sin365/MHFNoGG
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
master
MHFNoGG/Program.cs
sin365 4174d8916c ..
2023-10-04 15:37:18 +08:00

89 lines
3.3 KiB
C#
Raw Permalink Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

using Frida;
using System;
using System.Collections.Generic;
using System.Collections.ObjectModel;
using System.Diagnostics;
using System.IO;
using System.Linq;
using System.Text;
using System.Threading.Tasks;
using System.Windows.Threading;
namespace MHFNoGG
{
internal class Program
{
public static DeviceManager deviceManager { get; set; }//设备管理器 用于批量hook设备
static void Main(string[] args)
{
Console.WriteLine("按下回车启动MHF并干掉GG。Press Enter, Run mhf.exe with Fix GG by axibug.com");
Console.ReadLine();
string path = Directory.GetCurrentDirectory();
deviceManager = new DeviceManager(null);
var devices = deviceManager.EnumerateDevices();
var count = devices.Length;
Device device = devices.Where(w => w.Type == DeviceType.Local).First();
Console.WriteLine($"path => {path}");
uint pid = 0;
try
{
//pid = device.Spawn(path + "\\mhf.exe", new string[] { path + "\\mhf.exe", ""}, new string[] { }, new string[] { }, "");
pid = device.Spawn("mhf.exe", new string[] { path + "mhf.exe", "" }, new string[] { }, new string[] { }, "");
}
catch (Exception ex)
{
Console.WriteLine("Spawn failed: " + ex.Message);
}
Session session = device.Attach(pid);
Script script = session.CreateScript(@"
// Wait for ASProtect to unpack.
// mhf.exe calls GetCommandLineA near it's entrypoint before WinMain, so it will be one of the first few calls.
var mhfGetCommandLineAHook = Interceptor.attach(Module.findExportByName(""kernel32.dll"", ""GetCommandLineA""), {
onEnter: function(args){
try{
var mhfMod = Process.getModuleByName('mhf.exe');
var ggInitFuncResults = Memory.scanSync(mhfMod.base, mhfMod.size, ""55 8B EC 81 EC 04 01 00 00"");
if(ggInitFuncResults.length < 1) {
//console.log(""Failed to find gameguard init function"");
return;
} else {
console.log(""Found GG init function in mhf.exe. Patching..."");
var ggInitFunc = ggInitFuncResults[0].address;
Memory.patchCode(ggInitFunc, 64, function (code) {
var cw = new X86Writer(code, { pc: ggInitFunc });
cw.putMovRegU32('eax', 1);
cw.putRet();
cw.flush();
});
console.log(""Patch complete."");
mhfGetCommandLineAHook.detach();
}
} catch(e){
}
}
});");
script.Message += new Frida.ScriptMessageHandler(script_Message);
script.Load();
device.Resume(pid);
while (true)
{
Console.ReadLine();
}
session.Detach();
}
private static void script_Message(object sender, Frida.ScriptMessageEventArgs e)
{
Console.WriteLine(String.Format("Message from Script: {0}", e.Message));
Console.WriteLine(String.Format(" Data: {0}", e.Data == null ? "null" : String.Join(", ", e.Data)));
}
}
}
Reference in New Issue View Git Blame Copy Permalink