2016-01-05 23:01:17 +08:00
|
|
|
#pragma once
|
|
|
|
|
|
|
|
// vnrhook/const.h
|
|
|
|
// 8/23/2013 jichi
|
|
|
|
// Branch: ITH/common.h, rev 128
|
|
|
|
|
|
|
|
// jichi 9/9/2013: Another importnat function is lstrcatA, which is already handled by
|
|
|
|
// Debonosu hooks. Wait until it is really needed by certain games.
|
|
|
|
// The order of the functions is used in several place.
|
|
|
|
// I need to recompile all of the dlls to modify the order.
|
|
|
|
|
|
|
|
// jichi 10/14/2014
|
|
|
|
#define HOOK_GDI_FUNCTION_LIST \
|
|
|
|
GetTextExtentPoint32A \
|
|
|
|
, GetTextExtentExPointA \
|
|
|
|
, GetTabbedTextExtentA \
|
|
|
|
, GetCharacterPlacementA \
|
|
|
|
, GetGlyphIndicesA \
|
|
|
|
, GetGlyphOutlineA \
|
|
|
|
, ExtTextOutA \
|
|
|
|
, TextOutA \
|
|
|
|
, TabbedTextOutA \
|
|
|
|
, GetCharABCWidthsA \
|
|
|
|
, GetCharABCWidthsFloatA \
|
|
|
|
, GetCharWidth32A \
|
|
|
|
, GetCharWidthFloatA \
|
|
|
|
, GetTextExtentPoint32W \
|
|
|
|
, GetTextExtentExPointW \
|
|
|
|
, GetTabbedTextExtentW \
|
|
|
|
, GetCharacterPlacementW \
|
|
|
|
, GetGlyphIndicesW \
|
|
|
|
, GetGlyphOutlineW \
|
|
|
|
, ExtTextOutW \
|
|
|
|
, TextOutW \
|
|
|
|
, TabbedTextOutW \
|
|
|
|
, GetCharABCWidthsW \
|
|
|
|
, GetCharABCWidthsFloatW \
|
|
|
|
, GetCharWidth32W \
|
|
|
|
, GetCharWidthFloatW \
|
|
|
|
, DrawTextA \
|
|
|
|
, DrawTextExA \
|
|
|
|
, DrawTextW \
|
|
|
|
, DrawTextExW
|
|
|
|
//, CharNextA
|
|
|
|
//, CharPrevA
|
|
|
|
//enum { HOOK_FUN_COUNT = 30 }; // total number of GDI hooks
|
|
|
|
// jichi 1/16/2015: Though called max hook, it means max number of text threads
|
|
|
|
enum { MAX_HOOK = 64 }; // must be larger than HOOK_FUN_COUNT
|
|
|
|
|
|
|
|
//enum { HOOK_SECTION_SIZE = 0x2000 }; // default ITH value
|
|
|
|
// jichi 1/16/2015: Change to a very large number to prevent crash
|
|
|
|
//enum { MAX_HOOK = 0x100 }; // must be larger than HookFunCount
|
|
|
|
enum { HOOK_SECTION_SIZE = MAX_HOOK * 0x100 }; // default ITH value is 0x2000 for 32 hook (0x100 per hook)
|
|
|
|
|
|
|
|
// jichi 375/2014: Add offset of pusha/pushad
|
|
|
|
// http://faydoc.tripod.com/cpu/pushad.htm
|
|
|
|
// http://agth.wikia.com/wiki/Cheat_Engine_AGTH_Tutorial
|
|
|
|
//
|
|
|
|
// Warning: The offset in ITH has -4 offset comparing to pusha and AGTH
|
|
|
|
enum pusha_off {
|
|
|
|
pusha_eax_off = -0x4
|
|
|
|
, pusha_ecx_off = -0x8
|
|
|
|
, pusha_edx_off = -0xc
|
|
|
|
, pusha_ebx_off = -0x10
