- Статус
- Оффлайн
- Регистрация
- 2 Сен 2017
- Сообщения
- 319
- Реакции
- 70
Поскольку наиболее вероятный detect перехватчики gameoverlayrenderer64:
vtable:
FinishCurrentFrame:
GL & HF
Спащено с UC.
Код:
typedef char(__fastcall *FinishCurrentFrameType)(__int64 a1, __int64 a2, __int64 a3, char a4);
FinishCurrentFrameType FinishCurrentFrameOrig = nullptr;
char __fastcall FinishCurrentFrameHook(__int64 a1, __int64 a2, __int64 a3, char a4)
{
auto SwapChain = *(IDXGISwapChain**)(a2 + 96);
//Draw here
return FinishCurrentFrameOrig(a1, a2, a3, a4);
}
void Hook()
{
//Hook FinishCurrentFrame
/*
48 8D 05 ?? ?? ?? ?? 48 89 41 08 41 8B F1
.rdata:000000014281A268 BestVtable
7FF666D2A268
vtable index 28
*/
auto vtable = (DWORD_PTR*)0x7FF642D2A268;
DWORD OldProtect = 0;
VirtualProtect(vtable, 0x1000, PAGE_READWRITE, &OldProtect);
FinishCurrentFrameOrig = (FinishCurrentFrameType)vtable[28];
vtable[28] = (DWORD_PTR)FinishCurrentFrameHook;
VirtualProtect(vtable, 0x1000, OldProtect, &OldProtect);
}vtable:
FinishCurrentFrame:
Код:
int __fastcall FinishCurrentFrame(__int64 a1, __int64 a2, __int64 a3, unsigned __int8 a4)
{
__int64 v4; // rbp@1
__int64 v5; // rsi@1
unsigned __int8 v6; // r14@1
__int64 v7; // rcx@1
__int64 v8; // rcx@3
__int64 v9; // rcx@5
__int64 *v10; // rbx@7
signed __int64 v11; // rdi@7
__int64 v12; // rcx@8
__int64 v13; // rcx@12
unsigned int v14; // ebx@13
signed __int64 v15; // rdi@13
__int64 v16; // rcx@23
__int64 v17; // rcx@25
__int64 v18; // rcx@27
_QWORD *v19; // rcx@29
__int64 v20; // rcx@31
int result; // eax@32
__int64 v22; // rcx@42
__int64 v23; // rax@44
__int64 v24; // rax@45
__int64 v25; // [sp+30h] [bp-38h]@14
LARGE_INTEGER PerformanceCount; // [sp+70h] [bp+8h]@14
int v27; // [sp+78h] [bp+10h]@14
++*(_DWORD *)(a1 + 15852);
v4 = a2;
v5 = a1;
v6 = a4;
sub_AAE4F0(a1 + 9464, 0i64);
v7 = *(_QWORD *)(v5 + 9664);
*(_QWORD *)(v5 + 9664) = 0i64;
if ( v7 )
(*(void (**)(void))(*(_QWORD *)v7 + 8i64))();
v8 = *(_QWORD *)(v5 + 9656);
*(_QWORD *)(v5 + 9656) = 0i64;
if ( v8 )
(*(void (**)(void))(*(_QWORD *)v8 + 16i64))();
*(_DWORD *)(v5 + 16548) = 34;
v9 = *(_QWORD *)(v5 + 9528);
*(_QWORD *)(v5 + 9528) = 0i64;
if ( v9 )
(*(void (**)(void))(*(_QWORD *)v9 + 16i64))();
v10 = (__int64 *)(v5 + 9536);
v11 = 7i64;
do
{
v12 = *v10;
*v10 = 0i64;
if ( v12 )
(*(void (**)(void))(*(_QWORD *)v12 + 16i64))();
++v10;
--v11;
}
while ( v11 );
sub_A3A0C0(v5 - 8);
sub_A39CB0(v5 - 8);
sub_A39D80(v5 - 8);
sub_A39F20(v5 - 8);
sub_A39E50(v5 - 8);
sub_A39FF0(v5 - 8);
sub_A44CF0(v5 - 8);
if ( *(_QWORD *)(v5 + 6312) )
{
v13 = *(_QWORD *)(v5 + 136);
*(_QWORD *)(v5 + 6312) = 0i64;
(*(void (__fastcall **)(__int64, _QWORD, _QWORD, _QWORD))(*(_QWORD *)v13 + 88i64))(v13, 0i64, 0i64, 0i64);
}
v14 = 0;
v15 = 6656i64;
do
{
PerformanceCount.LowPart = 0;
v27 = 0;
v25 = 0i64;
if ( *(_QWORD *)(v15 + v5 + 128) || *(_DWORD *)(v15 + v5 + 140) || *(_DWORD *)(v15 + v5 + 136) )
{
*(_QWORD *)(v15 + v5 + 128) = 0i64;
*(_QWORD *)(v15 + v5 + 136) = 0i64;
(*(void (__fastcall **)(_QWORD, _QWORD, signed __int64, __int64 *))(**(_QWORD **)(v5 + 136) + 144i64))(
*(_QWORD *)(v5 + 136),
v14,
1i64,
&v25);
}
++v14;
v15 += 16i64;
}
while ( v14 < 0x10 );
if ( *(_BYTE *)(v5 + 9440) || *(_QWORD *)(v5 + 7296) || *(_DWORD *)(v5 + 7304) != 57 || *(_DWORD *)(v5 + 7308) )
{
v16 = *(_QWORD *)(v5 + 136);
*(_QWORD *)(v5 + 7296) = 0i64;
*(_QWORD *)(v5 + 7304) = 57i64;
(*(void (__fastcall **)(__int64, _QWORD, signed __int64))(*(_QWORD *)v16 + 152i64))(v16, 0i64, 57i64);
}
if ( *(_QWORD *)(v5 + 6344) )
{
v17 = *(_QWORD *)(v5 + 136);
*(_QWORD *)(v5 + 6344) = 0i64;
(*(void (__fastcall **)(__int64, _QWORD, _QWORD, _QWORD))(*(_QWORD *)v17 + 72i64))(v17, 0i64, 0i64, 0i64);
}
if ( *(_QWORD *)(v5 + 6320) )
{
v18 = *(_QWORD *)(v5 + 136);
*(_QWORD *)(v5 + 6320) = 0i64;
(*(void (__fastcall **)(__int64, _QWORD, _QWORD, _QWORD))(*(_QWORD *)v18 + 480i64))(v18, 0i64, 0i64, 0i64);
}
if ( *(_QWORD *)(v5 + 6328) )
{
v19 = *(_QWORD **)(v5 + 136);
*(_QWORD *)(v5 + 6328) = 0i64;
(*(void (__fastcall **)(_QWORD *, _QWORD, _QWORD, _QWORD))((char *)&off_200 + *v19))(v19, 0i64, 0i64, 0i64);
}
if ( *(_QWORD *)(v5 + 6336) )
{
v20 = *(_QWORD *)(v5 + 136);
*(_QWORD *)(v5 + 6336) = 0i64;
(*(void (__fastcall **)(__int64, _QWORD, _QWORD, _QWORD))(*(_QWORD *)v20 + 184i64))(v20, 0i64, 0i64, 0i64);
}
result = sub_A4F870(v4, v6);
if ( dword_32437F4 == 1 )
{
if ( (_BYTE)result )
{
if ( dword_3415690 > *(_DWORD *)(*(_QWORD *)(*MK_FP(__GS__, 88i64) + 8i64 * (unsigned int)TlsIndex) + 24i64) )
{
sub_233E080(&dword_3415690);
if ( dword_3415690 == -1 )
{
v22 = qword_32CC7C8;
if ( !qword_32CC7C8 )
{
sub_6B9100();
v22 = qword_32CC7C8;
}
LODWORD(v23) = (*(int (__fastcall **)(__int64, const wchar_t *))(*(_QWORD *)v22 + 136i64))(
v22,
L"r.FinishCurrentFrame");
if ( v23 )
{
LODWORD(v24) = (*(int (__fastcall **)(__int64))(*(_QWORD *)v23 + 48i64))(v23);
qword_3415688 = v24;
}
else
{
qword_3415688 = 0i64;
}
sub_233E020(&dword_3415690);
}
}
if ( *(_DWORD *)(qword_3415688 + 4) )
{
(*(void (__fastcall **)(_QWORD, _QWORD))(**(_QWORD **)(*(_QWORD *)(v4 + 160) + 104i64) + 224i64))(
*(_QWORD *)(*(_QWORD *)(v4 + 160) + 104i64),
*(_QWORD *)(v4 + 168));
result = sub_A5F160(v4 + 112);
}
else
{
sub_A5F160(v4 + 112);
result = (*(int (__fastcall **)(_QWORD, _QWORD))(**(_QWORD **)(*(_QWORD *)(v4 + 160) + 104i64) + 224i64))(
*(_QWORD *)(*(_QWORD *)(v4 + 160) + 104i64),
*(_QWORD *)(v4 + 168));
}
}
if ( byte_324430A )
{
sub_A5F160(v4 + 112);
QueryPerformanceCounter(&PerformanceCount);
result = -dword_324430C;
dword_3244310 = -dword_324430C;
byte_324430A = 0;
}
}
return result;
}GL & HF
Спащено с UC.
