C++ (Cpp) PatchMemory 예제들

예제 #1

0

파일 보기

파일: reflection_fix.cpp 프로젝트: akiraaisha/LinkerMod

BOOL ReflectionMod_Init()
{
	if(!IsReflectionMode())
		return FALSE;

	//
	// Always force the cursor to be shown
	//
	//PatchMemory(0x00683C50, (PBYTE)"\xC3", 1); // sub_683C50
	//PatchMemory(0x00867927, (PBYTE)"\xEB", 1); // jz short loc_86793E
	//PatchMemory(0x006EB2CC, (PBYTE)"\xEB", 1); // jz short loc_6EB2DE

	//
	// Enable AutoExit Upon Completing Reflections
	//
	PatchMemory(0x006CF373, (PBYTE)"\x90\x90", 2);
	PatchMemory(0x006CF379, (PBYTE)"\x90\x90", 2);
	PatchMemory(0x006CF382, (PBYTE)"\x90\x90", 2);
	PatchMemory(0x006CF388, (PBYTE)"\x90\x90", 2);

	Detours::X86::DetourFunction((PBYTE)0x006CF150, (PBYTE)&hk_R_GenerateReflectionRawDataAll);
	Detours::X86::DetourFunction((PBYTE)0x006CEE30, (PBYTE)R_GenerateReflectionRawData);

	//
	// Check g_reflectionsUpdated for ReflectionExit (mov [g_reflectionsUpdate], 1)
	//
	BYTE buf[7] = {0xC6,0x05,0xFF,0xFF,0xFF,0xFF,0x01};
	bool* pTmp = &g_reflectionsUpdated;
	memcpy(buf+2,&pTmp,4);
	PatchMemory(0x006CF383, buf, 7);

	return TRUE;
}

예제 #2

0

파일 보기

파일: Utils.cpp 프로젝트: DidUknowiPwn/T4M

void FixupFunction(ULONG_PTR Address, ULONG_PTR DestAddress)
{
	DWORD data = (DestAddress - Address - 5);

	PatchMemory(Address + 0, (PBYTE)"\xE9", 1);
	PatchMemory(Address + 1, (PBYTE)&data, 4);
}

예제 #3

0

파일 보기

파일: EDZero.cpp 프로젝트: QuocHuy7a10/Arianrhod

VOID Init()
{
    HMODULE hModule;

    MEMORY_FUNCTION_PATCH f[] =
    {
        { JUMP, 0x2609F8, ZeroWinMain, 0, OldZeroWinMain },
    };

    hModule = GetModuleHandleW(NULL);

    PatchMemory(NULL, 0, f, countof(f), hModule);
}

예제 #4

0

파일 보기

파일: yuris.cpp 프로젝트: Emiyasviel/Arianrhod

Void Init()
{
    static bool LeadByteTable[] =
    {
        0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
        0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
        0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
        0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
        0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
        0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
        0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
        0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
        1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
        1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
        1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
        1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
        1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
        1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
        1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
        1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 0, 0
    };

    MEMORY_PATCH p[] =
    {
        // misc
        { STRTOULONG("save_sc\\"), 4, 0x11371C },

        { (ULONG_PTR)LeadByteTable, sizeof(LeadByteTable), 0x1130A0 },

        // iat
        { (ULONG_PTR)MyTextOutA,            4, 0x9A8040 },
        { (ULONG_PTR)MyCreateFontIndirectA, 4, 0x9A803C },
        { (ULONG_PTR)MyMessageBoxA,         4, 0x9A8394 },
    };
/*
    MEMORY_FUNCTION_PATCH f[] =
    {
//        { CALL, 0x3E621, MyCreateWindowExA, 0x01 },
        { CALL, 0x47B21, MySetWindowTextA, 0x01 },
    };
*/
    HMODULE hModule = GetModuleHandleW(0);

    PatchMemory(p, countof(p), NULL, 0, hModule);
}

예제 #5

0

파일 보기

파일: Daiteikoku.cpp 프로젝트: AyanamiRei/chinesize

VOID Init()
{
    HMODULE hModule;
    static CHAR szConfig[] = "AliceStart_sc.ini";

    hModule = GetModuleHandleW(NULL);

