void applyFPSPatch() {
enableGFWLCompatibility();
// Get imageBase
HANDLE exeHandle = NULL;
originalBase = 0x0400000;
exeHandle = GetModuleHandle(NULL);
if(exeHandle != NULL)
imageBase = (DWORD)exeHandle;
// Patches
//--------------------------------------------------------------
DWORD address;
DWORD data;
// Override D3D Presentation Interval
address = convertAddress(0x010275AE);
data = 5; //Set to immediate
writeToAddress(&data, address, sizeof(data));
// Detour Render loop entry
address = convertAddress(0x00BD6000);
DetourApply((BYTE*)address, (BYTE*)renderLoopEntry, 6, 0);
SDLOG(0, "FPS rate unlocked\n");
}
//----------------------------------------------------------------------------------------
// Game Patches
//----------------------------------------------------------------------------------------
void applyFPSPatch() {
enableGFWLCompatibility();
// Get imageBase
HANDLE exeHandle = NULL;
originalBase = 0x0400000;
exeHandle = GetModuleHandle(NULL);
if(exeHandle != NULL)
imageBase = (DWORD)exeHandle;
// Init counter for frame-rate calculations
lastRenderTime = 0.0f;
QueryPerformanceFrequency(&timerFreq);
QueryPerformanceCounter(&counterAtStart);
// Binary patches
//--------------------------------------------------------------
DWORD address;
DWORD data;
// Override D3D Presentation Interval
address = convertAddress(ADDR_PRESINT);
data = 5; //Set to immediate
writeToAddress(&data, address, sizeof(data));
// Detour call to getDrawThreadMsgCommand
address = convertAddress(ADDR_GETCMD);
DetourApply((BYTE*)address, (BYTE*)getDrawThreadMsgCommand, 5, CALLOP);
SDLOG(0, "FPS rate unlocked\n");
}
QString QBluetoothSocketPrivate::peerName() const
{
quint64 bdaddr;
if (socketType == QBluetoothServiceInfo::RfcommProtocol) {
sockaddr_rc addr;
socklen_t addrLength = sizeof(addr);
if (::getpeername(socket, reinterpret_cast<sockaddr *>(&addr), &addrLength) < 0)
return QString();
convertAddress(addr.rc_bdaddr.b, bdaddr);
} else if (socketType == QBluetoothServiceInfo::L2capProtocol) {
sockaddr_l2 addr;
socklen_t addrLength = sizeof(addr);
if (::getpeername(socket, reinterpret_cast<sockaddr *>(&addr), &addrLength) < 0)
return QString();
convertAddress(addr.l2_bdaddr.b, bdaddr);
} else {
qCWarning(QT_BT_BLUEZ) << "peerName() called on socket of unknown type";
return QString();
}
const QString peerAddress = QBluetoothAddress(bdaddr).toString();
const QString localAdapter = localAddress().toString();
if (isBluez5()) {
OrgFreedesktopDBusObjectManagerInterface manager(QStringLiteral("org.bluez"),
QStringLiteral("/"),
QDBusConnection::systemBus());
QDBusPendingReply<ManagedObjectList> reply = manager.GetManagedObjects();
reply.waitForFinished();
if (reply.isError())
return QString();
foreach (const QDBusObjectPath &path, reply.value().keys()) {
const InterfaceList ifaceList = reply.value().value(path);
foreach (const QString &iface, ifaceList.keys()) {
if (iface == QStringLiteral("org.bluez.Device1")) {
if (ifaceList.value(iface).value(QStringLiteral("Address")).toString()
== peerAddress)
return ifaceList.value(iface).value(QStringLiteral("Alias")).toString();
}
}
}
return QString();
} else {
/* Is 'generate' really the right name? */
in_addr_t generateRandomAddress()
{
in_addr_t address;
convertAddress(addresses[(1 + rand()) % NUMBER_OF_ADDRESSES], &address);
return address;
}
QBluetoothAddress HciManager::addressForConnectionHandle(quint16 handle) const
{
if (!isValid())
return QBluetoothAddress();
hci_conn_info *info;
hci_conn_list_req *infoList;
const int maxNoOfConnections = 20;
infoList = (hci_conn_list_req *)
malloc(sizeof(hci_conn_list_req) + maxNoOfConnections * sizeof(hci_conn_info));
if (!infoList)
return QBluetoothAddress();
QScopedPointer<hci_conn_list_req, QScopedPointerPodDeleter> p(infoList);
