Public-Mirror/Textractor
1
0
Fork 1
mirror of https://github.com/Artikash/Textractor.git synced 2024-12-24 01:14:12 +08:00
Code Issues Projects Releases Wiki Activity

auto search relevant modules

Browse Source
This commit is contained in:
Akash Mozumdar 2020-01-19 04:15:02 -07:00
parent 0ace753199
commit a8202893e3
4 changed files with 21 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
GUI/mainwindow.cpp
View File

@ -530,15 +530,13 @@ void MainWindow::FindHooks()
try try
{ {
Host::FindHooks(processId, sp, Host::FindHooks(processId, sp,
[=](HookParam hp, std::wstring text) { if (std::regex_search(text, filter)) *hooks << sanitize(S(Util::GenerateCode(hp) + L" => " + text)); }); [hooks, filter](HookParam hp, std::wstring text) { if (std::regex_search(text, filter)) *hooks << sanitize(S(Util::GenerateCode(hp) + L" => " + text)); });
} }
catch (std::out_of_range) { return; } catch (std::out_of_range) { return; }
std::thread([this, hooks] std::thread([this, hooks]
{ {
DWORD64 cleanupTime = GetTickCount64() + 500'000;
for (int lastSize = 0; hooks->size() == 0 || hooks->size() != lastSize; Sleep(2000)) for (int lastSize = 0; hooks->size() == 0 || hooks->size() != lastSize; Sleep(2000))
if (GetTickCount64() > cleanupTime) return; lastSize = hooks->size();
else lastSize = hooks->size();
QString saveFileName; QString saveFileName;
QMetaObject::invokeMethod(this, [&] QMetaObject::invokeMethod(this, [&]

14
texthook/engine/engine.cc
View File

@ -10328,6 +10328,18 @@ void SpecialHookV8String(DWORD dwDatabase, HookParam* hp, BYTE, DWORD* data, DWO
bool InsertV8Hook(HMODULE module) bool InsertV8Hook(HMODULE module)
{ {
auto [minAddress, maxAddress] = Util::QueryModuleLimits(module);
for (const auto& pattern : Array<const BYTE[3]>{ { 0x55, 0x8b, 0xec }, { 0x55, 0x89, 0xe5 } })
{
int matches = Util::SearchMemory(pattern, sizeof(pattern), PAGE_EXECUTE, minAddress, maxAddress).size(), requiredRecords = matches * 20;
if (matches > 10'000 && requiredRecords > spDefault.maxRecords)
{
memcpy(spDefault.pattern, pattern, spDefault.length = sizeof(pattern));
spDefault.maxRecords = requiredRecords;
}
}
std::tie(spDefault.minAddress, spDefault.maxAddress) = std::tuple{ minAddress, maxAddress };
ConsoleOutput("Textractor: JavaScript hook is known to be low quality: try searching for hooks if you don't like it");
HookParam hp = {}; HookParam hp = {};
hp.address = (DWORD)GetProcAddress(module, "?Write@String@v8@@QBEHPAGHHH@Z"); hp.address = (DWORD)GetProcAddress(module, "?Write@String@v8@@QBEHPAGHHH@Z");
hp.offset = pusha_ecx_off - 4; hp.offset = pusha_ecx_off - 4;
@ -15152,6 +15164,7 @@ void SpecialHookLightvn(DWORD, HookParam*, BYTE, DWORD* data, DWORD* split, DWOR
bool InsertLightvnHook() bool InsertLightvnHook()
{ {
wcscpy_s(spDefault.boundaryModule, L"Engine.dll");
// This hooking method also has decent results, but hooking OutputDebugString seems better // This hooking method also has decent results, but hooking OutputDebugString seems better
const BYTE bytes[] = { 0x8d, 0x55, 0xfe, 0x52 }; const BYTE bytes[] = { 0x8d, 0x55, 0xfe, 0x52 };
for (auto addr : Util::SearchMemory(bytes, sizeof(bytes), PAGE_EXECUTE_READ, (uintptr_t)GetModuleHandleW(L"Engine.dll"))) for (auto addr : Util::SearchMemory(bytes, sizeof(bytes), PAGE_EXECUTE_READ, (uintptr_t)GetModuleHandleW(L"Engine.dll")))
@ -16359,6 +16372,7 @@ bool InsertAdobeAirHook()
*/ */
bool InsertAIRNovelHook() bool InsertAIRNovelHook()
{ {
wcscpy_s(spDefault.boundaryModule, L"Adobe AIR.dll");
if (DWORD FREGetObjectAsUTF8 = (DWORD)GetProcAddress(GetModuleHandleW(L"Adobe AIR.dll"), "FREGetObjectAsUTF8")) if (DWORD FREGetObjectAsUTF8 = (DWORD)GetProcAddress(GetModuleHandleW(L"Adobe AIR.dll"), "FREGetObjectAsUTF8"))
{ {
DWORD func = FREGetObjectAsUTF8 + 0x5a + 5 + *(int*)(FREGetObjectAsUTF8 + 0x5b); DWORD func = FREGetObjectAsUTF8 + 0x5a + 5 + *(int*)(FREGetObjectAsUTF8 + 0x5b);