    INTEL_STATIC MEMORY_PATCH p[] =
    {
        { 0xEB, 1, 0x25A4A },
        { 0xEB, 1, 0x275A6 },
        { 0xEB, 1, 0x27684 },
        { 0xEB, 1, 0x2CAAF },
        { 0xEB, 1, 0x2CBFB },
        { 0xEB, 1, 0x2CC4F },
        { 0xEB, 1, 0x2DB6C },
        { 0xEB, 1, 0x2DDD3 },
        { 0xEB, 1, 0x2E9CA },
        { 0xEB, 1, 0x2EB17 },
        { 0xEB, 1, 0x2EC0E },
        { 0xEB, 1, 0x2ECFE },
        { 0xEB, 1, 0x2EDF4 },
        { 0xEB, 1, 0x2EED7 },
        { 0xEB, 1, 0x2F066 },

        // config path
        { STRTOULONG(szConfig), 4, 0x235D9 },
        { sizeof(szConfig) - 1, 1, 0x235D7 },
    };

    INTEL_STATIC MEMORY_FUNCTION_PATCH f[] =
    {
        { CALL, 0x1DCA9, MyReadIni,   1 },
        { CALL, 0x26185, GetIniString,   0 },
        { JUMP, 0x2D440, LoadPlugins, 1, OldLoadPlugins },
//        { JUMP, (ULONG_PTR)PeekMessageA - (ULONG_PTR)hModule, MyPeekMessageA, 0, OldPeekMessageA },
    };

    PatchMemory(p, countof(p), f, countof(f), hModule);

//    g_Count = 4;

    SetExecuteDirectoryAsCurrentW();
}

예제 #6

0

파일 보기

파일: piano.cpp 프로젝트: Emiyasviel/Arianrhod

Void Init()
{
#if defined(NULL_IAT)
    if (!InitFunction(&g_func))
        DebugException();
#endif

    CMem::CreateGlobalHeap();
//    AddVectoredExceptionHandler(True, VectoredHandler);

    INTEL_STATIC SPatch p[] =
    {
        { 0xB8,          1, 0x3B98C },   // 验证
//        { 0x24EB,        2, 0x4B14F },   // 边界
//        { 0xD5EB,        2, 0x4B17E },   // 边界
        { 0xEB,          1, 0x4B14F },   // 边界
        { 0xEB,          1, 0x4B17E },   // 边界
        { 0xEB,          1, 0x483D1 },   // 边界
        { 0xEB,          1, 0x4AADA },   // 边界
        { 0xEB,          1, 0x4AB12 },   // 边界
        { SWAP2('【'),   4, 0x49C7B },
        { SWAP2('【'),   4, 0x49CA0 },
        { SWAP2('】'),   4, 0x49EF6 },
        { SWAP2('】'),   4, 0x49F1B },

#if defined (MY_DEBUG)
        { (UInt32)MyCreateFontIndirectA, 4, 0x5B044 },
        { (UInt32)MyGetGlyphOutlineA,    4, 0x5B04C },
#endif
    };

    INTEL_STATIC SFuncPatch f[] =
    {
        { CALL, 0x2F2E1, DecodeImage,   0x00 },
        { CALL, 0x23EAA, MylstrcmpiA,   0x01 },
//        { CALL, 0x2F065, MylstrcmpA,    0x01 },
        { CALL, 0x43904, GetSeSize,     0x00 },
        { CALL, 0x4392D, ReadSe,        0x00 },
    };

    WChar szPath[MAX_PATH];
    DWORD i;
#if defined (MY_DEBUG)
    PatchMemory(p, countof(p), f, countof(f), MYAPI(GetModuleHandleW)(0));
#else
    PatchMemoryNoVP(p, countof(p), f, countof(f), MYAPI(GetModuleHandleW)(0));
#endif

#if defined(NULL_IAT)
    HMODULE hVorbisfile = g_func.LoadStayedLibraryA("vorbisfile.dll", &g_func);
#else
    HMODULE hVorbisfile = LoadLibraryExW(L"vorbisfile.dll", NULL, 0);
#endif

