PacketHook v342.1

1. #include<Windows.h>
2. #include"Hook.h"
3. #include"Packet.h"
4. #include"gui.h"
5. #include"MapTeleport.h"
6.  
7. DWORD Ptr_ThreadID;// = 0x01D8FF4C;
8. DWORD Addr_SendPacket;
9. DWORD Addr_FakeRet;
10.  
11. void (__fastcall *_SendPacketProxy)(DWORD ecx, SPacket *p);
12. void (__fastcall *_SendPacket)(DWORD ecx, DWORD edx, SPacket *p);
13. void (__fastcall *_ProcessPacket)(DWORD ecx, DWORD edx, RPacket *p);
14. DWORD (__fastcall *_GetData4)(DWORD ecx);
15.  
16. void (__fastcall *_InitPacket)(SPacket *p, DWORD edx, WORD w);
17. void (__fastcall *_Encode1)(SPacket *p, DWORD edx, BYTE b);
18. void (__fastcall *_Encode2)(SPacket *p, DWORD edx, WORD w);
19. void (__fastcall *_Encode4)(SPacket *p, DWORD edx, DWORD dw);
20. void (__fastcall *_Encode8)(SPacket *p, DWORD edx, ULONGLONG ull);
21. void (__fastcall *_EncodeStr)(SPacket *p, DWORD edx, char *s);
22. void (__fastcall *_EncodeBuffer)(SPacket *p, DWORD edx, BYTE *b, int Length);
23.  
24. BYTE (__fastcall *_Decode1)(RPacket *p, DWORD edx);
25. WORD (__fastcall *_Decode2)(RPacket *p, DWORD edx);
26. DWORD (__fastcall *_Decode4)(RPacket *p, DWORD edx);
27. ULONGLONG (__fastcall *_Decode8)(RPacket *p, DWORD edx);
28. char** (__fastcall *_DecodeStr)(RPacket *p, DWORD edx, LPVOID lpv1);
29. void (__fastcall *_DecodeBuffer)(RPacket *p, DWORD edx, BYTE *b, int Length);
30.  
31. //format start
32. #include<intrin.h>
33. #pragma intrinsic(_ReturnAddress)
34.  
35. SPInfo *spi = NULL;
36. DWORD firstthread = 0;
37. void __fastcall InitPacket_Hook(SPacket *p, DWORD edx, WORD w){
38.     if(!firstthread){
39.         firstthread = GetCurrentThreadId();
40.     }
41.     if(spi){//failed to create spi
42.         if(spi->s){
43.             delete[] spi->s;
44.             spi->s = NULL;
45.         }
46.         delete spi;
47.         spi = NULL;
48.     }
49.     _InitPacket(p, edx, w);
50.     //allocate memory
51.     spi = new SPInfo;
52.     spi->s = new char[65535];
53.     ZeroMemory(spi->s, 65535);
54.     Air::AirPrint(spi->s, "%w", w);
55.     spi->s_Length = 4;
56.     spi->ThreadID = GetCurrentThreadId();
57.     spi->EncodedLength = 2;
58. }
59.  
60. void __fastcall Encode1_Hook(SPacket *p, DWORD edx, BYTE b){
61.     _Encode1(p, edx, b);
62.     if(spi && spi->s && spi->ThreadID == GetCurrentThreadId()){
63.         Air::AirPrint(&spi->s[spi->s_Length], " %b", b);
64.         spi->s_Length += 1 + 2;
65.         spi->EncodedLength += 1;
66.     }
67. }
68.  
69. void __fastcall Encode2_Hook(SPacket *p, DWORD edx, WORD w){
70.     _Encode2(p, edx, w);
71.     if(spi && spi->s && spi->ThreadID == GetCurrentThreadId()){
72.         Air::AirPrint(&spi->s[spi->s_Length], " %w", w);
73.         spi->s_Length += 1 + 4;
74.         spi->EncodedLength += 2;
75.     }
76. }
77.  
78. void __fastcall Encode4_Hook(SPacket *p, DWORD edx, DWORD dw){
79.     _Encode4(p, edx, dw);
80.     if(spi && spi->s && spi->ThreadID == GetCurrentThreadId()){
81.         Air::AirPrint(&spi->s[spi->s_Length], " %d", dw);
82.         spi->s_Length += 1 + 8;
83.         spi->EncodedLength += 4;
84.     }
85. }
86.  
