searchmemory returns all matches now

This commit is contained in:
Akash Mozumdar 2018-10-14 10:29:23 -04:00
parent 273411d22e
commit d307b7af2e
3 changed files with 35 additions and 31 deletions

View File

@ -2123,12 +2123,8 @@ bool InsertBGIHook()
bool InsertBaldrHook() bool InsertBaldrHook()
{ {
const BYTE ins[] = { 0x90,0xff,0x50,0x3c,0x83,0xc4,0x20,0x8b,0x45,0xec }; const BYTE ins[] = { 0x90,0xff,0x50,0x3c,0x83,0xc4,0x20,0x8b,0x45,0xec };
DWORD addr = Util::SearchMemory(ins, sizeof(ins)); for (auto addr : Util::SearchMemory(ins, sizeof(ins)))
if (!addr) { {
ConsoleOutput("Textractor: BALDR failed: could not find instructions");
return false;
}
HookParam hp = {}; HookParam hp = {};
hp.address = addr; hp.address = addr;
hp.offset = 4; hp.offset = 4;
@ -2139,6 +2135,10 @@ bool InsertBaldrHook()
return true; return true;
} }
ConsoleOutput("Textractor: BALDR failed: could not find instructions");
return false;
}
/******************************************************************************************** /********************************************************************************************
Reallive hook: Reallive hook:
Process name is reallive.exe or reallive*.exe. Process name is reallive.exe or reallive*.exe.
@ -8871,7 +8871,7 @@ void SpecialHookAB2Try(DWORD esp_base, HookParam *, BYTE, DWORD *data, DWORD *sp
BOOL FindCharacteristInstruction() BOOL FindCharacteristInstruction()
{ {
const BYTE bytes[] = { 0x0F, 0xB7, 0x44, 0x50, 0x0C, 0x89 }; const BYTE bytes[] = { 0x0F, 0xB7, 0x44, 0x50, 0x0C, 0x89 };
if (DWORD addr = Util::SearchMemory(bytes, sizeof(bytes), PAGE_EXECUTE_READWRITE)) for (auto addr : Util::SearchMemory(bytes, sizeof(bytes), PAGE_EXECUTE_READWRITE))
{ {
//GROWL_DWORD(addr); //GROWL_DWORD(addr);
HookParam hp = {}; HookParam hp = {};
@ -9321,6 +9321,7 @@ bool InsertWillPlusWHook()
*/ */
static bool InsertNewWillPlusHook() static bool InsertNewWillPlusHook()
{ {
bool found = false;
const BYTE characteristicInstructions[] = const BYTE characteristicInstructions[] =
{ {
0xc2, 0x08, 0, // ret 0008; Seems to always be ret 8 before the hookable function. not sure why, not sure if stable. 0xc2, 0x08, 0, // ret 0008; Seems to always be ret 8 before the hookable function. not sure why, not sure if stable.
@ -9333,10 +9334,11 @@ static bool InsertNewWillPlusHook()
0x81, 0xec, XX4, // sub esp,? 0x81, 0xec, XX4, // sub esp,?
0xa1, XX4, // mov eax,[?] 0xa1, XX4, // mov eax,[?]
0x33, 0xc5, // xor eax,ebp 0x33, 0xc5, // xor eax,ebp
0x89, 0x45, 0xec // mov [ebp-14],eax; not sure if 0x14 is stable //0x89, 0x45, 0xec // mov [ebp-14],eax; not sure if 0x14 is stable
}; };
if (DWORD addr = Util::SearchMemory(characteristicInstructions, sizeof(characteristicInstructions))) for (auto addr : Util::SearchMemory(characteristicInstructions, sizeof(characteristicInstructions)))
{ {
//GROWL_DWORD(addr);
HookParam hp = {}; HookParam hp = {};
hp.address = addr + 3; hp.address = addr + 3;
hp.type = USING_STRING | USING_UNICODE | DATA_INDIRECT; hp.type = USING_STRING | USING_UNICODE | DATA_INDIRECT;
@ -9344,10 +9346,10 @@ static bool InsertNewWillPlusHook()
hp.index = 0; hp.index = 0;
ConsoleOutput("Textractor: INSERT New WillPlus (ADVHD) hook"); ConsoleOutput("Textractor: INSERT New WillPlus (ADVHD) hook");
NewHook(hp, "WillPlus2"); NewHook(hp, "WillPlus2");
return true; found = true;
} }
ConsoleOutput("New WillPlus: failed to find instructions"); if (!found) ConsoleOutput("New WillPlus: failed to find instructions");
return false; return found;
} }
} // unnamed namespace } // unnamed namespace

