88 lines
3.1 KiB
C#
88 lines
3.1 KiB
C#
using Frida;
|
|
using System;
|
|
using System.Collections.Generic;
|
|
using System.Collections.ObjectModel;
|
|
using System.Diagnostics;
|
|
using System.IO;
|
|
using System.Linq;
|
|
using System.Text;
|
|
using System.Threading.Tasks;
|
|
using System.Windows.Threading;
|
|
|
|
namespace MHFNoGG
|
|
{
|
|
internal class Program
|
|
{
|
|
public static DeviceManager deviceManager { get; set; }//设备管理器 用于批量hook设备
|
|
|
|
static void Main(string[] args)
|
|
{
|
|
Console.WriteLine("按下回车结束");
|
|
Console.ReadLine();
|
|
string path = Directory.GetCurrentDirectory();
|
|
|
|
deviceManager = new DeviceManager(null);
|
|
var devices = deviceManager.EnumerateDevices();
|
|
var count = devices.Length;
|
|
Device device = devices.Where(w => w.Type == DeviceType.Local).First();
|
|
Console.WriteLine($"path => {path}");
|
|
uint pid = 0;
|
|
try
|
|
{
|
|
pid = device.Spawn(path + "\\mhf.exe", new string[] { path + "\\mhf.exe", ""}, new string[] { }, new string[] { }, "");
|
|
}
|
|
catch (Exception ex)
|
|
{
|
|
Console.WriteLine("Spawn failed: " + ex.Message);
|
|
}
|
|
Session session = device.Attach(pid);
|
|
Script script = session.CreateScript(@"
|
|
|
|
// Wait for ASProtect to unpack.
|
|
// mhf.exe calls GetCommandLineA near it's entrypoint before WinMain, so it will be one of the first few calls.
|
|
var mhfGetCommandLineAHook = Interceptor.attach(Module.findExportByName(""kernel32.dll"", ""GetCommandLineA""), {
|
|
onEnter: function(args){
|
|
try{
|
|
var mhfMod = Process.getModuleByName('mhf.exe');
|
|
var ggInitFuncResults = Memory.scanSync(mhfMod.base, mhfMod.size, ""55 8B EC 81 EC 04 01 00 00"");
|
|
if(ggInitFuncResults.length < 1) {
|
|
//console.log(""Failed to find gameguard init function"");
|
|
return;
|
|
} else {
|
|
|
|
console.log(""Found GG init function in mhf.exe. Patching..."");
|
|
|
|
var ggInitFunc = ggInitFuncResults[0].address;
|
|
Memory.patchCode(ggInitFunc, 64, function (code) {
|
|
var cw = new X86Writer(code, { pc: ggInitFunc });
|
|
cw.putMovRegU32('eax', 1);
|
|
cw.putRet();
|
|
cw.flush();
|
|
});
|
|
|
|
console.log(""Patch complete."");
|
|
mhfGetCommandLineAHook.detach();
|
|
}
|
|
} catch(e){
|
|
}
|
|
}
|
|
});");
|
|
script.Message += new Frida.ScriptMessageHandler(script_Message);
|
|
script.Load();
|
|
device.Resume(pid);
|
|
|
|
while (true)
|
|
{
|
|
Console.ReadLine();
|
|
}
|
|
session.Detach();
|
|
}
|
|
|
|
private static void script_Message(object sender, Frida.ScriptMessageEventArgs e)
|
|
{
|
|
Console.WriteLine(String.Format("Message from Script: {0}", e.Message));
|
|
Console.WriteLine(String.Format(" Data: {0}", e.Data == null ? "null" : String.Join(", ", e.Data)));
|
|
}
|
|
}
|
|
}
|