87. void __fastcall Encode8_Hook(SPacket *p, DWORD edx, ULONGLONG ull){
88.     _Encode8(p, edx, ull);
89.     if(spi && spi->s && spi->ThreadID == GetCurrentThreadId()){
90.         Air::AirPrint(&spi->s[spi->s_Length], " %q", (DWORD)ull, (DWORD)(ull >> 32));
91.         spi->s_Length += 1 + 16;
92.         spi->EncodedLength += 8;
93.     }
94. }
95.  
96.  
97. void __fastcall EncodeStr_Hook(SPacket *p, DWORD edx, char *s){
98.     _EncodeStr(p, edx, s);
99.     if(spi && spi->s && spi->ThreadID == GetCurrentThreadId()){
100.         Air::AirPrint(&spi->s[spi->s_Length], " %xs", s);
101.         spi->s_Length += 1 + strlen(s) + 2;
102.         spi->EncodedLength += strlen(s);
103.     }
104. }
105.  
106.  
107. void __fastcall EncodeBuffer_Hook(SPacket *p, DWORD edx, BYTE *b, int Length){
108.     _EncodeBuffer(p, edx, b, Length);
109.     if(spi && spi->s && spi->ThreadID == GetCurrentThreadId()){
110.         Air::AirPrint(&spi->s[spi->s_Length], " %a", b, Length);
111.         spi->s_Length += 1 + Length;
112.         spi->EncodedLength += Length;
113.     }
114. }
115.  
116. //
117. RFormat *RF = NULL;
118. //
119. BYTE __fastcall Decode1_Hook(RPacket *p, DWORD edx){
120.     BYTE b = _Decode1(p, edx);
121.  
122.     if(RF && !RF->FunctionAddress){
123.         if(RF->DecodeCount == 1){
124.             RF->FunctionAddress = (DWORD)_ReturnAddress();
125.         }
126.         RF->DecodeCount++;
127.     }
128.  
129.     if(RF && RF->String){
130.         Air::AirPrint(&RF->String[RF->lpv2], " %b", b);
131.         RF->lpv2 += 1 + 2;
132.     }
133.     return b;
134. }
135.  
136. WORD __fastcall Decode2_Hook(RPacket *p, DWORD edx){
137.     WORD w = _Decode2(p, edx);
138.  
139.     if(RF && !RF->FunctionAddress){
140.         if(RF->DecodeCount == 1){
141.             RF->FunctionAddress = (DWORD)_ReturnAddress();
142.         }
143.         RF->DecodeCount++;
144.     }
145.  
146.     if(RF && RF->String){
147.         if(p->DecodedLength == 6){//decode header
148.             Air::AirPrint(&RF->String[RF->lpv2], "%w", w);
149.             RF->lpv2 = 4;
150.         }
151.         else{
152.             Air::AirPrint(&RF->String[RF->lpv2], " %w", w);
153.             RF->lpv2 += 1 + 4;
154.         }
155.     }
156.     return w;
157. }
158.  
159. DWORD __fastcall Decode4_Hook(RPacket *p, DWORD edx){
160.     DWORD dw = _Decode4(p, edx);
161.  
162.     if(RF && !RF->FunctionAddress){
163.         if(RF->DecodeCount == 1){
164.             RF->FunctionAddress = (DWORD)_ReturnAddress();
165.         }
166.         RF->DecodeCount++;
167.     }
168.  
169.     if(RF && RF->String){
170.         Air::AirPrint(&RF->String[RF->lpv2], " %d", dw);
171.         RF->lpv2 += 1 + 8;
172.     }
173.     return dw;
174. }
175.  
176. ULONGLONG __fastcall Decode8_Hook(RPacket *p, DWORD edx){
177.     ULONGLONG ull = _Decode8(p, edx);
178.  
179.     if(RF && !RF->FunctionAddress){
180.         if(RF->DecodeCount == 1){
181.             RF->FunctionAddress = (DWORD)_ReturnAddress();
182.         }
183.         RF->DecodeCount++;
184.     }
185.  
186.     if(RF && RF->String){
187.         Air::AirPrint(&RF->String[RF->lpv2], " %q", (DWORD)ull, (DWORD)(ull >> 32));
188.         RF->lpv2 += 1 + 16;
189.     }
190.     return ull;
191. }
192.  
193. char** __fastcall DecodeStr_Hook(RPacket *p, DWORD edx, LPVOID lpv1){
194.     char **s = _DecodeStr(p, edx, lpv1);
195.  
196.     if(RF && !RF->FunctionAddress){
197.         if(RF->DecodeCount == 1){
198.             RF->FunctionAddress = (DWORD)_ReturnAddress();
199.         }
200.         RF->DecodeCount++;
201.     }
202.  
203.     if(RF && RF->String){
204.         Air::AirPrint(&RF->String[RF->lpv2], " %xs", *s);
205.         RF->lpv2 += 1 + strlen(*s) + 2;
206.     }
207.     return s;
208. }
209.  
210. void __declspec(noinline) __fastcall DecodeBuffer_Hook(RPacket *p, DWORD edx, BYTE *b, int Length){
211.     _DecodeBuffer(p, edx, b, Length);
212.  
213.     if(RF && !RF->FunctionAddress){
214.         if(RF->DecodeCount == 1){
215.             RF->FunctionAddress = (DWORD)_ReturnAddress();
216.         }
217.         RF->DecodeCount++;
218.     }
219.  
220.     if(RF && RF->String){
221.         Air::AirPrint(&RF->String[RF->lpv2], " %a", &b[0], Length);
222.         RF->lpv2 += 1 + Length;
223.     }
224. }
225.  
226. //format end
227.  
228. void _declspec(naked) __fastcall __SendPacket(DWORD ecx, DWORD edx, SPacket *p){
229.     _asm{
230.         push PUSHBACK
231.         push p
232.         push [Addr_FakeRet]//fake return
233.         jmp dword ptr [_SendPacket]
234. PUSHBACK:
235.         ret 0x0004
236.     }
237. }
238.  
239. void __fastcall SendPacket_Hook(DWORD ecx, DWORD edx, SPacket *p){
240.     if(firstthread == GetCurrentThreadId()){
241.         gui_AddSendPacket(p, (DWORD)_ReturnAddress());
242.         //deallocate
243.         if(spi){
244.             delete[] spi->s;
245.             spi->s = NULL;
246.             delete spi;
247.         }
248.         spi = NULL;
249.     }
250.     else{
251.         gui_AddSendPacket(p, (DWORD)_ReturnAddress());
252.     }
253.     return __SendPacket(ecx, edx, p);
254. }
255.  
256. void __fastcall ProcessPacket_Hook(DWORD ecx, DWORD edx, RPacket *p){
257.     RF = new RFormat;
258.     RF->String = new char[65535];
259.     ZeroMemory(RF->String, 65535);
260.     RF->lpv2 = 0;
261.     RF->FunctionAddress = 0;
262.     RF->DecodeCount = 0;
263.     _ProcessPacket(ecx, edx, p);
264.     if(p->Length >= 6){
265.         gui_AddProcessPacket(p);
266.     }
267.     delete[] RF->String;
268.     RF->String = NULL;
269.     delete RF;
270.     RF = NULL;
271. }
272.  
273. DWORD __fastcall GetData4_Hook(DWORD ecx){
274.     if(ecx == Ptr_ThreadID){
275.         return 0;
276.     }
277.     return _GetData4(ecx);
278. }
279.  
280. //========================================
281. void FullAccess(DWORD Address, DWORD Size){
282.     DWORD old;
283.     VirtualProtect((LPVOID)Address, Size, PAGE_EXECUTE_READWRITE, &old);
284. }
285.  
286. void write_jmp(DWORD Prev, DWORD Next){
287.     FullAccess(Prev, 5);
288.     *(BYTE *)(Prev) = 0xE9;
289.     *(DWORD *)(Prev + 1) = Next - Prev - 5;
290. }
291.  
292. void write_call(DWORD Prev, DWORD Next){
293.     FullAccess(Prev, 5);
294.     *(BYTE *)(Prev) = 0xE8;
295.     *(DWORD *)(Prev + 1) = Next - Prev - 5;
296. }
297.  
298. void write_byte(DWORD Address, BYTE b){
299.     FullAccess(Address, 1);
300.     *(BYTE *)Address = b;
301. }
302.  
303. void set_hook(DWORD Function, DWORD Size, LPVOID HookFunction, LPVOID NewFunction){
304.     DWORD OverWritten = (DWORD)new BYTE[Size + 5];
305.     FullAccess(OverWritten, Size + 5);//実行可能に変更
306.     RtlCopyMemory((LPVOID)OverWritten, (LPVOID)Function, Size);//消える部分を復元
307.     if(*(BYTE *)Function == 0xE9){
308.         DWORD Address = *(DWORD *)(Function + 1) + Function + 5;
309.         *(DWORD *)(OverWritten + 1) = Address - OverWritten - 5;
310.     }
311.  
312.  
313.     write_jmp(OverWritten + Size, Function + Size);
314.     *(DWORD *)NewFunction = (DWORD)OverWritten;
315.     FullAccess(Function, 5);
316.     write_jmp(Function, (DWORD)HookFunction);
317.     if(Size > 5){
318.         for(int i=0; i<Size-5; i++){
319.             *(BYTE *)(Function + 5 + i) = 0x90;
320.         }
321.     }
322. }
323.  
324. //=========================================================
325.  
326. #include"AirMemory.h"
327.  
328. void AobError(){
329.     MessageBoxA(NULL, "Aob is broken", "Error", NULL);
330. }
331.  
332. DWORD ProxyScan(DWORD Address){
333.     DWORD i;
334.     for(i=0x00401000; i<0x02000000; i++){
335.         if(*(BYTE *)i == 0xE9){
336.             if(*(DWORD *)(i + 1) + i + 5 == Address){
337.                 return i;
338.             }
339.         }
340.     }
341.     return 0;
342. }
343.  
344.  
345. void (__fastcall *_fSendPacket)(DWORD ecx, SPacket *p);
346. DWORD CClientSocket;
347.  
348. void Hook(){
349.     AirMemory AM;
350.     DWORD Address;
351.     AM.Init();
352.  
353.     Address = AM.AobScan("A1 ?? ?? ?? ?? 8B 88 ?? ?? ?? ?? 51 05 ?? ?? ?? ?? 50 E8 ?? ?? ?? ?? 83 C4 08 50 8D 4C 24 ?? E8");
354.     if(!Address) AobError();
355.     Ptr_ThreadID = *(DWORD *)(Address + 1) + 4;
356.  
357.  
358.     Address = AM.AobScan("E9 ?? ?? ?? ?? 68 ?? ?? ?? ?? 64 A1 00 00 00 00 50 81 EC ?? ?? ?? ?? A1 ?? ?? ?? ?? 33 C5 89 85 ?? ?? ?? ?? 53 56 57 50 8D 45 ?? 64 A3 00 00 00 00 89 8D ?? ?? ?? ?? 6A 00 E9");
359.     if(!Address){
360.         Address = AM.AobScan("55 8B EC 6A FF 68 ?? ?? ?? ?? 64 A1 00 00 00 00 50 81 EC ?? ?? ?? ?? A1 ?? ?? ?? ?? 33 C5 89 85 ?? ?? ?? ?? 53 56 57 50 8D 45 ?? 64 A3 00 00 00 00 89 8D ?? ?? ?? ?? 6A 00 E9");
361.     }
362.     if(!Address) AobError();
363.     set_hook(Address, 5, SendPacket_Hook, &_SendPacket);
364.     Addr_SendPacket = Address;
365.  
366.     Address = AM.AobScan("E9 ?? ?? ?? ?? ?? ?? 64 A1 00 00 00 00 50 83 EC ?? 53 55 56 57 A1 ?? ?? ?? ?? 33 C4 50 8D 44 24 ?? 64 A3 00 00 00 00 8B F1 8B 2D ?? ?? ?? ?? 89 6C 24 ?? 85 ED 74");
367.     if(!Address){
368.         Address = AM.AobScan("6A FF 68 ?? ?? ?? ?? 64 A1 00 00 00 00 50 83 EC ?? 53 55 56 57 A1 ?? ?? ?? ?? 33 C4 50 8D 44 24 ?? 64 A3 00 00 00 00 8B F1 8B 2D ?? ?? ?? ?? 89 6C 24 ?? 85 ED 74");
369.     }
370.         if(!Address) AobError();
371.     set_hook(Address, 7, ProcessPacket_Hook, &_ProcessPacket);
372.  
373.     Address = AM.AobScan("83 EC 08 53 56 57 8B F9 8B 57 ?? 8B 02 89 44 24 ?? 8A 42 ?? 84 C0 75", 2);
374.     if(!Address) AobError();
375.     _GetData4 = (DWORD (__fastcall *)(DWORD))Address;
376.     Address = ProxyScan(Address);
377.     if(!Address) AobError();
378.     write_jmp(Address, (DWORD)GetData4_Hook);
379.  
380.     Address = AM.AobScan("52 E8 ?? ?? ?? ?? 90 C3", NULL, 0x01800000);
381.     if(!Address){
382.         Address = AM.AobScan("CC CC CC CC CC CC CC CC", NULL, 0x01800000);
383.         if(!Address) AobError();
384.         write_byte(Address, 0x52);//push edx
385.         write_call(Address + 1, Addr_SendPacket);
386.         write_byte(Address + 1 + 5, 0x90);//nop
387.         write_byte(Address + 1 + 5 + 1, 0xC3);//ret
388.     }
389.     _fSendPacket = (void (__fastcall *)(DWORD, SPacket*))Address;//new sendpacket
390.     Addr_FakeRet = Address + 6;
391.  
392.     Address = AM.AobScan("8B 0D ?? ?? ?? ?? 8D 44 24 ?? 50 E8 ?? ?? ?? ?? 8D 4C 24 ?? C7 44 24  ?? FF FF FF FF E8");
393.     if(!Address) AobError();
394.     CClientSocket = *(DWORD *)(Address + 2);
395.  
396.     Address = AM.AobScan("8B 44 24 04 6A 00 6A 00 50 E8 ?? ?? ?? ?? C2 04 00");
397.     if(!Address) AobError();
398.    
399.     set_hook(Address, 6, InitPacket_Hook, &_InitPacket);
400.  
401.     Address = AM.AobScan("56 8B F1 8B 46 04 57 8D 7E 04 85 C0 74 03 8B 40 FC 8B 4E 08 41 3B C8 76 1E 8B 07 85 C0 74 03 8B 40 FC 03 C0 3B C8 77 FA 8D 4C 24 0C 51 6A 00 50 8B CF E8 ?? ?? ?? ?? 8B 56 08 8B 07 8A 4C 24 0C 88 0C 02 FF 46 08 5F 5E C2 04 00");
402.     if(!Address) AobError();
403.     set_hook(Address, 6, Encode1_Hook, &_Encode1);
404.  
405.     Address = AM.AobScan("56 8B F1 8B 46 04 57 8D 7E 04 85 C0 74 03 8B 40 FC 8B 4E 08 83 C1 02 3B C8 76 1E 8B 07 85 C0 74 03 8B 40 FC 03 C0 3B C8 77 FA 8D 4C 24 0C 51 6A 00 50 8B CF E8 ?? ?? ?? ?? 8B 56 08 8B 07 66 8B 4C 24 0C 66 89 0C 02 83 46 08 02 5F 5E C2 04 00");
406.     if(!Address) AobError();
407.     set_hook(Address, 6, Encode2_Hook, &_Encode2);
408.  
409.     Address = AM.AobScan("56 8B F1 8B 46 04 57 8D 7E 04 85 C0 74 03 8B 40 FC 8B 4E 08 83 C1 04 3B C8 76 1E 8B 07 85 C0 74 03 8B 40 FC 03 C0 3B C8 77 FA 8D 4C 24 0C 51 6A 00 50 8B CF E8 ?? ?? ?? ?? 8B 56 08 8B 07 8B 4C 24 0C 89 0C 02 83 46 08 04 5F 5E C2 04 00");
410.     if(!Address) AobError();
411.     set_hook(Address, 6, Encode4_Hook, &_Encode4);
412.  
413.     Address = AM.AobScan("56 8B F1 8B 46 04 57 8D 7E 04 85 C0 74 03 8B 40 FC 8B 4E 08 83 C1 08 3B C8 76 1E 8B 07 85 C0 74 03 8B 40 FC 03 C0 3B C8 77 FA 8D 4C 24 0C 51 6A 00 50 8B CF E8 ?? ?? ?? ?? 8B 46 08 8B 0F 8B 54 24 0C 89 14 08 8B 54 24 10 89 54 08 04 83 46 08 08 5F 5E C2 08 00");
414.     if(!Address) AobError();
415.     set_hook(Address, 6, Encode8_Hook, &_Encode8);
416.  
417.     Address = AM.AobScan("6A FF 68 ?? ?? ?? ?? 64 A1 00 00 00 00 50 51 56 57 A1 ?? ?? ?? ?? 33 C4 50 8D 44 24 ?? 64 A3 00 00 00 00 8B F1 8B 44 24 ?? C7 44 24 ?? 00 00 00 00 85 C0 74");
418.     if(!Address) AobError();
419.     set_hook(Address, 7, EncodeStr_Hook, &_EncodeStr);
420.  