    GetFuncAddress(vorbis_func.ov_clear,          hVorbisfile, "ov_clear");
    GetFuncAddress(vorbis_func.ov_open_callbacks, hVorbisfile, "ov_open_callbacks");
    GetFuncAddress(vorbis_func.ov_test_callbacks, hVorbisfile, "ov_test_callbacks");
    GetFuncAddress(vorbis_func.ov_pcm_seek,       hVorbisfile, "ov_pcm_seek");
    GetFuncAddress(vorbis_func.ov_pcm_total,      hVorbisfile, "ov_pcm_total");
    GetFuncAddress(vorbis_func.ov_read,           hVorbisfile, "ov_read");
    GetFuncAddress(vorbis_func.ov_time_total,     hVorbisfile, "ov_time_total");

    i = MYAPI(GetModuleFileNameW)(NULL, szPath, countof(szPath));
    while (szPath[--i] != '\\');
    ++i;
    *(PULONG64)&szPath[i] = TAG4W('save');
    szPath[i + 4] = 0;
    MYAPI(CreateDirectoryW)(szPath, NULL);

#if defined(USE_CACHE)
    g_ImageCache.Init();
#endif
}

예제 #7

0

파일 보기

파일: Daiteikoku.cpp 프로젝트: AyanamiRei/chinesize

BOOL FASTCALL LoadPlugins(PVOID Param1, PVOID Param2, PVOID Param3)
{
    BOOL     Result;
    HMODULE  hModule;

    // ensure edi is not modified
    Result = OldLoadPlugins(Param1, Param2, Param3);
    if (!Result)
        return Result;

    hModule = GetModuleHandleW(L"DLL\\Sys43VM.dll");
    if (hModule != NULL)
        FreeLibrary(hModule);

    hModule = LoadLibraryExW(L"DLL\\Sys43VM.dll", NULL, 0);
    if (hModule != NULL)
    {
        INTEL_STATIC MEMORY_PATCH p[] =
        {
            { 0xEB, 1, 0x064EF },
            { 0xEB, 1, 0x1C74E },
            { 0xEB, 1, 0x1F35B },
            { 0xEB, 1, 0x223B7 },
            { 0xEB, 1, 0x229C4 },
            { 0xEB, 1, 0x31DA8 },
            { 0xEB, 1, 0x35C72 },
            { 0xEB, 1, 0x35E09 },
            { 0xEB, 1, 0x36491 },
            { 0xEB, 1, 0x365D9 },
            { 0xEB, 1, 0x36A81 },
            { 0xEB, 1, 0x36BB9 },
            { 0xEB, 1, 0x36F5F },
        };

        PatchMemory(p, countof(p), 0, 0, hModule);
    }

    hModule = GetModuleHandleW(L"ChipmunkSpriteEngine.dll");
    if (hModule != NULL)
    {
        INTEL_STATIC MEMORY_PATCH p[] =
        {
            { 0xEB, 1, 0x02899 },
            { 0xEB, 1, 0xA3ED7 },
            { 0xEB, 1, 0xA81E6 },
        };

        INTEL_STATIC MEMORY_FUNCTION_PATCH f[] =
        {
            { JUMP, 0xEE00, GetCharOutline,     2, OldGetCharOutline },
            { JUMP, 0xF050, GetCharBitsPerRow,  0, OldGetCharBitsOfRow },
            { JUMP, 0xEFE4, GetCharDescent,     1, OldGetCharDescent },
        };

        PatchMemory(p, countof(p), f, countof(f), hModule);
        g_pfChipSpriteEngAllocMemory = (PVOID)(pfChipSpriteEngAllocMemory_RVA + (ULONG_PTR)hModule);
    }

    hModule = GetModuleHandleW(L"CrayfishLogViewer.dll");
    if (hModule != NULL)
    {
        INTEL_STATIC MEMORY_PATCH p[] =
        {
            { 0xEB, 1, 0x02833 },
            { 0xEB, 1, 0x04F3A },
        };
        PatchMemory(p, countof(p), 0, 0, hModule);
    }

    hModule = GetModuleHandleW(L"FileOperation.dll");
    if (hModule != NULL)
    {
        INTEL_STATIC MEMORY_PATCH p[] =
        {
            { 0xEB, 1, 0x0DFC4 },
            { 0xEB, 1, 0x0E199 },
        };
        PatchMemory(p, countof(p), 0, 0, hModule);
    }

