mirror of
https://github.com/Artikash/Textractor.git
synced 2024-12-23 08:54:12 +08:00
auto search relevant modules
This commit is contained in:
parent
0ace753199
commit
a8202893e3
@ -530,15 +530,13 @@ void MainWindow::FindHooks()
|
||||
try
|
||||
{
|
||||
Host::FindHooks(processId, sp,
|
||||
[=](HookParam hp, std::wstring text) { if (std::regex_search(text, filter)) *hooks << sanitize(S(Util::GenerateCode(hp) + L" => " + text)); });
|
||||
[hooks, filter](HookParam hp, std::wstring text) { if (std::regex_search(text, filter)) *hooks << sanitize(S(Util::GenerateCode(hp) + L" => " + text)); });
|
||||
}
|
||||
catch (std::out_of_range) { return; }
|
||||
std::thread([this, hooks]
|
||||
{
|
||||
DWORD64 cleanupTime = GetTickCount64() + 500'000;
|
||||
for (int lastSize = 0; hooks->size() == 0 || hooks->size() != lastSize; Sleep(2000))
|
||||
if (GetTickCount64() > cleanupTime) return;
|
||||
else lastSize = hooks->size();
|
||||
lastSize = hooks->size();
|
||||
|
||||
QString saveFileName;
|
||||
QMetaObject::invokeMethod(this, [&]
|
||||
|
@ -10328,6 +10328,18 @@ void SpecialHookV8String(DWORD dwDatabase, HookParam* hp, BYTE, DWORD* data, DWO
|
||||
|
||||
bool InsertV8Hook(HMODULE module)
|
||||
{
|
||||
auto [minAddress, maxAddress] = Util::QueryModuleLimits(module);
|
||||
for (const auto& pattern : Array<const BYTE[3]>{ { 0x55, 0x8b, 0xec }, { 0x55, 0x89, 0xe5 } })
|
||||
{
|
||||
int matches = Util::SearchMemory(pattern, sizeof(pattern), PAGE_EXECUTE, minAddress, maxAddress).size(), requiredRecords = matches * 20;
|
||||
if (matches > 10'000 && requiredRecords > spDefault.maxRecords)
|
||||
{
|
||||
memcpy(spDefault.pattern, pattern, spDefault.length = sizeof(pattern));
|
||||
spDefault.maxRecords = requiredRecords;
|
||||
}
|
||||
}
|
||||
std::tie(spDefault.minAddress, spDefault.maxAddress) = std::tuple{ minAddress, maxAddress };
|
||||
ConsoleOutput("Textractor: JavaScript hook is known to be low quality: try searching for hooks if you don't like it");
|
||||
HookParam hp = {};
|
||||
hp.address = (DWORD)GetProcAddress(module, "?Write@String@v8@@QBEHPAGHHH@Z");
|
||||
hp.offset = pusha_ecx_off - 4;
|
||||
@ -15152,6 +15164,7 @@ void SpecialHookLightvn(DWORD, HookParam*, BYTE, DWORD* data, DWORD* split, DWOR
|
||||
|
||||
bool InsertLightvnHook()
|
||||
{
|
||||
wcscpy_s(spDefault.boundaryModule, L"Engine.dll");
|
||||
// This hooking method also has decent results, but hooking OutputDebugString seems better
|
||||
const BYTE bytes[] = { 0x8d, 0x55, 0xfe, 0x52 };
|
||||
for (auto addr : Util::SearchMemory(bytes, sizeof(bytes), PAGE_EXECUTE_READ, (uintptr_t)GetModuleHandleW(L"Engine.dll")))
|
||||
@ -16359,6 +16372,7 @@ bool InsertAdobeAirHook()
|
||||
*/
|
||||
bool InsertAIRNovelHook()
|
||||
{
|
||||
wcscpy_s(spDefault.boundaryModule, L"Adobe AIR.dll");
|
||||
if (DWORD FREGetObjectAsUTF8 = (DWORD)GetProcAddress(GetModuleHandleW(L"Adobe AIR.dll"), "FREGetObjectAsUTF8"))
|
||||
{
|
||||
DWORD func = FREGetObjectAsUTF8 + 0x5a + 5 + *(int*)(FREGetObjectAsUTF8 + 0x5b);
|
||||
|
@ -65,7 +65,7 @@ bool DeterminePCEngine()
|
||||
else for (int i = 0; i < 50; ++i)
|
||||
if (HMODULE module = GetModuleHandleW((DXVersion + L"_" + std::to_wstring(i)).c_str())) PcHooks::hookD3DXFunctions(module);
|
||||
|
||||
for (HMODULE module : Array<HMODULE>{ (HMODULE)processStartAddress, GetModuleHandleW(L"node.dll"), GetModuleHandleW(L"nw.dll") })
|
||||
for (HMODULE module : { (HMODULE)processStartAddress, GetModuleHandleW(L"node.dll"), GetModuleHandleW(L"nw.dll") })
|
||||
if (GetProcAddress(module, "?Write@String@v8@@QBEHPAGHHH@Z")) return InsertV8Hook(module);
|
||||
|
||||
if (InsertMonoHooks()) {
|
||||
|
@ -82,7 +82,7 @@ namespace Engine
|
||||
if (!domain) goto failed;
|
||||
const BYTE prolog1[] = { 0x55, 0x48, 0x8b, 0xec };
|
||||
const BYTE prolog2[] = { 0x48, 0x83, 0xec };
|
||||
for (auto [prolog, size] : Array<std::tuple<const BYTE*, size_t>>{ { prolog1, sizeof(prolog1) }, { prolog2, sizeof(prolog2) } })
|
||||
for (auto [prolog, size] : Array<const BYTE*, size_t>{ { prolog1, sizeof(prolog1) }, { prolog2, sizeof(prolog2) } })
|
||||
for (auto addr : Util::SearchMemory(prolog, size, PAGE_EXECUTE_READWRITE))
|
||||
{
|
||||
[](uint64_t addr)
|
||||
@ -127,6 +127,9 @@ namespace Engine
|
||||
{
|
||||
if (uint64_t addr = (uint64_t)GetProcAddress(module, "?Write@String@v8@@QEBAHPEAGHHH@Z"))
|
||||
{
|
||||
std::tie(spDefault.minAddress, spDefault.maxAddress) = Util::QueryModuleLimits(module);
|
||||
spDefault.maxRecords = Util::SearchMemory(spDefault.pattern, spDefault.length, PAGE_EXECUTE, spDefault.minAddress, spDefault.maxAddress).size() * 20;
|
||||
ConsoleOutput("Textractor: JavaScript hook is known to be low quality: try searching for hooks if you don't like it");
|
||||
HookParam hp = {};
|
||||
hp.type = USING_STRING | USING_UNICODE | DATA_INDIRECT;
|
||||
hp.address = addr;
|
||||
|
Loading…
x
Reference in New Issue
Block a user