forked from Public-Mirror/Textractor
update airnovel
This commit is contained in:
parent
5cf12dfc27
commit
36ad3aa05d
@ -16242,94 +16242,183 @@ bool InsertAdobeAirHook()
|
||||
}
|
||||
|
||||
/**
|
||||
* Artikash 7/15/2018: Insert AIRNovel hook
|
||||
* Sample game: https://vndb.org/v22252: /HQ-8*8:-8*14@130380:Adobe AIR.dll
|
||||
* When entering this function, ecx points to a struct containing a pointer to the text along with info about the type of text
|
||||
* ecx+8 is the (w)char(_t)* we want, ecx+14 is the int* that tells apart text types.
|
||||
|
||||
Adobe AIR.dll+130300 - 55 - push ebp
|
||||
Adobe AIR.dll+130301 - 8B EC - mov ebp,esp
|
||||
Adobe AIR.dll+130303 - F2 0F10 05 5069C610 - movsd xmm0,["Adobe AIR.dll"+EE6950] { [-1.00] }
|
||||
Adobe AIR.dll+13030B - 83 EC 0C - sub esp,0C { 12 }
|
||||
Adobe AIR.dll+13030E - F2 0F10 4D 08 - movsd xmm1,[ebp+08]
|
||||
Adobe AIR.dll+130313 - 66 0F2F C1 - comisd xmm0,xmm1
|
||||
Adobe AIR.dll+130317 - 72 05 - jb "Adobe AIR.dll"+13031E { ->Adobe AIR.dll+13031E }
|
||||
Adobe AIR.dll+130319 - 83 CA FF - or edx,-01 { 255 }
|
||||
Adobe AIR.dll+13031C - EB 32 - jmp "Adobe AIR.dll"+130350 { ->Adobe AIR.dll+130350 }
|
||||
Adobe AIR.dll+13031E - 8B 51 10 - mov edx,[ecx+10]
|
||||
Adobe AIR.dll+130321 - 66 0F6E C2 - movd xmm0,edx
|
||||
Adobe AIR.dll+130325 - F3 0FE6 C0 - cvtdq2pd xmm0,xmm0
|
||||
Adobe AIR.dll+130329 - 66 0F2F C8 - comisd xmm1,xmm0
|
||||
Adobe AIR.dll+13032D - 73 21 - jae "Adobe AIR.dll"+130350 { ->Adobe AIR.dll+130350 }
|
||||
Adobe AIR.dll+13032F - F2 0F11 4D F4 - movsd [ebp-0C],xmm1
|
||||
Adobe AIR.dll+130334 - 33 D2 - xor edx,edx; Safe to hook here!
|
||||
Adobe AIR.dll+130336 - 8B 45 F8 - mov eax,[ebp-08]
|
||||
Adobe AIR.dll+130339 - 25 FFFFFF7F - and eax,7FFFFFFF { 2147483647 }
|
||||
Adobe AIR.dll+13033E - 3D 0000F07F - cmp eax,7FF00000 { 2146435072 }
|
||||
Adobe AIR.dll+130343 - 77 0B - ja "Adobe AIR.dll"+130350 { ->Adobe AIR.dll+130350 }
|
||||
Adobe AIR.dll+130345 - 72 05 - jb "Adobe AIR.dll"+13034C { ->Adobe AIR.dll+13034C }
|
||||
Adobe AIR.dll+130347 - 39 55 F4 - cmp [ebp-0C],edx
|
||||
Adobe AIR.dll+13034A - 77 04 - ja "Adobe AIR.dll"+130350 { ->Adobe AIR.dll+130350 }
|
||||
Adobe AIR.dll+13034C - F2 0F2C D1 - cvttsd2si edx,xmm1
|
||||
Adobe AIR.dll+130350 - 8B 41 10 - mov eax,[ecx+10]