    hModule = GetModuleHandleW(L"GoatGUIEngine.dll");
    if (hModule != NULL)
    {
        INTEL_STATIC MEMORY_PATCH p[] =
        {
            { 0xEB, 1, 0x1BBE8 },
            { 0xEB, 1, 0x1D5D0 },
            { 0xEB, 1, 0x1E98C },
            { 0xEB, 1, 0x1E9DF },
            { 0xEB, 1, 0x1EA18 },
            { 0xEB, 1, 0x1EB0C },
            { 0xEB, 1, 0x1EB71 },
            { 0xEB, 1, 0x20DCE },
        };
        PatchMemory(p, countof(p), 0, 0, hModule);
    }

    hModule = GetModuleHandleW(L"SystemService.dll");
    if (hModule != NULL)
    {
        INTEL_STATIC MEMORY_PATCH p[] =
        {
            { 0xEB, 1, 0x01F54 },
            { 0xEB, 1, 0x02037 },
        };
        PatchMemory(p, countof(p), 0, 0, hModule);
    }

    return TRUE;
}

예제 #8

0

파일 보기

파일: MoleBoxExtract.cpp 프로젝트: Emiyasviel/Arianrhod

BOOL APIENTRY DllMain(HANDLE hModule, DWORD ul_reason_for_call, LPVOID lpReserved)
{
    static BOOL bInit = False;

    if (ul_reason_for_call != DLL_PROCESS_ATTACH || bInit == True)
        return True;

    INT32                    EP;
    PIMAGE_DOS_HEADER        pDosHeader;
    PIMAGE_FILE_HEADER       pFileHeader;
    PIMAGE_OPTIONAL_HEADER32 pOptionalHeader;
    PIMAGE_SECTION_HEADER    pSectionHeader;

    pDosHeader = (PIMAGE_DOS_HEADER)GetModuleHandle(0);
    if (VirtualProtectEx((HANDLE)-1, pDosHeader, 0x1000, PAGE_READWRITE, (LPDWORD)&EP) == False)
        return True;

    pFileHeader     = (PIMAGE_FILE_HEADER)((PBYTE)pDosHeader + pDosHeader->e_lfanew + 4);
    pOptionalHeader = (PIMAGE_OPTIONAL_HEADER32)((PBYTE)pFileHeader + sizeof(*pFileHeader));
    pSectionHeader  = (PIMAGE_SECTION_HEADER)((PBYTE)pOptionalHeader + pFileHeader->SizeOfOptionalHeader);

    for (EP = 0; EP != pFileHeader->NumberOfSections; ++EP)
    {
        ImageSections[EP].dwAddressStart = pSectionHeader[EP].VirtualAddress + (DWORD)pDosHeader;
        ImageSections[EP].dwAddressEnd = ImageSections[EP].dwAddressStart + pSectionHeader[EP].Misc.VirtualSize;
    }

    dwImageSections = EP;

    SFuncPatch f[] =
    {
        { JUMP, (UInt32)VirtualAlloc,     MyVirtualAlloc  ,   0 },
        { JUMP, (UInt32)VirtualFree,      MyVirtualFree   ,   0 },
        { JUMP, (UInt32)VirtualProtect,   MyVirtualProtect,   0 },
//        { JUMP, (DWORD)LoadLibraryExA,   (DWORD)MyLoadLibraryExA,   0 },
        { JUMP, (UInt32)GetFileTime,      MyGetFileTime,      0 },
        { JUMP, (UInt32)CharUpperBuffA,   MyCharUpperBuffA,   0 },
        { JUMP, (UInt32)GetProcAddress,   MyGetProcAddress,   0 },
        { JUMP, (UInt32)GetModuleHandleA, MyGetModuleHandleA, 0 },
//        { JUMP, (DWORD)GetFullPathNameA, (DWORD)MyGetFullPathNameA, 0 },
    };

    PatchMemory(0, 0, f, countof(f), 0);
    Status = INIT;
    dwMaxPackage = 10;