View File

@ -3,7 +3,6 @@
// Branch: ITH_Engine/engine.cpp, revision 133 // Branch: ITH_Engine/engine.cpp, revision 133
// See: http://ja.wikipedia.org/wiki/プロジェクト:美少女ゲーム系/ゲームエンジン // See: http://ja.wikipedia.org/wiki/プロジェクト:美少女ゲーム系/ゲームエンジン
#include "common.h"
#include "util/util.h" #include "util/util.h"
#include "ithsys/ithsys.h" #include "ithsys/ithsys.h"
#include "main.h" #include "main.h"
@ -286,7 +285,7 @@ bool Util::SearchResourceString(LPCWSTR str)
namespace namespace
{ {
DWORD SafeSearchMemory(DWORD startAddr, DWORD endAddr, const BYTE* bytes, unsigned short length) uint64_t SafeSearchMemory(uint64_t startAddr, uint64_t endAddr, const BYTE* bytes, short length)
{ {
__try __try
{ {
@ -295,7 +294,7 @@ namespace
if (j == length) return startAddr + i; // not sure about this algorithm... if (j == length) return startAddr + i; // not sure about this algorithm...
else if (*((BYTE*)startAddr + i + j) != *(bytes + j) && *(bytes + j) != 0x11) break; // 0x11 = wildcard else if (*((BYTE*)startAddr + i + j) != *(bytes + j) && *(bytes + j) != 0x11) break; // 0x11 = wildcard
} }
__except (1) __except (EXCEPTION_EXECUTE_HANDLER)
{ {
ConsoleOutput("Textractor: SearchMemory ERROR (Textractor will likely still work fine, but please let Artikash know if this happens a lot!)"); ConsoleOutput("Textractor: SearchMemory ERROR (Textractor will likely still work fine, but please let Artikash know if this happens a lot!)");
return 0; return 0;
@ -304,29 +303,32 @@ namespace
} }
} }
DWORD Util::SearchMemory(const BYTE* bytes, unsigned short length, DWORD protect) std::vector<uint64_t> Util::SearchMemory(const BYTE* bytes, short length, DWORD protect)
{ {
std::vector<std::pair<DWORD, DWORD>> validMemory; std::vector<std::pair<uint64_t, uint64_t>> validMemory;
for (BYTE* probe = NULL; (DWORD)probe < 0x80000000;) // end of user memory space for (BYTE* probe = NULL; (uint64_t)probe < 0x80000000;) // end of user memory space
{ {
MEMORY_BASIC_INFORMATION info = {}; MEMORY_BASIC_INFORMATION info = {};
if (!VirtualQuery(probe, &info, sizeof(info))) if (!VirtualQuery(probe, &info, sizeof(info)))
{ {
probe += 0x1000; probe += 0x1000; // page size
continue; continue;
} }
else else
{ {
if (info.Protect >= protect && !(info.Protect & PAGE_GUARD)) validMemory.push_back({ (DWORD)info.BaseAddress, info.RegionSize }); if (info.Protect >= protect && !(info.Protect & PAGE_GUARD)) validMemory.push_back({ (uint64_t)info.BaseAddress, info.RegionSize });
probe += info.RegionSize; probe += info.RegionSize;
} }
} }
std::vector<uint64_t> ret;
for (auto memory : validMemory) for (auto memory : validMemory)
if (DWORD ret = SafeSearchMemory(memory.first, memory.first + memory.second, bytes, length)) for (uint64_t addr = memory.first; true;)
return ret; if (addr = SafeSearchMemory(addr, memory.first + memory.second, bytes, length))
ret.push_back(addr++);
else break;
return 0; return ret;
} }
// EOF // EOF

View File

@ -3,7 +3,7 @@
// util.h // util.h
// 8/23/2013 jichi // 8/23/2013 jichi
#include <Windows.h> #include "common.h"
namespace Util { namespace Util {
@ -22,7 +22,7 @@ bool CheckFile(LPCWSTR name);
bool SearchResourceString(LPCWSTR str); bool SearchResourceString(LPCWSTR str);
DWORD SearchMemory(const BYTE* bytes, unsigned short length, DWORD protect = PAGE_EXECUTE); std::vector<uint64_t> SearchMemory(const BYTE* bytes, short length, DWORD protect = PAGE_EXECUTE);
} // namespace Util } // namespace Util