Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #define WIN32_LEAN_AND_MEAN
- #define NOMINMAX
- #include <Windows.h>
- #include <cstddef>
- #include <cstdint>
- namespace {
- using uint = uint32_t;
- using uint8 = uint8_t;
- using uint16 = uint16_t;
- using uint64 = uint64_t;
- template <class T>
- T __ROL__(T value, int count) {
- const uint nbits = sizeof(T) * 8;
- if (count > 0) {
- count %= nbits;
- T high = value >> (nbits - count);
- if (T(-1) < 0) // signed value
- high &= ~((T(-1) << count));
- value <<= count;
- value |= high;
- } else {
- count = -count % nbits;
- T low = value << (nbits - count);
- value >>= count;
- value |= low;
- }
- return value;
- }
- inline uint8 __ROR1__(uint8 value, int count) {
- return __ROL__((uint8)value, -count);
- }
- inline uint16 __ROL2__(uint16 value, int count) {
- return __ROL__((uint16)value, count);
- }
- inline uint16 __ROR2__(uint16 value, int count) {
- return __ROL__((uint16)value, -count);
- }
- inline uint64 __ROR8__(uint64 value, int count) {
- return __ROL__((uint64)value, -count);
- }
- inline uint64 __ROL8__(uint64 value, int count) {
- return __ROL__((uint64)value, count);
- }
- bool CalculateFunctionLength(HANDLE handle, uintptr_t address,
- uintptr_t* out_length) {
- size_t length = 0;
- while (true) {
- uint8_t storage;
- if (ReadProcessMemory(handle, (void*)(address++), &storage, sizeof(storage),
- nullptr)) {
- return false;
- }
- if (storage != 0xC3) {
- length++;
- continue;
- }
- break;
- }
- if (out_length) {
- *out_length = length;
- }
- return true;
- }
- union i64 {
- int8_t s8;
- uint8_t u8;
- int16_t s16;
- uint16_t u16;
- int32_t s32;
- uint32_t u32;
- int64_t s64;
- uint64_t u64;
- };
- struct i128 {
- i64 low;
- i64 high;
- };
- #define _BYTE uint8
- #define _WORD uint16
- #pragma push_macro("LOBYTE")
- #pragma push_macro("LOWORD")
- #undef LOBYTE
- #undef LOWORD
- #define LOBYTE(x) (*((_BYTE*)&(x))) // low byte
- #define LOWORD(x) (*((_WORD*)&(x))) // low word
- #define BYTEn(x, n) (*((_BYTE*)&(x) + n))
- #define WORDn(x, n) (*((_WORD*)&(x) + n))
- #define BYTE1(x) BYTEn(x, 1) // byte 1 (counting from 0)
- #define WORD1(x) WORDn(x, 1)
- bool Decrypt(HANDLE handle, uintptr_t table, uintptr_t address,
- uintptr_t* out) {
- static void* memory = nullptr;
- if (!memory) {
- memory = VirtualAlloc(nullptr, 1024, MEM_COMMIT, PAGE_EXECUTE_READWRITE);
- if (!memory) {
- return false;
- }
- }
- i128 data;
- if (!ReadProcessMemory(handle, (void*)address, &data, sizeof(data),
- nullptr)) {
- return false;
- }
- auto a1 = data.low.u32;
- auto a2 = data.high.s64;
- int64_t v2 = a2;
- int64_t v3 = a1;
- int32_t v5;
- int32_t v6;
- int32_t v7;
- if (v3 & 4)
- v5 = ~(~(unsigned __int16)v3 + 117);
- else
- LOWORD(v5) = v3 - 78;
- v6 = (unsigned __int16)v5 ^
- ((unsigned __int16)__ROR2__(WORD1(v3), -107) + 54121);
- v7 = (unsigned __int8)(v5 ^ (__ROR2__(WORD1(v3), -107) + 105));
- if (((unsigned __int8)v5 ^
- (unsigned __int8)(__ROR2__(WORD1(v3), -107) + 105)) &
- 4)
- v7 = ~(~v7 - 99);
- else
- LOBYTE(v7) = v7 + 66;
- auto decrypt_fn_index =
- ((unsigned __int8)v7 ^
- ((unsigned __int8)__ROR1__(BYTE1(v6) + 49, -49) + 238)) %
- 128;
- uintptr_t decrypt_fn;
- if (!ReadProcessMemory(handle, (void*)(table + (decrypt_fn_index * 8)),
- &decrypt_fn, sizeof(decrypt_fn), nullptr)) {
- return false;
- }
- uintptr_t inner_decrypt_fn;
- {
- int32_t inner_decrypt_fn_delta;
- if (!ReadProcessMemory(handle, (void*)(decrypt_fn + 10),
- &inner_decrypt_fn_delta,
- sizeof(inner_decrypt_fn_delta), nullptr)) {
- return false;
- }
- inner_decrypt_fn = decrypt_fn + 14 + inner_decrypt_fn_delta;
- }
- size_t inner_decrypt_fn_length;
- if (!CalculateFunctionLength(handle, inner_decrypt_fn,
- &inner_decrypt_fn_length)) {
- return false;
- }
- if (!ReadProcessMemory(handle, (void*)decrypt_fn, memory, 9, nullptr)) {
- return false;
- }
- if (!ReadProcessMemory(handle, (void*)inner_decrypt_fn,
- (void*)(((uintptr_t)memory) + 9),
- inner_decrypt_fn_length, nullptr)) {
- return false;
- }
- if (!ReadProcessMemory(
- handle, (void*)(decrypt_fn + 9 + 5),
- (void*)(((uintptr_t)memory) + 9 + inner_decrypt_fn_length), 0x45,
- nullptr)) {
- return false;
- }
- auto* v4 = reinterpret_cast<uintptr_t (*)(uintptr_t)>(memory);
- auto result = __ROR8__(v4(__ROL8__(v2, v3 & 7) - v3), -59);
- if (out) {
- *out = result;
- }
- ZeroMemory(memory, 1024);
- return true;
- }
- #pragma pop_macro("LOWORD")
- #pragma pop_macro("LOBYTE")
- } // namespace
- extern "C" {
- __declspec(dllexport) BOOL DecryptProperty(HANDLE handle, uintptr_t table,
- uintptr_t address, uintptr_t* out) {
- if (Decrypt(handle, table, address, out)) {
- return TRUE;
- }
- return FALSE;
- }
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement