void Load() { // parse text file std::string path = darkomen::modmenu::getCurrentModPath(); if (path.empty()) { return; } path += "\\PRG_ENG\\xslots.txt"; if( 0xFFFFFFFF == getFileAttributes_orig( path.c_str() ) ) return; char* readbuf = ReadInFile( path.c_str() ); if( readbuf == NULL ) return; char* text = readbuf; int line = 1; while( *text != '\0' ) { // temp vars DWORD slot_id; char buf[ 12 ]; DWORD len; DWORD required_len; // scan till some content is found SkipWhiteSpaceAndComments( text ); if( *text == '\r' ) text++; if( *text == '\n' ){ text++; line++; continue; } // required_len = ReadOutWord( buf, sizeof(buf), text, &len ); if( ( required_len > sizeof(buf) ) || ( required_len <= 1 ) ){ Log( "xslot: Error ( line %d )", line ); goto the_end; } text += len; SkipWhiteSpaceAndComments( text ); // slot_id = ReadOutInteger( text, &len ); if( len == 0 ){ Log( "xslot: Error expected slot_id ( line %d )", line ); goto the_end; } text += len; SkipWhiteSpaceAndComments( text ); // if( 0 == strcmp( buf, "SPRITE" ) ){ if( slot_id > ( X_SPRITE_LAST - X_SPRITE_FIRST ) ){ Log( "xslot: Error %s exceeds max of %d ( line %d )", "slot_id", ( X_SPRITE_LAST - X_SPRITE_FIRST ), line ); goto the_end; } SPRITE_SLOT* p = &SpriteTable[ slot_id + X_SPRITE_FIRST ]; // required_len = ReadOutWord( p->name, sizeof(p->name), text, &len ); if( required_len > sizeof(p->name) ){ Log( "xslot: Error %s exceeds max of %d ( line %d )", "sprite_file_name", sizeof(p->name), line ); goto the_end; } if( len == 0 ){ continue; } text += len; SkipWhiteSpaceAndComments( text ); // DWORD off = ReadOutInteger( text, &len ); text += len; if( len == 0 ){ Log( "xslot: Error missing sprite_type_offset ( line %d )", line ); goto the_end; } if( ( off > 0x0000023E ) || ( ( off % 0x000000E ) != 0 ) ){ Log( "xslot: Error invalid value (0x%08X) for sprite_type_offset ( line %d )", off, line ); goto the_end; } p->type_id = 8; // troop sprite offset_table[ slot_id + X_SPRITE_FIRST ] = (WORD)off; } else { if( 0 == strcmp( buf, "NAME" ) ){ if( slot_id > ( X_NAME_LAST - X_NAME_FIRST ) ){ Log( "xslot: Error %s exceeds max of %d ( line %d )", "slot_id", ( X_NAME_LAST - X_NAME_FIRST ), line ); goto the_end; } required_len = ReadOutWord( &x_names[slot_id][0], 64, text, &len ); if( len == 0 ){ continue; } text += len; if( required_len > 64 ){ Log( "xslot: Error %s exceeds max of %d ( line %d )", "name", 64, line ); goto the_end; } unit_name[ slot_id + X_NAME_FIRST ] = &x_names[slot_id][0]; } else { if( 0 == strcmp( buf, "BANNER" ) ){ if( slot_id > ( X_BANNER_LAST - X_BANNER_FIRST ) ){ Log( "xslot: Error %s exceeds max of %d ( line %d )", "slot_id", ( X_BANNER_LAST - X_BANNER_FIRST ), line ); goto the_end; } SPRITE_SLOT* p = &SpriteTable[ slot_id + X_BANNER_FIRST ]; // required_len = ReadOutWord( p->name, sizeof(p->name), text, &len ); if( required_len > sizeof(p->name) ){ Log( "xslot: Error %s exceeds max of %d ( line %d )", "sprite_file_name", sizeof(p->name), line ); goto the_end; } if( len == 0 ){ continue; } text += len; SkipWhiteSpaceAndComments( text ); // DWORD shape = ReadOutInteger( text, &len ); if( len == 0 ){ Log( "xslot: Error missing banner_shape_id ( line %d )", line ); goto the_end; } text += len; p->banner_bkgrnd_id = shape; } else { if( 0 == strcmp( buf, "BOOK" ) ){ if( slot_id > ( X_BOOK_LAST - X_BOOK_FIRST ) ){ Log( "xslot: Error %s exceeds max of %d ( line %d )", "slot_id", ( X_BOOK_LAST - X_BOOK_FIRST ), line ); goto the_end; } // troop_book_banner_index[ slot_id + X_BOOK_FIRST ] = (char) ReadOutInteger( text, &len ); if( len == 0 ){ continue; } text += len; SkipWhiteSpaceAndComments( text ); // required_len = ReadOutWord( 0, 0, text, &len ); if( len == 0 ){ Log( "xslot: Error missing leader_pic ( line %d )", line ); } troop_book_leader_pic[ slot_id + X_BOOK_FIRST ] = (char*) HeapAlloc( GetProcessHeap(), 0, required_len ); if( troop_book_leader_pic[ slot_id + X_BOOK_FIRST ] == NULL ){ Log( "xslot: Alloc Failed ( line %d )", line ); goto the_end; } ReadOutWord( troop_book_leader_pic[ slot_id + X_BOOK_FIRST ], required_len, text, &len ); text += len; SkipWhiteSpaceAndComments( text ); // required_len = ReadOutWord( 0, 0, text, &len ); if( len == 0 ){ Log( "xslot: Error missing troop_pic ( line %d )", line ); goto the_end; } troop_book_unit_pic[ slot_id + X_BOOK_FIRST ] = (char*) HeapAlloc( GetProcessHeap(), 0, required_len ); if( troop_book_unit_pic[ slot_id + X_BOOK_FIRST ] == NULL ){ Log( "xslot: Alloc Failed ( line %d )", line ); goto the_end; } ReadOutWord( troop_book_unit_pic[ slot_id + X_BOOK_FIRST ], required_len, text, &len ); text += len; SkipWhiteSpaceAndComments( text ); // required_len = ReadOutWord( 0, 0, text, &len ); if( len == 0 ){ Log( "xslot: Error missing troop_desc ( line %d )", line ); goto the_end; } troop_book_unit_desc[ slot_id + X_BOOK_FIRST ] = (char*) HeapAlloc( GetProcessHeap(), 0, required_len ); if( troop_book_unit_desc[ slot_id + X_BOOK_FIRST ] == NULL ){ Log( "xslot: Alloc Failed ( line %d )", line ); goto the_end; } ReadOutWord( troop_book_unit_desc[ slot_id + X_BOOK_FIRST ], required_len, text, &len ); text += len; } else{ if( 0 == strcmp( buf, "PORTRAIT" ) ){ if( slot_id > ( X_PORTRAIT_LAST - X_PORTRAIT_FIRST ) ){ Log( "xslot: Error %s exceeds max of %d ( line %d )", "slot_id", ( X_PORTRAIT_LAST - X_PORTRAIT_FIRST ), line ); goto the_end; } DWORD m3d_id = ReadOutInteger( text, &len ); if( len == 0 ){ Log( "xslot: Error expected m3d_id ( line %d )", line ); goto the_end; } text += len; SPRITE_SLOT* p = &SpriteTable[ slot_id + X_PORTRAIT_FIRST ]; p->loaded_index = m3d_id; } else { Log( "xslot: Error unrecognized command \"%s\" ( line %d )", buf, line ); goto the_end; } } } } } } // while // copy original data in from the game executable memcpy( SpriteTable, (void*)0x004CEB50, 257 * sizeof( SPRITE_SLOT ) ); memcpy( offset_table, (void*)0x004EBC88, 96 * sizeof( WORD ) ); memcpy( unit_name, (void*)0x004E2640, 0x50 * sizeof( char* ) ); memcpy( troop_book_unit_pic, (void*)0x004C0940, 0x50 * sizeof( char* ) ); memcpy( troop_book_leader_pic, (void*)0x004C0A80, 0x50 * sizeof( char* ) ); memcpy( troop_book_unit_desc, (void*)0x004E2780, 0x50 * sizeof( char* ) ); memcpy( troop_book_banner_index, (void*)0x004C0BC0, 0x50 * sizeof( char ) ); // install hooks HOOK_CALL( &ReferencedPortraits, 0x00401C8A ); HOOK_CALL( &ReferencedPortraits, 0x00401E21 ); HOOK_CALL( PortraitShutdown, 0x0042A3C6 ); HOOK_CALL( PortraitInit, 0x00428A1F ); *((BYTE*)0x0041EE08) = 0x7F; // override max head_db entries (0x3F) *((BYTE*)0x0041EC9B) = 0x7F; // override max head_db entries (0x3F) WRITE_JMP( GetType, 0x004184B0 ); WRITE_JMP( AddRef, 0x004184D0 ); WRITE_JMP( Release, 0x004184F0 ); WRITE_JMP( ZeroRef, 0x00418510 ); WRITE_JMP( GetLoadedIndex, 0x00418540 ); WRITE_JMP( LoadReferencedSprites, 0x0042B510 ); WRITE_JMP( LoadedSpriteArrayUnloaded, 0x0042B600 ); WRITE_JMP( LoadReferencedBanners, 0x0042B9E0 ); *((SPRITE_SLOT**)0x004018DF) = &SpriteTable[ PORTRAIT_FIRST ]; // sub_4018A0 ( PortraitsInit ) *((SPRITE_SLOT**)0x00401910) = &SpriteTable[ PORTRAIT_LAST ]; // sub_4018A0 ( PortraitsInit ) *((DWORD**)0x0041D3A5) = &(SpriteTable[0].loaded_index); // sub_41D360 ( WHMTG_SpeakNoWait ) *((DWORD**)0x0042459C) = &(SpriteTable[0].loaded_index); // sub_424530 ( ?? ) *((DWORD**)0x0042BD81) = &(SpriteTable[0].loaded_index); // sub_42BCC0 ( ?? ) *((DWORD**)0x0042BEDD) = &(SpriteTable[0].loaded_index); // sub_42BCC0 ( ?? ) *((DWORD**)0x0042E238) = &(SpriteTable[0].loaded_index); // sub_42E1E0 ( ?? ) *((DWORD**)0x0042B705) = &(SpriteTable[0].loaded_index); // sub_42B6A0 ( ?? ) *((WORD**) 0x0047FE01) = offset_table; // sub_47FDF0 ( get sprite type info by id...? ) *((DWORD*)0x00526D24) = (DWORD)&Loaded_Sprite_Array; *((DWORD*)0x00526D2C) = (DWORD)&Loaded_Banner_Array; *((DWORD*)0x00409F11) = (DWORD)troop_book_unit_pic; *((DWORD*)0x00409F52) = (DWORD)troop_book_unit_pic; *((DWORD*)0x0040C0CC) = (DWORD)troop_book_unit_pic; *((DWORD*)0x0040C108) = (DWORD)troop_book_unit_pic; *((DWORD*)0x00409DE3) = (DWORD)troop_book_leader_pic; *((DWORD*)0x0040BD24) = (DWORD)troop_book_leader_pic; *((DWORD*)0x00409EC2) = (DWORD)unit_name; *((DWORD*)0x0040B876) = (DWORD)unit_name; *((DWORD*)0x0040BE4A) = (DWORD)unit_name; *((DWORD*)0x0040C20F) = (DWORD)unit_name; *((DWORD*)0x0040C461) = (DWORD)unit_name; *((DWORD*)0x0040D213) = (DWORD)unit_name; *((DWORD*)0x0040D9C3) = (DWORD)unit_name; *((DWORD*)0x0041985C) = (DWORD)unit_name; *((DWORD*)0x0041A5E4) = (DWORD)unit_name; *((DWORD*)0x0041B1B0) = (DWORD)unit_name; *((DWORD*)0x0041B4CA) = (DWORD)unit_name; *((DWORD*)0x0042671A) = (DWORD)unit_name; *((DWORD*)0x004286E1) = (DWORD)unit_name; *((DWORD*)0x00409E63) = (DWORD)troop_book_unit_desc; *((DWORD*)0x0040BDE0) = (DWORD)troop_book_unit_desc; *((DWORD*)0x004099B5) = (DWORD)troop_book_banner_index; *((DWORD*)0x00409DAD) = (DWORD)troop_book_banner_index; *((DWORD*)0x0040B83D) = (DWORD)troop_book_banner_index; *((DWORD*)0x0040BCE0) = (DWORD)troop_book_banner_index; *((DWORD*)0x0040C1D5) = (DWORD)troop_book_banner_index; *((DWORD*)0x0040C413) = (DWORD)troop_book_banner_index; *((DWORD*)0x0040D97C) = (DWORD)troop_book_banner_index; *((DWORD*)0x0040E1E9) = (DWORD)troop_book_banner_index; *((DWORD*)0x004192A4) = (DWORD)troop_book_banner_index; *((DWORD*)0x0041981E) = (DWORD)troop_book_banner_index; *((DWORD*)0x0041A39E) = (DWORD)troop_book_banner_index; *((DWORD*)0x0041A5A6) = (DWORD)troop_book_banner_index; *((DWORD*)0x0041B172) = (DWORD)troop_book_banner_index; *((DWORD*)0x0041B48C) = (DWORD)troop_book_banner_index; *((DWORD*)0x00425B26) = (DWORD)troop_book_banner_index; *((DWORD*)0x00426DEB) = (DWORD)troop_book_banner_index; the_end: VirtualFree( readbuf, 0, MEM_RELEASE ); return; }
DWORD WaHook::_hook(HANDLE process, void *functionForHook, void *hookerFunction, void *originalFunction, HOTPATCHCALLBACK hotPatchCallback) { DWORD retVal = 0; DWORD oldProtect; DWORD_PTR avalibeBytes = checkAvalibleBytes(process, functionForHook); //Даем все права затрагиваемым страницам. if(avalibeBytes >= OPCODE_MAX_SIZE * 2 && CWA(kernel32, VirtualProtectEx)(process, functionForHook, OPCODE_MAX_SIZE * 2, PAGE_EXECUTE_READWRITE, &oldProtect) != 0) { //Считываем старый код. BYTE buf[OPCODE_MAX_SIZE * 2 + JMP_ADDR_SIZE]; Mem::_set(buf, (char)0x90, sizeof(buf));/*параноя*/ if(CWA(kernel32, ReadProcessMemory)(process, functionForHook, buf, OPCODE_MAX_SIZE * 2, NULL) == 0)goto END; //Читаем опкоды, пока их суммарная длина не достигнит INJECT_SIZE. DWORD_PTR opcodeOffset = 0; for(;;) { LPBYTE currentOpcode = buf + opcodeOffset; DWORD currentOpcodeLen = Disasm::_getOpcodeLength(currentOpcode); //Неизвестный опкод. if(currentOpcodeLen == (DWORD)-1) { #if defined(WDEBUG2) WDEBUG2(WDDT_ERROR, "Bad opcode detected at offset %u for function 0x%p", opcodeOffset, functionForHook); #endif goto END; } opcodeOffset += currentOpcodeLen; if(opcodeOffset > sizeof(buf) - JMP_ADDR_SIZE) { #if defined(WDEBUG2) WDEBUG2(WDDT_ERROR, "Very long opcode detected at offset %u for function 0x%p", opcodeOffset - currentOpcodeLen, functionForHook); #endif goto END; } //Отностиельные call и jmp. if((currentOpcode[0] == 0xE9 || currentOpcode[0] == 0xE8) && currentOpcodeLen == 1 + sizeof(DWORD)) //FIXME: не уверен для x64. { # if defined(WDEBUG0) WDEBUG1(WDDT_INFO, "Relative JMP/CALL(%02X) detected.", currentOpcode[0]); # endif DWORD *relAddrSet = (DWORD *)(currentOpcode + 1); DWORD_PTR to = (*relAddrSet) + ((DWORD_PTR)functionForHook + opcodeOffset); *relAddrSet = (DWORD)(to - ((DWORD_PTR)originalFunction + opcodeOffset)); } if(opcodeOffset >= INJECT_SIZE)break; } //Сохраняем оригинальные опкоды в originalFunction. { //Дописываем в конец буфера, jump на продолжение functionForHook. LPBYTE pjmp = buf + opcodeOffset; WRITE_JMP(pjmp, originalFunction/* + opcodeOffset*/, functionForHook/* + opcodeOffset*/); if(CWA(kernel32, WriteProcessMemory)(process, originalFunction, buf, opcodeOffset + JMP_ADDR_SIZE, NULL) == 0)goto END; } //Пишим инжект в функцию. { WRITE_JMP(buf, functionForHook, hookerFunction); hotPatchCallback(functionForHook, originalFunction); if(CWA(kernel32, WriteProcessMemory)(process, functionForHook, buf, INJECT_SIZE, NULL) == 0)goto END; } retVal = opcodeOffset + JMP_ADDR_SIZE; //Размер вырезаного фрагмента. END: //Восстаналиваем права. CWA(kernel32, VirtualProtectEx)(process, functionForHook, OPCODE_MAX_SIZE * 2, oldProtect, &oldProtect); } return retVal; }
