Advertisement
Guest User

Untitled

a guest
Dec 7th, 2016
75
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.33 KB | None | 0 0
  1. #include <windows.h>
  2.  
  3. void DumpFile()
  4. {
  5. typedef void (__cdecl *f_appLoadFileToArray)(char *, wchar_t *, int);
  6. typedef void (__cdecl *f_appSaveArrayToFile)(char *, wchar_t *, int);
  7.  
  8. f_appLoadFileToArray appLoadFileToArray = (f_appLoadFileToArray)GetProcAddress(GetModuleHandleA("Core.dll"), "?appLoadFileToArray@@YAHAAV?$TArray@E@@PBGPAVFFileManager@@@Z");
  9. f_appSaveArrayToFile appSaveArrayToFile = (f_appSaveArrayToFile)GetProcAddress(GetModuleHandleA("Core.dll"), "?appSaveArrayToFile@@YAHABV?$TArray@E@@PBGPAVFFileManager@@@Z");
  10.  
  11. char TArray[0x14];
  12. memset(TArray,0,0x14);
  13.  
  14. appLoadFileToArray(TArray, L"..\\System\\Interface.u", *((int *)GetProcAddress(GetModuleHandleA("Core.dll"), "?GFileManager@@3PAVFFileManager@@A")));
  15. appSaveArrayToFile(TArray, L"..\\System\\Interface.decrypted.u", *((int *)GetProcAddress(GetModuleHandleA("Core.dll"), "?GFileManager@@3PAVFFileManager@@A")));
  16.  
  17. appLoadFileToArray(TArray, L"..\\System\\Data.u", *((int *)GetProcAddress(GetModuleHandleA("Core.dll"), "?GFileManager@@3PAVFFileManager@@A")));
  18. appSaveArrayToFile(TArray, L"..\\System\\Data.decrypted.u", *((int *)GetProcAddress(GetModuleHandleA("Core.dll"), "?GFileManager@@3PAVFFileManager@@A")));
  19.  
  20. appLoadFileToArray(TArray, L"..\\System\\Interface.xdat", *((int *)GetProcAddress(GetModuleHandleA("Core.dll"), "?GFileManager@@3PAVFFileManager@@A")));
  21. appSaveArrayToFile(TArray, L"..\\System\\Interface.decrypted.xdat", *((int *)GetProcAddress(GetModuleHandleA("Core.dll"), "?GFileManager@@3PAVFFileManager@@A")));
  22.  
  23. appLoadFileToArray(TArray, L"..\\System\\E-Global_pack3.int", *((int *)GetProcAddress(GetModuleHandleA("Core.dll"), "?GFileManager@@3PAVFFileManager@@A")));
  24. appSaveArrayToFile(TArray, L"..\\System\\E-Global_pack3.decrypted.int", *((int *)GetProcAddress(GetModuleHandleA("Core.dll"), "?GFileManager@@3PAVFFileManager@@A")));
  25. }
  26. bool dumped = false;
  27. void StartCheck()
  28. {
  29. // wait until WinDrv is loaded just so we know everything we need is initialized correctly
  30. if (GetModuleHandleA("WinDrv.dll") != NULL) {
  31. if (!dumped) {
  32. DumpFile();
  33. dumped = true;
  34. }
  35. }
  36. }
  37. __declspec(dllexport) BOOL APIENTRY DllMain( HMODULE hModule, DWORD ul_reason_for_call, LPVOID lpReserved )
  38. {
  39. switch (ul_reason_for_call)
  40. {
  41. case DLL_PROCESS_ATTACH:
  42. case DLL_THREAD_ATTACH:
  43. StartCheck();
  44. case DLL_THREAD_DETACH:
  45. case DLL_PROCESS_DETACH:
  46. break;
  47. }
  48. return TRUE;
  49. }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement