-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathdllmain.cpp
More file actions
136 lines (118 loc) · 4.22 KB
/
dllmain.cpp
File metadata and controls
136 lines (118 loc) · 4.22 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
// dllmain.cpp : Defines the entry point for the DLL application.
#include "pch.h"
#include "Shared.h"
#include "UnityTypes.h"
#include "InjectionHook.h"
#include "Snapshot.h"
#include <string>
#include <codecvt>
#include <tlhelp32.h>
#include <Unknwn.h>
typedef UnityEngine_GameObject_o* (*Method_UnityEngine_GameObject__Find)(System_String_o* name, const MethodInfo* method);
void MakeUnityCall() noexcept
{
const char* ModuleBaseAddress{ GetBaseAddressOfModule(L"GameAssembly.dll") };
HMODULE hModuleGasm{ GetModuleHandleA("gameassembly.dll") };
Method<const MethodInfo*, Il2CppClass*, const char*, int> il2cpp_class_get_method_from_name{ hModuleGasm, "il2cpp_class_get_method_from_name" };
Method<const Il2CppObject*, const MethodInfo*, void*, void**, void**> il2cpp_runtime_invoke{ hModuleGasm, "il2cpp_runtime_invoke" };
const Il2CppClass* GameObjectKlass{ FindClass(hModuleGasm, "UnityEngine", "GameObject") };
const Il2CppClass* StringKlass{ FindClass(hModuleGasm, "System", "String") };
const MethodInfo* pFind{ il2cpp_class_get_method_from_name(const_cast<Il2CppClass*>(GameObjectKlass), "Find", 1) };
Method_UnityEngine_GameObject__Find findMethod{ reinterpret_cast<Method_UnityEngine_GameObject__Find>(pFind->methodPointer) };
size_t cb{ sizeof(System_String_o) + 512 };
void* strAlloc{ malloc(cb) };
memset(strAlloc, 0, cb);
std::wstring canvasStr{ L"Canvas" };
System_String_o* pStr{ reinterpret_cast<System_String_o*>(strAlloc) };
pStr->klass = reinterpret_cast<System_String_c*>(const_cast<Il2CppClass*>(StringKlass));
pStr->monitor = reinterpret_cast<void*>(0x0);
pStr->fields.m_stringLength = canvasStr.length();
memcpy(&pStr->fields.m_firstChar, canvasStr.c_str(), canvasStr.length() * 2);
void* args[1] = { pStr };
void* pException{};
const Il2CppObject* pObj{ il2cpp_runtime_invoke(pFind, reinterpret_cast<void*>(const_cast<Il2CppClass*>(GameObjectKlass)), args, &pException) };
UnityEngine_GameObject_o* result{ (*findMethod)(pStr, pFind) };
}
extern "C"
__declspec(dllexport) LRESULT HandleHookedMessage(int code, WPARAM wParam, LPARAM lParam)
{
static bool firstRun{ true };
if (firstRun)
{
MakeUnityCall();
}
firstRun = false;
return CallNextHookEx(NULL, code, wParam, lParam);
}
extern "C"
__declspec(dllexport)
void CALLBACK Hook(HWND hwnd, HINSTANCE hinst, LPSTR lpszCmdLine, int nCmdShow)
{
static std::wstring_convert<std::codecvt_utf8<wchar_t>, wchar_t> converter{};
std::wstring wzInjectionTarget{ converter.from_bytes(lpszCmdLine) };
HMODULE thisModule{};
if (GetModuleHandleEx(GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS |
GET_MODULE_HANDLE_EX_FLAG_UNCHANGED_REFCOUNT,
static_cast<LPCWSTR>(static_cast<void*>(&Hook)), &thisModule) == 0)
{
return;
}
InjectionHook injection{ thisModule, &HandleHookedMessage };
Snapshot snapshot;
if (!snapshot.FindProcess(wzInjectionTarget) || !snapshot.FindFirstThread())
return;
HookHandle hook{ injection.Hook(WH_GETMESSAGE, snapshot.Thread().th32ThreadID) };
MessageBoxA(NULL, "Hook injected. Click OK to unhook", "Hook", MB_OK| MB_SYSTEMMODAL);
}
extern "C"
__declspec(dllexport)
void CALLBACK Inject(HWND hwnd, HINSTANCE hinst, LPSTR lpszCmdLine, int nCmdShow)
{
static std::wstring_convert<std::codecvt_utf8<wchar_t>, wchar_t> converter{};
std::wstring wzInjectionTarget{ converter.from_bytes(lpszCmdLine) };
DWORD processId{ FindProcessByName(wzInjectionTarget) };
if (processId == 0)
return;
InjectSelfToProcessById(processId);
}
DWORD WINAPI HackThread(HMODULE hModule)
{
// 47CA30
/*
while (true)
{
if (GetAsyncKeyState(VK_END) & 1)
{
break;
}
}*/
FreeLibraryAndExitThread(hModule, 0);
}
BOOL APIENTRY DllMain(HMODULE hModule,
DWORD ul_reason_for_call,
LPVOID lpReserved
)
{
char buf[MAX_PATH];
GetModuleFileNameA(nullptr, buf, MAX_PATH);
if (_stricmp(buf, "C:\\Windows\\system32\\rundll32.exe") == 0)
return TRUE;
{
DWORD processId{ GetCurrentProcessId() };
std::string message{ "Process#" };
message.append(std::to_string(processId));
switch (ul_reason_for_call)
{
case DLL_PROCESS_ATTACH:
//CloseHandle(CreateThread(nullptr, 0, (LPTHREAD_START_ROUTINE)HackThread, hModule, 0, nullptr));
break;
case DLL_THREAD_ATTACH:
break;
case DLL_THREAD_DETACH:
break;
case DLL_PROCESS_DETACH:
break;
}
}
return TRUE;
}