Начинающий
Начинающий
- Статус
- Оффлайн
- Регистрация
- 24 Окт 2021
- Сообщения
- 7
- Реакции
- 0
Всем привет, прошу отнеситесь с по пониманием я делаю это впервые.
Может я чего-то не понимаю, я пытаюсь реверсить по старым гайдом и вижу шифрования от мрака, как мне найти истину?
Чтобы найти gEnv больше нету ai_Co...
Может я чего-то не понимаю, я пытаюсь реверсить по старым гайдом и вижу шифрования от мрака, как мне найти истину?
Чтобы найти gEnv больше нету ai_Co...
Код:
// gEnv
__int64 __fastcall sub_14007CD20(__int64 a1)
{
__int64 result; // rax
result = qword_142A190A7 + 0x115E50EE80E15D6FLL;
if ( qword_142A190A7 == 0xEEA1AF117F1EA291uLL )
{
set_purecall_handler(Handler);
set_invalid_parameter_handler(sub_14007FD70);
result = sub_140F3B4F8(sub_14007FDD0);
if ( a1 )
{
result = (*(__int64 (__fastcall **)(__int64))(*(_QWORD *)a1 + 16LL))(a1) - 0x115E50EE80E15D6FLL;
qword_142A190A7 = result;
}
}
return result;
}
sub_140FAF470(&v101, v98, "AI System");
v71 = (*(__int64 (__fastcall **)(unsigned __int64))(*(_QWORD *)(*(_QWORD *)(qword_142A190A7
+ 0x115E50EE80E15F09LL)
^ 0xB1235E4E8CDE738FuLL)
+ 104LL))(*(_QWORD *)(qword_142A190A7
+ 0x115E50EE80E15F09LL) ^ 0xB1235E4E8CDE738FuLL);
v72 = (*(__int64 (__fastcall **)(__int64))(*(_QWORD *)v71 + 208LL))(v71);
(*(void (__fastcall **)(__int64))(*(_QWORD *)v72 + 128LL))(v72);
v73 = (*(__int64 (__fastcall **)(unsigned __int64))(*(_QWORD *)(*(_QWORD *)(qword_142A190A7
+ 0x115E50EE80E15F09LL)
^ 0xB1235E4E8CDE738FuLL)
+ 104LL))(*(_QWORD *)(qword_142A190A7
+ 0x115E50EE80E15F09LL) ^ 0xB1235E4E8CDE738FuLL);
v74 = (*(__int64 (__fastcall **)(__int64))(*(_QWORD *)v73 + 256LL))(v73);
(*(void (__fastcall **)(__int64))(*(_QWORD *)v74 + 72LL))(v74);
sub_140FAF470(&v101, v98, "ResetSubSystems");
v75 = v114;
if ( (*(__int64 (__fastcall **)(__int64))(*(_QWORD *)v114 + 816LL))(v114) )
{
v76 = (_QWORD *)(*(__int64 (__fastcall **)(__int64, __int64 *, char *))(*(_QWORD *)v32 + 40LL))(
// iCharacterInstance
if ( !v6 )
return (*(__int64 (__fastcall **)(__int64 *))(v8 + 88))(v7);
v32[0] = 5;
if ( !(*(unsigned __int8 (__fastcall **)(__int64 *, __int64, _DWORD *))(v8 + 56))(a2, 1, v32) || v32[0] != 5 )
{
if ( v32[0] == 6 )
{
if ( v33 )
{
(*(void (__fastcall **)(unsigned __int64))(*(_QWORD *)v33 + 24LL))(v33);
return (*(__int64 (__fastcall **)(__int64 *))(*a2 + 88))(a2);
}
}
else if ( v32[0] == 7 && v33 )
{
(*(void (__fastcall **)(unsigned __int64))(*(_QWORD *)(*(_QWORD *)(qword_142A190A7 + 0x115E50EE80E15DC4LL)
^ 0x987478F4BF8D3F1EuLL)
+ 192LL))(*(_QWORD *)(qword_142A190A7 + 0x115E50EE80E15DC4LL) ^ 0x987478F4BF8D3F1EuLL);
}
v8 = *a2;
v7 = a2;
return (*(__int64 (__fastcall **)(__int64 *))(v8 + 88))(v7);
}
v9 = (const char *)v33;
v33 = 0;
v32[0] = 0;
v10 = (*(__int64 (__fastcall **)(__int64, _QWORD))(*(_QWORD *)v6 + 680LL))(v6, 0);
v11 = v10;
if ( !v10 )
return (*(__int64 (__fastcall **)(__int64 *))(*a2 + 88))(a2);
v13 = (*(__int64 (__fastcall **)(__int64))(*(_QWORD *)v10 + 48LL))(v10);
v14 = (*(__int64 (__fastcall **)(__int64, const char *))(*(_QWORD *)v13 + 24LL))(v13, v9);
v15 = v14;
if ( v14 == -1 )
{
sub_1400C2C60("ERROR: CScriptObjectWeapon::GetBoneLocal: Bone not found: %s", v9);
return (*(__int64 (__fastcall **)(__int64 *))(*a2 + 88))(a2);
}
else
{
sub_140575A80(v44, a4);
v16 = (*(__int64 (__fastcall **)(__int64))(*(_QWORD *)v11 + 48LL))(v11);
v17 = (*(__int64 (__fastcall **)(__int64, _QWORD))(*(_QWORD *)v16 + 56LL))(v16, v15);
v18 = sub_1403BFC50(v40, v17);
v19 = (*(__int64 (__fastcall **)(__int64, _QWORD))(*(_QWORD *)v6 + 608LL))(v6, 0);
v20 = (_DWORD *)sub_1403BFEF0(v32, v19, v18);
v21 = v20[1];
v22 = v20[2];
v23 = v20[4];
v24 = v20[5];
v25 = v20[6];
v26 = v20[8];
v27 = v20[9];
v28 = v20[10];
v32[0] = *v20;
v32[1] = v23;
v33 = __PAIR64__(v21, v26);
v34 = v24;
v35 = v27;
v36 = v22;
v37 = v25;
v38 = v28;
sub_14108CEF0(v40, v32, v44);
v29 = (*(__int64 (__fastcall **)(__int64))(*(_QWORD *)v11 + 48LL))(v11);
v30 = (*(__int64 (__fastcall **)(__int64, _QWORD))(*(_QWORD *)v29 + 56LL))(v29, v15);
sub_1403BFC50(v44, v30);
(*(void (__fastcall **)(__int64, _QWORD))(*(_QWORD *)v6 + 608LL))(v6, 0);
v39[0] = v41;
v39[2] = v43;
v39[1] = v42;
v31 = sub_14072EE70(v39, v32);
return sub_140FCA750(a2, v31);
}
}
// iRenderer
LABEL_227:
if ( *(_BYTE *)(a2 + 3151) )
{
if ( !*(_BYTE *)(a1 + 2983) )
goto LABEL_247;
}
else if ( !*(_BYTE *)(a1 + 2983) )
{
sub_14008EFE0("Renderer initialization");
sub_14143E1D0(a1 + 64, 0, 0, 0, (__int64)&szAgent);
v101 = 1;
if ( !*(_BYTE *)(a2 + 3144) )
v101 = *(_QWORD *)(a1 + 4872);
if ( !(unsigned __int8)sub_141433270(a1, *(_QWORD *)(a1 + 4880), v101, a2) )
{
v102 = (*(__int64 (__fastcall **)(__int64))(*(_QWORD *)(a1 + 1544) + 56LL))(a1 + 1544);
v103 = (*(__int64 (__fastcall **)(__int64))(*(_QWORD *)(a1 + 1544) + 48LL))(a1 + 1544);
(*(__int64 (__fastcall **)(__int64))(*(_QWORD *)(a1 + 1544) + 40LL))(a1 + 1544);
(*(void (__fastcall **)(__int64))(*(_QWORD *)(a1 + 1544) + 32LL))(a1 + 1544);
sub_1400C2A00(
(char *)(a2 + 2632),
"CSystem::Init() returned false: InitRenderer() failed, errno: %d, last error: %d, description code: %d, description: %s");
sub_14008F050("%s", (const char *)(a2 + 2632));
v104 = (*(__int64 (__fastcall **)(__int64))(*(_QWORD *)(*(_QWORD *)(a1 + 544) ^ 0x7DBFB1CEF23CAA39LL) + 528LL))(*(_QWORD *)(a1 + 544) ^ 0x7DBFB1CEF23CAA39LL);
if ( (*(__int64 (__fastcall **)(__int64, __int64, const char *, _QWORD, int, __int64))(*(_QWORD *)v104 + 24LL))(
v104,
1,
"noprompt",
0,
v103,
v102)
|| *(_BYTE *)(a2 + 3163) )
{
return 0;
