EXTERN_C BOOL WINAPI DllMain(HINSTANCE hInstance, DWORD dwReason, LPVOID lpReserved)
{
if (dwReason == DLL_PROCESS_ATTACH)
{
Log(&k_boot,"Attaching dll...");
switch (GetPESInfo()->GameVersion) {
case gvPES5PC: //support for PES5 PC...
case gvWE9PC: //... and WE9 PC
case gvWE9LEPC: //... and WE9:LE PC
break;
default:
Log(&k_boot,"Your game version is currently not supported!");
return false;
}
hInst=hInstance;
RegisterKModule(&k_boot);
HookFunction(hk_D3D_CreateDevice,(DWORD)bootInit);
}
else if (dwReason == DLL_PROCESS_DETACH)
{
Log(&k_boot,"Detaching dll...");
UnhookFunction(hk_D3D_CreateDevice,(DWORD)bootInit);
UnhookFunction(hk_D3D_UnlockRect,(DWORD)bootUnlockRect);
UnhookFunction(hk_BeginUniSelect,(DWORD)bootBeginUniSelect);
}
return true;
}
void initModule()
{
UnhookFunction(hk_D3D_Create, (DWORD)initModule);
// read configuration
readConfig(_speeder_config);
if (_speeder_config.count_factor >= 0.0001)
{
SDLLHook Kernel32Hook =
{
"KERNEL32.DLL",
false, NULL, // Default hook disabled, NULL function pointer.
{
{ "QueryPerformanceFrequency",
Override_QueryPerformanceFrequency },
{ NULL, NULL }
}
};
HookAPICalls( &Kernel32Hook );
}
LogWithDouble(&k_speed, "count.factor = %0.2f",
(double)_speeder_config.count_factor);
Log(&k_speed, "module initialized.");
}
VOID
ProtectCleanup()
{
if(!ProtectInit)
return;
UnhookFunction(ObReferenceObjectByHandle,
ObReferenceObjectByHandleJmpBack);
HashTableInitialize(&ProtectObject);
ProtectInit = FALSE;
}
void doneTiming()
{
// terminate "stuck" thread
SetEvent(endStuckEvent);
Real_WaitForSingleObject(stuckThread,500);
CloseHandle(stuckThread);
CloseHandle(stuckTimer);
// make sure all currently active waits are finished
ResetEvent(resyncEvent);
SetEvent(nextFrameEvent);
if(waitCounter)
ResetEvent(noOneWaiting);
else
SetEvent(noOneWaiting);
while(Real_WaitForSingleObject(noOneWaiting,5) == WAIT_TIMEOUT)
if(!waitCounter)
break;
// these functions depend on critical sections that we're about to delete.
UnhookFunction(&Real_timeSetEvent);
UnhookFunction(&Real_timeKillEvent);
UnhookFunction(&Real_SetTimer);
EnterCriticalSection(&TimerAllocLock);
LeaveCriticalSection(&TimerAllocLock);
DeleteCriticalSection(&TimerAllocLock);
EnterCriticalSection(&TimerSeedLock);
TimersSeeded = true;
LeaveCriticalSection(&TimerSeedLock);
DeleteCriticalSection(&TimerSeedLock);
// we have to remove those, because code we call on deinitilization (especially directshow related)
// might be using them.
UnhookFunction(&Real_Sleep);
UnhookFunction(&Real_WaitForSingleObject);
UnhookFunction(&Real_WaitForMultipleObjects);
UnhookFunction(&Real_MsgWaitForMultipleObjects);
CloseHandle(nextFrameEvent);
CloseHandle(resyncEvent);
CloseHandle(noOneWaiting);
CloseHandle(endStuckEvent);
int runTime = Real_timeGetTime() - realStartTime;
timeEndPeriod(1);
if(runTime)
{
int rate = MulDiv(currentFrame,100*1000,runTime);
printLog("timing: %d.%02d frames per second on average\n",rate/100,rate%100);
}
}
void WINAPI DestroyHook(PHOOKREC phr)
{
// unhook function
UnhookFunction(phr);
// reset hookrec
phr->ui32AddressFunc = 0;
phr->ui32AddressShadowFunc = 0;
phr->phNew.relativeJump = 0;
memset((void *)&phr->phOld, 0, sizeof(PROCHOOK));
return;
}
BOOL WINAPI ShadowTextOutA(HDC textdc, int x, int y, LPCSTR lptext, int cb)
{
BOOL bRet = FALSE;
// write text buffer
WriteToTextBuffer(lptext, cb);
// pass on call to real function
UnhookFunction((PHOOKREC)&_hrTextOutA);
bRet = TextOutA(textdc, x, y, lptext, cb);
HookFunction((PHOOKREC)&_hrTextOutA);
return bRet;
}
/*
*
* prochooking shadow functions, function calls to the associated API functions get redirected here
*
*/
BOOL WINAPI ShadowExtTextOutA(HDC textdc, int x, int y, UINT fuoptions, CONST RECT *lprc, LPCSTR lptext, UINT cb, CONST INT *lpdx)
{
BOOL bRet = FALSE;
// write to text buffer if it isnt a glyph
if ((fuoptions & ETO_GLYPH_INDEX) != ETO_GLYPH_INDEX)
{
WriteToTextBuffer(lptext, cb);
}
// pass on call to real function
UnhookFunction((PHOOKREC)&_hrExtTextOutA);
bRet = ExtTextOutA(textdc, x, y, fuoptions, lprc, lptext, cb, lpdx);
HookFunction((PHOOKREC)&_hrExtTextOutA);
return bRet;
}
BOOL WINAPI ShadowTextOutW(HDC textdc, int x, int y, LPCWSTR lptext, int cb)
{
char szText[MAXTEXTOUT] = NULLSTR;
int iLenText = 0;
BOOL bRet = FALSE;
BOOL bUsed = FALSE;
// write text buffer
iLenText = WideCharToMultiByte(CP_THREAD_ACP, WC_NO_BEST_FIT_CHARS, lptext, cb, szText, MAXTEXTOUT, "*", &bUsed);
WriteToTextBuffer((LPCSTR)szText, (UINT)iLenText);
// pass on call to real function
UnhookFunction((PHOOKREC)&_hrTextOutW);
bRet = TextOutW(textdc, x, y, lptext, cb);
HookFunction((PHOOKREC)&_hrTextOutW);
return bRet;
}
BOOLEAN
FakeKeInsertQueueApc (
__inout PRKAPC Apc,
__in_opt PVOID SystemArgument1,
__in_opt PVOID SystemArgument2,
__in KPRIORITY Increment
)
{
ULONG retVal;
//获取PsExitSpecialApc、PspExitApcRundown、PspExitNormalApc
if(EThreadForGetApc != NULL &&
Apc->ApcMode == KernelMode &&
Apc->NormalContext == (PVOID)0x12345678 &&
Apc->Thread == (PKTHREAD)EThreadForGetApc &&
Apc->ApcStateIndex == 0 /*OriginalApcEnvironment*/)
{
PsExitSpecialApc = (PVOID)Apc->KernelRoutine;
PspExitApcRundown = (PVOID)Apc->RundownRoutine;
PspExitNormalApc = (PVOID)Apc->NormalRoutine;
//获得成功后取消钩子
EThreadForGetApc = NULL;
UnhookFunction(KeInsertQueueApc, KeInsertQueueApcJumpBack);
KdPrint(("get PsExitSpecialApc: %8.8X, PspExitApcRundown: %8.8X, PspExitNormalApc: %8.8X\n",
PsExitSpecialApc, PspExitApcRundown, PspExitNormalApc));
return FALSE;
}
__asm {
push Increment;
push SystemArgument2;
push SystemArgument1;
push Apc;
lea eax, KeInsertQueueApcJumpBack;
call eax;
mov retVal, eax;
}
return retVal > 0;
}
BOOL WINAPI ShadowExtTextOutW(HDC textdc, int x, int y, UINT fuoptions, CONST RECT *lprc, LPCWSTR lptext, UINT cb, CONST INT *lpdx)
{
char szText[MAXTEXTOUT] = NULLSTR;
int iLenText = 0;
BOOL bRet = FALSE;
BOOL bUsed = FALSE;
// write to text buffer if it isnt a glyph
if ((fuoptions & ETO_GLYPH_INDEX) != ETO_GLYPH_INDEX)
{
iLenText = WideCharToMultiByte(CP_THREAD_ACP, WC_NO_BEST_FIT_CHARS, lptext, cb, szText, MAXTEXTOUT, "*", &bUsed);
WriteToTextBuffer((LPCSTR)szText, (UINT)iLenText);
}
// pass on call to real function
UnhookFunction((PHOOKREC)&_hrExtTextOutW);
bRet = ExtTextOutW(textdc, x, y, fuoptions, lprc, lptext, cb, lpdx);
HookFunction((PHOOKREC)&_hrExtTextOutW);
return bRet;
}
VOID CRARKSYS_DriverUnload(
IN PDRIVER_OBJECT DriverObject
)
{
PDEVICE_OBJECT pdoNextDeviceObj = pdoGlobalDrvObj->DeviceObject;
//为安全考虑
UnhookFunction(KeInsertQueueApc, KeInsertQueueApcJumpBack);
ProtectCleanup();
IoDeleteSymbolicLink(&usSymlinkName);
// Delete all the device objects
while(pdoNextDeviceObj)
{
PDEVICE_OBJECT pdoThisDeviceObj = pdoNextDeviceObj;
pdoNextDeviceObj = pdoThisDeviceObj->NextDevice;
IoDeleteDevice(pdoThisDeviceObj);
}
KdPrint(("CrArkSys Unload.\n"));
}
EXTERN_C BOOL WINAPI DllMain(HINSTANCE hInstance, DWORD dwReason, LPVOID lpReserved)
{
if (dwReason == DLL_PROCESS_ATTACH)
{
Log(&k_dxtools,"Attaching dll...");
hInst=hInstance;
RegisterKModule(&k_dxtools);
char tmp[512];
sprintf(tmp,"%skload.cfg",GetPESInfo()->mydir);
ReadConfig(&dxconfig, tmp);
HookFunction(hk_D3D_CreateDevice,(DWORD)dxtoolsCreateDevice);
}
else if (dwReason == DLL_PROCESS_DETACH)
{
Log(&k_dxtools,"Detaching dll...");
UnhookFunction(hk_D3D_CreateDevice,(DWORD)dxtoolsCreateDevice);
}
return true;
}