p->conn_num = maxNoOfConnections;
p->dev_id = hciDev;
info = p->conn_info;
if (ioctl(hciSocket, HCIGETCONNLIST, (void *) infoList) < 0) {
qCWarning(QT_BT_BLUEZ) << "Cannot retrieve connection list";
return QBluetoothAddress();
}
for (int i = 0; i < infoList->conn_num; i++) {
if (info[i].handle == handle)
return QBluetoothAddress(convertAddress(info[i].bdaddr.b));
}
return QBluetoothAddress();
}
void updateAnimationStepTime(float stepTime, float minFPS, float maxFPS) {
float FPS = 1.0f/(stepTime/1000);
if (FPS < minFPS)
stepTime = minFPS;
else if (stepTime > maxFPS)
FPS = maxFPS;
float cappedStep = 1/(float)FPS;
DWORD data = *(DWORD*)&cappedStep;
writeToAddress(&data, convertAddress(0x012497F0), sizeof(data));
}
// Memory
//------------------------------------
void updateAnimationStepTime(float stepTime, float minFPS, float maxFPS) {
float FPS = 1.0f/(stepTime/1000);
if (FPS < minFPS)
FPS = minFPS;
else if (FPS > maxFPS)
FPS = maxFPS;
float cappedStep = 1/(float)FPS;
if(RSManager::get().isPaused()) cappedStep = 0.000000000000000001f;
DWORD data = *(DWORD*)&cappedStep;
writeToAddress(&data, convertAddress(ADDR_TS), sizeof(data));
}
QBluetoothAddress QBluetoothSocketPrivate::localAddress() const
{
if (socketType == QBluetoothServiceInfo::RfcommProtocol) {
sockaddr_rc addr;
socklen_t addrLength = sizeof(addr);
if (::getsockname(socket, reinterpret_cast<sockaddr *>(&addr), &addrLength) == 0) {
quint64 bdaddr;
convertAddress(addr.rc_bdaddr.b, bdaddr);
return QBluetoothAddress(bdaddr);
}
} else if (socketType == QBluetoothServiceInfo::L2capProtocol) {
sockaddr_l2 addr;
socklen_t addrLength = sizeof(addr);
if (::getsockname(socket, reinterpret_cast<sockaddr *>(&addr), &addrLength) == 0) {
quint64 bdaddr;
convertAddress(addr.l2_bdaddr.b, bdaddr);
return QBluetoothAddress(bdaddr);
}
}
return QBluetoothAddress();
}
int HciManager::hciForAddress(const QBluetoothAddress &deviceAdapter)
{
if (hciSocket < 0)
return -1;
bdaddr_t adapter;
convertAddress(deviceAdapter.toUInt64(), adapter.b);
struct hci_dev_req *devRequest = 0;
struct hci_dev_list_req *devRequestList = 0;
struct hci_dev_info devInfo;
const int devListSize = sizeof(struct hci_dev_list_req)
+ HCI_MAX_DEV * sizeof(struct hci_dev_req);
devRequestList = (hci_dev_list_req *) malloc(devListSize);
if (!devRequestList)
return -1;
QScopedPointer<hci_dev_list_req, QScopedPointerPodDeleter> p(devRequestList);
memset(p.data(), 0, devListSize);
p->dev_num = HCI_MAX_DEV;
devRequest = p->dev_req;
if (ioctl(hciSocket, HCIGETDEVLIST, devRequestList) < 0)
return -1;
for (int i = 0; i < devRequestList->dev_num; i++) {
devInfo.dev_id = (devRequest+i)->dev_id;
if (ioctl(hciSocket, HCIGETDEVINFO, &devInfo) < 0) {
continue;
}
int result = memcmp(&adapter, &devInfo.bdaddr, sizeof(bdaddr_t));
if (result == 0 || deviceAdapter.isNull()) // addresses match
return devInfo.dev_id;
}
return -1;
}
void QBluetoothSocketPrivate::connectToService(const QBluetoothAddress &address, quint16 port, QIODevice::OpenMode openMode)
{
Q_Q(QBluetoothSocket);
int result = -1;
if (socket == -1 && !ensureNativeSocket(socketType)) {
errorString = QBluetoothSocket::tr("Unknown socket error");
q->setSocketError(QBluetoothSocket::UnknownSocketError);
return;
}
if (socketType == QBluetoothServiceInfo::RfcommProtocol) {
sockaddr_rc addr;
memset(&addr, 0, sizeof(addr));
addr.rc_family = AF_BLUETOOTH;
addr.rc_channel = port;
convertAddress(address.toUInt64(), addr.rc_bdaddr.b);
connectWriteNotifier->setEnabled(true);
readNotifier->setEnabled(true);QString();
result = ::connect(socket, (sockaddr *)&addr, sizeof(addr));
} else if (socketType == QBluetoothServiceInfo::L2capProtocol) {
sockaddr_l2 addr;
memset(&addr, 0, sizeof(addr));
addr.l2_family = AF_BLUETOOTH;
// This is an ugly hack but the socket class does what's needed already.