}
// Я перешёл в sub после неудачной инициализации
__int64 sub_14008F050(const char *a1, ...)
{
__int64 result; // rax
va_list va; // [rsp+38h] [rbp+10h] BYREF
va_start(va, a1);
if ( g_SystemGlobalEnvironment != 0xEEA1AF117F1EA291uLL )
{
result = 0x7DBFB1CEF23CAA39LL;
if ( *(_QWORD *)(g_SystemGlobalEnvironment + 0x115E50EE80E15F4FLL) != 0x7DBFB1CEF23CAA39LL )
{
result = 0xFD9E35F095C48DB9uLL;
if ( *(_QWORD *)(g_SystemGlobalEnvironment + 0x115E50EE80E15D79LL) != 0xFD9E35F095C48DB9uLL )
return (**(__int64 (__fastcall ***)(unsigned __int64, __int64, const char *, __int64 *))(*(_QWORD *)(g_SystemGlobalEnvironment + 0x115E50EE80E15D79LL)
^ 0xFD9E35F095C48DB9uLL))(
*(_QWORD *)(g_SystemGlobalEnvironment + 0x115E50EE80E15D79LL) ^ 0xFD9E35F095C48DB9uLL,
2,
a1,
(__int64 *)va);
}
}
return result;
}
__int64 __fastcall sub_141676680(__int64 a1, int a2, unsigned int *a3, _DWORD *a4)
{
__int64 v8; // rax
__int64 v9; // r15
__int64 v10; // rax
__int64 v11; // rdi
_DWORD v13[14]; // [rsp+20h] [rbp-38h] BYREF
unsigned int v14; // [rsp+60h] [rbp+8h] BYREF
v8 = (*(__int64 (__fastcall **)(__int64, const char *))(*(_QWORD *)qword_142AE2118 + 200LL))(
qword_142AE2118,
"r_Fullscreen");
if ( v8 )
(*(void (__fastcall **)(__int64, _QWORD))(*(_QWORD *)v8 + 48LL))(v8, 0);
v9 = (*(__int64 (__fastcall **)(__int64, const char *))(*(_QWORD *)(*(_QWORD *)(g_SystemGlobalEnvironment
+ 0x115E50EE80E15EFFLL)
+ 0x7EB535ABC30B6CCDLL)
+ 200LL))(
*(_QWORD *)(g_SystemGlobalEnvironment + 0x115E50EE80E15EFFLL) + 0x7EB535ABC30B6CCDLL,
"r_Width");
v10 = (*(__int64 (__fastcall **)(__int64, const char *))(*(_QWORD *)(*(_QWORD *)(g_SystemGlobalEnvironment
+ 0x115E50EE80E15EFFLL)
+ 0x7EB535ABC30B6CCDLL)
+ 200LL))(
*(_QWORD *)(g_SystemGlobalEnvironment + 0x115E50EE80E15EFFLL) + 0x7EB535ABC30B6CCDLL,
"r_Height");
v11 = v10;
if ( v9 && v10 )
{
v14 = *a3;
v13[0] = *a4;
sub_14157AB50(qword_142AE2130, &v14, v13);
(*(void (__fastcall **)(__int64, _QWORD))(*(_QWORD *)v9 + 48LL))(v9, v14);
(*(void (__fastcall **)(__int64, _QWORD))(*(_QWORD *)v11 + 48LL))(v11, v13[0]);
*a3 = v14;
*a4 = v13[0];
}
(*(void (__fastcall **)(__int64, _QWORD, _QWORD))(*(_QWORD *)a1 + 80LL))(a1, 0, 0);
return sub_1400C2C60("Failed to enter fullscreen mode, with error: 0x%x, falling back to windowed", a2);
}
// iGame
void __fastcall sub_140CED690(__int64 a1, int a2, __int64 a3, const CHAR *a4)
{
__int64 v8; // rax
__int64 v9; // rbx
_DWORD *v10; // rax
__int64 v11; // r14
__int64 v12; // r8
__int64 v13; // rax
volatile signed __int32 *v14; // rcx
const CHAR *v15; // rdx
__int64 v16; // rax
__int64 v17; // rax
__int64 v18; // rax
_BYTE v19[8]; // [rsp+20h] [rbp-28h] BYREF
volatile signed __int32 *v20; // [rsp+28h] [rbp-20h]
*(_BYTE *)(a1 + 172) = 0;
if ( a3 )
{
if ( (unsigned __int8)sub_140CEE4A0() )
{
v8 = sub_140079B80(192);
v9 = 0;
if ( v8 )
v10 = (_DWORD *)sub_140DFCF50(v8);