|
||||
Adobe AIR.dll+130353 - 89 45 F8 - mov [ebp-08],eax
|
||||
Adobe AIR.dll+130356 - 3B D0 - cmp edx,eax
|
||||
Adobe AIR.dll+130358 - 73 51 - jae "Adobe AIR.dll"+1303AB { ->Adobe AIR.dll+1303AB }
|
||||
Adobe AIR.dll+13035A - 89 55 FC - mov [ebp-04],edx
|
||||
Adobe AIR.dll+13035D - 8B 45 F8 - mov eax,[ebp-08]
|
||||
Adobe AIR.dll+130360 - 39 45 FC - cmp [ebp-04],eax
|
||||
Adobe AIR.dll+130363 - 1B C0 - sbb eax,eax
|
||||
Adobe AIR.dll+130365 - 21 45 FC - and [ebp-04],eax
|
||||
Adobe AIR.dll+130368 - 8B 41 14 - mov eax,[ecx+14]
|
||||
Adobe AIR.dll+13036B - C1 E8 02 - shr eax,02 { 2 }
|
||||
Adobe AIR.dll+13036E - A8 01 - test al,01 { 1 }
|
||||
Adobe AIR.dll+130370 - 75 05 - jne "Adobe AIR.dll"+130377 { ->Adobe AIR.dll+130377 }
|
||||
Adobe AIR.dll+130372 - 8B 51 08 - mov edx,[ecx+08] // Address of text moved into edx here
|
||||
Adobe AIR.dll+130375 - EB 09 - jmp "Adobe AIR.dll"+130380 { ->Adobe AIR.dll+130380 }; Unconditional jump to hook location
|
||||
Adobe AIR.dll+130377 - 8B 41 0C - mov eax,[ecx+0C]
|
||||
Adobe AIR.dll+13037A - 8B 50 08 - mov edx,[eax+08]
|
||||
Adobe AIR.dll+13037D - 03 51 08 - add edx,[ecx+08]
|
||||
Adobe AIR.dll+130380 - F6 41 14 01 - test byte ptr [ecx+14],01 { 1 }; Hook here also works
|
||||
Adobe AIR.dll+130384 - 8B 45 FC - mov eax,[ebp-04]
|
||||
Adobe AIR.dll+130387 - 75 06 - jne "Adobe AIR.dll"+13038F { ->Adobe AIR.dll+13038F }
|
||||
Adobe AIR.dll+130389 - 0FB6 04 10 - movzx eax,byte ptr [eax+edx]
|
||||
Adobe AIR.dll+13038D - EB 04 - jmp "Adobe AIR.dll"+130393 { ->Adobe AIR.dll+130393 }
|
||||
Adobe AIR.dll+13038F - 0FB7 04 42 - movzx eax,word ptr [edx+eax*2]
|
||||
Adobe AIR.dll+130393 - 66 0F6E C0 - movd xmm0,eax
|
||||
Adobe AIR.dll+130397 - F3 0FE6 C0 - cvtdq2pd xmm0,xmm0
|
||||
Adobe AIR.dll+13039B - 89 0D 90F71311 - mov ["Adobe AIR.dll"+13BF790],ecx { [07EBDB80] }
|
||||
Adobe AIR.dll+1303A1 - F2 0F11 45 F4 - movsd [ebp-0C],xmm0
|
||||
Adobe AIR.dll+1303A6 - DD 45 F4 - fld qword ptr [ebp-0C]
|
||||
Adobe AIR.dll+1303A9 - EB 06 - jmp "Adobe AIR.dll"+1303B1 { ->Adobe AIR.dll+1303B1 }
|
||||
Adobe AIR.dll+1303AB - DD 05 B8071411 - fld qword ptr ["Adobe AIR.dll"+13C07B8] { [Nan] }
|
||||
Adobe AIR.dll+1303B1 - 8B E5 - mov esp,ebp
|
||||
Adobe AIR.dll+1303B3 - 5D - pop ebp
|
||||
Adobe AIR.dll+1303B4 - C2 0800 - ret 0008 { 8 }
