Smart Crypt Decrypt

1. #include <windows.h>
2.  
3. void DumpFile()
4. {
5.     typedef void(__cdecl *f_appLoadFileToArray)(char *, wchar_t *, int);
6.     typedef void(__cdecl *f_appSaveArrayToFile)(char *, wchar_t *, int);
7.  
8.     f_appLoadFileToArray appLoadFileToArray = (f_appLoadFileToArray)GetProcAddress(GetModuleHandleA("Core.dll"), "?appLoadFileToArray@@YAHAAV?$TArray@E@@PBGPAVFFileManager@@@Z");
9.     f_appSaveArrayToFile appSaveArrayToFile = (f_appSaveArrayToFile)GetProcAddress(GetModuleHandleA("Core.dll"), "?appSaveArrayToFile@@YAHABV?$TArray@E@@PBGPAVFFileManager@@@Z");
10.  
11.     char TArray[0x14];
12.     memset(TArray, 0, 0x14);
13.  
14.     appLoadFileToArray(TArray, L"..\\System\\Interface.u", *((int *)GetProcAddress(GetModuleHandleA("Core.dll"), "?GFileManager@@3PAVFFileManager@@A")));
15.     appSaveArrayToFile(TArray, L"..\\System\\Interface.decrypted.u", *((int *)GetProcAddress(GetModuleHandleA("Core.dll"), "?GFileManager@@3PAVFFileManager@@A")));
16. }
17. bool dumped = false;
18. void StartCheck()
19. {
20.     // wait until WinDrv is loaded just so we know everything we need is initialized correctly
21.     if (GetModuleHandleA("WinDrv.dll") != NULL) {
22.         if (!dumped) {
23.             DumpFile();
24.             dumped = true;
25.         }
26.     }
27. }
28. __declspec(dllexport) BOOL APIENTRY DllMain(HMODULE hModule, DWORD ul_reason_for_call, LPVOID lpReserved)
29. {
30.     switch (ul_reason_for_call)
31.     {
32.     case DLL_PROCESS_ATTACH:
33.     case DLL_THREAD_ATTACH:
34.         StartCheck();
35.     case DLL_THREAD_DETACH:
36.     case DLL_PROCESS_DETACH:
37.         break;
38.     }
39.     return TRUE;
40. }