Waffle3 engine hook

This commit is contained in:
Blu3train 2023-12-22 17:52:24 +01:00
parent f3fbe04409
commit c2f85a1e6b

View File

@ -5890,6 +5890,25 @@ bool InsertShinaHook()
return false;
}
bool Waffle3Filter(LPVOID data, DWORD *size, HookParam *, BYTE)
{
auto text = reinterpret_cast<LPSTR>(data);
auto len = reinterpret_cast<size_t *>(size);
static std::string prevText;
if (cpp_strnstr(text, "\\", *len))
return false;
if (prevText.find(text, 0, *len) != std::string::npos) // Check if the string is present in the previous one
return false;
prevText.assign(text, *len);
StringCharReplacer(text, len, "\r\n\x81\x40", 4, ' ');
StringCharReplacer(text, len, "\r\n", 2, ' ');
StringCharReplacer(text, len, "\x81\x40", 2, ' ');
return true;
}
bool InsertWaffleDynamicHook(LPVOID addr, DWORD frame, DWORD stack)
{
ConsoleOutput("WaffleDynamic:triggered");
@ -6022,6 +6041,30 @@ bool InsertWaffleHook()
NewHook(hp, "WAFFLE2");
found = true;
}
//by Blu3train
/** new waffle3
* test on https://vndb.org/v31003
*/
const BYTE bytes2[] = {
0xCC, // int 3
0x55, // push ebp <- hook here
0x8B, 0xEC, // mov ebp,esp
0x8B, 0x55, 0x0C, // mov edx,[ebp+0C]
0x53 // push ebx
};
ULONG range = min(processStopAddress - processStartAddress, MAX_REL_ADDR);
if (DWORD addr = MemDbg::findBytes(bytes2, sizeof(bytes2), processStartAddress, processStartAddress + range))
{
HookParam hp = {};
hp.address = addr + 1;
hp.offset = pusha_eax_off - 4;
hp.index = 0x00;
hp.filter_fun = Waffle3Filter;
hp.type = USING_STRING;
ConsoleOutput("Textractor: INSERT WAFFLE3");
NewHook(hp, "WAFFLE3");
found = true;
}
//ConsoleOutput("Probably Waffle. Wait for text.");
if (!found) trigger_fun = InsertWaffleDynamicHook;
return found;