp.length_offset = _len_off; \ + NewHook(hp, #_fun); \ + } + +#ifndef _WIN64 +enum args { + s_retaddr = 0 + , s_arg1 = 4 * 1 // 0x4 + , s_arg2 = 4 * 2 // 0x8 + , s_arg3 = 4 * 3 // 0xc + , s_arg4 = 4 * 4 // 0x10 + , s_arg5 = 4 * 5 // 0x14 + , s_arg6 = 4 * 6 // 0x18 + , s_arg7 = 4 * 7 +}; +#else // _WIN32 +enum args { + s_retaddr = 0x0, + s_arg1 = -0x20, + s_arg2 = -0x28, + s_arg3 = -0x50, + s_arg4 = -0x58, + s_arg5 = 0x8, + s_arg6 = 0x10, + s_arg7 = 0x18 +}; +#endif // _WIN64 + +constexpr short arg_sz = (short)sizeof(void*); + +// jichi 7/17/2014: Renamed from InitDefaultHook +void PcHooks::hookGDIFunctions() +{ + // int TextHook::InitHook(LPVOID addr, DWORD data, DWORD data_ind, DWORD split_off, DWORD split_ind, WORD type, DWORD len_off) + // + // jichi 9/8/2013: Guessed meaning + // - data(off): 4 * the n-th (base 1) parameter representing the data of the string + // - len_off: + // - the n-th (base 1) parameter representing the length of the string + // - or 1 if is char + // - or 0 if detect on run time + // - type: USING_STRING if len_off != 1 else CODEC_ANSI_BE or CODEC_UTF16 + // + // Examples: + // int WINAPI lstrlenA(LPCSTR lpString) + // - data: 4 * 1 = 4, as lpString is the first + // - len_off: 0, as no parameter representing string length + // - type: CODEC_ANSI_BE, since len_off == 1 + // BOOL GetTextExtentPoint32(HDC hdc, LPCTSTR lpString, int c, LPSIZE lpSize); + // - data: 4 * 2 = 0x8, as lpString is the second + // - len_off: 3, as nCount is the 3rd parameter + // - type: USING_STRING, since len_off != 1 + // + // Note: All functions does not have NO_CONTEXT attribute and will be filtered. + + +//#define _(Name, ...) \ +// hookman[HF_##Name].InitHook(Name, __VA_ARGS__); \ +// hookman[HF_##Name].SetHookName(names[HF_##Name]); + + // Always use s_arg1 = hDC as split_off + // 7/26/2014 jichi: Why there is no USING_SPLIT type? + + // gdi32.dll + NEW_HOOK(L"gdi32.dll", GetTextExtentPoint32A, s_arg2, 0,s_arg1,0, USING_STRING, s_arg3 / arg_sz) // BOOL GetTextExtentPoint32(HDC hdc, LPCTSTR lpString, int c, LPSIZE lpSize); + NEW_HOOK(L"gdi32.dll", GetTextExtentExPointA, s_arg2, 0,s_arg1,0, USING_STRING, s_arg3 / arg_sz) // BOOL GetTextExtentExPoint(HDC hdc, LPCTSTR lpszStr, int cchString, int nMaxExtent, LPINT lpnFit, LPINT alpDx, LPSIZE lpSize); + NEW_HOOK(L"gdi32.dll", GetCharacterPlacementA, s_arg2, 0,s_arg1,0, USING_STRING, s_arg3 / arg_sz) // DWORD GetCharacterPlacement(HDC hdc, LPCTSTR lpString, int nCount, int nMaxExtent, LPGCP_RESULTS lpResults, DWORD dwFlags); + NEW_HOOK(L"gdi32.dll", GetGlyphIndicesA, s_arg2, 0,s_arg1,0, USING_STRING, s_arg3 / arg_sz) // DWORD GetGlyphIndices( HDC hdc, LPCTSTR lpstr, int c, LPWORD pgi, DWORD fl); + NEW_HOOK(L"gdi32.dll", GetGlyphOutlineA, s_arg2, 0,s_arg1,0, CODEC_ANSI_BE, 0) // DWORD GetGlyphOutline(HDC hdc, UINT uChar, UINT uFormat, LPGLYPHMETRICS lpgm, DWORD cbBuffer, LPVOID lpvBuffer, const MAT2 *lpmat2); + NEW_HOOK(L"gdi32.dll", ExtTextOutA, s_arg6, 0,s_arg1,0, USING_STRING, s_arg7 / arg_sz) // BOOL ExtTextOut(HDC hdc, int X, int Y, UINT fuOptions, const RECT *lprc, LPCTSTR lpString, UINT cbCount, const INT *lpDx); + NEW_HOOK(L"gdi32.dll", TextOutA, s_arg4, 0,s_arg1,0, USING_STRING, s_arg5 / arg_sz) // BOOL TextOut(HDC hdc, int nXStart, int nYStart, LPCTSTR lpString, int cchString); + NEW_HOOK(L"gdi32.dll", GetCharABCWidthsA, s_arg2, 0,s_arg1,0, CODEC_ANSI_BE, 0) // BOOL GetCharABCWidths(HDC hdc, UINT uFirstChar, UINT uLastChar, LPABC lpabc); + NEW_HOOK(L"gdi32.dll", GetCharABCWidthsFloatA, s_arg2, 0,s_arg1,0, CODEC_ANSI_BE, 0) // BOOL GetCharABCWidthsFloat(HDC hdc, UINT iFirstChar, UINT iLastChar, LPABCFLOAT lpABCF); + NEW_HOOK(L"gdi32.dll", GetCharWidth32A, s_arg2, 0,s_arg1,0, CODEC_ANSI_BE, 0) // BOOL GetCharWidth32(HDC hdc, UINT iFirstChar, UINT iLastChar, LPINT lpBuffer); + NEW_HOOK(L"gdi32.dll", GetCharWidthFloatA, s_arg2, 0,s_arg1,0, CODEC_ANSI_BE, 0) // BOOL GetCharWidthFloat(HDC hdc, UINT iFirstChar, UINT iLastChar, PFLOAT pxBuffer); + + NEW_HOOK(L"gdi32.dll", GetTextExtentPoint32W, s_arg2, 0,s_arg1,0, CODEC_UTF16|USING_STRING, s_arg3 / arg_sz) + NEW_HOOK(L"gdi32.dll", GetTextExtentExPointW, s_arg2, 0,s_arg1,0, CODEC_UTF16|USING_STRING, s_arg3 / arg_sz) + NEW_HOOK(L"gdi32.dll", GetCharacterPlacementW, s_arg2, 0,s_arg1,0, CODEC_UTF16|USING_STRING, s_arg3 / arg_sz) + NEW_HOOK(L"gdi32.dll", GetGlyphIndicesW, s_arg2, 0,s_arg1,0, CODEC_UTF16|USING_STRING, s_arg3 / arg_sz) + NEW_HOOK(L"gdi32.dll", GetGlyphOutlineW, s_arg2, 0,s_arg1,0, CODEC_UTF16, 0) + //ExtTextOutW全是乱码,没卵用 + //NEW_HOOK(L"gdi32.dll", ExtTextOutW, s_arg6, 0,s_arg1,0, CODEC_UTF16|USING_STRING, s_arg7 / arg_sz) + NEW_HOOK(L"gdi32.dll", TextOutW, s_arg4, 0,s_arg1,0, CODEC_UTF16|USING_STRING, s_arg5 / arg_sz) + NEW_HOOK(L"gdi32.dll", GetCharABCWidthsW, s_arg2, 0,s_arg1,0, CODEC_UTF16, 0) + NEW_HOOK(L"gdi32.dll", GetCharABCWidthsFloatW, s_arg2, 0,s_arg1,0, CODEC_UTF16, 0) + NEW_HOOK(L"gdi32.dll", GetCharWidth32W, s_arg2, 0,s_arg1,0, CODEC_UTF16, 0) + NEW_HOOK(L"gdi32.dll", GetCharWidthFloatW, s_arg2, 0,s_arg1,0, CODEC_UTF16, 0) + + // user32.dll + NEW_HOOK(L"user32.dll", DrawTextA, s_arg2, 0,s_arg1,0, USING_STRING, s_arg3 / arg_sz) // int DrawText(HDC hDC, LPCTSTR lpchText, int nCount, LPRECT lpRect, UINT uFormat); + NEW_HOOK(L"user32.dll", DrawTextExA, s_arg2, 0,s_arg1,0, USING_STRING, s_arg3 / arg_sz) // int DrawTextEx(HDC hdc, LPTSTR lpchText,int cchText, LPRECT lprc, UINT dwDTFormat, LPDRAWTEXTPARAMS lpDTParams);NEW_HOOK(L"gdi32.dll", GetTabbedTextExtentA, s_arg2, 0,s_arg1,0, USING_STRING, s_arg3 / arg_sz) // DWORD GetTabbedTextExtent(HDC hDC, LPCTSTR lpString, int nCount, int nTabPositions, const LPINT lpnTabStopPositions); + NEW_HOOK(L"user32.dll", TabbedTextOutA, s_arg4, 0, s_arg1, 0, USING_STRING, s_arg5 / arg_sz) // LONG TabbedTextOut(HDC hDC, int X, int Y, LPCTSTR lpString, int nCount, int nTabPositions, const LPINT lpnTabStopPositions, int nTabOrigin); + NEW_HOOK(L"user32.dll", GetTabbedTextExtentA, s_arg2, 0, s_arg1, 0, USING_STRING, s_arg3 / arg_sz) // DWORD GetTabbedTextExtent(HDC hDC, LPCTSTR lpString, int nCount, int nTabPositions, const LPINT lpnTabStopPositions); + + NEW_HOOK(L"user32.dll", DrawTextW, s_arg2, 0,s_arg1,0, CODEC_UTF16|USING_STRING, s_arg3 / arg_sz) + NEW_HOOK(L"user32.dll", DrawTextExW, s_arg2, 0,s_arg1,0, CODEC_UTF16|USING_STRING, s_arg3 / arg_sz) + NEW_HOOK(L"user32.dll", TabbedTextOutW, s_arg4, 0, s_arg1, 0, CODEC_UTF16|USING_STRING, s_arg5 / arg_sz) + NEW_HOOK(L"user32.dll", GetTabbedTextExtentW, s_arg2, 0, s_arg1, 0, CODEC_UTF16|USING_STRING, s_arg3 / arg_sz) +} + +// jichi 6/18/2015: GDI+ functions +void PcHooks::hookGDIPlusFunctions() +{ + HMODULE hModule = ::GetModuleHandleA("gdiplus.dll"); + if (!hModule) return; + + // gdiplus.dll + // https://msdn.microsoft.com/en-us/library/windows/desktop/ms534053%28v=vs.85%29.aspx + // https://msdn.microsoft.com/en-us/library/windows/desktop/ms534052%28v=vs.85%29.aspx + // https://msdn.microsoft.com/en-us/library/windows/desktop/ms534039%28v=vs.85%29.aspx + // Use arg1 pionter to GpGraphics as split + //using namespace Gdiplus::DllExports; + // Use arg5 style as split + NEW_MODULE_HOOK(hModule, GdipAddPathString, s_arg2, 0,s_arg5,0, CODEC_UTF16|USING_STRING, s_arg3 / arg_sz) // GpStatus WINGDIPAPI GdipAddPathString(GpPath *path, GDIPCONST WCHAR *string, INT length, GDIPCONST GpFontFamily *family, INT style, REAL emSize, GDIPCONST RectF *layoutRect, GDIPCONST GpStringFormat *format) + NEW_MODULE_HOOK(hModule, GdipAddPathStringI, s_arg2, 0,s_arg5,0, CODEC_UTF16|USING_STRING, s_arg3 / arg_sz) // GpStatus WINGDIPAPI GdipAddPathStringI(GpPath *path, GDIPCONST WCHAR *string, INT length, GDIPCONST GpFontFamily *family, INT style, REAL emSize, GDIPCONST Rect *layoutRect, GDIPCONST GpStringFormat *format) + NEW_MODULE_HOOK(hModule, GdipMeasureCharacterRanges, s_arg2, 0,s_arg1,0, CODEC_UTF16|USING_STRING, s_arg3 / arg_sz) // GpStatus WINGDIPAPI GdipMeasureCharacterRanges(GpGraphics *graphics, GDIPCONST WCHAR *string, INT length, GDIPCONST GpFont *font, GDIPCONST RectF &layoutRect, GDIPCONST GpStringFormat *stringFormat, INT regionCount, GpRegion **regions) + NEW_MODULE_HOOK(hModule, GdipDrawString, s_arg2, 0,s_arg1,0, CODEC_UTF16|USING_STRING, s_arg3 / arg_sz) // GpStatus WINGDIPAPI GdipDrawString(GpGraphics *graphics, GDIPCONST WCHAR *string, INT length, GDIPCONST GpFont *font, GDIPCONST RectF *layoutRect, GDIPCONST GpStringFormat *stringFormat, GDIPCONST GpBrush *brush); + NEW_MODULE_HOOK(hModule, GdipMeasureString, s_arg2, 0,s_arg1,0, CODEC_UTF16|USING_STRING, s_arg3 / arg_sz) // GpStatus WINGDIPAPI GdipMeasureString(GpGraphics *graphics, GDIPCONST WCHAR *string, INT length, GDIPCONST GpFont *font, GDIPCONST RectF *layoutRect, GDIPCONST GpStringFormat *stringFormat, RectF *boundingBox, INT *codepointsFitted, INT *linesFilled ) + NEW_MODULE_HOOK(hModule, GdipDrawDriverString, s_arg1, 0,s_arg3,0, CODEC_UTF16|USING_STRING, s_arg2 / arg_sz) + NEW_MODULE_HOOK(hModule, GdipMeasureDriverString, s_arg1, 0,s_arg3,0, CODEC_UTF16|USING_STRING, s_arg2 / arg_sz) +} + + +bool PcHooks::hookD3DXFunctions(HMODULE d3dxModule) +{ + if (GetProcAddress(d3dxModule, "D3DXCreateTextA")) + { + NEW_MODULE_HOOK(d3dxModule, D3DXCreateTextA, s_arg3, 0, 0, 0, USING_STRING, 0) + NEW_MODULE_HOOK(d3dxModule, D3DXCreateTextW, s_arg3, 0, 0, 0, USING_STRING|CODEC_UTF16, 0) + } + + // Second call in D3DX(10)CreateFontIndirect is D3DXFont constructor, which sets up the vtable + // Call it to set up the vtable then extract the function addresses from that vtable + uintptr_t createFont = (uintptr_t)GetProcAddress(d3dxModule, "D3DXCreateFontIndirectA"); + if (!createFont) createFont = (uintptr_t)GetProcAddress(d3dxModule, "D3DX10CreateFontIndirectA"); + if (!createFont) { + ConsoleOutput("D3DX failed: couldn't find entry function"); + return false; + } + + struct D3DXFont + { + uintptr_t(*vtable)[20]; + DWORD data[2000]; + } font; + for (int i = 0, calls = 0; i < 100; ++i) + { + if (*(BYTE*)(createFont + i) == 0xe8) ++calls; + if (calls == 2) + { + union + { + void(D3DXFont::*ctor)(); + uintptr_t addr; + } fuckTheTypeSystem; + fuckTheTypeSystem.addr = *(DWORD*)(createFont + i + 1) + createFont + i + 5; + (font.*(fuckTheTypeSystem.ctor))(); + + HookParam hp; + hp.address = (*font.vtable)[14]; + hp.offset = s_arg3; + hp.length_offset = s_arg4 / arg_sz; + hp.type = USING_STRING; + auto suc=NewHook(hp, "ID3DXFont::DrawTextA"); + hp.address = (*font.vtable)[15]; + hp.type = USING_STRING | CODEC_UTF16; + suc|=NewHook(hp, "ID3DXFont::DrawTextW"); + return suc; + } + } + ConsoleOutput("D3DX failed: couldn't find vtable"); + return false; +} + +// jichi 10/2/2013 +// Note: All functions does not have NO_CONTEXT attribute and will be filtered. +void PcHooks::hookOtherPcFunctions() +{ + // int TextHook::InitHook(LPVOID addr, DWORD data, DWORD data_ind, DWORD split_off, DWORD split_ind, WORD type, DWORD len_off) + + // http://msdn.microsoft.com/en-us/library/78zh94ax.aspx + // int WINAPI lstrlen(LPCTSTR lpString); + // Lstr functions usually extracts rubbish, and might crash certain games like 「Magical Marriage Lunatics!!」 + // Needed by Gift + // Use arg1 address for both split and data + NEW_HOOK(L"kernel32.dll", lstrlenA, s_arg1, 0,s_arg1,0, USING_STRING, 0) // 9/8/2013 jichi: int WINAPI lstrlen(LPCTSTR lpString); + NEW_HOOK(L"kernel32.dll", lstrcpyA, s_arg2, 0,0,0, USING_STRING, 0) + NEW_HOOK(L"kernel32.dll", lstrcpynA, s_arg2, 0,0,0, USING_STRING, 0) + + NEW_HOOK(L"kernel32.dll", lstrlenW, s_arg1, 0,s_arg1,0, CODEC_UTF16|USING_STRING, 0) // 9/8/2013 jichi: add lstrlen + NEW_HOOK(L"kernel32.dll", lstrcpyW, s_arg2, 0,0,0, CODEC_UTF16|USING_STRING, 0) + NEW_HOOK(L"kernel32.dll", lstrcpynW, s_arg2, 0,0,0, CODEC_UTF16|USING_STRING, 0) + + // size_t strlen(const char *str); + // size_t strlen_l(const char *str, _locale_t locale); + // size_t wcslen(const wchar_t *str); + // size_t wcslen_l(const wchar_t *str, _locale_t locale); + // size_t _mbslen(const unsigned char *str); + // size_t _mbslen_l(const unsigned char *str, _locale_t locale); + // size_t _mbstrlen(const char *str); + // size_t _mbstrlen_l(const char *str, _locale_t locale); + + // http://msdn.microsoft.com/en-us/library/ex0hs2ad.aspx + // Needed by 娘姉妹 + // + // + // char *_strinc(const char *current, _locale_t locale); + // wchar_t *_wcsinc(const wchar_t *current, _locale_t locale); + // + // unsigned char *_mbsinc(const unsigned char *current); + // unsigned char *_mbsinc_l(const unsigned char *current, _locale_t locale); + //_(L"_strinc", _strinc, 4, 0,4,0, USING_STRING, 0) // 12/13/2013 jichi + //_(L"_wcsinc", _wcsinc, 4, 0,4,0, CODEC_UTF16|USING_STRING, 0) + + // 12/1/2013 jichi: + // AlterEgo + // http://tieba.baidu.com/p/2736475133 + // http://www.hongfire.com/forum/showthread.php/36807-AGTH-text-extraction-tool-for-games-translation/page355 + // + // MultiByteToWideChar + // http://blgames.proboards.com/thread/265 + // + // WideCharToMultiByte + // http://www.hongfire.com/forum/showthread.php/36807-AGTH-text-extraction-tool-for-games-translation/page156 + // + // int MultiByteToWideChar( + // _In_ UINT CodePage, + // _In_ DWORD dwFlags, + // _In_ LPCSTR lpMultiByteStr, // hook here + // _In_ int cbMultiByte, + // _Out_opt_ LPWSTR lpWideCharStr, + // _In_ int cchWideChar + // ); + // int WideCharToMultiByte( + // _In_ UINT CodePage, + // _In_ DWORD dwFlags, + // _In_ LPCWSTR lpWideCharStr, + // _In_ int cchWideChar, + // _Out_opt_ LPSTR lpMultiByteStr, + // _In_ int cbMultiByte, + // _In_opt_ LPCSTR lpDefaultChar, + // _Out_opt_ LPBOOL lpUsedDefaultChar + // ); + + // 2/29/2020 Artikash: TODO: Sort out what to do for string comparison functions + // http://sakuradite.com/topic/159 + NEW_HOOK(L"kernel32.dll", MultiByteToWideChar, s_arg3, 0,4,0, USING_STRING, s_arg4 / arg_sz) + NEW_HOOK(L"kernel32.dll", WideCharToMultiByte, s_arg3, 0,4,0, CODEC_UTF16|USING_STRING, s_arg4 / arg_sz) + + NEW_HOOK(L"kernel32.dll", GetStringTypeA, s_arg3, 0, 0, 0, USING_STRING, s_arg4 / arg_sz) + NEW_HOOK(L"kernel32.dll", GetStringTypeExA, s_arg3, 0, 0, 0, USING_STRING, s_arg4 / arg_sz) + NEW_HOOK(L"kernel32.dll", FoldStringA, s_arg2, 0, 0, 0, USING_STRING, s_arg3 / arg_sz) + NEW_HOOK(L"kernel32.dll", GetStringTypeW, s_arg2, 0, 0, 0, CODEC_UTF16|USING_STRING, s_arg3 / arg_sz) + NEW_HOOK(L"kernel32.dll", GetStringTypeExW, s_arg3, 0, 0, 0, CODEC_UTF16|USING_STRING, s_arg4 / arg_sz) + NEW_HOOK(L"kernel32.dll", FoldStringW, s_arg2, 0, 0, 0, CODEC_UTF16|USING_STRING, s_arg3 / arg_sz) + + NEW_HOOK(L"user32.dll", CharNextA, s_arg1, 0,0,0, DATA_INDIRECT, 0) // LPTSTR WINAPI CharNext(_In_ LPCTSTR lpsz); + NEW_HOOK(L"user32.dll", CharNextW, s_arg1, 0,0,0, CODEC_UTF16|DATA_INDIRECT, 0) + NEW_HOOK(L"user32.dll", CharPrevA, s_arg1, 0,0,0, DATA_INDIRECT, 0) // LPTSTR WINAPI CharPrev(_In_ LPCTSTR lpszStart, _In_ LPCTSTR lpszCurrent); + NEW_HOOK(L"user32.dll", CharPrevW, s_arg1, 0,0,0, CODEC_UTF16|DATA_INDIRECT, 0) + NEW_HOOK(L"user32.dll", CharNextExA, s_arg2, 0,0,0, DATA_INDIRECT, 0) // LPSTR WINAPI CharNextExA(_In_ WORD CodePage, _In_ LPCSTR lpCurrentChar, _In_ DWORD dwFlags); + NEW_HOOK(L"user32.dll", CharPrevExA, s_arg2, 0,0,0, CODEC_UTF16|DATA_INDIRECT, 0) + + //トキノ戦華 + NEW_HOOK(L"user32.dll", wvsprintfA, s_arg2, 0,0,0, USING_STRING, 0) + NEW_HOOK(L"user32.dll", wvsprintfW, s_arg2, 0,0,0, CODEC_UTF16|USING_STRING, 0) + + if (HMODULE module = GetModuleHandleW(L"OLEAUT32.dll")) + { + NEW_MODULE_HOOK(module, SysAllocString, s_arg1, 0, 0, 0, CODEC_UTF16|USING_STRING, 0) + NEW_MODULE_HOOK(module, SysAllocStringLen, s_arg1, 0, 0, 0, CODEC_UTF16|USING_STRING|KNOWN_UNSTABLE, s_arg2 / arg_sz) + } +} + +// EOF diff --git a/cpp/LunaHook/LunaHook/engines/pchooks/pchooks.h b/cpp/LunaHook/LunaHook/engines/pchooks/pchooks.h new file mode 100644 index 00000000..8a66d6fc --- /dev/null +++ b/cpp/LunaHook/LunaHook/engines/pchooks/pchooks.h @@ -0,0 +1,17 @@ +#pragma once + +// pchooks.h +// 8/1/2014 jichi + +#include + +namespace PcHooks { + +void hookGDIFunctions(); +void hookGDIPlusFunctions(); +bool hookD3DXFunctions(HMODULE d3dxModule); +void hookOtherPcFunctions(); + +} // namespace PcHooks + +// EOF diff --git a/cpp/LunaHook/LunaHook/engines/ppsspp/ppsspp.cpp b/cpp/LunaHook/LunaHook/engines/ppsspp/ppsspp.cpp new file mode 100644 index 00000000..11696ba9 --- /dev/null +++ b/cpp/LunaHook/LunaHook/engines/ppsspp/ppsspp.cpp @@ -0,0 +1,609 @@ + +#include "psputils.hpp" +#include "specialgames.hpp" +// See: https://github.com/hrydgard/ppsspp + +// Core/HLE (High Level Emulator) +// - sceCcc +// #void sceCccSetTable(u32 jis2ucs, u32 ucs2jis) +// int sceCccUTF8toUTF16(u32 dstAddr, u32 dstSize, u32 srcAddr) +// int sceCccUTF8toSJIS(u32 dstAddr, u32 dstSize, u32 srcAddr) +// int sceCccUTF16toUTF8(u32 dstAddr, u32 dstSize, u32 srcAddr) +// int sceCccUTF16toSJIS(u32 dstAddr, u32 dstSize, u32 srcAddr) +// int sceCccSJIStoUTF8(u32 dstAddr, u32 dstSize, u32 srcAddr) +// int sceCccSJIStoUTF16(u32 dstAddr, u32 dstSize, u32 srcAddr) +// int sceCccStrlenUTF8(u32 strAddr) +// int sceCccStrlenUTF16(u32 strAddr) +// int sceCccStrlenSJIS(u32 strAddr) +// u32 sceCccEncodeUTF8(u32 dstAddrAddr, u32 ucs) +// void sceCccEncodeUTF16(u32 dstAddrAddr, u32 ucs) +// u32 sceCccEncodeSJIS(u32 dstAddrAddr, u32 jis) +// u32 sceCccDecodeUTF8(u32 dstAddrAddr) +// u32 sceCccDecodeUTF16(u32 dstAddrAddr) +// u32 sceCccDecodeSJIS(u32 dstAddrAddr) +// int sceCccIsValidUTF8(u32 c) +// int sceCccIsValidUTF16(u32 c) +// int sceCccIsValidSJIS(u32 c) +// int sceCccIsValidUCS2(u32 c) +// int sceCccIsValidUCS4(u32 c) +// int sceCccIsValidJIS(u32 c) +// int sceCccIsValidUnicode(u32 c) +// #u32 sceCccSetErrorCharUTF8(u32 c) +// #u32 sceCccSetErrorCharUTF16(u32 c) +// #u32 sceCccSetErrorCharSJIS(u32 c) +// u32 sceCccUCStoJIS(u32 c, u32 alt) +// u32 sceCccJIStoUCS(u32 c, u32 alt) +// - sceFont: search charCode +// int sceFontGetCharInfo(u32 fontHandle, u32 charCode, u32 charInfoPtr) +// int sceFontGetShadowInfo(u32 fontHandle, u32 charCode, u32 charInfoPtr) +// int sceFontGetCharImageRect(u32 fontHandle, u32 charCode, u32 charRectPtr) +// int sceFontGetShadowImageRect(u32 fontHandle, u32 charCode, u32 charRectPtr) +// int sceFontGetCharGlyphImage(u32 fontHandle, u32 charCode, u32 glyphImagePtr) +// int sceFontGetCharGlyphImage_Clip(u32 fontHandle, u32 charCode, u32 glyphImagePtr, int clipXPos, int clipYPos, int clipWidth, int clipHeight) +// #int sceFontSetAltCharacterCode(u32 fontLibHandle, u32 charCode) +// int sceFontGetShadowGlyphImage(u32 fontHandle, u32 charCode, u32 glyphImagePtr) +// int sceFontGetShadowGlyphImage_Clip(u32 fontHandle, u32 charCode, u32 glyphImagePtr, int clipXPos, int clipYPos, int clipWidth, int clipHeight) +// - sceKernelInterrupt +// u32 sysclib_strcat(u32 dst, u32 src) +// int sysclib_strcmp(u32 dst, u32 src) +// u32 sysclib_strcpy(u32 dst, u32 src) +// u32 sysclib_strlen(u32 src) +// +// Sample debug string: +// 006EFD8E PUSH PPSSPPWi.00832188 ASCII "sceCccEncodeSJIS(%08x, U+%04x)" +// Corresponding source code in sceCcc: +// ERROR_LOG(HLE, "sceCccEncodeSJIS(%08x, U+%04x): invalid pointer", dstAddrAddr, jis); + +struct PPSSPPFunction +{ + const char *hookName; // hook name + int argIndex; // argument index + uint64_t hookType; // hook parameter type + int hookSplit; // hook parameter split, positive: stack, negative: registers + const char *pattern; // debug string used within the function +}; + +namespace +{ + uintptr_t findleapushaddr(uintptr_t addr) + { +#ifndef _WIN64 + addr = MemDbg::findPushAddress(addr, processStartAddress, processStopAddress); + if (!addr) + return NULL; + addr = SafeFindEnclosingAlignedFunction(addr, 0x200); +#else + addr = MemDbg::findleaaddr(addr, processStartAddress, processStopAddress); + + if (!addr) + return NULL; + + BYTE sig1[] = { + 0xCC, + 0x48, 0x89, XX, 0x24, XX}; + BYTE sig2[] = { + 0xC3, + 0x48, 0x89, XX, 0x24, XX}; + BYTE sig3[] = { + 0xCC, + 0x89, XX, 0x24, XX4}; + BYTE sig4[] = { + 0xC3, + 0x89, XX, 0x24, XX}; + int idx = 0; + uintptr_t maxaddr = 0; + for (auto sig : {sig1, sig2, sig3, sig4}) + { + idx += 1; + maxaddr = max(maxaddr, reverseFindBytes(sig, (idx > 2) ? 5 : 6, addr - 0x500, addr, 1, true)); + } + maxaddr = max(maxaddr, MemDbg::findEnclosingAlignedFunction_strict(addr, 0x500)); + + addr = maxaddr; +#endif + return addr; + } +} + +bool InsertPPSSPPHLEHooks() +{ + auto functions = std::vector{ + + // https://github.com/hrydgard/ppsspp/blob/master/Core/HLE/sceCcc.cpp + {"sceCccStrlenSJIS", GETARG1, USING_STRING, 0, "sceCccStrlenSJIS("}, + {"sceCccStrlenUTF8", GETARG1, CODEC_UTF8 | USING_STRING, 0, "sceCccStrlenUTF8("}, + {"sceCccStrlenUTF16", GETARG1, CODEC_UTF16 | USING_STRING, 0, "sceCccStrlenUTF16("}, + + {"sceCccSJIStoUTF8", GETARG3, USING_STRING, 0, "sceCccSJIStoUTF8("}, + {"sceCccSJIStoUTF16", GETARG3, USING_STRING, 0, "sceCccSJIStoUTF16("}, + {"sceCccUTF8toSJIS", GETARG3, CODEC_UTF8 | USING_STRING, 0, "sceCccUTF8toSJIS("}, + {"sceCccUTF8toUTF16", GETARG3, CODEC_UTF8 | USING_STRING, 0, "sceCccUTF8toUTF16("}, + {"sceCccUTF16toSJIS", GETARG3, CODEC_UTF16 | USING_STRING, 0, "sceCccUTF16toSJIS("}, + {"sceCccUTF16toUTF8", GETARG3, CODEC_UTF16 | USING_STRING, 0, "sceCccUTF16toUTF8("}, + + // https://github.com/hrydgard/ppsspp/blob/master/Core/HLE/sceFont.cpp + {"sceFontGetCharInfo", GETARG2, CODEC_UTF16, GETARG1, "sceFontGetCharInfo("}, + {"sceFontGetShadowInfo", GETARG2, CODEC_UTF16, GETARG1, "sceFontGetShadowInfo("}, + {"sceFontGetCharImageRect", GETARG2, CODEC_UTF16, GETARG1, "sceFontGetCharImageRect("}, + {"sceFontGetShadowImageRect", GETARG2, CODEC_UTF16, GETARG1, "sceFontGetShadowImageRect("}, + {"sceFontGetCharGlyphImage", GETARG2, CODEC_UTF16, GETARG1, "sceFontGetCharGlyphImage("}, + {"sceFontGetCharGlyphImage_Clip", GETARG2, CODEC_UTF16, GETARG1, "sceFontGetCharGlyphImage_Clip("}, + {"sceFontGetShadowGlyphImage", GETARG2, CODEC_UTF16, GETARG1, "sceFontGetShadowGlyphImage("}, + {"sceFontGetShadowGlyphImage_Clip", GETARG2, CODEC_UTF16, GETARG1, "sceFontGetShadowGlyphImage_Clip("}, + + // https://github.com/hrydgard/ppsspp/blob/master/Core/HLE/sceKernelInterrupt.cpp + {"sysclib_strcat", GETARG2, USING_STRING, 0, "Untested sysclib_strcat("}, + {"sysclib_strcpy", GETARG2, USING_STRING, 0, "Untested sysclib_strcpy("}, + {"sysclib_strlen", GETARG1, USING_STRING, 0, "Untested sysclib_strlen("} + + // Disabled as I am not sure how to deal with the source string + //, { "sceCccEncodeSJIS", 2, USING_STRING, 0, "sceCccEncodeSJIS(" } + //, { "sceCccEncodeUTF8", 2, CODEC_UTF8, 0, "sceCccEncodeUTF8(" } + //, { "sceCccEncodeUTF16", 2, CODEC_UTF16, 0, "sceCccEncodeUTF16(" } + //, { "sysclib_strcmp", 2, USING_STRING, 0, "Untested sysclib_strcmp(" } + }; + auto succ = false; + for (auto &&function : functions) + { + auto addr = MemDbg::findBytes(function.pattern, ::strlen(function.pattern), processStartAddress, processStopAddress); + if (!addr) + continue; + addr = findleapushaddr(addr); + + if (!addr) + continue; + HookParam hp; + hp.address = addr; + hp.type = function.hookType; + hp.offset = function.argIndex; + hp.split = function.hookSplit; + if (hp.split) + hp.type |= USING_SPLIT; + succ |= NewHook(hp, function.hookName); + } + return succ; +} +#if 0 +bool PPSSPPinithooksearch(){ + bool found = false; + SYSTEM_INFO systemInfo; + GetNativeSystemInfo(&systemInfo); + for (BYTE* probe = NULL; probe < systemInfo.lpMaximumApplicationAddress;) + { + MEMORY_BASIC_INFORMATION info; + if (!VirtualQuery(probe, &info, sizeof(info))) + { + probe += systemInfo.dwPageSize; + } + else + { + if (info.RegionSize == 0x1f00000 && info.Protect == PAGE_READWRITE && info.Type == MEM_MAPPED) + { + found = true; + ConsoleOutput("PPSSPP memory found: searching for hooks should yield working hook codes"); +#ifndef _WIN64 + // PPSSPP 1.8.0 compiles jal to sub dword ptr [ebp+0x360],?? + memcpy(spDefault.pattern, Array{ 0x83, 0xAD, 0x60, 0x03, 0x00, 0x00 }, spDefault.length = 6); +#else + // PPSSPP 1.8.0 compiles jal to sub dword ptr [r14+0x360],?? + memcpy(spDefault.pattern, Array{ 0x41, 0x83, 0xae, 0x60, 0x03, 0x00, 0x00 }, spDefault.length = 7); +#endif + spDefault.offset = 0; + spDefault.minAddress = 0; + spDefault.maxAddress = -1ULL; + spDefault.padding = (uintptr_t)probe - 0x8000000; + spDefault.hookPostProcessor = [](HookParam& hp) + { + hp.type |= NO_CONTEXT | USING_SPLIT | SPLIT_INDIRECT; +#ifndef _WIN64 + hp.split = get_reg(regs::ebp); + hp.split_index =get_reg(regs::eax); // this is where PPSSPP 1.8.0 stores its return address stack +#else + hp.split = get_reg(regs::r14); + hp.split_index = -8; // this is where PPSSPP 1.8.0 stores its return address stack +#endif + }; + } + probe += info.RegionSize; + } + } + return found; +} +#endif +uintptr_t getDoJitAddress() +{ +#ifndef _WIN64 + auto string1 = "Jump target too far away, needs indirect register"; + auto string2 = "Jump target too far away, needs force5Bytes = true"; + auto addr1 = MemDbg::findBytes(string1, ::strlen(string1), processStartAddress, processStopAddress); + auto addr2 = MemDbg::findBytes(string2, ::strlen(string2), processStartAddress, processStopAddress); + + if (addr1 == 0 || addr2 == 0) + return 0; + // 都是被push两次,但是都是第一个 + addr1 = MemDbg::findPushAddress(addr1, processStartAddress, processStopAddress); + addr2 = MemDbg::findPushAddress(addr2, processStartAddress, processStopAddress); + if (addr1 == 0 || addr2 == 0) + return 0; + addr1 = MemDbg::findEnclosingAlignedFunction_strict(addr1, 0x100); + addr2 = MemDbg::findEnclosingAlignedFunction_strict(addr2, 0x100); + if (addr1 == 0 || addr2 == 0 || addr1 != addr2) + return 0; + auto xrefs = findxref_reverse_checkcallop(addr1, processStartAddress, processStopAddress, 0xe8); + if (xrefs.size() < 28) + return 0; + addr1 = MemDbg::findEnclosingAlignedFunction_strict(xrefs[xrefs.size() - 1 - 3], 0x400); + addr2 = MemDbg::findEnclosingAlignedFunction_strict(xrefs[xrefs.size() - 1 - 4], 0x400); + if (addr1 == 0 || addr2 == 0 || addr1 != addr2) + return 0; + return addr1; +#else + auto DoJitSig1 = "C7 83 ?? 0? 00 00 11 00 00 00 F6 83 ?? 0? 00 00 01 C7 83 ?? 0? 00 00 E4 00 00 00"; + auto first = find_pattern(DoJitSig1, processStartAddress, processStopAddress); + if (first) + { + auto beginSubSig1 = "55 41 ?? 41 ?? 41"; + auto lookbackSize = 0x400; + auto address = first - lookbackSize; + auto subs = find_pattern(beginSubSig1, address, address + lookbackSize); + if (subs) + { + return subs; + } + } + else + { + + auto DoJitSig2 = "C7 83 ?? 0? 00 00 11 00 00 00 F6 83 ?? 0? 00 00 01 ?? ?? ?? ?? ?? ?? ?? C7 83 ?? 0? 00 00 E4 00 00 00"; + first = find_pattern(DoJitSig2, processStartAddress, processStopAddress); + if (first) + { + first = MemDbg::findEnclosingAlignedFunction_strict(first, 0x400); + return first; + } + } +#endif + return 0; +} + +namespace ppsspp +{ + + bool checkiscurrentgame(const emfuncinfo &em) + { + auto wininfos = get_proc_windows(); + for (auto &&info : wininfos) + { + if (info.title.find(acastw(em._id)) != info.title.npos) + return true; + } + return false; + } + std::unordered_set breakpoints; + + inline bool IsValidAddress(const uintptr_t address) + { + if ((address & 0x3E000000) == 0x08000000) + { + return true; + } + else if ((address & 0x3F800000) == 0x04000000) + { + return true; + } + else if ((address & 0xBFFFC000) == 0x00010000) + { + return true; + } + else if ((address & 0x3F000000) >= 0x08000000) + { // && (address & 0x3F000000) < 0x08000000 + g_MemorySize) { + return true; + } + else + { + return false; + } + } + void dohookemaddr(uintptr_t em_address, uintptr_t ret) + { + jitaddraddr(em_address, ret, JITTYPE::PPSSPP); + + if (emfunctionhooks.find(em_address) == emfunctionhooks.end()) + return; + if (!(checkiscurrentgame(emfunctionhooks.at(em_address)))) + return; + + auto op = emfunctionhooks.at(em_address); + ConsoleOutput("jit function addr %p", ret); +#ifndef _WIN64 + BYTE sig[] = { + 0x8b, XX2, // mov reg,[ebp-off] + 0x8b, 0xc6, // mov eax,esi + 0x25, 0xff, 0xff, 0xff, 0x3f, // and eax,0x3fffffff + 0x89, XX, XX4, // mov [eax+base+off],reg + + }; + auto findbase = MemDbg::findBytes(sig, sizeof(sig), ret, ret + 0x20); + if (!findbase) + findbase = MemDbg::findBytes(sig, sizeof(sig), ret - 0x1000, ret + 0x1000); + if (!findbase) + ConsoleOutput("can't find emu_baseaddr"); + PPSSPP::x86_baseaddr = (*(DWORD *)(findbase + 12)) & 0xffff0000; + ConsoleOutput("x86 base addr %p", PPSSPP::x86_baseaddr); +#endif + HookParam hpinternal; + hpinternal.address = ret; + hpinternal.emu_addr = em_address; // 用于生成hcode + hpinternal.type = USING_STRING | NO_CONTEXT | BREAK_POINT | op.type; + hpinternal.text_fun = op.hookfunc; + hpinternal.filter_fun = op.filterfun; + hpinternal.argidx = op.argidx; + hpinternal.padding = op.padding; + hpinternal.jittype = JITTYPE::PPSSPP; + NewHook(hpinternal, op._id); + } + namespace + { + typedef DWORD u32; + typedef BYTE u8; + typedef WORD u16; + const int MAX_JIT_BLOCK_EXITS = 8; + namespace Memory + { + struct Opcode + { + Opcode() + { + } + + explicit Opcode(u32 v) : encoding(v) + { + } + + u32 operator&(const u32 &arg) const + { + return encoding & arg; + } + + u32 operator>>(const u32 &arg) const + { + return encoding >> arg; + } + + bool operator==(const u32 &arg) const + { + return encoding == arg; + } + + bool operator!=(const u32 &arg) const + { + return encoding != arg; + } + + u32 encoding; + }; + + } + + typedef Memory::Opcode MIPSOpcode; + + struct JitBlock + { + bool ContainsAddress(u32 em_address) const; + + const u8 *checkedEntry; // const, we have to translate to writable. + const u8 *normalEntry; + + u8 *exitPtrs[MAX_JIT_BLOCK_EXITS]; // to be able to rewrite the exit jump + u32 exitAddress[MAX_JIT_BLOCK_EXITS]; // 0xFFFFFFFF == unknown + + u32 originalAddress; + MIPSOpcode originalFirstOpcode; // to be able to restore + uint64_t compiledHash; + u16 codeSize; + u16 originalSize; + u16 blockNum; + + bool invalid; + bool linkStatus[MAX_JIT_BLOCK_EXITS]; + +#ifdef USE_VTUNE + char blockName[32]; +#endif + + // By having a pointer, we avoid a constructor/destructor being generated and dog slow + // performance in debug. + std::vector *proxyFor; + + bool IsPureProxy() const + { + return originalFirstOpcode.encoding == 0x68FF0000; + } + void SetPureProxy() + { + // Magic number that won't be a real opcode. + originalFirstOpcode.encoding = 0x68FF0000; + } + }; + } + + void unsafeoncegetJitBlockCache(hook_stack *stack) + { + +// class JitBlockCache : public JitBlockCacheDebugInterface { +//... +// JitBlock *blocks_ = nullptr; +// std::unordered_multimap proxyBlockMap_; ->64 +// int num_blocks_ = 0; +#ifdef _WIN64 + auto num_blocks_ = *(uint32_t *)(stack->rcx + 72 + 16 + 88); + auto blocks_ = (JitBlock *)*(uintptr_t *)(stack->rcx + 72 + 16 + 88 - 64 - 8); +#else + auto num_blocks_ = *(uint32_t *)(stack->ecx + 88); + auto blocks_ = (JitBlock *)*(uintptr_t *)(stack->ecx + 88 - 32 - 4); +#endif + int checkvalid = 0; + num_blocks_ -= 1; // last one is now dojiting + for (int i = 0; i < num_blocks_; i++) + { + if (IsValidAddress(blocks_[i].originalAddress) && blocks_[i].normalEntry) + checkvalid += 1; + } + if (checkvalid < num_blocks_ / 2) + return; + + for (int i = 0; i < num_blocks_; i++) + { + if (IsValidAddress(blocks_[i].originalAddress) && blocks_[i].normalEntry) + { + dohookemaddr(blocks_[i].originalAddress, (uintptr_t)blocks_[i].normalEntry); + delayinsertNewHook(blocks_[i].originalAddress); + } + } + + return; + } + bool oncegetJitBlockCache(hook_stack *stack) + { + // 在游戏中途hook,获取已compiled jit + // 虽然只有在每次进行jit时才会触发,不过测试后续触发的也挺频繁的。 + __try + { + unsafeoncegetJitBlockCache(stack); + } + __except (EXCEPTION_EXECUTE_HANDLER) + { + } + return true; + } + bool hookPPSSPPDoJit() + { + auto DoJitPtr = getDoJitAddress(); + if (DoJitPtr == 0) + return false; + spDefault.jittype = JITTYPE::PPSSPP; + spDefault.minAddress = 0; + spDefault.maxAddress = -1; + HookParam hp; + hp.address = DoJitPtr; // Jit::DoJit + ConsoleOutput("DoJitPtr %p", DoJitPtr); + hp.user_value = (uintptr_t) new uintptr_t; + hp.text_fun = [](hook_stack *stack, HookParam *hp, auto*, auto *) + { + static auto once1 = oncegetJitBlockCache(stack); + auto em_address = stack->THISCALLARG1; + + *(uintptr_t *)(hp->user_value) = em_address; + + HookParam hpinternal; + hpinternal.user_value = hp->user_value; + hpinternal.address = stack->retaddr; + hpinternal.text_fun = [](hook_stack *stack, HookParam *hp, auto*, auto *) + { + auto em_address = *(uintptr_t *)(hp->user_value); + if (!IsValidAddress(em_address)) + return; + [&]() + { + auto ret = stack->LASTRETVAL; + if (breakpoints.find(ret) != breakpoints.end()) + return; + breakpoints.insert(ret); + + dohookemaddr(em_address, ret); + }(); + delayinsertNewHook(em_address); + }; + static auto once = NewHook(hpinternal, "DoJitPtrRet"); + }; + + return NewHook(hp, "PPSSPPDoJit"); + } +} +namespace +{ + // ULJS00035 ULJS00149 流行り神 + void *findGetPointer() + { + char GetPointer[] = "Unknown GetPointer %08x PC %08x LR %08x"; + auto addr = MemDbg::findBytes(GetPointer, sizeof(GetPointer), processStartAddress, processStopAddress); + if (!addr) + return nullptr; + addr = findleapushaddr(addr); + return (void *)addr; + } + bool Replace_memcpy() + { + // static int Replace_memcpy() { + // u32 destPtr = PARAM(0); + // u32 srcPtr = PARAM(1); + // u32 bytes = PARAM(2); + static auto GetPointer = (void*(*)(uintptr_t))findGetPointer(); + if (!GetPointer) + return false; + ConsoleOutput("GetPointer %p", GetPointer); + char ReplaceMemcpy_VideoDecodeRange[] = "ReplaceMemcpy/VideoDecodeRange"; + auto addr = MemDbg::findBytes(ReplaceMemcpy_VideoDecodeRange, sizeof(ReplaceMemcpy_VideoDecodeRange), processStartAddress, processStopAddress); + if (!addr) + return false; + ConsoleOutput("ReplaceMemcpy/VideoDecodeRange %p", addr); +#ifndef _WIN64 + BYTE sig[] = {0xb9, XX4}; + *(uintptr_t *)(sig + 1) = addr; + bool succ = false; + for (auto addr : Util::SearchMemory(sig, sizeof(sig), PAGE_EXECUTE, processStartAddress, processStopAddress)) + { + BYTE sig1[] = { + 0x55, 0x8b, 0xec, + 0x81, 0xec, XX4, + 0x8b, 0x0d, XX4}; + addr = reverseFindBytes(sig1, sizeof(sig1), addr - 0x200, addr); + if (!addr) + continue; + DWORD off_106D180 = *(DWORD *)(addr + sizeof(sig1) - 4); + HookParam hp; + hp.user_value = *(DWORD *)off_106D180; +#else + bool succ = false; + for (auto addr : MemDbg::findleaaddr_all(addr, processStartAddress, processStopAddress)) + { + BYTE sig1[] = { + 0x48, 0x89, XX, 0x24, 0x18, + 0x48, 0x89, XX, 0x24, 0x20, + 0x57, + 0x48, 0x81, 0xec, XX4, + 0x48, 0x8b, XX, XX4}; + addr = reverseFindBytes(sig1, sizeof(sig1), addr - 0x200, addr); + if (!addr) + continue; + DWORD off_140F4C810 = *(DWORD *)(addr + sizeof(sig1) - 4); + HookParam hp; + hp.user_value = *(uintptr_t *)(off_140F4C810 + addr + sizeof(sig1)); +#endif + hp.address = addr; + hp.text_fun = [](hook_stack *stack, HookParam *hp, auto* buff, auto *split) + { + auto bytes = *((DWORD *)hp->user_value + 6); + auto srcPtr = GetPointer(*((DWORD *)hp->user_value + 5)); + + if (!IsDBCSLeadByteEx(932, *(BYTE *)srcPtr)) + return; + if (bytes != 2) + return; + if (bytes != strnlen((char *)srcPtr, TEXT_BUFFER_SIZE)) + return; + buff->from(srcPtr, bytes); + }; + succ |= NewHook(hp, "Replace_memcpy"); + } + return succ; + } +} +bool InsertPPSSPPcommonhooks() +{ + + auto succ = ppsspp::hookPPSSPPDoJit(); + succ |= InsertPPSSPPHLEHooks(); + succ |= Replace_memcpy(); + return succ; +} \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engines/ppsspp/psputils.hpp b/cpp/LunaHook/LunaHook/engines/ppsspp/psputils.hpp new file mode 100644 index 00000000..6cd6630f --- /dev/null +++ b/cpp/LunaHook/LunaHook/engines/ppsspp/psputils.hpp @@ -0,0 +1,61 @@ +#ifndef __LUNA_PSPUILTS_H +#define __LUNA_PSPUILTS_H +namespace ppsspp +{ + + struct emfuncinfo + { + uint64_t type; + int argidx; + int padding; + decltype(HookParam::text_fun) hookfunc; + decltype(HookParam::filter_fun) filterfun; + const char *_id; + }; + +} + +bool InsertPPSSPPcommonhooks(); + +#ifndef _WIN64 +namespace +{ + int PPSSPP_VERSION[4] = {0, 9, 8, 0}; // 0.9.8 by default + + enum : DWORD + { + PPSSPP_MEMORY_SEARCH_STEP_98 = 0x01000000, + PPSSPP_MEMORY_SEARCH_STEP_99 = 0x00050000 + //, step = 0x1000 // step must be at least 0x1000 (offset in SearchPattern) + //, step = 0x00010000 // crash otoboku PSP on 0.9.9 since 5pb is wrongly inserted + }; + + ULONG SafeMatchBytesInPSPMemory(LPCVOID pattern, DWORD patternSize, DWORD start = MemDbg::MappedMemoryStartAddress, DWORD stop = MemDbg::MemoryStopAddress) + { + + ULONG step = PPSSPP_VERSION[1] == 9 && PPSSPP_VERSION[2] == 8 ? PPSSPP_MEMORY_SEARCH_STEP_98 : PPSSPP_MEMORY_SEARCH_STEP_99; + return _SafeMatchBytesInMappedMemory(pattern, patternSize, XX, start, stop, step); + } + + ULONG SafeMatchBytesInPS2Memory(LPCVOID pattern, DWORD patternSize) + { + // PCSX2 memory range + // ds: begin from 0x20000000 + // cs: begin from 0x30000000 + enum : ULONG + { + // start = MemDbg::MappedMemoryStartAddress // 0x01000000 + start = 0x30000000 // larger than PSP to skip the garbage memory + , + stop = 0x40000000 // larger than PSP as PS2 has larger memory + , + step = 0x00010000 // smaller than PPS + //, step = 0x00050000 // the same as PPS + //, step = 0x1000 // step must be at least 0x1000 (offset in SearchPattern) + }; + return _SafeMatchBytesInMappedMemory(pattern, patternSize, XX, start, stop, step); + } +} +#endif + +#endif \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engines/ppsspp/specialgames.hpp b/cpp/LunaHook/LunaHook/engines/ppsspp/specialgames.hpp new file mode 100644 index 00000000..d168e4fb --- /dev/null +++ b/cpp/LunaHook/LunaHook/engines/ppsspp/specialgames.hpp @@ -0,0 +1,436 @@ +#include +#include "emujitarg.hpp" + +namespace ppsspp +{ + bool ULJS00403_filter(void *data, size_t *len, HookParam *hp) + { + std::string result = std::string((char *)data, *len); + std::regex newlinePattern(R"((\\n)+)"); + result = std::regex_replace(result, newlinePattern, " "); + std::regex pattern(R"((\\d$|^\@[a-z]+|#.*?#|\$))"); + result = std::regex_replace(result, pattern, ""); + return write_string_overwrite(data, len, result); + } + + void ULJS00339(hook_stack *stack, HookParam *hp, TextBuffer *buffer, uintptr_t *split) + { + auto a2 = PPSSPP::emu_arg(stack)[0]; + + auto vm = *(DWORD *)(a2 + (0x28)); + vm = *(DWORD *)PPSSPP::emu_addr(stack, vm); + vm = *(DWORD *)PPSSPP::emu_addr(stack, vm + 8); + uintptr_t address = PPSSPP::emu_addr(stack, vm); + auto len1 = *(DWORD *)(address + 4); + auto p = address + 0x20; + if (len1 > 4 && *(WORD *)(p + 2) == 0) + { + auto p1 = *(DWORD *)(address + 8); + vm = *(DWORD *)PPSSPP::emu_addr(stack, vm); + vm = *(DWORD *)PPSSPP::emu_addr(stack, vm + 0xC); + p = PPSSPP::emu_addr(stack, vm); + } + static int fm = 0; + static std::string pre; + auto b = fm; + auto s = [](uintptr_t address) + { + auto frist = *(WORD *)address; + auto lo = frist & 0xFF; // uppercase: 41->5A + auto hi = frist >> 8; + if (hi == 0 && (lo > 0x5a || lo < 0x41) /* T,W,? */) + { + return std::string(); + } + std::string s; + int i = 0; + WORD c; + char buf[3] = {0}; + while ((c = *(WORD *)(address + i)) != 0) + { + // reverse endian: ShiftJIS BE => LE + buf[0] = c >> 8; + buf[1] = c & 0xFF; + + if (c == 0x815e /* / */) + { + s += ' '; // single line + } + else if (buf[0] == 0) + { + //// UTF16 LE turned BE: 5700=>0057, 3100, 3500 + //// 4e00 6d00=>PLAYER + // do nothing + if (buf[1] == 0x4e) + { + s += "PLAYER"; + fm++; + } + } + else + { + s += buf; + } + i += 2; + } + return s; + }(p); + if (b > 0) + { + fm--; + return; + } + if (s == pre) + return; + pre = s; + buffer->from(s); + } + + bool NPJH50909_filter(void *data, size_t *len, HookParam *hp) + { + std::string result = std::string((char *)data, *len); + auto ws = StringToWideString(result, 932).value(); + // Remove single line markers + ws = std::regex_replace(ws, std::wregex(L"(\\%N)+"), L" "); + + // Remove scale marker + ws = std::regex_replace(ws, std::wregex(L"\\%\\@\\%\\d+"), L""); + + // Reformat name + std::wsmatch match; + if (std::regex_search(ws, match, std::wregex(L"(^[^「]+)「"))) + { + std::wstring name = match[1].str(); + ws = std::regex_replace(ws, std::wregex(L"^[^「]+"), L""); + ws = name + L"\n" + ws; + } + return write_string_overwrite(data, len, WideStringToString(ws, 932)); + } + + bool ULJM06119_filter(void *data, size_t *len, HookParam *hp) + { + std::string s = std::string((char *)data, *len); + + std::regex pattern(R"(/\[[^\]]+./g)"); + s = std::regex_replace(s, pattern, ""); + + std::regex tagPattern(R"(/\\k|\\x|%C|%B)"); + s = std::regex_replace(s, tagPattern, ""); + + std::regex colorPattern(R"(/\%\d+\#[0-9a-fA-F]*\;)"); + s = std::regex_replace(s, colorPattern, ""); + + std::regex newlinePattern(R"(/\n+)"); + s = std::regex_replace(s, newlinePattern, " "); + return write_string_overwrite(data, len, s); + } + + bool ULJM06036_filter(void *data, size_t *len, HookParam *hp) + { + std::wstring result = std::wstring((wchar_t *)data, *len / 2); + std::wregex pattern(LR"(]+).>)"); + result = std::regex_replace(result, pattern, L"$2"); + std::wregex tagPattern(LR"(<[A-Z]+>)"); + result = std::regex_replace(result, tagPattern, L""); + return write_string_overwrite(data, len, result); + } + + namespace Corda + { + std::string readBinaryString(uintptr_t address, bool *haveName) + { + *haveName = false; + if ((*(WORD *)address & 0xF0FF) == 0x801b) + { + *haveName = true; + address = address + 2; // (1) + } + std::string s; + int i = 0; + uint8_t c; + while ((c = *(uint8_t *)(address + i)) != 0) + { + if (c == 0x1b) + { + if (*haveName) + return s; // (1) skip junk after name + + c = *(uint8_t *)(address + (i + 1)); + if (c == 0x7f) + i += 5; + else + i += 2; + } + else if (c == 0x0a) + { + s += '\n'; + i += 1; + } + else if (c == 0x20) + { + s += ' '; + i += 1; + } + else + { + auto len = 1 + (IsDBCSLeadByteEx(932, *(BYTE *)(address + i))); + s += std::string((char *)(address + i), len); + i += len; // encoder.encode(c).byteLength; + } + } + return s; + } + } + + void ULJM05428(hook_stack *stack, HookParam *hp, TextBuffer *buffer, uintptr_t *split) + { + auto address = PPSSPP::emu_arg(stack)[1]; + bool haveNamve; + auto s = Corda::readBinaryString(address, &haveNamve); + *split = haveNamve; + buffer->from(s); + } + void ULJM05054(hook_stack *stack, HookParam *hp, TextBuffer *buffer, uintptr_t *split) + { + auto address = PPSSPP::emu_arg(stack)[1]; + bool haveNamve; + auto s = Corda::readBinaryString(address, &haveNamve); + *split = haveNamve; + buffer->from(s); + } + + bool ULJM05943F(void *data, size_t *len, HookParam *hp) + { + auto s = std::string((char *)data, *len); + strReplace(s, "#n", ""); + s = std::regex_replace(s, std::regex("#[A-Za-z]+\\[(\\d*\\.)?\\d+\\]+"), ""); + return write_string_overwrite(data, len, s); + } + + bool FULJM05603(LPVOID data, size_t *size, HookParam *) + { + auto text = reinterpret_cast(data); + auto len = reinterpret_cast(size); + + StringCharReplacer(text, len, "%N", 2, ' '); + StringFilter(text, len, "%K", 2); + StringFilter(text, len, "%P", 2); + + return true; + } + + void ULJM05810(hook_stack *stack, HookParam *hp, TextBuffer *buffer, uintptr_t *split) + { + auto data=PPSSPP::emu_arg(stack)[0]+0x0f; + data = data + 400; + std::string s; + while (true) + { + std::string sub = (char *)data; + s += sub; + data += sub.size() + 1; + if (!*(char *)data) + break; + } + strReplace(s, "\n", ""); + buffer->from(s); + } + namespace NPJH50530 + { + std::string current; + bool T(LPVOID data, size_t *size, HookParam *) + { + current = std::string((char *)data, *size); + return true; + } + bool N(LPVOID data, size_t *size, HookParam *) + { + auto current1 = std::string((char *)data, *size); + return current != current1; + } + } + bool FNPJH50243(LPVOID data, size_t *size, HookParam *) + { + auto s = std::wstring((wchar_t *)data, *size / 2); + s = std::regex_replace(s, std::wregex(LR"(<(.*?)\|(.*?)>)"), L"$1"); + return write_string_overwrite(data, size, s); + } + bool FNPJH50459(void *data, size_t *len, HookParam *hp) + { + auto s = std::string((char *)data, *len); + s = std::regex_replace(s, std::regex(R"(#SCL\((.*?)\)(.*?)#ECL)"), "$2"); + strReplace(s, "\n\r\n", "\n"); + return write_string_overwrite(data, len, s); + } + bool FNPJH50127(void *data, size_t *len, HookParam *hp) + { + StringCharReplacer((char *)data, len, "\\n", 2, '\n'); + return true; + } + bool ULJM06145(void *data, size_t *len, HookParam *hp) + { + auto s = std::string((char *)data, *len); + s = std::regex_replace(s, std::regex(R"(#Ruby\[(.*?),(.*?)\])"), "$1"); + s = std::regex_replace(s, std::regex("#[A-Za-z]+\\[(\\d*\\.)?\\d+\\]+"), ""); + strReplace(s, "#n", ""); + strReplace(s, "\x84\xbd", "!?"); + return write_string_overwrite(data, len, s); + } + bool FULJM05690(void *data, size_t *len, HookParam *hp) + { + auto s = std::string((char *)data, *len); + s = std::regex_replace(s, std::regex(R"(#Kana\[(.*?),(.*?)\])"), "$1"); + strReplace(s, "#n", ""); + return write_string_overwrite(data, len, s); + } + bool FULJM05889(LPVOID data, size_t *size, HookParam *) + { + auto text = reinterpret_cast(data); + auto len = reinterpret_cast(size); + for (size_t i = 0; i < *len;) + { + if (IsDBCSLeadByteEx(932, (text[i]))) + { + i += 2; + continue; + } + if (text[i] == '^') + text[i] = '\n'; + + i += 1; + } + return true; + } + + bool NPJH50619F(void *data, size_t *len, HookParam *hp) + { + auto s = std::string((char *)data, *len); + std::regex pattern1("[\\r\\n]+"); + std::string replacement1 = ""; + std::string result1 = std::regex_replace(s, pattern1, replacement1); + std::regex pattern2("^(.*?)\\)+"); + std::string replacement2 = ""; + std::string result2 = std::regex_replace(result1, pattern2, replacement2); + std::regex pattern3("#ECL+"); + std::string replacement3 = ""; + std::string result3 = std::regex_replace(result2, pattern3, replacement3); + std::regex pattern4("(#.+?\\))+"); + std::string replacement4 = ""; + std::string result4 = std::regex_replace(result3, pattern4, replacement4); + return write_string_overwrite(data, len, result4); + } + + bool NPJH50505F(void *data, size_t *len, HookParam *hp) + { + auto s = std::string((char *)data, *len); + + std::regex pattern2("#RUBS(#[A-Z0-9]+)*[^#]+"); + std::string replacement2 = ""; + std::string result2 = std::regex_replace(s, pattern2, replacement2); + + std::regex pattern3("#FAMILY"); + std::string replacement3 = "$FAMILY"; + std::string result3 = std::regex_replace(result2, pattern3, replacement3); + + std::regex pattern4("#GIVE"); + std::string replacement4 = "$GIVE"; + std::string result4 = std::regex_replace(result3, pattern4, replacement4); + + std::regex pattern5("(#[A-Z0-9\\-]+)+"); + std::string replacement5 = ""; + std::string result5 = std::regex_replace(result4, pattern5, replacement5); + + std::regex pattern6("\\n+"); + std::string replacement6 = " "; + std::string result6 = std::regex_replace(result5, pattern6, replacement6); + + return write_string_overwrite(data, len, result6); + } + + void QNPJH50909(hook_stack *stack, HookParam *hp, TextBuffer *buffer, uintptr_t *split) + { + auto data=PPSSPP::emu_arg(stack)[0]; + uintptr_t addr = PPSSPP::emu_addr(stack, 0x08975110); + if (0x6e87 == *(WORD *)data) + return; + if (0x000a == *(WORD *)data) + return; + buffer->from(addr + 0x20,*(DWORD *)(addr + 0x14) * 2 ); + } + std::unordered_map emfunctionhooks = { + // Shinigami to Shoujo + {0x883bf34, {0, 1, 0, 0, ULJS00403_filter, "ULJS00403"}}, + // Amagami + {0x0886775c, {0, 0, 0, ULJS00339, 0, "ULJS00339"}}, // String.length() + // Sekai de Ichiban Dame na Koi + {0x8814adc, {0, 0, 0, 0, NPJH50909_filter, "ULJM05878"}}, // name + dialouge + {0x8850b2c, {0, 0, 0, 0, NPJH50909_filter, "ULJM05878"}}, // onscreen toast + // Dunamis15 + {0x0891D72C, {CODEC_UTF8, 0, 0, 0, ULJM06119_filter, "ULJM06119"}}, + // Princess Evangile Portable + {0x88506d0, {CODEC_UTF16, 2, 0, 0, ULJM06036_filter, "ULJM06036"}}, // [0x88506d0(2)...0x088507C0(?)] // name text text (line doubled) + // Kin'iro no Corda 2f + {0x89b59dc, {0, 0, 0, ULJM05428, 0, "ULJM05428"}}, + // Kin'iro no Corda + {0x886162c, {0, 0, 0, ULJM05054, 0, "ULJM05054"}}, // dialogue: 0x886162c (x1), 0x889d5fc-0x889d520(a2) fullLine + {0x8899e90, {0, 0, 0x3c, 0, 0, "ULJM05054"}}, // name 0x88da57c, 0x8899ca4 (x0, oneTime), 0x8899e90 + // Sol Trigger + {0x8952cfc, {CODEC_UTF8, 0, 0, 0, NPJH50619F, "NPJH50619"}}, // dialog + {0x884aad4, {CODEC_UTF8, 0, 0, 0, NPJH50619F, "NPJH50619"}}, // description + {0x882e1b0, {CODEC_UTF8, 0, 0, 0, NPJH50619F, "NPJH50619"}}, // system + {0x88bb108, {CODEC_UTF8, 2, 0, 0, NPJH50619F, "NPJH50619"}}, // battle tutorial + {0x89526a0, {CODEC_UTF8, 0, 0, 0, NPJH50619F, "NPJH50619"}}, // battle info + {0x88bcef8, {CODEC_UTF8, 1, 0, 0, NPJH50619F, "NPJH50619"}}, // battle talk + // Fate/EXTRA CCC + {0x8958490, {0, 0, 0, 0, NPJH50505F, "NPJH50505"}}, + // Kamigami no Asobi InFinite + {0x088630f8, {0, 0, 0, QNPJH50909, 0, "NPJH50909"}}, // text, choice (debounce trailing 400ms), TODO: better hook + {0x0887813c, {0, 3, 4, 0, 0, "NPJH50909"}}, // Question YN + // Gekka Ryouran Romance + {0x88eeba4, {0, 0, 0, 0, ULJM05943F, "ULJM05943"}}, // a0 - monologue text + {0x8875e0c, {0, 1, 6, 0, ULJM05943F, "ULJM05943"}}, // a1 - dialogue text + // My Merry May with be + {0x886F014, {0, 3, 0, 0, FULJM05603, "ULJM05603"}}, + // Corpse Party -The Anthology- Sachiko no Ren'ai Yuugi ♥ Hysteric Birthday 2U - Regular Edition + {0x88517C8, {0, 1, 0, 0, FULJM05603, "ULJM06114"}}, + // Himawari_no_Kyoukai_to_Nagai_Natsuyasumi_Extra_Vacation_JPN_PSP-MOEMOE + {0x881c444, {FULL_STRING, 0, 0, 0, 0, "ULJM06321"}}, // name+text,sjit,FULL_STRING to split name and text + // ましろ色シンフォニー *mutsu-no-hana + {0x8868AB8, {0, 0, 0, 0, FULJM05889, "ULJM05889"}}, + // シャイニング・ブレイド + {0x8AA3B70, {0, 0xC, 0, 0, NPJH50530::T, "NPJH50530"}}, // text only + {0x884DB44, {0, 1, 0, 0, NPJH50530::N, "NPJH50530"}}, // text+name + // ティアーズ・トゥ・ティアラ 外伝 アヴァロンの謎 PORTABLE + {0x890A4BC, {CODEC_UTF16, 1, 0, 0, FNPJH50243, "NPJH50243"}}, + // 薔薇ノ木ニ薔薇ノ花咲ク + {0x881E560, {0, 1, 0, 0, 0, "ULJM05802"}}, + // D.C. Girl's Symphony Pocket ~ダ・カーポ~ ガールズシンフォニーポケット + {0x883C77C, {0, 0, 0, 0, FULJM05690, "ULJM05690"}}, + // Ever17 -the out of infinity- Premium Edition + {0x881AD64, {0, 0xd, 0, 0, 0, "ULJM05437"}}, + // 12時の鐘とシンデレラ~Halloween Wedding~ + {0x882A650, {0, 1, 0, 0, 0, "ULJM06023"}}, + // 0時の鐘とシンデレラ~Halloween Wedding~ (instance: 2) + {0x8855CA0, {0, 1, 0, 0, 0, "ULJM06272"}}, + // セブンスドラゴン2020 + {0x88847A0, {CODEC_UTF8, 1, 0, 0, FNPJH50459, "NPJH50459"}}, + // セブンスドラゴン2020-Ⅱ + {0x8889CCC, {CODEC_UTF8, 1, 0, 0, FNPJH50459, "NPJH50716"}}, // 会有两三条后续文本都被一次性提取到。 + // マイナスエイト + {0x88DC218, {0, 0, 0, 0, FULJM05690, "ULJM06341"}}, + // Tokimeki Memorial 4 + {0x899a510, {0, 2, 0, 0, FNPJH50127, "NPJH50127"}}, + {0x88719dc, {0, 1, 0, 0, FNPJH50127, "NPJH50127"}}, + // オメルタ~沈黙の掟~ THE LEGACY + {0x88861C8, {0, 3, 0, 0, 0, "ULJM06393"}}, + // L.G.S~新説 封神演義~ + {0x888A358, {0, 0, 0, 0, ULJM05943F, "ULJM06131"}}, // NAME+TEXT + {0x88DB214, {0, 0, 0, 0, ULJM05943F, "ULJM06131"}}, // TEXT + {0x889E970, {0, 0, 0, 0, ULJM05943F, "ULJM06131"}}, // NAME + // 源狼 GENROH + {0x8940DA8, {0, 1, 0, 0, ULJM06145, "ULJM06145"}}, // TEXT + // 遙かなる時空の中で4 愛蔵版 + {0x8955CE0, {0, 0, 0, ULJM05810, 0, " ULJM05810"}}, + }; + +} \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engines/python/Renpy.h b/cpp/LunaHook/LunaHook/engines/python/Renpy.h new file mode 100644 index 00000000..df85c83b --- /dev/null +++ b/cpp/LunaHook/LunaHook/engines/python/Renpy.h @@ -0,0 +1,22 @@ + +#include"python/python.h" + +class Renpy:public ENGINE{ + public: + Renpy(){ + //使用lunatranslator启动游戏,会把cwd修改成exe所在目录,其中没有.py + check_by=CHECK_BY::ALL_TRUE; + // check_by=CHECK_BY::CUSTOM; + // check_by_target=[](){ + // //Renpy - sample game https://vndb.org/v19843 + // return Util::CheckFile(L"*.py")|| GetModuleHandleW(L"librenpython.dll"); + // }; + }; + bool attach_function(){ + #ifndef _WIN64 + return InsertRenpyHook(); + #else + return InsertRenpyHook()||InsertRenpy3Hook(); + #endif + } +}; diff --git a/cpp/LunaHook/LunaHook/engines/python/python.cpp b/cpp/LunaHook/LunaHook/engines/python/python.cpp new file mode 100644 index 00000000..de6bed73 --- /dev/null +++ b/cpp/LunaHook/LunaHook/engines/python/python.cpp @@ -0,0 +1,304 @@ +#include "python.h" +#include +extern "C" __declspec(dllexport) const wchar_t *internal_renpy_call_host(const wchar_t *text, int split) +{ + return text; +} +bool Luna_checkisusingembed(uint64_t address, uint64_t ctx2, bool usingsplit) +{ + auto sm = commonsharedmem; + if (!sm) + return false; + for (int i = 0; i < ARRAYSIZE(sm->embedtps); i++) + { + if (sm->embedtps[i].use) + { + if (!usingsplit) + return true; + if ((sm->embedtps[i].tp.addr == address) && (sm->embedtps[i].tp.ctx2 == ctx2)) + return true; + } + } + return false; +} +extern "C" __declspec(dllexport) bool internal_renpy_call_is_embed_using(int split, bool usingsplit) +{ + return Luna_checkisusingembed((uint64_t)internal_renpy_call_host, split, usingsplit); +} +namespace +{ + + typedef enum + { + PyGILState_LOCKED, + PyGILState_UNLOCKED + } PyGILState_STATE; + typedef PyGILState_STATE (*PyGILState_Ensure_t)(void); + typedef void (*PyGILState_Release_t)(PyGILState_STATE); + typedef int (*PyRun_SimpleString_t)(const char *command); + + PyRun_SimpleString_t PyRun_SimpleString; + PyGILState_Release_t PyGILState_Release; + PyGILState_Ensure_t PyGILState_Ensure; + + bool LoadPyRun(HMODULE module) + { + PyGILState_Ensure = (PyGILState_Ensure_t)GetProcAddress(module, "PyGILState_Ensure"); + PyGILState_Release = (PyGILState_Release_t)GetProcAddress(module, "PyGILState_Release"); + PyRun_SimpleString = (PyRun_SimpleString_t)GetProcAddress(module, "PyRun_SimpleString"); + return PyGILState_Ensure && PyGILState_Release && PyRun_SimpleString; + } + + void PyRunScript(const char *script) + { + if (!(PyGILState_Ensure && PyGILState_Release && PyRun_SimpleString)) + return; + + auto state = PyGILState_Ensure(); + PyRun_SimpleString(script); + PyGILState_Release(state); + } + + void hook_internal_renpy_call_host() + { + HookParam hp_internal; + hp_internal.address = (uintptr_t)internal_renpy_call_host; + hp_internal.offset = GETARG1; + hp_internal.split = GETARG2; + hp_internal.type = USING_SPLIT | USING_STRING | CODEC_UTF16 | EMBED_ABLE | EMBED_AFTER_NEW | NO_CONTEXT; + NewHook(hp_internal, "internal_renpy_call_host"); + PyRunScript(LoadResData(L"renpy_hook_text", L"PYSOURCE").c_str()); + } + + typedef BOOL(WINAPI *PGFRI)(LPCWSTR, LPDWORD, LPVOID, DWORD); +#define QFR_LOGFONT (2) +#define LOADFONTTHREADNUM 4 + std::unordered_map loadfontfiles() + { + + PWSTR localAppDataPath; + HRESULT result = SHGetKnownFolderPath(FOLDERID_LocalAppData, 0, NULL, &localAppDataPath); + std::unordered_map fnts; + + std::vector collectfile; + for (auto fontdir : {std::wstring(LR"(C:\Windows\Fonts)"), std::wstring(localAppDataPath) + LR"(\Microsoft\Windows\Fonts)"}) + { + if (!std::filesystem::exists(fontdir)) + continue; + for (auto entry : std::filesystem::directory_iterator(fontdir)) + { + collectfile.emplace_back(entry.path()); + } + } + std::vector ts; + std::vector fntss(LOADFONTTHREADNUM); + auto singletask = [&](int i) + { + HINSTANCE hGdi32 = GetModuleHandleA("gdi32.dll"); + if (hGdi32 == 0) + return; + PGFRI GetFontResourceInfo = (PGFRI)GetProcAddress(hGdi32, "GetFontResourceInfoW"); + for (auto j = i; j < collectfile.size(); j += LOADFONTTHREADNUM) + { + auto fontfile = collectfile[j]; + DWORD dwFontsLoaded = AddFontResourceExW(fontfile.c_str(), FR_PRIVATE, 0); + if (dwFontsLoaded == 0) + { + continue; + } + + auto lpLogfonts = std::make_unique(dwFontsLoaded); + DWORD cbBuffer = dwFontsLoaded * sizeof(LOGFONTW); + auto succ = GetFontResourceInfo(fontfile.c_str(), &cbBuffer, lpLogfonts.get(), QFR_LOGFONT); + RemoveFontResourceExW(fontfile.c_str(), FR_PRIVATE, 0); + if (!succ) + continue; + for (int k = 0; k < dwFontsLoaded; k++) + fntss[i].insert(std::make_pair(lpLogfonts[k].lfFaceName, fontfile)); + } + }; + for (int i = 0; i < LOADFONTTHREADNUM; i++) + { + ts.emplace_back(std::thread(singletask, i)); + } + for (int i = 0; i < LOADFONTTHREADNUM; i++) + ts[i].join(); + for (int i = 0; i < LOADFONTTHREADNUM; i++) + { + for (auto p : fntss[i]) + fnts.insert(std::move(p)); + } + return fnts; + } + + // https://stackoverflow.com/questions/16769758/get-a-font-filename-based-on-the-font-handle-hfont + HRESULT(*fnDWriteCreateFactory) + ( + _In_ DWRITE_FACTORY_TYPE factoryType, + _In_ REFIID iid, + _COM_Outptr_ IUnknown **factory); + std::list get_fonts_path(LPCWSTR family_name, BOOL is_bold, BOOL is_italic, BYTE charset) + { + std::list fonts_filename_list; + HRESULT hr; + + IDWriteFactory *dwrite_factory; + hr = fnDWriteCreateFactory(DWRITE_FACTORY_TYPE_ISOLATED, __uuidof(IDWriteFactory), reinterpret_cast(&dwrite_factory)); + if (FAILED(hr)) + { + return fonts_filename_list; + } + + IDWriteGdiInterop *gdi_interop; + hr = dwrite_factory->GetGdiInterop(&gdi_interop); + if (FAILED(hr)) + { + dwrite_factory->Release(); + return fonts_filename_list; + } + + LOGFONT lf; + memset(&lf, 0, sizeof(lf)); + wcscpy_s(lf.lfFaceName, LF_FACESIZE, family_name); + lf.lfWeight = is_bold ? FW_BOLD : FW_REGULAR; // TODO Change with the real ass weight + lf.lfItalic = is_italic; + lf.lfCharSet = charset; + lf.lfOutPrecision = OUT_TT_PRECIS; + lf.lfClipPrecision = CLIP_DEFAULT_PRECIS; + lf.lfQuality = ANTIALIASED_QUALITY; + lf.lfPitchAndFamily = DEFAULT_PITCH | FF_DONTCARE; + + HFONT hFont = CreateFontIndirect(&lf); + HDC hdc = CreateCompatibleDC(NULL); + HFONT hOldFont = SelectFont(hdc, hFont); + + IDWriteFontFace *font_face; + hr = gdi_interop->CreateFontFaceFromHdc(hdc, &font_face); + if (FAILED(hr)) + { + gdi_interop->Release(); + dwrite_factory->Release(); + return fonts_filename_list; + } + + UINT file_count; + hr = font_face->GetFiles(&file_count, NULL); + if (FAILED(hr)) + { + font_face->Release(); + gdi_interop->Release(); + dwrite_factory->Release(); + return fonts_filename_list; + } + + IDWriteFontFile **font_files = new IDWriteFontFile *[file_count]; + hr = font_face->GetFiles(&file_count, font_files); + if (FAILED(hr)) + { + font_face->Release(); + gdi_interop->Release(); + dwrite_factory->Release(); + return fonts_filename_list; + } + + for (int i = 0; i < file_count; i++) + { + LPCVOID font_file_reference_key; + UINT font_file_reference_key_size; + hr = font_files[i]->GetReferenceKey(&font_file_reference_key, &font_file_reference_key_size); + if (FAILED(hr)) + { + font_files[i]->Release(); + continue; + } + + IDWriteFontFileLoader *loader; + hr = font_files[i]->GetLoader(&loader); + if (FAILED(hr)) + { + font_files[i]->Release(); + continue; + } + + IDWriteLocalFontFileLoader *local_loader; + hr = loader->QueryInterface(__uuidof(IDWriteLocalFontFileLoader), (void **)&local_loader); + if (FAILED(hr)) + { + loader->Release(); + font_files[i]->Release(); + continue; + } + + UINT32 path_length; + hr = local_loader->GetFilePathLengthFromKey(font_file_reference_key, font_file_reference_key_size, &path_length); + if (FAILED(hr)) + { + local_loader->Release(); + loader->Release(); + font_files[i]->Release(); + continue; + } + + WCHAR *path = new WCHAR[path_length + 1]; + hr = local_loader->GetFilePathFromKey(font_file_reference_key, font_file_reference_key_size, path, path_length + 1); + if (FAILED(hr)) + { + local_loader->Release(); + loader->Release(); + font_files[i]->Release(); + continue; + } + + fonts_filename_list.push_back(path); + + local_loader->Release(); + loader->Release(); + font_files[i]->Release(); + } + + font_face->Release(); + gdi_interop->Release(); + SelectObject(hdc, hOldFont); + ReleaseDC(NULL, hdc); + DeleteObject(hFont); + + dwrite_factory->Release(); + + return fonts_filename_list; + } + +} +extern "C" __declspec(dllexport) const wchar_t *internal_renpy_get_font() +{ + if (wcslen(commonsharedmem->fontFamily) == 0) + return NULL; + + fnDWriteCreateFactory = (decltype(fnDWriteCreateFactory))GetProcAddress(LoadLibrary(L"Dwrite.dll"), "DWriteCreateFactory"); + if (fnDWriteCreateFactory) + { + auto fonts_filename_list = get_fonts_path(commonsharedmem->fontFamily, false, false, DEFAULT_CHARSET); + if (fonts_filename_list.size() == 0) + return NULL; + return *fonts_filename_list.begin(); + } + else + { + static auto fontname2fontfile = std::move(loadfontfiles()); + if (fontname2fontfile.find(commonsharedmem->fontFamily) == fontname2fontfile.end()) + return NULL; + else + return fontname2fontfile.at(commonsharedmem->fontFamily).c_str(); + } +} +bool hookrenpy(HMODULE module) +{ + if (!LoadPyRun(module)) + return false; + patch_fun = []() + { + PyRunScript(LoadResData(L"renpy_hook_font", L"PYSOURCE").c_str()); + }; + hook_internal_renpy_call_host(); + dont_detach = true; + return true; +} \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engines/python/python.h b/cpp/LunaHook/LunaHook/engines/python/python.h new file mode 100644 index 00000000..d8862c62 --- /dev/null +++ b/cpp/LunaHook/LunaHook/engines/python/python.h @@ -0,0 +1,7 @@ + + +bool InsertRenpy3Hook(); +bool InsertRenpyHook(); + + +bool hookrenpy(HMODULE module); diff --git a/cpp/LunaHook/LunaHook/engines/python/python2.cpp b/cpp/LunaHook/LunaHook/engines/python/python2.cpp new file mode 100644 index 00000000..680a3194 --- /dev/null +++ b/cpp/LunaHook/LunaHook/engines/python/python2.cpp @@ -0,0 +1,109 @@ +#include"python.h" +namespace { + typedef wchar_t Py_UNICODE ; + typedef size_t Py_ssize_t; + typedef void PyObject ; + typedef PyObject* (*PyUnicode_FromObject_t)( PyObject *obj ); + #ifdef Py_TRACE_REFS + /* Define pointers to support a doubly-linked list of all live heap objects. */ + #define _PyObject_HEAD_EXTRA \ + struct _object *_ob_next; \ + struct _object *_ob_prev; + + #define _PyObject_EXTRA_INIT 0, 0, + + #else + #define _PyObject_HEAD_EXTRA + #define _PyObject_EXTRA_INIT + #endif + #define PyObject_HEAD \ + _PyObject_HEAD_EXTRA \ + Py_ssize_t ob_refcnt; \ + struct _typeobject *ob_type; + typedef struct { + PyObject_HEAD + Py_ssize_t length; /* Length of raw Unicode data in buffer */ + Py_UNICODE *str; /* Raw Unicode buffer */ + long hash; /* Hash value; -1 if not set */ + PyObject *defenc; /* (Default) Encoded version as Python + string, or NULL; this is used for + implementing the buffer protocol */ + } PyUnicodeObject; + #define PyUnicode_AS_UNICODE(op) \ + (((PyUnicodeObject *)(op))->str) + #define PyUnicode_GET_SIZE(op) \ + (((PyUnicodeObject *)(op))->length) + + PyUnicode_FromObject_t PyUnicode_FromObject; + + inline void GetPyUnicodeString(PyObject *object,TextBuffer* buffer){ + if (object == NULL) + return; + + auto uformat = PyUnicode_FromObject(object); + + if (uformat == NULL){ + return; + } + + auto fmt = PyUnicode_AS_UNICODE(uformat); + auto fmtcnt = PyUnicode_GET_SIZE(uformat); + + if(wcschr(fmt, L'%') != nullptr) + return; + buffer->from(fmt,sizeof(wchar_t)*fmtcnt); + } + + typedef PyObject* (*PyUnicode_FromUnicode_t)( + const Py_UNICODE *u, /* Unicode buffer */ + Py_ssize_t size /* size of buffer */ + ); + PyUnicode_FromUnicode_t PyUnicode_FromUnicode; + +} + +bool InsertRenpyHook(){ + wchar_t python[] = L"python2X.dll", libpython[] = L"libpython2.X.dll"; + for (wchar_t* name : { python, libpython }) + { + wchar_t* pos = wcschr(name, L'X'); + for (int pythonMinorVersion = 0; pythonMinorVersion <= 8; ++pythonMinorVersion) + { + *pos = L'0' + pythonMinorVersion; + if (HMODULE module = GetModuleHandleW(name)) + { + auto f1=[=](){ + PyUnicode_FromObject=(PyUnicode_FromObject_t)GetProcAddress(module, "PyUnicodeUCS2_FromObject"); + PyUnicode_FromUnicode=(PyUnicode_FromUnicode_t)GetProcAddress(module, "PyUnicodeUCS2_FromUnicode"); + auto addr= (uintptr_t)GetProcAddress(module, "PyUnicodeUCS2_Format"); + if (!addr||!PyUnicode_FromObject) return false; + HookParam hp; + hp.address =addr; + hp.type = USING_STRING | CODEC_UTF16 | NO_CONTEXT; + hp.text_fun = [](hook_stack* stack, HookParam* hp, auto* buffer, uintptr_t* split) + { + auto format=(PyObject *)stack->ARG1; + GetPyUnicodeString(format,buffer); + }; + if(PyUnicode_FromUnicode) + { + hp.type|=EMBED_ABLE; + hp.hook_after=[](hook_stack* stack,void* data, size_t len) + { + auto format=(PyObject *)stack->ARG1; + if(format==NULL)return; + stack->ARG1=(uintptr_t)PyUnicode_FromUnicode((Py_UNICODE *)data,len/2); + }; + } + return NewHook(hp, "Ren'py"); + }(); + auto f3=hookrenpy(module); + + return f1||f3; + } + } + } + ConsoleOutput("Ren'py failed: failed to find python2X.dll"); + return false; +} + \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engines/python/python3.cpp b/cpp/LunaHook/LunaHook/engines/python/python3.cpp new file mode 100644 index 00000000..13a1b3f0 --- /dev/null +++ b/cpp/LunaHook/LunaHook/engines/python/python3.cpp @@ -0,0 +1,199 @@ +#include"python.h" +namespace { +#define PyUnicode_IS_READY(op) 1 +#define PyUnicode_Check(op) 1 + + #ifdef Py_TRACE_REFS +/* Define pointers to support a doubly-linked list of all live heap objects. */ +#define _PyObject_HEAD_EXTRA \ + struct _object *_ob_next; \ + struct _object *_ob_prev; + +#define _PyObject_EXTRA_INIT 0, 0, + +#else +#define _PyObject_HEAD_EXTRA +#define _PyObject_EXTRA_INIT +#endif + typedef size_t Py_ssize_t; + typedef struct _object { + _PyObject_HEAD_EXTRA + Py_ssize_t ob_refcnt; + struct _typeobject *ob_type; + } PyObject; +#define PyObject_HEAD PyObject ob_base; +typedef Py_ssize_t Py_hash_t; +typedef struct { + PyObject_HEAD + Py_ssize_t length; /* Number of code points in the string */ + Py_hash_t hash; /* Hash value; -1 if not set */ + struct { + unsigned int interned:2; + unsigned int kind:3; + unsigned int compact:1; + unsigned int ascii:1; + unsigned int ready:1; + unsigned int :24; + } state; + wchar_t *wstr; /* wchar_t representation (null-terminated) */ +} PyASCIIObject; +typedef struct { + PyASCIIObject _base; + Py_ssize_t utf8_length; /* Number of bytes in utf8, excluding the + * terminating \0. */ + char *utf8; /* UTF-8 representation (null-terminated) */ + Py_ssize_t wstr_length; /* Number of code points in wstr, possible + * surrogates count as two code points. */ +} PyCompactUnicodeObject; +/* Return one of the PyUnicode_*_KIND values defined above. */ +#define PyUnicode_KIND(op) \ + (assert(PyUnicode_Check(op)), \ + assert(PyUnicode_IS_READY(op)), \ + ((PyASCIIObject *)(op))->state.kind) + +typedef uint32_t Py_UCS4; +typedef uint16_t Py_UCS2; +typedef uint8_t Py_UCS1; +typedef struct { + PyCompactUnicodeObject _base; + union { + void *any; + Py_UCS1 *latin1; + Py_UCS2 *ucs2; + Py_UCS4 *ucs4; + } data; /* Canonical, smallest-form Unicode buffer */ +} PyUnicodeObject; +#define PyUnicode_IS_COMPACT(op) \ + (((PyASCIIObject*)(op))->state.compact) +#define PyUnicode_IS_ASCII(op) \ + (assert(PyUnicode_Check(op)), \ + assert(PyUnicode_IS_READY(op)), \ + ((PyASCIIObject*)op)->state.ascii) +#define _PyUnicode_COMPACT_DATA(op) \ + (PyUnicode_IS_ASCII(op) ? \ + ((void*)((PyASCIIObject*)(op) + 1)) : \ + ((void*)((PyCompactUnicodeObject*)(op) + 1))) + +#define _PyUnicode_NONCOMPACT_DATA(op) \ + (assert(((PyUnicodeObject*)(op))->data.any), \ + ((((PyUnicodeObject *)(op))->data.any))) + +#define PyUnicode_DATA(op) \ + (assert(PyUnicode_Check(op)), \ + PyUnicode_IS_COMPACT(op) ? _PyUnicode_COMPACT_DATA(op) : \ + _PyUnicode_NONCOMPACT_DATA(op)) +#define PyUnicode_GET_LENGTH(op) \ + (assert(PyUnicode_Check(op)), \ + assert(PyUnicode_IS_READY(op)), \ + ((PyASCIIObject *)(op))->length) +enum PyUnicode_Kind { +/* String contains only wstr byte characters. This is only possible + when the string was created with a legacy API and _PyUnicode_Ready() + has not been called yet. */ + PyUnicode_WCHAR_KIND = 0, +/* Return values of the PyUnicode_KIND() macro: */ + PyUnicode_1BYTE_KIND = 1, + PyUnicode_2BYTE_KIND = 2, + PyUnicode_4BYTE_KIND = 4 +}; +#define PyUnicode_READ(kind, data, index) \ + ((Py_UCS4) \ + ((kind) == PyUnicode_1BYTE_KIND ? \ + ((const Py_UCS1 *)(data))[(index)] : \ + ((kind) == PyUnicode_2BYTE_KIND ? \ + ((const Py_UCS2 *)(data))[(index)] : \ + ((const Py_UCS4 *)(data))[(index)] \ + ) \ + )) + + typedef PyObject* (*PyUnicode_FromString_t)(const char *u); + PyUnicode_FromString_t PyUnicode_FromString; + typedef PyObject* (*PyUnicode_FromKindAndData_t)(int kind, + const void *buffer, + Py_ssize_t size); + PyUnicode_FromKindAndData_t PyUnicode_FromKindAndData; + +} + #ifdef _WIN64 +void DoReadPyString(PyObject* fmtstr,HookParam* hp,TextBuffer* buffer){ + + if (fmtstr == NULL ) + return ; + + auto fmtdata = PyUnicode_DATA(fmtstr); + auto fmtkind = PyUnicode_KIND(fmtstr); + auto fmtcnt = PyUnicode_GET_LENGTH(fmtstr); + for(auto i=0;itype&=~CODEC_UTF8; + hp->type&=~CODEC_UTF16; + hp->type&=~CODEC_UTF32; + + switch (fmtkind) + { + case PyUnicode_WCHAR_KIND: + case PyUnicode_2BYTE_KIND: + hp->type|=CODEC_UTF16; + len=fmtcnt*sizeof(Py_UCS2); + break; + case PyUnicode_1BYTE_KIND: + hp->type|=CODEC_UTF8; + len=fmtcnt*sizeof(Py_UCS1); + break; + case PyUnicode_4BYTE_KIND://Py_UCS4,utf32 + hp->type|=CODEC_UTF32; + len=fmtcnt*sizeof(Py_UCS4); + } + buffer->from(fmtdata, len); +} +bool InsertRenpy3Hook() +{ + wchar_t pythonf[] = L"python3%d.dll", libpython[] = L"libpython3.%d.dll"; + wchar_t python[64] = { 0 }; + for (wchar_t* pythonff : { python, libpython }) + { + for (int pythonMinorVersion = 0; pythonMinorVersion <= 20; ++pythonMinorVersion) + { + wsprintf(python, pythonff, pythonMinorVersion); + if (HMODULE module = GetModuleHandleW(python)) + { + auto f1=[=](){ + uintptr_t addr = (uintptr_t)GetProcAddress(module, "PyUnicode_Format"); + //PyUnicode_FromString=(PyUnicode_FromString_t)GetProcAddress(module, "PyUnicode_FromString"); + PyUnicode_FromKindAndData=(PyUnicode_FromKindAndData_t)GetProcAddress(module, "PyUnicode_FromKindAndData"); + if(!addr)return false; + HookParam hp; + hp.address = addr; + hp.type=NO_CONTEXT|USING_STRING; + hp.text_fun = [](hook_stack *stack, HookParam *hp, TextBuffer *buffer, uintptr_t *split) + { + auto fmtstr=(PyObject *)stack->rcx; + + DoReadPyString(fmtstr,hp,buffer); + }; + if(PyUnicode_FromKindAndData) + { + hp.type|=EMBED_ABLE|EMBED_CODEC_UTF16; + hp.hook_after=[](hook_stack* stack,void* data, size_t len) + { + auto format=(PyObject *)stack->rcx; + if (format == NULL ) + return; + stack->rcx=(uintptr_t)PyUnicode_FromKindAndData(PyUnicode_2BYTE_KIND,data,len/2); + }; + }; + return NewHook(hp, "python3"); + }(); + + auto f2=hookrenpy(module); + return f1||f2; + } + } + } + return false; +} + +#endif \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engines/v8/hello.cc b/cpp/LunaHook/LunaHook/engines/v8/hello.cc new file mode 100644 index 00000000..5fa16955 --- /dev/null +++ b/cpp/LunaHook/LunaHook/engines/v8/hello.cc @@ -0,0 +1,91 @@ +/* +// v8这样做比用剪贴板好,但。。。太难了,而且版本兼容性不太好 + +typedef void *(*FunctionTemplateNew_t)(void *, void *, void *, void *, void *, int, int, int); +typedef void *(*FunctionTemplateGetFunction_t)(void *, void *, void *); +typedef void *(*FunctionSetName_t)(void *, void *); +typedef void *(*Global_t)(void *, void *); +typedef void *(*SetObject_t)(void *, void *, void *, void *, void *); +Global_t Global; +SetObject_t SetObject; +FunctionTemplateNew_t FunctionTemplateNew; +FunctionTemplateGetFunction_t FunctionTemplateGetFunction; +FunctionSetName_t FunctionSetName; +#define fnFunctionTemplateNew "?New@FunctionTemplate@v8@@SA?AV?$Local@VFunctionTemplate@v8@@@2@PAVIsolate@2@P6AXABV?$FunctionCallbackInfo@VValue@v8@@@2@@ZV?$Local@VValue@v8@@@2@V?$Local@VSignature@v8@@@2@HW4ConstructorBehavior@2@@Z" +#define fnFunctionTemplateGetFunction "?GetFunction@FunctionTemplate@v8@@QAE?AV?$MaybeLocal@VFunction@v8@@@2@V?$Local@VContext@v8@@@2@@Z" +#define fnFunctionSetName "?SetName@Function@v8@@QAEXV?$Local@VString@v8@@@2@@Z" +#define fnGlobal "?Global@Context@v8@@QAE?AV?$Local@VObject@v8@@@2@XZ" +#define fnSetObject "?Set@Object@v8@@QAE?AV?$Maybe@_N@2@V?$Local@VContext@v8@@@2@V?$Local@VValue@v8@@@2@1@Z" +void tryinsertglobalfunction(void *isolate) +{ + SetObject = (SetObject_t)GetProcAddress(hmodule, fnSetObject); + Global = (Global_t)GetProcAddress(hmodule, fnGlobal); + FunctionTemplateNew = (FunctionTemplateNew_t)GetProcAddress(hmodule, fnFunctionTemplateNew); + FunctionTemplateGetFunction = (FunctionTemplateGetFunction_t)GetProcAddress(hmodule, fnFunctionTemplateGetFunction); + FunctionSetName = (FunctionSetName_t)GetProcAddress(hmodule, fnFunctionSetName); + + void *context; + void *v8string; + void *script; + void *useless; + void *FunctionTemplate; + void *unknown; + void *v12[7]; + ConsoleOutput("%p %p %p %p %p", SetObject, Global, FunctionTemplateNew, FunctionTemplateGetFunction, FunctionSetName); + GetCurrentContext(isolate, &context); + ConsoleOutput("context %p", context); + auto f = FunctionTemplateNew(&FunctionTemplate, context, Method, v12[0], 0, 0, 1, 0); + + ConsoleOutput("FunctionTemplate %p %p", *(void **)f, unknown); + void *Function = FunctionTemplateGetFunction(FunctionTemplate, &unknown, context); + + auto string = NewFromUtf8(&v8string, isolate, "hello", 1, -1); + ConsoleOutput("%p %p", *(void **)string, v8string); + FunctionSetName(*(void **)Function, *(void **)string); + + auto global = Global(context, &unknown); + SetObject(*(void **)global, &unknown, context, *(void **)string, *(void **)Function); +} +*/ +#include + +using namespace v8; + +void NODE_SET_METHOD_X(const char *name, + v8::FunctionCallback callback) +{ + + v8::Isolate *isolate = v8::Isolate::GetCurrent(); + v8::HandleScope handle_scope(isolate); + v8::Local context = isolate->GetCurrentContext(); + + v8::Local t = v8::FunctionTemplate::New(isolate, + callback); + v8::Local fn = t->GetFunction(context).ToLocalChecked(); + v8::Local fn_name = v8::String::NewFromUtf8(isolate, name, + v8::NewStringType::kInternalized) + .ToLocalChecked(); + fn->SetName(fn_name); + context->Global()->Set(context, fn_name, fn).Check(); +} +extern "C" __declspec(dllexport) void utf8interaction(char *utf8) +{ + // 用来和lunahook交互 + utf8[0] += 10; +} + +void Method(const FunctionCallbackInfo &args) +{ + Isolate *isolate = Isolate::GetCurrent(); + HandleScope scope(isolate); + auto locals = args[0]->ToString(isolate->GetCurrentContext()).ToLocalChecked(); + auto size = locals->Utf8Length(isolate); + auto buff = std::make_unique(size + 1); + locals->WriteUtf8(isolate, buff.get()); + utf8interaction(buff.get()); + args.GetReturnValue().Set(String::NewFromUtf8(isolate, buff.get()).ToLocalChecked()); +} +extern "C" __declspec(dllexport) void globalfunction() +{ + NODE_SET_METHOD_X("hello", Method); +} diff --git a/cpp/LunaHook/LunaHook/engines/v8/httpserver.cpp b/cpp/LunaHook/LunaHook/engines/v8/httpserver.cpp new file mode 100644 index 00000000..6255108f --- /dev/null +++ b/cpp/LunaHook/LunaHook/engines/v8/httpserver.cpp @@ -0,0 +1,594 @@ +// https://github.com/microsoft/Windows-classic-samples/blob/main/Samples/Win7Samples/netds/http/HttpV2Server/main.c +/*++ + Copyright (c) 2002 - 2002 Microsoft Corporation. All Rights Reserved. + + THIS CODE AND INFORMATION IS PROVIDED "AS-IS" WITHOUT WARRANTY OF + ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED TO + THE IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A + PARTICULAR PURPOSE. + + THIS CODE IS NOT SUPPORTED BY MICROSOFT. + +--*/ + +#define SECURITY_WIN32 +#include +#include +#include +#define NUM_SCHEMES 2 +#define MAX_USERNAME_LENGTH 100 +#pragma warning(disable : 4127) // condition expression is constant + +// +// Macros. +// +#define INITIALIZE_HTTP_RESPONSE(resp, status, reason) \ + do \ + { \ + RtlZeroMemory((resp), sizeof(*(resp))); \ + (resp)->StatusCode = (status); \ + (resp)->pReason = (reason); \ + (resp)->ReasonLength = (USHORT)strlen(reason); \ + } while (FALSE) + +#define ADD_KNOWN_HEADER(Response, HeaderId, RawValue) \ + do \ + { \ + (Response).Headers.KnownHeaders[(HeaderId)].pRawValue = (RawValue); \ + (Response).Headers.KnownHeaders[(HeaderId)].RawValueLength = \ + (USHORT)strlen(RawValue); \ + } while (FALSE) + +#define ALLOC_MEM(cb) HeapAlloc(GetProcessHeap(), 0, (cb)) +#define FREE_MEM(ptr) HeapFree(GetProcessHeap(), 0, (ptr)) + +// +// Prototypes. +// +DWORD +DoReceiveRequests( + HANDLE hReqQueue); + +DWORD +SendHttpResponse( + IN HANDLE hReqQueue, + IN PHTTP_REQUEST pRequest); + +/***************************************************************************++ + +Routine Description: + main routine. + +Arguments: + argc - # of command line arguments. + argv - Arguments. + +Return Value: + Success/Failure. + +--***************************************************************************/ + +int cleanuphttp(HANDLE hReqQueue, HTTP_SERVER_SESSION_ID ssID, HTTP_URL_GROUP_ID urlGroupId) +{ + ULONG retCode; + // + // Call HttpRemoveUrl for all the URLs that we added. + // HTTP_URL_FLAG_REMOVE_ALL flag allows us to remove + // all the URLs registered on URL Group at once + // + if (!HTTP_IS_NULL_ID(&urlGroupId)) + { + + retCode = HttpRemoveUrlFromUrlGroup(urlGroupId, + NULL, + HTTP_URL_FLAG_REMOVE_ALL); + } + + // + // Close the Url Group + // + + if (!HTTP_IS_NULL_ID(&urlGroupId)) + { + retCode = HttpCloseUrlGroup(urlGroupId); + } + + // + // Close the serversession + // + + if (!HTTP_IS_NULL_ID(&urlGroupId)) + { + retCode = HttpCloseServerSession(ssID); + } + + // + // Close the Request Queue handle. + // + + if (hReqQueue) + { + retCode = HttpCloseRequestQueue(hReqQueue); + } + + // + // Call HttpTerminate. + // + HttpTerminate(HTTP_INITIALIZE_SERVER, NULL); + return retCode; +} +auto makeserveronce(int port) +{ + ULONG retCode; + + HANDLE hReqQueue = NULL; + HTTP_SERVER_SESSION_ID ssID = HTTP_NULL_ID; + HTTP_URL_GROUP_ID urlGroupId = HTTP_NULL_ID; + HTTPAPI_VERSION HttpApiVersion = HTTPAPI_VERSION_2; + HTTP_BINDING_INFO BindingProperty; + HTTP_TIMEOUT_LIMIT_INFO CGTimeout; + + auto url = std::wstring(L"http://127.0.0.1:") + std::to_wstring(port) + L"/fuck"; + // + // Initialize HTTP APIs. + // + + retCode = HttpInitialize( + HttpApiVersion, + HTTP_INITIALIZE_SERVER, // Flags + NULL // Reserved + ); + + if (retCode != NO_ERROR) + { + return std::tuple{false, hReqQueue, ssID, urlGroupId}; + } + + // + // Create a server session handle + // + + retCode = HttpCreateServerSession(HttpApiVersion, + &ssID, + 0); + + if (retCode != NO_ERROR) + { + return std::tuple{false, hReqQueue, ssID, urlGroupId}; + } + + // + // Create UrlGroup handle + // + + retCode = HttpCreateUrlGroup(ssID, + &urlGroupId, + 0); + + if (retCode != NO_ERROR) + { + return std::tuple{false, hReqQueue, ssID, urlGroupId}; + } + + // + // Create a request queue handle + // + + retCode = HttpCreateRequestQueue(HttpApiVersion, + (std::wstring(L"LUNA_INTERNAL_HTTP_QUEUE") + std::to_wstring(GetCurrentProcessId()) + L"_" + std::to_wstring(rand())).c_str(), + NULL, + 0, + &hReqQueue); + if (retCode != NO_ERROR) + { + return std::tuple{false, hReqQueue, ssID, urlGroupId}; + } + + BindingProperty.Flags.Present = 1; // Specifies that the property is present on UrlGroup + BindingProperty.RequestQueueHandle = hReqQueue; + + // + // Bind the request queue to UrlGroup + // + + retCode = HttpSetUrlGroupProperty(urlGroupId, + HttpServerBindingProperty, + &BindingProperty, + sizeof(BindingProperty)); + + if (retCode != NO_ERROR) + { + return std::tuple{false, hReqQueue, ssID, urlGroupId}; + } + + // + // Set EntityBody Timeout property on UrlGroup + // + + ZeroMemory(&CGTimeout, sizeof(HTTP_TIMEOUT_LIMIT_INFO)); + + CGTimeout.Flags.Present = 1; // Specifies that the property is present on UrlGroup + CGTimeout.EntityBody = 50; // The timeout is in secs + + retCode = HttpSetUrlGroupProperty(urlGroupId, + HttpServerTimeoutsProperty, + &CGTimeout, + sizeof(HTTP_TIMEOUT_LIMIT_INFO)); + + if (retCode != NO_ERROR) + { + return std::tuple{false, hReqQueue, ssID, urlGroupId}; + } + + // + // Add the URLs on URL Group + // The command line arguments represent URIs that we want to listen on. + // We will call HttpAddUrlToUrlGroup for each of these URIs. + // + // The URI is a fully qualified URI and MUST include the terminating '/' + // + + retCode = HttpAddUrlToUrlGroup(urlGroupId, + url.c_str(), + 0, + 0); + + if (retCode != NO_ERROR) + { + return std::tuple{false, hReqQueue, ssID, urlGroupId}; + } + return std::tuple{true, hReqQueue, ssID, urlGroupId}; +} +int GetRandomAvailablePort() +{ + WSADATA wsaData; + int result = WSAStartup(MAKEWORD(2, 2), &wsaData); + if (result != 0) + { + return 0; + } + + // 创建一个 TCP 套接字 + SOCKET sock = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); + if (sock == INVALID_SOCKET) + { + WSACleanup(); + return 0; + } + + // 绑定到随机端口 + sockaddr_in addr; + addr.sin_family = AF_INET; + addr.sin_addr.s_addr = INADDR_ANY; + addr.sin_port = 0; // 0 表示让系统自动选择一个可用端口 + + result = bind(sock, (SOCKADDR *)&addr, sizeof(addr)); + if (result == SOCKET_ERROR) + { + closesocket(sock); + WSACleanup(); + return 0; + } + + // 获取实际绑定的端口号 + int addrLen = sizeof(addr); + result = getsockname(sock, (SOCKADDR *)&addr, &addrLen); + if (result == SOCKET_ERROR) + { + closesocket(sock); + WSACleanup(); + return 0; + } + + // 关闭套接字 + closesocket(sock); + WSACleanup(); + + // 返回实际绑定的端口号 + return ntohs(addr.sin_port); +} + +int makehttpgetserverinternal() +{ + // 尝试1000次 + for (int i = 0; i < 1000; i++) + { + auto port = GetRandomAvailablePort(); + auto [succ, hReqQueue, ssID, urlGroupId] = makeserveronce(port); + if (!succ) + { + cleanuphttp(hReqQueue, ssID, urlGroupId); + continue; + } + std::thread([=]() + { + // Loop while receiving requests + DoReceiveRequests(hReqQueue); + cleanuphttp(hReqQueue, ssID, urlGroupId); }) + .detach(); + return port; + } + return 0; +} +// int main() +// { +// wprintf(L"%d", makehttpgetserverinternal()); +// Sleep(999999); +// } +/***************************************************************************++ + +Routine Description: + The routine to receive a request. This routine calls the corresponding + routine to deal with the response. + +Arguments: + hReqQueue - Handle to the request queue. + +Return Value: + Success/Failure. + +--***************************************************************************/ + +DWORD +DoReceiveRequests( + IN HANDLE hReqQueue) +{ + ULONG result; + HTTP_REQUEST_ID requestId; + DWORD bytesRead; + PHTTP_REQUEST pRequest; + PCHAR pRequestBuffer; + ULONG RequestBufferLength; + + // + // Allocate a 2K buffer. Should be good for most requests, we'll grow + // this if required. We also need space for a HTTP_REQUEST structure. + // + RequestBufferLength = sizeof(HTTP_REQUEST) + 2048; + pRequestBuffer = (PCHAR)ALLOC_MEM(RequestBufferLength); + + if (pRequestBuffer == NULL) + { + return ERROR_NOT_ENOUGH_MEMORY; + } + + pRequest = (PHTTP_REQUEST)pRequestBuffer; + + // + // Wait for a new request -- This is indicated by a NULL request ID. + // + + HTTP_SET_NULL_ID(&requestId); + + for (;;) + { + RtlZeroMemory(pRequest, RequestBufferLength); + + result = HttpReceiveHttpRequest( + hReqQueue, // Req Queue + requestId, // Req ID + 0, // Flags + pRequest, // HTTP request buffer + RequestBufferLength, // req buffer length + &bytesRead, // bytes received + NULL // LPOVERLAPPED + ); + + if (NO_ERROR == result) + { + // + // Worked! + // + // switch (pRequest->Verb) + // { + // case HttpVerbGET: + result = SendHttpResponse( + hReqQueue, + pRequest); + + // case HttpVerbPOST: + // default: + + // if (result != NO_ERROR) + // { + // break; + // } + + // + // Reset the Request ID so that we pick up the next request. + // + HTTP_SET_NULL_ID(&requestId); + } + else if (result == ERROR_MORE_DATA) + { + // + // The input buffer was too small to hold the request headers + // We have to allocate more buffer & call the API again. + // + // When we call the API again, we want to pick up the request + // that just failed. This is done by passing a RequestID. + // + // This RequestID is picked from the old buffer. + // + requestId = pRequest->RequestId; + + // + // Free the old buffer and allocate a new one. + // + RequestBufferLength = bytesRead; + FREE_MEM(pRequestBuffer); + pRequestBuffer = (PCHAR)ALLOC_MEM(RequestBufferLength); + + if (pRequestBuffer == NULL) + { + result = ERROR_NOT_ENOUGH_MEMORY; + break; + } + + pRequest = (PHTTP_REQUEST)pRequestBuffer; + } + else if (ERROR_CONNECTION_INVALID == result && + !HTTP_IS_NULL_ID(&requestId)) + { + // The TCP connection got torn down by the peer when we were + // trying to pick up a request with more buffer. We'll just move + // onto the next request. + + HTTP_SET_NULL_ID(&requestId); + } + else + { + break; + } + + } // for(;;) + + if (pRequestBuffer) + { + FREE_MEM(pRequestBuffer); + } + + return result; +} + +/***************************************************************************++ + +Routine Description: + The routine sends a HTTP response. + +Arguments: + hReqQueue - Handle to the request queue. + pRequest - The parsed HTTP request. + StatusCode - Response Status Code. + pReason - Response reason phrase. + pEntityString - Response entity body. + +Return Value: + Success/Failure. + +--***************************************************************************/ + +#pragma optimize("", off) +const wchar_t *LUNA_CONTENTBYPASS(const wchar_t *_) +{ + return _; +} +#pragma optimize("", on) + +DWORD +SendHttpResponse( + IN HANDLE hReqQueue, + IN PHTTP_REQUEST pRequest) +{ + HTTP_RESPONSE response; + DWORD result; + DWORD bytesSent; + ULONG BytesRead; + HTTP_DATA_CHUNK dataChunk; + std::string recv; + std::string buff; + buff.resize(2048); + bool recving = true; + // + // Initialize the HTTP response structure. + // + INITIALIZE_HTTP_RESPONSE(&response, 200, "OK"); + + // + // For POST, we'll echo back the entity that we got from the client. + // + // NOTE: If we had passed the HTTP_RECEIVE_REQUEST_FLAG_COPY_BODY + // flag with HttpReceiveHttpRequest(), the entity would have + // been a part of HTTP_REQUEST (using the pEntityChunks field). + // Since we have not passed that flag, we can be assured that + // there are no entity bodies in HTTP_REQUEST. + // + if (pRequest->Flags & HTTP_REQUEST_FLAG_MORE_ENTITY_BODY_EXISTS) + { + // The entity body is send over multiple calls. Let's collect all + // of these in a file & send it back. We'll create a temp file + // + + do + { + // + // Read the entity chunk from the request. + // + BytesRead = 0; + result = HttpReceiveRequestEntityBody( + hReqQueue, + pRequest->RequestId, + 0, + buff.data(), + buff.capacity(), + &BytesRead, + NULL); + switch (result) + { + case NO_ERROR: + case ERROR_HANDLE_EOF: + + if (BytesRead != 0) + { + recv += buff.substr(0, BytesRead); + } + if (result == ERROR_HANDLE_EOF) + recving = false; + break; + + default: + recving = false; + } + + } while (recving); + } + if (recv.size()) + recv = WideStringToString(LUNA_CONTENTBYPASS(StringToWideString(recv).c_str())); + if (recv.size()) + { + ADD_KNOWN_HEADER( + response, + HttpHeaderContentLength, + std::to_string(recv.size()).c_str()); + } + result = + HttpSendHttpResponse( + hReqQueue, // ReqQueueHandle + pRequest->RequestId, // Request ID + recv.size() ? HTTP_SEND_RESPONSE_FLAG_MORE_DATA : 0, + &response, // HTTP response + NULL, // pReserved1 + &bytesSent, // bytes sent (optional) + NULL, // pReserved2 + 0, // Reserved3 + NULL, // LPOVERLAPPED + NULL // pReserved4 + ); + + if (result != NO_ERROR) + { + return result; + } + if (!recv.size()) + return result; + // + // Send entity body from a file handle. + // + dataChunk.DataChunkType = HttpDataChunkFromMemory; + dataChunk.FromMemory.pBuffer = (PVOID)recv.c_str(); + dataChunk.FromMemory.BufferLength = (ULONG)recv.size(); + + result = HttpSendResponseEntityBody( + hReqQueue, + pRequest->RequestId, + 0, // This is the last send. + 1, // Entity Chunk Count. + &dataChunk, + NULL, + NULL, + 0, + NULL, + NULL); + + return result; +} \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/engines/v8/v8.cpp b/cpp/LunaHook/LunaHook/engines/v8/v8.cpp new file mode 100644 index 00000000..67f7e190 --- /dev/null +++ b/cpp/LunaHook/LunaHook/engines/v8/v8.cpp @@ -0,0 +1,391 @@ +#include "v8.h" + +int makehttpgetserverinternal(); +const wchar_t *LUNA_CONTENTBYPASS(const wchar_t *_); +namespace +{ + constexpr auto magicsend = L"\x01LUNAFROMJS\x01"; + constexpr auto magicrecv = L"\x01LUNAFROMHOST\x01"; +} +namespace +{ + bool useclipboard = true; + bool usehttp = true; + int usehttp_port = 0; +} +namespace +{ + + void parsebefore(wchar_t *text, HookParam *hp, uintptr_t *split, TextBuffer *buffer) + { + if (startWith(text, magicsend)) + { + text += wcslen(magicsend); + auto spl = wcschr(text, L'\x03'); + strcpy(hp->name, wcasta(std::wstring(text, spl - text)).c_str()); + text = spl + 1; + spl = wcschr(text, L'\x04'); + *split = std::stoi(std::wstring(text, spl - text)); + text = spl + 1; + auto embedable = wcschr(text, L'\x02'); + auto isembedabl = std::stoi(std::wstring(text, embedable - text)); + if (isembedabl) + hp->type |= EMBED_ABLE; + else + hp->type &= ~EMBED_ABLE; + text = embedable + 1; + buffer->from_cs(text); + } + } + std::wstring parseafter(void *data, size_t len) + { + std::wstring transwithfont = magicrecv; + transwithfont += commonsharedmem->fontFamily; + transwithfont += L'\x02'; + transwithfont += std::wstring((wchar_t *)data, len / 2); + return transwithfont; + } +} +namespace +{ + bool hookClipboard() + { + HookParam hp; + hp.address = (uintptr_t)SetClipboardData; + hp.type = USING_STRING | NO_CONTEXT | CODEC_UTF16 | EMBED_ABLE ; + hp.text_fun = [](hook_stack *stack, HookParam *hp, auto *buffer, uintptr_t *split) + { + HGLOBAL hClipboardData = (HGLOBAL)stack->ARG2; + parsebefore((wchar_t *)GlobalLock(hClipboardData), hp, split, buffer); + GlobalUnlock(hClipboardData); + }; + hp.hook_after = [](hook_stack *s, void *data, size_t len) + { + std::wstring transwithfont = parseafter(data, len); + HGLOBAL hClipboardData = GlobalAlloc(GMEM_MOVEABLE, transwithfont.size() * 2 + 2); + auto pchData = (wchar_t *)GlobalLock(hClipboardData); + wcscpy(pchData, (wchar_t *)transwithfont.c_str()); + GlobalUnlock(hClipboardData); + s->ARG2 = (uintptr_t)hClipboardData; + }; + return NewHook(hp, "nwjs/electron rpgmakermv/tyranoscript"); + } +} +namespace +{ + bool hook_LUNA_CONTENTBYPASS() + { + HookParam hp; + hp.address = (uintptr_t)LUNA_CONTENTBYPASS; + hp.type = USING_STRING | NO_CONTEXT | CODEC_UTF16 | EMBED_ABLE ; + hp.text_fun = [](hook_stack *stack, HookParam *hp, auto *buffer, uintptr_t *split) + { + parsebefore((wchar_t *)stack->ARG1, hp, split, buffer); + }; + hp.hook_after = [](hook_stack *s, void *data, size_t len) + { + std::wstring transwithfont = parseafter(data, len); + auto news = new wchar_t[transwithfont.size() + 1]; + wcscpy(news, transwithfont.c_str()); + s->ARG1 = (uintptr_t)news; + }; + return NewHook(hp, "nwjs/electron rpgmakermv/tyranoscript"); + } +} +namespace v8script +{ + typedef void (*RequestInterrupt_callback)(void *, void *); +#ifndef _WIN64 + +#define fnRequestInterrupt "?RequestInterrupt@Isolate@v8@@QAEXP6AXPAV12@PAX@Z1@Z" +#define fnNewFromUtf8_maybelocal "?NewFromUtf8@String@v8@@SA?AV?$MaybeLocal@VString@v8@@@2@PAVIsolate@2@PBDW4NewStringType@2@H@Z" +#define fnNewFromUtf8_local "?NewFromUtf8@String@v8@@SA?AV?$Local@VString@v8@@@2@PAVIsolate@2@PBDW4NewStringType@12@H@Z" +#define fnGetCurrentContext "?GetCurrentContext@Isolate@v8@@QAE?AV?$Local@VContext@v8@@@2@XZ" +#define fnCompile_local "?Compile@Script@v8@@SA?AV?$Local@VScript@v8@@@2@V?$Handle@VString@v8@@@2@PAVScriptOrigin@2@@Z" +#define fnCompile_local_2 "?Compile@Script@v8@@SA?AV?$Local@VScript@v8@@@2@V?$Local@VString@v8@@@2@PAVScriptOrigin@2@@Z" +#define fnRun_local "?Run@Script@v8@@QAE?AV?$Local@VValue@v8@@@2@XZ" +#define fnCompile_maylocal "?Compile@Script@v8@@SA?AV?$MaybeLocal@VScript@v8@@@2@V?$Local@VContext@v8@@@2@V?$Local@VString@v8@@@2@PAVScriptOrigin@2@@Z" +#define fnRunv_maylocal "?Run@Script@v8@@QAE?AV?$MaybeLocal@VValue@v8@@@2@V?$Local@VContext@v8@@@2@@Z" + +#else +#define fnRequestInterrupt "?RequestInterrupt@Isolate@v8@@QEAAXP6AXPEAV12@PEAX@Z1@Z" +#define fnNewFromUtf8_maybelocal "?NewFromUtf8@String@v8@@SA?AV?$MaybeLocal@VString@v8@@@2@PEAVIsolate@2@PEBDW4NewStringType@2@H@Z" +#define fnNewFromUtf8_local "?NewFromUtf8@String@v8@@SA?AV?$Local@VString@v8@@@2@PEAVIsolate@2@PEBDW4NewStringType@12@H@Z" +#define fnGetCurrentContext "?GetCurrentContext@Isolate@v8@@QEAA?AV?$Local@VContext@v8@@@2@XZ" +#define fnCompile_local "?Compile@Script@v8@@SA?AV?$Local@VScript@v8@@@2@V?$Handle@VString@v8@@@2@PEAVScriptOrigin@2@@Z" +#define fnCompile_local_2 fnCompile_local +#define fnRun_local "?Run@Script@v8@@QEAA?AV?$Local@VValue@v8@@@2@XZ" +#define fnCompile_maylocal "?Compile@Script@v8@@SA?AV?$MaybeLocal@VScript@v8@@@2@V?$Local@VContext@v8@@@2@V?$Local@VString@v8@@@2@PEAVScriptOrigin@2@@Z" +#define fnRunv_maylocal "?Run@Script@v8@@QEAA?AV?$MaybeLocal@VValue@v8@@@2@V?