421.     Address = AM.AobScan("53 56 8B F1 8B 46 04 57 8D 7E 04 85 C0 74 03 8B 40 FC 8B 4E 08 8B 5C 24 14 03 CB 3B C8 76 1E 8B 07 85 C0 74 03 8B 40 FC 03 C0 3B C8 77 FA 8D 54 24 14 52 6A 00 50 8B CF E8 ?? ?? ?? ?? 8B 4E 08 8B 44 24 10 03 0F 53 50 51 E8 ?? ?? ?? ?? 01 5E 08 83 C4 0C 5F 5E 5B C2 08 00");
422.     if(!Address) AobError();
423.     set_hook(Address, 7, EncodeBuffer_Hook, &_EncodeBuffer);
424.    
425.  
426.     Address = AM.AobScan("55 8B EC 6A FF 68 ?? ?? ?? ?? 64 A1 00 00 00 00 50 83 EC ?? 53 56 57 A1 ?? ?? ?? ?? 33 C5 50 8D 45 ?? 64 A3 00 00 00 00 89 65 ?? 89 4D ?? 8B 51 ?? 8B 41 ?? 8B 71 ?? 2B C2 C7 45 ?? 00 00 00 00 83 F8 01");
427.     if(!Address) AobError();
428.     set_hook(Address, 5, Decode1_Hook, &_Decode1);
429.  
430.     Address = AM.AobScan("55 8B EC 6A FF 68 ?? ?? ?? ?? 64 A1 00 00 00 00 50 83 EC ?? 53 56 57 A1 ?? ?? ?? ?? 33 C5 50 8D 45 ?? 64 A3 00 00 00 00 89 65 ?? 89 4D ?? 8B 51 ?? 8B 41 ?? 8B 71 ?? 2B C2 C7 45 ?? 00 00 00 00 83 F8 02");
431.     if(!Address) AobError();
432.     set_hook(Address, 5, Decode2_Hook, &_Decode2);
433.  
434.     Address = AM.AobScan("55 8B EC 6A FF 68 ?? ?? ?? ?? 64 A1 00 00 00 00 50 83 EC ?? 53 56 57 A1 ?? ?? ?? ?? 33 C5 50 8D 45 ?? 64 A3 00 00 00 00 89 65 ?? 89 4D ?? 8B 51 ?? 8B 41 ?? 8B 71 ?? 2B C2 C7 45 ?? 00 00 00 00 83 F8 04");
435.     if(!Address) AobError();
436.     set_hook(Address, 5, Decode4_Hook, &_Decode4);
437.  
438.     Address = AM.AobScan("55 8B EC 6A FF 68 ?? ?? ?? ?? 64 A1 00 00 00 00 50 83 EC ?? 53 56 57 A1 ?? ?? ?? ?? 33 C5 50 8D 45 ?? 64 A3 00 00 00 00 89 65 ?? 89 4D ?? 8B 71 ?? 8B 41 ?? 8B 51 ?? 2B C6 C7 45 ?? 00 00 00 00 83 F8 08");
439.     if(!Address) AobError();
440.     set_hook(Address, 5, Decode8_Hook, &_Decode8);
441.  
442.     Address = AM.AobScan("55 8B EC 6A FF 68 ?? ?? ?? ?? 64 A1 00 00 00 00 50 83 EC ?? 53 56 57 A1 ?? ?? ?? ?? 33 C5 50 8D 45 ?? 64 A3 00 00 00 00 89 65 ?? 8B F1 89 75 ?? C7 45 ?? 00 00 00 00 8B 7D ?? B8 01 00 00 00");
443.     if(!Address) AobError();
444.     set_hook(Address, 5, DecodeStr_Hook, &_DecodeStr);
445.  
446.     Address = AM.AobScan("55 8B EC 6A FF 68 ?? ?? ?? ?? 64 A1 00 00 00 00 50 83 EC ?? 53 56 57 A1 ?? ?? ?? ?? 33 C5 50 8D 45 ?? 64 A3 00 00 00 00 89 65 ?? 8B F1 89 75 ?? 8B 4E ?? 8B 46 ?? 8B 56 ?? 8B 7D ?? 2B C1 03 CA C7 45 ?? 00 00 00 00 3B C7");
447.     if(!Address) AobError();
448.     set_hook(Address, 5, DecodeBuffer_Hook, &_DecodeBuffer);
449.    
450. }