else
v10 = 0;
v11 = *(_QWORD *)(a1 + 152);
*(_QWORD *)(a1 + 152) = v10;
if ( v11 )
{
sub_140CEE640(v11);
sub_140079C00(v11, 192);
v10 = *(_DWORD **)(a1 + 152);
}
v12 = -1;
*v10 = a2;
do
++v12;
while ( *(_BYTE *)(a3 + v12) );
sub_14009B9B0(*(_QWORD *)(a1 + 152) + 24LL, a3, v12);
v13 = sub_1401109D0(v19);
sub_14008E5F0(*(_QWORD *)(a1 + 152) + 168LL, v13);
v14 = v20;
if ( v20 != &dword_142A19418 && *(int *)v20 > 0 && _InterlockedExchangeAdd(v20, 0xFFFFFFFF) == 1 )
{
qword_142A7ADB8 += -13 - *((_DWORD *)v14 + 2);
sub_14007A060(v14, 15);
}
v15 = &szAgent;
if ( a4 )
v15 = a4;
if ( v15 )
{
v9 = -1;
do
++v9;
while ( v15[v9] );
}
sub_14009B9B0(*(_QWORD *)(a1 + 152) + 40LL, v15, v9);
*(_DWORD *)(a1 + 168) = 2;
sub_140CEE3D0(a1, 0);
}
else
{
v16 = sub_1400B06B0(off_142A7DBE8[60]);
(*(void (__fastcall **)(__int64, __int64, __int64))(*(_QWORD *)v16 + 32LL))(v16, a3, 30);
v17 = (*(__int64 (__fastcall **)(__int64, const char *))(*(_QWORD *)(*(_QWORD *)(g_SystemGlobalEnvironment
+ 0x115E50EE80E15EFFLL)
+ 0x7EB535ABC30B6CCDLL)
+ 200LL))(
*(_QWORD *)(g_SystemGlobalEnvironment + 0x115E50EE80E15EFFLL) + 0x7EB535ABC30B6CCDLL,
"g_victoryCondition");
(*(void (__fastcall **)(__int64, __int64))(*(_QWORD *)v17 + 48LL))(v17, 3);
*(_DWORD *)(qword_142A7DBF8 + 1584) = 1;
*(_DWORD *)(qword_142A7DBF8 + 3376) = 1;
v18 = (*(__int64 (__fastcall **)(__int64, const char *))(*(_QWORD *)(*(_QWORD *)(g_SystemGlobalEnvironment
+ 0x115E50EE80E15EFFLL)
+ 0x7EB535ABC30B6CCDLL)
+ 200LL))(
*(_QWORD *)(g_SystemGlobalEnvironment + 0x115E50EE80E15EFFLL) + 0x7EB535ABC30B6CCDLL,
"g_spawnMode");
(*(void (__fastcall **)(__int64, __int64))(*(_QWORD *)v18 + 48LL))(v18, 2);
}
}
}
// RayWorldIntersection - не знаю нахуя она ну пускай будет
v63 = v11;
v19 = (*(int (__fastcall **)(__int64 *, __int64 *, const char *, __int64))(v18 + 280))(
v17,
&v48,
"RayWorldIntersection(Script)",
3);
v20 = (*(__int64 (__fastcall **)(_QWORD, _QWORD))(**(_QWORD **)(v16 + 80) + 96LL))(*(_QWORD *)(v16 + 80), 0);
(*(void (__fastcall **)(__int64))(*(_QWORD *)v20 + 16LL))(v20);
v21 = v19;
if ( (int)v19 > 0 )
{
v22 = v46;
v23 = (int *)&v68;
do
{
v24 = (*(__int64 (__fastcall **)(_QWORD, _QWORD))(**(_QWORD **)(v22 + 80) + 96LL))(*(_QWORD *)(v22 + 80), 0);
(*(void (__fastcall **)(__int64))(*(_QWORD *)v24 + 16LL))(v24);
v25 = *(v23 - 1);
v26 = *(_QWORD *)v24;
LODWORD(v40) = *(v23 - 2);
v41 = *v23;
HIDWORD(v40) = v25;
LODWORD(v39) = 9;
(*(void (__fastcall **)(__int64, const char *, __int64 *, _QWORD))(v26 + 48))(v24, "pos", &v39, 0);
if ( (_DWORD)v39 == 6 )
{struct SSystemGlobalEnvironment
{
template <typename T>
static T* GetEncryptedPointer(uint64_t offset, uint64_t xor_key) {
uint64_t table_ptr = memory::read<uint64_t>(0x142A190A7);
if (!table_ptr) return nullptr;
uint64_t encrypted_val = memory::read<uint64_t>(table_ptr + offset);
return reinterpret_cast<T*>(encrypted_val ^ xor_key);
}
template <typename T>
static T* GetEncryptedPointerAdd(uint64_t offset, uint64_t add_key) {
uint64_t table_ptr = memory::read<uint64_t>(0x142A190A7);
if (!table_ptr) return nullptr;
uint64_t encrypted_val = memory::read<uint64_t>(table_ptr + offset);
return reinterpret_cast<T*>(encrypted_val + add_key);
}
// offsets
CRenderer* GetRenderer() {
// IRenderer: offset 0x115E50EE80E15F4F, xor 0x7DBFB1CEF23CAA39
return GetEncryptedPointer<CRenderer>(0x115E50EE80E15F4FLL, 0x7DBFB1CEF23CAA39LL);
}
CGame* GetGame() {
// IGame: offset 0x115E50EE80E15DC4, xor 0x987478F4BF8D3F1E
return GetEncryptedPointer<CGame>(0x115E50EE80E15DC4LL, 0x987478F4BF8D3F1EuLL);
}
CGameFramework* GetGameFramework() {
// IGameFramework: offset 0x115E50EE80E15F09, xor 0xB1235E4E8CDE738F
return GetEncryptedPointer<CGameFramework>(0x115E50EE80E15F09LL, 0xB1235E4E8CDE738FuLL);
}
void* GetConsole() {
// IConsole: offset 0x115E50EE80E15EFF, add 0x7EB535ABC30B6CCD
return GetEncryptedPointerAdd<void>(0x115E50EE80E15EFFLL, 0x7EB535ABC30B6CCDLL);
}
static SSystemGlobalEnvironment* GetInstance() {
uint64_t table_ptr = memory::read<uint64_t>(0x142A190A7);
if (!table_ptr) return nullptr;
return reinterpret_cast<SSystemGlobalEnvironment*>(table_ptr + 0x115E50EE80E15D6FLL);
}
{
template <typename T>
static T* GetEncryptedPointer(uint64_t offset, uint64_t xor_key) {
uint64_t table_ptr = memory::read<uint64_t>(0x142A190A7);
if (!table_ptr) return nullptr;
uint64_t encrypted_val = memory::read<uint64_t>(table_ptr + offset);
return reinterpret_cast<T*>(encrypted_val ^ xor_key);
}
template <typename T>
static T* GetEncryptedPointerAdd(uint64_t offset, uint64_t add_key) {
uint64_t table_ptr = memory::read<uint64_t>(0x142A190A7);
if (!table_ptr) return nullptr;
uint64_t encrypted_val = memory::read<uint64_t>(table_ptr + offset);
return reinterpret_cast<T*>(encrypted_val + add_key);
}
// offsets
CRenderer* GetRenderer() {
// IRenderer: offset 0x115E50EE80E15F4F, xor 0x7DBFB1CEF23CAA39
return GetEncryptedPointer<CRenderer>(0x115E50EE80E15F4FLL, 0x7DBFB1CEF23CAA39LL);
}
CGame* GetGame() {
// IGame: offset 0x115E50EE80E15DC4, xor 0x987478F4BF8D3F1E
return GetEncryptedPointer<CGame>(0x115E50EE80E15DC4LL, 0x987478F4BF8D3F1EuLL);
}
CGameFramework* GetGameFramework() {
// IGameFramework: offset 0x115E50EE80E15F09, xor 0xB1235E4E8CDE738F
return GetEncryptedPointer<CGameFramework>(0x115E50EE80E15F09LL, 0xB1235E4E8CDE738FuLL);
}
void* GetConsole() {
// IConsole: offset 0x115E50EE80E15EFF, add 0x7EB535ABC30B6CCD
return GetEncryptedPointerAdd<void>(0x115E50EE80E15EFFLL, 0x7EB535ABC30B6CCDLL);
}
static SSystemGlobalEnvironment* GetInstance() {
uint64_t table_ptr = memory::read<uint64_t>(0x142A190A7);
if (!table_ptr) return nullptr;
return reinterpret_cast<SSystemGlobalEnvironment*>(table_ptr + 0x115E50EE80E15D6FLL);
}
