mirror of
https://github.com/HolographicHat/Yae.git
synced 2025-12-06 14:42:52 +08:00
lib for 3.3
This commit is contained in:
HolographicHat
@@ -8,7 +8,7 @@ using std::to_string;
|
||||
HWND unityWnd = 0;
|
||||
HANDLE hPipe = 0;
|
||||
|
||||
std::set<UINT16> PacketWhitelist = { 172, 198, 112, 2676, 7, 21, 135 }; // ping, token, loginreq
|
||||
std::set<UINT16> PacketWhitelist = { 179, 130, 156, 2692, 100, 43, 119 }; // ping, token, loginreq
|
||||
|
||||
bool OnPacket(KcpPacket* pkt) {
|
||||
if (pkt->data == nullptr) return true;
|
||||
@@ -29,7 +29,7 @@ bool OnPacket(KcpPacket* pkt) {
|
||||
return false;
|
||||
}
|
||||
printf("Passed cmdid: %d\n", ReadMapped<UINT16>(data->vector, 2));
|
||||
if (ReadMapped<UINT16>(data->vector, 2) == 2676) {
|
||||
if (ReadMapped<UINT16>(data->vector, 2) == 2692) {
|
||||
auto headLength = ReadMapped<UINT16>(data->vector, 4);
|
||||
auto dataLength = ReadMapped<UINT32>(data->vector, 6);
|
||||
auto iStr = Genshin::ToBase64String(data, 10 + headLength, dataLength, nullptr);
|
||||
@@ -42,6 +42,8 @@ bool OnPacket(KcpPacket* pkt) {
|
||||
return true;
|
||||
}
|
||||
|
||||
std::map<INT, UINT> signatures;
|
||||
|
||||
namespace Hook {
|
||||
|
||||
int KcpSend(void* client, KcpPacket* pkt, void* method) {
|
||||
@@ -62,21 +64,14 @@ namespace Hook {
|
||||
return OnPacket(evt->fields.packet) ? result : false;
|
||||
}
|
||||
|
||||
std::map<INT, UINT> signatures;
|
||||
|
||||
ByteArray* UnityEngine_RecordUserData(INT type) {
|
||||
if (signatures.count(type)) {
|
||||
return GCHandle_GetObject<ByteArray>(signatures[type]);
|
||||
}
|
||||
auto result = CALL_ORIGIN(UnityEngine_RecordUserData, type);
|
||||
signatures[type] = GCHandle_New(result, true);
|
||||
return result;
|
||||
return GCHandle_GetObject<ByteArray>(signatures[type]);
|
||||
}
|
||||
}
|
||||
|
||||
void Run(HMODULE* phModule) {
|
||||
//AllocConsole();
|
||||
//freopen_s((FILE**)stdout, "CONOUT$", "w", stdout);
|
||||
AllocConsole();
|
||||
freopen_s((FILE**)stdout, "CONOUT$", "w", stdout);
|
||||
while (
|
||||
GetModuleHandle("UserAssembly.dll") == nullptr ||
|
||||
(unityWnd = FindMainWindowByPID(GetCurrentProcessId())) == 0
|
||||
@@ -84,14 +79,17 @@ void Run(HMODULE* phModule) {
|
||||
Sleep(1000);
|
||||
}
|
||||
Sleep(5000);
|
||||
DisableVMProtect();
|
||||
InitIL2CPP();
|
||||
HookManager::install(Genshin::UnityEngine_RecordUserData, Hook::UnityEngine_RecordUserData);
|
||||
for (int i = 0; i < 4; i++) {
|
||||
Genshin::RecordUserData(i, nullptr);
|
||||
auto result = Genshin::RecordUserData(i, nullptr);
|
||||
signatures[i] = GCHandle_New(result, true);
|
||||
}
|
||||
signatures[3] = signatures[2];
|
||||
HookManager::install(Genshin::KcpSend, Hook::KcpSend);
|
||||
HookManager::install(Genshin::KcpRecv, Hook::KcpRecv);
|
||||
HookManager::install(Genshin::SetVersion, Hook::SetVersion);
|
||||
HookManager::install(Genshin::UnityEngine_RecordUserData, Hook::UnityEngine_RecordUserData);
|
||||
hPipe = CreateFile(R"(\\.\pipe\YaeAchievementPipe)", GENERIC_WRITE, 0, nullptr, OPEN_EXISTING, 0, nullptr);
|
||||
if (hPipe == INVALID_HANDLE_VALUE) {
|
||||
Win32ErrorDialog(1001);
|
||||
|
||||
@@ -1,3 +1,3 @@
|
||||
DO_API(0x02773D80, 0x0277C900, uint32_t, il2cpp_gchandle_new, (Il2CppObject* obj, bool pinned));
|
||||
DO_API(0x02773D70, 0x0277C8F0, Il2CppObject*, il2cpp_gchandle_get_target, (uint32_t gchandle));
|
||||
DO_API(0x027741B0, 0x0280A330, Il2CppString*, il2cpp_string_new, (const char* str));
|
||||
DO_API(0x02974550, 0x02970540, uint32_t, il2cpp_gchandle_new, (Il2CppObject* obj, bool pinned));
|
||||
DO_API(0x02974260, 0x02970250, Il2CppObject*, il2cpp_gchandle_get_target, (uint32_t gchandle));
|
||||
DO_API(0x028BF7E0, 0x028BBE80, Il2CppString*, il2cpp_string_new, (const char* str));