|
|
|
|
, pusha_esp_off = -0x14
|
|
|
|
, pusha_ebp_off = -0x18
|
|
|
|
, pusha_esi_off = -0x1c
|
|
|
|
, pusha_edi_off = -0x20
|
|
|
|
, pusha_off = -0x24 // pushad offset
|
|
|
|
};
|
|
|
|
|
|
|
|
enum HostCommandType {
|
|
|
|
HOST_COMMAND = -1 // null type
|
|
|
|
, HOST_COMMAND_NEW_HOOK = 0
|
|
|
|
, HOST_COMMAND_REMOVE_HOOK = 1
|
|
|
|
, HOST_COMMAND_MODIFY_HOOK = 2
|
|
|
|
, HOST_COMMAND_HIJACK_PROCESS = 3
|
|
|
|
, HOST_COMMAND_DETACH = 4
|
|
|
|
};
|
|
|
|
|
|
|
|
enum HostNotificationType {
|
|
|
|
HOST_NOTIFICATION = -1 // null type
|
|
|
|
, HOST_NOTIFICATION_TEXT = 0
|
|
|
|
, HOST_NOTIFICATION_NEWHOOK = 1
|
2018-08-03 05:16:49 +08:00
|
|
|
, HOST_NOTIFICATION_RMVHOOK = 2
|
2016-01-05 23:01:17 +08:00
|
|
|
};
|
|
|
|
|
|
|
|
// jichi 9/8/2013: The meaning are guessed
|
|
|
|
// Values must be within DWORD
|
|
|
|
// Unused values are as follows:
|
|
|
|
// - 0x100
|
|
|
|
enum HookParamType : unsigned long {
|
|
|
|
USING_STRING = 0x1 // type(data) is char* or wchar_t* and has length
|
|
|
|
, USING_UTF8 = USING_STRING // jichi 10/21/2014: temporarily handled the same way as USING_STRING
|
|
|
|
, USING_UNICODE = 0x2 // type(data) is wchar_t or wchar_t*
|
|
|
|
, BIG_ENDIAN = 0x4 // type(data) is char
|
|
|
|
, DATA_INDIRECT = 0x8
|
|
|
|
, USING_SPLIT = 0x10 // aware of split time?
|
|
|
|
, SPLIT_INDIRECT = 0x20
|
|
|
|
, MODULE_OFFSET = 0x40 // do hash module, and the address is relative to module
|
|
|
|
, FUNCTION_OFFSET = 0x80 // do hash function, and the address is relative to funccion
|
|
|
|
, PRINT_DWORD = 0x100 // jichi 12/7/2014: Removed
|
|
|
|
, NO_ASCII = 0x100 // jichi 1l/22/2015: Skip ascii characters
|
|
|
|
, STRING_LAST_CHAR = 0x200
|
|
|
|
, NO_CONTEXT = 0x400
|
|
|
|
, HOOK_EMPTY = 0x800
|
|
|
|
, FIXING_SPLIT = 0x1000
|
|
|
|
//, HOOK_AUXILIARY = 0x2000 // jichi 12/13/2013: None of known hooks are auxiliary
|
|
|
|
, RELATIVE_SPLIT = 0x2000 // jichi 10/24/2014: relative split return address
|
|
|
|
, HOOK_ENGINE = 0x4000
|
|
|
|
, HOOK_ADDITIONAL = 0x8000
|
|
|
|
};
|
|
|
|
|
|
|
|
// 6/1/2014: Fixed split value for hok parameter
|
|
|
|
// Fuse all threads, and prevent floating
|
|
|
|
enum { FIXED_SPLIT_VALUE = 0x10001 };
|
|
|
|
|
2018-05-21 16:05:09 +08:00
|
|
|
enum { PIPE_BUFFER_SIZE = 0x1000};
|
|
|
|
|
2016-01-05 23:01:17 +08:00
|
|
|
// jichi 12/18/2013:
|
|
|
|
// These dlls are used to guess the range for non-NO_CONTEXT hooks.
|
|
|
|
//
|
|
|
|
// Disabling uxtheme.dll would crash certain system: http://tieba.baidu.com/p/2764436254
|
|
|
|
#define IHF_FILTER_DLL_LIST \
|
|
|
|
/* ITH original filters */ \
|
|
|
|
L"gdiplus.dll" /* Graphics functions like TextOutA */ \
|
|
|
|
, L"lpk.dll" /* Language package scripts and fonts */ \
|
|
|
|
, L"msctf.dll" /* Text service */ \
|
|
|
|
, L"psapi.dll" /* Processes */ \
|
|
|
|
, L"usp10.dll" /* UNICODE rendering */ \
|
|
|
|
, L"user32.dll" /* Non-graphics functions like lstrlenA */ \
|
|
|
|
, L"uxtheme.dll" /* Theme */ \
|
|
|
|
\
|
|
|
|
/* Windows DLLs */ \
|
|
|
|
, L"advapi32.dll" /* Advanced services */ \
|
|
|
|
, L"apphelp.dll" /* Appliation help */ \
|
|
|
|
, L"audioses.dll" /* Audios */ \
|
|
|
|
, L"avrt.dll" /* Audio video runtime */ \
|
|
|
|
, L"cfgmgr32.dll" /* Configuration manager */ \
|
|
|
|
, L"clbcatq.dll" /* COM query service */ \
|
|
|
|
, L"comctl32.dll" /* Common control library */ \
|
|
|
|
, L"comdlg32.dll" /* Common dialogs */ \
|
|
|
|
, L"crypt32.dll" /* Security cryption */ \
|
|
|
|
, L"cryptbase.dll"/* Security cryption */ \
|
|
|
|
, L"cryptsp.dll" /* Security cryption */ \
|
|
|
|
, L"d3d8thk.dll" /* Direct3D 8 */ \
|
|
|
|
, L"d3d9.dll" /* Direct3D 9 */ \
|
|
|
|
, L"dbghelp.dll" /* Debug help */ \
|
|
|
|
, L"dciman32.dll" /* Display cotrol */ \
|
|
|
|
, L"devobj.dll" /* Device object */ \
|
|
|
|
, L"ddraw.dll" /* Direct draw */ \
|
|
|
|
, L"dinput.dll" /* Diret input */ \
|
|
|
|
, L"dsound.dll" /* Direct sound */ \
|
|
|
|
, L"DShowRdpFilter.dll" /* Direct show */ \
|
|
|
|
, L"dwmapi.dll" /* Windows manager */ \
|
|
|
|
, L"gdi32.dll" /* GDI32 */ \
|
|
|
|
, L"hid.dll" /* HID user library */ \
|
|
|
|
, L"iertutil.dll" /* IE runtime */ \
|
|
|
|
, L"imagehlp.dll" /* Image help */ \
|
|
|
|
, L"imm32.dll" /* Input method */ \
|
|
|
|
, L"ksuser.dll" /* Kernel service */ \
|
|
|
|
, L"ole32.dll" /* COM OLE */ \
|
|
|
|
, L"oleacc.dll" /* OLE access */ \
|
|
|
|
, L"oleaut32.dll" /* COM OLE */ \
|
|
|
|
, L"kernel.dll" /* Kernel functions */ \
|
|
|
|
, L"kernelbase.dll" /* Kernel functions */ \
|
|
|
|
, L"midimap.dll" /* MIDI */ \
|
|
|
|
, L"mmdevapi.dll" /* Audio device */ \
|
|
|
|
, L"mpr.dll" /* Winnet */ \
|
|
|
|
, L"msacm32.dll" /* MS ACM */ \
|
|
|
|
, L"msacm32.drv" /* MS ACM */ \
|
|
|
|
, L"msasn1.dll" /* Encoding/decoding */ \
|
|
|
|
, L"msimg32.dll" /* Image */ \
|
|
|
|
, L"msvfw32.dll" /* Media play */ \
|
|
|
|
, L"netapi32.dll" /* Network service */ \
|
|
|
|
, L"normaliz.dll" /* Normalize */ \
|
|
|
|
, L"nsi.dll" /* NSI */ \
|
|
|
|
, L"ntdll.dll" /* NT functions */ \
|
|
|
|
, L"ntmarta.dll" /* NT MARTA */ \
|
|
|
|
, L"nvd3dum.dll" /* Direct 3D */ \
|
|
|
|
, L"powerprof.dll"/* Power profile */ \
|
|
|
|
, L"profapi.dll" /* Profile API */ \
|
|
|
|
, L"propsys.dll" /* System properties */ \
|
|
|
|
, L"quartz.dll" /* OpenGL */ \
|
|
|
|