$Local@VContext@v8@@@2@@Z" + +#endif + typedef void *(THISCALL *GetCurrentContextt)(void *, void *); + typedef void *(THISCALL *Run_local_t)(void *, void *); + typedef void *(THISCALL *Run_maybelocal_t)(void *, void *, void *); + typedef void *(THISCALL *RequestInterruptt)(void *, RequestInterrupt_callback, void *); + + typedef void *(*NewFromUtf8t)(void *, void *, const char *, int, int); + typedef void *(*Compile_local_t)(void *, void *, void *); + typedef void *(*Compile_maybelocal_t)(void *, void *, void *, void *); + RequestInterruptt RequestInterrupt; + NewFromUtf8t NewFromUtf8 = 0, NewFromUtf8v2, NewFromUtf8v1; + GetCurrentContextt GetCurrentContext; + Compile_local_t Compile_local; + Compile_maybelocal_t Compile_maybelocal; + Run_local_t Run_local; + Run_maybelocal_t Run_maybelocal; + void _interrupt_function(void *isolate, void *) + { + void *context; + void *v8string; + void *script; + void *useless; + ConsoleOutput("isolate %p", isolate); + GetCurrentContext(isolate, &context); + ConsoleOutput("context %p", context); + if (!context) + return; + int is_packed = 0; + if (auto moduleFileName = getModuleFilename()) + { + + AutoHandle hFile = CreateFile(moduleFileName.value().c_str(), FILE_READ_ATTRIBUTES, FILE_SHARE_READ, NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL); + if (hFile) + { + LARGE_INTEGER fileSize; + if (GetFileSizeEx(hFile, &fileSize)) + { + if (fileSize.QuadPart > 1024 * 1024 * 200) + { + // 200mb + is_packed = 1; + } + } + } + } + + std::string lunajspatch = LoadResData(L"lunajspatch", L"JSSOURCE"); + strReplace(lunajspatch, "IS_PACKED", std::to_string(is_packed)); + strReplace(lunajspatch, "IS_USECLIPBOARD", std::to_string(useclipboard)); + strReplace(lunajspatch, "INTERNAL_HTTP_PORT", std::to_string(usehttp_port)); + NewFromUtf8(&v8string, isolate, lunajspatch.c_str(), 1, -1); + ConsoleOutput("v8string %p", v8string); + if (!v8string) + return; + if (NewFromUtf8v1) + { + (Compile_local)(&script, v8string, 0); + ConsoleOutput("script %p", script); + if (!script) + return; + (Run_local)(script, &useless); + ConsoleOutput("useless %p", useless); + } + else if (NewFromUtf8v2) + { + (Compile_maybelocal)(&script, context, v8string, 0); + ConsoleOutput("script %p", script); + if (!script) + return; + (Run_maybelocal)(script, &useless, context); + ConsoleOutput("useless %p", useless); + } + } + bool init_v8_functions(HMODULE hmodule) + { + RequestInterrupt = (decltype(RequestInterrupt))GetProcAddress(hmodule, fnRequestInterrupt); + + NewFromUtf8v2 = (decltype(NewFromUtf8))GetProcAddress(hmodule, fnNewFromUtf8_maybelocal); + NewFromUtf8v1 = (decltype(NewFromUtf8))GetProcAddress(hmodule, fnNewFromUtf8_local); + + GetCurrentContext = (decltype(GetCurrentContext))GetProcAddress(hmodule, fnGetCurrentContext); + if (!(RequestInterrupt && GetCurrentContext)) + return false; + if (NewFromUtf8v1) + { + NewFromUtf8 = NewFromUtf8v1; + Compile_local = (decltype(Compile_local))GetProcAddress(hmodule, fnCompile_local); + if (!Compile_local) + Compile_local = (decltype(Compile_local))GetProcAddress(hmodule, fnCompile_local_2); + Run_local = (decltype(Run_local))GetProcAddress(hmodule, fnRun_local); + if (!(Run_local && Compile_local)) + return false; + } + else if (NewFromUtf8v2) + { + NewFromUtf8 = NewFromUtf8v2; + Compile_maybelocal = (decltype(Compile_maybelocal))GetProcAddress(hmodule, fnCompile_maylocal); + Run_maybelocal = (decltype(Run_maybelocal))GetProcAddress(hmodule, fnRunv_maylocal); + if (!(Run_maybelocal && Compile_maybelocal)) + return false; + } + else + return false; + + return true; + } + bool v8runscript_isolate(void *isolate) + { + if (!isolate) + return false; + RequestInterrupt(isolate, _interrupt_function, nullptr); + + return true; + } + + void v8runscript_isolate_bypass(hook_stack *stack, HookParam *hp, TextBuffer *buffer, uintptr_t *split) + { + + hp->type = HOOK_EMPTY; + hp->text_fun = nullptr; + + auto isolate = (void *)stack->ARG2; // 测试正确,且和v8::Isolate::GetCurrent结果相同 + v8runscript_isolate(isolate); + } + void *v8getcurrisolate(HMODULE hmod) + { +#ifndef _WIN64 +#define fnGetCurrent "?GetCurrent@Isolate@v8@@SAPAV12@XZ" +#define fnTryGetCurrent "?TryGetCurrent@Isolate@v8@@SAPAV12@XZ" +#else +#define fnGetCurrent "?GetCurrent@Isolate@v8@@SAPEAV12@XZ" +#define fnTryGetCurrent "?TryGetCurrent@Isolate@v8@@SAPEAV12@XZ" +#endif + void *GetCurrent; + GetCurrent = GetProcAddress(hmod, fnGetCurrent); + if (!GetCurrent) + GetCurrent = GetProcAddress(hmod, fnTryGetCurrent); + if (!GetCurrent) + return 0; + auto isolate = ((void *(*)())GetCurrent)(); + return isolate; + } + bool v8runscript(HMODULE _hmodule) + { + auto isolate = v8getcurrisolate(_hmodule); + if (isolate) + return v8runscript_isolate(isolate); +#ifndef _WIN64 +#define fnisolategetters {"?New@Number@v8@@SA?AV?$Local@VNumber@v8@@@2@PEAVIsolate@2@N@Z", "?New@Number@v8@@SA?AV?$Local@VNumber@v8@@@2@PAVIsolate@2@N@Z", "?NewFromUtf8@String@v8@@SA?AV?$Local@VString@v8@@@2@PAVIsolate@2@PBDW4NewStringType@12@H@Z"} +#else +#define fnisolategetters {"?New@Integer@v8@@SA?AV?$Local@VInteger@v8@@@2@PEAVIsolate@2@H@Z", "?New@Number@v8@@SA?AV?$Local@VNumber@v8@@@2@PEAVIsolate@2@N@Z", "?New@Number@v8@@SA?AV?$Local@VNumber@v8@@@2@PAVIsolate@2@N@Z", "?NewFromUtf8@String@v8@@SA?AV?$Local@VString@v8@@@2@PEAVIsolate@2@PEBDW4NewStringType@12@H@Z", "?Utf8Length@String@v8@@QEBAHPEAVIsolate@2@@Z"} +#endif + bool succ = false; + for (auto fnisolategetter : fnisolategetters) + { + auto isolategetter = GetProcAddress(_hmodule, fnisolategetter); + if (!isolategetter) + continue; + HookParam hp; + hp.address = (uintptr_t)isolategetter; + hp.text_fun = v8runscript_isolate_bypass; + succ |= NewHook(hp, "isolategetter"); + } + return succ; + } +} +namespace +{ +#ifndef _WIN64 +#define v8StringLength "?Length@String@v8@@QBEHXZ" +#define v8StringWriteUtf8 "?WriteUtf8@String@v8@@QBEHPADHPAHH@Z" +#define v8StringUtf8Length "?Utf8Length@String@v8@@QBEHXZ" +#define v8StringWrite "?Write@String@v8@@QBEHPAGHHH@Z" +#define v8StringWriteIsolate "?Write@String@v8@@QBEHPAVIsolate@2@PAGHHH@Z" +#else +#define v8StringLength "?Length@String@v8@@QEBAHXZ" +#define v8StringWriteUtf8 "?WriteUtf8@String@v8@@QEBAHPEADHPEAHH@Z" +#define v8StringUtf8Length "?Utf8Length@String@v8@@QEBAHXZ" +#define v8StringWrite "?Write@String@v8@@QEBAHPEAGHHH@Z" +#define v8StringWriteIsolate "?Write@String@v8@@QEBAHPEAVIsolate@2@PEAGHHH@Z" +#endif + uintptr_t WriteUtf8; + uintptr_t Utf8Length; + bool hookstring(HMODULE hm) + { + WriteUtf8 = (uintptr_t)GetProcAddress(hm, v8StringWriteUtf8); + Utf8Length = (uintptr_t)GetProcAddress(hm, v8StringUtf8Length); + if (WriteUtf8 == 0 || Utf8Length == 0) + return false; + + HookParam hp; + hp.type = USING_STRING | CODEC_UTF8; + hp.text_fun = + [](hook_stack *stack, HookParam *hp, auto *buffer, uintptr_t *split) + { + auto length = ((size_t(THISCALL *)(void *))Utf8Length)((void *)stack->THISCALLTHIS); + if (!length) + return; + auto u8str = new char[length + 1]; + int writen; + ((size_t(THISCALL *)(void *, char *, int, int *, int))WriteUtf8)((void *)stack->THISCALLTHIS, u8str, length, &writen, 0); + buffer->from(u8str, length); + }; + hp.filter_fun = [](void *data, size_t *len, HookParam *hp) + { + if (strstr((char *)data, R"(http://)") != 0) + return false; + if (strstr((char *)data, R"(https://)") != 0) + return false; + if (strstr((char *)data, R"(\\?\)") != 0) + return false; // 过滤路径 + return true; + }; + bool succ = false; + + auto pv8StringLength = GetProcAddress(hm, v8StringLength); + if (pv8StringLength) + { + + hp.address = (uintptr_t)pv8StringLength; + succ |= NewHook(hp, "v8::String::Length"); + } + auto pv8StringWrite = GetProcAddress(hm, v8StringWrite); + if (pv8StringWrite) + { + + hp.address = (uintptr_t)pv8StringWrite; + succ |= NewHook(hp, "v8::String::Write"); + } + auto pv8StringWriteIsolate = GetProcAddress(hm, v8StringWriteIsolate); + if (pv8StringWriteIsolate) + { + hp.address = (uintptr_t)pv8StringWriteIsolate; + succ |= NewHook(hp, "v8::String::Write::isolate"); + } + return succ; + } +} +bool tryhookv8() +{ + for (const wchar_t *moduleName : {(const wchar_t *)NULL, L"node.dll", L"nw.dll"}) + { + auto hm = GetModuleHandleW(moduleName); + if (hm == 0) + continue; + auto stringsucc = hookstring(hm); + auto funcsucc = v8script::init_v8_functions(hm); + auto succ = stringsucc; + if (funcsucc) + { + useclipboard = !std::filesystem::exists(std::filesystem::path(getModuleFilename().value()).replace_filename("disable.clipboard")); + usehttp = !std::filesystem::exists(std::filesystem::path(getModuleFilename().value()).replace_filename("disable.http")); + if (usehttp) + { + usehttp_port = makehttpgetserverinternal(); + ConsoleOutput("%d %d", GetCurrentProcessId(), usehttp_port); + hook_LUNA_CONTENTBYPASS(); + dont_detach = true; + } + if (useclipboard) + { + hookClipboard(); + } + if (useclipboard || usehttp) + succ |= v8script::v8runscript(hm); + } + if (stringsucc || funcsucc) + return succ; + } + return false; +} diff --git a/cpp/LunaHook/LunaHook/engines/v8/v8.h b/cpp/LunaHook/LunaHook/engines/v8/v8.h new file mode 100644 index 00000000..54cfc05b --- /dev/null +++ b/cpp/LunaHook/LunaHook/engines/v8/v8.h @@ -0,0 +1,2 @@ + +bool tryhookv8(); \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/hijackfuns.cc b/cpp/LunaHook/LunaHook/hijackfuns.cc new file mode 100644 index 00000000..59226edd --- /dev/null +++ b/cpp/LunaHook/LunaHook/hijackfuns.cc @@ -0,0 +1,689 @@ + +#pragma intrinsic(_ReturnAddress) + +// Disable only for debugging purpose +// #define HIJACK_GDI_FONT +// #define HIJACK_GDI_TEXT + +#define DEF_FUN(_f) Hijack::_f##_fun_t Hijack::old##_f = ::_f; +DEF_FUN(CreateFontA) +DEF_FUN(CreateFontW) +DEF_FUN(CreateFontIndirectA) +DEF_FUN(CreateFontIndirectW) +DEF_FUN(GetGlyphOutlineA) +DEF_FUN(GetGlyphOutlineW) +DEF_FUN(GetTextExtentPoint32A) +DEF_FUN(GetTextExtentPoint32W) +DEF_FUN(GetTextExtentExPointA) +DEF_FUN(GetTextExtentExPointW) +DEF_FUN(GetCharABCWidthsA) +DEF_FUN(GetCharABCWidthsW) +DEF_FUN(TextOutA) +DEF_FUN(TextOutW) +DEF_FUN(ExtTextOutA) +DEF_FUN(ExtTextOutW) +DEF_FUN(DrawTextA) +DEF_FUN(DrawTextW) +DEF_FUN(DrawTextExA) +DEF_FUN(DrawTextExW) +DEF_FUN(CharNextA) +// DEF_FUN(CharNextW) +// DEF_FUN(CharNextExA) +// DEF_FUN(CharNextExW) +DEF_FUN(CharPrevA) +// DEF_FUN(CharPrevW) +DEF_FUN(MultiByteToWideChar) +DEF_FUN(WideCharToMultiByte) +#undef DEF_FUN + +/** Helper */ + +namespace +{ // unnamed + UINT8 systemCharSet() + { + enum CodePage + { + NullCodePage = 0, + Utf8CodePage = 65001 // UTF-8 + , + Utf16CodePage = 1200 // UTF-16 + , + SjisCodePage = 932 // SHIFT-JIS + , + GbkCodePage = 936 // GB2312 + , + KscCodePage = 949 // EUC-KR + , + Big5CodePage = 950 // BIG5 + , + TisCodePage = 874 // TIS-620 + , + Koi8CodePage = 866 // KOI8-R + }; + auto systemCodePage = ::GetACP(); + switch (systemCodePage) + { + case TisCodePage: + return THAI_CHARSET; + case Koi8CodePage: + return RUSSIAN_CHARSET; + case SjisCodePage: + return SHIFTJIS_CHARSET; + case GbkCodePage: + return GB2312_CHARSET; + case Big5CodePage: + return CHINESEBIG5_CHARSET; + + case KscCodePage: + return HANGUL_CHARSET; + case 1361: + return JOHAB_CHARSET; // alternative Korean character set + + case 1250: + return EASTEUROPE_CHARSET; + case 1251: + return RUSSIAN_CHARSET; // cyrillic + case 1253: + return GREEK_CHARSET; + case 1254: + return TURKISH_CHARSET; + + case 862: + return HEBREW_CHARSET; // obsolete + case 1255: + return HEBREW_CHARSET; + + case 1256: + return ARABIC_CHARSET; + case 1257: + return BALTIC_CHARSET; + case 1258: + return VIETNAMESE_CHARSET; + + // default: return DEFAULT_CHARSET; + default: + return 0; + } + } + void customizeLogFontA(LOGFONTA *lplf) + { + + if (commonsharedmem->fontCharSetEnabled) + { + auto charSet = commonsharedmem->fontCharSet; + if (!charSet) + charSet = systemCharSet(); + if (charSet) + lplf->lfCharSet = charSet; + } + /* + if (s->fontWeight) + lplf->lfWeight = s->fontWeight; + if (s->isFontScaled()) { + lplf->lfWidth *= s->fontScale; + lplf->lfHeight *= s->fontScale; + } + */ + } + + void customizeLogFontW(LOGFONTW *lplf) + { + customizeLogFontA((LOGFONTA *)lplf); + + std::wstring s = commonsharedmem->fontFamily; + if (!s.empty()) + { + lplf->lfFaceName[s.size()] = 0; + // s->fontFamily.toWCharArray(lplf->lfFaceName); + memcpy(lplf->lfFaceName, s.c_str(), s.size()); + } + } + + // LogFont manager + + class LogFontManager + { + typedef std::pair font_pair; + std::list fonts_; + + static bool eq(const LOGFONTW &x, const LOGFONTW &y); + + public: + HFONT get(const LOGFONTW &lf) const; + void add(HFONT hf, const LOGFONTW &lf); + void remove(HFONT hf); + void remove(const LOGFONTW &lf); + }; + + bool LogFontManager::eq(const LOGFONTW &x, const LOGFONTW &y) + { // I assume there is no padding + return ::wcscmp(x.lfFaceName, y.lfFaceName) == 0 && ::memcmp(&x, &y, sizeof(x) - sizeof(x.lfFaceName)) == 0; + } + + void LogFontManager::add(HFONT hf, const LOGFONTW &lf) + { + fonts_.push_back(std::make_pair(hf, lf)); + } + + void LogFontManager::remove(HFONT hf) + { + auto _ = std::remove_if(fonts_.begin(), fonts_.end(), [&hf](const font_pair &it) + { return it.first == hf; }); + } + + void LogFontManager::remove(const LOGFONTW &lf) + { + auto _ = std::remove_if(fonts_.begin(), fonts_.end(), [&lf](const font_pair &it) + { return eq(it.second, lf); }); + } + + HFONT LogFontManager::get(const LOGFONTW &lf) const + { + for each (const font_pair &it in fonts_) + if (eq(it.second, lf)) + return it.first; + return nullptr; + } + + // GDI font switcher + + class DCFontSwitcher + { + static LogFontManager fonts_; + + HDC hdc_; + HFONT oldFont_, + newFont_; + std::wstring newfontname; + + public: + explicit DCFontSwitcher(HDC hdc); // pass 0 to disable this class + ~DCFontSwitcher(); + }; + + LogFontManager DCFontSwitcher::fonts_; + + DCFontSwitcher::~DCFontSwitcher() + { + // No idea why selecting old font will crash Mogeko Castle + // if (oldFont_ && oldFont_ != HGDI_ERROR) + // ::SelectObject(hdc_, oldFont_); + + // Never delete new font but cache them + // This could result in bad font after game is reset and deleted my font + // if (newFont_) + // ::DeleteObject(newFont_); + } + bool isFontCustomized() + { + return commonsharedmem->fontCharSetEnabled || wcslen(commonsharedmem->fontFamily); + } + DCFontSwitcher::DCFontSwitcher(HDC hdc) + : hdc_(hdc), oldFont_(nullptr), newFont_(nullptr), newfontname(L"") + { + if (!hdc_) + return; + /* + auto p = HijackHelper::instance(); + if (!p) + return; + auto s = p->settings(); + if (!s->deviceContextFontEnabled || !s->isFontCustomized()) + return; +*/ + TEXTMETRICW tm; + if (!::GetTextMetricsW(hdc, &tm)) + return; + + LOGFONTW lf = {}; + lf.lfHeight = tm.tmHeight; + lf.lfWeight = tm.tmWeight; + lf.lfItalic = tm.tmItalic; + lf.lfUnderline = tm.tmUnderlined; + lf.lfStrikeOut = tm.tmStruckOut; + lf.lfCharSet = tm.tmCharSet; + lf.lfPitchAndFamily = tm.tmPitchAndFamily; + + customizeLogFontW(&lf); + + if (std::wstring(commonsharedmem->fontFamily).empty()) + ::GetTextFaceW(hdc_, LF_FACESIZE, lf.lfFaceName); + else + { + wcscpy(lf.lfFaceName, commonsharedmem->fontFamily); + } + newFont_ = fonts_.get(lf); + if ((!newFont_) || (newfontname != std::wstring(commonsharedmem->fontFamily))) + { + newFont_ = Hijack::oldCreateFontIndirectW(&lf); + fonts_.add(newFont_, lf); + newfontname = std::wstring(commonsharedmem->fontFamily); + } + oldFont_ = (HFONT)SelectObject(hdc_, newFont_); + } + +} // unnamed namespace + +/** Fonts */ + +// http://forums.codeguru.com/showthread.php?500522-Need-clarification-about-CreateFontIndirect +// The font creation functions will never fail +HFONT WINAPI Hijack::newCreateFontIndirectA(const LOGFONTA *lplf) +{ + + // DOUT("width:" << lplf->lfWidth << ", height:" << lplf->lfHeight << ", weight:" << lplf->lfWeight); + // if (auto p = HijackHelper::instance()) { + // auto s = p->settings(); + std::wstring fontFamily = commonsharedmem->fontFamily; + if (lplf && isFontCustomized()) + { + union + { + LOGFONTA a; + LOGFONTW w; + } lf = {*lplf}; // only initialize the first member of LOGFONTA + customizeLogFontA(&lf.a); + if (!fontFamily.empty()) + { + if (all_ascii(fontFamily.c_str(), fontFamily.size())) + ::strcpy(lf.a.lfFaceName, WideStringToString(fontFamily, CP_ACP).c_str()); + else + { + lf.w.lfFaceName[fontFamily.size()] = 0; + // s->fontFamily.toWCharArray(lf.w.lfFaceName); + memcpy(lf.w.lfFaceName, fontFamily.c_str(), fontFamily.size()); + return oldCreateFontIndirectW(&lf.w); + } + } + return oldCreateFontIndirectA(&lf.a); + } + //} + return oldCreateFontIndirectA(lplf); +} + +HFONT WINAPI Hijack::newCreateFontIndirectW(const LOGFONTW *lplf) +{ + + // DOUT("width:" << lplf->lfWidth << ", height:" << lplf->lfHeight << ", weight:" << lplf->lfWeight); + // if (auto p = HijackHelper::instance()) { + // auto s = p->settings(); + if (lplf && isFontCustomized()) + { + LOGFONTW lf(*lplf); + customizeLogFontW(&lf); + return oldCreateFontIndirectW(&lf); + } + // } + return oldCreateFontIndirectW(lplf); +} + +#define CREATE_FONT_ARGS nHeight, nWidth, nEscapement, nOrientation, fnWeight, fdwItalic, fdwUnderline, fdwStrikeOut, fdwCharSet, fdwOutputPrecision, fdwClipPrecision, fdwQuality, fdwPitchAndFamily, lpszFace +HFONT WINAPI Hijack::newCreateFontA(int nHeight, int nWidth, int nEscapement, int nOrientation, int fnWeight, DWORD fdwItalic, DWORD fdwUnderline, DWORD fdwStrikeOut, DWORD fdwCharSet, DWORD fdwOutputPrecision, DWORD fdwClipPrecision, DWORD fdwQuality, DWORD fdwPitchAndFamily, LPCSTR lpszFace) +{ + + if (isFontCustomized()) + { + if (commonsharedmem->fontCharSetEnabled) + { + auto charSet = commonsharedmem->fontCharSet; + if (!charSet) + charSet = systemCharSet(); + if (charSet) + fdwCharSet = charSet; + } + /* + if (s->fontWeight) + fnWeight = s->fontWeight; + if (s->isFontScaled()) { + nWidth *= s->fontScale; + nHeight *= s->fontScale; + } + */ + std::wstring fontFamily = commonsharedmem->fontFamily; + if (!fontFamily.empty()) + { + if (all_ascii(fontFamily.c_str(), fontFamily.size())) + { + lpszFace = WideStringToString(fontFamily, CP_ACP).c_str(); + return oldCreateFontA(CREATE_FONT_ARGS); + } + else + { + auto lpszFace = (LPCWSTR)fontFamily.c_str(); + return oldCreateFontW(CREATE_FONT_ARGS); + } + } + } + return oldCreateFontA(CREATE_FONT_ARGS); +} + +HFONT WINAPI Hijack::newCreateFontW(int nHeight, int nWidth, int nEscapement, int nOrientation, int fnWeight, DWORD fdwItalic, DWORD fdwUnderline, DWORD fdwStrikeOut, DWORD fdwCharSet, DWORD fdwOutputPrecision, DWORD fdwClipPrecision, DWORD fdwQuality, DWORD fdwPitchAndFamily, LPCWSTR lpszFace) +{ + + if (isFontCustomized()) + { + if (commonsharedmem->fontCharSetEnabled) + { + auto charSet = commonsharedmem->fontCharSet; + if (!charSet) + charSet = systemCharSet(); + if (charSet) + fdwCharSet = charSet; + } + /* + if (s->fontWeight) + fnWeight = s->fontWeight; + if (s->isFontScaled()) { + nWidth *= s->fontScale; + nHeight *= s->fontScale; + }*/ + if (!std::wstring(commonsharedmem->fontFamily).empty()) + lpszFace = (LPCWSTR)commonsharedmem; + } + return oldCreateFontW(CREATE_FONT_ARGS); +} +#undef CREATE_FONT_ARGS + +/** Encoding */ + +LPSTR WINAPI Hijack::newCharNextA(LPCSTR lpString) +{ + + // if (::GetACP() == 932) + return const_cast(dynsjis::nextchar(lpString)); + // return oldCharNextA(lpString); +} + +LPSTR WINAPI Hijack::newCharPrevA(LPCSTR lpStart, LPCSTR lpCurrent) +{ + + // if (::GetACP() == 932) + return const_cast(dynsjis::prevchar(lpCurrent, lpStart)); + // return oldCharNextA(lpStart, lpCurrent); +} +extern DynamicShiftJISCodec *dynamiccodec; +int WINAPI Hijack::newMultiByteToWideChar(UINT CodePage, DWORD dwFlags, LPCSTR lpMultiByteStr, int cbMultiByte, LPWSTR lpWideCharStr, int cchWideChar) +{ + // + /* if (auto p = HijackHelper::instance()) + if (p->settings()->localeEmulationEnabled) + if (CodePage == CP_THREAD_ACP || CodePage == CP_OEMCP) + CodePage = CP_ACP; + */ + if (CodePage == CP_THREAD_ACP || CodePage == CP_OEMCP) + CodePage = CP_ACP; + // CP_ACP(0), CP_MACCP(1), CP_OEMCP(2), CP_THREAD_ACP(3) + if ((CodePage <= 3 || CodePage == 932) && cchWideChar > 0 && cbMultiByte > 1) + { + bool dynamic; + std::string data(lpMultiByteStr, cbMultiByte); + auto text = dynamiccodec->decode(data, &dynamic); + if (dynamic && !text.empty()) + { + int size = min(text.size() + 1, cchWideChar); + ::memcpy(lpWideCharStr, text.c_str(), size * 2); + // lpWideCharStr[size - 1] = 0; // enforce trailing zero + return size - 1; + } + } + return oldMultiByteToWideChar(CodePage, dwFlags, lpMultiByteStr, cbMultiByte, lpWideCharStr, cchWideChar); +} + +int WINAPI Hijack::newWideCharToMultiByte(UINT CodePage, DWORD dwFlags, LPCWSTR lpWideCharStr, int cchWideChar, LPSTR lpMultiByteStr, int cbMultiByte, LPCSTR lpDefaultChar, LPBOOL lpUsedDefaultChar) +{ + // + if (CodePage == CP_THREAD_ACP || CodePage == CP_OEMCP) + CodePage = CP_ACP; + + if ((CodePage <= 3 || CodePage == 932) && cchWideChar > 0 && cbMultiByte >= 0) + { + bool dynamic; + auto text = std::wstring(lpWideCharStr, cchWideChar); + auto data = dynamiccodec->encodeSTD(text, &dynamic); + if (dynamic && !data.empty()) + { + + int size = data.size() + 1; + if (cbMultiByte && cbMultiByte < size) + size = cbMultiByte; + ::memcpy(lpMultiByteStr, data.c_str(), size); + // lpMultiByteStr[size - 1] = 0; // enforce trailing zero + return size - 1; + } + } + return oldWideCharToMultiByte(CodePage, dwFlags, lpWideCharStr, cchWideChar, lpMultiByteStr, cbMultiByte, lpDefaultChar, lpUsedDefaultChar); +} + +/** Text */ +UINT decodeChar(UINT ch, bool *dynamic) +{ + if (dynamic) + *dynamic = false; + if (ch > 0xff) + { + bool t; + char data[3] = {(BYTE)(ch >> 8) & 0xff, (BYTE)ch & 0xff, 0}; + auto text = dynamiccodec->decode(data, &t); + if (t && text.size() == 1) + { + if (dynamic) + *dynamic = true; + return text[0]; + } + } + return ch; +} +#define DECODE_CHAR(uChar, ...) \ + { \ + if (uChar > 0xff) \ + if (1) \ + { \ + bool dynamic; \ + UINT ch = decodeChar(uChar, &dynamic); \ + if (dynamic && ch) \ + { \ + uChar = ch; \ + return (__VA_ARGS__); \ + } \ + } \ + } + +#define DECODE_TEXT(lpString, cchString, ...) \ + { \ + if (cchString == -1 || cchString > 1) \ + if (1) \ + { \ + bool dynamic; \ + auto data = std::string(lpString, cchString == -1 ? ::strlen(lpString) : cchString); \ + if (data.size() > 1) \ + { \ + auto text = dynamiccodec->decode(data, &dynamic); \ + if (dynamic && !text.empty()) \ + { \ + LPCWSTR lpString = (LPCWSTR)text.c_str(); \ + cchString = text.size(); \ + return (__VA_ARGS__); \ + } \ + } \ + } \ + } +#define TRANSLATE_TEXT_A(lpString, cchString, ...) \ + { \ + if (auto q = EngineController::instance()) \ + { \ + auto data = std::string(lpString, cchString == -1 ? ::strlen(lpString) : cchString); \ + std::wstring oldText = q->decode(data); \ + if (!oldText.empty()) \ + { \ + enum \ + { \ + role = Engine::OtherRole \ + }; \ + ULONG split = (ULONG)_ReturnAddress(); \ + auto sig = Engine::hashThreadSignature(role, split); \ + auto newText = q->dispatchTextWSTD(oldText, role, sig); \ + if (newText != oldText) \ + { \ + LPCWSTR lpString = (LPCWSTR)newText.c_str(); \ + cchString = newText.size(); \ + return (__VA_ARGS__); \ + } \ + } \ + } \ + } + +#define TRANSLATE_TEXT_W(lpString, cchString, ...) \ + { \ + if (auto q = EngineController::instance()) \ + { \ + auto text = std::wstring(lpString, cchString); \ + if (!text.empty()) \ + { \ + enum \ + { \ + role = Engine::OtherRole \ + }; \ + ULONG split = (ULONG)_ReturnAddress(); \ + auto sig = Engine::hashThreadSignature(role, split); \ + text = q->dispatchTextWSTD(text, role, sig); \ + LPCWSTR lpString = (LPCWSTR)text.c_str(); \ + cchString = text.size(); \ + return (__VA_ARGS__); \ + } \ + } \ + } + +DWORD WINAPI Hijack::newGetGlyphOutlineA(HDC hdc, UINT uChar, UINT uFormat, LPGLYPHMETRICS lpgm, DWORD cbBuffer, LPVOID lpvBuffer, const MAT2 *lpmat2) +{ + DCFontSwitcher fs(hdc); + + DECODE_CHAR(uChar, oldGetGlyphOutlineW(hdc, ch, uFormat, lpgm, cbBuffer, lpvBuffer, lpmat2)) + return oldGetGlyphOutlineA(hdc, uChar, uFormat, lpgm, cbBuffer, lpvBuffer, lpmat2); +} + +DWORD WINAPI Hijack::newGetGlyphOutlineW(HDC hdc, UINT uChar, UINT uFormat, LPGLYPHMETRICS lpgm, DWORD cbBuffer, LPVOID lpvBuffer, const MAT2 *lpmat2) +{ + + DCFontSwitcher fs(hdc); + return oldGetGlyphOutlineW(hdc, uChar, uFormat, lpgm, cbBuffer, lpvBuffer, lpmat2); +} + +BOOL WINAPI Hijack::newGetTextExtentPoint32A(HDC hdc, LPCSTR lpString, int cchString, LPSIZE lpSize) +{ + + DCFontSwitcher fs(hdc); + // TRANSLATE_TEXT_A(lpString, cchString, oldGetTextExtentPoint32W(hdc, lpString, cchString, lpSize)) + DECODE_TEXT(lpString, cchString, oldGetTextExtentPoint32W(hdc, lpString, cchString, lpSize)) + return oldGetTextExtentPoint32A(hdc, lpString, cchString, lpSize); +} + +BOOL WINAPI Hijack::newGetTextExtentPoint32W(HDC hdc, LPCWSTR lpString, int cchString, LPSIZE lpSize) +{ + + DCFontSwitcher fs(hdc); + // TRANSLATE_TEXT_W(lpString, cchString, oldGetTextExtentPoint32W(hdc, lpString, cchString, lpSize)) + return oldGetTextExtentPoint32W(hdc, lpString, cchString, lpSize); +} + +BOOL WINAPI Hijack::newGetTextExtentExPointA(HDC hdc, LPCSTR lpString, int cchString, int nMaxExtent, LPINT lpnFit, LPINT alpDx, LPSIZE lpSize) +{ + + // DCFontSwitcher fs(hdc); + // TRANSLATE_TEXT_A(lpString, cchString, oldGetTextExtentExPointW(hdc, lpString, cchString, nMaxExtent, lpnFit, alpDx, lpSize)) + DECODE_TEXT(lpString, cchString, oldGetTextExtentExPointW(hdc, lpString, cchString, nMaxExtent, lpnFit, alpDx, lpSize)) + return oldGetTextExtentExPointA(hdc, lpString, cchString, nMaxExtent, lpnFit, alpDx, lpSize); +} + +BOOL WINAPI Hijack::newGetTextExtentExPointW(HDC hdc, LPCWSTR lpString, int cchString, int nMaxExtent, LPINT lpnFit, LPINT alpDx, LPSIZE lpSize) +{ + + DCFontSwitcher fs(hdc); + // TRANSLATE_TEXT_W(lpString, cchString, oldGetTextExtentExPointW(hdc, lpString, cchString, nMaxExtent, lpnFit, alpDx, lpSize)) + return oldGetTextExtentExPointW(hdc, lpString, cchString, nMaxExtent, lpnFit, alpDx, lpSize); +} + +int WINAPI Hijack::newDrawTextA(HDC hdc, LPCSTR lpString, int cchString, LPRECT lpRect, UINT uFormat) +{ + + DCFontSwitcher fs(hdc); + // if (HijackManager::instance()->isFunctionTranslated((uintptr_t)::DrawTextA)) + // TRANSLATE_TEXT_A(lpString, cchString, oldDrawTextW(hdc, lpString, cchString, lpRect, uFormat)) + // else + DECODE_TEXT(lpString, cchString, oldDrawTextW(hdc, lpString, cchString, lpRect, uFormat)) + return oldDrawTextA(hdc, lpString, cchString, lpRect, uFormat); +} + +int WINAPI Hijack::newDrawTextW(HDC hdc, LPCWSTR lpString, int cchString, LPRECT lpRect, UINT uFormat) +{ + + DCFontSwitcher fs(hdc); + // if (HijackManager::instance()->isFunctionTranslated((ULONG)::DrawTextW)) + // TRANSLATE_TEXT_W(lpString, cchString, oldDrawTextW(hdc, lpString, cchString, lpRect, uFormat)) + return oldDrawTextW(hdc, lpString, cchString, lpRect, uFormat); +} + +int WINAPI Hijack::newDrawTextExA(HDC hdc, LPSTR lpString, int cchString, LPRECT lpRect, UINT dwDTFormat, LPDRAWTEXTPARAMS lpDTParams) +{ + + DCFontSwitcher fs(hdc); + if (!(dwDTFormat & DT_MODIFYSTRING)) + { + // if (HijackManager::instance()->isFunctionTranslated((uintptr_t)::DrawTextExA)) + // TRANSLATE_TEXT_A(lpString, cchString, oldDrawTextExW(hdc, const_cast(lpString), cchString, lpRect, dwDTFormat, lpDTParams)) + // else + DECODE_TEXT(lpString, cchString, oldDrawTextExW(hdc, const_cast(lpString), cchString, lpRect, dwDTFormat, lpDTParams)) + } + return oldDrawTextExA(hdc, lpString, cchString, lpRect, dwDTFormat, lpDTParams); +} + +int WINAPI Hijack::newDrawTextExW(HDC hdc, LPWSTR lpString, int cchString, LPRECT lpRect, UINT dwDTFormat, LPDRAWTEXTPARAMS lpDTParams) +{ + + DCFontSwitcher fs(hdc); + // if (!(dwDTFormat & DT_MODIFYSTRING) && HijackManager::instance()->isFunctionTranslated((ULONG)::DrawTextExW)) + // TRANSLATE_TEXT_W(lpString, cchString, oldDrawTextExW(hdc, const_cast(lpString), cchString, lpRect, dwDTFormat, lpDTParams)) + return oldDrawTextExW(hdc, lpString, cchString, lpRect, dwDTFormat, lpDTParams); +} + +BOOL WINAPI Hijack::newTextOutA(HDC hdc, int nXStart, int nYStart, LPCSTR lpString, int cchString) +{ + + DCFontSwitcher fs(hdc); + // if (HijackManager::instance()->isFunctionTranslated((uintptr_t)::TextOutA)) + // TRANSLATE_TEXT_A(lpString, cchString, oldTextOutW(hdc, nXStart, nYStart, lpString, cchString)) + // else + DECODE_TEXT(lpString, cchString, oldTextOutW(hdc, nXStart, nYStart, lpString, cchString)) + return oldTextOutA(hdc, nXStart, nYStart, lpString, cchString); +} + +BOOL WINAPI Hijack::newTextOutW(HDC hdc, int nXStart, int nYStart, LPCWSTR lpString, int cchString) +{ + + DCFontSwitcher fs(hdc); + // if (HijackManager::instance()->isFunctionTranslated((ULONG)::TextOutW)) + // TRANSLATE_TEXT_W(lpString, cchString, oldTextOutW(hdc, nXStart, nYStart, lpString, cchString)) + return oldTextOutW(hdc, nXStart, nYStart, lpString, cchString); +} + +BOOL WINAPI Hijack::newExtTextOutA(HDC hdc, int X, int Y, UINT fuOptions, const RECT *lprc, LPCSTR lpString, UINT cchString, const INT *lpDx) +{ + + DCFontSwitcher fs(hdc); + // if (HijackManager::instance()->isFunctionTranslated((uintptr_t)::ExtTextOutA)) + // TRANSLATE_TEXT_A(lpString, cchString, oldExtTextOutW(hdc, X, Y, fuOptions, lprc, lpString, cchString, lpDx)) + // else + DECODE_TEXT(lpString, cchString, oldExtTextOutW(hdc, X, Y, fuOptions, lprc, lpString, cchString, lpDx)) + return oldExtTextOutA(hdc, X, Y, fuOptions, lprc, lpString, cchString, lpDx); +} + +BOOL WINAPI Hijack::newExtTextOutW(HDC hdc, int X, int Y, UINT fuOptions, const RECT *lprc, LPCWSTR lpString, UINT cchString, const INT *lpDx) +{ + + DCFontSwitcher fs(hdc); + // if (HijackManager::instance()->isFunctionTranslated((ULONG)::ExtTextOutW)) + // TRANSLATE_TEXT_W(lpString, cchString, oldExtTextOutW(hdc, X, Y, fuOptions, lprc, lpString, cchString, lpDx)) + return oldExtTextOutW(hdc, X, Y, fuOptions, lprc, lpString, cchString, lpDx); +} + +// EOF diff --git a/cpp/LunaHook/LunaHook/hijackfuns.h b/cpp/LunaHook/LunaHook/hijackfuns.h new file mode 100644 index 00000000..4f5077d4 --- /dev/null +++ b/cpp/LunaHook/LunaHook/hijackfuns.h @@ -0,0 +1,56 @@ +#pragma once + +namespace Hijack +{ + +#define DEF_FUN(_fun, _return, ...) \ + typedef _return(WINAPI *_fun##_fun_t)(__VA_ARGS__); \ + extern _fun##_fun_t old##_fun; \ + _return WINAPI new##_fun(__VA_ARGS__); + + DEF_FUN(MultiByteToWideChar, int, UINT CodePage, DWORD dwFlags, LPCSTR lpMultiByteStr, int cbMultiByte, LPWSTR lpWideCharStr, int cchWideChar) + DEF_FUN(WideCharToMultiByte, int, UINT CodePage, DWORD dwFlags, LPCWSTR lpWideCharStr, int cchWideChar, LPSTR lpMultiByteStr, int cbMultiByte, LPCSTR lpDefaultChar, LPBOOL lpUsedDefaultChar) + + DEF_FUN(CreateFontIndirectA, HFONT, const LOGFONTA *lplf) + DEF_FUN(CreateFontIndirectW, HFONT, const LOGFONTW *lplf) + + DEF_FUN(CreateFontA, HFONT, int nHeight, int nWidth, int nEscapement, int nOrientation, int fnWeight, DWORD fdwItalic, DWORD fdwUnderline, DWORD fdwStrikeOut, DWORD fdwCharSet, DWORD fdwOutputPrecision, DWORD fdwClipPrecision, DWORD fdwQuality, DWORD fdwPitchAndFamily, LPCSTR lpszFace) + DEF_FUN(CreateFontW, HFONT, int nHeight, int nWidth, int nEscapement, int nOrientation, int fnWeight, DWORD fdwItalic, DWORD fdwUnderline, DWORD fdwStrikeOut, DWORD fdwCharSet, DWORD fdwOutputPrecision, DWORD fdwClipPrecision, DWORD fdwQuality, DWORD fdwPitchAndFamily, LPCWSTR lpszFace) + + DEF_FUN(GetGlyphOutlineA, DWORD, HDC hdc, UINT uChar, UINT uFormat, LPGLYPHMETRICS lpgm, DWORD cbBuffer, LPVOID lpvBuffer, const MAT2 *lpmat2) + DEF_FUN(GetGlyphOutlineW, DWORD, HDC hdc, UINT uChar, UINT uFormat, LPGLYPHMETRICS lpgm, DWORD cbBuffer, LPVOID lpvBuffer, const MAT2 *lpmat2) + + DEF_FUN(GetTextExtentPoint32A, BOOL, HDC hdc, LPCSTR lpString, int cchString, LPSIZE lpSize) + DEF_FUN(GetTextExtentPoint32W, BOOL, HDC hdc, LPCWSTR lpString, int cchString, LPSIZE lpSize) + + DEF_FUN(GetTextExtentExPointA, BOOL, HDC hdc, LPCSTR lpszStr, int cchString, int nMaxExtent, LPINT lpnFit, LPINT alpDx, LPSIZE lpSize) + DEF_FUN(GetTextExtentExPointW, BOOL, HDC hdc, LPCWSTR lpszStr, int cchString, int nMaxExtent, LPINT lpnFit, LPINT alpDx, LPSIZE lpSize) + + DEF_FUN(GetCharABCWidthsA, BOOL, HDC hdc, UINT uFirstChar, UINT uLastChar, LPABC lpabc) + DEF_FUN(GetCharABCWidthsW, BOOL, HDC hdc, UINT uFirstChar, UINT uLastChar, LPABC lpabc) + + DEF_FUN(TextOutA, BOOL, HDC hdc, int nXStart, int nYStart, LPCSTR lpString, int cchString) + DEF_FUN(TextOutW, BOOL, HDC hdc, int nXStart, int nYStart, LPCWSTR lpString, int cchString) + + DEF_FUN(ExtTextOutA, BOOL, HDC hdc, int X, int Y, UINT fuOptions, const RECT *lprc, LPCSTR lpString, UINT cbCount, const INT *lpDx) + DEF_FUN(ExtTextOutW, BOOL, HDC hdc, int X, int Y, UINT fuOptions, const RECT *lprc, LPCWSTR lpString, UINT cbCount, const INT *lpDx) + + DEF_FUN(DrawTextA, int, HDC hdc, LPCSTR lpString, int nCount, LPRECT lpRect, UINT uFormat) + DEF_FUN(DrawTextW, int, HDC hdc, LPCWSTR lpString, int nCount, LPRECT lpRect, UINT uFormat) + + DEF_FUN(DrawTextExA, int, HDC hdc, LPSTR lpString, int nCount, LPRECT lpRect, UINT dwDTFormat, LPDRAWTEXTPARAMS lpDTParams) + DEF_FUN(DrawTextExW, int, HDC hdc, LPWSTR lpString, int nCount, LPRECT lpRect, UINT dwDTFormat, LPDRAWTEXTPARAMS lpDTParams) + + DEF_FUN(CharNextA, LPSTR, LPCSTR lpString) + // DEF_FUN(CharNextW, LPWSTR, LPCWSTR lpString) + // DEF_FUN(CharNextExA, LPSTR, WORD COdePage, LPCSTR lpString, DWORD dwFlags) + // DEF_FUN(CharNextExW, LPWSTR, WORD COdePage, LPCWSTR lpString, DWORD dwFlags) + DEF_FUN(CharPrevA, LPSTR, LPCSTR lpStart, LPCSTR lpCurrent) + // DEF_FUN(CharNextW, LPWSTR, LPCWSTR lpStart, LPCWSTR lpCurrent) +#undef DEF_FUN + + // Global variables + +} // namespace Hijack + +// EOF diff --git a/cpp/LunaHook/LunaHook/hookfinder.cc b/cpp/LunaHook/LunaHook/hookfinder.cc new file mode 100644 index 00000000..d4f8bb67 --- /dev/null +++ b/cpp/LunaHook/LunaHook/hookfinder.cc @@ -0,0 +1,528 @@ + +#include "MinHook.h" +namespace +{ + SearchParam sp; + + constexpr int MAX_STRING_SIZE = 500, CACHE_SIZE = 749993, GOOD_PAGE = -1; + struct HookRecord + { + uint64_t address = 0; + uint64_t em_addr = 0; + int argidx = 0; + intptr_t padding = 0; + int offset = 0; + JITTYPE jittype; + char text[MAX_STRING_SIZE] = {}; + }; + std::unique_ptr records; + long recordsAvailable; + uint64_t signatureCache[CACHE_SIZE] = {}; + long sumCache[CACHE_SIZE] = {}; + uintptr_t pageCache[CACHE_SIZE] = {}; + +#ifndef _WIN64 + BYTE trampoline[] = + { + 0x9c, // pushfd + 0x60, // pushad + 0x68, 0, 0, 0, 0, // push @addr ; after this a total of 0x28 bytes are pushed + 0x8d, 0x44, 0x24, 0x28, // lea eax,[esp+0x28] + 0x50, // push eax ; stack + 0xbb, 0, 0, 0, 0, // mov ebx,@Send + 0xff, 0xd3, // call ebx + 0x83, 0xc4, 0x08, // add esp, 0x8 ; doesn't matter which register + 0x61, // popad + 0x9d, // popfd + 0x68, 0, 0, 0, 0, // push @original + 0xc3 // ret ; basically absolute jmp to @original + }; + constexpr int addr_offset = 3, send_offset = 13, original_offset = 25, registers = 8; +#else + BYTE trampoline[] = { + 0x9c, // push rflags + 0x50, // push rax + 0x53, // push rbx + 0x51, // push rcx + 0x52, // push rdx + 0x54, // push rsp + 0x55, // push rbp + 0x56, // push rsi + 0x57, // push rdi + 0x41, 0x50, // push r8 + 0x41, 0x51, // push r9 + 0x41, 0x52, // push r10 + 0x41, 0x53, // push r11 + 0x41, 0x54, // push r12 + 0x41, 0x55, // push r13 + 0x41, 0x56, // push r14 + 0x41, 0x57, // push r15 + // https://docs.microsoft.com/en-us/cpp/build/x64-calling-convention + // https://stackoverflow.com/questions/43358429/save-value-of-xmm-registers + 0x48, 0x83, 0xec, 0x20, // sub rsp,0x20 + 0xf3, 0x0f, 0x7f, 0x24, 0x24, // movdqu [rsp],xmm4 + 0xf3, 0x0f, 0x7f, 0x6c, 0x24, 0x10, // movdqu [rsp+0x10],xmm5 + 0x48, 0x8d, 0x8c, 0x24, 0xa8, 0x00, 0x00, 0x00, // lea rcx,[rsp+0xa8] + 0x48, 0xba, 0, 0, 0, 0, 0, 0, 0, 0, // mov rcx,@addr + 0x48, 0xb8, 0, 0, 0, 0, 0, 0, 0, 0, // mov rax,@Send + 0x48, 0x89, 0xe3, // mov rbx,rsp + 0x48, 0x83, 0xe4, 0xf0, // and rsp,0xfffffffffffffff0 ; align stack + 0xff, 0xd0, // call rax + 0x48, 0x89, 0xdc, // mov rsp,rbx + 0xf3, 0x0f, 0x6f, 0x6c, 0x24, 0x10, // movdqu xmm5,XMMWORD PTR[rsp + 0x10] + 0xf3, 0x0f, 0x6f, 0x24, 0x24, // movdqu xmm4,XMMWORD PTR[rsp] + 0x48, 0x83, 0xc4, 0x20, // add rsp,0x20 + 0x41, 0x5f, // pop r15 + 0x41, 0x5e, // pop r14 + 0x41, 0x5d, // pop r13 + 0x41, 0x5c, // pop r12 + 0x41, 0x5b, // pop r11 + 0x41, 0x5a, // pop r10 + 0x41, 0x59, // pop r9 + 0x41, 0x58, // pop r8 + 0x5f, // pop rdi + 0x5e, // pop rsi + 0x5d, // pop rbp + 0x5c, // pop rsp + 0x5a, // pop rdx + 0x59, // pop rcx + 0x5b, // pop rbx + 0x58, // pop rax + 0x9d, // pop rflags + 0xff, 0x25, 0x00, 0x00, 0x00, 0x00, // jmp qword ptr [rip] + 0, 0, 0, 0, 0, 0, 0, 0 // @original + }; + constexpr int addr_offset = 50, send_offset = 60, original_offset = 126, registers = 16; +#endif +} + +bool IsBadReadPtr(void *data) +{ + if (data > records.get() && data < records.get() + sp.maxRecords) + return true; + uintptr_t BAD_PAGE = (uintptr_t)data >> 12; + auto &cacheEntry = pageCache[BAD_PAGE % CACHE_SIZE]; + if (cacheEntry == BAD_PAGE) + return true; + if (cacheEntry == GOOD_PAGE) + return false; + + __try + { + volatile char _ = *(char *)data; + cacheEntry = GOOD_PAGE; + } + __except (EXCEPTION_EXECUTE_HANDLER) + { + if (GetExceptionCode() == EXCEPTION_GUARD_PAGE) + { + MEMORY_BASIC_INFORMATION info; + VirtualQuery(data, &info, sizeof(info)); + VirtualProtect(data, 1, info.Protect | PAGE_GUARD, DUMMY); + } + cacheEntry = BAD_PAGE; + } + return cacheEntry == BAD_PAGE; +} +void DoSend(int i, uintptr_t address, char *str, intptr_t padding, JITTYPE jittype = JITTYPE::PC, uint64_t em_addr = 0) +{ + str += padding; + if (IsBadReadPtr(str) || IsBadReadPtr(str + MAX_STRING_SIZE)) + return; + __try + { + int length = 0, sum = 0; + for (; (str[length] || str[length + 1]) && length < MAX_STRING_SIZE; length += 2) + sum += *(uint16_t *)(str + length); + if (length > STRING && length < MAX_STRING_SIZE - 1) + { + // many duplicate results with same address, offset, and third/fourth character will be found: filter them out + uint64_t signature = ((uint64_t)i << 56) | ((uint64_t)(str[2] + str[3]) << 48) | address; + if (signatureCache[signature % CACHE_SIZE] == signature) + return; + signatureCache[signature % CACHE_SIZE] = signature; + // if there are huge amount of strings that are the same, it's probably garbage: filter them out + // can't store all the strings, so use sum as heuristic instead + if (_InterlockedIncrement(sumCache + (sum % CACHE_SIZE)) > 25) + return; + long n = sp.maxRecords - _InterlockedDecrement(&recordsAvailable); + if (n < sp.maxRecords) + { + records[n].jittype = jittype; + records[n].padding = padding; + if (jittype == JITTYPE::PC) + { + records[n].address = address; + records[n].offset = i * sizeof(char *); + } + else + { + records[n].em_addr = em_addr; + records[n].argidx = i; + } + + for (int j = 0; j < length; ++j) + records[n].text[j] = str[j]; + records[n].text[length] = 0; + } + if (n == sp.maxRecords) + { + spDefault.maxRecords = sp.maxRecords * 2; + ConsoleOutput(OUT_OF_RECORDS_RETRY); + } + } + } + __except (EXCEPTION_EXECUTE_HANDLER) + { + } +} +void Send(char **stack, uintptr_t address) +{ + // it is unsafe to call ANY external functions from this, as they may have been hooked (if called the hook would call this function making an infinite loop) + // the exceptions are compiler intrinsics like _InterlockedDecrement + if (recordsAvailable <= 0) + return; + for (int i = -registers; i < 10; ++i) + { + DoSend(i, address, stack[i], 0); + if (sp.padding) + DoSend(i, address, stack[i], sp.padding); + } +} +void SafeSendJitVeh(hook_stack *stack, uintptr_t address, uint64_t em_addr, JITTYPE jittype, intptr_t padding) +{ + __try + { + for (int i = 0; i < 16; i++) + { + char *str = 0; + switch (jittype) + { +#ifdef _WIN64 + case JITTYPE::YUZU: + str = (char *)YUZU::emu_arg(stack, em_addr)[i]; + break; + case JITTYPE::VITA3K: + str = (char *)VITA3K::emu_arg(stack)[i]; + break; + case JITTYPE::RPCS3: + str = (char *)RPCS3::emu_arg(stack)[i]; + break; +#endif + case JITTYPE::PPSSPP: + str = (char *)PPSSPP::emu_arg(stack)[i]; + break; + default: + return; + } + DoSend(i, address, str, 0, jittype, em_addr); + if (padding) + DoSend(i, address, str, padding, jittype, em_addr); + } + } + __except (EXCEPTION_EXECUTE_HANDLER) + { + } +} +std::unordered_map addresscalledtime; +bool SendJitVeh(PCONTEXT context, uintptr_t address, uint64_t em_addr, JITTYPE jittype, intptr_t padding) +{ + if (safeautoleaveveh) + return true; + if (recordsAvailable <= 0) + return false; + if (addresscalledtime.find(address) == addresscalledtime.end()) + addresscalledtime[address] = 0; + auto tm = GetTickCount64(); + if (tm - addresscalledtime[address] < 100) + return false; + addresscalledtime[address] = tm; + auto stack = std::make_unique(); + context_get(stack.get(), context); + SafeSendJitVeh(stack.get(), address, em_addr, jittype, padding); + return true; +} +std::vector GetFunctions(uintptr_t module) +{ + if (!module) + return {}; + IMAGE_DOS_HEADER *dosHeader = (IMAGE_DOS_HEADER *)module; + if (dosHeader->e_magic != IMAGE_DOS_SIGNATURE) + return {}; + IMAGE_NT_HEADERS *ntHeader = (IMAGE_NT_HEADERS *)(module + dosHeader->e_lfanew); + if (ntHeader->Signature != IMAGE_NT_SIGNATURE) + return {}; + DWORD exportAddress = ntHeader->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_EXPORT].VirtualAddress; + if (!exportAddress) + return {}; + IMAGE_EXPORT_DIRECTORY *exportDirectory = (IMAGE_EXPORT_DIRECTORY *)(module + exportAddress); + std::vector functions; + for (int i = 0; i < exportDirectory->NumberOfNames; ++i) + // char* funcName = (char*)(module + *(DWORD*)(module + exportDirectory->AddressOfNames + i * sizeof(DWORD))); + functions.push_back(module + *(DWORD *)(module + exportDirectory->AddressOfFunctions + + sizeof(DWORD) * *(WORD *)(module + exportDirectory->AddressOfNameOrdinals + i * sizeof(WORD)))); + return functions; +} +void mergevector(std::vector &v1, std::vector &v2) +{ + for (auto addr : v2) + { + auto it = std::find(v1.begin(), v1.end(), addr); + if (it == v1.end()) + { + v1.push_back(addr); + } + } +} +void SearchForHooks_Return() +{ + ConsoleOutput(HOOK_SEARCH_FINISHED, sp.maxRecords - recordsAvailable); + for (int i = 0, results = 0; i < sp.maxRecords; ++i) + { + HookParam hp; + hp.codepage = sp.codepage; + hp.jittype = records[i].jittype; + hp.padding = records[i].padding; + + if (records[i].jittype == JITTYPE::PC) + { + if (!records[i].address) + continue; + hp.offset = records[i].offset; + hp.type = CODEC_UTF16 | USING_STRING; + hp.address = records[i].address; + } + else + { + if (!records[i].em_addr) + continue; + hp.emu_addr = records[i].em_addr; + hp.type = CODEC_UTF16 | USING_STRING | BREAK_POINT | NO_CONTEXT; + hp.argidx = records[i].argidx; + } + NotifyHookFound(hp, (wchar_t *)records[i].text); + if (++results % 100'000 == 0) + ConsoleOutput(ResultsNum, results); + } + records.reset(); + for (int i = 0; i < CACHE_SIZE; ++i) + signatureCache[i] = sumCache[i] = 0; +} +void initrecords() +{ + do + try + { + records = std::make_unique(recordsAvailable = sp.maxRecords); + } + catch (std::bad_alloc) + { + ConsoleOutput(SearchForHooks_ERROR, sp.maxRecords /= 2); + } + while (!records && sp.maxRecords); +} +void SearchForHooks(SearchParam spUser) +{ + std::thread([=] + { + static std::mutex m; + std::scoped_lock lock(m); + *(void**)(trampoline + send_offset) = Send; + ConsoleOutput(HOOK_SEARCH_INITIALIZING, 0.); + + sp = spUser.length == 0 ? spDefault : spUser; + sp.codepage=spUser.codepage; + initrecords(); + + std::vector addresses; + if( sp.jittype==JITTYPE::PC) + { + if (*sp.boundaryModule) { + auto [minaddr,maxaddr]=Util::QueryModuleLimits(GetModuleHandleW(sp.boundaryModule)); + if(sp.address_method==0){ + sp.minAddress=min(max(minaddr,sp.minAddress),maxaddr); + sp.maxAddress=max(min(maxaddr,sp.maxAddress),minaddr); + } + else if(sp.address_method==1){ + auto maxoff=maxaddr-minaddr; + sp.minAddress=minaddr+min(sp.minAddress,maxoff); + sp.maxAddress=minaddr+min(sp.maxAddress,maxoff); + } + //std::tie(sp.minAddress, sp.maxAddress) = Util::QueryModuleLimits(GetModuleHandleW(sp.boundaryModule)); + } + if (*sp.exportModule) addresses = GetFunctions((uintptr_t)GetModuleHandleW(sp.exportModule)); + if (*sp.boundaryModule){ + auto _addresses = GetFunctions((uintptr_t)GetModuleHandleW(sp.boundaryModule)); + mergevector(addresses,_addresses); + } + std::vector addresses1; + if(sp.search_method==0){ + for (auto& addr : addresses1 = Util::SearchMemory(sp.pattern, sp.length, PAGE_EXECUTE, sp.minAddress, sp.maxAddress)) + addr += sp.offset; + } + else if(sp.search_method==1){ + auto checklength=3; + auto checker=[checklength](DWORD k){ + if (k == 0xcccccccc + || k == 0x90909090 + || k == 0xccccccc3 + || k == 0x909090c3 + ) + return true; + DWORD t = k & 0xff0000ff; + if (t == 0xcc0000c2 || t == 0x900000c2) + return true; + if(checklength==4)return false; + k >>= 8; + if (k == 0xccccc3 || k == 0x9090c3) + return true; + if(checklength==3)return false; + // t = k & 0xff; + // if (t == 0xc2) + // return true; + k >>= 8; + if (k == 0xccc3 || k == 0x90c3) + return true; + if(checklength==2)return false; + k >>= 8; + if (k == 0xc3) + return true; + return false; + }; + for(uintptr_t addr=sp.minAddress& ~0xf;addrfuncaddr){ + auto it = std::find(addresses1.begin(), addresses1.end(), funcaddr); + addresses1.push_back(funcaddr); + } + } + } + } + + mergevector(addresses,addresses1); + + auto limits = Util::QueryModuleLimits(GetModuleHandleW(LUNA_HOOK_DLL)); + addresses.erase(std::remove_if(addresses.begin(), addresses.end(), [&](auto addr) { return addr > limits.first && addr < limits.second; }), addresses.end()); + + + auto trampolines = (decltype(trampoline)*)VirtualAlloc(NULL, sizeof(trampoline) * addresses.size(), MEM_COMMIT, PAGE_READWRITE); + VirtualProtect(trampolines, addresses.size() * sizeof(trampoline), PAGE_EXECUTE_READWRITE, DUMMY); + std::vectormherroridx; + for (int i = 0; i < addresses.size(); ++i) + { + void* original; + //避免MH_RemoveHook时移除原本已有hook + if(MH_CreateHook((void*)addresses[i], trampolines[i], &original)!=MH_OK){ + mherroridx.push_back(i); + } + MH_QueueEnableHook((void*)addresses[i]); + memcpy(trampolines[i], trampoline, sizeof(trampoline)); + *(uintptr_t*)(trampolines[i] + addr_offset) = addresses[i]; + *(void**)(trampolines[i] + original_offset) = original; + if (i % 2500 == 0) ConsoleOutput(HOOK_SEARCH_INITIALIZING, 1 + 98. * i / addresses.size()); + } + //避免MH_RemoveHook时移除原本已有hook + for(int i=0;isuccessaddr; + uintptr_t minemaddr=-1,maxemaddr=0; + + ConsoleOutput(HOOK_SEARCH_INITIALIZED, jitaddr2emuaddr.size()); + + for(auto addr:jitaddr2emuaddr){ + minemaddr=min(minemaddr,addr.second.second); + maxemaddr=max(maxemaddr,addr.second.second); + } + ConsoleOutput("%p %p",minemaddr,maxemaddr); + ConsoleOutput("%p %p",sp.minAddress,sp.maxAddress); + for(auto addr:jitaddr2emuaddr){ + //ConsoleOutput("%llx => %p", addr.second.second ,addr.first); + if(addr.second.second>sp.maxAddress||addr.second.second addresses, HookParamType type) + { + for (auto addr : addresses) + { + if (abs((long long)(utf8Text - addr)) < 20000) + continue; // don't add read code if text is on this thread's stack + found = true; + HookParam hp; + hp.type = DIRECT_READ | type; + hp.address = addr; + hp.codepage = codepage; + NewHook(hp, "Search"); + } + }; + GenerateHooks(Util::SearchMemory(utf8Text, strlen(utf8Text), PAGE_READWRITE), CODEC_UTF8); + if (codepage != CP_UTF8) + GenerateHooks(Util::SearchMemory(codepageText, strlen(codepageText), PAGE_READWRITE), USING_STRING); + GenerateHooks(Util::SearchMemory(text, wcslen(text) * sizeof(wchar_t), PAGE_READWRITE), CODEC_UTF16); + if (!found) + ConsoleOutput(COULD_NOT_FIND); +} diff --git a/cpp/LunaHook/LunaHook/hookfinder.h b/cpp/LunaHook/LunaHook/hookfinder.h new file mode 100644 index 00000000..435603c5 --- /dev/null +++ b/cpp/LunaHook/LunaHook/hookfinder.h @@ -0,0 +1,4 @@ +#pragma once + +void SearchForText(wchar_t *text, UINT codepage); +void SearchForHooks(SearchParam sp); diff --git a/cpp/LunaHook/LunaHook/main.cc b/cpp/LunaHook/LunaHook/main.cc new file mode 100644 index 00000000..964f176e --- /dev/null +++ b/cpp/LunaHook/LunaHook/main.cc @@ -0,0 +1,395 @@ + +#include "MinHook.h" +void HIJACK(); +void detachall(); +HMODULE hLUNAHOOKDLL; +WinMutex viewMutex; +CommonSharedMem *commonsharedmem; +namespace +{ + AutoHandle<> hookPipe = INVALID_HANDLE_VALUE, + mappedFile = INVALID_HANDLE_VALUE, + mappedFile3 = INVALID_HANDLE_VALUE; + TextHook (*hooks)[MAX_HOOK]; + int currentHook = 0; +} +DWORD WINAPI Pipe(LPVOID) +{ + for (bool running = true; running; hookPipe = INVALID_HANDLE_VALUE) + { + DWORD count = 0; + BYTE buffer[PIPE_BUFFER_SIZE] = {}; + AutoHandle<> hostPipe = INVALID_HANDLE_VALUE; + + while (!hostPipe || !hookPipe) + { + // WinMutex connectionMutex(CONNECTING_MUTEX, &allAccess); + // std::scoped_lock lock(connectionMutex); + WaitForSingleObject(AutoHandle<>(CreateEventW(&allAccess, FALSE, FALSE, (std::wstring(PIPE_AVAILABLE_EVENT) + std::to_wstring(GetCurrentProcessId())).c_str())), INFINITE); + hostPipe = CreateFileW((std::wstring(HOST_PIPE) + std::to_wstring(GetCurrentProcessId())).c_str(), GENERIC_READ | FILE_WRITE_ATTRIBUTES, FILE_SHARE_READ, nullptr, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, nullptr); + hookPipe = CreateFileW((std::wstring(HOOK_PIPE) + std::to_wstring(GetCurrentProcessId())).c_str(), GENERIC_WRITE, FILE_SHARE_READ, nullptr, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, nullptr); + } + DWORD mode = PIPE_READMODE_MESSAGE; + SetNamedPipeHandleState(hostPipe, &mode, NULL, NULL); + + *(DWORD *)buffer = GetCurrentProcessId(); + WriteFile(hookPipe, buffer, sizeof(DWORD), &count, nullptr); + + ConsoleOutput(PIPE_CONNECTED); + HIJACK(); + host_connected = true; + while (running && ReadFile(hostPipe, buffer, PIPE_BUFFER_SIZE, &count, nullptr)) + switch (*(HostCommandType *)buffer) + { + case HOST_COMMAND_NEW_HOOK: + { + auto info = *(InsertHookCmd *)buffer; + static int userHooks = 0; + NewHook(info.hp, ("UserHook" + std::to_string(userHooks += 1)).c_str()); + } + break; + case HOST_COMMAND_REMOVE_HOOK: + { + auto info = *(RemoveHookCmd *)buffer; + RemoveHook(info.address, 0); + } + break; + case HOST_COMMAND_FIND_HOOK: + { + auto info = *(FindHookCmd *)buffer; + if (*info.sp.text) + SearchForText(info.sp.text, info.sp.codepage); + else + SearchForHooks(info.sp); + } + break; + case HOST_COMMAND_DETACH: + { + running = false; + } + break; + } + } + + if (dont_detach) + { + host_connected = false; + return Pipe(0); + } + else + { + + MH_Uninitialize(); + for (auto &hook : *hooks) + hook.Clear(); + FreeLibraryAndExitThread(GetModuleHandleW(LUNA_HOOK_DLL), 0); + } +} + +void TextOutput(const ThreadParam &tp, const HookParam &hp, TextOutput_T *buffer, int len) +{ + memcpy(&buffer->tp, &tp, sizeof(tp)); + memcpy(&buffer->hp, &hp, sizeof(hp)); + WriteFile(hookPipe, buffer, sizeof(TextOutput_T) + len, DUMMY, nullptr); +} + +void ConsoleOutput(LPCSTR text, ...) +{ + ConsoleOutputNotif buffer; + va_list args; + va_start(args, text); + vsnprintf(buffer.message, MESSAGE_SIZE, text, args); + WriteFile(hookPipe, &buffer, sizeof(buffer), DUMMY, nullptr); +} + +void WarningOutput(LPCSTR text, ...) +{ + WarningNotif buffer; + va_list args; + va_start(args, text); + vsnprintf(buffer.message, MESSAGE_SIZE, text, args); + WriteFile(hookPipe, &buffer, sizeof(buffer), DUMMY, nullptr); +} +Synchronized> modulecache; +std::wstring &querymodule(uintptr_t addr) +{ + auto &re = modulecache.Acquire().contents; + if (re.find(addr) != re.end()) + return re.at(addr); + WCHAR fn[MAX_PATH]; + if (GetModuleFileNameW((HMODULE)addr, fn, MAX_PATH)) + { + re[addr] = wcsrchr(fn, L'\\') + 1; + } + else + { + re[addr] = L""; + } + return re[addr]; +} +void NotifyHookFound(HookParam hp, wchar_t *text) +{ + if (hp.jittype == JITTYPE::PC) + if (!(hp.type & MODULE_OFFSET)) + if (AutoHandle<> process = OpenProcess(PROCESS_VM_READ | PROCESS_QUERY_INFORMATION, FALSE, GetCurrentProcessId())) + if (MEMORY_BASIC_INFORMATION info = {}; VirtualQueryEx(process, (LPCVOID)hp.address, &info, sizeof(info))) + { + auto mm = querymodule((uintptr_t)info.AllocationBase); + if (mm.size()) + { + hp.type |= MODULE_OFFSET; + hp.address -= (uint64_t)info.AllocationBase; + wcsncpy_s(hp.module, mm.c_str(), MAX_MODULE_SIZE - 1); + } + } + HookFoundNotif buffer(hp, text); + WriteFile(hookPipe, &buffer, sizeof(buffer), DUMMY, nullptr); +} +void NotifyHookRemove(uint64_t addr, LPCSTR name) +{ + if (name) + ConsoleOutput(REMOVING_HOOK, name); + HookRemovedNotif buffer(addr); + WriteFile(hookPipe, &buffer, sizeof(buffer), DUMMY, nullptr); +} +void NotifyHookInserting(uint64_t addr, wchar_t hookcode[]) +{ + HookInsertingNotif buffer(addr); + wcscpy(buffer.hookcode, hookcode); + WriteFile(hookPipe, &buffer, sizeof(buffer), DUMMY, nullptr); +} +BOOL WINAPI DllMain(HINSTANCE hModule, DWORD fdwReason, LPVOID) +{ + switch (fdwReason) + { + case DLL_PROCESS_ATTACH: + { + hLUNAHOOKDLL = hModule; + viewMutex = WinMutex(ITH_HOOKMAN_MUTEX_ + std::to_wstring(GetCurrentProcessId()), &allAccess); + if (GetLastError() == ERROR_ALREADY_EXISTS) + return FALSE; + DisableThreadLibraryCalls(hModule); + + auto createfm = [](AutoHandle<> &handle, void **ptr, DWORD sz, std::wstring &name) + { + handle = CreateFileMappingW(INVALID_HANDLE_VALUE, &allAccess, PAGE_EXECUTE_READWRITE, 0, sz, (name).c_str()); + *ptr = MapViewOfFile(handle, FILE_MAP_ALL_ACCESS | FILE_MAP_EXECUTE, 0, 0, sz); + memset(*ptr, 0, sz); + }; + hooks = (decltype(hooks))new TextHook[MAX_HOOK]; + VirtualProtect((LPVOID)hooks, sizeof(TextHook) * MAX_HOOK, PAGE_EXECUTE_READWRITE, DUMMY); + createfm(mappedFile3, (void **)&commonsharedmem, sizeof(CommonSharedMem), EMBED_SHARED_MEM + std::to_wstring(GetCurrentProcessId())); + + MH_Initialize(); + + CloseHandle(CreateThread(nullptr, 0, Pipe, nullptr, 0, nullptr)); // Using std::thread here = deadlock + } + break; + case DLL_PROCESS_DETACH: + { + MH_Uninitialize(); + detachall(); + delete[] hooks; + UnmapViewOfFile(commonsharedmem); + } + break; + } + return TRUE; +} +int HookStrLen(HookParam *hp, BYTE *data) +{ + if (data == 0) + return 0; + + if (hp->type & CODEC_UTF16) + return wcsnlen((wchar_t *)data, TEXT_BUFFER_SIZE) * 2; + else if (hp->type & CODEC_UTF32) + return strlenEx((uint32_t *)data) * 4; + else + return strnlen((char *)data, TEXT_BUFFER_SIZE); +} +static std::mutex maplock; +void jitaddraddr(uint64_t em_addr, uintptr_t jitaddr, JITTYPE jittype) +{ + std::lock_guard _(maplock); + emuaddr2jitaddr[em_addr] = {jittype, jitaddr}; + jitaddr2emuaddr[jitaddr] = {jittype, em_addr}; +} +bool NewHook_1(HookParam &hp, LPCSTR lpname) +{ + if (hp.emu_addr) + ConsoleOutput("%p => %p", hp.emu_addr, hp.address); + + if (++currentHook >= MAX_HOOK) + { + ConsoleOutput(TOO_MANY_HOOKS); + return false; + } + if (lpname && *lpname) + strncpy_s(hp.name, lpname, HOOK_NAME_SIZE - 1); + + wcscpy_s(hp.hookcode, HOOKCODE_LEN, HookCode::Generate(hp, GetCurrentProcessId()).c_str()); + if (!(*hooks)[currentHook].Insert(hp)) + { + ConsoleOutput(InsertHookFailed, WideStringToString(hp.hookcode).c_str()); + (*hooks)[currentHook].Clear(); + return false; + } + else + { + NotifyHookInserting(hp.address, hp.hookcode); + return true; + } +} +static std::mutex delayinsertlock; +void delayinsertadd(HookParam hp, std::string name) +{ + std::lock_guard _(maplock); + delayinserthook[hp.emu_addr] = {name, hp}; + ConsoleOutput(INSERTING_HOOK, name.c_str(), hp.emu_addr); +} +void delayinsertNewHook(uint64_t em_address) +{ + if (delayinserthook.find(em_address) == delayinserthook.end()) + return; + std::lock_guard _(maplock); + auto h = delayinserthook[em_address]; + delayinserthook.erase(em_address); + NewHook(h.second, h.first.c_str()); +} +bool NewHook(HookParam hp, LPCSTR name) +{ + if (hp.address || hp.jittype == JITTYPE::PC) + return NewHook_1(hp, name); + if (hp.jittype == JITTYPE::UNITY) + { + auto spls = strSplit(hp.unityfunctioninfo, ":"); + if (spls.size() != 5) + { + ConsoleOutput("invalid"); + return false; + } + int argcount; + try + { + argcount = std::stoi(spls[4]); + } + catch (...) + { + argcount = -1; + } + hp.address = tryfindmonoil2cpp(spls[0].c_str(), spls[1].c_str(), spls[2].c_str(), spls[3].c_str(), argcount); + + if (!hp.address) + { + ConsoleOutput("not find"); + return false; + } + return NewHook_1(hp, name); + } + // 下面的是手动插入 + if (emuaddr2jitaddr.find(hp.emu_addr) == emuaddr2jitaddr.end()) + { + delayinsertadd(hp, name); + return true; + } + strcpy(hp.function, ""); + wcscpy(hp.module, L""); + hp.type &= ~MODULE_OFFSET; + + hp.address = emuaddr2jitaddr[hp.emu_addr].second; + hp.jittype = emuaddr2jitaddr[hp.emu_addr].first; + return NewHook_1(hp, name); +} +void RemoveHook(uint64_t addr, int maxOffset) +{ + for (auto &hook : *hooks) + if (abs((long long)(hook.address - addr)) <= maxOffset) + return hook.Clear(); +} +std::string LoadResData(LPCWSTR pszResID, LPCWSTR _type) +{ + HMODULE hModule = hLUNAHOOKDLL; + HRSRC hRsrc = ::FindResourceW(hModule, pszResID, _type); + if (!hRsrc) + return ""; + DWORD len = SizeofResource(hModule, hRsrc); + BYTE *lpRsrc = (BYTE *)LoadResource(hModule, hRsrc); + if (!lpRsrc) + return ""; + HGLOBAL m_hMem = GlobalAlloc(GMEM_FIXED, len); + BYTE *pmem = (BYTE *)GlobalLock(m_hMem); + memcpy(pmem, lpRsrc, len); + auto data = std::string((char *)pmem, len); + GlobalUnlock(m_hMem); + GlobalFree(m_hMem); + FreeResource(lpRsrc); + return data; +} + +void context_get(hook_stack *stack, PCONTEXT context) +{ +#ifndef _WIN64 + stack->eax = context->Eax; + stack->ecx = context->Ecx; + stack->edx = context->Edx; + stack->ebx = context->Ebx; + stack->esp = context->Esp; + stack->ebp = context->Ebp; + stack->esi = context->Esi; + stack->edi = context->Edi; + stack->eflags = context->EFlags; + stack->retaddr = *(DWORD *)context->Esp; +#else + stack->rax = context->Rax; + stack->rbx = context->Rbx; + stack->rcx = context->Rcx; + stack->rdx = context->Rdx; + stack->rsp = context->Rsp; + stack->rbp = context->Rbp; + stack->rsi = context->Rsi; + stack->rdi = context->Rdi; + stack->r8 = context->R8; + stack->r9 = context->R9; + stack->r10 = context->R10; + stack->r11 = context->R11; + stack->r12 = context->R12; + stack->r13 = context->R13; + stack->r14 = context->R14; + stack->r15 = context->R15; + stack->eflags = context->EFlags; + stack->retaddr = *(DWORD64 *)context->Rsp; +#endif +} +void context_set(hook_stack *stack, PCONTEXT context) +{ +#ifndef _WIN64 + context->Eax = stack->eax; + context->Ecx = stack->ecx; + context->Edx = stack->edx; + context->Ebx = stack->ebx; + context->Esp = stack->esp; + context->Ebp = stack->ebp; + context->Esi = stack->esi; + context->Edi = stack->edi; + context->EFlags = stack->eflags; +#else + context->Rax = stack->rax; + context->Rbx = stack->rbx; + context->Rcx = stack->rcx; + context->Rdx = stack->rdx; + context->Rsp = stack->rsp; + context->Rbp = stack->rbp; + context->Rsi = stack->rsi; + context->Rdi = stack->rdi; + context->R8 = stack->r8; + context->R9 = stack->r9; + context->R10 = stack->r10; + context->R11 = stack->r11; + context->R12 = stack->r12; + context->R13 = stack->r13; + context->R14 = stack->r14; + context->R15 = stack->r15; + context->EFlags = stack->eflags; +#endif +} diff --git a/cpp/LunaHook/LunaHook/main.h b/cpp/LunaHook/LunaHook/main.h new file mode 100644 index 00000000..dbfb21ea --- /dev/null +++ b/cpp/LunaHook/LunaHook/main.h @@ -0,0 +1,33 @@ +#pragma once + +// main.h +// 8/23/2013 jichi +// Branch: ITH/IHF_DLL.h, rev 66 + +void TextOutput(const ThreadParam &tp, const HookParam &hp, TextOutput_T(*buffer), int len); +void ConsoleOutput(LPCSTR text, ...); +void WarningOutput(LPCSTR text, ...); +void NotifyHookFound(HookParam hp, wchar_t *text); +void NotifyHookRemove(uint64_t addr, LPCSTR name); +bool NewHook(HookParam hp, LPCSTR name); +bool NewHookJit(HookParam hp, LPCSTR name); + +void RemoveHook(uint64_t addr, int maxOffset = 9); +std::string LoadResData(LPCWSTR pszResID, LPCWSTR _type); +inline SearchParam spDefault; + +// EOF +int HookStrLen(HookParam *, BYTE *data); +inline std::unordered_map> emuaddr2jitaddr; +inline std::unordered_map> jitaddr2emuaddr; +void jitaddraddr(uint64_t em_addr, uintptr_t jitaddr, JITTYPE); + +void context_get(hook_stack *, PCONTEXT); +void context_set(hook_stack *, PCONTEXT); + +inline std::map> delayinserthook; +void delayinsertadd(HookParam, std::string); +void delayinsertNewHook(uint64_t); +inline bool safeautoleaveveh = false; +inline bool dont_detach = false; +inline bool host_connected = false; \ No newline at end of file diff --git a/src/LunaTranslator/__init__.py b/cpp/LunaHook/LunaHook/pchhook.cpp similarity index 100% rename from src/LunaTranslator/__init__.py rename to cpp/LunaHook/LunaHook/pchhook.cpp diff --git a/cpp/LunaHook/LunaHook/pchhook.h b/cpp/LunaHook/LunaHook/pchhook.h new file mode 100644 index 00000000..60c747bc --- /dev/null +++ b/cpp/LunaHook/LunaHook/pchhook.h @@ -0,0 +1,27 @@ +#include "../include/pch.h" + +// #define wcslen(XX) wcsnlen((XX), TEXT_BUFFER_SIZE*2) +// #define strlen(XX) strnlen((XX), TEXT_BUFFER_SIZE*2) + +#include "main.h" +#include "stackoffset.hpp" +#include "util/stringfilters.h" +#include "memdbg/memsearch.h" +#include "util/util.h" +#include "ithsys/ithsys.h" +#include "pchooks/pchooks.h" +#include "cpputil/cppcstring.h" +#include "dyncodec/dynsjiscodec.h" +#include "dyncodec/dynsjis.h" +#include "disasm/disasm.h" +#include "engine.h" +#include "embed_util.h" +#include "hijackfuns.h" + +#include "Lang/Lang.h" +#include "veh_hook.h" +#include "engines/emujitarg.hpp" +#include "engines/mono/monoil2cpp.h" +#include "hookfinder.h" +#include "util/textunion.h" +#include "util/ntxpundef.h" diff --git a/cpp/LunaHook/LunaHook/resource.rc b/cpp/LunaHook/LunaHook/resource.rc new file mode 100644 index 00000000..da766a55 --- /dev/null +++ b/cpp/LunaHook/LunaHook/resource.rc @@ -0,0 +1,17 @@ +charset_default CHARSET "resource/charset_default.txt" +charset_Robotics_Notes_Dash CHARSET "resource/charset_Robotics_Notes_Dash.txt" +charset_Robotics_Notes_Elite CHARSET "resource/charset_Robotics_Notes_Elite.txt" +charset_Famicom_Tantei_Club CHARSET "resource/charset_Famicom_Tantei_Club.txt" +charset_SINce_Memories CHARSET "resource/charset_SINce_Memories.txt" +charset_SG_My_Darlings_Embrace CHARSET "resource/charset_SG_My_Darlings_Embrace.txt" +charset_SG_Linear_Bounded_Phenogram CHARSET "resource/charset_SG_Linear_Bounded_Phenogram.txt" +charset_SGHD CHARSET "resource/charset_SGHD.txt" +compound_chars_SGHD COMPOUND_CHARS "resource/compound_chars_SGHD.txt" +compound_chars_default COMPOUND_CHARS "resource/compound_chars_default.txt" +compound_chars_Robotics_Notes_Elite COMPOUND_CHARS "resource/compound_chars_Robotics_Notes_Elite.txt" +compound_chars_Robotics_Notes_Dash COMPOUND_CHARS "resource/compound_chars_Robotics_Notes_Dash.txt" + +renpy_hook_font PYSOURCE "resource/renpy_hook_font.py" +renpy_hook_text PYSOURCE "resource/renpy_hook_text.py" + +lunajspatch JSSOURCE "resource/lunajspatch.js" \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/resource/charset_Famicom_Tantei_Club.txt b/cpp/LunaHook/LunaHook/resource/charset_Famicom_Tantei_Club.txt new file mode 100644 index 00000000..c5cbf21d --- /dev/null +++ b/cpp/LunaHook/LunaHook/resource/charset_Famicom_Tantei_Club.txt @@ -0,0 +1,131 @@ + 0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz_ +/:-;!?′.@#%~*/`()°^>+<ノ・=″$′,[\]&{|} +0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz、。 +,.:;?!゛゜‘’“”()〔〕[]{}〈〉《》「」『』【】<>〖〗・…〜ー♪―ぁぃぅぇぉっゃゅょゎァィゥェォッャュョヮヵヶ①② +③④⑤⑥⑦⑧⑨⑩⑪⑫⑬⑭⑮⑯⑰⑱⑲⑳%―━_/㊥①①①①①①①①①①①①①①①①①①①①①①①①①①①①①①①①①①①①①①①① +①①①①①①①①①①①①①①①①①①①①①①①①①①①①①①①βγζημξρστυφχψωÅ√◯´`、 ¯Д∥αδεθικλνο +πヽヾゝゞ〃仝々〆〇\+-±×÷=≠<>≦≧∞∴♂♀℃¥$¢£%#&*@§☆★○●◎◇◆□■△▲▽▼※〒→←↑↓〓∈∋⊆⊇⊂⊃∪ +∩∧∨¬⇒⇔∀∃∠⊥⌒∂∇≡≒≪≫∽∝∵∫∬‰♯♭♪†‡¶あいうえおかがきぎくぐけげこごさざしじすずせぜそぞただちぢつづてでとど +なにぬねのはばぱひびぴふぶぷへべぺほぼぽまみむめもやゆよらりるれろわゐゑをんアイウエオカガキギクグケゲコゴサザシジスズセゼソゾタ +ダチヂツヅテデトドナニヌネノハバパヒビピフブプヘベペホボポマミムメモヤユヨラリルレロヮワヰヱヲンヴΑΒΓΔΕΖΗΘΙΚΛΜΝΞΟ +ΠΡΣΤΥΦΧΨΩⅠⅡⅢⅣⅤⅥⅦⅧⅨⅩ∮∑∟⊿                                          +■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■ +■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■ +■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■ +■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■ +亜唖娃阿哀愛挨姶逢葵茜穐悪握渥旭葦芦鯵梓圧斡扱宛姐虻飴絢綾鮎或粟袷安庵按暗案闇鞍杏以伊位依偉囲夷委威尉惟意慰易椅為畏異移維緯胃萎 +衣謂違遺医井亥域育郁磯一壱溢逸稲茨芋鰯允印咽員因姻引飲淫胤蔭院陰隠韻吋右宇烏羽迂雨卯鵜窺丑碓臼渦嘘唄欝蔚鰻姥厩浦瓜閏噂云運雲荏餌 +叡営嬰影映曳栄永泳洩瑛盈穎頴英衛詠鋭液疫益駅悦謁越閲榎厭円園堰奄宴延怨掩援沿演炎焔煙燕猿縁艶苑薗遠鉛鴛塩於汚甥凹央奥往応押旺横欧 +殴王翁襖鴬鴎黄岡沖荻億屋憶臆桶牡乙俺卸恩温穏音下化仮何伽価佳加可嘉夏嫁家寡科暇果架歌河火珂禍禾稼箇花苛茄荷華菓蝦課嘩貨迦過霞蚊俄 +峨我牙画臥芽蛾賀雅餓駕介会解回塊壊廻快怪悔恢懐戒拐改魁晦械海灰界皆絵芥蟹開階貝凱劾外咳害崖慨概涯碍蓋街該鎧骸浬馨蛙垣柿蛎鈎劃嚇各 +廓拡撹格核殻獲確穫覚角赫較郭閣隔革学岳楽額顎掛笠樫橿梶鰍潟割喝恰括活渇滑葛褐轄且鰹叶椛樺鞄株兜竃蒲釜鎌噛鴨栢茅萱粥刈苅瓦乾侃冠寒 +刊勘勧巻喚堪姦完官寛干幹患感慣憾換敢柑桓棺款歓汗漢澗潅環甘監看竿管簡緩缶翰肝艦莞観諌貫還鑑間閑関陥韓館舘丸含岸巌玩癌眼岩翫贋雁頑 +顔願企伎危喜器基奇嬉寄岐希幾忌揮机旗既期棋棄機帰毅気汽畿祈季稀紀徽規記貴起軌輝飢騎鬼亀偽儀妓宜戯技擬欺犠疑祇義蟻誼議掬菊鞠吉吃喫 +桔橘詰砧杵黍却客脚虐逆丘久仇休及吸宮弓急救朽求汲泣灸球究窮笈級糾給旧牛去居巨拒拠挙渠虚許距鋸漁禦魚亨享京供侠僑兇競共凶協匡卿叫喬 +境峡強彊怯恐恭挟教橋況狂狭矯胸脅興蕎郷鏡響饗驚仰凝尭暁業局曲極玉桐粁僅勤均巾錦斤欣欽琴禁禽筋緊芹菌衿襟謹近金吟銀九倶句区狗玖矩苦 +躯駆駈駒具愚虞喰空偶寓遇隅串櫛釧屑屈掘窟沓靴轡窪熊隈粂栗繰桑鍬勲君薫訓群軍郡卦袈祁係傾刑兄啓圭珪型契形径恵慶慧憩掲携敬景桂渓畦稽 +系経継繋罫茎荊蛍計詣警軽頚鶏芸迎鯨劇戟撃激隙桁傑欠決潔穴結血訣月件倹倦健兼券剣喧圏堅嫌建憲懸拳捲検権牽犬献研硯絹県肩見謙賢軒遣鍵 +険顕験鹸元原厳幻弦減源玄現絃舷言諺限乎個古呼固姑孤己庫弧戸故枯湖狐糊袴股胡菰虎誇跨鈷雇顧鼓五互伍午呉吾娯後御悟梧檎瑚碁語誤護醐乞 +鯉交佼侯候倖光公功効勾厚口向后喉坑垢好孔孝宏工巧巷幸広庚康弘恒慌抗拘控攻昂晃更杭校梗構江洪浩港溝甲皇硬稿糠紅紘絞綱耕考肯肱腔膏航 +荒行衡講貢購郊酵鉱砿鋼閤降項香高鴻剛劫号合壕拷濠豪轟麹克刻告国穀酷鵠黒獄漉腰甑忽惚骨狛込此頃今困坤墾婚恨懇昏昆根梱混痕紺艮魂些佐 +叉唆嵯左差査沙瑳砂詐鎖裟坐座挫債催再最哉塞妻宰彩才採栽歳済災采犀砕砦祭斎細菜裁載際剤在材罪財冴坂阪堺榊肴咲崎埼碕鷺作削咋搾昨朔柵 +窄策索錯桜鮭笹匙冊刷察拶撮擦札殺薩雑皐鯖捌錆鮫皿晒三傘参山惨撒散桟燦珊産算纂蚕讃賛酸餐斬暫残仕仔伺使刺司史嗣四士始姉姿子屍市師志 +思指支孜斯施旨枝止死氏獅祉私糸紙紫肢脂至視詞詩試誌諮資賜雌飼歯事似侍児字寺慈持時次滋治爾璽痔磁示而耳自蒔辞汐鹿式識鴫竺軸宍雫七叱 +執失嫉室悉湿漆疾質実蔀篠偲柴芝屡蕊縞舎写射捨赦斜煮社紗者謝車遮蛇邪借勺尺杓灼爵酌釈錫若寂弱惹主取守手朱殊狩珠種腫趣酒首儒受呪寿授 +樹綬需囚収周宗就州修愁拾洲秀秋終繍習臭舟蒐衆襲讐蹴輯週酋酬集醜什住充十従戎柔汁渋獣縦重銃叔夙宿淑祝縮粛塾熟出術述俊峻春瞬竣舜駿准 +循旬楯殉淳準潤盾純巡遵醇順処初所暑曙渚庶緒署書薯藷諸助叙女序徐恕鋤除傷償勝匠升召哨商唱嘗奨妾娼宵将小少尚庄床廠彰承抄招掌捷昇昌昭 +晶松梢樟樵沼消渉湘焼焦照症省硝礁祥称章笑粧紹肖菖蒋蕉衝裳訟証詔詳象賞醤鉦鍾鐘障鞘上丈丞乗冗剰城場壌嬢常情擾条杖浄状畳穣蒸譲醸錠嘱 +埴飾拭植殖燭織職色触食蝕辱尻伸信侵唇娠寝審心慎振新晋森榛浸深申疹真神秦紳臣芯薪親診身辛進針震人仁刃塵壬尋甚尽腎訊迅陣靭笥諏須酢図 +厨逗吹垂帥推水炊睡粋翠衰遂酔錐錘随瑞髄崇嵩数枢趨雛据杉椙菅頗雀裾澄摺寸世瀬畝是凄制勢姓征性成政整星晴棲栖正清牲生盛精聖声製西誠誓 +請逝醒青静斉税脆隻席惜戚斥昔析石積籍績脊責赤跡蹟碩切拙接摂折設窃節説雪絶舌蝉仙先千占宣専尖川戦扇撰栓栴泉浅洗染潜煎煽旋穿箭線繊羨 +腺舛船薦詮賎践選遷銭銑閃鮮前善漸然全禅繕膳糎噌塑岨措曾曽楚狙疏疎礎祖租粗素組蘇訴阻遡鼠僧創双叢倉喪壮奏爽宋層匝惣想捜掃挿掻操早曹 +巣槍槽漕燥争痩相窓糟総綜聡草荘葬蒼藻装走送遭鎗霜騒像増憎臓蔵贈造促側則即息捉束測足速俗属賊族続卒袖其揃存孫尊損村遜他多太汰詑唾堕 +妥惰打柁舵楕陀駄騨体堆対耐岱帯待怠態戴替泰滞胎腿苔袋貸退逮隊黛鯛代台大第醍題鷹滝瀧卓啄宅托択拓沢濯琢託鐸濁諾茸凧蛸只叩但達辰奪脱 +巽竪辿棚谷狸鱈樽誰丹単嘆坦担探旦歎淡湛炭短端箪綻耽胆蛋誕鍛団壇弾断暖檀段男談値知地弛恥智池痴稚置致蜘遅馳築畜竹筑蓄逐秩窒茶嫡着中 +仲宙忠抽昼柱注虫衷註酎鋳駐樗瀦猪苧著貯丁兆凋喋寵帖帳庁弔張彫徴懲挑暢朝潮牒町眺聴脹腸蝶調諜超跳銚長頂鳥勅捗直朕沈珍賃鎮陳津墜椎槌 +追鎚痛通塚栂掴槻佃漬柘辻蔦綴鍔椿潰坪壷嬬紬爪吊釣鶴亭低停偵剃貞呈堤定帝底庭廷弟悌抵挺提梯汀碇禎程締艇訂諦蹄逓邸鄭釘鼎泥摘擢敵滴的 +笛適鏑溺哲徹撤轍迭鉄典填天展店添纏甜貼転顛点伝殿澱田電兎吐堵塗妬屠徒斗杜渡登菟賭途都鍍砥砺努度土奴怒倒党冬凍刀唐塔塘套宕島嶋悼投 +搭東桃梼棟盗淘湯涛灯燈当痘祷等答筒糖統到董蕩藤討謄豆踏逃透鐙陶頭騰闘働動同堂導憧撞洞瞳童胴萄道銅峠鴇匿得徳涜特督禿篤毒独読栃橡凸 +突椴届鳶苫寅酉瀞噸屯惇敦沌豚遁頓呑曇鈍奈那内乍凪薙謎灘捺鍋楢馴縄畷南楠軟難汝二尼弐迩匂賑肉虹廿日乳入如尿韮任妊忍認濡禰祢寧葱猫熱 +年念捻撚燃粘乃廼之埜嚢悩濃納能脳膿農覗蚤巴把播覇杷波派琶破婆罵芭馬俳廃拝排敗杯盃牌背肺輩配倍培媒梅楳煤狽買売賠陪這蝿秤矧萩伯剥博 +拍柏泊白箔粕舶薄迫曝漠爆縛莫駁麦函箱硲箸肇筈櫨幡肌畑畠八鉢溌発醗髪伐罰抜筏閥鳩噺塙蛤隼伴判半反叛帆搬斑板氾汎版犯班畔繁般藩販範釆 +煩頒飯挽晩番盤磐蕃蛮匪卑否妃庇彼悲扉批披斐比泌疲皮碑秘緋罷肥被誹費避非飛樋簸備尾微枇毘琵眉美鼻柊稗匹疋髭彦膝菱肘弼必畢筆逼桧姫媛 +紐百謬俵彪標氷漂瓢票表評豹廟描病秒苗錨鋲蒜蛭鰭品彬斌浜瀕貧賓頻敏瓶不付埠夫婦富冨布府怖扶敷斧普浮父符腐膚芙譜負賦赴阜附侮撫武舞葡 +蕪部封楓風葺蕗伏副復幅服福腹複覆淵弗払沸仏物鮒分吻噴墳憤扮焚奮粉糞紛雰文聞丙併兵塀幣平弊柄並蔽閉陛米頁僻壁癖碧別瞥蔑箆偏変片篇編 +辺返遍便勉娩弁鞭保舗鋪圃捕歩甫補輔穂募墓慕戊暮母簿菩倣俸包呆報奉宝峰峯崩庖抱捧放方朋法泡烹砲縫胞芳萌蓬蜂褒訪豊邦鋒飽鳳鵬乏亡傍剖 +坊妨帽忘忙房暴望某棒冒紡肪膨謀貌貿鉾防吠頬北僕卜墨撲朴牧睦穆釦勃没殆堀幌奔本翻凡盆摩磨魔麻埋妹昧枚毎哩槙幕膜枕鮪柾鱒桝亦俣又抹末 +沫迄侭繭麿万慢満漫蔓味未魅巳箕岬密蜜湊蓑稔脈妙粍民眠務夢無牟矛霧鵡椋婿娘冥名命明盟迷銘鳴姪牝滅免棉綿緬面麺摸模茂妄孟毛猛盲網耗蒙 +儲木黙目杢勿餅尤戻籾貰問悶紋門匁也冶夜爺耶野弥矢厄役約薬訳躍靖柳薮鑓愉愈油癒諭輸唯佑優勇友宥幽悠憂揖有柚湧涌猶猷由祐裕誘遊邑郵雄 +融夕予余与誉輿預傭幼妖容庸揚揺擁曜楊様洋溶熔用窯羊耀葉蓉要謡踊遥陽養慾抑欲沃浴翌翼淀羅螺裸来莱頼雷洛絡落酪乱卵嵐欄濫藍蘭覧利吏履 +李梨理璃痢裏裡里離陸律率立葎掠略劉流溜琉留硫粒隆竜龍侶慮旅虜了亮僚両凌寮料梁涼猟療瞭稜糧良諒遼量陵領力緑倫厘林淋燐琳臨輪隣鱗麟瑠 +塁涙累類令伶例冷励嶺怜玲礼苓鈴隷零霊麗齢暦歴列劣烈裂廉恋憐漣煉簾練聯蓮連錬呂魯櫓炉賂路露労婁廊弄朗楼榔浪漏牢狼篭老聾蝋郎六麓禄肋 +録論倭和話歪賄脇惑枠鷲亙亘鰐詫藁蕨椀湾碗腕                                            +弌丐丕个丱丶丼丿乂乖乘亂亅豫亊舒弍于亞亟亠亢亰亳亶从仍仄仆仂仗仞仭仟价伉佚估佛佝佗佇佶侈侏侘佻佩佰侑佯來侖儘俔俟俎俘俛俑俚俐俤俥 +倚倨倔倪倥倅伜俶倡倩倬俾俯們倆偃假會偕偐偈做偖偬偸傀傚傅傴傲僉僊傳僂僖僞僥僭僣僮價僵儉儁儂儖儕儔儚儡儺儷儼儻儿兀兒兌兔兢竸兩兪兮 +冀冂囘册冉冏冑冓冕冖冤冦冢冩冪冫决冱冲冰况冽凅凉凛几處凩凭凰凵凾刄刋刔刎刧刪刮刳刹剏剄剋剌剞剔剪剴剩剳剿剽劍劔劒剱劈劑辨辧劬劭劼 +劵勁勍勗勞勣勦飭勠勳勵勸勹匆匈甸匍匐匏匕匚匣匯匱匳匸區卆卅丗卉卍凖卞卩卮夘卻卷厂厖厠厦厥厮厰厶參簒雙叟曼燮叮叨叭叺吁吽呀听吭吼吮 +吶吩吝呎咏呵咎呟呱呷呰咒呻咀呶咄咐咆哇咢咸咥咬哄哈咨咫哂咤咾咼哘哥哦唏唔哽哮哭哺哢唹啀啣啌售啜啅啖啗唸唳啝喙喀咯喊喟啻啾喘喞單啼 +喃喩喇喨嗚嗅嗟嗄嗜嗤嗔嘔嗷嘖嗾嗽嘛嗹噎噐營嘴嘶嘲嘸噫噤嘯噬噪嚆嚀嚊嚠嚔嚏嚥嚮嚶嚴囂嚼囁囃囀囈囎囑囓囗囮囹圀囿圄圉圈國圍圓團圖嗇圜 +圦圷圸坎圻址坏坩埀垈坡坿垉垓垠垳垤垪垰埃埆埔埒埓堊埖埣堋堙堝塲堡塢塋塰毀塒堽塹墅墹墟墫墺壞墻墸墮壅壓壑壗壙壘壥壜壤壟壯壺壹壻壼壽 +夂夊夐夛梦夥夬夭夲夸夾竒奕奐奎奚奘奢奠奧奬奩奸妁妝佞侫妣妲姆姨姜妍姙姚娥娟娑娜娉娚婀婬婉娵娶婢婪媚媼媾嫋嫂媽嫣嫗嫦嫩嫖嫺嫻嬌嬋嬖 +嬲嫐嬪嬶嬾孃孅孀孑孕孚孛孥孩孰孳孵學斈孺宀它宦宸寃寇寉寔寐寤實寢寞寥寫寰寶寳尅將專對尓尠尢尨尸尹屁屆屎屓屐屏孱屬屮乢屶屹岌岑岔妛 +岫岻岶岼岷峅岾峇峙峩峽峺峭嶌峪崋崕崗嵜崟崛崑崔崢崚崙崘嵌嵒嵎嵋嵬嵳嵶嶇嶄嶂嶢嶝嶬嶮嶽嶐嶷嶼巉巍巓巒巖巛巫已巵帋帚帙帑帛帶帷幄幃幀 +幎幗幔幟幢幤幇幵并幺麼广庠廁廂廈廐廏廖廣廝廚廛廢廡廨廩廬廱廳廰廴廸廾弃弉彝彜弋弑弖弩弭弸彁彈彌彎弯彑彖彗彙彡彭彳彷徃徂彿徊很徑徇 +從徙徘徠徨徭徼忖忻忤忸忱忝悳忿怡恠怙怐怩怎怱怛怕怫怦怏怺恚恁恪恷恟恊恆恍恣恃恤恂恬恫恙悁悍惧悃悚悄悛悖悗悒悧悋惡悸惠惓悴忰悽惆悵 +惘慍愕愆惶惷愀惴惺愃愡惻惱愍愎慇愾愨愧慊愿愼愬愴愽慂慄慳慷慘慙慚慫慴慯慥慱慟慝慓慵憙憖憇憬憔憚憊憑憫憮懌懊應懷懈懃懆憺懋罹懍懦懣 +懶懺懴懿懽懼懾戀戈戉戍戌戔戛戞戡截戮戰戲戳扁扎扞扣扛扠扨扼抂抉找抒抓抖拔抃抔拗拑抻拏拿拆擔拈拜拌拊拂拇抛拉挌拮拱挧挂挈拯拵捐挾捍 +搜捏掖掎掀掫捶掣掏掉掟掵捫捩掾揩揀揆揣揉插揶揄搖搴搆搓搦搶攝搗搨搏摧摯摶摎攪撕撓撥撩撈撼據擒擅擇撻擘擂擱擧舉擠擡抬擣擯攬擶擴擲擺 +攀擽攘攜攅攤攣攫攴攵攷收攸畋效敖敕敍敘敞敝敲數斂斃變斛斟斫斷旃旆旁旄旌旒旛旙无旡旱杲昊昃旻杳昵昶昴昜晏晄晉晁晞晝晤晧晨晟晢晰暃暈 +暎暉暄暘暝曁暹曉暾暼曄暸曖曚曠昿曦曩曰曵曷朏朖朞朦朧霸朮朿朶杁朸朷杆杞杠杙杣杤枉杰枩杼杪枌枋枦枡枅枷柯枴柬枳柩枸柤柞柝柢柮枹柎柆 +柧檜栞框栩桀桍栲桎梳栫桙档桷桿梟梏梭梔條梛梃檮梹桴梵梠梺椏梍桾椁棊椈棘椢椦棡椌棍棔棧棕椶椒椄棗棣椥棹棠棯椨椪椚椣椡棆楹楷楜楸楫楔 +楾楮椹楴椽楙椰楡楞楝榁楪榲榮槐榿槁槓榾槎寨槊槝榻槃榧樮榑榠榜榕榴槞槨樂樛槿權槹槲槧樅榱樞槭樔槫樊樒櫁樣樓橄樌橲樶橸橇橢橙橦橈樸樢 +檐檍檠檄檢檣檗蘗檻櫃櫂檸檳檬櫞櫑櫟檪櫚櫪櫻欅蘖櫺欒欖鬱欟欸欷盜欹飮歇歃歉歐歙歔歛歟歡歸歹歿殀殄殃殍殘殕殞殤殪殫殯殲殱殳殷殼毆毋毓 +毟毬毫毳毯麾氈氓气氛氤氣汞汕汢汪沂沍沚沁沛汾汨汳沒沐泄泱泓沽泗泅泝沮沱沾沺泛泯泙泪洟衍洶洫洽洸洙洵洳洒洌浣涓浤浚浹浙涎涕濤涅淹渕 +渊涵淇淦涸淆淬淞淌淨淒淅淺淙淤淕淪淮渭湮渮渙湲湟渾渣湫渫湶湍渟湃渺湎渤滿渝游溂溪溘滉溷滓溽溯滄溲滔滕溏溥滂溟潁漑灌滬滸滾漿滲漱滯 +漲滌漾漓滷澆潺潸澁澀潯潛濳潭澂潼潘澎澑濂潦澳澣澡澤澹濆澪濟濕濬濔濘濱濮濛瀉瀋濺瀑瀁瀏濾瀛瀚潴瀝瀘瀟瀰瀾瀲灑灣炙炒炯烱炬炸炳炮烟烋 +烝烙焉烽焜焙煥煕熈煦煢煌煖煬熏燻熄熕熨熬燗熹熾燒燉燔燎燠燬燧燵燼燹燿爍爐爛爨爭爬爰爲爻爼爿牀牆牋牘牴牾犂犁犇犒犖犢犧犹犲狃狆狄狎 +狒狢狠狡狹狷倏猗猊猜猖猝猴猯猩猥猾獎獏默獗獪獨獰獸獵獻獺珈玳珎玻珀珥珮珞璢琅瑯琥珸琲琺瑕琿瑟瑙瑁瑜瑩瑰瑣瑪瑶瑾璋璞璧瓊瓏瓔珱瓠瓣 +瓧瓩瓮瓲瓰瓱瓸瓷甄甃甅甌甎甍甕甓甞甦甬甼畄畍畊畉畛畆畚畩畤畧畫畭畸當疆疇畴疊疉疂疔疚疝疥疣痂疳痃疵疽疸疼疱痍痊痒痙痣痞痾痿痼瘁痰 +痺痲痳瘋瘍瘉瘟瘧瘠瘡瘢瘤瘴瘰瘻癇癈癆癜癘癡癢癨癩癪癧癬癰癲癶癸發皀皃皈皋皎皖皓皙皚皰皴皸皹皺盂盍盖盒盞盡盥盧盪蘯盻眈眇眄眩眤眞眥 +眦眛眷眸睇睚睨睫睛睥睿睾睹瞎瞋瞑瞠瞞瞰瞶瞹瞿瞼瞽瞻矇矍矗矚矜矣矮矼砌砒礦砠礪硅碎硴碆硼碚碌碣碵碪碯磑磆磋磔碾碼磅磊磬磧磚磽磴礇礒 +礑礙礬礫祀祠祗祟祚祕祓祺祿禊禝禧齋禪禮禳禹禺秉秕秧秬秡秣稈稍稘稙稠稟禀稱稻稾稷穃穗穉穡穢穩龝穰穹穽窈窗窕窘窖窩竈窰窶竅竄窿邃竇竊 +竍竏竕竓站竚竝竡竢竦竭竰笂笏笊笆笳笘笙笞笵笨笶筐筺笄筍笋筌筅筵筥筴筧筰筱筬筮箝箘箟箍箜箚箋箒箏筝箙篋篁篌篏箴篆篝篩簑簔篦篥籠簀簇 +簓篳篷簗簍篶簣簧簪簟簷簫簽籌籃籔籏籀籐籘籟籤籖籥籬籵粃粐粤粭粢粫粡粨粳粲粱粮粹粽糀糅糂糘糒糜糢鬻糯糲糴糶糺紆紂紜紕紊絅絋紮紲紿紵 +絆絳絖絎絲絨絮絏絣經綉絛綏絽綛綺綮綣綵緇綽綫總綢綯緜綸綟綰緘緝緤緞緻緲緡縅縊縣縡縒縱縟縉縋縢繆繦縻縵縹繃縷縲縺繧繝繖繞繙繚繹繪繩 +繼繻纃緕繽辮繿纈纉續纒纐纓纔纖纎纛纜缸缺罅罌罍罎罐网罕罔罘罟罠罨罩罧罸羂羆羃羈羇羌羔羞羝羚羣羯羲羹羮羶羸譱翅翆翊翕翔翡翦翩翳翹飜 +耆耄耋耒耘耙耜耡耨耿耻聊聆聒聘聚聟聢聨聳聲聰聶聹聽聿肄肆肅肛肓肚肭冐肬胛胥胙胝胄胚胖脉胯胱脛脩脣脯腋隋腆脾腓腑胼腱腮腥腦腴膃膈膊 +膀膂膠膕膤膣腟膓膩膰膵膾膸膽臀臂膺臉臍臑臙臘臈臚臟臠臧臺臻臾舁舂舅與舊舍舐舖舩舫舸舳艀艙艘艝艚艟艤艢艨艪艫舮艱艷艸艾芍芒芫芟芻芬 +苡苣苟苒苴苳苺莓范苻苹苞茆苜茉苙茵茴茖茲茱荀茹荐荅茯茫茗茘莅莚莪莟莢莖茣莎莇莊荼莵荳荵莠莉莨菴萓菫菎菽萃菘萋菁菷萇菠菲萍萢萠莽萸 +蔆菻葭萪萼蕚蒄葷葫蒭葮蒂葩葆萬葯葹萵蓊葢蒹蒿蒟蓙蓍蒻蓚蓐蓁蓆蓖蒡蔡蓿蓴蔗蔘蔬蔟蔕蔔蓼蕀蕣蕘蕈蕁蘂蕋蕕薀薤薈薑薊薨蕭薔薛藪薇薜蕷蕾 +薐藉薺藏薹藐藕藝藥藜藹蘊蘓蘋藾藺蘆蘢蘚蘰蘿虍乕虔號虧虱蚓蚣蚩蚪蚋蚌蚶蚯蛄蛆蚰蛉蠣蚫蛔蛞蛩蛬蛟蛛蛯蜒蜆蜈蜀蜃蛻蜑蜉蜍蛹蜊蜴蜿蜷蜻蜥 +蜩蜚蝠蝟蝸蝌蝎蝴蝗蝨蝮蝙蝓蝣蝪蠅螢螟螂螯蟋螽蟀蟐雖螫蟄螳蟇蟆螻蟯蟲蟠蠏蠍蟾蟶蟷蠎蟒蠑蠖蠕蠢蠡蠱蠶蠹蠧蠻衄衂衒衙衞衢衫袁衾袞衵衽袵 +衲袂袗袒袮袙袢袍袤袰袿袱裃裄裔裘裙裝裹褂裼裴裨裲褄褌褊褓襃褞褥褪褫襁襄褻褶褸襌褝襠襞襦襤襭襪襯襴襷襾覃覈覊覓覘覡覩覦覬覯覲覺覽覿 +觀觚觜觝觧觴觸訃訖訐訌訛訝訥訶詁詛詒詆詈詼詭詬詢誅誂誄誨誡誑誥誦誚誣諄諍諂諚諫諳諧諤諱謔諠諢諷諞諛謌謇謚諡謖謐謗謠謳鞫謦謫謾謨譁 +譌譏譎證譖譛譚譫譟譬譯譴譽讀讌讎讒讓讖讙讚谺豁谿豈豌豎豐豕豢豬豸豺貂貉貅貊貍貎貔豼貘戝貭貪貽貲貳貮貶賈賁賤賣賚賽賺賻贄贅贊贇贏贍 +贐齎贓賍贔贖赧赭赱赳趁趙跂趾趺跏跚跖跌跛跋跪跫跟跣跼踈踉跿踝踞踐踟蹂踵踰踴蹊蹇蹉蹌蹐蹈蹙蹤蹠踪蹣蹕蹶蹲蹼躁躇躅躄躋躊躓躑躔躙躪躡 +躬躰軆躱躾軅軈軋軛軣軼軻軫軾輊輅輕輒輙輓輜輟輛輌輦輳輻輹轅轂輾轌轉轆轎轗轜轢轣轤辜辟辣辭辯辷迚迥迢迪迯邇迴逅迹迺逑逕逡逍逞逖逋逧 +逶逵逹迸遏遐遑遒逎遉逾遖遘遞遨遯遶隨遲邂遽邁邀邊邉邏邨邯邱邵郢郤扈郛鄂鄒鄙鄲鄰酊酖酘酣酥酩酳酲醋醉醂醢醫醯醪醵醴醺釀釁釉釋釐釖釟 +釡釛釼釵釶鈞釿鈔鈬鈕鈑鉞鉗鉅鉉鉤鉈銕鈿鉋鉐銜銖銓銛鉚鋏銹銷鋩錏鋺鍄錮錙錢錚錣錺錵錻鍜鍠鍼鍮鍖鎰鎬鎭鎔鎹鏖鏗鏨鏥鏘鏃鏝鏐鏈鏤鐚鐔鐓 +鐃鐇鐐鐶鐫鐵鐡鐺鑁鑒鑄鑛鑠鑢鑞鑪鈩鑰鑵鑷鑽鑚鑼鑾钁鑿閂閇閊閔閖閘閙閠閨閧閭閼閻閹閾闊濶闃闍闌闕闔闖關闡闥闢阡阨阮阯陂陌陏陋陷陜陞 +陝陟陦陲陬隍隘隕隗險隧隱隲隰隴隶隸隹雎雋雉雍襍雜霍雕雹霄霆霈霓霎霑霏霖霙霤霪霰霹霽霾靄靆靈靂靉靜靠靤靦靨勒靫靱靹鞅靼鞁靺鞆鞋鞏鞐 +鞜鞨鞦鞣鞳鞴韃韆韈韋韜韭齏韲竟韶韵頏頌頸頤頡頷頽顆顏顋顫顯顰顱顴顳颪颯颱颶飄飃飆飩飫餃餉餒餔餘餡餝餞餤餠餬餮餽餾饂饉饅饐饋饑饒饌 +饕馗馘馥馭馮馼駟駛駝駘駑駭駮駱駲駻駸騁騏騅駢騙騫騷驅驂驀驃騾驕驍驛驗驟驢驥驤驩驫驪骭骰骼髀髏髑髓體髞髟髢髣髦髯髫髮髴髱髷髻鬆鬘鬚 +鬟鬢鬣鬥鬧鬨鬩鬪鬮鬯鬲魄魃魏魍魎魑魘魴鮓鮃鮑鮖鮗鮟鮠鮨鮴鯀鯊鮹鯆鯏鯑鯒鯣鯢鯤鯔鯡鰺鯲鯱鯰鰕鰔鰉鰓鰌鰆鰈鰒鰊鰄鰮鰛鰥鰤鰡鰰鱇鰲鱆鰾 +鱚鱠鱧鱶鱸鳧鳬鳰鴉鴈鳫鴃鴆鴪鴦鶯鴣鴟鵄鴕鴒鵁鴿鴾鵆鵈鵝鵞鵤鵑鵐鵙鵲鶉鶇鶫鵯鵺鶚鶤鶩鶲鷄鷁鶻鶸鶺鷆鷏鷂鷙鷓鷸鷦鷭鷯鷽鸚鸛鸞鹵鹹鹽麁 +麈麋麌麒麕麑麝麥麩麸麪麭靡黌黎黏黐黔黜點黝黠黥黨黯黴黶黷黹黻黼黽鼇鼈皷鼕鼡鼬鼾齊齒齔齣齟齠齡齦齧齬齪齷齲齶龕龜龠堯槇遙瑤凜熙   +♥☃☃☃☃☃☃☃☃☃☃☃☃☃☃☃☃☃☃☃☃☃☃☃☃☃☃☃☃☃☃☃☃☃☃☃☃☃☃☃☃☃☃☃☃☃☃☃☃☃☃☃☃☃☃☃☃☃☃☃☃☃☃☃ +喂你么吧说话吗谁过啦啊赶紧这哪记时发现处间请谢您别每谨问晕经悬边碰丛觉另样关马顺让联场烦谈脑伤应该错搞为头忆总许欢帮长风盐响棵树 +离远渔获呢刚亏缓侥轻确摔嗯还跑认识哎开调查线顶侦务步诉连趟细进师们办跃笔图骥试盯镜阅动资骂绫对输桌实柜满详虽电见结门车带员询绍宁 +传战领则财阀难访咦蓝绵绝张贴运懂贩卖买扰极卧遗亲诊单纯给跷她岁龄脏侄孙辈暂阵铺养闭笼藓东饲鲤鱼摆设爱书读黑陈烧佣击营适乐题强帘尘 +严药预篮齐纪喽盏夹虑计叠偷历习惯举嗓唉怀毕晚两种够饶咙义缮坟伙捣贫验证贵论苏斩呃闻坚败躲敌诅疯砍变终罢纠缠杀沉鳞栉闯华绘朵壶值钱 +语忧责爷吓栋护负顾产项权继瘫须荡闲厅宽哼备续奋录转拥统观赖稳债济呐户觊觎劲恶剧拨码报签纸铅净瘾缘选择达啥浑绪复较哟尔嘿晓呜脸红讲 +挖谋坠吵仓库费惊兴恼剑唤渐划蹭倾议优锁杂阴约团吞钉际热视雾污渍咖啡惬节增业导讯煞汉疗馁围检误盼躺钥渗捅毙词级货积层仅讶贼屉诫储仿 +鉴测扭纹洁丧协腾专缉耍态戏归废份挥呗傻谎懒扯逛丢谬违咱刨枪彻胜—险组织构衬飞钧诸压评谓简妇鲜苍伞卡闹灵搅辆寻扑补拼隐瞒抚惦宫镇标 +诺馆绅偿娇艳凳绳轮糕绕骇软驾讨厌丽挡畅饱摄喻络饮尝异觅劝骚浇捡鸡嚷缝钻顽亵渎狈纽颗鸟兽咿赎俩灭换阳绞庞帅嘻嚯钟瞧丝缕类烤瞩扬浆维 +揪滩锐喔闪拖岂肃氰诞烂摊婴灾毁妈伪术睁页氢质载审厉职赏诀释颜厢踩捞垫脖肤袭显恻涂执穷墙键谅谜凑砸钓胁剂额辩纵驱监乌囊纳奶侣卫狱艰 +攒骄骗扫递块摇蕴龛盘夺诚挚诱饵惩罚嘣账汇迈迟逻岗渴临圣桩挤众涨垃圾挪岛颈扔俱赛创劳烁钮饰园驹厕铃鸦伫诲贯贷诈诡绽频润牵轿辉础倘课 +练荣编艺萝谣锵祸饭唬兑滚睬俏嘞锻炼馅啵竖弹攥邻揽徕嗝嗨诶呕揍唷哒搁邮啧赔赌鱿揭踢链挠绿羡炫牺凤犊噗茬呿窝荫·赊钢爹谱飒眨贸鲁钝籁 +撑磕哆嗦唠缩暧钩桥赞筹爸沦掐撇噩订奖训仪晾损婶侧瞄掺势抢赘敛愤歧赠综购殒陆拽颤嚣挣启乡扩驶阔绰阶辕辙甩耸瞟纷篑惭圆栏胶坝瞅☃☃☃ +☃☃☃☃☃☃☃☃☃☃☃☃☃☃☃☃☃☃☃☃☃☃☃☃☃☃☃☃☃☃☃☃☃☃☃☃☃☃☃☃☃☃☃☃☃☃☃☃☃☃☃☃☃☃☃☃☃☃☃☃☃☃☃☃ +說嗎趕狀幫繫辦閱腳絕內蹺歲擊囉檯溫睏歷嚨夠傢產癱閒寬錄賴戶錶凈癮緣喲禱愜屜謊丟嘍佔噓弒拚髒擋樁眾橫黃闆厲剎彥貓獃虛誒賬噠徵脫魷僱 +綠賒淚撐悅撿嘮曬麵嚐雞瀆龐銳菸噹睜氫墊瘀檔啟嬸姊拋摻掙鄉曆淩劄壩刁碴臊涉汙攏☃☃☃☃☃☃☃☃☃☃☃☃☃☃☃☃☃☃☃☃☃☃☃☃☃☃ \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/resource/charset_Robotics_Notes_Dash.txt b/cpp/LunaHook/LunaHook/resource/charset_Robotics_Notes_Dash.txt new file mode 100644 index 00000000..cd8346b5 --- /dev/null +++ b/cpp/LunaHook/LunaHook/resource/charset_Robotics_Notes_Dash.txt @@ -0,0 +1,64 @@ + 0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz +/:-;!?′.@#%~*_`()゚^>+<ノキリッ$&",[]=\ +0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz、。 +,.:;?!゛゜‘’“”()〔〕[]{}〈〉《》“”‘’【】<>【】・…~ー♪─ぁぃぅぇぉっゃゅょゎァィゥェォッャュョヮヵヶ①② +―――___éàå²ö゚&⑯⑰⑱⑲⑳%–—_/•①①①①①①①①①①①①①①①①①①①①①①①①①①①①①①①①①①①①①①①… +①①①①①①①①①①①①①①①①①①①①①①①①①①①①①①①あいうえおかがきぎくぐけげこごさざしじすずせぜそぞただちぢつづてで +とどなにぬねのはばぱひびぴふぶぷへべぺほぼぽまみむめもやゆよらりるれろわゐゑをんアイウエオカガキギクグケゲコゴサザシジスズセゼソ +ゾタダチヂツヅテデトドナニヌネノハバパヒビピフブプヘベペホボポマミムメモヤユヨラリルレロワヰヱヲンヴ☆★◎○●△▲□■▽▼◇◆※ +→←+-×÷=≧≦\〓&〆追加新項目敗北勝利入力失成功分岐先指定海翔世界救戦誰言前全人類希望俺興味穂所詮自中衝動満最強丁寧不謹慎 +構事国位倒頂点一昴立完了求淳和電源積込英雄軍主公供給開始喋感度良好員押忍体風吹確実続誤差以下正常起済安充率連稼働限時間忘各種異有 +夫僕思悪後輩対応座標固待調整変葉遣減断解除回認居左右周辺範囲地形判用問題締上愛理本日年月天予報伝鹿児島県子屋久方東南晴波高温低降 +水貴重情部集合暇行初今終必戻格闘発進名八汐央校普科組出席号績活研究属詳得意野隠示画面内消小息薄暗室外夏爽駆抜狭熱違汗引心身浴景色 +期台多柄空碧隈半遺産横住火縄銃射場白真昔学舞話慢試遠呼声聞我長帰還娘現瀬乃宮捉同幼頃腐縁程仲遊付呑持口頑張状況隣具倉庫察来使想二 +物置端灯個当然春秋暑冬寒環境芝生雨答額滲的迎考恐教頭会議忙相手側費止粘交渉取原因去無茶要悲壮笑浮焦偉少覚称歴史遡女徒姉設果昇足盛 +近京優経験証拠数知洗脳作効古西矢逆派結何花落評舎技術準備陽陰十伊達金字塔登在駄向習怒削命令飽料特未練木腰放課決流万牙城崩悔材昨神 +品崇説奥深々素奇跡噛怪由切者様謎包才噂光栄揚並拝式基操撃繋簡単読潰裏仕掛局選択他機性能極到注退離油禁徴早精視反平均可処絞値導訳魅 +激狙皆絡論柔攻書法弊害礼苦労癖送疑傷返信嘘痕触別愚痴伸眺揺覆庭姿運歩距総園鳥鳴渡草静残寄独浸哲尊敬眼突途宣表聴衆造卒業絶僻存就職 +肢旅暮願漠夢浪萎観測走夕根唱諦叶将路錯馳態停投専保管緒従負舌打念着含腕適弱髪両容赦関義肩犬勇旧港閉鎖廃墟訪割雑広遮裾死駐滑幅道比 +車寝掲堂直鍵元防燃補踏埃窓涙晶鎮巨略超際乗縦算誇創計図描許町工譲提企段代受継社務妹巡凡胸吐首振頬叩弾幕拳隅棚缶携帯移替欠過例幽霊 +刻嫌這警告抵抗殺百虚#難若憧黄昏識微妙擬似量背痛配膝隙潜勢奪制服汚短更衣皮肉勲章疲質虐輝握男士友納協街夜黒改装家唯営忌明週照臭腹 +遅呆盗買食晩儀休憩転故幸軽羽織宅軒脱挨拶影響角染血美緯太山勘慣慨繰像澄青越迫匂緑丸毎堅禮商店瑞榎怠醸級化粧飾随械助支障売介護厳密 +田辞践鼻蓄飲次蒸器冗談文袋土船便届育師顧彦扱豪語頼条件怖殊急門輪殿慌骨折損欄販破紹円速秒垂跳緊約承兼演躍訴騙猫泣震珍映宿嬉担三賛 +殴菓勉困泥川掃捨橋句箱煙詰敵勧誘辛辣淡履靴団彼価参壊修即噴醜肝健懲印象烈嘲永遇既権益努官僚縮疾涛復暴叫案奮収懸机絵枚巻宝紀及記録 +媒黙昭鉄型狂寸騒係溢析挑幻王邪楽鑑賞唇尖曲宇宙音吸換虫耳径泉冥沈漏暦片溶細朝鈴傘館扉童雰非徳凛漂捌蹴鋭遂拭濡恥弟尽快袖冷昼弁板委 +臼井至戸惑浜峰喜飯批撤咎省留顛末赴任壇善欲請余裕瞬筋博展秀般抱援剰再曜催競獲検討咳払姑束守伐厄晦甘廊蛙延午授罠粒砂仁嘆仰母玉借資 +貯毛誉焼董劇梅干酸荷探屈散豆把彰写溜募荒模索申逃貫孤役班貶胃増遭避憶抹君臓針刺涼第瞳炎尚稚系互坊魂魔推芙歳父農畑挟階玄尻舐釈七壁 +貼与吟斎親寂悟惚綿掴剥歪酷膚拗湿冊危純池床混懇私卓窺伏採迷己毒看圧建舗塞洋客藤治偏添沙汰促劣製賢貧乏香軸紙裂財貿易畳凶獄窒液嚥喉 +潤契愉脅傑肌層粉謝律翌孫族祖甲斐諸刃剣茨都妄蓋覗規驚招姓戚典乱怯罪拒否布札税漱石千侮辱盤鉢責掘四股擦渋節施概芻棒餅閃棄纏漁御順序 +紛老婆忠歯闇没懐則崖凍蒼据披露湯徹底揉熟編颯撼複璧摘威兆候脂徐藍稀弄症群医病療耗策傾貸預丘錆敷郷埋聖滅融踊芸馬星紅侵儚厚綴築溝訝 +揃尾仮潮誓膳贈籠眠票鬼湧昂泊憑清硬之市煌茫奢詞爆祈苛漬鬱陶恨架湾岸惜区駅朽森歌虎克耐睡抑雲剤寡列帳躊躇覧襲争志津也搭載繊歓匠酔餌 +煽氏挙嬢吠審胆俯瞰軌鍛旋鈍浅逸胴祭猛翼矯俄覇辿該凝褒革晒凄魚控彗祝福臨陣尋牽穴穏植捕険球杭遥如武氷五拡沸騰診肺緩洪唐炸讃澤斬囚撫 +透爪陸垢茂励偽賄賂罵往妥粗泳憎免詭等戒拘統陥呪愁筆犯共哀飼為Ⅱ暖閑恒拍塊詩杯頻郎淫靡筑粋浦齢伺罰屁贄棺桶穫宏柱醤呂沖韓鼓渇渦拾襖 +堵腋燥箸郡儲縛乙萌裸鏡慮訊桁億排蔵隔訂洞鎧却瞥嵐叔襟依刑箒斉査岩季窟亡骸政匹惨奄湖蛍秘謀雪汲嬌貢献婚松葬兄甥戯顎扇嗅蔑祥符仇羨航 +監狩撲悶峙双磁須曰寿仏偶林枝網錠執華詐欺被勃述累曖昧民閣府藪蛇括株享奴巧兵蔽圏域胡瓶房江頓羅牛些彩撮版倫莉栖院竹崎司棟龍雌汎敏薫 +寺綯睨糸雀衛舶´ゝ`厨恋滴塵喧α屑哭劫黎曙封楼螺焉阿剛浩吉麻俊償榊@β繁殖濃牧併ΜⅤ俗祉維九州桜薩摩浄暁伴癒娯亀玩燦枕銅康隷籍綻 +喩顕著遍誌亜℃蝕熊漫阪致災乾釣鐘薬砲銀誕岳肘隊雇奈箇衰村匿米稽稿賑迅雷鳳凰栗痩線赤接趣通倍気顔見番飛大丈占芳捗橙征羊捧盾卑麦滞謡 +六媚洩迂闊轄簿汁煮挫恰詛倣盟拷邁繕誠馴嫉妬怨潔陵鋼梳傍唾督捜睦庁粛措訟呈轟遙朗賭眩喝噤憫膨乳塗拉舟炭酪菌刊坂淵Ⅰ副脛曇腫漢旬穿釘 +寮孝慧芽幌梨富岡狼悠竦柵較擁芯奏悸恩署冒那垣拮刀縫裁芒谷鎌喫刷麗葛銭宛里漕沿串阻酒咲領嫁禿踪猿脆弛薦悩筒雫$*佐揮宴恵紺拙嗤隕吊 +枠皺核妨扁鉱枯盆宗莫樹竿淀乞茜託杞憂湊蚊岬貞惹豊妻尺叉瞑瓜墓逡憲糖皿軟喘鷹党彷彿吻膜弓奨沼賽河恍狗醒脚泡逢幹閲峯杖貨餓炉僅掌諜畜 +奉搾秩煎峡鮮堪飢泌裔脇塩翻遽紐朴欧殻冑錬丹患濁磨疎摯邂逅勤蛾冴朔某凹愕碑眈孕氾濫雅隆碗驕婿養爺噌鶏酢慶棘巾椅紋凸逞套誹謗嘔啖呵椀 +紫脊髄沢諭挿斜痺綜糾躁蹂躙砕饐瀉蝋槽甚慰蛮綺霞犠牲悦痙攣痍憤詫播婦訓揶揄贅虹溺旗菜仙又鵜凌墜憔悴煩駕旺爛蔦獣楚憐姫胞蘇羞偵搬擢填 +軋謙刹需窮叱抽秤抉俵腱鷲慟澹升弔栓棲慈卵賠召滝冠蜘蛛脈柳涯郭霧洲囁弧挺噪嚇蠢棋朱戮猶瓦礫胎ω|憾狐乖蜃Ⅳ肯培炙臣忽駒荘闖肥咆哮鶴 +轢敢堕絆喰嗚咽騎毅炊撒喪埒蜂巣幾槍豚囮嚢餐坦膠凪渾煤榴臆輸拓榜皇邸郊箔厭邦租帝杉蜜肖鉛稲賀惰^丼賃兎炒艦鍾ΣД濯緖錦桐祐彙沌 +鍋墨撰焚芋酎糞褐鱗砦ヽ゜刮肪徘徊暫逝弩涜條禄零券彫埼笛撥殲竜毀逮讐槌妊傭伎僧綱矛 +呟曽紳聡〝礎講頷滾苗飴宵陳劈犇屹朧惧韻腺睥遜眉瞼掻旨捩翳腔暢帽鍔佇疇且姦簀沫髭紡捻徨哉貰枢礁腑逐姻飄咥妖燈酬唖跨簾縋筵尿麓憬倦旦 +購i喚虜恭冤膏燻Ⅲ掬奔瞭捲傀儡廉濤佳唸逗v蹲祀嘗憮貪咀嚼剖弥寛巷⇒咄嗟寓云瘴蔓勿嘩閂貌盲埠憚姜窘堤碍醍醐∀齟齬麺啜踵詠粟宜慕朦賦 +遷藁躓顰楔攪拌畏糧琥珀灌迦聘鋳蝙吾-啓蒙桟摂拐帆斥薙痒掠叡智囃槊鋏賜謳椎茸庵葱苔嗜灰梗昆堯叙藩猟蝶寵磯貝珠巫俳郁曹曾洒祟阜祓裳 +銘漆戴ε≡冲津塚菊-― +ガクフル゚キヤーヘヒクンéàå²ö + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/resource/charset_Robotics_Notes_Elite.txt b/cpp/LunaHook/LunaHook/resource/charset_Robotics_Notes_Elite.txt new file mode 100644 index 00000000..83024db5 --- /dev/null +++ b/cpp/LunaHook/LunaHook/resource/charset_Robotics_Notes_Elite.txt @@ -0,0 +1,50 @@ + 0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz +/:-;!?′.@#%~*_`()゚^>+<ノキリッ$&",[]= +0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz、。 +,.:;?!゛゜‘’“”()〔〕[]{}〈〉《》“”‘’【】<>【】・…~ー♪―ぁぃぅぇぉっゃゅょゎァィゥェォッャュョヮヵヶ①② +③④⑤⑥⑦⑧⑨⑩⑪ïâàé²♥©⑲⑳%–—_/•①①①①①①①①①①①①①①①①①①①①①①①①①①①①①①①①①①①①①①①① +①①①①①①①①①①①①①①①①①①①①①①①①①①①①①①①あいうえおかがきぎくぐけげこごさざしじすずせぜそぞただちぢつづてで +とどなにぬねのはばぱひびぴふぶぷへべぺほぼぽまみむめもやゆよらりるれろわゐゑをんアイウエオカガキギクグケゲコゴサザシジスズセゼソ +ゾタダチヂツヅテデトドナニヌネノハバパヒビピフブプヘベペホボポマミムメモヤユヨラリルレロワヰヱヲンヴ☆★◎○●△▲□■▽▼◇◆※ +→←+-×÷=≧≦\〓&〆追加新項目敗北勝利入力失成功分岐先指定海翔世界救戦誰言前全人類希望俺興味穂所詮自中衝動満最強丁寧不謹慎 +構事国位倒頂点一昴立完了求淳和電源積込英雄軍主公供給開始喋感度良好員押忍体風吹確実続誤差以下正常起済安充率連稼働限時間忘各種異有 +夫僕思悪後輩対応座標固待調整変葉遣減断解除回認居左右周辺範囲地形判用問題締上愛理本日年月天予報伝鹿児島県子屋久方東南晴波高温低降 +水貴重情部集合暇行初今終必戻格闘発進名八汐央校普科組出席号績活研究属詳得意野隠示画面内消小息薄暗室外夏爽駆抜狭熱違汗引心身浴景色 +期台多柄空碧隈半遺産横住火縄銃射場白真昔学舞話慢試遠呼声聞我長帰還娘現瀬乃宮捉同幼頃腐縁程仲遊付呑持口頑張状況隣具倉庫察来使想二 +物置端灯個当然春秋暑冬寒環境芝生雨答額滲的迎考恐教頭会議忙相手側費止粘交渉取原因去無茶要悲壮笑浮焦偉少覚称歴史遡女徒姉設果昇足盛 +近京優経験証拠数知洗脳作効古西矢逆派結何花落評舎技術準備陽陰十伊達金字塔登在駄向習怒削命令飽料特未練木腰放課決流万牙城崩悔材昨神 +品崇説奥深々素奇跡噛怪由切者様謎包才噂光栄揚並拝式基操撃繋簡単読潰裏仕掛局選択他機性能極到注退離油禁徴早精視反平均可処絞値導訳魅 +激狙皆絡論柔攻書法弊害礼苦労癖送疑傷返信嘘痕触別愚痴伸眺揺覆庭姿運歩距総園鳥鳴渡草静残寄独浸哲尊敬眼突途宣表聴衆造卒業絶僻存就職 +肢旅暮願漠夢浪萎観測走夕根唱諦叶将路錯馳態停投専保管緒従負舌打念着含腕適弱髪両容赦関義肩犬勇旧港閉鎖廃墟訪割雑広遮裾死駐滑幅道比 +車寝掲堂直鍵元防燃補踏埃窓涙晶鎮巨略超際乗縦算誇創計図描許町工譲提企段代受継社務妹巡凡胸吐首振頬叩弾幕拳隅棚缶携帯移替欠過例幽霊 +刻嫌這警告抵抗殺百虚#難若憧黄昏識微妙擬似量背痛配膝隙潜勢奪制服汚短更衣皮肉勲章疲質虐輝握男士友納協街夜黒改装家唯営忌明週照臭腹 +遅呆盗買食晩儀休憩転故幸軽羽織宅軒脱挨拶影響角染血美緯太山勘慣慨繰像澄青越迫匂緑丸毎堅禮商店瑞榎怠醸級化粧飾随械助支障売介護厳密 +田辞践鼻蓄飲次蒸器冗談文袋土船便届育師顧彦扱豪語頼条件怖殊急門輪殿慌骨折損欄販破紹円速秒垂跳緊約承兼演躍訴騙猫泣震珍映宿嬉担三賛 +殴菓勉困泥川掃捨橋句箱煙詰敵勧誘辛辣淡履靴団彼価参壊修即噴醜肝健懲印象烈嘲永遇既権益努官僚縮疾涛復暴叫案奮収懸机絵枚巻宝紀及記録 +媒黙昭鉄型狂寸騒係溢析挑幻王邪楽鑑賞唇尖曲宇宙音吸換虫耳径泉冥沈漏暦片溶細朝鈴傘館扉童雰非徳凛漂捌蹴鋭遂拭濡恥弟尽快袖冷昼弁板委 +臼井至戸惑浜峰喜飯批撤咎省留顛末赴任壇善欲請余裕瞬筋博展秀般抱援剰再曜催競獲検討咳払姑束守伐厄晦甘廊蛙延午授罠粒砂仁嘆仰母玉借資 +貯毛誉焼董劇梅干酸荷探屈散豆把彰写溜募荒模索申逃貫孤役班貶胃増遭避憶抹君臓針刺涼第瞳炎尚稚系互坊魂魔推芙歳父農畑挟階玄尻舐釈七壁 +貼与吟斎親寂悟惚綿掴剥歪酷膚拗湿冊危純池床混懇私卓窺伏採迷己毒看圧建舗塞洋客藤治偏添沙汰促劣製賢貧乏香軸紙裂財貿易畳凶獄窒液嚥喉 +潤契愉脅傑肌層粉謝律翌孫族祖甲斐諸刃剣茨都妄蓋覗規驚招姓戚典乱怯罪拒否布札税漱石千侮辱盤鉢責掘四股擦渋節施概芻棒餅閃棄纏漁御順序 +紛老婆忠歯闇没懐則崖凍蒼据披露湯徹底揉熟編颯撼複璧摘威兆候脂徐藍稀弄症群医病療耗策傾貸預丘錆敷郷埋聖滅融踊芸馬星紅侵儚厚綴築溝訝 +揃尾仮潮誓膳贈籠眠票鬼湧昂泊憑清硬之市煌茫奢詞爆祈苛漬鬱陶恨架湾岸惜区駅朽森歌虎克耐睡抑雲剤寡列帳躊躇覧襲争志津也搭載繊歓匠酔餌 +煽氏挙嬢吠審胆俯瞰軌鍛旋鈍浅逸胴祭猛翼矯俄覇辿該凝褒革晒凄魚控彗祝福臨陣尋牽穴穏植捕険球杭遥如武氷五拡沸騰診肺緩洪唐炸讃澤斬囚撫 +透爪陸垢茂励偽賄賂罵往妥粗泳憎免詭等戒拘統陥呪愁筆犯共哀飼為Ⅱ暖閑恒拍塊詩杯頻郎淫靡筑粋浦齢伺罰屁贄棺桶穫宏柱醤呂沖韓鼓渇渦拾襖 +堵腋燥箸郡儲縛乙萌裸鏡慮訊桁億排蔵隔訂洞鎧却瞥嵐叔襟依刑箒斉査岩季窟亡骸政匹惨奄湖蛍秘謀雪汲嬌貢献婚松葬兄甥戯顎扇嗅蔑祥符仇羨航 +監狩撲悶峙双磁須曰寿仏偶林枝網錠執華詐欺被勃述累曖昧民閣府藪蛇括株享奴巧兵蔽圏域胡瓶房江頓羅牛些彩撮版倫莉栖院竹崎司棟龍雌汎敏薫 +寺綯睨糸雀衛舶´ゝ`厨恋滴塵喧α屑哭劫黎曙封楼螺焉阿剛浩吉麻俊償榊@β繁殖濃牧併ΜⅤ俗祉維九州桜薩摩浄暁伴癒娯亀玩燦枕銅康隷籍綻 +喩顕著遍誌亜℃蝕熊漫阪致災乾釣鐘薬砲銀誕岳肘隊雇奈箇衰村匿米稽稿賑迅雷鳳凰栗痩線赤接趣通倍気顔見番飛大丈占芳捗橙征羊捧盾卑麦滞謡 +六媚洩迂闊轄簿汁煮挫恰詛倣盟拷邁繕誠馴嫉妬怨潔陵鋼梳傍唾督捜睦庁粛措訟呈轟遙朗賭眩喝噤憫膨乳塗拉舟炭酪菌刊坂淵Ⅰ副脛曇腫漢旬穿釘 +寮孝慧芽幌梨富岡狼悠竦柵較擁芯奏悸恩署冒那垣拮刀縫裁芒谷鎌喫刷麗葛銭宛里漕沿串阻酒咲領嫁禿踪猿脆弛薦悩筒雫$*佐揮宴恵紺拙嗤隕吊 +枠皺核妨扁鉱枯盆宗莫樹竿淀乞茜託杞憂湊蚊岬貞惹豊妻尺叉瞑瓜墓逡憲糖皿軟喘鷹党彷彿吻膜弓奨沼賽河恍狗醒脚泡逢幹閲峯杖貨餓炉僅掌諜畜 +奉搾秩煎峡鮮堪飢泌裔脇塩翻遽紐朴欧殻冑錬丹患濁磨疎摯邂逅勤蛾冴朔某凹愕碑眈孕氾濫雅隆碗驕婿養爺噌鶏酢慶棘巾椅紋凸逞套誹謗嘔啖呵椀 +紫脊髄沢諭挿斜痺綜糾躁蹂躙砕饐瀉蝋槽甚慰蛮綺霞犠牲悦痙攣痍憤詫播婦訓揶揄贅虹溺旗菜仙又鵜凌墜憔悴煩駕旺爛蔦獣楚憐姫胞蘇羞偵搬擢填 +軋謙刹需窮叱抽秤抉俵腱鷲慟澹升弔栓棲慈卵賠召滝冠蜘蛛脈柳涯郭霧洲囁弧挺噪嚇蠢棋朱戮猶瓦礫胎ω|憾狐乖蜃Ⅳ肯培炙臣忽駒荘闖肥咆哮鶴 +轢敢堕絆喰嗚咽騎毅炊撒喪埒蜂巣幾槍豚囮嚢餐坦膠凪渾煤榴臆輸拓榜皇邸郊箔厭邦租帝杉蜜肖鉛稲賀惰^丼賃兎炒艦鍾ΣД濯緖錦桐祐彙沌 +鍋墨撰焚芋酎糞褐鱗砦ヽ゜刮肪徘徊暫逝弩涜條禄零券彫埼笛撥殲竜毀逮讐槌妊傭伎僧綱矛 + + + + + + \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/resource/charset_SGHD.txt b/cpp/LunaHook/LunaHook/resource/charset_SGHD.txt new file mode 100644 index 00000000..b15af1b8 --- /dev/null +++ b/cpp/LunaHook/LunaHook/resource/charset_SGHD.txt @@ -0,0 +1,45 @@ + 0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz +/:-;!?′.@#%~*&`()°^>+<ノ・=″$′,[\]_{|}… +0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz、。 +,.:;?!゛゜‘’“”()〔〕[]{}〈〉《》「」『』【】<>〖〗・…〜ー♪―ぁぃぅぇぉっゃゅょゎァィゥェォッャュョヮヵヶ①② +③④⑤⑥⑦⑧⑨⑩⑪⑫⑬ⁿ²%–—_/• +βγζημξρστυφχψωÅ√◯⌐¬∣¯Д∥αδεθικλνο +πヽヾゝゞ〃仝々〆〇\+-±×÷=≠<>≦≧∞∴♂♀℃¥$¢£%#&*@§☆★○●◎◇◆□■△▲▽▼※〒→←↑↓〓∈∋⊆⊇⊂⊃∪ +∩∧∨¬⇒⇔∀∃∠⊥⌒∂∇≡≒≪≫∽∝∵∫∬‰♯♭♪†‡¶あいうえおかがきぎくぐけげこごさざしじすずせぜそぞただちぢつづてでとど +なにぬねのはばぱひびぴふぶぷへべぺほぼぽまみむめもやゆよらりるれろわゐゑをんアイウエオカガキギクグケゲコゴサザシジスズセゼソゾタ +ダチヂツヅテデトドナニヌネノハバパヒビピフブプヘベペホボポマミムメモヤユヨラリルレロヮワヰヱヲンヴΑΒΓΔΕΖΗΘΙΚΛΜΝΞΟ +ΠΡΣΤΥΦΧΨΩⅠⅡⅢⅣⅤⅥⅦⅧⅨⅩ∮∑∟⊿弘蓮喘嬌樹県粥匿燦村里衰蛙且扮瓶栽厭稿胄著殖籠媒腎郵舎筐因果律透明背徳再生分淳哉須 +離喪失不可逆境界面上追加時間跳躍空理彷徨蝶翼夢幻形而虚像歪曲自己相似無限連鎖携帯電話呼出仮設定確認岐先指言右耳当通口聞完全音夏強 +烈日射受俺顎汗一滴落染作目前少女首傾見中学残顔今敵地潜入緊張感微塵手押向直人差添黙誰改切会気利倫太郎問題場変報告合的判断雑談危険 +鉢抜駆考機関動開驚声身深息小振運命石扉選択別葉最後刻懐神意志同味表存在知者世数早速足踏正突愚冒使階段来力尽椎名様子膝置額滲拭嬉笑 +実物立込彼幼年齢下歳高妹近家所昔鍵過酷宿負素質以普願安発成功記念銘打本鳳凰院凶真秘密組織狙狂難覚岡部文字幸好取嫌銭湯黄色桶教続半 +諦始東京秋原駅称館登有特許持般詮試奥点化含程度男触集妨害嘲唇元識側放棄野逃巻勘弁語興休昼貴重割独脳天付事件起磁波攻撃揺衝屋震違悩 +多胸騒飛禁止視壊渡黒煙虹燐光舞爆鳴方奇妙体鎮座謎器大工衛星用係建頭疑然答躊躇何員困惑寄思両歩予待隠対応遠匂陰謀巡避決誘導戻姿探踊 +祥示横並欲眺心茶惜締甲冷期想雷翔施供海外火規模卵楕円犬類去流行忘保証浮玉厳貸平初甘金挿勢回挑戦恨輝児握司書皆盛拍迎現壇仏頂溢諸君 +史紀論終片信満態聴衆増注解返望経怒叫恥輪際乗資格若造眼怖線牧瀬紅莉栖友橋田至誌才講演内容春級卒業研究術載紹介掲写丸印象情周囲走従 +売浴図悔引悪迫端整欠比美乱混沌私義捕華麗襲抵抗源慌逸精崩製焦筋縄略撤退隙詰距爛瞳据惚純粋主悲罠薄汚泣辛冗得騙次士颯爽送単帰妥番油 +途着画審映延垂怪舌構帳倒肢護勝席支隅拉致都警戒訴万値皿風拾価能性悶劣互常軌総毛呑悟路消暗腰低慎進角伏服装絡鮮血溜死異殺他蒼白察皮 +斉由必遺裏払広焼肉親葬式恐寒抱央苦鈍吸犯救急車萌求伝謹奮静尚結局穢宮腐液膿傷浸章刺丈夫憶測銃状魔軽午徒瞬千愕摘説未配替我拠末町交 +蔵左折号檜山古居管房旧扱街需要寂店長王寺故市騰道楽材優秀随募属創趣活詳細闇権項派副産序某煩喋僕嫁氏住極即議砕法厨二病乙昨買威圧与 +髪治偏屈腕青非頼針涙舐濃幅担役門戸叩申孤壮計仲恩反懸飽愛沈譲寿修蒸暑扇井閉超景牛丼客刹那量販快響陽炎況奢肩暴澄仕辺暮仰巨墜団狭防 +儀壁破宇宙圏燃噛官如代制呆吐捨矢封狐継犠牲馬蔽国枢符納庫卓台労働飲料良損臓区室貧乏個雀贅沢促窓提衣羽習慣否脱揶揄棚順調推移務校縁 +月減令品具偶則栄挙粒砲繫五殻迷彩公洗練更毎簡隔操到温了駄健凍課験把縫食検討腹痴接専録済秒例誤唸転影守達散敬礼慮骨誉鼻穴赤箱固弱球 +積為参環位覧敷陸涼効森羅越激訝観痛草週珍短届隣剣霊祟科伸幽頬柔肌凄惨裾懇丁寧燥老授瞥輩冠誕系刊留鋭猫析頑弾干唱及域娘姑偉渋港沖降 +億遅伴屁穏夜鏡銀河領船潰拳擬往復机根余矛盾誇絶釈歯第堂齟齬柳林社祓脇川沿釣植木殿巫弊漆憐竹掃除夕刀僧助潮妖雨御武舗清斬邪忍税補酸 +謝師弟云匠鍛斐照瑕滅喜賛訪父棒紙幣商頃宝池袋泊鳥借憑雰熟罪劇噴尻眩型晶新裕吾障埃淀曰昭和揃枚遊綯将儲採算曖昧基板収費磨寝包挨拶朝 +祖久咳阿繁希賃暇嬢硬熱鈴堵災厄遭妄緒遮勉喉潤技稀繰争勃蔓縦晒訳冊読眠索痕跡喫臭妻恋坂賑査十倍埋祭勧輸版展撮徹底排盗璧削桐郁噂賞複 +脚詣詞責任奪備句脅編換条閃呪省眉粘遣症耐約束聖兄案尾堅露尖嫉妬塗水承泳窺毒杉黎姉疾迅馴策胆亡召杯曜幹委敗鑑共臨種顕兵軍歴稼監胞沙 +汰努請政府吹披蘇殊香械寸欧米爪艶康飾俗育鹿漏誓鬼畜暁契憧剰泌塞節歓勇偽凝遂祈塩準苛蛍灯履践疲些適稲漂麻痺等床肝励尊冥福鼓抑悸宛遡 +唯綻蹴溶易呂忙伐布処償錯頻鬱陶充迂闊煮八這曼陀癒弛緩絞架馳州核郊蓄嗅汲酬侵渉倉怠昏撫渇玄佳蟢螂紛唾佐灼獄営看溺札魂繕闘率雇狼狽花 +弄執覆搭縮岸皇北統晴漁缶描薩摩串列裸睡賢投姦英翻掛呵被掘善揉既督三各停叱咤癇癪裁築永膨述企魅宣捜豪滑維拒沽券獣概飯柄猛忠屑哲穫土 +垣拗益脆抹畏宗掌評詭範催旺翌吟憩楊枝盲荒賭戮奴隸褒縛歌荘棋盤駒陣競碁預雄凌駕旨厚漢託沸仁餌喝采怯渦卑疼奉諜協塊遇尋穿浅克敢氾濫餅 +九憎湧辞職膳免漬婚軟候挟梢猟潔四喚津悠遙赦湿侮辱兼便荷麺匹母滞帝族欺瞞淡郷枠蓑財閥戯誠脂乾貼轢叡麓斜島魚骸徴拷径庭箔捉標群占咎粛 +粉砂糖埼航唆雲罵肯愁旅却典徐泰軋絵繊愉援紫怨芸醸凹炭箇畑城百騎凱旋虜牢還靴慢唐稽控招股劫渾揮陥玩獲凡阻署猶挽灰勤柱訂恵没嵐鶯谷掻 +鶏抽坊癖轟諭吉啓嘆紳慰洋讐詐傑苑幾秩顛伊疎巣傍羨煎括西暖雁播贄捧軸禍緯刃軒旦医晦叶邂逅革袖胃糸陵剃裔醒肖櫛梳濡殴桜綺曇診菜民狩妊 +娠垢炸裂拓濁閏濯乳洩噌汁褐盆漠昇栗枕鍋涯甚博芝鳩豆鉄喰礎浚凸忽宅穂層網肘姓酔貫畳盟汝薬掟虫飄旗貌憂該祝芻拝悦腺哀賀擦冴遽臀蒙斑庇 +泉浄培養辿娯倣穹漕牙羊宴逐稚猿晩餐拘逼矜襟剥禿踵肺腑脈酒仄朱岩檻虎眈峰均筒融拡療漫籍依績芽廃征幕欄芳剤誹謗溝巧顧蓋粗剛贈刮窒泥訓 +熊帽兆貯偵菓揚絆顰蹙菖蒲邁毅浜鷲闖隊覇硝園墓童傘煽梯痙攣綱蜂膜茨筑藍橙煌柵朦朧嗚咽瀕靖徘徊洪瀉嚥唄嚇俳傭摂駐惧忌辟抉豹閲咄嗟踪胴 +較釘刑崇貢献班拐紐咆哮頓挫患紋翳碧措萎捗佇搾摺儚濾慨杖兎葛藤暦樽凛繭婦孫筆皺綴吊秤湾謳涎窃蹂躪紡峙摯雪慈牒腋給牌錆季嘔氷姫杞蔑冬 +零憔悴芯溌剌靄栓脛孔媚撼彗郭牽臆堕濤累醜琴恍睫隈党肥貪埒麦辻褄柑橘腔珠昂澱斎桁襖椅棲貞赴閑蜃楼矯乖腫罰鐘蚊薔薇錬梁膏豊富砦朴僻猜 +鉛蝉謐鞘謙遜弍傲呈敏滓批茂賽錠虐靱戚噓購廊咬衡耗懲逮巾貨塚南茅撒漿訊堪沬乞槌泡窮遵崎湘龍酢亭墟杭燈惹漸緻髄怜悧槍又鱗緑囮憤糊凪孵 +朗彿庁貰藻酉僅瓦謂勿此株農沼攪諾塔婆熾轄双凵弦筈淫宜纏殲痩烹捏飢鷹詩剖磯江俊Я‐ëéüàö \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/resource/charset_SG_Linear_Bounded_Phenogram.txt b/cpp/LunaHook/LunaHook/resource/charset_SG_Linear_Bounded_Phenogram.txt new file mode 100644 index 00000000..d405a916 --- /dev/null +++ b/cpp/LunaHook/LunaHook/resource/charset_SG_Linear_Bounded_Phenogram.txt @@ -0,0 +1,44 @@ + 0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz +/:-;!?\'.@#%~*&`()°^>+<ノ・=″$′,[\\]_{|} +0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz、。 +,.:;?!゛゜‘’“”()〔〕[]{}〈〉《》「」『』【】<>〖〗・⋯〜ー♪―ぁぃぅぇぉっゃゅょゎァィゥェォッャュョヮヵヶ①② +③④⑤⑥⑦⑧⑨⑩⑪⑫⑬ⁿ²♥©%–—_/• +βγζημξρστυφχψωÅ√◯⌐¬∣¯Д∥αδεθικλνο +πヽヾゝゞ〃仝々〆〇\+-±×÷=≠<>≦≧∞∴♂♀℃¥$¢£%#&*@§☆★○●◎◇◆□■△▲▽▼※〒→←↑↓〓∈∋⊆⊇⊂⊃∪ +∩∧∨¬⇒⇔∀∃∠⊥⌒∂∇≡≒≪≫∽∝∵∫∬‰♯♭♪†‡¶あいうえおかがきぎくぐけげこごさざしじすずせぜそぞただちぢつづてでとど +なにぬねのはばぱひびぴふぶぷへべぺほぼぽまみむめもやゆよらりるれろわゐゑをんアイウエオカガキギクグケゲコゴサザシジスズセゼソゾタ +ダチヂツヅテデトドナニヌネノハバパヒビピフブプヘベペホボポマミムメモヤユヨラリルレロヮワヰヱヲンヴΑΒΓΔΕΖΗΘΙΚΛΜΝΞΟ +ΠΡΣΤΥΦΧΨΩⅠⅡⅢⅣⅤⅥⅦⅧⅨⅩ∮∑∟⊿Я‐ё眈擬彙且扮博県揶揄糊礁頒媒嘲糖醤祥箸蝙蝠蜥蜴蜉蝣蜻蛉蟋蟀蚯蚓扇詣批燦河皇帝斧 +追加新項目壁紙着信音走査線上悠遠不変絢爛仮想黄昏色睡励起迷宮錯綜桃幻都幽霊障害雨鈴曲三世因果月暈携帯電話呼出設定確認分岐先指紅莉 +栖真暗空間何処私軽頭痛右見左漆黒塗風聞繰返時計感覚剥奪室入薄気味悪鳴響冷静記憶遡誰自問邪魔糸辿無視思考乱一体岡部手名前浮女性姿故 +朧同識牧瀬瞬奔流溢脳内通過年誕生日怒決的裂迎伴渡努力重飛級大学卒業今科研究所員勤本章公中鉢乗完成念会開来高校逆留帰国後殺違講演白 +衣人混複数交仲良倫太郎彼死言現行技術延長作興湧訪当直接去送実験検証程最初戻順夢在眠理状範囲徹夜改機能応用度情報進化昼場合支配正解 +葉義伝達事象齟齬然物語離滅奇妙貫外刺激対連深必要受容蜃楼存可以権利務始収束告付意揺動心奥濁耳円環歯車限螺旋描永鎖軌跡知救身待方吞 +込鐘慎繋終口向宣型界史発圧縮厳密制約類越段律超全紀明喜声胸論形衝好持熱押余未書換有常覆原結下立破失敗取除排消神等軍政治価値将点盤 +核者独占態均衡爪痕残波他由危険惧否奮欲望突元負至橋田狂鳳凰院凶称番式引張天局製途厨二病提案選促説特異装置側表徴述簡単質潰題操注息 +少難充様子再沈黙互顔窺扱続寂火切咳払周回止議褒為葛藤偽使際試紛善省己資金求海況据男剣恨呟面困父件悩眼差代関譲家承渋運氏低基添頼判 +断従被放早朶打勢封多随幾器恐怖任仕削申得算普跳逡巡経膠眺挟例買屈託頑精杯硬納肌愚週十漂緊迫落旅誘惑唱領域次足踏整備貼執職親友疎般 +宇宙創恒星笑欠停拍珍忌避半眉唾拠根山非与命幼頃強別振居標社呆偏午寝祝保教授輩宴近食飲担漏反替端映光景驚愕弾崩腕壊鑑控展幕財産個絶 +震戸安渾辛酸舐老苦悲刻貝閉唇悶騙衷詰調寄逃駆散孕投秋街如階降疑符道背扉王寺慌俺首傾唸店綯駅園遮字路央礼妻恋探彷徨裏地タ絡蜂蜜琥珀 +染久喉渇販爽快炭料銘柄缶毒勝我観察慮吹相犯罪猫青森緒助働台詞勘誤弱量泌草格許繕楽比雰抱期画示捜埒願祈予遅穏届昔広率固速係板盛客導 +像騒構歩巻渦焦燥迂闊嫌筋滑疲小服登憔悴肩貸雷芸詳捨陸酷締旦虚血床嗚咽屋狼狽亡鬼銃撃倒尽涙鼓共素粒隠匿組織秘犠牲隊襲訝答諦躍璧効嬉 +嘘幸福忘叫警荒唐稽官偶細吐獄輪廻劫劇循写噛嘆健康木委妄抜横嬢那談抵抗策齢掻乏恵及爆宅移品種賢臭即座層東京富士駐檜穂娘擁愛奧医鎮剤 +挨拶柔和君握暮派僕供師匠族住属遊御茶水掛売却庭馴優介急懐怜悧鋭触斬油俯瞰鷹祭鉄干渉影戦慄捕捉狙具極推土侵守巣鳥労喪希訓練耐積平維 +補芳羽到底乙済棚主没営裕責苛春短覗魅伏活両役割雑宿誇嫉妬恩協針賛辺含革布増商航銀需狭益築模索門島暴民陰謀騎団邦母胎挙票潤喧嘩規赦 +闇顛末酒紐縛怯喋髪転罠揮古昨殊監卓源八測皮肉貢献借則歴育境縁裁儘隙系企撤更微英駄休摘夏隣冴吸逸復惜釘図雲霧熟剰恥疇遂適材乾文肯孤 +朝該披露志摂阻馬鹿析帳憎減法オ績頰痩費滴泣瓦翻冗翌佐液晶造枢拘功蔽迅枚赤号南損野丈夫堪退陥撫西臨釣湾箱港敏遺庁悸帽緑悟懺悔跪慟哭 +魂千詮欺瞞曇浅浸養拳傷罰包伸訳荷濤軋轢児矜垂氷刃臓把摩惨雄弁叩禁似甘美脅秤万冒涜償百鈍尻句汗脱満愉絆僧併拭条蓄準砲捻耗机稼浪預軸 +舞総巧閃褪綺麗施歳継埋片清敬球慰咄嗟射易卑勇温額読北欧儀審堂豊慢黎潜揚沌湿泡武獣獅融敷択第塊鉗髄四胞隅聴香五拒酩酊絵窓課貴胃慣遭 +遣肺参噪抑瞳紹忽谷菓歪虫略惚舗争攻胆萌郁桐撮臀蒙斑誌禿怪盗評並宝競挑杉阿噂椎邂逅拝縫袋集嫁敵紳膏翔烈秒エ甲斐泊浴距載昭埼玉謎畜了 +丸栗飯煽尊肥暇腹蔵庫嗅漁冥呪印偉蔑孫貶矢石典釈拗皆建列俗鍵謝恣館厚腐致拷凝炎拾防晒癖秀依趣季姓姉戒位詩照鼻憩骨掘殴膝踊垣妹若衛毎 +些掲鬱腰還寒管修房灯須討席既尾蓋洗催柵穴沿看旧廃墟陽習援井醒棒錠箇丁寧綱患班訴猶某透噴冬躊躇搬療撲衰鏡嬌絞尋矛盾卵闘坊賑華喫輝飾 +栄憧歓掴区頻繁市堕爬鱗牙奴征蒸墜護匂裳賃倍刀倣兵甦襟筆歌伎版純祖凄紋刷漠畳曜柳林頂戴晩謙遜折節暑賜鎧洋颯穫衆猛酔較朦霞威涼災厄囁 +舌這嚇堵沸花招蜘蛛靴丼煮魚焼咬繊逢臆訊群匹弟傑崇斉玄泳滞頷羞忙掃吾捏辞汲哀殻滲赴川町蹴孔朽尖穿蠢汚砂煙礫巨奢懸詐靭誓緩埃肘忍粋盆 +濡腫便幅磁咎啓灰腔芽録拐搾蛇欄澄陶各憑拉宛牛乳賞募寸伊詫雇徐辟村聖奏蓮膚腺癒蘇鮮脈粘履塞樹脇粉溶樽米稲往鍋麦抹唄煌仁誉惹竹柱搭浄 +貌彩角六瑕燃豪兄昇撒茫契傍仰艶株銭又署捺吠械兼賭膜慨診忠饅泉卍旨池婦億墓儚傘荘陣贄沁堅枠網脆窮胴溜緯括肢肝攣給屑宜縦植獲毛蚊牡牝 +煤札灼芯轟軒暢疾窃逮磨憤詛隈郵叶皿妖脊壱弐蟷螂吼七鶴翼雅屹釧丹哮躱砕瞭擲絨毯睨晴懇嵌刹覧骸淡挿城諸序冠令呈請恍編専盟奉羅賀汁呻薬 +袖豆戚仏刑瞑吉膨揉貯皺麺湯拓枝凡痒疼妨庇拡串洪顎遇豚泥朴餐昧痴漢菜槌零勉塾笹贅沢冊蒲姫彦旺芝厭曰司饒諜潔蒼迸蝶嵐壮睦綻仇貰飽暖壇 +鍛塚揃羨怠概窟塵辻褄枯餓凛僅哲凍炒候徒淀筐壺股葬昌廊呂糧症淹篭採劣懲鉛宗筒咲裾函塔湖擦侮顧統唯挫顕著馳怨播宥郷朗訂喚桁是腑儲耽狩 +錬党虎圏府喰犬腿憐貧衒曖酬童貞倉購籠鷲妥遥巷沙汰副棺俄縋竦勧劈錐瞼湛畏碧帚叱煩啜毟尚撥咥弔靄祀袂棄囚噌礎餅頓漫椅軟愾裸吊勿逝抽券 +撼税遷癇郊亜船坂盲暁畑濃肴桜曽董巫麿糞浜誠捌撹就洲飢兆祓讐瘴纏殖伺凹溝偵稿殿粧双雪剛淳哉悦弘磯江俊秩稚架祉楕督隔祇阪勾諧謔弄松釜 +騰婚敢舎 \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/resource/charset_SG_My_Darlings_Embrace.txt b/cpp/LunaHook/LunaHook/resource/charset_SG_My_Darlings_Embrace.txt new file mode 100644 index 00000000..c6bb9fff --- /dev/null +++ b/cpp/LunaHook/LunaHook/resource/charset_SG_My_Darlings_Embrace.txt @@ -0,0 +1,44 @@ + 0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz +/:-;!?\'.@#%~*&`()°^>+<ノ・=″$′,[\\]_{|} +0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz、。 +,.:;?!゛゜‘’“”()〔〕[]{}〈〉《》「」『』【】<>〖〗・⋯〜ー♪―ぁぃぅぇぉっゃゅょゎァィゥェォッャュョヮヵヶ①② +③④⑤⑥⑦⑧⑨⑩⑪⑫⑬ⁿ²♥©%–—_/• +βγζημξρστυφχψωÅ√◯⌐¬∣¯Д∥αδεθικλνο +πヽヾゝゞ〃仝々〆〇\+-±×÷=≠<>≦≧∞∴♂♀℃¥$¢£%#&*@§☆★○●◎◇◆□■△▲▽▼※〒→←↑↓〓∈∋⊆⊇⊂⊃∪ +∩∧∨¬⇒⇔∀∃∠⊥⌒∂∇≡≒≪≫∽∝∵∫∬‰♯♭♪†‡¶あいうえおかがきぎくぐけげこごさざしじすずせぜそぞただちぢつづてでとど +なにぬねのはばぱひびぴふぶぷへべぺほぼぽまみむめもやゆよらりるれろわゐゑをんアイウエオカガキギクグケゲコゴサザシジスズセゼソゾタ +ダチヂツヅテデトドナニヌネノハバパヒビピフブプヘベペホボポマミムメモヤユヨラリルレロヮワヰヱヲンヴΑΒΓΔΕΖΗΘΙΚΛΜΝΞΟ +ΠΡΣΤΥΦΧΨΩⅠⅡⅢⅣⅤⅥⅦⅧⅨⅩ∮∑∟⊿Я‐ё松筐崎偵湾岸緑株燦冑詩蜜宗鑽霜殖庁逮攪諾銀龍墜遭港婆摩氾勃轄挿川岩輸狩猟蒲唱 +追加新項目壁紙着信音星屑永劫回帰黎明曙光愛幻創楼閣都市根源携帯電話呼出仮設定確認起鳴動華氏度哀哭悲嘆相克失楽倒錯封神猫耳乙女迷走 +螺旋破滅終焉分岐先指倫太郎時間流転死臨存在生消有限一方過去未来移超自然的悠無英知持者真智語溺泳術近第歩場合使思頼菓子買感母揚冷蔵 +庫入言右当通口聞完全室内渦巻喧騒熱気中俺顎汗滴落床弾前少首傾見学残顔今敵地潜緊張微塵機関差金已得運命石扉選択手改何状況理解努疑問 +増忘案椎名研究所狂鳳凰院凶人質覚高幼馴染題様変岡部始牧瀬視線暑苦占拠痛調男橋田至称稀代腕突立伝貴泣黙蘇助紅莉栖私派細奴睨沸点低後 +仕返止執念怖歳大飛級卒業世界雑誌論文載天才脳科史説障事実若夏日本逆留弟志願属乗態海外用量狭断決尋奥屋広物置果意味成祝宴会行続作号 +台総準備記憶令違訊濫発単条件反射連東奔西現含計混常考員伴揃余験功察瞥声上我カ開端表向達段支配構造替沌道具程遠隔操可能初副産数隠送 +驚干渉例必購宝番受取済象絵空凡最重答幾証故紀遂類歴塗宣葉足箸愚民餌食週館講義興経教三皿並弱屈辱慢偉畏敬抱緯共多付司戦互不議悪穴届 +魔眼以降影響与身延長特殊償素頓検暴厨二病怒露丈夫試練傍年好甘享勤集致白衣翻粛円卓満君喜萌郁秘技性煙訂正効難謎込秋原階建古臭居管エ +房需要扱極店厳風体主恐彼策檜山同借依僅家賃脅迫任阿万鈴羽雇士心礼良齎参閉勝震育弊害下休息乾杯待血傷嘘誤化触堅喫茶垂妄想強引奪更畳 +掛普緒深漆黒闇七鍵守護盟約末由妹憎黄昏団矢報節背清楚憐和撫際誰甲斐眺衝撃夢告対縷望託親昔杞憂安謝敏別趣僕馬鹿圧師面閃速繰攻勢桐編 +昨半崩舐抜貸欲独漏芽喪切統進机怪鎮座胡散魅紹介悩順挙濡還継眉押頭妙晴品演折遊他悔傘早危奮娘焦隅遅炭酸飲料吹荒激瞬鼻叫喚掃除戻胆働 +宿優等習校字勉姿尽資製因欠訴簡預益片野領域係容次潤沢軍諦奢陣只侵忙禁邪喝元略撤退北急務険冒為涼比適左直渋谷雷翔歌擢爆波曲街飽獄喋 +鏡瞳陰壊礎暁展句注挑越材放規模映像駄小犯罪法結局算頃装笑浮炎踏途側否両振寄添短髪慌綯挨拶竦父珍獣糸兄困王寺供癖裕吾歪繋崇井揺埃針 +騙卑怯非情軽浴皆予窓嬉偽仲嘩油売盗仇掲示板顕月再巨個異曰束位収友喉釈駅賑衛刺整離社渡柳林境鮮赤袴巫系劣似宮包毎握刀欺妖五雨剣武器 +舗鍛怠斬格勘丸虚穫久蔭交尻裏殿貰倉奉納祀治江戸期書槍胸客暇訓申訳夜乃画固漁籠精販績補玄腰課槌打凍役純懸促褒美横涙寝腹嫌札探陥寸浸 +眠平般冬湯透帳劈駆敗覗遥景服周囲各嫁恥央図惑毛許呆詰徐慰昼巣責蚊層鳥肌割冗談旅族底水討土曜猛檻逡巡捻随午斉偶凝囁臓疾侮戯蓋色把基 +削寂陽衰訪昇輝脇肩快劇舞忠伊滾罠絡刻飾迎紛席筋伸修忍群青薔薇藪蛇形惧接応酬隈埋タ些催疲恩倍膨肉殺粘辺薄暗稼制拝被呻浪費酷額値価絶 +識捏咄嗟防摂睡弄掴慄免径環組頷測絆輪恋嵌温脈拍逐査春印芸跳訝罵匂漫擬秒火花昂罰齢処即諌鞘争旦判析池丁寧併充詞保暢路逃了角慎十惜脱 +却商換易避静且御晩猶壮耐嗚咽恰諭唇噛隣窺既矛棚労謳頑減叩痴唐舌締協暮泊草襲紳辞評蒙斑誓漂沈迄逸渇録暖藹羅列威腐忌骨髄剰穏営抽及読 +活幸乱肝据健康袋症勿呷雰朝範溢抑悟貯概枚辛聴恵希儲招祈眩暈烏滸六従照禿燃殻砕覆搔儘璧負唯救憊斧尉坊蒼慣犬拒賢裡城誘施儀複窟滞住距 +車徒瞑導観圏魚毒履洗濯須縛抵抗百譲縄頂戴甚如煌斜翌聖島堂奇緩饒寛就職門輩撮看写潮版権審頰癪噂衆膳冊闘詮奈提推船国尚警誉較貧喘唸躊 +躇械投型媒町柄詳滑稽曾遮払兼捜索貨痩徴八綱潰率飯骸肢呂醸煮顧屁柔諸賞賛政府呟冠晶築己利停区請徹絞描泥沼馳弁蓄積癒膝損俯貞復律軋雲 +纏昭枷旨担専求耗滲尺疇茫潔浅彩跡辿鉢捕懐拾詫箱騎揉遇跪擦赦傲遜庇蹴鋭焼痕網醜戒到隙躯式堵狐抓逢韓狙没幕歯玉蜀黍裂種登塩革採仔闊刷 +凄公愕踵淹呈競巧豊富籍俗老惨穣肥椅絨毯敷磨洒米嬢密飼銃園慮秀医盛帝臆捨拭吟阻京炙撒舎柱摘僥倖拓姉襟尾四監勇援蒸嫉妬霊婚植辟垣紡往 +吐披縫幅曇宙殴紋綺麗溶廃棄豚球汚鈍繁序章憫舟召羨虫獰歓云仰隊祭擁毀懊叱這乞芝厚著批隸煽胃貌魂千眷呪叶翼屠牛耽沙汰遣艶尖宅木廊鉄褐 +錆缶布靴婦則欄踊錠筒搬陳栄香嗅淡朶剥旧裸縮穂虐濁濃啞梳荷贄愉覇賎采鬱陶騰沃伏獲虎牙娯契児企妨孤芯拳嵐刊哄抹誇勲唾狡猾颯爽標榜咎税 +覧津党薬洋挟噴授州爪亡讐排吸翡翠澄粒洪便櫃財捧裁券福紫晒縁謀候弛棲椰織帽惚軌陸狼狽贅悦謹艦粉灼砂浜犠牲蛙雌雄賭貫憩粋沿萎湿咤励菜 +盆典慈腔箇維刃藤撰釘杉晋飄桂煩祖葬墓苛梯貼磁棒塔緻腿悶枯琴烈丘陵寥脚豪童乏藉恫酔扮慕怨剃羞姫委綿吞樹樅森憧憬躍豆閲灯雫兵帛卸九泉 +溜庭枠諜湧桜鑑朱吊埒麦綻醒鬼丼窮畜縦紐梱虹鎖緋腑熾鐘肺灰腫藍茜碧檀葛串掘套戚奏扇籤吉幌泡逝票募稿鼓敢幹善療朗堕疎勧朽某幽蔑稚液塊 +餅硬寒郷核季肯酎酒雪秩氷魑魍魎恨煉裾瀕襖枕災刑銘寿袖征仁僧熊咆哮琥珀筆膜溝盾麺堰垢瞼儚胞零繕咲淀姦兆曖昧仏股茹燈兎礁邂逅睦控啜竜 +蝙蝠鱗蜥蜴弥呉漢此符献鵺猿狸皇南丑寅禍匠妥遺滝蠱綴捲皺轟詭蝶践堪咀嚼悸粗暦拮釣弦迂齧億嘲喩郭爬藁遍疼鱈均衡培凛赴哲掌刹那彰皮膚囚 +鉤脆睫亜莫槽養糾貝彷徨淫猥誠霧伺疫是遡懇苗姓誕承貢刮痍撼砲患官詈慟渾臀惹澱掠栗頻臍翳該宵航熟貶轢蟇憑筈凸郊漕剛浩麻彦俊榊峡省融匿 +架累邦鎌双彙傑班玩述搭糊胴将臣博帥欧雀宇揶揄竹農耕厭祥薙 \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/resource/charset_SINce_Memories.txt b/cpp/LunaHook/LunaHook/resource/charset_SINce_Memories.txt new file mode 100644 index 00000000..d300fa62 --- /dev/null +++ b/cpp/LunaHook/LunaHook/resource/charset_SINce_Memories.txt @@ -0,0 +1,43 @@ + 0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz +/:-;!?′.@#%~*&`()°^>+<ノキリッ${},[]= +0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz、。 +,.:;?!゛゜‘’“”()〔〕[]{}〈〉《》「」『』【】<>〖〗・…〜‐♪ーぁぃぅぇぉっゃゅょゎァィゥェォッャュョヮヵヶ①② +――― + あいうえおかがきぎくぐけげこごさざしじすずせぜそぞただちぢつづてで +とどなにぬねのはばぱひびぴふぶぷへべぺほぼぽまみむめもやゆよらりるれろわゐゑをんアイウエオカガキギクグケゲコゴサザシジスズセゼソ +ゾタダチヂツヅテデトドナニヌネノハバパヒビピフブプへベペホボポマミムメモヤユヨラリルレロワヰヱヲンヴ☆★◎○●△▲□■▽▼◇◆※ + +全日記憶始鷹也腹減時簡単仕事依頼人前会思俺隼誰罪背負言行待兄貴必死絞出声幻風景切裂先視界広見知顔凛黒瞳写間抜自分身距離息呑起返相 +変細唇笑形作傾首動合髪流一妙鮮烈意識覚醒寝私珍楽北條通大学水元幼夢世部現実戻胸指回隣示立陽詩伊勢正解不手厳物苦眼鏡奥冗談乱暴駄目 +眠姫王子様番探木陰柄葉抗湧上途体少要徹夜丈夫心配表情向屈込軽制馴染直男女適辺昔感慣受入嬢噂当本達付稚園頃違成長理家住澄空有数名父 +親地代役政治祖門血筋然生完璧隠般的庭育市民気使話客観友何突休方別普甘線続調管屋業両最初決教師説面降伏仰茶化照即参挙吐昨好小発売緒 +族年嬉交互含頂題堂多願聞引後仁急二無今度優戴持汲頷以謝走期冷静保芸味伝社用車場移営域密着我員忘働明雑主材座藤了基力草越定修商店街 +混整種済常連式第晴良雨下快進握助席揺任足遅刻横読内買収載態瞬渡想像勝赤信号差点停止右海沿睨諦山登青左曲坂道抵暫咳故周困伸嘘際輪中 +同士潤滑油結眩輝太惑星集奇跡存在幸純粋興奮弟性格恵得難悪緩電十冊抱廊歩階段往復来半経確書埋隙古卸運繰口駆取落英考申訳頭低高校君開 +尋反応押逃飛扉閉肩跳酷驚惚藍乃法律触馬鹿積次構崩飲失礼丁寧乗騒便利重宝八幡宮駅者預査節約三芽給料夕飯命令妹春験迎対特品把送担怒予 +母病逆帰窓振神奈川県関東光仏銭洗弁財天寺秋加旅夏浴砂浜尽館芦島賑沢遊去録症激増蝶床毎食注文側百除届可称殊状換製造倒産工削根週末務 +所町鎮角宅鷲雄外鍵昼残麦邪魔寄机詰置覗姿留守放級端仲間欲脱軌旧射答華甲斐真亡他宙浮扱技術革新老朽替更斜繋希望挟割嫌由将卒婚庶責改 +摘色消音戸訝挨拶似呆追遣提案燃殺脳裏敵蘇憎係許彼接覆到誘延々断片掴包個機導喧嘩絶終局強叩痛鈍服朝計鳴微納坊位早股短布団這健康睡限 +若晩潜卓椅壇炊碗噌汁温白巻卵焼魚豆腐綺麗盛婦満喫眉午忙準備揃習近影響敏察塩鮭深顛論議娘歳捜程拝張画剣欠勧貸贔屓呼寂報支愛余裕講義 +課念認効耶趣打絡腰傍証遠慮侍矜叫平非怖充危害及警戒漏促雰囲喜転釈針絵描従建並暮築懐供穴頻繁否柵掛質敷玄筈久掃壊如語処懇却維費共図 +棚狭森斎類室挨舞居和軸飾縁柱奴字盤秘耳舌価値貰凄恐素巡徒凝震頬涙侵咎脇腕折踏里美告猫月曜秒路退偶忠泰伺僕籍迷野果汎額払金緊固狙畜 +穏徴怪誤黄玉銃刃衝撃与印象功国被富層俗勉選資源姉郷再歴史鞄撮恥軒慌各算円雇安都徳酬倍醸黙設試判賃裁量寸阴斉朗暇岸公塀派盗犯順御褒 +菓熱滞吹逡臨展捨拓詳石鳥沖縄看板眺湘南紹介肘仮稲穂齢悲淹杯香酸辞土丸契領儀枚例浸惹披露過永唸争揮拒鱗焦審傷犠牲攻略戦障謎泣贅販奢 +銘球候補散策皆疲装活舍逐継豊堅氏愚痴束邸超捕佐荷繕塗衆院駐葬悔憔悴険昇柔勘紅洋職専厨房属施徐速沈避井賛喋殿唯漫誌缶悩借曰禁型区魅 +能推吸餌帯喉濡底刺撫慰奪投授火干万抑釣鼻求損精労箸泳児恋就童妊娠憧酒咥規排該監訪菜検討翌歯企測頑宣盾陣至倣膝膨弛締釘糧範敢聴央蔵 +索台帳博籠概昭欄○廃棄司架庫請紙鉛筆益省羨箱肝愕矛剛迫爆噛花添哲慢枯袖暖悟裾招羅慎奏句援帽拾戯潔千縦植醜件権棒梨況袋札陶酔栓蛇圧 +条偉塊嬌汚旦那独詮婿譲薄票凍綾瀬既泊揚祝乾豪泡穫曾翡翠融極府顧宴贈盃酌没拗尖尊敬縮煽覧緑採掘拳濯執具摯防医恰枕畳垣鋭弱忍矢襖季幽 +霊昆虫怯暗闇脅兎比渋捉靴履協臭逸溶随堪湯壁清汗軍拭巾賭嫁鐘剤憩陥組踊歌才揉列幅努零魂叱己咳催未競乙隅庇癖叶章槌錯胡坐据鎌伴侶福翻 +朱肉容拍滅淀稼募器袴鬼庵舗京鈴税署郵衛薬項皿輩雅猶儲境匂漂祭煩噪倉芝紐択武抹涛嘉舐粛模映厚控倅橋疎刷購総占杖沙汰憐賢婆溢冬淑併躍 +訴誕為遽召乳谷疑挿硬遮幾環涯救致易毒陸兵研究鎖評剥刀善兆原因拠訂双丘挑編異歓蹴猛操疇則尻尾握恨辛旺弄浅襲贖幹偵呂灯忌凌駕誉鼓膜寒 +騙謹濃訓潰封筒宛官貼養護西逗敗典踪酒奨詫渉灰雲傘雷蒸葛淡承塞系統瞼瞑哀粗米牛飽遷版遺隔煌紫虹七橙絨毯謐瓦妻捻唐躊躇幕窒倫療遁貞憂 +鬱紛渦粉遂暦竜城舎陳五樹託匙綴笹培絆逝破曇骨溜掻摺驕拘冒複誠誓波赦偏肢悠遙囚萎虎諸練遭剰織彦逢窺析攣遇励嫉妬羽凧傲勤償亘宜塵威癇 +摂胆憑睡較竦粧馳懸恩郎穿熟貧薦愉滲乏厄曖味蚊唆砕械埒等吉透囁縋岩犬飼刑率鉢嘲咄嗟迂闊罠泥狐狸苛慕憫訊劇垂瞭緯志貶諾凶豹惜携啖呵荒 +鳩磨胃液跨勇謙虚誇痒迅阿弥掌晒歪濁喰稽楚虐做牽隈惨演蓋貫貪嗅釜耐懺躾朧罵嘆掲付村縛漕奉旨宗篤娶餞儘弾錠梁嵌祀孫霞儚咲四鉄箇津縫俯 +罰掠詐欺毟祈枠俳漢宇洞蒼委符皮暑漠是顎丹煮卑昏捗臓閲銀刊咤遍箋某巧毀糸舳辿儂呻凹藪偽貢飴鞭恫喝祉仇述袈裟渇涼痕謀棘瑕疵辻棲澱肌躱 +醍醐狼狽廻蓮托賄賂爽饒炎糾撤遜噴甚匿繊栄殴睦湿脆痺脚阻闘壺臣匠梶拙党閣溌刺免績滓殻賞獲颯噤霧弔狂拡紀套践悶湛瓶妖皺蔑粒毛喩綿輸拵 +軋簿献掬矮嗤讐墨澹蓄憤怠煙詈嵐嗜廉冠碍妥僧旗酢腫些詭姑焚綱氷劾媚僭憚牢曹唖輿閥侮恣蠢芯墓伐杞粘弊懲臆遡偲閃寿罹須諳恒慨啄戚沸騰麻 +航衣濤呈標肯逼巣暢櫛梳畑膳秀堵科禊茜肺峙序錬鍛牙盪杏冴燥漁吊塔群窟佇挫甥撲靭誅篭鍮鍋胴爪旋蛮僅孔循郭躓莫墜裸凡曽畏繭聖斑軟磁湾礎 +董勿鶴岡圏券彫勾壮貯悼睫嫋鑑傑宥貝糖墟宿癒蹲朋暈船頓訣藁韻括兼舟瞠唱詞紋冥賠醤扮忸怩雌吠穹轟貨饅雀慄辱爛浙江隗昌劣禄諌碧班紡芻吻 +捧堀砦炒椒絲淋柿鶏蛋咀嚼罫譜棲詠呪刈凪潮宰挺彩賀酎擦妄妨膚云梅彷徨辣蕩孤牧抽渾翼翔M蝉茂熾萌瞥旬掟耽搦枷攫謳柴諭需捌匹苺雪滴函凸 +垢駈諍飄腺拐囮渥艶狩孝嵩腔檻疼搬寛賜啓九窮拉昂脈均督怨恭逮讃災肖誹謗遥摑裡六荘崖擁*癪 \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/resource/charset_default.txt b/cpp/LunaHook/LunaHook/resource/charset_default.txt new file mode 100644 index 00000000..fd98ce58 --- /dev/null +++ b/cpp/LunaHook/LunaHook/resource/charset_default.txt @@ -0,0 +1,125 @@ + 0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz +/:-;!?′.@#%~*&`()°^>+<ノ・=″$′,[\]_{|} +0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz、。 +,.:;?!