|
||||
* Artikash 12/8/2018: Update AIRNovel hook for version 31.0.0.96
|
||||
* Sample game: https://vndb.org/v22252: /HQ4*8:4*4@12FF9A:Adobe AIR.dll
|
||||
* First function parameter points to a struct containing a pointer to the text along with info about the type of text
|
||||
* wchar_t* at offset 8, good split parameter at offset 4
|
||||
Adobe AIR.dll+12FF9A - 51 - push ecx
|
||||
Adobe AIR.dll+12FF9B - 53 - push ebx
|
||||
Adobe AIR.dll+12FF9C - 55 - push ebp
|
||||
Adobe AIR.dll+12FF9D - 56 - push esi
|
||||
Adobe AIR.dll+12FF9E - 8B 74 24 14 - mov esi,[esp+14]
|
||||
Adobe AIR.dll+12FFA2 - 8B E9 - mov ebp,ecx
|
||||
Adobe AIR.dll+12FFA4 - 57 - push edi
|
||||
Adobe AIR.dll+12FFA5 - 85 F6 - test esi,esi
|
||||
Adobe AIR.dll+12FFA7 - 0F84 78010000 - je "Adobe AIR.dll"+130125 { ->Adobe AIR.dll+130125 }
|
||||
Adobe AIR.dll+12FFAD - 8B 5E 10 - mov ebx,[esi+10]
|
||||
Adobe AIR.dll+12FFB0 - 85 DB - test ebx,ebx
|
||||
Adobe AIR.dll+12FFB2 - 0F84 6D010000 - je "Adobe AIR.dll"+130125 { ->Adobe AIR.dll+130125 }
|
||||
Adobe AIR.dll+12FFB8 - 8B C6 - mov eax,esi
|
||||
Adobe AIR.dll+12FFBA - 25 00F0FFFF - and eax,FFFFF000 { -4096 }
|
||||
Adobe AIR.dll+12FFBF - 8B 40 08 - mov eax,[eax+08]
|
||||
Adobe AIR.dll+12FFC2 - 89 44 24 10 - mov [esp+10],eax
|
||||
Adobe AIR.dll+12FFC6 - 8B 46 14 - mov eax,[esi+14]
|
||||
Adobe AIR.dll+12FFC9 - A8 01 - test al,01 { 1 }
|
||||
Adobe AIR.dll+12FFCB - 0F85 D7000000 - jne "Adobe AIR.dll"+1300A8 { ->Adobe AIR.dll+1300A8 }
|
||||
Adobe AIR.dll+12FFD1 - A8 08 - test al,08 { 8 }
|
||||
Adobe AIR.dll+12FFD3 - 75 4A - jne "Adobe AIR.dll"+13001F { ->Adobe AIR.dll+13001F }
|
||||
Adobe AIR.dll+12FFD5 - C1 E8 02 - shr eax,02 { 2 }
|
||||
Adobe AIR.dll+12FFD8 - A8 01 - test al,01 { 1 }
|
||||
Adobe AIR.dll+12FFDA - 75 05 - jne "Adobe AIR.dll"+12FFE1 { ->Adobe AIR.dll+12FFE1 }
|
||||
Adobe AIR.dll+12FFDC - 8B 4E 08 - mov ecx,[esi+08]
|
||||
Adobe AIR.dll+12FFDF - EB 09 - jmp "Adobe AIR.dll"+12FFEA { ->Adobe AIR.dll+12FFEA }
|
||||
Adobe AIR.dll+12FFE1 - 8B 46 0C - mov eax,[esi+0C]
|
||||
Adobe AIR.dll+12FFE4 - 8B 48 08 - mov ecx,[eax+08]
|
||||
Adobe AIR.dll+12FFE7 - 03 4E 08 - add ecx,[esi+08]
|
||||
Adobe AIR.dll+12FFEA - 89 35 9057BF10 - mov ["Adobe AIR.dll"+1385790],esi { [080D7CA0] }
|
||||
Adobe AIR.dll+12FFF0 - 33 FF - xor edi,edi
|
||||
Adobe AIR.dll+12FFF2 - 8B 56 10 - mov edx,[esi+10]
|
||||
Adobe AIR.dll+12FFF5 - 85 D2 - test edx,edx
|
||||
Adobe AIR.dll+12FFF7 - 74 12 - je "Adobe AIR.dll"+13000B { ->Adobe AIR.dll+13000B }
|
||||
Adobe AIR.dll+12FFF9 - 8A 01 - mov al,[ecx]
|
||||
Adobe AIR.dll+12FFFB - B4 7F - mov ah,7F { 127 }
|
||||
Adobe AIR.dll+12FFFD - 41 - inc ecx
|
||||
Adobe AIR.dll+12FFFE - 3A E0 - cmp ah,al
|
||||
Adobe AIR.dll+130000 - 1B C0 - sbb eax,eax
|
||||
Adobe AIR.dll+130002 - F7 D8 - neg eax
|
||||
Adobe AIR.dll+130004 - 03 F8 - add edi,eax
|
||||
Adobe AIR.dll+130006 - 83 EA 01 - sub edx,01 { 1 }
|
||||
Adobe AIR.dll+130009 - 75 EE - jne "Adobe AIR.dll"+12FFF9 { ->Adobe AIR.dll+12FFF9 }
|
||||
Adobe AIR.dll+13000B - 57 - push edi
|
||||
Adobe AIR.dll+13000C - 53 - push ebx
|
||||
Adobe AIR.dll+13000D - E8 36040900 - call "Adobe AIR.dll"+1C0448 { ->Adobe AIR.dll+1C0448 }
|
||||
Adobe AIR.dll+130012 - 8B D8 - mov ebx,eax
|
||||
Adobe AIR.dll+130014 - 59 - pop ecx
|
||||
Adobe AIR.dll+130015 - 59 - pop ecx
|
||||
Adobe AIR.dll+130016 - 3B 5E 10 - cmp ebx,[esi+10]
|
||||
Adobe AIR.dll+130019 - 75 04 - jne "Adobe AIR.dll"+13001F { ->Adobe AIR.dll+13001F }
|
||||
Adobe AIR.dll+13001B - 83 4E 14 08 - or dword ptr [esi+14],08 { 8 }
|
||||
Adobe AIR.dll+13001F - 8B 4C 24 10 - mov ecx,[esp+10]
|
||||
Adobe AIR.dll+130023 - 8D 43 01 - lea eax,[ebx+01]
|
||||
Adobe AIR.dll+130026 - 6A 02 - push 02 { 2 }
|
||||
Adobe AIR.dll+130028 - 6A 00 - push 00 { 0 }
|
||||
Adobe AIR.dll+13002A - 50 - push eax
|
||||
Adobe AIR.dll+13002B - E8 CD250B00 - call "Adobe AIR.dll"+1E25FD { ->Adobe AIR.dll+1E25FD }
|
||||
Adobe AIR.dll+130030 - 8B 4E 14 - mov ecx,[esi+14]
|
||||
Adobe AIR.dll+130033 - 8B F8 - mov edi,eax
|
||||
Adobe AIR.dll+130035 - C1 E9 02 - shr ecx,02 { 2 }
|
||||
Adobe AIR.dll+130038 - F6 C1 01 - test cl,01 { 1 }
|
||||
Adobe AIR.dll+13003B - 75 05 - jne "Adobe AIR.dll"+130042 { ->Adobe AIR.dll+130042 }
|
||||
Adobe AIR.dll+13003D - 8B 56 08 - mov edx,[esi+08]
|
||||
Adobe AIR.dll+130040 - EB 09 - jmp "Adobe AIR.dll"+13004B { ->Adobe AIR.dll+13004B }
|
||||
Adobe AIR.dll+130042 - 8B 46 0C - mov eax,[esi+0C]
|
||||
Adobe AIR.dll+130045 - 8B 50 08 - mov edx,[eax+08]
|
||||
Adobe AIR.dll+130048 - 03 56 08 - add edx,[esi+08]
|
||||
Adobe AIR.dll+13004B - 89 35 9057BF10 - mov ["Adobe AIR.dll"+1385790],esi { [080D7CA0] }
