Untitled

/*
    ぱけっとえでぃたー
*/
#include<Windows.h>
#include<string>

/*
    SendPacket関数に渡される構造体
*/
typedef struct OutPacket {
    LPVOID unk1;
    BYTE *Packet;
    DWORD Length;
    LPVOID unk2;
};

/*
    数値から文字に変換
*/
WCHAR toWCHAR(BYTE b) {
    BYTE tb = b & 0x0F;

    if (tb <= 0x09) {
        return 0x30 + tb;
    }

    tb -= 0x0A;

    return 0x41 + tb;
}

/*
    デバッグ出力
    DbgView.exeを利用すると簡単に出力が得られる
*/
bool DebugOutput(OutPacket *Packet) {
    if (!Packet) {
        return false;
    }

    if (!Packet->Packet) {
        return false;
    }

    if (Packet->Length == 0) {
        OutputDebugStringW(L"PacketLength is 0");
        return false;
    }

    if (Packet->Length > 10000) {
        OutputDebugStringW(L"PacketLength is too large");
        return false;
    }

    // XX XX...という形で文字列化するため16進数1つにつき空白を含めて3文字必要
    WCHAR* wcPacket = new WCHAR[Packet->Length * 3];

    if (!wcPacket) {
        OutputDebugStringW(L"failed to allocate buffer");
        return false;
    }

    for (DWORD i = 0; i < Packet->Length; i++) {
        wcPacket[i * 3] = toWCHAR(Packet->Packet[i] >> 16);
        wcPacket[i * 3 + 1] = toWCHAR(Packet->Packet[i] & 0x0F);
        wcPacket[i * 3 + 2] = L' ';
    }

    wcPacket[Packet->Length * 3 - 1] = L'\0';

    std::wstring Output = L"[AnyPE] ";
    Output += wcPacket;

    OutputDebugStringW(Output.c_str());

    delete[] wcPacket;

    return true;
}

#define JMS 1
#if JMS == 1
/*
    JMS ver
*/
DWORD dwSendPacket = 0x0123B400;
DWORD dwFakeRet = 0x0402D3C3; // 難読化されているアドレスの内 nop ret となる適当なアドレス
//DWORD dwSendPacketClass = 0x03AECEF0;
#else
/*
    Emu ver
*/
DWORD dwSendPacket = 0x0049637B;
//DWORD dwSendPacketClass = 0x00BE7914;
#endif


/*
    フック関数
*/
void (__thiscall *_SendPacket)(LPVOID, OutPacket*) = NULL;
void __fastcall SendPacket_Hook(LPVOID RegEcx, LPVOID RegEdx, OutPacket *Packet) {
    DebugOutput(Packet);

    __asm {
        mov ecx,dword ptr [RegEcx]
        push CONTINUE
        push dword ptr [Packet]
        push dword ptr [dwFakeRet]
        jmp dword ptr [_SendPacket]
        CONTINUE:
    }
}

/*
    関数フック書き込み
*/
bool HookFunction(DWORD Address, DWORD Overwrite, void* Function, void *Hook) {
    DWORD dwProtect;

    if (Overwrite < 5) {
        return false;
    }

    BYTE* Enter = new BYTE[Overwrite + 5];

    if (!Enter) {
        return false;
    }

    DWORD dw;
    if (!VirtualProtect((LPVOID)Enter, Overwrite + 5, PAGE_EXECUTE_READWRITE, &dw)) {
        return false;
    }

    if (!VirtualProtect((LPVOID)Address, Overwrite, PAGE_EXECUTE_READWRITE, &dwProtect)) {
        return false;
    }

    // 元の関数復元
    memcpy(Enter, (void *)Address, Overwrite);
    Enter[Overwrite] = 0xE9;
    *(DWORD*)&Enter[Overwrite + 1] = (Address + Overwrite) - (DWORD)&Enter[Overwrite] - 0x05;
    *(DWORD *)Function = (DWORD)Enter;

    // フック
    *(BYTE *)Address = 0xE9;
    *(DWORD *)(Address + 1) = (DWORD)Hook - Address - 0x05;

    if (Overwrite > 5) {
        memset((void*)Address, 0x90, Overwrite - 5);
    }

    if (!VirtualProtect((LPVOID)Address, Overwrite, dwProtect, &dwProtect)) {
        return false;
    }

    return true;
}


void Init() {
    HookFunction(dwSendPacket, 5, &_SendPacket, SendPacket_Hook);
}

BOOL WINAPI DllMain(HINSTANCE hinstDLL, DWORD fdwReason, LPVOID lpvReserved) {
    switch (fdwReason) {
    case DLL_PROCESS_ATTACH:
    {
        DisableThreadLibraryCalls(hinstDLL);
        Init();
        break;
    }
    case DLL_PROCESS_DETACH:
    {
        break;
    }
    default:
    {
        break;
    }
    }
    return TRUE;
}