commit f5ba39b513110a6d2fae2ea7b5d6cad9d300f385 Author: thexeondev <149735250+thexeondev@users.noreply.github.com> Date: Sun Dec 10 01:48:53 2023 +0300 Initial commit diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..8a30d25 --- /dev/null +++ b/.gitignore @@ -0,0 +1,398 @@ +## Ignore Visual Studio temporary files, build results, and +## files generated by popular Visual Studio add-ons. +## +## Get latest from https://github.com/github/gitignore/blob/main/VisualStudio.gitignore + +# User-specific files +*.rsuser +*.suo +*.user +*.userosscache +*.sln.docstates + +# User-specific files (MonoDevelop/Xamarin Studio) +*.userprefs + +# Mono auto generated files +mono_crash.* + +# Build results +[Dd]ebug/ +[Dd]ebugPublic/ +[Rr]elease/ +[Rr]eleases/ +x64/ +x86/ +[Ww][Ii][Nn]32/ +[Aa][Rr][Mm]/ +[Aa][Rr][Mm]64/ +bld/ +[Bb]in/ +[Oo]bj/ +[Ll]og/ +[Ll]ogs/ + +# Visual Studio 2015/2017 cache/options directory +.vs/ +# Uncomment if you have tasks that create the project's static files in wwwroot +#wwwroot/ + +# Visual Studio 2017 auto generated files +Generated\ Files/ + +# MSTest test Results +[Tt]est[Rr]esult*/ +[Bb]uild[Ll]og.* + +# NUnit +*.VisualState.xml +TestResult.xml +nunit-*.xml + +# Build Results of an ATL Project +[Dd]ebugPS/ +[Rr]eleasePS/ +dlldata.c + +# Benchmark Results +BenchmarkDotNet.Artifacts/ + +# .NET Core +project.lock.json +project.fragment.lock.json +artifacts/ + +# ASP.NET Scaffolding +ScaffoldingReadMe.txt + +# StyleCop +StyleCopReport.xml + +# Files built by Visual Studio +*_i.c +*_p.c +*_h.h +*.ilk +*.meta +*.obj +*.iobj +*.pch +*.pdb +*.ipdb +*.pgc +*.pgd +*.rsp +*.sbr +*.tlb +*.tli +*.tlh +*.tmp +*.tmp_proj +*_wpftmp.csproj +*.log +*.tlog +*.vspscc +*.vssscc +.builds +*.pidb +*.svclog +*.scc + +# Chutzpah Test files +_Chutzpah* + +# Visual C++ cache files +ipch/ +*.aps +*.ncb +*.opendb +*.opensdf +*.sdf +*.cachefile +*.VC.db +*.VC.VC.opendb + +# Visual Studio profiler +*.psess +*.vsp +*.vspx +*.sap + +# Visual Studio Trace Files +*.e2e + +# TFS 2012 Local Workspace +$tf/ + +# Guidance Automation Toolkit +*.gpState + +# ReSharper is a .NET coding add-in +_ReSharper*/ +*.[Rr]e[Ss]harper +*.DotSettings.user + +# TeamCity is a build add-in +_TeamCity* + +# DotCover is a Code Coverage Tool +*.dotCover + +# AxoCover is a Code Coverage Tool +.axoCover/* +!.axoCover/settings.json + +# Coverlet is a free, cross platform Code Coverage Tool +coverage*.json +coverage*.xml +coverage*.info + +# Visual Studio code coverage results +*.coverage +*.coveragexml + +# NCrunch +_NCrunch_* +.*crunch*.local.xml +nCrunchTemp_* + +# MightyMoose +*.mm.* +AutoTest.Net/ + +# Web workbench (sass) +.sass-cache/ + +# Installshield output folder +[Ee]xpress/ + +# DocProject is a documentation generator add-in +DocProject/buildhelp/ +DocProject/Help/*.HxT +DocProject/Help/*.HxC +DocProject/Help/*.hhc +DocProject/Help/*.hhk +DocProject/Help/*.hhp +DocProject/Help/Html2 +DocProject/Help/html + +# Click-Once directory +publish/ + +# Publish Web Output +*.[Pp]ublish.xml +*.azurePubxml +# Note: Comment the next line if you want to checkin your web deploy settings, +# but database connection strings (with potential passwords) will be unencrypted +*.pubxml +*.publishproj + +# Microsoft Azure Web App publish settings. Comment the next line if you want to +# checkin your Azure Web App publish settings, but sensitive information contained +# in these scripts will be unencrypted +PublishScripts/ + +# NuGet Packages +*.nupkg +# NuGet Symbol Packages +*.snupkg +# The packages folder can be ignored because of Package Restore +**/[Pp]ackages/* +# except build/, which is used as an MSBuild target. +!**/[Pp]ackages/build/ +# Uncomment if necessary however generally it will be regenerated when needed +#!**/[Pp]ackages/repositories.config +# NuGet v3's project.json files produces more ignorable files +*.nuget.props +*.nuget.targets + +# Microsoft Azure Build Output +csx/ +*.build.csdef + +# Microsoft Azure Emulator +ecf/ +rcf/ + +# Windows Store app package directories and files +AppPackages/ +BundleArtifacts/ +Package.StoreAssociation.xml +_pkginfo.txt +*.appx +*.appxbundle +*.appxupload + +# Visual Studio cache files +# files ending in .cache can be ignored +*.[Cc]ache +# but keep track of directories ending in .cache +!?*.[Cc]ache/ + +# Others +ClientBin/ +~$* +*~ +*.dbmdl +*.dbproj.schemaview +*.jfm +*.pfx +*.publishsettings +orleans.codegen.cs + +# Including strong name files can present a security risk +# (https://github.com/github/gitignore/pull/2483#issue-259490424) +#*.snk + +# Since there are multiple workflows, uncomment next line to ignore bower_components +# (https://github.com/github/gitignore/pull/1529#issuecomment-104372622) +#bower_components/ + +# RIA/Silverlight projects +Generated_Code/ + +# Backup & report files from converting an old project file +# to a newer Visual Studio version. Backup files are not needed, +# because we have git ;-) +_UpgradeReport_Files/ +Backup*/ +UpgradeLog*.XML +UpgradeLog*.htm +ServiceFabricBackup/ +*.rptproj.bak + +# SQL Server files +*.mdf +*.ldf +*.ndf + +# Business Intelligence projects +*.rdl.data +*.bim.layout +*.bim_*.settings +*.rptproj.rsuser +*- [Bb]ackup.rdl +*- [Bb]ackup ([0-9]).rdl +*- [Bb]ackup ([0-9][0-9]).rdl + +# Microsoft Fakes +FakesAssemblies/ + +# GhostDoc plugin setting file +*.GhostDoc.xml + +# Node.js Tools for Visual Studio +.ntvs_analysis.dat +node_modules/ + +# Visual Studio 6 build log +*.plg + +# Visual Studio 6 workspace options file +*.opt + +# Visual Studio 6 auto-generated workspace file (contains which files were open etc.) +*.vbw + +# Visual Studio 6 auto-generated project file (contains which files were open etc.) +*.vbp + +# Visual Studio 6 workspace and project file (working project files containing files to include in project) +*.dsw +*.dsp + +# Visual Studio 6 technical files +*.ncb +*.aps + +# Visual Studio LightSwitch build output +**/*.HTMLClient/GeneratedArtifacts +**/*.DesktopClient/GeneratedArtifacts +**/*.DesktopClient/ModelManifest.xml +**/*.Server/GeneratedArtifacts +**/*.Server/ModelManifest.xml +_Pvt_Extensions + +# Paket dependency manager +.paket/paket.exe +paket-files/ + +# FAKE - F# Make +.fake/ + +# CodeRush personal settings +.cr/personal + +# Python Tools for Visual Studio (PTVS) +__pycache__/ +*.pyc + +# Cake - Uncomment if you are using it +# tools/** +# !tools/packages.config + +# Tabs Studio +*.tss + +# Telerik's JustMock configuration file +*.jmconfig + +# BizTalk build output +*.btp.cs +*.btm.cs +*.odx.cs +*.xsd.cs + +# OpenCover UI analysis results +OpenCover/ + +# Azure Stream Analytics local run output +ASALocalRun/ + +# MSBuild Binary and Structured Log +*.binlog + +# NVidia Nsight GPU debugger configuration file +*.nvuser + +# MFractors (Xamarin productivity tool) working folder +.mfractor/ + +# Local History for Visual Studio +.localhistory/ + +# Visual Studio History (VSHistory) files +.vshistory/ + +# BeatPulse healthcheck temp database +healthchecksdb + +# Backup folder for Package Reference Convert tool in Visual Studio 2017 +MigrationBackup/ + +# Ionide (cross platform F# VS Code tools) working folder +.ionide/ + +# Fody - auto-generated XML schema +FodyWeavers.xsd + +# VS Code files for those working on multiple tools +.vscode/* +!.vscode/settings.json +!.vscode/tasks.json +!.vscode/launch.json +!.vscode/extensions.json +*.code-workspace + +# Local History for Visual Studio Code +.history/ + +# Windows Installer files from build outputs +*.cab +*.msi +*.msix +*.msm +*.msp + +# JetBrains Rider +*.sln.iml diff --git a/README.md b/README.md new file mode 100644 index 0000000..b271a53 --- /dev/null +++ b/README.md @@ -0,0 +1,8 @@ +# EncryptionPatch +RSA Patch for Genshin Impact 4.2 + +- bypass rsa sign check for query_cur_region and server_rand_key in GetPlayerTokenRsp +- second mt init seed set to 1337 + +### Any questions? +Join our [discord server](https://discord.gg/reversedrooms) diff --git a/RSAPatch.sln b/RSAPatch.sln new file mode 100644 index 0000000..7969e02 --- /dev/null +++ b/RSAPatch.sln @@ -0,0 +1,31 @@ + +Microsoft Visual Studio Solution File, Format Version 12.00 +# Visual Studio Version 17 +VisualStudioVersion = 17.3.32929.385 +MinimumVisualStudioVersion = 10.0.40219.1 +Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "RSAPatch", "RSAPatch\RSAPatch.vcxproj", "{F5C0E12E-F8C7-4E7E-8689-526D8F8952F4}" +EndProject +Global + GlobalSection(SolutionConfigurationPlatforms) = preSolution + Debug|x64 = Debug|x64 + Debug|x86 = Debug|x86 + Release|x64 = Release|x64 + Release|x86 = Release|x86 + EndGlobalSection + GlobalSection(ProjectConfigurationPlatforms) = postSolution + {F5C0E12E-F8C7-4E7E-8689-526D8F8952F4}.Debug|x64.ActiveCfg = Debug|x64 + {F5C0E12E-F8C7-4E7E-8689-526D8F8952F4}.Debug|x64.Build.0 = Debug|x64 + {F5C0E12E-F8C7-4E7E-8689-526D8F8952F4}.Debug|x86.ActiveCfg = Debug|Win32 + {F5C0E12E-F8C7-4E7E-8689-526D8F8952F4}.Debug|x86.Build.0 = Debug|Win32 + {F5C0E12E-F8C7-4E7E-8689-526D8F8952F4}.Release|x64.ActiveCfg = Release|x64 + {F5C0E12E-F8C7-4E7E-8689-526D8F8952F4}.Release|x64.Build.0 = Release|x64 + {F5C0E12E-F8C7-4E7E-8689-526D8F8952F4}.Release|x86.ActiveCfg = Release|Win32 + {F5C0E12E-F8C7-4E7E-8689-526D8F8952F4}.Release|x86.Build.0 = Release|Win32 + EndGlobalSection + GlobalSection(SolutionProperties) = preSolution + HideSolutionNode = FALSE + EndGlobalSection + GlobalSection(ExtensibilityGlobals) = postSolution + SolutionGuid = {71BB5149-3E87-42F2-99BA-9549D0AC0B3F} + EndGlobalSection +EndGlobal diff --git a/RSAPatch/Console.cpp b/RSAPatch/Console.cpp new file mode 100644 index 0000000..cab6f05 --- /dev/null +++ b/RSAPatch/Console.cpp @@ -0,0 +1,54 @@ +#include "Console.h" + +HANDLE _out = NULL, _old_out = NULL; +HANDLE _err = NULL, _old_err = NULL; +HANDLE _in = NULL, _old_in = NULL; + +void Console::Attach() +{ + _old_out = GetStdHandle(STD_OUTPUT_HANDLE); + _old_err = GetStdHandle(STD_ERROR_HANDLE); + _old_in = GetStdHandle(STD_INPUT_HANDLE); + + ::AllocConsole() && ::AttachConsole(GetCurrentProcessId()); + + _out = GetStdHandle(STD_OUTPUT_HANDLE); + _err = GetStdHandle(STD_ERROR_HANDLE); + _in = GetStdHandle(STD_INPUT_HANDLE); + + SetConsoleMode(_out, + ENABLE_PROCESSED_OUTPUT | ENABLE_WRAP_AT_EOL_OUTPUT); + + SetConsoleMode(_in, + ENABLE_INSERT_MODE | ENABLE_EXTENDED_FLAGS | + ENABLE_PROCESSED_INPUT | ENABLE_QUICK_EDIT_MODE); +} + +void Console::Detach() +{ + if (_out && _err && _in) { + FreeConsole(); + + if (_old_out) + SetStdHandle(STD_OUTPUT_HANDLE, _old_out); + if (_old_err) + SetStdHandle(STD_ERROR_HANDLE, _old_err); + if (_old_in) + SetStdHandle(STD_INPUT_HANDLE, _old_in); + } +} + +bool Console::Print(const char* fmt, ...) +{ + if (!_out) + return false; + + char buf[1024]; + va_list va; + + va_start(va, fmt); + _vsnprintf_s(buf, 1024, fmt, va); + va_end(va); + + return !!WriteConsoleA(_out, buf, static_cast(strlen(buf)), nullptr, nullptr); +} \ No newline at end of file diff --git a/RSAPatch/Console.h b/RSAPatch/Console.h new file mode 100644 index 0000000..131a4fa --- /dev/null +++ b/RSAPatch/Console.h @@ -0,0 +1,14 @@ +#ifndef CONSOLE_H +#define CONSOLE_H + +#include +#include + +namespace Console +{ + void Attach(); + void Detach(); + bool Print(const char* fmt, ...); +} + +#endif \ No newline at end of file diff --git a/RSAPatch/Exports.def b/RSAPatch/Exports.def new file mode 100644 index 0000000..b95fd4c --- /dev/null +++ b/RSAPatch/Exports.def @@ -0,0 +1,19 @@ + +EXPORTS + GetFileVersionInfoA + GetFileVersionInfoByHandle + GetFileVersionInfoExA + GetFileVersionInfoExW + GetFileVersionInfoSizeA + GetFileVersionInfoSizeExA + GetFileVersionInfoSizeExW + GetFileVersionInfoSizeW + GetFileVersionInfoW + VerFindFileA + VerFindFileW + VerInstallFileA + VerInstallFileW + VerLanguageNameA + VerLanguageNameW + VerQueryValueA + VerQueryValueW \ No newline at end of file diff --git a/RSAPatch/Memory.cpp b/RSAPatch/Memory.cpp new file mode 100644 index 0000000..ed1e1dd --- /dev/null +++ b/RSAPatch/Memory.cpp @@ -0,0 +1,61 @@ +#include "Memory.h" + +void Memory::WriteByteArray(uintptr_t address, uint8_t* value, size_t length) +{ + DWORD oldProtection; + VirtualProtect(reinterpret_cast(address), length, PAGE_EXECUTE_READWRITE, &oldProtection); + memcpy((void*)address, value, length); + VirtualProtect(reinterpret_cast(address), length, oldProtection, &oldProtection); +} + +uintptr_t Memory::Scan(LPCSTR module, LPCSTR pattern) +{ + static auto pattern_to_byte = [](const char* pattern) { + + auto bytes = std::vector{}; + + auto start = const_cast(pattern); + + auto end = const_cast(pattern) + strlen(pattern); + + for (auto current = start; current < end; ++current) { + if (*current == '?') { + ++current; + if (*current == '?') + ++current; + bytes.push_back(-1); + } + else { + bytes.push_back(strtoul(current, ¤t, 16)); + } + } + return bytes; + }; + + auto mod = GetModuleHandleA(module); + if (!mod) + return 0; + + auto dosHeader = (PIMAGE_DOS_HEADER)mod; + auto ntHeaders = (PIMAGE_NT_HEADERS)((std::uint8_t*)mod + dosHeader->e_lfanew); + auto sizeOfImage = ntHeaders->OptionalHeader.SizeOfImage; + auto patternBytes = pattern_to_byte(pattern); + auto scanBytes = reinterpret_cast(mod); + auto s = patternBytes.size(); + auto d = patternBytes.data(); + + for (auto i = 0ul; i < sizeOfImage - s; ++i) { + bool found = true; + for (auto j = 0ul; j < s; ++j) { + if (scanBytes[i + j] != d[j] && d[j] != -1) { + found = false; + break; + } + } + + if (found) { + return (uintptr_t)&scanBytes[i]; + } + } + return 0; +} diff --git a/RSAPatch/Memory.h b/RSAPatch/Memory.h new file mode 100644 index 0000000..0d76120 --- /dev/null +++ b/RSAPatch/Memory.h @@ -0,0 +1,13 @@ +#ifndef MEMORY_H +#define MEMORY_H + +#include +#include + +namespace Memory +{ + void WriteByteArray(uintptr_t address, uint8_t* value, size_t length); + uintptr_t Scan(LPCSTR module, LPCSTR pattern); +} + +#endif \ No newline at end of file diff --git a/RSAPatch/RSAPatch.vcxproj b/RSAPatch/RSAPatch.vcxproj new file mode 100644 index 0000000..a8f831e --- /dev/null +++ b/RSAPatch/RSAPatch.vcxproj @@ -0,0 +1,155 @@ + + + + + Debug + Win32 + + + Release + Win32 + + + Debug + x64 + + + Release + x64 + + + + 16.0 + Win32Proj + {f5c0e12e-f8c7-4e7e-8689-526d8f8952f4} + RSAPatch + 10.0 + + + + Application + true + v143 + Unicode + + + Application + false + v143 + true + Unicode + + + DynamicLibrary + true + v143 + Unicode + + + DynamicLibrary + false + v143 + true + Unicode + + + + + + + + + + + + + + + + + + + + + + + Level3 + true + WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) + true + + + Console + true + + + + + Level3 + true + true + true + WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) + true + + + Console + true + true + true + + + + + Level3 + true + _DEBUG;_CONSOLE;%(PreprocessorDefinitions) + true + stdcpp17 + + + Console + true + $(ProjectDir)Exports.def + + + + + Level3 + true + true + true + NDEBUG;_CONSOLE;%(PreprocessorDefinitions) + true + stdcpp17 + + + Console + true + true + true + $(ProjectDir)Exports.def + + + + + + + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/RSAPatch/RSAPatch.vcxproj.filters b/RSAPatch/RSAPatch.vcxproj.filters new file mode 100644 index 0000000..d07cd29 --- /dev/null +++ b/RSAPatch/RSAPatch.vcxproj.filters @@ -0,0 +1,52 @@ + + + + + {4FC737F1-C7A5-4376-A066-2A32D752A2FF} + cpp;c;cc;cxx;c++;cppm;ixx;def;odl;idl;hpj;bat;asm;asmx + + + {93995380-89BD-4b04-88EB-625FBE52EBFB} + h;hh;hpp;hxx;h++;hm;inl;inc;ipp;xsd + + + {67DA6AB6-F800-4c08-8B7A-83BB121AAD01} + rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms + + + + + Source Files + + + Source Files + + + Source Files + + + Source Files + + + + + Header Files + + + Header Files + + + Header Files + + + + + Source Files + + + + + Source Files + + + \ No newline at end of file diff --git a/RSAPatch/detours.h b/RSAPatch/detours.h new file mode 100644 index 0000000..bf50e8c --- /dev/null +++ b/RSAPatch/detours.h @@ -0,0 +1,1059 @@ +///////////////////////////////////////////////////////////////////////////// +// +// Core Detours Functionality (detours.h of detours.lib) +// +// Microsoft Research Detours Package, Version 4.0.1 +// +// Copyright (c) Microsoft Corporation. All rights reserved. +// + +#pragma once +#ifndef _DETOURS_H_ +#define _DETOURS_H_ + +#define DETOURS_VERSION 0x4c0c1 // 0xMAJORcMINORcPATCH + +////////////////////////////////////////////////////////////////////////////// +// + +#undef DETOURS_X64 +#undef DETOURS_X86 +#undef DETOURS_IA64 +#undef DETOURS_ARM +#undef DETOURS_ARM64 +#undef DETOURS_BITS +#undef DETOURS_32BIT +#undef DETOURS_64BIT + +#if defined(_X86_) +#define DETOURS_X86 +#define DETOURS_OPTION_BITS 64 + +#elif defined(_AMD64_) +#define DETOURS_X64 +#define DETOURS_OPTION_BITS 32 + +#elif defined(_IA64_) +#define DETOURS_IA64 +#define DETOURS_OPTION_BITS 32 + +#elif defined(_ARM_) +#define DETOURS_ARM + +#elif defined(_ARM64_) +#define DETOURS_ARM64 + +#else +#error Unknown architecture (x86, amd64, ia64, arm, arm64) +#endif + +#ifdef _WIN64 +#undef DETOURS_32BIT +#define DETOURS_64BIT 1 +#define DETOURS_BITS 64 +// If all 64bit kernels can run one and only one 32bit architecture. +//#define DETOURS_OPTION_BITS 32 +#else +#define DETOURS_32BIT 1 +#undef DETOURS_64BIT +#define DETOURS_BITS 32 +// If all 64bit kernels can run one and only one 32bit architecture. +//#define DETOURS_OPTION_BITS 32 +#endif + +#define VER_DETOURS_BITS DETOUR_STRINGIFY(DETOURS_BITS) + +////////////////////////////////////////////////////////////////////////////// +// + +#if (_MSC_VER < 1299) +typedef LONG LONG_PTR; +typedef ULONG ULONG_PTR; +#endif + +///////////////////////////////////////////////// SAL 2.0 Annotations w/o SAL. +// +// These definitions are include so that Detours will build even if the +// compiler doesn't have full SAL 2.0 support. +// +#ifndef DETOURS_DONT_REMOVE_SAL_20 + +#ifdef DETOURS_TEST_REMOVE_SAL_20 +#undef _Analysis_assume_ +#undef _Benign_race_begin_ +#undef _Benign_race_end_ +#undef _Field_range_ +#undef _Field_size_ +#undef _In_ +#undef _In_bytecount_ +#undef _In_count_ +#undef _In_opt_ +#undef _In_opt_bytecount_ +#undef _In_opt_count_ +#undef _In_opt_z_ +#undef _In_range_ +#undef _In_reads_ +#undef _In_reads_bytes_ +#undef _In_reads_opt_ +#undef _In_reads_opt_bytes_ +#undef _In_reads_or_z_ +#undef _In_z_ +#undef _Inout_ +#undef _Inout_opt_ +#undef _Inout_z_count_ +#undef _Out_ +#undef _Out_opt_ +#undef _Out_writes_ +#undef _Outptr_result_maybenull_ +#undef _Readable_bytes_ +#undef _Success_ +#undef _Writable_bytes_ +#undef _Pre_notnull_ +#endif + +#if defined(_Deref_out_opt_z_) && !defined(_Outptr_result_maybenull_) +#define _Outptr_result_maybenull_ _Deref_out_opt_z_ +#endif + +#if defined(_In_count_) && !defined(_In_reads_) +#define _In_reads_(x) _In_count_(x) +#endif + +#if defined(_In_opt_count_) && !defined(_In_reads_opt_) +#define _In_reads_opt_(x) _In_opt_count_(x) +#endif + +#if defined(_In_opt_bytecount_) && !defined(_In_reads_opt_bytes_) +#define _In_reads_opt_bytes_(x) _In_opt_bytecount_(x) +#endif + +#if defined(_In_bytecount_) && !defined(_In_reads_bytes_) +#define _In_reads_bytes_(x) _In_bytecount_(x) +#endif + +#ifndef _In_ +#define _In_ +#endif + +#ifndef _In_bytecount_ +#define _In_bytecount_(x) +#endif + +#ifndef _In_count_ +#define _In_count_(x) +#endif + +#ifndef _In_opt_ +#define _In_opt_ +#endif + +#ifndef _In_opt_bytecount_ +#define _In_opt_bytecount_(x) +#endif + +#ifndef _In_opt_count_ +#define _In_opt_count_(x) +#endif + +#ifndef _In_opt_z_ +#define _In_opt_z_ +#endif + +#ifndef _In_range_ +#define _In_range_(x,y) +#endif + +#ifndef _In_reads_ +#define _In_reads_(x) +#endif + +#ifndef _In_reads_bytes_ +#define _In_reads_bytes_(x) +#endif + +#ifndef _In_reads_opt_ +#define _In_reads_opt_(x) +#endif + +#ifndef _In_reads_opt_bytes_ +#define _In_reads_opt_bytes_(x) +#endif + +#ifndef _In_reads_or_z_ +#define _In_reads_or_z_ +#endif + +#ifndef _In_z_ +#define _In_z_ +#endif + +#ifndef _Inout_ +#define _Inout_ +#endif + +#ifndef _Inout_opt_ +#define _Inout_opt_ +#endif + +#ifndef _Inout_z_count_ +#define _Inout_z_count_(x) +#endif + +#ifndef _Out_ +#define _Out_ +#endif + +#ifndef _Out_opt_ +#define _Out_opt_ +#endif + +#ifndef _Out_writes_ +#define _Out_writes_(x) +#endif + +#ifndef _Outptr_result_maybenull_ +#define _Outptr_result_maybenull_ +#endif + +#ifndef _Writable_bytes_ +#define _Writable_bytes_(x) +#endif + +#ifndef _Readable_bytes_ +#define _Readable_bytes_(x) +#endif + +#ifndef _Success_ +#define _Success_(x) +#endif + +#ifndef _Pre_notnull_ +#define _Pre_notnull_ +#endif + +#ifdef DETOURS_INTERNAL + +#pragma warning(disable:4615) // unknown warning type (suppress with older compilers) + +#ifndef _Benign_race_begin_ +#define _Benign_race_begin_ +#endif + +#ifndef _Benign_race_end_ +#define _Benign_race_end_ +#endif + +#ifndef _Field_size_ +#define _Field_size_(x) +#endif + +#ifndef _Field_range_ +#define _Field_range_(x,y) +#endif + +#ifndef _Analysis_assume_ +#define _Analysis_assume_(x) +#endif + +#endif // DETOURS_INTERNAL +#endif // DETOURS_DONT_REMOVE_SAL_20 + +////////////////////////////////////////////////////////////////////////////// +// +#ifndef GUID_DEFINED +#define GUID_DEFINED +typedef struct _GUID +{ + DWORD Data1; + WORD Data2; + WORD Data3; + BYTE Data4[8]; +} GUID; + +#ifdef INITGUID +#define DEFINE_GUID(name, l, w1, w2, b1, b2, b3, b4, b5, b6, b7, b8) \ + const GUID name \ + = { l, w1, w2, { b1, b2, b3, b4, b5, b6, b7, b8 } } +#else +#define DEFINE_GUID(name, l, w1, w2, b1, b2, b3, b4, b5, b6, b7, b8) \ + const GUID name +#endif // INITGUID +#endif // !GUID_DEFINED + +#if defined(__cplusplus) +#ifndef _REFGUID_DEFINED +#define _REFGUID_DEFINED +#define REFGUID const GUID & +#endif // !