|
||||
Adobe AIR.dll+130051 - 89 7D 00 - mov [ebp+00],edi
|
||||
Adobe AIR.dll+130054 - 89 5D 04 - mov [ebp+04],ebx
|
||||
Adobe AIR.dll+130057 - 8B 76 10 - mov esi,[esi+10]
|
||||
Adobe AIR.dll+13005A - 3B DE - cmp ebx,esi
|
||||
Adobe AIR.dll+13005C - 75 14 - jne "Adobe AIR.dll"+130072 { ->Adobe AIR.dll+130072 }
|
||||
Adobe AIR.dll+13005E - 53 - push ebx
|
||||
Adobe AIR.dll+13005F - 52 - push edx
|
||||
Adobe AIR.dll+130060 - 57 - push edi
|
||||
Adobe AIR.dll+130061 - E8 3A715D00 - call "Adobe AIR.dll"+7071A0 { ->Adobe AIR.dll+7071A0 }
|
||||
Adobe AIR.dll+130066 - 83 C4 0C - add esp,0C { 12 }
|
||||
Adobe AIR.dll+130069 - C6 04 1F 00 - mov byte ptr [edi+ebx],00 { 0 }
|
||||
Adobe AIR.dll+13006D - E9 BE000000 - jmp "Adobe AIR.dll"+130130 { ->Adobe AIR.dll+130130 }
|
||||
Adobe AIR.dll+130072 - 85 F6 - test esi,esi
|
||||
Adobe AIR.dll+130074 - 74 2A - je "Adobe AIR.dll"+1300A0 { ->Adobe AIR.dll+1300A0 }
|
||||
Adobe AIR.dll+130076 - BB 80000000 - mov ebx,00000080 { 128 }
|
||||
Adobe AIR.dll+13007B - 0FB6 0A - movzx ecx,byte ptr [edx]
|
||||
Adobe AIR.dll+13007E - 4E - dec esi
|
||||
Adobe AIR.dll+13007F - 42 - inc edx
|
||||
Adobe AIR.dll+130080 - 66 3B CB - cmp cx,bx
|
||||
Adobe AIR.dll+130083 - 72 14 - jb "Adobe AIR.dll"+130099 { ->Adobe AIR.dll+130099 }
|
||||
Adobe AIR.dll+130085 - 8A C1 - mov al,cl
|
||||
Adobe AIR.dll+130087 - 83 E1 3F - and ecx,3F { 63 }
|
||||
Adobe AIR.dll+13008A - C0 E8 06 - shr al,06 { 6 }
|
||||
Adobe AIR.dll+13008D - 24 03 - and al,03 { 3 }
|
||||
Adobe AIR.dll+13008F - 2C 40 - sub al,40 { 64 }
|
||||
Adobe AIR.dll+130091 - 88 07 - mov [edi],al
|
||||
Adobe AIR.dll+130093 - 47 - inc edi
|
||||
Adobe AIR.dll+130094 - 03 CB - add ecx,ebx
|
||||
Adobe AIR.dll+130096 - 0FB7 C9 - movzx ecx,cx
|
||||
Adobe AIR.dll+130099 - 88 0F - mov [edi],cl
|
||||
Adobe AIR.dll+13009B - 47 - inc edi
|
||||
Adobe AIR.dll+13009C - 85 F6 - test esi,esi
|
||||
Adobe AIR.dll+13009E - 75 DB - jne "Adobe AIR.dll"+13007B { ->Adobe AIR.dll+13007B }
|
||||
Adobe AIR.dll+1300A0 - C6 07 00 - mov byte ptr [edi],00 { 0 }
|
||||
Adobe AIR.dll+1300A3 - E9 88000000 - jmp "Adobe AIR.dll"+130130 { ->Adobe AIR.dll+130130 }
|
||||
Adobe AIR.dll+1300A8 - C1 E8 02 - shr eax,02 { 2 }
|
||||
Adobe AIR.dll+1300AB - A8 01 - test al,01 { 1 }
|
||||
