$ MRX.BEST $
-
Автор темы
- #1
Версия: 3.8.22.42
Получить имя по индексу:
Как использовать :
Получить указатель расшифровки Gname.
Получите UWorld Decrypt Pointer.
Взято с UC.
Код:
#define UWORLD 0x42DE9B0
#define GNAMES 0x1E85050
#define DECRYPT_TABLE 0x3F9B400
Код:
using DecryptFunction = __int64(__fastcall *)(__int64);
using DecryptNameEntryFn = __int64(__fastcall*)(__int64); __int64 vOut;
Код:
__int64 __fastcall TslDecryptProperty(__int64 cryptedOffset)
{
int v1;
unsigned int v3;
__int64 v4;
v3 = READ32(cryptedOffset);
v4 = READ64(cryptedOffset + 0x8);
auto DecryptTable = reinterpret_cast<__int64*>(GET_ADDR(DECRYPT_TABLE));
v1 = (unsigned __int16)(v3 - 30) ^ ((unsigned __int16)~((~HIWORD(v3) + 102) ^ 0xFF9A) + 46594);
return __ROR8__(
reinterpret_cast<DecryptFunction>(DecryptTable[((unsigned __int8)(((v3 - 30) ^ (~((~BYTE2(v3) + 102) ^ 0x9A) + 2)) - 14) ^ ((unsigned __int8)(BYTE1(v1) - 18) + 124))
% 128])(v4 ^ v3),
-6);
}
__int64 __fastcall TslDecryptActor(__int64 cryptedOffset)
{
int v3;
__int16 v4;
int v5;
unsigned int v6;
int v7;
int v8;
__int64 v9;
unsigned int v17;
__int64 v18;
v17 = READ32(cryptedOffset);
v18 = READ64(cryptedOffset + 0x8);
auto DecryptTable = reinterpret_cast<__int64*>(GET_ADDR(DECRYPT_TABLE));
if (v17 & 2)
{
v3 = ~((unsigned __int16)v17 - 20);
v4 = v17 + 20;
}
else
{
IDA_LOWORD(v3) = v17 - 19;
v4 = v17 ^ 0xFFEC;
}
v5 = (unsigned __int16)(~v4 + v3);
v6 = v5 ^ ((v17 >> 16) + 9388);
v7 = (unsigned __int8)(v5 ^ (BYTE2(v17) - 84));
if (v7 & 2)
v8 = ~(v7 + 76) + ~(v7 - 76);
else
v8 = v7 + ~(v7 ^ 0x4C) + 77;
v9 = __ROR8__(
reinterpret_cast<DecryptFunction>(DecryptTable[((unsigned __int8)v8 ^ ((unsigned __int8)(BYTE1(v6) + 12) + 168)) % 128])(__ROL8__(
v18 ^ v17,
8 * (v17 & 7)) - v17),
-4);
return v9;
}
__int64 __fastcall TslDecryptWorld(__int64 cryptedOffset)
{
__int64 v1;
__int64 result;
int v3;
int v4;
__int64 v5;
unsigned int v6;
__int64 v7;
v6 = READ32(cryptedOffset);
v7 = READ64(cryptedOffset + 0x8);
auto DecryptTable = reinterpret_cast<__int64*>(GET_ADDR(DECRYPT_TABLE));
v3 = (unsigned __int16)(v6 + 110) ^ ((unsigned __int16)(HIWORD(v6) + 118) + 47694);
v4 = (unsigned __int8)(((v6 + 110) ^ (BYTE2(v6) - 60)) - 34) ^ ((unsigned __int8)(BYTE1(v3) + 66) + 228);
if (v6 & 2)
v5 = v7 ^ v6;
else
v5 = v7 + v6;
result = __ROR8__(reinterpret_cast<DecryptFunction>(DecryptTable[v4 % 128])(v5), 22);
return result;
}
__int64 __fastcall TslDecryptGNames(__int64 cryptedOffset)
{
int v5;
__int64 v6;
int v7;
__int64 v8;
unsigned int v14;
__int64 v16;
v14 = READ32(cryptedOffset);
v16 = READ64(cryptedOffset + 0x8);
auto DecryptTable = reinterpret_cast<__int64*>(GET_ADDR(DECRYPT_TABLE));
v5 = (unsigned __int16)(v14 - 20) ^ ((unsigned __int16)(HIWORD(v14) + 68) + 56404);
v6 = reinterpret_cast<DecryptFunction>(DecryptTable[((unsigned __int8)(((v14 - 20) ^ (BYTE2(v14) - 104)) + 76) ^ ((unsigned __int8)(BYTE1(v5) + 12)
+ 88))
% 128])(~(~v16 + v14));
v14 = READ32(__ROR8__(v6, 4));
v16 = READ64(__ROR8__(v6, 4) + 0x8);
v7 = ((unsigned __int16)~((~HIWORD(v14) - 126) ^ 0x7E) + 62070) ^ (unsigned __int16)(v14 + 22);
v8 = __ROR8__(
reinterpret_cast<DecryptFunction>(DecryptTable[((unsigned __int8)(((~((~BYTE2(v14) - 126) ^ 0x7E) + 118) ^ (v14 + 22)) - 58) ^ ((unsigned __int8)(BYTE1(v7) - 38) + 148))
% 128])(__ROR8__(v16, 8 * (v14 & 7)) + v14),
-98);
return v8;
}
Код:
std::string GetNameByIndex(int i)
{
char name[64] = { NULL };
auto encrypted_offset = (reinterpret_cast<DecryptNameEntryFn>(GET_ADDR(GNAMES))((__int64)&vOut));
auto FNamePtr = READ64(TslDecryptGNames(encrypted_offset) + int(i / 0x4000) * 8);
auto FName = READ64(FNamePtr + int(i % 0x4000) * 8);
if (ReadProcessMemory(GetCurrentProcess(), (LPVOID)(FName + 0x18), name, sizeof(name) - 2, NULL) != 0)
return std::string(name);
return std::string("NULL");
}Получить указатель расшифровки Gname.
Код:
auto encrypted_offset = (reinterpret_cast<DecryptNameEntryFn>(GET_ADDR(GNAMES))((__int64)&vOut));
auto GNameDecryptedPtr = TslDecryptGNames(encrypted_offset);
Код:
auto UWorld = TslDecryptWorld(GET_ADDR(UWORLD));