2
texthook/engine/match32.cc
View File

@ -65,7 +65,7 @@ bool DeterminePCEngine()
else for (int i = 0; i < 50; ++i) else for (int i = 0; i < 50; ++i)
if (HMODULE module = GetModuleHandleW((DXVersion + L"_" + std::to_wstring(i)).c_str())) PcHooks::hookD3DXFunctions(module); if (HMODULE module = GetModuleHandleW((DXVersion + L"_" + std::to_wstring(i)).c_str())) PcHooks::hookD3DXFunctions(module);
for (HMODULE module : Array<HMODULE>{ (HMODULE)processStartAddress, GetModuleHandleW(L"node.dll"), GetModuleHandleW(L"nw.dll") }) for (HMODULE module : { (HMODULE)processStartAddress, GetModuleHandleW(L"node.dll"), GetModuleHandleW(L"nw.dll") })
if (GetProcAddress(module, "?Write@String@v8@@QBEHPAGHHH@Z")) return InsertV8Hook(module); if (GetProcAddress(module, "?Write@String@v8@@QBEHPAGHHH@Z")) return InsertV8Hook(module);
if (InsertMonoHooks()) { if (InsertMonoHooks()) {

5
texthook/engine/match64.cc
View File

@ -82,7 +82,7 @@ namespace Engine
if (!domain) goto failed; if (!domain) goto failed;
const BYTE prolog1[] = { 0x55, 0x48, 0x8b, 0xec }; const BYTE prolog1[] = { 0x55, 0x48, 0x8b, 0xec };
const BYTE prolog2[] = { 0x48, 0x83, 0xec }; const BYTE prolog2[] = { 0x48, 0x83, 0xec };
for (auto [prolog, size] : Array<std::tuple<const BYTE*, size_t>>{ { prolog1, sizeof(prolog1) }, { prolog2, sizeof(prolog2) } }) for (auto [prolog, size] : Array<const BYTE*, size_t>{ { prolog1, sizeof(prolog1) }, { prolog2, sizeof(prolog2) } })
for (auto addr : Util::SearchMemory(prolog, size, PAGE_EXECUTE_READWRITE)) for (auto addr : Util::SearchMemory(prolog, size, PAGE_EXECUTE_READWRITE))
{ {
[](uint64_t addr) [](uint64_t addr)
@ -127,6 +127,9 @@ namespace Engine
{ {
if (uint64_t addr = (uint64_t)GetProcAddress(module, "?Write@String@v8@@QEBAHPEAGHHH@Z")) if (uint64_t addr = (uint64_t)GetProcAddress(module, "?Write@String@v8@@QEBAHPEAGHHH@Z"))
{ {
std::tie(spDefault.minAddress, spDefault.maxAddress) = Util::QueryModuleLimits(module);
spDefault.maxRecords = Util::SearchMemory(spDefault.pattern, spDefault.length, PAGE_EXECUTE, spDefault.minAddress, spDefault.maxAddress).size() * 20;
ConsoleOutput("Textractor: JavaScript hook is known to be low quality: try searching for hooks if you don't like it");
HookParam hp = {}; HookParam hp = {};
hp.type = USING_STRING | USING_UNICODE | DATA_INDIRECT; hp.type = USING_STRING | USING_UNICODE | DATA_INDIRECT;
hp.address = addr; hp.address = addr;