    EP = (INT32)pDosHeader + pOptionalHeader->AddressOfEntryPoint;
    if (*(PBYTE)EP == 0xE8)
    {
        EP += *(PINT32)((PBYTE)(EP + 1)) + 5;
        if (*(PBYTE)EP++ == 0x60)     // pushad
        {
            gpSectionHeader = (PIMAGE_SECTION_HEADER)(EP + 6 - 0x3FA - 1);
            EP += *(PINT32)((PBYTE)(EP + 1)) + 5;
            EP += *(PINT32)((PBYTE)(EP + 1)) + 5;
            while (*(PINT32)EP != 0xE8D0FF58)
            {
                ++EP;
            }
            ++EP;
            *(PBYTE)EP = JUMP;
            *(PINT32)(EP + 1) = (DWORD)MyEntryPoint - (EP + 5);
        }
    }

    pMoleBoxFile = (TMoleBoxFile **)HeapAlloc(Nt_GetProcessHeap(),
                        HEAP_ZERO_MEMORY, dwMaxPackage * sizeof(*pMoleBoxFile));

    return True;
}

예제 #9

0

파일 보기

파일: EDZero.cpp 프로젝트: QuocHuy7a10/Arianrhod

VOID InitSecuRom()
{
    ULONG Value1, Value2;

    union
    {
        HMODULE     hModule;
        ULONG_PTR   BaseAddress;
    };

    SecuromInitFunc Init1 = (SecuromInitFunc)0xE59426;
    SecuromInitFunc Init2 = (SecuromInitFunc)0xC06CF3;

    MessageBoxW(NULL, NULL, NULL, NULL);

    hModule = GetModuleHandleW(NULL);

    MEMORY_PATCH p[] =
    {
        // static data
        { NULL,                                     4, 0x125BC58 },     // pointer
        { NULL,                                     4, 0x125BC6C },     // pointer
        { (ULONG_PTR)SRData3,                       4, 0x1220964 },     // data
        { (ULONG_PTR)VM_HANDLER_PTR,                       4, 0x122097C },     // data
        { *(PULONG_PTR)(0x93E3E0 + BaseAddress),    4, 0x1343CDC },     // SR CRT hHeap
        { (ULONG_PTR)VM,                            4, 0x13456BC },     // VM
        { 0xB8,                                     1, 0x0C068EE },     // skip decrypt code call

        // IAT

        { (ULONG_PTR)HeapAlloc,                 4, 0x1512E34 },   // SR IAT HeapAlloc
        { (ULONG_PTR)HeapReAlloc,               4, 0x1512D2C },   // SR IAT HeapReAlloc
        { (ULONG_PTR)HeapFree,                  4, 0x1512E38 },   // SR IAT HeapFree
        { (ULONG_PTR)EnterCriticalSection,      4, 0x1512D7C },   // SR IAT EnterCriticalSection
        { (ULONG_PTR)LeaveCriticalSection,      4, 0x1512D80 },   // SR IAT LeaveCriticalSection
    };

    PatchMemory(p, countof(p), NULL, 0, hModule);

    *(PULONG_PTR)&VM[0x78] = (ULONG_PTR)SRDataPtr1;
    *(PULONG_PTR)&VM[0xCC] = (ULONG_PTR)SRData3;
    *(PULONG_PTR)&VM[0xDA] = (ULONG_PTR)VM_HANDLER_PTR;

    for (ULONG Count = countof(VM_HANDLER_PTR), *p = VM_HANDLER_PTR; Count; ++p, --Count)
    {
        *p = *p + (ULONG_PTR)VM_HANDLER - (ULONG_PTR)VM;
    }

    InitializeCriticalSection((LPCRITICAL_SECTION)(0x125BC34 + BaseAddress));

    *(PULONG_PTR)&Init1 += BaseAddress;
    *(PULONG_PTR)&Init2 += BaseAddress;

    Value1 = 0;
    Value2 = 4;
    Init1(0x125BC6C + BaseAddress, 0, 0, 0, 0, &Value1, &Value2);

    EnumDirectoryFiles(
        NULL,
        L"*.*",
        0,
        L"J:\\Falcom\\ED_Zero\\SRData",
        NULL,
        (FEnumDirectoryFilesCallBack)Callback,
        (ULONG_PTR)Init2,
        0
    );

//    Init2(0x176BD6F + BaseAddress, NULL/* pEnctyptData */);
}