Untitled

__forceinline __int64 decrypt_uworld(const uint32_t key, const uint64_t* state)
{
    unsigned __int64 v19; // rcx
    unsigned __int64 v20; // rdi
    __int64 v21; // r8
    unsigned __int64 v22; // r10
    unsigned __int64 v23; // r11
    unsigned __int64 v24; // r8
    unsigned __int64 v25; // r10
    unsigned __int64 v26; // rcx
    unsigned __int64 v27; // rdx
    v19 = 2685821657736338717i64
        * ((unsigned int)key ^ (unsigned int)(key << 25) ^ (((unsigned int)key ^ ((unsigned __int64)(unsigned int)key >> 15)) >> 12))
        % 7;
    v20 = state[v19];
    v21 = (2685821657736338717i64
        * ((unsigned int)key ^ (unsigned int)(key << 25) ^ (((unsigned int)key ^ ((unsigned __int64)(unsigned int)key >> 15)) >> 12))) >> 32;
    switch ((unsigned int)v19 % 7)
    {
    case 0u:
        v22 = v20 - (unsigned int)(v21 - 1);
        goto LABEL_25;
    case 1u:
        v20 = __ROL8__(v20 - (unsigned int)(v21 + 2 * v19), (unsigned __int8)(((int)v21 + (int)v19) % 0x3Fu) + 1);
        break;
    case 2u:
        v20 = ~(v20 - (unsigned int)(v21 + 2 * v19));
        break;
    case 3u:
        v26 = 2 * ((2 * v20) ^ ((2 * v20) ^ (v20 >> 1)) & 0x5555555555555555i64);
        v20 = v26 ^ (v26 ^ (((2 * v20) ^ ((2 * v20) ^ (v20 >> 1)) & 0x5555555555555555i64) >> 1)) & 0x5555555555555555i64;
        break;
    case 4u:
        v27 = __ROR8__(v20, (unsigned __int8)(((int)v21 + 2 * (int)v19) % 0x3Fu) + 1);
        v20 = (2 * v27) ^ ((2 * v27) ^ (v27 >> 1)) & 0x5555555555555555i64;
        break;
    case 5u:
        v22 = __ROR8__(v20, (unsigned __int8)(((int)v21 + 2 * (int)v19) % 0x3Fu) + 1);
    LABEL_25:
        v23 = (2 * v22) ^ ((2 * v22) ^ (v22 >> 1)) & 0x5555555555555555i64;
        v24 = (4 * v23) ^ ((4 * v23) ^ (v23 >> 2)) & 0x3333333333333333i64;
        v25 = (16 * v24) ^ ((16 * v24) ^ (v24 >> 4)) & 0xF0F0F0F0F0F0F0Fi64;
        v20 = __ROL8__((v25 << 8) ^ ((v25 << 8) ^ (v25 >> 8)) & 0xFF00FF00FF00FFi64, 32);
        break;
    case 6u:
        v20 = ~v20 - (unsigned int)(v21 + v19);
        break;
    default:
        break;
    }
    return v20 ^ (unsigned int)key;
}

//general globals
HANDLE      h_process = nullptr;
uint32_t    proc_id = 0;
uint64_t main_base = 0;

uintptr_t GetModuleBaseAddress(DWORD procId, const wchar_t* modName)
{
    uintptr_t modBaseAddr = 0;
    HANDLE hSnap = CreateToolhelp32Snapshot(TH32CS_SNAPMODULE | TH32CS_SNAPMODULE32, procId);
    if (hSnap != INVALID_HANDLE_VALUE)
    {
        MODULEENTRY32 modEntry;
        modEntry.dwSize = sizeof(modEntry);
        if (Module32First(hSnap, &modEntry))
        {
            do
            {
                if (!_wcsicmp(modEntry.szModule, modName))
                {
                    modBaseAddr = (uintptr_t)modEntry.modBaseAddr;
                    break;
                }
            } while (Module32Next(hSnap, &modEntry));
        }
    }
    CloseHandle(hSnap);
    return modBaseAddr;
}

//if (!ReadProcessMemory(h_process, mbi.BaseAddress, dump, mbi.RegionSize, NULL))

__forceinline uint64_t read_uworld()
{
    uint64_t key = 0;/* = Read<uint64_t>(g_ProcessBase + 0x6B86EF8);*/
    if (!ReadProcessMemory(h_process, (void*)(main_base + 0x6C36D78), &key, sizeof(uint64_t), NULL)) {
        cout << "   [-] RPM1 failed!" << endl;
        return 0;
    }

#pragma pack(push, 1)
    struct State
    {
        uint64_t Keys[7];
    };
#pragma pack(pop)
    State state = { 0 }; /*Read<State>(g_ProcessBase + 0x6B86EC0);*/
    if (!ReadProcessMemory(h_process, (void*)(main_base + 0x6C36D40), &state, sizeof(State), NULL)) {
        cout << "   [-] RPM2 failed!" << endl;
        return 0;
    }

    uint64_t decrypted = 0;
    if (!ReadProcessMemory(h_process, (void*)(decrypt_uworld(key, (const uint64_t*)& state)), &decrypted, sizeof(uint64_t), NULL)) {
        cout << "   [-] RPM3 failed!" << endl;
        return 0;
    }

    return decrypted;

    /*return Read<uint64_t>(DecryptUWorld(key, (const uint64_t*)& state));*/
}