DWORD WaHook::_hook(HANDLE process, void *functionForHook, void *hookerFunction, void *originalFunction, HOTPATCHCALLBACK hotPatchCallback) { DWORD retVal = 0; DWORD oldProtect; DWORD_PTR avalibeBytes = checkAvalibleBytes(process, functionForHook); //Give all the rights of the affected pages. if(avalibeBytes >= OPCODE_MAX_SIZE * 2 && CWA(kernel32, VirtualProtectEx)(process, functionForHook, OPCODE_MAX_SIZE * 2, PAGE_EXECUTE_READWRITE, &oldProtect) != 0) { //Read the old code. BYTE buf[OPCODE_MAX_SIZE * 2 + JMP_ADDR_SIZE]; Mem::_set(buf, (char)0x90, sizeof(buf));/*парано¤*/ if(CWA(kernel32, ReadProcessMemory)(process, functionForHook, buf, OPCODE_MAX_SIZE * 2, NULL) == 0)goto END; //Read opcodes, while their total length does not reach INJECT_SIZE. DWORD_PTR opcodeOffset = 0; for(;;) { LPBYTE currentOpcode = bufB + OpcodeOffset; DWORD currentOpcodeLen = Disasm::_getOpcodeLength(currentOpcode); //Unknown opcode. if(currentOpcodeLen == (DWORD)-1) { #if defined(WDEBUG2) WDEBUG2(WDDT_ERROR, "Bad opcode detected at offset %u for function 0x%p", opcodeOffset, functionForHook); #endif goto END; } opcodeOffset += currentOpcodeLen; if(opcodeOffset > sizeof(buf) - JMP_ADDR_SIZE) { #if defined(WDEBUG2) WDEBUG2(WDDT_ERROR, "Very long opcode detected at offset %u for function 0x%p", opcodeOffset - currentOpcodeLen, functionForHook); #endif goto END; } //Otnostielnye call and jmp. if((currentOpcode[0] == 0xE9 || currentOpcode[0] == 0xE8) && currentOpcodeLen == 1 + sizeof(DWORD)) //FIXME: not sure for x64. { # if defined(WDEBUG0) WDEBUG1(WDDT_INFO, "Relative JMP/CALL(%02X) detected.", currentOpcode[0]); # endif DWORD *relAddrSet = (DWORD *)(currentOpcode + 1); DWORD_PTR to = (*relAddrSet) + ((DWORD_PTR)functionForHookB + OpcodeOffset); *relAddrSet = (DWORD)(to - ((DWORD_PTR)originalFunctionB + OpcodeOffset)); } if(opcodeOffset >= INJECT_SIZE)break; } //Save the original opcodes in originalFunction. { //Appends buffer, jump to the continuation functionForHook. LPBYTE pjmp = bufB + OpcodeOffset; WRITE_JMP(pjmp, originalFunction/*B + OpcodeOffset*/, functionForHook/*B + OpcodeOffset*/); if(CWA(kernel32, WriteProcessMemory)(process, originalFunction, buf, opcodeOffset + JMP_ADDR_SIZE, NULL) == 0)goto END; } //Pishim inject into the function. { WRITE_JMP(buf, functionForHook, hookerFunction); hotPatchCallback(functionForHook, originalFunction); if(CWA(kernel32, WriteProcessMemory)(process, functionForHook, buf, INJECT_SIZE, NULL) == 0)goto END; } retVal = opcodeOffset + JMP_ADDR_SIZE; //The size of fragment excision. END: //Vosstanalivaem law. CWA(kernel32, VirtualProtectEx)(process, functionForHook, OPCODE_MAX_SIZE * 2, oldProtect, &oldProtect); } return retVal; }