// For L2CP GATT we need a channel rather than a socket and the LE address type
// We don't want to make this public API offering for now especially since
// only Linux (of all platforms supported by this library) supports this type
// of socket.
#if defined(QT_BLUEZ_BLUETOOTH) && !defined(QT_BLUEZ_NO_BTLE)
if (lowEnergySocketType) {
addr.l2_cid = htobs(port);
addr.l2_bdaddr_type = lowEnergySocketType;
} else {
addr.l2_psm = htobs(port);
}
#else
addr.l2_psm = htobs(port);
#endif
convertAddress(address.toUInt64(), addr.l2_bdaddr.b);
connectWriteNotifier->setEnabled(true);
readNotifier->setEnabled(true);
result = ::connect(socket, (sockaddr *)&addr, sizeof(addr));
}
if (result >= 0 || (result == -1 && errno == EINPROGRESS)) {
connecting = true;
q->setSocketState(QBluetoothSocket::ConnectingState);
q->setOpenMode(openMode);
} else {
errorString = qt_error_string(errno);
q->setSocketError(QBluetoothSocket::UnknownSocketError);
}
}
//----------------------------------------------------------------------------------------
// Game Patches
//----------------------------------------------------------------------------------------
void applyFPSPatch() {
SDLOG(0, "Starting FPS unlock...\n");
#ifndef WITHOUT_GFWL_LIB
SDLOG(0, "Applying GFWL compatibility\n");
enableGFWLCompatibility();
#endif
// Get image info
MODULEINFO moduleInfo;
PIMAGE_DOS_HEADER dosHeader;
PIMAGE_NT_HEADERS ntHeader;
IMAGE_FILE_HEADER header;
if(GetModuleInformation(GetCurrentProcess(), GetModuleHandle(NULL), &moduleInfo, sizeof(moduleInfo)))
{
ImageBase = (DWORD)moduleInfo.lpBaseOfDll;
SDLOG(0, "ImageBase at 0x%08X\n", ImageBase);
dosHeader = (PIMAGE_DOS_HEADER)ImageBase;
ntHeader = (PIMAGE_NT_HEADERS)((DWORD)(dosHeader) + (dosHeader->e_lfanew));
header = ntHeader->FileHeader;
DWORD TimeStamp = header.TimeDateStamp;
SDLOG(0, "Executable timestamp: 0x%08X, config: 0x%08X\n", TimeStamp, EXE_TIMESTAMP);
// Perform pattern matching if timestamp differs
if (TimeStamp != EXE_TIMESTAMP) {
SDLOG(0, "Trying pattern matching...\n");
DWORD address;
address = GetMemoryAddressFromPattern(NULL, TS_PATTERN, TS_OFFSET);
if(address != NULL) {
SDLOG(0, "ADDR_TS found at 0x%08X\n", address);
ADDR_TS = address;
}
else {
SDLOG(0, "Could not match ADDR_TS pattern, FPS not unlocked\n");
return;
}
address = GetMemoryAddressFromPattern(NULL, PRESINT_PATTERN, PRESINT_OFFSET);
if(address != NULL) {
SDLOG(0, "ADDR_PRESINT found at 0x%08X\n", address);
ADDR_PRESINT = address;
}
else {
SDLOG(0, "Could not match ADDR_PRESINT pattern, FPS not unlocked\n");
return;
}
address = GetMemoryAddressFromPattern(NULL, GETCMD_PATTERN, GETCMD_OFFSET);
if(address != NULL) {
SDLOG(0, "ADDR_GETCMD found at 0x%08X\n", address);
ADDR_GETCMD = address;
}
else {
SDLOG(0, "Could not match ADDR_GETCMD pattern, FPS not unlocked\n");
return;
}
SDLOG(0, "Pattern matching successful\n");
}
else
SDLOG(0, "Using configured addresses\n");