_REFGUID_DEFINED +#else // !__cplusplus +#ifndef _REFGUID_DEFINED +#define _REFGUID_DEFINED +#define REFGUID const GUID * const +#endif // !_REFGUID_DEFINED +#endif // !__cplusplus + +#ifndef ARRAYSIZE +#define ARRAYSIZE(x) (sizeof(x)/sizeof(x[0])) +#endif + +// +////////////////////////////////////////////////////////////////////////////// + +#ifdef __cplusplus +extern "C" { +#endif // __cplusplus + + /////////////////////////////////////////////////// Instruction Target Macros. + // +#define DETOUR_INSTRUCTION_TARGET_NONE ((PVOID)0) +#define DETOUR_INSTRUCTION_TARGET_DYNAMIC ((PVOID)(LONG_PTR)-1) +#define DETOUR_SECTION_HEADER_SIGNATURE 0x00727444 // "Dtr\0" + + extern const GUID DETOUR_EXE_RESTORE_GUID; + extern const GUID DETOUR_EXE_HELPER_GUID; + +#define DETOUR_TRAMPOLINE_SIGNATURE 0x21727444 // Dtr! + typedef struct _DETOUR_TRAMPOLINE DETOUR_TRAMPOLINE, * PDETOUR_TRAMPOLINE; + + /////////////////////////////////////////////////////////// Binary Structures. + // +#pragma pack(push, 8) + typedef struct _DETOUR_SECTION_HEADER + { + DWORD cbHeaderSize; + DWORD nSignature; + DWORD nDataOffset; + DWORD cbDataSize; + + DWORD nOriginalImportVirtualAddress; + DWORD nOriginalImportSize; + DWORD nOriginalBoundImportVirtualAddress; + DWORD nOriginalBoundImportSize; + + DWORD nOriginalIatVirtualAddress; + DWORD nOriginalIatSize; + DWORD nOriginalSizeOfImage; + DWORD cbPrePE; + + DWORD nOriginalClrFlags; + DWORD reserved1; + DWORD reserved2; + DWORD reserved3; + + // Followed by cbPrePE bytes of data. + } DETOUR_SECTION_HEADER, * PDETOUR_SECTION_HEADER; + + typedef struct _DETOUR_SECTION_RECORD + { + DWORD cbBytes; + DWORD nReserved; + GUID guid; + } DETOUR_SECTION_RECORD, * PDETOUR_SECTION_RECORD; + + typedef struct _DETOUR_CLR_HEADER + { + // Header versioning + ULONG cb; + USHORT MajorRuntimeVersion; + USHORT MinorRuntimeVersion; + + // Symbol table and startup information + IMAGE_DATA_DIRECTORY MetaData; + ULONG Flags; + + // Followed by the rest of the IMAGE_COR20_HEADER + } DETOUR_CLR_HEADER, * PDETOUR_CLR_HEADER; + + typedef struct _DETOUR_EXE_RESTORE + { + DWORD cb; + DWORD cbidh; + DWORD cbinh; + DWORD cbclr; + + PBYTE pidh; + PBYTE pinh; + PBYTE pclr; + + IMAGE_DOS_HEADER idh; + union { + IMAGE_NT_HEADERS inh; + IMAGE_NT_HEADERS32 inh32; + IMAGE_NT_HEADERS64 inh64; + BYTE raw[sizeof(IMAGE_NT_HEADERS64) + + sizeof(IMAGE_SECTION_HEADER) * 32]; + }; + DETOUR_CLR_HEADER clr; + + } DETOUR_EXE_RESTORE, * PDETOUR_EXE_RESTORE; + + typedef struct _DETOUR_EXE_HELPER + { + DWORD cb; + DWORD pid; + DWORD nDlls; + CHAR rDlls[4]; + } DETOUR_EXE_HELPER, * PDETOUR_EXE_HELPER; + +#pragma pack(pop) + +#define DETOUR_SECTION_HEADER_DECLARE(cbSectionSize) \ +{ \ + sizeof(DETOUR_SECTION_HEADER),\ + DETOUR_SECTION_HEADER_SIGNATURE,\ + sizeof(DETOUR_SECTION_HEADER),\ + (cbSectionSize),\ + \ + 0,\ + 0,\ + 0,\ + 0,\ + \ + 0,\ + 0,\ + 0,\ + 0,\ +} + + /////////////////////////////////////////////////////////////// Helper Macros. + // +#define DETOURS_STRINGIFY(x) DETOURS_STRINGIFY_(x) +#define DETOURS_STRINGIFY_(x) #x + +///////////////////////////////////////////////////////////// Binary Typedefs. +// + typedef BOOL(CALLBACK* PF_DETOUR_BINARY_BYWAY_CALLBACK)( + _In_opt_ PVOID pContext, + _In_opt_ LPCSTR pszFile, + _Outptr_result_maybenull_ LPCSTR* ppszOutFile); + + typedef BOOL(CALLBACK* PF_DETOUR_BINARY_FILE_CALLBACK)( + _In_opt_ PVOID pContext, + _In_ LPCSTR pszOrigFile, + _In_ LPCSTR pszFile, + _Outptr_result_maybenull_ LPCSTR* ppszOutFile); + + typedef BOOL(CALLBACK* PF_DETOUR_BINARY_SYMBOL_CALLBACK)( + _In_opt_ PVOID pContext, + _In_ ULONG nOrigOrdinal, + _In_ ULONG nOrdinal, + _Out_ ULONG* pnOutOrdinal, + _In_opt_ LPCSTR pszOrigSymbol, + _In_opt_ LPCSTR pszSymbol, + _Outptr_result_maybenull_ LPCSTR* ppszOutSymbol); + + typedef BOOL(CALLBACK* PF_DETOUR_BINARY_COMMIT_CALLBACK)( + _In_opt_ PVOID pContext); + + typedef BOOL(CALLBACK* PF_DETOUR_ENUMERATE_EXPORT_CALLBACK)(_In_opt_ PVOID pContext, + _In_ ULONG nOrdinal, + _In_opt_ LPCSTR pszName, + _In_opt_ PVOID pCode); + + typedef BOOL(CALLBACK* PF_DETOUR_IMPORT_FILE_CALLBACK)(_In_opt_ PVOID pContext, + _In_opt_ HMODULE hModule, + _In_opt_ LPCSTR pszFile); + + typedef BOOL(CALLBACK* PF_DETOUR_IMPORT_FUNC_CALLBACK)(_In_opt_ PVOID pContext, + _In_ DWORD nOrdinal, + _In_opt_ LPCSTR pszFunc, + _In_opt_ PVOID pvFunc); + + // Same as PF_DETOUR_IMPORT_FUNC_CALLBACK but extra indirection on last parameter. + typedef BOOL(CALLBACK* PF_DETOUR_IMPORT_FUNC_CALLBACK_EX)(_In_opt_ PVOID pContext, + _In_ DWORD nOrdinal, + _In_opt_ LPCSTR pszFunc, + _In_opt_ PVOID* ppvFunc); + + typedef VOID* PDETOUR_BINARY; + typedef VOID* PDETOUR_LOADED_BINARY; + + //////////////////////////////////////////////////////////// Transaction APIs. + // + LONG WINAPI DetourTransactionBegin(VOID); + LONG WINAPI DetourTransactionAbort(VOID); + LONG WINAPI DetourTransactionCommit(VOID); + LONG WINAPI DetourTransactionCommitEx(_Out_opt_ PVOID** pppFailedPointer); + + LONG WINAPI DetourUpdateThread(_In_ HANDLE hThread); + + LONG WINAPI DetourAttach(_Inout_ PVOID* ppPointer, + _In_ PVOID pDetour); + + LONG WINAPI DetourAttachEx(_Inout_ PVOID* ppPointer, + _In_ PVOID pDetour, + _Out_opt_ PDETOUR_TRAMPOLINE* ppRealTrampoline, + _Out_opt_ PVOID* ppRealTarget, + _Out_opt_ PVOID* ppRealDetour); + + LONG WINAPI DetourDetach(_Inout_ PVOID* ppPointer, + _In_ PVOID pDetour); + + BOOL WINAPI DetourSetIgnoreTooSmall(_In_ BOOL fIgnore); + BOOL WINAPI DetourSetRetainRegions(_In_ BOOL fRetain); + PVOID WINAPI DetourSetSystemRegionLowerBound(_In_ PVOID pSystemRegionLowerBound); + PVOID WINAPI DetourSetSystemRegionUpperBound(_In_ PVOID pSystemRegionUpperBound); + + ////////////////////////////////////////////////////////////// Code Functions. + // + PVOID WINAPI DetourFindFunction(_In_ LPCSTR pszModule, + _In_ LPCSTR pszFunction); + PVOID WINAPI DetourCodeFromPointer(_In_ PVOID pPointer, + _Out_opt_ PVOID* ppGlobals); + PVOID WINAPI DetourCopyInstruction(_In_opt_ PVOID pDst, + _Inout_opt_ PVOID* ppDstPool, + _In_ PVOID pSrc, + _Out_opt_ PVOID* ppTarget, + _Out_opt_ LONG* plExtra); + BOOL WINAPI DetourSetCodeModule(_In_ HMODULE hModule, + _In_ BOOL fLimitReferencesToModule); + + ///////////////////////////////////////////////////// Loaded Binary Functions. + // + HMODULE WINAPI DetourGetContainingModule(_In_ PVOID pvAddr); + HMODULE WINAPI DetourEnumerateModules(_In_opt_ HMODULE hModuleLast); + PVOID WINAPI DetourGetEntryPoint(_In_opt_ HMODULE hModule); + ULONG WINAPI DetourGetModuleSize(_In_opt_ HMODULE hModule); + BOOL WINAPI DetourEnumerateExports(_In_ HMODULE hModule, + _In_opt_ PVOID pContext, + _In_ PF_DETOUR_ENUMERATE_EXPORT_CALLBACK pfExport); + BOOL WINAPI DetourEnumerateImports(_In_opt_ HMODULE hModule, + _In_opt_ PVOID pContext, + _In_opt_ PF_DETOUR_IMPORT_FILE_CALLBACK pfImportFile, + _In_opt_ PF_DETOUR_IMPORT_FUNC_CALLBACK pfImportFunc); + + BOOL WINAPI DetourEnumerateImportsEx(_In_opt_ HMODULE hModule, + _In_opt_ PVOID pContext, + _In_opt_ PF_DETOUR_IMPORT_FILE_CALLBACK pfImportFile, + _In_opt_ PF_DETOUR_IMPORT_FUNC_CALLBACK_EX pfImportFuncEx); + + _Writable_bytes_(*pcbData) + _Readable_bytes_(*pcbData) + _Success_(return != NULL) + PVOID WINAPI DetourFindPayload(_In_opt_ HMODULE hModule, + _In_ REFGUID rguid, + _Out_ DWORD* pcbData); + + _Writable_bytes_(*pcbData) + _Readable_bytes_(*pcbData) + _Success_(return != NULL) + PVOID WINAPI DetourFindPayloadEx(_In_ REFGUID rguid, + _Out_ DWORD* pcbData); + + DWORD WINAPI DetourGetSizeOfPayloads(_In_opt_ HMODULE hModule); + + ///////////////////////////////////////////////// Persistent Binary Functions. + // + + PDETOUR_BINARY WINAPI DetourBinaryOpen(_In_ HANDLE hFile); + + _Writable_bytes_(*pcbData) + _Readable_bytes_(*pcbData) + _Success_(return != NULL) + PVOID WINAPI DetourBinaryEnumeratePayloads(_In_ PDETOUR_BINARY pBinary, + _Out_opt_ GUID* pGuid, + _Out_ DWORD* pcbData, + _Inout_ DWORD* pnIterator); + + _Writable_bytes_(*pcbData) + _Readable_bytes_(*pcbData) + _Success_(return != NULL) + PVOID WINAPI DetourBinaryFindPayload(_In_ PDETOUR_BINARY pBinary, + _In_ REFGUID rguid, + _Out_ DWORD* pcbData); + + PVOID WINAPI DetourBinarySetPayload(_In_ PDETOUR_BINARY pBinary, + _In_ REFGUID rguid, + _In_reads_opt_(cbData) PVOID pData, + _In_ DWORD cbData); + BOOL WINAPI DetourBinaryDeletePayload(_In_ PDETOUR_BINARY pBinary, _In_ REFGUID rguid); + BOOL WINAPI DetourBinaryPurgePayloads(_In_ PDETOUR_BINARY pBinary); + BOOL WINAPI DetourBinaryResetImports(_In_ PDETOUR_BINARY pBinary); + BOOL WINAPI DetourBinaryEditImports(_In_ PDETOUR_BINARY pBinary, + _In_opt_ PVOID pContext, + _In_opt_ PF_DETOUR_BINARY_BYWAY_CALLBACK pfByway, + _In_opt_ PF_DETOUR_BINARY_FILE_CALLBACK pfFile, + _In_opt_ PF_DETOUR_BINARY_SYMBOL_CALLBACK pfSymbol, + _In_opt_ PF_DETOUR_BINARY_COMMIT_CALLBACK pfCommit); + BOOL WINAPI DetourBinaryWrite(_In_ PDETOUR_BINARY pBinary, _In_ HANDLE hFile); + BOOL WINAPI DetourBinaryClose(_In_ PDETOUR_BINARY pBinary); + + /////////////////////////////////////////////////// Create Process & Load Dll. + // + typedef BOOL(WINAPI* PDETOUR_CREATE_PROCESS_ROUTINEA)( + _In_opt_ LPCSTR lpApplicationName, + _Inout_opt_ LPSTR lpCommandLine, + _In_opt_ LPSECURITY_ATTRIBUTES lpProcessAttributes, + _In_opt_ LPSECURITY_ATTRIBUTES lpThreadAttributes, + _In_ BOOL bInheritHandles, + _In_ DWORD dwCreationFlags, + _In_opt_ LPVOID lpEnvironment, + _In_opt_ LPCSTR lpCurrentDirectory, + _In_ LPSTARTUPINFOA lpStartupInfo, + _Out_ LPPROCESS_INFORMATION lpProcessInformation); + + typedef BOOL(WINAPI* PDETOUR_CREATE_PROCESS_ROUTINEW)( + _In_opt_ LPCWSTR lpApplicationName, + _Inout_opt_ LPWSTR lpCommandLine, + _In_opt_ LPSECURITY_ATTRIBUTES lpProcessAttributes, + _In_opt_ LPSECURITY_ATTRIBUTES lpThreadAttributes, + _In_ BOOL bInheritHandles, + _In_ DWORD dwCreationFlags, + _In_opt_ LPVOID lpEnvironment, + _In_opt_ LPCWSTR lpCurrentDirectory, + _In_ LPSTARTUPINFOW lpStartupInfo, + _Out_ LPPROCESS_INFORMATION lpProcessInformation); + + BOOL WINAPI DetourCreateProcessWithDllA(_In_opt_ LPCSTR lpApplicationName, + _Inout_opt_ LPSTR lpCommandLine, + _In_opt_ LPSECURITY_ATTRIBUTES lpProcessAttributes, + _In_opt_ LPSECURITY_ATTRIBUTES lpThreadAttributes, + _In_ BOOL bInheritHandles, + _In_ DWORD dwCreationFlags, + _In_opt_ LPVOID lpEnvironment, + _In_opt_ LPCSTR lpCurrentDirectory, + _In_ LPSTARTUPINFOA lpStartupInfo, + _Out_ LPPROCESS_INFORMATION lpProcessInformation, + _In_ LPCSTR lpDllName, + _In_opt_ PDETOUR_CREATE_PROCESS_ROUTINEA pfCreateProcessA); + + BOOL WINAPI DetourCreateProcessWithDllW(_In_opt_ LPCWSTR lpApplicationName, + _Inout_opt_ LPWSTR lpCommandLine, + _In_opt_ LPSECURITY_ATTRIBUTES lpProcessAttributes, + _In_opt_ LPSECURITY_ATTRIBUTES lpThreadAttributes, + _In_ BOOL bInheritHandles, + _In_ DWORD dwCreationFlags, + _In_opt_ LPVOID lpEnvironment, + _In_opt_ LPCWSTR lpCurrentDirectory, + _In_ LPSTARTUPINFOW lpStartupInfo, + _Out_ LPPROCESS_INFORMATION lpProcessInformation, + _In_ LPCSTR lpDllName, + _In_opt_ PDETOUR_CREATE_PROCESS_ROUTINEW pfCreateProcessW); + +#ifdef UNICODE +#define DetourCreateProcessWithDll DetourCreateProcessWithDllW +#define PDETOUR_CREATE_PROCESS_ROUTINE PDETOUR_CREATE_PROCESS_ROUTINEW +#else +#define DetourCreateProcessWithDll DetourCreateProcessWithDllA +#define PDETOUR_CREATE_PROCESS_ROUTINE PDETOUR_CREATE_PROCESS_ROUTINEA +#endif // !UNICODE + + BOOL WINAPI DetourCreateProcessWithDllExA(_In_opt_ LPCSTR lpApplicationName, + _Inout_opt_ LPSTR lpCommandLine, + _In_opt_ LPSECURITY_ATTRIBUTES lpProcessAttributes, + _In_opt_ LPSECURITY_ATTRIBUTES lpThreadAttributes, + _In_ BOOL bInheritHandles, + _In_ DWORD dwCreationFlags, + _In_opt_ LPVOID lpEnvironment, + _In_opt_ LPCSTR lpCurrentDirectory, + _In_ LPSTARTUPINFOA lpStartupInfo, + _Out_ LPPROCESS_INFORMATION lpProcessInformation, + _In_ LPCSTR lpDllName, + _In_opt_ PDETOUR_CREATE_PROCESS_ROUTINEA pfCreateProcessA); + + BOOL WINAPI DetourCreateProcessWithDllExW(_In_opt_ LPCWSTR lpApplicationName, + _Inout_opt_ LPWSTR lpCommandLine, + _In_opt_ LPSECURITY_ATTRIBUTES lpProcessAttributes, + _In_opt_ LPSECURITY_ATTRIBUTES lpThreadAttributes, + _In_ BOOL bInheritHandles, + _In_ DWORD dwCreationFlags, + _In_opt_ LPVOID lpEnvironment, + _In_opt_ LPCWSTR lpCurrentDirectory, + _In_ LPSTARTUPINFOW lpStartupInfo, + _Out_ LPPROCESS_INFORMATION lpProcessInformation, + _In_ LPCSTR lpDllName, + _In_opt_ PDETOUR_CREATE_PROCESS_ROUTINEW pfCreateProcessW); + +#ifdef UNICODE +#define DetourCreateProcessWithDllEx DetourCreateProcessWithDllExW +#else +#define DetourCreateProcessWithDllEx DetourCreateProcessWithDllExA +#endif // !UNICODE + + BOOL WINAPI DetourCreateProcessWithDllsA(_In_opt_ LPCSTR lpApplicationName, + _Inout_opt_ LPSTR lpCommandLine, + _In_opt_ LPSECURITY_ATTRIBUTES lpProcessAttributes, + _In_opt_ LPSECURITY_ATTRIBUTES lpThreadAttributes, + _In_ BOOL bInheritHandles, + _In_ DWORD dwCreationFlags, + _In_opt_ LPVOID lpEnvironment, + _In_opt_ LPCSTR lpCurrentDirectory, + _In_ LPSTARTUPINFOA lpStartupInfo, + _Out_ LPPROCESS_INFORMATION lpProcessInformation, + _In_ DWORD nDlls, + _In_reads_(nDlls) LPCSTR* rlpDlls, + _In_opt_ PDETOUR_CREATE_PROCESS_ROUTINEA pfCreateProcessA); + + BOOL WINAPI DetourCreateProcessWithDllsW(_In_opt_ LPCWSTR lpApplicationName, + _Inout_opt_ LPWSTR lpCommandLine, + _In_opt_ LPSECURITY_ATTRIBUTES lpProcessAttributes, + _In_opt_ LPSECURITY_ATTRIBUTES lpThreadAttributes, + _In_ BOOL bInheritHandles, + _In_ DWORD dwCreationFlags, + _In_opt_ LPVOID lpEnvironment, + _In_opt_ LPCWSTR lpCurrentDirectory, + _In_ LPSTARTUPINFOW lpStartupInfo, + _Out_ LPPROCESS_INFORMATION lpProcessInformation, + _In_ DWORD nDlls, + _In_reads_(nDlls) LPCSTR* rlpDlls, + _In_opt_ PDETOUR_CREATE_PROCESS_ROUTINEW pfCreateProcessW); + +#ifdef UNICODE +#define DetourCreateProcessWithDlls DetourCreateProcessWithDllsW +#else +#define DetourCreateProcessWithDlls DetourCreateProcessWithDllsA +#endif // !UNICODE + + BOOL WINAPI DetourProcessViaHelperA(_In_ DWORD dwTargetPid, + _In_ LPCSTR lpDllName, + _In_ PDETOUR_CREATE_PROCESS_ROUTINEA pfCreateProcessA); + + BOOL WINAPI DetourProcessViaHelperW(_In_ DWORD dwTargetPid, + _In_ LPCSTR lpDllName, + _In_ PDETOUR_CREATE_PROCESS_ROUTINEW pfCreateProcessW); + +#ifdef UNICODE +#define DetourProcessViaHelper DetourProcessViaHelperW +#else +#define DetourProcessViaHelper DetourProcessViaHelperA +#endif // !UNICODE + + BOOL WINAPI DetourProcessViaHelperDllsA(_In_ DWORD dwTargetPid, + _In_ DWORD nDlls, + _In_reads_(nDlls) LPCSTR* rlpDlls, + _In_ PDETOUR_CREATE_PROCESS_ROUTINEA pfCreateProcessA); + + BOOL WINAPI DetourProcessViaHelperDllsW(_In_ DWORD dwTargetPid, + _In_ DWORD nDlls, + _In_reads_(nDlls) LPCSTR* rlpDlls, + _In_ PDETOUR_CREATE_PROCESS_ROUTINEW pfCreateProcessW); + +#ifdef UNICODE +#define DetourProcessViaHelperDlls DetourProcessViaHelperDllsW +#else +#define DetourProcessViaHelperDlls DetourProcessViaHelperDllsA +#endif // !UNICODE + + BOOL WINAPI DetourUpdateProcessWithDll(_In_ HANDLE hProcess, + _In_reads_(nDlls) LPCSTR* rlpDlls, + _In_ DWORD nDlls); + + BOOL WINAPI DetourUpdateProcessWithDllEx(_In_ HANDLE hProcess, + _In_ HMODULE hImage, + _In_ BOOL bIs32Bit, + _In_reads_(nDlls) LPCSTR* rlpDlls, + _In_ DWORD nDlls); + + BOOL WINAPI DetourCopyPayloadToProcess(_In_ HANDLE hProcess, + _In_ REFGUID rguid, + _In_reads_bytes_(cbData) PVOID pvData, + _In_ DWORD cbData); + BOOL WINAPI DetourRestoreAfterWith(VOID); + BOOL WINAPI DetourRestoreAfterWithEx(_In_reads_bytes_(cbData) PVOID pvData, + _In_ DWORD cbData); + BOOL WINAPI DetourIsHelperProcess(VOID); + VOID CALLBACK DetourFinishHelperProcess(_In_ HWND, + _In_ HINSTANCE, + _In_ LPSTR, + _In_ INT); + + // + ////////////////////////////////////////////////////////////////////////////// +#ifdef __cplusplus +} +#endif // __cplusplus + +//////////////////////////////////////////////// Detours Internal Definitions. +// +#ifdef __cplusplus +#ifdef DETOURS_INTERNAL + +#define NOTHROW +// #define NOTHROW (nothrow) + +////////////////////////////////////////////////////////////////////////////// +// +#if (_MSC_VER < 1299) +#include +typedef IMAGEHLP_MODULE IMAGEHLP_MODULE64; +typedef PIMAGEHLP_MODULE PIMAGEHLP_MODULE64; +typedef IMAGEHLP_SYMBOL SYMBOL_INFO; +typedef PIMAGEHLP_SYMBOL PSYMBOL_INFO; + +static inline +LONG InterlockedCompareExchange(_Inout_ LONG* ptr, _In_ LONG nval, _In_ LONG oval) +{ + return (LONG)::InterlockedCompareExchange((PVOID*)ptr, (PVOID)nval, (PVOID)oval); +} +#else +#pragma warning(push) +#pragma warning(disable:4091) // empty typedef +#include +#pragma warning(pop) +#endif + +#ifdef IMAGEAPI // defined by DBGHELP.H +typedef LPAPI_VERSION(NTAPI* PF_ImagehlpApiVersionEx)(_In_ LPAPI_VERSION AppVersion); + +typedef BOOL(NTAPI* PF_SymInitialize)(_In_ HANDLE hProcess, + _In_opt_ LPCSTR UserSearchPath, + _In_ BOOL fInvadeProcess); +typedef DWORD(NTAPI* PF_SymSetOptions)(_In_ DWORD SymOptions); +typedef DWORD(NTAPI* PF_SymGetOptions)(VOID); +typedef DWORD64(NTAPI* PF_SymLoadModule64)(_In_ HANDLE hProcess, + _In_opt_ HANDLE hFile, + _In_ LPSTR ImageName, + _In_opt_ LPSTR ModuleName, + _In_ DWORD64 BaseOfDll, + _In_opt_ DWORD SizeOfDll); +typedef BOOL(NTAPI* PF_SymGetModuleInfo64)(_In_ HANDLE hProcess, + _In_ DWORD64 qwAddr, + _Out_ PIMAGEHLP_MODULE64 ModuleInfo); +typedef BOOL(NTAPI* PF_SymFromName)(_In_ HANDLE hProcess, + _In_ LPSTR Name, + _Out_ PSYMBOL_INFO Symbol); + +typedef struct _DETOUR_SYM_INFO +{ + HANDLE hProcess; + HMODULE hDbgHelp; + PF_ImagehlpApiVersionEx pfImagehlpApiVersionEx; + PF_SymInitialize pfSymInitialize; + PF_SymSetOptions pfSymSetOptions; + PF_SymGetOptions pfSymGetOptions; + PF_SymLoadModule64 pfSymLoadModule64; + PF_SymGetModuleInfo64 pfSymGetModuleInfo64; + PF_SymFromName pfSymFromName; +} DETOUR_SYM_INFO, * PDETOUR_SYM_INFO; + +PDETOUR_SYM_INFO DetourLoadImageHlp(VOID); + +#endif // IMAGEAPI + +#if defined(_INC_STDIO) && !defined(_CRT_STDIO_ARBITRARY_WIDE_SPECIFIERS) +#error detours.h must be included before stdio.h (or at least define _CRT_STDIO_ARBITRARY_WIDE_SPECIFIERS earlier) +#endif +#define _CRT_STDIO_ARBITRARY_WIDE_SPECIFIERS 1 + +#ifndef DETOUR_TRACE +#if DETOUR_DEBUG +#define DETOUR_TRACE(x) printf x +#define DETOUR_BREAK() __debugbreak() +#include +#include +#else +#define DETOUR_TRACE(x) +#define DETOUR_BREAK() +#endif +#endif + +#if 1 || defined(DETOURS_IA64) + +// +// IA64 instructions are 41 bits, 3 per bundle, plus 5 bit bundle template => 128 bits per bundle. +// + +#define DETOUR_IA64_INSTRUCTIONS_PER_BUNDLE (3) + +#define DETOUR_IA64_TEMPLATE_OFFSET (0) +#define DETOUR_IA64_TEMPLATE_SIZE (5) + +#define DETOUR_IA64_INSTRUCTION_SIZE (41) +#define DETOUR_IA64_INSTRUCTION0_OFFSET (DETOUR_IA64_TEMPLATE_SIZE) +#define DETOUR_IA64_INSTRUCTION1_OFFSET (DETOUR_IA64_TEMPLATE_SIZE + DETOUR_IA64_INSTRUCTION_SIZE) +#define DETOUR_IA64_INSTRUCTION2_OFFSET (DETOUR_IA64_TEMPLATE_SIZE + DETOUR_IA64_INSTRUCTION_SIZE + DETOUR_IA64_INSTRUCTION_SIZE) + +C_ASSERT(DETOUR_IA64_TEMPLATE_SIZE + DETOUR_IA64_INSTRUCTIONS_PER_BUNDLE * DETOUR_IA64_INSTRUCTION_SIZE == 128); + +__declspec(align(16)) struct DETOUR_IA64_BUNDLE +{ +public: + union + { + BYTE data[16]; + UINT64 wide[2]; + }; + + enum { + A_UNIT = 1u, + I_UNIT = 2u, + M_UNIT = 3u, + B_UNIT = 4u, + F_UNIT = 5u, + L_UNIT = 6u, + X_UNIT = 7u, + }; + struct DETOUR_IA64_METADATA + { + ULONG nTemplate : 8; // Instruction template. + ULONG nUnit0 : 4; // Unit for slot 0 + ULONG nUnit1 : 4; // Unit for slot 1 + ULONG nUnit2 : 4; // Unit for slot 2 + }; + +protected: + static const DETOUR_IA64_METADATA s_rceCopyTable[33]; + + UINT RelocateBundle(_Inout_ DETOUR_IA64_BUNDLE* pDst, _Inout_opt_ DETOUR_IA64_BUNDLE* pBundleExtra) const; + + bool RelocateInstruction(_Inout_ DETOUR_IA64_BUNDLE* pDst, + _In_ BYTE slot, + _Inout_opt_ DETOUR_IA64_BUNDLE* pBundleExtra) const; + + // 120 112 104 96 88 80 72 64 56 48 40 32 24 16 8 0 + // f. e. d. c. b. a. 9. 8. 7. 6. 5. 4. 3. 2. 1. 0. + + // 00 + // f.e. d.c. b.a. 9.8. 7.6. 5.4. 3.2. 1.0. + // 0000 0000 0000 0000 0000 0000 0000 001f : Template [4..0] + // 0000 0000 0000 0000 0000 03ff ffff ffe0 : Zero [ 41.. 5] + // 0000 0000 0000 0000 0000 3c00 0000 0000 : Zero [ 45.. 42] + // 0000 0000 0007 ffff ffff c000 0000 0000 : One [ 82.. 46] + // 0000 0000 0078 0000 0000 0000 0000 0000 : One [ 86.. 83] + // 0fff ffff ff80 0000 0000 0000 0000 0000 : Two [123.. 87] + // f000 0000 0000 0000 0000 0000 0000 0000 : Two [127..124] + BYTE GetTemplate() const; + // Get 4 bit opcodes. + BYTE GetInst0() const; + BYTE GetInst1() const; + BYTE GetInst2() const; + BYTE GetUnit(BYTE slot) const; + BYTE GetUnit0() const; + BYTE GetUnit1() const; + BYTE GetUnit2() const; + // Get 37 bit data. + UINT64 GetData0() const; + UINT64 GetData1() const; + UINT64 GetData2() const; + + // Get/set the full 41 bit instructions. + UINT64 GetInstruction(BYTE slot) const; + UINT64 GetInstruction0() const; + UINT64 GetInstruction1() const; + UINT64 GetInstruction2() const; + void SetInstruction(BYTE slot, UINT64 instruction); + void SetInstruction0(UINT64 instruction); + void SetInstruction1(UINT64 instruction); + void SetInstruction2(UINT64 instruction); + + // Get/set bitfields. + static UINT64 GetBits(UINT64 Value, UINT64 Offset, UINT64 Count); + static UINT64 SetBits(UINT64 Value, UINT64 Offset, UINT64 Count, UINT64 Field); + + // Get specific read-only fields. + static UINT64 GetOpcode(UINT64 instruction); // 4bit opcode + static UINT64 GetX(UINT64 instruction); // 1bit opcode extension + static UINT64 GetX3(UINT64 instruction); // 3bit opcode extension + static UINT64 GetX6(UINT64 instruction); // 6bit opcode extension + + // Get/set specific fields. + static UINT64 GetImm7a(UINT64 instruction); + static UINT64 SetImm7a(UINT64 instruction, UINT64 imm7a); + static UINT64 GetImm13c(UINT64 instruction); + static UINT64 SetImm13c(UINT64 instruction, UINT64 imm13c); + static UINT64 GetSignBit(UINT64 instruction); + static UINT64 SetSignBit(UINT64 instruction, UINT64 signBit); + static UINT64 GetImm20a(UINT64 instruction); + static UINT64 SetImm20a(UINT64 instruction, UINT64 imm20a); + static UINT64 GetImm20b(UINT64 instruction); + static UINT64 SetImm20b(UINT64 instruction, UINT64 imm20b); + + static UINT64 SignExtend(UINT64 Value, UINT64 Offset); + + BOOL IsMovlGp() const; + + VOID SetInst(BYTE Slot, BYTE nInst); + VOID SetInst0(BYTE nInst); + VOID SetInst1(BYTE nInst); + VOID SetInst2(BYTE nInst); + VOID SetData(BYTE Slot, UINT64 nData); + VOID SetData0(UINT64 nData); + VOID SetData1(UINT64 nData); + VOID SetData2(UINT64 nData); + BOOL SetNop(BYTE Slot); + BOOL SetNop0(); + BOOL SetNop1(); + BOOL SetNop2(); + +public: + BOOL IsBrl() const; + VOID SetBrl(); + VOID SetBrl(UINT64 target); + UINT64 GetBrlTarget() const; + VOID SetBrlTarget(UINT64 target); + VOID SetBrlImm(UINT64 imm); + UINT64 GetBrlImm() const; + + UINT64 GetMovlGp() const; + VOID SetMovlGp(UINT64 gp); + + VOID SetStop(); + + UINT Copy(_Out_ DETOUR_IA64_BUNDLE* pDst, _Inout_opt_ DETOUR_IA64_BUNDLE* pBundleExtra = NULL) const; +}; +#endif // DETOURS_IA64 + +#ifdef DETOURS_ARM + +#define DETOURS_PFUNC_TO_PBYTE(p) ((PBYTE)(((ULONG_PTR)(p)) & ~(ULONG_PTR)1)) +#define DETOURS_PBYTE_TO_PFUNC(p) ((PBYTE)(((ULONG_PTR)(p)) | (ULONG_PTR)1)) + +#endif // DETOURS_ARM + +////////////////////////////////////////////////////////////////////////////// + +#ifdef __cplusplus +extern "C" { +#endif // __cplusplus + +#define DETOUR_OFFLINE_LIBRARY(x) \ +PVOID WINAPI DetourCopyInstruction##x(_In_opt_ PVOID pDst, \ + _Inout_opt_ PVOID *ppDstPool, \ + _In_ PVOID pSrc, \ + _Out_opt_ PVOID *ppTarget, \ + _Out_opt_ LONG *plExtra); \ + \ +BOOL WINAPI DetourSetCodeModule##x(_In_ HMODULE hModule, \ + _In_ BOOL fLimitReferencesToModule); \ + + DETOUR_OFFLINE_LIBRARY(X86) + DETOUR_OFFLINE_LIBRARY(X64) + DETOUR_OFFLINE_LIBRARY(ARM) + DETOUR_OFFLINE_LIBRARY(ARM64) + DETOUR_OFFLINE_LIBRARY(IA64) + +#undef DETOUR_OFFLINE_LIBRARY + + ////////////////////////////////////////////////////////////////////////////// + // + // Helpers for manipulating page protection. + // + + _Success_(return != FALSE) + BOOL WINAPI DetourVirtualProtectSameExecuteEx(_In_ HANDLE hProcess, + _In_ PVOID pAddress, + _In_ SIZE_T nSize, + _In_ DWORD dwNewProtect, + _Out_ PDWORD pdwOldProtect); + + _Success_(return != FALSE) + BOOL WINAPI DetourVirtualProtectSameExecute(_In_ PVOID pAddress, + _In_ SIZE_T nSize, + _In_ DWORD dwNewProtect, + _Out_ PDWORD pdwOldProtect); +#ifdef __cplusplus +} +#endif // __cplusplus + +////////////////////////////////////////////////////////////////////////////// + +#define MM_ALLOCATION_GRANULARITY 0x10000 + +////////////////////////////////////////////////////////////////////////////// + +#endif // DETOURS_INTERNAL +#endif // __cplusplus + +#endif // _DETOURS_H_ +// +//////////////////////////////////////////////////////////////// End of File. diff --git a/RSAPatch/detours.lib b/RSAPatch/detours.lib new file mode 100644 index 0000000..a6a663b Binary files /dev/null and b/RSAPatch/detours.lib differ diff --git a/RSAPatch/dllmain.cpp b/RSAPatch/dllmain.cpp new file mode 100644 index 0000000..3544a8f --- /dev/null +++ b/RSAPatch/dllmain.cpp @@ -0,0 +1,141 @@ +#include +#include +#include +#include +#include +#include +#include "exports.h" +#include "Console.h" +#include "Memory.h" + +#pragma comment(lib, "ntdll.lib") + +typedef enum _SECTION_INFORMATION_CLASS { + SectionBasicInformation, + SectionImageInformation +} SECTION_INFORMATION_CLASS, * PSECTION_INFORMATION_CLASS; +EXTERN_C NTSTATUS __stdcall NtQuerySection(HANDLE SectionHandle, SECTION_INFORMATION_CLASS InformationClass, PVOID InformationBuffer, ULONG InformationBufferSize, PULONG ResultLength); +EXTERN_C NTSTATUS __stdcall NtProtectVirtualMemory(HANDLE ProcessHandle, PVOID* BaseAddress, PULONG NumberOfBytesToProtect, ULONG NewAccessProtection, PULONG OldAccessProtection); +EXTERN_C NTSTATUS __stdcall NtPulseEvent(HANDLE EventHandle, PULONG PreviousState); + +void DisableVMP() +{ + // restore hook at NtProtectVirtualMemory + auto ntdll = GetModuleHandleA("ntdll.dll"); + if (ntdll == NULL) return; + + bool linux = GetProcAddress(ntdll, "wine_get_version") != nullptr; + void* routine = linux ? (void*)NtPulseEvent : (void*)NtQuerySection; + DWORD old; + VirtualProtect(NtProtectVirtualMemory, 1, PAGE_EXECUTE_READWRITE, &old); + *(uintptr_t*)NtProtectVirtualMemory = *(uintptr_t*)routine & ~(0xFFui64 << 32) | (uintptr_t)(*(uint32_t*)((uintptr_t)routine + 4) - 1) << 32; + VirtualProtect(NtProtectVirtualMemory, 1, old, &old); +} + +void DisableLogReport() +{ + char szProcessPath[MAX_PATH]{}; + GetModuleFileNameA(nullptr, szProcessPath, MAX_PATH); + + auto path = std::filesystem::path(szProcessPath); + auto ProcessName = path.filename().string(); + ProcessName = ProcessName.substr(0, ProcessName.find_last_of('.')); + + auto Astrolabe = path.parent_path() / (ProcessName + "_Data\\Plugins\\Astrolabe.dll"); + auto MiHoYoMTRSDK = path.parent_path() / (ProcessName + "_Data\\Plugins\\MiHoYoMTRSDK.dll"); + + // open exclusive access to these two dlls + // so they cannot be loaded + HANDLE hFile = CreateFileA(Astrolabe.string().c_str(), GENERIC_READ | GENERIC_WRITE, 0, nullptr, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, nullptr); + hFile = CreateFileA(MiHoYoMTRSDK.string().c_str(), GENERIC_READ | GENERIC_WRITE, 0, nullptr, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, nullptr); +} + +DWORD __stdcall ThreadFunc(LPVOID p) +{ + Console::Attach(); + + Console::Print("anime encryption patcher by xeondev\n\n\n"); + Console::Print("waiting for anime software startup.."); + + auto pid = GetCurrentProcessId(); + while (true) + { + // use EnumWindows to pinpoint the target window + // as there could be other window with the same class name + EnumWindows([](HWND hwnd, LPARAM lParam)->BOOL __stdcall { + + DWORD wndpid = 0; + GetWindowThreadProcessId(hwnd, &wndpid); + + char szWindowClass[256]{}; + GetClassNameA(hwnd, szWindowClass, 256); + if (!strcmp(szWindowClass, "UnityWndClass") && wndpid == *(DWORD*)lParam) + { + *(DWORD*)lParam = 0; + return FALSE; + } + + return TRUE; + + }, (LPARAM)&pid); + + if (!pid) + break; + + Sleep(2000); // wait another 2 seconds and then re-check for window creation + Console::Print("."); + } + Console::Print("OK\n"); + + DisableVMP(); + + // RSA Signature verification bypass (HTTP) + uint8_t dontJmp[] = { 0x90, 0x90 }; + uintptr_t afterRSAVerify = Memory::Scan("UserAssembly.dll", "48 83 F8 01 75 08 49 8B C7 E9 E7 00 00 00 4C 8B 0D 9F E6 AB"); + Memory::WriteByteArray(afterRSAVerify + 4, dontJmp, 2); + + // RSA Signature verification bypass (Seed) + uint8_t dontJmpInDecryptSeed[] = { 0x90, 0x90, 0x90, 0x90, 0x90, 0x90 }; + uintptr_t afterRSAVerifyInDecryptSeed = Memory::Scan("UserAssembly.dll", "0F 85 EF 00 00 00 33 D2 49 8B CF E8 6B D2 6E 05 48 8B F8"); + Memory::WriteByteArray(afterRSAVerifyInDecryptSeed, dontJmpInDecryptSeed, 6); + + // hardcode SECOND mt19937 initialization seed to 1337 + uint8_t setSeed[] = { 0xC7, 0xC3, 0x39, 0x05, 0x00, 0x00, 0x90 }; + uintptr_t preMtInitCall = Memory::Scan("UserAssembly.dll", "8B D8 E9 00 00 00 00 E8 DC 4A B5 F2 48 8B C8 49"); + Memory::WriteByteArray(preMtInitCall, setSeed, 7); + + Console::Print("We're done here.