This repository has been archived by the owner on Nov 17, 2024. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 159
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
1 changed file
with
81 additions
and
44 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,78 +1,115 @@ | ||
| #include"CodeX.h" | ||
| #include "CodeX.h" | ||
|
|
||
| bool CodeXFilter(LPVOID data, size_t *size, HookParam *) | ||
| { | ||
| auto text = reinterpret_cast<LPSTR>(data); | ||
| auto len = reinterpret_cast<size_t *>(size); | ||
| std::string result = std::string((char *)data, *size); | ||
| strReplace(result, "^n", "\n"); | ||
| if (startWith(result, "\n")) | ||
| result = result.substr(1); | ||
|
|
||
| StringCharReplacer(text, len, "^n", 2, ' '); | ||
|
|
||
| //|晒[さら] | ||
| std::string result = std::string((char*)data,*len); | ||
| result = std::regex_replace(result, std::regex("\\|(.+?)\\[(.+?)\\]"), "$1"); | ||
| return write_string_overwrite(data,len,result); | ||
|
|
||
| return write_string_overwrite(data, size, result); | ||
| } | ||
|
|
||
| bool InsertCodeXHook() | ||
| bool InsertCodeXHook() | ||
| { | ||
| /* | ||
| * Sample games: | ||
| * https://vndb.org/v41664 | ||
| * https://vndb.org/v36122 | ||
| */ | ||
|
|
||
| /* | ||
| * Sample games: | ||
| * https://vndb.org/v41664 | ||
| * https://vndb.org/v36122 | ||
| */ | ||
| const BYTE bytes[] = { | ||
| 0x83, 0xC4, 0x08, // add esp,08 << hook here | ||
| 0x8D, 0x85, XX4, // lea eax,[ebp-00000218] | ||
| 0x50, // push eax | ||
| 0x68, XX4, // push ???????????!.exe+10A76C | ||
| 0x85, 0xF6, // test esi,esi | ||
| 0x74, 0x4F, // je ???????????!.exe+2A95B | ||
| 0xFF, 0x15, XX4, // call dword ptr [???????????!.exe+C8140] | ||
| 0x8B, 0x85, XX4 // mov eax,[ebp-00000220] << alternative hook here | ||
| 0x83, 0xC4, 0x08, // add esp,08 << hook here | ||
| 0x8D, 0x85, XX4, // lea eax,[ebp-00000218] | ||
| 0x50, // push eax | ||
| 0x68, XX4, // push ???????????!.exe+10A76C | ||
| 0x85, 0xF6, // test esi,esi | ||
| 0x74, 0x4F, // je ???????????!.exe+2A95B | ||
| 0xFF, 0x15, XX4, // call dword ptr [???????????!.exe+C8140] | ||
| 0x8B, 0x85, XX4 // mov eax,[ebp-00000220] << alternative hook here | ||
| }; | ||
|
|
||
| ULONG range = min(processStopAddress - processStartAddress, MAX_REL_ADDR); | ||
| ULONG addr = MemDbg::findBytes(bytes, sizeof(bytes), processStartAddress, processStartAddress + range); | ||
| if (!addr) { | ||
| if (!addr) | ||
| { | ||
| ConsoleOutput("CodeX: pattern not found"); | ||
| return false; | ||
| } | ||
|
|
||
| HookParam hp; | ||
| hp.address = addr; | ||
| hp.offset=get_reg(regs::eax); | ||
| hp.offset = get_reg(regs::eax); | ||
| hp.index = 0; | ||
| hp.type = USING_STRING; | ||
| hp.filter_fun = CodeXFilter; | ||
| ConsoleOutput("INSERT CodeX"); | ||
|
|
||
| return NewHook(hp, "CodeX"); | ||
| } | ||
| namespace{ | ||
| bool hook(){ | ||
| //霞外籠逗留記 | ||
| BYTE _[]={0x90,0x90,0x68,0x64,0x7B,0x4C,0x00}; //aHdL db 'hd{L',0 | ||
| namespace | ||
| { | ||
| bool hook() | ||
| { | ||
| // 霞外籠逗留記 | ||
| BYTE _[] = {0x90, 0x90, 0x68, 0x64, 0x7B, 0x4C, 0x00}; // aHdL db 'hd{L',0 | ||
| ULONG addr = MemDbg::findBytes(_, sizeof(_), processStartAddress, processStopAddress); | ||
| if(addr==0)return false; | ||
| addr+=2; | ||
| BYTE bytes[]={0x68,XX4}; | ||
| memcpy(bytes+1,&addr,4); | ||
| if (addr == 0) | ||
| return false; | ||
| addr += 2; | ||
| BYTE bytes[] = {0x68, XX4}; | ||
| memcpy(bytes + 1, &addr, 4); | ||
| auto addrs = Util::SearchMemory(bytes, sizeof(bytes), PAGE_EXECUTE, processStartAddress, processStopAddress); | ||
| bool succ=false; | ||
| for(auto adr:addrs){ | ||
| adr=MemDbg::findEnclosingAlignedFunction(adr); | ||
| if(adr==0)continue; | ||
| bool succ = false; | ||
| for (auto adr : addrs) | ||
| { | ||
| adr = MemDbg::findEnclosingAlignedFunction(adr); | ||
| if (adr == 0) | ||
| continue; | ||
| HookParam hp; | ||
| hp.address = adr; | ||
| hp.offset=get_stack(1); | ||
| hp.offset = get_stack(1); | ||
| hp.type = CODEC_ANSI_BE; | ||
| succ|=NewHook(hp, "CodeX"); | ||
| succ |= NewHook(hp, "CodeX"); | ||
| } | ||
| return succ; | ||
| return succ; | ||
| } | ||
| } | ||
| bool CodeX::attach_function() { | ||
| return InsertCodeXHook()||hook(); | ||
| } | ||
| namespace | ||
| { | ||
| // https://vndb.org/v598 | ||
| // ANGEL BULLET | ||
| bool hook2() | ||
| { | ||
| BYTE _[] = { | ||
| 0x8b, 0x44, 0x24, 0x04, | ||
| 0x81, 0xec, XX4, | ||
| 0x25, 0xff, 0xff, 0, 0, | ||
| 0x8d, 0x54, 0x24, 0, | ||
| 0x56, | ||
| 0x8b, 0xf1, | ||
| 0x50, | ||
| 0x8d, 0x4e, XX, | ||
| 0x51, | ||
| 0x68, XX4, //%s%03d | ||
| 0x52, | ||
| 0xff, 0x15, XX4, // wprintfA | ||
| }; | ||
| ULONG addr = MemDbg::findBytes(_, sizeof(_), processStartAddress, processStopAddress); | ||
| if (addr == 0) | ||
| return false; | ||
| HookParam hp; | ||
| hp.address = addr; | ||
| hp.offset = get_reg(regs::edx); | ||
| hp.type = USING_STRING; | ||
| hp.filter_fun = CodeXFilter; | ||
| return NewHook(hp, "CodeX"); | ||
| } | ||
| } | ||
| bool CodeX::attach_function() | ||
| { | ||
| return InsertCodeXHook() || hook() || hook2(); | ||
| } |