chenx221/Textractor_test
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

alternate v8/javascript hook

Browse Source
This commit is contained in:
Akash Mozumdar 2019-05-02 19:24:16 -04:00
parent 49e915c3b6
commit fbe190f39c
1 changed files with 30 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

31
texthook/engine/engine.cc
View File

@ -10230,6 +10230,21 @@ bool InsertNexton1Hook()
* Artikash 9/11/2018: This is more than just Tyranobuilder. It's actually a hook for the V8 JavaScript runtime
* Sample game: https://www.freem.ne.jp/win/game/9672: /HQ8@2317A0:Prison.exe This new hook seems more reliable
* Nevermind both of those, just hook v8::String::Write https://v8docs.nodesource.com/node-0.8/d2/db3/classv8_1_1_string.html
* v8::String::Write - 55 - push ebp
* v8::String::Write+1- 8B EC - mov ebp,esp
* v8::String::Write+3- 8B 45 14 - mov eax,[ebp+14]
* v8::String::Write+6- 8B 55 10 - mov edx,[ebp+10]
* v8::String::Write+9- 50 - push eax
* v8::String::Write+A- 8B 45 0C - mov eax,[ebp+0C]
* v8::String::Write+D- 52 - push edx
* v8::String::Write+E- 8B 55 08 - mov edx,[ebp+08]
* v8::String::Write+11- 50 - push eax
* v8::String::Write+12- 52 - push edx
* v8::String::Write+13- 51 - push ecx
* v8::String::Write+14- E8 B7C7FFFF - call 6EF630 ; actual writing happens in this function, hooking after is possible
* v8::String::Write+19- 83 C4 14 - add esp,14 { 20 }
* v8::String::Write+1C- 5D - pop ebp
* v8::String::Write+1D- C2 1000 - ret 0010 { 16 }
*/
void SpecialHookV8String(DWORD dwDatabase, HookParam* hp, BYTE, DWORD* data, DWORD* split, DWORD* len)
{
@ -10246,10 +10261,24 @@ bool InsertV8Hook(HMODULE module)
HookParam hp = {};
hp.address = (DWORD)GetProcAddress(module, "?Write@String@v8@@QBEHPAGHHH@Z");
hp.offset = pusha_ecx_off - 4;
hp.split = 0xc;
hp.type = USING_UNICODE | USING_STRING;
hp.text_fun = SpecialHookV8String;
NewHook(hp, "JavaScript");
const BYTE bytes[] = {
0x83, 0xc4, XX, // add esp,XX
0x5d, // pop ebp
0xc2 // ret
};
if (hp.address)
if (DWORD addr = MemDbg::findBytes(bytes, sizeof(bytes), hp.address, hp.address + 0x30))
{
hp.address = addr;
hp.offset = 0x8 + *(BYTE*)(addr + 2); // second argument + amount that the stack pointer is offset from arguments
hp.type = USING_UNICODE | USING_STRING | NO_CONTEXT;
hp.length_offset = (0x10 + *(BYTE*)(addr + 2)) / 4; // fourth argument + amount that the stack pointer is offset from arguments
hp.text_fun = nullptr;
NewHook(hp, "JavaScript2");
}
return true;
}