|
||||
|
||||
@@ -5,26 +5,30 @@ using namespace Genshin;
|
||||
// N: System.Convert$ToBase64String
|
||||
// L: mscorlib
|
||||
// S: Ref/E8 ?? ?? ?? ?? 48 8B D8 EB 23 E8
|
||||
DO_APP_FUNC(0x08D85020, 0x08C9CAB0, Il2CppString*, ToBase64String, (ByteArray* value, int offset, int length, void* method));
|
||||
DO_APP_FUNC(0x086B86C0, 0x086B6440, Il2CppString*, ToBase64String, (ByteArray* value, int offset, int length, void* method));
|
||||
|
||||
// N: MoleMole.MonoLoginMainPage.version$set
|
||||
// L: Assembly-CSharp
|
||||
// S: 84 C0 74 35 B9 52 FA 00 00 E8 ?? ?? ?? ?? 84 C0 74 27 B9 52 FA 00 00 E8 ?? ?? ?? ?? 48 85 C0 74 52 4C 8B C7 48 8B D3 48 8B C8 48 8B 5C 24 30 48 83 C4 20 5F E9
|
||||
DO_APP_FUNC(0X05973470, 0x058C2DD0, void, SetVersion, (void* obj, Il2CppString* value, void* method));
|
||||
DO_APP_FUNC(0X04186660, 0x04180EC0, void, SetVersion, (void* obj, Il2CppString* value, void* method));
|
||||
|
||||
// N: UnityEngine.Application$RecordUserData
|
||||
// L: UnityEngine.CoreModule
|
||||
DO_APP_FUNC(0x097086E0, 0x09615A20, ByteArray*, RecordUserData, (int32_t nType, void* method));
|
||||
DO_APP_FUNC(0x090BEBC0, 0x090BD710, ByteArray*, RecordUserData, (int32_t nType, void* method));
|
||||
|
||||
// N: MoleMole.Packet$XorEncrypt [Obfuscated]
|
||||
// L: Assembly-CSharp
|
||||
DO_APP_FUNC(0x05E2B210, 0x05D6A0D0, void, XorEncrypt, (ByteArray** data, int length, void* method));
|
||||
DO_APP_FUNC(0x0423B270, 0x04235CE0, void, XorEncrypt, (ByteArray** data, int length, void* method));
|
||||
|
||||
// N: Kcp.KcpNative$kcp_client_send_packet [Obfuscated]
|
||||
// L: Assembly-CSharp
|
||||
DO_APP_FUNC(0x05F8B2A0, 0x05EC5E00, int, KcpSend, (void* client, KcpPacket* pkt, void* method));
|
||||
DO_APP_FUNC(0x042281D0, 0x04222A60, int, KcpSend, (void* client, KcpPacket* pkt, void* method));
|
||||
|
||||
// N: MoleMole.KcpClient$TryDequeueEvent [Obfuscated]
|
||||
// L: Assembly-CSharp
|
||||
// S: Ref/public static extern Int32 [A-Z]{11}\(IntPtr [A-Z]{11}, [A-Z]{11}& [A-Z]{11}\)
|
||||
DO_APP_FUNC(0x05C21FA0, 0x05B67640, bool, KcpRecv, (void* client, ClientKcpEvent* evt, void* method));
|
||||
DO_APP_FUNC(0x02BAFFF0, 0x02BAC3D0, bool, KcpRecv, (void* client, ClientKcpEvent* evt, void* method));
|
||||
|
||||
DO_APP_FUNC(0x08A43710, 0x08A41130, LPVOID, GetDefaultEncoding, (void* method));
|
||||
|
||||
DO_APP_FUNC(0x08A42FB0, 0x08A409B0, Il2CppString*, GetString, (LPVOID encoding, LPVOID bytes, void* method));
|
||||
|
||||
@@ -1,3 +1,3 @@
|
||||
using namespace Genshin;
|
||||
|
||||
DO_UNI_FUNC(0x00BA4D80, 0x00BA4D80, ByteArray*, UnityEngine_RecordUserData, (int32_t nType));
|
||||
DO_UNI_FUNC(0x00100300, 0x00100300, ByteArray*, UnityEngine_RecordUserData, (int32_t nType));
|
||||
|
||||
@@ -1,6 +1,17 @@
|
||||
#include "pch.h"
|
||||
#include "util.h"
|
||||
|
||||
VOID DisableVMProtect() {
|
||||
DWORD oldProtect = 0;
|
||||
auto ntdll = GetModuleHandleA("ntdll.dll");
|
||||
BYTE callcode = ((BYTE*)GetProcAddress(ntdll, "NtQuerySection"))[4] - 1;
|
||||
BYTE restore[] = { 0x4C, 0x8B, 0xD1, 0xB8, callcode };
|
||||
auto nt_vp = (BYTE*)GetProcAddress(ntdll, "NtProtectVirtualMemory");
|
||||
VirtualProtect(nt_vp, sizeof(restore), PAGE_EXECUTE_READWRITE, &oldProtect);
|
||||
memcpy(nt_vp, restore, sizeof(restore));
|
||||
VirtualProtect(nt_vp, sizeof(restore), oldProtect, &oldProtect);
|
||||
}
|
||||
|
||||
#pragma region StringConvert
|
||||
|
||||
string IlStringToString(Il2CppString* str, UINT codePage) {
|
||||
|
||||
@@ -2,6 +2,7 @@
|
||||
|
||||
using std::string;
|
||||
|
||||
VOID DisableVMProtect();
|
||||
bool IsLittleEndian();
|
||||
HWND FindMainWindowByPID(DWORD pid);
|
||||
UINT32 GCHandle_New(LPVOID object, bool pinned);
|
||||
|
||||
Reference in New Issue
Block a user