゛゜‘’“”()〔〕[]{}〈〉《》「」『』【】<>〖〗・…〜ー♪―ぁぃぅぇぉっゃゅょゎァィゥェォッャュョヮヵヶ①② +③④⑤⑥⑦⑧⑨⑩⑪⑫⑬ⁿ²%–—_/• +βγζημξρστυφχψωÅ√◯´`∣¯Д∥αδεθικλνο +πヽヾゝゞ〃仝々〆〇\+-±×÷=≠<>≦≧∞∴♂♀℃¥$¢£%#&*@§☆★○●◎◇◆□■△▲▽▼※〒→←↑↓〓∈∋⊆⊇⊂⊃∪ +∩∧∨¬⇒⇔∀∃∠⊥⌒∂∇≡≒≪≫∽∝∵∫∬‰♯♭♪†‡¶あいうえおかがきぎくぐけげこごさざしじすずせぜそぞただちぢつづてでとど +なにぬねのはばぱひびぴふぶぷへべぺほぼぽまみむめもやゆよらりるれろわゐゑをんアイウエオカガキギクグケゲコゴサザシジスズセゼソゾタ +ダチヂツヅテデトドナニヌネノハバパヒビピフブプヘベペホボポマミムメモヤユヨラリルレロヮワヰヱヲンヴΑΒΓΔΕΖΗΘΙΚΛΜΝΞΟ +ΠΡΣΤΥΦΧΨΩⅠⅡⅢⅣⅤⅥⅦⅧⅨⅩ∮∑∟⊿亜唖娃阿哀愛挨姶逢葵茜穐悪握渥旭葦芦鯵梓圧斡扱宛姐虻飴絢綾鮎或粟袷安庵按暗案闇鞍杏 +以伊位依偉囲霻夷委威尉惟意慰易椅為畏異移維緯胃萎衣謂違遺医井亥域育郁磯一壱溢逸稲茨芋鰯允印咽員因姻引飲淫胤蔭院陰隠韻吋右宇烏羽迂 +渦嘘唄欝蔚鰻姥厩浦瓜閏噂云運雲荏餌叡営嬰影映曳栄永泳洩瑛盈穎頴英衛詠鋭液疫益駅悦謁越閲榎厭円園堰奄宴延怨掩援沿演炎焔煙燕猿縁艶苑 +薗遠鉛鴛塩於汚甥凹央奥往応押旺横欧殴王翁襖鴬鴎黄岡沖荻億屋憶臆桶牡乙俺卸恩温穏音下化仮何伽価佳加可嘉夏嫁家寡科暇果架歌河火珂禍禾 +稼箇花苛茄荷華菓蝦課嘩貨迦過霞蚊俄峨我牙画臥芽蛾賀雅餓駕介会解回塊壊廻快怪悔恢懐戒拐改魁晦械海灰界皆絵芥蟹開階貝凱劾外咳害崖慨概 +涯碍蓋街該鎧骸浬馨蛙垣柿蛎鈎劃嚇各廓拡撹格核殻獲確穫覚角赫較郭閣隔革学岳楽額顎掛笠樫橿梶鰍潟割喝恰括活渇滑葛褐轄且鰹叶椛樺鞄株兜 +竃蒲釜鎌噛鴨栢茅萱粥刈苅瓦乾侃冠寒刊勘勧巻喚堪姦完官寛干幹患感慣憾換敢柑桓棺款歓汗漢澗潅環甘監看竿管簡緩缶翰肝艦莞観諌貫還鑑間閑 +関陥韓館舘丸含岸巌玩癌眼岩翫贋雁頑顔願企伎危喜器基奇嬉寄岐希幾忌揮机旗既期棋棄機帰毅気汽畿祈季稀紀徽規記貴起軌輝飢騎鬼亀偽儀妓宜 +戯技擬欺犠疑祇義蟻誼議掬菊鞠吉吃喫桔橘詰砧杵黍却客脚虐逆丘久仇休及吸宮弓急救朽求汲泣灸球究窮笈級糾給旧牛去居巨拒拠挙渠虚許距鋸漁 +禦魚亨享京供侠僑兇競共凶協匡卿叫喬境峡強彊怯恐恭挟教橋況狂狭矯胸脅興蕎郷鏡響饗驚仰凝尭暁業局曲極玉桐粁僅勤均巾錦斤欣欽琴禁禽筋緊 +芹菌衿襟謹近金吟銀九倶句区狗玖矩苦躯駆駈駒具愚虞喰空偶寓遇隅串櫛釧屑屈掘窟沓靴轡窪熊隈粂栗繰桑鍬勲君薫訓群軍郡卦袈祁係傾刑兄啓圭 +珪型契形径恵慶慧憩掲携敬景桂渓畦稽系経継繋罫茎荊蛍計詣警軽頚鶏芸迎鯨劇戟撃激隙桁傑欠決潔穴結血訣月件倹倦健兼券剣喧圏堅嫌建憲懸拳 +捲検権牽犬献研硯絹県肩見謙賢軒遣鍵険顕験鹸元原厳幻弦減源玄現絃舷言諺限乎個古呼固姑孤己庫弧戸故枯湖狐糊袴股胡菰虎誇跨鈷雇顧鼓五互 +伍午呉吾娯後御悟梧檎瑚碁語誤護醐乞鯉交佼侯候倖光公功効勾厚口向后喉坑垢好孔孝宏工巧巷幸広庚康弘恒慌抗拘控攻昂晃更杭校梗構江洪浩港 +溝甲皇硬稿糠紅紘絞綱耕考肯肱腔膏航荒行衡講貢購郊酵鉱砿鋼閤降項香高鴻剛劫号合壕拷濠豪轟麹克刻告国穀酷鵠黒獄漉腰甑忽惚骨狛込此頃今 +困坤墾婚恨懇昏昆根梱混痕紺艮魂些佐叉唆嵯左差査沙瑳砂詐鎖裟坐座挫債催再最哉塞妻宰彩才採栽歳済災采犀砕砦祭斎細菜裁載際剤在材罪財冴 +坂阪堺榊肴咲崎埼碕鷺作削咋搾昨朔柵窄策索錯桜鮭笹匙冊刷察拶撮擦札殺薩雑皐鯖捌錆鮫皿晒三傘参山惨撒散桟燦珊産算纂蚕讃賛酸餐斬暫残仕 +仔伺使刺司史嗣四士始姉姿子屍市師志思指支孜斯施旨枝止死氏獅祉私糸紙紫肢脂至視詞詩試誌諮資賜雌飼歯事似侍児字寺慈持時次滋治爾璽痔磁 +示而耳自蒔辞汐鹿式識鴫竺軸宍雫七叱執失嫉室悉湿漆疾質実蔀篠偲柴芝屡蕊縞舎写射捨赦斜煮社紗者謝車遮蛇邪借勺尺杓灼爵酌釈錫若寂弱惹主 +取守手朱殊狩珠種腫趣酒首儒受呪寿授樹綬需囚収周宗就州修愁拾洲秀秋終繍習臭舟蒐衆襲讐蹴輯週酋酬集醜什住充十従戎柔汁渋獣縦重銃叔夙宿 +淑祝縮粛塾熟出術述俊峻春瞬竣舜駿准循旬楯殉淳準潤盾純巡遵醇順処初所暑曙渚庶緒署書薯藷諸助叙女序徐恕鋤除傷償勝匠升召哨商唱嘗奨妾娼 +宵将小少尚庄床廠彰承抄招掌捷昇昌昭晶松梢樟樵沼消渉湘焼焦照症省硝礁祥称章笑粧紹肖菖蒋蕉衝裳訟証詔詳象賞醤鉦鍾鐘障鞘上丈丞乗冗剰城 +場壌嬢常情擾条杖浄状畳穣蒸譲醸錠嘱埴飾拭植殖燭織職色触食蝕辱尻伸信侵唇娠寝審心慎振新晋森榛浸深申疹真神秦紳臣芯薪親診身辛進針震人 +仁刃塵壬尋甚尽腎訊迅陣靭笥諏須酢図厨逗吹垂帥推水炊睡粋翠衰遂酔錐錘随瑞髄崇嵩数枢趨雛据杉椙菅頗雀裾澄摺寸世瀬畝是凄制勢姓征性成政 +整星晴棲栖正清牲生盛精聖声製西誠誓請逝醒青静斉税脆隻席惜戚斥昔析石積籍績脊責赤跡蹟碩切拙接摂折設窃節説雪絶舌蝉仙先千占宣専尖川戦 +扇撰栓栴泉浅洗染潜煎煽旋穿箭線繊羨腺舛船薦詮賎践選遷銭銑閃鮮前善漸然全禅繕膳糎噌塑岨措曾曽楚狙疏疎礎祖租粗素組蘇訴阻遡鼠僧創双叢 +倉喪壮奏爽宋層匝惣想捜掃挿掻操早曹巣槍槽漕燥争痩相窓糟総綜聡草荘葬蒼藻装走送遭鎗霜騒像増憎臓蔵贈造促側則即息捉束測足速俗属賊族続 +卒袖其揃存孫尊損村遜他多太汰詑唾堕妥惰打柁舵楕陀駄騨体堆対耐岱帯待怠態戴替泰滞胎腿苔袋貸退逮隊黛鯛代台大第醍題鷹滝瀧卓啄宅托択拓 +沢濯琢託鐸濁諾茸凧蛸只叩但達辰奪脱巽竪辿棚谷狸鱈樽誰丹単嘆坦担探旦歎淡湛炭短端箪綻耽胆蛋誕鍛団壇倭和話歪賄脇惑枠鷲亙亘鰐詫藁蕨椀 +弾断暖檀段男談値知地弛恥智池痴稚置致蜘遅馳築畜竹筑蓄逐秩窒茶嫡着中仲宙忠抽昼柱注虫衷註酎鋳駐樗瀦猪苧著貯丁兆凋喋寵帖帳庁弔張彫徴 +懲挑暢朝潮牒町眺聴脹腸蝶調諜超跳銚長頂鳥勅捗直朕沈珍賃鎮陳津墜椎槌追鎚痛通塚栂掴槻佃漬柘辻蔦綴鍔椿潰坪壷嬬紬爪吊釣鶴亭低停偵剃貞 +呈堤定帝底庭廷弟悌抵挺提梯汀碇禎程締艇訂諦蹄逓邸鄭釘鼎泥摘擢敵滴的笛適鏑溺哲徹撤轍迭鉄典填天展店添纏甜貼転顛点伝殿澱田電兎吐堵塗 +妬屠徒斗杜渡登菟賭途都鍍砥砺努度土奴怒倒党冬凍刀唐塔塘套宕島嶋悼投搭東桃梼棟盗淘湯涛灯燈当痘祷等答筒糖統到董蕩藤討謄豆踏逃透鐙陶 +頭騰闘働動同堂導憧撞洞瞳童胴萄道銅峠鴇匿得徳涜特督禿篤毒独読栃橡凸突椴届鳶苫寅酉瀞噸屯惇敦沌豚遁頓呑曇鈍奈那内乍凪薙謎灘捺鍋楢馴 +縄畷南楠軟難汝二尼弐迩匂賑肉虹廿日乳入如尿韮任妊忍認濡禰祢寧葱猫熱年念捻撚燃粘乃廼之埜嚢悩濃納能脳膿農覗蚤巴把播覇杷波派琶破婆罵 +芭馬俳廃拝排敗杯盃牌背肺輩配倍培媒梅楳煤狽買売賠陪這蝿秤矧萩伯剥博拍柏泊白箔粕舶薄迫曝漠爆縛莫駁麦函箱硲箸肇筈櫨幡肌畑畠八鉢溌発 +醗髪伐罰抜筏閥鳩噺塙蛤隼伴判半反叛帆搬斑板氾汎版犯班畔繁般藩販範釆煩頒飯挽晩番盤磐蕃蛮匪卑否妃庇彼悲扉批披斐比泌疲皮碑秘緋罷肥被 +誹費避非飛樋簸備尾微枇毘琵眉美鼻柊稗匹疋髭彦膝菱肘弼必畢筆逼桧姫媛紐百謬俵彪標氷漂瓢票表評豹廟描病秒苗錨鋲蒜蛭鰭品彬斌浜瀕貧賓頻 +敏瓶不付埠夫婦富冨布府怖扶敷斧普浮父符腐膚芙譜負賦赴阜附侮撫武舞葡蕪部封楓風葺蕗伏副復幅服福腹複覆淵弗払沸仏物鮒分吻噴墳憤扮焚奮 +粉糞紛雰文聞丙併兵塀幣平弊柄並蔽閉陛米頁僻壁癖碧別瞥蔑箆偏変片篇編辺返遍便勉娩弁鞭保舗鋪圃捕歩甫補輔穂募墓慕戊暮母簿菩倣俸包呆報 +奉宝峰峯崩庖抱捧放方朋法泡烹砲縫胞芳萌蓬蜂褒訪豊邦鋒飽鳳鵬乏亡傍剖坊妨帽忘忙房暴望某棒冒紡肪膨謀貌貿鉾防吠頬北僕卜墨撲朴牧睦穆釦 +勃没殆堀幌奔本翻凡盆摩磨魔麻埋妹昧枚毎哩槙幕膜枕鮪柾鱒桝亦俣又抹末沫迄侭繭麿万慢満漫蔓味未魅巳箕岬密蜜湊蓑稔脈妙粍民眠務夢無牟矛 +霧鵡椋婿娘冥名命明盟迷銘鳴姪牝滅免棉綿緬面麺摸模茂妄孟毛猛盲網耗蒙儲木黙目杢勿餅尤戻籾貰問悶紋門匁也冶夜爺耶野弥矢厄役約薬訳躍靖 +柳薮鑓愉愈油癒諭輸唯佑優勇友宥幽悠憂揖有柚湧涌猶猷由祐裕誘遊邑郵雄融夕予余与誉輿預傭幼妖容庸揚揺擁曜楊様洋溶熔用窯羊耀葉蓉要謡踊 +遥陽養慾抑欲沃浴翌翼淀羅螺裸来莱頼雷洛絡落酪乱卵嵐欄濫藍蘭覧利吏履李梨理璃痢裏裡里離陸律率立葎掠略劉流溜琉留硫粒隆竜龍侶慮旅虜了 +亮僚両凌寮料梁涼猟療瞭稜糧良諒遼量陵領力緑倫厘林淋燐琳臨輪隣鱗麟瑠塁涙累類令伶例冷励嶺怜玲礼苓鈴隷零霊麗齢暦歴列劣烈裂廉恋憐漣煉 +簾練聯蓮連錬呂魯櫓炉賂路露労婁廊弄朗楼榔浪漏牢狼篭老聾蝋郎六麓禄肋録論湾碗腕靕顗顥飯飼餧館馞驎髙髜魵魲鮏鮱鮻鰀鵰鵫鶴鸙黑靃靍靏靑 +弌丐丕个丱丶丼丿乂乖乘亂亅豫亊舒弍于亞亟亠亢亰亳亶从仍仄仆仂仗仞仭仟价伉佚估佛佝佗佇佶侈侏侘佻佩佰侑佯來侖儘俔俟俎俘俛俑俚俐俤俥 +倚倨倔倪倥倅伜俶倡倩倬俾俯們倆偃假會偕偐偈做偖偬偸傀傚傅傴傲僉僊傳僂僖僞僥僭僣僮價僵儉儁儂儖儕儔儚儡儺儷儼儻儿兀兒兌兔兢竸兩兪兮 +冀冂囘册冉冏冑冓冕冖冤冦冢冩冪冫决冱冲冰况冽凅凉凛几處凩凭凰凵凾刄刋刔刎刧刪刮刳刹剏剄剋剌剞剔剪剴剩剳剿剽劍劔劒剱劈劑辨辧劬劭劼 +劵勁勍勗勞勣勦飭勠勳勵勸勹匆匈甸匍匐匏匕匚匣匯匱匳匸區卆卅丗卉卍凖卞卩卮夘卻卷厂厖厠厦厥厮厰厶參簒雙叟曼燮叮叨叭叺吁吽呀听吭吼吮 +雨卯鵜窺丑碓臼吶吩吝呎咏呵咎呟呱呷呰咒呻咀呶咄咐咆哇咢咸咥咬哄哈咨咫哂咤咾咼哘哥哦唏唔哽哮哭哺哢唹啀啣啌售啜啅啖啗唸唳啝喙喀咯喊 +喃喩喇喨嗚嗅嗟嗄嗜嗤嗔嘔嗷嘖嗾嗽嘛嗹噎噐營嘴嘶嘲嘸噫噤嘯噬噪嚆嚀嚊嚠嚔嚏嚥嚮嚶嚴囂嚼囁囃囀囈囎囑囓囗囮囹圀囿圄圉圈國圍圓團圖嗇圜 +圦圷圸坎圻址坏坩埀垈坡坿垉垓垠垳垤垪垰埃埆埔埒埓堊埖埣堋堙堝塲堡塢塋塰毀塒堽塹墅墹墟墫墺壞墻墸墮壅壓壑壗壙壘壥壜壤壟壯壺壹壻壼壽 +夂夊夐夛梦夥夬夭夲夸夾竒奕奐奎奚奘奢奠奧奬奩奸妁妝佞侫妣妲姆姨姜妍姙姚娥娟娑娜娉娚婀婬婉娵娶婢婪媚媼媾嫋嫂媽嫣嫗嫦嫩嫖嫺嫻嬌嬋嬖 +嬲嫐嬪嬶嬾孃孅孀孑孕孚孛孥孩孰孳孵學斈孺宀它宦宸寃寇寉寔寐寤實寢寞寥寫寰寶寳尅將專對尓尠尢尨尸尹屁屆屎屓屐屏孱屬屮乢屶屹岌岑岔妛 +岫岻岶岼岷峅岾峇峙峩峽峺峭嶌峪崋崕崗嵜崟崛崑崔崢崚崙崘嵌嵒嵎嵋嵬嵳嵶嶇嶄嶂嶢嶝嶬嶮嶽嶐嶷嶼巉巍巓巒巖巛巫已巵帋帚帙帑帛帶帷幄幃幀 +幎幗幔幟幢幤幇幵并幺麼广庠廁廂廈廐廏廖廣廝廚廛廢廡廨廩廬廱廳廰廴廸廾弃弉彝彜弋弑弖弩弭弸彁彈彌彎弯彑彖彗彙彡彭彳彷徃徂彿徊很徑徇 +從徙徘徠徨徭徼忖忻忤忸忱忝悳忿怡恠怙怐怩怎怱怛怕怫怦怏怺恚恁恪恷恟恊恆恍恣恃恤恂恬恫恙悁悍惧悃悚悄悛悖悗悒悧悋惡悸惠惓悴忰悽惆悵 +惘慍愕愆惶惷愀惴惺愃愡惻惱愍愎慇愾愨愧慊愿愼愬愴愽慂慄慳慷慘慙慚慫慴慯慥慱慟慝慓慵憙憖憇憬憔憚憊憑憫憮懌懊應懷懈懃懆憺懋罹懍懦懣 +懶懺懴懿懽懼懾戀戈戉戍戌戔戛戞戡截戮戰戲戳扁扎扞扣扛扠扨扼抂抉找抒抓抖拔抃抔拗拑抻拏拿拆擔拈拜拌拊拂拇抛拉挌拮拱挧挂挈拯拵捐挾捍 +搜捏掖掎掀掫捶掣掏掉掟掵捫捩掾揩揀揆揣揉插揶揄搖搴搆搓搦搶攝搗搨搏摧摯摶摎攪撕撓撥撩撈撼據擒擅擇撻擘擂擱擧舉擠擡抬擣擯攬擶擴擲擺 +攀擽攘攜攅攤攣攫攴攵攷收攸畋效敖敕敍敘敞敝敲數斂斃變斛斟斫斷旃旆旁旄旌旒旛旙无旡旱杲昊昃旻杳昵昶昴昜晏晄晉晁晞晝晤晧晨晟晢晰暃暈 +暎暉暄暘暝曁暹曉暾暼曄暸曖曚曠昿曦曩曰曵曷朏朖朞朦朧霸朮朿朶杁朸朷杆杞杠杙杣杤枉杰枩杼杪枌枋枦枡枅枷柯枴柬枳柩枸柤柞柝柢柮枹柎柆 +柧檜栞框栩桀桍栲桎梳栫桙档桷桿梟梏梭梔條梛梃檮梹桴梵梠梺椏梍桾椁棊椈棘椢椦棡椌棍棔棧棕椶椒椄棗棣椥棹棠棯椨椪椚椣椡棆楹楷楜楸楫楔 +楾楮椹楴椽楙椰楡楞楝榁楪榲榮槐榿槁槓榾槎寨槊槝榻槃榧樮榑榠榜榕榴槞槨樂樛槿權槹槲槧樅榱樞槭樔槫樊樒櫁樣樓橄樌橲樶橸橇橢橙橦橈樸樢 +檐檍檠檄檢檣檗蘗檻櫃櫂檸檳檬櫞櫑櫟檪櫚櫪櫻欅蘖櫺欒欖鬱欟欸欷盜欹飮歇歃歉歐歙歔歛歟歡歸歹歿殀殄殃殍殘殕殞殤殪殫殯殲殱殳殷殼毆毋毓 +毟毬毫毳毯麾氈氓气氛氤氣汞汕汢汪沂沍沚沁沛汾汨汳沒沐泄泱泓沽泗泅泝沮沱沾沺泛泯泙泪洟衍洶洫洽洸洙洵洳洒洌浣涓浤浚浹浙涎涕濤涅淹渕 +渊涵淇淦涸淆淬淞淌淨淒淅淺淙淤淕淪淮渭湮渮渙湲湟渾渣湫渫湶湍渟湃渺湎渤滿渝游溂溪溘滉溷滓溽溯滄溲滔滕溏溥滂溟潁漑灌滬滸滾漿滲漱滯 +漲滌漾漓滷澆潺潸澁澀潯潛濳潭澂潼潘澎澑濂潦澳澣澡澤澹濆澪濟濕濬濔濘濱濮濛瀉瀋濺瀑瀁瀏濾瀛瀚潴瀝瀘瀟瀰瀾瀲灑灣炙炒炯烱炬炸炳炮烟烋 +烝烙焉烽焜焙煥煕熈煦煢煌煖煬熏燻熄熕熨熬燗熹熾燒燉燔燎燠燬燧燵燼燹燿爍爐爛爨爭爬爰爲爻爼爿牀牆牋牘牴牾犂犁犇犒犖犢犧犹犲狃狆狄狎 +狒狢狠狡狹狷倏猗猊猜猖猝猴猯猩猥猾獎獏默獗獪獨獰獸獵獻獺珈玳珎玻珀珥珮珞璢琅瑯琥珸琲琺瑕琿瑟瑙瑁瑜瑩瑰瑣瑪瑶瑾璋璞璧瓊瓏瓔珱瓠瓣 +瓧瓩瓮瓲瓰瓱瓸瓷甄甃甅甌甎甍甕甓甞甦甬甼畄畍畊畉畛畆畚畩畤畧畫畭畸當疆疇畴疊疉疂疔疚疝疥疣痂疳痃疵疽疸疼疱痍痊痒痙痣痞痾痿痼瘁痰 +痺痲痳瘋瘍瘉瘟瘧瘠瘡瘢瘤瘴瘰瘻癇癈癆癜癘癡癢癨癩癪癧癬癰癲癶癸發皀皃皈皋皎皖皓皙皚皰皴皸皹皺盂盍盖盒盞盡盥盧盪蘯盻眈眇眄眩眤眞眥 +眦眛眷眸睇睚睨睫睛睥睿睾睹瞎瞋瞑瞠瞞瞰瞶瞹瞿瞼瞽瞻矇矍矗矚矜矣矮矼砌砒礦砠礪硅碎硴碆硼碚碌碣碵碪碯磑磆磋磔碾碼磅磊磬磧磚磽磴礇礒 +礑礙礬礫祀祠祗祟祚祕祓祺祿禊禝禧齋禪禮禳禹禺秉秕秧秬秡秣稈稍稘稙稠稟禀稱稻稾稷穃穗穉穡穢穩龝穰穹穽窈窗窕窘窖窩竈窰窶竅竄窿邃竇竊 +竍竏竕竓站竚竝竡竢竦竭竰笂笏笊笆笳笘笙笞笵笨笶筐筺笄筍笋筌筅筵筥筴筧筰筱筬筮箝箘箟箍箜箚箋箒箏筝箙篋篁篌篏箴篆篝篩簑簔篦篥籠簀簇 +簓篳篷簗簍篶簣簧簪簟簷簫簽籌籃籔籏籀籐籘籟籤籖籥籬籵粃粐粤粭粢粫粡粨粳粲粱粮粹粽糀糅糂糘糒糜糢鬻糯糲糴糶糺紆紂紜紕紊絅絋紮紲紿紵 +絆絳絖絎絲絨絮絏絣經綉絛綏絽綛綺綮綣綵緇綽綫總綢綯緜綸綟綰緘緝緤緞緻緲緡縅縊縣縡縒縱縟縉縋縢繆繦縻縵縹繃縷縲縺繧繝繖繞繙繚繹繪繩 +繼繻纃緕繽辮繿纈纉續纒纐纓纔纖纎纛纜缸缺罅罌罍罎罐网罕罔罘罟罠罨罩罧罸羂羆羃羈羇羌羔羞羝羚羣羯羲羹羮羶羸譱翅翆翊翕翔翡翦翩翳翹飜 +耆耄耋耒耘耙耜耡耨耿耻聊聆聒聘聚聟聢聨聳聲聰聶聹聽聿肄肆肅肛肓肚肭冐肬胛胥胙胝胄胚胖脉胯胱脛脩脣脯腋隋腆脾腓腑胼腱腮腥腦腴膃膈膊 +膀膂膠膕膤膣腟膓膩膰膵膾膸膽臀臂膺臉臍臑臙臘臈臚臟臠臧臺臻臾舁舂舅與舊舍舐舖舩舫舸舳艀艙艘艝艚艟艤艢艨艪艫舮艱艷艸艾芍芒芫芟芻芬 +苡苣苟苒苴苳苺莓范苻苹苞茆苜茉苙茵茴茖茲茱荀茹荐荅茯茫茗茘莅莚莪莟莢莖茣莎莇莊荼莵荳荵莠莉莨菴萓菫菎菽萃菘萋菁菷萇菠菲萍萢萠莽萸 +蔆菻葭萪萼蕚蒄葷葫蒭葮蒂葩葆萬葯葹萵蓊葢蒹蒿蒟蓙蓍蒻蓚蓐蓁蓆蓖蒡蔡蓿蓴蔗蔘蔬蔟蔕蔔蓼蕀蕣蕘蕈蕁蘂蕋蕕薀薤薈薑薊薨蕭薔薛藪薇薜蕷蕾 +薐藉薺藏薹藐藕藝藥藜藹蘊蘓蘋藾藺蘆蘢蘚蘰蘿虍乕虔號虧虱蚓蚣蚩蚪蚋蚌蚶蚯蛄蛆蚰蛉蠣蚫蛔蛞蛩蛬蛟蛛蛯蜒蜆蜈蜀蜃蛻蜑蜉蜍蛹蜊蜴蜿蜷蜻蜥 +蜩蜚蝠蝟蝸蝌蝎蝴蝗蝨蝮蝙蝓蝣蝪蠅螢螟螂螯蟋螽蟀蟐雖螫蟄螳蟇蟆螻蟯蟲蟠蠏蠍蟾蟶蟷蠎蟒蠑蠖蠕蠢蠡蠱蠶蠹蠧蠻衄衂衒衙衞衢衫袁衾袞衵衽袵 +衲袂袗袒袮袙袢袍袤袰袿袱裃裄裔裘裙裝裹褂裼裴裨裲褄褌褊褓襃褞褥褪褫襁襄褻褶褸襌褝襠襞襦襤襭襪襯襴襷襾覃覈覊覓覘覡覩覦覬覯覲覺覽覿 +觀觚觜觝觧觴觸訃訖訐訌訛訝訥訶詁詛詒詆詈詼詭詬詢誅誂誄誨誡誑誥誦誚誣諄諍諂諚諫諳諧諤諱謔諠諢諷諞諛謌謇謚諡謖謐謗謠謳鞫謦謫謾謨譁 +譌譏譎證譖譛譚譫譟譬譯譴譽讀讌讎讒讓讖讙讚谺豁谿豈豌豎豐豕豢豬豸豺貂貉貅貊貍貎貔豼貘戝貭貪貽貲貳貮貶賈賁賤賣賚賽賺賻贄贅贊贇贏贍 +贐齎贓賍贔贖赧赭赱赳趁趙跂趾趺跏跚跖跌跛跋跪跫跟跣跼踈踉跿踝踞踐踟蹂踵踰踴蹊蹇蹉蹌蹐蹈蹙蹤蹠踪蹣蹕蹶蹲蹼躁躇躅躄躋躊躓躑躔躙躪躡 +躬躰軆躱躾軅軈軋軛軣軼軻軫軾輊輅輕輒輙輓輜輟輛輌輦輳輻輹轅轂輾轌轉轆轎轗轜轢轣轤辜辟辣辭辯辷迚迥迢迪迯邇迴逅迹迺逑逕逡逍逞逖逋逧 +逶逵逹迸遏遐遑遒逎遉逾遖遘遞遨遯遶隨遲邂遽邁邀邊邉邏邨邯邱邵郢郤扈郛鄂鄒鄙鄲鄰酊酖酘酣酥酩酳酲醋醉醂醢醫醯醪醵醴醺釀釁釉釋釐釖釟 +釡釛釼釵釶鈞釿鈔鈬鈕鈑鉞鉗鉅鉉鉤鉈銕鈿鉋鉐銜銖銓銛鉚鋏銹銷鋩錏鋺鍄錮錙錢錚錣錺錵錻鍜鍠鍼鍮鍖鎰鎬鎭鎔鎹鏖鏗鏨鏥鏘鏃鏝鏐鏈鏤鐚鐔鐓 +鐃鐇鐐鐶鐫鐵鐡鐺鑁鑒鑄鑛鑠鑢鑞鑪鈩鑰鑵鑷鑽鑚鑼鑾钁鑿閂閇閊閔閖閘閙閠閨閧閭閼閻閹閾闊濶闃闍闌闕闔闖關闡闥闢阡阨阮阯陂陌陏陋陷陜陞 +陝陟陦陲陬隍隘隕隗險隧隱隲隰隴隶隸隹雎雋雉雍襍雜霍雕雹霄霆霈霓霎霑霏霖霙霤霪霰霹霽霾靄靆靈靂靉靜靠靤靦靨勒靫靱靹鞅靼鞁靺鞆鞋鞏鞐 +鞜鞨鞦鞣鞳鞴韃韆韈韋韜韭齏韲竟韶韵頏頌頸頤頡頷頽顆顏顋顫顯顰顱顴顳颪颯颱颶飄飃飆飩飫餃餉餒餔餘餡餝餞餤餠餬餮餽餾饂饉饅饐饋饑饒饌 +饕馗馘馥馭馮馼駟駛駝駘駑駭駮駱駲駻駸騁騏騅駢騙騫騷驅驂驀驃騾驕驍驛驗驟驢驥驤驩驫驪骭骰骼髀髏髑髓體髞髟髢髣髦髯髫髮髴髱髷髻鬆鬘鬚 +鬟鬢鬣鬥鬧鬨鬩鬪鬮鬯鬲魄魃魏魍魎魑魘魴鮓鮃鮑鮖鮗鮟鮠鮨鮴鯀鯊鮹鯆鯏鯑鯒鯣鯢鯤鯔鯡鰺鯲鯱鯰鰕鰔鰉鰓鰌鰆鰈鰒鰊鰄鰮鰛鰥鰤鰡鰰鱇鰲鱆鰾 +鱚鱠鱧鱶鱸鳧鳬鳰鴉鴈鳫鴃鴆鴪鴦鶯鴣鴟鵄鴕鴒鵁鴿鴾鵆鵈鵝鵞鵤鵑鵐鵙鵲鶉鶇鶫鵯鵺鶚鶤鶩鶲鷄鷁鶻鶸鶺鷆鷏鷂鷙鷓鷸鷦鷭鷯鷽鸚鸛鸞鹵鹹鹽麁 +麈麋麌麒麕麑麝麥麩麸麪麭靡黌黎黏黐黔黜點黝黠黥黨黯黴黶黷黹黻黼黽鼇鼈皷鼕鼡鼬鼾齊齒齔齣齟齠齡齦齧齬齪齷齲齶龕龜龠堯槇遙瑤凜熙纊褜 +鍈銈蓜俉炻昱棈鋹曻彅丨仡仼伀伃伹佖侒侊侚侔俍偀倢俿倞偆偰偂傔僴僘兊兤冝冾凬刕劜劦勀勛匀匇匤卲厓厲叝﨎咜咊咩哿喆坙坥垬埈埇﨏塚增墲 +夋奓奛奝奣妤妺孖寀甯寘寬尞岦岺峵崧嵓﨑嵂嵭嶸嶹巐弡弴彧德忞恝悅悊惞惕愠惲愑愷愰憘戓抦揵摠撝擎敎昀昕昻昉昮昞昤晥晗晙晴晳暙暠暲暿曺 +朎朗杦枻桒柀栁桄棏﨓楨﨔榘槢樰橫橆橳橾櫢櫤毖氿汜沆汯泚洄涇浯涖涬淏淸淲淼渹湜渧渼溿澈澵濵瀅瀇瀨炅炫焏焄煜煆煇凞燁燾犱犾猤猪獷玽珉 +珖珣珒琇珵琦琪琩琮瑢璉璟甁畯皂皜皞皛皦益睆劯砡硎硤硺礰礼神祥禔福禛竑竧靖竫箞精絈絜綷綠緖繒罇羡羽茁荢荿菇菶葈蒴蕓蕙蕫﨟薰蘒﨡蠇裵 +訒訷詹誧誾諟諸諶譓譿賰賴贒赶﨣軏﨤逸遧郞都鄕鄧釚釗釞釭釮釤釥鈆鈐鈊鈺鉀鈼鉎鉙鉑鈹鉧銧鉷鉸鋧鋗鋙鋐﨧鋕鋠鋓錥錡鋻﨨錞鋿錝錂鍰鍗鎤鏆 +鏞鏸鐱鑅鑈閒隆﨩隝隯霳喟啻啾喘喞單啼Я‐ё +д㍉ + + + + + + +☒… +ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/resource/compound_chars_Robotics_Notes_Dash.txt b/cpp/LunaHook/LunaHook/resource/compound_chars_Robotics_Notes_Dash.txt new file mode 100644 index 00000000..eeb863f6 --- /dev/null +++ b/cpp/LunaHook/LunaHook/resource/compound_chars_Robotics_Notes_Dash.txt @@ -0,0 +1,4 @@ +[E001-E01E]= +[E01F]=ガ +[E020]=タツ +[E021-E23A]= \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/resource/compound_chars_Robotics_Notes_Elite.txt b/cpp/LunaHook/LunaHook/resource/compound_chars_Robotics_Notes_Elite.txt new file mode 100644 index 00000000..77d7a043 --- /dev/null +++ b/cpp/LunaHook/LunaHook/resource/compound_chars_Robotics_Notes_Elite.txt @@ -0,0 +1,4 @@ +[E001-E01E]= +[E01F]=ガ +[E020]=タツ +[E021-E1B7]= \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/resource/compound_chars_SGHD.txt b/cpp/LunaHook/LunaHook/resource/compound_chars_SGHD.txt new file mode 100644 index 00000000..3dd22055 --- /dev/null +++ b/cpp/LunaHook/LunaHook/resource/compound_chars_SGHD.txt @@ -0,0 +1,21 @@ +[E000-E01A]=? +[E01C]=¹⁸ +[E01D]=⁻¹⁹ +[E01E]=⁻²⁴ +[E01F]=キタ +[E020]=ー +[E021-E067]=① +[E068]=,_ +[E06D-E07F]=? +[E094]=ギ +[E095]=ョエ +[E096]=カエ +[E097]=レ +[E098]=八八 +[E099]=アッ +[E09A]=ー +[E09B]=マダ +[E09C]=ー +[E09D]=チン +[E09E]=オワ +[E09F]=タ \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/resource/compound_chars_default.txt b/cpp/LunaHook/LunaHook/resource/compound_chars_default.txt new file mode 100644 index 00000000..326c7fa3 --- /dev/null +++ b/cpp/LunaHook/LunaHook/resource/compound_chars_default.txt @@ -0,0 +1,24 @@ +[E000-E01B]= +[E01C]=¹⁸ +[E01D]=ü +[E01E]=ë +[E01F]=キタ +[E020]=ー +[E021-E067]=① +[E068]=,_ +[E069-E093]= +[E094]=ギ +[E095]=ョエ +[E096]=カエ +[E097]=レ +[E098]=八八 +[E099]=アッ +[E09A]=ー +[E09B]=マダ +[E09C]=ー +[E09D]=チン +[E09E]=オワ +[E09F]=タ +[E0A0]=キリ +[E0A1]=ッ +[E0A2]= ̑ \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/resource/lunajspatch.js b/cpp/LunaHook/LunaHook/resource/lunajspatch.js new file mode 100644 index 00000000..2f8fec08 --- /dev/null +++ b/cpp/LunaHook/LunaHook/resource/lunajspatch.js @@ -0,0 +1,171 @@ +var fontface = ''; +var magicsend = '\x01LUNAFROMJS\x01' +var magicrecv = '\x01LUNAFROMHOST\x01' +var is_packed = IS_PACKED +var is_useclipboard = IS_USECLIPBOARD +var internal_http_port = INTERNAL_HTTP_PORT +function splitfonttext(transwithfont) { + if (transwithfont.substr(0, magicsend.length) == magicsend) //not trans + { + split = transwithfont.search('\x02') + return transwithfont.substr(split + 1); + } + else if (transwithfont.substr(0, magicrecv.length) == magicrecv) { + transwithfont = transwithfont.substr(magicrecv.length) + split = transwithfont.search('\x02') + fontface = transwithfont.substr(0, split) + text = transwithfont.substr(split + 1) + return text; + } + else { + return transwithfont; + } +} +function cppjsio(name, s_raw, lpsplit, embedable) { + if (!s_raw) + return s_raw + transwithfont = '' + s = magicsend + name + '\x03' + lpsplit.toString() + '\x04' + (embedable ? '1' : '0') + '\x02' + s_raw; + if (internal_http_port) { + var xhr = new XMLHttpRequest(); + var url = 'http://127.0.0.1:' + internal_http_port + '/fuck' + xhr.open('POST', url, false); + xhr.send(s); + if (xhr.status === 200) { + transwithfont = xhr.responseText; + } + } + else if (is_useclipboard) { + try { + const _clipboard = require('nw.gui').Clipboard.get(); + _clipboard.set(s, 'text'); + transwithfont = _clipboard.get('text'); + } + catch (err) { + try { + const clipboard = require('electron').clipboard; + clipboard.writeText(s); + transwithfont = clipboard.readText(); + } + catch (err2) { + } + } + } + if (!transwithfont) return s_raw; + return splitfonttext(transwithfont) +} + +function rpgmakerhook() { + + if (Window_Message.prototype.originstartMessage) { } + else { + Window_Base.prototype.drawTextEx_origin = Window_Base.prototype.drawTextEx; + Window_Base.prototype.drawText_origin = Window_Base.prototype.drawText; + Window_Message.prototype.originstartMessage = Window_Message.prototype.startMessage; + Window_Message.prototype.updateMessage_ori = Window_Message.prototype.updateMessage; + + Bitmap.prototype.drawText_ori = Bitmap.prototype.drawText; + Bitmap.prototype.last_y = 0; + + Bitmap.prototype.origin_makeFontNameText = Bitmap.prototype._makeFontNameText; + } + Bitmap.prototype._makeFontNameText = function () { + if (!fontface) return this.origin_makeFontNameText(); + return (this.fontItalic ? 'Italic ' : '') + + this.fontSize + 'px ' + fontface; + } + Bitmap.prototype.collectstring = { 2: '', 5: '', 6: '' }; + setInterval(function () { + for (lpsplit in Bitmap.prototype.collectstring) { + if (Bitmap.prototype.collectstring[lpsplit].length) { + cppjsio('rpgmakermv', Bitmap.prototype.collectstring[lpsplit], lpsplit, false) + Bitmap.prototype.collectstring[lpsplit] = '' + } + } + }, 100); + if (!is_packed) { + + Bitmap.prototype.drawText = function (text, x, y, maxWidth, lineHeight, align) { + //y>100的有重复;慢速是单字符,快速是多字符 + if (text && (y < 100)) { + extra = 5 + ((text.length == 1) ? 0 : 1); + if (y != Bitmap.prototype.last_y) { + Bitmap.prototype.collectstring[extra] += '\n' + } + Bitmap.prototype.collectstring[extra] += text; + Bitmap.prototype.last_y = y; + } + return this.drawText_ori(text, x, y, maxWidth, lineHeight, align); + } + } + Window_Message.prototype.startMessage = function () { + gametext = $gameMessage.allText(); + resp = cppjsio('rpgmakermv', gametext, 0, true); + $gameMessage._texts = [resp] + this.originstartMessage(); + }; + Window_Message.prototype.lastalltext = '' + Window_Message.prototype.updateMessage = function () { + if (this._textState) { + if (Window_Message.prototype.lastalltext != $gameMessage.allText()) { + cppjsio('rpgmakermv', $gameMessage.allText(), 18, false); + Window_Message.prototype.lastalltext = $gameMessage.allText() + } + } + return this.updateMessage_ori(); + }; + Window_Base.prototype.drawText = function (text, x, y, maxWidth, align) { + text = cppjsio('rpgmakermv', text, 1, true) + return this.drawText_origin(text, x, y, maxWidth, align) + } + Window_Base.prototype.lastcalltime = 0 + Window_Base.prototype.drawTextEx = function (text, x, y) { + __last = Window_Base.prototype.lastcalltime + __now = new Date().getTime() + Window_Base.prototype.lastcalltime = __now + if (__now - __last > 100) + text = cppjsio('rpgmakermv', text, 2, true) + else { + Bitmap.prototype.collectstring[2] += text; + } + return this.drawTextEx_origin(text, x, y) + } +} + +function tyranohook() { + + if (tyrano.plugin.kag.tag.text.originstart) return; + tyrano.plugin.kag.tag.text.originstart = tyrano.plugin.kag.tag.text.start; + tyrano.plugin.kag.tag.chara_ptext.startorigin = tyrano.plugin.kag.tag.chara_ptext.start; + tyrano.plugin.kag.tag.text.start = function (pm) { + if (1 != this.kag.stat.is_script && 1 != this.kag.stat.is_html) { + pm.val = cppjsio('tyranoscript', pm.val, 0, true); + if (fontface) { + this.kag.stat.font.face = fontface + } + } + return this.originstart(pm) + } + tyrano.plugin.kag.tag.chara_ptext.start = function (pm) { + pm.name = cppjsio('tyranoscript', pm.name, 1, true) + return this.startorigin(pm) + } +} +function retryinject(times) { + if (times == 0) return; + try { + if (window.tyrano && tyrano.plugin) { + tyranohook(); + } + else if (window.Utils && Utils.RPGMAKER_NAME) { + rpgmakerhook(); + } + else { + setTimeout(retryinject, 3000, times - 1); + } + } + catch (err) { + //非主线程,甚至没有window对象,会弹窗报错 + } +} +retryinject(3) \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/resource/renpy_hook_font.py b/cpp/LunaHook/LunaHook/resource/renpy_hook_font.py new file mode 100644 index 00000000..fbd9b1e7 --- /dev/null +++ b/cpp/LunaHook/LunaHook/resource/renpy_hook_font.py @@ -0,0 +1,62 @@ +def callLunaHostFont(): + try: + import ctypes + + try: + internal_renpy_get_font = ctypes.CDLL("LunaHook64").internal_renpy_get_font + except: + internal_renpy_get_font = ctypes.CDLL("LunaHook32").internal_renpy_get_font + internal_renpy_get_font.restype = ctypes.c_wchar_p + return internal_renpy_get_font() + except: + return None + + +def callLunaIsUsingEmbed_nosplit(): + try: + import ctypes + + try: + internal_renpy_call_is_embed_using = ctypes.CDLL( + "LunaHook64" + ).internal_renpy_call_is_embed_using + except: + internal_renpy_call_is_embed_using = ctypes.CDLL( + "LunaHook32" + ).internal_renpy_call_is_embed_using + internal_renpy_call_is_embed_using.argstype = ctypes.c_int, ctypes.c_bool + internal_renpy_call_is_embed_using.restype = ctypes.c_bool + + return internal_renpy_call_is_embed_using(0, False) + except: + return False + + +try: + import os + import renpy + + def hook_renpy_text_font_get_font_init(original): + def new_init(*args, **kwargs): + # ctypes.windll.user32.MessageBoxW(None, str(kwargs), str(args), 0) + if callLunaIsUsingEmbed_nosplit(): + font = callLunaHostFont() + if font and font != "" and os.path.exists(font): + font = font.replace( + "\\", "/" + ) # 不知道为什么,用\会报错,但之前写死C:\Windows\Fonts\msyh.ttc时就没事 + args = (font,) + args[1:] + if "fn" in kwargs: + kwargs["fn"] = font + return original(*args, **kwargs) + + return new_init + + if "original_renpy_text_font_get_font" not in globals(): + original_renpy_text_font_get_font = renpy.text.font.get_font + renpy.text.font.get_font = hook_renpy_text_font_get_font_init( + original_renpy_text_font_get_font + ) + +except: + pass diff --git a/cpp/LunaHook/LunaHook/resource/renpy_hook_text.py b/cpp/LunaHook/LunaHook/resource/renpy_hook_text.py new file mode 100644 index 00000000..54053182 --- /dev/null +++ b/cpp/LunaHook/LunaHook/resource/renpy_hook_text.py @@ -0,0 +1,126 @@ +def callLunaHost(text, split): + try: + import ctypes + + try: + internal_renpy_call_host = ctypes.CDLL( + "LunaHook64" + ).internal_renpy_call_host + except: + internal_renpy_call_host = ctypes.CDLL( + "LunaHook32" + ).internal_renpy_call_host + internal_renpy_call_host.argstype = ctypes.c_wchar_p, ctypes.c_int + internal_renpy_call_host.restype = ctypes.c_wchar_p + + try: + _text = text.decode("utf8") + except: + _text = text + text = internal_renpy_call_host(_text, split) + except: + pass + return text + + +def callLunaIsUsingEmbed(split): + try: + import ctypes + + try: + internal_renpy_call_is_embed_using = ctypes.CDLL( + "LunaHook64" + ).internal_renpy_call_is_embed_using + except: + internal_renpy_call_is_embed_using = ctypes.CDLL( + "LunaHook32" + ).internal_renpy_call_is_embed_using + internal_renpy_call_is_embed_using.argstype = ctypes.c_int, ctypes.c_bool + internal_renpy_call_is_embed_using.restype = ctypes.c_bool + + return internal_renpy_call_is_embed_using(split, True) + except: + return False + + +try: + # 6.1.0 + import renpy + + def hook_initT0(original_init): + + def new_init(self, *args, **kwargs): + changed = False + if isinstance(args[0], list): + trs = [] + for _ in args[0]: + _n = callLunaHost(_, 1) + if _n != _: + changed = True + trs += [_n] + else: + trs = callLunaHost(args[0], 1) + if args[0] != trs: + changed = True + + if changed and callLunaIsUsingEmbed(1): + args = (trs,) + args[1:] + if "text" in kwargs: + kwargs["text"] = trs + + original_init(self, *args, **kwargs) + + return new_init + + if "original_Text_init_hook" not in globals(): + original_Text_init_hook = renpy.text.text.Text.__init__ + + renpy.text.text.Text.__init__ = hook_initT0(original_Text_init_hook) + + def hook_init_renderT0(original): + def new_init(self, *args, **kwargs): + if not hasattr(self, "LunaHooked"): + changed = False + if isinstance(self.text, list): + trs = [] + for _ in self.text: + _n = callLunaHost(_, 2) + if _n != _: + changed = True + trs += [_n] + else: + trs = callLunaHost(self.text, 2) + if self.text != trs: + changed = True + if changed and callLunaIsUsingEmbed(2): + self.set_text(trs) + self.LunaHooked = True + return original(self, *args, **kwargs) + + return new_init + + if "original_hook_init_renderT0" not in globals(): + original_hook_init_renderT0 = renpy.text.text.Text.render + + renpy.text.text.Text.render = hook_init_renderT0(original_hook_init_renderT0) +except: + pass +try: + # 4.0 + import renpy + + def hook_initT3(original_init): + def new_init(self, *args, **kwargs): + trs = callLunaHost(str(args[0]), 3) + if callLunaIsUsingEmbed(3): + args = (trs,) + args[1:] + original_init(self, *args, **kwargs) + + return new_init + + if "original_Text_init_hookT3" not in globals(): + original_Text_init_hookT3 = renpy.exports.Text.__init__ + + renpy.exports.Text.__init__ = hook_initT3(original_Text_init_hookT3) +except: + pass diff --git a/cpp/LunaHook/LunaHook/stackoffset.hpp b/cpp/LunaHook/LunaHook/stackoffset.hpp new file mode 100644 index 00000000..78e0f272 --- /dev/null +++ b/cpp/LunaHook/LunaHook/stackoffset.hpp @@ -0,0 +1,164 @@ +#pragma once +enum class regs +{ + _flags, +#ifndef _WIN64 + eax, + ecx, + edx, + ebx, + esp, + ebp, + esi, + edi, + flags, +#else + rax, + rbx, + rcx, + rdx, + rsp, + rbp, + rsi, + rdi, + r8, + r9, + r10, + r11, + r12, + r13, + r14, + r15, +#endif + invalid +}; + +inline int get_stack(int s) +{ +#ifdef _WIN64 + return s * 8; +#else + return s * 4; +#endif +} +inline int get_reg(regs reg) +{ +#ifdef _WIN64 + return -8 * (int)reg - 8; +#else + return -4 - (int)reg * 4; +#endif +} + +inline uintptr_t regof(regs reg, hook_stack *stack) +{ + switch (reg) + { +#ifndef _WIN64 + case regs::eax: + return stack->eax; + case regs::ecx: + return stack->ecx; + case regs::edx: + return stack->edx; + case regs::ebx: + return stack->ebx; + case regs::esp: + return stack->esp; + case regs::ebp: + return stack->ebp; + case regs::esi: + return stack->esi; + case regs::edi: + return stack->edi; +#else + case regs::rax: + return stack->rax; + case regs::rbx: + return stack->rbx; + case regs::rcx: + return stack->rcx; + case regs::rdx: + return stack->rdx; + case regs::rsp: + return stack->rsp; + case regs::rbp: + return stack->rbp; + case regs::rsi: + return stack->rsi; + case regs::rdi: + return stack->rdi; + case regs::r8: + return stack->r8; + case regs::r9: + return stack->r9; + case regs::r10: + return stack->r10; + case regs::r11: + return stack->r11; + case regs::r12: + return stack->r12; + case regs::r13: + return stack->r13; + case regs::r14: + return stack->r14; + case regs::r15: + return stack->r15; +#endif + } + return 0; +} + +#ifndef _WIN64 +#define ARG1 stack[1] +#define ARG2 stack[2] +#define ARG3 stack[3] +#define LASTRETVAL eax +#define THISCALL __thiscall +#define THISCALLTHIS ecx +#define THISCALLARG1 stack[1] +#define GETARG1 get_stack(1) +#define GETARG2 get_stack(2) +#define GETARG3 get_stack(3) +#define GETARG4 get_stack(4) +#else +#define ARG1 rcx +#define ARG2 rdx +#define ARG3 r8 +#define LASTRETVAL rax +#define THISCALLTHIS rcx +#define THISCALLARG1 rdx +#define THISCALL +#define GETARG1 get_reg(regs::rcx) +#define GETARG2 get_reg(regs::rdx) +#define GETARG3 get_reg(regs::r8) +#define GETARG4 get_reg(regs::r9) + +#endif + +inline uintptr_t *argidx(hook_stack *stack, int idx) +{ +#ifdef _WIN64 + auto offset = 0; + switch (idx) + { + case 1: + offset = get_reg(regs::rcx); + break; + case 2: + offset = get_reg(regs::rdx); + break; + case 3: + offset = get_reg(regs::r8); + break; + case 4: + offset = get_reg(regs::r9); + break; + default: + offset = get_stack(idx); + } + return (uintptr_t *)((uintptr_t)stack + sizeof(hook_stack) - sizeof(uintptr_t) + offset); +#else + return (uintptr_t *)((uintptr_t)stack + sizeof(hook_stack) - sizeof(uintptr_t) + get_stack(idx)); +#endif +} \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/texthook.cc b/cpp/LunaHook/LunaHook/texthook.cc new file mode 100644 index 00000000..6ed96f62 --- /dev/null +++ b/cpp/LunaHook/LunaHook/texthook.cc @@ -0,0 +1,605 @@ + +#include "MinHook.h" +extern WinMutex viewMutex; + +// - Unnamed helpers - + +namespace +{ // unnamed +#ifndef _WIN64 + BYTE common_hook[] = { + 0x9c, // pushfd + 0x60, // pushad + 0x9c, // pushfd ; Artikash 11/4/2018: not sure why pushfd happens twice. Anyway, after this a total of 0x28 bytes are pushed + 0x8d, 0x44, 0x24, 0x28, // lea eax,[esp+0x28] + 0x50, // push eax ; lpDatabase + 0xb9, 0, 0, 0, 0, // mov ecx,@this + 0xbb, 0, 0, 0, 0, // mov ebx,@TextHook::Send + 0xff, 0xd3, // call ebx + 0x9d, // popfd + 0x61, // popad + 0x9d, // popfd + 0x68, 0, 0, 0, 0, // push @original + 0xc3 // ret ; basically absolute jmp to @original + }; + int this_offset = 9, send_offset = 14, original_offset = 24; +#else + BYTE common_hook[] = { + 0x9c, // push rflags + 0x50, // push rax + 0x53, // push rbx + 0x51, // push rcx + 0x52, // push rdx + 0x54, // push rsp + 0x55, // push rbp + 0x56, // push rsi + 0x57, // push rdi + 0x41, 0x50, // push r8 + 0x41, 0x51, // push r9 + 0x41, 0x52, // push r10 + 0x41, 0x53, // push r11 + 0x41, 0x54, // push r12 + 0x41, 0x55, // push r13 + 0x41, 0x56, // push r14 + 0x41, 0x57, // push r15 + // https://docs.microsoft.com/en-us/cpp/build/x64-calling-convention + // https://stackoverflow.com/questions/43358429/save-value-of-xmm-registers + 0x48, 0x83, 0xec, 0x20, // sub rsp,0x20 + 0xf3, 0x0f, 0x7f, 0x24, 0x24, // movdqu [rsp],xmm4 + 0xf3, 0x0f, 0x7f, 0x6c, 0x24, 0x10, // movdqu [rsp+0x10],xmm5 + 0x48, 0x8d, 0x94, 0x24, 0xa8, 0x00, 0x00, 0x00, // lea rdx,[rsp+0xa8] + 0x48, 0xb9, 0, 0, 0, 0, 0, 0, 0, 0, // mov rcx,@this + 0x48, 0xb8, 0, 0, 0, 0, 0, 0, 0, 0, // mov rax,@TextHook::Send + 0x48, 0x89, 0xe3, // mov rbx,rsp + 0x48, 0x83, 0xe4, 0xf0, // and rsp,0xfffffffffffffff0 ; align stack + 0xff, 0xd0, // call rax + 0x48, 0x89, 0xdc, // mov rsp,rbx + 0xf3, 0x0f, 0x6f, 0x6c, 0x24, 0x10, // movdqu xmm5,XMMWORD PTR[rsp + 0x10] + 0xf3, 0x0f, 0x6f, 0x24, 0x24, // movdqu xmm4,XMMWORD PTR[rsp] + 0x48, 0x83, 0xc4, 0x20, // add rsp,0x20 + 0x41, 0x5f, // pop r15 + 0x41, 0x5e, // pop r14 + 0x41, 0x5d, // pop r13 + 0x41, 0x5c, // pop r12 + 0x41, 0x5b, // pop r11 + 0x41, 0x5a, // pop r10 + 0x41, 0x59, // pop r9 + 0x41, 0x58, // pop r8 + 0x5f, // pop rdi + 0x5e, // pop rsi + 0x5d, // pop rbp + 0x5c, // pop rsp + 0x5a, // pop rdx + 0x59, // pop rcx + 0x5b, // pop rbx + 0x58, // pop rax + 0x9d, // pop rflags + 0xff, 0x25, 0x00, 0x00, 0x00, 0x00, // jmp qword ptr [rip] + 0, 0, 0, 0, 0, 0, 0, 0 // @original + }; + int this_offset = 50, send_offset = 60, original_offset = 126; +#endif + + // thread_local BYTE buffer[PIPE_BUFFER_SIZE]; + // thread_local will crush on windowsxp +} // unnamed namespace + +// - TextHook methods - + +uintptr_t getasbaddr(const HookParam &hp) +{ + auto address = hp.address; + if (hp.type & MODULE_OFFSET) + { + if (hp.type & FUNCTION_OFFSET) + { + FARPROC function = NULL; + try + { + auto ordinal = std::stoi(hp.function); + function = GetProcAddress(GetModuleHandleW(hp.module), (LPCSTR)ordinal); + } + catch (...) + { + function = GetProcAddress(GetModuleHandleW(hp.module), hp.function); + } + if (function) + address += (uint64_t)function; + else + return ConsoleOutput(FUNC_MISSING), 0; + } + else + { + if (HMODULE moduleBase = GetModuleHandleW(hp.module)) + address += (uint64_t)moduleBase; + else + return ConsoleOutput(MODULE_MISSING), 0; + } + } + return address; +} +bool TextHook::Insert(HookParam hp) +{ + + auto addr = getasbaddr(hp); + if (!addr) + return false; + + RemoveHook(addr, 0); + ConsoleOutput(INSERTING_HOOK, hp.name, addr); + local_buffer = new BYTE[PIPE_BUFFER_SIZE]; + { + std::scoped_lock lock(viewMutex); + this->hp = hp; + address = addr; + } + savetypeforremove = hp.type; + if (hp.type & DIRECT_READ) + return InsertReadCode(); + if (hp.type & BREAK_POINT) + { + if (InsertBreakPoint()) + return true; + if (safeautoleaveveh) + return InsertBreakPoint(); // 搜索特殊码后,不会释放,导致virtualprotect查询失败,重试。 + return false; + } + return InsertHookCode(); +} +uintptr_t win64find0000(uintptr_t addr) +{ + uintptr_t r = 0; + __try + { + addr &= ~0xf; + for (uintptr_t i = addr, j = addr - 0x10000; i > j; i -= 0x10) + { + DWORD k = *(DWORD *)(i - 4); + if (k == 0x00000000) + return i; + } + return 0; + } + __except (EXCEPTION_EXECUTE_HANDLER) + { + } + return r; +} +Synchronized> retaddr2relative; // 很奇怪,这个放到函数里用static在xp上会报错。 +uintptr_t queryrelativeret(HookParam &hp, uintptr_t retaddr) +{ + // 不需要区分是相对于哪个module的偏移,只需要得到偏移就可以了,用来确保重启程序后ret值恒定 + auto &re = retaddr2relative.Acquire().contents; + if (re.find(retaddr) != re.end()) + return re.at(retaddr); + uintptr_t relative = retaddr; + if (hp.jittype == JITTYPE::UNITY) + { +#ifndef _WIN64 + relative = retaddr - SafeFindEnclosingAlignedFunction(retaddr, 0x10000); +#else + relative = retaddr - win64find0000(retaddr); +#endif + } + else + { + if (MEMORY_BASIC_INFORMATION info = {}; VirtualQuery((LPCVOID)retaddr, &info, sizeof(info))) + relative -= (uintptr_t)info.AllocationBase; + } + re.insert(std::make_pair(retaddr, relative)); + return relative; +} + +uintptr_t jitgetaddr(hook_stack *stack, HookParam *hp) +{ + switch (hp->jittype) + { +#ifdef _WIN64 + case JITTYPE::RPCS3: + return RPCS3::emu_arg(stack)[hp->argidx]; + case JITTYPE::VITA3K: + return VITA3K::emu_arg(stack)[hp->argidx]; + case JITTYPE::YUZU: + return YUZU::emu_arg(stack, hp->emu_addr)[hp->argidx]; +#endif + case JITTYPE::PPSSPP: + return PPSSPP::emu_arg(stack)[hp->argidx]; + default: + return 0; + } +} +bool checklengthembedable(const HookParam &hp, size_t size) +{ + size_t len; + if (hp.type & CODEC_UTF16) + len = 2; + else if (hp.type & CODEC_UTF32) + len = 4; + else + { + len = 2; + } + return size > len; +} +bool commonfilter(void *data, size_t *len, HookParam *hp) +{ + + if (hp->type & CODEC_UTF16) + ; + else if (hp->type & CODEC_UTF32) + ; + else if (hp->type & CODEC_UTF8) + ; + else + { + if (*len == 2) + { + StringFilter((char *)data, len, "\x81\xa4", 2); + StringFilter((char *)data, len, "\x81\xa5", 2); + } + } + return true; +} +void TextHook::Send(uintptr_t lpDataBase) +{ + auto buffer = (TextOutput_T *)local_buffer; + auto pbData = buffer->data; + _InterlockedIncrement((long *)&useCount); + __try + { + auto stack = get_hook_stack(lpDataBase); + + if (auto current_trigger_fun = trigger_fun.exchange(nullptr)) + if (!current_trigger_fun(location, stack)) + trigger_fun = current_trigger_fun; + + if (hp.type & HOOK_RETURN) + { + hp.type &= ~HOOK_RETURN; + hp.address = stack->retaddr; + strcat(hp.name, "_Return"); + // 清除jit hook特征,防止手动插入 + strcpy(hp.unityfunctioninfo, ""); + hp.emu_addr = 0; + // 清除module + hp.type &= ~MODULE_OFFSET; + hp.type &= ~FUNCTION_OFFSET; + strcpy(hp.function, ""); + wcscpy(hp.module, L""); + + NewHook(hp, hp.name); + hp.type |= HOOK_EMPTY; + __leave; + } + if (hp.type & HOOK_EMPTY) + __leave; // jichi 10/24/2014: dummy hook only for dynamic hook + + size_t lpCount = 0; + uintptr_t lpSplit = 0, + lpRetn = stack->retaddr, + plpdatain = (lpDataBase + hp.offset), + lpDataIn = *(uintptr_t *)plpdatain; + + TextBuffer buff{pbData, &lpCount}; + if (hp.jittype != JITTYPE::PC && hp.jittype != JITTYPE::UNITY) + { + lpDataIn = jitgetaddr(stack, &hp); + plpdatain = (uintptr_t)&lpDataIn; + } + else if (hp.jittype == JITTYPE::UNITY) + { + plpdatain = (uintptr_t)argidx(stack, hp.argidx); + lpDataIn = *(uintptr_t *)plpdatain; + } + + if (hp.text_fun) + { + hp.text_fun(stack, &hp, &buff, &lpSplit); + } + else if (hp.type & SPECIAL_JIT_STRING) + { + if (hp.jittype == JITTYPE::UNITY) + commonsolvemonostring(lpDataIn, &lpDataIn, &lpCount); + } + else + { + if (hp.type & FIXING_SPLIT) + lpSplit = FIXED_SPLIT_VALUE; // fuse all threads, and prevent floating + else if (hp.type & USING_SPLIT) + { + lpSplit = *(uintptr_t *)(lpDataBase + hp.split); + if (hp.type & SPLIT_INDIRECT) + lpSplit = *(uintptr_t *)(lpSplit + hp.split_index); + } + if (hp.type & DATA_INDIRECT) + { + plpdatain = (lpDataIn + hp.index); + lpDataIn = *(uintptr_t *)plpdatain; + } + lpDataIn += hp.padding; + lpCount = GetLength(stack, lpDataIn); + } + + if (lpCount <= 0) + __leave; + if (lpCount > TEXT_BUFFER_SIZE) + { + ConsoleOutput(InvalidLength, lpCount, hp.name); + lpCount = TEXT_BUFFER_SIZE; + } + if (hp.type & USING_CHAR || (!hp.text_fun && !(hp.type & USING_STRING))) + { + if (hp.text_fun) + lpDataIn = *(uint32_t *)pbData; + if (hp.type & CODEC_UTF32 || hp.type & CODEC_UTF8) + { + *(uint32_t *)pbData = lpDataIn & 0xffffffff; + } + else + { // CHAR_LITTEL_ENDIAN,CODEC_ANSI_BE,CODEC_UTF16 + lpDataIn &= 0xffff; + if ((hp.type & CODEC_ANSI_BE) && (lpDataIn >> 8)) + lpDataIn = _byteswap_ushort(lpDataIn & 0xffff); + if (lpCount == 1) + lpDataIn &= 0xff; + *(WORD *)pbData = lpDataIn & 0xffff; + } + } + else if (!hp.text_fun) + { + if (lpDataIn == 0) + __leave; + ::memcpy(pbData, (void *)lpDataIn, lpCount); + } + + if (!commonfilter(pbData, &lpCount, &hp) || lpCount <= 0) + __leave; + if (hp.filter_fun && !hp.filter_fun(pbData, &lpCount, &hp) || lpCount <= 0) + __leave; + + if (hp.type & (NO_CONTEXT | FIXING_SPLIT)) + lpRetn = 0; + + buffer->type = hp.type; + + lpRetn = queryrelativeret(hp, lpRetn); + ThreadParam tp{GetCurrentProcessId(), address, lpRetn, lpSplit}; + + parsenewlineseperator(&buff); + + bool canembed; + if (hp.type & EMBED_ABLE) + { + if (!checklengthembedable(hp, lpCount)) + { + buffer->type &= (~EMBED_ABLE); + canembed = false; + } + else if (checktranslatedok(pbData, lpCount)) + { + buffer->type &= (~EMBED_ABLE); + canembed = true; + } + else + { + canembed = true; + } + } + + TextOutput(tp, hp, buffer, lpCount); + + if (canembed && (check_embed_able(tp))) + { + auto lpCountsave = lpCount; + if (waitfornotify(&buff, tp)) + { + if (hp.type & EMBED_AFTER_NEW) + { + auto _ = new char[max(lpCountsave, lpCount) + 10]; + memcpy(_, pbData, lpCount); + for (int i = lpCount; i < max(lpCountsave, lpCount) + 10; i++) + _[i] = 0; + *(uintptr_t *)plpdatain = (uintptr_t)_; + } + else if (hp.type & EMBED_AFTER_OVERWRITE) + { + memcpy((void *)lpDataIn, pbData, lpCount); + for (int i = lpCount; i < lpCountsave; i++) + ((BYTE *)(lpDataIn))[i] = 0; + } + else if (hp.hook_after) + hp.hook_after(stack, pbData, lpCount); + else if (hp.type & SPECIAL_JIT_STRING) + { + if (hp.jittype == JITTYPE::UNITY) + unity_ui_string_hook_after(argidx(stack, hp.argidx), pbData, lpCount); + } + } + } + } + __except (EXCEPTION_EXECUTE_HANDLER) + { + if (!err && !(hp.type & KNOWN_UNSTABLE)) + { + err = true; + ConsoleOutput(SEND_ERROR, hp.name); + } + } + + _InterlockedDecrement((long *)&useCount); +} +bool TextHook::breakpointcontext(PCONTEXT context) +{ + auto stack = std::make_unique(); + context_get(stack.get(), context); + auto lpDataBase = stack->get_base(); + Send(lpDataBase); + context_set(stack.get(), context); + return true; +} +bool TextHook::InsertBreakPoint() +{ + // MH_CreateHook 64位unity/yuzu-emu经常 MH_ERROR_MEMORY_ALLOC + return add_veh_hook(location, std::bind(&TextHook::breakpointcontext, this, std::placeholders::_1)); +} +bool TextHook::RemoveBreakPoint() +{ + return remove_veh_hook(location); +} +bool TextHook::InsertHookCode() +{ + + VirtualProtect(location, 10, PAGE_EXECUTE_READWRITE, DUMMY); + void *original; + MH_STATUS error; + while ((error = MH_CreateHook(location, trampoline, &original)) != MH_OK) + if (error == MH_ERROR_ALREADY_CREATED) + RemoveHook(address); + else + return ConsoleOutput(MH_StatusToString(error)), false; + + *(TextHook **)(common_hook + this_offset) = this; + *(void(TextHook::**)(uintptr_t))(common_hook + send_offset) = &TextHook::Send; + *(void **)(common_hook + original_offset) = original; + memcpy(trampoline, common_hook, sizeof(common_hook)); + return MH_EnableHook(location) == MH_OK; +} + +void TextHook::Read() +{ + size_t dataLen = 1; + // BYTE(*buffer)[PIPE_BUFFER_SIZE] = &::buffer, *pbData = *buffer + sizeof(ThreadParam); + + auto buffer = (TextOutput_T *)local_buffer; + auto pbData = buffer->data; + buffer->type = hp.type; + __try + { + if (hp.text_fun) + { + while (WaitForSingleObject(readerEvent, 500) == WAIT_TIMEOUT) + hp.text_fun(0, 0, 0, 0); + } + else + { + while (WaitForSingleObject(readerEvent, 500) == WAIT_TIMEOUT) + { + if (!location) + continue; + int currentLen = HookStrlen((BYTE *)location); + bool changed = memcmp(pbData, location, dataLen) != 0; + if (changed || (currentLen != dataLen)) + { + dataLen = min(currentLen, TEXT_BUFFER_SIZE); + memcpy(pbData, location, dataLen); + if (hp.filter_fun && !hp.filter_fun(pbData, &dataLen, &hp) || dataLen <= 0) + continue; + TextOutput({GetCurrentProcessId(), address, 0, 0}, hp, buffer, dataLen); + dataLen = min(currentLen, TEXT_BUFFER_SIZE); + memcpy(pbData, location, dataLen); + } + } + } + } + __except (EXCEPTION_EXECUTE_HANDLER) + { + ConsoleOutput(READ_ERROR, hp.name); + Clear(); + } +} + +bool TextHook::InsertReadCode() +{ + readerThread = CreateThread(nullptr, 0, [](void *This) + { ((TextHook*)This)->Read(); return 0UL; }, this, 0, nullptr); + readerEvent = CreateEventW(nullptr, FALSE, FALSE, NULL); + return true; +} + +void TextHook::RemoveHookCode() +{ + MH_DisableHook(location); + while (useCount != 0) + ; + MH_RemoveHook(location); +} + +void TextHook::RemoveReadCode() +{ + SetEvent(readerEvent); + if (GetThreadId(readerThread) != GetCurrentThreadId()) + WaitForSingleObject(readerThread, 1000); + CloseHandle(readerEvent); + CloseHandle(readerThread); +} + +void TextHook::Clear() +{ + if (address == 0) + return; + if (savetypeforremove & DIRECT_READ) + RemoveReadCode(); + else if (savetypeforremove & BREAK_POINT) + RemoveBreakPoint(); + else + RemoveHookCode(); + NotifyHookRemove(address, hp.name); + std::scoped_lock lock(viewMutex); + memset(&hp, 0, sizeof(HookParam)); + address = 0; + if (local_buffer) + delete[] local_buffer; +} + +int TextHook::GetLength(hook_stack *stack, uintptr_t in) +{ + int len; + if (hp.type & USING_STRING) + { + if (hp.length_offset) + { + len = *((uintptr_t *)stack->base + hp.length_offset); + if (len >= 0) + { + if (hp.type & CODEC_UTF16) + len <<= 1; + else if (hp.type & CODEC_UTF32) + len <<= 2; + } + else if (len != -1) + { + } + else + { // len==-1 + len = HookStrlen((BYTE *)in); + } + } + else + { + len = HookStrlen((BYTE *)in); + } + } + else + { + if (hp.type & CODEC_UTF16) + len = 2; + else if (hp.type & CODEC_UTF32) + len = 4; + else if (hp.type & CODEC_UTF8) + len = utf8charlen((char *)&in); + else + { // CODEC_ANSI_BE,CHAR_LITTLE_ENDIAN + if (hp.type & CODEC_ANSI_BE) + in >>= 8; + len = !!IsDBCSLeadByteEx(hp.codepage, in & 0xff) + 1; + } + } + return max(0, len); +} + +int TextHook::HookStrlen(BYTE *data) +{ + return HookStrLen(&hp, data); +} + +// EOF diff --git a/cpp/LunaHook/LunaHook/util/CMakeLists.txt b/cpp/LunaHook/LunaHook/util/CMakeLists.txt new file mode 100644 index 00000000..8d0044bd --- /dev/null +++ b/cpp/LunaHook/LunaHook/util/CMakeLists.txt @@ -0,0 +1,18 @@ + + +set(utils_src_common +dyncodec/dynsjiscodec.cc +dyncodec/dynsjis.cc +ithsys/ithsys.cc + memdbg/memsearch.cc + stringfilters.cpp + util.cc +) +if(${CMAKE_SIZEOF_VOID_P} EQUAL 8) + add_library(utils ${utils_src_common} ) +else() + add_library(utils ${utils_src_common} disasm/disasm.cc) +endif() + +target_precompile_headers(utils REUSE_FROM pchhook) + diff --git a/cpp/LunaHook/LunaHook/util/cpputil/cppcstring.h b/cpp/LunaHook/LunaHook/util/cpputil/cppcstring.h new file mode 100644 index 00000000..38fd4a9c --- /dev/null +++ b/cpp/LunaHook/LunaHook/util/cpputil/cppcstring.h @@ -0,0 +1,111 @@ +#ifndef CPPCSTRING_H +#define CPPCSTRING_H + +// cppcstring.h +// 10/12/2014 jichi + +#include // for size_t +#include +//#include // for std::min + +// strlen + +template +inline size_t cpp_basic_strlen(const charT *s) +{ + const charT *p = s; + while (*p) p++; + return p - s; +} + +inline size_t cpp_strlen(const char *s) { return cpp_basic_strlen(s); } +inline size_t cpp_wstrlen(const wchar_t *s) { return cpp_basic_strlen(s); } + +template +inline size_t cpp_basic_strnlen(const charT *s, size_t n) +{ + const charT *p = s; + while (*p && n) p++, n--; + return p - s; +} + +inline size_t cpp_strnlen(const char *s, size_t n) { return cpp_basic_strnlen(s, n); } +inline size_t cpp_wstrnlen(const wchar_t *s, size_t n) { return cpp_basic_strnlen(s, n); } + +// strnchr + +#define cpp_basic_strnchr_(s, c, n) \ + { \ + while (*s && n) { \ + if (*s == c) \ + return s; \ + s++, n--; \ + } \ + return nullptr; \ + } +template +inline charT *cpp_basic_strnchr(charT *s, charT c, size_t n) cpp_basic_strnchr_(s, c, n) +template +inline const charT *cpp_basic_strnchr(const charT *s, charT c, size_t n) cpp_basic_strnchr_(s, c, n) + +// The same as memchr +inline char *cpp_strnchr(char *s, char c, size_t n) { return cpp_basic_strnchr(s, c, n); } +inline const char *cpp_strnchr(const char *s, char c, size_t n) { return cpp_basic_strnchr(s, c, n); } +inline wchar_t *cpp_wcsnchr(wchar_t *s, wchar_t c, size_t n) { return cpp_basic_strnchr(s, c, n); } +inline const wchar_t *cpp_wcsnchr(const wchar_t *s, wchar_t c, size_t n) { return cpp_basic_strnchr(s, c, n); } + +// strnstr + +#define cpp_basic_strnstr_(s, slen, r, rlen, ncmp) \ + { \ + while (*s && slen >= rlen) { \ + if (ncmp(s, r, slen < rlen ? slen : rlen) == 0) \ + return s; \ + s++, slen--; \ + } \ + return nullptr; \ + } + +template +inline charT *cpp_basic_strnstr(charT *s, const charT *r, size_t n) cpp_basic_strnstr_(s, n, r, ::strlen(r), ::strncmp) +template +inline const charT *cpp_basic_strnstr(const charT *s, const charT *r, size_t n) cpp_basic_strnstr_(s, n, r, ::strlen(r), ::strncmp) + +template <> +inline wchar_t *cpp_basic_strnstr(wchar_t *s, const wchar_t *r, size_t n) cpp_basic_strnstr_(s, n, r, ::wcslen(r), ::wcsncmp) +template <> +inline const wchar_t *cpp_basic_strnstr(const wchar_t *s, const wchar_t *r, size_t n) cpp_basic_strnstr_(s, n, r, ::wcslen(r), ::wcsncmp) + +inline char *cpp_strnstr(char *s, const char *r, size_t n) { return cpp_basic_strnstr(s, r, n); } +inline const char *cpp_strnstr(const char *s, const char *r, size_t n) { return cpp_basic_strnstr(s, r, n); } +inline wchar_t *cpp_wcsnstr(wchar_t *s, const wchar_t *r, size_t n) { return cpp_basic_strnstr(s, r, n); } +inline const wchar_t *cpp_wcsnstr(const wchar_t *s, const wchar_t *r, size_t n) { return cpp_basic_strnstr(s, r, n); } + +// strnpbrk + +// it might be faster to use strchr functions, which is not portable though +#define cpp_basic_strnpbrk_(s, sep, n) \ + { \ + while (*s && n) { \ + for (auto p = sep; *p; p++) \ + if (*s == *p) \ + return s; \ + s++, n--; \ + } \ + return nullptr; \ + } + +template +inline charT *cpp_basic_strnpbrk(charT *dest, const char2T *breakset, size_t n) +cpp_basic_strnpbrk_(dest, breakset, n) + +template +inline const charT *cpp_basic_strnpbrk(const charT *dest, const char2T *breakset, size_t n) +cpp_basic_strnpbrk_(dest, breakset, n) + +inline char *cpp_strnpbrk(char *dest, const char *breakset, size_t n) { return cpp_basic_strnpbrk(dest, breakset, n); } +inline const char *cpp_strnpbrk(const char *dest, const char *breakset, size_t n) { return cpp_basic_strnpbrk(dest, breakset, n); } +inline wchar_t *cpp_wcsnpbrk(wchar_t *dest, const wchar_t *breakset, size_t n) { return cpp_basic_strnpbrk(dest, breakset, n); } +inline const wchar_t *cpp_wcsnpbrk(const wchar_t *dest, const wchar_t *breakset, size_t n) { return cpp_basic_strnpbrk(dest, breakset, n); } + +#endif // CPPCSTRING_H diff --git a/cpp/LunaHook/LunaHook/util/disasm/disasm.cc b/cpp/LunaHook/LunaHook/util/disasm/disasm.cc new file mode 100644 index 00000000..d038c32e --- /dev/null +++ b/cpp/LunaHook/LunaHook/util/disasm/disasm.cc @@ -0,0 +1,265 @@ +// disasm.cc +// 1/27/2013 jichi +// Original source: http://hack-expo.void.ru/groups/blt/text/disasm.txt +// +// 7/19/2014 jichi: Need to add SSE instruction support for PCSX2 +// Sample problematic input from Fate/Stay night PS2: +// 3024b80c -0f88 ae58dbd2 js pcsx2.030010c0 +// 3024b812 0f1201 movlps xmm0,qword ptr ds:[ecx] ; jichi: hook here +// 3024b815 0f1302 movlps qword ptr ds:[edx],xmm0 + +#include "disasm.h" +#include + +// disasm_flag values: +enum : unsigned { + C_66 = 0x00000001 // 66-prefix + , C_67 = 0x00000002 // 67-prefix + , C_LOCK = 0x00000004 // lock + , C_REP = 0x00000008 // repz/repnz + , C_SEG = 0x00000010 // seg-prefix + , C_OPCODE2 = 0x00000020 // 2nd opcode present (1st==0f) + , C_MODRM = 0x00000040 // modrm present + , C_SIB = 0x00000080 // sib present + , C_ANYPREFIX = (C_66|C_67|C_LOCK|C_REP|C_SEG) +}; + +DISASM_BEGIN_NAMESPACE + +// These values are served as the output of disasm +// But the are currently unused and could make disasm thread-unsafe +namespace { // unnamed + +BYTE disasm_seg // CS DS ES SS FS GS + , disasm_rep // REPZ/REPNZ + , disasm_opcode // opcode + , disasm_opcode2 // used when opcode==0f + , disasm_modrm // modxxxrm + , disasm_sib // scale-index-base + , disasm_mem[8] // mem addr value + , disasm_data[8] // data value + ; + +} // unnamed namespace + +// return: length if success, 0 if error +size_t disasm(const void *opcode0) +{ + const BYTE *opcode = (const BYTE *)opcode0; + + DWORD disasm_len = 0, // 0 if error + disasm_flag = 0, // C_xxx + disasm_memsize = 0, // value = disasm_mem + disasm_datasize = 0, // value = disasm_data + disasm_defdata = 4, // == C_66 ? 2 : 4 + disasm_defmem = 4; // == C_67 ? 2 : 4 + +retry: + disasm_opcode = *opcode++; + + switch (disasm_opcode) { + case 0x99: // 7/20/2014 jichi: CDQ, size = 1 + break; + + case 0x00: case 0x01: case 0x02: case 0x03: + case 0x08: case 0x09: case 0x0a: case 0x0b: + case 0x10: case 0x11: case 0x12: case 0x13: + case 0x18: case 0x19: case 0x1a: case 0x1b: + case 0x20: case 0x21: case 0x22: case 0x23: + case 0x28: case 0x29: case 0x2a: case 0x2b: + case 0x30: case 0x31: case 0x32: case 0x33: + case 0x38: case 0x39: case 0x3a: case 0x3b: + case 0x62: case 0x63: + case 0x84: case 0x85: case 0x86: case 0x87: + case 0x88: case 0x89: case 0x8a: case 0x8b: + case 0x8c: case 0x8d: case 0x8e: case 0x8f: + case 0xc4: case 0xc5: + case 0xd0: case 0xd1: case 0xd2: case 0xd3: + case 0xd8: case 0xd9: case 0xda: case 0xdb: + case 0xdc: case 0xdd: case 0xde: case 0xdf: + case 0xfe: case 0xff: + disasm_flag |= C_MODRM; + break; + case 0xcd: disasm_datasize += *opcode==0x20 ? 1+4 : 1; + break; + case 0xf6: + case 0xf7: disasm_flag |= C_MODRM; + if (*opcode & 0x38) break; + // continue if + case 0x04: case 0x05: case 0x0c: case 0x0d: + case 0x14: case 0x15: case 0x1c: case 0x1d: + case 0x24: case 0x25: case 0x2c: case 0x2d: + case 0x34: case 0x35: case 0x3c: case 0x3d: + if (disasm_opcode & 1) + disasm_datasize += disasm_defdata; + else + disasm_datasize++; + break; + case 0x6a: + case 0xa8: + case 0xb0: case 0xb1: case 0xb2: case 0xb3: + case 0xb4: case 0xb5: case 0xb6: case 0xb7: + case 0xd4: case 0xd5: + case 0xe4: case 0xe5: case 0xe6: case 0xe7: + case 0x70: case 0x71: case 0x72: case 0x73: + case 0x74: case 0x75: case 0x76: case 0x77: + case 0x78: case 0x79: case 0x7a: case 0x7b: + case 0x7c: case 0x7d: case 0x7e: case 0x7f: + case 0xeb: + case 0xe0: case 0xe1: case 0xe2: case 0xe3: + disasm_datasize++; + break; + case 0x26: case 0x2e: case 0x36: case 0x3e: + case 0x64: case 0x65: + if (disasm_flag & C_SEG) return 0; + disasm_flag |= C_SEG; + disasm_seg = disasm_opcode; + goto retry; + case 0xf0: + if (disasm_flag & C_LOCK) return 0; + disasm_flag |= C_LOCK; + goto retry; + case 0xf2: case 0xf3: + if (disasm_flag & C_REP) return 0; + disasm_flag |= C_REP; + disasm_rep = disasm_opcode; + goto retry; + case 0x66: + if (disasm_flag & C_66) return 0; + disasm_flag |= C_66; + disasm_defdata = 2; + goto retry; + case 0x67: + if (disasm_flag & C_67) return 0; + disasm_flag |= C_67; + disasm_defmem = 2; + goto retry; + case 0x6b: + case 0x80: + case 0x82: + case 0x83: + case 0xc0: + case 0xc1: + case 0xc6: disasm_datasize++; + disasm_flag |= C_MODRM; + break; + case 0x69: + case 0x81: + case 0xc7: + disasm_datasize += disasm_defdata; + disasm_flag |= C_MODRM; + break; + case 0x9a: + case 0xea: disasm_datasize += 2 + disasm_defdata; + break; + case 0xa0: + case 0xa1: + case 0xa2: + case 0xa3: disasm_memsize += disasm_defmem; + break; + case 0x68: + case 0xa9: + case 0xb8: case 0xb9: case 0xba: case 0xbb: + case 0xbc: case 0xbd: case 0xbe: case 0xbf: + case 0xe8: + case 0xe9: + disasm_datasize += disasm_defdata; + break; + case 0xc2: + case 0xca: disasm_datasize += 2; + break; + case 0xc8: + disasm_datasize += 3; + break; + case 0xf1: + return 0; + case 0x0f: + // 7/19/2014 jichi: 0x0f1201 = movlps xmm0,qword ptr ds:[ecx] + // Given 0x0f1201, 0x0f will be strip off here and left 0x1201 + disasm_flag |= C_OPCODE2; + disasm_opcode2 = *opcode++; + switch (disasm_opcode2) { + case 0x00: case 0x01: case 0x02: case 0x03: + case 0x90: case 0x91: case 0x92: case 0x93: + case 0x94: case 0x95: case 0x96: case 0x97: + case 0x98: case 0x99: case 0x9a: case 0x9b: + case 0x9c: case 0x9d: case 0x9e: case 0x9f: + case 0xa3: + case 0xa5: + case 0xab: + case 0xad: + case 0xaf: + case 0xb0: case 0xb1: case 0xb2: case 0xb3: + case 0xb4: case 0xb5: case 0xb6: case 0xb7: + case 0xbb: + case 0xbc: case 0xbd: case 0xbe: case 0xbf: + case 0xc0: + case 0xc1: + // 7/19/2014 jichi: Add more cases for SSE instructions + // Sample instructions I need to consider + // 0f1201 movlps xmm0,qword ptr ds:[ecx] ; jichi: hook here + // 0f1302 movlps qword ptr ds:[edx],xmm0 + case 0x12: + case 0x13: + disasm_flag |= C_MODRM; + break; + case 0x06: + case 0x08: case 0x09: case 0x0a: case 0x0b: + case 0xa0: case 0xa1: case 0xa2: case 0xa8: + case 0xa9: + case 0xaa: + case 0xc8: case 0xc9: case 0xca: case 0xcb: + case 0xcc: case 0xcd: case 0xce: case 0xcf: + break; + case 0x80: case 0x81: case 0x82: case 0x83: + case 0x84: case 0x85: case 0x86: case 0x87: + case 0x88: case 0x89: case 0x8a: case 0x8b: + case 0x8c: case 0x8d: case 0x8e: case 0x8f: + disasm_datasize += disasm_defdata; + break; + case 0xa4: + case 0xac: + case 0xba: + default: return 0; // 7/19/2014 jichi: error + } // 0F-switch + break; + + } // switch + + if (disasm_flag & C_MODRM) { + disasm_modrm = *opcode++; + BYTE mod = disasm_modrm & 0xc0; + BYTE rm = disasm_modrm & 0x07; + if (mod != 0xc0) { + if (mod == 0x40) + disasm_memsize++; + if (mod == 0x80) + disasm_memsize += disasm_defmem; + if (disasm_defmem == 2) { // modrm16 + if (mod == 0x00 && rm == 0x06) + disasm_memsize += 2; + } else { // modrm32 + if (rm == 0x04) { + disasm_flag |= C_SIB; + disasm_sib = *opcode++; + rm = disasm_sib & 0x07; + } + if (rm == 0x05 && mod == 0x00) + disasm_memsize += 4; + } + } + } // C_MODRM + + for (DWORD i = 0; i < disasm_memsize; i++) + disasm_mem[i] = *opcode++; + for (DWORD i = 0; i < disasm_datasize; i++) + disasm_data[i] = *opcode++; + + disasm_len = opcode - (const BYTE *)opcode0; + + return disasm_len; +} // disasm + +DISASM_END_NAMESPACE + +// EOF diff --git a/cpp/LunaHook/LunaHook/util/disasm/disasm.h b/cpp/LunaHook/LunaHook/util/disasm/disasm.h new file mode 100644 index 00000000..f7ba7ff2 --- /dev/null +++ b/cpp/LunaHook/LunaHook/util/disasm/disasm.h @@ -0,0 +1,32 @@ +#pragma once +// disasm.h +// 1/27/2013 jichi + +// Include typedef of BYTE +//#include +//#include + +//#ifdef QT_CORE_LIB +//# include +//#else +//# include +//#endif + +#ifndef DISASM_BEGIN_NAMESPACE +# define DISASM_BEGIN_NAMESPACE +#endif +#ifndef DISASM_END_NAMESPACE +# define DISASM_END_NAMESPACE +#endif + +DISASM_BEGIN_NAMESPACE +/** + * This function can do more, but currently only used to estimate the length of an instruction. + * Warning: The current implementation is stateful and hence not thread-safe. + * @param address of the instruction to look at + * @return length of the instruction at the address or 0 if failed + */ +size_t disasm(const void *address); +DISASM_END_NAMESPACE + +// EOF diff --git a/cpp/LunaHook/LunaHook/util/dyncodec/dynsjis.cc b/cpp/LunaHook/LunaHook/util/dyncodec/dynsjis.cc new file mode 100644 index 00000000..bc5c8c57 --- /dev/null +++ b/cpp/LunaHook/LunaHook/util/dyncodec/dynsjis.cc @@ -0,0 +1,40 @@ +// dynsjis.cc +// 6/11/2015 jichi +// http://en.wikipedia.org/wiki/Shift_JIS +#include "dyncodec/dynsjis.h" + +const char *dynsjis::nextchar(const char *s) +{ + if (!s || !s[0]) + return s; + if (!s[1]) + return s + 1; + if (!isleadbyte(s[0])) + return s + 1; + return s + 2; // unused byte treated as two-byte character +} + +const char *dynsjis::prevchar(const char *s, const char *begin) +{ + if (!s || s <= begin) + return s; + if (!*s || s == begin + 1) + return s - 1; + if (isleadbyte(s[0])) + return s - 2; + if (!isleadbyte(s[-1])) + return s - 1; + // 0 is single-width + // -1 is double-width + if (!isleadbyte(s[-3])) + return s - 2; + const char *p = s - 1; + while (p != begin && isleadbyte(*p)) + p--; + size_t dist = s - p; + if (!isleadbyte(*p)) + dist++; + return s - 2 + (dist % 2); +} + +// EOF diff --git a/cpp/LunaHook/LunaHook/util/dyncodec/dynsjis.h b/cpp/LunaHook/LunaHook/util/dyncodec/dynsjis.h new file mode 100644 index 00000000..f017b615 --- /dev/null +++ b/cpp/LunaHook/LunaHook/util/dyncodec/dynsjis.h @@ -0,0 +1,28 @@ +#ifndef DYNSJIS_H +#define DYNSJIS_H + +// dynsjis.h +// 6/11/2015 jichi + +namespace dynsjis { + +inline bool isleadbyte(unsigned char ch) +{ return ch > 127 && (ch < 0xa1 || ch > 0xdf); } + +inline bool isleadchar(unsigned int ch) +{ return isleadbyte((ch >> 8) & 0xff); } + +const char *nextchar(const char *s); +inline char *nextchar(char *s) +{ return const_cast(nextchar(static_cast(s))); } + +inline bool isleadstr(const char *s) // return true if the first character of the string is widechar +{ return nextchar(s) - s == 2; } + +const char *prevchar(const char *s, const char *begin = nullptr); +inline char *prevchar(char *s, const char *begin = nullptr) +{ return const_cast(prevchar(static_cast(s), begin)); } + +} // namespace dynsjis + +#endif // DYNSJIS_H diff --git a/cpp/LunaHook/LunaHook/util/dyncodec/dynsjiscodec.cc b/cpp/LunaHook/LunaHook/util/dyncodec/dynsjiscodec.cc new file mode 100644 index 00000000..04d9f144 --- /dev/null +++ b/cpp/LunaHook/LunaHook/util/dyncodec/dynsjiscodec.cc @@ -0,0 +1,262 @@ +// qtdynsjis.cc +// 6/3/2015 jichi +// http://en.wikipedia.org/wiki/Shift_JIS +#include "dynsjiscodec.h" +#ifdef __clang__ +# pragma GCC diagnostic ignored "-Wlogical-op-parentheses" +#endif // __clang__ + +//#ifdef _MSC_VER +//# pragma warning(disable:4018) // C4018: signed/unsigned mismatch +//#endif // _MSC_VER + +//#define SK_NO_QT +//#define DEBUG "dynsjis.cc" +//#include "sakurakit/skdebug.h" + +/** Private class */ + +// See also LeadByte table for Windows: +// +// BYTE LeadByteTable[0x100] = { +// 1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1, +// 1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1, +// 1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1, +// 1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1, +// 1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1, +// 1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1, +// 1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1, +// 1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1, +// 1,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2, +// 2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2, +// 2,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1, +// 1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1, +// 1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1, +// 1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1, +// 2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2, +// 2,2,2,2,2,2,2,2,2,2,2,2,2,1,1,1 +// }; +// +// -2: 0x00 and 0xff are skipped + +class DynamicShiftJISCodecPrivate +{ +public: + UINT codepage; + std::wstring text; // already saved characters + + UINT minimumSecondByte; + + explicit DynamicShiftJISCodecPrivate(UINT codepage_) + : codepage(932) + , minimumSecondByte(0) + { + codepage = codepage_; + } + + size_t capacity() const + { + // See: http://en.wikipedia.org/wiki/Shift_JIS + return // = 7739 + (3 * 16 - 1) * (4 * 16 + 4 - 1 - minimumSecondByte) // = 3149, 0x00 are skipped + + (16 + 2) * (256 - 1 - minimumSecondByte) // = 4590, first/last byte unused + ; + } + bool isFull() const { return text.size() >= capacity(); } + std::string encodeSTD(const wchar_t* text, size_t length, bool* dynamic); + + std::string encode(const wchar_t *text, size_t length, bool *dynamic); + std::wstring decode (const char* data, size_t length, bool* dynamic) const; + +private: + std::string encodeCharSTD(wchar_t ch); + wchar_t decodeChar(UINT8 ch1, UINT8 ch2) const; +}; + +// Encode +std::string DynamicShiftJISCodecPrivate::encodeSTD(const wchar_t* text, size_t length, bool* dynamic) +{ + std::string ret; + for (size_t i = 0; i < length; i++) { + wchar_t ch = text[i]; + if (ch <= 127) + ret.push_back(ch); + else { + std::wstring ws; + ws.push_back(ch); + std::string data = WideStringToString(ws, codepage); + if (StringToWideString(WideStringToString(ws, codepage),codepage)!=ws) { // failed to decode + data = encodeCharSTD(ch); + if (!data.empty() && dynamic) + *dynamic = true; + } + ret.append(data); + } + } + return ret; +} +std::string DynamicShiftJISCodecPrivate::encodeCharSTD(wchar_t ch) +{ + std::string ret; + size_t i = text.find(ch); + if (i == std::wstring::npos) { + if (isFull()) + return ret; + i = text.size(); + text.push_back(ch); + } + if (i < 31 * (4 * 16 + 4 - 1 - minimumSecondByte)) { + int v1 = i / (4 * 16 + 4 - 1 - minimumSecondByte) + 0x81, + v2 = i % (4 * 16 + 4 - 1 - minimumSecondByte) + 1 + minimumSecondByte; + if (v2 == 0x40) + v2 = 0x7f; + else if (v2 >= 0x41) + v2 += 0xfd - 0x41; + ret.push_back(v1); + ret.push_back(v2); + return ret; + } + i -= 31 * (4 * 16 + 4 - 1 - minimumSecondByte); + if (i < 16 * (4 * 16 + 4 - 1 - minimumSecondByte)) { + int v1 = i / (4 * 16 + 4 - 1 - minimumSecondByte) + 0xe0, + v2 = i % (4 * 16 + 4 - 1 - minimumSecondByte) + 1 + minimumSecondByte; + if (v2 == 0x40) + v2 = 0x7f; + else if (v2 >= 0x41) + v2 += 0xfd - 0x41; + ret.push_back(v1); + ret.push_back(v2); + return ret; + } + i -= 16 * (4 * 16 + 4 - 1 - minimumSecondByte); + if (i < 256 - 1 - minimumSecondByte) { + int v1 = 0x80, + v2 = i % (256 - 1 - minimumSecondByte) + 1 + minimumSecondByte; + ret.push_back(v1); + ret.push_back(v2); + return ret; + } + i -= 256 - 1 - minimumSecondByte; + if (i < 256 - 1 - minimumSecondByte) { + int v1 = 0xa0, + v2 = i % (256 - 1 - minimumSecondByte) + 1 + minimumSecondByte; + ret.push_back(v1); + ret.push_back(v2); + return ret; + } + i -= 256 - 1 - minimumSecondByte; + if (i < 16 * (256 - 1 - minimumSecondByte)) { + int v1 = i / (256 - 1 - minimumSecondByte) + 0xf0, + v2 = i % (256 - 1 - minimumSecondByte) + 1 + minimumSecondByte; + ret.push_back(v1); + ret.push_back(v2); + return ret; + } + // This return should be unreachable + return ret; +} +// Decode + +std::wstring DynamicShiftJISCodecPrivate::decode(const char* data, size_t length, bool* dynamic) const +{ + std::wstring ret; + for (size_t i = 0; i < length; i++) { + UINT8 ch = (UINT8)data[i]; + if (ch <= 127) + ret.push_back(ch); + else if (ch >= 0xa1 && ch <= 0xdf) // size == 1 + ret.append(StringToWideString(std::string(data + 1, 1), codepage).value()); + else { + if (i + 1 == length) // no enough character + return ret; + UINT8 ch2 = (UINT8)data[++i]; + if ((ch >= 0x81 && ch <= 0x9f || ch >= 0xe0 && ch <= 0xef) + && (ch2 != 0x7f && ch2 >= 0x40 && ch2 <= 0xfc)) + ret.append(StringToWideString(std::string(data + i - 1, 2), codepage).value()); + else if (wchar_t c = decodeChar(ch, ch2)) { + ret.push_back(c); + if (dynamic) + *dynamic = true; + } + else + ret.push_back(ch + (wchar_t(ch2) << 8)); // preserve the original character + } + } + return ret; +} +wchar_t DynamicShiftJISCodecPrivate::decodeChar(UINT8 ch1, UINT8 ch2) const +{ + if (text.empty()) + return 0; + if (minimumSecondByte && ch2 < minimumSecondByte) + return 0; + size_t i = std::wstring::npos; + if (ch1 >= 0x81 && ch1 <= 0x9f) { + if (ch2 == 0x7f) + ch2 = 0x40; + else if (ch2 >= 0xfd) + ch2 += 0x41 - 0xfd; + i = (ch1 - 0x81) * (4 * 16 + 4 - 1 - minimumSecondByte) + ch2 - 1 - minimumSecondByte; + } else if (ch1 >= 0xe0 && ch1 <= 0xef) { + if (ch2 == 0x7f) + ch2 = 0x40; + else if (ch2 >= 0xfd) + ch2 += 0x41 - 0xfd; + i = (ch1 - 0xe0) * (4 * 16 + 4 - 1 - minimumSecondByte) + ch2 - 1 - minimumSecondByte + + 31 * (4 * 16 + 4 - 1 - minimumSecondByte); + } else if (ch1 == 0x80) + i = ch2 - 1 - minimumSecondByte + + 47 * (4 * 16 + 4 - 1 - minimumSecondByte); + else if (ch1 == 0xa0) + i = ch2 - 1 - minimumSecondByte + + 47 * (4 * 16 + 4 - 1 - minimumSecondByte) + + (256 - 1 - minimumSecondByte); + else if (ch1 >= 0xf0 && ch1 <= 0xff) // 0xff is skipped + i = (ch1 - 0xf0) * (256 - 1 - minimumSecondByte) + ch2 - 1 - minimumSecondByte + + 47 * (4 * 16 + 4 - 1 - minimumSecondByte) + + (256 - 1 - minimumSecondByte) * 2; + if (i != std::wstring::npos && i < text.size()) + return text[i]; + return 0; +} + +/** Public class */ + +DynamicShiftJISCodec::DynamicShiftJISCodec(UINT codec) : d_(new D(codec)) {} + +DynamicShiftJISCodec::~DynamicShiftJISCodec() { delete d_; } + +int DynamicShiftJISCodec::capacity() const { return d_->capacity(); } + +int DynamicShiftJISCodec::size() const { return d_->text.size(); } + +bool DynamicShiftJISCodec::isEmpty() const { return d_->text.empty(); } + +bool DynamicShiftJISCodec::isFull() const { return d_->isFull(); } + +void DynamicShiftJISCodec::clear() { d_->text.clear(); } + +int DynamicShiftJISCodec::minimumSecondByte() const { return d_->minimumSecondByte; } + +void DynamicShiftJISCodec::setMinimumSecondByte(int v) { d_->minimumSecondByte = v; } + +std::string DynamicShiftJISCodec::encodeSTD(const std::wstring& text, bool* dynamic) const +{ + if (dynamic) + *dynamic = false; + if (!d_->codepage) + return WideStringToString(text,GetACP()); + return d_->encodeSTD(reinterpret_cast(text.c_str()), text.size(), dynamic); +} +std::wstring DynamicShiftJISCodec::decode(const std::string&data, bool *dynamic) const +{ + if (dynamic) + *dynamic = false; + if (!d_->codepage) + return (StringToWideString(data , CP_ACP).value() ); + if (d_->text.empty()) + return (StringToWideString(data , d_->codepage).value() ); + return d_->decode(data.c_str(), data.size(), dynamic); +} + +// EOF diff --git a/cpp/LunaHook/LunaHook/util/dyncodec/dynsjiscodec.h b/cpp/LunaHook/LunaHook/util/dyncodec/dynsjiscodec.h new file mode 100644 index 00000000..7cbeec97 --- /dev/null +++ b/cpp/LunaHook/LunaHook/util/dyncodec/dynsjiscodec.h @@ -0,0 +1,59 @@ +#ifndef QTDYNCODEC_DYNSJIS_H +#define QTDYNCODEC_DYNSJIS_H + + +#define SK_DECLARE_PRIVATE(_class) \ + friend class _class; \ + typedef _class D; \ + D *const d_; + +# define SK_DISABLE_COPY(_class) \ + _class(const _class &); \ + _class &operator=(const _class &); + +#define SK_CLASS(_self) \ + typedef _self Self; \ + Self *self() const { return const_cast(this); } + +class DynamicShiftJISCodecPrivate; +class DynamicShiftJISCodec +{ + SK_CLASS(DynamicShiftJISCodec) + SK_DISABLE_COPY(DynamicShiftJISCodec) + SK_DECLARE_PRIVATE(DynamicShiftJISCodecPrivate) + + // - Construction - +public: + explicit DynamicShiftJISCodec(UINT codepag); + ~DynamicShiftJISCodec(); + + int capacity() const; // maximum allowed number of characters + + // Minimum value for the second byte, must be larger than 0 and smaller than 0x40 + int minimumSecondByte() const; + void setMinimumSecondByte(int v); + + /// Return the number of current characters + int size() const; + bool isEmpty() const; + bool isFull() const; + + // Clear cached codec + void clear(); + + /** + * @param text + * @param* dynamic whether there are unencodable character + * @return data + */ + std::string encodeSTD(const std::wstring& text, bool* dynamic = nullptr) const; + + /** + * @param data + * @param* dynamic whether there are undecodable character + * @return text + */ + std::wstring decode(const std::string&data, bool *dynamic = nullptr) const; +}; + +#endif // QTDYNCODEC_DYNSJIS_H diff --git a/cpp/LunaHook/LunaHook/util/ithsys/ithsys.cc b/cpp/LunaHook/LunaHook/util/ithsys/ithsys.cc new file mode 100644 index 00000000..5e91496f --- /dev/null +++ b/cpp/LunaHook/LunaHook/util/ithsys/ithsys.cc @@ -0,0 +1,67 @@ +// ithsys.cc +// 8/21/2013 jichi +// Branch: ITH_SYS/SYS.cpp, rev 126 +// +// 8/24/2013 TODO: +// - Clean up the code +// - Move my old create remote thread for ITH2 here + +#include "ithsys/ithsys.h" + +/** +* Return the address of the first matched pattern. +* Artikash 7/14/2018: changed implementation, hopefully it behaves the same +* Return 0 if failed. The return result is ambiguous if the pattern address is 0. +* +* @param startAddress search start address +* @param range search range +* @param pattern array of bytes to match +* @param patternSize size of the pattern array +* @return relative offset from the startAddress +*/ +uintptr_t SearchPattern(uintptr_t base, uintptr_t base_length, LPCVOID search, uintptr_t search_length) +{ + // Artikash 7/14/2018: not sure, but I think this could throw read access violation if I dont subtract search_length + for (int i = 0; i < base_length - search_length; ++i) + for (int j = 0; j <= search_length; ++j) + if (j == search_length) return i; // not sure about this algorithm... + else if (*((BYTE*)base + i + j) != *((BYTE*)search + j) && *((BYTE*)search + j) != XX) break; + //if (memcmp((void*)(base + i), search, search_length) == 0) + //return i; + + return 0; +} + +uintptr_t IthGetMemoryRange(LPCVOID mem, uintptr_t *base, size_t *size) +{ + MEMORY_BASIC_INFORMATION info = {}; + VirtualQuery(mem, &info, sizeof(info)); + if (base) + *base = (uintptr_t)info.BaseAddress; + if (size) + *size = info.RegionSize; + return info.Protect > PAGE_NOACCESS; +} + +// jichi 6/12/2015: https://en.wikipedia.org/wiki/Shift_JIS +// Leading table for SHIFT-JIS encoding +BYTE LeadByteTable[0x100] = { + 1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1, + 1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1, + 1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1, + 1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1, + 1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1, + 1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1, + 1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1, + 1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1, + 1,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2, + 2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2, + 2,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1, + 1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1, + 1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1, + 1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1, + 2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2, + 2,2,2,2,2,2,2,2,2,2,2,2,2,1,1,1 +}; + +// EOF \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/util/ithsys/ithsys.h b/cpp/LunaHook/LunaHook/util/ithsys/ithsys.h new file mode 100644 index 00000000..7408922c --- /dev/null +++ b/cpp/LunaHook/LunaHook/util/ithsys/ithsys.h @@ -0,0 +1,20 @@ +#pragma once + +// ithsys.h +// 8/23/2013 jichi +// Branch: ITH/IHF_SYS.h, rev 111 + +#ifdef _MSC_VER +# pragma warning(disable:4800) // C4800: forcing value to bool +#endif // _MSC_VER +//#include "ntdll/ntdll.h" +#include + +// jichi 10/1/2013: Return 0 if failed. So, it is ambiguous if the search pattern starts at 0 +uintptr_t SearchPattern(uintptr_t base, uintptr_t base_length, LPCVOID search, uintptr_t search_length); // KMP + +uintptr_t IthGetMemoryRange(LPCVOID mem, uintptr_t *base, size_t *size); + +extern BYTE LeadByteTable[]; + +// EOF diff --git a/cpp/LunaHook/LunaHook/util/memdbg/memdbg.h b/cpp/LunaHook/LunaHook/util/memdbg/memdbg.h new file mode 100644 index 00000000..70fbe133 --- /dev/null +++ b/cpp/LunaHook/LunaHook/util/memdbg/memdbg.h @@ -0,0 +1,25 @@ +#ifndef _MEMDBG_H +#define _MEMDBG_H + +// memdbg.h +// 4/20/2014 jichi + +#ifndef MEMDBG_BEGIN_NAMESPACE +# define MEMDBG_BEGIN_NAMESPACE namespace MemDbg { +#endif +#ifndef MEMDBG_END_NAMESPACE +# define MEMDBG_END_NAMESPACE } // MemDbg +#endif + +MEMDBG_BEGIN_NAMESPACE + +typedef unsigned char byte_t; +typedef unsigned long dword_t; + +//typedef void *address_t; // LPVOID +//typedef const void *const_address_t; // LPCVOID + +MEMDBG_END_NAMESPACE + + +#endif // _MEMDBG_H diff --git a/cpp/LunaHook/LunaHook/util/memdbg/memsearch.cc b/cpp/LunaHook/LunaHook/util/memdbg/memsearch.cc new file mode 100644 index 00000000..b302402d --- /dev/null +++ b/cpp/LunaHook/LunaHook/util/memdbg/memsearch.cc @@ -0,0 +1,684 @@ +// memsearch.cc +// 4/20/2014 jichi +#include "memdbg/memsearch.h" +#include "ithsys/ithsys.h" +#include + +// Helpers + +namespace { // unnamed + +enum : BYTE { byte_nop = 0x90 }; +enum : BYTE { byte_int3 = 0xcc }; +enum : WORD { word_2int3 = 0xcccc }; + +// jichi 4/19/2014: Return the integer that can mask the signature +// Artikash 8/4/2018: change implementation +DWORD sigMask(DWORD sig) +{ + DWORD count = 0; + while (sig) + { + sig >>= 8; + ++count; + } + count -= 4; + count = -count; + return 0xffffffff >> (count << 3); +} + +// Modified from ITH findCallOrJmpAbs +// Example call: +// 00449063 |. ff15 5cf05300 call dword ptr ds:[<&gdi32.getglyphoutli>; \GetGlyphOutlineA +enum : WORD { + word_jmp = 0x25ff // long jump + , word_call = 0x15ff // far call +}; + +// Modified from ITH findCallOrJmpAbs +enum : BYTE { + byte_jmp = 0xe9 // long call + , byte_call = 0xe8 // near call + , byte_push_small = 0x6a // push byte operand + , byte_push_large = 0x68 // push operand > 0xff +}; +} +MEMDBG_BEGIN_NAMESPACE +#ifndef _WIN64 +/*** + * Return the absolute address of op. Op takes 1 parameter. + * DWORD call with absolute address. + * + * @param op first half of the operator + * @param arg1 the function address + * @param start address + * @param stop address + * @param offset search after start address + * @param range search size + * @return absolute address or 0 + */ +DWORD findWordCall(WORD op, DWORD arg1, DWORD start, DWORD stop, DWORD offset, DWORD range) +{ + typedef WORD optype; + typedef DWORD argtype; + + for (DWORD i = offset; i < offset + range - sizeof(argtype); i++) + if (op == *(optype *)(start + i)) { + DWORD t = *(DWORD *)(start + i + sizeof(optype)); + if (t > start && t < stop) { + if (arg1 == *(argtype *)t) // absolute address + return start + i; + //i += sizeof(optype) + sizeof(argtype) - 1; // == 5 + } + } + return 0; +} + +DWORD findLastWordCall(WORD op, DWORD arg1, DWORD start, DWORD stop, DWORD offset, DWORD range) +{ + typedef WORD optype; + typedef DWORD argtype; + DWORD ret = 0; + + for (DWORD i = offset; i < offset + range - sizeof(argtype); i++) + if (op == *(optype *)(start + i)) { + DWORD t = *(DWORD *)(start + i + sizeof(optype)); + if (t > start && t < stop) { + if (arg1 == *(argtype *)t) // absolute address + ret = start + i; + //i += sizeof(optype) + sizeof(argtype) - 1; // == 5 + } + } + return ret; +} + + +/*** + * Return the absolute address of op. Op takes 1 address parameter. + * BYTE call with relative address. + * + * @param op first half of the operator + * @param arg1 the function address + * @param start address + * @param offset search after start address + * @param range search size + * @return absolute address or 0 + */ +DWORD findByteCall(BYTE op, DWORD arg1, DWORD start, DWORD offset, DWORD range) +{ + typedef BYTE optype; + typedef DWORD argtype; + + for (DWORD i = offset; i < offset + range - sizeof(argtype); i++) + if (op == *(optype *)(start + i)) { + DWORD t = *(argtype *)(start + i + sizeof(optype)); + //if (t > start && t < stop) { + if (arg1 == t + start + i + sizeof(optype) + sizeof(argtype)) // relative address + return start + i; + //i += sizeof(optype) + sizeof(argtype) - 1; // == 4 + //} + } + return 0; +} + +DWORD findLastByteCall(BYTE op, DWORD arg1, DWORD start, DWORD offset, DWORD range) +{ + typedef BYTE optype; + typedef DWORD argtype; + DWORD ret = 0; + for (DWORD i = offset; i < offset + range - sizeof(argtype); i++) + if (op == *(optype *)(start + i)) { + DWORD t = *(argtype *)(start + i + sizeof(optype)); + //if (t > start && t < stop) { + if (arg1 == t + start + i + sizeof(optype) + sizeof(argtype)) // relative address + ret = start + i; + //i += sizeof(optype) + sizeof(argtype) - 1; // == 4 + //} + } + return ret; +} + +/*** + * Return the absolute address of op. Op takes 1 parameter. + * + * @param op first half of the operator + * @param arg1 the first operand + * @param start address + * @param search range + * @return absolute address or 0 + */ +//DWORD findByteOp1(BYTE op, DWORD arg1, DWORD start, DWORD size, DWORD offset) +//{ +// typedef BYTE optype; +// typedef DWORD argtype; +// +// for (DWORD i = offset; i < size - sizeof(argtype); i++) +// if (op == *(optype *)(start + i)) { +// DWORD t = *(DWORD *)(start + i + sizeof(optype)); +// if (t == arg1) { +// return start + i; +// else +// i += sizeof(optype) + sizeof(argtype) - 1; // == 4 +// } +// } +// return 0; +//} + + // namespace unnamed + + +DWORD findLongJumpAddress(DWORD funcAddr, DWORD lowerBound, DWORD upperBound, DWORD offset, DWORD range) +{ return findWordCall(word_jmp, funcAddr, lowerBound, upperBound, offset, range ? range : (upperBound - lowerBound - offset)); } + +DWORD findShortJumpAddress(DWORD funcAddr, DWORD lowerBound, DWORD upperBound, DWORD offset, DWORD range) +{ return findByteCall(byte_jmp, funcAddr, lowerBound, offset, range ? range : (upperBound - lowerBound - offset)); } + +DWORD findFarCallAddress(DWORD funcAddr, DWORD lowerBound, DWORD upperBound, DWORD offset, DWORD range) +{ return findWordCall(word_call, funcAddr, lowerBound, upperBound, offset, range ? range : (upperBound - lowerBound - offset)); } + +DWORD findNearCallAddress(DWORD funcAddr, DWORD lowerBound, DWORD upperBound, DWORD offset, DWORD range) +{ return findByteCall(byte_call, funcAddr, lowerBound, offset, range ? range : (upperBound - lowerBound - offset)); } + +DWORD findLastLongJumpAddress(DWORD funcAddr, DWORD lowerBound, DWORD upperBound, DWORD offset, DWORD range) +{ return findLastWordCall(word_jmp, funcAddr, lowerBound, upperBound, offset, range ? range : (upperBound - lowerBound - offset)); } + +DWORD findLastShortJumpAddress(DWORD funcAddr, DWORD lowerBound, DWORD upperBound, DWORD offset, DWORD range) +{ return findLastByteCall(byte_jmp, funcAddr, lowerBound, offset, range ? range : (upperBound - lowerBound - offset)); } + +DWORD findLastFarCallAddress(DWORD funcAddr, DWORD lowerBound, DWORD upperBound, DWORD offset, DWORD range) +{ return findLastWordCall(word_call, funcAddr, lowerBound, upperBound, offset, range ? range : (upperBound - lowerBound - offset)); } + +DWORD findLastNearCallAddress(DWORD funcAddr, DWORD lowerBound, DWORD upperBound, DWORD offset, DWORD range) +{ return findLastByteCall(byte_call, funcAddr, lowerBound, offset, range ? range : (upperBound - lowerBound - offset)); } + +DWORD findPushDwordAddress(DWORD value, DWORD lowerBound, DWORD upperBound) +{ + //value = _byteswap_ulong(value); // swap to bigendian + const BYTE *p = (BYTE *)&value; + const BYTE bytes[] = {byte_push_large, p[0], p[1], p[2], p[3]}; + return findBytes(bytes, sizeof(bytes), lowerBound, upperBound); +} + +DWORD findPushByteAddress(BYTE value, DWORD lowerBound, DWORD upperBound) +{ + const BYTE bytes[] = {byte_push_small, value}; + return findBytes(bytes, sizeof(bytes), lowerBound, upperBound); +} + +#ifndef MEMDBG_NO_STL + +bool iterFindBytes(const address_fun_t &fun, const void *pattern, DWORD patternSize, DWORD lowerBound, DWORD upperBound) +{ + for (DWORD addr = lowerBound; addr < upperBound - patternSize; addr += patternSize) { + addr = findBytes(pattern, patternSize, addr, upperBound); + if (!addr || !fun(addr)) + return false; + } + return true; +} + +bool iterMatchBytes(const address_fun_t &fun, const void *pattern, DWORD patternSize, DWORD lowerBound, DWORD upperBound) +{ + for (DWORD addr = lowerBound; addr < upperBound - patternSize; addr += patternSize) { ; + addr = findBytes(pattern, patternSize, addr, upperBound); + if (!addr || !fun(addr)) + return false; + } + return true; +} + +bool iterWordCall(const address_fun_t &callback, WORD op, DWORD arg1, DWORD start, DWORD stop, DWORD offset, DWORD range) +{ + typedef WORD optype; + typedef DWORD argtype; + + for (DWORD i = offset; i < offset + range - sizeof(argtype); i++) + if (op == *(optype *)(start + i)) { + DWORD t = *(DWORD *)(start + i + sizeof(optype)); + if (t > start && t < stop) { + if (arg1 == *(argtype *)t // absolute address + && !callback(start + i)) + return false; + //i += sizeof(optype) + sizeof(argtype) - 1; // == 5 + } + } + return true; +} + +bool iterByteCall(const address_fun_t &callback, BYTE op, DWORD arg1, DWORD start, DWORD offset, DWORD range) +{ + typedef BYTE optype; + typedef DWORD argtype; + + for (DWORD i = offset; i < offset + range - sizeof(argtype); i++) + if (op == *(optype *)(start + i)) { + DWORD t = *(argtype *)(start + i + sizeof(optype)); + //if (t > start && t < stop) { + if (arg1 == t + start + i + sizeof(optype) + sizeof(argtype) // relative address + && !callback(start + i)) + return false; + //i += sizeof(optype) + sizeof(argtype) - 1; // == 4 + //} + } + return true; +} + +bool iterCallerAddress(const address2_fun_t &callback, DWORD funcAddr, DWORD sig, DWORD lowerBound, DWORD upperBound, DWORD reverseLength, DWORD offset) +{ + enum { PatternSize = 4 }; + const DWORD size = upperBound - lowerBound - PatternSize; + const DWORD fun = (DWORD)funcAddr; + // Example function call: + // 00449063 |. ff15 5cf05300 call dword ptr ds:[<&gdi32.getglyphoutli>; \GetGlyphOutlineA + //WCHAR str[0x40]; + const DWORD mask = sigMask(sig); + for (DWORD i = offset; i < size; i++) + if (*(WORD *)(lowerBound + i) == word_call) { + DWORD t = *(DWORD *)(lowerBound + i + 2); // 2 = sizeof(word) + if (t >= lowerBound && t <= upperBound - PatternSize) { + if (*(DWORD *)t == fun) + //swprintf(str,L"CALL addr: 0x%.8X",lowerBound + i); + //OutputConsole(str); + for (DWORD j = i ; j > i - reverseLength; j--) + if ((*(DWORD *)(lowerBound + j) & mask) == sig) { + if (!callback(lowerBound + j, lowerBound + i)) + return false; + break; + } + + } else + i += 6; + } + //OutputConsole(L"Find call and entry failed."); + return true; +} + +bool iterCallerAddressAfterInt3(const address2_fun_t &fun, dword_t funcAddr, dword_t lowerBound, dword_t upperBound, dword_t callerSearchSize, dword_t offset) +{ + auto callback = [&fun](dword_t addr, dword_t call) -> bool { + while (byte_int3 == *(BYTE *)++addr); // skip leading int3 + return fun(addr, call); + }; + return iterCallerAddress(callback, funcAddr, word_2int3, lowerBound, upperBound, callerSearchSize, offset); +} + +bool iterUniqueCallerAddress(const address_fun_t &fun, dword_t funcAddr, dword_t funcInst, dword_t lowerBound, dword_t upperBound, dword_t callerSearchSize, dword_t offset) +{ + dword_t prevAddr = 0; + auto callback = [&fun, &prevAddr](dword_t addr, dword_t) -> bool { + if (prevAddr == addr) + return true; + prevAddr = addr; + return fun(addr); + }; + return iterCallerAddress(callback, funcAddr, funcInst, lowerBound, upperBound, callerSearchSize, offset); +} + +bool iterUniqueCallerAddressAfterInt3(const address_fun_t &fun, dword_t funcAddr, dword_t lowerBound, dword_t upperBound, dword_t callerSearchSize, dword_t offset) +{ + auto callback = [&fun](dword_t addr) -> bool { + while (byte_int3 == *(BYTE *)++addr); // skip leading int3 + return fun(addr); + }; + return iterUniqueCallerAddress(callback, funcAddr, word_2int3, lowerBound, upperBound, callerSearchSize, offset); +} + +bool iterLongJumpAddress(const address_fun_t &fun, DWORD funcAddr, DWORD lowerBound, DWORD upperBound, DWORD offset, DWORD range) +{ return iterWordCall(fun, word_jmp, funcAddr, lowerBound, upperBound, offset, range ? range : (upperBound - lowerBound - offset)); } + +bool iterShortJumpAddress(const address_fun_t &fun, DWORD funcAddr, DWORD lowerBound, DWORD upperBound, DWORD offset, DWORD range) +{ return iterByteCall(fun, byte_jmp, funcAddr, lowerBound, offset, range ? range : (upperBound - lowerBound - offset)); } + +bool iterFarCallAddress(const address_fun_t &fun, DWORD funcAddr, DWORD lowerBound, DWORD upperBound, DWORD offset, DWORD range) +{ return iterWordCall(fun, word_call, funcAddr, lowerBound, upperBound, offset, range ? range : (upperBound - lowerBound - offset)); } + +bool iterNearCallAddress(const address_fun_t &fun, DWORD funcAddr, DWORD lowerBound, DWORD upperBound, DWORD offset, DWORD range) +{ return iterByteCall(fun, byte_call, funcAddr, lowerBound, offset, range ? range : (upperBound - lowerBound - offset)); } + +bool iterAlignedNearCallerAddress(const address_fun_t &fun, dword_t funcAddr, dword_t lowerBound, dword_t upperBound, dword_t callerSearchSize, dword_t offset) +{ + dword_t prevAddr = 0; + auto callback = [&fun, &prevAddr, callerSearchSize](dword_t addr) -> bool { + if ((addr = findEnclosingAlignedFunction(addr, callerSearchSize)) + && prevAddr != addr) { + prevAddr = addr; + return fun(addr); + } + return true; + }; + return iterNearCallAddress(callback, funcAddr, lowerBound, upperBound, offset); +} + +#endif // MEMDBG_NO_STL + +DWORD findMultiCallerAddress(DWORD funcAddr, const DWORD sigs[], DWORD sigCount, DWORD lowerBound, DWORD upperBound, DWORD reverseLength, DWORD offset) +{ + enum { PatternSize = 4 }; + const DWORD size = upperBound - lowerBound - PatternSize; + const DWORD fun = (DWORD)funcAddr; + // Example function call: + // 00449063 |. ff15 5cf05300 call dword ptr ds:[<&gdi32.getglyphoutli>; \GetGlyphOutlineA + //WCHAR str[0x40]; + + enum { MaxSigCount = 0x10 }; // mast be larger than maximum sigCount + DWORD masks[MaxSigCount]; + for (DWORD k = 0; k < sigCount; k++) + masks[k] = sigMask(sigs[k]); + + for (DWORD i = offset; i < size; i++) + if ((*(WORD *)(lowerBound + i) == word_call)|| + (*(WORD *)(lowerBound + i) ==0x3d8b)) { + //8B 3D 24 F0 45 00 mov edi, ds:TextOutA ,call edi + //MOON CHILDe + //https://vndb.org/v1568 + DWORD t = *(DWORD *)(lowerBound + i + 2); // 2 = sizeof(word) + if (t >= lowerBound && t <= upperBound - PatternSize) { + if (*(DWORD *)t == fun) + //swprintf(str,L"CALL addr: 0x%.8X",lowerBound + i); + //OutputConsole(str); + for (DWORD j = i ; j > i - reverseLength; j--) { + DWORD ret = lowerBound + j, + inst = *(DWORD *)ret; + for (DWORD k = 0; k < sigCount; k++) + if ((inst & masks[k]) == sigs[k]) // Fun entry 1. + //swprintf(str,L"Entry: 0x%.8X",lowerBound + j); + //OutputConsole(str); + return ret; + } + + } else + i += 6; + } + //OutputConsole(L"Find call and entry failed."); + return 0; +} + +DWORD findLastCallerAddress(DWORD funcAddr, DWORD sig, DWORD lowerBound, DWORD upperBound, DWORD reverseLength, DWORD offset) +{ + enum { PatternSize = 4 }; + const DWORD size = upperBound - lowerBound - PatternSize; + const DWORD fun = (DWORD)funcAddr; + //WCHAR str[0x40]; + DWORD ret = 0; + const DWORD mask = sigMask(sig); + for (DWORD i = offset; i < size; i++) + if (*(WORD *)(lowerBound + i) == word_call) { + DWORD t = *(DWORD *)(lowerBound + i + 2); + if (t >= lowerBound && t <= upperBound - PatternSize) { + if (*(DWORD *)t == fun) + //swprintf(str,L"CALL addr: 0x%.8X",lowerBound + i); + //OutputConsole(str); + for (DWORD j = i ; j > i - reverseLength; j--) + if ((*(DWORD *)(lowerBound + j) & mask) == sig) { // Fun entry 1. + //swprintf(str,L"Entry: 0x%.8X",lowerBound + j); + //OutputConsole(str); + ret = lowerBound + j; + break; + } + + } else + i += 6; + } + //OutputConsole(L"Find call and entry failed."); + return ret; +} + +DWORD findCallerAddressAfterInt3(dword_t funcAddr, dword_t lowerBound, dword_t upperBound, dword_t callerSearchSize, dword_t offset) +{ + DWORD addr = findCallerAddress(funcAddr, word_2int3, lowerBound, upperBound, callerSearchSize, offset); + if (addr) + while (byte_int3 == *(BYTE *)++addr); + return addr; +} + +DWORD findLastCallerAddressAfterInt3(dword_t funcAddr, dword_t lowerBound, dword_t upperBound, dword_t callerSearchSize, dword_t offset) +{ + DWORD addr = findLastCallerAddress(funcAddr, word_2int3, lowerBound, upperBound, callerSearchSize, offset); + if (addr) + while (byte_int3 == *(BYTE *)++addr); + return addr; +} + +DWORD findAlignedNearCallerAddress(dword_t funcAddr, dword_t lowerBound, dword_t upperBound, dword_t callerSearchSize, dword_t offset) +{ + if (DWORD addr = findNearCallAddress(funcAddr, lowerBound, upperBound, offset)) + return findEnclosingAlignedFunction(addr, callerSearchSize); + return 0; +} + +DWORD findLastAlignedNearCallerAddress(dword_t funcAddr, dword_t lowerBound, dword_t upperBound, dword_t callerSearchSize, dword_t offset) +{ + if (DWORD addr = findLastCallerAddressAfterInt3(funcAddr, lowerBound, upperBound, callerSearchSize, offset)) + return findEnclosingAlignedFunction(addr, callerSearchSize); + return 0; +} + +DWORD findEnclosingFunctionAfterDword(DWORD sig, DWORD start, DWORD back_range, DWORD step) +{ + start &= ~0xf; + for (DWORD i = start, j = start - back_range; i > j; i-=step) { // 0x10 is aligned + DWORD k = *(DWORD *)(i-4); // 4 = sizeof(DWORD) + if (k == sig) + return i; + } + return 0; +} + +DWORD findEnclosingFunctionBeforeDword(DWORD sig, DWORD start, DWORD back_range,DWORD step) +{ + DWORD addr = findEnclosingFunctionAfterDword(sig, start, back_range, step); + if (addr) + addr -= sizeof(DWORD); + return addr; +} + +DWORD findEnclosingFunctionAfterInt3(DWORD start, DWORD back_range, DWORD step) +{ return findEnclosingFunctionAfterDword(0xcccccccc, start, back_range, step); } + +DWORD findEnclosingFunctionAfterNop(DWORD start, DWORD back_range, DWORD step) +{ return findEnclosingFunctionAfterDword(0x90909090,start, back_range, step); } + +#else + +uint64_t findleaaddr(uint64_t addr,uint64_t start,uint64_t end) +{ + for(auto _addr=start;_addr findleaaddr_all(uint64_t addr,uint64_t start,uint64_t end) +{ + std::vector addrs; + for(auto _addr=start;_addr; \GetGlyphOutlineA + //WCHAR str[0x40]; + const DWORD mask = sigMask(sig); + for (uintptr_t i = offset; i < size; i++) + if (*(WORD *)(lowerBound + i) == word_call) { + #ifdef _WIN64 + uintptr_t t = lowerBound+i+6+*(DWORD *)(lowerBound + i + 2); // 2 = sizeof(word) + #else + DWORD t = *(DWORD *)(lowerBound + i + 2); + #endif + + if (t >= lowerBound && t <= upperBound - PatternSize) { + if (*(uintptr_t *)t == fun) + //swprintf(str,L"CALL addr: 0x%.8X",lowerBound + i); + //OutputConsole(str); + for (uintptr_t j = i ; j > i - reverseLength; j--) + if ((*(uintptr_t *)(lowerBound + j) & mask) == sig) // Fun entry 1. + //swprintf(str,L"Entry: 0x%.8X",lowerBound + j); + //OutputConsole(str); + return lowerBound + j; + + } else + i += 6; + } + //OutputConsole(L"Find call and entry failed."); + return 0; +} + +uintptr_t findEnclosingAlignedFunction(uintptr_t start, uintptr_t back_range) +{ + start &= ~0xf; + for (uintptr_t i = start, j = start - back_range; i > j; i-=0x10) { + DWORD k = *(DWORD *)(i-4); + if (k == 0xcccccccc + || k == 0x90909090 + || k == 0xccccccc3 + || k == 0x909090c3 + ) + return i; + DWORD t = k & 0xff0000ff; + if (t == 0xcc0000c2 || t == 0x900000c2) + return i; + k >>= 8; + if (k == 0xccccc3 || k == 0x9090c3) + return i; + t = k & 0xff; + if (t == 0xc2) + return i; + k >>= 8; + if (k == 0xccc3 || k == 0x90c3) + return i; + k >>= 8; + if (k == 0xc3) + return i; + } + return 0; +} + +uintptr_t findEnclosingAlignedFunction_strict(uintptr_t start, uintptr_t back_range) +{ + start &= ~0xf; + for (uintptr_t i = start, j = start - back_range; i > j; i-=0x10) { + DWORD k = *(DWORD *)(i-4); + if (k == 0xcccccccc + || k == 0x90909090 + || k == 0xccccccc3 + || k == 0x909090c3 + ) + return i; + } + return 0; +} +uintptr_t findBytes(const void *pattern, uintptr_t patternSize, uintptr_t lowerBound, uintptr_t upperBound) +{ + uintptr_t reladdr = SearchPattern(lowerBound, upperBound - lowerBound, pattern, patternSize); + return reladdr ? lowerBound + reladdr : 0; +} + +//DWORD reverseFindBytes(const void *pattern, DWORD patternSize, DWORD lowerBound, DWORD upperBound) +//{ +// DWORD reladdr = reverseSearchPattern(lowerBound, upperBound - lowerBound, pattern, patternSize); +// return reladdr ? lowerBound + reladdr : 0; +//} + +#if 0 // not used +DWORD findBytesInPages(const void *pattern, DWORD patternSize, DWORD lowerBound, DWORD upperBound, SearchType search) +{ + //enum { MinPageSize = 4 * 1024 }; // 4k + DWORD ret = 0; + DWORD start = lowerBound, + stop = start; + MEMORY_BASIC_INFORMATION mbi = {}; + + //lowerBound = 0x10000000; + //upperBound = 0x14000000; + //SIZE_T ok = ::VirtualQuery((LPCVOID)lowerBound, &mbi, sizeof(mbi)); + //ITH_GROWL_DWORD7(1, start, stop, mbi.RegionSize, mbi.Protect, mbi.Type, mbi.State); + //return findBytes(pattern, patternSize, lowerBound, upperBound, wildcard); + while (stop < upperBound) { + SIZE_T ok = ::VirtualQuery((LPCVOID)start, &mbi, sizeof(mbi)); + if (!mbi.RegionSize) + break; + // Only visit readable and committed region + // Protect could be zero if not allowed to query + if (!ok || !mbi.Protect || mbi.Protect&PAGE_NOACCESS) { + if (stop > start && (ret = findBytes(pattern, patternSize, lowerBound, upperBound))) + return ret; + if (search != SearchAll) + return 0; + stop += mbi.RegionSize; + start = stop; + } else + stop += mbi.RegionSize; + } + if (stop > start) + ret = findBytes(pattern, patternSize, start, min(upperBound, stop)); + return ret; +} + +DWORD matchBytesInPages(const void *pattern, DWORD patternSize, DWORD lowerBound, DWORD upperBound, BYTE wildcard, SearchType search) +{ + //enum { MinPageSize = 4 * 1024 }; // 4k + DWORD ret = 0; + DWORD start = lowerBound, + stop = start; + MEMORY_BASIC_INFORMATION mbi = {}; + + //lowerBound = 0x10000000; + //upperBound = 0x14000000; + //SIZE_T ok = ::VirtualQuery((LPCVOID)lowerBound, &mbi, sizeof(mbi)); + //ITH_GROWL_DWORD7(1, start, stop, mbi.RegionSize, mbi.Protect, mbi.Type, mbi.State); + //return findBytes(pattern, patternSize, lowerBound, upperBound, wildcard); + while (stop < upperBound) { + SIZE_T ok = ::VirtualQuery((LPCVOID)start, &mbi, sizeof(mbi)); + if (!mbi.RegionSize) + break; + // Only visit readable and committed region + // Protect could be zero if not allowed to query + if (!ok || !mbi.Protect || mbi.Protect&PAGE_NOACCESS) { + if (stop > start && (ret = findBytes(pattern, patternSize, lowerBound, upperBound, wildcard))) + return ret; + if (search != SearchAll) + return 0; + stop += mbi.RegionSize; + start = stop; + } else + stop += mbi.RegionSize; + } + if (stop > start) + ret = findBytes(pattern, patternSize, start, min(upperBound, stop), wildcard); + return ret; +} + +#endif // 0 + +MEMDBG_END_NAMESPACE + +// EOF diff --git a/cpp/LunaHook/LunaHook/util/memdbg/memsearch.h b/cpp/LunaHook/LunaHook/util/memdbg/memsearch.h new file mode 100644 index 00000000..a4f4375c --- /dev/null +++ b/cpp/LunaHook/LunaHook/util/memdbg/memsearch.h @@ -0,0 +1,210 @@ +#ifndef _MEMDBG_MEMSEARCH_H +#define _MEMDBG_MEMSEARCH_H + +// memsearch.h +// 4/20/2014 jichi + +#include "memdbg/memdbg.h" +#ifndef MEMDBG_NO_STL +# include +#endif // MEMDBG_NO_STL + +MEMDBG_BEGIN_NAMESPACE + +/// Estimated maximum size of the caller function, the same as ITH FindCallAndEntryAbs +enum { MaximumFunctionSize = 0x800 }; + +/// Offset added to the beginning of the searched address +enum { MemoryPaddingOffset = 0x1000 }; + +enum { MemoryAlignedStep = 0x10 }; + +#ifndef MEMDBG_NO_STL +/// Iterate address and return false if abort iteration. +typedef std::function address_fun_t; +typedef std::function address2_fun_t; + +/** + * Iterate all call and caller addresses + * @param fun the first parameter is the address of the caller, and the second parameter is the address of the call itself + * @return false if return early, and true if iterate all elements + */ +bool iterCallerAddress(const address2_fun_t &fun, dword_t funcAddr, dword_t funcInst, dword_t lowerBound, dword_t upperBound, dword_t callerSearchSize = MaximumFunctionSize, dword_t offset = MemoryPaddingOffset); +bool iterCallerAddressAfterInt3(const address2_fun_t &fun, dword_t funcAddr, dword_t lowerBound, dword_t upperBound, dword_t callerSearchSize = MaximumFunctionSize, dword_t offset = MemoryPaddingOffset); +bool iterUniqueCallerAddress(const address_fun_t &fun, dword_t funcAddr, dword_t funcInst, dword_t lowerBound, dword_t upperBound, dword_t callerSearchSize = MaximumFunctionSize, dword_t offset = MemoryPaddingOffset); +bool iterUniqueCallerAddressAfterInt3(const address_fun_t &fun, dword_t funcAddr, dword_t lowerBound, dword_t upperBound, dword_t callerSearchSize = MaximumFunctionSize, dword_t offset = MemoryPaddingOffset); + +/** + * Iterate all call and caller addresses + * @param fun the parameter is the address of the call + * @return false if return early, and true if iterate all elements + */ +bool iterFarCallAddress(const address_fun_t &fun, dword_t funcAddr, dword_t lowerBound, dword_t upperBound, dword_t offset = MemoryPaddingOffset, dword_t range = 0); +bool iterNearCallAddress(const address_fun_t &fun, dword_t funcAddr, dword_t lowerBound, dword_t upperBound, dword_t offset = MemoryPaddingOffset, dword_t range = 0); +bool iterLongJumpAddress(const address_fun_t &fun, dword_t funcAddr, dword_t lowerBound, dword_t upperBound, dword_t offset = MemoryPaddingOffset, dword_t range = 0); +bool iterShortJumpAddress(const address_fun_t &fun, dword_t funcAddr, dword_t lowerBound, dword_t upperBound, dword_t offset = MemoryPaddingOffset, dword_t range = 0); + +bool iterAlignedNearCallerAddress(const address_fun_t &fun, dword_t funcAddr, dword_t lowerBound, dword_t upperBound, dword_t callerSearchSize = MaximumFunctionSize, dword_t offset = MemoryPaddingOffset); + +bool iterFindBytes(const address_fun_t &fun, const void *pattern, dword_t patternSize, dword_t lowerBound, dword_t upperBound); +bool iterMatchBytes(const address_fun_t &fun, const void *pattern, dword_t patternSize, dword_t lowerBound, dword_t upperBound); +#endif // MEMDBG_NO_STL + +/** + * Return the absolute address of the far caller function + * The same as ITH FindCallAndEntryAbs(). + * + * @param funcAddr callee function address + * @param funcInst the machine code where the caller function starts + * @param lowerBound the lower memory address to search + * @param upperBound the upper memory address to search + * @param* callerSearchSize the maximum size of caller + * @return the caller absolute address if succeed or 0 if fail + * + * Example funcInst: + * 0x55: push ebp + * 0x81,0xec: sub esp XXOO (0xec81) + * 0x83,0xec: sub esp XXOO (0xec83) + */ +uintptr_t findCallerAddress(uintptr_t funcAddr, dword_t funcInst, uintptr_t lowerBound, uintptr_t upperBound, uintptr_t callerSearchSize = MaximumFunctionSize, uintptr_t offset = MemoryPaddingOffset); +dword_t findCallerAddressAfterInt3(dword_t funcAddr, dword_t lowerBound, dword_t upperBound, dword_t callerSearchSize = MaximumFunctionSize, dword_t offset = MemoryPaddingOffset); +dword_t findLastCallerAddress(dword_t funcAddr, dword_t funcInst, dword_t lowerBound, dword_t upperBound, dword_t callerSearchSize = MaximumFunctionSize, dword_t offset = MemoryPaddingOffset); +dword_t findLastCallerAddressAfterInt3(dword_t funcAddr, dword_t lowerBound, dword_t upperBound, dword_t callerSearchSize = MaximumFunctionSize, dword_t offset = MemoryPaddingOffset); + +dword_t findMultiCallerAddress(dword_t funcAddr, const dword_t funcInsts[], dword_t funcInstCount, dword_t lowerBound, dword_t upperBound, dword_t callerSearchSize = MaximumFunctionSize, dword_t offset = MemoryPaddingOffset); + +dword_t findAlignedNearCallerAddress(dword_t funcAddr, dword_t lowerBound, dword_t upperBound, dword_t callerSearchSize = MaximumFunctionSize, dword_t offset = MemoryPaddingOffset); +dword_t findLastAlignedNearCallerAddress(dword_t funcAddr, dword_t lowerBound, dword_t upperBound, dword_t callerSearchSize = MaximumFunctionSize, dword_t offset = MemoryPaddingOffset); + +/** + * Return the absolute address of the long jump (not short jump) instruction address. + * The same as ITH FindCallOrJmpAbs(false). + * + * @param funcAddr callee function address + * @param lowerBound the lower memory address to search + * @param upperBound the upper memory address to search + * @param* offset the relative address to search from the lowerBound + * @param* range the relative size to search, use lowerBound - upperBound when zero + * @return the call instruction address if succeed or 0 if fail + */ +dword_t findLongJumpAddress(dword_t funcAddr, dword_t lowerBound, dword_t upperBound, dword_t offset = MemoryPaddingOffset, dword_t range = 0); +dword_t findShortJumpAddress(dword_t funcAddr, dword_t lowerBound, dword_t upperBound, dword_t offset = MemoryPaddingOffset, dword_t range = 0); +dword_t findLastLongJumpAddress(dword_t funcAddr, dword_t lowerBound, dword_t upperBound, dword_t offset = MemoryPaddingOffset, dword_t range = 0); +dword_t findLastShortJumpAddress(dword_t funcAddr, dword_t lowerBound, dword_t upperBound, dword_t offset = MemoryPaddingOffset, dword_t range = 0); + +/** + * Return the absolute address of the far call (inter-module) instruction address. + * The same as ITH FindCallOrJmpAbs(true). + * + * @param funcAddr callee function address + * @param lowerBound the lower memory address to search + * @param upperBound the upper memory address to search + * @param* offset the relative address to search from the lowerBound + * @param* range the relative size to search, use lowerBound - upperBound when zero + * @return the call instruction address if succeed or 0 if fail + */ +dword_t findFarCallAddress(dword_t funcAddr, dword_t lowerBound, dword_t upperBound, dword_t offset = MemoryPaddingOffset, dword_t range = 0); +dword_t findLastFarCallAddress(dword_t funcAddr, dword_t lowerBound, dword_t upperBound, dword_t offset = MemoryPaddingOffset, dword_t range = 0); + +/// Near call (intra-module) +dword_t findNearCallAddress(dword_t funcAddr, dword_t lowerBound, dword_t upperBound, dword_t offset = MemoryPaddingOffset, dword_t range = 0); +dword_t findLastNearCallAddress(dword_t funcAddr, dword_t lowerBound, dword_t upperBound, dword_t offset = MemoryPaddingOffset, dword_t range = 0); + +/// Default to far call, for backward compatibility +inline dword_t findCallAddress(dword_t funcAddr, dword_t lowerBound, dword_t upperBound, dword_t offset = MemoryPaddingOffset, dword_t range = 0) +{ return findFarCallAddress(funcAddr, lowerBound, upperBound, offset, range); } +inline dword_t findLastCallAddress(dword_t funcAddr, dword_t lowerBound, dword_t upperBound, dword_t offset = MemoryPaddingOffset, dword_t range = 0) +{ return findLastFarCallAddress(funcAddr, lowerBound, upperBound, offset, range); } + +/// Default to long jump, for backward compatibility +inline dword_t findJumpAddress(dword_t funcAddr, dword_t lowerBound, dword_t upperBound, dword_t offset = MemoryPaddingOffset, dword_t range = 0) +{ return findLongJumpAddress(funcAddr, lowerBound, upperBound, offset, range); } +inline dword_t findLastJumpAddress(dword_t funcAddr, dword_t lowerBound, dword_t upperBound, dword_t offset = MemoryPaddingOffset, dword_t range = 0) +{ return findLastLongJumpAddress(funcAddr, lowerBound, upperBound, offset, range); } + +/// Push value >= 0xff +dword_t findPushDwordAddress(dword_t value, dword_t lowerBound, dword_t upperBound); + +/// Push value <= 0xff +dword_t findPushByteAddress(byte_t value, dword_t lowerBound, dword_t upperBound); + +/// Default to push DWORD +inline dword_t findPushAddress(dword_t value, dword_t lowerBound, dword_t upperBound) +{ return findPushDwordAddress(value, lowerBound, upperBound); } + +uint64_t findleaaddr(uint64_t addr,uint64_t start,uint64_t end); +std::vector findleaaddr_all(uint64_t addr,uint64_t start,uint64_t end); +/** + * Return the enclosing function address outside the given address. + * The same as ITH FindEntryAligned(). + * "Aligned" here means the function must be after in3 (0xcc) or nop (0x90). + * + * If the function does NOT exist, this function might raise without admin privilege. + * It is safer to wrap this function within SEH. + * + * @param addr address within th function + * @param searchSize max backward search size + * @return beginning address of the function + * @exception illegal memory access + */ +uintptr_t findEnclosingAlignedFunction(uintptr_t addr, uintptr_t searchSize = MaximumFunctionSize); +uintptr_t findEnclosingAlignedFunction_strict(uintptr_t addr, uintptr_t searchSize = MaximumFunctionSize); +dword_t findEnclosingFunctionBeforeDword(dword_t sig, dword_t addr, dword_t searchSize = MaximumFunctionSize, dword_t step = MemoryAlignedStep); +dword_t findEnclosingFunctionAfterDword(dword_t sig, dword_t addr, dword_t searchSize = MaximumFunctionSize, dword_t step = MemoryAlignedStep); +dword_t findEnclosingFunctionAfterInt3(dword_t addr, dword_t searchSize = MaximumFunctionSize, dword_t step = MemoryAlignedStep); +dword_t findEnclosingFunctionAfterNop(dword_t addr, dword_t searchSize = MaximumFunctionSize, dword_t step = MemoryAlignedStep); + +/** + * Return the address of the first matched pattern. + * Return 0 if failed. The return result is ambiguous if the pattern address is 0. + * This function simpily traverse all bytes in memory range and would raise + * if no access to the region. + * + * @param pattern array of bytes to match + * @param patternSize size of the pattern array + * @param lowerBound search start address + * @param upperBound search stop address + * @return absolute address + * @exception illegal memory access + */ +uintptr_t findBytes(const void *pattern, uintptr_t patternSize, uintptr_t lowerBound, uintptr_t upperBound); + +// User space: 0 - 2G (0 - 0x7ffeffff) +// Kernel space: 2G - 4G (0x80000000 - 0xffffffff) +// +// http://msdn.microsoft.com/en-us/library/windows/hardware/ff560042%28v=vs.85%29.aspx +// http://codesequoia.wordpress.com/2008/11/28/understand-process-address-space-usage/ +// http://stackoverflow.com/questions/17244912/open-process-with-debug-privileges-and-read-write-memory +enum MemoryRange : dword_t { + UserMemoryStartAddress = 0, UserMemoryStopAddress = 0x7ffeffff + , KernelMemoryStartAddress = 0x80000000, KernelMemoryStopAddress = 0xffffffff + , MappedMemoryStartAddress = 0x01000000 + + , MemoryStartAddress = UserMemoryStartAddress, MemoryStopAddress = UserMemoryStopAddress +}; + +#if 0 // not used +/** + * Traverse memory continues pages and return the address of the first matched pattern. + * + * @param pattern array of bytes to match + * @param patternSize size of the pattern array + * @param lowerBound search start address + * @param upperBound search stop address + * @param* search search all pages (SearchAll) or stop on first illegal access (SearchFirst) + * @return absolute address + */ +enum SearchType : byte_t { SearchAll = 0 , SearchFirst }; + +dword_t findBytesInPages(const void *pattern, dword_t patternSize, + dword_t lowerBound = MemoryStartAddress, dword_t upperBound = MemoryStopAddress, + SearchType search = SearchAll); +dword_t matchBytesInPages(const void *pattern, dword_t patternSize, + dword_t lowerBound = MemoryStartAddress, dword_t upperBound = MemoryStopAddress, + byte_t wildcard = WidecardByte, SearchType search = SearchAll); + +#endif // 0 + +MEMDBG_END_NAMESPACE + +#endif // _MEMDBG_MEMSEARCH_H diff --git a/cpp/LunaHook/LunaHook/util/ntxpundef.h b/cpp/LunaHook/LunaHook/util/ntxpundef.h new file mode 100644 index 00000000..807e4fe9 --- /dev/null +++ b/cpp/LunaHook/LunaHook/util/ntxpundef.h @@ -0,0 +1,19 @@ +#if (_WIN32_WINNT <= _WIN32_WINNT_WIN7) +typedef +__drv_sameIRQL +__drv_functionClass(EXCEPTION_ROUTINE) +EXCEPTION_DISPOSITION +NTAPI +EXCEPTION_ROUTINE( + __inout struct _EXCEPTION_RECORD* ExceptionRecord, + __in PVOID EstablisherFrame, + __inout struct _CONTEXT* ContextRecord, + __in PVOID DispatcherContext +); +typedef EXCEPTION_ROUTINE* PEXCEPTION_ROUTINE; +typedef struct _EXCEPTION_REGISTRATION_RECORD { + struct _EXCEPTION_REGISTRATION_RECORD* Next; + PEXCEPTION_ROUTINE Handler; +} EXCEPTION_REGISTRATION_RECORD; + +#endif // !EXCEPTION_REGISTRATION_RECORD \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/util/stringfilters.cpp b/cpp/LunaHook/LunaHook/util/stringfilters.cpp new file mode 100644 index 00000000..5293e9e1 --- /dev/null +++ b/cpp/LunaHook/LunaHook/util/stringfilters.cpp @@ -0,0 +1,184 @@ + +inline char* str_chr(char *s, char c, size_t n){return (char*)::memchr(s, c, n);} +inline wchar_t* str_chr(wchar_t *s, wchar_t c, size_t n){return cpp_wcsnchr(s, c, n);} + +inline char *str_npbrk(char *dest, const char *breakset, size_t n){return cpp_strnpbrk(dest, breakset, n);} +inline wchar_t *str_npbrk(wchar_t *dest, const wchar_t *breakset, size_t n){return cpp_wcsnpbrk(dest, breakset, n);} + +inline char *str_nstr(char *s, const char *r, size_t n){return cpp_strnstr(s,r,n);} +inline wchar_t *str_nstr(wchar_t *s, const wchar_t *r, size_t n){return cpp_wcsnstr(s,r,n);} + +template +inline void CharReplacer_impl(CharT *str, size_t *size, CharT fr, CharT to) +{ + size_t len = *size; + for (size_t i = 0; i < len; i++) + if (str[i] == fr) + str[i] = to; +} + +template +inline void CharFilter_impl(CharT *str, size_t *size, CharT ch) +{ + size_t len = *size/sizeof(CharT), + curlen; + for (CharT *cur = str_chr(str, ch, len); + (cur && --len && (curlen = len - (cur - str))); + cur = str_chr(cur, ch, curlen)) + ::memmove(cur, cur + 1, curlen*sizeof(CharT)); + *size = len*sizeof(CharT); +} + +template +inline void CharsFilter_impl(CharT *str, size_t *size, const CharT *chars){ + size_t len = *size/sizeof(CharT), + curlen; + for (CharT *cur = str_npbrk(str, chars, len); + (cur && --len && (curlen = len - (cur - str))); + cur = str_npbrk(cur, chars, curlen)) + ::memmove(cur, cur + 1, curlen*sizeof(CharT)); + *size = len*sizeof(CharT); +} + +template +inline void StringFilter_impl(CharT *str, size_t *size, const CharT *remove, size_t removelen){ + size_t len = *size/sizeof(CharT), + curlen; + for (CharT *cur = str_nstr(str, remove, len); + (cur && (len -= removelen) && (curlen = len - (cur - str))); + cur = str_nstr(cur, remove, curlen)) + ::memmove(cur, cur + removelen, curlen*sizeof(CharT)); + *size = len*sizeof(CharT); +} + +template +inline void StringFilterBetween_impl(CharT *str, size_t *size, const CharT *fr, size_t frlen, const CharT *to, size_t tolen) +{ + size_t len = *size / sizeof(CharT), + curlen; + for (CharT *cur = str_nstr(str, fr, len); + cur; + cur = str_nstr(cur, fr, curlen)) { + curlen = (len - frlen) - (cur - str); + auto end = str_nstr(cur + frlen, to, curlen); + if (!end) + break; + curlen = len - (end - str) - tolen; + ::memmove(cur, end + tolen, curlen*sizeof(CharT)); + len -= tolen + (end - cur); + } + *size = len * sizeof(CharT); +} + +template +inline void StringCharReplacer_impl(CharT *str, size_t *size, const CharT *src, size_t srclen, CharT ch) +{ + size_t len = *size / sizeof(CharT), + curlen; + for (CharT *cur = str_nstr(str, src, len); + cur && len; + cur = str_nstr(cur, src, curlen)) { + *cur++ = ch; + len -= srclen - 1; + curlen = len - (cur - str); + if (curlen == 0) + break; + ::memmove(cur, cur + srclen-1, sizeof(CharT) * curlen); + } + *size = len * sizeof(CharT); +} + +template +inline void StringReplacer_impl(CharT *str, size_t *size, const CharT *src, size_t srclen, const CharT *dst, size_t dstlen) +{ + size_t len = *size / sizeof(CharT), + curlen; + for (CharT *cur = str_nstr(str, src, len); + cur && len; + cur = str_nstr(cur, src, curlen)) { + ::memcpy(cur, dst, sizeof(CharT) * dstlen); + cur += dstlen; + len -= srclen - dstlen; + curlen = len - (cur - str); + if (curlen == 0) + break; + if (srclen > dstlen) + ::memmove(cur, cur + srclen - dstlen, sizeof(CharT) * curlen); + } + *size = len * sizeof(CharT); +} + +bool NewLineCharFilterA(LPVOID data, size_t *size, HookParam *) +{ + CharFilter(reinterpret_cast(data), reinterpret_cast(size), + '\n'); + return true; +} +bool NewLineCharFilterW(LPVOID data, size_t *size, HookParam *) +{ + CharFilter(reinterpret_cast(data), reinterpret_cast(size), + L'\n'); + return true; +} +bool NewLineStringFilterA(LPVOID data, size_t *size, HookParam *) +{ + StringFilter(reinterpret_cast(data), reinterpret_cast(size), + "\\n", 2); + return true; +} +bool NewLineStringFilterW(LPVOID data, size_t *size, HookParam *) +{ + StringFilter(reinterpret_cast(data), reinterpret_cast(size), + L"\\n", 2); + return true; +} +bool NewLineCharToSpaceFilterA(LPVOID data, size_t *size, HookParam *) +{ + CharReplacer(reinterpret_cast(data), reinterpret_cast(size), '\n', ' '); + return true; +} +bool NewLineCharToSpaceFilterW(LPVOID data, size_t *size, HookParam *) +{ + CharReplacer(reinterpret_cast(data), reinterpret_cast(size), L'\n', L' '); + return true; +} + +// Remove every characters <= 0x1f (i.e. before space ' ') except 0xa and 0xd. +bool IllegalCharsFilterA(LPVOID data, size_t *size, HookParam *) +{ + CharsFilter(reinterpret_cast(data), reinterpret_cast(size), + "\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0b\x0c\x0e\x0f\x10\x11\x12\x12\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f"); + return true; +} +bool IllegalCharsFilterW(LPVOID data, size_t *size, HookParam *) +{ + CharsFilter(reinterpret_cast(data), reinterpret_cast(size), + L"\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0b\x0c\x0e\x0f\x10\x11\x12\x12\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f"); + return true; +} +bool all_ascii_Filter(LPVOID data, size_t *size, HookParam *){ + return ! all_ascii((char*)data,*size); +} + + +void CharReplacer(char *str, size_t *size, char fr, char to){CharReplacer_impl(str,size,fr,to);} +void CharReplacer(wchar_t *str, size_t *size, wchar_t fr, wchar_t to){CharReplacer_impl(str,size,fr,to);} + +void CharFilter(char *str, size_t *size, char ch){CharFilter_impl(str,size,ch);} +void CharFilter(wchar_t *str, size_t *size, wchar_t ch){CharFilter_impl(str,size,ch);} + +void CharsFilter(char *str, size_t *size, const char *chars){CharsFilter_impl(str,size,chars);} +void CharsFilter(wchar_t *str, size_t *size, const wchar_t *chars){CharsFilter_impl(str,size,chars);} + +void StringFilter(char *str, size_t *size, const char *remove, size_t removelen){StringFilter_impl(str,size,remove,removelen);} +void StringFilter(wchar_t *str, size_t *size, const wchar_t *remove, size_t removelen){StringFilter_impl(str,size,remove,removelen);} + +void StringFilterBetween(char *str, size_t *size, const char *fr, size_t frlen, const char *to, size_t tolen){StringFilterBetween_impl(str,size,fr,frlen,to,tolen);} +void StringFilterBetween(wchar_t *str, size_t *size, const wchar_t *fr, size_t frlen, const wchar_t *to, size_t tolen) +{StringFilterBetween_impl(str,size,fr,frlen,to,tolen);} + +void StringCharReplacer(char *str, size_t *size, const char *src, size_t srclen, char ch){StringCharReplacer_impl(str,size,src,srclen,ch);} +void StringCharReplacer(wchar_t *str, size_t *size, const wchar_t *src, size_t srclen, wchar_t ch){StringCharReplacer_impl(str,size,src,srclen,ch);} + +void StringReplacer(char *str, size_t *size, const char *src, size_t srclen, const char *dst, size_t dstlen){StringReplacer_impl(str,size,src,srclen,dst,dstlen);} +void StringReplacer(wchar_t *str, size_t *size, const wchar_t *src, size_t srclen, const wchar_t *dst, size_t dstlen){StringReplacer_impl(str,size,src,srclen,dst,dstlen);} \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/util/stringfilters.h b/cpp/LunaHook/LunaHook/util/stringfilters.h new file mode 100644 index 00000000..8e916b67 --- /dev/null +++ b/cpp/LunaHook/LunaHook/util/stringfilters.h @@ -0,0 +1,33 @@ + +void CharReplacer(char *str, size_t *size, char fr, char to); +void CharReplacer(wchar_t *str, size_t *size, wchar_t fr, wchar_t to); + +void CharFilter(char *str, size_t *size, char ch); +void CharFilter(wchar_t *str, size_t *size, wchar_t ch); + +void CharsFilter(char *str, size_t *size, const char *chars); +void CharsFilter(wchar_t *str, size_t *size, const wchar_t *chars); + +void StringFilter(char *str, size_t *size, const char *remove, size_t removelen); +void StringFilter(wchar_t *str, size_t *size, const wchar_t *remove, size_t removelen); + +void StringFilterBetween(char *str, size_t *size, const char *fr, size_t frlen, const char *to, size_t tolen); +void StringFilterBetween(wchar_t *str, size_t *size, const wchar_t *fr, size_t frlen, const wchar_t *to, size_t tolen); + +void StringCharReplacer(char *str, size_t *size, const char *src, size_t srclen, char ch); +void StringCharReplacer(wchar_t *str, size_t *size, const wchar_t *src, size_t srclen, wchar_t ch); + +void StringReplacer(char *str, size_t *size, const char *src, size_t srclen, const char *dst, size_t dstlen); +void StringReplacer(wchar_t *str, size_t *size, const wchar_t *src, size_t srclen, const wchar_t *dst, size_t dstlen); + +bool NewLineCharFilterA(LPVOID data, size_t *size, HookParam *); +bool NewLineCharFilterW(LPVOID data, size_t *size, HookParam *); +bool NewLineStringFilterA(LPVOID data, size_t *size, HookParam *); +bool NewLineStringFilterW(LPVOID data, size_t *size, HookParam *); +bool NewLineCharToSpaceFilterA(LPVOID data, size_t *size, HookParam *); +bool NewLineCharToSpaceFilterW(LPVOID data, size_t *size, HookParam *); +bool IllegalCharsFilterA(LPVOID data, size_t *size, HookParam *); +bool IllegalCharsFilterW(LPVOID data, size_t *size, HookParam *); + +bool all_ascii_Filter(LPVOID data, size_t *size, HookParam *); + diff --git a/cpp/LunaHook/LunaHook/util/textunion.h b/cpp/LunaHook/LunaHook/util/textunion.h new file mode 100644 index 00000000..aa0efa59 --- /dev/null +++ b/cpp/LunaHook/LunaHook/util/textunion.h @@ -0,0 +1,63 @@ +#pragma once + +inline size_t str_len(const char *s) { return strlen(s); } +inline size_t str_len(const wchar_t *s) { return wcslen(s); } + +template +struct TextUnion +{ + enum + { + ShortTextCapacity = 0x10 / sizeof(CharT) + }; + + union + { + const CharT *text; // 0x0 + CharT chars[ShortTextCapacity]; + }; + size_t size, // 0x10 + capacity; + + bool isValid() const + { + if (size <= 0 || size > capacity) + return false; + const CharT *t = getText(); + return Engine::isAddressWritable(t, size) && str_len(t) == size; + } + + const CharT *getText() const + { + return capacity < ShortTextCapacity ? chars : text; + } + + void setText(const CharT *_text, size_t _size) + { + if (_size < ShortTextCapacity) + ::memcpy(chars, _text, (_size + 1) * sizeof(CharT)); + else + text = _text; + capacity = size = _size; + } + + void setLongText(const CharT *_text, size_t _size) + { + text = _text; + size = _size; + capacity = max(ShortTextCapacity, _size); + } + + void setText(const std::basic_string &text) + { + setText((const CharT *)text.c_str(), text.size()); + } + void setLongText(const std::basic_string &text) + { + setLongText((const CharT *)text.c_str(), text.size()); + } +}; + +using TextUnionA = TextUnion; +using TextUnionW = TextUnion; +// EOF diff --git a/cpp/LunaHook/LunaHook/util/util.cc b/cpp/LunaHook/LunaHook/util/util.cc new file mode 100644 index 00000000..2b5f274d --- /dev/null +++ b/cpp/LunaHook/LunaHook/util/util.cc @@ -0,0 +1,637 @@ + + +namespace { // unnamed + +// jichi 4/19/2014: Return the integer that can mask the signature +// Artikash 8/4/2018: change implementation +DWORD SigMask(DWORD sig) +{ + DWORD count = 0; + while (sig) + { + sig >>= 8; + ++count; + } + count -= 4; + count = -count; + return 0xffffffff >> (count << 3); +} + +uint64_t SafeSearchMemory(uint64_t startAddr, uint64_t endAddr, const BYTE* bytes, short length) +{ + __try + { + for (int i = 0; i < endAddr - startAddr - length; ++i) + for (int j = 0; j <= length; ++j) + if (j == length) return startAddr + i; // not sure about this algorithm... + else if (*((BYTE*)startAddr + i + j) != *(bytes + j) && *(bytes + j) != XX) break; + } + __except (EXCEPTION_EXECUTE_HANDLER) + { + ConsoleOutput("SearchMemory ERROR"); + } + return 0; +} + +} // namespace unnamed + +namespace Util +{ + +#ifndef _WIN64 +// jichi 8/24/2013: binary search? +DWORD GetCodeRange(DWORD hModule,DWORD *low, DWORD *high) +{ + IMAGE_DOS_HEADER *DosHdr; + IMAGE_NT_HEADERS *NtHdr; + DWORD dwReadAddr; + IMAGE_SECTION_HEADER *shdr; + DosHdr = (IMAGE_DOS_HEADER *)hModule; + if (IMAGE_DOS_SIGNATURE == DosHdr->e_magic) { + dwReadAddr = hModule + DosHdr->e_lfanew; + NtHdr = (IMAGE_NT_HEADERS *)dwReadAddr; + if (IMAGE_NT_SIGNATURE == NtHdr->Signature) { + shdr = (PIMAGE_SECTION_HEADER)((DWORD)(&NtHdr->OptionalHeader) + NtHdr->FileHeader.SizeOfOptionalHeader); + while ((shdr->Characteristics & IMAGE_SCN_CNT_CODE) == 0) + shdr++; + *low = hModule + shdr->VirtualAddress; + *high = *low + (shdr->Misc.VirtualSize & 0xfffff000) + 0x1000; + } + } + return 0; +} + +DWORD FindCallAndEntryBoth(DWORD fun, DWORD size, DWORD pt, DWORD sig) +{ + //WCHAR str[0x40]; + enum { reverse_length = 0x800 }; + DWORD t, l; + DWORD mask = SigMask(sig); + bool flag2; + for (DWORD i = 0x1000; i < size-4; i++) { + bool flag1 = false; + if (*(BYTE *)(pt + i) == 0xe8) { + flag1 = flag2 = true; + t = *(DWORD *)(pt + i + 1); + } else if (*(WORD *)(pt + i) == 0x15ff) { + flag1 = true; + flag2 = false; + t = *(DWORD *)(pt + i + 2); + } + if (flag1) { + if (flag2) { + flag1 = (pt + i + 5 + t == fun); + l = 5; + } else if (t >= pt && t <= pt + size - 4) { + flag1 = fun == *(DWORD *)t; + l = 6; + } else + flag1 = false; + if (flag1) + //swprintf(str,L"CALL addr: 0x%.8X",pt + i); + //OutputConsole(str); + for (DWORD j = i; j > i - reverse_length; j--) + if ((*(WORD *)(pt + j)) == (sig & mask)) //Fun entry 1. + //swprintf(str,L"Entry: 0x%.8X",pt + j); + //OutputConsole(str); + return pt + j; + else + i += l; + } + } + //OutputConsole(L"Find call and entry failed."); + return 0; +} + +DWORD FindCallOrJmpRel(DWORD fun, DWORD size, DWORD pt, bool jmp) +{ + BYTE sig = (jmp) ? 0xe9 : 0xe8; + for (DWORD i = 0x1000; i < size - 4; i++) + if (sig == *(BYTE *)(pt + i)) { + DWORD t = *(DWORD *)(pt + i + 1); + if(fun == pt + i + 5 + t) + //OutputDWORD(pt + i); + return pt + i; + else + i += 5; + } + return 0; +} + +DWORD FindCallOrJmpAbs(DWORD fun, DWORD size, DWORD pt, bool jmp) +{ + WORD sig = jmp ? 0x25ff : 0x15ff; + for (DWORD i = 0x1000; i < size - 4; i++) + if (sig == *(WORD *)(pt + i)) { + DWORD t = *(DWORD *)(pt + i + 2); + if (t > pt && t < pt + size) { + if (fun == *(DWORD *)t) + return pt + i; + else + i += 5; + } + } + return 0; +} + +DWORD FindCallBoth(DWORD fun, DWORD size, DWORD pt) +{ + for (DWORD i = 0x1000; i < size - 4; i++) { + if (*(BYTE *)(pt + i) == 0xe8) { + DWORD t = *(DWORD *)(pt + i + 1) + pt + i + 5; + if (t == fun) + return i; + } + if (*(WORD *)(pt + i) == 0x15ff) { + DWORD t = *(DWORD *)(pt + i + 2); + if (t >= pt && t <= pt + size - 4) { + if (*(DWORD *)t == fun) + return i; + else + i += 6; + } + } + } + return 0; +} + +DWORD FindCallAndEntryAbs(DWORD fun, DWORD size, DWORD pt, DWORD sig) +{ + //WCHAR str[0x40]; + enum { reverse_length = 0x800 }; + DWORD mask = SigMask(sig); + for (DWORD i = 0x1000; i < size - 4; i++) + if (*(WORD *)(pt + i) == 0x15ff) { + DWORD t = *(DWORD *)(pt + i + 2); + if (t >= pt && t <= pt + size - 4) { + if (*(DWORD *)t == fun) + //swprintf(str,L"CALL addr: 0x%.8X",pt + i); + //OutputConsole(str); + for (DWORD j = i ; j > i - reverse_length; j--) + if ((*(DWORD *)(pt + j) & mask) == sig) // Fun entry 1. + //swprintf(str,L"Entry: 0x%.8X",pt + j); + //OutputConsole(str); + return pt + j; + + } else + i += 6; + } + //OutputConsole(L"Find call and entry failed."); + return 0; +} + +DWORD FindCallAndEntryRel(DWORD fun, DWORD size, DWORD pt, DWORD sig) +{ + //WCHAR str[0x40]; + enum { reverse_length = 0x800 }; + if (DWORD i = FindCallOrJmpRel(fun, size, pt, false)) { + DWORD mask = SigMask(sig); + for (DWORD j = i; j > i - reverse_length; j--) + if (((*(DWORD *)j) & mask) == sig) //Fun entry 1. + //swprintf(str,L"Entry: 0x%.8X",j); + //OutputConsole(str); + return j; + //OutputConsole(L"Find call and entry failed."); + } + return 0; +} + +DWORD FindImportEntry(DWORD hModule, DWORD fun) +{ + IMAGE_DOS_HEADER *DosHdr; + IMAGE_NT_HEADERS *NtHdr; + DWORD IAT, end, pt, addr; + DosHdr = (IMAGE_DOS_HEADER *)hModule; + if (IMAGE_DOS_SIGNATURE == DosHdr->e_magic) { + NtHdr = (IMAGE_NT_HEADERS *)(hModule + DosHdr->e_lfanew); + if (IMAGE_NT_SIGNATURE == NtHdr->Signature) { + IAT = NtHdr->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_IAT].VirtualAddress; + end = NtHdr->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_IAT].Size; + IAT += hModule; + end += IAT; + for (pt = IAT; pt < end; pt += 4) { + addr = *(DWORD *)pt; + if (addr == fun) + return pt; + } + } + } + return 0; +} +#endif + +bool CheckFile(LPCWSTR name) +{ + return CheckFile_exits(name,false); +} +bool CheckFile_exits(LPCWSTR name,bool if_exits_also_ok) +{ + WIN32_FIND_DATAW unused; + HANDLE file = FindFirstFileW(name, &unused); + if ((file != INVALID_HANDLE_VALUE)||(if_exits_also_ok &&PathFileExists(name))) + { + FindClose(file); + return true; + } + wchar_t path[MAX_PATH * 2]; + wchar_t* end = path + GetModuleFileNameW(nullptr, path, MAX_PATH); + while (*(--end) != L'\\'); + wcscpy_s(end + 1, MAX_PATH, name); + file = FindFirstFileW(path, &unused); + if ((file != INVALID_HANDLE_VALUE)||(if_exits_also_ok &&PathFileExists(path))) + { + FindClose(file); + return true; + } + return false; +} + +// Search string in rsrc section. This section usually contains version and copyright info. +bool SearchResourceString(LPCWSTR str) +{ + uintptr_t hModule = (uintptr_t)GetModuleHandleW(nullptr); + IMAGE_DOS_HEADER *DosHdr; + IMAGE_NT_HEADERS *NtHdr; + DosHdr = (IMAGE_DOS_HEADER *)hModule; + uintptr_t rsrc, size; + if (IMAGE_DOS_SIGNATURE == DosHdr->e_magic) { + NtHdr = (IMAGE_NT_HEADERS *)(hModule + DosHdr->e_lfanew); + if (IMAGE_NT_SIGNATURE == NtHdr->Signature) { + rsrc = NtHdr->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_RESOURCE].VirtualAddress; + if (rsrc) { + rsrc += hModule; + if (IthGetMemoryRange((LPVOID)rsrc, &rsrc ,&size) && + SearchPattern(rsrc, size - 4, str, wcslen(str) << 1)) + return true; + } + } + } + return false; +} + +std::pair QueryModuleLimits(HMODULE module,uintptr_t addition,DWORD protect) +{ + uintptr_t moduleStartAddress = (uintptr_t)module + addition; + uintptr_t moduleStopAddress = moduleStartAddress; + MEMORY_BASIC_INFORMATION info; + do + { + VirtualQuery((void*)moduleStopAddress, &info, sizeof(info)); + moduleStopAddress = (uintptr_t)info.BaseAddress + info.RegionSize; + } while (info.Protect>=protect); + moduleStopAddress -= info.RegionSize; + return { moduleStartAddress, moduleStopAddress }; +} + +std::vector SearchMemory(const void* bytes, short length, DWORD protect, uintptr_t minAddr, uintptr_t maxAddr) +{ + SYSTEM_INFO systemInfo; + GetNativeSystemInfo(&systemInfo); + std::vector> validMemory; + for (BYTE* probe = NULL; probe < systemInfo.lpMaximumApplicationAddress;) + { + MEMORY_BASIC_INFORMATION info = {}; + if (!VirtualQuery(probe, &info, sizeof(info))) + { + probe += systemInfo.dwPageSize; + continue; + } + else + { + if ((uintptr_t)info.BaseAddress + info.RegionSize >= minAddr && info.Protect >= protect && !(info.Protect & PAGE_GUARD)) + validMemory.push_back({ (uintptr_t)info.BaseAddress, info.RegionSize }); + probe += info.RegionSize; + } + } + + std::vector ret; + for (auto memory : validMemory) + for (uintptr_t addr = max(memory.first, minAddr); true;) + if (addr < maxAddr && (addr = SafeSearchMemory(addr, memory.first + memory.second, (const BYTE*)bytes, length))) + ret.push_back(addr++); + else break; + + return ret; +} + +uintptr_t FindFunction(const char* function) +{ + static HMODULE modules[300] = {}; + static auto _ = EnumProcessModules(GetCurrentProcess(), modules, sizeof(modules), DUMMY); + for (auto module : modules) if (auto addr = GetProcAddress(module, function)) return (uintptr_t)addr; + return 0; +} + +} + +uintptr_t SafeFindEnclosingAlignedFunction(uintptr_t addr, uintptr_t range) +{ + uintptr_t r = 0; + __try{ + r = MemDbg::findEnclosingAlignedFunction(addr, range); // this function might raise if failed + }__except(EXCEPTION_EXECUTE_HANDLER) {} + return r; +} + +uintptr_t SafeFindBytes(LPCVOID pattern, size_t patternSize, uintptr_t lowerBound, uintptr_t upperBound) +{ + ULONG r = 0; + __try{ + r = MemDbg::findBytes(pattern, patternSize, lowerBound, upperBound); + }__except(EXCEPTION_EXECUTE_HANDLER) {} + return r; +} +#ifndef _WIN64 + +// jichi 7/17/2014: Search mapped memory for emulators +ULONG _SafeMatchBytesInMappedMemory(LPCVOID pattern, DWORD patternSize, BYTE wildcard, + ULONG start, ULONG stop, ULONG step) +{ + for (ULONG i = start; i < stop; i += step) // + patternSize to avoid overlap + if (ULONG r = SafeFindBytes(pattern, patternSize, i, i + step + patternSize + 1)) + return r; + return 0; +} +ULONG SafeMatchBytesInGCMemory(LPCVOID pattern, DWORD patternSize) +{ + enum : ULONG { + start = MemDbg::MappedMemoryStartAddress // 0x01000000 + , stop = MemDbg::MemoryStopAddress // 0x7ffeffff + , step = start + }; + return _SafeMatchBytesInMappedMemory(pattern, patternSize, XX, start, stop, step); +} +#endif + + +#ifndef _WIN64 + +std::vector findrelativecall(const BYTE* pattern ,int length,DWORD calladdress,DWORD start, DWORD end) +{ + std::vector save; + for (; start < end;start+=1 ) { + DWORD addr=MemDbg::findBytes(pattern, length, start, end); + start = addr; + if (!addr)return save; + + BYTE callop = 0xE8; + + union little { + DWORD _dw; + BYTE _bytes[4]; + }relative; + relative._dw = (calladdress - addr -length- 5); + DWORD calladdr = addr + length; + if (*((BYTE*)calladdr) == callop) { + + calladdr += 1; + BYTE* _b = (BYTE*)calladdr; + BYTE* _a = relative._bytes; + /*ConsoleOutput("%p", addr); + ConsoleOutput("%p %x", calladdress, relative._dw); + ConsoleOutput("%02x%02x%02x%02x %02x%02x%02x%02x", _a[0], _a[1], _a[2], _a[3], _b[0], _b[1], _b[2], _b[3]);*/ + if ((_a[0] == _b[0]) && (_a[1] == _b[1]) && (_a[2] == _b[2]) && (_a[3] == _b[3])) { + save.push_back(start); + } + } + } + return save; +} +std::vector findxref_reverse_checkcallop(DWORD addr, DWORD from, DWORD to,BYTE op) { + //op可以为E8 call E9 jump + //上面的版本其实就应该checkcallop的,之前忘了,但不敢乱改破坏之前的了,不然还要重新测试。 + std::vector res; + if (addr == 0)return res; + DWORD now = to; + while (now > from) { + DWORD calladdr = now - 5; + if(IsBadReadPtr((LPVOID)(calladdr + 1),4)==0){ + DWORD relative = *(DWORD*)(calladdr + 1); + if (now + relative == addr) { + if(*(BYTE*)calladdr==op) + res.push_back(calladdr); + } + } + + now -= 1; + } + return res; +} +uintptr_t finddllfunctioncall(uintptr_t funcptr,uintptr_t start, uintptr_t end,WORD sig,bool reverse){ + auto entry=Util::FindImportEntry(start,funcptr); + if(entry==0)return 0; + BYTE bytes[]={0xFF,0x15,XX4}; + memcpy(bytes+2,&entry,4); + memcpy(bytes,&sig,2); + if(reverse) + return reverseFindBytes(bytes,sizeof(bytes),start,end); + else + return MemDbg::findBytes(bytes,sizeof(bytes),start,end); +} +uintptr_t findfuncstart(uintptr_t start,uintptr_t range,bool checkalign){ + const BYTE funcstart[] = { + 0x55,0x8b,0xec + }; + if(checkalign){ + start &= ~0xf; + for (uintptr_t i = start, j = start - range; i >= j; i-=0x10) { + if(memcmp((void*)i,funcstart,3)==0)return i; + } + return 0; + } + else{ + return reverseFindBytes(funcstart, sizeof(funcstart), start-range, start); + } +} +#define buildbytes(ret) auto entry=Util::FindImportEntry(hmodule,addr); \ + if(entry==0)return ret;\ + BYTE bytes[]={XX,XX,XX4};\ + if(movreg){\ + bytes[0]=0x8b,bytes[1]=movreg;\ + }\ + else{\ + bytes[0]=0xff;bytes[1]=0x15;\ + }\ + memcpy(bytes+2,&entry,4); +uintptr_t findiatcallormov(uintptr_t addr,DWORD hmodule, uintptr_t start, uintptr_t end,bool reverse,BYTE movreg){ + buildbytes(0) + if(reverse) + return reverseFindBytes(bytes, sizeof(bytes), start, end); + else + return MemDbg::findBytes(bytes, sizeof(bytes), start, end); +} + +std::vector findiatcallormov_all(uintptr_t addr, DWORD hmodule,uintptr_t start, uintptr_t end,DWORD protect,BYTE movreg){ + buildbytes({}) + return Util::SearchMemory(bytes, sizeof(bytes), protect, start, end); +} +#endif + + +uintptr_t reverseFindBytes(const BYTE* pattern, int length, uintptr_t start, uintptr_t end,int offset,bool checkalign) { + for (end -= length; end >= start; end -= 1) { + bool success=true; + for(int i=0;i findxref_reverse(uintptr_t addr, uintptr_t from, uintptr_t to) { + std::vector res; + if (addr == 0)return res; + uintptr_t now = to; + while (now > from) { + uintptr_t calladdr = now - 5; + uintptr_t relative = *(int*)(calladdr + 1); + if (now + relative == addr) { + res.push_back(calladdr); + } + now -= 1; + } + return res; +} +int hexCharToValue(char c) { + if (c >= '0' && c <= '9') { + return c - '0'; + } else if (c >= 'A' && c <= 'F') { + return c - 'A' + 10; + } else if (c >= 'a' && c <= 'f') { + return c - 'a' + 10; + } else if(c=='?'){ + return -1; + } + else{ + return -2; + } +} +uintptr_t find_pattern(const char* pattern,uintptr_t start,uintptr_t end){ + std::vector check; + bool ignore=false; + for(int i=0;i_type,_pattern; + for(int j=0;j* windowList = reinterpret_cast*>(lParam); + DWORD processId; + GetWindowThreadProcessId(hwnd, &processId); + if (processId == GetCurrentProcessId()) { + auto length=GetWindowTextLengthW(hwnd); + auto title=std::vector(length+1); + GetWindowTextW(hwnd, title.data(), title.size()); + + WindowInfo windowInfo; + windowInfo.handle = hwnd; + windowInfo.title = title.data(); + + windowList->push_back(windowInfo); + } + return TRUE; +} +std::vectorget_proc_windows(){ + std::vector windows; + EnumWindows(EnumWindowsProc, reinterpret_cast(&windows)); + return windows; +} diff --git a/cpp/LunaHook/LunaHook/util/util.h b/cpp/LunaHook/LunaHook/util/util.h new file mode 100644 index 00000000..8398eca5 --- /dev/null +++ b/cpp/LunaHook/LunaHook/util/util.h @@ -0,0 +1,119 @@ +#pragma once + +// util.h +// 8/23/2013 jichi + +#define XX2 XX, XX // WORD +#define XX4 XX2, XX2 // DWORD +#define XX8 XX4, XX4 // QWORD +enum : DWORD +{ + X64_MAX_REL_ADDR = 0x00300000 +}; +enum : DWORD +{ + MAX_REL_ADDR = 0x00300000 +}; + +namespace +{ + static union + { + char text_buffer[0x1000]; + wchar_t wc_buffer[0x800]; + }; + DWORD buffer_index, + buffer_length; +} + +namespace Util +{ + +#ifndef _WIN64 + DWORD GetCodeRange(DWORD hModule, DWORD *low, DWORD *high); + DWORD FindCallAndEntryBoth(DWORD fun, DWORD size, DWORD pt, DWORD sig); + DWORD FindCallOrJmpRel(DWORD fun, DWORD size, DWORD pt, bool jmp); + DWORD FindCallOrJmpAbs(DWORD fun, DWORD size, DWORD pt, bool jmp); + DWORD FindCallBoth(DWORD fun, DWORD size, DWORD pt); + DWORD FindCallAndEntryAbs(DWORD fun, DWORD size, DWORD pt, DWORD sig); + DWORD FindCallAndEntryRel(DWORD fun, DWORD size, DWORD pt, DWORD sig); + DWORD FindImportEntry(DWORD hModule, DWORD fun); +#endif + + bool CheckFile_exits(LPCWSTR name, bool if_exits_also_ok); + bool CheckFile(LPCWSTR name); + + bool SearchResourceString(LPCWSTR str); + + std::pair QueryModuleLimits(HMODULE module, uintptr_t addition = 0x1000, DWORD protect = PAGE_EXECUTE); + std::vector SearchMemory(const void *bytes, short length, DWORD protect = PAGE_EXECUTE, uintptr_t minAddr = 0, uintptr_t maxAddr = -1ULL); + uintptr_t FindFunction(const char *function); + +} // namespace Util + +uintptr_t SafeFindEnclosingAlignedFunction(uintptr_t addr, uintptr_t range); +uintptr_t SafeFindBytes(LPCVOID pattern, size_t patternSize, uintptr_t lowerBound, uintptr_t upperBound); +#ifndef _WIN64 + +ULONG _SafeMatchBytesInMappedMemory(LPCVOID pattern, DWORD patternSize, BYTE wildcard, + ULONG start, ULONG stop, ULONG step); +ULONG SafeMatchBytesInGCMemory(LPCVOID pattern, DWORD patternSize); + +std::vector findrelativecall(const BYTE *pattern, int length, DWORD calladdress, DWORD start, DWORD end); +std::vector findxref_reverse_checkcallop(DWORD addr, DWORD from, DWORD to, BYTE op); +uintptr_t finddllfunctioncall(uintptr_t funcptr, uintptr_t start, uintptr_t end, WORD sig = 0x15ff, bool reverse = false); +uintptr_t findfuncstart(uintptr_t addr, uintptr_t range = 0x100, bool checkalign = false); +uintptr_t findiatcallormov(uintptr_t addr, DWORD hmodule, uintptr_t start, uintptr_t end, bool reverse = false, BYTE movreg = 0); +std::vector findiatcallormov_all(uintptr_t addr, DWORD hmodule, uintptr_t start, uintptr_t end, DWORD protect, BYTE movreg = 0); + +#endif + +uintptr_t find_pattern(const char *pattern, uintptr_t start, uintptr_t end); +uintptr_t reverseFindBytes(const BYTE *pattern, int length, uintptr_t start, uintptr_t end, int offset = 0, bool checkalign = false); + +std::vector findxref_reverse(uintptr_t addr, uintptr_t from, uintptr_t to); + +namespace Engine +{ + bool isAddressReadable(const uintptr_t *p); + bool isAddressReadable(const char *p, size_t count = 1); + bool isAddressReadable(const wchar_t *p, size_t count = 1); + bool isAddressWritable(const uintptr_t *p); + bool isAddressWritable(const char *p, size_t count = 1); + bool isAddressWritable(const wchar_t *p, size_t count = 1); + inline bool isAddressReadable(const void *addr) { return isAddressReadable((const uintptr_t *)addr); } + inline bool isAddressReadable(uintptr_t addr) { return isAddressReadable((const void *)addr); } + inline bool isAddressWritable(const void *addr) { return isAddressWritable((const uintptr_t *)addr); } + inline bool isAddressWritable(uintptr_t addr) { return isAddressWritable((const void *)addr); } +} + +struct WindowInfo +{ + HWND handle; + std::wstring title; +}; +std::vector get_proc_windows(); + +template +bool write_string_overwrite(void *data, size_t *len, const std::basic_string &s) +{ + size_t t = s.size(); + strcpyEx((CharT *)data, s.data()); + *len = t * sizeof(CharT); + return t; +} + +template +auto allocateString(const StringT &s) -> typename StringT::value_type * +{ + size_t t = s.size(); + typename StringT::value_type *_data = new typename StringT::value_type[t + 1]; + strcpyEx(_data, s.data()); + return _data; +} + +template +size_t strSize(const StringT &s) +{ + return s.size() * sizeof(StringT::value_type); +} \ No newline at end of file diff --git a/cpp/LunaHook/LunaHook/veh_hook.cpp b/cpp/LunaHook/LunaHook/veh_hook.cpp new file mode 100644 index 00000000..42a6ba0d --- /dev/null +++ b/cpp/LunaHook/LunaHook/veh_hook.cpp @@ -0,0 +1,201 @@ +/** +veh_hook Vectored Exception Handler hooking library +Version: 24-March-2008 +**/ +// #define WINVER 0x0501 +// #define _WIN32_WINNT 0x0501 +#include +#include "veh_hook.h" +#include +static veh_list_t *list = NULL; +char int3bp[] = "\xCC"; +std::mutex vehlistlock; +bool add_veh_hook(void *origFunc, newFuncType newFunc, DWORD hook_type) +{ + std::lock_guard _(vehlistlock); + // static veh_list_t* list = NULL; + DWORD oldProtect; + if (list == NULL) + list = new_veh_list(); + if (list == NULL) + return false; + if (get_veh_node(list, origFunc)) + return false; + void *handle = AddVectoredExceptionHandler(1, (PVECTORED_EXCEPTION_HANDLER)veh_dispatch); + auto newnode = create_veh_node(origFunc, newFunc, handle, hook_type); + if (newnode == NULL) + return false; + // For memory hooks especially, we need to know the address of the start of the relevant page. + MEMORY_BASIC_INFORMATION mem_info; + VirtualQuery(origFunc, &mem_info, sizeof(MEMORY_BASIC_INFORMATION)); + newnode->baseAddr = mem_info.BaseAddress; + if (!VirtualProtect(origFunc, sizeof(int), PAGE_EXECUTE_READWRITE, &newnode->OldProtect)) + { + delete newnode; + return false; + } + memcpy((void *)(&newnode->origBaseByte), (const void *)origFunc, sizeof(BYTE)); + memcpy((void *)origFunc, (const void *)&int3bp, sizeof(BYTE)); + VirtualProtect(origFunc, sizeof(int), newnode->OldProtect, &oldProtect); + insert_veh_node(list, newnode); + return true; +} +void repair_origin(veh_node_t *node) +{ + DWORD _p; + if (!VirtualProtect(node->origFunc, sizeof(int), PAGE_EXECUTE_READWRITE, &_p)) + return; + memcpy((void *)node->origFunc, (const void *)(&node->origBaseByte), sizeof(char)); + VirtualProtect(node->origFunc, sizeof(int), node->OldProtect, &_p); +} +bool remove_veh_hook(void *origFunc) +{ + std::lock_guard _(vehlistlock); + if (list == NULL) + return false; + veh_node_t *node = get_veh_node(list, origFunc); + if (node == NULL) + return false; + repair_origin(node); + RemoveVectoredExceptionHandler(node->handle); + return remove_veh_node(list, origFunc), true; +} + +void remove_veh_node(veh_list_t *list, void *origFunc) +{ + veh_node_t *searchnode = list->head; + + while (searchnode != NULL) + { + if (searchnode->origFunc == origFunc) + { + if (list->tail == searchnode) + list->tail = searchnode->last; + if (list->head == searchnode) + list->head = searchnode->next; + if (searchnode->last) + searchnode->last->next = searchnode->next; + if (searchnode->next) + searchnode->next->last = searchnode->last; + + delete (searchnode); + return; + } + searchnode = searchnode->next; + } + return; +} +LONG CALLBACK veh_dispatch(PEXCEPTION_POINTERS ExceptionInfo) +{ + + DWORD oldProtect; + void *Addr = ExceptionInfo->ExceptionRecord->ExceptionAddress; + ULONG Code = ExceptionInfo->ExceptionRecord->ExceptionCode; + + if (Code != STATUS_BREAKPOINT && Code != STATUS_SINGLE_STEP) + return EXCEPTION_CONTINUE_SEARCH; + // Try to find the node associated with the address of the current exception, continue searching for handlers if not found; + + if (Code == STATUS_BREAKPOINT) //&& hooktype == VEH_HK_INT3) + { + veh_node_t *currnode; + { + std::lock_guard _(vehlistlock); + currnode = get_veh_node(list, Addr); + } + if (currnode == NULL) + return EXCEPTION_CONTINUE_SEARCH; + + if (currnode->newFunc(ExceptionInfo->ContextRecord)) + { + repair_origin(currnode); + ExceptionInfo->ContextRecord->EFlags |= 0x100; + } + else + { + remove_veh_hook(Addr); + } + } + else if (Code == STATUS_SINGLE_STEP) //&& hooktype == VEH_HK_INT3) + { + std::lock_guard _(vehlistlock); + veh_node_t *currnode = get_veh_node(list, Addr, 0x10); + if (currnode == NULL) + return EXCEPTION_CONTINUE_SEARCH; + + VirtualProtect(Addr, sizeof(int), PAGE_EXECUTE_READWRITE, &currnode->OldProtect); + memcpy((void *)currnode->origFunc, (const void *)&int3bp, sizeof(BYTE)); + VirtualProtect(Addr, sizeof(int), currnode->OldProtect, &oldProtect); + ExceptionInfo->ContextRecord->EFlags &= ~0x00000100; // Remove TRACE from EFLAGS + } + // else if (Code == STATUS_SINGLE_STEP && hooktype == VEH_HK_HW) + // { + // currnode->newFunc(ExceptionInfo->ContextRecord); + // } + // else if (Code == STATUS_SINGLE_STEP && hooktype == VEH_HK_MEM) + // { + + // currnode->newFunc(ExceptionInfo->ContextRecord); + // } + return EXCEPTION_CONTINUE_EXECUTION; +} + +veh_list_t *new_veh_list() +{ + veh_list_t *newlist = (veh_list_t *)malloc(sizeof(veh_list_t)); + if (newlist == NULL) + return NULL; + newlist->head = NULL; + newlist->tail = NULL; + return newlist; +} +veh_node_t *create_veh_node(void *origFunc, newFuncType newFunc, void *handle, DWORD hook_type) +{ + veh_node_t *newnode = new veh_node_t; + if (newnode == NULL) + return NULL; + newnode->last = NULL; + newnode->origFunc = origFunc; + newnode->newFunc = newFunc; + newnode->handle = handle; + newnode->OldProtect = PAGE_EXECUTE_READWRITE; + newnode->next = NULL; + newnode->hooktype = hook_type; + return newnode; +} +void insert_veh_node(veh_list_t *list, veh_node_t *newnode) +{ + if (list == NULL) + return; + if (list->head == NULL) + { + list->head = newnode; + list->tail = newnode; + } + else + { + list->tail->next = newnode; + newnode->last = list->tail; + list->tail = newnode; + } +} +veh_node_t *get_veh_node(veh_list_t *list, void *origFunc, int range) +{ + veh_node_t *newnode; + veh_node_t *closestnode = NULL; + if (list == NULL) + return NULL; + newnode = list->head; + while (newnode != NULL) + { + if (((uintptr_t)origFunc - (uintptr_t)newnode->origFunc) <= range) + { + closestnode = newnode; + if (range == 0) + break; + range = ((uintptr_t)origFunc - (uintptr_t)newnode->origFunc); + } + newnode = newnode->next; + } + return closestnode; +} diff --git a/cpp/LunaHook/LunaHook/veh_hook.h b/cpp/LunaHook/LunaHook/veh_hook.h new file mode 100644 index 00000000..2ff9cedf --- /dev/null +++ b/cpp/LunaHook/LunaHook/veh_hook.h @@ -0,0 +1,58 @@ +/** +veh_hook Vectored Exception Handler hooking library +Version: 24-March-2008 +**/ + +#ifndef LIST_T_H_INCLUDED +#define LIST_T_H_INCLUDED +#include +#include +#include +#include +// VEH Hooking types +#define VEH_HK_INT3 0 +#define VEH_HK_MEM 1 +#define VEH_HK_HW 2 +// - + +#define OPCODE_INT3 "\xCC" + +// typedef void (*pfvoid)(); +// typedef void (*newFuncType)(PCONTEXT); +using newFuncType = std::function; + +typedef struct veh_node +{ + struct veh_node *last; + struct veh_node *next; + void *origFunc; + newFuncType newFunc; + void *handle; + DWORD hooktype; + void *baseAddr; // Address of the page in which origFunc resides. + BYTE origBaseByte; + DWORD OldProtect; +} veh_node_t; + +typedef struct +{ + veh_node_t *head; + veh_node_t *tail; +} veh_list_t; + +// VEH hook interface functions for creating and removing hooks. +bool add_veh_hook(void *origFunc, newFuncType newFunc, DWORD hook_type = VEH_HK_INT3); +bool remove_veh_hook(void *origFunc); + +// The VEH dispathing function is called by Windows every time an exception is encountered. +// the function dispatches calls to the correct inctercept function. +LONG CALLBACK veh_dispatch(PEXCEPTION_POINTERS ExceptionInfo); + +// Functions used internally by the library. +veh_list_t *new_veh_list(); +veh_node_t *create_veh_node(void *origFunc, newFuncType newFunc, void *handle, DWORD hook_type); +void insert_veh_node(veh_list_t *list, veh_node_t *); +void remove_veh_node(veh_list_t *list, void *origFunc); +veh_node_t *get_veh_node(veh_list_t *list, void *origFunc, int range = 0); + +#endif // LIST_T_H_INCLUDED diff --git a/cpp/LunaHook/LunaHost/CMakeLists.txt b/cpp/LunaHook/LunaHost/CMakeLists.txt new file mode 100644 index 00000000..bb27db80 --- /dev/null +++ b/cpp/LunaHook/LunaHost/CMakeLists.txt @@ -0,0 +1,35 @@ + +generate_product_version( + versioninfohost + NAME "LunaHost" + COMPANY_COPYRIGHT "HIllya51 (C) 2024" + ICON ${PATH_TO_APPLICATION_ICON} + VERSION_MAJOR ${VERSION_MAJOR} + VERSION_MINOR ${VERSION_MINOR} + VERSION_PATCH ${VERSION_PATCH} + VERSION_REVISION ${VERSION_REVISION} +) + +add_library(host + host.cpp + textthread.cpp +) +target_precompile_headers(host REUSE_FROM pch) +target_include_directories(host PUBLIC .) + + +add_library(LunaHostDll MODULE LunaHostDll.cpp ${versioninfohost}) +target_precompile_headers(LunaHostDll REUSE_FROM pch) +set_target_properties(LunaHostDll PROPERTIES OUTPUT_NAME "LunaHost${bitappendix}") +target_link_libraries(LunaHostDll pch host ${YY_Thunks_for_WinXP}) + +if(BUILD_CLI) +add_executable(LunaHostCLI LunaHostCLI.cpp ${versioninfohost}) +target_precompile_headers(LunaHostCLI REUSE_FROM pch) +set_target_properties(LunaHostCLI PROPERTIES OUTPUT_NAME "LunaHostCLI${bitappendix}") +target_link_libraries(LunaHostCLI pch host ${YY_Thunks_for_WinXP}) +endif() + +if(BUILD_GUI) +add_subdirectory(GUI) +endif() \ No newline at end of file diff --git a/cpp/LunaHook/LunaHost/GUI/CMakeLists.txt b/cpp/LunaHook/LunaHost/GUI/CMakeLists.txt new file mode 100644 index 00000000..6c9fae4e --- /dev/null +++ b/cpp/LunaHook/LunaHost/GUI/CMakeLists.txt @@ -0,0 +1,10 @@ + +add_executable(LunaHost WIN32 confighelper.cpp controls.cpp main.cpp processlistwindow.cpp LunaHost.cpp window.cpp luna.rc pluginmanager.cpp Plugin/extensionimpl.cpp Plugin/copyclipboard.cpp QtLoader_inline.cpp app.manifest ${versioninfohost}) +target_precompile_headers(LunaHost REUSE_FROM pch) +set_target_properties(LunaHost PROPERTIES OUTPUT_NAME "LunaHost${bitappendix}") +target_link_libraries(LunaHost comctl32 winhttp version pch host ${YY_Thunks_for_WinXP} nlohmann) + + +if(BUILD_PLUGIN) +add_subdirectory(Plugin) +endif() \ No newline at end of file diff --git a/cpp/LunaHook/LunaHost/GUI/LunaHost.cpp b/cpp/LunaHook/LunaHost/GUI/LunaHost.cpp new file mode 100644 index 00000000..6c70c82f --- /dev/null +++ b/cpp/LunaHook/LunaHost/GUI/LunaHost.cpp @@ -0,0 +1,932 @@ + +#include +#include +#include +#include +#include +#include "host.h" +#include "textthread.h" +#include "LunaHost.h" +#include "Lang/Lang.h" +#include "http.hpp" + +bool sendclipboarddata_i(const std::wstring &text, HWND hwnd) +{ + if (!OpenClipboard((HWND)hwnd)) + return false; + HGLOBAL hMem = GlobalAlloc(GMEM_MOVEABLE, (text.size() + 1) * sizeof(wchar_t)); + memcpy(GlobalLock(hMem), text.c_str(), (text.size() + 1) * sizeof(wchar_t)); + EmptyClipboard(); + SetClipboardData(CF_UNICODETEXT, hMem); + GlobalUnlock(hMem); + CloseClipboard(); + return true; +} +bool sendclipboarddata(const std::wstring &text, HWND hwnd) +{ + for (int loop = 0; loop < 10; loop++) + { + auto succ = sendclipboarddata_i(text, hwnd); + if (succ) + return true; + std::this_thread::sleep_for(std::chrono::milliseconds(50)); + } + return false; +} +void LunaHost::on_close() +{ + hasstoped = true; + savesettings(); + delete configs; + auto _attachedprocess = attachedprocess; + for (auto pid : _attachedprocess) + { + Host::DetachProcess(pid); + } + if (_attachedprocess.size()) + std::this_thread::sleep_for(std::chrono::milliseconds(100)); +} + +void LunaHost::savesettings() +{ + configs->set("ToClipboard", check_toclipboard); + configs->set("ToClipboardSelection", check_toclipboard_selection); + configs->set("AutoAttach", autoattach); + configs->set("AutoAttach_SavedOnly", autoattach_savedonly); + configs->set("flushDelay", TextThread::flushDelay); + configs->set("filterRepetition", TextThread::filterRepetition); + configs->set("maxBufferSize", TextThread::maxBufferSize); + configs->set("maxHistorySize", TextThread::maxHistorySize); + configs->set("defaultCodepage", Host::defaultCodepage); + configs->set("autoattachexes", autoattachexes); + configs->set("savedhookcontext", savedhookcontext); + configs->set("DefaultFont2", WideStringToString(uifont.fontfamily)); + configs->set("fontsize", uifont.fontsize); + configs->set("font_italic", uifont.italic); + configs->set("font_bold", uifont.bold); +} +void LunaHost::loadsettings() +{ + uifont.italic = configs->get("font_italic", false); + uifont.bold = configs->get("font_bold", false); + uifont.fontsize = configs->get("fontsize", 14); + uifont.fontfamily = StringToWideString(configs->get("DefaultFont2", WideStringToString(std::wstring(DefaultFont)))); + check_toclipboard_selection = configs->get("ToClipboardSelection", false); + check_toclipboard = configs->get("ToClipboard", false); + autoattach = configs->get("AutoAttach", false); + autoattach_savedonly = configs->get("AutoAttach_SavedOnly", true); + TextThread::flushDelay = configs->get("flushDelay", TextThread::flushDelay); + TextThread::filterRepetition = configs->get("filterRepetition", TextThread::filterRepetition); + TextThread::maxBufferSize = configs->get("maxBufferSize", TextThread::maxBufferSize); + TextThread::maxHistorySize = configs->get("maxHistorySize", TextThread::maxHistorySize); + Host::defaultCodepage = configs->get("defaultCodepage", Host::defaultCodepage); + autoattachexes = configs->get("autoattachexes", std::set{}); + savedhookcontext = configs->get("savedhookcontext", decltype(savedhookcontext){}); +} + +std::unordered_map> getprocesslist(); +void LunaHost::doautoattach() +{ + + if (autoattach == false && autoattach_savedonly == false) + return; + + if (autoattachexes.empty()) + return; + + for (auto [pexe, pids] : getprocesslist()) + { + auto &&u8procname = WideStringToString(pexe); + if (autoattachexes.find(u8procname) == autoattachexes.end()) + continue; + if (autoattach_savedonly && savedhookcontext.find(u8procname) == savedhookcontext.end()) + continue; + for (auto pid : pids) + { + if (userdetachedpids.find(pid) != userdetachedpids.end()) + continue; + + if (attachedprocess.find(pid) == attachedprocess.end()) + Host::InjectProcess(pid); + } + + break; + } +} + +void LunaHost::on_proc_disconnect(DWORD pid) +{ + attachedprocess.erase(pid); +} + +void LunaHost::on_proc_connect(DWORD pid) +{ + attachedprocess.insert(pid); + + if (auto pexe = getModuleFilename(pid)) + { + autoattachexes.insert(WideStringToString(pexe.value())); + auto u8procname = WideStringToString(pexe.value()); + if (savedhookcontext.find(u8procname) != savedhookcontext.end()) + { + std::string name = safequeryjson(savedhookcontext[u8procname], "name", std::string()); + if (startWith(name, "UserHook")) + { + if (auto hp = HookCode::Parse(StringToWideString(savedhookcontext[u8procname]["hookcode"]))) + Host::InsertHook(pid, hp.value()); + } + } + } +} + +bool queryversion(WORD *_1, WORD *_2, WORD *_3, WORD *_4) +{ + wchar_t fileName[MAX_PATH]; + GetModuleFileNameW(NULL, fileName, MAX_PATH); + DWORD dwHandle; + DWORD dwSize = GetFileVersionInfoSizeW(fileName, &dwHandle); + if (dwSize == 0) + { + return false; + } + + std::vector versionInfoBuffer(dwSize); + if (!GetFileVersionInfoW(fileName, dwHandle, dwSize, versionInfoBuffer.data())) + { + return false; + } + + VS_FIXEDFILEINFO *pFileInfo; + UINT fileInfoSize; + if (!VerQueryValueW(versionInfoBuffer.data(), L"\\", reinterpret_cast(&pFileInfo), &fileInfoSize)) + { + return false; + } + + DWORD ms = pFileInfo->dwFileVersionMS; + DWORD ls = pFileInfo->dwFileVersionLS; + + WORD majorVersion = HIWORD(ms); + WORD minorVersion = LOWORD(ms); + WORD buildNumber = HIWORD(ls); + WORD revisionNumber = LOWORD(ls); + *_1 = majorVersion; + *_2 = minorVersion; + *_3 = buildNumber; + *_4 = revisionNumber; + return true; +} + +LunaHost::LunaHost() +{ + + configs = new confighelper; + loadsettings(); + + setfont(uifont); + btnshowsettionwindow = new button(this, BtnShowSettingWindow); + g_selectprocessbutton = new button(this, BtnSelectProcess); + + // btnsavehook=new button(this,BtnSaveHook,10,10,10,10); + // btnsavehook->onclick=std::bind(&LunaHost::btnsavehookscallback,this); + btndetachall = new button(this, BtnDetach); + btndetachall->onclick = [&]() + { + for (auto pid : attachedprocess) + { + Host::DetachProcess(pid); + userdetachedpids.insert(pid); + } + }; + + g_hEdit_userhook = new lineedit(this); + btnplugin = new button(this, BtnPlugin); + + plugins = new Pluginmanager(this); + btnplugin->onclick = [&]() + { + if (pluginwindow == 0) + pluginwindow = new Pluginwindow(this, plugins); + pluginwindow->show(); + }; + g_hButton_insert = new button(this, BtnInsertUserHook); + btnshowsettionwindow->onclick = [&]() + { + if (settingwindow == 0) + settingwindow = new Settingwindow(this); + settingwindow->show(); + }; + g_selectprocessbutton->onclick = [&]() + { + if (_processlistwindow == 0) + _processlistwindow = new processlistwindow(this); + _processlistwindow->show(); + }; + g_hButton_insert->onclick = [&]() + { + auto hp = HookCode::Parse(std::move(g_hEdit_userhook->text())); + if (hp) + { + for (auto _ : attachedprocess) + { + Host::InsertHook(_, hp.value()); + } + } + else + { + showtext(NotifyInvalidHookCode, false); + } + }; + + g_hListBox_listtext = new listview(this, false, false); + g_hListBox_listtext->setheader({LIST_HOOK, LIST_TEXT}); + g_hListBox_listtext->oncurrentchange = [&](int idx) + { + auto thread_p = g_hListBox_listtext->getdata(idx); + std::wstring get; + currentselect = thread_p; + std::wstring copy = ((TextThread *)thread_p)->storage->c_str(); + strReplace(copy, L"\n", L"\r\n"); + showtext(copy, true); + }; + g_hListBox_listtext->on_menu = [&]() -> maybehavemenu + { + auto tt = (TextThread *)g_hListBox_listtext->getdata(g_hListBox_listtext->currentidx()); + + Menu menu; + menu.add(MenuCopyHookCode, [&, tt]() + { sendclipboarddata(tt->hp.hookcode, winId); }); + menu.add_sep(); + menu.add(MenuRemoveHook, [&, tt]() + { Host::RemoveHook(tt->tp.processId, tt->tp.addr); }); + menu.add(MenuDetachProcess, [&, tt]() + { + + Host::DetachProcess(tt->tp.processId); + userdetachedpids.insert(tt->tp.processId); }); + menu.add_sep(); + menu.add(MenuRemeberSelect, [&, tt]() + { + if(auto pexe=getModuleFilename(tt->tp.processId)) + savedhookcontext[WideStringToString(pexe.value())]={ + {"hookcode",WideStringToString(tt->hp.hookcode)}, + {"ctx1",tt->tp.ctx}, + {"ctx2",tt->tp.ctx2}, + {"name",WideStringToString(tt->name)} + }; }); + menu.add(MenuForgetSelect, [&, tt]() + { + if(auto pexe=getModuleFilename(tt->tp.processId)) + savedhookcontext.erase(WideStringToString(pexe.value())); }); + return menu; + }; + + g_showtexts = new multilineedit(this); + g_showtexts->setreadonly(true); + + btnsearchhooks = new button(this, BtnSearchHook); + btnsearchhooks->onclick = [&]() + { + if (hooksearchwindow == 0) + hooksearchwindow = new Hooksearchwindow(this); + hooksearchwindow->show(); + }; + + Host::StartEx( + std::bind(&LunaHost::on_proc_connect, this, std::placeholders::_1), + std::bind(&LunaHost::on_proc_disconnect, this, std::placeholders::_1), + std::bind(&LunaHost::on_thread_create, this, std::placeholders::_1), + std::bind(&LunaHost::on_thread_delete, this, std::placeholders::_1), + std::bind(&LunaHost::on_text_recv, this, std::placeholders::_1, std::placeholders::_2), + {}, + {}, + {}, + std::bind(&LunaHost::on_warning, this, std::placeholders::_1)); + + mainlayout = new gridlayout(); + mainlayout->addcontrol(g_selectprocessbutton, 0, 0); + mainlayout->addcontrol(btndetachall, 0, 1); + mainlayout->addcontrol(btnshowsettionwindow, 0, 2); + mainlayout->addcontrol(btnplugin, 0, 3); + mainlayout->addcontrol(g_hEdit_userhook, 1, 0, 1, 2); + mainlayout->addcontrol(g_hButton_insert, 1, 2); + mainlayout->addcontrol(btnsearchhooks, 1, 3); + + mainlayout->addcontrol(g_hListBox_listtext, 2, 0, 1, 4); + mainlayout->addcontrol(g_showtexts, 3, 0, 1, 4); + + mainlayout->setfixedheigth(0, 30); + mainlayout->setfixedheigth(1, 30); + setlayout(mainlayout); + setcentral(1200, 800); + std::wstring title = WndLunaHostGui; + settext(title); + + std::thread([&]() + { + std::wstring sel; + while(1) + { + std::this_thread::sleep_for(std::chrono::milliseconds(100)); + if(check_toclipboard_selection) + { + + auto _sel=g_showtexts->getsel(); + if(_sel!=sel){ + sel=_sel; + sendclipboarddata(sel,winId); + } + } + } }) + .detach(); + + std::thread([&] + { + while(1){ + doautoattach(); + std::this_thread::sleep_for(std::chrono::seconds(2)); + } }) + .detach(); + + WORD _1, _2, _3, _4; + WCHAR vs[32]; + if (queryversion(&_1, &_2, &_3, &_4)) + { + wsprintf(vs, L" | %s v%d.%d.%d", VersionCurrent, _1, _2, _3); + title += vs; + settext(title); + std::thread([&]() + { + if (HttpRequest httpRequest{ + L"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36", + L"lunatranslator.org", + L"GET", + L"/version_lunahook" + }){ + + try{ + auto resp=nlohmann::json::parse(WideStringToString(httpRequest.response)); + std::string ver=resp["version"]; + settext(text()+L" | "+VersionLatest+L" "+ StringToWideString(ver)); + } + catch(std::exception&e){} + } }) + .detach(); + } +} +void LunaHost::on_text_recv_checkissaved(TextThread &thread) +{ + if (auto exe = getModuleFilename(thread.tp.processId)) + { + auto exea = WideStringToString(exe.value()); + if (savedhookcontext.find(exea) == savedhookcontext.end()) + return; + + std::string hc = savedhookcontext[exea]["hookcode"]; + uint64_t ctx1 = savedhookcontext[exea]["ctx1"]; + uint64_t ctx2 = savedhookcontext[exea]["ctx2"]; + if (((ctx1 & 0xffff) == (thread.tp.ctx & 0xffff)) && (ctx2 == thread.tp.ctx2) && (hc == WideStringToString(thread.hp.hookcode))) + { + for (int i = 0; i < g_hListBox_listtext->count(); i++) + { + auto handle = g_hListBox_listtext->getdata(i); + if (handle == (LONG_PTR)&thread) + { + g_hListBox_listtext->setcurrent(i); + break; + } + } + } + } +} + +std::wstring sanitize(const std::wstring &s1) +{ + std::wstring s = s1; + s.erase(std::remove_if(s.begin(), s.end(), [](wchar_t ch) + { return (ch >= 0xD800 && ch <= 0xDBFF) || (ch >= 0xDC00 && ch <= 0xDFFF); }), + s.end()); + return s; +} +void LunaHost::showtext(const std::wstring &text, bool clear) +{ + auto output = sanitize(text); + strReplace(output, L"\n", L"\r\n"); + if (clear) + { + g_showtexts->settext(output); + g_showtexts->scrolltoend(); + } + else + { + g_showtexts->scrolltoend(); + g_showtexts->appendtext(output); + } +} +void LunaHost::updatelisttext(const std::wstring &text, LONG_PTR data) +{ + auto idx = g_hListBox_listtext->querydataidx(data); + if (idx >= 0) + { + auto __output = sanitize(text); + strReplace(__output, L"\n", L" "); + if (__output.size() > 0x40) + { + __output = __output.substr(0, 0x40) + L"..."; + } + g_hListBox_listtext->settext(idx, 1, __output); + } +} +bool LunaHost::on_text_recv(TextThread &thread, std::wstring &output) +{ + if (hasstoped) + return true; + if (!plugins->dispatch(thread, output)) + return false; + + updatelisttext(output, (LONG_PTR)&thread); + + if (currentselect == (LONG_PTR)&thread) + { + showtext(output, false); + } + return true; +} +void LunaHost::on_warning(const std::wstring &warning) +{ + MessageBoxW(winId, warning.c_str(), L"warning", 0); +} +void LunaHost::on_thread_create(TextThread &thread) +{ + wchar_t buff[65535]; + swprintf_s(buff, L"%I64X:%s:%s:%I32X:%I64X:%I64X", + thread.handle, + thread.name.c_str(), + thread.hp.hookcode, + thread.tp.processId, + thread.tp.ctx, + thread.tp.ctx2); + int index = g_hListBox_listtext->additem(buff, NULL); + g_hListBox_listtext->setdata(index, (LONG_PTR)&thread); + on_text_recv_checkissaved(thread); +} +void LunaHost::on_thread_delete(TextThread &thread) +{ + if (currentselect == (LONG_PTR)&thread) + currentselect = 0; + int count = g_hListBox_listtext->count(); + for (int i = 0; i < count; i++) + { + auto thread_p = g_hListBox_listtext->getdata(i); + + if (thread_p == (LONG_PTR)&thread) + { + g_hListBox_listtext->deleteitem(i); + break; + } + } +} + +Settingwindow::Settingwindow(LunaHost *host) : mainwindow(host) +{ + int height = 30; + int curry = 10; + int space = 10; + int labelwidth = 300; + int spinwidth = 200; + g_timeout = new spinbox(this, TextThread::flushDelay); + + g_codepage = new spinbox(this, Host::defaultCodepage); + + spinmaxbuffsize = new spinbox(this, TextThread::maxBufferSize); + ; + curry += height + space; + + spinmaxbuffsize->onvaluechange = [=](int v) + { + TextThread::maxBufferSize = v; + }; + + spinmaxhistsize = new spinbox(this, TextThread::maxHistorySize); + ; + curry += height + space; + + spinmaxhistsize->onvaluechange = [=](int v) + { + TextThread::maxHistorySize = v; + }; + + ckbfilterrepeat = new checkbox(this, LblFilterRepeat); + ckbfilterrepeat->onclick = [=]() + { + TextThread::filterRepetition = ckbfilterrepeat->ischecked(); + }; + ckbfilterrepeat->setcheck(TextThread::filterRepetition); + + g_check_clipboard = new checkbox(this, BtnToClipboard); + g_check_clipboard->onclick = [=]() + { + host->check_toclipboard = g_check_clipboard->ischecked(); + }; + g_check_clipboard->setcheck(host->check_toclipboard); + + // copyselect=new checkbox(this,COPYSELECTION); + // copyselect->onclick=[=](){ + // host->check_toclipboard_selection=copyselect->ischecked(); + // }; + // copyselect->setcheck(host->check_toclipboard_selection); + + autoattach = new checkbox(this, LblAutoAttach); + autoattach->onclick = [=]() + { + host->autoattach = autoattach->ischecked(); + }; + autoattach->setcheck(host->autoattach); + + autoattach_so = new checkbox(this, LblAutoAttach_savedonly); + autoattach_so->onclick = [=]() + { + host->autoattach_savedonly = autoattach_so->ischecked(); + }; + autoattach_so->setcheck(host->autoattach_savedonly); + + readonlycheck = new checkbox(this, BtnReadOnly); + readonlycheck->onclick = [=]() + { + host->g_showtexts->setreadonly(readonlycheck->ischecked()); + }; + readonlycheck->setcheck(true); + + g_timeout->onvaluechange = [=](int v) + { + TextThread::flushDelay = v; + }; + + g_codepage->onvaluechange = [=](int v) + { + if (IsValidCodePage(v)) + { + Host::defaultCodepage = v; + } + }; + g_codepage->setminmax(0, CP_UTF8); + + showfont = new lineedit(this); + showfont->settext(host->uifont.fontfamily); + showfont->setreadonly(true); + selectfont = new button(this, FONTSELECT); + selectfont->onclick = [=]() + { + FontSelector(winId, host->uifont, [=](const Font &f) + { + host->uifont=f; + showfont->settext(f.fontfamily); + host->setfont(f); }); + }; + + mainlayout = new gridlayout(); + mainlayout->addcontrol(new label(this, LblFlushDelay), 0, 0); + mainlayout->addcontrol(g_timeout, 0, 1); + + mainlayout->addcontrol(new label(this, LblCodePage), 1, 0); + mainlayout->addcontrol(g_codepage, 1, 1); + + mainlayout->addcontrol(new label(this, LblMaxBuff), 2, 0); + mainlayout->addcontrol(spinmaxbuffsize, 2, 1); + + mainlayout->addcontrol(new label(this, LblMaxHist), 3, 0); + mainlayout->addcontrol(spinmaxhistsize, 3, 1); + + mainlayout->addcontrol(ckbfilterrepeat, 4, 0, 1, 2); + mainlayout->addcontrol(g_check_clipboard, 5, 0, 1, 2); + mainlayout->addcontrol(autoattach, 6, 0, 1, 2); + mainlayout->addcontrol(autoattach_so, 7, 0, 1, 2); + mainlayout->addcontrol(readonlycheck, 8, 0, 1, 2); + mainlayout->addcontrol(showfont, 9, 1); + mainlayout->addcontrol(selectfont, 9, 0); + + setlayout(mainlayout); + setcentral(600, 500); + settext(WndSetting); +} +void Pluginwindow::on_size(int w, int h) +{ + listplugins->setgeo(10, 10, w - 20, h - 20); +} +void Pluginwindow::pluginrankmove(int moveoffset) +{ + auto idx = listplugins->currentidx(); + if (idx == -1) + return; + auto idx2 = idx + moveoffset; + auto a = min(idx, idx2), b = max(idx, idx2); + if (a < 0 || b >= listplugins->count()) + return; + pluginmanager->swaprank(a, b); + + auto pa = ((LPCWSTR)listplugins->getdata(a)); + auto pb = ((LPCWSTR)listplugins->getdata(b)); + + listplugins->deleteitem(a); + listplugins->insertitem(b, std::filesystem::path(pa).stem()); + listplugins->setdata(b, (LONG_PTR)pa); +} +Pluginwindow::Pluginwindow(mainwindow *p, Pluginmanager *pl) : mainwindow(p), pluginmanager(pl) +{ + + static auto listadd = [&](const std::wstring &s) + { + auto idx = listplugins->additem(std::filesystem::path(s).stem()); + auto _s = new wchar_t[s.size() + 1]; + wcscpy(_s, s.c_str()); + listplugins->setdata(idx, (LONG_PTR)_s); + }; + listplugins = new listbox(this); + + listplugins->on_menu = [&]() + { + Menu menu; + menu.add(MenuAddPlugin, [&]() + { + if(auto f=pluginmanager->selectpluginfile()) + switch (auto res=pluginmanager->addplugin(f.value())) + { + case addpluginresult::success: + listadd(f.value()); + break; + default: + std::map errorlog={ + {addpluginresult::isnotaplugins,InvalidPlugin}, + {addpluginresult::invaliddll,InvalidDll}, + {addpluginresult::dumplicate,InvalidDump}, + }; + MessageBoxW(winId,errorlog[res],MsgError,0); + } }); + auto idx = listplugins->currentidx(); + if (idx != -1) + { + menu.add(MenuRemovePlugin, [&, idx]() + { + pluginmanager->remove((LPCWSTR)listplugins->getdata(idx)); + listplugins->deleteitem(idx); }); + menu.add_sep(); + menu.add(MenuPluginRankUp, std::bind(&Pluginwindow::pluginrankmove, this, -1)); + menu.add(MenuPluginRankDown, std::bind(&Pluginwindow::pluginrankmove, this, 1)); + menu.add_sep(); + menu.add_checkable(MenuPluginEnable, pluginmanager->getenable(idx), [&, idx](bool check) + { + pluginmanager->setenable(idx,check); + if(check) + pluginmanager->load((LPCWSTR)listplugins->getdata(idx)); + else + pluginmanager->unload((LPCWSTR)listplugins->getdata(idx)); }); + if (pluginmanager->getvisible_setable(idx)) + menu.add_checkable(MenuPluginVisSetting, pluginmanager->getvisible(idx), [&, idx](bool check) + { pluginmanager->setvisible(idx, check); }); + } + return menu; + }; + + for (int i = 0; i < pluginmanager->count(); i++) + { + listadd(pluginmanager->getname(i)); + } + settext(WndPlugins); + setcentral(500, 400); +} + +void HooksearchText::call(std::set pids) +{ + edittext->settext(L""); + checkok->onclick = [&, pids]() + { + close(); + auto cp = codepage->getcurr(); + if (!IsValidCodePage(cp)) + return; + SearchParam sp = {}; + sp.codepage = cp; + wcsncpy_s(sp.text, edittext->text().c_str(), PATTERN_SIZE - 1); + for (auto pid : pids) + Host::FindHooks(pid, sp); + }; + show(); +} +HooksearchText::HooksearchText(mainwindow *p) : mainwindow(p) +{ + codepage = new spinbox(this, Host::defaultCodepage); + codepage->setminmax(0, CP_UTF8); + + edittext = new lineedit(this); + checkok = new button(this, BtnOk); + layout = new gridlayout(); + layout->addcontrol(new label(this, HS_TEXT), 0, 0); + layout->addcontrol(new label(this, HS_CODEPAGE), 1, 0); + layout->addcontrol(edittext, 0, 1); + layout->addcontrol(codepage, 1, 1); + layout->addcontrol(checkok, 2, 1); + + setlayout(layout); + setcentral(500, 200); +} +std::wstring tohex(BYTE *bs, int len) +{ + std::wstring buffer; + for (int i = 0; i < len; i += 1) + { + buffer.append(FormatString(L"%02hX ", bs[i])); + } + return buffer; +} +std::wstring addr2hex(uintptr_t addr) +{ + return FormatString(L"%p", addr); +} +void realcallsearchhooks(std::set pids, std::wstring filter, SearchParam sp) +{ + + auto hooks = std::make_shared>(); + + try + { + for (auto processId : pids) + Host::FindHooks(processId, sp, + [hooks, filter](HookParam hp, std::wstring text) + { + std::wsmatch matches; + if (std::regex_search(text, matches, std::wregex(filter))) + { + hooks->emplace_back(std::wstring(hp.hookcode) + L"=>" + text); + } + }); + } + catch (std::exception &e) + { + // std::wcout<size() == 0 || hooks->size() != lastSize; Sleep(2000)) lastSize = hooks->size(); + + std::ofstream of; + of.open("savehooks.txt"); + for (auto line:*hooks) of<clear(); }) + .detach(); +} +Hooksearchsetting::Hooksearchsetting(mainwindow *p) : mainwindow(p) +{ + layout = new gridlayout(); + SearchParam sp{}; + spinduration = new spinbox(this, sp.searchTime); + spinoffset = new spinbox(this, sp.offset); + spincap = new spinbox(this, sp.maxRecords); + spincodepage = new spinbox(this, Host::defaultCodepage); + editpattern = new lineedit(this); + editpattern->settext(tohex(sp.pattern, sp.length)); + editmodule = new lineedit(this); + editmaxaddr = new lineedit(this); + editmaxaddr->settext(addr2hex(sp.maxAddress)); + editminaddr = new lineedit(this); + editminaddr->settext(addr2hex(sp.minAddress)); + spinpadding = new spinbox(this, 0); + editregex = new lineedit(this); + start = new button(this, HS_START_HOOK_SEARCH); + layout->addcontrol(new label(this, HS_SEARCH_PATTERN), 0, 0); + layout->addcontrol(new label(this, HS_SEARCH_DURATION), 1, 0); + layout->addcontrol(new label(this, HS_PATTERN_OFFSET), 2, 0); + layout->addcontrol(new label(this, HS_MAX_HOOK_SEARCH_RECORDS), 3, 0); + layout->addcontrol(new label(this, HS_CODEPAGE), 4, 0); + layout->addcontrol(new label(this, HS_SEARCH_MODULE), 5, 0); + layout->addcontrol(new label(this, HS_MIN_ADDRESS), 6, 0); + layout->addcontrol(new label(this, HS_MAX_ADDRESS), 7, 0); + layout->addcontrol(new label(this, HS_STRING_OFFSET), 8, 0); + layout->addcontrol(new label(this, HS_HOOK_SEARCH_FILTER), 9, 0); + layout->addcontrol(start, 10, 1); + + layout->addcontrol(editpattern, 0, 1); + layout->addcontrol(spinduration, 1, 1); + layout->addcontrol(spinoffset, 2, 1); + layout->addcontrol(spincap, 3, 1); + layout->addcontrol(spincodepage, 4, 1); + layout->addcontrol(editmodule, 5, 1); + layout->addcontrol(editminaddr, 6, 1); + layout->addcontrol(editmaxaddr, 7, 1); + layout->addcontrol(spinpadding, 8, 1); + layout->addcontrol(editregex, 9, 1); + + setlayout(layout); + setcentral(1000, 600); +} +std::vector hexStringToBytes(const std::wstring &hexString_) +{ + auto hexString = hexString_; + strReplace(hexString, L" ", L""); + strReplace(hexString, L"??", FormatString(L"%02hX", XX)); + std::vector bytes; + if (hexString.length() % 2 != 0) + { + return {}; + } + for (int i = 0; i < hexString.size() / 2; i++) + { + auto byteValue = std::stoi(hexString.substr(i * 2, 2), nullptr, 16); + bytes.push_back(byteValue); + } + + return bytes; +} +void Hooksearchsetting::call(std::set pids, std::wstring reg) +{ + if (pids.empty()) + return; + + if (auto filename = getModuleFilename(*pids.begin())) + editmodule->settext(std::filesystem::path(filename.value()).filename().wstring()); + editregex->settext(reg); + spincodepage->setcurr(Host::defaultCodepage); + + start->onclick = [&, pids]() + { + close(); + SearchParam sp{}; + sp.searchTime = spinduration->getcurr(); + sp.offset = spinoffset->getcurr(); + sp.maxRecords = spincap->getcurr(); + sp.codepage = spincodepage->getcurr(); + + if (editpattern->text().find(L".") == std::wstring::npos) + { + auto hex = hexStringToBytes(editpattern->text()); + memcpy(sp.pattern, hex.data(), hex.size()); + sp.length = hex.size(); + } + else + { + wcsncpy_s(sp.exportModule, editpattern->text().c_str(), MAX_MODULE_SIZE - 1); + sp.length = 1; + } + + wcscpy(sp.boundaryModule, editmodule->text().c_str()); + sp.minAddress = std::stoull(editminaddr->text(), nullptr, 16); + sp.maxAddress = std::stoull(editmaxaddr->text(), nullptr, 16); + sp.padding = spinpadding->getcurr(); + realcallsearchhooks(pids, editregex->text(), sp); + }; + show(); +} +Hooksearchwindow::Hooksearchwindow(LunaHost *host) : mainwindow(host) +{ + + cjkcheck = new checkbox(this, SEARCH_CJK); + hs_default = new button(this, HS_START_HOOK_SEARCH); + hs_text = new button(this, HS_SEARCH_FOR_TEXT); + hs_user = new button(this, HS_SETTINGS); + + layout = new gridlayout(); + layout->addcontrol(cjkcheck, 0, 0, 1, 3); + layout->addcontrol(hs_default, 1, 0); + layout->addcontrol(hs_text, 1, 1); + layout->addcontrol(hs_user, 1, 2); + + setlayout(layout); + + settext(BtnSearchHook); + setcentral(800, 200); + + auto dohooksearchdispatch = [&, host](int type) + { + close(); + if (type == 1) + { + if (hooksearchText == 0) + hooksearchText = new HooksearchText(this); + hooksearchText->call(host->attachedprocess); + return; + } + + auto filter = (cjkcheck->ischecked() ? L"[\\u3000-\\ua000]{4,}" : L"[\\u0020-\\u1000]{4,}"); + + if (type == 0) + { + SearchParam sp = {}; + sp.codepage = Host::defaultCodepage; + sp.length = 0; + realcallsearchhooks(host->attachedprocess, filter, sp); + } + else if (type == 2) + { + if (hooksearchsetting == 0) + hooksearchsetting = new Hooksearchsetting(this); + hooksearchsetting->call(host->attachedprocess, filter); + return; + } + }; + + hs_default->onclick = std::bind(dohooksearchdispatch, 0); + hs_text->onclick = std::bind(dohooksearchdispatch, 1); + hs_user->onclick = std::bind(dohooksearchdispatch, 2); +} \ No newline at end of file diff --git a/cpp/LunaHook/LunaHost/GUI/LunaHost.h b/cpp/LunaHook/LunaHost/GUI/LunaHost.h new file mode 100644 index 00000000..d17c4f5e --- /dev/null +++ b/cpp/LunaHook/LunaHost/GUI/LunaHost.h @@ -0,0 +1,145 @@ +#include "window.h" +#include "controls.h" +#include "textthread.h" +#include "pluginmanager.h" +#include "confighelper.h" +class LunaHost; +class Pluginwindow : public mainwindow +{ + listbox *listplugins; + Pluginmanager *pluginmanager; + +public: + Pluginwindow(mainwindow *, Pluginmanager *); + void on_size(int w, int h); + void pluginrankmove(int); +}; +class Settingwindow : public mainwindow +{ + checkbox *ckbfilterrepeat; + spinbox *g_timeout; + spinbox *g_codepage; + checkbox *g_check_clipboard; + checkbox *readonlycheck; + checkbox *autoattach; + checkbox *autoattach_so; + checkbox *copyselect; + spinbox *spinmaxbuffsize; + spinbox *spinmaxhistsize; + gridlayout *mainlayout; + lineedit *showfont; + button *selectfont; + +public: + Settingwindow(LunaHost *); +}; + +class processlistwindow : public mainwindow +{ + gridlayout *mainlayout; + lineedit *g_hEdit; + button *g_hButton; + listview *g_hListBox; + button *g_refreshbutton; + std::unordered_map> g_exe_pid; + void PopulateProcessList(listview *, std::unordered_map> &); + +public: + processlistwindow(mainwindow *parent = 0); + void on_show(); +}; +class HooksearchText : public mainwindow +{ + gridlayout *layout; + lineedit *edittext; + button *checkok; + spinbox *codepage; + +public: + HooksearchText(mainwindow *); + void call(std::set pids); +}; +class Hooksearchsetting : public mainwindow +{ + gridlayout *layout; + spinbox *spinduration; + spinbox *spinoffset; + spinbox *spincap; + spinbox *spincodepage; + lineedit *editpattern; + lineedit *editmodule; + lineedit *editmaxaddr; + lineedit *editminaddr; + spinbox *spinpadding; + lineedit *editregex; + button *start; + +public: + Hooksearchsetting(mainwindow *); + void call(std::set pids, std::wstring); +}; +class Hooksearchwindow : public mainwindow +{ + checkbox *cjkcheck; + button *hs_default, *hs_text, *hs_user; + gridlayout *layout; + Hooksearchsetting *hooksearchsetting = 0; + HooksearchText *hooksearchText = 0; + +public: + Hooksearchwindow(LunaHost *parent); +}; +class LunaHost : public mainwindow +{ + Pluginwindow *pluginwindow = 0; + std::set attachedprocess; + lineedit *g_hEdit_userhook; + gridlayout *mainlayout; + button *g_hButton_insert; + button *btnplugin; + // listbox* g_hListBox_listtext; + listview *g_hListBox_listtext; + multilineedit *g_showtexts; + button *g_selectprocessbutton; + button *btndetachall; + button *btnsearchhooks; + button *btnshowsettionwindow; + // button* btnsavehook; + processlistwindow *_processlistwindow = 0; + Settingwindow *settingwindow = 0; + Pluginmanager *plugins; + Hooksearchwindow *hooksearchwindow = 0; + std::atomic hasstoped = false; + bool on_text_recv(TextThread &thread, std::wstring &sentence); + void on_text_recv_checkissaved(TextThread &thread); + void on_thread_create(TextThread &thread); + void on_thread_delete(TextThread &thread); + void on_proc_connect(DWORD pid); + void on_proc_disconnect(DWORD pid); + void on_warning(const std::wstring &); + + void showtext(const std::wstring &text, bool clear); + void updatelisttext(const std::wstring &text, LONG_PTR data); + +public: + confighelper *configs; + int64_t currentselect = 0; + bool check_toclipboard; + bool check_toclipboard_selection; + Font uifont; + bool autoattach; + bool autoattach_savedonly; + std::set autoattachexes; + std::unordered_map savedhookcontext; + std::set userdetachedpids; + void on_close(); + LunaHost(); + friend class Settingwindow; + friend class Hooksearchwindow; + +private: + void loadsettings(); + void savesettings(); + + void doautoattach(); +}; diff --git a/cpp/LunaHook/LunaHost/GUI/Plugin/CMakeLists.txt b/cpp/LunaHook/LunaHost/GUI/Plugin/CMakeLists.txt new file mode 100644 index 00000000..a3448f72 --- /dev/null +++ b/cpp/LunaHook/LunaHost/GUI/Plugin/CMakeLists.txt @@ -0,0 +1,21 @@ +if(0) +include(QtUtils.cmake) +msvc_registry_search() +if(Qt5_DIR) + find_qt5(Core Widgets) + #set(CMAKE_AUTOMOC ON) + add_library(QtLoader MODULE QtLoader.cpp) + #qt5_wrap_cpp(MOC_SOURCES QtLoader.h) + #target_sources(QtLoader PRIVATE ${MOC_SOURCES}) + target_link_libraries(QtLoader Qt5::Widgets Qt5::Core) + set_target_properties(QtLoader PROPERTIES LIBRARY_OUTPUT_DIRECTORY "${CMAKE_LIBRARY_OUTPUT_DIRECTORY}/plugin${bitappendix}") +endif() +endif() + +include(QtUtils.cmake) +if(NOT DEFINED USESYSQTPATH) +msvc_registry_search() +endif() + +find_qt5(Core Widgets WebSockets) +add_subdirectory(extensions) diff --git a/cpp/LunaHook/LunaHost/GUI/Plugin/QtLoader.cpp b/cpp/LunaHook/LunaHost/GUI/Plugin/QtLoader.cpp new file mode 100644 index 00000000..4bdb0ae4 --- /dev/null +++ b/cpp/LunaHook/LunaHost/GUI/Plugin/QtLoader.cpp @@ -0,0 +1,72 @@ +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include"../lockedqueue.hpp" + +lockedqueuewaitingtask; +lockedqueuewaitingresult; + +extern "C" __declspec(dllexport) int QtStartUp(std::vector* dlls){ + static bool once=false; + if(once)return 0; + once=true; + std::thread([=](){ + for(int i=0;isize();i++) + QApplication::addLibraryPath(QString::fromStdWString(std::filesystem::path(dlls->at(i)).parent_path())); + + int _=0; + QApplication app(_, nullptr); + app.setFont(QFont("MS Shell Dlg 2", 10)); + + while(true) + { + if(!waitingtask.empty()) + { + auto top=waitingtask.pop(); + waitingresult.push(LoadLibraryW(top.c_str())); + } + app.processEvents(0); + } + + }).detach(); + return 0; +} +std::mutex loadmutex; + +extern "C" __declspec(dllexport) std::vector* QtLoadLibraryBatch(std::vector* dlls){ + std::lock_guard _(loadmutex); + static auto once=QtStartUp(dlls); + auto hdlls=new std::vector; + for(int i=0;isize();i++){ + waitingtask.push(dlls->at(i)); + hdlls->push_back(waitingresult.pop()); + } + return hdlls; +} +#if 0 +extern "C" __declspec(dllexport) std::vector* QtLoadLibrary(std::vector* dlls){ + auto hdlls=new std::vector; + auto mutex=CreateSemaphoreW(0,0,1,0); + std::thread([=](){ + for(int i=0;isize();i++) + QApplication::addLibraryPath(QString::fromStdWString(std::filesystem::path(dlls->at(i)).parent_path())); + + int _=0; + QApplication app(_, nullptr); + app.setFont(QFont("MS Shell Dlg 2", 10)); + for(int i=0;isize();i++) + hdlls->push_back(LoadLibraryW(dlls->at(i).c_str())); + ReleaseSemaphore(mutex,1,0); + app.exec(); + + }).detach(); + WaitForSingleObject(mutex,INFINITE); + return hdlls; +} +#endif \ No newline at end of file diff --git a/cpp/LunaHook/LunaHost/GUI/Plugin/QtUtils.cmake b/cpp/LunaHook/LunaHost/GUI/Plugin/QtUtils.cmake new file mode 100644 index 00000000..1c7011fc --- /dev/null +++ b/cpp/LunaHook/LunaHost/GUI/Plugin/QtUtils.cmake @@ -0,0 +1,90 @@ +macro(msvc_registry_search) + if(NOT DEFINED Qt5_DIR) + if (NOT EXISTS ${QT_ROOT}) + # look for user-registry pointing to qtcreator + get_filename_component(QT_ROOT [HKEY_CURRENT_USER\\Software\\Classes\\Applications\\QtProject.QtCreator.pro\\shell\\Open\\Command] PATH) + + # get root path + string(REPLACE "/Tools" ";" QT_ROOT "${QT_ROOT}") + list(GET QT_ROOT 0 QT_ROOT) + endif() + file(GLOB QT_VERSIONS "${QT_ROOT}/5.1*") + list(SORT QT_VERSIONS) + + # assume the latest version will be last alphabetically + list(REVERSE QT_VERSIONS) + + list(LENGTH QT_VERSIONS QT_VERSIONS_LENGTH) + if(${QT_VERSIONS_LENGTH} EQUAL 0) + message(WARNING "Required QT5 toolchain is not installed") + else() + list(GET QT_VERSIONS 0 QT_VERSION) + + # fix any double slashes which seem to be common + string(REPLACE "//" "/" QT_VERSION "${QT_VERSION}") + + if(MSVC_VERSION GREATER_EQUAL 1920) + set(QT_MSVC 2019) + elseif(MSVC_VERSION GREATER_EQUAL 1910) + set(QT_MSVC 2017) + elseif(MSVC_VERSION GREATER_EQUAL 1900) + set(QT_MSVC 2015) + else() + message(WARNING "Unsupported MSVC toolchain version") + endif() + + if(QT_MSVC) + if(CMAKE_CL_64) + SET(QT_SUFFIX "_64") + else() + set(QT_SUFFIX "") + endif() + + # MSVC 2015+ is only backwards compatible + if(EXISTS "${QT_VERSION}/msvc${QT_MSVC}${QT_SUFFIX}") + set(Qt5_DIR "${QT_VERSION}/msvc${QT_MSVC}${QT_SUFFIX}/lib/cmake/Qt5") + elseif(QT_MSVC GREATER_EQUAL 2019 AND EXISTS "${QT_VERSION}/msvc2017${QT_SUFFIX}") + set(Qt5_DIR "${QT_VERSION}/msvc2017${QT_SUFFIX}/lib/cmake/Qt5") + elseif(QT_MSVC GREATER_EQUAL 2017 AND EXISTS "${QT_VERSION}/msvc2015${QT_SUFFIX}") + set(Qt5_DIR "${QT_VERSION}/msvc2015${QT_SUFFIX}/lib/cmake/Qt5") + else() + message(WARNING "Required QT5 toolchain is not installed") + endif() + endif() + endif() + + endif() +endmacro() + +macro(find_qt5) + set(CMAKE_INCLUDE_CURRENT_DIR ON) + #set(CMAKE_AUTOMOC ON) + set(CMAKE_AUTOUIC ON) + #add_definitions(-DQT_DEPRECATED_WARNINGS -DQT_DISABLE_DEPRECATED_BEFORE=0x060000) + find_package(Qt5 COMPONENTS ${ARGN}) + set(CMAKE_PREFIX_PATH "C:/Qt/Qt5.14.2/5.14.2/msvc2017/lib/cmake/Qt5" ${CMAKE_PREFIX_PATH}) + if(Qt5_FOUND) + if(WIN32 AND TARGET Qt5::qmake AND NOT TARGET Qt5::windeployqt) + get_target_property(_qt5_qmake_location Qt5::qmake IMPORTED_LOCATION) + + execute_process( + COMMAND "${_qt5_qmake_location}" -query QT_INSTALL_PREFIX + RESULT_VARIABLE return_code + OUTPUT_VARIABLE qt5_install_prefix + OUTPUT_STRIP_TRAILING_WHITESPACE + ) + + set(imported_location "${qt5_install_prefix}/bin/windeployqt.exe") + + if(EXISTS ${imported_location}) + add_executable(Qt5::windeployqt IMPORTED) + + set_target_properties(Qt5::windeployqt PROPERTIES + IMPORTED_LOCATION ${imported_location} + ) + endif() + endif() + else() + message(FATAL_ERROR "Cannot find QT5!") + endif() +endmacro(find_qt5) diff --git a/cpp/LunaHook/LunaHost/GUI/Plugin/copyclipboard.cpp b/cpp/LunaHook/LunaHost/GUI/Plugin/copyclipboard.cpp new file mode 100644 index 00000000..b03e1946 --- /dev/null +++ b/cpp/LunaHook/LunaHost/GUI/Plugin/copyclipboard.cpp @@ -0,0 +1,11 @@ +#include "extension.h" + +bool sendclipboarddata(const std::wstring&text,HWND hwnd); +bool ProcessSentence(std::wstring& sentence, SentenceInfo sentenceInfo) +{ + if (sentenceInfo["current select"] && sentenceInfo["toclipboard"]) + { + sendclipboarddata(sentence,(HWND)sentenceInfo["HostHWND"]); + } + return false; +} \ No newline at end of file diff --git a/cpp/LunaHook/LunaHost/GUI/Plugin/extension.h b/cpp/LunaHook/LunaHost/GUI/Plugin/extension.h new file mode 100644 index 00000000..6a15ae2e --- /dev/null +++ b/cpp/LunaHook/LunaHost/GUI/Plugin/extension.h @@ -0,0 +1,21 @@ +#pragma once + +struct InfoForExtension +{ + const char* name; + int64_t value; +}; + +struct SentenceInfo +{ + const InfoForExtension* infoArray; + int64_t operator[](std::string_view propertyName) + { + for (auto info = infoArray; info->name; ++info) // nullptr name marks end of info array + if (propertyName == info->name) return info->value; + return *(int*)0xDEAD = 0; // gives better error message than alternatives + } +}; + +struct SKIP {}; +inline void Skip() { throw SKIP(); } diff --git a/cpp/LunaHook/LunaHost/GUI/Plugin/extensionimpl.cpp b/cpp/LunaHook/LunaHost/GUI/Plugin/extensionimpl.cpp new file mode 100644 index 00000000..0944dab2 --- /dev/null +++ b/cpp/LunaHook/LunaHost/GUI/Plugin/extensionimpl.cpp @@ -0,0 +1,43 @@ +#include "extension.h" + +bool ProcessSentence(std::wstring& sentence, SentenceInfo sentenceInfo); + +/* + You shouldn't mess with this or even look at it unless you're certain you know what you're doing. + Param sentence: pointer to sentence received by Textractor (UTF-16). + This can be modified. Textractor uses the modified sentence for future processing and display. If empty (starts with null terminator), Textractor will destroy it. + Textractor will display the sentence after all extensions have had a chance to process and/or modify it. + The buffer is allocated using HeapAlloc(). If you want to make it larger, please use HeapReAlloc(). + Param sentenceInfo: pointer to array containing misc info about the sentence. End of array is marked with name being nullptr. + Return value: the buffer used for the sentence. Remember to return a new pointer if HeapReAlloc() gave you one. + This function may be run concurrently with itself: please make sure it's thread safe. + It will not be run concurrently with DllMain. +*/ +extern "C" __declspec(dllexport) wchar_t* OnNewSentence(wchar_t* sentence, const InfoForExtension* sentenceInfo) +{ + try + { + std::wstring sentenceCopy(sentence); + int oldSize = sentenceCopy.size(); + if (ProcessSentence(sentenceCopy, SentenceInfo{ sentenceInfo })) + { + if (sentenceCopy.size() > oldSize) sentence = (wchar_t*)HeapReAlloc(GetProcessHeap(), HEAP_GENERATE_EXCEPTIONS, sentence, (sentenceCopy.size() + 1) * sizeof(wchar_t)); + wcscpy_s(sentence, sentenceCopy.size() + 1, sentenceCopy.c_str()); + } + } + catch (SKIP) + { + *sentence = L'\0'; + } + return sentence; +} + +/* +This API is not necessary, but when the plugin contains a configuration window, this API allows the user to show or hide the configuration window, which can greatly improve the user experience. +*/ +/* +extern "C" __declspec(dllexport) void VisSetting(bool vis) +{ + +} +*/ \ No newline at end of file diff --git a/cpp/LunaHook/LunaHost/GUI/Plugin/extensions/CMakeLists.txt b/cpp/LunaHook/LunaHost/GUI/Plugin/extensions/CMakeLists.txt new file mode 100644 index 00000000..d3fc6432 --- /dev/null +++ b/cpp/LunaHook/LunaHost/GUI/Plugin/extensions/CMakeLists.txt @@ -0,0 +1,52 @@ +cmake_policy(SET CMP0037 OLD) + +include_directories(../) +add_library(extpch text.cpp) +target_precompile_headers(extpch PUBLIC extpch.h) + +set(disttarget "${CMAKE_SOURCE_DIR}/builds/plugin${bitappendix}") +message(${disttarget}) +function(add_library_and_link_target TARGET_NAME) + add_library(${TARGET_NAME} MODULE ${ARGN} ../extensionimpl.cpp) + target_precompile_headers(${TARGET_NAME} REUSE_FROM extpch) + target_link_libraries(${TARGET_NAME} PRIVATE extpch shell32 winhttp Qt5::Widgets Qt5::WebSockets) + set_target_properties(${TARGET_NAME} PROPERTIES + LIBRARY_OUTPUT_DIRECTORY ${disttarget} + LIBRARY_OUTPUT_DIRECTORY_DEBUG ${disttarget} + LIBRARY_OUTPUT_DIRECTORY_RELEASE ${disttarget} + ) + + +endfunction() + +add_library_and_link_target(Bing\ Translate bingtranslate.cpp translatewrapper.cpp network.cpp) +#add_library_and_link_target(Copy\ to\ Clipboard copyclipboard.cpp) +add_library_and_link_target(DeepL\ Translate deepltranslate.cpp translatewrapper.cpp network.cpp) + + +add_library_and_link_target(DevTools\ DeepL\ Translate devtoolsdeepltranslate.cpp devtools.cpp translatewrapper.cpp network.cpp) +add_library_and_link_target(DevTools\ Papago\ Translate devtoolspapagotranslate.cpp devtools.cpp translatewrapper.cpp network.cpp) +add_library_and_link_target(DevTools\ Systran\ Translate devtoolssystrantranslate.cpp devtools.cpp translatewrapper.cpp network.cpp) +add_library_and_link_target(Extra\ Newlines extranewlines.cpp) +add_library_and_link_target(Extra\ Window extrawindow.cpp) +add_library_and_link_target(Google\ Translate googletranslate.cpp translatewrapper.cpp network.cpp) +add_library_and_link_target(Regex\ Filter regexfilter.cpp) +add_library_and_link_target(Regex\ Replacer regexreplacer.cpp) +add_library_and_link_target(Remove\ Repeated\ Characters removerepeatchar.cpp) +add_library_and_link_target(Remove\ Repeated\ Phrases removerepeatphrase.cpp) +add_library_and_link_target(Remove\ Repeated\ Phrases\ 2 removerepeatphrase2.cpp) +add_library_and_link_target(Remove\ 30\ Repeated\ Sentences removerepeatsentence.cpp) +add_library_and_link_target(Replacer replacer.cpp) +add_library_and_link_target(Styler styler.cpp) +add_library_and_link_target(Thread\ Linker threadlinker.cpp) + + + +if (NOT EXISTS ${disttarget}/Qt5WebSockets.dll AND NOT EXISTS ${disttarget}/Qt5WebSocketsd.dll) +add_custom_command(TARGET DevTools\ DeepL\ Translate + POST_BUILD + COMMAND ${CMAKE_COMMAND} -E remove_directory "${CMAKE_CURRENT_BINARY_DIR}/windeployqt" + COMMAND set PATH=%PATH%$${qt5_install_prefix}/bin + COMMAND Qt5::windeployqt --dir ${disttarget} "${disttarget}/DevTools\ DeepL\ Translate.dll" --release +) +endif() diff --git a/cpp/LunaHook/LunaHost/GUI/Plugin/extensions/bingtranslate.cpp b/cpp/LunaHook/LunaHost/GUI/Plugin/extensions/bingtranslate.cpp new file mode 100644 index 00000000..2722b85c --- /dev/null +++ b/cpp/LunaHook/LunaHost/GUI/Plugin/extensions/bingtranslate.cpp @@ -0,0 +1,241 @@ +#include "qtcommon.h" +#include "translatewrapper.h" +#include "network.h" + +extern const wchar_t* TRANSLATION_ERROR; + +const char* TRANSLATION_PROVIDER = "Bing Translate"; +const char* GET_API_KEY_FROM = "https://www.microsoft.com/en-us/translator/business/trial/#get-started"; +extern const QStringList languagesTo +{ + "Afrikaans", + "Albanian", + "Amharic", + "Arabic", + "Armenian", + "Assamese", + "Azerbaijani", + "Bangla", + "Bosnian (Latin)", + "Bulgarian", + "Cantonese (Traditional)", + "Catalan", + "Chinese (Simplified)", + "Chinese (Traditional)", + "Croatian", + "Czech", + "Danish", + "Dari", + "Dutch", + "English", + "Estonian", + "Fijian", + "Filipino", + "Finnish", + "French", + "French (Canada)", + "German", + "Greek", + "Gujarati", + "Haitian Creole", + "Hebrew", + "Hindi", + "Hmong Daw", + "Hungarian", + "Icelandic", + "Indonesian", + "Inuktitut", + "Irish", + "Italian", + "Japanese", + "Kannada", + "Kazakh", + "Khmer", + "Klingon", + "Korean", + "Kurdish (Central)", + "Kurdish (Northern)", + "Lao", + "Latvian", + "Lithuanian", + "Malagasy", + "Malay", + "Malayalam", + "Maltese", + "Maori", + "Marathi", + "Myanmar", + "Nepali", + "Norwegian", + "Odia", + "Pashto", + "Persian", + "Polish", + "Portuguese (Brazil)", + "Portuguese (Portugal)", + "Punjabi", + "Queretaro Otomi", + "Romanian", + "Russian", + "Samoan", + "Serbian (Cyrillic)", + "Serbian (Latin)", + "Slovak", + "Slovenian", + "Spanish", + "Swahili", + "Swedish", + "Tahitian", + "Tamil", + "Telugu", + "Thai", + "Tigrinya", + "Tongan", + "Turkish", + "Ukrainian", + "Urdu", + "Vietnamese", + "Welsh", + "Yucatec Maya" +}, languagesFrom = languagesTo; +extern const std::unordered_map codes +{ + { { L"Afrikaans" }, { L"af" } }, + { { L"Albanian" }, { L"sq" } }, + { { L"Amharic" }, { L"am" } }, + { { L"Arabic" }, { L"ar" } }, + { { L"Armenian" }, { L"hy" } }, + { { L"Assamese" }, { L"as" } }, + { { L"Azerbaijani" }, { L"az" } }, + { { L"Bangla" }, { L"bn" } }, + { { L"Bosnian (Latin)" }, { L"bs" } }, + { { L"Bulgarian" }, { L"bg" } }, + { { L"Cantonese (Traditional)" }, { L"yue" } }, + { { L"Catalan" }, { L"ca" } }, + { { L"Chinese (Simplified)" }, { L"zh-Hans" } }, + { { L"Chinese (Traditional)" }, { L"zh-Hant" } }, + { { L"Croatian" }, { L"hr" } }, + { { L"Czech" }, { L"cs" } }, + { { L"Danish" }, { L"da" } }, + { { L"Dari" }, { L"prs" } }, + { { L"Dutch" }, { L"nl" } }, + { { L"English" }, { L"en" } }, + { { L"Estonian" }, { L"et" } }, + { { L"Fijian" }, { L"fj" } }, + { { L"Filipino" }, { L"fil" } }, + { { L"Finnish" }, { L"fi" } }, + { { L"French" }, { L"fr" } }, + { { L"French (Canada)" }, { L"fr-ca" } }, + { { L"German" }, { L"de" } }, + { { L"Greek" }, { L"el" } }, + { { L"Gujarati" }, { L"gu" } }, + { { L"Haitian Creole" }, { L"ht" } }, + { { L"Hebrew" }, { L"he" } }, + { { L"Hindi" }, { L"hi" } }, + { { L"Hmong Daw" }, { L"mww" } }, + { { L"Hungarian" }, { L"hu" } }, + { { L"Icelandic" }, { L"is" } }, + { { L"Indonesian" }, { L"id" } }, + { { L"Inuktitut" }, { L"iu" } }, + { { L"Irish" }, { L"ga" } }, + { { L"Italian" }, { L"it" } }, + { { L"Japanese" }, { L"ja" } }, + { { L"Kannada" }, { L"kn" } }, + { { L"Kazakh" }, { L"kk" } }, + { { L"Khmer" }, { L"km" } }, + { { L"Klingon" }, { L"tlh-Latn" } }, + { { L"Korean" }, { L"ko" } }, + { { L"Kurdish (Central)" }, { L"ku" } }, + { { L"Kurdish (Northern)" }, { L"kmr" } }, + { { L"Lao" }, { L"lo" } }, + { { L"Latvian" }, { L"lv" } }, + { { L"Lithuanian" }, { L"lt" } }, + { { L"Malagasy" }, { L"mg" } }, + { { L"Malay" }, { L"ms" } }, + { { L"Malayalam" }, { L"ml" } }, + { { L"Maltese" }, { L"mt" } }, + { { L"Maori" }, { L"mi" } }, + { { L"Marathi" }, { L"mr" } }, + { { L"Myanmar" }, { L"my" } }, + { { L"Nepali" }, { L"ne" } }, + { { L"Norwegian" }, { L"nb" } }, + { { L"Odia" }, { L"or" } }, + { { L"Pashto" }, { L"ps" } }, + { { L"Persian" }, { L"fa" } }, + { { L"Polish" }, { L"pl" } }, + { { L"Portuguese (Brazil)" }, { L"pt" } }, + { { L"Portuguese (Portugal)" }, { L"pt-pt" } }, + { { L"Punjabi" }, { L"pa" } }, + { { L"Queretaro Otomi" }, { L"otq" } }, + { { L"Romanian" }, { L"ro" } }, + { { L"Russian" }, { L"ru" } }, + { { L"Samoan" }, { L"sm" } }, + { { L"Serbian (Cyrillic)" }, { L"sr-Cyrl" } }, + { { L"Serbian (Latin)" }, { L"sr-Latn" } }, + { { L"Slovak" }, { L"sk" } }, + { { L"Slovenian" }, { L"sl" } }, + { { L"Spanish" }, { L"es" } }, + { { L"Swahili" }, { L"sw" } }, + { { L"Swedish" }, { L"sv" } }, + { { L"Tahitian" }, { L"ty" } }, + { { L"Tamil" }, { L"ta" } }, + { { L"Telugu" }, { L"te" } }, + { { L"Thai" }, { L"th" } }, + { { L"Tigrinya" }, { L"ti" } }, + { { L"Tongan" }, { L"to" } }, + { { L"Turkish" }, { L"tr" } }, + { { L"Ukrainian" }, { L"uk" } }, + { { L"Urdu" }, { L"ur" } }, + { { L"Vietnamese" }, { L"vi" } }, + { { L"Welsh" }, { L"cy" } }, + { { L"Yucatec Maya" }, { L"yua" } }, + { { L"?" }, { L"auto-detect" } } +}; + +bool translateSelectedOnly = false, useRateLimiter = true, rateLimitSelected = false, useCache = true, useFilter = true; +int tokenCount = 30, rateLimitTimespan = 60000, maxSentenceSize = 1000; + +std::pair Translate(const std::wstring& text, TranslationParam tlp) +{ + if (!tlp.authKey.empty()) + { + std::wstring translateFromComponent = tlp.translateFrom == L"?" ? L"" : L"&from=" + codes.at(tlp.translateFrom); + if (HttpRequest httpRequest{ + L"Mozilla/5.0 Textractor", + L"api.cognitive.microsofttranslator.com", + L"POST", + FormatString(L"/translate?api-version=3.0&to=%s%s", codes.at(tlp.translateTo), translateFromComponent).c_str(), + FormatString(R"([{"text":"%s"}])", JSON::Escape(WideStringToString(text))), + FormatString(L"Content-Type: application/json; charset=UTF-8\r\nOcp-Apim-Subscription-Key:%s", tlp.authKey).c_str() + }) + if (auto translation = Copy(JSON::Parse(httpRequest.response)[0][L"translations"][0][L"text"].String())) return { true, translation.value() }; + else return { false, FormatString(L"%s: %s", TRANSLATION_ERROR, httpRequest.response) }; + else return { false, FormatString(L"%s (code=%u)", TRANSLATION_ERROR, httpRequest.errorCode) }; + } + + static std::atomic i = 0; + static Synchronized token; + if (token->empty()) if (HttpRequest httpRequest{ L"Mozilla/5.0 Textractor", L"www.bing.com", L"GET", L"translator" }) + { + std::wstring tokenBuilder; + if (auto tokenPos = httpRequest.response.find(L"[" + std::to_wstring(time(nullptr) / 100)); tokenPos != std::string::npos) + tokenBuilder = FormatString(L"&key=%s&token=%s", httpRequest.response.substr(tokenPos + 1, 13), httpRequest.response.substr(tokenPos + 16, 32)); + if (auto tokenPos = httpRequest.response.find(L"IG:\""); tokenPos != std::string::npos) + tokenBuilder += L"&IG=" + httpRequest.response.substr(tokenPos + 4, 32); + if (auto tokenPos = httpRequest.response.find(L"data-iid=\""); tokenPos != std::string::npos) + tokenBuilder += L"&IID=" + httpRequest.response.substr(tokenPos + 10, 15); + if (!tokenBuilder.empty()) token->assign(tokenBuilder); + else return { false, FormatString(L"%s: %s\ntoken not found", TRANSLATION_ERROR, httpRequest.response) }; + } + else return { false, FormatString(L"%s: could not acquire token", TRANSLATION_ERROR) }; + + if (HttpRequest httpRequest{ + L"Mozilla/5.0 Textractor", + L"www.bing.com", + L"POST", + FormatString(L"/ttranslatev3?fromLang=%s&to=%s&text=%s%s.%d", codes.at(tlp.translateFrom), codes.at(tlp.translateTo), Escape(text), token.Copy(), i++).c_str() + }) + if (auto translation = Copy(JSON::Parse(httpRequest.response)[0][L"translations"][0][L"text"].String())) return { true, translation.value() }; + else return { false, FormatString(L"%s (token=%s): %s", TRANSLATION_ERROR, std::exchange(token.Acquire().contents, L""), httpRequest.response) }; + else return { false, FormatString(L"%s (code=%u)", TRANSLATION_ERROR, httpRequest.errorCode) }; +} diff --git a/cpp/LunaHook/LunaHost/GUI/Plugin/extensions/blockmarkup.h b/cpp/LunaHook/LunaHost/GUI/Plugin/extensions/blockmarkup.h new file mode 100644 index 00000000..091a0448 --- /dev/null +++ b/cpp/LunaHook/LunaHost/GUI/Plugin/extensions/blockmarkup.h @@ -0,0 +1,57 @@ +#pragma once + +#include + +template // windows file block size +class BlockMarkupIterator +{ +public: + BlockMarkupIterator(const std::istream& stream, const std::basic_string_view(&delimiters)[delimiterCount]) : streambuf(*stream.rdbuf()) + { + std::copy_n(delimiters, delimiterCount, this->delimiters.begin()); + } + + std::optional, delimiterCount>> Next() + { + std::array, delimiterCount> results; + Find(delimiters[0], true); + for (int i = 0; i < delimiterCount; ++i) + { + const auto delimiter = i + 1 < delimiterCount ? delimiters[i + 1] : end; + if (auto found = Find(delimiter, false)) results[i] = std::move(found.value()); + else return {}; + } + return results; + } + +private: + std::optional> Find(std::basic_string_view delimiter, bool discard) + { + for (int i = 0; ;) + { + int pos = buffer.find(delimiter, i); + if (pos != std::string::npos) + { + auto result = !discard ? std::optional(std::basic_string(buffer.begin(), buffer.begin() + pos)) : std::nullopt; + buffer.erase(buffer.begin(), buffer.begin() + pos + delimiter.size()); + return result; + } + int oldSize = buffer.size(); + buffer.resize(oldSize + blockSize); + if (!streambuf.sgetn((char*)(buffer.data() + oldSize), blockSize * sizeof(C))) return {}; + i = max(0, oldSize - (int)delimiter.size()); + if (discard) + { + buffer.erase(0, i); + i = 0; + } + } + } + + static constexpr C endImpl[5] = { '|', 'E', 'N', 'D', '|' }; + static constexpr std::basic_string_view end{ endImpl, 5 }; + + std::basic_streambuf& streambuf; + std::basic_string buffer; + std::array, delimiterCount> delimiters; +}; diff --git a/cpp/LunaHook/LunaHost/GUI/Plugin/extensions/deepltranslate.cpp b/cpp/LunaHook/LunaHost/GUI/Plugin/extensions/deepltranslate.cpp new file mode 100644 index 00000000..a20fd88f --- /dev/null +++ b/cpp/LunaHook/LunaHost/GUI/Plugin/extensions/deepltranslate.cpp @@ -0,0 +1,180 @@ +#include "qtcommon.h" +#include "translatewrapper.h" +#include "network.h" +#include + +extern const wchar_t* TRANSLATION_ERROR; + +const char* TRANSLATION_PROVIDER = "DeepL Translate"; +const char* GET_API_KEY_FROM = "https://www.deepl.com/pro.html#developer"; +extern const QStringList languagesTo +{ + "Bulgarian", + "Chinese (Simplified)", + "Czech", + "Danish", + "Dutch", + "English (American)", + "English (British)", + "Estonian", + "Finnish", + "French", + "German", + "Greek", + "Hungarian", + "Indonesian", + "Italian", + "Japanese", + "Latvian", + "Lithuanian", + "Polish", + "Portuguese (Brazil)", + "Portuguese (Portugal)", + "Romanian", + "Russian", + "Slovak", + "Slovenian", + "Spanish", + "Swedish", + "Turkish" +}, +languagesFrom +{ + "Bulgarian", + "Chinese", + "Czech", + "Danish", + "Dutch", + "English", + "Estonian", + "Finnish", + "French", + "German", + "Greek", + "Hungarian", + "Indonesian", + "Italian", + "Japanese", + "Latvian", + "Lithuanian", + "Polish", + "Portuguese", + "Romanian", + "Russian", + "Slovak", + "Slovenian", + "Spanish", + "Swedish", + "Turkish" +}; +extern const std::unordered_map codes +{ + { { L"Bulgarian" }, { L"BG" } }, + { { L"Chinese" }, { L"ZH" } }, + { { L"Chinese (Simplified)" }, { L"ZH" } }, + { { L"Czech" }, { L"CS" } }, + { { L"Danish" }, { L"DA" } }, + { { L"Dutch" }, { L"NL" } }, + { { L"English" }, { L"EN" } }, + { { L"English (American)" }, { L"EN-US" } }, + { { L"English (British)" }, { L"EN-GB" } }, + { { L"Estonian" }, { L"ET" } }, + { { L"Finnish" }, { L"FI" } }, + { { L"French" }, { L"FR" } }, + { { L"German" }, { L"DE" } }, + { { L"Greek" }, { L"EL" } }, + { { L"Hungarian" }, { L"HU" } }, + { { L"Indonesian" }, { L"ID" } }, + { { L"Italian" }, { L"IT" } }, + { { L"Japanese" }, { L"JA" } }, + { { L"Latvian" }, { L"LV" } }, + { { L"Lithuanian" }, { L"LT" } }, + { { L"Polish" }, { L"PL" } }, + { { L"Portuguese" }, { L"PT" } }, + { { L"Portuguese (Brazil)" }, { L"PT-BR" } }, + { { L"Portuguese (Portugal)" }, { L"PT-PT" } }, + { { L"Romanian" }, { L"RO" } }, + { { L"Russian" }, { L"RU" } }, + { { L"Slovak" }, { L"SK" } }, + { { L"Slovenian" }, { L"SL" } }, + { { L"Spanish" }, { L"ES" } }, + { { L"Swedish" }, { L"SV" } }, + { { L"Turkish" }, { L"TR" } }, + { { L"?" }, { L"auto" } } +}; + +bool translateSelectedOnly = true, useRateLimiter = true, rateLimitSelected = true, useCache = true, useFilter = true; +int tokenCount = 10, rateLimitTimespan = 60000, maxSentenceSize = 1000; + +enum KeyType { CAT, REST }; +int keyType = REST; + +std::pair Translate(const std::wstring& text, TranslationParam tlp) +{ + if (!tlp.authKey.empty()) + { + std::string translateFromComponent = tlp.translateFrom == L"?" ? "" : "&source_lang=" + WideStringToString(codes.at(tlp.translateFrom)); + if (HttpRequest httpRequest{ + L"Mozilla/5.0 Textractor", + tlp.authKey.find(L":fx") == std::string::npos ? L"api.deepl.com" : L"api-free.deepl.com", + L"POST", + keyType == CAT ? L"/v1/translate" : L"/v2/translate", + FormatString("text=%S&auth_key=%S&target_lang=%S", Escape(text), tlp.authKey, codes.at(tlp.translateTo)) + translateFromComponent, + L"Content-Type: application/x-www-form-urlencoded" + }; httpRequest && (httpRequest.response.find(L"translations") != std::string::npos || (httpRequest = HttpRequest{ + L"Mozilla/5.0 Textractor", + tlp.authKey.find(L":fx") == std::string::npos ? L"api.deepl.com" : L"api-free.deepl.com", + L"POST", + (keyType = !keyType) == CAT ? L"/v1/translate" : L"/v2/translate", + FormatString("text=%S&auth_key=%S&target_lang=%S", Escape(text), tlp.authKey, codes.at(tlp.translateTo)) + translateFromComponent, + L"Content-Type: application/x-www-form-urlencoded" + }))) + // Response formatted as JSON: translation starts with text":" and ends with "}] + if (auto translation = Copy(JSON::Parse(httpRequest.response)[L"translations"][0][L"text"].String())) return { true, translation.value() }; + else return { false, FormatString(L"%s: %s", TRANSLATION_ERROR, httpRequest.response) }; + else return { false, FormatString(L"%s (code=%u)", TRANSLATION_ERROR, httpRequest.errorCode) }; + } + + // the following code was reverse engineered from the DeepL website; it's as close as I could make it but I'm not sure what parts of this could be removed and still have it work + int id = 10000 * std::uniform_int_distribution(0, 9999)(std::random_device()) + 1; + int64_t r = _time64(nullptr), n = std::count(text.begin(), text.end(), L'i') + 1; + // user_preferred_langs? what should priority be? does timestamp do anything? other translation quality options? + auto body = FormatString(R"( +{ + "id": %d, + "jsonrpc": "2.0", + "method": "LMT_handle_jobs", + "params": { + "priority": -1, + "timestamp": %lld, + "lang": { + "target_lang": "%.2S", + "source_lang_user_selected": "%S" + }, + "jobs": [{ + "raw_en_sentence": "%s", + "raw_en_context_before": [], + "kind": "default", + "preferred_num_beams": 1, + "quality": "fast", + "raw_en_context_after": [] + }] + } +} + )", id, r + (n - r % n), codes.at(tlp.translateTo), codes.at(tlp.translateFrom), JSON::Escape(WideStringToString(text))); + // missing accept-encoding header since it fucks up HttpRequest + if (HttpRequest httpRequest{ + L"Mozilla/5.0 Textractor", + L"www2.deepl.com", + L"POST", + L"/jsonrpc", + body, + L"Host: www2.deepl.com\r\nAccept-Language: en-US,en;q=0.5\r\nContent-type: application/json; charset=utf-8\r\nOrigin: https://www.deepl.com\r\nTE: Trailers", + INTERNET_DEFAULT_PORT, + L"https://www.deepl.com/translator", + WINHTTP_FLAG_SECURE + }) + if (auto translation = Copy(JSON::Parse(httpRequest.response)[L"result"][L"translations"][0][L"beams"][0][L"postprocessed_sentence"].String())) return { true, translation.value() }; + else return { false, FormatString(L"%s: %s", TRANSLATION_ERROR, httpRequest.response) }; + else return { false, FormatString(L"%s (code=%u)", TRANSLATION_ERROR, httpRequest.errorCode) }; +} diff --git a/cpp/LunaHook/LunaHost/GUI/Plugin/extensions/devtools.cpp b/cpp/LunaHook/LunaHost/GUI/Plugin/extensions/devtools.cpp new file mode 100644 index 00000000..e531f193 --- /dev/null +++ b/cpp/LunaHook/LunaHost/GUI/Plugin/extensions/devtools.cpp @@ -0,0 +1,173 @@ +#include "devtools.h" +#include +#include +#include +#include +#include +#include + +extern const char* CHROME_LOCATION; +extern const char* START_DEVTOOLS; +extern const char* STOP_DEVTOOLS; +extern const char* HIDE_CHROME; +extern const char* DEVTOOLS_STATUS; +extern const char* AUTO_START; + +extern const char* TRANSLATION_PROVIDER; + +extern QFormLayout* display; +extern Settings settings; + +namespace +{ + QLabel* statusLabel; + AutoHandle<> process = NULL; + QWebSocket webSocket; + std::atomic idCounter = 0; + Synchronized>>> mapQueue; + + void StatusChanged(QString status) + { + QMetaObject::invokeMethod(statusLabel, std::bind(&QLabel::setText, statusLabel, status)); + } + void Start(std::wstring chromePath, bool headless) + { + if (process) DevTools::Close(); + + auto args = FormatString( + L"%s --proxy-server=direct:// --disable-extensions --disable-gpu --no-first-run --user-data-dir=\"%s\\devtoolscache\" --remote-debugging-port=9222", + chromePath, + std::filesystem::current_path().wstring() + ); + args += headless ? L" --window-size=1920,1080 --headless" : L" --window-size=850,900"; + DWORD exitCode = 0; + STARTUPINFOW DUMMY = { sizeof(DUMMY) }; + PROCESS_INFORMATION processInfo = {}; + if (!CreateProcessW(NULL, args.data(), nullptr, nullptr, FALSE, 0, nullptr, nullptr, &DUMMY, &processInfo)) return StatusChanged("StartupFailed"); + CloseHandle(processInfo.hThread); + process = processInfo.hProcess; + + if (HttpRequest httpRequest{ + L"Mozilla/5.0 Textractor", + L"127.0.0.1", + L"POST", + L"/json/list", + "", + NULL, + 9222, + NULL, + WINHTTP_FLAG_ESCAPE_DISABLE + }) + if (auto list = Copy(JSON::Parse(httpRequest.response).Array())) if (auto it = std::find_if( + list->begin(), + list->end(), + [](const JSON::Value& object) { return object[L"type"].String() && *object[L"type"].String() == L"page" && object[L"webSocketDebuggerUrl"].String(); } + ); it != list->end()) return webSocket.open(S(*(*it)[L"webSocketDebuggerUrl"].String())); + + StatusChanged("ConnectingFailed"); + } + + auto _ = ([] + { + QObject::connect(&webSocket, &QWebSocket::stateChanged, + [](QAbstractSocket::SocketState state) { StatusChanged(QMetaEnum::fromType().valueToKey(state)); }); + QObject::connect(&webSocket, &QWebSocket::textMessageReceived, [](QString message) + { + auto result = JSON::Parse(S(message)); + auto mapQueue = ::mapQueue.Acquire(); + if (auto id = result[L"id"].Number()) if (auto request = mapQueue->find((int)*id); request != mapQueue->end()) + { + request->second.set(result); + mapQueue->erase(request); + } + }); + }(), 0); +} + +namespace DevTools +{ + void Initialize() + { + QString chromePath = settings.value(CHROME_LOCATION).toString(); + if (chromePath.isEmpty()) + { + for (auto [_, process] : GetAllProcesses()) + if (process && (process->find(L"\\chrome.exe") != std::string::npos || process->find(L"\\msedge.exe") != std::string::npos)) chromePath = S(process.value()); + wchar_t programFiles[MAX_PATH + 100] = {}; + for (auto folder : { CSIDL_PROGRAM_FILESX86, CSIDL_PROGRAM_FILES, CSIDL_LOCAL_APPDATA }) + { + SHGetFolderPathW(NULL, folder, NULL, SHGFP_TYPE_CURRENT, programFiles); + wcscat_s(programFiles, L"/Google/Chrome/Application/chrome.exe"); + if (std::filesystem::exists(programFiles)) chromePath = S(programFiles); + } + } + auto chromePathEdit = new QLineEdit(chromePath); + static struct : QObject + { + bool eventFilter(QObject* object, QEvent* event) + { + if (auto mouseEvent = dynamic_cast(event)) + if (mouseEvent->button() == Qt::LeftButton) + if (QString chromePath = QFileDialog::getOpenFileName(nullptr, TRANSLATION_PROVIDER, "/", "Google Chrome (*.exe)"); !chromePath.isEmpty()) + ((QLineEdit*)object)->setText(chromePath); + return false; + } + } chromeSelector; + chromePathEdit->installEventFilter(&chromeSelector); + QObject::connect(chromePathEdit, &QLineEdit::textChanged, [chromePathEdit](QString path) { settings.setValue(CHROME_LOCATION, path); }); + display->addRow(CHROME_LOCATION, chromePathEdit); + auto headlessCheck = new QCheckBox(); + auto startButton = new QPushButton(START_DEVTOOLS), stopButton = new QPushButton(STOP_DEVTOOLS); + headlessCheck->setChecked(settings.value(HIDE_CHROME, true).toBool()); + QObject::connect(headlessCheck, &QCheckBox::clicked, [](bool headless) { settings.setValue(HIDE_CHROME, headless); }); + QObject::connect(startButton, &QPushButton::clicked, [chromePathEdit, headlessCheck] { Start(S(chromePathEdit->text()), headlessCheck->isChecked()); }); + QObject::connect(stopButton, &QPushButton::clicked, &Close); + auto buttons = new QHBoxLayout(); + buttons->addWidget(startButton); + buttons->addWidget(stopButton); + display->addRow(HIDE_CHROME, headlessCheck); + auto autoStartCheck = new QCheckBox(); + autoStartCheck->setChecked(settings.value(AUTO_START, false).toBool()); + QObject::connect(autoStartCheck, &QCheckBox::clicked, [](bool autoStart) { settings.setValue(AUTO_START, autoStart); }); + display->addRow(AUTO_START, autoStartCheck); + display->addRow(buttons); + statusLabel = new QLabel("Stopped"); + statusLabel->setFrameStyle(QFrame::Panel | QFrame::Sunken); + display->addRow(DEVTOOLS_STATUS, statusLabel); + if (autoStartCheck->isChecked()) QMetaObject::invokeMethod(startButton, &QPushButton::click, Qt::QueuedConnection); + } + + void Close() + { + webSocket.close(); + for (const auto& [_, task] : mapQueue.Acquire().contents) task.set_exception(std::runtime_error("closed")); + mapQueue->clear(); + + if (process) + { + TerminateProcess(process, 0); + WaitForSingleObject(process, 1000); + for (int retry = 0; ++retry < 20; Sleep(100)) + try { std::filesystem::remove_all(L"devtoolscache"); break; } + catch (std::filesystem::filesystem_error) { continue; } + } + process = NULL; + StatusChanged("Stopped"); + } + + bool Connected() + { + return webSocket.state() == QAbstractSocket::ConnectedState; + } + + JSON::Value SendRequest(const char* method, const std::wstring& params) + { + concurrency::task_completion_event> response; + int id = idCounter += 1; + if (!Connected()) return {}; + mapQueue->try_emplace(id, response); + QMetaObject::invokeMethod(&webSocket, std::bind(&QWebSocket::sendTextMessage, &webSocket, S(FormatString(LR"({"id":%d,"method":"%S","params":%s})", id, method, params)))); + try { if (auto result = create_task(response).get()[L"result"]) return result; } catch (...) {} + return {}; + } +} diff --git a/cpp/LunaHook/LunaHost/GUI/Plugin/extensions/devtools.h b/cpp/LunaHook/LunaHost/GUI/Plugin/extensions/devtools.h new file mode 100644 index 00000000..83a004b5 --- /dev/null +++ b/cpp/LunaHook/LunaHost/GUI/Plugin/extensions/devtools.h @@ -0,0 +1,10 @@ +#include "qtcommon.h" +#include "network.h" + +namespace DevTools +{ + void Initialize(); + void Close(); + bool Connected(); + JSON::Value SendRequest(const char* method, const std::wstring& params = L"{}"); +} diff --git a/cpp/LunaHook/LunaHost/GUI/Plugin/extensions/devtoolsdeepltranslate.cpp b/cpp/LunaHook/LunaHost/GUI/Plugin/extensions/devtoolsdeepltranslate.cpp new file mode 100644 index 00000000..16a79ade --- /dev/null +++ b/cpp/LunaHook/LunaHost/GUI/Plugin/extensions/devtoolsdeepltranslate.cpp @@ -0,0 +1,148 @@ +#include "qtcommon.h" +#include "translatewrapper.h" +#include "devtools.h" + +extern const wchar_t* ERROR_START_CHROME; +extern const wchar_t* TRANSLATION_ERROR; + +const char* TRANSLATION_PROVIDER = "DevTools DeepL Translate"; +const char* GET_API_KEY_FROM = nullptr; + +extern const QStringList languagesTo +{ + "Bulgarian", + "Chinese (Simplified)", + "Czech", + "Danish", + "Dutch", + "English (American)", + "English (British)", + "Estonian", + "Finnish", + "French", + "German", + "Greek", + "Hungarian", + "Italian", + "Japanese", + "Latvian", + "Lithuanian", + "Polish", + "Portuguese", + "Portuguese (Brazilian)", + "Romanian", + "Russian", + "Slovak", + "Slovenian", + "Spanish", + "Swedish" +}, +languagesFrom = +{ + "Bulgarian", + "Chinese", + "Czech", + "Danish", + "Dutch", + "English", + "Estonian", + "Finnish", + "French", + "German", + "Greek", + "Hungarian", + "Italian", + "Japanese", + "Latvian", + "Lithuanian", + "Polish", + "Portuguese", + "Romanian", + "Russian", + "Slovak", + "Slovenian", + "Spanish", + "Swedish" +}; +extern const std::unordered_map codes +{ + { { L"Bulgarian" }, { L"Bulgarian" } }, + { { L"Chinese" }, { L"Chinese" } }, + { { L"Chinese (Simplified)" }, { L"Chinese (simplified)" } }, + { { L"Czech" }, { L"Czech" } }, + { { L"Danish" }, { L"Danish" } }, + { { L"Dutch" }, { L"Dutch" } }, + { { L"English" }, { L"English" } }, + { { L"English (American)" }, { L"English (American)" } }, + { { L"English (British)" }, { L"English (British)" } }, + { { L"Estonian" }, { L"Estonian" } }, + { { L"Finnish" }, { L"Finnish" } }, + { { L"French" }, { L"French" } }, + { { L"German" }, { L"German" } }, + { { L"Greek" }, { L"Greek" } }, + { { L"Hungarian" }, { L"Hungarian" } }, + { { L"Italian" }, { L"Italian" } }, + { { L"Japanese" }, { L"Japanese" } }, + { { L"Latvian" }, { L"Latvian" } }, + { { L"Lithuanian" }, { L"Lithuanian" } }, + { { L"Polish" }, { L"Polish" } }, + { { L"Portuguese" }, { L"Portuguese" } }, + { { L"Portuguese (Brazilian)" }, { L"Portuguese (Brazilian)" } }, + { { L"Romanian" }, { L"Romanian" } }, + { { L"Russian" }, { L"Russian" } }, + { { L"Slovak" }, { L"Slovak" } }, + { { L"Slovenian" }, { L"Slovenian" } }, + { { L"Spanish" }, { L"Spanish" } }, + { { L"Swedish" }, { L"Swedish" } }, + { { L"?" }, { L"Detect language" } } +}; + +bool translateSelectedOnly = true, useRateLimiter = true, rateLimitSelected = false, useCache = true, useFilter = true; +int tokenCount = 30, rateLimitTimespan = 60000, maxSentenceSize = 2500; + +BOOL WINAPI DllMain(HMODULE hModule, DWORD ul_reason_for_call, LPVOID lpReserved) +{ + switch (ul_reason_for_call) + { + case DLL_PROCESS_ATTACH: + { + DevTools::Initialize(); + } + break; + case DLL_PROCESS_DETACH: + { + DevTools::Close(); + } + break; + } + return TRUE; +} + +std::pair Translate(const std::wstring& text, TranslationParam tlp) +{ + if (!DevTools::Connected()) return { false, FormatString(L"%s: %s", TRANSLATION_ERROR, ERROR_START_CHROME) }; + // DevTools can't handle concurrent translations yet + static std::mutex translationMutex; + std::scoped_lock lock(translationMutex); + std::wstring escaped; // DeepL breaks with slash in input + for (auto ch : text) ch == '/' ? escaped += L"\\/" : escaped += ch; + DevTools::SendRequest("Page.navigate", FormatString(LR"({"url":"https://www.deepl.com/en/translator#en/en/%s"})", Escape(escaped))); + for (int retry = 0; ++retry < 20; Sleep(100)) + if (Copy(DevTools::SendRequest("Runtime.evaluate", LR"({"expression":"document.readyState"})")[L"result"][L"value"].String()) == L"complete") break; + + DevTools::SendRequest("Runtime.evaluate", FormatString(LR"({"expression":" + document.querySelector('.lmt__language_select--source').querySelector('button').click(); + document.evaluate(`//*[text()='%s']`,document.querySelector('.lmt__language_select__menu'),null,XPathResult.FIRST_ORDERED_NODE_TYPE,null).singleNodeValue.click(); + document.querySelector('.lmt__language_select--target').querySelector('button').click(); + document.evaluate(`//*[text()='%s']`,document.querySelector('.lmt__language_select__menu'),null,XPathResult.FIRST_ORDERED_NODE_TYPE,null).singleNodeValue.click(); + "})", codes.at(tlp.translateFrom), codes.at(tlp.translateTo))); + + for (int retry = 0; ++retry < 100; Sleep(100)) + if (auto translation = Copy(DevTools::SendRequest("Runtime.evaluate", + LR"({"expression":"document.querySelector('#target-dummydiv').innerHTML.trim() ","returnByValue":true})" + )[L"result"][L"value"].String())) if (!translation->empty()) return { true, translation.value() }; + if (auto errorMessage = Copy(DevTools::SendRequest("Runtime.evaluate", + LR"({"expression":"document.querySelector('div.lmt__system_notification').innerHTML","returnByValue":true})" + )[L"result"][L"value"].String())) return { false, FormatString(L"%s: %s", TRANSLATION_ERROR, errorMessage.value()) }; + return { false, TRANSLATION_ERROR }; +} diff --git a/cpp/LunaHook/LunaHost/GUI/Plugin/extensions/devtoolspapagotranslate.cpp b/cpp/LunaHook/LunaHost/GUI/Plugin/extensions/devtoolspapagotranslate.cpp new file mode 100644 index 00000000..09340088 --- /dev/null +++ b/cpp/LunaHook/LunaHost/GUI/Plugin/extensions/devtoolspapagotranslate.cpp @@ -0,0 +1,82 @@ +#include "qtcommon.h" +#include "translatewrapper.h" +#include "devtools.h" + +extern const wchar_t* ERROR_START_CHROME; +extern const wchar_t* TRANSLATION_ERROR; + +const char* TRANSLATION_PROVIDER = "DevTools Papago Translate"; +const char* GET_API_KEY_FROM = nullptr; + +extern const QStringList languagesTo +{ + "Chinese (Simplified)", + "Chinese (Traditional)", + "English", + "French", + "German", + "Hindi", + "Indonesian", + "Italian", + "Japanese", + "Korean", + "Portuguese", + "Russian", + "Spanish", + "Thai", + "Vietnamese", +}, languagesFrom = languagesTo; +extern const std::unordered_map codes +{ + { { L"Chinese (Simplified)" }, { L"zh-CN" } }, + { { L"Chinese (Traditional)" }, { L"zt-TW" } }, + { { L"English" }, { L"en" } }, + { { L"French" }, { L"fr" } }, + { { L"German" }, { L"de" } }, + { { L"Hindi" }, { L"hi" } }, + { { L"Indonesian" }, { L"id" } }, + { { L"Italian" }, { L"it" } }, + { { L"Japanese" }, { L"ja" } }, + { { L"Korean" }, { L"ko" } }, + { { L"Portuguese" }, { L"pt" } }, + { { L"Russian" }, { L"ru" } }, + { { L"Spanish" }, { L"es" } }, + { { L"Thai" }, { L"th" } }, + { { L"Vietnamese" }, { L"vi" } }, + { { L"?" }, { L"auto" } } +}; + +bool translateSelectedOnly = true, useRateLimiter = true, rateLimitSelected = false, useCache = true, useFilter = true; +int tokenCount = 30, rateLimitTimespan = 60000, maxSentenceSize = 2500; + +BOOL WINAPI DllMain(HMODULE hModule, DWORD ul_reason_for_call, LPVOID lpReserved) +{ + switch (ul_reason_for_call) + { + case DLL_PROCESS_ATTACH: + { + DevTools::Initialize(); + } + break; + case DLL_PROCESS_DETACH: + { + DevTools::Close(); + } + break; + } + return TRUE; +} + +std::pair Translate(const std::wstring& text, TranslationParam tlp) +{ + if (!DevTools::Connected()) return { false, FormatString(L"%s: %s", TRANSLATION_ERROR, ERROR_START_CHROME) }; + // DevTools can't handle concurrent translations yet + static std::mutex translationMutex; + std::scoped_lock lock(translationMutex); + DevTools::SendRequest("Page.navigate", FormatString(LR"({"url":"https://papago.naver.com/?sk=%s&tk=%s&st=%s"})", codes.at(tlp.translateFrom), codes.at(tlp.translateTo), Escape(text))); + for (int retry = 0; ++retry < 100; Sleep(100)) + if (auto translation = Copy(DevTools::SendRequest("Runtime.evaluate", + LR"({"expression":"document.querySelector('#txtTarget').textContent.trim() ","returnByValue":true})" + )[L"result"][L"value"].String())) if (!translation->empty()) return { true, translation.value() }; + return { false, TRANSLATION_ERROR }; +} diff --git a/cpp/LunaHook/LunaHost/GUI/Plugin/extensions/devtoolssystrantranslate.cpp b/cpp/LunaHook/LunaHost/GUI/Plugin/extensions/devtoolssystrantranslate.cpp new file mode 100644 index 00000000..ab7184b6 --- /dev/null +++ b/cpp/LunaHook/LunaHost/GUI/Plugin/extensions/devtoolssystrantranslate.cpp @@ -0,0 +1,152 @@ +#include "qtcommon.h" +#include "translatewrapper.h" +#include "devtools.h" + +extern const wchar_t* ERROR_START_CHROME; +extern const wchar_t* TRANSLATION_ERROR; + +const char* TRANSLATION_PROVIDER = "DevTools Systran Translate"; +const char* GET_API_KEY_FROM = nullptr; + +extern const QStringList languagesTo +{ + "Albanian", + "Arabic", + "Bengali", + "Bulgarian", + "Burmese", + "Catalan", + "Chinese (Simplified)", + "Chinese (Traditional)", + "Croatian", + "Czech", + "Danish", + "Dutch", + "English", + "Estonian", + "Finnish", + "French", + "German", + "Greek", + "Hebrew", + "Hindi", + "Hungarian", + "Indonesian", + "Italian", + "Japanese", + "Korean", + "Latvian", + "Lithuanian", + "Malay", + "Norwegian", + "Pashto", + "Persian", + "Polish", + "Portuguese", + "Romanian", + "Russian", + "Serbian", + "Slovak", + "Slovenian", + "Somali", + "Spanish", + "Swedish", + "Tagalog", + "Tamil", + "Thai", + "Turkish", + "Ukrainian", + "Urdu", + "Vietnamese" +}, languagesFrom = languagesTo; +extern const std::unordered_map codes +{ + { { L"Albanian" }, { L"sq" } }, + { { L"Arabic" }, { L"ar" } }, + { { L"Bengali" }, { L"bn" } }, + { { L"Bulgarian" }, { L"bg" } }, + { { L"Burmese" }, { L"my" } }, + { { L"Catalan" }, { L"ca" } }, + { { L"Chinese (Simplified)" }, { L"zh" } }, + { { L"Chinese (Traditional)" }, { L"zt" } }, + { { L"Croatian" }, { L"hr" } }, + { { L"Czech" }, { L"cs" } }, + { { L"Danish" }, { L"da" } }, + { { L"Dutch" }, { L"nl" } }, + { { L"English" }, { L"en" } }, + { { L"Estonian" }, { L"et" } }, + { { L"Finnish" }, { L"fi" } }, + { { L"French" }, { L"fr" } }, + { { L"German" }, { L"de" } }, + { { L"Greek" }, { L"el" } }, + { { L"Hebrew" }, { L"he" } }, + { { L"Hindi" }, { L"hi" } }, + { { L"Hungarian" }, { L"hu" } }, + { { L"Indonesian" }, { L"id" } }, + { { L"Italian" }, { L"it" } }, + { { L"Japanese" }, { L"ja" } }, + { { L"Korean" }, { L"ko" } }, + { { L"Latvian" }, { L"lv" } }, + { { L"Lithuanian" }, { L"lt" } }, + { { L"Malay" }, { L"ms" } }, + { { L"Norwegian" }, { L"no" } }, + { { L"Pashto" }, { L"ps" } }, + { { L"Persian" }, { L"fa" } }, + { { L"Polish" }, { L"pl" } }, + { { L"Portuguese" }, { L"pt" } }, + { { L"Romanian" }, { L"ro" } }, + { { L"Russian" }, { L"ru" } }, + { { L"Serbian" }, { L"sr" } }, + { { L"Slovak" }, { L"sk" } }, + { { L"Slovenian" }, { L"sl" } }, + { { L"Somali" }, { L"so" } }, + { { L"Spanish" }, { L"es" } }, + { { L"Swedish" }, { L"sv" } }, + { { L"Tagalog" }, { L"tl" } }, + { { L"Tamil" }, { L"ta" } }, + { { L"Thai" }, { L"th" } }, + { { L"Turkish" }, { L"tr" } }, + { { L"Ukrainian" }, { L"uk" } }, + { { L"Urdu" }, { L"ur" } }, + { { L"Vietnamese" }, { L"vi" } }, + { { L"?" }, { L"autodetect" } } +}; + +bool translateSelectedOnly = true, useRateLimiter = true, rateLimitSelected = false, useCache = true, useFilter = true; +int tokenCount = 30, rateLimitTimespan = 60000, maxSentenceSize = 2500; + +BOOL WINAPI DllMain(HMODULE hModule, DWORD ul_reason_for_call, LPVOID lpReserved) +{ + switch (ul_reason_for_call) + { + case DLL_PROCESS_ATTACH: + { + DevTools::Initialize(); + } + break; + case DLL_PROCESS_DETACH: + { + DevTools::Close(); + } + break; + } + return TRUE; +} + +std::pair Translate(const std::wstring& text, TranslationParam tlp) +{ + if (!DevTools::Connected()) return { false, FormatString(L"%s: %s", TRANSLATION_ERROR, ERROR_START_CHROME) }; + // DevTools can't handle concurrent translations yet + static std::mutex translationMutex; + std::scoped_lock lock(translationMutex); + + DevTools::SendRequest( + "Page.navigate", + FormatString(LR"({"url":"https://translate.systran.net/?source=%s&target=%s&input=%s"})", codes.at(tlp.translateFrom), codes.at(tlp.translateTo), Escape(text)) + ); + for (int retry = 0; ++retry < 100; Sleep(100)) + if (auto translation = Copy(DevTools::SendRequest("Runtime.evaluate", + LR"({"expression":"document.querySelector('#outputEditor').textContent.trim() ","returnByValue":true})" + )[L"result"][L"value"].String())) if (!translation->empty()) return { true, translation.value() }; + return { false, TRANSLATION_ERROR }; +} diff --git a/cpp/LunaHook/LunaHost/GUI/Plugin/extensions/extpch.h b/cpp/LunaHook/LunaHost/GUI/Plugin/extensions/extpch.h new file mode 100644 index 00000000..289749c7 --- /dev/null +++ b/cpp/LunaHook/LunaHost/GUI/Plugin/extensions/extpch.h @@ -0,0 +1,191 @@ + +#define WIN32_LEAN_AND_MEAN +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + + +template struct ArrayImpl { using Type = std::tuple[]; }; +template struct ArrayImpl { using Type = T[]; }; +template using Array = typename ArrayImpl::Type; + +template using Functor = std::integral_constant, F>; // shouldn't need remove_reference_t but MSVC is bugged + +struct PermissivePointer +{ + template operator T*() { return (T*)p; } + void* p; +}; + +template > +class AutoHandle +{ +public: + AutoHandle(HANDLE h) : h(h) {} + operator HANDLE() { return h.get(); } + PHANDLE operator&() { static_assert(sizeof(*this) == sizeof(HANDLE)); assert(!h); return (PHANDLE)this; } + operator bool() { return h.get() != NULL && h.get() != INVALID_HANDLE_VALUE; } + +private: + struct HandleCleaner { void operator()(void* h) { if (h != INVALID_HANDLE_VALUE) HandleCloser()(PermissivePointer{ h }); } }; + std::unique_ptr h; +}; + +template +class Synchronized +{ +public: + template + Synchronized(Args&&... args) : contents(std::forward(args)...) {} + + struct Locker + { + T* operator->() { return &contents; } + std::unique_lock lock; + T& contents; + }; + + Locker Acquire() { return { std::unique_lock(m), contents }; } + Locker operator->() { return Acquire(); } + T Copy() { return Acquire().contents; } + +private: + T contents; + M m; +}; + +template +void SpawnThread(const F& f) // works in DllMain unlike std thread +{ + F* copy = new F(f); + CloseHandle(CreateThread(nullptr, 0, [](void* copy) + { + (*(F*)copy)(); + delete (F*)copy; + return 0UL; + }, copy, 0, nullptr)); +} + +inline struct +{ + inline static BYTE DUMMY[100]; + template operator T*() { static_assert(sizeof(T) < sizeof(DUMMY)); return (T*)DUMMY; } +} DUMMY; + +inline auto Swallow = [](auto&&...) {}; + +template std::optional> Copy(T* ptr) { if (ptr) return *ptr; return {}; } + +template inline auto FormatArg(T arg) { return arg; } +template inline auto FormatArg(const std::basic_string& arg) { return arg.c_str(); } + +#pragma warning(push) +#pragma warning(disable: 4996) +template +inline std::string FormatString(const char* format, const Args&... args) +{ + std::string buffer(snprintf(nullptr, 0, format, FormatArg(args)...), '\0'); + sprintf(buffer.data(), format, FormatArg(args)...); + return buffer; +} + +template +inline std::wstring FormatString(const wchar_t* format, const Args&... args) +{ + std::wstring buffer(_snwprintf(nullptr, 0, format, FormatArg(args)...), L'\0'); + _swprintf(buffer.data(), format, FormatArg(args)...); + return buffer; +} +#pragma warning(pop) + +inline void Trim(std::wstring& text) +{ + text.erase(text.begin(), std::find_if_not(text.begin(), text.end(), iswspace)); + text.erase(std::find_if_not(text.rbegin(), text.rend(), iswspace).base(), text.end()); +} + +inline std::optional StringToWideString(const std::string& text, UINT encoding) +{ + std::vector buffer(text.size() + 1); + if (int length = MultiByteToWideChar(encoding, 0, text.c_str(), text.size() + 1, buffer.data(), buffer.size())) + return std::wstring(buffer.data(), length - 1); + return {}; +} + +inline std::wstring StringToWideString(const std::string& text) +{ + std::vector buffer(text.size() + 1); + MultiByteToWideChar(CP_UTF8, 0, text.c_str(), -1, buffer.data(), buffer.size()); + return buffer.data(); +} + +inline std::string WideStringToString(const std::wstring& text) +{ + std::vector buffer((text.size() + 1) * 4); + WideCharToMultiByte(CP_UTF8, 0, text.c_str(), -1, buffer.data(), buffer.size(), nullptr, nullptr); + return buffer.data(); +} + +template +inline void TEXTRACTOR_MESSAGE(const wchar_t* format, const Args&... args) { MessageBoxW(NULL, FormatString(format, args...).c_str(), L"Textractor", MB_OK); } + +template +inline void TEXTRACTOR_DEBUG(const wchar_t* format, const Args&... args) { SpawnThread([=] { TEXTRACTOR_MESSAGE(format, args...); }); } + +void Localize(); + +#ifdef _DEBUG +#define TEST(...) static auto _ = CreateThread(nullptr, 0, [](auto) { __VA_ARGS__; return 0UL; }, NULL, 0, nullptr) +#else +#define TEST(...) +#endif + +inline std::optional getModuleFilename(DWORD processId, HMODULE module = NULL) +{ + std::vector buffer(MAX_PATH); + if (AutoHandle<> process = OpenProcess(PROCESS_VM_READ | PROCESS_QUERY_INFORMATION, FALSE, processId)) + if (GetModuleFileNameExW(process, module, buffer.data(), MAX_PATH)) return buffer.data(); + return {}; +} + +inline std::optional getModuleFilename(HMODULE module = NULL) +{ + std::vector buffer(MAX_PATH); + if (GetModuleFileNameW(module, buffer.data(), MAX_PATH)) return buffer.data(); + return {}; +} + +inline std::vector>> GetAllProcesses() +{ + std::vector processIds(10000); + DWORD spaceUsed = 0; + EnumProcesses(processIds.data(), 10000 * sizeof(DWORD), &spaceUsed); + std::vector>> processes; + for (int i = 0; i < spaceUsed / sizeof(DWORD); ++i) processes.push_back({ processIds[i], getModuleFilename(processIds[i]) }); + return processes; +} diff --git a/cpp/LunaHook/LunaHost/GUI/Plugin/extensions/extranewlines.cpp b/cpp/LunaHook/LunaHost/GUI/Plugin/extensions/extranewlines.cpp new file mode 100644 index 00000000..35236cf1 --- /dev/null +++ b/cpp/LunaHook/LunaHost/GUI/Plugin/extensions/extranewlines.cpp @@ -0,0 +1,8 @@ +#include "extension.h" + +bool ProcessSentence(std::wstring& sentence, SentenceInfo sentenceInfo) +{ + if (sentenceInfo["text number"] == 0) return false; + sentence += L"\n"; + return true; +} diff --git a/cpp/LunaHook/LunaHost/GUI/Plugin/extensions/extrawindow.cpp b/cpp/LunaHook/LunaHost/GUI/Plugin/extensions/extrawindow.cpp new file mode 100644 index 00000000..e5ed088d --- /dev/null +++ b/cpp/LunaHook/LunaHost/GUI/Plugin/extensions/extrawindow.cpp @@ -0,0 +1,604 @@ +#include "qtcommon.h" +#include "extension.h" +#include "ui_extrawindow.h" +#include "blockmarkup.h" +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +extern const char* EXTRA_WINDOW_INFO; +extern const char* TOPMOST; +extern const char* OPACITY; +extern const char* SHOW_ORIGINAL; +extern const char* ORIGINAL_AFTER_TRANSLATION; +extern const char* SIZE_LOCK; +extern const char* POSITION_LOCK; +extern const char* CENTERED_TEXT; +extern const char* AUTO_RESIZE_WINDOW_HEIGHT; +extern const char* CLICK_THROUGH; +extern const char* HIDE_MOUSEOVER; +extern const char* DICTIONARY; +extern const char* DICTIONARY_INSTRUCTIONS; +extern const char* BG_COLOR; +extern const char* TEXT_COLOR; +extern const char* TEXT_OUTLINE; +extern const char* OUTLINE_COLOR; +extern const char* OUTLINE_SIZE; +extern const char* OUTLINE_SIZE_INFO; +extern const char* FONT; + +constexpr auto DICTIONARY_SAVE_FILE = u8"SavedDictionary.txt"; +constexpr int CLICK_THROUGH_HOTKEY = 0xc0d0; + +QColor colorPrompt(QWidget* parent, QColor default, const QString& title, bool customOpacity = true) +{ + QColor color = QColorDialog::getColor(default, parent, title); + if (customOpacity) color.setAlpha(255 * QInputDialog::getDouble(parent, title, OPACITY, default.alpha() / 255.0, 0, 1, 3, nullptr, Qt::WindowCloseButtonHint)); + return color; +} + +struct PrettyWindow : QDialog, Localizer +{ + PrettyWindow(const char* name) + { + ui.setupUi(this); + ui.display->setGraphicsEffect(outliner = new Outliner); + setWindowFlags(Qt::FramelessWindowHint); + setAttribute(Qt::WA_TranslucentBackground); + + settings.beginGroup(name); + QFont font = ui.display->font(); + if (font.fromString(settings.value(FONT, font.toString()).toString())) ui.display->setFont(font); + SetBackgroundColor(settings.value(BG_COLOR, backgroundColor).value()); + SetTextColor(settings.value(TEXT_COLOR, TextColor()).value()); + outliner->color = settings.value(OUTLINE_COLOR, outliner->color).value(); + outliner->size = settings.value(OUTLINE_SIZE, outliner->size).toDouble(); + autoHide = settings.value(HIDE_MOUSEOVER, autoHide).toBool(); + menu.addAction(FONT, this, &PrettyWindow::RequestFont); + menu.addAction(BG_COLOR, [this] { SetBackgroundColor(colorPrompt(this, backgroundColor, BG_COLOR)); }); + menu.addAction(TEXT_COLOR, [this] { SetTextColor(colorPrompt(this, TextColor(), TEXT_COLOR)); }); + QAction* outlineAction = menu.addAction(TEXT_OUTLINE, this, &PrettyWindow::SetOutline); + outlineAction->setCheckable(true); + outlineAction->setChecked(outliner->size >= 0); + QAction* autoHideAction = menu.addAction(HIDE_MOUSEOVER, this, [this](bool autoHide) { settings.setValue(HIDE_MOUSEOVER, this->autoHide = autoHide); }); + autoHideAction->setCheckable(true); + autoHideAction->setChecked(autoHide); + connect(this, &QDialog::customContextMenuRequested, [this](QPoint point) { menu.exec(mapToGlobal(point)); }); + connect(ui.display, &QLabel::customContextMenuRequested, [this](QPoint point) { menu.exec(ui.display->mapToGlobal(point)); }); + startTimer(50); + } + + ~PrettyWindow() + { + settings.sync(); + } + + Ui::ExtraWindow ui; + +protected: + void timerEvent(QTimerEvent*) override + { + if (autoHide && geometry().contains(QCursor::pos())) + { + if (!hidden) + { + if (backgroundColor.alphaF() > 0.05) backgroundColor.setAlphaF(0.05); + if (outliner->color.alphaF() > 0.05) outliner->color.setAlphaF(0.05); + QColor hiddenTextColor = TextColor(); + if (hiddenTextColor.alphaF() > 0.05) hiddenTextColor.setAlphaF(0.05); + ui.display->setPalette(QPalette(hiddenTextColor, {}, {}, {}, {}, {}, {})); + hidden = true; + repaint(); + } + } + else if (hidden) + { + backgroundColor.setAlpha(settings.value(BG_COLOR).value().alpha()); + outliner->color.setAlpha(settings.value(OUTLINE_COLOR).value().alpha()); + ui.display->setPalette(QPalette(settings.value(TEXT_COLOR).value(), {}, {}, {}, {}, {}, {})); + hidden = false; + repaint(); + } + } + + QMenu menu{ ui.display }; + Settings settings{ this }; + +private: + void RequestFont() + { + if (QFont font = QFontDialog::getFont(&ok, ui.display->font(), this, FONT); ok) + { + settings.setValue(FONT, font.toString()); + ui.display->setFont(font); + } + }; + + void SetBackgroundColor(QColor color) + { + if (!color.isValid()) return; + if (color.alpha() == 0) color.setAlpha(1); + backgroundColor = color; + repaint(); + settings.setValue(BG_COLOR, color.name(QColor::HexArgb)); + }; + + QColor TextColor() + { + return ui.display->palette().color(QPalette::WindowText); + } + + void SetTextColor(QColor color) + { + if (!color.isValid()) return; + ui.display->setPalette(QPalette(color, {}, {}, {}, {}, {}, {})); + settings.setValue(TEXT_COLOR, color.name(QColor::HexArgb)); + }; + + void SetOutline(bool enable) + { + if (enable) + { + QColor color = colorPrompt(this, outliner->color, OUTLINE_COLOR); + if (color.isValid()) outliner->color = color; + outliner->size = QInputDialog::getDouble(this, OUTLINE_SIZE, OUTLINE_SIZE_INFO, -outliner->size, 0, INT_MAX, 2, nullptr, Qt::WindowCloseButtonHint); + } + else outliner->size = -outliner->size; + settings.setValue(OUTLINE_COLOR, outliner->color.name(QColor::HexArgb)); + settings.setValue(OUTLINE_SIZE, outliner->size); + } + + void paintEvent(QPaintEvent*) override + { + QPainter(this).fillRect(rect(), backgroundColor); + } + + bool autoHide = false, hidden = false; + QColor backgroundColor{ palette().window().color() }; + struct Outliner : QGraphicsEffect + { + void draw(QPainter* painter) override + { + if (size < 0) return drawSource(painter); + QPoint offset; + QPixmap pixmap = sourcePixmap(Qt::LogicalCoordinates, &offset); + offset.setX(offset.x() + size); + for (auto offset2 : Array{ { 0, 1 }, { 0, -1 }, { 1, 0 }, { -1, 0 }, { 1, 1 }, { 1, -1 }, { -1, 1 }, { -1, -1 } }) + { + QImage outline = pixmap.toImage(); + QPainter outlinePainter(&outline); + outlinePainter.setCompositionMode(QPainter::CompositionMode_SourceIn); + outlinePainter.fillRect(outline.rect(), color); + painter->drawImage(offset + offset2 * size, outline); + } + painter->drawPixmap(offset, pixmap); + } + QColor color{ Qt::black }; + double size = -0.5; + }* outliner; +}; + +class ExtraWindow : public PrettyWindow, QAbstractNativeEventFilter +{ +public: + ExtraWindow() : PrettyWindow("Extra Window") + { + ui.display->setTextFormat(Qt::PlainText); + if (settings.contains(WINDOW) && QApplication::screenAt(settings.value(WINDOW).toRect().bottomRight())) setGeometry(settings.value(WINDOW).toRect()); + + for (auto [name, default, slot] : Array{ + { TOPMOST, false, &ExtraWindow::SetTopmost }, + { SIZE_LOCK, false, &ExtraWindow::SetSizeLock }, + { POSITION_LOCK, false, &ExtraWindow::SetPositionLock }, + { CENTERED_TEXT, false, &ExtraWindow::SetCenteredText }, + { AUTO_RESIZE_WINDOW_HEIGHT, false, &ExtraWindow::SetAutoResize }, + { SHOW_ORIGINAL, true, &ExtraWindow::SetShowOriginal }, + { ORIGINAL_AFTER_TRANSLATION, true, &ExtraWindow::SetShowOriginalAfterTranslation }, + { DICTIONARY, false, &ExtraWindow::SetUseDictionary }, + }) + { + // delay processing anything until Textractor has finished initializing + QMetaObject::invokeMethod(this, std::bind(slot, this, default = settings.value(name, default).toBool()), Qt::QueuedConnection); + auto action = menu.addAction(name, this, slot); + action->setCheckable(true); + action->setChecked(default); + } + + menu.addAction(CLICK_THROUGH, this, &ExtraWindow::ToggleClickThrough); + + ui.display->installEventFilter(this); + qApp->installNativeEventFilter(this); + + QMetaObject::invokeMethod(this, [this] + { + RegisterHotKey((HWND)winId(), CLICK_THROUGH_HOTKEY, MOD_ALT | MOD_NOREPEAT, 0x58); + show(); + AddSentence(EXTRA_WINDOW_INFO); + }, Qt::QueuedConnection); + } + + ~ExtraWindow() + { + settings.setValue(WINDOW, geometry()); + } + + void AddSentence(QString sentence) + { + sanitize(sentence); + sentence.chop(std::distance(std::remove(sentence.begin(), sentence.end(), QChar::Tabulation), sentence.end())); + sentenceHistory.push_back(sentence); + if (sentenceHistory.size() > 1000) sentenceHistory.erase(sentenceHistory.begin()); + historyIndex = sentenceHistory.size() - 1; + DisplaySentence(); + } + +private: + void DisplaySentence() + { + if (sentenceHistory.empty()) return; + QString sentence = sentenceHistory[historyIndex]; + if (sentence.contains(u8"\x200b \n")) + if (!showOriginal) sentence = sentence.split(u8"\x200b \n")[1]; + else if (showOriginalAfterTranslation) sentence = sentence.split(u8"\x200b \n")[1] + "\n" + sentence.split(u8"\x200b \n")[0]; + + if (sizeLock && !autoResize) + { + QFontMetrics fontMetrics(ui.display->font(), ui.display); + int low = 0, high = sentence.size(), last = 0; + while (low <= high) + { + int mid = (low + high) / 2; + if (fontMetrics.boundingRect(0, 0, ui.display->width(), INT_MAX, Qt::TextWordWrap, sentence.left(mid)).height() <= ui.display->height()) + { + last = mid; + low = mid + 1; + } + else high = mid - 1; + } + sentence = sentence.left(last); + } + + ui.display->setText(sentence); + if (autoResize) + resize(width(), height() - ui.display->height() + + QFontMetrics(ui.display->font(), ui.display).boundingRect(0, 0, ui.display->width(), INT_MAX, Qt::TextWordWrap, sentence).height() + ); + } + + void SetTopmost(bool topmost) + { + for (auto window : { winId(), dictionaryWindow.winId() }) + SetWindowPos((HWND)window, topmost ? HWND_TOPMOST : HWND_NOTOPMOST, 0, 0, 0, 0, SWP_NOMOVE | SWP_NOSIZE | SWP_NOACTIVATE); + settings.setValue(TOPMOST, topmost); + }; + + void SetPositionLock(bool locked) + { + settings.setValue(POSITION_LOCK, posLock = locked); + }; + + void SetSizeLock(bool locked) + { + setSizeGripEnabled(!locked); + settings.setValue(SIZE_LOCK, sizeLock = locked); + }; + + void SetCenteredText(bool centeredText) + { + ui.display->setAlignment(centeredText ? Qt::AlignHCenter : Qt::AlignLeft); + settings.setValue(CENTERED_TEXT, this->centeredText = centeredText); + }; + + void SetAutoResize(bool autoResize) + { + settings.setValue(AUTO_RESIZE_WINDOW_HEIGHT, this->autoResize = autoResize); + DisplaySentence(); + }; + + void SetShowOriginal(bool showOriginal) + { + settings.setValue(SHOW_ORIGINAL, this->showOriginal = showOriginal); + DisplaySentence(); + }; + + void SetShowOriginalAfterTranslation(bool showOriginalAfterTranslation) + { + settings.setValue(ORIGINAL_AFTER_TRANSLATION, this->showOriginalAfterTranslation = showOriginalAfterTranslation); + DisplaySentence(); + }; + + void SetUseDictionary(bool useDictionary) + { + if (useDictionary) + { + dictionaryWindow.UpdateDictionary(); + if (dictionaryWindow.dictionary.empty()) + { + std::ofstream(DICTIONARY_SAVE_FILE) << u8"\ufeff" << DICTIONARY_INSTRUCTIONS; + _spawnlp(_P_DETACH, "notepad", "notepad", DICTIONARY_SAVE_FILE, NULL); // show file to user + } + } + settings.setValue(DICTIONARY, this->useDictionary = useDictionary); + } + + void ToggleClickThrough() + { + clickThrough = !clickThrough; + for (auto window : { winId(), dictionaryWindow.winId() }) + { + unsigned exStyle = GetWindowLongPtrW((HWND)window, GWL_EXSTYLE); + if (clickThrough) exStyle |= WS_EX_TRANSPARENT; + else exStyle &= ~WS_EX_TRANSPARENT; + SetWindowLongPtrW((HWND)window, GWL_EXSTYLE, exStyle); + } + }; + + void ShowDictionary(QPoint mouse) + { + QString sentence = ui.display->text(); + const QFont& font = ui.display->font(); + if (cachedDisplayInfo.CompareExchange(ui.display)) + { + QFontMetrics fontMetrics(font, ui.display); + int flags = Qt::TextWordWrap | (ui.display->alignment() & (Qt::AlignLeft | Qt::AlignHCenter)); + textPositionMap.clear(); + for (int i = 0, height = 0, lineBreak = 0; i < sentence.size(); ++i) + { + int block = 1; + for (int charHeight = fontMetrics.boundingRect(0, 0, 1, INT_MAX, flags, sentence.mid(i, 1)).height(); + i + block < sentence.size() && fontMetrics.boundingRect(0, 0, 1, INT_MAX, flags, sentence.mid(i, block + 1)).height() < charHeight * 1.5; ++block); + auto boundingRect = fontMetrics.boundingRect(0, 0, ui.display->width(), INT_MAX, flags, sentence.left(i + block)); + if (boundingRect.height() > height) + { + height = boundingRect.height(); + lineBreak = i; + } + textPositionMap.push_back({ + fontMetrics.boundingRect(0, 0, ui.display->width(), INT_MAX, flags, sentence.mid(lineBreak, i - lineBreak + 1)).right() + 1, + height + }); + } + } + int i; + for (i = 0; i < textPositionMap.size(); ++i) if (textPositionMap[i].y() > mouse.y() && textPositionMap[i].x() > mouse.x()) break; + if (i == textPositionMap.size() || (mouse - textPositionMap[i]).manhattanLength() > font.pointSize() * 3) return dictionaryWindow.hide(); + if (sentence.mid(i) == dictionaryWindow.term) return dictionaryWindow.ShowDefinition(); + dictionaryWindow.ui.display->setFixedWidth(ui.display->width() * 3 / 4); + dictionaryWindow.SetTerm(sentence.mid(i)); + int left = i == 0 ? 0 : textPositionMap[i - 1].x(), right = textPositionMap[i].x(), + x = textPositionMap[i].x() > ui.display->width() / 2 ? -dictionaryWindow.width() + (right * 3 + left) / 4 : (left * 3 + right) / 4, y = 0; + for (auto point : textPositionMap) if (point.y() > y && point.y() < textPositionMap[i].y()) y = point.y(); + dictionaryWindow.move(ui.display->mapToGlobal(QPoint(x, y - dictionaryWindow.height()))); + } + + bool nativeEventFilter(const QByteArray&, void* message, long* result) override + { + auto msg = (MSG*)message; + if (msg->message == WM_HOTKEY) + if (msg->wParam == CLICK_THROUGH_HOTKEY) return ToggleClickThrough(), true; + return false; + } + + bool eventFilter(QObject*, QEvent* event) override + { + if (event->type() == QEvent::MouseButtonPress) mousePressEvent((QMouseEvent*)event); + return false; + } + + void timerEvent(QTimerEvent* event) override + { + if (useDictionary && QCursor::pos() != oldPos && (!dictionaryWindow.isVisible() || !dictionaryWindow.geometry().contains(QCursor::pos()))) + ShowDictionary(ui.display->mapFromGlobal(QCursor::pos())); + PrettyWindow::timerEvent(event); + } + + void mousePressEvent(QMouseEvent* event) override + { + dictionaryWindow.hide(); + oldPos = event->globalPos(); + } + + void mouseMoveEvent(QMouseEvent* event) override + { + if (!posLock) move(pos() + event->globalPos() - oldPos); + oldPos = event->globalPos(); + } + + void wheelEvent(QWheelEvent* event) override + { + int scroll = event->angleDelta().y(); + if (scroll > 0 && historyIndex > 0) --historyIndex; + if (scroll < 0 && historyIndex + 1 < sentenceHistory.size()) ++historyIndex; + DisplaySentence(); + } + + bool sizeLock, posLock, centeredText, autoResize, showOriginal, showOriginalAfterTranslation, useDictionary, clickThrough; + QPoint oldPos; + + class + { + public: + bool CompareExchange(QLabel* display) + { + if (display->text() == text && display->font() == font && display->width() == width && display->alignment() == alignment) return false; + text = display->text(); + font = display->font(); + width = display->width(); + alignment = display->alignment(); + return true; + } + + private: + QString text; + QFont font; + int width; + Qt::Alignment alignment; + } cachedDisplayInfo; + std::vector textPositionMap; + + std::vector sentenceHistory; + int historyIndex = 0; + + class DictionaryWindow : public PrettyWindow + { + public: + DictionaryWindow() : PrettyWindow("Dictionary Window") + { + ui.display->setSizePolicy({ QSizePolicy::Fixed, QSizePolicy::Minimum }); + } + + void UpdateDictionary() + { + try + { + if (dictionaryFileLastWrite == std::filesystem::last_write_time(DICTIONARY_SAVE_FILE)) return; + dictionaryFileLastWrite = std::filesystem::last_write_time(DICTIONARY_SAVE_FILE); + } + catch (std::filesystem::filesystem_error) { return; } + + dictionary.clear(); + charStorage.clear(); + + auto StoreCopy = [&](std::string_view string) + { + auto location = &*charStorage.insert(charStorage.end(), string.begin(), string.end()); + charStorage.push_back(0); + return location; + }; + + charStorage.reserve(std::filesystem::file_size(DICTIONARY_SAVE_FILE)); + std::ifstream stream(DICTIONARY_SAVE_FILE); + BlockMarkupIterator savedDictionary(stream, Array{ "|TERM|", "|DEFINITION|" }); + while (auto read = savedDictionary.Next()) + { + const auto& [terms, definition] = read.value(); + auto storedDefinition = StoreCopy(definition); + std::string_view termsView = terms; + size_t start = 0, end = termsView.find("|TERM|"); + while (end != std::string::npos) + { + dictionary.push_back(DictionaryEntry{ StoreCopy(termsView.substr(start, end - start)), storedDefinition }); + start = end + 6; + end = termsView.find("|TERM|", start); + } + dictionary.push_back(DictionaryEntry{ StoreCopy(termsView.substr(start)), storedDefinition }); + } + std::stable_sort(dictionary.begin(), dictionary.end()); + + inflections.clear(); + stream.seekg(0); + BlockMarkupIterator savedInflections(stream, Array{ "|ROOT|", "|INFLECTS TO|", "|NAME|" }); + while (auto read = savedInflections.Next()) + { + const auto& [root, inflectsTo, name] = read.value(); + if (!inflections.emplace_back(Inflection{ + S(root), + QRegularExpression(QRegularExpression::anchoredPattern(S(inflectsTo)), QRegularExpression::UseUnicodePropertiesOption), + S(name) + }).inflectsTo.isValid()) TEXTRACTOR_MESSAGE(L"Invalid regex: %s", StringToWideString(inflectsTo)); + } + } + + void SetTerm(QString term) + { + this->term = term; + UpdateDictionary(); + definitions.clear(); + definitionIndex = 0; + std::unordered_set foundDefinitions; + for (term = term.left(100); !term.isEmpty(); term.chop(1)) + for (const auto& [rootTerm, definition, inflections] : LookupDefinitions(term, foundDefinitions)) + definitions.push_back( + QStringLiteral("

%1 (%5/%6)

%2%3%4").arg( + term.split("<<")[0].toHtmlEscaped(), + rootTerm.split("<<")[0].toHtmlEscaped(), + inflections.join(""), + definition + ) + ); + for (int i = 0; i < definitions.size(); ++i) definitions[i] = definitions[i].arg(i + 1).arg(definitions.size()); + ShowDefinition(); + } + + void ShowDefinition() + { + if (definitions.empty()) return hide(); + ui.display->setText(definitions[definitionIndex]); + adjustSize(); + resize(width(), 1); + show(); + } + + struct DictionaryEntry + { + const char* term; + const char* definition; + bool operator<(DictionaryEntry other) const { return strcmp(term, other.term) < 0; } + }; + std::vector dictionary; + QString term; + + private: + struct LookupResult + { + QString term; + QString definition; + QStringList inflectionsUsed; + }; + std::vector LookupDefinitions(QString term, std::unordered_set& foundDefinitions, QStringList inflectionsUsed = {}) + { + std::vector results; + for (auto [it, end] = std::equal_range(dictionary.begin(), dictionary.end(), DictionaryEntry{ term.toUtf8() }); it != end; ++it) + if (foundDefinitions.emplace(it->definition).second) results.push_back({ term, it->definition, inflectionsUsed }); + for (const auto& inflection : inflections) if (auto match = inflection.inflectsTo.match(term); match.hasMatch()) + { + QStringList currentInflectionsUsed = inflectionsUsed; + currentInflectionsUsed.push_front(inflection.name); + QString root; + for (const auto& ch : inflection.root) root += ch.isDigit() ? match.captured(ch.digitValue()) : ch; + for (const auto& definition : LookupDefinitions(root, foundDefinitions, currentInflectionsUsed)) results.push_back(definition); + } + return results; + } + + void wheelEvent(QWheelEvent* event) override + { + int scroll = event->angleDelta().y(); + if (scroll > 0 && definitionIndex > 0) definitionIndex -= 1; + if (scroll < 0 && definitionIndex + 1 < definitions.size()) definitionIndex += 1; + int oldHeight = height(); + ShowDefinition(); + move(x(), y() + oldHeight - height()); + } + + struct Inflection + { + QString root; + QRegularExpression inflectsTo; + QString name; + }; + std::vector inflections; + + std::filesystem::file_time_type dictionaryFileLastWrite; + std::vector charStorage; + std::vector definitions; + int definitionIndex; + } dictionaryWindow; +} extraWindow; + +bool ProcessSentence(std::wstring& sentence, SentenceInfo sentenceInfo) +{ + if (sentenceInfo["current select"] && sentenceInfo["text number"] != 0) + QMetaObject::invokeMethod(&extraWindow, [sentence = S(sentence)] { extraWindow.AddSentence(sentence); }); + return false; +} \ No newline at end of file diff --git a/cpp/LunaHook/LunaHost/GUI/Plugin/extensions/extrawindow.ui b/cpp/LunaHook/LunaHost/GUI/Plugin/extensions/extrawindow.ui new file mode 100644 index 00000000..643a9e04 --- /dev/null +++ b/cpp/LunaHook/LunaHost/GUI/Plugin/extensions/extrawindow.ui @@ -0,0 +1,51 @@ + + + ExtraWindow + + + + 0 + 0 + 800 + 300 + + + + Qt::CustomContextMenu + + + + + + + 0 + 0 + + + + + 16 + + + + Qt::CustomContextMenu + + + 0 + + + Qt::AlignTop + + + true + + + Qt::TextSelectableByMouse + + + + + + + + diff --git a/cpp/LunaHook/LunaHost/GUI/Plugin/extensions/googletranslate.cpp b/cpp/LunaHook/LunaHost/GUI/Plugin/extensions/googletranslate.cpp new file mode 100644 index 00000000..26d8d412 --- /dev/null +++ b/cpp/LunaHook/LunaHost/GUI/Plugin/extensions/googletranslate.cpp @@ -0,0 +1,267 @@ +#include "qtcommon.h" +#include "translatewrapper.h" +#include "network.h" + +extern const wchar_t* TRANSLATION_ERROR; + +const char* TRANSLATION_PROVIDER = "Google Translate"; +const char* GET_API_KEY_FROM = "https://console.cloud.google.com/marketplace/product/google/translate.googleapis.com"; +extern const QStringList languagesTo +{ + "Afrikaans", + "Albanian", + "Amharic", + "Arabic", + "Armenian", + "Azerbaijani", + "Basque", + "Belarusian", + "Bengali", + "Bosnian", + "Bulgarian", + "Catalan", + "Cebuano", + "Chichewa", + "Chinese (Simplified)", + "Chinese (Traditional)", + "Corsican", + "Croatian", + "Czech", + "Danish", + "Dutch", + "English", + "Esperanto", + "Estonian", + "Filipino", + "Finnish", + "French", + "Frisian", + "Galician", + "Georgian", + "German", + "Greek", + "Gujarati", + "Haitian Creole", + "Hausa", + "Hawaiian", + "Hebrew", + "Hindi", + "Hmong", + "Hungarian", + "Icelandic", + "Igbo", + "Indonesian", + "Irish", + "Italian", + "Japanese", + "Javanese", + "Kannada", + "Kazakh", + "Khmer", + "Kinyarwanda", + "Korean", + "Kurdish (Kurmanji)", + "Kyrgyz", + "Lao", + "Latin", + "Latvian", + "Lithuanian", + "Luxembourgish", + "Macedonian", + "Malagasy", + "Malay", + "Malayalam", + "Maltese", + "Maori", + "Marathi", + "Mongolian", + "Myanmar (Burmese)", + "Nepali", + "Norwegian", + "Odia (Oriya)", + "Pashto", + "Persian", + "Polish", + "Portuguese", + "Punjabi", + "Romanian", + "Russian", + "Samoan", + "Scots Gaelic", + "Serbian", + "Sesotho", + "Shona", + "Sindhi", + "Sinhala", + "Slovak", + "Slovenian", + "Somali", + "Spanish", + "Sundanese", + "Swahili", + "Swedish", + "Tajik", + "Tamil", + "Tatar", + "Telugu", + "Thai", + "Turkish", + "Turkmen", + "Ukrainian", + "Urdu", + "Uyghur", + "Uzbek", + "Vietnamese", + "Welsh", + "Xhosa", + "Yiddish", + "Yoruba", + "Zulu", +}, languagesFrom = languagesTo; +extern const std::unordered_map codes +{ + { { L"Afrikaans" }, { L"af" } }, + { { L"Albanian" }, { L"sq" } }, + { { L"Amharic" }, { L"am" } }, + { { L"Arabic" }, { L"ar" } }, + { { L"Armenian" }, { L"hy" } }, + { { L"Azerbaijani" }, { L"az" } }, + { { L"Basque" }, { L"eu" } }, + { { L"Belarusian" }, { L"be" } }, + { { L"Bengali" }, { L"bn" } }, + { { L"Bosnian" }, { L"bs" } }, + { { L"Bulgarian" }, { L"bg" } }, + { { L"Catalan" }, { L"ca" } }, + { { L"Cebuano" }, { L"ceb" } }, + { { L"Chichewa" }, { L"ny" } }, + { { L"Chinese (Simplified)" }, { L"zh-CN" } }, + { { L"Chinese (Traditional)" }, { L"zh-TW" } }, + { { L"Corsican" }, { L"co" } }, + { { L"Croatian" }, { L"hr" } }, + { { L"Czech" }, { L"cs" } }, + { { L"Danish" }, { L"da" } }, + { { L"Dutch" }, { L"nl" } }, + { { L"English" }, { L"en" } }, + { { L"Esperanto" }, { L"eo" } }, + { { L"Estonian" }, { L"et" } }, + { { L"Filipino" }, { L"tl" } }, + { { L"Finnish" }, { L"fi" } }, + { { L"French" }, { L"fr" } }, + { { L"Frisian" }, { L"fy" } }, + { { L"Galician" }, { L"gl" } }, + { { L"Georgian" }, { L"ka" } }, + { { L"German" }, { L"de" } }, + { { L"Greek" }, { L"el" } }, + { { L"Gujarati" }, { L"gu" } }, + { { L"Haitian Creole" }, { L"ht" } }, + { { L"Hausa" }, { L"ha" } }, + { { L"Hawaiian" }, { L"haw" } }, + { { L"Hebrew" }, { L"iw" } }, + { { L"Hindi" }, { L"hi" } }, + { { L"Hmong" }, { L"hmn" } }, + { { L"Hungarian" }, { L"hu" } }, + { { L"Icelandic" }, { L"is" } }, + { { L"Igbo" }, { L"ig" } }, + { { L"Indonesian" }, { L"id" } }, + { { L"Irish" }, { L"ga" } }, + { { L"Italian" }, { L"it" } }, + { { L"Japanese" }, { L"ja" } }, + { { L"Javanese" }, { L"jw" } }, + { { L"Kannada" }, { L"kn" } }, + { { L"Kazakh" }, { L"kk" } }, + { { L"Khmer" }, { L"km" } }, + { { L"Kinyarwanda" }, { L"rw" } }, + { { L"Korean" }, { L"ko" } }, + { { L"Kurdish (Kurmanji)" }, { L"ku" } }, + { { L"Kyrgyz" }, { L"ky" } }, + { { L"Lao" }, { L"lo" } }, + { { L"Latin" }, { L"la" } }, + { { L"Latvian" }, { L"lv" } }, + { { L"Lithuanian" }, { L"lt" } }, + { { L"Luxembourgish" }, { L"lb" } }, + { { L"Macedonian" }, { L"mk" } }, + { { L"Malagasy" }, { L"mg" } }, + { { L"Malay" }, { L"ms" } }, + { { L"Malayalam" }, { L"ml" } }, + { { L"Maltese" }, { L"mt" } }, + { { L"Maori" }, { L"mi" } }, + { { L"Marathi" }, { L"mr" } }, + { { L"Mongolian" }, { L"mn" } }, + { { L"Myanmar (Burmese)" }, { L"my" } }, + { { L"Nepali" }, { L"ne" } }, + { { L"Norwegian" }, { L"no" } }, + { { L"Odia (Oriya)" }, { L"or" } }, + { { L"Pashto" }, { L"ps" } }, + { { L"Persian" }, { L"fa" } }, + { { L"Polish" }, { L"pl" } }, + { { L"Portuguese" }, { L"pt" } }, + { { L"Punjabi" }, { L"pa" } }, + { { L"Romanian" }, { L"ro" } }, + { { L"Russian" }, { L"ru" } }, + { { L"Samoan" }, { L"sm" } }, + { { L"Scots Gaelic" }, { L"gd" } }, + { { L"Serbian" }, { L"sr" } }, + { { L"Sesotho" }, { L"st" } }, + { { L"Shona" }, { L"sn" } }, + { { L"Sindhi" }, { L"sd" } }, + { { L"Sinhala" }, { L"si" } }, + { { L"Slovak" }, { L"sk" } }, + { { L"Slovenian" }, { L"sl" } }, + { { L"Somali" }, { L"so" } }, + { { L"Spanish" }, { L"es" } }, + { { L"Sundanese" }, { L"su" } }, + { { L"Swahili" }, { L"sw" } }, + { { L"Swedish" }, { L"sv" } }, + { { L"Tajik" }, { L"tg" } }, + { { L"Tamil" }, { L"ta" } }, + { { L"Tatar" }, { L"tt" } }, + { { L"Telugu" }, { L"te" } }, + { { L"Thai" }, { L"th" } }, + { { L"Turkish" }, { L"tr" } }, + { { L"Turkmen" }, { L"tk" } }, + { { L"Ukrainian" }, { L"uk" } }, + { { L"Urdu" }, { L"ur" } }, + { { L"Uyghur" }, { L"ug" } }, + { { L"Uzbek" }, { L"uz" } }, + { { L"Vietnamese" }, { L"vi" } }, + { { L"Welsh" }, { L"cy" } }, + { { L"Xhosa" }, { L"xh" } }, + { { L"Yiddish" }, { L"yi" } }, + { { L"Yoruba" }, { L"yo" } }, + { { L"Zulu" }, { L"zu" } }, + { { L"?" }, { L"auto" } } +}; + +bool translateSelectedOnly = false, useRateLimiter = true, rateLimitSelected = false, useCache = true, useFilter = true; +int tokenCount = 30, rateLimitTimespan = 60000, maxSentenceSize = 1000; + +std::pair Translate(const std::wstring& text, TranslationParam tlp) +{ + if (!tlp.authKey.empty()) + { + std::wstring translateFromComponent = tlp.translateFrom == L"?" ? L"" : L"&source=" + codes.at(tlp.translateFrom); + if (HttpRequest httpRequest{ + L"Mozilla/5.0 Textractor", + L"translation.googleapis.com", + L"POST", + FormatString(L"/language/translate/v2?format=text&target=%s&key=%s%s", codes.at(tlp.translateTo), tlp.authKey, translateFromComponent).c_str(), + FormatString(R"({"q":["%s"]})", JSON::Escape(WideStringToString(text))) + }) + if (auto translation = Copy(JSON::Parse(httpRequest.response)[L"data"][L"translations"][0][L"translatedText"].String())) return { true, translation.value() }; + else return { false, FormatString(L"%s: %s", TRANSLATION_ERROR, httpRequest.response) }; + else return { false, FormatString(L"%s (code=%u)", TRANSLATION_ERROR, httpRequest.errorCode) }; + } + + if (HttpRequest httpRequest{ + L"Mozilla/5.0 Textractor", + L"translate.google.com", + L"GET", + FormatString(L"/m?sl=%s&tl=%s&q=%s", codes.at(tlp.translateFrom), codes.at(tlp.translateTo), Escape(text)).c_str() + }) + { + auto start = httpRequest.response.find(L"result-container\">"), end = httpRequest.response.find(L'<', start); + if (end != std::string::npos) return { true, HTML::Unescape(httpRequest.response.substr(start + 18, end - start - 18)) }; + return { false, FormatString(L"%s: %s", TRANSLATION_ERROR, httpRequest.response) }; + } + else return { false, FormatString(L"%s (code=%u)", TRANSLATION_ERROR, httpRequest.errorCode) }; +} diff --git a/cpp/LunaHook/LunaHost/GUI/Plugin/extensions/network.cpp b/cpp/LunaHook/LunaHost/GUI/Plugin/extensions/network.cpp new file mode 100644 index 00000000..ec65e0a7 --- /dev/null +++ b/cpp/LunaHook/LunaHost/GUI/Plugin/extensions/network.cpp @@ -0,0 +1,65 @@ +#include "network.h" + +HttpRequest::HttpRequest( + const wchar_t* agentName, + const wchar_t* serverName, + const wchar_t* action, + const wchar_t* objectName, + std::string body, + const wchar_t* headers, + DWORD port, + const wchar_t* referrer, + DWORD requestFlags, + const wchar_t* httpVersion, + const wchar_t** acceptTypes +) +{ + static std::atomic internet = NULL; + if (!internet) internet = WinHttpOpen(agentName, WINHTTP_ACCESS_TYPE_DEFAULT_PROXY, NULL, NULL, 0); + if (internet) + if (InternetHandle connection = WinHttpConnect(internet, serverName, port, 0)) + if (InternetHandle request = WinHttpOpenRequest(connection, action, objectName, httpVersion, referrer, acceptTypes, requestFlags)) + if (WinHttpSendRequest(request, headers, -1UL, body.empty() ? NULL : body.data(), body.size(), body.size(), NULL)) + { + WinHttpReceiveResponse(request, NULL); + + //DWORD size = 0; + //WinHttpQueryHeaders(request, WINHTTP_QUERY_RAW_HEADERS_CRLF, WINHTTP_HEADER_NAME_BY_INDEX, NULL, &size, WINHTTP_NO_HEADER_INDEX); + //this->headers.resize(size); + //WinHttpQueryHeaders(request, WINHTTP_QUERY_RAW_HEADERS_CRLF, WINHTTP_HEADER_NAME_BY_INDEX, this->headers.data(), &size, WINHTTP_NO_HEADER_INDEX); + std::string data; + DWORD availableSize, downloadedSize; + do + { + availableSize = 0; + WinHttpQueryDataAvailable(request, &availableSize); + if (!availableSize) break; + std::vector buffer(availableSize); + WinHttpReadData(request, buffer.data(), availableSize, &downloadedSize); + data.append(buffer.data(), downloadedSize); + } while (availableSize > 0); + response = StringToWideString(data); + this->connection = std::move(connection); + this->request = std::move(request); + } + else errorCode = GetLastError(); + else errorCode = GetLastError(); + else errorCode = GetLastError(); + else errorCode = GetLastError(); +} + +std::wstring Escape(const std::wstring& text) +{ + std::wstring escaped; + for (unsigned char ch : WideStringToString(text)) escaped += FormatString(L"%%%02X", (int)ch); + return escaped; +} + +std::string Escape(const std::string& text) +{ + std::string escaped; + for (unsigned char ch : text) escaped += FormatString("%%%02X", (int)ch); + return escaped; +} + +TEST(assert(JSON::Parse(LR"([{"string":"hello world","boolean":false,"number":1.67e+4,"null":null,"array":[]},"hello world"])"))); diff --git a/cpp/LunaHook/LunaHost/GUI/Plugin/extensions/network.h b/cpp/LunaHook/LunaHost/GUI/Plugin/extensions/network.h new file mode 100644 index 00000000..061e90c0 --- /dev/null +++ b/cpp/LunaHook/LunaHost/GUI/Plugin/extensions/network.h @@ -0,0 +1,233 @@ +#pragma once + +#include +#include + +using InternetHandle = AutoHandle>; + +struct HttpRequest +{ + HttpRequest( + const wchar_t* agentName, + const wchar_t* serverName, + const wchar_t* action, + const wchar_t* objectName, + std::string body = "", + const wchar_t* headers = NULL, + DWORD port = INTERNET_DEFAULT_PORT, + const wchar_t* referrer = NULL, + DWORD requestFlags = WINHTTP_FLAG_SECURE | WINHTTP_FLAG_ESCAPE_DISABLE, + const wchar_t* httpVersion = NULL, + const wchar_t** acceptTypes = NULL + ); + operator bool() { return errorCode == ERROR_SUCCESS; } + + std::wstring response; + std::wstring headers; + InternetHandle connection = NULL; + InternetHandle request = NULL; + DWORD errorCode = ERROR_SUCCESS; +}; + +std::wstring Escape(const std::wstring& text); +std::string Escape(const std::string& text); + +namespace HTML +{ + template + std::basic_string Unescape(std::basic_string text) + { + constexpr C + lt[] = { '&', 'l', 't', ';' }, + gt[] = { '&', 'g', 't', ';' }, + apos1[] = { '&', 'a', 'p', 'o', 's', ';' }, + apos2[] = { '&', '#', '3', '9', ';' }, + apos3[] = { '&', '#', 'x', '2', '7', ';' }, + apos4[] = { '&', '#', 'X', '2', '7', ';' }, + quot[] = { '&', 'q', 'u', 'o', 't', ';' }, + amp[] = { '&', 'a', 'm', 'p', ';' }; + for (int i = 0; i < text.size(); ++i) + if (text[i] == '&') + for (auto [original, length, replacement] : Array{ + { lt, std::size(lt), '<' }, + { gt, std::size(gt), '>' }, + { apos1, std::size(apos1), '\'' }, + { apos2, std::size(apos2), '\'' }, + { apos3, std::size(apos3), '\'' }, + { apos4, std::size(apos4), '\'' }, + { quot, std::size(quot), '"' }, + { amp, std::size(amp), '&' } + }) if (std::char_traits::compare(text.data() + i, original, length) == 0) text.replace(i, length, 1, replacement); + return text; + } +} + +namespace JSON +{ + template + std::basic_string Escape(std::basic_string text) + { + int oldSize = text.size(); + text.resize(text.size() + std::count_if(text.begin(), text.end(), [](C ch) { return ch == '\n' || ch == '\r' || ch == '\t' || ch == '\\' || ch == '"'; })); + auto out = text.rbegin(); + for (int i = oldSize - 1; i >= 0; --i) + { + if (text[i] == '\n') *out++ = 'n'; + else if (text[i] == '\t') *out++ = 't'; + else if (text[i] == '\r') *out++ = 'r'; + else if (text[i] == '\\' || text[i] == '"') *out++ = text[i]; + else + { + *out++ = text[i]; + continue; + } + *out++ = '\\'; + } + text.erase(std::remove_if(text.begin(), text.end(), [](uint64_t ch) { return ch < 0x20 || ch == 0x7f; }), text.end()); + return text; + } + + template struct UTF {}; + template <> struct UTF + { + inline static std::wstring FromCodepoint(unsigned codepoint) { return { (wchar_t)codepoint }; } // TODO: surrogate pairs + }; + + template + struct Value : private std::variant, std::vector>, std::unordered_map, Value>> + { + using std::variant, std::vector>, std::unordered_map, Value>>::variant; + + explicit operator bool() const { return index(); } + bool IsNull() const { return index() == 1; } + auto Boolean() const { return std::get_if(this); } + auto Number() const { return std::get_if(this); } + auto String() const { return std::get_if>(this); } + auto Array() const { return std::get_if>>(this); } + auto Object() const { return std::get_if, Value>>(this); } + + const Value& operator[](std::basic_string key) const + { + if (auto object = Object()) if (auto it = object->find(key); it != object->end()) return it->second; + return failure; + } + const Value& operator[](int i) const + { + if (auto array = Array()) if (i < array->size()) return array->at(i); + return failure; + } + + static const Value failure; + }; + template const Value Value::failure; + + template + Value Parse(const std::basic_string& text, int64_t& i, int depth) + { + if (depth > maxDepth) return {}; + C ch; + auto SkipWhitespace = [&] + { + while (i < text.size() && (text[i] == ' ' || text[i] == '\n' || text[i] == '\r' || text[i] == '\t')) ++i; + if (i >= text.size()) return true; + ch = text[i]; + return false; + }; + auto ExtractString = [&] + { + std::basic_string unescaped; + i += 1; + for (; i < text.size(); ++i) + { + auto ch = text[i]; + if (ch == '"') return i += 1, unescaped; + if (ch == '\\') + { + ch = text[i + 1]; + if (ch == 'u' && isxdigit(text[i + 2]) && isxdigit(text[i + 3]) && isxdigit(text[i + 4]) && isxdigit(text[i + 5])) + { + char charCode[] = { (char)text[i + 2], (char)text[i + 3], (char)text[i + 4], (char)text[i + 5], 0 }; + unescaped += UTF::FromCodepoint(strtoul(charCode, nullptr, 16)); + i += 5; + continue; + } + for (auto [original, value] : Array{ { 'b', '\b' }, {'f', '\f'}, {'n', '\n'}, {'r', '\r'}, {'t', '\t'} }) if (ch == original) + { + unescaped.push_back(value); + goto replaced; + } + unescaped.push_back(ch); + replaced: i += 1; + } + else unescaped.push_back(ch); + } + return unescaped; + }; + + if (SkipWhitespace()) return {}; + + constexpr C nullStr[] = { 'n', 'u', 'l', 'l' }, trueStr[] = { 't', 'r', 'u', 'e' }, falseStr[] = { 'f', 'a', 'l', 's', 'e' }; + if (ch == nullStr[0]) + if (std::char_traits::compare(text.data() + i, nullStr, std::size(nullStr)) == 0) return i += std::size(nullStr), nullptr; + else return {}; + if (ch == trueStr[0]) + if (std::char_traits::compare(text.data() + i, trueStr, std::size(trueStr)) == 0) return i += std::size(trueStr), true; + else return {}; + if (ch == falseStr[0]) + if (std::char_traits::compare(text.data() + i, falseStr, std::size(falseStr)) == 0) return i += std::size(falseStr), false; + else return {}; + + if (ch == '-' || (ch >= '0' && ch <= '9')) + { + std::string number; + for (; i < text.size() && ((text[i] >= '0' && text[i] <= '9') || text[i] == '-' || text[i] == '+' || text[i] == 'e' || text[i] == 'E' || text[i] == '.'); ++i) + number.push_back(text[i]); + return strtod(number.c_str(), NULL); + } + + if (ch == '"') return ExtractString(); + + if (ch == '[') + { + std::vector> array; + while (true) + { + i += 1; + if (SkipWhitespace()) return {}; + if (ch == ']') return i += 1, Value(array); + if (!array.emplace_back(Parse(text, i, depth + 1))) return {}; + if (SkipWhitespace()) return {}; + if (ch == ']') return i += 1, Value(array); + if (ch != ',') return {}; + } + } + + if (ch == '{') + { + std::unordered_map, Value> object; + while (true) + { + i += 1; + if (SkipWhitespace()) return {}; + if (ch == '}') return i += 1, Value(object); + if (ch != '"') return {}; + auto key = ExtractString(); + if (SkipWhitespace() || ch != ':') return {}; + i += 1; + if (!(object[std::move(key)] = Parse(text, i, depth + 1))) return {}; + if (SkipWhitespace()) return {}; + if (ch == '}') return i += 1, Value(object); + if (ch != ',') return {}; + } + } + + return {}; + } + + template + Value Parse(const std::basic_string& text) + { + int64_t start = 0; + return Parse(text, start, 0); + } +} diff --git a/cpp/LunaHook/LunaHost/GUI/Plugin/extensions/qtcommon.h b/cpp/LunaHook/LunaHost/GUI/Plugin/extensions/qtcommon.h new file mode 100644 index 00000000..d4c73c41 --- /dev/null +++ b/cpp/LunaHook/LunaHost/GUI/Plugin/extensions/qtcommon.h @@ -0,0 +1,45 @@ +#pragma once + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +static thread_local bool ok; + +constexpr auto CONFIG_FILE = u8"Textractor.ini"; +constexpr auto WINDOW = u8"Window"; + + +struct Settings : QSettings { Settings(QObject* parent = nullptr) : QSettings(CONFIG_FILE, QSettings::IniFormat, parent) {} }; +struct QTextFile : QFile { QTextFile(QString name, QIODevice::OpenMode mode) : QFile(name) { open(mode | QIODevice::Text); } }; +struct Localizer { Localizer() { Localize(); } }; +inline std::wstring S(const QString& s) { + //s.toStdWString will crash. unknown why. + std::wstring ws; + ws.resize(s.size()+1); + s.toWCharArray(ws.data()); + ws.resize(s.size()); + return ws; +} +inline QString S(const std::string& s) { return QString::fromStdString(s); } +inline QString S(const std::wstring& s) { return QString::fromStdWString(s); } +// TODO: allow paired surrogates +inline void sanitize(QString& s) { s.chop(std::distance(std::remove_if(s.begin(), s.end(), [](QChar ch) { return ch.isSurrogate(); }), s.end())); } +inline QString sanitize(QString&& s) { sanitize(s); return std::move(s); } + diff --git a/cpp/LunaHook/LunaHost/GUI/Plugin/extensions/regexfilter.cpp b/cpp/LunaHook/LunaHost/GUI/Plugin/extensions/regexfilter.cpp new file mode 100644 index 00000000..d214310a --- /dev/null +++ b/cpp/LunaHook/LunaHost/GUI/Plugin/extensions/regexfilter.cpp @@ -0,0 +1,80 @@ +#include "qtcommon.h" +#include "extension.h" +#include "ui_regexfilter.h" +#include "blockmarkup.h" +#include + +extern const char* REGEX_FILTER; +extern const char* INVALID_REGEX; +extern const char* CURRENT_FILTER; + +const char* REGEX_SAVE_FILE = "SavedRegexFilters.txt"; + +std::optional regex; +std::wstring replace = L"$1"; +concurrency::reader_writer_lock m; +DWORD (*GetSelectedProcessId)() = [] { return 0UL; }; + +class Window : public QDialog, Localizer +{ +public: + Window() : QDialog(nullptr, Qt::WindowMinMaxButtonsHint) + { + ui.setupUi(this); + + connect(ui.regexEdit, &QLineEdit::textEdited, this, &Window::SetRegex); + connect(ui.saveButton, &QPushButton::clicked, this, &Window::Save); + + setWindowTitle(REGEX_FILTER); + //QMetaObject::invokeMethod(this, &QWidget::show, Qt::QueuedConnection); + } + + void SetRegex(QString regex) + { + ui.regexEdit->setText(regex); + std::scoped_lock lock(m); + if (!regex.isEmpty()) try { ::regex = S(regex); } + catch (std::regex_error) { return ui.output->setText(INVALID_REGEX); } + else ::regex = std::nullopt; + ui.output->setText(QString(CURRENT_FILTER).arg(regex)); + } + +private: + void Save() + { + auto formatted = FormatString( + L"\xfeff|PROCESS|%s|FILTER|%s|END|\r\n", + getModuleFilename(GetSelectedProcessId()).value_or(FormatString(L"Error getting name of process 0x%X", GetSelectedProcessId())), + S(ui.regexEdit->text()) + ); + std::ofstream(REGEX_SAVE_FILE, std::ios::binary | std::ios::app).write((const char*)formatted.c_str(), formatted.size() * sizeof(wchar_t)); + } + + Ui::FilterWindow ui; +} window; + +bool ProcessSentence(std::wstring& sentence, SentenceInfo sentenceInfo) +{ + static auto _ = GetSelectedProcessId = (DWORD(*)())sentenceInfo["get selected process id"]; + if (sentenceInfo["text number"] == 0) return false; + if (/*sentenceInfo["current select"] && */!regex) if (auto processName = getModuleFilename(sentenceInfo["process id"])) + { + std::ifstream stream(REGEX_SAVE_FILE, std::ios::binary); + BlockMarkupIterator savedFilters(stream, Array{ L"|PROCESS|", L"|FILTER|" }); + std::vector regexes; + while (auto read = savedFilters.Next()) if (read->at(0) == processName) regexes.push_back(std::move(read->at(1))); + if (!regexes.empty()) QMetaObject::invokeMethod(&window, std::bind(&Window::SetRegex, &window, S(regexes.back())), Qt::BlockingQueuedConnection); + } + concurrency::reader_writer_lock::scoped_lock_read readLock(m); + if (regex) sentence = std::regex_replace(sentence, regex.value(), replace); + return true; +} + + +extern "C" __declspec(dllexport) void VisSetting(bool vis) +{ + if(vis) + QMetaObject::invokeMethod(&window, &QWidget::show, Qt::QueuedConnection); + else + QMetaObject::invokeMethod(&window, &QWidget::hide, Qt::QueuedConnection); +} diff --git a/cpp/LunaHook/LunaHost/GUI/Plugin/extensions/regexfilter.ui b/cpp/LunaHook/LunaHost/GUI/Plugin/extensions/regexfilter.ui new file mode 100644 index 00000000..6e982697 --- /dev/null +++ b/cpp/LunaHook/LunaHost/GUI/Plugin/extensions/regexfilter.ui @@ -0,0 +1,61 @@ + + + FilterWindow + + + + 0 + 0 + 500 + 80 + + + + + + + + + + + + Save + + + + + + + + + + + + Qt::AlignCenter + + + + + + + <a href="https://regexr.com">regexr.com</a> + + + Qt::RichText + + + Qt::AlignCenter + + + true + + + Qt::TextBrowserInteraction + + + + + + + + diff --git a/cpp/LunaHook/LunaHost/GUI/Plugin/extensions/regexreplacer.cpp b/cpp/LunaHook/LunaHost/GUI/Plugin/extensions/regexreplacer.cpp new file mode 100644 index 00000000..1b6692d8 --- /dev/null +++ b/cpp/LunaHook/LunaHost/GUI/Plugin/extensions/regexreplacer.cpp @@ -0,0 +1,71 @@ +#include "extension.h" +#include "blockmarkup.h" +#include +#include + +extern const wchar_t* REGEX_REPLACER_INSTRUCTIONS; + +const char* REPLACE_SAVE_FILE = "SavedRegexReplacements.txt"; + +std::atomic replaceFileLastWrite = {}; +concurrency::reader_writer_lock m; +std::vector> replacements; + +void UpdateReplacements() +{ + try + { + if (replaceFileLastWrite.exchange(std::filesystem::last_write_time(REPLACE_SAVE_FILE)) == std::filesystem::last_write_time(REPLACE_SAVE_FILE)) return; + std::scoped_lock lock(m); + replacements.clear(); + std::ifstream stream(REPLACE_SAVE_FILE, std::ios::binary); + BlockMarkupIterator savedFilters(stream, Array{ L"|REGEX|", L"|BECOMES|", L"|MODIFIER|" }); + while (auto read = savedFilters.Next()) + { + const auto& [regex, replacement, modifier] = read.value(); + try + { + replacements.emplace_back( + std::wregex(regex, modifier.find(L'i') == std::string::npos ? std::regex::ECMAScript : std::regex::icase), + replacement, + modifier.find(L'g') == std::string::npos ? std::regex_constants::format_first_only : std::regex_constants::format_default + ); + } + catch (std::regex_error) {} + } + } + catch (std::filesystem::filesystem_error) { replaceFileLastWrite.store({}); } +} + +BOOL WINAPI DllMain(HMODULE hModule, DWORD ul_reason_for_call, LPVOID lpReserved) +{ + switch (ul_reason_for_call) + { + case DLL_PROCESS_ATTACH: + { + UpdateReplacements(); + if (replacements.empty()) + { + auto file = std::ofstream(REPLACE_SAVE_FILE, std::ios::binary) << "\xff\xfe"; + for (auto ch : std::wstring_view(REGEX_REPLACER_INSTRUCTIONS)) + file << (ch == L'\n' ? std::string_view("\r\0\n", 4) : std::string_view((char*)&ch, 2)); + SpawnThread([] { _spawnlp(_P_DETACH, "notepad", "notepad", REPLACE_SAVE_FILE, NULL); }); // show file to user + } + } + break; + case DLL_PROCESS_DETACH: + { + } + break; + } + return TRUE; +} + +bool ProcessSentence(std::wstring& sentence, SentenceInfo sentenceInfo) +{ + UpdateReplacements(); + + concurrency::reader_writer_lock::scoped_lock_read readLock(m); + for (const auto& [regex, replacement, flags] : replacements) sentence = std::regex_replace(sentence, regex, replacement, flags); + return true; +} diff --git a/cpp/LunaHook/LunaHost/GUI/Plugin/extensions/removerepeatchar.cpp b/cpp/LunaHook/LunaHost/GUI/Plugin/extensions/removerepeatchar.cpp new file mode 100644 index 00000000..cd8a3e05 --- /dev/null +++ b/cpp/LunaHook/LunaHost/GUI/Plugin/extensions/removerepeatchar.cpp @@ -0,0 +1,54 @@ +#include "extension.h" + +bool ProcessSentence(std::wstring& sentence, SentenceInfo sentenceInfo) +{ + if (sentenceInfo["text number"] == 0) return false; + + std::vector repeatNumbers(sentence.size() + 1, 0); + for (int i = 0; i < sentence.size(); ++i) + { + if (sentence[i] != sentence[i + 1]) + { + int j = i; + while (sentence[j] == sentence[i] && --j >= 0); + repeatNumbers[i - j] += 1; + } + } + int repeatNumber = std::distance(repeatNumbers.begin(), std::max_element(repeatNumbers.rbegin(), repeatNumbers.rend()).base() - 1); + if (repeatNumber < 2) return false; + + std::wstring newSentence; + for (int i = 0; i < sentence.size();) + { + newSentence.push_back(sentence[i]); + for (int j = i; j <= sentence.size(); ++j) + { + if (j == sentence.size() || sentence[i] != sentence[j]) + { + i += (j - i) % repeatNumber == 0 ? repeatNumber : 1; + break; + } + } + } + sentence = newSentence; + return true; +} + +TEST( + { + InfoForExtension nonConsole[] = { { "text number", 1 }, {} }; + + std::wstring repeatedChars = L"aaaaaaaaaaaabbbbbbcccdddaabbbcccddd"; + std::wstring someRepeatedChars = L"abcdefaabbccddeeff"; + ProcessSentence(repeatedChars, { nonConsole }); + ProcessSentence(someRepeatedChars, { nonConsole }); + assert(repeatedChars.find(L"aaaabbcd") == 0); + assert(someRepeatedChars == L"abcdefabcdef"); + + std::wstring empty = L"", one = L" ", normal = L"This is a normal sentence. はい"; + ProcessSentence(empty, { nonConsole }); + ProcessSentence(one, { nonConsole }); + ProcessSentence(normal, { nonConsole }); + assert(empty == L"" && one == L" " && normal == L"This is a normal sentence. はい"); + } +); diff --git a/cpp/LunaHook/LunaHost/GUI/Plugin/extensions/removerepeatphrase.cpp b/cpp/LunaHook/LunaHost/GUI/Plugin/extensions/removerepeatphrase.cpp new file mode 100644 index 00000000..a23f4d11 --- /dev/null +++ b/cpp/LunaHook/LunaHost/GUI/Plugin/extensions/removerepeatphrase.cpp @@ -0,0 +1,97 @@ +#include "extension.h" + +std::vector GenerateSuffixArray(const std::wstring& text) +{ + std::vector suffixArray(text.size()); + for (int i = 0; i < text.size(); ++i) suffixArray[i] = i; + // The below code is a more efficient way of doing this: + // std::sort(suffixArray.begin(), suffixArray.end(), [&](int a, int b) { return wcscmp(text.c_str() + a, text.c_str() + b) > 0; }); + std::stable_sort(suffixArray.begin(), suffixArray.end(), [&](int a, int b) { return text[a] > text[b]; }); + std::vector eqClasses(text.begin(), text.end()); + std::vector count(text.size()); + for (int length = 1; length < text.size(); length *= 2) + { + // Determine equivalence class up to length, by checking length / 2 equivalence of suffixes and their following length / 2 suffixes + std::vector prevEqClasses = eqClasses; + eqClasses[suffixArray[0]] = 0; + for (int i = 1; i < text.size(); ++i) + { + int currentSuffix = suffixArray[i], lastSuffix = suffixArray[i - 1]; + if (currentSuffix + length < text.size() && prevEqClasses[currentSuffix] == prevEqClasses[lastSuffix] && + prevEqClasses[currentSuffix + length / 2] == prevEqClasses[lastSuffix + length / 2] + ) + eqClasses[currentSuffix] = eqClasses[lastSuffix]; + else eqClasses[currentSuffix] = i; + } + + // Sort within equivalence class based on order of following suffix after length (orders up to length * 2) + for (int i = 0; i < text.size(); ++i) count[i] = i; + for (auto suffix : std::vector(suffixArray)) + { + int precedingSuffix = suffix - length; + if (precedingSuffix >= 0) suffixArray[count[eqClasses[precedingSuffix]]++] = precedingSuffix; + } + } + for (int i = 0; i + 1 < text.size(); ++i) + assert(wcscmp(text.c_str() + suffixArray[i], text.c_str() + suffixArray[i + 1]) > 0); + return suffixArray; +} + +constexpr wchar_t ERASED = 0xf246; // inside Unicode private use area + +bool ProcessSentence(std::wstring& sentence, SentenceInfo sentenceInfo) +{ + if (sentenceInfo["text number"] == 0) return false; + + // This algorithm looks for repeating substrings (in other words, common prefixes among the set of suffixes) of the sentence with length > 6 + // It then looks for any regions of characters at least twice as long as the substring made up only of characters in the substring, and erases them + // If this results in the substring being completely erased from the string, the substring is copied to the last location where it was located in the original string + auto timeout = GetTickCount64() + 30'000; // give up if taking over 30 seconds + std::vector suffixArray = GenerateSuffixArray(sentence); + for (int i = 0; i + 1 < sentence.size() && GetTickCount64() < timeout; ++i) + { + int commonPrefixLength = 0; + for (int j = suffixArray[i], k = suffixArray[i + 1]; j < sentence.size() && k < sentence.size(); ++j, ++k) + if (sentence[j] != ERASED && sentence[j] == sentence[k]) commonPrefixLength += 1; + else break; + + if (commonPrefixLength > 6) + { + std::wstring substring(sentence, suffixArray[i], commonPrefixLength); + bool substringCharMap[0x10000] = {}; + for (auto ch : substring) substringCharMap[ch] = true; + + for (int regionSize = 0, j = 0; j <= sentence.size(); ++j) + if (substringCharMap[sentence[j]]) regionSize += 1; + else if (regionSize >= commonPrefixLength * 2) + while (regionSize > 0) sentence[j - regionSize--] = ERASED; + else regionSize = 0; + + if (!wcsstr(sentence.c_str(), substring.c_str())) std::copy(substring.begin(), substring.end(), sentence.begin() + max(suffixArray[i], suffixArray[i + 1])); + } + } + sentence.erase(std::remove(sentence.begin(), sentence.end(), ERASED), sentence.end()); + return true; +} + +TEST( + { + InfoForExtension nonConsole[] = { { "text number", 1 }, {} }; + + std::wstring cyclicRepeats = L"Name: '_abcdefg_abcdefg_abcdefg_abcdefg_abcdefg'"; + std::wstring buildupRepeats = L"Name: '__a_ab_abc_abcd_abcde_abcdef_abcdefg'"; + std::wstring breakdownRepeats = L"Name: '_abcdefg_abcdef_abcde_abcd_abc_ab_a_'"; + ProcessSentence(cyclicRepeats, { nonConsole }); + ProcessSentence(buildupRepeats, { nonConsole }); + ProcessSentence(breakdownRepeats, { nonConsole }); + assert(cyclicRepeats == L"Name: '_abcdefg'"); + assert(buildupRepeats == L"Name: '_abcdefg'"); + assert(breakdownRepeats == L"Name: '_abcdefg'"); + + std::wstring empty = L"", one = L" ", normal = L"This is a normal sentence. はい"; + ProcessSentence(empty, { nonConsole }); + ProcessSentence(one, { nonConsole }); + ProcessSentence(normal, { nonConsole }); + assert(empty == L"" && one == L" " && normal == L"This is a normal sentence. はい"); + } +); diff --git a/cpp/LunaHook/LunaHost/GUI/Plugin/extensions/removerepeatphrase2.cpp b/cpp/LunaHook/LunaHost/GUI/Plugin/extensions/removerepeatphrase2.cpp new file mode 100644 index 00000000..80651392 --- /dev/null +++ b/cpp/LunaHook/LunaHost/GUI/Plugin/extensions/removerepeatphrase2.cpp @@ -0,0 +1,52 @@ +#include "extension.h" + +bool ProcessSentence(std::wstring& sentence, SentenceInfo sentenceInfo) +{ + if (sentenceInfo["text number"] == 0) return false; + + // This algorithm looks at all the prefixes of the sentence: if a prefix is found later in the sentence, it is removed from the beginning and the process is repeated + auto timeout = GetTickCount64() + 30'000; // give up if taking over 30 seconds + auto data = std::make_unique(sentence.size() + 1); + wcscpy_s(data.get(), sentence.size() + 1, sentence.c_str()); + wchar_t* dataEnd = data.get() + sentence.size(); + int skip = 0, count = 0; + for (wchar_t* end = dataEnd; end - data.get() > skip && GetTickCount64() < timeout; --end) + { + std::swap(*end, *dataEnd); + int junkLength = end - data.get() - skip; + auto junkFound = wcsstr(sentence.c_str() + skip + junkLength, data.get() + skip); + std::swap(*end, *dataEnd); + if (junkFound) + { + if (count && junkLength < min(skip / count, 4)) break; + skip += junkLength; + count += 1; + end = dataEnd; + } + } + if (count && skip / count >= 3) + { + sentence = data.get() + skip; + return true; + } + return false; +} + +TEST( + { + InfoForExtension nonConsole[] = { { "text number", 1 }, {} }; + + std::wstring cyclicRepeats = L"_abcde_abcdef_abcdefg_abcdefg_abcdefg_abcdefg_abcdefg"; + std::wstring buildupRepeats = L"__a_ab_abc_abcd_abcde_abcdef_abcdefg"; + ProcessSentence(cyclicRepeats, { nonConsole }); + ProcessSentence(buildupRepeats, { nonConsole }); + assert(cyclicRepeats == L"_abcdefg"); + assert(buildupRepeats == L"_abcdefg"); + + std::wstring empty = L"", one = L" ", normal = L"This is a normal sentence. はい"; + ProcessSentence(empty, { nonConsole }); + ProcessSentence(one, { nonConsole }); + ProcessSentence(normal, { nonConsole }); + assert(empty == L"" && one == L" " && normal == L"This is a normal sentence. はい"); + } +); diff --git a/cpp/LunaHook/LunaHost/GUI/Plugin/extensions/removerepeatsentence.cpp b/cpp/LunaHook/LunaHost/GUI/Plugin/extensions/removerepeatsentence.cpp new file mode 100644 index 00000000..cfa2d7e4 --- /dev/null +++ b/cpp/LunaHook/LunaHost/GUI/Plugin/extensions/removerepeatsentence.cpp @@ -0,0 +1,44 @@ +#include "extension.h" + +int sentenceCacheSize = 30; + +BOOL WINAPI DllMain(HMODULE hModule, DWORD ul_reason_for_call, LPVOID lpReserved) +{ + switch (ul_reason_for_call) + { + case DLL_PROCESS_ATTACH: + { + wchar_t filePath[MAX_PATH]; + GetModuleFileNameW(hModule, filePath, MAX_PATH); + if (wchar_t* fileName = wcsrchr(filePath, L'\\')) swscanf_s(fileName, L"\\Remove %d Repeated Sentences.xdll", &sentenceCacheSize); + } + break; + case DLL_PROCESS_DETACH: + { + } + break; + } + return TRUE; +} + +bool ProcessSentence(std::wstring& sentence, SentenceInfo sentenceInfo) +{ + uint64_t textNumber = sentenceInfo["text number"]; + if (textNumber == 0) return false; + + static std::deque>> cache; + static std::mutex m; + m.lock(); + if (textNumber + 1 > cache.size()) cache.resize(textNumber + 1); + auto prevSentences = cache[textNumber].Acquire(); + m.unlock(); + auto& inserted = prevSentences->emplace_back(sentence); + auto firstLocation = std::find(prevSentences->begin(), prevSentences->end(), sentence); + if (&*firstLocation != &inserted) + { + prevSentences->erase(firstLocation); + sentence.clear(); + } + if (prevSentences->size() > sentenceCacheSize) prevSentences->erase(prevSentences->begin()); + return sentence.empty(); +} diff --git a/cpp/LunaHook/LunaHost/GUI/Plugin/extensions/replacer.cpp b/cpp/LunaHook/LunaHost/GUI/Plugin/extensions/replacer.cpp new file mode 100644 index 00000000..be3e1a0a --- /dev/null +++ b/cpp/LunaHook/LunaHost/GUI/Plugin/extensions/replacer.cpp @@ -0,0 +1,142 @@ +#include "extension.h" +#include "blockmarkup.h" +#include +#include +#include +#include + +extern const wchar_t* REPLACER_INSTRUCTIONS; + +constexpr auto REPLACE_SAVE_FILE = u8"SavedReplacements.txt"; + +std::atomic replaceFileLastWrite = {}; +concurrency::reader_writer_lock m; + +class Trie +{ +public: + Trie(const std::istream& replacementScript) + { + BlockMarkupIterator replacementScriptParser(replacementScript, Array{ L"|ORIG|", L"|BECOMES|" }); + while (auto read = replacementScriptParser.Next()) + { + const auto& [original, replacement] = read.value(); + Node* current = &root; + for (auto ch : original) if (!Ignore(ch)) current = Next(current, ch); + if (current != &root) + current->value = charStorage.insert(charStorage.end(), replacement.c_str(), replacement.c_str() + replacement.size() + 1) - charStorage.begin(); + } + } + + std::wstring Replace(const std::wstring& sentence) const + { + std::wstring result; + for (int i = 0; i < sentence.size();) + { + std::wstring_view replacement(sentence.c_str() + i, 1); + int originalLength = 1; + + const Node* current = &root; + for (int j = i; current && j <= sentence.size(); ++j) + { + if (current->value >= 0) + { + replacement = charStorage.data() + current->value; + originalLength = j - i; + } + if (!Ignore(sentence[j])) current = Next(current, sentence[j]) ? Next(current, sentence[j]) : Next(current, L'^'); + } + + result += replacement; + i += originalLength; + } + return result; + } + + bool Empty() + { + return root.charMap.empty(); + } + +private: + static bool Ignore(wchar_t ch) + { + return ch <= 0x20 || iswspace(ch); + } + + template + static Node* Next(Node* node, wchar_t ch) + { + auto it = std::lower_bound(node->charMap.begin(), node->charMap.end(), ch, [](const auto& one, auto two) { return one.first < two; }); + if (it != node->charMap.end() && it->first == ch) return it->second.get(); + if constexpr (!std::is_const_v) return node->charMap.insert(it, { ch, std::make_unique() })->second.get(); + return nullptr; + } + + struct Node + { + std::vector>> charMap; + ptrdiff_t value = -1; + } root; + + std::vector charStorage; +} trie = { std::istringstream("") }; + +void UpdateReplacements() +{ + try + { + if (replaceFileLastWrite.exchange(std::filesystem::last_write_time(REPLACE_SAVE_FILE)) == std::filesystem::last_write_time(REPLACE_SAVE_FILE)) return; + std::scoped_lock lock(m); + trie = Trie(std::ifstream(REPLACE_SAVE_FILE, std::ios::binary)); + } + catch (std::filesystem::filesystem_error) { replaceFileLastWrite.store({}); } +} + +BOOL WINAPI DllMain(HMODULE hModule, DWORD ul_reason_for_call, LPVOID lpReserved) +{ + switch (ul_reason_for_call) + { + case DLL_PROCESS_ATTACH: + { + UpdateReplacements(); + if (trie.Empty()) + { + auto file = std::ofstream(REPLACE_SAVE_FILE, std::ios::binary) << "\xff\xfe"; + for (auto ch : std::wstring_view(REPLACER_INSTRUCTIONS)) + file << (ch == L'\n' ? std::string_view("\r\0\n", 4) : std::string_view((char*)&ch, 2)); + SpawnThread([] { _spawnlp(_P_DETACH, "notepad", "notepad", REPLACE_SAVE_FILE, NULL); }); // show file to user + } + } + break; + case DLL_PROCESS_DETACH: + { + } + break; + } + return TRUE; +} + +bool ProcessSentence(std::wstring& sentence, SentenceInfo) +{ + UpdateReplacements(); + + concurrency::reader_writer_lock::scoped_lock_read readLock(m); + sentence = trie.Replace(sentence); + return true; +} + +TEST( + { + std::wstring replacementScript = LR"( +|ORIG|さよなら|BECOMES|goodbye |END|Ignore this text +And this text ツ   +|ORIG|バカ|BECOMES|idiot|END| +|ORIG|こんにちは |BECOMES| hello|END||ORIG|delet^this|BECOMES||END|)"; + Trie replacements(std::istringstream(std::string{ (const char*)replacementScript.c_str(), replacementScript.size() * sizeof(wchar_t) })); + std::wstring original = LR"(Don't replace this  + さよなら バカ こんにちは delete this)"; + std::wstring replaced = Trie(std::move(replacements)).Replace(original); + assert(replaced == L"Don't replace thisgoodbye idiot hello"); + } +); diff --git a/cpp/LunaHook/LunaHost/GUI/Plugin/extensions/styler.cpp b/cpp/LunaHook/LunaHost/GUI/Plugin/extensions/styler.cpp new file mode 100644 index 00000000..a5cc63a2 --- /dev/null +++ b/cpp/LunaHook/LunaHost/GUI/Plugin/extensions/styler.cpp @@ -0,0 +1,63 @@ +#include "qtcommon.h" +#include "extension.h" +#include + +extern const char* LOAD_SCRIPT; + +constexpr auto STYLE_SAVE_FILE = u8"Textractor.qss"; + +class Window : public QDialog, Localizer +{ +public: + Window() : QDialog(nullptr, Qt::WindowMinMaxButtonsHint) + { + connect(&loadButton, &QPushButton::clicked, this, &Window::LoadScript); + + if (scriptEditor.toPlainText().isEmpty()) + scriptEditor.setPlainText("/*\nhttps://www.google.com/search?q=Qt+stylesheet+gallery\nhttps://doc.qt.io/qt-5/stylesheet-syntax.html\n*/"); + layout.addWidget(&scriptEditor); + layout.addWidget(&loadButton); + + resize(800, 600); + setWindowTitle("Styler"); + //QMetaObject::invokeMethod(this, &QWidget::show, Qt::QueuedConnection); + + LoadScript(); + } + + ~Window() + { + qApp->setStyleSheet(""); + Save(); + } + +private: + void LoadScript() + { + qApp->setStyleSheet(scriptEditor.toPlainText()); + Save(); + } + + void Save() + { + QTextFile(STYLE_SAVE_FILE, QIODevice::WriteOnly | QIODevice::Truncate).write(scriptEditor.toPlainText().toUtf8()); + } + + QHBoxLayout layout{ this }; + QPlainTextEdit scriptEditor{ QTextFile(STYLE_SAVE_FILE, QIODevice::ReadOnly).readAll(), this }; + QPushButton loadButton{ LOAD_SCRIPT, this }; +} window; + +bool ProcessSentence(std::wstring& sentence, SentenceInfo sentenceInfo) +{ + return false; +} + + +extern "C" __declspec(dllexport) void VisSetting(bool vis) +{ + if(vis) + QMetaObject::invokeMethod(&window, &QWidget::show, Qt::QueuedConnection); + else + QMetaObject::invokeMethod(&window, &QWidget::hide, Qt::QueuedConnection); +} diff --git a/cpp/LunaHook/LunaHost/GUI/Plugin/extensions/text.cpp b/cpp/LunaHook/LunaHost/GUI/Plugin/extensions/text.cpp new file mode 100644 index 00000000..a4fe755e --- /dev/null +++ b/cpp/LunaHook/LunaHost/GUI/Plugin/extensions/text.cpp @@ -0,0 +1,1409 @@ +#ifdef _WIN64 +#define ARCH "x64" +#else +#define ARCH "x86" +#endif + +#if 0 +#define TURKISH +#define SPANISH +#define SIMPLIFIED_CHINESE +#define RUSSIAN +#define INDONESIAN +#define ITALIAN +#define THAI +#define PORTUGUESE +#define KOREAN +#define FRENCH +#endif + +// If you are updating a previous translation see https://github.com/Artikash/Textractor/issues/313 + +const char* NATIVE_LANGUAGE = "English"; +const char* ATTACH = u8"Attach to game"; +const char* LAUNCH = u8"Launch game"; +const char* CONFIG = u8"Configure game"; +const char* DETACH = u8"Detach from game"; +const char* FORGET = u8"Forget game"; +const char* ADD_HOOK = u8"Add hook"; +const char* REMOVE_HOOKS = u8"Remove hook(s)"; +const char* SAVE_HOOKS = u8"Save hook(s)"; +const char* SEARCH_FOR_HOOKS = u8"Search for hooks"; +const char* SETTINGS = u8"Settings"; +const char* EXTENSIONS = u8"Extensions"; +const char* SELECT_PROCESS = u8"Select process"; +const char* ATTACH_INFO = u8R"(If you don't see the process you want to attach, try running with admin rights +You can also type in the process ID)"; +const char* SELECT_PROCESS_INFO = u8"If you manually type in the process file name, use the absolute path"; +const char* FROM_COMPUTER = u8"Select from computer"; +const char* PROCESSES = u8"Processes (*.exe)"; +const char* CODE_INFODUMP = u8R"(Enter read code +R{S|Q|V|M}[null_length<][codepage#]@addr +OR +Enter hook code +H{A|B|W|H|S|Q|V|M}[F][null_length<][N][codepage#][padding+]data_offset[*deref_offset][:split_offset[*deref_offset]]@addr[:module[:func]] +All numbers except codepage/null_length in hexadecimal +Default codepage is 932 (Shift-JIS) but this can be changed in settings +A/B: codepage char little/big endian +W: UTF-16 char +H: Two hex bytes +S/Q/V/M: codepage/UTF-16/UTF-8/hex string +F: treat strings as full lines of text +N: don't use context +null_length: length of null terminator used for string +padding: length of padding data before string (C struct { int64_t size; char string[500]; } needs padding = 8) +Negatives for data_offset/split_offset refer to registers +-4 for EAX, -8 for ECX, -C for EDX, -10 for EBX, -14 for ESP, -18 for EBP, -1C for ESI, -20 for EDI +-C for RAX, -14 for RBX, -1C for RCX, -24 for RDX, and so on for RSP, RBP, RSI, RDI, R8-R15 +* means dereference pointer+deref_offset)"; +const char* SAVE_SETTINGS = u8"Save settings"; +const char* EXTEN_WINDOW_INSTRUCTIONS = u8R"(Right click the list to add or remove extensions +Drag and drop extensions within the list to reorder them +(Extensions are used from top to bottom: order DOES matter))"; +const char* ADD_EXTENSION = u8"Add extension"; +const char* REMOVE_EXTENSION = u8"Remove extension"; +const char* INVALID_EXTENSION = u8"%1 is an invalid extension"; +const char* CONFIRM_EXTENSION_OVERWRITE = u8"Another version of this extension already exists, do you want to delete and overwrite it?"; +const char* EXTENSION_WRITE_ERROR = u8"Failed to save extension"; +const char* USE_JP_LOCALE = u8"Emulate japanese locale?"; +const char* FAILED_TO_CREATE_CONFIG_FILE = u8"Failed to create config file \"%1\""; +const char* HOOK_SEARCH_UNSTABLE_WARNING = u8"Searching for hooks is unstable! Be prepared for your game to crash!"; +const char* HOOK_SEARCH_STARTING_VIEW_CONSOLE = u8"Initializing hook search - please check console for further instructions"; +const char* SEARCH_CJK = u8"Search for Chinese/Japanese/Korean"; +const char* SEARCH_PATTERN = u8"Search pattern (hex byte array)"; +const char* SEARCH_DURATION = u8"Search duration (ms)"; +const char* SEARCH_MODULE = u8"Search within module"; +const char* PATTERN_OFFSET = u8"Offset from pattern start"; +const char* MAX_HOOK_SEARCH_RECORDS = u8"Search result cap"; +const char* MIN_ADDRESS = u8"Minimum address (hex)"; +const char* MAX_ADDRESS = u8"Maximum address (hex)"; +const char* STRING_OFFSET = u8"String offset (hex)"; +const char* HOOK_SEARCH_FILTER = u8"Results must match this regex"; +const char* TEXT = u8"Text"; +const char* CODEPAGE = u8"Codepage"; +const char* SEARCH_FOR_TEXT = u8"Search for specific text"; +const char* START_HOOK_SEARCH = u8"Start hook search"; +const char* SAVE_SEARCH_RESULTS = u8"Save search results"; +const char* TEXT_FILES = u8"Text (*.txt)"; +const char* DOUBLE_CLICK_TO_REMOVE_HOOK = u8"Double click a hook to remove it"; +const char* FILTER_REPETITION = u8"Filter repetition"; +const char* AUTO_ATTACH = u8"Auto attach"; +const char* ATTACH_SAVED_ONLY = u8"Auto attach (saved only)"; +const char* SHOW_SYSTEM_PROCESSES = u8"Show system processes"; +const char* DEFAULT_CODEPAGE = u8"Default codepage"; +const char* FLUSH_DELAY = u8"Flush delay"; +const char* MAX_BUFFER_SIZE = u8"Max buffer size"; +const char* MAX_HISTORY_SIZE = u8"Max history size"; +const char* CONFIG_JP_LOCALE = u8"Launch with JP locale"; +const wchar_t* CONSOLE = L"Console"; +const wchar_t* CLIPBOARD = L"Clipboard"; +const wchar_t* CL_OPTIONS = LR"(usage: Textractor [-p{process ID|"process name"}]... +example: Textractor -p4466 -p"My Game.exe" tries to inject processes with ID 4466 or with name My Game.exe)"; +const wchar_t* UPDATE_AVAILABLE = L"Update available: download it from https://github.com/Artikash/Textractor/releases"; +const wchar_t* ALREADY_INJECTED = L"Textractor: already injected"; +const wchar_t* NEED_32_BIT = L"Textractor: architecture mismatch: only Textractor x86 can inject this process"; +const wchar_t* NEED_64_BIT = L"Textractor: architecture mismatch: only Textractor x64 can inject this process"; +const wchar_t* INJECT_FAILED = L"Textractor: couldn't inject"; +const wchar_t* LAUNCH_FAILED = L"Textractor: couldn't launch"; +const wchar_t* INVALID_CODE = L"Textractor: invalid code"; +const wchar_t* INVALID_CODEPAGE = L"Textractor: couldn't convert text (invalid codepage?)"; +const char* PIPE_CONNECTED = u8"Textractor: pipe connected"; +const char* INSERTING_HOOK = u8"Textractor: inserting hook: %s"; +const char* REMOVING_HOOK = u8"Textractor: removing hook: %s"; +const char* HOOK_FAILED = u8"Textractor: failed to insert hook"; +const char* TOO_MANY_HOOKS = u8"Textractor: too many hooks: can't insert"; +const char* HOOK_SEARCH_STARTING = u8"Textractor: starting hook search"; +const char* HOOK_SEARCH_INITIALIZING = u8"Textractor: initializing hook search (%f%%)"; +const char* NOT_ENOUGH_TEXT = u8"Textractor: not enough text to search accurately"; +const char* HOOK_SEARCH_INITIALIZED = u8"Textractor: initialized hook search with %zd hooks"; +const char* MAKE_GAME_PROCESS_TEXT = u8"Textractor: please click around in the game to force it to process text during the next %d seconds"; +const char* HOOK_SEARCH_FINISHED = u8"Textractor: hook search finished, %d results found"; +const char* OUT_OF_RECORDS_RETRY = u8"Textractor: out of search records, please retry if results are poor (default record count increased)"; +const char* FUNC_MISSING = u8"Textractor: function not present"; +const char* MODULE_MISSING = u8"Textractor: module not present"; +const char* GARBAGE_MEMORY = u8"Textractor: memory constantly changing, useless to read"; +const char* SEND_ERROR = u8"Textractor: Send ERROR (likely an unstable/incorrect H-code)"; +const char* READ_ERROR = u8"Textractor: Reader ERROR (likely an incorrect R-code)"; +const char* HIJACK_ERROR = u8"Textractor: Hijack ERROR"; +const char* COULD_NOT_FIND = u8"Textractor: could not find text"; +const char* TRANSLATE_TO = u8"Translate to"; +const char* TRANSLATE_FROM = u8"Translate from"; +const char* FILTER_GARBAGE = u8"Filter garbage characters"; +const char* TRANSLATE_SELECTED_THREAD_ONLY = u8"Translate selected text thread only"; +const char* RATE_LIMIT_ALL_THREADS = u8"Use rate limiter"; +const char* RATE_LIMIT_SELECTED_THREAD = u8"Rate limit selected text thread"; +const char* USE_TRANS_CACHE = u8"Use translation cache"; +const char* MAX_TRANSLATIONS_IN_TIMESPAN = u8"Max translation requests in timespan"; +const char* TIMESPAN = u8"Timespan (ms)"; +const wchar_t* SENTENCE_TOO_LARGE_TO_TRANS = L"Sentence too large to translate"; +const wchar_t* TOO_MANY_TRANS_REQUESTS = L"Rate limit exceeded: refuse to make more translation requests"; +const wchar_t* TRANSLATION_ERROR = L"Error while translating"; +const char* USE_PREV_SENTENCE_CONTEXT = u8"Use previous sentence as context"; +const char* API_KEY = u8"API key"; +const char* CHROME_LOCATION = u8"Google Chrome file location"; +const char* START_DEVTOOLS = u8"Start DevTools"; +const char* STOP_DEVTOOLS = u8"Stop DevTools"; +const char* HIDE_CHROME = u8"Hide Chrome window"; +const char* DEVTOOLS_STATUS = u8"DevTools status"; +const char* AUTO_START = u8"Start automatically"; +const wchar_t* ERROR_START_CHROME = L"failed to start Chrome or to connect to it"; +const char* EXTRA_WINDOW_INFO = u8R"(Right click to change settings +Click and drag on window edges to move, or the bottom right corner to resize)"; +const char* MAX_SENTENCE_SIZE = u8"Max sentence size"; +const char* TOPMOST = u8"Always on top"; +const char* DICTIONARY = u8"Dictionary"; +const char* DICTIONARY_INSTRUCTIONS = u8R"(This file is used only for the "Dictionary" feature of the Extra Window extension. +It uses a custom format specific to Textractor and is not meant to be written manually. +You should look for a dictionary in this format online (https://github.com/Artikash/Textractor-Dictionaries/releases is a good place to start). +Alternatively, if you're a programmer, you can write a script to convert a dictionary from another format with the info below. +Once you have a dictionary, to look up some text in Extra Window, hover over it. You can scroll through all the matching definitions. +Definitions are formatted like this:|TERM|Hola< + +extern const char* THREAD_LINKER; +extern const char* LINK; +extern const char* UNLINK; +extern const char* THREAD_LINK_FROM; +extern const char* THREAD_LINK_TO; +extern const char* HEXADECIMAL; + +std::unordered_map> links; +std::unordered_set universalLinks, empty; +bool separateSentences = false; // allow user to change? +concurrency::reader_writer_lock m; + +class Window : public QDialog, Localizer +{ +public: + Window() : QDialog(nullptr, Qt::WindowMinMaxButtonsHint) + { + ui.setupUi(this); + ui.linkButton->setText(LINK); + ui.unlinkButton->setText(UNLINK); + connect(ui.linkButton, &QPushButton::clicked, this, &Window::Link); + connect(ui.unlinkButton, &QPushButton::clicked, this, &Window::Unlink); + + setWindowTitle(THREAD_LINKER); + //QMetaObject::invokeMethod(this, &QWidget::show, Qt::QueuedConnection); + } + +private: + void Link() + { + bool ok1, ok2, ok3, ok4; + QString fromInput = QInputDialog::getText(this, THREAD_LINK_FROM, HEXADECIMAL, QLineEdit::Normal, "All", &ok1, Qt::WindowCloseButtonHint); + int from = fromInput.toInt(&ok2, 16); + if (ok1 && (fromInput == "All" || ok2)) + { + int to = QInputDialog::getText(this, THREAD_LINK_TO, HEXADECIMAL, QLineEdit::Normal, "", &ok3, Qt::WindowCloseButtonHint).toInt(&ok4, 16); + if (ok3 && ok4) + { + std::scoped_lock lock(m); + if ((ok2 ? links[from] : universalLinks).insert(to).second) + ui.linkList->addItem((ok2 ? QString::number(from, 16) : "All") + "->" + QString::number(to, 16)); + } + } + } + + void Unlink() + { + if (ui.linkList->currentItem()) + { + QStringList link = ui.linkList->currentItem()->text().split("->"); + ui.linkList->takeItem(ui.linkList->currentRow()); + std::scoped_lock lock(m); + (link[0] == "All" ? universalLinks : links[link[0].toInt(nullptr, 16)]).erase(link[1].toInt(nullptr, 16)); + } + } + + void keyPressEvent(QKeyEvent* event) override + { + if (event->key() == Qt::Key_Delete) Unlink(); + } + + Ui::LinkWindow ui; +} window; + +bool ProcessSentence(std::wstring& sentence, SentenceInfo sentenceInfo) +{ + concurrency::reader_writer_lock::scoped_lock_read readLock(m); + auto action = separateSentences ? sentenceInfo["add sentence"] : sentenceInfo["add text"]; + auto it = links.find(sentenceInfo["text number"]); + for (const auto& linkSet : { it != links.end() ? it->second : empty, sentenceInfo["text number"] > 1 ? universalLinks : empty }) + for (auto link : linkSet) + ((void(*)(int64_t, const wchar_t*))action)(link, sentence.c_str()); + return false; +} + + + + +extern "C" __declspec(dllexport) void VisSetting(bool vis) +{ + if(vis) + QMetaObject::invokeMethod(&window, &QWidget::show, Qt::QueuedConnection); + else + QMetaObject::invokeMethod(&window, &QWidget::hide, Qt::QueuedConnection); +} diff --git a/cpp/LunaHook/LunaHost/GUI/Plugin/extensions/threadlinker.ui b/cpp/LunaHook/LunaHost/GUI/Plugin/extensions/threadlinker.ui new file mode 100644 index 00000000..4788efc3 --- /dev/null +++ b/cpp/LunaHook/LunaHost/GUI/Plugin/extensions/threadlinker.ui @@ -0,0 +1,47 @@ + + + LinkWindow + + + + 0 + 0 + 400 + 300 + + + + + + + + + + + + Qt::Vertical + + + + + + + + + + + + + + + Qt::Vertical + + + + + + + + + + diff --git a/cpp/LunaHook/LunaHost/GUI/Plugin/extensions/translatewrapper.cpp b/cpp/LunaHook/LunaHost/GUI/Plugin/extensions/translatewrapper.cpp new file mode 100644 index 00000000..392614df --- /dev/null +++ b/cpp/LunaHook/LunaHost/GUI/Plugin/extensions/translatewrapper.cpp @@ -0,0 +1,221 @@ +#include "qtcommon.h" +#include "extension.h" +#include "translatewrapper.h" +#include "blockmarkup.h" +#include +#include +#include + +extern const char* NATIVE_LANGUAGE; +extern const char* TRANSLATE_TO; +extern const char* TRANSLATE_FROM; +extern const char* TRANSLATE_SELECTED_THREAD_ONLY; +extern const char* RATE_LIMIT_ALL_THREADS; +extern const char* RATE_LIMIT_SELECTED_THREAD; +extern const char* USE_TRANS_CACHE; +extern const char* FILTER_GARBAGE; +extern const char* MAX_TRANSLATIONS_IN_TIMESPAN; +extern const char* TIMESPAN; +extern const char* MAX_SENTENCE_SIZE; +extern const char* API_KEY; +extern const wchar_t* SENTENCE_TOO_LARGE_TO_TRANS; +extern const wchar_t* TRANSLATION_ERROR; +extern const wchar_t* TOO_MANY_TRANS_REQUESTS; + +extern const char* TRANSLATION_PROVIDER; +extern const char* GET_API_KEY_FROM; +extern const QStringList languagesTo, languagesFrom; +extern bool translateSelectedOnly, useRateLimiter, rateLimitSelected, useCache, useFilter; +extern int tokenCount, rateLimitTimespan, maxSentenceSize; +std::pair Translate(const std::wstring& text, TranslationParam tlp); + +QFormLayout* display; +Settings settings; + +namespace +{ + Synchronized tlp; + Synchronized> translationCache; + + std::string CacheFile() + { + return FormatString("%s Cache (%S).txt", TRANSLATION_PROVIDER, tlp->translateTo); + } + void SaveCache() + { + std::wstring allTranslations(L"\xfeff"); + for (const auto& [sentence, translation] : translationCache.Acquire().contents) + allTranslations.append(L"|SENTENCE|").append(sentence).append(L"|TRANSLATION|").append(translation).append(L"|END|\r\n"); + std::ofstream(CacheFile(), std::ios::binary | std::ios::trunc).write((const char*)allTranslations.c_str(), allTranslations.size() * sizeof(wchar_t)); + } + void LoadCache() + { + translationCache->clear(); + std::ifstream stream(CacheFile(), std::ios::binary); + BlockMarkupIterator savedTranslations(stream, Array{ L"|SENTENCE|", L"|TRANSLATION|" }); + auto translationCache = ::translationCache.Acquire(); + while (auto read = savedTranslations.Next()) + { + auto& [sentence, translation] = read.value(); + translationCache->try_emplace(std::move(sentence), std::move(translation)); + } + } +} + +class Window : public QDialog, Localizer +{ +public: + Window() : QDialog(nullptr, Qt::WindowMinMaxButtonsHint) + { + display = new QFormLayout(this); + + settings.beginGroup(TRANSLATION_PROVIDER); + + auto translateToCombo = new QComboBox(this); + translateToCombo->addItems(languagesTo); + int i = -1; + if (settings.contains(TRANSLATE_TO)) i = translateToCombo->findText(settings.value(TRANSLATE_TO).toString()); + if (i < 0) i = translateToCombo->findText(NATIVE_LANGUAGE, Qt::MatchStartsWith); + if (i < 0) i = translateToCombo->findText("English", Qt::MatchStartsWith); + translateToCombo->setCurrentIndex(i); + SaveTranslateTo(translateToCombo->currentText()); + display->addRow(TRANSLATE_TO, translateToCombo); + connect(translateToCombo, &QComboBox::currentTextChanged, this, &Window::SaveTranslateTo); + auto translateFromCombo = new QComboBox(this); + translateFromCombo->addItem("?"); + translateFromCombo->addItems(languagesFrom); + i = -1; + if (settings.contains(TRANSLATE_FROM)) i = translateFromCombo->findText(settings.value(TRANSLATE_FROM).toString()); + if (i < 0) i = 0; + translateFromCombo->setCurrentIndex(i); + SaveTranslateFrom(translateFromCombo->currentText()); + display->addRow(TRANSLATE_FROM, translateFromCombo); + connect(translateFromCombo, &QComboBox::currentTextChanged, this, &Window::SaveTranslateFrom); + for (auto [value, label] : Array{ + { translateSelectedOnly, TRANSLATE_SELECTED_THREAD_ONLY }, + { useRateLimiter, RATE_LIMIT_ALL_THREADS }, + { rateLimitSelected, RATE_LIMIT_SELECTED_THREAD }, + { useCache, USE_TRANS_CACHE }, + { useFilter, FILTER_GARBAGE } + }) + { + value = settings.value(label, value).toBool(); + auto checkBox = new QCheckBox(this); + checkBox->setChecked(value); + display->addRow(label, checkBox); + connect(checkBox, &QCheckBox::clicked, [label, &value](bool checked) { settings.setValue(label, value = checked); }); + } + for (auto [value, label] : Array{ + { tokenCount, MAX_TRANSLATIONS_IN_TIMESPAN }, + { rateLimitTimespan, TIMESPAN }, + { maxSentenceSize, MAX_SENTENCE_SIZE }, + }) + { + value = settings.value(label, value).toInt(); + auto spinBox = new QSpinBox(this); + spinBox->setRange(0, INT_MAX); + spinBox->setValue(value); + display->addRow(label, spinBox); + connect(spinBox, qOverload(&QSpinBox::valueChanged), [label, &value](int newValue) { settings.setValue(label, value = newValue); }); + } + if (GET_API_KEY_FROM) + { + auto keyEdit = new QLineEdit(settings.value(API_KEY).toString(), this); + tlp->authKey = S(keyEdit->text()); + QObject::connect(keyEdit, &QLineEdit::textChanged, [](QString key) { settings.setValue(API_KEY, S(tlp->authKey = S(key))); }); + auto keyLabel = new QLabel(QString("%2").arg(GET_API_KEY_FROM, API_KEY), this); + keyLabel->setOpenExternalLinks(true); + display->addRow(keyLabel, keyEdit); + } + + setWindowTitle(TRANSLATION_PROVIDER); + //QMetaObject::invokeMethod(this, &QWidget::show, Qt::QueuedConnection); + } + + ~Window() + { + SaveCache(); + } + +private: + void SaveTranslateTo(QString language) + { + SaveCache(); + settings.setValue(TRANSLATE_TO, S(tlp->translateTo = S(language))); + LoadCache(); + } + void SaveTranslateFrom(QString language) + { + settings.setValue(TRANSLATE_FROM, S(tlp->translateFrom = S(language))); + } +} window; + +bool ProcessSentence(std::wstring& sentence, SentenceInfo sentenceInfo) +{ + if (sentenceInfo["text number"] == 0) return false; + + static class + { + public: + bool Request() + { + DWORD64 current = GetTickCount64(), token; + while (tokens.try_pop(token)) if (token > current - rateLimitTimespan) + { + tokens.push(token); // popped one too many + break; + } + bool available = tokens.size() < tokenCount; + if (available) tokens.push(current); + return available; + } + + private: + concurrency::concurrent_priority_queue> tokens; + } rateLimiter; + + bool cache = false; + std::wstring translation; + if (useFilter) + { + Trim(sentence); + sentence.erase(std::remove_if(sentence.begin(), sentence.end(), [](wchar_t ch) { return ch < ' ' && ch != '\n'; }), sentence.end()); + } + if (sentence.empty()) return true; + if (sentence.size() > maxSentenceSize) translation = SENTENCE_TOO_LARGE_TO_TRANS; + if (useCache) + { + auto translationCache = ::translationCache.Acquire(); + if (auto it = translationCache->find(sentence); it != translationCache->end()) translation = it->second; + } + if (translation.empty() && (!translateSelectedOnly || sentenceInfo["current select"])) + if (rateLimiter.Request() || !useRateLimiter || (!rateLimitSelected && sentenceInfo["current select"])) std::tie(cache, translation) = Translate(sentence, tlp.Copy()); + else translation = TOO_MANY_TRANS_REQUESTS; + if (cache) translationCache->operator[](sentence) = translation; + + if (useFilter) Trim(translation); + for (int i = 0; i < translation.size(); ++i) if (translation[i] == '\r' && translation[i + 1] == '\n') translation[i] = 0x200b; // for some reason \r appears as newline - no need to double + if (translation.empty()) translation = TRANSLATION_ERROR; + (sentence += L"\x200b \n") += translation; + return true; +} + +extern const std::unordered_map codes; +TEST( + { + assert(Translate(L"こんにちは", { L"English", L"?", L"" }).second.find(L"ello") == 1 || strstr(TRANSLATION_PROVIDER, "DevTools")); + + for (auto languages : { languagesFrom, languagesTo }) for (auto language : languages) + assert(codes.count(S(language))); + assert(codes.count(L"?")); + } +); + + +extern "C" __declspec(dllexport) void VisSetting(bool vis) +{ + if(vis) + QMetaObject::invokeMethod(&window, &QWidget::show, Qt::QueuedConnection); + else + QMetaObject::invokeMethod(&window, &QWidget::hide, Qt::QueuedConnection); +} diff --git a/cpp/LunaHook/LunaHost/GUI/Plugin/extensions/translatewrapper.h b/cpp/LunaHook/LunaHost/GUI/Plugin/extensions/translatewrapper.h new file mode 100644 index 00000000..9d34a389 --- /dev/null +++ b/cpp/LunaHook/LunaHost/GUI/Plugin/extensions/translatewrapper.h @@ -0,0 +1,6 @@ +#pragma once + +struct TranslationParam +{ + std::wstring translateTo, translateFrom, authKey; +}; diff --git a/cpp/LunaHook/LunaHost/GUI/QtLoader_inline.cpp b/cpp/LunaHook/LunaHost/GUI/QtLoader_inline.cpp new file mode 100644 index 00000000..682f642d --- /dev/null +++ b/cpp/LunaHook/LunaHost/GUI/QtLoader_inline.cpp @@ -0,0 +1,156 @@ +#include +#include +#include +#include +#include +#include +#include "pluginmanager.h" +#include "lockedqueue.hpp" +#ifndef _WIN64 +#define THISCALL __thiscall +#define _CDECL __cdecl +#define fnQString_fromStdWString "?fromStdWString@QString@@SA?AV1@ABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z" +#define fnQCoreApplication_addLibraryPath "?addLibraryPath@QCoreApplication@@SAXABVQString@@@Z" +#define fnQString_dtor "??1QString@@QAE@XZ" +#define fnQApplication_ctor "??0QApplication@@QAE@AAHPAPADH@Z" +#define fnQFont_ctor "??0QFont@@QAE@ABVQString@@HH_N@Z" +#define fnQApplication_setFont "?setFont@QApplication@@SAXABVQFont@@PBD@Z" +#define fnQFont_dtor "??1QFont@@QAE@XZ" +#define fnQApplication_exec "?exec@QApplication@@SAHXZ" +#define fnQApplication_dtor "??1QApplication@@UAE@XZ" +#else +#define THISCALL __fastcall +#define _CDECL __fastcall +#define fnQString_fromStdWString "?fromStdWString@QString@@SA?AV1@AEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z" +#define fnQCoreApplication_addLibraryPath "?addLibraryPath@QCoreApplication@@SAXAEBVQString@@@Z" +#define fnQString_dtor "??1QString@@QEAA@XZ" +#define fnQApplication_ctor "??0QApplication@@QEAA@AEAHPEAPEADH@Z" +#define fnQFont_ctor "??0QFont@@QEAA@AEBVQString@@HH_N@Z" +#define fnQApplication_setFont "?setFont@QApplication@@SAXAEBVQFont@@PEBD@Z" +#define fnQFont_dtor "??1QFont@@QEAA@XZ" +#define fnQApplication_exec "?exec@QApplication@@SAHXZ" +#define fnQApplication_dtor "??1QApplication@@UEAA@XZ" +#endif +#define fnQApplication_processEvents "?processEvents@QCoreApplication@@SAXV?$QFlags@W4ProcessEventsFlag@QEventLoop@@@@@Z" + +FARPROC QString_fromStdWString, QCoreApplication_addLibraryPath, QString_dtor, QApplication_ctor, QFont_ctor, QFont_dtor, QApplication_setFont, QApplication_exec, QApplication_dtor, QApplication_processEvents; + +bool checkqterror() +{ + return QString_fromStdWString == 0 || QCoreApplication_addLibraryPath == 0 || QString_dtor == 0 || QApplication_ctor == 0 || QFont_ctor == 0 || QFont_dtor == 0 || QApplication_setFont == 0 || QApplication_exec == 0 || QApplication_dtor == 0 || QApplication_processEvents == 0; +} +void loadqtdlls() +{ + QString_fromStdWString = QCoreApplication_addLibraryPath = QString_dtor = QApplication_ctor = QFont_ctor = QFont_dtor = QApplication_setFont = QApplication_exec = QApplication_dtor = QApplication_processEvents = 0; + + auto Qt5Widgets = LoadLibrary(L"Qt5Widgets.dll"); + auto Qt5Gui = LoadLibrary(L"Qt5Gui.dll"); + auto Qt5Core = LoadLibrary(L"Qt5Core.dll"); + if (Qt5Core == 0 || Qt5Gui == 0 || Qt5Widgets == 0) + return; + + QString_fromStdWString = GetProcAddress(Qt5Core, fnQString_fromStdWString); + QCoreApplication_addLibraryPath = GetProcAddress(Qt5Core, fnQCoreApplication_addLibraryPath); + QString_dtor = GetProcAddress(Qt5Core, fnQString_dtor); + QApplication_ctor = GetProcAddress(Qt5Widgets, fnQApplication_ctor); + QFont_ctor = GetProcAddress(Qt5Gui, fnQFont_ctor); + QFont_dtor = GetProcAddress(Qt5Gui, fnQFont_dtor); + QApplication_setFont = GetProcAddress(Qt5Widgets, fnQApplication_setFont); + QApplication_exec = GetProcAddress(Qt5Widgets, fnQApplication_exec); + QApplication_dtor = GetProcAddress(Qt5Widgets, fnQApplication_dtor); + QApplication_processEvents = GetProcAddress(Qt5Core, fnQApplication_processEvents); +} +struct info +{ + int type; + std::wstring dll; + HMODULE hdll; +}; +lockedqueue waitingtask; +lockedqueue waitingresult; + +extern "C" __declspec(dllexport) void QtStartUp(std::vector *dlls) +{ + + static bool once = false; + if (once) + return; + loadqtdlls(); + once = !checkqterror(); + if (!once) + return; + std::thread([=]() + { + static void *qapp; // 必须static + void *qstring; + void *qfont; + for (int i = 0; i < dlls->size(); i++) + { + auto dirname = std::filesystem::path(dlls->at(i)).parent_path().wstring(); + ((void *(_CDECL *)(void *, void *))QString_fromStdWString)(&qstring, &dirname); + ((void(_CDECL *)(void *))QCoreApplication_addLibraryPath)(&qstring); + ((void(THISCALL *)(void *))QString_dtor)(&qstring); + // QCoreApplication_addLibraryPath(QString_fromStdWString(std::filesystem::path(collectQtplugs[i]).parent_path())); + } + + int _ = 0; + ((void *(THISCALL *)(void *, int *, char **, int))QApplication_ctor)(&qapp, &_, 0, 331266); + + std::wstring font = L"MS Shell Dlg 2"; + ((void *(_CDECL *)(void *, void *))QString_fromStdWString)(&qstring, &font); + ((void *(THISCALL *)(void *, void *, int, int, bool))QFont_ctor)(&qfont, &qstring, 10, -1, 0); + ((void(_CDECL *)(void *, void *))QApplication_setFont)(&qfont, 0); + ((void(THISCALL *)(void *))QFont_dtor)(&qfont); + ((void(THISCALL *)(void *))QString_dtor)(&qstring); + + while (true) + { + if (!waitingtask.empty()) + { + auto top = waitingtask.pop(); + if (top.type == 1) + { + waitingresult.push(LoadLibraryW(top.dll.c_str())); + } + else if (top.type == 2) + { + FreeLibrary(top.hdll); + } + } + ((void(_CDECL *)(DWORD))QApplication_processEvents)(0); + Sleep(1); + } + + // ((void(*)())QApplication_exec)(); + + // ((void(THISCALL*)(void*))QApplication_dtor)(&qapp); + }) + .detach(); +} +std::mutex loadmutex; + +extern "C" __declspec(dllexport) std::vector *QtLoadLibraryBatch(std::vector *dlls) +{ + std::lock_guard _(loadmutex); + QtStartUp(dlls); + auto hdlls = new std::vector; + for (int i = 0; i < dlls->size(); i++) + { + if (checkqterror()) + { + hdlls->push_back(0); + } + else + { + waitingtask.push({1, dlls->at(i)}); + hdlls->push_back(waitingresult.pop()); + } + } + return hdlls; +} + +extern "C" __declspec(dllexport) void QtFreeLibrary(HMODULE hd) +{ + std::lock_guard _(loadmutex); + waitingtask.push({2, L"", hd}); +} \ No newline at end of file diff --git a/cpp/LunaHook/LunaHost/GUI/app.manifest b/cpp/LunaHook/LunaHost/GUI/app.manifest new file mode 100644 index 00000000..3a60d001 --- /dev/null +++ b/cpp/LunaHook/LunaHost/GUI/app.manifest @@ -0,0 +1,15 @@ + + + + + + + + \ No newline at end of file diff --git a/cpp/LunaHook/LunaHost/GUI/confighelper.cpp b/cpp/LunaHook/LunaHost/GUI/confighelper.cpp new file mode 100644 index 00000000..181eddb3 --- /dev/null +++ b/cpp/LunaHook/LunaHost/GUI/confighelper.cpp @@ -0,0 +1,47 @@ +#include "confighelper.h" +#include "stringutils.h" +std::string readfile(const wchar_t *fname) +{ + FILE *f; + _wfopen_s(&f, fname, L"rb"); + if (f == 0) + return {}; + fseek(f, 0, SEEK_END); + auto len = ftell(f); + fseek(f, 0, SEEK_SET); + std::string buff; + buff.resize(len); + fread(buff.data(), 1, len, f); + fclose(f); + return buff; +} +void writefile(const wchar_t *fname, const std::string &s) +{ + FILE *f; + _wfopen_s(&f, fname, L"w"); + fprintf(f, "%s", s.c_str()); + fclose(f); +} + +confighelper::confighelper() +{ + configpath = std::filesystem::current_path() / "config.json"; + try + { + configs = nlohmann::json::parse(readfile(configpath.c_str())); + } + catch (std::exception &) + { + configs = {}; + } + + if (configs.find(pluginkey) == configs.end()) + { + configs[pluginkey] = {}; + } +} +confighelper::~confighelper() +{ + + writefile(configpath.c_str(), configs.dump(4)); +} \ No newline at end of file diff --git a/cpp/LunaHook/LunaHost/GUI/confighelper.h b/cpp/LunaHook/LunaHost/GUI/confighelper.h new file mode 100644 index 00000000..b21922e6 --- /dev/null +++ b/cpp/LunaHook/LunaHost/GUI/confighelper.h @@ -0,0 +1,38 @@ +#ifndef LUNA_CONFIG_HELPER +#define LUNA_CONFIG_HELPER +#include + +class confighelper +{ + std::wstring configpath; + +public: + nlohmann::json configs; + confighelper(); + ~confighelper(); + template + T get(const std::string &key, T default1) + { + if (configs.find(key) == configs.end()) + return default1; + return configs[key]; + } + template + void set(const std::string &key, T v) + { + configs[key] = v; + } +}; +template +T safequeryjson(const nlohmann::json &js, const std::string &key, const T &defaultv) +{ + if (js.find(key) == js.end()) + { + return defaultv; + } + return js[key]; +} + +constexpr auto pluginkey = x64 ? "plugins64" : "plugins32"; + +#endif \ No newline at end of file diff --git a/cpp/LunaHook/LunaHost/GUI/controls.cpp b/cpp/LunaHook/LunaHost/GUI/controls.cpp new file mode 100644 index 00000000..8d654584 --- /dev/null +++ b/cpp/LunaHook/LunaHost/GUI/controls.cpp @@ -0,0 +1,493 @@ +#include "controls.h" +#include "window.h" +#include +control::control(mainwindow *_parent) +{ + if (_parent == 0) + return; + parent = _parent; + parent->controls.push_back(this); +} +void control::dispatch(WPARAM) {} +void control::dispatch_2(WPARAM wParam, LPARAM lParam) {}; +button::button(mainwindow *parent) : control(parent) {} +button::button(mainwindow *parent, const std::wstring &text) : control(parent) +{ + winId = CreateWindowEx(0, L"BUTTON", text.c_str(), WS_CHILD | WS_VISIBLE, + 0, 0, 0, 0, parent->winId, NULL, NULL, NULL); +} +void button::dispatch(WPARAM wparam) +{ + if (wparam == BN_CLICKED) + { + onclick(); + } +} +bool checkbox::ischecked() +{ + int state = SendMessage(winId, BM_GETCHECK, 0, 0); + return (state == BST_CHECKED); +} +checkbox::checkbox(mainwindow *parent, const std::wstring &text) : button(parent) +{ + winId = CreateWindowEx(0, L"BUTTON", text.c_str(), WS_CHILD | WS_VISIBLE | BS_AUTOCHECKBOX | BS_RIGHTBUTTON, + 0, 0, 0, 0, parent->winId, NULL, NULL, NULL); +} +void checkbox::setcheck(bool b) +{ + SendMessage(winId, BM_SETCHECK, (WPARAM)BST_CHECKED * b, 0); +} +int spinbox::getcurr() +{ + return SendMessage(hUpDown, UDM_GETPOS32, 0, 0); +} +spinbox::spinbox(mainwindow *parent, int value) : control(parent) +{ + winId = CreateWindowEx(0, L"EDIT", std::to_wstring(value).c_str(), WS_CHILD | WS_VISIBLE | WS_BORDER | ES_NUMBER, + 0, 0, 0, 0, parent->winId, NULL, NULL, NULL); + + hUpDown = CreateWindowEx(0, UPDOWN_CLASS, NULL, + WS_CHILD | WS_VISIBLE | UDS_SETBUDDYINT | UDS_ALIGNRIGHT | UDS_ARROWKEYS | UDS_NOTHOUSANDS, + 0, 0, 0, 0, + parent->winId, NULL, NULL, NULL); + SendMessage(hUpDown, UDM_SETBUDDY, (WPARAM)winId, 0); + setminmax(0, 0x7fffffff); + std::tie(minv, maxv) = getminmax(); +} +void spinbox::setgeo(int x, int y, int w, int h) +{ + MoveWindow(winId, x, y, w, h, TRUE); + SendMessage(hUpDown, UDM_SETBUDDY, (WPARAM)winId, 0); +} +void spinbox::setcurr(int cur) +{ + SendMessage(hUpDown, UDM_SETPOS32, 0, cur); +} +void spinbox::dispatch(WPARAM wparam) +{ + if (HIWORD(wparam) == EN_CHANGE) + { + bool ok = false; + int value; + try + { + value = std::stoi(text()); + ok = true; + } + catch (std::exception &) + { + } + if (ok) + { + if (value > maxv) + { + setcurr(maxv); + value = maxv; + } + else if (value < minv) + { + setcurr(minv); + value = minv; + } + else + { + onvaluechange(value); + } + } + } +} +std::pair spinbox::getminmax() +{ + int minValue, maxValue; + SendMessage(hUpDown, UDM_GETRANGE32, (WPARAM)&minValue, (LPARAM)&maxValue); + return {minValue, maxValue}; +} +void spinbox::setminmax(int min, int max) +{ + SendMessage(hUpDown, UDM_SETRANGE32, min, max); + std::tie(minv, maxv) = getminmax(); +} +multilineedit::multilineedit(mainwindow *parent) : texteditbase(parent) +{ + winId = CreateWindowEx(0, L"EDIT", L"", WS_CHILD | WS_VISIBLE | WS_BORDER | ES_MULTILINE | ES_AUTOVSCROLL | WS_VSCROLL, + 0, 0, 0, 0, parent->winId, NULL, NULL, NULL); + SendMessage(winId, EM_SETLIMITTEXT, 0, 0); +} +std::wstring multilineedit::getsel() +{ + DWORD start, end; + SendMessage(winId, EM_GETSEL, reinterpret_cast(&start), reinterpret_cast(&end)); + int length = end - start; + return text().substr(start, length); +} +lineedit::lineedit(mainwindow *parent) : texteditbase(parent) +{ + winId = CreateWindowEx(0, L"EDIT", L"", WS_CHILD | WS_VISIBLE | WS_BORDER | ES_AUTOHSCROLL, + 0, 0, 0, 0, parent->winId, NULL, NULL, NULL); +} +texteditbase::texteditbase(mainwindow *parent) : control(parent) {} +void texteditbase::setreadonly(bool ro) +{ + SendMessage(winId, EM_SETREADONLY, ro, 0); +} +void texteditbase::scrolltoend() +{ + int textLength = GetWindowTextLength(winId); + SendMessage(winId, EM_SETSEL, (WPARAM)textLength, (LPARAM)textLength); + SendMessage(winId, EM_SCROLLCARET, 0, 0); +} +void texteditbase::appendtext(const std::wstring &text) +{ + auto _ = std::wstring(L"\r\n") + text; + SendMessage(winId, EM_REPLACESEL, 0, (LPARAM)_.c_str()); +} + +void texteditbase::dispatch(WPARAM wparam) +{ + if (HIWORD(wparam) == EN_CHANGE) + { + ontextchange(text()); + } +} +label::label(mainwindow *parent, const std::wstring &text) : control(parent) +{ + winId = CreateWindowEx(0, L"STATIC", text.c_str(), WS_CHILD | WS_VISIBLE, + 0, 0, 0, 0, parent->winId, NULL, NULL, NULL); +} + +listbox::listbox(mainwindow *parent) : control(parent) +{ + + winId = CreateWindowEx(WS_EX_CLIENTEDGE, L"LISTBOX", L"", WS_CHILD | WS_VISIBLE | WS_VSCROLL | LBS_NOTIFY | LBS_NOINTEGRALHEIGHT, + 0, 0, 0, 0, parent->winId, NULL, NULL, NULL); +} +void listbox::dispatch(WPARAM wparam) +{ + if (HIWORD(wparam) == LBN_SELCHANGE) + { + auto idx = currentidx(); + if (idx != -1) + oncurrentchange(idx); + } +} +void listbox::setcurrent(int idx) +{ + SendMessage(winId, LB_SETCURSEL, idx, 0); + if (idx != -1) + oncurrentchange(idx); +} +int listbox::currentidx() +{ + return SendMessage(winId, LB_GETCURSEL, 0, 0); +} +std::wstring listbox::text(int idx) +{ + int textLength = SendMessage(winId, LB_GETTEXTLEN, idx, 0); + std::vector buffer(textLength + 1); + SendMessage(winId, LB_GETTEXT, idx, (LPARAM)buffer.data()); + return buffer.data(); +} +void listbox::clear() +{ + SendMessage(winId, LB_RESETCONTENT, 0, 0); +} +int listbox::additem(const std::wstring &text) +{ + return SendMessage(winId, LB_ADDSTRING, 0, (LPARAM)text.c_str()); +} +void listbox::deleteitem(int i) +{ + SendMessage(winId, LB_DELETESTRING, (WPARAM)i, (LPARAM)i); +} +void listbox::setdata(int idx, LONG_PTR data) +{ + SendMessage(winId, LB_SETITEMDATA, idx, (LPARAM)data); +} +LONG_PTR listbox::getdata(int idx) +{ + return SendMessage(winId, LB_GETITEMDATA, idx, 0); +} +int listbox::count() +{ + return SendMessage(winId, LB_GETCOUNT, 0, 0); +} +int listbox::insertitem(int i, const std::wstring &t) +{ + return SendMessage(winId, LB_INSERTSTRING, i, (LPARAM)t.c_str()); +} + +void listview::deleteitem(int i) +{ + std::lock_guard _(lockdataidx); + assodata.erase(assodata.begin() + i); + for (auto &data : remapidx) + { + if (data.second >= i) + data.second -= 1; + } + ListView_DeleteItem(winId, i); +} +listview::listview(mainwindow *parent, bool _addicon, bool notheader) : control(parent), addicon(_addicon) +{ + auto style = WS_VISIBLE | WS_VSCROLL | WS_CHILD | LVS_REPORT | LVS_SINGLESEL; + if (notheader) + style |= LVS_NOCOLUMNHEADER; + winId = CreateWindowEx(0, WC_LISTVIEW, NULL, style, 0, 0, 0, 0, parent->winId, NULL, NULL, NULL); + ListView_SetExtendedListViewStyle(winId, LVS_EX_FULLROWSELECT); // Set extended styles + if (addicon) + { + hImageList = ImageList_Create(22, 22, // GetSystemMetrics(SM_CXSMICON), GetSystemMetrics(SM_CYSMICON), + ILC_COLOR32, 1, 1); + ListView_SetImageList(winId, hImageList, LVSIL_SMALL); + } +} +int listview::insertcol(int i, const std::wstring &text) +{ + LVCOLUMN lvc; + lvc.mask = LVCF_TEXT; + lvc.pszText = const_cast(text.c_str()); + // lvc.cx = 100; + return ListView_InsertColumn(winId, i, &lvc); +} +void listview::settext(int row, int col, const std::wstring &text) +{ + ListView_SetItemText(winId, row, col, const_cast(text.c_str())); +} +int listview::insertitem(int row, const std::wstring &text, HICON hicon) +{ + + LVITEM lvi; + lvi.pszText = const_cast(text.c_str()); + lvi.iItem = row; + lvi.iSubItem = 0; + lvi.mask = LVIF_TEXT; + if (addicon && hicon && hImageList) + { + lvi.mask |= LVIF_IMAGE; + lvi.iImage = ImageList_AddIcon(hImageList, hicon); + } + std::lock_guard _(lockdataidx); + assodata.resize(assodata.size() + 1); + std::rotate(assodata.begin() + row, assodata.begin() + row + 1, assodata.end()); + for (auto &data : remapidx) + { + if (data.second >= row) + data.second += 1; + } + return ListView_InsertItem(winId, &lvi); +} +int listview::additem(const std::wstring &text, HICON hicon) +{ + return insertitem(count(), text, hicon); +} +LONG_PTR listview::getdata(int idx) +{ + std::lock_guard _(lockdataidx); + return assodata[idx]; +} +int listview::querydataidx(LONG_PTR data) +{ + std::lock_guard _(lockdataidx); + if (remapidx.find(data) == remapidx.end()) + return -1; + return remapidx[data]; +} + +void listview::setdata(int idx, LONG_PTR data) +{ + std::lock_guard _(lockdataidx); + assodata[idx] = data; + remapidx[data] = idx; +} +void listview::clear() +{ + ListView_DeleteAllItems(winId); + if (addicon && hImageList) + ImageList_RemoveAll(hImageList); +} +int listview::count() +{ + return ListView_GetItemCount(winId); +} +int listview::currentidx() +{ + return ListView_GetNextItem(winId, -1, LVNI_SELECTED); +} +void listview::setcurrent(int idx) +{ + ListView_SetItemState(winId, idx, LVIS_SELECTED, LVIS_SELECTED); +} +void listview::dispatch_2(WPARAM wParam, LPARAM lParam) +{ + NMHDR *pnmhdr = (NMHDR *)lParam; + switch (pnmhdr->code) + { + + case LVN_ITEMCHANGED: + { + NMLISTVIEW *pnmListView = (NMLISTVIEW *)lParam; + if ((pnmListView->uChanged & LVIF_STATE) && (pnmListView->uNewState & LVIS_SELECTED)) + { + oncurrentchange(pnmListView->iItem); + } + break; + } + } +} +std::wstring listview::text(int row, int col) +{ + std::wstring text; + text.resize(65535); + LV_ITEM _macro_lvi; + _macro_lvi.iSubItem = (col); + _macro_lvi.cchTextMax = (65535); + _macro_lvi.pszText = (text.data()); + SNDMSG((winId), LVM_GETITEMTEXT, (WPARAM)(row), (LPARAM)(LV_ITEM *)&_macro_lvi); + return text.c_str(); +} +void listview::setheader(const std::vector &headers) +{ + for (int i = 0; i < headers.size(); i++) + { + insertcol(i, headers[i]); + } + headernum = headers.size(); + + if (headernum == 1) + ListView_SetColumnWidth(winId, 0, LVSCW_AUTOSIZE_USEHEADER); + else if (headernum == 2) + { + ListView_SetColumnWidth(winId, 0, 0x180); + } +} +void listview::on_size(int w, int) +{ + if (headernum == 1) + ListView_SetColumnWidth(winId, 0, LVSCW_AUTOSIZE_USEHEADER); + else if (headernum == 2) + { + auto w0 = ListView_GetColumnWidth(winId, 0); + ListView_SetColumnWidth(winId, 1, w - w0); + } +} +void gridlayout::setgeo(int x, int y, int w, int h) +{ + + auto dynarow = maxrow; + auto dynacol = maxcol; + for (auto fw : fixedwidth) + { + dynacol -= 1; + w -= fw.second + margin; + } + for (auto fh : fixedheight) + { + dynarow -= 1; + h -= fh.second + margin; + } + auto wpercol = (w - margin * (dynacol + 1)) / dynacol; + auto hperrow = (h - margin * (dynarow + 1)) / dynarow; + + for (auto ctr : savecontrol) + { + + int _x = 0, _y = 0, _w = 0, _h = 0; + for (int c = 0; c < ctr.col + ctr.colrange; c++) + { + if (fixedwidth.find(c) != fixedwidth.end()) + if (c < ctr.col) + _x += fixedwidth[c]; + else + _w += fixedwidth[c]; + else if (c < ctr.col) + _x += wpercol; + else + _w += wpercol; + } + _x += (ctr.col + 1) * margin; + _w += (ctr.colrange - 1) * margin; + for (int r = 0; r < ctr.row + ctr.rowrange; r++) + { + if (fixedheight.find(r) != fixedheight.end()) + if (r < ctr.row) + _y += fixedheight[r]; + else + _h += fixedheight[r]; + else if (r < ctr.row) + _y += hperrow; + else + _h += hperrow; + } + _y += (ctr.row + 1) * margin; + _h += (ctr.rowrange - 1) * margin; + + ctr.ctr->setgeo(_x, _y, _w, _h); + } +} +void gridlayout::setfixedwidth(int col, int width) +{ + fixedwidth.insert({col, width}); +} +void gridlayout::setfixedheigth(int row, int height) +{ + fixedheight.insert({row, height}); +} +void gridlayout::addcontrol(control *_c, int row, int col, int rowrange, int colrange) +{ + maxrow = max(maxrow, row + rowrange); + maxcol = max(maxcol, col + colrange); + savecontrol.push_back( + {_c, row, col, rowrange, colrange}); +} +gridlayout::gridlayout(int row, int col) : control(0) +{ + maxrow = row; + maxcol = col; + margin = 10; +} +void gridlayout::setmargin(int m) +{ + margin = m; +} +void Menu::dispatch(WPARAM wparam) +{ + auto idx = LOWORD(wparam); + menu_callbacks[idx].callback(); + DestroyMenu(hmenu); +} +HMENU Menu::load() +{ + hmenu = CreatePopupMenu(); + for (int i = 0; i < menu_callbacks.size(); i++) + { + AppendMenuW(hmenu, menu_callbacks[i].type, i, menu_callbacks[i].str.c_str()); + } + return hmenu; +} +void Menu::add(const std::wstring &str, std::function callback) +{ + menu_callbacks.push_back({MF_STRING, callback, str}); +} +void Menu::add_checkable(const std::wstring &str, bool check, std::function callback) +{ + menu_callbacks.push_back({(UINT)(MF_STRING | (check ? MF_CHECKED : MF_UNCHECKED)), std::bind(callback, !check), str}); +} +void Menu::add_sep() +{ + menu_callbacks.push_back({MF_SEPARATOR}); +} +FontSelector::FontSelector(HWND hwnd, const Font &font, std::function callback) +{ + CHOOSEFONTW cf; + ZeroMemory(&cf, sizeof(CHOOSEFONTW)); + LOGFONT lf = font.logfont(); + cf.lStructSize = sizeof(CHOOSEFONTW); + cf.hwndOwner = hwnd; + cf.lpLogFont = &lf; + cf.Flags = CF_INITTOLOGFONTSTRUCT | CF_SCREENFONTS; // | CF_EFFECTS; + if (ChooseFontW(&cf)) + { + Font f{lf.lfFaceName, cf.iPointSize / 10.0f, !!(cf.nFontType & BOLD_FONTTYPE), !!(cf.nFontType & ITALIC_FONTTYPE)}; + callback(f); + } +} \ No newline at end of file diff --git a/cpp/LunaHook/LunaHost/GUI/controls.h b/cpp/LunaHook/LunaHost/GUI/controls.h new file mode 100644 index 00000000..4784467a --- /dev/null +++ b/cpp/LunaHook/LunaHost/GUI/controls.h @@ -0,0 +1,165 @@ +#ifndef LUNA_BASE_CONTROLS_H +#define LUNA_BASE_CONTROLS_H +#include "window.h" +#include +class Menu +{ +public: + void dispatch(WPARAM); + struct menuinfos + { + UINT type; + std::function callback; + std::wstring str; + }; + std::vector menu_callbacks; + HMENU load(); + HMENU hmenu; + void add(const std::wstring &, std::function callback); + void add_checkable(const std::wstring &, bool, std::function callback); + void add_sep(); +}; +using maybehavemenu = std::optional; + +class control : public basewindow +{ +public: + mainwindow *parent; + control(mainwindow *); + virtual void dispatch(WPARAM); + virtual void dispatch_2(WPARAM wParam, LPARAM lParam); + maybehavemenu menu; + std::function on_menu = []() -> maybehavemenu + { return {}; }; +}; + +class button : public control +{ +public: + button(mainwindow *parent); + button(mainwindow *, const std::wstring &); //,int,int,int,int,DWORD=BS_PUSHBUTTON); + void dispatch(WPARAM); + std::function onclick = []() {}; +}; +class checkbox : public button +{ +public: + checkbox(mainwindow *, const std::wstring &); //,int,int,int,int); + bool ischecked(); + void setcheck(bool); +}; +class texteditbase : public control +{ +public: + texteditbase(mainwindow *); + void dispatch(WPARAM); + std::function ontextchange = [&](const std::wstring &text) {}; + void appendtext(const std::wstring &); + void scrolltoend(); + void setreadonly(bool); +}; +class multilineedit : public texteditbase +{ +public: + multilineedit(mainwindow *); + std::wstring getsel(); +}; +class lineedit : public texteditbase +{ +public: + lineedit(mainwindow *); +}; +class spinbox : public control +{ + HWND hUpDown; + int minv, maxv; + +public: + void dispatch(WPARAM); + spinbox(mainwindow *, int); + void setminmax(int, int); + std::pair getminmax(); + void setcurr(int); + int getcurr(); + std::function onvaluechange = [&](int) {}; + void setgeo(int, int, int, int); +}; +class label : public control +{ +public: + label(mainwindow *, const std::wstring &); +}; + +class listbox : public control +{ +public: + listbox(mainwindow *); + void dispatch(WPARAM); + int currentidx(); + std::wstring text(int); + std::function oncurrentchange = [](int) {}; + void clear(); + int additem(const std::wstring &); + void deleteitem(int); + void setdata(int, LONG_PTR); + void setcurrent(int idx); + int insertitem(int, const std::wstring &); + LONG_PTR getdata(int); + int count(); +}; +class listview : public control +{ + int headernum = 1; + bool addicon; + HIMAGELIST hImageList; + std::vector assodata; + std::map remapidx; + std::mutex lockdataidx; + +public: + listview(mainwindow *, bool, bool); + int insertitem(int, const std::wstring &, HICON hicon = NULL); + void settext(int, int, const std::wstring &); + int insertcol(int, const std::wstring &); + void clear(); + int count(); + int currentidx(); + void setcurrent(int idx); + + std::function oncurrentchange = [](int) {}; + std::wstring text(int, int = 0); + void setheader(const std::vector &); + void deleteitem(int); + int additem(const std::wstring &, HICON hicon = NULL); + LONG_PTR getdata(int); + void setdata(int, LONG_PTR); + int querydataidx(LONG_PTR); + void dispatch_2(WPARAM wParam, LPARAM lParam); + void on_size(int, int); +}; +class gridlayout : public control +{ + struct _c + { + control *ctr; + int row, col, rowrange, colrange; + }; + int margin; + int maxrow, maxcol; + std::vector<_c> savecontrol; + std::map fixedwidth, fixedheight; + +public: + void setgeo(int, int, int, int); + void setfixedwidth(int col, int width); + void setfixedheigth(int row, int height); + void addcontrol(control *, int row, int col, int rowrange = 1, int colrange = 1); + gridlayout(int row = 0, int col = 0); + void setmargin(int m = 10); +}; +class FontSelector +{ +public: + FontSelector(HWND hwnd, const Font &, std::function callback); +}; +#endif \ No newline at end of file diff --git a/cpp/LunaHook/LunaHost/GUI/http.hpp b/cpp/LunaHook/LunaHost/GUI/http.hpp new file mode 100644 index 00000000..79ad2ec2 --- /dev/null +++ b/cpp/LunaHook/LunaHost/GUI/http.hpp @@ -0,0 +1,78 @@ +#include +using InternetHandle = AutoHandle>; + +struct HttpRequest +{ + HttpRequest( + const wchar_t *agentName, + const wchar_t *serverName, + const wchar_t *action, + const wchar_t *objectName, + std::string body = "", + const wchar_t *headers = NULL, + DWORD port = INTERNET_DEFAULT_PORT, + const wchar_t *referrer = NULL, + DWORD requestFlags = WINHTTP_FLAG_SECURE | WINHTTP_FLAG_ESCAPE_DISABLE, + const wchar_t *httpVersion = NULL, + const wchar_t **acceptTypes = NULL); + operator bool() { return errorCode == ERROR_SUCCESS; } + + std::wstring response; + std::wstring headers; + InternetHandle connection = NULL; + InternetHandle request = NULL; + DWORD errorCode = ERROR_SUCCESS; +}; + +HttpRequest::HttpRequest( + const wchar_t *agentName, + const wchar_t *serverName, + const wchar_t *action, + const wchar_t *objectName, + std::string body, + const wchar_t *headers, + DWORD port, + const wchar_t *referrer, + DWORD requestFlags, + const wchar_t *httpVersion, + const wchar_t **acceptTypes) +{ + static std::atomic internet = NULL; + if (!internet) + internet = WinHttpOpen(agentName, WINHTTP_ACCESS_TYPE_DEFAULT_PROXY, NULL, NULL, 0); + if (internet) + if (InternetHandle connection = WinHttpConnect(internet, serverName, port, 0)) + if (InternetHandle request = WinHttpOpenRequest(connection, action, objectName, httpVersion, referrer, acceptTypes, requestFlags)) + if (WinHttpSendRequest(request, headers, -1UL, body.empty() ? NULL : body.data(), body.size(), body.size(), NULL)) + { + WinHttpReceiveResponse(request, NULL); + + // DWORD size = 0; + // WinHttpQueryHeaders(request, WINHTTP_QUERY_RAW_HEADERS_CRLF, WINHTTP_HEADER_NAME_BY_INDEX, NULL, &size, WINHTTP_NO_HEADER_INDEX); + // this->headers.resize(size); + // WinHttpQueryHeaders(request, WINHTTP_QUERY_RAW_HEADERS_CRLF, WINHTTP_HEADER_NAME_BY_INDEX, this->headers.data(), &size, WINHTTP_NO_HEADER_INDEX); + std::string data; + DWORD availableSize, downloadedSize; + do + { + availableSize = 0; + WinHttpQueryDataAvailable(request, &availableSize); + if (!availableSize) + break; + std::vector buffer(availableSize); + WinHttpReadData(request, buffer.data(), availableSize, &downloadedSize); + data.append(buffer.data(), downloadedSize); + } while (availableSize > 0); + response = StringToWideString(data); + this->connection = std::move(connection); + this->request = std::move(request); + } + else + errorCode = GetLastError(); + else + errorCode = GetLastError(); + else + errorCode = GetLastError(); + else + errorCode = GetLastError(); +} \ No newline at end of file diff --git a/cpp/LunaHook/LunaHost/GUI/lockedqueue.hpp b/cpp/LunaHook/LunaHost/GUI/lockedqueue.hpp new file mode 100644 index 00000000..eea36337 --- /dev/null +++ b/cpp/LunaHook/LunaHost/GUI/lockedqueue.hpp @@ -0,0 +1,36 @@ +template +class lockedqueue +{ + std::mutex lock; + std::queue data; + HANDLE hsema; + +public: + lockedqueue() + { + hsema = CreateSemaphore(NULL, 0, 65535, NULL); + } + ~lockedqueue() + { + CloseHandle(hsema); + } + void push(T _) + { + std::lock_guard _l(lock); + data.push(std::move(_)); + ReleaseSemaphore(hsema, 1, NULL); + } + T pop() + { + WaitForSingleObject(hsema, INFINITE); + std::lock_guard _l(lock); + auto _ = data.front(); + data.pop(); + return _; + } + bool empty() + { + std::lock_guard _l(lock); + return data.empty(); + } +}; \ No newline at end of file diff --git a/src/plugins/exec/luna.ico b/cpp/LunaHook/LunaHost/GUI/luna.ico similarity index 100% rename from src/plugins/exec/luna.ico rename to cpp/LunaHook/LunaHost/GUI/luna.ico diff --git a/src/plugins/exec/luna.rc b/cpp/LunaHook/LunaHost/GUI/luna.rc similarity index 100% rename from src/plugins/exec/luna.rc rename to cpp/LunaHook/LunaHost/GUI/luna.rc diff --git a/cpp/LunaHook/LunaHost/GUI/main.cpp b/cpp/LunaHook/LunaHost/GUI/main.cpp new file mode 100644 index 00000000..99ad9ae7 --- /dev/null +++ b/cpp/LunaHook/LunaHost/GUI/main.cpp @@ -0,0 +1,12 @@ +#include "LunaHost.h" +int main() +{ + SetProcessDPIAware(); + LunaHost _lunahost; + _lunahost.show(); + mainwindow::run(); +} +int WINAPI WinMain(HINSTANCE hInstance, HINSTANCE hPrevInstance, LPSTR lpCmdLine, int nCmdShow) +{ + main(); +} \ No newline at end of file diff --git a/cpp/LunaHook/LunaHost/GUI/pluginmanager.cpp b/cpp/LunaHook/LunaHost/GUI/pluginmanager.cpp new file mode 100644 index 00000000..2c181baf --- /dev/null +++ b/cpp/LunaHook/LunaHost/GUI/pluginmanager.cpp @@ -0,0 +1,481 @@ +#include "pluginmanager.h" +#include +#include "Plugin/extension.h" +#include +#include +#include "LunaHost.h" +#include "Lang/Lang.h" +#include "host.h" + +std::optional SelectFile(HWND hwnd, LPCWSTR lpstrFilter) +{ + OPENFILENAME ofn; + wchar_t szFileName[MAX_PATH] = {0}; + + ZeroMemory(&ofn, sizeof(ofn)); + ofn.lStructSize = sizeof(ofn); + ofn.hwndOwner = hwnd; + ofn.lpstrFilter = lpstrFilter; + ofn.lpstrFile = szFileName; + ofn.nMaxFile = sizeof(szFileName); + ofn.Flags = OFN_EXPLORER | OFN_FILEMUSTEXIST | OFN_HIDEREADONLY | OFN_NOCHANGEDIR; + + if (GetOpenFileName(&ofn)) + { + return szFileName; + } + else + return {}; +} +typedef std::vector *(*QtLoadLibrary_t)(std::vector *dlls); +typedef std::vector *(*QtLoadLibraryBatch_t)(std::vector *dlls); +typedef void (*QtFreeLibrary_t)(HMODULE hd); +void tryaddqttoenv(std::vector &collectQtplugs) +{ + static HMODULE qt5core = 0; + if (qt5core == 0) + { + wchar_t env[65535]; + GetEnvironmentVariableW(L"PATH", env, 65535); + auto envs = std::wstring(env); + for (auto &p : collectQtplugs) + { + envs += L";"; + envs += std::filesystem::path(p).parent_path(); + } + SetEnvironmentVariableW(L"PATH", envs.c_str()); + qt5core = LoadLibrary(L"Qt5Core.dll"); + } +} +std::vector loadqtdllsX(std::vector &collectQtplugs) +{ + if (collectQtplugs.empty()) + return {}; + tryaddqttoenv(collectQtplugs); +#if 1 + HMODULE base = GetModuleHandle(0); +#else + HMODULE base = LoadLibrary((std::filesystem::current_path() / (x64 ? "plugin64" : "plugin32") / "QtLoader.dll").wstring().c_str()); +#endif + + // auto QtLoadLibrary = (QtLoadLibrary_t)GetProcAddress(base, "QtLoadLibrary"); + auto QtLoadLibrary = (QtLoadLibrary_t)GetProcAddress(base, "QtLoadLibraryBatch"); + + auto modules = QtLoadLibrary(&collectQtplugs); + + std::vector _{*modules}; + delete modules; + return _; +} +HMODULE loadqtdllsX(const std::wstring &collectQtplugs) +{ + std::vector _{collectQtplugs}; + return loadqtdllsX(_)[0]; +} +void Pluginmanager::loadqtdlls(std::vector &collectQtplugs) +{ + auto modules = loadqtdllsX(collectQtplugs); + for (int i = 0; i < collectQtplugs.size(); i++) + { + OnNewSentenceS[collectQtplugs[i]] = {collectQtplugs[i], this, true, modules[i]}; + } +} +Pluginmanager::Pluginmanager(LunaHost *_host) : host(_host), configs(_host->configs) +{ + try + { + std::scoped_lock lock(OnNewSentenceSLock); + + std::vector collectQtplugs; + for (auto i = 0; i < count(); i++) + { + auto plg = get(i); + bool isqt = plg.isQt; + auto path = plg.wpath(); + OnNewSentenceS[path] = {}; + if (isqt) + { + if (plg.enable == false) + continue; + collectQtplugs.push_back((path)); + } + else + { + auto base = LoadLibraryW(path.c_str()); + OnNewSentenceS[path] = {path, this, false, base}; + } + } + loadqtdlls(collectQtplugs); + + OnNewSentenceS[L"InternalClipBoard"] = {L"", this, false, GetModuleHandle(0)}; // 内部链接的剪贴板插件 + } + catch (const std::exception &ex) + { + std::wcerr << "Error: " << ex.what() << std::endl; + } +} + +bool Pluginmanager::dispatch(TextThread &thread, std::wstring &sentence) +{ + auto sentenceInfo = GetSentenceInfo(thread).data(); + wchar_t *sentenceBuffer = (wchar_t *)HeapAlloc(GetProcessHeap(), HEAP_GENERATE_EXCEPTIONS, (sentence.size() + 1) * sizeof(wchar_t)); + wcscpy_s(sentenceBuffer, sentence.size() + 1, sentence.c_str()); + concurrency::reader_writer_lock::scoped_lock_read readLock(OnNewSentenceSLock); + + for (int i = 0; i < count() + 1; i++) + { + std::wstring path; + if (i == count()) + path = L"InternalClipBoard"; + else + { + if (getenable(i) == false) + continue; + path = getname(i); + } + + auto funptr = OnNewSentenceS[path].OnNewSentence; + if (funptr == 0) + continue; + if (!*(sentenceBuffer = funptr(sentenceBuffer, sentenceInfo))) + break; + } + + sentence = sentenceBuffer; + HeapFree(GetProcessHeap(), 0, sentenceBuffer); + return !sentence.empty(); +} + +void Pluginmanager::add(const pluginitem &item) +{ + configs->configs[pluginkey].push_back(item.dump()); +} +int Pluginmanager::count() +{ + return configs->configs[pluginkey].size(); +} +pluginitem Pluginmanager::get(int i) +{ + return pluginitem{configs->configs[pluginkey][i]}; +} +void Pluginmanager::set(int i, const pluginitem &item) +{ + configs->configs[pluginkey][i] = item.dump(); +} + +pluginitem::pluginitem(const nlohmann::json &js) +{ + path = js["path"]; + isQt = safequeryjson(js, "isQt", false); + enable = safequeryjson(js, "enable", true); + vissetting = safequeryjson(js, "vissetting", true); +} +std::wstring pluginitem::wpath() +{ + auto wp = StringToWideString(path); + return std::filesystem::absolute(wp); +} + +std::wstring castabs2ref(const std::wstring &p) +{ + auto curr = std::filesystem::current_path().wstring(); + if (startWith(p, curr)) + { + return p.substr(curr.size() + 1); + } + return p; +} +pluginitem::pluginitem(const std::wstring &pabs, bool _isQt) +{ + isQt = _isQt; + path = WideStringToString(castabs2ref(pabs)); + enable = true; + vissetting = true; +} +nlohmann::json pluginitem::dump() const +{ + return { + {"path", path}, + {"isQt", isQt}, + {"enable", enable}, + {"vissetting", vissetting}}; +} +bool Pluginmanager::getvisible_setable(int idx) +{ + return OnNewSentenceS[getname(idx)].VisSetting; +} +bool Pluginmanager::getvisible(int idx) +{ + return get(idx).vissetting; +} +void Pluginmanager::setvisible(int idx, bool vis) +{ + auto item = get(idx); + item.vissetting = vis; + set(idx, item); + OnNewSentenceS[getname(idx)].VisSetting(vis); +} +bool Pluginmanager::getenable(int idx) +{ + return get(idx).enable; +} +void Pluginmanager::setenable(int idx, bool en) +{ + auto item = get(idx); + item.enable = en; + set(idx, item); +} +std::wstring Pluginmanager::getname(int idx) +{ + return get(idx).wpath(); +} +bool Pluginmanager::checkisdump(const std::wstring &dll) +{ + for (auto &p : OnNewSentenceS) + { + if (p.first == dll) + return true; + } + return false; +} +void Pluginmanager::unload(const std::wstring &wss) +{ + auto hm = OnNewSentenceS[wss].hmodule; + if (OnNewSentenceS[wss].isQt && hm) + { + ((QtFreeLibrary_t)GetProcAddress(GetModuleHandle(0), "QtFreeLibrary"))(hm); + } + else + FreeLibrary(hm); + + OnNewSentenceS[wss].clear(); +} +void plugindata::clear() +{ + hmodule = 0; + OnNewSentence = 0; + VisSetting = 0; +} +void Pluginmanager::remove(const std::wstring &wss) +{ + unload(wss); + + auto s = WideStringToString(wss); + auto &plgs = configs->configs[pluginkey]; + auto it = std::remove_if(plgs.begin(), plgs.end(), [&](auto &t) + { + std::string p=t["path"]; + return std::filesystem::absolute(p)==std::filesystem::absolute(s); }); + plgs.erase(it, plgs.end()); + OnNewSentenceS.erase(wss); +} +std::optional Pluginmanager::selectpluginfile() +{ + return SelectFile(0, L"Plugin Files\0*.dll;*.xdll\0"); +} +void Pluginmanager::swaprank(int a, int b) +{ + auto &plgs = configs->configs[pluginkey]; + auto _b = plgs[b]; + plgs[b] = plgs[a]; + plgs[a] = _b; +} +DWORD Rva2Offset(DWORD rva, PIMAGE_SECTION_HEADER psh, PIMAGE_NT_HEADERS pnt) +{ + size_t i = 0; + PIMAGE_SECTION_HEADER pSeh; + if (rva == 0) + { + return (rva); + } + pSeh = psh; + for (i = 0; i < pnt->FileHeader.NumberOfSections; i++) + { + if (rva >= pSeh->VirtualAddress && rva < pSeh->VirtualAddress + + pSeh->Misc.VirtualSize) + { + break; + } + pSeh++; + } + if (pSeh->VirtualAddress == 0 || pSeh->PointerToRawData == 0) + return -1; + return (rva - pSeh->VirtualAddress + pSeh->PointerToRawData); +} +std::set getimporttable(const std::wstring &pe) +{ + AutoHandle handle = CreateFile(pe.c_str(), GENERIC_READ, 0, 0, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, 0); + if (!handle) + return {}; + DWORD byteread, size = GetFileSize(handle, NULL); + PVOID virtualpointer = VirtualAlloc(NULL, size, MEM_COMMIT, PAGE_READWRITE); + if (!virtualpointer) + return {}; + ReadFile(handle, virtualpointer, size, &byteread, NULL); + + struct __ + { + PVOID _ptr; + DWORD size; + __(PVOID ptr, DWORD sz) : _ptr(ptr), size(sz) {} + ~__() + { + VirtualFree(_ptr, size, MEM_DECOMMIT); + } + } _(virtualpointer, size); + + if (PIMAGE_DOS_HEADER(virtualpointer)->e_magic != 0x5a4d) + return {}; + + PIMAGE_NT_HEADERS ntheaders = (PIMAGE_NT_HEADERS)(PCHAR(virtualpointer) + PIMAGE_DOS_HEADER(virtualpointer)->e_lfanew); + + auto magic = ntheaders->OptionalHeader.Magic; + if (x64 && (magic != IMAGE_NT_OPTIONAL_HDR64_MAGIC)) + return {}; + if ((!x64) && (magic != IMAGE_NT_OPTIONAL_HDR32_MAGIC)) + return {}; + + PIMAGE_SECTION_HEADER pSech = IMAGE_FIRST_SECTION(ntheaders); // Pointer to first section header + PIMAGE_IMPORT_DESCRIPTOR pImportDescriptor; // Pointer to import descriptor + + if (ntheaders->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_IMPORT].Size == 0) /*if size of the table is 0 - Import Table does not exist */ + return {}; + + std::set ret; + pImportDescriptor = (PIMAGE_IMPORT_DESCRIPTOR)((DWORD_PTR)virtualpointer + + Rva2Offset(ntheaders->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_IMPORT].VirtualAddress, pSech, ntheaders)); + + while (pImportDescriptor->Name != NULL) + { + // Get the name of each DLL + auto nameoffset = Rva2Offset(pImportDescriptor->Name, pSech, ntheaders); + if (nameoffset == (DWORD)-1) + // 无导入 + return {}; + ret.insert((PCHAR)((DWORD_PTR)virtualpointer + nameoffset)); + + pImportDescriptor++; // advance to next IMAGE_IMPORT_DESCRIPTOR + } + return ret; +} +bool qtchecker(const std::set &dll) +{ + for (auto qt5 : {"Qt5Widgets.dll", "Qt5Gui.dll", "Qt5Core.dll"}) + if (dll.find(qt5) != dll.end()) + return true; + return false; +} +addpluginresult Pluginmanager::load(const std::wstring &p, bool *isqt) +{ + auto importtable = getimporttable(p); + if (importtable.empty()) + return addpluginresult::invaliddll; + auto isQt = qtchecker(importtable); + if (isqt) + *isqt = isQt; + HMODULE base; + if (isQt) + { + base = loadqtdllsX(p); + } + else + { + base = LoadLibraryW(p.c_str()); + } + + if (base == 0) + return addpluginresult::invaliddll; + + std::scoped_lock lock(OnNewSentenceSLock); + + OnNewSentenceS[p] = {p, this, isQt, base}; + if (!OnNewSentenceS[p].valid()) + return addpluginresult::isnotaplugins; + return addpluginresult::success; +} +bool plugindata::valid() +{ + return OnNewSentence; +} +plugindata::plugindata(const std::wstring &p, Pluginmanager *manager, bool _isQt, HMODULE hm) +{ + hmodule = hm; + isQt = _isQt; + OnNewSentence = (OnNewSentence_t)GetProcAddress(hm, "OnNewSentence"); + VisSetting = (VisSetting_t)GetProcAddress(hm, "VisSetting"); + refpath = p; + if (VisSetting) + { + auto vis = true; + if (auto plg = manager->get(p)) + vis = plg.value().vissetting; + VisSetting(vis); + } +} +void plugindata::initstatus(const pluginitem &plg) +{ + if (plg.vissetting && VisSetting) + VisSetting(true); +} +std::optional Pluginmanager::get(const std::wstring &p) +{ + for (int i = 0; i < count(); i++) + { + if (getname(i) == p) + { + return get(i); + } + } + return {}; +} +addpluginresult Pluginmanager::addplugin(const std::wstring &p) +{ + if (checkisdump(p)) + return addpluginresult::dumplicate; + bool isQt; + auto ret = load(p, &isQt); + if (ret == addpluginresult::success) + { + add({p, isQt}); + } + return ret; +} + +std::array Pluginmanager::GetSentenceInfo(TextThread &thread) +{ + void (*AddText)(int64_t, const wchar_t *) = [](int64_t number, const wchar_t *text) + { + if (TextThread *thread = Host::GetThread(number)) + thread->Push(text); + }; + void (*AddSentence)(int64_t, const wchar_t *) = [](int64_t number, const wchar_t *sentence) + { + if (TextThread *thread = Host::GetThread(number)) + thread->AddSentence(sentence); + ; + }; + static DWORD SelectedProcessId; + auto currthread = (TextThread *)host->currentselect; + SelectedProcessId = (currthread != 0) ? currthread->tp.processId : 0; + DWORD(*GetSelectedProcessId) + () = [] + { return SelectedProcessId; }; + + return {{ + {"HostHWND", (int64_t)host->winId}, + {"toclipboard", host->check_toclipboard}, + {"current select", &thread == currthread}, + {"text number", thread.handle}, + {"process id", thread.tp.processId}, + {"hook address", (int64_t)thread.tp.addr}, + {"text handle", thread.handle}, + {"text name", (int64_t)thread.name.c_str()}, + {"add sentence", (int64_t)AddSentence}, + {"add text", (int64_t)AddText}, + {"get selected process id", (int64_t)GetSelectedProcessId}, + {"void (*AddSentence)(int64_t number, const wchar_t* sentence)", (int64_t)AddSentence}, + {"void (*AddText)(int64_t number, const wchar_t* text)", (int64_t)AddText}, + {"DWORD (*GetSelectedProcessId)()", (int64_t)GetSelectedProcessId}, + {nullptr, 0} // nullptr marks end of info array + }}; +} \ No newline at end of file diff --git a/cpp/LunaHook/LunaHost/GUI/pluginmanager.h b/cpp/LunaHook/LunaHost/GUI/pluginmanager.h new file mode 100644 index 00000000..374a9d48 --- /dev/null +++ b/cpp/LunaHook/LunaHost/GUI/pluginmanager.h @@ -0,0 +1,75 @@ +#ifndef LUNA_PLUGINMANAGER_H +#define LUNA_PLUGINMANAGER_H +#include "Plugin/extension.h" +#include "textthread.h" +#include +class LunaHost; +class confighelper; +enum class addpluginresult +{ + success, + invaliddll, + isnotaplugins, + dumplicate +}; +struct pluginitem +{ + std::string path; + bool isQt; + bool enable; + bool vissetting; + pluginitem(const nlohmann::json &); + pluginitem(const std::wstring &, bool); + std::wstring wpath(); + nlohmann::json dump() const; +}; +class Pluginmanager; +struct plugindata +{ + typedef wchar_t *(*OnNewSentence_t)(wchar_t *, const InfoForExtension *); + typedef void (*VisSetting_t)(bool); + std::wstring refpath; + bool isQt; + OnNewSentence_t OnNewSentence; + VisSetting_t VisSetting; + HMODULE hmodule; + void clear(); + plugindata() {}; + plugindata(const std::wstring &, Pluginmanager *, bool, HMODULE); + bool valid(); + void initstatus(const pluginitem &); +}; +class Pluginmanager +{ + std::unordered_map OnNewSentenceS; + concurrency::reader_writer_lock OnNewSentenceSLock; + bool checkisdump(const std::wstring &); + confighelper *configs; + LunaHost *host; + std::array GetSentenceInfo(TextThread &thread); + void loadqtdlls(std::vector &collectQtplugs); + +public: + Pluginmanager(LunaHost *); + bool dispatch(TextThread &, std::wstring &sentence); + addpluginresult addplugin(const std::wstring &); + std::optional selectpluginfile(); + + pluginitem get(int); + std::optional get(const std::wstring &); + std::wstring getname(int); + bool getenable(int); + void set(int, const pluginitem &); + void setenable(int, bool); + int count(); + void add(const pluginitem &); + void remove(const std::wstring &); + void unload(const std::wstring &); + addpluginresult load(const std::wstring &, bool *isqt = 0); + void swaprank(int, int); + bool getvisible(int); + bool getvisible_setable(int); + void setvisible(int, bool); +}; + +#endif \ No newline at end of file diff --git a/cpp/LunaHook/LunaHost/GUI/processlistwindow.cpp b/cpp/LunaHook/LunaHost/GUI/processlistwindow.cpp new file mode 100644 index 00000000..865c372a --- /dev/null +++ b/cpp/LunaHook/LunaHost/GUI/processlistwindow.cpp @@ -0,0 +1,126 @@ + +#include +#include +#include "host.h" +#include "LunaHost.h" +#include "Lang/Lang.h" +#include +std::unordered_map> getprocesslist() +{ + std::unordered_map> exe_pid; + AutoHandle<> hSnapshot = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0); + if (hSnapshot == INVALID_HANDLE_VALUE) + return {}; + + PROCESSENTRY32 pe32; + pe32.dwSize = sizeof(PROCESSENTRY32); + wchar_t buff[65535]; + auto currpid = GetCurrentProcessId(); + if (Process32First(hSnapshot, &pe32)) + { + do + { + auto PROCESS_INJECT_ACCESS = (PROCESS_CREATE_THREAD | + PROCESS_QUERY_INFORMATION | + PROCESS_VM_OPERATION | + PROCESS_VM_WRITE | + PROCESS_VM_READ); + if (pe32.th32ProcessID == currpid) + continue; + AutoHandle<> handle = OpenProcess(PROCESS_INJECT_ACCESS, 0, pe32.th32ProcessID); + if (handle == 0) + continue; + DWORD sz = 65535; + QueryFullProcessImageNameW(handle, 0, buff, &sz); + + auto buffs = std::wstring(buff); + auto str = stolower(buffs); + if (str.find(L":\\windows\\") != str.npos || str.find(L"\\microsoft") != str.npos || str.find(L"\\windowsapps") != str.npos) + continue; + + if (exe_pid.find(buffs) == exe_pid.end()) + { + exe_pid.insert({buffs, {}}); + } + exe_pid[buffs].push_back(pe32.th32ProcessID); + } while (Process32Next(hSnapshot, &pe32)); + } + return exe_pid; +} + +void processlistwindow::PopulateProcessList(listview *_listbox, std::unordered_map> &exe_pid) +{ + _listbox->clear(); + for (auto &exe : exe_pid) + { + auto hicon = GetExeIcon(exe.first); + _listbox->additem(exe.first, hicon); + DestroyIcon(hicon); + } +} + +processlistwindow::processlistwindow(mainwindow *p) : mainwindow(p) +{ + g_hEdit = new lineedit(this); + g_hButton = new button(this, BtnAttach); + g_refreshbutton = new button(this, BtnRefresh); + g_hButton->onclick = [&]() + { + auto str = g_hEdit->text(); + if (str.size()) + { + close(); + + for (auto _s : strSplit(str, L",")) + { + DWORD pid = 0; + try + { + pid = std::stoi(_s); + } + catch (std::exception &) + { + } + if (pid) + Host::InjectProcess(pid); + } + } + }; + g_refreshbutton->onclick = [&]() + { + g_exe_pid = getprocesslist(); + PopulateProcessList(g_hListBox, g_exe_pid); + }; + g_hListBox = new listview(this, true, true); + g_hListBox->setheader({L""}); + g_hListBox->oncurrentchange = [&](int idx) + { + auto pids = g_exe_pid[g_hListBox->text(idx)]; + + std::wstring _; + bool _1 = false; + for (auto &p : pids) + { + if (_1) + _ += L","; + _ += std::to_wstring(p); + _1 = true; + } + g_hEdit->settext(_); + }; + settext(WndSelectProcess); + mainlayout = new gridlayout(); + mainlayout->addcontrol(g_hEdit, 0, 0, 1, 2); + mainlayout->addcontrol(g_hButton, 0, 2); + mainlayout->addcontrol(g_refreshbutton, 0, 3); + mainlayout->addcontrol(g_hListBox, 1, 0, 1, 4); + mainlayout->setfixedheigth(0, 30); + setlayout(mainlayout); + setcentral(800, 400); +} +void processlistwindow::on_show() +{ + g_hEdit->settext(L""); + g_exe_pid = getprocesslist(); + PopulateProcessList(g_hListBox, g_exe_pid); +} \ No newline at end of file diff --git a/cpp/LunaHook/LunaHost/GUI/window.cpp b/cpp/LunaHook/LunaHost/GUI/window.cpp new file mode 100644 index 00000000..842c5ec7 --- /dev/null +++ b/cpp/LunaHook/LunaHost/GUI/window.cpp @@ -0,0 +1,240 @@ +#include "window.h" +#include "controls.h" +#include "Lang/Lang.h" +#include +HICON GetExeIcon(const std::wstring &filePath) +{ + SHFILEINFO fileInfo; + HICON hIcon = NULL; + if (SHGetFileInfo(filePath.c_str(), 0, &fileInfo, sizeof(fileInfo), SHGFI_ICON | SHGFI_LARGEICON)) + { + hIcon = fileInfo.hIcon; + } + return hIcon; +} +void mainwindow::visfont() +{ + if (hfont == 0) + hfont = parent->hfont; + if (hfont) + { + for (auto ctr : controls) + { + SendMessage(ctr->winId, WM_SETFONT, (LPARAM)hfont, TRUE); + } + } +} +void mainwindow::setfont(const Font &font) +{ + hfont = font.hfont(); + SendMessage(winId, WM_SETFONT, (WPARAM)hfont, TRUE); + visfont(); + for (auto child : childrens) + { + child->setfont(font); + } +} +std::wstring basewindow::text() +{ + int textLength = GetWindowTextLength(winId); + std::vector buffer(textLength + 1); + GetWindowText(winId, buffer.data(), buffer.size()); + return buffer.data(); +} +void basewindow::settext(const std::wstring &text) +{ + SetWindowText(winId, text.c_str()); +} + +void basewindow::setgeo(int x, int y, int w, int h) +{ + MoveWindow(winId, x, y, w, h, TRUE); + on_size(w, h); +} +RECT basewindow::getgeo() +{ + RECT rect; + GetWindowRect(winId, &rect); + return rect; +} + +LRESULT mainwindow::wndproc(UINT message, WPARAM wParam, LPARAM lParam) +{ + switch (message) + { + case WM_SHOWWINDOW: + { + on_show(); + visfont(); + break; + } + case WM_SIZE: + { + int width = LOWORD(lParam); + int height = HIWORD(lParam); + on_size(width, height); + break; + } + case WM_NOTIFY: + { + NMHDR *pnmhdr = (NMHDR *)lParam; + for (auto ctl : controls) + { + if (pnmhdr->hwndFrom == ctl->winId) + { + ctl->dispatch_2(wParam, lParam); + break; + } + } + } + case WM_COMMAND: + { + if (lParam == 0) + { + for (auto ctl : controls) + { + if (lastcontexthwnd == ctl->winId) + { + if (ctl->menu) + ctl->menu.value().dispatch(wParam); + break; + } + } + } + else + for (auto ctl : controls) + { + if ((HWND)lParam == ctl->winId) + { + ctl->dispatch(wParam); + break; + } + } + break; + } + case WM_CONTEXTMENU: + { + bool succ = false; + lastcontexthwnd = 0; + for (auto ctl : controls) + { + if ((HWND)wParam == ctl->winId) + { + auto hm = ctl->on_menu(); + ctl->menu = hm; + if (hm) + { + int xPos = LOWORD(lParam); + int yPos = HIWORD(lParam); + TrackPopupMenu(hm.value().load(), TPM_LEFTALIGN | TPM_TOPALIGN | TPM_RIGHTBUTTON, + xPos, yPos, 0, winId, NULL); + lastcontexthwnd = ctl->winId; + succ = true; + } + break; + } + } + if (succ == false) + return DefWindowProc(winId, message, wParam, lParam); + break; + } + case WM_CLOSE: + { + on_close(); + if (parent == 0) + PostQuitMessage(0); + else + ShowWindow(winId, SW_HIDE); + break; + } + default: + return DefWindowProc(winId, message, wParam, lParam); + } + + return 0; +} +std::pair mainwindow::calculateXY(int w, int h) +{ + int cx, cy; + if (parent == 0) + { + int screenWidth = GetSystemMetrics(SM_CXSCREEN); + int screenHeight = GetSystemMetrics(SM_CYSCREEN); + cx = screenWidth / 2; + cy = screenHeight / 2; + } + else + { + auto rect = parent->getgeo(); + cx = (rect.left + rect.right) / 2; + cy = (rect.top + rect.bottom) / 2; + } + return {cx - w / 2, cy - h / 2}; +} +void mainwindow::setcentral(int w, int h) +{ + auto [x, y] = calculateXY(w, h); + setgeo(x, y, w, h); +} +void mainwindow::setlayout(control *_l) +{ + layout = _l; +} +mainwindow::mainwindow(mainwindow *_parent) +{ + layout = 0; + const wchar_t CLASS_NAME[] = L"LunaHostWindow"; + + WNDCLASS wc = {}; + wc.lpfnWndProc = [](HWND hWnd, UINT message, WPARAM wParam, LPARAM lParam) + { + mainwindow *_window = reinterpret_cast(GetWindowLongPtrW(hWnd, GWLP_USERDATA)); + if ((!_window) || (_window->winId != hWnd)) + return DefWindowProc(hWnd, message, wParam, lParam); + return _window->wndproc(message, wParam, lParam); + }; + wc.hInstance = GetModuleHandle(0); + wc.lpszClassName = CLASS_NAME; + wc.hbrBackground = (HBRUSH)(COLOR_WINDOW); + wc.hIcon = GetExeIcon(getModuleFilename().value()); // LoadIconW(GetModuleHandle(0),L"IDI_ICON1"); + + static auto _ = RegisterClass(&wc); + HWND hWnd = CreateWindowEx( + WS_EX_CLIENTEDGE, CLASS_NAME, CLASS_NAME, WS_OVERLAPPEDWINDOW, + CW_USEDEFAULT, CW_USEDEFAULT, CW_USEDEFAULT, CW_USEDEFAULT, + _parent ? _parent->winId : NULL, NULL, GetModuleHandle(0), this); + winId = hWnd; + parent = _parent; + if (parent) + parent->childrens.push_back(this); + SetWindowLongPtrW(hWnd, GWLP_USERDATA, (LONG_PTR)this); +} +void mainwindow::show() +{ + ShowWindow(winId, SW_SHOW); + SetForegroundWindow(winId); +} +void mainwindow::close() +{ + ShowWindow(winId, SW_HIDE); +} +void mainwindow::run() +{ + MSG msg = {}; + while (GetMessage(&msg, NULL, 0, 0)) + { + TranslateMessage(&msg); + DispatchMessage(&msg); + } +} + +void mainwindow::on_close() {} +void mainwindow::on_show() {} +void mainwindow::on_size(int w, int h) +{ + if (layout) + { + layout->setgeo(0, 0, w, h); + } +} +void basewindow::on_size(int w, int h) {} diff --git a/cpp/LunaHook/LunaHost/GUI/window.h b/cpp/LunaHook/LunaHost/GUI/window.h new file mode 100644 index 00000000..1338948a --- /dev/null +++ b/cpp/LunaHook/LunaHost/GUI/window.h @@ -0,0 +1,67 @@ +#ifndef LUNA_BASE_WINDOW_H +#define LUNA_BASE_WINDOW_H +class control; +class basewindow +{ +public: + HWND winId; + virtual void setgeo(int, int, int, int); + virtual void on_size(int w, int h); + RECT getgeo(); + std::wstring text(); + void settext(const std::wstring &); + operator HWND() { return winId; } +}; + +struct Font +{ + std::wstring fontfamily; + float fontsize; + bool bold; + bool italic; + float calc_height() const + { + return MulDiv(fontsize, GetDeviceCaps(GetDC(NULL), LOGPIXELSY), 72); + } + HFONT hfont() const + { + return CreateFontIndirect(&logfont()); + } + LOGFONT logfont() const + { + LOGFONT lf; + ZeroMemory(&lf, sizeof(LOGFONT)); + wcscpy_s(lf.lfFaceName, fontfamily.c_str()); + if (bold) + lf.lfWeight = FW_BOLD; + lf.lfItalic = italic; + lf.lfHeight = calc_height(); + return lf; + } +}; +class mainwindow : public basewindow +{ + HFONT hfont = 0; + +public: + void setfont(const Font &); + void visfont(); + std::vector controls; + std::vector childrens; + mainwindow *parent; + HWND lastcontexthwnd; + control *layout; + virtual void on_show(); + virtual void on_close(); + void on_size(int w, int h); + mainwindow(mainwindow *_parent = 0); + LRESULT wndproc(UINT message, WPARAM wParam, LPARAM lParam); + static void run(); + void show(); + void close(); + void setcentral(int, int); + std::pair calculateXY(int w, int h); + void setlayout(control *); +}; +HICON GetExeIcon(const std::wstring &filePath); +#endif \ No newline at end of file diff --git a/cpp/LunaHook/LunaHost/LunaHostCLI.cpp b/cpp/LunaHook/LunaHost/LunaHostCLI.cpp new file mode 100644 index 00000000..fce452ef --- /dev/null +++ b/cpp/LunaHook/LunaHost/LunaHostCLI.cpp @@ -0,0 +1,129 @@ +#include "host.h" +#include +#include + +int main() +{ + _setmode(_fileno(stdout), _O_U16TEXT); + _setmode(_fileno(stdin), _O_U16TEXT); + wprintf_s(L"Usage: {'attach'|'detach'|hookcode} -Pprocessid\n"); + fflush(stdout); + Host::Start([](auto) {}, [](auto) {}, [](auto &) {}, [](auto &) {}, [](TextThread &thread, std::wstring &output) + { + wprintf_s(L"[%I64X:%I32X:%I64X:%I64X:%I64X:%s:%s] %s\n", + thread.handle, + thread.tp.processId, + thread.tp.addr, + thread.tp.ctx, + thread.tp.ctx2, + thread.name.c_str(), + thread.hp.hookcode, + output.c_str() + ); + fflush(stdout); + return false; }); + wchar_t input[500] = {}; + SearchParam sp = {}; + sp.codepage = Host::defaultCodepage; + sp.length = 0; + while (fgetws(input, 500, stdin)) + { + if (wcslen(input) <= 1) + continue; //\r\n,第二行会直接只有一个\n + wchar_t command[500] = {}; + DWORD processId = 0; + + int split; + for (split = wcslen(input) - 1; split >= 1; split--) + { + if (input[split] == L'P' && input[split - 1] == '-') + { + processId = _wtoi(input + split + 1); + break; + } + } + if (split == 1) + continue; // ExitProcess(0); + split -= 2; + while (split > 0 && input[split] == L' ') + split -= 1; + if (split == 0) + continue; // ExitProcess(0); + input[split + 1] = 0; + wcscpy(command, input); + // if (swscanf(input, L"%500s -P%d", command, &processId) != 2) ExitProcess(0); + if (_wcsicmp(command, L"attach") == 0) + Host::InjectProcess(processId); + else if (_wcsicmp(command, L"detach") == 0) + { + Host::DetachProcess(processId); + } + else if (_wcsicmp(command, L"find") == 0) + { + std::shared_ptr> hooks = std::make_shared>(); + + try + { + Host::FindHooks(processId, sp, + [hooks](HookParam hp, std::wstring text) + { + // if (std::regex_search(text, std::wregex(L"[\u3000-\ua000]"))) { + if (std::regex_search(text, std::wregex(L"[\u3000-\ua000]"))) + { + hooks->push_back(std::wstring(hp.hookcode) + L"=>" + text + L"\n"); + + // *hooks << sanitize(S(HookCode::Generate(hp) + L" => " + text)); + } + }); + } + catch (wchar_t c) + { + std::wcout << c; + } + std::thread([hooks] + { + for (int lastSize = 0; hooks->size() == 0 || hooks->size() != lastSize; Sleep(2000)) lastSize = hooks->size(); + + FILE* out = fopen("hook.txt", "a+,ccs=UTF-8"); + for (auto& hook : *hooks) { + + fwrite(hook.c_str(), wcslen(hook.c_str()) * sizeof(wchar_t), 1, out); + } + fclose(out); }) + .detach(); + } + + else + { + if (command[0] == L'-') + { + try + { + unsigned long long address; + swscanf_s(command, L"-%llu", &address); + Host::RemoveHook(processId, address); + } + catch (std::out_of_range) + { + } + } + else if (command[0] == L'=') + { + int codepage; + swscanf_s(command, L"=%d", &codepage); + Host::defaultCodepage = codepage; + } + else if (command[0] == L'+') + { + int flushDelay; + swscanf_s(command, L"+%d", &flushDelay); + TextThread::flushDelay = flushDelay; + } + else if (auto hp = HookCode::Parse(command)) + Host::InsertHook(processId, hp.value()); + else + ExitProcess(0); + } + } + ExitProcess(0); +} diff --git a/cpp/LunaHook/LunaHost/LunaHostDll.cpp b/cpp/LunaHook/LunaHost/LunaHostDll.cpp new file mode 100644 index 00000000..421d396f --- /dev/null +++ b/cpp/LunaHook/LunaHost/LunaHostDll.cpp @@ -0,0 +1,176 @@ +#include "host.h" +#define C_LUNA_API extern "C" __declspec(dllexport) +BOOL APIENTRY DllMain(HMODULE hModule, + DWORD ul_reason_for_call, + LPVOID lpReserved) +{ + switch (ul_reason_for_call) + { + case DLL_PROCESS_ATTACH: + case DLL_THREAD_ATTACH: + case DLL_THREAD_DETACH: + case DLL_PROCESS_DETACH: + break; + } + return TRUE; +} + +typedef void (*ProcessEvent)(DWORD pid); +typedef void (*ThreadEvent_maybe_embed)(const wchar_t *hookcode, const char *hookname, ThreadParam, bool isembedable); +typedef void (*ThreadEvent)(const wchar_t *hookcode, const char *hookname, ThreadParam); +typedef bool (*OutputCallback)(const wchar_t *hookcode, const char *hookname, ThreadParam, const wchar_t *text); +typedef void (*ConsoleHandler)(const wchar_t *log); +typedef void (*HookInsertHandler)(DWORD pid, uint64_t address, const wchar_t * hookcode); +typedef void (*EmbedCallback)(const wchar_t *text, ThreadParam); +typedef void (*findhookcallback_t)(wchar_t *hookcode, const wchar_t *text); +template +std::optional checkoption(bool check, T &&t) +{ + if (check) + return std::move(t); + return {}; +} +C_LUNA_API void Luna_Start(ProcessEvent Connect, ProcessEvent Disconnect, ThreadEvent_maybe_embed Create, ThreadEvent Destroy, OutputCallback Output, ConsoleHandler console, HookInsertHandler hookinsert, EmbedCallback embed, ConsoleHandler Warning) +{ + Host::StartEx( + checkoption(Connect, std::function(Connect)), + checkoption(Disconnect, std::function(Disconnect)), + checkoption(Create, [=](const TextThread &thread) + { Create(thread.hp.hookcode, thread.hp.name, thread.tp, thread.hp.type & EMBED_ABLE); }), + checkoption(Destroy, [=](const TextThread &thread) + { Destroy(thread.hp.hookcode, thread.hp.name, thread.tp); }), + checkoption(Output, [=](const TextThread &thread, std::wstring &output) + { return Output(thread.hp.hookcode, thread.hp.name, thread.tp, output.c_str()); }), + checkoption(console, [=](const std::wstring &output) + { console(output.c_str()); }), + checkoption(hookinsert, [=](DWORD pid, uint64_t addr, const std::wstring &hookcode) + { hookinsert(pid, addr, hookcode.c_str()); }), + checkoption(embed, [=](const std::wstring &output, const ThreadParam &tp) + { embed(output.c_str(), tp); }), + checkoption(Warning, [=](const std::wstring &output) + { Warning(output.c_str()); })); +} +C_LUNA_API void Luna_Inject(DWORD pid, LPCWSTR basepath) +{ + Host::InjectProcess(pid, basepath); +} +C_LUNA_API bool Luna_CreatePipeAndCheck(DWORD pid) +{ + return Host::CreatePipeAndCheck(pid); +} +C_LUNA_API void Luna_Detach(DWORD pid) +{ + Host::DetachProcess(pid); +} + +C_LUNA_API void Luna_Settings(int flushDelay, bool filterRepetition, int defaultCodepage, int maxBufferSize, int maxHistorySize) +{ + TextThread::flushDelay = flushDelay; + TextThread::filterRepetition = filterRepetition; + Host::defaultCodepage = defaultCodepage; + TextThread::maxBufferSize = maxBufferSize; + TextThread::maxHistorySize = maxHistorySize; +} + +C_LUNA_API bool Luna_InsertHookCode(DWORD pid, LPCWSTR hookcode) +{ + auto hp = HookCode::Parse(hookcode); + if (hp) + Host::InsertHook(pid, hp.value()); + return hp.has_value(); +} +C_LUNA_API void Luna_QueryThreadHistory(ThreadParam tp, void (*callback)(const wchar_t *)) +{ + auto s = Host::GetThread(tp).storage.Acquire(); + callback(s->c_str()); +} +C_LUNA_API void Luna_RemoveHook(DWORD pid, uint64_t addr) +{ + Host::RemoveHook(pid, addr); +} +C_LUNA_API void Luna_FindHooks(DWORD pid, SearchParam sp, findhookcallback_t findhookcallback) +{ + Host::FindHooks(pid, sp, [=](HookParam hp, std::wstring text) + { + wchar_t hookcode[HOOKCODE_LEN]; + wcscpy_s(hookcode,HOOKCODE_LEN, hp.hookcode); + findhookcallback(hookcode,text.c_str()); }); +} +C_LUNA_API void Luna_EmbedSettings(DWORD pid, UINT32 waittime, UINT8 fontCharSet, bool fontCharSetEnabled, wchar_t *fontFamily, UINT32 keeprawtext, bool fastskipignore) +{ + auto sm = Host::GetCommonSharedMem(pid); + if (!sm) + return; + sm->waittime = waittime; + sm->fontCharSet = fontCharSet; + sm->fontCharSetEnabled = fontCharSetEnabled; + wcscpy_s(sm->fontFamily, 100, fontFamily); + sm->keeprawtext = keeprawtext; + sm->fastskipignore = fastskipignore; +} +C_LUNA_API bool Luna_checkisusingembed(ThreadParam tp) +{ + auto sm = Host::GetCommonSharedMem(tp.processId); + if (!sm) + return false; + for (int i = 0; i < ARRAYSIZE(sm->embedtps); i++) + { + if (sm->embedtps[i].use && (sm->embedtps[i].tp == tp)) + return true; + } + return false; +} +C_LUNA_API void Luna_useembed(ThreadParam tp, bool use) +{ + auto sm = Host::GetCommonSharedMem(tp.processId); + if (!sm) + return; + sm->codepage = Host::defaultCodepage; + for (int i = 0; i < ARRAYSIZE(sm->embedtps); i++) + { + if (sm->embedtps[i].use && (sm->embedtps[i].tp == tp)) + if (!use) + ZeroMemory(sm->embedtps + i, sizeof(sm->embedtps[i])); + } + if (use) + for (int i = 0; i < ARRAYSIZE(sm->embedtps); i++) + { + if (!sm->embedtps[i].use) + { + sm->embedtps[i].use = true; + sm->embedtps[i].tp = tp; + break; + } + } +} + +C_LUNA_API void Luna_embedcallback(ThreadParam tp, LPCWSTR text, LPCWSTR trans) +{ + auto sm = Host::GetCommonSharedMem(tp.processId); + if (!sm) + return; + wcsncpy(sm->text, trans, ARRAYSIZE(sm->text)); + char eventname[1000]; + sprintf(eventname, LUNA_EMBED_notify_event, tp.processId, simplehash::djb2_n2((const unsigned char *)(text), wcslen(text) * 2)); + win_event event1(eventname); + event1.signal(true); +} + +C_LUNA_API void Luna_SyncThread(ThreadParam tp, bool sync) +{ + // 必须放到线程里去异步做,不然GetThread死锁 + std::thread([=]() + { + try + { + auto &&t=Host::GetThread(tp); + if (sync) + TextThread::syncThreads->insert(&t); + else + TextThread::syncThreads->erase(&t); + } + catch (...) + { + } }) + .detach(); +} \ No newline at end of file diff --git a/cpp/LunaHook/LunaHost/host.cpp b/cpp/LunaHook/LunaHost/host.cpp new file mode 100644 index 00000000..66ffea30 --- /dev/null +++ b/cpp/LunaHook/LunaHost/host.cpp @@ -0,0 +1,404 @@ +#include "host.h" +typedef LONG NTSTATUS; +#include "yapi.hpp" +#include "Lang/Lang.h" +namespace +{ + class ProcessRecord + { + public: + ProcessRecord(DWORD processId, HANDLE pipe) : pipe(pipe), + mappedFile2(OpenFileMappingW(FILE_MAP_READ | FILE_MAP_WRITE, FALSE, (EMBED_SHARED_MEM + std::to_wstring(processId)).c_str())), + viewMutex(ITH_HOOKMAN_MUTEX_ + std::to_wstring(processId)) + + { + commonsharedmem = (CommonSharedMem *)MapViewOfFile(mappedFile2, FILE_MAP_READ | FILE_MAP_WRITE, 0, 0, sizeof(CommonSharedMem)); + // 放到构造表里就不行,不知道为何。 + } + + ~ProcessRecord() + { + UnmapViewOfFile(commonsharedmem); + } + + template + void Send(T data) + { + static_assert(sizeof(data) < PIPE_BUFFER_SIZE); + std::thread([=] + { WriteFile(pipe, &data, sizeof(data), DUMMY, nullptr); }) + .detach(); + } + + Host::HookEventHandler OnHookFound = [](HookParam hp, std::wstring text) + { + Host::AddConsoleOutput(std::wstring(hp.hookcode) + L": " + text); + }; + + CommonSharedMem *commonsharedmem; + + private: + HANDLE pipe; + AutoHandle<> mappedFile2; + WinMutex viewMutex; + }; + + size_t HashThreadParam(ThreadParam tp) { return std::hash()(tp.processId + tp.addr) + std::hash()(tp.ctx + tp.ctx2); } + Synchronized>> textThreadsByParams; + Synchronized> processRecordsByIds; + + Host::ProcessEventHandler OnConnect, OnDisconnect; + Host::ThreadEventHandler OnCreate, OnDestroy; + Host::ConsoleHandler OnConsole = 0; + Host::ConsoleHandler OnWarning = 0; + Host::HookInsertHandler HookInsert = 0; + Host::EmbedCallback embedcallback = 0; + void RemoveThreads(std::function removeIf) + { + std::vector threadsToRemove; + for (auto &[tp, thread] : textThreadsByParams.Acquire().contents) + if (removeIf(tp)) + threadsToRemove.push_back(&thread); + for (auto thread : threadsToRemove) + { + try + { + TextThread::syncThreads->erase(thread); + } + catch (...) + { + } + OnDestroy(*thread); + textThreadsByParams->erase(thread->tp); + } + } + BOOL Is64BitProcess(HANDLE ph) + { + BOOL f64bitProc = FALSE; + if (detail::Is64BitOS()) + { + f64bitProc = !