, L"rpcrt4.dll" /* RPC runtime */ \
|
|
|
|
, L"rpcrtremote.dll" /* RPC runtime */ \
|
|
|
|
, L"rsabase.dll" /* RSA cryption */ \
|
|
|
|
, L"rsaenh.dll" /* RSA cryption */ \
|
|
|
|
, L"schannel.dll" /* Security channel */ \
|
|
|
|
, L"sechost.dll" /* Service host */ \
|
|
|
|
, L"setupapi.dll" /* Setup service */ \
|
|
|
|
, L"shell32.dll" /* Windows shell */ \
|
|
|
|
, L"shlwapi.dll" /* Light-weighted shell */ \
|
|
|
|
, L"slc.dll" /* SLC */ \
|
|
|
|
, L"srvcli.dll" /* Service client */ \
|
|
|
|
, L"version.dll" /* Windows version */ \
|
|
|
|
, L"wdmaud.drv" /* Wave output */ \
|
|
|
|
, L"wldap32.dll" /* Wireless */ \
|
|
|
|
, L"wininet.dll" /* Internet access */ \
|
|
|
|
, L"winmm.dll" /* Windows sound */ \
|
|
|
|
, L"winsta.dll" /* Connection system */ \
|
|
|
|
, L"wtsapi32.dll" /* Windows terminal server */ \
|
|
|
|
, L"wintrust.dll" /* Windows trust */ \
|
|
|
|
, L"wsock32.dll" /* Windows sock */ \
|
|
|
|
, L"ws2_32.dll" /* Terminal server */ \
|
|
|
|
, L"wkscli.dll" /* ACIS */ \
|
|
|
|
\
|
|
|
|
/* MSVCRT */ \
|
|
|
|
, L"msvcrt.dll" /* VC rutime */ \
|
|
|
|
, L"msvcr80.dll" /* VC rutime 8 */ \
|
|
|
|
, L"msvcp80.dll" /* VC rutime 8 */ \
|
|
|
|
, L"msvcr90.dll" /* VC rutime 9 */ \
|
|
|
|
, L"msvcp90.dll" /* VC rutime 9 */ \
|
|
|
|
, L"msvcr100.dll" /* VC rutime 10 */ \
|
|
|
|
, L"msvcp100.dll" /* VC rutime 10 */ \
|
|
|
|
, L"msvcr110.dll" /* VC rutime 11 */ \
|
|
|
|
, L"msvcp110.dll" /* VC rutime 11 */ \
|
|
|
|
\
|
|
|
|
/* VNR */ \
|
|
|
|
, L"vnrhook.dll" \
|
|
|
|
, L"vnrhookxp.dll" \
|
|
|
|
\
|
|
|
|
/* Sogou IME */ \
|
|
|
|
, L"sogoupy.ime" \
|
|
|
|
, L"PicFace.dll" \
|
|
|
|
, L"AddressSearch.dll" \
|
|
|
|
\
|
|
|
|
/* QQ IME */ \
|
|
|
|
, L"QQPINYIN.IME" \
|
|
|
|
\
|
|
|
|
/* AlphaROM */ \
|
|
|
|
, L"kDays.dll" \
|
|
|
|
\
|
|
|
|
/* 360Safe */ \
|
|
|
|
, L"safemon.dll" \
|
|
|
|
\
|
|
|
|
/* Locale changers */ \
|
|
|
|
, L"AlLayer.dll" /* AppLocale */ \
|
|
|
|
, L"LocaleEmulator.dll" /* Locale Emulator */ \
|
|
|
|
, L"LSH.dll" /* LocaleSwitch */ \
|
|
|
|
, L"ntleah.dll" /* NTLEA */
|
|
|
|
|
|
|
|
// Google Japanese IME
|
|
|
|
//, L"GoogleIMEJaTIP32.dll"
|
|
|
|
|
|
|
|
enum {
|
|
|
|
//IHF_FILTER_COUNT = 7
|
|
|
|
IHF_FILTER_COUNT = 7 + 72 + 9 + 4 + 3 + 1 + 1 + 1 + 4 // count of total dlls to filter
|
|
|
|
, IHF_FILTER_CAPACITY = IHF_FILTER_COUNT + 1 // one more than the dll count
|
|
|
|
};
|
|
|
|
|
2018-07-18 05:01:56 +08:00
|
|
|
// jichi 12/25/2013: Header in each message sent to vnrsrv
|
|
|
|
// There are totally three elements
|
|
|
|
// - 0x0 dwAddr hook address
|
|
|
|
// - 0x4 dwRetn return address
|
|
|
|
// - 0x8 dwSplit split value
|
2018-07-18 07:18:36 +08:00
|
|
|
#define HEADER_SIZE sizeof(DWORD) * 3
|
2018-07-18 05:01:56 +08:00
|
|
|
|
2018-06-14 04:24:52 +08:00
|
|
|
#define TIMEOUT 5000 // 5 seconds
|
|
|
|
|
2016-01-05 23:01:17 +08:00
|
|
|
// EOF
|