From 75ca8ba0501ecd15786bbb83e31f557d11f54f78 Mon Sep 17 00:00:00 2001
From: CrazyRedMachine <crazyredmachine86@gmail.com>
Date: Sun, 21 Apr 2024 15:56:55 +0200
Subject: [PATCH] working

---
 popnhax/custom_categs.cc | 57 ++++++++++++++++++++++++++++++++--------
 1 file changed, 46 insertions(+), 11 deletions(-)

diff --git a/popnhax/custom_categs.cc b/popnhax/custom_categs.cc
index dc15c90..57de25e 100644
--- a/popnhax/custom_categs.cc
+++ b/popnhax/custom_categs.cc
@@ -90,15 +90,15 @@ void (*add_song_in_list)();
 void (*categ_inject_songlist)();
 
 struct songlist_struct_s *new_song_list = NULL;
-void get_subcateg_size_impl_old()
+void get_subcateg_size_impl()
 {
 	__asm("push edx\n");
 	__asm("mov _idx, eax\n");
 	tmp_size = subcategories[idx-2].size;
 //	tmp_categ_ptr = (uint32_t)&(subcategories[idx]);
 //	tmp_songlist_ptr = (uint32_t)&(subcategories[idx].songlist);
-//	new_song_list = (struct songlist_struct_s*) songlist_struct_addr;
-	new_song_list = (struct songlist_struct_s*) calloc(1, sizeof(struct songlist_struct_s));
+	new_song_list = (struct songlist_struct_s*) songlist_struct_addr;
+//	new_song_list = (struct songlist_struct_s*) calloc(1, sizeof(struct songlist_struct_s));
 	new_song_list->array_start = (uint32_t)&(subcategories[idx-2].songlist[0]);
 	new_song_list->array_end = (uint32_t)&(subcategories[idx-2].songlist[tmp_size]);
 	__asm("mov eax, [_tmp_size]");
@@ -106,10 +106,40 @@ void get_subcateg_size_impl_old()
 	__asm("pop edx\n");
 }
 
+uint32_t tmp_str_addr;
+void (*real_event_categ_generation)();
+void hook_event_categ_generation()
+{
+	//chaine dans [esp+0x1C], on check si l'adresse correspond à l'une de nos subcateg
+	//si c'est pas le cas on s'en va sans rien faire
+	//si c'est le cas alors on met les coord de début et fin dans la struct_songlist et on envoie l'adresse de struct sur eax	
+	__asm("mov _new_song_list, eax"); //save original intended value
+	__asm("push ecx");
+	__asm("push edx");
+	__asm("mov ebx, [esp+0x2C]\n");
+	__asm("mov _tmp_str_addr, ebx\n");
+	
+	for (uint32_t i = 0; i < subcateg_count; i++)
+	{
+		if (  (uint32_t)subcategories[i].name == tmp_str_addr )
+		{
+			tmp_size = subcategories[i].size;
+			new_song_list = (struct songlist_struct_s*) songlist_struct_addr;
+			new_song_list->array_start = (uint32_t)&(subcategories[i].songlist[0]);
+			new_song_list->array_end = (uint32_t)&(subcategories[i].songlist[tmp_size]);
+			break;
+		}
+	}
+	__asm("pop edx");
+	__asm("pop ecx");
+	__asm("mov eax, _new_song_list");
+	real_event_categ_generation();
+}
+
 uint32_t tmp_array_begin;
 uint32_t tmp_array_end;
 uint32_t tmp_zone;
-void get_subcateg_size_impl()
+void get_subcateg_size_impl_new()
 {
 	//on ecrit dans la zone d'où la fonction habituelle lit, p'tet ça marchera
 
@@ -165,11 +195,11 @@ void get_subcateg_name_impl()
 }
 
 uint32_t reimpl_value_1;
-uint32_t reimpl_value_2;
+uint32_t reimpl_value_2; //commun aux deux fonctions
 void (*get_subcateg_size)() = &get_subcateg_size_impl;
 void (*get_subcateg_name)() = &get_subcateg_name_impl;
 void (*reimpl_func_1)();
-void (*reimpl_func_2)();
+void (*reimpl_func_2_generate_event_category)();
 void (*reimpl_func_3)();
 void (*reimpl_func_4)();
 
@@ -229,7 +259,7 @@ __asm("mov ebx, 2\n");
 	__asm("push ecx\n");
 	__asm("mov ecx, dword ptr ss:[ebp+0x44]\n");
 	
-	reimpl_func_2();
+	reimpl_func_2_generate_event_category();
 	
 	__asm("jump_point_1:\n");
 	__asm("mov dword ptr ss:[esp+0x2C], 0xFFFFFFFF\n");
@@ -475,16 +505,21 @@ static bool patch_custom_categ_simple(const char *game_dll_fn) {
 /* retrieve useful values from this function */
         reimpl_value_1 = *((uint32_t*)(function_addr +0x03));
         reimpl_value_2 = *((uint32_t*)(function_addr +0x16));
-        reimpl_func_1 = (void (*)())( *((uint32_t*)(function_addr +0x49)) + (uint32_t)(function_addr +0x04 +0x49) );
-        reimpl_func_2 = (void (*)())( *((uint32_t*)(function_addr +0x73)) + (uint32_t)(function_addr +0x04 +0x73) );
-        reimpl_func_3 = (void (*)())( *((uint32_t*)(function_addr +0xBC)) + (uint32_t)(function_addr +0x04 +0xBC) );
-        reimpl_func_4 = (void (*)())( *((uint32_t*)(function_addr +0xD1)) + (uint32_t)(function_addr +0x04 +0xD1) );
+        reimpl_func_1                         = (void (*)())( *((uint32_t*)(function_addr +0x49)) + (uint32_t)(function_addr +0x04 +0x49) );
+        reimpl_func_2_generate_event_category = (void (*)())( *((uint32_t*)(function_addr +0x73)) + (uint32_t)(function_addr +0x04 +0x73) );
+        reimpl_func_3                         = (void (*)())( *((uint32_t*)(function_addr +0xBC)) + (uint32_t)(function_addr +0x04 +0xBC) );
+        reimpl_func_4                         = (void (*)())( *((uint32_t*)(function_addr +0xD1)) + (uint32_t)(function_addr +0x04 +0xD1) );
 
         //get_subcateg_size = (void (*)())( *((uint32_t*)(function_addr +0x37)) + (uint32_t)(function_addr +0x04 +0x37) );
         //get_subcateg_name = (void (*)())( *((uint32_t*)(function_addr +0x63)) + (uint32_t)(function_addr +0x04 +0x63) );
 
         MH_CreateHook((LPVOID)patch_addr, (LPVOID)hook_categ_listing,
                      (void **)&real_categ_listing);
+
+        uint64_t patch_addr_2 = (int64_t)reimpl_func_2_generate_event_category + 80;
+        //need to inject correct memory zone after generation as well
+        MH_CreateHook((LPVOID)patch_addr_2, (LPVOID)hook_event_categ_generation,
+                     (void **)&real_event_categ_generation);
     }
 
     //add new category processing in jump table