#define WIN32_LEAN_AND_MEAN#define NOMINMAX#include <Windows.h>#include

1. #define WIN32_LEAN_AND_MEAN
2. #define NOMINMAX
3. #include <Windows.h>
4.  
5. #include <cstddef>
6. #include <cstdint>
7.  
8. namespace {
9. using uint = uint32_t;
10. using uint8 = uint8_t;
11. using uint16 = uint16_t;
12. using uint64 = uint64_t;
13.  
14. template <class T>
15. T __ROL__(T value, int count) {
16.   const uint nbits = sizeof(T) * 8;
17.  
18.   if (count > 0) {
19.     count %= nbits;
20.     T high = value >> (nbits - count);
21.     if (T(-1) < 0)  // signed value
22.       high &= ~((T(-1) << count));
23.     value <<= count;
24.     value |= high;
25.   } else {
26.     count = -count % nbits;
27.     T low = value << (nbits - count);
28.     value >>= count;
29.     value |= low;
30.   }
31.   return value;
32. }
33.  
34. inline uint8 __ROR1__(uint8 value, int count) {
35.   return __ROL__((uint8)value, -count);
36. }
37. inline uint16 __ROL2__(uint16 value, int count) {
38.   return __ROL__((uint16)value, count);
39. }
40. inline uint16 __ROR2__(uint16 value, int count) {
41.   return __ROL__((uint16)value, -count);
42. }
43. inline uint64 __ROR8__(uint64 value, int count) {
44.   return __ROL__((uint64)value, -count);
45. }
46. inline uint64 __ROL8__(uint64 value, int count) {
47.   return __ROL__((uint64)value, count);
48. }
49.  
50. bool CalculateFunctionLength(HANDLE handle, uintptr_t address,
51.                              uintptr_t* out_length) {
52.   size_t length = 0;
53.   while (true) {
54.     uint8_t storage;
55.     if (ReadProcessMemory(handle, (void*)(address++), &storage, sizeof(storage),
56.                           nullptr)) {
57.       return false;
58.     }
59.     if (storage != 0xC3) {
60.       length++;
61.       continue;
62.     }
63.     break;
64.   }
65.   if (out_length) {
66.     *out_length = length;
67.   }
68.   return true;
69. }
70.  
71. union i64 {
72.   int8_t s8;
73.   uint8_t u8;
74.  
75.   int16_t s16;
76.   uint16_t u16;
77.  
78.   int32_t s32;
79.   uint32_t u32;
80.  
81.   int64_t s64;
82.   uint64_t u64;
83. };
84.  
85. struct i128 {
86.   i64 low;
87.   i64 high;
88. };
89.  
90. #define _BYTE uint8
91. #define _WORD uint16
92.  
93. #pragma push_macro("LOBYTE")
94. #pragma push_macro("LOWORD")
95. #undef LOBYTE
96. #undef LOWORD
97.  
98. #define LOBYTE(x) (*((_BYTE*)&(x)))  // low byte
99. #define LOWORD(x) (*((_WORD*)&(x)))  // low word
100. #define BYTEn(x, n) (*((_BYTE*)&(x) + n))
101. #define WORDn(x, n) (*((_WORD*)&(x) + n))
102. #define BYTE1(x) BYTEn(x, 1)  // byte 1 (counting from 0)
103. #define WORD1(x) WORDn(x, 1)
104.  
105. bool Decrypt(HANDLE handle, uintptr_t table, uintptr_t address,
106.              uintptr_t* out) {
107.   static void* memory = nullptr;
108.  
109.   if (!memory) {
110.     memory = VirtualAlloc(nullptr, 1024, MEM_COMMIT, PAGE_EXECUTE_READWRITE);
111.  
112.     if (!memory) {
113.       return false;
114.     }
115.   }
116.  
117.   i128 data;
118.   if (!ReadProcessMemory(handle, (void*)address, &data, sizeof(data),
119.                          nullptr)) {
120.     return false;
121.   }
122.  
123.   auto a1 = data.low.u32;
124.   auto a2 = data.high.s64;
125.  
126.   int64_t v2 = a2;
127.   int64_t v3 = a1;
128.   int32_t v5;
129.   int32_t v6;
130.   int32_t v7;
131.  
132.   if (v3 & 4)
133.     v5 = ~(~(unsigned __int16)v3 + 117);
134.   else
135.     LOWORD(v5) = v3 - 78;
136.  
137.   v6 = (unsigned __int16)v5 ^
138.        ((unsigned __int16)__ROR2__(WORD1(v3), -107) + 54121);
139.   v7 = (unsigned __int8)(v5 ^ (__ROR2__(WORD1(v3), -107) + 105));
140.   if (((unsigned __int8)v5 ^
141.        (unsigned __int8)(__ROR2__(WORD1(v3), -107) + 105)) &
142.       4)
143.     v7 = ~(~v7 - 99);
144.   else
145.     LOBYTE(v7) = v7 + 66;
146.  
147.   auto decrypt_fn_index =
148.       ((unsigned __int8)v7 ^
149.        ((unsigned __int8)__ROR1__(BYTE1(v6) + 49, -49) + 238)) %
150.       128;
151.  
152.   uintptr_t decrypt_fn;
153.   if (!ReadProcessMemory(handle, (void*)(table + (decrypt_fn_index * 8)),
154.                          &decrypt_fn, sizeof(decrypt_fn), nullptr)) {
155.     return false;
156.   }
157.  
158.   uintptr_t inner_decrypt_fn;
159.   {
160.     int32_t inner_decrypt_fn_delta;
161.     if (!ReadProcessMemory(handle, (void*)(decrypt_fn + 10),
162.                            &inner_decrypt_fn_delta,
163.                            sizeof(inner_decrypt_fn_delta), nullptr)) {
164.       return false;
165.     }
166.  
167.     inner_decrypt_fn = decrypt_fn + 14 + inner_decrypt_fn_delta;
168.   }
169.  
170.   size_t inner_decrypt_fn_length;
171.   if (!CalculateFunctionLength(handle, inner_decrypt_fn,
172.                                &inner_decrypt_fn_length)) {
173.     return false;
174.   }
175.  
176.   if (!ReadProcessMemory(handle, (void*)decrypt_fn, memory, 9, nullptr)) {
177.     return false;
178.   }
179.  
180.   if (!ReadProcessMemory(handle, (void*)inner_decrypt_fn,
181.                          (void*)(((uintptr_t)memory) + 9),
182.                          inner_decrypt_fn_length, nullptr)) {
183.     return false;
184.   }
185.  
186.   if (!ReadProcessMemory(
187.           handle, (void*)(decrypt_fn + 9 + 5),
188.           (void*)(((uintptr_t)memory) + 9 + inner_decrypt_fn_length), 0x45,
189.           nullptr)) {
190.     return false;
191.   }
192.  
193.   auto* v4 = reinterpret_cast<uintptr_t (*)(uintptr_t)>(memory);
194.   auto result = __ROR8__(v4(__ROL8__(v2, v3 & 7) - v3), -59);
195.  
196.   if (out) {
197.     *out = result;
198.   }
199.  
200.   ZeroMemory(memory, 1024);
201.   return true;
202. }
203.  
204. #pragma pop_macro("LOWORD")
205. #pragma pop_macro("LOBYTE")
206. }  // namespace
207.  
208. extern "C" {
209. __declspec(dllexport) BOOL DecryptProperty(HANDLE handle, uintptr_t table,
210.                                            uintptr_t address, uintptr_t* out) {
211.   if (Decrypt(handle, table, address, out)) {
212.     return TRUE;
213.   }
214.   return FALSE;
215. }
216. }