From a8202893e32b2e30773ceb1f063727634d6248e3 Mon Sep 17 00:00:00 2001 From: Akash Mozumdar Date: Sun, 19 Jan 2020 04:15:02 -0700 Subject: [PATCH] auto search relevant modules --- GUI/mainwindow.cpp | 6 ++---- texthook/engine/engine.cc | 14 ++++++++++++++ texthook/engine/match32.cc | 2 +- texthook/engine/match64.cc | 5 ++++- 4 files changed, 21 insertions(+), 6 deletions(-) diff --git a/GUI/mainwindow.cpp b/GUI/mainwindow.cpp index 5f2c689..feae23f 100644 --- a/GUI/mainwindow.cpp +++ b/GUI/mainwindow.cpp @@ -530,15 +530,13 @@ void MainWindow::FindHooks() try { Host::FindHooks(processId, sp, - [=](HookParam hp, std::wstring text) { if (std::regex_search(text, filter)) *hooks << sanitize(S(Util::GenerateCode(hp) + L" => " + text)); }); + [hooks, filter](HookParam hp, std::wstring text) { if (std::regex_search(text, filter)) *hooks << sanitize(S(Util::GenerateCode(hp) + L" => " + text)); }); } catch (std::out_of_range) { return; } std::thread([this, hooks] { - DWORD64 cleanupTime = GetTickCount64() + 500'000; for (int lastSize = 0; hooks->size() == 0 || hooks->size() != lastSize; Sleep(2000)) - if (GetTickCount64() > cleanupTime) return; - else lastSize = hooks->size(); + lastSize = hooks->size(); QString saveFileName; QMetaObject::invokeMethod(this, [&] diff --git a/texthook/engine/engine.cc b/texthook/engine/engine.cc index a4ef96d..081dc80 100644 --- a/texthook/engine/engine.cc +++ b/texthook/engine/engine.cc @@ -10328,6 +10328,18 @@ void SpecialHookV8String(DWORD dwDatabase, HookParam* hp, BYTE, DWORD* data, DWO bool InsertV8Hook(HMODULE module) { + auto [minAddress, maxAddress] = Util::QueryModuleLimits(module); + for (const auto& pattern : Array{ { 0x55, 0x8b, 0xec }, { 0x55, 0x89, 0xe5 } }) + { + int matches = Util::SearchMemory(pattern, sizeof(pattern), PAGE_EXECUTE, minAddress, maxAddress).size(), requiredRecords = matches * 20; + if (matches > 10'000 && requiredRecords > spDefault.maxRecords) + { + memcpy(spDefault.pattern, pattern, spDefault.length = sizeof(pattern)); + spDefault.maxRecords = requiredRecords; + } + } + std::tie(spDefault.minAddress, spDefault.maxAddress) = std::tuple{ minAddress, maxAddress }; + ConsoleOutput("Textractor: JavaScript hook is known to be low quality: try searching for hooks if you don't like it"); HookParam hp = {}; hp.address = (DWORD)GetProcAddress(module, "?Write@String@v8@@QBEHPAGHHH@Z"); hp.offset = pusha_ecx_off - 4; @@ -15152,6 +15164,7 @@ void SpecialHookLightvn(DWORD, HookParam*, BYTE, DWORD* data, DWORD* split, DWOR bool InsertLightvnHook() { + wcscpy_s(spDefault.boundaryModule, L"Engine.dll"); // This hooking method also has decent results, but hooking OutputDebugString seems better const BYTE bytes[] = { 0x8d, 0x55, 0xfe, 0x52 }; for (auto addr : Util::SearchMemory(bytes, sizeof(bytes), PAGE_EXECUTE_READ, (uintptr_t)GetModuleHandleW(L"Engine.dll"))) @@ -16359,6 +16372,7 @@ bool InsertAdobeAirHook() */ bool InsertAIRNovelHook() { + wcscpy_s(spDefault.boundaryModule, L"Adobe AIR.dll"); if (DWORD FREGetObjectAsUTF8 = (DWORD)GetProcAddress(GetModuleHandleW(L"Adobe AIR.dll"), "FREGetObjectAsUTF8")) { DWORD func = FREGetObjectAsUTF8 + 0x5a + 5 + *(int*)(FREGetObjectAsUTF8 + 0x5b); diff --git a/texthook/engine/match32.cc b/texthook/engine/match32.cc index d350d9d..dc8c9ed 100644 --- a/texthook/engine/match32.cc +++ b/texthook/engine/match32.cc @@ -65,7 +65,7 @@ bool DeterminePCEngine() else for (int i = 0; i < 50; ++i) if (HMODULE module = GetModuleHandleW((DXVersion + L"_" + std::to_wstring(i)).c_str())) PcHooks::hookD3DXFunctions(module); - for (HMODULE module : Array{ (HMODULE)processStartAddress, GetModuleHandleW(L"node.dll"), GetModuleHandleW(L"nw.dll") }) + for (HMODULE module : { (HMODULE)processStartAddress, GetModuleHandleW(L"node.dll"), GetModuleHandleW(L"nw.dll") }) if (GetProcAddress(module, "?Write@String@v8@@QBEHPAGHHH@Z")) return InsertV8Hook(module); if (InsertMonoHooks()) { diff --git a/texthook/engine/match64.cc b/texthook/engine/match64.cc index a68ea62..cd76817 100644 --- a/texthook/engine/match64.cc +++ b/texthook/engine/match64.cc @@ -82,7 +82,7 @@ namespace Engine if (!domain) goto failed; const BYTE prolog1[] = { 0x55, 0x48, 0x8b, 0xec }; const BYTE prolog2[] = { 0x48, 0x83, 0xec }; - for (auto [prolog, size] : Array>{ { prolog1, sizeof(prolog1) }, { prolog2, sizeof(prolog2) } }) + for (auto [prolog, size] : Array{ { prolog1, sizeof(prolog1) }, { prolog2, sizeof(prolog2) } }) for (auto addr : Util::SearchMemory(prolog, size, PAGE_EXECUTE_READWRITE)) { [](uint64_t addr) @@ -127,6 +127,9 @@ namespace Engine { if (uint64_t addr = (uint64_t)GetProcAddress(module, "?Write@String@v8@@QEBAHPEAGHHH@Z")) { + std::tie(spDefault.minAddress, spDefault.maxAddress) = Util::QueryModuleLimits(module); + spDefault.maxRecords = Util::SearchMemory(spDefault.pattern, spDefault.length, PAGE_EXECUTE, spDefault.minAddress, spDefault.maxAddress).size() * 20; + ConsoleOutput("Textractor: JavaScript hook is known to be low quality: try searching for hooks if you don't like it"); HookParam hp = {}; hp.type = USING_STRING | USING_UNICODE | DATA_INDIRECT; hp.address = addr;