Adobe AIR.dll+1300AD - 75 05 - jne "Adobe AIR.dll"+1300B4 { ->Adobe AIR.dll+1300B4 }
|
||||
Adobe AIR.dll+1300AF - 8B 46 08 - mov eax,[esi+08]
|
||||
Adobe AIR.dll+1300B2 - EB 09 - jmp "Adobe AIR.dll"+1300BD { ->Adobe AIR.dll+1300BD }
|
||||
Adobe AIR.dll+1300B4 - 8B 46 0C - mov eax,[esi+0C]
|
||||
Adobe AIR.dll+1300B7 - 8B 40 08 - mov eax,[eax+08]
|
||||
Adobe AIR.dll+1300BA - 03 46 08 - add eax,[esi+08]
|
||||
Adobe AIR.dll+1300BD - 6A 00 - push 00 { 0 }
|
||||
Adobe AIR.dll+1300BF - 6A 00 - push 00 { 0 }
|
||||
Adobe AIR.dll+1300C1 - 53 - push ebx
|
||||
Adobe AIR.dll+1300C2 - 50 - push eax
|
||||
Adobe AIR.dll+1300C3 - E8 A7730100 - call "Adobe AIR.dll"+14746F { ->Adobe AIR.dll+14746F }
|
||||
Adobe AIR.dll+1300C8 - 83 C4 10 - add esp,10 { 16 }
|
||||
Adobe AIR.dll+1300CB - 89 35 9057BF10 - mov ["Adobe AIR.dll"+1385790],esi { [080D7CA0] }
|
||||
Adobe AIR.dll+1300D1 - 8B F8 - mov edi,eax
|
||||
Adobe AIR.dll+1300D3 - 33 C0 - xor eax,eax
|
||||
Adobe AIR.dll+1300D5 - 85 FF - test edi,edi
|
||||
Adobe AIR.dll+1300D7 - 0F48 F8 - cmovs edi,eax
|
||||
Adobe AIR.dll+1300DA - 6A 02 - push 02 { 2 }
|
||||
Adobe AIR.dll+1300DC - 50 - push eax
|
||||
Adobe AIR.dll+1300DD - 8D 4F 01 - lea ecx,[edi+01]
|
||||
Adobe AIR.dll+1300E0 - 51 - push ecx
|
||||
Adobe AIR.dll+1300E1 - 8B 4C 24 1C - mov ecx,[esp+1C]
|
||||
Adobe AIR.dll+1300E5 - E8 13250B00 - call "Adobe AIR.dll"+1E25FD { ->Adobe AIR.dll+1E25FD }
|
||||
Adobe AIR.dll+1300EA - 8B D0 - mov edx,eax
|
||||
Adobe AIR.dll+1300EC - 89 7D 04 - mov [ebp+04],edi
|
||||
Adobe AIR.dll+1300EF - 89 55 00 - mov [ebp+00],edx
|
||||
Adobe AIR.dll+1300F2 - C6 04 3A 00 - mov byte ptr [edx+edi],00 { 0 }
|
||||
Adobe AIR.dll+1300F6 - 8B 4E 14 - mov ecx,[esi+14]
|
||||
Adobe AIR.dll+1300F9 - C1 E9 02 - shr ecx,02 { 2 }
|
||||
Adobe AIR.dll+1300FC - F6 C1 01 - test cl,01 { 1 }
|
||||
Adobe AIR.dll+1300FF - 75 05 - jne "Adobe AIR.dll"+130106 { ->Adobe AIR.dll+130106 }
|
||||
Adobe AIR.dll+130101 - 8B 46 08 - mov eax,[esi+08]
|
||||
Adobe AIR.dll+130104 - EB 09 - jmp "Adobe AIR.dll"+13010F { ->Adobe AIR.dll+13010F }
|
||||
Adobe AIR.dll+130106 - 8B 46 0C - mov eax,[esi+0C]
|
||||
Adobe AIR.dll+130109 - 8B 40 08 - mov eax,[eax+08]
|
||||
Adobe AIR.dll+13010C - 03 46 08 - add eax,[esi+08]
|
||||
Adobe AIR.dll+13010F - 57 - push edi
|
||||
Adobe AIR.dll+130110 - 52 - push edx
|
||||
Adobe AIR.dll+130111 - FF 76 10 - push [esi+10]
|
||||
Adobe AIR.dll+130114 - 50 - push eax
|
||||
Adobe AIR.dll+130115 - E8 55730100 - call "Adobe AIR.dll"+14746F { ->Adobe AIR.dll+14746F }
|
||||
Adobe AIR.dll+13011A - 83 C4 10 - add esp,10 { 16 }
|
||||
Adobe AIR.dll+13011D - 89 35 9057BF10 - mov ["Adobe AIR.dll"+1385790],esi { [080D7CA0] }
|
||||
Adobe AIR.dll+130123 - EB 0B - jmp "Adobe AIR.dll"+130130 { ->Adobe AIR.dll+130130 }
|
||||
Adobe AIR.dll+130125 - 83 65 04 00 - and dword ptr [ebp+04],00 { 0 }
|
||||
Adobe AIR.dll+130129 - C7 45 00 20277210 - mov [ebp+00],"Adobe AIR.dll"+EB2720 { [00000000] }
|
||||
Adobe AIR.dll+130130 - 5F - pop edi
|
||||
Adobe AIR.dll+130131 - 5E - pop esi
|
||||
Adobe AIR.dll+130132 - 8B C5 - mov eax,ebp
|
||||
Adobe AIR.dll+130134 - 5D - pop ebp
|
||||
Adobe AIR.dll+130135 - 5B - pop ebx
|
||||
Adobe AIR.dll+130136 - 59 - pop ecx
|
||||
Adobe AIR.dll+130137 - C2 0400 - ret 0004 { 4 }
|
||||
*/
|
||||
|
||||
bool InsertAIRNovelHook()
|
||||
{
|
||||
if (DWORD base = (DWORD)GetModuleHandleW(L"Adobe Air.dll"))
|
||||
{
|
||||
const BYTE bytes[] =
|
||||
{
|
||||
0x33, 0xD2, //- xor edx,edx
|
||||
0x8B, 0x45, 0xF8, //- mov eax,[ebp - 08]
|
||||
};
|
||||
DWORD addr = MemDbg::findBytes(bytes, sizeof(bytes), base, base + 0x200000); // Artikash 7/14/2018: Probably big enough
|
||||
if (!addr)
|
||||
{
|
||||
ConsoleOutput("Textractor: AIRNovel: pattern not found");
|
||||
return false;
|
||||
}
|
||||
HookParam hp = {};
|
||||
hp.address = addr;
|
||||
hp.address = base + 0x12ff9a;
|
||||
hp.type = USING_UNICODE|USING_STRING|USING_SPLIT|SPLIT_INDIRECT|DATA_INDIRECT;
|
||||
hp.length_offset = 0;
|
||||
hp.offset = pusha_ecx_off - 4;
|
||||
hp.split = pusha_ecx_off - 4;
|
||||
hp.offset = 0x4;
|
||||
hp.split = 0x4;
|
||||
hp.index = 0x8;
|
||||
hp.split_index = 0x14;
|
||||
hp.split_index = 0x4;
|
||||
//hp.filter_fun = [](void* str, DWORD* len, HookParam* hp, BYTE index) // removes some of the garbage threads
|
||||
//{
|
||||
// return *len < 4 &&
|
||||
@ -16346,7 +16435,6 @@ bool InsertAIRNovelHook()
|
||||
NewHook(hp, "AIRNovel");
|
||||
return true;
|
||||
}
|
||||
ConsoleOutput("Adobe Air.dll not found");
|
||||
return false;
|
||||
}
|
||||
|
||||
|
Loading…
x
Reference in New Issue
Block a user