(IsWow64Process(ph, &f64bitProc) && f64bitProc); + } + return f64bitProc; + } + void CreatePipe(int pid) + { + HANDLE + hookPipe = CreateNamedPipeW((std::wstring(HOOK_PIPE) + std::to_wstring(pid)).c_str(), PIPE_ACCESS_INBOUND, PIPE_TYPE_MESSAGE | PIPE_READMODE_MESSAGE, PIPE_UNLIMITED_INSTANCES, 0, PIPE_BUFFER_SIZE, MAXDWORD, &allAccess), + hostPipe = CreateNamedPipeW((std::wstring(HOST_PIPE) + std::to_wstring(pid)).c_str(), PIPE_ACCESS_OUTBOUND, PIPE_TYPE_MESSAGE | PIPE_READMODE_MESSAGE, PIPE_UNLIMITED_INSTANCES, PIPE_BUFFER_SIZE, 0, MAXDWORD, &allAccess); + HANDLE pipeAvailableEvent = CreateEventW(&allAccess, FALSE, FALSE, (std::wstring(PIPE_AVAILABLE_EVENT) + std::to_wstring(pid)).c_str()); + + Host::AddConsoleOutput((std::wstring(PIPE_AVAILABLE_EVENT) + std::to_wstring(pid))); + SetEvent(pipeAvailableEvent); + std::thread([hookPipe, hostPipe, pipeAvailableEvent] + { + ConnectNamedPipe(hookPipe, nullptr); + CloseHandle(pipeAvailableEvent); + BYTE buffer[PIPE_BUFFER_SIZE] = {}; + DWORD bytesRead, processId; + ReadFile(hookPipe, &processId, sizeof(processId), &bytesRead, nullptr); + processRecordsByIds->try_emplace(processId, processId, hostPipe); + OnConnect(processId); + Host::AddConsoleOutput(FormatString(PROC_CONN,processId)); + //CreatePipe(); + + while (ReadFile(hookPipe, buffer, PIPE_BUFFER_SIZE, &bytesRead, nullptr)) + switch (*(HostNotificationType*)buffer) + { + case HOST_NOTIFICATION_FOUND_HOOK: + { + auto info = *(HookFoundNotif*)buffer; + auto OnHookFound = processRecordsByIds->at(processId).OnHookFound; + std::wstring wide = info.text; + if (wide.size() > STRING) { + wcscpy_s(info.hp.hookcode,HOOKCODE_LEN, HookCode::Generate(info.hp, processId).c_str()); + OnHookFound(info.hp, std::move(info.text)); + } + info.hp.type &= ~CODEC_UTF16; + if (auto converted = StringToWideString((char*)info.text, info.hp.codepage)) + if (converted->size() > STRING) + { + wcscpy_s(info.hp.hookcode,HOOKCODE_LEN, HookCode::Generate(info.hp, processId).c_str()); + OnHookFound(info.hp, std::move(converted.value())); + } + if (auto converted = StringToWideString((char*)info.text, info.hp.codepage = CP_UTF8)) + if (converted->size() > STRING) + { + wcscpy_s(info.hp.hookcode,HOOKCODE_LEN, HookCode::Generate(info.hp, processId).c_str()); + OnHookFound(info.hp, std::move(converted.value())); + } + } + break; + case HOST_NOTIFICATION_RMVHOOK: + { + auto info = *(HookRemovedNotif*)buffer; + RemoveThreads([&](ThreadParam tp) { return tp.processId == processId && tp.addr == info.address; }); + } + break; + case HOST_NOTIFICATION_INSERTING_HOOK: + { + if(HookInsert){ + auto info = (HookInsertingNotif*)buffer; + HookInsert(processId, info->addr,info->hookcode); + } + } + break; + case HOST_NOTIFICATION_TEXT: + { + auto info = *(ConsoleOutputNotif*)buffer; + Host::AddConsoleOutput(StringToWideString(info.message)); + } + break; + case HOST_NOTIFICATION_WARNING: + { + auto info = *(WarningNotif*)buffer; + Host::Warning(StringToWideString(info.message)); + } + break; + default: + { + auto data=(TextOutput_T*)buffer; + auto length= bytesRead - sizeof(TextOutput_T); + auto tp = data->tp; + auto hp=data->hp; + auto _textThreadsByParams=textThreadsByParams.Acquire(); + + auto thread = _textThreadsByParams->find(tp); + if (thread == _textThreadsByParams->end()) + { + try { thread = _textThreadsByParams->try_emplace(tp, tp, hp).first; } + catch (std::out_of_range) { continue; } // probably garbage data in pipe, try again + OnCreate(thread->second); + } + + thread->second.hp.type=data->type; + thread->second.Push(data->data, length); + + if(embedcallback){ + auto & hp=thread->second.hp; + if(hp.type&EMBED_ABLE){ + if (auto t=commonparsestring(data->data,length,&hp,Host::defaultCodepage)){ + auto text=t.value(); + if(text.size()){ + embedcallback(text,tp); + } + } + } + + } + } + break; + } + + RemoveThreads([&](ThreadParam tp) { return tp.processId == processId; }); + OnDisconnect(processId); + Host::AddConsoleOutput(FormatString(PROC_DISCONN,processId)); + processRecordsByIds->erase(processId); }) + .detach(); + } +} + +namespace Host +{ + std::mutex threadmutex; + std::mutex outputmutex; + std::mutex procmutex; + void Start(ProcessEventHandler Connect, ProcessEventHandler Disconnect, ThreadEventHandler Create, ThreadEventHandler Destroy, TextThread::OutputCallback Output, bool createconsole) + { + OnConnect = [=](auto &&...args) + {std::lock_guard _(procmutex);Connect(std::forward(args)...); }; + OnDisconnect = [=](auto &&...args) + {std::lock_guard _(procmutex);Disconnect(std::forward(args)...); }; + OnCreate = [=](TextThread &thread) + {{std::lock_guard _(threadmutex); Create(thread);} thread.Start(); }; + OnDestroy = [=](TextThread &thread) + {thread.Stop(); {std::lock_guard _(threadmutex); Destroy(thread);} }; + TextThread::Output = [=](auto &&...args) + {std::lock_guard _(outputmutex);return Output(std::forward(args)...); }; + + if (createconsole) + { + OnCreate(textThreadsByParams->try_emplace(console, console, HookParam{}, CONSOLE).first->second); + Host::AddConsoleOutput(ProjectHomePage); + } + + // CreatePipe(); + } + void StartEx(std::optional Connect, std::optional Disconnect, std::optional Create, std::optional Destroy, std::optional Output, std::optional console, std::optional hookinsert, std::optional embed, std::optional warning) + { + Start(Connect.value_or([](auto) {}), Disconnect.value_or([](auto) {}), Create.value_or([](auto &) {}), Destroy.value_or([](auto &) {}), Output.value_or([](auto &, auto &) + { return false; }), + !console); + if (warning) + OnWarning = warning.value(); + if (console) + OnConsole = [=](auto &&...args) + {std::lock_guard _(outputmutex);console.value()(std::forward(args)...); }; + if (hookinsert) + HookInsert = [=](auto &&...args) + {std::lock_guard _(threadmutex);hookinsert.value()(std::forward(args)...); }; + if (embed) + embedcallback = [=](auto &&...args) + {std::lock_guard _(outputmutex);embed.value()(std::forward(args)...); }; + } + constexpr auto PROCESS_INJECT_ACCESS = (PROCESS_CREATE_THREAD | + PROCESS_QUERY_INFORMATION | + PROCESS_VM_OPERATION | + PROCESS_VM_WRITE | + PROCESS_VM_READ); + bool SafeInject(HANDLE process, const std::wstring &location) + { +// #ifdef _WIN64 +#if 0 + BOOL invalidProcess = FALSE; + IsWow64Process(process, &invalidProcess); + if (invalidProcess) return AddConsoleOutput(NEED_32_BIT); +#endif + bool succ = false; + if (LPVOID remoteData = VirtualAllocEx(process, nullptr, (location.size() + 1) * sizeof(wchar_t), MEM_RESERVE | MEM_COMMIT, PAGE_READWRITE)) + { + WriteProcessMemory(process, remoteData, location.c_str(), (location.size() + 1) * sizeof(wchar_t), nullptr); + if (AutoHandle<> thread = CreateRemoteThread(process, nullptr, 0, (LPTHREAD_START_ROUTINE)LoadLibraryW, remoteData, 0, nullptr)) + { + WaitForSingleObject(thread, INFINITE); + succ = true; + } + else if (GetLastError() == ERROR_ACCESS_DENIED) + { + AddConsoleOutput(NEED_64_BIT); // https://stackoverflow.com/questions/16091141/createremotethread-access-denied + succ = false; + } + VirtualFreeEx(process, remoteData, 0, MEM_RELEASE); + } + return succ; + } + bool UnSafeInject(HANDLE process, const std::wstring &location) + { + + DWORD64 injectedDll; + yapi::YAPICall LoadLibraryW(process, _T("kernel32.dll"), "LoadLibraryW"); + if (x64) + injectedDll = LoadLibraryW.Dw64()(location.c_str()); + else + injectedDll = LoadLibraryW(location.c_str()); + if (injectedDll) + return true; + return false; + } + bool CheckProcess(DWORD processId) + { + if (processId == GetCurrentProcessId()) + return false; + + WinMutex(ITH_HOOKMAN_MUTEX_ + std::to_wstring(processId)); + if (GetLastError() == ERROR_ALREADY_EXISTS) + { + AddConsoleOutput(ALREADY_INJECTED); + return false; + } + return true; + } + bool InjectDll(DWORD processId, const std::wstring locationX) + { + AutoHandle<> process = OpenProcess(PROCESS_INJECT_ACCESS, FALSE, processId); + if (!process) + return false; + bool proc64 = Is64BitProcess(process); + auto dllname = proc64 ? LUNA_HOOK_DLL_64 : LUNA_HOOK_DLL_32; + std::wstring location = locationX.size() ? (locationX + L"\\" + dllname) : std::filesystem::path(getModuleFilename().value()).replace_filename(dllname); + AddConsoleOutput(location); + if (proc64 == x64) + { + return (SafeInject(process, location)); + } + else + { + return (UnSafeInject(process, location)); + } + } + bool CreatePipeAndCheck(DWORD processId) + { + CreatePipe(processId); + return CheckProcess(processId); + } + void InjectProcess(DWORD processId, const std::wstring locationX) + { + + auto check = CreatePipeAndCheck(processId); + if (check == false) + return; + + std::thread([=] + { + if(InjectDll(processId,locationX))return ; + AddConsoleOutput(INJECT_FAILED); }) + .detach(); + } + + void DetachProcess(DWORD processId) + { + auto &prs = processRecordsByIds.Acquire().contents; + if (prs.find(processId) == prs.end()) + return; + prs.at(processId).Send(HOST_COMMAND_DETACH); + } + + void InsertHook(DWORD processId, HookParam hp) + { + auto &prs = processRecordsByIds.Acquire().contents; + if (prs.find(processId) == prs.end()) + return; + prs.at(processId).Send(InsertHookCmd(hp)); + } + + void RemoveHook(DWORD processId, uint64_t address) + { + auto &prs = processRecordsByIds.Acquire().contents; + if (prs.find(processId) == prs.end()) + return; + prs.at(processId).Send(RemoveHookCmd(address)); + } + + void FindHooks(DWORD processId, SearchParam sp, HookEventHandler HookFound) + { + auto &prs = processRecordsByIds.Acquire().contents; + if (prs.find(processId) == prs.end()) + return; + if (HookFound) + prs.at(processId).OnHookFound = HookFound; + prs.at(processId).Send(FindHookCmd(sp)); + } + + TextThread &GetThread(ThreadParam tp) + { + return textThreadsByParams->at(tp); + } + + TextThread *GetThread(int64_t handle) + { + for (auto &[tp, thread] : textThreadsByParams.Acquire().contents) + if (thread.handle == handle) + return &thread; + return nullptr; + } + CommonSharedMem *GetCommonSharedMem(DWORD processId) + { + auto &prs = processRecordsByIds.Acquire().contents; + if (prs.find(processId) == prs.end()) + return 0; + return prs.at(processId).commonsharedmem; + } + void AddConsoleOutput(std::wstring text) + { + if (OnConsole) + OnConsole(std::move(text)); + else + GetThread(console).AddSentence(std::move(text)); + } + void Warning(std::wstring text) + { + if (OnWarning) + OnWarning(text); + AddConsoleOutput(L"[Warning] " + text); + } +} diff --git a/cpp/LunaHook/LunaHost/host.h b/cpp/LunaHook/LunaHost/host.h new file mode 100644 index 00000000..49b19ea2 --- /dev/null +++ b/cpp/LunaHook/LunaHost/host.h @@ -0,0 +1,32 @@ +#pragma once + +#include "textthread.h" +namespace Host +{ + using ConsoleHandler = std::function; + using ProcessEventHandler = std::function; + using ThreadEventHandler = std::function; + using HookEventHandler = std::function; + using HookInsertHandler = std::function; + using EmbedCallback = std::function; + void Start(ProcessEventHandler Connect, ProcessEventHandler Disconnect, ThreadEventHandler Create, ThreadEventHandler Destroy, TextThread::OutputCallback Output, bool createconsole = true); + void StartEx(std::optional Connect, std::optional Disconnect, std::optional Create, std::optional Destroy, std::optional Output, std::optional console, std::optional hookinsert, std::optional embed, std::optional warning); + void InjectProcess(DWORD processId, const std::wstring locationX = L""); + bool CreatePipeAndCheck(DWORD processId); + + void DetachProcess(DWORD processId); + + void InsertHook(DWORD processId, HookParam hp); + void RemoveHook(DWORD processId, uint64_t address); + void FindHooks(DWORD processId, SearchParam sp, HookEventHandler HookFound = {}); + CommonSharedMem *GetCommonSharedMem(DWORD pid); + TextThread *GetThread(int64_t handle); + TextThread &GetThread(ThreadParam tp); + + void AddConsoleOutput(std::wstring text); + void Warning(std::wstring text); + + inline int defaultCodepage = SHIFT_JIS; + + constexpr ThreadParam console{0, 0, 0, 0}; +} diff --git a/cpp/LunaHook/LunaHost/textthread.cpp b/cpp/LunaHook/LunaHost/textthread.cpp new file mode 100644 index 00000000..4862bd96 --- /dev/null +++ b/cpp/LunaHook/LunaHost/textthread.cpp @@ -0,0 +1,140 @@ +#include "textthread.h" +#include "host.h" +#include "Lang/Lang.h" + +// return true if repetition found (see https://github.com/Artikash/Textractor/issues/40) +static bool RemoveRepetition(std::wstring &text) +{ + wchar_t *end = text.data() + text.size(); + for (int length = text.size() / 3; length > 6; --length) + if (memcmp(end - length * 3, end - length * 2, length * sizeof(wchar_t)) == 0 && memcmp(end - length * 3, end - length * 1, length * sizeof(wchar_t)) == 0) + return RemoveRepetition(text = std::wstring(end - length, length)), true; + return false; +} + +TextThread::TextThread(ThreadParam tp, HookParam hp, std::optional name) : handle(threadCounter++), + name(name.value_or(StringToWideString(hp.name))), + tp(tp), + hp(hp) +{ +} + +void TextThread::Start() +{ + CreateTimerQueueTimer(&timer, NULL, [](void *This, auto) + { ((TextThread *)This)->Flush(); }, this, 10, 10, WT_EXECUTELONGFUNCTION); +} + +void TextThread::Stop() +{ + timer = NULL; +} + +void TextThread::AddSentence(std::wstring sentence) +{ + queuedSentences->emplace_back(std::move(sentence)); +} + +void TextThread::Push(BYTE *data, int length) +{ + if (length < 0) + return; + std::scoped_lock lock(bufferMutex); + + BYTE doubleByteChar[2]; + if (length == 1) // doublebyte characters must be processed as pairs + { + if (leadByte) + { + doubleByteChar[0] = leadByte; + doubleByteChar[1] = data[0]; + data = doubleByteChar; + length = 2; + leadByte = 0; + } + else if (IsDBCSLeadByteEx(hp.codepage ? hp.codepage : Host::defaultCodepage, data[0])) + { + leadByte = data[0]; + length = 0; + } + } + auto converted = commonparsestring(data, length, &hp, Host::defaultCodepage); + if (converted) + { + buffer.append(converted.value()); + if (hp.type & FULL_STRING && converted.value().size() > 1) + buffer.push_back(L'\n'); + } + else + Host::AddConsoleOutput(INVALID_CODEPAGE); + + UpdateFlushTime(); + + if (filterRepetition) + { + if (std::all_of(buffer.begin(), buffer.end(), [&](wchar_t ch) + { return repeatingChars.find(ch) != repeatingChars.end(); })) + buffer.clear(); + if (RemoveRepetition(buffer)) // sentence repetition detected, which means the entire sentence has already been received + { + repeatingChars = std::unordered_set(buffer.begin(), buffer.end()); + AddSentence(std::move(buffer)); + buffer.clear(); + } + } + + if (flushDelay == 0 && hp.type & FULL_STRING) + { + AddSentence(std::move(buffer)); + buffer.clear(); + } +} +void TextThread::UpdateFlushTime(bool recursive) +{ + lastPushTime = GetTickCount64(); + if (!recursive) + return; + auto&& ths = syncThreads.Acquire().contents; + if (ths.find(this) == ths.end()) + return; + for (auto t : ths) + { + if (t == this) + continue; + t->UpdateFlushTime(false); + } +} +void TextThread::Push(const wchar_t *data) +{ + std::scoped_lock lock(bufferMutex); + // not sure if this should filter repetition + UpdateFlushTime(); + buffer += data; +} + +void TextThread::Flush() +{ + { + auto storage = this->storage.Acquire(); + if (storage->size() > maxHistorySize) + storage->erase(0, storage->size() - maxHistorySize); // https://github.com/Artikash/Textractor/issues/127#issuecomment-486882983 + } + + std::vector sentences; + queuedSentences->swap(sentences); + for (auto &sentence : sentences) + { + sentence.erase(std::remove(sentence.begin(), sentence.end(), 0), sentence.end()); + if (Output(*this, sentence)) + storage->append(sentence + L"\n"); + } + + std::scoped_lock lock(bufferMutex); + if (buffer.empty()) + return; + if (buffer.size() > maxBufferSize || GetTickCount64() - lastPushTime > flushDelay) + { + AddSentence(std::move(buffer)); + buffer.clear(); + } +} diff --git a/cpp/LunaHook/LunaHost/textthread.h b/cpp/LunaHook/LunaHost/textthread.h new file mode 100644 index 00000000..a7ba5d63 --- /dev/null +++ b/cpp/LunaHook/LunaHost/textthread.h @@ -0,0 +1,46 @@ +#pragma once + +class TextThread +{ +public: + using OutputCallback = std::function; + inline static OutputCallback Output; + + inline static bool filterRepetition = false; + inline static int flushDelay = 100; + inline static int maxBufferSize = 3000; + inline static int maxHistorySize = 10'000'000; + inline static Synchronized> syncThreads; + + TextThread(ThreadParam tp, HookParam hp, std::optional name = {}); + + void Start(); + void Stop(); + void AddSentence(std::wstring sentence); + void Push(BYTE *data, int length); + void Push(const wchar_t *data); + + Synchronized storage; + const int64_t handle; + const std::wstring name; + const ThreadParam tp; + HookParam hp; + +private: + inline static int threadCounter = 0; + + void Flush(); + + std::wstring buffer; + BYTE leadByte = 0; + std::unordered_set repeatingChars; + std::mutex bufferMutex; + DWORD64 lastPushTime = 0; + Synchronized> queuedSentences; + struct TimerDeleter + { + void operator()(HANDLE h) { DeleteTimerQueueTimer(NULL, h, INVALID_HANDLE_VALUE); } + }; + AutoHandle timer = NULL; + void UpdateFlushTime(bool recursive = true); +}; diff --git a/cpp/LunaHook/build.py b/cpp/LunaHook/build.py new file mode 100644 index 00000000..f5d109d2 --- /dev/null +++ b/cpp/LunaHook/build.py @@ -0,0 +1,98 @@ +import os, sys, re, shutil +import subprocess + +rootDir = os.path.dirname(__file__) +if not rootDir: + rootDir = os.path.abspath(".") +if len(sys.argv) and sys.argv[1] == "loadversion": + os.chdir(rootDir) + with open("CMakeLists.txt", "r", encoding="utf8") as ff: + pattern = r"set\(VERSION_MAJOR\s*(\d+)\s*\)\nset\(VERSION_MINOR\s*(\d+)\s*\)\nset\(VERSION_PATCH\s*(\d+)\s*\)" + match = re.findall(pattern, ff.read())[0] + version_major, version_minor, version_patch = match + versionstring = f"v{version_major}.{version_minor}.{version_patch}" + print("version=" + versionstring) + exit() +if len(sys.argv) and sys.argv[1] == "merge": + os.mkdir("../build") + os.mkdir("builds") + language = ["Chinese", "English", "Russian", "TradChinese"] + bits = [32, 64] + for lang in language: + for bit in bits: + shutil.copytree( + f"build/{lang}_{bit}/Release_{lang}", + f"../build/Release_{lang}", + dirs_exist_ok=True, + ) + + targetdir = f"../build/Release_{lang}" + target = f"builds/Release_{lang}.zip" + os.system( + rf'"C:\Program Files\7-Zip\7z.exe" a -m0=Deflate -mx9 {target} {targetdir}' + ) + exit() +vcltlFile = "https://github.com/Chuyu-Team/VC-LTL5/releases/download/v5.0.9/VC-LTL-5.0.9-Binary.7z" +vcltlFileName = "VC-LTL-5.0.9-Binary.7z" + + +print(sys.version) +print(__file__) +print(rootDir) + + +def installVCLTL(): + os.chdir(rootDir) + if os.path.exists("temp"): + return # already installed + os.makedirs(rootDir + "\\temp", exist_ok=True) + subprocess.run(f"curl -Lo temp\\{vcltlFileName} {vcltlFile}") + subprocess.run(f"7z x temp\\{vcltlFileName} -otemp\\VC-LTL5") + subprocess.run("cmd /c temp\\VC-LTL5\\Install.cmd") + + +def build_langx(lang, bit): + with open("do.bat", "w") as ff: + if bit == "32": + ff.write( + rf""" +cmake -DLANGUAGE={lang} ../CMakeLists.txt -G "Visual Studio 17 2022" -A win32 -T host=x86 -B ../build/x86_{lang} +cmake --build ../build/x86_{lang} --config Release --target ALL_BUILD -j 14 +""" + ) + elif bit == "64": + ff.write( + rf""" +cmake -DLANGUAGE={lang} ../CMakeLists.txt -G "Visual Studio 17 2022" -A x64 -T host=x64 -B ../build/x64_{lang} +cmake --build ../build/x64_{lang} --config Release --target ALL_BUILD -j 14 +""" + ) + os.system(f"cmd /c do.bat") + + +def build_langx_xp(lang): + with open("do.bat", "w") as ff: + ff.write( + rf""" + +cmake -DBUILD_PLUGIN=OFF -DWINXP=1 -DLANGUAGE={lang} ../CMakeLists.txt -G "Visual Studio 16 2019" -A win32 -T v141_xp -B ../build/x86_{lang}_xp +cmake --build ../build/x86_{lang}_xp --config Release --target ALL_BUILD -j 14 +call dobuildxp.bat +""" + ) + os.system(f"cmd /c do.bat") + + +# installVCLTL() +os.chdir(os.path.join(rootDir, "scripts")) +if sys.argv[1] == "plg32": + os.system(f"cmd /c buildplugin32.bat") +elif sys.argv[1] == "plg64": + os.system(f"cmd /c buildplugin64.bat") +elif sys.argv[1] == "build": + lang = sys.argv[2] + bit = sys.argv[3] + if bit == "winxp": + build_langx_xp(lang) + else: + build_langx(lang, bit) diff --git a/cpp/LunaHook/include/CMakeLists.txt b/cpp/LunaHook/include/CMakeLists.txt new file mode 100644 index 00000000..959b7e0d --- /dev/null +++ b/cpp/LunaHook/include/CMakeLists.txt @@ -0,0 +1,4 @@ + + +add_library(pch hookcode.cpp pch.cpp stringutils.cpp) +target_precompile_headers(pch PUBLIC pch.h) diff --git a/cpp/LunaHook/include/const.h b/cpp/LunaHook/include/const.h new file mode 100644 index 00000000..f1112e64 --- /dev/null +++ b/cpp/LunaHook/include/const.h @@ -0,0 +1,127 @@ +#pragma once + +// texthook/const.h +// 8/23/2013 jichi +// Branch: ITH/common.h, rev 128 + +enum +{ + STRING = 12, + MESSAGE_SIZE = 500, + PIPE_BUFFER_SIZE = 50000, + SHIFT_JIS = 932, + MAX_MODULE_SIZE = 120, + PATTERN_SIZE = 30, + HOOK_NAME_SIZE = 60, + FIXED_SPLIT_VALUE = 0x10001, + HOOKCODE_LEN = 500 +}; +enum WildcardByte +{ + XX = 0x11 +}; + +enum HostCommandType +{ + HOST_COMMAND_NEW_HOOK, + HOST_COMMAND_REMOVE_HOOK, + HOST_COMMAND_FIND_HOOK, + HOST_COMMAND_MODIFY_HOOK, + HOST_COMMAND_HIJACK_PROCESS, + HOST_COMMAND_DETACH +}; + +enum HostNotificationType +{ + HOST_NOTIFICATION_TEXT, + HOST_NOTIFICATION_NEWHOOK, + HOST_NOTIFICATION_FOUND_HOOK, + HOST_NOTIFICATION_RMVHOOK, + HOST_NOTIFICATION_INSERTING_HOOK, + HOST_SETTEXTTHREADTYPE, + HOST_NOTIFICATION_WARNING +}; +#define NEXT_MASK(x) \ + DUMMY1_##x, \ + x = (1U << (DUMMY1_##x)), \ + DUMMY2_##x = DUMMY1_##x +#define DECLARE_VALUE(x, v) \ + DUMMY1_##x, \ + x = v, \ + DUMMY2_##x = DUMMY1_##x - 1 + +enum HookParamType : uint64_t +{ + // 默认为CODEC_ANSI_LE&USING_CHAR + // 若使用了text_fun|hook_before,会改为默认USING_STRING,这时若其实是USING_CHAR,需标明USING_STRING + DECLARE_VALUE(CODEC_ANSI_LE, 0), + NEXT_MASK(CODEC_ANSI_BE), + NEXT_MASK(CODEC_UTF8), + NEXT_MASK(CODEC_UTF16), + NEXT_MASK(CODEC_UTF32), + + NEXT_MASK(USING_CHAR), // text_fun!=nullptr && (CODE_ANSI_BE||CODE_UTF16) + NEXT_MASK(USING_STRING), + NEXT_MASK(SPECIAL_JIT_STRING), + + NEXT_MASK(FULL_STRING), + + NEXT_MASK(DATA_INDIRECT), + NEXT_MASK(USING_SPLIT), // use ctx2 or not + NEXT_MASK(SPLIT_INDIRECT), + NEXT_MASK(FIXING_SPLIT), + NEXT_MASK(NO_CONTEXT), + + NEXT_MASK(MODULE_OFFSET), // address is relative to module + NEXT_MASK(FUNCTION_OFFSET), // address is relative to function + + NEXT_MASK(KNOWN_UNSTABLE), + + NEXT_MASK(EMBED_ABLE), + NEXT_MASK(EMBED_DYNA_SJIS), + NEXT_MASK(EMBED_AFTER_NEW), + NEXT_MASK(EMBED_AFTER_OVERWRITE), + NEXT_MASK(EMBED_CODEC_UTF16), + NEXT_MASK(EMBED_INSERT_SPACE_ALWAYS), + NEXT_MASK(EMBED_INSERT_SPACE_AFTER_UNENCODABLE), + + DECLARE_VALUE(NORMAL_INLINEHOOK, 0), + NEXT_MASK(BREAK_POINT), + NEXT_MASK(DIRECT_READ), // /R read code instead of classic /H hook code + + NEXT_MASK(HOOK_RETURN), + NEXT_MASK(HOOK_EMPTY), +}; + +enum HookFontType : unsigned +{ + DECLARE_VALUE(NOT_HOOK_FONT, 0), + NEXT_MASK(F_CreateFontA), + NEXT_MASK(F_CreateFontW), + NEXT_MASK(F_CreateFontIndirectA), + NEXT_MASK(F_CreateFontIndirectW), + NEXT_MASK(F_GetGlyphOutlineA), + NEXT_MASK(F_GetGlyphOutlineW), + NEXT_MASK(F_GetTextExtentPoint32A), + NEXT_MASK(F_GetTextExtentPoint32W), + NEXT_MASK(F_GetTextExtentExPointA), + NEXT_MASK(F_GetTextExtentExPointW), + // F_GetCharABCWidthsA=0x + // F_GetCharABCWidthsW=0x + NEXT_MASK(F_TextOutA), + NEXT_MASK(F_TextOutW), + NEXT_MASK(F_ExtTextOutA), + NEXT_MASK(F_ExtTextOutW), + NEXT_MASK(F_DrawTextA), + NEXT_MASK(F_DrawTextW), + NEXT_MASK(F_DrawTextExA), + NEXT_MASK(F_DrawTextExW), + NEXT_MASK(F_CharNextA), + // F_CharNextW=0x + // F_CharNextExA=0x + // F_CharNextExW=0x + NEXT_MASK(F_CharPrevA), + // F_CharPrevW=0x + NEXT_MASK(F_MultiByteToWideChar), + NEXT_MASK(F_WideCharToMultiByte), +}; \ No newline at end of file diff --git a/cpp/LunaHook/include/defs.h b/cpp/LunaHook/include/defs.h new file mode 100644 index 00000000..510fc81a --- /dev/null +++ b/cpp/LunaHook/include/defs.h @@ -0,0 +1,35 @@ +#pragma once + +// texthook/defs.h +// 8/23/2013 jichi + +// Pipes + +constexpr auto HOOK_PIPE = L"\\\\.\\pipe\\LUNA_HOOK"; +constexpr auto HOST_PIPE = L"\\\\.\\pipe\\LUNA_HOST"; + +// Sections + +constexpr auto EMBED_SHARED_MEM = L"EMBED_SHARED_MEM"; // _%d + +// Mutexes + +constexpr auto ITH_HOOKMAN_MUTEX_ = L"LUNA_VNR_HOOKMAN_"; // ITH_HOOKMAN_%d +constexpr auto CONNECTING_MUTEX = L"LUNA_CONNECTING_PIPES"; + +// Events +constexpr auto LUNA_EMBED_notify_event = "LUNA_NOTIFY.%d.%llu"; + +constexpr auto PIPE_AVAILABLE_EVENT = L"LUNA_PIPE_AVAILABLE"; + +// Files +constexpr auto LUNA_HOOK_DLL_64 = L"LunaHook64"; +constexpr auto LUNA_HOOK_DLL_32 = L"LunaHook32"; + +#ifdef _WIN64 +constexpr auto LUNA_HOOK_DLL = LUNA_HOOK_DLL_64; // .dll but LoadLibrary automatically adds that +#else +constexpr auto LUNA_HOOK_DLL = LUNA_HOOK_DLL_32; // .dll but LoadLibrary automatically adds that +#endif + +// EOF diff --git a/cpp/LunaHook/include/hookcode.cpp b/cpp/LunaHook/include/hookcode.cpp new file mode 100644 index 00000000..0573503e --- /dev/null +++ b/cpp/LunaHook/include/hookcode.cpp @@ -0,0 +1,457 @@ + +namespace +{ + std::optional ParseRCode(std::wstring RCode) + { + RCode.erase(0, 1); + std::wsmatch match; + HookParam hp; + hp.type |= DIRECT_READ; + + // {S|Q|V|M} + switch (RCode[0]) + { + case L'S': + break; + case L'Q': + hp.type |= CODEC_UTF16; + break; + case L'U': + hp.type |= CODEC_UTF32; + break; + case L'V': + hp.type |= CODEC_UTF8; + break; + default: + return {}; + } + RCode.erase(0, 1); + + // [codepage#] + if (std::regex_search(RCode, match, std::wregex(L"^([0-9]+)#"))) + { + hp.codepage = std::stoi(match[1]); + RCode.erase(0, match[0].length()); + } + + // @addr + if (!std::regex_match(RCode, match, std::wregex(L"@([[:xdigit:]]+)"))) + return {}; + hp.address = std::stoull(match[1], nullptr, 16); + return hp; + } + + std::optional ParseHCode(std::wstring HCode, std::optional hpo = {}) + { + auto hp = hpo ? hpo.value() : HookParam{}; + if (HCode[0] == 'L') + { + hp.type |= HOOK_RETURN; + HCode.erase(0, 1); + } + switch (HCode[0]) + { + case L'B': + hp.type |= BREAK_POINT; + case L'H': + break; + default: + return {}; + } + + HCode.erase(0, 1); + + if (endWith(HCode, L":JIT:YUZU")) + hp.jittype = JITTYPE::YUZU; + else if (endWith(HCode, L":JIT:PPSSPP")) + hp.jittype = JITTYPE::PPSSPP; + else if (endWith(HCode, L":JIT:VITA3K")) + hp.jittype = JITTYPE::VITA3K; + else if (endWith(HCode, L":JIT:RPCS3")) + hp.jittype = JITTYPE::RPCS3; + else if (endWith(HCode, L":JIT:UNITY")) + hp.jittype = JITTYPE::UNITY; + + // {A|B|W|H|S|Q|V|M} + switch (HCode[0]) + { + case L'A': + hp.type |= CODEC_ANSI_BE; + break; + case L'B': + // ANSI LE + break; + case L'W': + hp.type |= CODEC_UTF16; + case L'C': + hp.type |= CODEC_UTF8; + break; + case L'I': + hp.type |= CODEC_UTF32; + break; + case L'S': + hp.type |= USING_STRING; + break; + case L'Q': + hp.type |= USING_STRING | CODEC_UTF16; + break; + case L'M': + hp.type |= USING_STRING | CODEC_UTF16 | SPECIAL_JIT_STRING; + break; + case L'U': + hp.type |= USING_STRING | CODEC_UTF32; + break; + case L'V': + hp.type |= USING_STRING | CODEC_UTF8; + break; + default: + return {}; + } + HCode.erase(0, 1); + + if (hp.type & USING_STRING) + { + if (HCode[0] == L'F') + { + hp.type |= FULL_STRING; + HCode.erase(0, 1); + } + } + + // [N] + if (HCode[0] == L'N') + { + hp.type |= NO_CONTEXT; + HCode.erase(0, 1); + } + + std::wsmatch match; + // [codepage#] + if (std::regex_search(HCode, match, std::wregex(L"^([0-9]+)#"))) + { + hp.codepage = std::stoi(match[1]); + HCode.erase(0, match[0].length()); + } + + // [padding+] + if (std::regex_search(HCode, match, std::wregex(L"^([[:xdigit:]]+)\\+"))) + { + hp.padding = std::stoll(match[1], nullptr, 16); + HCode.erase(0, match[0].length()); + } + + auto ConsumeHexInt = [&HCode] + { + size_t size = 0; + int value = 0; + try + { + value = std::stoi(HCode, &size, 16); + } + catch (std::invalid_argument) + { + } + HCode.erase(0, size); + return value; + }; + + // data_offset + hp.offset = ConsumeHexInt(); + + // [*deref_offset1] + if (HCode[0] == L'*') + { + hp.type |= DATA_INDIRECT; + HCode.erase(0, 1); + hp.index = ConsumeHexInt(); + } + + // [:split_offset[*deref_offset2]] + if (HCode[0] == L':') + { + hp.type |= USING_SPLIT; + HCode.erase(0, 1); + hp.split = ConsumeHexInt(); + + if (HCode[0] == L'*') + { + hp.type |= SPLIT_INDIRECT; + HCode.erase(0, 1); + hp.split_index = ConsumeHexInt(); + } + } + if (hp.jittype == JITTYPE::UNITY) + { + if (HCode[0] != L'@') + return {}; + HCode.erase(0, 1); + HCode = HCode.substr(0, HCode.size() - wcslen(L":JIT:UNITY")); + hp.argidx = hp.offset; + hp.offset = 0; + hp.address = 0; + hp.type &= ~MODULE_OFFSET; + hp.type &= ~FUNCTION_OFFSET; + strcpy(hp.function, ""); + wcscpy(hp.module, L""); + strcpy(hp.unityfunctioninfo, wcasta(HCode).c_str()); + } + else + { + + // @addr[:module[:func]] + if (!std::regex_match(HCode, match, std::wregex(L"^@([[:xdigit:]]+)(:.+?)?(:.+)?"))) + return {}; + hp.address = std::stoull(match[1], nullptr, 16); + if (match[2].matched) + { + hp.type |= MODULE_OFFSET; + wcsncpy_s(hp.module, match[2].str().erase(0, 1).c_str(), MAX_MODULE_SIZE - 1); + } + if (match[3].matched) + { + hp.type |= FUNCTION_OFFSET; + std::wstring func = match[3]; + strncpy_s(hp.function, std::string(func.begin(), func.end()).erase(0, 1).c_str(), MAX_MODULE_SIZE - 1); + } + + // ITH has registers offset by 4 vs AGTH: need this to correct + if (hp.offset < 0) + hp.offset -= 4; + if (hp.split < 0) + hp.split -= 4; + + if (hp.jittype != JITTYPE::PC) + { + hp.emu_addr = hp.address; + hp.argidx = hp.offset; + hp.offset = 0; + hp.address = 0; + hp.type &= ~MODULE_OFFSET; + hp.type &= ~FUNCTION_OFFSET; + strcpy(hp.function, ""); + wcscpy(hp.module, L""); + } + } + return hp; + } + + std::optional ParseECode(std::wstring code) + { + code.erase(0, 1); + HookParam hp; + hp.type |= EMBED_ABLE; + + if (code[0] == L'D') + { + hp.type |= EMBED_DYNA_SJIS; + code.erase(0, 1); + } + if (code[0] == L'S') + { + // 兼容 + code.erase(0, 1); + } + if (code[0] == L'N') + { + hp.type |= EMBED_AFTER_NEW; + code.erase(0, 1); + } + else if (code[0] == L'O') + { + hp.type |= EMBED_AFTER_OVERWRITE; + code.erase(0, 1); + } + return ParseHCode(code, hp); + } + std::wstring HexString(int64_t num) + { + if (num < 0) + return FormatString(L"-%I64X", -num); + return FormatString(L"%I64X", num); + } + + std::wstring GenerateRCode(HookParam hp) + { + std::wstring RCode = L"R"; + + if (hp.type & CODEC_UTF16) + RCode += L'Q'; + else if (hp.type & CODEC_UTF32) + RCode += L'U'; + else if (hp.type & CODEC_UTF8) + RCode += L'V'; + else + { + RCode += L'S'; + if (hp.codepage != 0) + RCode += std::to_wstring(hp.codepage) + L'#'; + } + + RCode += L'@' + HexString(hp.address); + + return RCode; + } + + std::wstring GenerateHCode(HookParam hp, DWORD processId) + { + std::wstring HCode; + if (hp.type & EMBED_ABLE) + { + HCode += L"E"; + + if (hp.hook_after) + HCode += L'X'; + else + { + if (hp.type & EMBED_DYNA_SJIS) + HCode += L"D"; + if (hp.type & EMBED_AFTER_NEW) + HCode += L"N"; + else if (hp.type & EMBED_AFTER_OVERWRITE) + HCode += L"O"; + } + } + if (hp.type & BREAK_POINT) + HCode += L"B"; + else + HCode += L"H"; + + if (hp.type & USING_STRING) + { + if (hp.type & SPECIAL_JIT_STRING) + HCode += L'M'; + else if (hp.type & CODEC_UTF16) + HCode += L'Q'; + else if (hp.type & CODEC_UTF8) + HCode += L'V'; + else if (hp.type & CODEC_UTF32) + HCode += L'U'; + else + HCode += L'S'; + } + else + { + if (hp.type & CODEC_UTF16) + HCode += L'W'; + else if (hp.type & CODEC_UTF8) + HCode += L'C'; + else if (hp.type & CODEC_UTF32) + HCode += L'I'; + else if (hp.type & CODEC_ANSI_BE) + HCode += L'A'; + else + HCode += L'B'; + } + + if (hp.text_fun || hp.filter_fun) + HCode += L'X'; + + if (hp.type & FULL_STRING) + HCode += L'F'; + + if (hp.type & NO_CONTEXT) + HCode += L'N'; + + if (hp.codepage != 0 && !(hp.type & CODEC_UTF8) && !(hp.type & CODEC_UTF16) && !(hp.type & CODEC_UTF32)) + HCode += std::to_wstring(hp.codepage) + L'#'; + + if (hp.padding) + HCode += HexString(hp.padding) + L'+'; + + if (hp.offset < 0) + hp.offset += 4; + if (hp.split < 0) + hp.split += 4; + + if (hp.jittype == JITTYPE::PC) + { + HCode += HexString(hp.offset); + } + else + { + HCode += HexString(hp.argidx); + } + + if (hp.type & DATA_INDIRECT) + HCode += L'*' + HexString(hp.index); + if (hp.type & USING_SPLIT) + HCode += L':' + HexString(hp.split); + if (hp.type & SPLIT_INDIRECT) + HCode += L'*' + HexString(hp.split_index); + + // Attempt to make the address relative + if (hp.jittype == JITTYPE::PC) + { + if (processId && !(hp.type & MODULE_OFFSET)) + if (AutoHandle<> process = OpenProcess(PROCESS_VM_READ | PROCESS_QUERY_INFORMATION, FALSE, processId)) + if (MEMORY_BASIC_INFORMATION info = {}; VirtualQueryEx(process, (LPCVOID)hp.address, &info, sizeof(info))) + if (auto moduleName = getModuleFilename(processId, (HMODULE)info.AllocationBase)) + { + hp.type |= MODULE_OFFSET; + hp.address -= (uint64_t)info.AllocationBase; + wcsncpy_s(hp.module, moduleName->c_str() + moduleName->rfind(L'\\') + 1, MAX_MODULE_SIZE - 1); + } + + HCode += L'@' + HexString(hp.address); + if (hp.type & MODULE_OFFSET) + HCode += L':' + std::wstring(hp.module); + if (hp.type & FUNCTION_OFFSET) + HCode += L':' + acastw(hp.function); + } + else + { + if (hp.jittype == JITTYPE::UNITY) + { + HCode += L'@'; + HCode += acastw(hp.unityfunctioninfo); + HCode += L":JIT:UNITY"; + } + else + { + + HCode += L'@' + HexString(hp.emu_addr); + switch (hp.jittype) + { + case JITTYPE::YUZU: + HCode += L":JIT:YUZU"; + break; + case JITTYPE::PPSSPP: + HCode += L":JIT:PPSSPP"; + break; + case JITTYPE::VITA3K: + HCode += L":JIT:VITA3K"; + break; + case JITTYPE::RPCS3: + HCode += L":JIT:RPCS3"; + break; + } + } + } + + return HCode; + } +} + +namespace HookCode +{ + std::optional Parse(std::wstring code) + { + if (code[0] == L'/') + code.erase(0, 1); + code.erase(std::find(code.begin(), code.end(), L'/'), code.end()); // legacy/AGTH compatibility + Trim(code); + if (code[0] == L'R') + return ParseRCode(code); + else if (code[0] == L'E') + return ParseECode(code); + else + return ParseHCode(code); + } + + std::wstring Generate(HookParam hp, DWORD processId) + { + std::wstring HCode = L""; + return HCode += (hp.type & DIRECT_READ ? GenerateRCode(hp) : GenerateHCode(hp, processId)); + } + +} diff --git a/cpp/LunaHook/include/hookcode.h b/cpp/LunaHook/include/hookcode.h new file mode 100644 index 00000000..82d7748f --- /dev/null +++ b/cpp/LunaHook/include/hookcode.h @@ -0,0 +1,7 @@ +#pragma once + +namespace HookCode +{ + std::optional Parse(std::wstring code); + std::wstring Generate(HookParam hp, DWORD processId = 0); +} diff --git a/cpp/LunaHook/include/lrucache.hpp b/cpp/LunaHook/include/lrucache.hpp new file mode 100644 index 00000000..a7717798 --- /dev/null +++ b/cpp/LunaHook/include/lrucache.hpp @@ -0,0 +1,89 @@ +/* + * File: lrucache.hpp + * Author: Alexander Ponomarev + * + * Created on June 20, 2013, 5:09 PM + */ + +#ifndef _LRUCACHE_HPP_INCLUDED_ +#define _LRUCACHE_HPP_INCLUDED_ + +#include +#include +#include +#include + +template +class lru_cache +{ +public: + typedef typename std::pair key_value_pair_t; + typedef typename std::list::iterator list_iterator_t; + + lru_cache(size_t max_size) : _max_size(max_size) + { + } + const key_value_pair_t &put(const key_t &key, const value_t &&value = {}) + { + auto it = _cache_items_map.find(key); + _cache_items_list.emplace_front(key_value_pair_t(key, value)); + if (it != _cache_items_map.end()) + { + _cache_items_list.erase(it->second); + _cache_items_map.erase(it); + } + _cache_items_map[key] = _cache_items_list.begin(); + + if (_cache_items_map.size() > _max_size) + { + auto last = _cache_items_list.end(); + last--; + _cache_items_map.erase(last->first); + _cache_items_list.pop_back(); + } + return *_cache_items_list.begin(); + } + const value_t &get(const key_t &key) + { + auto it = _cache_items_map.find(key); + if (it == _cache_items_map.end()) + { + throw std::range_error("There is no such key in cache"); + } + else + { + _cache_items_list.splice(_cache_items_list.begin(), _cache_items_list, it->second); + return it->second->second; + } + } + + bool exists(const key_t &key) const + { + return _cache_items_map.find(key) != _cache_items_map.end(); + } + bool touch(const key_t &key) + { + try + { + auto _ = get(key); + return true; + } + catch (...) + { + put(key); + return false; + } + } + + size_t size() const + { + return _cache_items_map.size(); + } + +private: + std::list _cache_items_list; + std::unordered_map _cache_items_map; + size_t _max_size; +}; + +#endif /* _LRUCACHE_HPP_INCLUDED_ */ diff --git a/src/plugins/pch.cpp b/cpp/LunaHook/include/pch.cpp similarity index 100% rename from src/plugins/pch.cpp rename to cpp/LunaHook/include/pch.cpp diff --git a/cpp/LunaHook/include/pch.h b/cpp/LunaHook/include/pch.h new file mode 100644 index 00000000..cc2d353a --- /dev/null +++ b/cpp/LunaHook/include/pch.h @@ -0,0 +1,46 @@ +#pragma once +#include +#define _WINSOCKAPI_ +#define WIN32_LEAN_AND_MEAN +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include "stringutils.h" +#include "utils.h" +#include "defs.h" +#include "const.h" +#include "types.h" +#include "hookcode.h" +#include "texthook.h" +#include "winevent.hpp" +#include "lrucache.hpp" \ No newline at end of file diff --git a/cpp/LunaHook/include/stringutils.cpp b/cpp/LunaHook/include/stringutils.cpp new file mode 100644 index 00000000..2ab0193a --- /dev/null +++ b/cpp/LunaHook/include/stringutils.cpp @@ -0,0 +1,292 @@ + +LPCSTR reverse_search_begin(const char *s, int maxsize) +{ + if (*s) + for (int i = 0; i < maxsize; i++, s--) + if (!*s) + return s + 1; + return nullptr; +} + +template +inline bool all_ascii_impl(const CharT *s, int maxsize) +{ + if (s) + for (int i = 0; i < maxsize && *s; i++, s++) + if ((unsigned)*s > 127) + return false; + return true; +} + +template +inline void strReplace_impl(StringT &str, const StringT &oldStr, const StringT &newStr) +{ + size_t pos = 0; + while ((pos = str.find(oldStr, pos)) != StringT::npos) + { + str.replace(pos, oldStr.length(), newStr); + pos += newStr.length(); + } +} + +template +inline std::vector strSplit_impl(const StringT &s, const StringT &delim) +{ + StringT item; + std::vector tokens; + + StringT str = s; + + size_t pos = 0; + while ((pos = str.find(delim)) != StringT::npos) + { + item = str.substr(0, pos); + tokens.push_back(item); + str.erase(0, pos + delim.length()); + } + tokens.push_back(str); + return tokens; +} + +template +inline bool endWith_impl(const StringT &s, const StringT &s2) +{ + if ((s.size() >= s2.size()) && (s.substr(s.size() - s2.size(), s2.size()) == s2)) + { + return true; + } + return false; +} + +template +inline bool startWith_impl(const StringT &s, const StringT &s2) +{ + if ((s.size() >= s2.size()) && (s.substr(0, s2.size()) == s2)) + { + return true; + } + return false; +} + +bool all_ascii(const char *s, int maxsize) { return all_ascii_impl(s, maxsize); } +bool all_ascii(const wchar_t *s, int maxsize) { return all_ascii_impl(s, maxsize); } + +void strReplace(std::string &str, const std::string &oldStr, const std::string &newStr) { strReplace_impl(str, oldStr, newStr); } +void strReplace(std::wstring &str, const std::wstring &oldStr, const std::wstring &newStr) { strReplace_impl(str, oldStr, newStr); } +std::vector strSplit(const std::string &s, const std::string &delim) { return strSplit_impl(s, delim); } +std::vector strSplit(const std::wstring &s, const std::wstring &delim) { return strSplit_impl(s, delim); } +bool startWith(const std::string_view &s, const std::string_view &s2) { return startWith_impl(s, s2); } +bool startWith(const std::wstring_view &s, const std::wstring_view &s2) { return startWith_impl(s, s2); } +bool endWith(const std::string_view &s, const std::string_view &s2) { return endWith_impl(s, s2); } +bool endWith(const std::wstring_view &s, const std::wstring_view &s2) { return endWith_impl(s, s2); } + +typedef HRESULT(WINAPI *CONVERTINETMULTIBYTETOUNICODE)( + LPDWORD lpdwMode, + DWORD dwSrcEncoding, + LPCSTR lpSrcStr, + LPINT lpnMultiCharCount, + LPWSTR lpDstStr, + LPINT lpnWideCharCount); +typedef HRESULT(WINAPI *CONVERTINETUNICODETOMULTIBYTE)( + LPDWORD lpdwMode, + DWORD dwEncoding, + LPCWSTR lpSrcStr, + LPINT lpnWideCharCount, + LPSTR lpDstStr, + LPINT lpnMultiCharCount); + +std::optional StringToWideString(const std::string &text, UINT encoding) +{ + std::vector buffer(text.size() + 1); + if (disable_mbwc) + { + int _s = text.size(); + int _s2 = buffer.size(); + auto h = LoadLibrary(TEXT("mlang.dll")); + if (h == 0) + return {}; + auto ConvertINetMultiByteToUnicode = (CONVERTINETMULTIBYTETOUNICODE)GetProcAddress(h, "ConvertINetMultiByteToUnicode"); + if (ConvertINetMultiByteToUnicode == 0) + return {}; + auto hr = ConvertINetMultiByteToUnicode(0, encoding, text.c_str(), &_s, buffer.data(), &_s2); + if (SUCCEEDED(hr)) + { + return std::wstring(buffer.data(), _s2); + } + else + return {}; + } + else + { + if (int length = MultiByteToWideChar(encoding, 0, text.c_str(), text.size() + 1, buffer.data(), buffer.size())) + return std::wstring(buffer.data(), length - 1); + return {}; + } +} + +std::wstring StringToWideString(const std::string &text) +{ + return StringToWideString(text, CP_UTF8).value(); +} + +std::string WideStringToString(const std::wstring &text, UINT cp) +{ + std::vector buffer((text.size() + 1) * 4); + if (disable_wcmb) + { + int _s = text.size(); + int _s2 = buffer.size(); + auto h = LoadLibrary(TEXT("mlang.dll")); + if (h == 0) + return {}; + auto ConvertINetUnicodeToMultiByte = (CONVERTINETUNICODETOMULTIBYTE)GetProcAddress(h, "ConvertINetUnicodeToMultiByte"); + if (ConvertINetUnicodeToMultiByte == 0) + return {}; + auto hr = ConvertINetUnicodeToMultiByte(0, cp, text.c_str(), &_s, buffer.data(), &_s2); + if (SUCCEEDED(hr)) + { + return std::string(buffer.data(), _s2); + } + else + return {}; + } + else + { + WideCharToMultiByte(cp, 0, text.c_str(), -1, buffer.data(), buffer.size(), nullptr, nullptr); + return buffer.data(); + } +} +inline unsigned int convertUTF32ToUTF16(unsigned int cUTF32, unsigned int &h, unsigned int &l) +{ + if (cUTF32 < 0x10000) + { + h = 0; + l = cUTF32; + return cUTF32; + } + unsigned int t = cUTF32 - 0x10000; + h = (((t << 12) >> 22) + 0xD800); + l = (((t << 22) >> 22) + 0xDC00); + unsigned int ret = ((h << 16) | (l & 0x0000FFFF)); + return ret; +} + +std::basic_string utf16_to_utf32(const wchar_t *u16str, size_t size) +{ + std::basic_string utf32String; + for (size_t i = 0; i < size; i++) + { + auto u16c = u16str[i]; + if (u16c - 0xd800u < 2048u) + if ((u16c & 0xfffffc00 == 0xd800) && (i < size - 1) && (u16str[i + 1] & 0xfffffc00 == 0xdc00)) + { + utf32String += (u16c << 10) + u16str[i + 1] - 0x35fdc00; + i += 1; + } + else + { + // error invalid u16 char + } + else + utf32String += u16str[i]; + } + return utf32String; +} + +std::wstring utf32_to_utf16(uint32_t *u32str, size_t size) +{ + std::wstring u16str; + for (auto i = 0; i < size; i++) + { + unsigned h, l; + convertUTF32ToUTF16(u32str[i], h, l); + if (h) + u16str.push_back((wchar_t)h); + u16str.push_back((wchar_t)l); + } + return u16str; +} + +uint32_t *u32strcpy(uint32_t *s, const uint32_t *r) +{ + while (*r) + { + *s = *r; + s += 1; + r += 1; + } + *s = 0; + return s; +} +// 检查一个字节是否是有效的 UTF-8 后续字节 +int is_valid_following_byte(unsigned char byte) +{ + return (byte & 0xC0) == 0x80; // 10xxxxxx +} +int utf8charlen(char *str) +{ + if ((!str) || (!*str)) + return 0; + unsigned char first_byte = (unsigned char)*str; + + if ((first_byte & 0x80) == 0) + { + // 0xxxxxxx - 1 byte character + return 1; + } + else if ((first_byte & 0xE0) == 0xC0) + { + // 110xxxxx - 2 byte character + if (is_valid_following_byte((unsigned char)str[1])) + { + return 2; + } + } + else if ((first_byte & 0xF0) == 0xE0) + { + // 1110xxxx - 3 byte character + if (is_valid_following_byte((unsigned char)str[1]) && + is_valid_following_byte((unsigned char)str[2])) + { + return 3; + } + } + else if ((first_byte & 0xF8) == 0xF0) + { + // 11110xxx - 4 byte character + if (is_valid_following_byte((unsigned char)str[1]) && + is_valid_following_byte((unsigned char)str[2]) && + is_valid_following_byte((unsigned char)str[3])) + { + return 4; + } + } + return 0; // 不是有效的UTF-8序列 +} +std::string wcasta(const std::wstring &x) +{ + std::string xx; + for (auto c : x) + xx += c; + return xx; +} + +std::wstring acastw(const std::string &x) +{ + std::wstring xx; + for (auto c : x) + xx += c; + return xx; +} +std::optional commonparsestring(void *data, size_t length, void *php, DWORD df) +{ + auto hp = (HookParam *)php; + if (hp->type & CODEC_UTF16) + return std::wstring((wchar_t *)data, length / sizeof(wchar_t)); + else if (hp->type & CODEC_UTF32) + return (std::move(utf32_to_utf16((uint32_t *)data, length / sizeof(uint32_t)))); + else if (auto converted = StringToWideString(std::string((char *)data, length), (hp->type & CODEC_UTF8) ? CP_UTF8 : (hp->codepage ? hp->codepage : df))) + return (converted.value()); + else + return {}; +} \ No newline at end of file diff --git a/cpp/LunaHook/include/stringutils.h b/cpp/LunaHook/include/stringutils.h new file mode 100644 index 00000000..0eb7c6ee --- /dev/null +++ b/cpp/LunaHook/include/stringutils.h @@ -0,0 +1,125 @@ +#ifndef __LUNA_STRINGUILTS_H +#define __LUNA_STRINGUILTS_H + +enum +{ + VNR_TEXT_CAPACITY = 1500 +}; // estimated max number of bytes allowed in VNR, slightly larger than VNR's text limit (1000) + +template +StringT stolower(StringT s) +{ + std::transform(s.begin(), s.end(), s.begin(), tolower); + return s; +} + +LPCSTR reverse_search_begin(const char *s, int maxsize = VNR_TEXT_CAPACITY); + +bool all_ascii(const char *s, int maxsize = VNR_TEXT_CAPACITY); +bool all_ascii(const wchar_t *s, int maxsize = VNR_TEXT_CAPACITY); +void strReplace(std::string &str, const std::string &oldStr, const std::string &newStr); +void strReplace(std::wstring &str, const std::wstring &oldStr, const std::wstring &newStr); +std::vector strSplit(const std::string &s, const std::string &delim); +std::vector strSplit(const std::wstring &s, const std::wstring &delim); +bool startWith(const std::string_view &s, const std::string_view &s2); +bool startWith(const std::wstring_view &s, const std::wstring_view &s2); + +bool endWith(const std::string_view &s, const std::string_view &s2); +bool endWith(const std::wstring_view &s, const std::wstring_view &s2); + +std::wstring utf32_to_utf16(uint32_t *u32str, size_t size); +std::basic_string utf16_to_utf32(const wchar_t *u16str, size_t size); + +std::string WideStringToString(const std::wstring &text, UINT cp = CP_UTF8); +std::wstring StringToWideString(const std::string &text); +std::optional StringToWideString(const std::string &text, UINT encoding); + +std::string wcasta(const std::wstring &x); +std::wstring acastw(const std::string &x); +uint32_t *u32strcpy(uint32_t *s, const uint32_t *r); + +template +size_t strlenEx(const CharT *s) +{ + return std::basic_string_view(s).size(); +} +template +size_t strnlenEx(const CharT *s, size_t sz) +{ + size_t t = 0; + sz /= sizeof(CharT); + if constexpr (std::is_same_v) + t = strnlen(s, sz); + else if constexpr (std::is_same_v) + t = wcsnlen(s, sz); + else if constexpr (std::is_same_v) + t = strlenEx(s); + else + static_assert(true); + return t; +} + +template +CharT *strcpyEx(CharT *s, const CharT *r) +{ + if constexpr (std::is_same_v) + return strcpy(s, r); + else if constexpr (std::is_same_v) + return wcscpy(s, r); + else if constexpr (std::is_same_v) + return u32strcpy(s, r); + else + static_assert(true); + return nullptr; +} +template +CharT *strncpyEx(CharT *s, const CharT *r, size_t sz) +{ + sz /= sizeof(CharT); + if constexpr (std::is_same_v) + return strncpy(s, r, sz); + else if constexpr (std::is_same_v) + return wcsncpy(s, r, sz); + else if constexpr (std::is_same_v) + return u32strcpy(s, r); + else + static_assert(true); + return nullptr; +} + +int utf8charlen(char *data); +inline bool disable_mbwc = false; +inline bool disable_wcmb = false; +template +inline void Trim(ST &text) +{ + text.erase(text.begin(), std::find_if_not(text.begin(), text.end(), iswspace)); + text.erase(std::find_if_not(text.rbegin(), text.rend(), iswspace).base(), text.end()); +} + +template +inline auto FormatArg(T arg) { return arg; } +template +inline auto FormatArg(const std::basic_string &arg) { return arg.c_str(); } + +#pragma warning(push) +#pragma warning(disable : 4996) +template +inline std::string FormatString(const char *format, const Args &...args) +{ + std::string buffer(snprintf(nullptr, 0, format, FormatArg(args)...), '\0'); + sprintf(buffer.data(), format, FormatArg(args)...); + return buffer; +} + +template +inline std::wstring FormatString(const wchar_t *format, const Args &...args) +{ + std::wstring buffer(_snwprintf(nullptr, 0, format, FormatArg(args)...), L'\0'); + _swprintf(buffer.data(), format, FormatArg(args)...); + return buffer; +} + +std::optional commonparsestring(void *, size_t, void *, DWORD); +#pragma warning(pop) +#endif \ No newline at end of file diff --git a/cpp/LunaHook/include/texthook.h b/cpp/LunaHook/include/texthook.h new file mode 100644 index 00000000..6177e5b7 --- /dev/null +++ b/cpp/LunaHook/include/texthook.h @@ -0,0 +1,68 @@ +#pragma once + +// texthook.h +// 8/24/2013 jichi +// Branch: IHF_DLL/IHF_CLIENT.h, rev 133 +// +// 8/24/2013 TODO: +// - Clean up this file +// - Reduce global variables. Use namespaces or singleton classes instead. + +inline std::atomic trigger_fun = nullptr; + +// jichi 9/25/2013: This class will be used by NtMapViewOfSectionfor +// interprocedure communication, where constructor/destructor will NOT work. +struct CommonSharedMem +{ + UINT32 waittime; + UINT32 keeprawtext; + uint64_t hash; + wchar_t text[1000]; + bool fontCharSetEnabled; + UINT8 fontCharSet; + wchar_t fontFamily[100]; + UINT codepage; + bool fastskipignore; + struct + { + bool use; + ThreadParam tp; + } embedtps[32]; +}; +class TextHook +{ +public: + HookParam hp; + ALIGNPTR(uint64_t address, void *location); + uint64_t savetypeforremove; + bool Insert(HookParam hp); + void Clear(); + +private: + void Read(); + bool InsertHookCode(); + bool InsertReadCode(); + bool InsertBreakPoint(); + bool RemoveBreakPoint(); + bool breakpointcontext(PCONTEXT); + void Send(uintptr_t dwDatabase); + int GetLength(hook_stack *stack, uintptr_t in); // jichi 12/25/2013: Return 0 if failed + int HookStrlen(BYTE *data); + void RemoveHookCode(); + void RemoveReadCode(); + bool waitfornotify(TextBuffer*, ThreadParam tp); + void parsenewlineseperator(TextBuffer*); + volatile DWORD useCount; + ALIGNPTR(uint64_t __1, HANDLE readerThread); + ALIGNPTR(uint64_t __2, HANDLE readerEvent); + bool err; + ALIGNPTR(BYTE __4[140], BYTE trampoline[x64 ? 140 : 40]); + ALIGNPTR(uint64_t __3, BYTE *local_buffer); +}; + +enum +{ + MAX_HOOK = 2500 +}; + +// EOF diff --git a/cpp/LunaHook/include/types.h b/cpp/LunaHook/include/types.h new file mode 100644 index 00000000..800cb1de --- /dev/null +++ b/cpp/LunaHook/include/types.h @@ -0,0 +1,262 @@ +#pragma once + +class WinMutex // Like CMutex but works with scoped_lock +{ +public: + WinMutex(std::wstring name = L"", LPSECURITY_ATTRIBUTES sa = nullptr) : m(CreateMutexW(sa, FALSE, name.empty() ? NULL : name.c_str())) {} + void lock() + { + if (m) + WaitForSingleObject(m, INFINITE); + } + void unlock() + { + if (m) + ReleaseMutex(m); + } + +private: + AutoHandle<> m; +}; + +inline SECURITY_ATTRIBUTES allAccess = std::invoke([] // allows non-admin processes to access kernel objects made by admin processes + { + static SECURITY_DESCRIPTOR sd = {}; + InitializeSecurityDescriptor(&sd, SECURITY_DESCRIPTOR_REVISION); + SetSecurityDescriptorDacl(&sd, TRUE, NULL, FALSE); + return SECURITY_ATTRIBUTES{ sizeof(SECURITY_ATTRIBUTES), &sd, FALSE }; }); + +struct hook_stack +{ + +#ifndef _WIN64 + uintptr_t _eflags; // pushfd + uintptr_t edi, // pushad + esi, + ebp, + esp, + ebx, + edx, + ecx, // this + eax; // 0x28 + +#else + uintptr_t r15, + r14, + r13, + r12, + r11, + r10, + r9, + r8, + rdi, + rsi, + rbp, + rsp, + rdx, + rcx, + rbx, + rax; +#endif + uintptr_t eflags; // pushaf + union + { + uintptr_t stack[1]; // beginning of the runtime stack + uintptr_t retaddr; + BYTE base[1]; + }; + uintptr_t get_base() + { + return (uintptr_t)this + sizeof(hook_stack) - sizeof(uintptr_t); + } +}; + +inline hook_stack *get_hook_stack(uintptr_t lpDataBase) +{ + return (hook_stack *)(lpDataBase - sizeof(hook_stack) + sizeof(uintptr_t)); +} +// jichi 3/7/2014: Add guessed comment + +#define ALIGNPTR(Y, X) \ + union \ + { \ + ##Y; \ + ##X; \ + }; + +enum class JITTYPE +{ + PC, // not a jit + YUZU, + PPSSPP, + VITA3K, + RPCS3, + UNITY +}; +struct TextBuffer; +struct HookParam +{ + // address和emu_addr需要在host和hook之间传递,因此不能用uintptr_t + uint64_t address; // absolute or relative address + int offset, // offset of the data in the memory + index, // deref_offset1 + split, // offset of the split character + split_index; // deref_offset2 + + wchar_t module[MAX_MODULE_SIZE]; + + char function[MAX_MODULE_SIZE]; + uint64_t type; // flags + UINT codepage; // text encoding + short length_offset; // index of the string length + ALIGNPTR(uint64_t __1, uintptr_t padding); // padding before string + ALIGNPTR(uint64_t __12, uintptr_t user_value); + ALIGNPTR(uint64_t __2, void (*text_fun)(hook_stack *stack, HookParam *hp, TextBuffer *buffer, uintptr_t *split)) + ALIGNPTR(uint64_t __3, bool (*filter_fun)(void *data, size_t *len, HookParam *hp)); // jichi 10/24/2014: Add filter function. Return false to skip the text + ALIGNPTR(uint64_t __7, void (*hook_after)(hook_stack *stack, void *data, size_t len)); + uint64_t hook_font; + ALIGNPTR(uint64_t __9, const wchar_t *newlineseperator); + char name[HOOK_NAME_SIZE]; + wchar_t hookcode[HOOKCODE_LEN]; + HookParam() + { + ZeroMemory(this, sizeof(HookParam)); + } + uint64_t emu_addr; + int argidx; + JITTYPE jittype; + char unityfunctioninfo[1024]; +}; + +struct ThreadParam +{ + bool operator==(ThreadParam other) const { return processId == other.processId && addr == other.addr && ctx == other.ctx && ctx2 == other.ctx2; } + DWORD processId; + uint64_t addr; + uint64_t ctx; // The context of the hook: by default the first value on stack, usually the return address + uint64_t ctx2; // The subcontext of the hook: 0 by default, generated in a method specific to the hook +}; + +struct SearchParam +{ + BYTE pattern[PATTERN_SIZE] = {x64 ? 0xcc : 0x55, x64 ? 0xcc : 0x8b, x64 ? 0x48 : 0xec, 0x89}; // pattern in memory to search for + int address_method = 0; + int search_method = 0; + int length = x64 ? 4 : 3, // length of pattern (zero means this SearchParam is invalid and the default should be used) + offset = x64 ? 2 : 0, // offset from start of pattern to add hook + searchTime = 30000, // ms + maxRecords = 100000, + codepage = SHIFT_JIS; + // uintptr_t padding = 0, // same as hook param padding + // minAddress = 0, maxAddress = (uintptr_t)-1; // hook all functions between these addresses (used only if both modules empty) + ALIGNPTR(uint64_t __1, intptr_t padding = 0); + ALIGNPTR(uint64_t __2, uintptr_t minAddress = 0); + ALIGNPTR(uint64_t __3, uintptr_t maxAddress = (uintptr_t)-1); + wchar_t boundaryModule[MAX_MODULE_SIZE] = {}; // hook all functions within this module (middle priority) + wchar_t exportModule[MAX_MODULE_SIZE] = {}; // hook the exports of this module (highest priority) + wchar_t text[PATTERN_SIZE] = {}; // text to search for + JITTYPE jittype; +}; + +struct InsertHookCmd // From host +{ + InsertHookCmd(HookParam hp) : hp(hp) {} + HostCommandType command = HOST_COMMAND_NEW_HOOK; + HookParam hp; +}; +struct RemoveHookCmd // From host +{ + RemoveHookCmd(uint64_t address) : address(address) {} + HostCommandType command = HOST_COMMAND_REMOVE_HOOK; + uint64_t address; +}; + +struct FindHookCmd // From host +{ + FindHookCmd(SearchParam sp) : sp(sp) {} + HostCommandType command = HOST_COMMAND_FIND_HOOK; + SearchParam sp; +}; + +struct ConsoleOutputNotif // From dll +{ + ConsoleOutputNotif(std::string message = "") { strncpy_s(this->message, message.c_str(), MESSAGE_SIZE - 1); } + HostNotificationType command = HOST_NOTIFICATION_TEXT; + char message[MESSAGE_SIZE] = {}; +}; +struct WarningNotif // From dll +{ + WarningNotif(std::string message = "") { strncpy_s(this->message, message.c_str(), MESSAGE_SIZE - 1); } + HostNotificationType command = HOST_NOTIFICATION_WARNING; + char message[MESSAGE_SIZE] = {}; +}; + +struct HookFoundNotif // From dll +{ + HookFoundNotif(HookParam hp, wchar_t *text) : hp(hp) { wcsncpy_s(this->text, text, MESSAGE_SIZE - 1); } + HostNotificationType command = HOST_NOTIFICATION_FOUND_HOOK; + HookParam hp; + wchar_t text[MESSAGE_SIZE] = {}; // though type is wchar_t, may not be encoded in UTF-16 (it's just convenient to use wcs* functions) +}; + +struct HookRemovedNotif // From dll +{ + HookRemovedNotif(uint64_t address) : address(address) {}; + HostNotificationType command = HOST_NOTIFICATION_RMVHOOK; + uint64_t address; +}; + +struct HookInsertingNotif // From dll +{ + HookInsertingNotif(uint64_t addr1) : addr(addr1) {} + HostNotificationType command = HOST_NOTIFICATION_INSERTING_HOOK; + uint64_t addr; + wchar_t hookcode[HOOKCODE_LEN]; +}; + +struct TextOutput_T +{ + ThreadParam tp; + HookParam hp; + uint64_t type; + BYTE data[0]; +}; + +enum +{ + TEXT_BUFFER_SIZE = PIPE_BUFFER_SIZE - sizeof(TextOutput_T) +}; + +struct TextBuffer +{ + BYTE *buff; + size_t *lpsize; + template + void from_cs(const CharT *c) + { + if (!c) + return; + *lpsize = strlenEx(c) * sizeof(CharT); + strncpyEx((CharT *)buff, c, TEXT_BUFFER_SIZE); + } + template >> + void from(const StringT &c) + { + *lpsize = min(TEXT_BUFFER_SIZE, strSize(c)); + memcpy(buff, c.data(), *lpsize); + } + template + void from(const CharT ptr, size_t t) + { + if (!ptr || !t) + return; + *lpsize = min(TEXT_BUFFER_SIZE, t); + memcpy(buff, (void *)ptr, *lpsize); + } + template + void from_t(const T tm) + { + *lpsize = sizeof(T); + *(T *)buff = tm; + } +}; \ No newline at end of file diff --git a/cpp/LunaHook/include/utils.h b/cpp/LunaHook/include/utils.h new file mode 100644 index 00000000..95f2d85e --- /dev/null +++ b/cpp/LunaHook/include/utils.h @@ -0,0 +1,172 @@ +#pragma once + +#ifdef _WIN64 +constexpr bool x64 = true; +#else +constexpr bool x64 = false; +#endif + +template +struct ArrayImpl +{ + using Type = std::tuple[]; +}; +template +struct ArrayImpl +{ + using Type = T[]; +}; +template +using Array = typename ArrayImpl::Type; + +template +using Functor = std::integral_constant, F>; // shouldn't need remove_reference_t but MSVC is bugged + +struct PermissivePointer +{ + template + operator T *() { return (T *)p; } + void *p; +}; + +template > +class AutoHandle +{ +public: + AutoHandle(HANDLE h) : h(h) {} + operator HANDLE() { return h.get(); } + PHANDLE operator&() + { + static_assert(sizeof(*this) == sizeof(HANDLE)); + assert(!h); + return (PHANDLE)this; + } + operator bool() { return h.get() != NULL && h.get() != INVALID_HANDLE_VALUE; } + +private: + struct HandleCleaner + { + void operator()(void *h) + { + if (h != INVALID_HANDLE_VALUE) + HandleCloser()(PermissivePointer{h}); + } + }; + std::unique_ptr h; +}; + +template +class Synchronized +{ +public: + template + Synchronized(Args &&...args) : contents(std::forward(args)...) {} + + struct Locker + { + T *operator->() { return &contents; } + std::unique_lock lock; + T &contents; + }; + + Locker Acquire() { return {std::unique_lock(m), contents}; } + Locker operator->() { return Acquire(); } + T Copy() { return Acquire().contents; } + +private: + T contents; + M m; +}; + +template +void SpawnThread(const F &f) // works in DllMain unlike std thread +{ + F *copy = new F(f); + CloseHandle(CreateThread(nullptr, 0, [](void *copy) + { + (*(F*)copy)(); + delete (F*)copy; + return 0UL; }, copy, 0, nullptr)); +} + +inline struct // should be inline but MSVC (linker) is bugged +{ + inline static BYTE DUMMY[100]; + template + operator T *() + { + static_assert(sizeof(T) < sizeof(DUMMY)); + return (T *)DUMMY; + } +} DUMMY; + +inline auto Swallow = [](auto &&...) {}; + +template +std::optional> Copy(T *ptr) +{ + if (ptr) + return *ptr; + return {}; +} + +inline std::optional getModuleFilename(DWORD processId, HMODULE module = NULL) +{ + std::vector buffer(MAX_PATH); + if (AutoHandle<> process = OpenProcess(PROCESS_VM_READ | PROCESS_QUERY_INFORMATION, FALSE, processId)) + if (GetModuleFileNameExW(process, module, buffer.data(), MAX_PATH)) + return buffer.data(); + return {}; +} + +inline std::optional getModuleFilename(HMODULE module = NULL) +{ + std::vector buffer(MAX_PATH); + if (GetModuleFileNameW(module, buffer.data(), MAX_PATH)) + return buffer.data(); + return {}; +} + +template +struct SafeFptr +{ + T ptr; + uintptr_t errorvalue; + SafeFptr(T _ptr, uintptr_t v = {NULL}) : ptr(_ptr), errorvalue(v) {} + + template + std::invoke_result_t operator()(Args... args) + { + if (!ptr) + return (std::invoke_result_t)(errorvalue); + return ptr(std::forward(args)...); + } +}; +namespace simplehash +{ + enum : UINT64 + { + djb2_hash0 = 5381 + }; + inline UINT64 djb2(const UINT8 *str, UINT64 hash = djb2_hash0) + { + UINT8 c; + while ((c = *str++)) + hash = ((hash << 5) + hash) + c; // hash * 33 + c + return hash; + } + inline UINT64 djb2_n2(const unsigned char *str, size_t len, UINT64 hash = djb2_hash0) + { + while (len--) + hash = ((hash << 5) + hash) + (*str++); // hash * 33 + c + return hash; + } + inline UINT64 hashByteArraySTD(const std::string &b, UINT64 h = djb2_hash0) + { + return djb2_n2((const unsigned char *)b.c_str(), b.size(), h); + } + inline UINT64 hashCharArray(const void *lp) + { + return djb2(reinterpret_cast(lp)); + } +} \ No newline at end of file diff --git a/cpp/LunaHook/include/winevent.hpp b/cpp/LunaHook/include/winevent.hpp new file mode 100644 index 00000000..a50efd84 --- /dev/null +++ b/cpp/LunaHook/include/winevent.hpp @@ -0,0 +1,43 @@ +#include +class win_event +{ + typedef win_event _Self; + typedef HANDLE __native_handle_type; + typedef const char *__native_string_type; + + __native_handle_type _M_handle; + __native_string_type _M_name; + + win_event(const _Self &); + _Self &operator=(const _Self &); + +public: + typedef __native_handle_type native_handle_type; + typedef __native_string_type native_string_type; + + explicit win_event(native_string_type name, bool create = true) + : _M_name(name) + { + _M_handle = create ? // lpEventAttributes, bManualReset, bInitialState, lpName + ::CreateEventA(nullptr, TRUE, FALSE, name) + : ::OpenEventA(EVENT_ALL_ACCESS, FALSE, name); // dwDesiredAccess, bInheritHandle, lpName + } + + ~win_event() { ::CloseHandle(_M_handle); } + + native_handle_type native_handle() const { return _M_handle; } + native_string_type native_name() const { return _M_name; } + + bool valid() const { return _M_handle; } + + bool signal(bool t) + { + return t ? ::SetEvent(_M_handle) : ::ResetEvent(_M_handle); + } + + /// Return true only if when it is wake up by notify instead of timeout + bool wait(DWORD msec = INFINITE) + { + return WAIT_OBJECT_0 == ::WaitForSingleObject(_M_handle, msec); + } +}; diff --git a/cpp/LunaHook/include/yapi.hpp b/cpp/LunaHook/include/yapi.hpp new file mode 100644 index 00000000..235fd316 --- /dev/null +++ b/cpp/LunaHook/include/yapi.hpp @@ -0,0 +1,912 @@ +/* + yapi -- Yet Another Process Injector / Your API + A fusion library that reduce differences between x64, wow64 and x86 processes based on rewolf-wow64ext. + + Copyright (c) 2010-2018 + This library is released under the MIT License. + + Please see LICENSE file or visit https://github.com/ez8-co/yapi for details. +*/ +#pragma once + +#include +#include +#include +#include + +#ifndef NT_SUCCESS +#define NT_SUCCESS(Status) (((NTSTATUS)(Status)) >= 0) +#endif + +#include + +namespace detail { + static HMODULE hNtDll = LoadLibrary(_T("ntdll.dll")); + static HANDLE hCurProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, GetCurrentProcessId()); + + BOOL Is64BitOS() + { + SYSTEM_INFO systemInfo = { 0 }; + GetNativeSystemInfo(&systemInfo); + return systemInfo.wProcessorArchitecture == PROCESSOR_ARCHITECTURE_AMD64 + || systemInfo.wProcessorArchitecture == PROCESSOR_ARCHITECTURE_IA64; + } + static const BOOL is64BitOS = Is64BitOS(); + + struct GCBase + { + virtual DWORD64 toDWORD64() = 0; + virtual void gc() = 0; + }; + struct GCHelper + { + ~GCHelper() { + for (size_t i = 0; i < _ptrs.size(); i++) { + _ptrs[i]->gc(); + delete _ptrs[i]; + } + } + DWORD64 add(GCBase* ptr) { _ptrs.push_back(ptr); return ptr->toDWORD64(); } + private: + std::vector _ptrs; + }; +} + +namespace yapi { + + typedef std::basic_string, std::allocator > tstring; + + #ifndef UNICODE + static std::string _W2T(const wchar_t* wcs) + { + int len = ::WideCharToMultiByte(CP_ACP, 0, wcs, -1, NULL, 0, 0, 0); + std::string ret(len, 0); + VERIFY(0 != ::WideCharToMultiByte(CP_ACP, 0, wcs, -1, &ret[0], len, 0, 0)); + ret.resize(len - 1); + return ret; + } + #else + #define _W2T(str) std::wstring(str) + #endif + + #define REPEAT_0(macro) + #define REPEAT_1(macro) REPEAT_0(macro) + #define REPEAT_2(macro) REPEAT_1(macro) macro(1) + #define REPEAT_3(macro) REPEAT_2(macro) macro(2) + #define REPEAT_4(macro) REPEAT_3(macro) macro(3) + #define REPEAT_5(macro) REPEAT_4(macro) macro(4) + #define REPEAT_6(macro) REPEAT_5(macro) macro(5) + #define REPEAT_7(macro) REPEAT_6(macro) macro(6) + #define REPEAT_8(macro) REPEAT_7(macro) macro(7) + #define REPEAT_9(macro) REPEAT_8(macro) macro(8) + #define REPEAT_10(macro) REPEAT_9(macro) macro(9) + #define REPEAT_11(macro) REPEAT_10(macro) macro(10) + #define REPEAT_12(macro) REPEAT_11(macro) macro(11) + #define REPEAT_13(macro) REPEAT_12(macro) macro(12) + #define REPEAT_14(macro) REPEAT_13(macro) macro(13) + #define REPEAT_15(macro) REPEAT_14(macro) macro(14) + #define REPEAT_16(macro) REPEAT_15(macro) macro(15) + #define REPEAT_17(macro) REPEAT_16(macro) macro(16) + #define REPEAT_18(macro) REPEAT_17(macro) macro(17) + #define REPEAT_19(macro) REPEAT_18(macro) macro(18) + #define REPEAT_20(macro) REPEAT_19(macro) macro(19) + + #define END_MACRO_0(macro) + #define END_MACRO_1(macro) macro(1) + #define END_MACRO_2(macro) macro(2) + #define END_MACRO_3(macro) macro(3) + #define END_MACRO_4(macro) macro(4) + #define END_MACRO_5(macro) macro(5) + #define END_MACRO_6(macro) macro(6) + #define END_MACRO_7(macro) macro(7) + #define END_MACRO_8(macro) macro(8) + #define END_MACRO_9(macro) macro(9) + #define END_MACRO_10(macro) macro(10) + #define END_MACRO_11(macro) macro(11) + #define END_MACRO_12(macro) macro(12) + #define END_MACRO_13(macro) macro(13) + #define END_MACRO_14(macro) macro(14) + #define END_MACRO_15(macro) macro(15) + #define END_MACRO_16(macro) macro(16) + #define END_MACRO_17(macro) macro(17) + #define END_MACRO_18(macro) macro(18) + #define END_MACRO_19(macro) macro(19) + #define END_MACRO_20(macro) macro(20) + + #define REPEAT(n, macro, end_macro) REPEAT_##n (macro) END_MACRO_##n(end_macro) + + #define __ARG(n) P ## n + #define __PARAM(n) p ## n + #define __ARG_DECL(n) __ARG(n) __PARAM(n) + + #define TEMPLATE_ARG(n) typename __ARG(n) + #define VOID_TEMPLATE_ARGS(n) typename __ARG(n), + + #define ARG_DECL(n) __ARG_DECL(n) , + #define END_ARG_DECL(n) __ARG_DECL(n) + + #define DECL_VOID_TEMPLATE_ARGS(n) REPEAT(n, VOID_TEMPLATE_ARGS, TEMPLATE_ARG) + #define DECL_PARAMS_LIST(n) REPEAT(n, ARG_DECL, END_ARG_DECL) + + namespace { + template + struct _UNICODE_STRING_T { + union { + struct { + WORD Length; + WORD MaximumLength; + }; + T dummy; + }; + T Buffer; + }; + + template + struct _LIST_ENTRY_T { + T Flink; + T Blink; + }; + + template + struct _PEB_T { + T dummy01; + T Mutant; + T ImageBaseAddress; + T Ldr; + // omit unused fields + }; + + typedef _PEB_T PEB32; + typedef _PEB_T PEB64; + + typedef struct _PROCESS_BASIC_INFORMATION32 { + NTSTATUS ExitStatus; + UINT32 PebBaseAddress; + UINT32 AffinityMask; + UINT32 BasePriority; + UINT32 UniqueProcessId; + UINT32 InheritedFromUniqueProcessId; + } PROCESS_BASIC_INFORMATION32; + + typedef struct _PROCESS_BASIC_INFORMATION64 { + NTSTATUS ExitStatus; + UINT32 Reserved0; + UINT64 PebBaseAddress; + UINT64 AffinityMask; + UINT32 BasePriority; + UINT32 Reserved1; + UINT64 UniqueProcessId; + UINT64 InheritedFromUniqueProcessId; + } PROCESS_BASIC_INFORMATION64; + + template + struct _PEB_LDR_DATA_T { + DWORD Length; + DWORD Initialized; + T SsHandle; + _LIST_ENTRY_T InLoadOrderModuleList; + // omit unused fields + }; + + typedef _PEB_LDR_DATA_T PEB_LDR_DATA32; + typedef _PEB_LDR_DATA_T PEB_LDR_DATA64; + + template + struct _LDR_DATA_TABLE_ENTRY_T { + _LIST_ENTRY_T InLoadOrderLinks; + _LIST_ENTRY_T InMemoryOrderLinks; + _LIST_ENTRY_T InInitializationOrderLinks; + T DllBase; + T EntryPoint; + union { + DWORD SizeOfImage; + T dummy01; + }; + _UNICODE_STRING_T FullDllName; + _UNICODE_STRING_T BaseDllName; + // omit unused fields + }; + + typedef _LDR_DATA_TABLE_ENTRY_T LDR_DATA_TABLE_ENTRY32; + typedef _LDR_DATA_TABLE_ENTRY_T LDR_DATA_TABLE_ENTRY64; + + size_t tcslen(const char* str) { return strlen(str); } + size_t tcslen(const wchar_t* str) { return wcslen(str); } + } + + DWORD64 WINAPI GetProcAddress(HANDLE hProcess, DWORD64 hModule, const char* funcName); + + #ifdef _WIN64 + typedef NTSTATUS(WINAPI *NT_QUERY_INFORMATION_PROCESS)( + HANDLE ProcessHandle, ULONG ProcessInformationClass, + PVOID ProcessInformation, UINT32 ProcessInformationLength, + UINT32 * ReturnLength); + + static NT_QUERY_INFORMATION_PROCESS NtWow64QueryInformationProcess64 = (NT_QUERY_INFORMATION_PROCESS)GetProcAddress((HMODULE)detail::hNtDll, "NtQueryInformationProcess"); + #define NtWow64ReadVirtualMemory64 ReadProcessMemory + + #else + + namespace { + typedef NTSTATUS(WINAPI *NT_WOW64_QUERY_INFORMATION_PROCESS64)( + HANDLE ProcessHandle, UINT32 ProcessInformationClass, + PVOID ProcessInformation, UINT32 ProcessInformationLength, + UINT32* ReturnLength); + + typedef NTSTATUS(WINAPI *NT_WOW64_READ_VIRTUAL_MEMORY64)( + HANDLE ProcessHandle, PVOID64 BaseAddress, + PVOID BufferData, UINT64 BufferLength, + PUINT64 ReturnLength); + + static NT_WOW64_QUERY_INFORMATION_PROCESS64 NtWow64QueryInformationProcess64 = (NT_WOW64_QUERY_INFORMATION_PROCESS64)GetProcAddress((HMODULE)detail::hNtDll, "NtWow64QueryInformationProcess64"); + static NT_WOW64_READ_VIRTUAL_MEMORY64 NtWow64ReadVirtualMemory64 = (NT_WOW64_READ_VIRTUAL_MEMORY64)GetProcAddress((HMODULE)detail::hNtDll, "NtWow64ReadVirtualMemory64"); + } + + #endif + + DWORD64 WINAPI GetModuleHandle(HANDLE hProcess, const TCHAR* moduleName) + { + if (!moduleName) return 0; + if (!hProcess) hProcess = detail::hCurProcess; + + HANDLE hSnap = CreateToolhelp32Snapshot(TH32CS_SNAPMODULE | TH32CS_SNAPMODULE32, GetProcessId(hProcess)); + if (hSnap == INVALID_HANDLE_VALUE) return 0; + MODULEENTRY32 mod = { sizeof(mod) }; + if (Module32First(hSnap, &mod)) { + do { + if (!_tcsicmp(mod.szModule, moduleName)) { + CloseHandle(hSnap); + return (DWORD64)mod.hModule; + } + } while (Module32Next(hSnap, &mod)); + } + CloseHandle(hSnap); + return 0; + } + + DWORD64 WINAPI GetProcAddress(HANDLE hProcess, DWORD64 hModule, const char* funcName) + { + if (!hModule || !funcName) return 0; + if (!hProcess) hProcess = detail::hCurProcess; + + IMAGE_DOS_HEADER idh; + NTSTATUS status = ReadProcessMemory(hProcess, (PVOID)hModule, (PVOID)&idh, sizeof(idh), NULL); + if (!NT_SUCCESS(status)) return 0; + + IMAGE_NT_HEADERS32 inh; + status = ReadProcessMemory(hProcess, (PVOID)(hModule + idh.e_lfanew), (PVOID)&inh, sizeof(inh), NULL); + if (!NT_SUCCESS(status)) return 0; + + IMAGE_DATA_DIRECTORY& idd = inh.OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_EXPORT]; + if (!idd.VirtualAddress)return 0; + + IMAGE_EXPORT_DIRECTORY ied; + status = ReadProcessMemory(hProcess, (PVOID)(hModule + idd.VirtualAddress), (PVOID)&ied, sizeof(ied), NULL); + if (!NT_SUCCESS(status)) return 0; + + std::vector nameTable(ied.NumberOfNames); + status = ReadProcessMemory(hProcess, (PVOID)(hModule + ied.AddressOfNames), (PVOID)&nameTable[0], sizeof(DWORD) * ied.NumberOfNames, NULL); + if (!NT_SUCCESS(status)) return 0; + + for (DWORD i = 0; i < ied.NumberOfNames; ++i) { + std::string func(strlen(funcName), 0); + status = ReadProcessMemory(hProcess, (PVOID)(hModule + nameTable[i]), (PVOID)&func[0], strlen(funcName), NULL); + if (!NT_SUCCESS(status)) continue; + + if (func == funcName) { + WORD ord = 0; + status = ReadProcessMemory(hProcess, (PVOID)(hModule + ied.AddressOfNameOrdinals + i * sizeof(WORD)), (PVOID)&ord, sizeof(WORD), NULL); + if (!NT_SUCCESS(status)) continue; + + DWORD rva = 0; + status = ReadProcessMemory(hProcess, (PVOID)(hModule + ied.AddressOfFunctions + ord * sizeof(DWORD)), (PVOID)&rva, sizeof(DWORD), NULL); + if (!NT_SUCCESS(status)) continue; + + return hModule + rva; + } + } + return 0; + } + + DWORD64 WINAPI GetModuleHandle64(HANDLE hProcess, const TCHAR* moduleName) + { + if (!moduleName) return 0; + if (!hProcess) hProcess = detail::hCurProcess; + + #ifndef _WIN64 + if (!NtWow64QueryInformationProcess64 || !NtWow64ReadVirtualMemory64) return 0; + #endif + + PROCESS_BASIC_INFORMATION64 pbi = { 0 }; + const int ProcessBasicInformation = 0; + NTSTATUS status = NtWow64QueryInformationProcess64(hProcess, ProcessBasicInformation, &pbi, sizeof(pbi), NULL); + if (!NT_SUCCESS(status)) return 0; + + PEB64 peb; + status = NtWow64ReadVirtualMemory64(hProcess, (PVOID64)pbi.PebBaseAddress, &peb, sizeof(peb), NULL); + if (!NT_SUCCESS(status)) return 0; + + PEB_LDR_DATA64 ldr; + status = NtWow64ReadVirtualMemory64(hProcess, (PVOID64)peb.Ldr, (PVOID)&ldr, sizeof(ldr), NULL); + if (!NT_SUCCESS(status)) return 0; + + DWORD64 LastEntry = peb.Ldr + offsetof(PEB_LDR_DATA64, InLoadOrderModuleList); + + LDR_DATA_TABLE_ENTRY64 head; + head.InLoadOrderLinks.Flink = ldr.InLoadOrderModuleList.Flink; + do { + status = NtWow64ReadVirtualMemory64(hProcess, (PVOID64)head.InLoadOrderLinks.Flink, (PVOID)&head, sizeof(head), NULL); + if (!NT_SUCCESS(status)) continue; + + std::wstring modName((size_t)head.BaseDllName.MaximumLength, 0); + status = NtWow64ReadVirtualMemory64(hProcess, (PVOID64)head.BaseDllName.Buffer, (PVOID)&modName[0], head.BaseDllName.MaximumLength, NULL); + if (!NT_SUCCESS(status)) continue; + + if (!_tcsicmp(moduleName, _W2T(modName).c_str())) + return head.DllBase; + } while (head.InLoadOrderLinks.Flink != LastEntry); + return 0; + } + + DWORD64 WINAPI GetProcAddress64(HANDLE hProcess, DWORD64 hModule, const char* funcName) + { + if (!hModule || !funcName) return 0; + if (!hProcess) hProcess = detail::hCurProcess; + +#ifndef _WIN64 + if (!NtWow64ReadVirtualMemory64) return 0; +#endif + + IMAGE_DOS_HEADER idh; + NTSTATUS status = NtWow64ReadVirtualMemory64(hProcess, (PVOID64)hModule, (PVOID)&idh, sizeof(idh), NULL); + if (!NT_SUCCESS(status)) return 0; + + IMAGE_NT_HEADERS64 inh; + status = NtWow64ReadVirtualMemory64(hProcess, (PVOID64)(hModule + idh.e_lfanew), (PVOID)&inh, sizeof(inh), NULL); + if (!NT_SUCCESS(status)) return 0; + + IMAGE_DATA_DIRECTORY& idd = inh.OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_EXPORT]; + if (!idd.VirtualAddress)return 0; + + IMAGE_EXPORT_DIRECTORY ied; + status = NtWow64ReadVirtualMemory64(hProcess, (PVOID64)(hModule + idd.VirtualAddress), (PVOID)&ied, sizeof(ied), NULL); + if (!NT_SUCCESS(status)) return 0; + + std::vector nameTable(ied.NumberOfNames); + status = NtWow64ReadVirtualMemory64(hProcess, (PVOID64)(hModule + ied.AddressOfNames), (PVOID)&nameTable[0], sizeof(DWORD) * ied.NumberOfNames, NULL); + if (!NT_SUCCESS(status)) return 0; + + for (DWORD i = 0; i < ied.NumberOfNames; ++i) { + std::string func(strlen(funcName), 0); + status = NtWow64ReadVirtualMemory64(hProcess, (PVOID64)(hModule + nameTable[i]), (PVOID)&func[0], strlen(funcName), NULL); + if (!NT_SUCCESS(status)) continue; + + if (func == funcName) { + WORD ord = 0; + status = NtWow64ReadVirtualMemory64(hProcess, (PVOID64)(hModule + ied.AddressOfNameOrdinals + i * sizeof(WORD)), (PVOID)&ord, sizeof(WORD), NULL); + if (!NT_SUCCESS(status)) continue; + + DWORD rva = 0; + status = NtWow64ReadVirtualMemory64(hProcess, (PVOID64)(hModule + ied.AddressOfFunctions + ord * sizeof(DWORD)), (PVOID)&rva, sizeof(DWORD), NULL); + if (!NT_SUCCESS(status)) continue; + + return hModule + rva; + } + } + return 0; + } + + DWORD64 GetNtDll64() + { + static DWORD64 hNtdll64 = 0; + if(hNtdll64) return hNtdll64; + hNtdll64 = GetModuleHandle64(detail::hCurProcess, _T("ntdll.dll")); + return hNtdll64; + } + + #ifdef _WIN64 + + #define SetLastError64 SetLastError + #define VirtualQueryEx64 VirtualQueryEx + #define VirtualAllocEx64 VirtualAllocEx + #define VirtualFreeEx64 VirtualFreeEx + #define VirtualProtectEx64 VirtualProtectEx + #define ReadProcessMemory64 ReadProcessMemory + #define WriteProcessMemory64 WriteProcessMemory + #define LoadLibrary64 LoadLibrary + #define CreateRemoteThread64 CreateRemoteThread + + #else + + namespace { + #define _(x) __asm __emit (x) + __declspec(naked) DWORD64 x64Call(DWORD64 func, int argC, ...) + { + // see X64Call_disassemble for details + _(0x55)_(0x8b)_(0xec)_(0x8b)_(0x4d)_(0x10)_(0x8d)_(0x55)_(0x14)_(0x83)_(0xec)_(0x40)_(0x53)_(0x56)_(0x57)_(0x85) + _(0xc9)_(0x7e)_(0x15)_(0x8b)_(0x45)_(0x14)_(0x8d)_(0x55)_(0x1c)_(0x49)_(0x89)_(0x45)_(0xf0)_(0x8b)_(0x45)_(0x18) + _(0x89)_(0x4d)_(0x10)_(0x89)_(0x45)_(0xf4)_(0xeb)_(0x08)_(0x0f)_(0x57)_(0xc0)_(0x66)_(0x0f)_(0x13)_(0x45)_(0xf0) + _(0x85)_(0xc9)_(0x7e)_(0x15)_(0x49)_(0x83)_(0xc2)_(0x08)_(0x89)_(0x4d)_(0x10)_(0x8b)_(0x42)_(0xf8)_(0x89)_(0x45) + _(0xe8)_(0x8b)_(0x42)_(0xfc)_(0x89)_(0x45)_(0xec)_(0xeb)_(0x08)_(0x0f)_(0x57)_(0xc0)_(0x66)_(0x0f)_(0x13)_(0x45) + _(0xe8)_(0x85)_(0xc9)_(0x7e)_(0x15)_(0x49)_(0x83)_(0xc2)_(0x08)_(0x89)_(0x4d)_(0x10)_(0x8b)_(0x42)_(0xf8)_(0x89) + _(0x45)_(0xe0)_(0x8b)_(0x42)_(0xfc)_(0x89)_(0x45)_(0xe4)_(0xeb)_(0x08)_(0x0f)_(0x57)_(0xc0)_(0x66)_(0x0f)_(0x13) + _(0x45)_(0xe0)_(0x85)_(0xc9)_(0x7e)_(0x15)_(0x49)_(0x83)_(0xc2)_(0x08)_(0x89)_(0x4d)_(0x10)_(0x8b)_(0x42)_(0xf8) + _(0x89)_(0x45)_(0xd8)_(0x8b)_(0x42)_(0xfc)_(0x89)_(0x45)_(0xdc)_(0xeb)_(0x08)_(0x0f)_(0x57)_(0xc0)_(0x66)_(0x0f) + _(0x13)_(0x45)_(0xd8)_(0x8b)_(0xc2)_(0xc7)_(0x45)_(0xfc)_(0x00)_(0x00)_(0x00)_(0x00)_(0x99)_(0x0f)_(0x57)_(0xc0) + _(0x89)_(0x45)_(0xc0)_(0x8b)_(0xc1)_(0x89)_(0x55)_(0xc4)_(0x99)_(0x66)_(0x0f)_(0x13)_(0x45)_(0xc8)_(0x89)_(0x45) + _(0xd0)_(0x89)_(0x55)_(0xd4)_(0xc7)_(0x45)_(0xf8)_(0x00)_(0x00)_(0x00)_(0x00)_(0x66)_(0x8c)_(0x65)_(0xf8)_(0xb8) + _(0x2b)_(0x00)_(0x00)_(0x00)_(0x66)_(0x8e)_(0xe0)_(0x89)_(0x65)_(0xfc)_(0x83)_(0xe4)_(0xf0)_(0x6a)_(0x33)_(0xe8) + _(0x00)_(0x00)_(0x00)_(0x00)_(0x83)_(0x04)_(0x24)_(0x05)_(0xcb)_(0x48)_(0x8b)_(0x4d)_(0xf0)_(0x48)_(0x8b)_(0x55) + _(0xe8)_(0xff)_(0x75)_(0xe0)_(0x49)_(0x58)_(0xff)_(0x75)_(0xd8)_(0x49)_(0x59)_(0x48)_(0x8b)_(0x45)_(0xd0)_(0xa8) + _(0x01)_(0x75)_(0x03)_(0x83)_(0xec)_(0x08)_(0x57)_(0x48)_(0x8b)_(0x7d)_(0xc0)_(0x48)_(0x85)_(0xc0)_(0x74)_(0x16) + _(0x48)_(0x8d)_(0x7c)_(0xc7)_(0xf8)_(0x48)_(0x85)_(0xc0)_(0x74)_(0x0c)_(0xff)_(0x37)_(0x48)_(0x83)_(0xef)_(0x08) + _(0x48)_(0x83)_(0xe8)_(0x01)_(0xeb)_(0xef)_(0x48)_(0x83)_(0xec)_(0x20)_(0xff)_(0x55)_(0x08)_(0x48)_(0x8b)_(0x4d) + _(0xd0)_(0x48)_(0x8d)_(0x64)_(0xcc)_(0x20)_(0x5f)_(0x48)_(0x89)_(0x45)_(0xc8)_(0xe8)_(0x00)_(0x00)_(0x00)_(0x00) + _(0xc7)_(0x44)_(0x24)_(0x04)_(0x23)_(0x00)_(0x00)_(0x00)_(0x83)_(0x04)_(0x24)_(0x0d)_(0xcb)_(0x66)_(0x8c)_(0xd8) + _(0x66)_(0x8e)_(0xd0)_(0x8b)_(0x65)_(0xfc)_(0x66)_(0x8b)_(0x45)_(0xf8)_(0x66)_(0x8e)_(0xe0)_(0x8b)_(0x45)_(0xc8) + _(0x8b)_(0x55)_(0xcc)_(0x5f)_(0x5e)_(0x5b)_(0x8b)_(0xe5)_(0x5d)_(0xc3) + } + #undef _ + } + + class X64Call + { + template + struct StringHelper : detail::GCBase + { + StringHelper(const char_t* v) : name(0) { + name = new _UNICODE_STRING_T; + name->Buffer = (DWORD64)v; + name->Length = (WORD)tcslen(v) * sizeof(char_t); + name->MaximumLength = name->Length; + } + virtual void gc() { delete name; } + virtual DWORD64 toDWORD64() { return (DWORD64)name; } + private: + _UNICODE_STRING_T* name; + }; + template + DWORD64 ToDWORD64(T v, detail::GCHelper*) { + return DWORD64(v); + } + template<> DWORD64 ToDWORD64(const char* v, detail::GCHelper* helper) { return helper->add(new StringHelper(v)); } + template<> DWORD64 ToDWORD64(const wchar_t* v, detail::GCHelper* helper) { return helper->add(new StringHelper(v)); } + template<> DWORD64 ToDWORD64(char* v, detail::GCHelper* helper) { return helper->add(new StringHelper(v)); } + template<> DWORD64 ToDWORD64(wchar_t* v, detail::GCHelper* helper) { return helper->add(new StringHelper(v)); } + + private: + DWORD64 func; + + public: + X64Call(const char* funcName) : func(GetProcAddress64(0, GetNtDll64(), funcName)) {} + X64Call(DWORD64 module, const char* funcName) : func(GetProcAddress64(0, module, funcName)) {} + + operator DWORD64() { return func; } + + DWORD64 operator()() { return func && x64Call(func, 0); } + + #define __TO_DWORD64_DECL(n) ToDWORD64(__PARAM(n), &helper) + #define TO_DWORD64_DECL(n) __TO_DWORD64_DECL(n) , + #define END_TO_DWORD64_DECL(n) __TO_DWORD64_DECL(n) + #define CALLERS(n) template DWORD64 operator()(DECL_PARAMS_LIST(n)) { detail::GCHelper helper; return func && x64Call(func, n, REPEAT(n, TO_DWORD64_DECL, END_TO_DWORD64_DECL)); } + CALLERS( 1) CALLERS( 2) CALLERS( 3) CALLERS( 4) CALLERS( 5) CALLERS( 6) CALLERS( 7) CALLERS( 8) CALLERS( 9) CALLERS(10) + CALLERS(11) CALLERS(12) CALLERS(13) CALLERS(14) CALLERS(15) CALLERS(16) CALLERS(17) CALLERS(18) CALLERS(19) CALLERS(20) + #undef CALLERS + #undef END_TO_DWORD64_DECL + #undef TO_DWORD64_DECL + #undef __TO_DWORD64_DECL + }; + + VOID WINAPI SetLastError64(DWORD64 status) + { + typedef ULONG (WINAPI *RTL_NTSTATUS_TO_DOS_ERROR)(NTSTATUS Status); + typedef ULONG (WINAPI *RTL_SET_LAST_WIN32_ERROR)(NTSTATUS Status); + + static RTL_NTSTATUS_TO_DOS_ERROR RtlNtStatusToDosError = (RTL_NTSTATUS_TO_DOS_ERROR)GetProcAddress(detail::hNtDll, "RtlNtStatusToDosError"); + static RTL_SET_LAST_WIN32_ERROR RtlSetLastWin32Error = (RTL_SET_LAST_WIN32_ERROR)GetProcAddress(detail::hNtDll, "RtlSetLastWin32Error"); + + if (RtlNtStatusToDosError && RtlSetLastWin32Error) + RtlSetLastWin32Error(RtlNtStatusToDosError((DWORD)status)); + } + + SIZE_T WINAPI VirtualQueryEx64(HANDLE hProcess, DWORD64 lpAddress, MEMORY_BASIC_INFORMATION64* lpBuffer, SIZE_T dwLength) + { + static X64Call NtQueryVirtualMemory("NtQueryVirtualMemory"); + if (!NtQueryVirtualMemory) return 0; + + DWORD64 ret = 0; + DWORD64 status = NtQueryVirtualMemory(hProcess, lpAddress, 0, lpBuffer, dwLength, &ret); + if (!status) return (SIZE_T)ret; + + SetLastError64(ret); + return FALSE; + } + + DWORD64 WINAPI VirtualAllocEx64(HANDLE hProcess, DWORD64 lpAddress, SIZE_T dwSize, DWORD flAllocationType, DWORD flProtect) + { + static X64Call NtAllocateVirtualMemory("NtAllocateVirtualMemory"); + if (!NtAllocateVirtualMemory) return 0; + + DWORD64 tmpAddr = lpAddress; + DWORD64 tmpSize = dwSize; + DWORD64 ret = NtAllocateVirtualMemory(hProcess, &tmpAddr, 0, &tmpSize, flAllocationType, flProtect); + if (!ret) return tmpAddr; + + SetLastError64(ret); + return FALSE; + } + + BOOL WINAPI VirtualFreeEx64(HANDLE hProcess, DWORD64 lpAddress, SIZE_T dwSize, DWORD dwFreeType) + { + static X64Call NtFreeVirtualMemory("NtFreeVirtualMemory"); + if (!NtFreeVirtualMemory) return 0; + + DWORD64 tmpAddr = lpAddress; + DWORD64 tmpSize = dwSize; + DWORD64 ret = NtFreeVirtualMemory(hProcess, &tmpAddr, &tmpSize, dwFreeType); + if (!ret) return TRUE; + + SetLastError64(ret); + return FALSE; + } + + BOOL WINAPI VirtualProtectEx64(HANDLE hProcess, DWORD64 lpAddress, SIZE_T dwSize, DWORD flNewProtect, DWORD* lpflOldProtect) + { + static X64Call NtProtectVirtualMemory("NtProtectVirtualMemory"); + if (!NtProtectVirtualMemory) return 0; + + DWORD64 tmpAddr = lpAddress; + DWORD64 tmpSize = dwSize; + DWORD64 ret = NtProtectVirtualMemory(hProcess, &tmpAddr, &tmpSize, flNewProtect, lpflOldProtect); + if (!ret) return TRUE; + + SetLastError64(ret); + return FALSE; + } + + BOOL WINAPI ReadProcessMemory64(HANDLE hProcess, DWORD64 lpBaseAddress, LPVOID lpBuffer, SIZE_T nSize, SIZE_T* lpNumberOfBytesRead) + { + static X64Call NtReadVirtualMemory("NtReadVirtualMemory"); + if (!NtReadVirtualMemory) return 0; + + DWORD64 read = 0; + DWORD64 ret = NtReadVirtualMemory(hProcess, lpBaseAddress, lpBuffer, nSize, &read); + if (!ret) { + if (lpNumberOfBytesRead) *lpNumberOfBytesRead = (SIZE_T)read; + return TRUE; + } + + SetLastError64(ret); + return FALSE; + } + + BOOL WINAPI WriteProcessMemory64(HANDLE hProcess, DWORD64 lpBaseAddress, LPVOID lpBuffer, SIZE_T nSize, SIZE_T* lpNumberOfBytesWritten) + { + static X64Call NtWriteVirtualMemory("NtWriteVirtualMemory"); + if (!NtWriteVirtualMemory) return 0; + + DWORD64 written = 0; + DWORD64 ret = NtWriteVirtualMemory(hProcess, lpBaseAddress, lpBuffer, nSize, &written); + if (!ret) { + if (lpNumberOfBytesWritten) *lpNumberOfBytesWritten = (SIZE_T)written; + return TRUE; + } + + SetLastError64(ret); + return FALSE; + } + + HANDLE WINAPI CreateRemoteThread64(HANDLE hProcess, + LPSECURITY_ATTRIBUTES lpThreadAttributes, + SIZE_T dwStackSize, + DWORD64 lpStartAddress, + DWORD64 lpParameter, + DWORD dwCreationFlags, + LPDWORD lpThreadId) + { + static X64Call RtlCreateUserThread("RtlCreateUserThread"); + if (!RtlCreateUserThread) return 0; + + BOOLEAN createSuspended = dwCreationFlags & CREATE_SUSPENDED; + ULONG stackSize = dwStackSize; + DWORD64 handle = 0; + DWORD64 status = RtlCreateUserThread(hProcess, lpThreadAttributes, createSuspended, 0, (dwCreationFlags & STACK_SIZE_PARAM_IS_A_RESERVATION) ? &stackSize : NULL, &stackSize, lpStartAddress, lpParameter, &handle, NULL); + if (!status) return (HANDLE)handle; + + SetLastError64(status); + return NULL; + } + + #endif + + class ProcessWriter + { + public: + template + ProcessWriter(HANDLE hProcess, T content, SIZE_T dwSize, DWORD flProtect = PAGE_READWRITE) + : _autoRelease(TRUE) + , _hProcess(hProcess) + , _dw64Address(0) + , _dwSize(dwSize) + { + if (!(_dw64Address = VirtualAllocEx64(hProcess, NULL, dwSize, MEM_COMMIT | MEM_RESERVE, flProtect))) + return; + SIZE_T written = 0; + if (!WriteProcessMemory64(hProcess, _dw64Address, (PVOID)content, dwSize, &written) || written != dwSize) { + VirtualFreeEx64(hProcess, _dw64Address, _dwSize, MEM_DECOMMIT); + _dw64Address = 0; + } + } + ~ProcessWriter() { + if (_dw64Address && _autoRelease) + VirtualFreeEx64(_hProcess, _dw64Address, _dwSize, MEM_DECOMMIT); + } + void SetDontRelese() { + _autoRelease = FALSE; + } + operator DWORD64() { + return (DWORD64)_dw64Address; + } + #ifdef _WIN64 + template + operator T*() { + return (T*)_dw64Address; + } + #endif + + private: + BOOL _autoRelease; + HANDLE _hProcess; + #ifdef _WIN64 + LPVOID _dw64Address; + #else + DWORD64 _dw64Address; + #endif + SIZE_T _dwSize; + }; + + namespace { + + std::string makeShellCode(int cnt, bool is64Bit) + { + if(is64Bit) { + // see X64Delegator_disassemble for details + static const unsigned char kTmpl_x64[] = { 0x40, 0x53, 0x48, 0x83, 0xec, 0x20, 0x48, 0x8b, 0xd9, 0x48, 0x85, 0xc9, 0x74, 0x1d, 0x48, 0x83, + 0x39, 0x00, 0x48, 0x8b, 0x41, 0x08, 0x74, 0x0b, 0xff, 0xd0, 0x48, 0x89, 0x03, 0x48, 0x83, 0xc4, + 0x20, 0x5b, 0xc3, 0x48, 0x83, 0xc4, 0x20, 0x5b, 0x48, 0xff, 0xe0, 0x33, 0xc0, 0x48, 0x83, 0xc4, + 0x20, 0x5b, 0xc3 }; + + std::string templ_x64((const char*)kTmpl_x64, sizeof(kTmpl_x64)); + if(!cnt) return templ_x64; + + templ_x64[13] += (cnt <= 4) ? cnt * 4 : (cnt - 4) * 9 + 16; + if(cnt >= 1) + templ_x64[16] = 0x3b; + + if(cnt < 3) { + if(cnt >= 1) { + templ_x64.insert(22, "\x48\x8b\x49\x10", 4); + } + if(cnt >= 2) { + templ_x64.insert(22, "\x48\x8b\x51\x18", 4); + } + } + else { + templ_x64[20] = 0x49; + templ_x64[21] = 0x10; + templ_x64.insert(22, "\x48\x8B\x53\x18", 4); + templ_x64.insert(22, "\x4c\x8b\x43\x20", 4); + templ_x64.insert(22, "\x48\x8b\x43\x08", 4); + if(cnt >= 4) { + templ_x64.insert(26, "\x4c\x8b\x4b\x28", 4); + } + if(cnt >= 5) { + templ_x64.insert(18, "\x4c\x8B\x53\x30", 4); + templ_x64.insert(42, "\x4c\x89\x54\x24\x20", 5); + } + if(cnt >= 6) { + templ_x64[21] = 0x38; + templ_x64.insert(22, "\x4c\x8b\x5b\x30", 4); + templ_x64[50] = 0x28; + templ_x64.insert(51, "\x4c\x89\x5c\x24\x20", 5); + } + // TODO + } + return templ_x64; + } + // see X86Delegator_disassemble for details + static const unsigned char kTmpl_x86[] = { 0x55, 0x8b, 0xec, 0x51, 0x83, 0x7d, 0x08, 0x00, 0x74, 0x0c, 0x8b ,0x45, 0x08, 0x8b, 0x08, 0xff, + 0xd0, 0x89, 0x45, 0xfc, 0xeb, 0x07, 0xc7, 0x45, 0xfc, 0x00, 0x00, 0x00, 0x00, 0x8b, 0x45, 0xfc, + 0x8b, 0xe5, 0x5d, 0xc3 }; + std::string templ_x86((const char*)kTmpl_x86, sizeof(kTmpl_x86)); + // je distance + templ_x86[9] += cnt * 7; + templ_x86[16] += ((1 - cnt) % 3 + 3) % 3; + int pos = 13; + for(int i = 0; i < cnt; ++i) { + switch(i % 3) { + case 0: + templ_x86.insert(pos, "\x8b\x48\xcc\x51\x8b\x55\x08", 7); + break; + case 1: + templ_x86.insert(pos, "\x8b\x42\xcc\x50\x8b\x4d\x08", 7); + break; + case 2: + templ_x86.insert(pos, "\x8b\x51\xcc\x52\x8b\x45\x08", 7); + break; + } + templ_x86[pos + 2] = (cnt - i) << 2; + pos += 7; + } + switch(cnt % 3) { + case 0: + templ_x86[pos + 1] = 0x08; + break; + case 1: + templ_x86[pos + 1] = 0x02; + break; + case 2: + templ_x86[pos + 1] = 0x11; + break; + } + return templ_x86; + } + + template + const std::string& shellCode() { + static std::string kCode = makeShellCode(argCnt, is64Bit); + return kCode; + } + + } + + class YAPICall + { + template + DWORD64 ToDWORD64(T v, HANDLE hProcess, detail::GCHelper*) { + return DWORD64(v); + } + template + struct StringHelper : detail::GCBase + { + StringHelper(HANDLE hProcess, const char_t* v) : name(0) { + name = new ProcessWriter(hProcess, v, (tcslen(v) + 1) * sizeof(char_t)); + } + virtual void gc() { delete name; } + virtual DWORD64 toDWORD64() { return (DWORD64)*name; } + private: + ProcessWriter* name; + }; + template<> DWORD64 ToDWORD64(const char* v, HANDLE hProcess, detail::GCHelper* helper) { return helper->add(new StringHelper(hProcess, v)); } + template<> DWORD64 ToDWORD64(const wchar_t* v, HANDLE hProcess, detail::GCHelper* helper) { return helper->add(new StringHelper(hProcess, v)); } + template<> DWORD64 ToDWORD64(char* v, HANDLE hProcess, detail::GCHelper* helper) { return helper->add(new StringHelper(hProcess, v)); } + template<> DWORD64 ToDWORD64(wchar_t* v, HANDLE hProcess, detail::GCHelper* helper) { return helper->add(new StringHelper(hProcess, v)); } + + private: + HANDLE _hProcess; + ProcessWriter* _sc; + DWORD64 func; + BOOL _dw64Ret; + DWORD _dwTimeout; + BOOL _is64Bit; + + template + bool initShellCoder(ProcessWriter*& sc) { + if(sc) return false; + const std::string& shellcode = _is64Bit ? shellCode() : shellCode(); + sc = new ProcessWriter(_hProcess, shellcode.data(), shellcode.size() + 1, PAGE_EXECUTE_READWRITE); + return true; + } + + template + DWORD64 call(const std::vector& param) { + ProcessWriter p(_hProcess, ¶m[0], sizeof(T) * (param.size())); + if (!p) return -1; + HANDLE hThread = 0; + if (_is64Bit) + hThread = CreateRemoteThread64(_hProcess, NULL, 0, *_sc, p, 0, NULL); + else { +#ifdef _WIN64 + // see X64toX86_disassemble for details + static const unsigned char kTmpl_x64_to_x86[] = { 0x48, 0x89, 0x4c, 0x24, 0x08, 0x48, 0x83, 0xec, 0x28, 0x48, 0x8b, 0x44, 0x24, 0x30, 0x8b, 0x48, + 0x08, 0x48, 0x8b, 0x44, 0x24, 0x30, 0x6a, 0x33, 0xe8, 0x00, 0x00, 0x00, 0x00, 0x83, 0x04, 0x24, + 0x05, 0xcb, 0xff, 0xd0, 0xe8, 0x00, 0x00, 0x00, 0x00, 0xc7, 0x44, 0x24, 0x04, 0x23, 0x00, 0x00, + 0x00, 0x83, 0x04, 0x24, 0x0d, 0xcb, 0x48, 0x83, 0xc4, 0x28, 0xc3 }; + std::string x86_shellcode((char*)kTmpl_x64_to_x86, sizeof(kTmpl_x64_to_x86)); + ProcessWriter* sc = new ProcessWriter(_hProcess, x86_shellcode.data(), x86_shellcode.size() + 1, PAGE_EXECUTE_READWRITE); + sc->SetDontRelese(); + hThread = CreateRemoteThread64(_hProcess, NULL, 0, *_sc, p, 0, NULL); +#else + hThread = CreateRemoteThread(_hProcess, NULL, 0, (LPTHREAD_START_ROUTINE)(DWORD64)*_sc, (PVOID)(DWORD64)p, 0, NULL); +#endif + } + if (!hThread) return -1; + if (WaitForSingleObject(hThread, _dwTimeout) != WAIT_OBJECT_0) { + _sc->SetDontRelese(); + CloseHandle(hThread); + return -1; + } + if (!_is64Bit || !_dw64Ret) { + DWORD ret = 0; + GetExitCodeThread(hThread, &ret); + CloseHandle(hThread); + return ret; + } + DWORD64 ret = 0; + CloseHandle(hThread); + ReadProcessMemory64(_hProcess, p, &ret, sizeof(DWORD64), NULL); + return ret; + } + + public: + YAPICall(HANDLE hProcess, const char* funcName) + : _hProcess(hProcess) + , _sc(0) + , func(GetProcAddress64(hProcess, GetNtDll64(), funcName)) + , _dw64Ret(FALSE) + , _dwTimeout(INFINITE) + , _is64Bit(detail::is64BitOS) + { + } + YAPICall(HANDLE hProcess, DWORD64 moudle, const char* funcName) + : _hProcess(hProcess) + , _sc(0) + , func(GetProcAddress64(hProcess, moudle, funcName)) + , _dw64Ret(FALSE) + , _dwTimeout(INFINITE) + , _is64Bit(detail::is64BitOS) + { + } + YAPICall(HANDLE hProcess, const TCHAR* modName, const char* funcName) + : _hProcess(hProcess) + , _sc(0) + , func(GetProcAddress64(hProcess, GetModuleHandle64(hProcess, modName), funcName)) + , _dw64Ret(FALSE) + , _dwTimeout(INFINITE) + , _is64Bit(detail::is64BitOS) + { + if(!func) { + func = GetProcAddress(hProcess, GetModuleHandle(hProcess, modName), funcName); + _is64Bit = FALSE; + } + } + + ~YAPICall() { if (_sc) delete _sc; } + + operator DWORD64() { return func; } + + YAPICall& Dw64() { _dw64Ret = TRUE; return *this; } + YAPICall& Timeout(DWORD dwTimeout) { _dwTimeout = dwTimeout; return *this; } + + #define TO_DWORD64_ARRAY_DECL(n) param[n + 1] = ToDWORD64(__PARAM(n), _hProcess, &helper); + #define TO_DWORD_ARRAY_DECL(n) param[n] = (DWORD)ToDWORD64(__PARAM(n), _hProcess, &helper); + + #define CALLERSX(n) \ + DWORD64 operator()(DECL_PARAMS_LIST(n)) {\ + bool b = initShellCoder(_sc);\ + if(!b || !func || !_sc || !*_sc) return -1;\ + detail::GCHelper helper;\ + if(_is64Bit) {\ + std::vector param(n + 2, 0);\ + param[0] = _dw64Ret;\ + param[1] = func;\ + REPEAT(n, TO_DWORD64_ARRAY_DECL, TO_DWORD64_ARRAY_DECL)\ + return call(param);\ + }\ + std::vector param(n + 1, 0);\ + param[0] = (DWORD)func;\ + REPEAT(n, TO_DWORD_ARRAY_DECL, TO_DWORD_ARRAY_DECL)\ + return call(param);\ + } + #define CALLERS(n) template CALLERSX(n) + CALLERSX( 0) + CALLERS( 1) CALLERS( 2) CALLERS( 3) CALLERS( 4) CALLERS( 5) CALLERS( 6) /*CALLERS( 7) CALLERS( 8) CALLERS( 9) CALLERS(10) + CALLERS(11) CALLERS(12) CALLERS(13) CALLERS(14) CALLERS(15) CALLERS(16) CALLERS(17) CALLERS(18) CALLERS(19) CALLERS(20)*/ + #undef CALLERSX + #undef CALLERS + #undef TO_DWORD_ARRAY_DECL + #undef TO_DWORD64_ARRAY_DECL + }; + + #define YAPI(h, m, f) YAPICall(h, m, #f) +} diff --git a/cpp/LunaHook/scripts/build32xp_local.bat b/cpp/LunaHook/scripts/build32xp_local.bat new file mode 100644 index 00000000..d7c9b542 --- /dev/null +++ b/cpp/LunaHook/scripts/build32xp_local.bat @@ -0,0 +1,3 @@ +cmake -DBUILD_PLUGIN=OFF -DWINXP=1 ../CMakeLists.txt -G "Visual Studio 17 2022" -A win32 -T host=x86 -B ../build/x86_xp +cmake -DBUILD_PLUGIN=OFF -DWINXP=1 -DLANGUAGE=Chinese ../CMakeLists.txt -G "Visual Studio 17 2022" -A win32 -T host=x86 -B ../build/x86_zh_xp +call dobuildxp.bat \ No newline at end of file diff --git a/cpp/LunaHook/scripts/buildcore.bat b/cpp/LunaHook/scripts/buildcore.bat new file mode 100644 index 00000000..3b7876da --- /dev/null +++ b/cpp/LunaHook/scripts/buildcore.bat @@ -0,0 +1,6 @@ +cmake ../CMakeLists.txt -G "Visual Studio 17 2022" -A win32 -T host=x86 -B ../build/x86 +cmake --build ../build/x86 --config Release --target ALL_BUILD -j 14 + +cmake ../CMakeLists.txt -G "Visual Studio 17 2022" -A x64 -T host=x64 -B ../build/x64 +cmake --build ../build/x64 --config Release --target ALL_BUILD -j 14 +python copytarget.py \ No newline at end of file diff --git a/cpp/LunaHook/scripts/builden.bat b/cpp/LunaHook/scripts/builden.bat new file mode 100644 index 00000000..dd44a36a --- /dev/null +++ b/cpp/LunaHook/scripts/builden.bat @@ -0,0 +1,5 @@ +cmake -DBUILD_GUI=ON -DBUILD_CLI=ON ../CMakeLists.txt -G "Visual Studio 17 2022" -A win32 -T host=x86 -B ../build/x86 +cmake --build ../build/x86 --config Release --target ALL_BUILD -j 14 + +cmake -DBUILD_GUI=ON -DBUILD_CLI=ON ../CMakeLists.txt -G "Visual Studio 17 2022" -A x64 -T host=x64 -B ../build/x64 +cmake --build ../build/x64 --config Release --target ALL_BUILD -j 14 \ No newline at end of file diff --git a/cpp/LunaHook/scripts/buildplugin32.bat b/cpp/LunaHook/scripts/buildplugin32.bat new file mode 100644 index 00000000..11604b66 --- /dev/null +++ b/cpp/LunaHook/scripts/buildplugin32.bat @@ -0,0 +1,2 @@ +cmake -DBUILD_CORE=OFF -DUSESYSQTPATH=1 -DPLUGIN=1 ../CMakeLists.txt -G "Visual Studio 17 2022" -A win32 -T host=x86 -B ../build/plugin32 +cmake --build ../build/plugin32 --config Release --target ALL_BUILD -j 14 \ No newline at end of file diff --git a/cpp/LunaHook/scripts/buildplugin32_local.bat b/cpp/LunaHook/scripts/buildplugin32_local.bat new file mode 100644 index 00000000..d801790f --- /dev/null +++ b/cpp/LunaHook/scripts/buildplugin32_local.bat @@ -0,0 +1,2 @@ +cmake -DBUILD_CORE=OFF -DPLUGIN=1 ../CMakeLists.txt -G "Visual Studio 17 2022" -A win32 -T host=x86 -B ../build/plugin32 +cmake --build ../build/plugin32 --config Release --target ALL_BUILD -j 14 \ No newline at end of file diff --git a/cpp/LunaHook/scripts/buildplugin64.bat b/cpp/LunaHook/scripts/buildplugin64.bat new file mode 100644 index 00000000..d3140b2c --- /dev/null +++ b/cpp/LunaHook/scripts/buildplugin64.bat @@ -0,0 +1,2 @@ +cmake -DBUILD_CORE=OFF -DPLUGIN=1 ../CMakeLists.txt -G "Visual Studio 17 2022" -A x64 -T host=x64 -B ../build/plugin64 +cmake --build ../build/plugin64 --config Release --target ALL_BUILD -j 14 \ No newline at end of file diff --git a/cpp/LunaHook/scripts/buildxpen.bat b/cpp/LunaHook/scripts/buildxpen.bat new file mode 100644 index 00000000..ca5d6349 --- /dev/null +++ b/cpp/LunaHook/scripts/buildxpen.bat @@ -0,0 +1,3 @@ +cmake -DBUILD_PLUGIN=OFF -DWINXP=1 ../CMakeLists.txt -G "Visual Studio 16 2019" -A win32 -T v141_xp -B ../build/x86_xp +cmake --build ../build/x86_xp --config Release --target ALL_BUILD -j 14 +call dobuildxp.bat \ No newline at end of file diff --git a/cpp/LunaHook/scripts/copytarget.py b/cpp/LunaHook/scripts/copytarget.py new file mode 100644 index 00000000..9462877d --- /dev/null +++ b/cpp/LunaHook/scripts/copytarget.py @@ -0,0 +1,2 @@ +import shutil,sys +shutil.copytree('../builds/Release_English','../../../py/files/plugins/LunaHook',dirs_exist_ok=True) \ No newline at end of file diff --git a/cpp/LunaHook/scripts/dobuildxp.bat b/cpp/LunaHook/scripts/dobuildxp.bat new file mode 100644 index 00000000..2e8d46d9 --- /dev/null +++ b/cpp/LunaHook/scripts/dobuildxp.bat @@ -0,0 +1,64 @@ +python edit_target.py + +@echo off +setlocal enabledelayedexpansion +goto :main + +:get_host_arch + setlocal + set out_var=%~1 + if defined PROCESSOR_ARCHITEW6432 ( + set "host_arch=%PROCESSOR_ARCHITEW6432%" + ) else ( + set "host_arch=%PROCESSOR_ARCHITECTURE%" + ) + if "%host_arch%" == "AMD64" ( + set result=x64 + ) else if "%host_arch%" == "x86" ( + set result=x86 + ) else ( + echo ERROR: Unsupported host machine architecture. + endlocal + exit /b 1 + ) + endlocal & set %out_var%=%result% + goto :eof + +:find_msvc + setlocal + set out_var=%~1 + rem Find vswhere.exe + set "vswhere=%ProgramFiles(x86)%\Microsoft Visual Studio\Installer\vswhere.exe" + if not exist "%vswhere%" set "vswhere=!ProgramFiles!\Microsoft Visual Studio\Installer\vswhere.exe" + if not exist "%vswhere%" ( + echo ERROR: Failed to find vswhere.exe>&2 + endlocal & exit /b 1 + ) + rem Find VC tools + for /f "usebackq tokens=*" %%i in (`"%vswhere%" -latest -products * -requires Microsoft.VisualStudio.Component.VC.Tools.x86.x64 -property installationPath`) do ( + set vc_dir=%%i + ) + if not exist "%vc_dir%\Common7\Tools\vsdevcmd.bat" ( + echo ERROR: Failed to find MSVC.>&2 + endlocal & exit /b 1 + ) + endlocal & set "%out_var%=%vc_dir%" + goto :eof + +:activate_msvc + where cl.exe > nul 2>&1 && goto :eof || cmd /c exit 0 + call :find_msvc vc_dir || goto :eof + call "%vc_dir%\Common7\Tools\vsdevcmd.bat" -no_logo -arch=%~1 || goto :eof + goto :eof + + +:main + call :get_host_arch host_arch || exit /b + if not defined TARGET_ARCH ( + rem Target architecture is by default the same as the host architecture + set target_arch=%host_arch% + ) + call :activate_msvc "%target_arch%" || goto :eof + msbuild ..\build\x86_xp\LunaHook.sln -p:Configuration=Release + msbuild ..\build\x86_zh_xp\LunaHook.sln -p:Configuration=Release + goto :eof diff --git a/cpp/LunaHook/scripts/edit_target.py b/cpp/LunaHook/scripts/edit_target.py new file mode 100644 index 00000000..60ea6e82 --- /dev/null +++ b/cpp/LunaHook/scripts/edit_target.py @@ -0,0 +1,13 @@ +import os +#妈的,不知道为什么我重装系统后,装了vs2017 cmake也识别不到,只能手动改了。 +for f in ['../build/x86_zh_xp','../build/x86_xp']: + for dirname,_,fs in os.walk(f): + for ff in fs: + if ff.endswith('.vcxproj')==False:continue + if ff.endswith('QtLoader.vcxproj'):continue + path=os.path.join(dirname,ff) + with open(path,'r',encoding='utf-8-sig') as pf: + file=pf.read() + file=file.replace('>v143<','>v141_xp<') + with open(path,'w',encoding='utf-8-sig') as pf: + pf.write(file) \ No newline at end of file diff --git a/cpp/LunaHook/scripts/pack.bat b/cpp/LunaHook/scripts/pack.bat new file mode 100644 index 00000000..ec27cab8 --- /dev/null +++ b/cpp/LunaHook/scripts/pack.bat @@ -0,0 +1 @@ +python pack.py \ No newline at end of file diff --git a/cpp/LunaHook/scripts/pack.py b/cpp/LunaHook/scripts/pack.py new file mode 100644 index 00000000..e1703af5 --- /dev/null +++ b/cpp/LunaHook/scripts/pack.py @@ -0,0 +1,34 @@ +import os, shutil, sys + +os.chdir(os.path.dirname(__file__)) + + +for f in os.listdir("../builds"): + if os.path.isdir("../builds/" + f) == False: + continue + + for dirname, _, fs in os.walk("../builds/" + f): + if ( + dirname.endswith("translations") + or dirname.endswith("translations") + or dirname.endswith("imageformats") + or dirname.endswith("iconengines") + or dirname.endswith("bearer") + ): + shutil.rmtree(dirname) + continue + for ff in fs: + path = os.path.join(dirname, ff) + if ff in [ + "Qt5Svg.dll", + "libEGL.dll", + "libGLESv2.dll", + "opengl32sw.dll", + "D3Dcompiler_47.dll", + ]: + os.remove(path) + targetdir = "../builds/" + f + target = "../builds/" + f + ".zip" + os.system( + rf'"C:\Program Files\7-Zip\7z.exe" a -m0=Deflate -mx9 {target} {targetdir}' + ) diff --git a/src/plugins/LunaOCR/CMakeLists.txt b/cpp/LunaOCR/CMakeLists.txt similarity index 100% rename from src/plugins/LunaOCR/CMakeLists.txt rename to cpp/LunaOCR/CMakeLists.txt diff --git a/src/plugins/LunaOCR/OCR.cpp b/cpp/LunaOCR/OCR.cpp similarity index 100% rename from src/plugins/LunaOCR/OCR.cpp rename to cpp/LunaOCR/OCR.cpp diff --git a/src/plugins/common.hpp b/cpp/common.hpp similarity index 100% rename from src/plugins/common.hpp rename to cpp/common.hpp diff --git a/src/plugins/exec/.vscode/settings.json b/cpp/exec/.vscode/settings.json similarity index 100% rename from src/plugins/exec/.vscode/settings.json rename to cpp/exec/.vscode/settings.json diff --git a/src/plugins/exec/CMakeLists.txt b/cpp/exec/CMakeLists.txt similarity index 100% rename from src/plugins/exec/CMakeLists.txt rename to cpp/exec/CMakeLists.txt diff --git a/src/plugins/exec/PyStand.cpp b/cpp/exec/PyStand.cpp similarity index 100% rename from src/plugins/exec/PyStand.cpp rename to cpp/exec/PyStand.cpp diff --git a/src/plugins/exec/PyStand.h b/cpp/exec/PyStand.h similarity index 100% rename from src/plugins/exec/PyStand.h rename to cpp/exec/PyStand.h diff --git a/cpp/exec/luna.ico b/cpp/exec/luna.ico new file mode 100644 index 00000000..dde58a1c Binary files /dev/null and b/cpp/exec/luna.ico differ diff --git a/cpp/exec/luna.rc b/cpp/exec/luna.rc new file mode 100644 index 00000000..4fa1b38d --- /dev/null +++ b/cpp/exec/luna.rc @@ -0,0 +1 @@ +IDI_ICON1 ICON DISCARDABLE "luna.ico" \ No newline at end of file diff --git a/src/plugins/hookmagpie/CMakeLists.txt b/cpp/hookmagpie/CMakeLists.txt similarity index 100% rename from src/plugins/hookmagpie/CMakeLists.txt rename to cpp/hookmagpie/CMakeLists.txt diff --git a/src/plugins/hookmagpie/hookmagpie.cpp b/cpp/hookmagpie/hookmagpie.cpp similarity index 100% rename from src/plugins/hookmagpie/hookmagpie.cpp rename to cpp/hookmagpie/hookmagpie.cpp diff --git a/src/plugins/hookmagpie/veh_hook.cpp b/cpp/hookmagpie/veh_hook.cpp similarity index 100% rename from src/plugins/hookmagpie/veh_hook.cpp rename to cpp/hookmagpie/veh_hook.cpp diff --git a/src/plugins/hookmagpie/veh_hook.h b/cpp/hookmagpie/veh_hook.h similarity index 100% rename from src/plugins/hookmagpie/veh_hook.h rename to cpp/hookmagpie/veh_hook.h diff --git a/src/plugins/implsapi.cpp b/cpp/implsapi.cpp similarity index 100% rename from src/plugins/implsapi.cpp rename to cpp/implsapi.cpp diff --git a/src/plugins/libs/Clipper2 b/cpp/libs/Clipper2 similarity index 100% rename from src/plugins/libs/Clipper2 rename to cpp/libs/Clipper2 diff --git a/src/plugins/libs/Detours b/cpp/libs/Detours similarity index 100% rename from src/plugins/libs/Detours rename to cpp/libs/Detours diff --git a/src/plugins/libs/VC-LTL helper for cmake.cmake b/cpp/libs/VC-LTL helper for cmake.cmake similarity index 100% rename from src/plugins/libs/VC-LTL helper for cmake.cmake rename to cpp/libs/VC-LTL helper for cmake.cmake diff --git a/src/plugins/libs/libs.cmake b/cpp/libs/libs.cmake similarity index 79% rename from src/plugins/libs/libs.cmake rename to cpp/libs/libs.cmake index fcf00b2b..44e5120e 100644 --- a/src/plugins/libs/libs.cmake +++ b/cpp/libs/libs.cmake @@ -1,24 +1,32 @@  -add_library(Detours ${CMAKE_CURRENT_LIST_DIR}/Detours/src/creatwth.cpp ${CMAKE_CURRENT_LIST_DIR}/Detours/src/detours.cpp ${CMAKE_CURRENT_LIST_DIR}/Detours/src/modules.cpp ${CMAKE_CURRENT_LIST_DIR}/Detours/src/disasm.cpp) -target_include_directories(Detours PUBLIC ${CMAKE_CURRENT_LIST_DIR}/Detours/src) - add_library(nlohmann INTERFACE) target_include_directories(nlohmann INTERFACE ${CMAKE_CURRENT_LIST_DIR}) +option(IS_LUNAHOOK "IS_LUNAHOOK" OFF) +if(IS_LUNAHOOK) +add_subdirectory(${CMAKE_CURRENT_LIST_DIR}/minhook ${CMAKE_BINARY_DIR}/minhook) +else() +add_library(Detours ${CMAKE_CURRENT_LIST_DIR}/Detours/src/creatwth.cpp ${CMAKE_CURRENT_LIST_DIR}/Detours/src/detours.cpp ${CMAKE_CURRENT_LIST_DIR}/Detours/src/modules.cpp ${CMAKE_CURRENT_LIST_DIR}/Detours/src/disasm.cpp) +target_include_directories(Detours PUBLIC ${CMAKE_CURRENT_LIST_DIR}/Detours/src) + add_library(wil INTERFACE) target_include_directories(wil INTERFACE ${CMAKE_CURRENT_LIST_DIR}/wil/include) -add_subdirectory(${CMAKE_CURRENT_LIST_DIR}/tinymp3) -add_subdirectory(${CMAKE_CURRENT_LIST_DIR}/rapidfuzz-cpp) +add_subdirectory(${CMAKE_CURRENT_LIST_DIR}/tinymp3 ${CMAKE_BINARY_DIR}/tinymp3) +add_subdirectory(${CMAKE_CURRENT_LIST_DIR}/rapidfuzz-cpp ${CMAKE_BINARY_DIR}/rapidfuzz-cpp) add_library(webview2 INTERFACE) target_include_directories(webview2 INTERFACE ${CMAKE_CURRENT_LIST_DIR}/webview2/Microsoft.Web.WebView2.1.0.2535.41/build/native/include) + +option(USE_VCLTL "USE_VCLTL" ON) +if(USE_VCLTL) if(${CMAKE_SIZEOF_VOID_P} EQUAL 4) set(LTLPlatform "Win32") endif() include("${CMAKE_CURRENT_LIST_DIR}/VC-LTL helper for cmake.cmake") +endif() file(GLOB Clipper2LibSrc ${CMAKE_CURRENT_LIST_DIR}/Clipper2/CPP/Clipper2Lib/src/*.cpp) @@ -36,3 +44,4 @@ set(OpenCV_DIR ${CMAKE_CURRENT_LIST_DIR}/opencv-static/windows-x86) set(OpenCV_ARCH x86) endif() set(OpenCV_RUNTIME vc16) +endif() \ No newline at end of file diff --git a/cpp/libs/minhook b/cpp/libs/minhook new file mode 160000 index 00000000..c1a7c384 --- /dev/null +++ b/cpp/libs/minhook @@ -0,0 +1 @@ +Subproject commit c1a7c3843bd1a5fe3eb779b64c0d823bca3dc339 diff --git a/src/plugins/libs/nlohmann/json.hpp b/cpp/libs/nlohmann/json.hpp similarity index 100% rename from src/plugins/libs/nlohmann/json.hpp rename to cpp/libs/nlohmann/json.hpp diff --git a/src/plugins/libs/rapidfuzz-cpp b/cpp/libs/rapidfuzz-cpp similarity index 100% rename from src/plugins/libs/rapidfuzz-cpp rename to cpp/libs/rapidfuzz-cpp diff --git a/src/plugins/libs/tinymp3 b/cpp/libs/tinymp3 similarity index 100% rename from src/plugins/libs/tinymp3 rename to cpp/libs/tinymp3 diff --git a/src/plugins/libs/wechat-ocr b/cpp/libs/wechat-ocr similarity index 100% rename from src/plugins/libs/wechat-ocr rename to cpp/libs/wechat-ocr diff --git a/src/plugins/libs/wil b/cpp/libs/wil similarity index 100% rename from src/plugins/libs/wil rename to cpp/libs/wil diff --git a/src/files/themes/.keepdir b/cpp/pch.cpp similarity index 100% rename from src/files/themes/.keepdir rename to cpp/pch.cpp diff --git a/src/plugins/pch.h b/cpp/pch.h similarity index 100% rename from src/plugins/pch.h rename to cpp/pch.h diff --git a/src/plugins/scripts/build32.bat b/cpp/scripts/build32.bat similarity index 100% rename from src/plugins/scripts/build32.bat rename to cpp/scripts/build32.bat diff --git a/src/plugins/scripts/build64.bat b/cpp/scripts/build64.bat similarity index 100% rename from src/plugins/scripts/build64.bat rename to cpp/scripts/build64.bat diff --git a/cpp/scripts/copytarget.py b/cpp/scripts/copytarget.py new file mode 100644 index 00000000..592367b4 --- /dev/null +++ b/cpp/scripts/copytarget.py @@ -0,0 +1,15 @@ +import shutil,sys +x86=int(sys.argv[1]) +if x86: + shutil.copy('../builds/_x86/shareddllproxy32.exe','../../py/files/plugins') + shutil.copy('../builds/_x86/winrtutils32.dll','../../py/files/plugins/DLL32') + shutil.copy('../builds/_x86/winsharedutils32.dll','../../py/files/plugins/DLL32') + shutil.copy('../builds/_x86/wcocr.dll','../../py/files/plugins/DLL32') + shutil.copy('../builds/_x86/LunaOCR32.dll','../../py/files/plugins/DLL32') +else: + shutil.copy('../builds/_x64/shareddllproxy64.exe','../../py/files/plugins') + shutil.copy('../builds/_x64/hookmagpie.dll','../../py/files/plugins') + shutil.copy('../builds/_x64/winrtutils64.dll','../../py/files/plugins/DLL64') + shutil.copy('../builds/_x64/winsharedutils64.dll','../../py/files/plugins/DLL64') + shutil.copy('../builds/_x64/wcocr.dll','../../py/files/plugins/DLL64') + shutil.copy('../builds/_x64/LunaOCR64.dll','../../py/files/plugins/DLL64') diff --git a/src/plugins/scripts/fetchwebview2.py b/cpp/scripts/fetchwebview2.py similarity index 100% rename from src/plugins/scripts/fetchwebview2.py rename to cpp/scripts/fetchwebview2.py diff --git a/src/plugins/shareddllproxy/Atlas.cpp b/cpp/shareddllproxy/Atlas.cpp similarity index 100% rename from src/plugins/shareddllproxy/Atlas.cpp rename to cpp/shareddllproxy/Atlas.cpp diff --git a/src/plugins/shareddllproxy/Atlas.h b/cpp/shareddllproxy/Atlas.h similarity index 100% rename from src/plugins/shareddllproxy/Atlas.h rename to cpp/shareddllproxy/Atlas.h diff --git a/src/plugins/shareddllproxy/CMakeLists.txt b/cpp/shareddllproxy/CMakeLists.txt similarity index 100% rename from src/plugins/shareddllproxy/CMakeLists.txt rename to cpp/shareddllproxy/CMakeLists.txt diff --git a/src/plugins/shareddllproxy/LR.cpp b/cpp/shareddllproxy/LR.cpp similarity index 100% rename from src/plugins/shareddllproxy/LR.cpp rename to cpp/shareddllproxy/LR.cpp diff --git a/src/plugins/shareddllproxy/aspatch.cpp b/cpp/shareddllproxy/aspatch.cpp similarity index 100% rename from src/plugins/shareddllproxy/aspatch.cpp rename to cpp/shareddllproxy/aspatch.cpp diff --git a/src/plugins/shareddllproxy/dllinject.cpp b/cpp/shareddllproxy/dllinject.cpp similarity index 100% rename from src/plugins/shareddllproxy/dllinject.cpp rename to cpp/shareddllproxy/dllinject.cpp diff --git a/src/plugins/shareddllproxy/dreye.cpp b/cpp/shareddllproxy/dreye.cpp similarity index 100% rename from src/plugins/shareddllproxy/dreye.cpp rename to cpp/shareddllproxy/dreye.cpp diff --git a/src/plugins/shareddllproxy/eztrans.cpp b/cpp/shareddllproxy/eztrans.cpp similarity index 100% rename from src/plugins/shareddllproxy/eztrans.cpp rename to cpp/shareddllproxy/eztrans.cpp diff --git a/src/plugins/shareddllproxy/jbj7.cpp b/cpp/shareddllproxy/jbj7.cpp similarity index 100% rename from src/plugins/shareddllproxy/jbj7.cpp rename to cpp/shareddllproxy/jbj7.cpp diff --git a/src/plugins/shareddllproxy/kingsoft.cpp b/cpp/shareddllproxy/kingsoft.cpp similarity index 100% rename from src/plugins/shareddllproxy/kingsoft.cpp rename to cpp/shareddllproxy/kingsoft.cpp diff --git a/src/plugins/shareddllproxy/le.cpp b/cpp/shareddllproxy/le.cpp similarity index 100% rename from src/plugins/shareddllproxy/le.cpp rename to cpp/shareddllproxy/le.cpp diff --git a/src/plugins/shareddllproxy/mp3.cpp b/cpp/shareddllproxy/mp3.cpp similarity index 100% rename from src/plugins/shareddllproxy/mp3.cpp rename to cpp/shareddllproxy/mp3.cpp diff --git a/src/plugins/shareddllproxy/neospeech.cpp b/cpp/shareddllproxy/neospeech.cpp similarity index 100% rename from src/plugins/shareddllproxy/neospeech.cpp rename to cpp/shareddllproxy/neospeech.cpp diff --git a/src/plugins/shareddllproxy/ntleas.cpp b/cpp/shareddllproxy/ntleas.cpp similarity index 100% rename from src/plugins/shareddllproxy/ntleas.cpp rename to cpp/shareddllproxy/ntleas.cpp diff --git a/src/plugins/shareddllproxy/shareddllproxy.cpp b/cpp/shareddllproxy/shareddllproxy.cpp similarity index 100% rename from src/plugins/shareddllproxy/shareddllproxy.cpp rename to cpp/shareddllproxy/shareddllproxy.cpp diff --git a/src/plugins/shareddllproxy/update.cpp b/cpp/shareddllproxy/update.cpp similarity index 100% rename from src/plugins/shareddllproxy/update.cpp rename to cpp/shareddllproxy/update.cpp diff --git a/src/plugins/shareddllproxy/voiceroid2/CMakeLists.txt b/cpp/shareddllproxy/voiceroid2/CMakeLists.txt similarity index 100% rename from src/plugins/shareddllproxy/voiceroid2/CMakeLists.txt rename to cpp/shareddllproxy/voiceroid2/CMakeLists.txt diff --git a/src/plugins/shareddllproxy/voiceroid2/api_adapter.cc b/cpp/shareddllproxy/voiceroid2/api_adapter.cc similarity index 100% rename from src/plugins/shareddllproxy/voiceroid2/api_adapter.cc rename to cpp/shareddllproxy/voiceroid2/api_adapter.cc diff --git a/src/plugins/shareddllproxy/voiceroid2/api_adapter.h b/cpp/shareddllproxy/voiceroid2/api_adapter.h similarity index 100% rename from src/plugins/shareddllproxy/voiceroid2/api_adapter.h rename to cpp/shareddllproxy/voiceroid2/api_adapter.h diff --git a/src/plugins/shareddllproxy/voiceroid2/api_settings.cc b/cpp/shareddllproxy/voiceroid2/api_settings.cc similarity index 100% rename from src/plugins/shareddllproxy/voiceroid2/api_settings.cc rename to cpp/shareddllproxy/voiceroid2/api_settings.cc diff --git a/src/plugins/shareddllproxy/voiceroid2/api_settings.h b/cpp/shareddllproxy/voiceroid2/api_settings.h similarity index 100% rename from src/plugins/shareddllproxy/voiceroid2/api_settings.h rename to cpp/shareddllproxy/voiceroid2/api_settings.h diff --git a/src/plugins/shareddllproxy/voiceroid2/ebyroid.cc b/cpp/shareddllproxy/voiceroid2/ebyroid.cc similarity index 100% rename from src/plugins/shareddllproxy/voiceroid2/ebyroid.cc rename to cpp/shareddllproxy/voiceroid2/ebyroid.cc diff --git a/src/plugins/shareddllproxy/voiceroid2/ebyroid.h b/cpp/shareddllproxy/voiceroid2/ebyroid.h similarity index 100% rename from src/plugins/shareddllproxy/voiceroid2/ebyroid.h rename to cpp/shareddllproxy/voiceroid2/ebyroid.h diff --git a/src/plugins/shareddllproxy/voiceroid2/ebyutil.h b/cpp/shareddllproxy/voiceroid2/ebyutil.h similarity index 100% rename from src/plugins/shareddllproxy/voiceroid2/ebyutil.h rename to cpp/shareddllproxy/voiceroid2/ebyutil.h diff --git a/src/plugins/shareddllproxy/voiceroid2/types.h b/cpp/shareddllproxy/voiceroid2/types.h similarity index 100% rename from src/plugins/shareddllproxy/voiceroid2/types.h rename to cpp/shareddllproxy/voiceroid2/types.h diff --git a/src/plugins/shareddllproxy/voiceroid2/voice2.cpp b/cpp/shareddllproxy/voiceroid2/voice2.cpp similarity index 100% rename from src/plugins/shareddllproxy/voiceroid2/voice2.cpp rename to cpp/shareddllproxy/voiceroid2/voice2.cpp diff --git a/src/plugins/version/VersionInfo.in b/cpp/version/VersionInfo.in similarity index 100% rename from src/plugins/version/VersionInfo.in rename to cpp/version/VersionInfo.in diff --git a/src/plugins/version/VersionResource.rc b/cpp/version/VersionResource.rc similarity index 100% rename from src/plugins/version/VersionResource.rc rename to cpp/version/VersionResource.rc diff --git a/src/plugins/version/generate_product_version.cmake b/cpp/version/generate_product_version.cmake similarity index 100% rename from src/plugins/version/generate_product_version.cmake rename to cpp/version/generate_product_version.cmake diff --git a/cpp/version/version.cmake b/cpp/version/version.cmake new file mode 100644 index 00000000..452df3d2 --- /dev/null +++ b/cpp/version/version.cmake @@ -0,0 +1,6 @@ + +set(VERSION_MAJOR 5) +set(VERSION_MINOR 55) +set(VERSION_PATCH 5) + +include(${CMAKE_CURRENT_LIST_DIR}/generate_product_version.cmake) \ No newline at end of file diff --git a/src/plugins/wcocr/CMakeLists.txt b/cpp/wcocr/CMakeLists.txt similarity index 100% rename from src/plugins/wcocr/CMakeLists.txt rename to cpp/wcocr/CMakeLists.txt diff --git a/src/plugins/wcocr/wcocr.cpp b/cpp/wcocr/wcocr.cpp similarity index 100% rename from src/plugins/wcocr/wcocr.cpp rename to cpp/wcocr/wcocr.cpp diff --git a/src/plugins/winrtutils/CMakeLists.txt b/cpp/winrtutils/CMakeLists.txt similarity index 100% rename from src/plugins/winrtutils/CMakeLists.txt rename to cpp/winrtutils/CMakeLists.txt diff --git a/src/plugins/winrtutils/winrtocr.cpp b/cpp/winrtutils/winrtocr.cpp similarity index 100% rename from src/plugins/winrtutils/winrtocr.cpp rename to cpp/winrtutils/winrtocr.cpp diff --git a/src/plugins/winrtutils/winrtsnapshot.cpp b/cpp/winrtutils/winrtsnapshot.cpp similarity index 100% rename from src/plugins/winrtutils/winrtsnapshot.cpp rename to cpp/winrtutils/winrtsnapshot.cpp diff --git a/src/plugins/winsharedutils/AreoAcrylic.cpp b/cpp/winsharedutils/AreoAcrylic.cpp similarity index 100% rename from src/plugins/winsharedutils/AreoAcrylic.cpp rename to cpp/winsharedutils/AreoAcrylic.cpp diff --git a/src/plugins/winsharedutils/BMP.h b/cpp/winsharedutils/BMP.h similarity index 100% rename from src/plugins/winsharedutils/BMP.h rename to cpp/winsharedutils/BMP.h diff --git a/src/plugins/winsharedutils/CMakeLists.txt b/cpp/winsharedutils/CMakeLists.txt similarity index 100% rename from src/plugins/winsharedutils/CMakeLists.txt rename to cpp/winsharedutils/CMakeLists.txt diff --git a/src/plugins/winsharedutils/MWebBrowser.cpp b/cpp/winsharedutils/MWebBrowser.cpp similarity index 100% rename from src/plugins/winsharedutils/MWebBrowser.cpp rename to cpp/winsharedutils/MWebBrowser.cpp diff --git a/src/plugins/winsharedutils/MWebBrowser.hpp b/cpp/winsharedutils/MWebBrowser.hpp similarity index 100% rename from src/plugins/winsharedutils/MWebBrowser.hpp rename to cpp/winsharedutils/MWebBrowser.hpp diff --git a/src/plugins/winsharedutils/SimpleBrowser.cpp b/cpp/winsharedutils/SimpleBrowser.cpp similarity index 100% rename from src/plugins/winsharedutils/SimpleBrowser.cpp rename to cpp/winsharedutils/SimpleBrowser.cpp diff --git a/src/plugins/winsharedutils/applicationloopbackaudio/Common.h b/cpp/winsharedutils/applicationloopbackaudio/Common.h similarity index 100% rename from src/plugins/winsharedutils/applicationloopbackaudio/Common.h rename to cpp/winsharedutils/applicationloopbackaudio/Common.h diff --git a/src/plugins/winsharedutils/applicationloopbackaudio/LoopbackCapture.cpp b/cpp/winsharedutils/applicationloopbackaudio/LoopbackCapture.cpp similarity index 100% rename from src/plugins/winsharedutils/applicationloopbackaudio/LoopbackCapture.cpp rename to cpp/winsharedutils/applicationloopbackaudio/LoopbackCapture.cpp diff --git a/src/plugins/winsharedutils/applicationloopbackaudio/LoopbackCapture.h b/cpp/winsharedutils/applicationloopbackaudio/LoopbackCapture.h similarity index 100% rename from src/plugins/winsharedutils/applicationloopbackaudio/LoopbackCapture.h rename to cpp/winsharedutils/applicationloopbackaudio/LoopbackCapture.h diff --git a/src/plugins/winsharedutils/applicationloopbackaudio/runer.cpp b/cpp/winsharedutils/applicationloopbackaudio/runer.cpp similarity index 100% rename from src/plugins/winsharedutils/applicationloopbackaudio/runer.cpp rename to cpp/winsharedutils/applicationloopbackaudio/runer.cpp diff --git a/src/plugins/winsharedutils/audio.cpp b/cpp/winsharedutils/audio.cpp similarity index 100% rename from src/plugins/winsharedutils/audio.cpp rename to cpp/winsharedutils/audio.cpp diff --git a/src/plugins/winsharedutils/clipboard.cpp b/cpp/winsharedutils/clipboard.cpp similarity index 100% rename from src/plugins/winsharedutils/clipboard.cpp rename to cpp/winsharedutils/clipboard.cpp diff --git a/src/plugins/winsharedutils/globalmessagelistener.cpp b/cpp/winsharedutils/globalmessagelistener.cpp similarity index 100% rename from src/plugins/winsharedutils/globalmessagelistener.cpp rename to cpp/winsharedutils/globalmessagelistener.cpp diff --git a/src/plugins/winsharedutils/hwnd.cpp b/cpp/winsharedutils/hwnd.cpp similarity index 100% rename from src/plugins/winsharedutils/hwnd.cpp rename to cpp/winsharedutils/hwnd.cpp diff --git a/src/plugins/winsharedutils/icon.cpp b/cpp/winsharedutils/icon.cpp similarity index 100% rename from src/plugins/winsharedutils/icon.cpp rename to cpp/winsharedutils/icon.cpp diff --git a/src/plugins/winsharedutils/levenshtein.cpp b/cpp/winsharedutils/levenshtein.cpp similarity index 100% rename from src/plugins/winsharedutils/levenshtein.cpp rename to cpp/winsharedutils/levenshtein.cpp diff --git a/src/plugins/winsharedutils/lnk.cpp b/cpp/winsharedutils/lnk.cpp similarity index 100% rename from src/plugins/winsharedutils/lnk.cpp rename to cpp/winsharedutils/lnk.cpp diff --git a/src/plugins/winsharedutils/mp3enc.cpp b/cpp/winsharedutils/mp3enc.cpp similarity index 100% rename from src/plugins/winsharedutils/mp3enc.cpp rename to cpp/winsharedutils/mp3enc.cpp diff --git a/src/plugins/winsharedutils/muteprocess.cpp b/cpp/winsharedutils/muteprocess.cpp similarity index 100% rename from src/plugins/winsharedutils/muteprocess.cpp rename to cpp/winsharedutils/muteprocess.cpp diff --git a/src/plugins/winsharedutils/otsu.cpp b/cpp/winsharedutils/otsu.cpp similarity index 100% rename from src/plugins/winsharedutils/otsu.cpp rename to cpp/winsharedutils/otsu.cpp diff --git a/src/plugins/winsharedutils/sapi_dll.cpp b/cpp/winsharedutils/sapi_dll.cpp similarity index 100% rename from src/plugins/winsharedutils/sapi_dll.cpp rename to cpp/winsharedutils/sapi_dll.cpp diff --git a/src/plugins/winsharedutils/screenshot.cpp b/cpp/winsharedutils/screenshot.cpp similarity index 100% rename from src/plugins/winsharedutils/screenshot.cpp rename to cpp/winsharedutils/screenshot.cpp diff --git a/src/plugins/winsharedutils/simplemecab.cpp b/cpp/winsharedutils/simplemecab.cpp similarity index 100% rename from src/plugins/winsharedutils/simplemecab.cpp rename to cpp/winsharedutils/simplemecab.cpp diff --git a/src/plugins/winsharedutils/theme.cpp b/cpp/winsharedutils/theme.cpp similarity index 100% rename from src/plugins/winsharedutils/theme.cpp rename to cpp/winsharedutils/theme.cpp diff --git a/src/plugins/winsharedutils/version.cpp b/cpp/winsharedutils/version.cpp similarity index 100% rename from src/plugins/winsharedutils/version.cpp rename to cpp/winsharedutils/version.cpp diff --git a/src/plugins/winsharedutils/webview2_extra.cpp b/cpp/winsharedutils/webview2_extra.cpp similarity index 100% rename from src/plugins/winsharedutils/webview2_extra.cpp rename to cpp/winsharedutils/webview2_extra.cpp diff --git a/docs/en/guochandamoxing.md b/docs/en/guochandamoxing.md index 0e183530..d95a856f 100644 --- a/docs/en/guochandamoxing.md +++ b/docs/en/guochandamoxing.md @@ -31,6 +31,12 @@ **model** https://platform.openai.com/docs/models +### **x.ai** + +**API Interface Address** `https://api.x.ai/` + +**API Key** https://console.x.ai/ + ### **groq** **API Interface Address** `https://api.groq.com/openai/v1/chat/completions` diff --git a/docs/ru/guochandamoxing.md b/docs/ru/guochandamoxing.md index 39d01de6..1e65a9cb 100644 --- a/docs/ru/guochandamoxing.md +++ b/docs/ru/guochandamoxing.md @@ -31,6 +31,12 @@ **model** https://platform.openai.com/docs/models +### **x.ai** + +**Адрес API** `https://api.x.ai/` + +**API Key** https://console.x.ai/ + ### **groq** **Адрес API** `https://api.groq.com/openai/v1/chat/completions` diff --git a/docs/zh/guochandamoxing.md b/docs/zh/guochandamoxing.md index e0db56d4..209b8d1e 100644 --- a/docs/zh/guochandamoxing.md +++ b/docs/zh/guochandamoxing.md @@ -33,6 +33,12 @@ **model** https://platform.openai.com/docs/models +### **x.ai** + +**API接口地址** `https://api.x.ai/` + +**API Key** https://console.x.ai/ + ### **groq** **API接口地址** `https://api.groq.com/openai/v1/chat/completions` diff --git a/src/LunaTranslator/LunaTranslator.py b/py/LunaTranslator/LunaTranslator.py similarity index 100% rename from src/LunaTranslator/LunaTranslator.py rename to py/LunaTranslator/LunaTranslator.py diff --git a/src/LunaTranslator/LunaTranslator_main.py b/py/LunaTranslator/LunaTranslator_main.py similarity index 100% rename from src/LunaTranslator/LunaTranslator_main.py rename to py/LunaTranslator/LunaTranslator_main.py diff --git a/py/LunaTranslator/__init__.py b/py/LunaTranslator/__init__.py new file mode 100644 index 00000000..e69de29b diff --git a/src/LunaTranslator/cishu/cishubase.py b/py/LunaTranslator/cishu/cishubase.py similarity index 100% rename from src/LunaTranslator/cishu/cishubase.py rename to py/LunaTranslator/cishu/cishubase.py diff --git a/src/LunaTranslator/cishu/edict.py b/py/LunaTranslator/cishu/edict.py similarity index 100% rename from src/LunaTranslator/cishu/edict.py rename to py/LunaTranslator/cishu/edict.py diff --git a/src/LunaTranslator/cishu/edict2.py b/py/LunaTranslator/cishu/edict2.py similarity index 100% rename from src/LunaTranslator/cishu/edict2.py rename to py/LunaTranslator/cishu/edict2.py diff --git a/src/LunaTranslator/cishu/goo.py b/py/LunaTranslator/cishu/goo.py similarity index 100% rename from src/LunaTranslator/cishu/goo.py rename to py/LunaTranslator/cishu/goo.py diff --git a/src/LunaTranslator/cishu/japandict.py b/py/LunaTranslator/cishu/japandict.py similarity index 100% rename from src/LunaTranslator/cishu/japandict.py rename to py/LunaTranslator/cishu/japandict.py diff --git a/src/LunaTranslator/cishu/jisho.py b/py/LunaTranslator/cishu/jisho.py similarity index 100% rename from src/LunaTranslator/cishu/jisho.py rename to py/LunaTranslator/cishu/jisho.py diff --git a/src/LunaTranslator/cishu/linggesi.py b/py/LunaTranslator/cishu/linggesi.py similarity index 100% rename from src/LunaTranslator/cishu/linggesi.py rename to py/LunaTranslator/cishu/linggesi.py diff --git a/src/LunaTranslator/cishu/mdict.py b/py/LunaTranslator/cishu/mdict.py similarity index 100% rename from src/LunaTranslator/cishu/mdict.py rename to py/LunaTranslator/cishu/mdict.py diff --git a/src/LunaTranslator/cishu/mojidict.py b/py/LunaTranslator/cishu/mojidict.py similarity index 100% rename from src/LunaTranslator/cishu/mojidict.py rename to py/LunaTranslator/cishu/mojidict.py diff --git a/src/LunaTranslator/cishu/weblio.py b/py/LunaTranslator/cishu/weblio.py similarity index 100% rename from src/LunaTranslator/cishu/weblio.py rename to py/LunaTranslator/cishu/weblio.py diff --git a/src/LunaTranslator/cishu/xiaoxueguan.py b/py/LunaTranslator/cishu/xiaoxueguan.py similarity index 100% rename from src/LunaTranslator/cishu/xiaoxueguan.py rename to py/LunaTranslator/cishu/xiaoxueguan.py diff --git a/src/LunaTranslator/cishu/youdao.py b/py/LunaTranslator/cishu/youdao.py similarity index 100% rename from src/LunaTranslator/cishu/youdao.py rename to py/LunaTranslator/cishu/youdao.py diff --git a/src/LunaTranslator/gobject.py b/py/LunaTranslator/gobject.py similarity index 100% rename from src/LunaTranslator/gobject.py rename to py/LunaTranslator/gobject.py diff --git a/src/LunaTranslator/gui/attachprocessdialog.py b/py/LunaTranslator/gui/attachprocessdialog.py similarity index 100% rename from src/LunaTranslator/gui/attachprocessdialog.py rename to py/LunaTranslator/gui/attachprocessdialog.py diff --git a/src/LunaTranslator/gui/codeacceptdialog.py b/py/LunaTranslator/gui/codeacceptdialog.py similarity index 100% rename from src/LunaTranslator/gui/codeacceptdialog.py rename to py/LunaTranslator/gui/codeacceptdialog.py diff --git a/src/LunaTranslator/gui/dialog_memory.py b/py/LunaTranslator/gui/dialog_memory.py similarity index 100% rename from src/LunaTranslator/gui/dialog_memory.py rename to py/LunaTranslator/gui/dialog_memory.py diff --git a/src/LunaTranslator/gui/dialog_savedgame.py b/py/LunaTranslator/gui/dialog_savedgame.py similarity index 100% rename from src/LunaTranslator/gui/dialog_savedgame.py rename to py/LunaTranslator/gui/dialog_savedgame.py diff --git a/src/LunaTranslator/gui/dialog_savedgame_common.py b/py/LunaTranslator/gui/dialog_savedgame_common.py similarity index 100% rename from src/LunaTranslator/gui/dialog_savedgame_common.py rename to py/LunaTranslator/gui/dialog_savedgame_common.py diff --git a/src/LunaTranslator/gui/dialog_savedgame_legacy.py b/py/LunaTranslator/gui/dialog_savedgame_legacy.py similarity index 100% rename from src/LunaTranslator/gui/dialog_savedgame_legacy.py rename to py/LunaTranslator/gui/dialog_savedgame_legacy.py diff --git a/src/LunaTranslator/gui/dialog_savedgame_setting.py b/py/LunaTranslator/gui/dialog_savedgame_setting.py similarity index 100% rename from src/LunaTranslator/gui/dialog_savedgame_setting.py rename to py/LunaTranslator/gui/dialog_savedgame_setting.py diff --git a/src/LunaTranslator/gui/dialog_savedgame_v3.py b/py/LunaTranslator/gui/dialog_savedgame_v3.py similarity index 100% rename from src/LunaTranslator/gui/dialog_savedgame_v3.py rename to py/LunaTranslator/gui/dialog_savedgame_v3.py diff --git a/src/LunaTranslator/gui/dynalang.py b/py/LunaTranslator/gui/dynalang.py similarity index 100% rename from src/LunaTranslator/gui/dynalang.py rename to py/LunaTranslator/gui/dynalang.py diff --git a/src/LunaTranslator/gui/edittext.py b/py/LunaTranslator/gui/edittext.py similarity index 100% rename from src/LunaTranslator/gui/edittext.py rename to py/LunaTranslator/gui/edittext.py diff --git a/src/LunaTranslator/gui/inputdialog.py b/py/LunaTranslator/gui/inputdialog.py similarity index 100% rename from src/LunaTranslator/gui/inputdialog.py rename to py/LunaTranslator/gui/inputdialog.py diff --git a/src/LunaTranslator/gui/pretransfile.py b/py/LunaTranslator/gui/pretransfile.py similarity index 100% rename from src/LunaTranslator/gui/pretransfile.py rename to py/LunaTranslator/gui/pretransfile.py diff --git a/src/LunaTranslator/gui/rangeselect.py b/py/LunaTranslator/gui/rangeselect.py similarity index 100% rename from src/LunaTranslator/gui/rangeselect.py rename to py/LunaTranslator/gui/rangeselect.py diff --git a/src/LunaTranslator/gui/resizeablemainwindow.py b/py/LunaTranslator/gui/resizeablemainwindow.py similarity index 100% rename from src/LunaTranslator/gui/resizeablemainwindow.py rename to py/LunaTranslator/gui/resizeablemainwindow.py diff --git a/src/LunaTranslator/gui/selecthook.py b/py/LunaTranslator/gui/selecthook.py similarity index 100% rename from src/LunaTranslator/gui/selecthook.py rename to py/LunaTranslator/gui/selecthook.py diff --git a/src/LunaTranslator/gui/setting.py b/py/LunaTranslator/gui/setting.py similarity index 100% rename from src/LunaTranslator/gui/setting.py rename to py/LunaTranslator/gui/setting.py diff --git a/src/LunaTranslator/gui/setting_about.py b/py/LunaTranslator/gui/setting_about.py similarity index 100% rename from src/LunaTranslator/gui/setting_about.py rename to py/LunaTranslator/gui/setting_about.py diff --git a/src/LunaTranslator/gui/setting_cishu.py b/py/LunaTranslator/gui/setting_cishu.py similarity index 100% rename from src/LunaTranslator/gui/setting_cishu.py rename to py/LunaTranslator/gui/setting_cishu.py diff --git a/src/LunaTranslator/gui/setting_display.py b/py/LunaTranslator/gui/setting_display.py similarity index 100% rename from src/LunaTranslator/gui/setting_display.py rename to py/LunaTranslator/gui/setting_display.py diff --git a/src/LunaTranslator/gui/setting_display_buttons.py b/py/LunaTranslator/gui/setting_display_buttons.py similarity index 100% rename from src/LunaTranslator/gui/setting_display_buttons.py rename to py/LunaTranslator/gui/setting_display_buttons.py diff --git a/src/LunaTranslator/gui/setting_display_scale.py b/py/LunaTranslator/gui/setting_display_scale.py similarity index 100% rename from src/LunaTranslator/gui/setting_display_scale.py rename to py/LunaTranslator/gui/setting_display_scale.py diff --git a/src/LunaTranslator/gui/setting_display_text.py b/py/LunaTranslator/gui/setting_display_text.py similarity index 100% rename from src/LunaTranslator/gui/setting_display_text.py rename to py/LunaTranslator/gui/setting_display_text.py diff --git a/src/LunaTranslator/gui/setting_display_ui.py b/py/LunaTranslator/gui/setting_display_ui.py similarity index 100% rename from src/LunaTranslator/gui/setting_display_ui.py rename to py/LunaTranslator/gui/setting_display_ui.py diff --git a/src/LunaTranslator/gui/setting_hotkey.py b/py/LunaTranslator/gui/setting_hotkey.py similarity index 100% rename from src/LunaTranslator/gui/setting_hotkey.py rename to py/LunaTranslator/gui/setting_hotkey.py diff --git a/src/LunaTranslator/gui/setting_lang.py b/py/LunaTranslator/gui/setting_lang.py similarity index 100% rename from src/LunaTranslator/gui/setting_lang.py rename to py/LunaTranslator/gui/setting_lang.py diff --git a/src/LunaTranslator/gui/setting_proxy.py b/py/LunaTranslator/gui/setting_proxy.py similarity index 100% rename from src/LunaTranslator/gui/setting_proxy.py rename to py/LunaTranslator/gui/setting_proxy.py diff --git a/src/LunaTranslator/gui/setting_textinput.py b/py/LunaTranslator/gui/setting_textinput.py similarity index 100% rename from src/LunaTranslator/gui/setting_textinput.py rename to py/LunaTranslator/gui/setting_textinput.py diff --git a/src/LunaTranslator/gui/setting_textinput_ocr.py b/py/LunaTranslator/gui/setting_textinput_ocr.py similarity index 100% rename from src/LunaTranslator/gui/setting_textinput_ocr.py rename to py/LunaTranslator/gui/setting_textinput_ocr.py diff --git a/src/LunaTranslator/gui/setting_translate.py b/py/LunaTranslator/gui/setting_translate.py similarity index 100% rename from src/LunaTranslator/gui/setting_translate.py rename to py/LunaTranslator/gui/setting_translate.py diff --git a/src/LunaTranslator/gui/setting_transopti.py b/py/LunaTranslator/gui/setting_transopti.py similarity index 100% rename from src/LunaTranslator/gui/setting_transopti.py rename to py/LunaTranslator/gui/setting_transopti.py diff --git a/src/LunaTranslator/gui/setting_tts.py b/py/LunaTranslator/gui/setting_tts.py similarity index 100% rename from src/LunaTranslator/gui/setting_tts.py rename to py/LunaTranslator/gui/setting_tts.py diff --git a/src/LunaTranslator/gui/showword.py b/py/LunaTranslator/gui/showword.py similarity index 100% rename from src/LunaTranslator/gui/showword.py rename to py/LunaTranslator/gui/showword.py diff --git a/src/LunaTranslator/gui/specialwidget.py b/py/LunaTranslator/gui/specialwidget.py similarity index 100% rename from src/LunaTranslator/gui/specialwidget.py rename to py/LunaTranslator/gui/specialwidget.py diff --git a/src/LunaTranslator/gui/textbrowser.py b/py/LunaTranslator/gui/textbrowser.py similarity index 100% rename from src/LunaTranslator/gui/textbrowser.py rename to py/LunaTranslator/gui/textbrowser.py diff --git a/src/LunaTranslator/gui/transhist.py b/py/LunaTranslator/gui/transhist.py similarity index 100% rename from src/LunaTranslator/gui/transhist.py rename to py/LunaTranslator/gui/transhist.py diff --git a/src/LunaTranslator/gui/translatorUI.py b/py/LunaTranslator/gui/translatorUI.py similarity index 100% rename from src/LunaTranslator/gui/translatorUI.py rename to py/LunaTranslator/gui/translatorUI.py diff --git a/src/LunaTranslator/gui/usefulwidget.py b/py/LunaTranslator/gui/usefulwidget.py similarity index 100% rename from src/LunaTranslator/gui/usefulwidget.py rename to py/LunaTranslator/gui/usefulwidget.py diff --git a/src/LunaTranslator/hiraparse/basehira.py b/py/LunaTranslator/hiraparse/basehira.py similarity index 100% rename from src/LunaTranslator/hiraparse/basehira.py rename to py/LunaTranslator/hiraparse/basehira.py diff --git a/src/LunaTranslator/hiraparse/latin.py b/py/LunaTranslator/hiraparse/latin.py similarity index 100% rename from src/LunaTranslator/hiraparse/latin.py rename to py/LunaTranslator/hiraparse/latin.py diff --git a/src/LunaTranslator/hiraparse/mecab.py b/py/LunaTranslator/hiraparse/mecab.py similarity index 100% rename from src/LunaTranslator/hiraparse/mecab.py rename to py/LunaTranslator/hiraparse/mecab.py diff --git a/src/LunaTranslator/keeprefs.py b/py/LunaTranslator/keeprefs.py similarity index 100% rename from src/LunaTranslator/keeprefs.py rename to py/LunaTranslator/keeprefs.py diff --git a/src/LunaTranslator/metadata/abstract.py b/py/LunaTranslator/metadata/abstract.py similarity index 100% rename from src/LunaTranslator/metadata/abstract.py rename to py/LunaTranslator/metadata/abstract.py diff --git a/src/LunaTranslator/metadata/bangumi.py b/py/LunaTranslator/metadata/bangumi.py similarity index 100% rename from src/LunaTranslator/metadata/bangumi.py rename to py/LunaTranslator/metadata/bangumi.py diff --git a/src/LunaTranslator/metadata/dlsite.py b/py/LunaTranslator/metadata/dlsite.py similarity index 100% rename from src/LunaTranslator/metadata/dlsite.py rename to py/LunaTranslator/metadata/dlsite.py diff --git a/src/LunaTranslator/metadata/fanza.py b/py/LunaTranslator/metadata/fanza.py similarity index 100% rename from src/LunaTranslator/metadata/fanza.py rename to py/LunaTranslator/metadata/fanza.py diff --git a/src/LunaTranslator/metadata/steam.py b/py/LunaTranslator/metadata/steam.py similarity index 100% rename from src/LunaTranslator/metadata/steam.py rename to py/LunaTranslator/metadata/steam.py diff --git a/src/LunaTranslator/metadata/vndb.py b/py/LunaTranslator/metadata/vndb.py similarity index 100% rename from src/LunaTranslator/metadata/vndb.py rename to py/LunaTranslator/metadata/vndb.py diff --git a/src/LunaTranslator/myutils/ankiconnect.py b/py/LunaTranslator/myutils/ankiconnect.py similarity index 100% rename from src/LunaTranslator/myutils/ankiconnect.py rename to py/LunaTranslator/myutils/ankiconnect.py diff --git a/src/LunaTranslator/myutils/audioplayer.py b/py/LunaTranslator/myutils/audioplayer.py similarity index 100% rename from src/LunaTranslator/myutils/audioplayer.py rename to py/LunaTranslator/myutils/audioplayer.py diff --git a/src/LunaTranslator/myutils/commonbase.py b/py/LunaTranslator/myutils/commonbase.py similarity index 100% rename from src/LunaTranslator/myutils/commonbase.py rename to py/LunaTranslator/myutils/commonbase.py diff --git a/src/LunaTranslator/myutils/config.py b/py/LunaTranslator/myutils/config.py similarity index 100% rename from src/LunaTranslator/myutils/config.py rename to py/LunaTranslator/myutils/config.py diff --git a/src/LunaTranslator/myutils/hwnd.py b/py/LunaTranslator/myutils/hwnd.py similarity index 100% rename from src/LunaTranslator/myutils/hwnd.py rename to py/LunaTranslator/myutils/hwnd.py diff --git a/src/LunaTranslator/myutils/languageguesser.py b/py/LunaTranslator/myutils/languageguesser.py similarity index 100% rename from src/LunaTranslator/myutils/languageguesser.py rename to py/LunaTranslator/myutils/languageguesser.py diff --git a/src/LunaTranslator/myutils/localetools.py b/py/LunaTranslator/myutils/localetools.py similarity index 100% rename from src/LunaTranslator/myutils/localetools.py rename to py/LunaTranslator/myutils/localetools.py diff --git a/src/LunaTranslator/myutils/ocrutil.py b/py/LunaTranslator/myutils/ocrutil.py similarity index 100% rename from src/LunaTranslator/myutils/ocrutil.py rename to py/LunaTranslator/myutils/ocrutil.py diff --git a/src/LunaTranslator/myutils/post.py b/py/LunaTranslator/myutils/post.py similarity index 100% rename from src/LunaTranslator/myutils/post.py rename to py/LunaTranslator/myutils/post.py diff --git a/src/LunaTranslator/myutils/proxy.py b/py/LunaTranslator/myutils/proxy.py similarity index 100% rename from src/LunaTranslator/myutils/proxy.py rename to py/LunaTranslator/myutils/proxy.py diff --git a/src/LunaTranslator/myutils/subproc.py b/py/LunaTranslator/myutils/subproc.py similarity index 100% rename from src/LunaTranslator/myutils/subproc.py rename to py/LunaTranslator/myutils/subproc.py diff --git a/src/LunaTranslator/myutils/template/mypost.py b/py/LunaTranslator/myutils/template/mypost.py similarity index 100% rename from src/LunaTranslator/myutils/template/mypost.py rename to py/LunaTranslator/myutils/template/mypost.py diff --git a/src/LunaTranslator/myutils/template/myprocess.py b/py/LunaTranslator/myutils/template/myprocess.py similarity index 100% rename from src/LunaTranslator/myutils/template/myprocess.py rename to py/LunaTranslator/myutils/template/myprocess.py diff --git a/src/LunaTranslator/myutils/template/selfbuild.py b/py/LunaTranslator/myutils/template/selfbuild.py similarity index 100% rename from src/LunaTranslator/myutils/template/selfbuild.py rename to py/LunaTranslator/myutils/template/selfbuild.py diff --git a/src/LunaTranslator/myutils/traceplaytime.py b/py/LunaTranslator/myutils/traceplaytime.py similarity index 100% rename from src/LunaTranslator/myutils/traceplaytime.py rename to py/LunaTranslator/myutils/traceplaytime.py diff --git a/src/LunaTranslator/myutils/utils.py b/py/LunaTranslator/myutils/utils.py similarity index 100% rename from src/LunaTranslator/myutils/utils.py rename to py/LunaTranslator/myutils/utils.py diff --git a/src/LunaTranslator/myutils/winsyshotkey.py b/py/LunaTranslator/myutils/winsyshotkey.py similarity index 100% rename from src/LunaTranslator/myutils/winsyshotkey.py rename to py/LunaTranslator/myutils/winsyshotkey.py diff --git a/src/LunaTranslator/myutils/wrapper.py b/py/LunaTranslator/myutils/wrapper.py similarity index 100% rename from src/LunaTranslator/myutils/wrapper.py rename to py/LunaTranslator/myutils/wrapper.py diff --git a/src/LunaTranslator/network/libcurl/libcurl.py b/py/LunaTranslator/network/libcurl/libcurl.py similarity index 100% rename from src/LunaTranslator/network/libcurl/libcurl.py rename to py/LunaTranslator/network/libcurl/libcurl.py diff --git a/src/LunaTranslator/network/libcurl/requester.py b/py/LunaTranslator/network/libcurl/requester.py similarity index 100% rename from src/LunaTranslator/network/libcurl/requester.py rename to py/LunaTranslator/network/libcurl/requester.py diff --git a/src/LunaTranslator/network/libcurl/websocket.py b/py/LunaTranslator/network/libcurl/websocket.py similarity index 100% rename from src/LunaTranslator/network/libcurl/websocket.py rename to py/LunaTranslator/network/libcurl/websocket.py diff --git a/src/LunaTranslator/network/winhttp/brotli_dec.py b/py/LunaTranslator/network/winhttp/brotli_dec.py similarity index 100% rename from src/LunaTranslator/network/winhttp/brotli_dec.py rename to py/LunaTranslator/network/winhttp/brotli_dec.py diff --git a/src/LunaTranslator/network/winhttp/requester.py b/py/LunaTranslator/network/winhttp/requester.py similarity index 100% rename from src/LunaTranslator/network/winhttp/requester.py rename to py/LunaTranslator/network/winhttp/requester.py diff --git a/src/LunaTranslator/network/winhttp/websocket.py b/py/LunaTranslator/network/winhttp/websocket.py similarity index 100% rename from src/LunaTranslator/network/winhttp/websocket.py rename to py/LunaTranslator/network/winhttp/websocket.py diff --git a/src/LunaTranslator/network/winhttp/winhttp.py b/py/LunaTranslator/network/winhttp/winhttp.py similarity index 100% rename from src/LunaTranslator/network/winhttp/winhttp.py rename to py/LunaTranslator/network/winhttp/winhttp.py diff --git a/src/LunaTranslator/ocrengines/baiduocr_X.py b/py/LunaTranslator/ocrengines/baiduocr_X.py similarity index 100% rename from src/LunaTranslator/ocrengines/baiduocr_X.py rename to py/LunaTranslator/ocrengines/baiduocr_X.py diff --git a/src/LunaTranslator/ocrengines/baseocrclass.py b/py/LunaTranslator/ocrengines/baseocrclass.py similarity index 100% rename from src/LunaTranslator/ocrengines/baseocrclass.py rename to py/LunaTranslator/ocrengines/baseocrclass.py diff --git a/src/LunaTranslator/ocrengines/chatgptlike.py b/py/LunaTranslator/ocrengines/chatgptlike.py similarity index 100% rename from src/LunaTranslator/ocrengines/chatgptlike.py rename to py/LunaTranslator/ocrengines/chatgptlike.py diff --git a/src/LunaTranslator/ocrengines/docsumo.py b/py/LunaTranslator/ocrengines/docsumo.py similarity index 100% rename from src/LunaTranslator/ocrengines/docsumo.py rename to py/LunaTranslator/ocrengines/docsumo.py diff --git a/src/LunaTranslator/ocrengines/feishu.py b/py/LunaTranslator/ocrengines/feishu.py similarity index 100% rename from src/LunaTranslator/ocrengines/feishu.py rename to py/LunaTranslator/ocrengines/feishu.py diff --git a/src/LunaTranslator/ocrengines/geminiocr.py b/py/LunaTranslator/ocrengines/geminiocr.py similarity index 100% rename from src/LunaTranslator/ocrengines/geminiocr.py rename to py/LunaTranslator/ocrengines/geminiocr.py diff --git a/src/LunaTranslator/ocrengines/googlecloudvision.py b/py/LunaTranslator/ocrengines/googlecloudvision.py similarity index 100% rename from src/LunaTranslator/ocrengines/googlecloudvision.py rename to py/LunaTranslator/ocrengines/googlecloudvision.py diff --git a/src/LunaTranslator/ocrengines/googlelens.py b/py/LunaTranslator/ocrengines/googlelens.py similarity index 100% rename from src/LunaTranslator/ocrengines/googlelens.py rename to py/LunaTranslator/ocrengines/googlelens.py diff --git a/src/LunaTranslator/ocrengines/local.py b/py/LunaTranslator/ocrengines/local.py similarity index 100% rename from src/LunaTranslator/ocrengines/local.py rename to py/LunaTranslator/ocrengines/local.py diff --git a/src/LunaTranslator/ocrengines/mangaocr.py b/py/LunaTranslator/ocrengines/mangaocr.py similarity index 100% rename from src/LunaTranslator/ocrengines/mangaocr.py rename to py/LunaTranslator/ocrengines/mangaocr.py diff --git a/src/LunaTranslator/ocrengines/ocrspace.py b/py/LunaTranslator/ocrengines/ocrspace.py similarity index 100% rename from src/LunaTranslator/ocrengines/ocrspace.py rename to py/LunaTranslator/ocrengines/ocrspace.py diff --git a/src/LunaTranslator/ocrengines/tesseract5.py b/py/LunaTranslator/ocrengines/tesseract5.py similarity index 100% rename from src/LunaTranslator/ocrengines/tesseract5.py rename to py/LunaTranslator/ocrengines/tesseract5.py diff --git a/src/LunaTranslator/ocrengines/txocr.py b/py/LunaTranslator/ocrengines/txocr.py similarity index 100% rename from src/LunaTranslator/ocrengines/txocr.py rename to py/LunaTranslator/ocrengines/txocr.py diff --git a/src/LunaTranslator/ocrengines/volcengine.py b/py/LunaTranslator/ocrengines/volcengine.py similarity index 100% rename from src/LunaTranslator/ocrengines/volcengine.py rename to py/LunaTranslator/ocrengines/volcengine.py diff --git a/src/LunaTranslator/ocrengines/weixinocr.py b/py/LunaTranslator/ocrengines/weixinocr.py similarity index 100% rename from src/LunaTranslator/ocrengines/weixinocr.py rename to py/LunaTranslator/ocrengines/weixinocr.py diff --git a/src/LunaTranslator/ocrengines/windowsocr.py b/py/LunaTranslator/ocrengines/windowsocr.py similarity index 100% rename from src/LunaTranslator/ocrengines/windowsocr.py rename to py/LunaTranslator/ocrengines/windowsocr.py diff --git a/src/LunaTranslator/ocrengines/xunfei.py b/py/LunaTranslator/ocrengines/xunfei.py similarity index 100% rename from src/LunaTranslator/ocrengines/xunfei.py rename to py/LunaTranslator/ocrengines/xunfei.py diff --git a/src/LunaTranslator/ocrengines/youdaocr.py b/py/LunaTranslator/ocrengines/youdaocr.py similarity index 100% rename from src/LunaTranslator/ocrengines/youdaocr.py rename to py/LunaTranslator/ocrengines/youdaocr.py diff --git a/src/LunaTranslator/ocrengines/youdaodictocr.py b/py/LunaTranslator/ocrengines/youdaodictocr.py similarity index 100% rename from src/LunaTranslator/ocrengines/youdaodictocr.py rename to py/LunaTranslator/ocrengines/youdaodictocr.py diff --git a/src/LunaTranslator/pytz.py b/py/LunaTranslator/pytz.py similarity index 100% rename from src/LunaTranslator/pytz.py rename to py/LunaTranslator/pytz.py diff --git a/src/LunaTranslator/qtawesome.py b/py/LunaTranslator/qtawesome.py similarity index 100% rename from src/LunaTranslator/qtawesome.py rename to py/LunaTranslator/qtawesome.py diff --git a/src/LunaTranslator/qtsymbols.py b/py/LunaTranslator/qtsymbols.py similarity index 100% rename from src/LunaTranslator/qtsymbols.py rename to py/LunaTranslator/qtsymbols.py diff --git a/src/LunaTranslator/rendertext/exampleextrahtml.html b/py/LunaTranslator/rendertext/exampleextrahtml.html similarity index 100% rename from src/LunaTranslator/rendertext/exampleextrahtml.html rename to py/LunaTranslator/rendertext/exampleextrahtml.html diff --git a/src/LunaTranslator/rendertext/somefunctions.py b/py/LunaTranslator/rendertext/somefunctions.py similarity index 100% rename from src/LunaTranslator/rendertext/somefunctions.py rename to py/LunaTranslator/rendertext/somefunctions.py diff --git a/src/LunaTranslator/rendertext/textbrowser.py b/py/LunaTranslator/rendertext/textbrowser.py similarity index 100% rename from src/LunaTranslator/rendertext/textbrowser.py rename to py/LunaTranslator/rendertext/textbrowser.py diff --git a/src/LunaTranslator/rendertext/textbrowser_imp/base.py b/py/LunaTranslator/rendertext/textbrowser_imp/base.py similarity index 100% rename from src/LunaTranslator/rendertext/textbrowser_imp/base.py rename to py/LunaTranslator/rendertext/textbrowser_imp/base.py diff --git a/src/LunaTranslator/rendertext/textbrowser_imp/miaobian0.py b/py/LunaTranslator/rendertext/textbrowser_imp/miaobian0.py similarity index 100% rename from src/LunaTranslator/rendertext/textbrowser_imp/miaobian0.py rename to py/LunaTranslator/rendertext/textbrowser_imp/miaobian0.py diff --git a/src/LunaTranslator/rendertext/textbrowser_imp/miaobian1.py b/py/LunaTranslator/rendertext/textbrowser_imp/miaobian1.py similarity index 100% rename from src/LunaTranslator/rendertext/textbrowser_imp/miaobian1.py rename to py/LunaTranslator/rendertext/textbrowser_imp/miaobian1.py diff --git a/src/LunaTranslator/rendertext/textbrowser_imp/normal.py b/py/LunaTranslator/rendertext/textbrowser_imp/normal.py similarity index 100% rename from src/LunaTranslator/rendertext/textbrowser_imp/normal.py rename to py/LunaTranslator/rendertext/textbrowser_imp/normal.py diff --git a/src/LunaTranslator/rendertext/textbrowser_imp/yinying.py b/py/LunaTranslator/rendertext/textbrowser_imp/yinying.py similarity index 100% rename from src/LunaTranslator/rendertext/textbrowser_imp/yinying.py rename to py/LunaTranslator/rendertext/textbrowser_imp/yinying.py diff --git a/src/LunaTranslator/rendertext/webview.html b/py/LunaTranslator/rendertext/webview.html similarity index 100% rename from src/LunaTranslator/rendertext/webview.html rename to py/LunaTranslator/rendertext/webview.html diff --git a/src/LunaTranslator/rendertext/webview.py b/py/LunaTranslator/rendertext/webview.py similarity index 100% rename from src/LunaTranslator/rendertext/webview.py rename to py/LunaTranslator/rendertext/webview.py diff --git a/src/LunaTranslator/requests.py b/py/LunaTranslator/requests.py similarity index 100% rename from src/LunaTranslator/requests.py rename to py/LunaTranslator/requests.py diff --git a/src/LunaTranslator/scalemethod/base.py b/py/LunaTranslator/scalemethod/base.py similarity index 100% rename from src/LunaTranslator/scalemethod/base.py rename to py/LunaTranslator/scalemethod/base.py diff --git a/src/LunaTranslator/scalemethod/external_magpie.py b/py/LunaTranslator/scalemethod/external_magpie.py similarity index 100% rename from src/LunaTranslator/scalemethod/external_magpie.py rename to py/LunaTranslator/scalemethod/external_magpie.py diff --git a/src/LunaTranslator/scalemethod/magpie_builtin.py b/py/LunaTranslator/scalemethod/magpie_builtin.py similarity index 100% rename from src/LunaTranslator/scalemethod/magpie_builtin.py rename to py/LunaTranslator/scalemethod/magpie_builtin.py diff --git a/src/LunaTranslator/textoutput/clipboard.py b/py/LunaTranslator/textoutput/clipboard.py similarity index 100% rename from src/LunaTranslator/textoutput/clipboard.py rename to py/LunaTranslator/textoutput/clipboard.py diff --git a/src/LunaTranslator/textoutput/outputerbase.py b/py/LunaTranslator/textoutput/outputerbase.py similarity index 100% rename from src/LunaTranslator/textoutput/outputerbase.py rename to py/LunaTranslator/textoutput/outputerbase.py diff --git a/src/LunaTranslator/textoutput/websocket.py b/py/LunaTranslator/textoutput/websocket.py similarity index 100% rename from src/LunaTranslator/textoutput/websocket.py rename to py/LunaTranslator/textoutput/websocket.py diff --git a/src/LunaTranslator/textsource/copyboard.py b/py/LunaTranslator/textsource/copyboard.py similarity index 100% rename from src/LunaTranslator/textsource/copyboard.py rename to py/LunaTranslator/textsource/copyboard.py diff --git a/src/LunaTranslator/textsource/filetrans.py b/py/LunaTranslator/textsource/filetrans.py similarity index 100% rename from src/LunaTranslator/textsource/filetrans.py rename to py/LunaTranslator/textsource/filetrans.py diff --git a/src/LunaTranslator/textsource/ocrtext.py b/py/LunaTranslator/textsource/ocrtext.py similarity index 100% rename from src/LunaTranslator/textsource/ocrtext.py rename to py/LunaTranslator/textsource/ocrtext.py diff --git a/src/LunaTranslator/textsource/texthook.py b/py/LunaTranslator/textsource/texthook.py similarity index 100% rename from src/LunaTranslator/textsource/texthook.py rename to py/LunaTranslator/textsource/texthook.py diff --git a/src/LunaTranslator/textsource/textsourcebase.py b/py/LunaTranslator/textsource/textsourcebase.py similarity index 100% rename from src/LunaTranslator/textsource/textsourcebase.py rename to py/LunaTranslator/textsource/textsourcebase.py diff --git a/src/LunaTranslator/translator/ModernMt.py b/py/LunaTranslator/translator/ModernMt.py similarity index 100% rename from src/LunaTranslator/translator/ModernMt.py rename to py/LunaTranslator/translator/ModernMt.py diff --git a/src/LunaTranslator/translator/TranslateCom.py b/py/LunaTranslator/translator/TranslateCom.py similarity index 100% rename from src/LunaTranslator/translator/TranslateCom.py rename to py/LunaTranslator/translator/TranslateCom.py diff --git a/src/LunaTranslator/translator/_realtime_edit.py b/py/LunaTranslator/translator/_realtime_edit.py similarity index 100% rename from src/LunaTranslator/translator/_realtime_edit.py rename to py/LunaTranslator/translator/_realtime_edit.py diff --git a/src/LunaTranslator/translator/ali.py b/py/LunaTranslator/translator/ali.py similarity index 100% rename from src/LunaTranslator/translator/ali.py rename to py/LunaTranslator/translator/ali.py diff --git a/src/LunaTranslator/translator/aliyunapi.py b/py/LunaTranslator/translator/aliyunapi.py similarity index 100% rename from src/LunaTranslator/translator/aliyunapi.py rename to py/LunaTranslator/translator/aliyunapi.py diff --git a/src/LunaTranslator/translator/atlas.py b/py/LunaTranslator/translator/atlas.py similarity index 100% rename from src/LunaTranslator/translator/atlas.py rename to py/LunaTranslator/translator/atlas.py diff --git a/src/LunaTranslator/translator/azure.py b/py/LunaTranslator/translator/azure.py similarity index 100% rename from src/LunaTranslator/translator/azure.py rename to py/LunaTranslator/translator/azure.py diff --git a/src/LunaTranslator/translator/baidu.py b/py/LunaTranslator/translator/baidu.py similarity index 100% rename from src/LunaTranslator/translator/baidu.py rename to py/LunaTranslator/translator/baidu.py diff --git a/src/LunaTranslator/translator/baidu_ai.py b/py/LunaTranslator/translator/baidu_ai.py similarity index 100% rename from src/LunaTranslator/translator/baidu_ai.py rename to py/LunaTranslator/translator/baidu_ai.py diff --git a/src/LunaTranslator/translator/baidu_dev.py b/py/LunaTranslator/translator/baidu_dev.py similarity index 100% rename from src/LunaTranslator/translator/baidu_dev.py rename to py/LunaTranslator/translator/baidu_dev.py diff --git a/src/LunaTranslator/translator/baiduapi.py b/py/LunaTranslator/translator/baiduapi.py similarity index 100% rename from src/LunaTranslator/translator/baiduapi.py rename to py/LunaTranslator/translator/baiduapi.py diff --git a/src/LunaTranslator/translator/baiduqianfan.py b/py/LunaTranslator/translator/baiduqianfan.py similarity index 100% rename from src/LunaTranslator/translator/baiduqianfan.py rename to py/LunaTranslator/translator/baiduqianfan.py diff --git a/src/LunaTranslator/translator/basetranslator.py b/py/LunaTranslator/translator/basetranslator.py similarity index 100% rename from src/LunaTranslator/translator/basetranslator.py rename to py/LunaTranslator/translator/basetranslator.py diff --git a/src/LunaTranslator/translator/basetranslator_dev.py b/py/LunaTranslator/translator/basetranslator_dev.py similarity index 100% rename from src/LunaTranslator/translator/basetranslator_dev.py rename to py/LunaTranslator/translator/basetranslator_dev.py diff --git a/src/LunaTranslator/translator/bing.py b/py/LunaTranslator/translator/bing.py similarity index 100% rename from src/LunaTranslator/translator/bing.py rename to py/LunaTranslator/translator/bing.py diff --git a/src/LunaTranslator/translator/bing_dev.py b/py/LunaTranslator/translator/bing_dev.py similarity index 100% rename from src/LunaTranslator/translator/bing_dev.py rename to py/LunaTranslator/translator/bing_dev.py diff --git a/src/LunaTranslator/translator/caiyun.py b/py/LunaTranslator/translator/caiyun.py similarity index 100% rename from src/LunaTranslator/translator/caiyun.py rename to py/LunaTranslator/translator/caiyun.py diff --git a/src/LunaTranslator/translator/caiyunapi.py b/py/LunaTranslator/translator/caiyunapi.py similarity index 100% rename from src/LunaTranslator/translator/caiyunapi.py rename to py/LunaTranslator/translator/caiyunapi.py diff --git a/src/LunaTranslator/translator/chatgpt-3rd-party.py b/py/LunaTranslator/translator/chatgpt-3rd-party.py similarity index 100% rename from src/LunaTranslator/translator/chatgpt-3rd-party.py rename to py/LunaTranslator/translator/chatgpt-3rd-party.py diff --git a/src/LunaTranslator/translator/chatgpt-offline.py b/py/LunaTranslator/translator/chatgpt-offline.py similarity index 100% rename from src/LunaTranslator/translator/chatgpt-offline.py rename to py/LunaTranslator/translator/chatgpt-offline.py diff --git a/src/LunaTranslator/translator/claude.py b/py/LunaTranslator/translator/claude.py similarity index 100% rename from src/LunaTranslator/translator/claude.py rename to py/LunaTranslator/translator/claude.py diff --git a/src/LunaTranslator/translator/cohere.py b/py/LunaTranslator/translator/cohere.py similarity index 100% rename from src/LunaTranslator/translator/cohere.py rename to py/LunaTranslator/translator/cohere.py diff --git a/src/LunaTranslator/translator/commonhookfetchstream.js b/py/LunaTranslator/translator/commonhookfetchstream.js similarity index 100% rename from src/LunaTranslator/translator/commonhookfetchstream.js rename to py/LunaTranslator/translator/commonhookfetchstream.js diff --git a/src/LunaTranslator/translator/commonhookxhrstream.js b/py/LunaTranslator/translator/commonhookxhrstream.js similarity index 100% rename from src/LunaTranslator/translator/commonhookxhrstream.js rename to py/LunaTranslator/translator/commonhookxhrstream.js diff --git a/src/LunaTranslator/translator/deepl.py b/py/LunaTranslator/translator/deepl.py similarity index 100% rename from src/LunaTranslator/translator/deepl.py rename to py/LunaTranslator/translator/deepl.py diff --git a/src/LunaTranslator/translator/deepl_dev.py b/py/LunaTranslator/translator/deepl_dev.py similarity index 100% rename from src/LunaTranslator/translator/deepl_dev.py rename to py/LunaTranslator/translator/deepl_dev.py diff --git a/src/LunaTranslator/translator/deeplapi-free.py b/py/LunaTranslator/translator/deeplapi-free.py similarity index 100% rename from src/LunaTranslator/translator/deeplapi-free.py rename to py/LunaTranslator/translator/deeplapi-free.py diff --git a/src/LunaTranslator/translator/dev_ali.py b/py/LunaTranslator/translator/dev_ali.py similarity index 100% rename from src/LunaTranslator/translator/dev_ali.py rename to py/LunaTranslator/translator/dev_ali.py diff --git a/src/LunaTranslator/translator/dev_caiyun.py b/py/LunaTranslator/translator/dev_caiyun.py similarity index 100% rename from src/LunaTranslator/translator/dev_caiyun.py rename to py/LunaTranslator/translator/dev_caiyun.py diff --git a/src/LunaTranslator/translator/dev_chatglm.py b/py/LunaTranslator/translator/dev_chatglm.py similarity index 100% rename from src/LunaTranslator/translator/dev_chatglm.py rename to py/LunaTranslator/translator/dev_chatglm.py diff --git a/src/LunaTranslator/translator/dev_chatgpt.py b/py/LunaTranslator/translator/dev_chatgpt.py similarity index 100% rename from src/LunaTranslator/translator/dev_chatgpt.py rename to py/LunaTranslator/translator/dev_chatgpt.py diff --git a/src/LunaTranslator/translator/dev_chatgpt_mirror.py b/py/LunaTranslator/translator/dev_chatgpt_mirror.py similarity index 100% rename from src/LunaTranslator/translator/dev_chatgpt_mirror.py rename to py/LunaTranslator/translator/dev_chatgpt_mirror.py diff --git a/src/LunaTranslator/translator/dev_deepseek.py b/py/LunaTranslator/translator/dev_deepseek.py similarity index 100% rename from src/LunaTranslator/translator/dev_deepseek.py rename to py/LunaTranslator/translator/dev_deepseek.py diff --git a/src/LunaTranslator/translator/dev_duckduckgo.py b/py/LunaTranslator/translator/dev_duckduckgo.py similarity index 100% rename from src/LunaTranslator/translator/dev_duckduckgo.py rename to py/LunaTranslator/translator/dev_duckduckgo.py diff --git a/src/LunaTranslator/translator/dev_llm_common.py b/py/LunaTranslator/translator/dev_llm_common.py similarity index 100% rename from src/LunaTranslator/translator/dev_llm_common.py rename to py/LunaTranslator/translator/dev_llm_common.py diff --git a/src/LunaTranslator/translator/dev_moonshot.py b/py/LunaTranslator/translator/dev_moonshot.py similarity index 100% rename from src/LunaTranslator/translator/dev_moonshot.py rename to py/LunaTranslator/translator/dev_moonshot.py diff --git a/src/LunaTranslator/translator/dev_niutrans.py b/py/LunaTranslator/translator/dev_niutrans.py similarity index 100% rename from src/LunaTranslator/translator/dev_niutrans.py rename to py/LunaTranslator/translator/dev_niutrans.py diff --git a/src/LunaTranslator/translator/dev_qwen.py b/py/LunaTranslator/translator/dev_qwen.py similarity index 100% rename from src/LunaTranslator/translator/dev_qwen.py rename to py/LunaTranslator/translator/dev_qwen.py diff --git a/src/LunaTranslator/translator/dev_sogou.py b/py/LunaTranslator/translator/dev_sogou.py similarity index 100% rename from src/LunaTranslator/translator/dev_sogou.py rename to py/LunaTranslator/translator/dev_sogou.py diff --git a/src/LunaTranslator/translator/dev_theb.py b/py/LunaTranslator/translator/dev_theb.py similarity index 100% rename from src/LunaTranslator/translator/dev_theb.py rename to py/LunaTranslator/translator/dev_theb.py diff --git a/src/LunaTranslator/translator/dev_yandex.py b/py/LunaTranslator/translator/dev_yandex.py similarity index 100% rename from src/LunaTranslator/translator/dev_yandex.py rename to py/LunaTranslator/translator/dev_yandex.py diff --git a/src/LunaTranslator/translator/dev_youdao.py b/py/LunaTranslator/translator/dev_youdao.py similarity index 100% rename from src/LunaTranslator/translator/dev_youdao.py rename to py/LunaTranslator/translator/dev_youdao.py diff --git a/src/LunaTranslator/translator/dreye.py b/py/LunaTranslator/translator/dreye.py similarity index 100% rename from src/LunaTranslator/translator/dreye.py rename to py/LunaTranslator/translator/dreye.py diff --git a/src/LunaTranslator/translator/eztrans.py b/py/LunaTranslator/translator/eztrans.py similarity index 100% rename from src/LunaTranslator/translator/eztrans.py rename to py/LunaTranslator/translator/eztrans.py diff --git a/src/LunaTranslator/translator/feishu.py b/py/LunaTranslator/translator/feishu.py similarity index 100% rename from src/LunaTranslator/translator/feishu.py rename to py/LunaTranslator/translator/feishu.py diff --git a/src/LunaTranslator/translator/gemini.py b/py/LunaTranslator/translator/gemini.py similarity index 100% rename from src/LunaTranslator/translator/gemini.py rename to py/LunaTranslator/translator/gemini.py diff --git a/src/LunaTranslator/translator/google.py b/py/LunaTranslator/translator/google.py similarity index 100% rename from src/LunaTranslator/translator/google.py rename to py/LunaTranslator/translator/google.py diff --git a/src/LunaTranslator/translator/google2.py b/py/LunaTranslator/translator/google2.py similarity index 100% rename from src/LunaTranslator/translator/google2.py rename to py/LunaTranslator/translator/google2.py diff --git a/src/LunaTranslator/translator/google_dev.py b/py/LunaTranslator/translator/google_dev.py similarity index 100% rename from src/LunaTranslator/translator/google_dev.py rename to py/LunaTranslator/translator/google_dev.py diff --git a/src/LunaTranslator/translator/googleapi.py b/py/LunaTranslator/translator/googleapi.py similarity index 100% rename from src/LunaTranslator/translator/googleapi.py rename to py/LunaTranslator/translator/googleapi.py diff --git a/src/LunaTranslator/translator/gptcommon.py b/py/LunaTranslator/translator/gptcommon.py similarity index 100% rename from src/LunaTranslator/translator/gptcommon.py rename to py/LunaTranslator/translator/gptcommon.py diff --git a/src/LunaTranslator/translator/hanshant.py b/py/LunaTranslator/translator/hanshant.py similarity index 100% rename from src/LunaTranslator/translator/hanshant.py rename to py/LunaTranslator/translator/hanshant.py diff --git a/src/LunaTranslator/translator/huoshan.py b/py/LunaTranslator/translator/huoshan.py similarity index 100% rename from src/LunaTranslator/translator/huoshan.py rename to py/LunaTranslator/translator/huoshan.py diff --git a/src/LunaTranslator/translator/huoshanapi.py b/py/LunaTranslator/translator/huoshanapi.py similarity index 100% rename from src/LunaTranslator/translator/huoshanapi.py rename to py/LunaTranslator/translator/huoshanapi.py diff --git a/src/LunaTranslator/translator/hwcloud.py b/py/LunaTranslator/translator/hwcloud.py similarity index 100% rename from src/LunaTranslator/translator/hwcloud.py rename to py/LunaTranslator/translator/hwcloud.py diff --git a/src/LunaTranslator/translator/ibm.py b/py/LunaTranslator/translator/ibm.py similarity index 100% rename from src/LunaTranslator/translator/ibm.py rename to py/LunaTranslator/translator/ibm.py diff --git a/src/LunaTranslator/translator/itrans.py b/py/LunaTranslator/translator/itrans.py similarity index 100% rename from src/LunaTranslator/translator/itrans.py rename to py/LunaTranslator/translator/itrans.py diff --git a/src/LunaTranslator/translator/jb7.py b/py/LunaTranslator/translator/jb7.py similarity index 100% rename from src/LunaTranslator/translator/jb7.py rename to py/LunaTranslator/translator/jb7.py diff --git a/src/LunaTranslator/translator/kingsoft.py b/py/LunaTranslator/translator/kingsoft.py similarity index 100% rename from src/LunaTranslator/translator/kingsoft.py rename to py/LunaTranslator/translator/kingsoft.py diff --git a/src/LunaTranslator/translator/lingva.py b/py/LunaTranslator/translator/lingva.py similarity index 100% rename from src/LunaTranslator/translator/lingva.py rename to py/LunaTranslator/translator/lingva.py diff --git a/src/LunaTranslator/translator/microsoft.py b/py/LunaTranslator/translator/microsoft.py similarity index 100% rename from src/LunaTranslator/translator/microsoft.py rename to py/LunaTranslator/translator/microsoft.py diff --git a/src/LunaTranslator/translator/ort_sp.py b/py/LunaTranslator/translator/ort_sp.py similarity index 100% rename from src/LunaTranslator/translator/ort_sp.py rename to py/LunaTranslator/translator/ort_sp.py diff --git a/src/LunaTranslator/translator/papago.py b/py/LunaTranslator/translator/papago.py similarity index 100% rename from src/LunaTranslator/translator/papago.py rename to py/LunaTranslator/translator/papago.py diff --git a/src/LunaTranslator/translator/premt.py b/py/LunaTranslator/translator/premt.py similarity index 100% rename from src/LunaTranslator/translator/premt.py rename to py/LunaTranslator/translator/premt.py diff --git a/src/LunaTranslator/translator/qqTranSmart.py b/py/LunaTranslator/translator/qqTranSmart.py similarity index 100% rename from src/LunaTranslator/translator/qqTranSmart.py rename to py/LunaTranslator/translator/qqTranSmart.py diff --git a/src/LunaTranslator/translator/qqimt.py b/py/LunaTranslator/translator/qqimt.py similarity index 100% rename from src/LunaTranslator/translator/qqimt.py rename to py/LunaTranslator/translator/qqimt.py diff --git a/src/LunaTranslator/translator/rengong.py b/py/LunaTranslator/translator/rengong.py similarity index 100% rename from src/LunaTranslator/translator/rengong.py rename to py/LunaTranslator/translator/rengong.py diff --git a/src/LunaTranslator/translator/reverso.py b/py/LunaTranslator/translator/reverso.py similarity index 100% rename from src/LunaTranslator/translator/reverso.py rename to py/LunaTranslator/translator/reverso.py diff --git a/src/LunaTranslator/translator/reverso_context.py b/py/LunaTranslator/translator/reverso_context.py similarity index 100% rename from src/LunaTranslator/translator/reverso_context.py rename to py/LunaTranslator/translator/reverso_context.py diff --git a/src/LunaTranslator/translator/sakura.py b/py/LunaTranslator/translator/sakura.py similarity index 100% rename from src/LunaTranslator/translator/sakura.py rename to py/LunaTranslator/translator/sakura.py diff --git a/src/LunaTranslator/translator/selfbuild.py b/py/LunaTranslator/translator/selfbuild.py similarity index 100% rename from src/LunaTranslator/translator/selfbuild.py rename to py/LunaTranslator/translator/selfbuild.py diff --git a/src/LunaTranslator/translator/sougou2.py b/py/LunaTranslator/translator/sougou2.py similarity index 100% rename from src/LunaTranslator/translator/sougou2.py rename to py/LunaTranslator/translator/sougou2.py diff --git a/src/LunaTranslator/translator/sugoix.py b/py/LunaTranslator/translator/sugoix.py similarity index 100% rename from src/LunaTranslator/translator/sugoix.py rename to py/LunaTranslator/translator/sugoix.py diff --git a/src/LunaTranslator/translator/tencentapi.py b/py/LunaTranslator/translator/tencentapi.py similarity index 100% rename from src/LunaTranslator/translator/tencentapi.py rename to py/LunaTranslator/translator/tencentapi.py diff --git a/src/LunaTranslator/translator/txhunyuan.py b/py/LunaTranslator/translator/txhunyuan.py similarity index 100% rename from src/LunaTranslator/translator/txhunyuan.py rename to py/LunaTranslator/translator/txhunyuan.py diff --git a/src/LunaTranslator/translator/xiaoniu.py b/py/LunaTranslator/translator/xiaoniu.py similarity index 100% rename from src/LunaTranslator/translator/xiaoniu.py rename to py/LunaTranslator/translator/xiaoniu.py diff --git a/src/LunaTranslator/translator/yandex.py b/py/LunaTranslator/translator/yandex.py similarity index 100% rename from src/LunaTranslator/translator/yandex.py rename to py/LunaTranslator/translator/yandex.py diff --git a/src/LunaTranslator/translator/yandexapi.py b/py/LunaTranslator/translator/yandexapi.py similarity index 100% rename from src/LunaTranslator/translator/yandexapi.py rename to py/LunaTranslator/translator/yandexapi.py diff --git a/src/LunaTranslator/translator/youdao.py b/py/LunaTranslator/translator/youdao.py similarity index 100% rename from src/LunaTranslator/translator/youdao.py rename to py/LunaTranslator/translator/youdao.py diff --git a/src/LunaTranslator/translator/youdao3.py b/py/LunaTranslator/translator/youdao3.py similarity index 100% rename from src/LunaTranslator/translator/youdao3.py rename to py/LunaTranslator/translator/youdao3.py diff --git a/src/LunaTranslator/translator/youdao5.py b/py/LunaTranslator/translator/youdao5.py similarity index 100% rename from src/LunaTranslator/translator/youdao5.py rename to py/LunaTranslator/translator/youdao5.py diff --git a/src/LunaTranslator/translator/youdaoapi.py b/py/LunaTranslator/translator/youdaoapi.py similarity index 100% rename from src/LunaTranslator/translator/youdaoapi.py rename to py/LunaTranslator/translator/youdaoapi.py diff --git a/src/LunaTranslator/translator/youdaodict.py b/py/LunaTranslator/translator/youdaodict.py similarity index 100% rename from src/LunaTranslator/translator/youdaodict.py rename to py/LunaTranslator/translator/youdaodict.py diff --git a/src/LunaTranslator/transoptimi/arabic_reshaper.py b/py/LunaTranslator/transoptimi/arabic_reshaper.py similarity index 100% rename from src/LunaTranslator/transoptimi/arabic_reshaper.py rename to py/LunaTranslator/transoptimi/arabic_reshaper.py diff --git a/src/LunaTranslator/transoptimi/myprocess.py b/py/LunaTranslator/transoptimi/myprocess.py similarity index 100% rename from src/LunaTranslator/transoptimi/myprocess.py rename to py/LunaTranslator/transoptimi/myprocess.py diff --git a/src/LunaTranslator/transoptimi/noundict.py b/py/LunaTranslator/transoptimi/noundict.py similarity index 100% rename from src/LunaTranslator/transoptimi/noundict.py rename to py/LunaTranslator/transoptimi/noundict.py diff --git a/src/LunaTranslator/transoptimi/transerrorfix.py b/py/LunaTranslator/transoptimi/transerrorfix.py similarity index 100% rename from src/LunaTranslator/transoptimi/transerrorfix.py rename to py/LunaTranslator/transoptimi/transerrorfix.py diff --git a/src/LunaTranslator/transoptimi/vndbnamemap.py b/py/LunaTranslator/transoptimi/vndbnamemap.py similarity index 100% rename from src/LunaTranslator/transoptimi/vndbnamemap.py rename to py/LunaTranslator/transoptimi/vndbnamemap.py diff --git a/src/LunaTranslator/tts/NeoSpeech.py b/py/LunaTranslator/tts/NeoSpeech.py similarity index 100% rename from src/LunaTranslator/tts/NeoSpeech.py rename to py/LunaTranslator/tts/NeoSpeech.py diff --git a/src/LunaTranslator/tts/basettsclass.py b/py/LunaTranslator/tts/basettsclass.py similarity index 100% rename from src/LunaTranslator/tts/basettsclass.py rename to py/LunaTranslator/tts/basettsclass.py diff --git a/src/LunaTranslator/tts/edgetts.py b/py/LunaTranslator/tts/edgetts.py similarity index 100% rename from src/LunaTranslator/tts/edgetts.py rename to py/LunaTranslator/tts/edgetts.py diff --git a/src/LunaTranslator/tts/gtts.py b/py/LunaTranslator/tts/gtts.py similarity index 100% rename from src/LunaTranslator/tts/gtts.py rename to py/LunaTranslator/tts/gtts.py diff --git a/src/LunaTranslator/tts/huoshantts.py b/py/LunaTranslator/tts/huoshantts.py similarity index 100% rename from src/LunaTranslator/tts/huoshantts.py rename to py/LunaTranslator/tts/huoshantts.py diff --git a/src/LunaTranslator/tts/vitsSimpleAPI.py b/py/LunaTranslator/tts/vitsSimpleAPI.py similarity index 100% rename from src/LunaTranslator/tts/vitsSimpleAPI.py rename to py/LunaTranslator/tts/vitsSimpleAPI.py diff --git a/src/LunaTranslator/tts/voiceroid2.py b/py/LunaTranslator/tts/voiceroid2.py similarity index 100% rename from src/LunaTranslator/tts/voiceroid2.py rename to py/LunaTranslator/tts/voiceroid2.py diff --git a/src/LunaTranslator/tts/voicevox.py b/py/LunaTranslator/tts/voicevox.py similarity index 100% rename from src/LunaTranslator/tts/voicevox.py rename to py/LunaTranslator/tts/voicevox.py diff --git a/src/LunaTranslator/tts/windowstts.py b/py/LunaTranslator/tts/windowstts.py similarity index 100% rename from src/LunaTranslator/tts/windowstts.py rename to py/LunaTranslator/tts/windowstts.py diff --git a/src/LunaTranslator/tts/youdaotts.py b/py/LunaTranslator/tts/youdaotts.py similarity index 100% rename from src/LunaTranslator/tts/youdaotts.py rename to py/LunaTranslator/tts/youdaotts.py diff --git a/src/LunaTranslator/websocket.py b/py/LunaTranslator/websocket.py similarity index 100% rename from src/LunaTranslator/websocket.py rename to py/LunaTranslator/websocket.py diff --git a/src/LunaTranslator/windows.py b/py/LunaTranslator/windows.py similarity index 100% rename from src/LunaTranslator/windows.py rename to py/LunaTranslator/windows.py diff --git a/src/LunaTranslator/winrtutils.py b/py/LunaTranslator/winrtutils.py similarity index 100% rename from src/LunaTranslator/winrtutils.py rename to py/LunaTranslator/winrtutils.py diff --git a/src/LunaTranslator/winsharedutils.py b/py/LunaTranslator/winsharedutils.py similarity index 100% rename from src/LunaTranslator/winsharedutils.py rename to py/LunaTranslator/winsharedutils.py diff --git a/src/LunaTranslator/zhconv.py b/py/LunaTranslator/zhconv.py similarity index 100% rename from src/LunaTranslator/zhconv.py rename to py/LunaTranslator/zhconv.py diff --git a/src/build.py b/py/build.py similarity index 89% rename from src/build.py rename to py/build.py index a03c356f..e8456a5b 100644 --- a/src/build.py +++ b/py/build.py @@ -11,7 +11,7 @@ else: rootDir = os.path.abspath(rootDir) if sys.argv[1] == "loadversion": os.chdir(rootDir) - with open("plugins/CMakeLists.txt", "r", encoding="utf8") as ff: + with open("../cpp/version/version.cmake", "r", encoding="utf8") as ff: pattern = r"set\(VERSION_MAJOR\s*(\d+)\s*\)\nset\(VERSION_MINOR\s*(\d+)\s*\)\nset\(VERSION_PATCH\s*(\d+)\s*\)" match = re.findall(pattern, ff.read())[0] version_major, version_minor, version_patch = match @@ -24,7 +24,6 @@ print(__file__) print(rootDir) mylinks = { - "LunaHook": "https://github.com/HIllya51/LunaHook/releases/latest/download/Release_English.zip", "ocr_models": { "ja.zip": "https://github.com/test123456654321/RESOURCES/releases/download/ocr_models/ja.zip", }, @@ -34,7 +33,7 @@ mylinks = { } -pluginDirs = ["DLL32", "DLL64", "Locale_Remulator", "LunaHook", "Magpie", "NTLEAS"] +pluginDirs = ["DLL32", "DLL64", "Locale_Remulator", "Magpie", "NTLEAS"] vcltlFile = "https://github.com/Chuyu-Team/VC-LTL5/releases/download/v5.0.9/VC-LTL-5.0.9-Binary.7z" @@ -192,33 +191,8 @@ def get_url_as_json(url): except: time.sleep(3) - -def downLunaHook(): - - os.chdir(rootDir + "\\temp") - LunaHook_latest = mylinks["LunaHook"] - subprocess.run(f"curl -LO {LunaHook_latest}") - subprocess.run(f"7z x {LunaHook_latest.split('/')[-1]}") - shutil.move( - "Release_English/LunaHook32.dll", - f"{rootDir}/files/plugins/LunaHook", - ) - shutil.move( - "Release_English/LunaHost32.dll", - f"{rootDir}/files/plugins/LunaHook", - ) - shutil.move( - "Release_English/LunaHook64.dll", - f"{rootDir}/files/plugins/LunaHook", - ) - shutil.move( - "Release_English/LunaHost64.dll", - f"{rootDir}/files/plugins/LunaHook", - ) - - def buildPlugins(arch): - os.chdir(rootDir + "\\plugins\\scripts") + os.chdir(rootDir + "\\..\\cpp\\scripts") subprocess.run("python fetchwebview2.py") if arch == "x86": subprocess.run( @@ -295,19 +269,28 @@ if __name__ == "__main__": downloadOCRModel() downloadcommon() downloadbass() - downLunaHook() os.chdir(rootDir) shutil.copytree( - f"{rootDir}/../build/cpp_x86", - f"{rootDir}/plugins/builds", + f"{rootDir}/../build/hook_64", + f"{rootDir}/files/plugins/LunaHook", + dirs_exist_ok=True, + ) + shutil.copytree( + f"{rootDir}/../build/hook_32", + f"{rootDir}/files/plugins/LunaHook", dirs_exist_ok=True, ) shutil.copytree( f"{rootDir}/../build/cpp_x64", - f"{rootDir}/plugins/builds", + f"{rootDir}/../cpp/builds", dirs_exist_ok=True, ) - os.chdir(rootDir + "\\plugins\\scripts") + shutil.copytree( + f"{rootDir}/../build/cpp_x86", + f"{rootDir}/../cpp/builds", + dirs_exist_ok=True, + ) + os.chdir(rootDir + "/../cpp/scripts") subprocess.run(f"python copytarget.py 1") subprocess.run(f"python copytarget.py 0") diff --git a/src/collectall.py b/py/collectall.py similarity index 97% rename from src/collectall.py rename to py/collectall.py index 05b668aa..0a3d2b24 100644 --- a/src/collectall.py +++ b/py/collectall.py @@ -6,12 +6,12 @@ from importanalysis import importanalysis x86 = platform.architecture()[0] == "32bit" if sys.argv[1] == "32": targetdir = r"build\LunaTranslator_x86" - launch = r"plugins\builds\_x86" + launch = r"..\cpp\builds\_x86" baddll = "DLL64" pyrt = "../build/pyrt_x86/runtime" else: baddll = "DLL32" - launch = r"plugins\builds\_x64" + launch = r"..\cpp\builds\_x64" targetdir = r"build\LunaTranslator" pyrt = "../build/pyrt_x64/runtime" diff --git a/src/collectpyruntime.py b/py/collectpyruntime.py similarity index 100% rename from src/collectpyruntime.py rename to py/collectpyruntime.py diff --git a/src/files/anki/back.html b/py/files/anki/back.html similarity index 100% rename from src/files/anki/back.html rename to py/files/anki/back.html diff --git a/src/files/anki/front.html b/py/files/anki/front.html similarity index 100% rename from src/files/anki/front.html rename to py/files/anki/front.html diff --git a/src/files/anki/style.css b/py/files/anki/style.css similarity index 100% rename from src/files/anki/style.css rename to py/files/anki/style.css diff --git a/src/files/defaultconfig/config.json b/py/files/defaultconfig/config.json similarity index 100% rename from src/files/defaultconfig/config.json rename to py/files/defaultconfig/config.json diff --git a/src/files/defaultconfig/magpie_config.json b/py/files/defaultconfig/magpie_config.json similarity index 100% rename from src/files/defaultconfig/magpie_config.json rename to py/files/defaultconfig/magpie_config.json diff --git a/src/files/defaultconfig/ocrerrorfix.json b/py/files/defaultconfig/ocrerrorfix.json similarity index 100% rename from src/files/defaultconfig/ocrerrorfix.json rename to py/files/defaultconfig/ocrerrorfix.json diff --git a/src/files/defaultconfig/ocrsetting.json b/py/files/defaultconfig/ocrsetting.json similarity index 100% rename from src/files/defaultconfig/ocrsetting.json rename to py/files/defaultconfig/ocrsetting.json diff --git a/src/files/defaultconfig/postprocessconfig.json b/py/files/defaultconfig/postprocessconfig.json similarity index 100% rename from src/files/defaultconfig/postprocessconfig.json rename to py/files/defaultconfig/postprocessconfig.json diff --git a/src/files/defaultconfig/static_data.json b/py/files/defaultconfig/static_data.json similarity index 100% rename from src/files/defaultconfig/static_data.json rename to py/files/defaultconfig/static_data.json diff --git a/src/files/defaultconfig/transerrorfixdictconfig.json b/py/files/defaultconfig/transerrorfixdictconfig.json similarity index 100% rename from src/files/defaultconfig/transerrorfixdictconfig.json rename to py/files/defaultconfig/transerrorfixdictconfig.json diff --git a/src/files/defaultconfig/translatorsetting.json b/py/files/defaultconfig/translatorsetting.json similarity index 100% rename from src/files/defaultconfig/translatorsetting.json rename to py/files/defaultconfig/translatorsetting.json diff --git a/src/files/fonts/fontawesome4.7-webfont-charmap.json b/py/files/fonts/fontawesome4.7-webfont-charmap.json similarity index 100% rename from src/files/fonts/fontawesome4.7-webfont-charmap.json rename to py/files/fonts/fontawesome4.7-webfont-charmap.json diff --git a/src/files/fonts/fontawesome4.7-webfont.ttf b/py/files/fonts/fontawesome4.7-webfont.ttf similarity index 100% rename from src/files/fonts/fontawesome4.7-webfont.ttf rename to py/files/fonts/fontawesome4.7-webfont.ttf diff --git a/src/files/lang/ar.json b/py/files/lang/ar.json similarity index 100% rename from src/files/lang/ar.json rename to py/files/lang/ar.json diff --git a/src/files/lang/cht.json b/py/files/lang/cht.json similarity index 100% rename from src/files/lang/cht.json rename to py/files/lang/cht.json diff --git a/src/files/lang/cs.json b/py/files/lang/cs.json similarity index 100% rename from src/files/lang/cs.json rename to py/files/lang/cs.json diff --git a/src/files/lang/de.json b/py/files/lang/de.json similarity index 100% rename from src/files/lang/de.json rename to py/files/lang/de.json diff --git a/src/files/lang/en.json b/py/files/lang/en.json similarity index 100% rename from src/files/lang/en.json rename to py/files/lang/en.json diff --git a/src/files/lang/es.json b/py/files/lang/es.json similarity index 100% rename from src/files/lang/es.json rename to py/files/lang/es.json diff --git a/src/files/lang/fr.json b/py/files/lang/fr.json similarity index 100% rename from src/files/lang/fr.json rename to py/files/lang/fr.json diff --git a/src/files/lang/it.json b/py/files/lang/it.json similarity index 100% rename from src/files/lang/it.json rename to py/files/lang/it.json diff --git a/src/files/lang/ja.json b/py/files/lang/ja.json similarity index 100% rename from src/files/lang/ja.json rename to py/files/lang/ja.json diff --git a/src/files/lang/ko.json b/py/files/lang/ko.json similarity index 100% rename from src/files/lang/ko.json rename to py/files/lang/ko.json diff --git a/src/files/lang/nl.json b/py/files/lang/nl.json similarity index 100% rename from src/files/lang/nl.json rename to py/files/lang/nl.json diff --git a/src/files/lang/pl.json b/py/files/lang/pl.json similarity index 100% rename from src/files/lang/pl.json rename to py/files/lang/pl.json diff --git a/src/files/lang/pt.json b/py/files/lang/pt.json similarity index 100% rename from src/files/lang/pt.json rename to py/files/lang/pt.json diff --git a/src/files/lang/ru.json b/py/files/lang/ru.json similarity index 100% rename from src/files/lang/ru.json rename to py/files/lang/ru.json diff --git a/src/files/lang/sv.json b/py/files/lang/sv.json similarity index 100% rename from src/files/lang/sv.json rename to py/files/lang/sv.json diff --git a/src/files/lang/th.json b/py/files/lang/th.json similarity index 100% rename from src/files/lang/th.json rename to py/files/lang/th.json diff --git a/src/files/lang/tr.json b/py/files/lang/tr.json similarity index 100% rename from src/files/lang/tr.json rename to py/files/lang/tr.json diff --git a/src/files/lang/uk.json b/py/files/lang/uk.json similarity index 100% rename from src/files/lang/uk.json rename to py/files/lang/uk.json diff --git a/src/files/lang/vi.json b/py/files/lang/vi.json similarity index 100% rename from src/files/lang/vi.json rename to py/files/lang/vi.json diff --git a/src/files/lang/zh.json b/py/files/lang/zh.json similarity index 100% rename from src/files/lang/zh.json rename to py/files/lang/zh.json diff --git a/py/files/themes/.keepdir b/py/files/themes/.keepdir new file mode 100644 index 00000000..e69de29b diff --git a/src/files/zan.jpg b/py/files/zan.jpg similarity index 100% rename from src/files/zan.jpg rename to py/files/zan.jpg diff --git a/src/files/zhconv/zhcdict.json b/py/files/zhconv/zhcdict.json similarity index 100% rename from src/files/zhconv/zhcdict.json rename to py/files/zhconv/zhcdict.json diff --git a/src/importanalysis.py b/py/importanalysis.py similarity index 100% rename from src/importanalysis.py rename to py/importanalysis.py diff --git a/src/requirements.txt b/py/requirements.txt similarity index 100% rename from src/requirements.txt rename to py/requirements.txt diff --git a/src/requirements_qt6.txt b/py/requirements_qt6.txt similarity index 100% rename from src/requirements_qt6.txt rename to py/requirements_qt6.txt diff --git a/src/run.bat b/py/run.bat similarity index 100% rename from src/run.bat rename to py/run.bat diff --git a/src/trans_lang.py b/py/trans_lang.py similarity index 100% rename from src/trans_lang.py rename to py/trans_lang.py diff --git a/src/plugins/scripts/copytarget.py b/src/plugins/scripts/copytarget.py deleted file mode 100644 index af9ac301..00000000 --- a/src/plugins/scripts/copytarget.py +++ /dev/null @@ -1,15 +0,0 @@ -import shutil,sys -x86=int(sys.argv[1]) -if x86: - shutil.copy('../builds/_x86/shareddllproxy32.exe','../../files/plugins') - shutil.copy('../builds/_x86/winrtutils32.dll','../../files/plugins/DLL32') - shutil.copy('../builds/_x86/winsharedutils32.dll','../../files/plugins/DLL32') - shutil.copy('../builds/_x86/wcocr.dll','../../files/plugins/DLL32') - shutil.copy('../builds/_x86/LunaOCR32.dll','../../files/plugins/DLL32') -else: - shutil.copy('../builds/_x64/shareddllproxy64.exe','../../files/plugins') - shutil.copy('../builds/_x64/hookmagpie.dll','../../files/plugins') - shutil.copy('../builds/_x64/winrtutils64.dll','../../files/plugins/DLL64') - shutil.copy('../builds/_x64/winsharedutils64.dll','../../files/plugins/DLL64') - shutil.copy('../builds/_x64/wcocr.dll','../../files/plugins/DLL64') - shutil.copy('../builds/_x64/LunaOCR64.dll','../../files/plugins/DLL64')