bool LoginEncryption(Client &client)
{
ud_instr iRet{ UD_Iret, { ud_arg::imm(4) } };
ud_instr iCmp{ UD_Icmp, { ud_arg::reg(), ud_arg::imm(0x10000) } };
int start;
if (!client.Find(Hooks::sendFunc, &start))
return false;//find beginning of the function
int end = start;
if (!client.Find(iRet, &end, 128))
return false;//find end of the function
int i = start;
if (!client.Find(iCmp, &i, end - start)) //find cmp, 0x10000 in this function
if (!client.FindAndFollow(UD_Icall, &i, start - end) || !client.Find(iCmp, &i, 16))
return false;//or in a call in this function
int dest = i += 2;
if (!client.Find(UD_Ijnz, &dest, 8))
return false;//find conditional jump after cmp
client.Hook(i, client[dest].destination());
return true;
}
bool TwoFishEncryption(Client &client)
{
int i;
if (!client.Find((LPVOID)Hooks::vtbl[6], &i))
return false;//get sixth function in socket vtbl
if (!client.FindAndFollow(UD_Icall, &i, 4))
return false;//follow first call
if (!client.FindAndFollow(UD_Ijnz, &i, 8))
return false;//follow first jnz
int dest = i;
if (!client.Find(UD_Ijz, &dest, 4))
return false;//find next jz
client.Hook(i, client[dest].destination());
return true;
}