\n"); + return 0; +} + +DWORD __stdcall DllMain(HINSTANCE hInstance, DWORD fdwReason, LPVOID lpReserved) +{ + if (hInstance) + DisableThreadLibraryCalls(hInstance); + + if (fdwReason == DLL_PROCESS_ATTACH) + { + if (HANDLE hThread = CreateThread(nullptr, 0, ThreadFunc, hInstance, 0, nullptr)) + CloseHandle(hThread); + } + + return TRUE; +} + +bool EarlyInitDone = false; + +// this runs way before dllmain +void __stdcall TlsCallback(PVOID hModule, DWORD fdwReason, PVOID pContext) +{ + if (!EarlyInitDone) + { + DisableLogReport(); + Exports::Load(); + EarlyInitDone = true; + } +} + +#pragma comment (linker, "/INCLUDE:_tls_used") +#pragma comment (linker, "/INCLUDE:tls_callback_func") +#pragma const_seg(".CRT$XLF") +EXTERN_C const PIMAGE_TLS_CALLBACK tls_callback_func = TlsCallback; diff --git a/RSAPatch/exports.cpp b/RSAPatch/exports.cpp new file mode 100644 index 0000000..e47fa9f --- /dev/null +++ b/RSAPatch/exports.cpp @@ -0,0 +1,32 @@ +#include "exports.h" +#include "Console.h" + +FARPROC OriginalFuncs_version[17]; + +void Exports::Load() +{ + char szSystemDirectory[MAX_PATH]{}; + GetSystemDirectoryA(szSystemDirectory, MAX_PATH); + + std::string OriginalPath = szSystemDirectory; + OriginalPath += "\\version.dll"; + + HMODULE version = LoadLibraryA(OriginalPath.c_str()); + // load version.dll from system32 + if (!version) + { + Console::Print("Failed to load version.dll from system32\n"); + return; + } + + // get addresses of original functions + for (int i = 0; i < 17; i++) + { + OriginalFuncs_version[i] = GetProcAddress(version, ExportNames_version[i].c_str()); + if (!OriginalFuncs_version[i]) + { + Console::Print("Failed to get address of %s\n", ExportNames_version[i].c_str()); + return; + } + } +} diff --git a/RSAPatch/exports.h b/RSAPatch/exports.h new file mode 100644 index 0000000..74ae2ca --- /dev/null +++ b/RSAPatch/exports.h @@ -0,0 +1,32 @@ +#pragma once +#include +#include +#include +#include + +extern "C" FARPROC OriginalFuncs_version[17]; + +inline std::vector ExportNames_version = { + "GetFileVersionInfoA", + "GetFileVersionInfoByHandle", + "GetFileVersionInfoExA", + "GetFileVersionInfoExW", + "GetFileVersionInfoSizeA", + "GetFileVersionInfoSizeExA", + "GetFileVersionInfoSizeExW", + "GetFileVersionInfoSizeW", + "GetFileVersionInfoW", + "VerFindFileA", + "VerFindFileW", + "VerInstallFileA", + "VerInstallFileW", + "VerLanguageNameA", + "VerLanguageNameW", + "VerQueryValueA", + "VerQueryValueW" +}; + +namespace Exports +{ + void Load(); +} \ No newline at end of file diff --git a/RSAPatch/version.asm b/RSAPatch/version.asm new file mode 100644 index 0000000..91f6bee --- /dev/null +++ b/RSAPatch/version.asm @@ -0,0 +1,112 @@ +ifdef RAX + .code + extern OriginalFuncs_version:QWORD + GetFileVersionInfoA proc + jmp QWORD ptr OriginalFuncs_version[0 * 8] + GetFileVersionInfoA endp + GetFileVersionInfoByHandle proc + jmp QWORD ptr OriginalFuncs_version[1 * 8] + GetFileVersionInfoByHandle endp + GetFileVersionInfoExA proc + jmp QWORD ptr OriginalFuncs_version[2 * 8] + GetFileVersionInfoExA endp + GetFileVersionInfoExW proc + jmp QWORD ptr OriginalFuncs_version[3 * 8] + GetFileVersionInfoExW endp + GetFileVersionInfoSizeA proc + jmp QWORD ptr OriginalFuncs_version[4 * 8] + GetFileVersionInfoSizeA endp + GetFileVersionInfoSizeExA proc + jmp QWORD ptr OriginalFuncs_version[5 * 8] + GetFileVersionInfoSizeExA endp + GetFileVersionInfoSizeExW proc + jmp QWORD ptr OriginalFuncs_version[6 * 8] + GetFileVersionInfoSizeExW endp + GetFileVersionInfoSizeW proc + jmp QWORD ptr OriginalFuncs_version[7 * 8] + GetFileVersionInfoSizeW endp + GetFileVersionInfoW proc + jmp QWORD ptr OriginalFuncs_version[8 * 8] + GetFileVersionInfoW endp + VerFindFileA proc + jmp QWORD ptr OriginalFuncs_version[9 * 8] + VerFindFileA endp + VerFindFileW proc + jmp QWORD ptr OriginalFuncs_version[10 * 8] + VerFindFileW endp + VerInstallFileA proc + jmp QWORD ptr OriginalFuncs_version[11 * 8] + VerInstallFileA endp + VerInstallFileW proc + jmp QWORD ptr OriginalFuncs_version[12 * 8] + VerInstallFileW endp + VerLanguageNameA proc + jmp QWORD ptr OriginalFuncs_version[13 * 8] + VerLanguageNameA endp + VerLanguageNameW proc + jmp QWORD ptr OriginalFuncs_version[14 * 8] + VerLanguageNameW endp + VerQueryValueA proc + jmp QWORD ptr OriginalFuncs_version[15 * 8] + VerQueryValueA endp + VerQueryValueW proc + jmp QWORD ptr OriginalFuncs_version[16 * 8] + VerQueryValueW endp +else + .model flat, C + .stack 4096 + .code + extern OriginalFuncs_version:DWORD + GetFileVersionInfoA proc + jmp DWORD ptr OriginalFuncs_version[0 * 4] + GetFileVersionInfoA endp + GetFileVersionInfoByHandle proc + jmp DWORD ptr OriginalFuncs_version[1 * 4] + GetFileVersionInfoByHandle endp + GetFileVersionInfoExA proc + jmp DWORD ptr OriginalFuncs_version[2 * 4] + GetFileVersionInfoExA endp + GetFileVersionInfoExW proc + jmp DWORD ptr OriginalFuncs_version[3 * 4] + GetFileVersionInfoExW endp + GetFileVersionInfoSizeA proc + jmp DWORD ptr OriginalFuncs_version[4 * 4] + GetFileVersionInfoSizeA endp + GetFileVersionInfoSizeExA proc + jmp DWORD ptr OriginalFuncs_version[5 * 4] + GetFileVersionInfoSizeExA endp + GetFileVersionInfoSizeExW proc + jmp DWORD ptr OriginalFuncs_version[6 * 4] + GetFileVersionInfoSizeExW endp + GetFileVersionInfoSizeW proc + jmp DWORD ptr OriginalFuncs_version[7 * 4] + GetFileVersionInfoSizeW endp + GetFileVersionInfoW proc + jmp DWORD ptr OriginalFuncs_version[8 * 4] + GetFileVersionInfoW endp + VerFindFileA proc + jmp DWORD ptr OriginalFuncs_version[9 * 4] + VerFindFileA endp + VerFindFileW proc + jmp DWORD ptr OriginalFuncs_version[10 * 4] + VerFindFileW endp + VerInstallFileA proc + jmp DWORD ptr OriginalFuncs_version[11 * 4] + VerInstallFileA endp + VerInstallFileW proc + jmp DWORD ptr OriginalFuncs_version[12 * 4] + VerInstallFileW endp + VerLanguageNameA proc + jmp DWORD ptr OriginalFuncs_version[13 * 4] + VerLanguageNameA endp + VerLanguageNameW proc + jmp DWORD ptr OriginalFuncs_version[14 * 4] + VerLanguageNameW endp + VerQueryValueA proc + jmp DWORD ptr OriginalFuncs_version[15 * 4] + VerQueryValueA endp + VerQueryValueW proc + jmp DWORD ptr OriginalFuncs_version[16 * 4] + VerQueryValueW endp +endif +end \ No newline at end of file