}
else
{
SDLOG(0, "GetModuleInformation failed, FPS not unlocked\n");
return;
}
// Init counter for frame-rate calculations
lastRenderTime = 0.0f;
QueryPerformanceFrequency(&timerFreq);
QueryPerformanceCounter(&counterAtStart);
// Binary patches
//--------------------------------------------------------------
DWORD address;
DWORD data;
// Override D3D Presentation Interval
address = convertAddress(ADDR_PRESINT);
data = 5; //Set to immediate
writeToAddress(&data, address, sizeof(data));
// Detour call to getDrawThreadMsgCommand
address = convertAddress(ADDR_GETCMD);
DetourApply((BYTE*)address, (BYTE*)getDrawThreadMsgCommand, 5, CALLOP);
SDLOG(0, "FPS unlocked\n");
}
// Render Loop
//----------------------------------------------------------------------------------------
void renderLoop(void) {
bool run = true;
DWORD threadID = GetCurrentThreadId();
int taskFunc;
DWORD task;
//Pointers conversion
DWORD pGetTaskF = convertAddress(0x00577330);
DWORD pCleanTaskF = convertAddress(0x00577450);
QueryPerformanceFrequency(&timerFreq);
QueryPerformanceCounter(&counterAtStart);
float lastTime = 0.0f;
// Render loop
do {
// Get Job & state
_asm {
PUSH 1
MOV ECX, HighGraphics
CALL pGetTaskF //Get task pointer
MOV task, EAX //Store task pointer (EAX)
MOV ECX, [EAX+0x0C] //Get task function
MOV taskFunc, ECX //Store function
}
if (task == (HighGraphics+0x08)) //No task
break;
switch (taskFunc) {
// Exit loop
case 0:
_asm {
MOV EDI, TaskFuncPtr
MOV EAX, [EDI]
MOV EDX, [EAX+0x0C]
MOV ECX, EDI
CALL EDX
}
run = false;
break;
// Start Watch-dog Thread
case 1:
_asm {
MOV ESI, task
MOV EDI, TaskFuncPtr
MOV ECX, [ESI+0x2C]
MOV EDX, [ESI+0x28]
MOV EAX, [EDI]
PUSH ECX
MOV ECX, [ESI+0x24]
PUSH EDX
MOV EDX, [EAX+0x08]
PUSH ECX
MOV ECX, EDI
CALL EDX
}
break;
// Update and/or Render
case 2:
_asm {
MOV ESI, task
MOV EDI, TaskFuncPtr
MOV ECX, [ESI+0x24]
MOV EAX, [EDI]
MOV EDX, [EAX+0x10]
PUSH ECX
MOV ECX, EDI
CALL EDX
}
break;
// Do nothing (was debug log)
case 3:
_asm {
MOV EDI, TaskFuncPtr
MOV EAX, [EDI]
MOV EDX, [EAX+0x14]
MOV ECX, TaskFuncPtr
CALL EDX
}
break;
// Do nothing (was debug log)
case 4:
_asm {
MOV EDI, TaskFuncPtr
MOV EAX, [EDI]
MOV EDX, [EAX+0x18]
MOV ECX, TaskFuncPtr
CALL EDX
}
break;
// Force Render (caused by watchdog timeout)
case 5:
_asm {
MOV EDI, TaskFuncPtr
MOV EAX, [EDI]
MOV EDX, [EAX+0x1C]
MOV ECX, TaskFuncPtr
CALL EDX
}
break;
default:
break;
}
// If rendering was performed, update animation step-time
if((taskFunc == 2) || (taskFunc == 5)) {
// FPS regulation
float maxFPS = (float)Settings::get().getCurrentFPSLimit();
float minFPS = 10.0f;
float currentTime = getElapsedTime();
float deltaTime = currentTime - lastTime;
// Update step-time
updateAnimationStepTime((float)deltaTime, minFPS, maxFPS);
lastTime = currentTime;
}
// Task cleanup
_asm {
MOV ESI, task
PUSH ESI
MOV ECX, HighGraphics
CALL pCleanTaskF
}
} while (run);
}
