From 6f998add2b07a678dfee861d0285fe89f55cf571 Mon Sep 17 00:00:00 2001
From: BroGamer <64546358+BroGamer4256@users.noreply.github.com>
Date: Thu, 15 Sep 2022 14:40:55 +1200
Subject: [PATCH] Add base for skipping amauthd, not functional yet

---
 dist/config.toml                  |   2 +
 patches/8.18/dllmain.c            |   9 +-
 patches/what_the_fuck/Makefile    |  31 ++++
 patches/what_the_fuck/dllmain.cpp | 280 ++++++++++++++++++++++++++++++
 src/boilerplate.c                 |   3 -
 src/dllmain.c                     |  73 ++++++++
 src/helpers.h                     |   7 +
 7 files changed, 396 insertions(+), 9 deletions(-)
 create mode 100644 patches/what_the_fuck/Makefile
 create mode 100644 patches/what_the_fuck/dllmain.cpp

diff --git a/dist/config.toml b/dist/config.toml
index 190770a..0e5821c 100644
--- a/dist/config.toml
+++ b/dist/config.toml
@@ -2,6 +2,8 @@
 drumMax = 20000
 drumMin = 10000
 
+server = "vsapi.taiko-p.jp"
+
 accessCode1 = 1
 chipId1 = 1
 
diff --git a/patches/8.18/dllmain.c b/patches/8.18/dllmain.c
index 0369609..b84c5b9 100644
--- a/patches/8.18/dllmain.c
+++ b/patches/8.18/dllmain.c
@@ -8,11 +8,10 @@ HOOK_DYNAMIC (u8, __fastcall, qrReadFromCOM1, u64 a1) {
 	return 1;
 }
 
-i32 __stdcall DllMain (HMODULE mod, DWORD cause, void *ctx) {
-	if (cause != DLL_PROCESS_ATTACH) return 1;
-
+void
+PreInit () {
 	toml_table_t *config = openConfig (configPath ("plugins/patches.toml"));
-	if (!config) return 1;
+	if (!config) return;
 	void *handle = GetModuleHandle (0);
 	WRITE_MEMORY (ASLR (0x1400239C0, handle), u8, 0xC3);                                                          // Stop error
 	if (readConfigBool (config, "unlock_songs", true)) WRITE_MEMORY (ASLR (0x140314E8D, handle), u8, 0xB0, 0x01); // Unlock songs
@@ -39,6 +38,4 @@ i32 __stdcall DllMain (HMODULE mod, DWORD cause, void *ctx) {
 
 	INSTALL_HOOK_DYNAMIC (qrVtable1, amHandle + 0x1BA00);
 	INSTALL_HOOK_DYNAMIC (qrReadFromCOM1, amHandle + 0x1BC20);
-
-	return 1;
 }
diff --git a/patches/what_the_fuck/Makefile b/patches/what_the_fuck/Makefile
new file mode 100644
index 0000000..8682804
--- /dev/null
+++ b/patches/what_the_fuck/Makefile
@@ -0,0 +1,31 @@
+OUT = what_the_fuck
+CXX := x86_64-w64-mingw32-g++
+TARGET := x86_64-pc-windows-gnu
+SRC = dllmain.cpp
+OBJ = ${addprefix ../../${TARGET}/patches/what_the_fuck/,${SRC:.cpp=.o}}
+EXTERN_SRC = src/helpers.c tomlc99/toml.c minhook/src/buffer.c minhook/src/hook.c minhook/src/trampoline.c minhook/src/hde/hde32.c minhook/src/hde/hde64.c
+EXTERN_OBJ = ${addprefix ../../${TARGET}/,${EXTERN_SRC:.c=.o}}
+CXXFLAGS = -std=c++11 -I../../src -I../../minhook/include -I../../tomlc99 -Wall -Ofast -DWIN32_LEAN_AND_MEAN -D_WIN32_WINNT=_WIN32_WINNT_WIN7
+LDFLAGS := -shared -static -static-libgcc -s
+LIBS := -lmingw32 -luuid -lgdi32 -lwinmm -limm32 -lole32 -loleaut32 -lsetupapi -lversion -pthread
+
+all: options ${OUT}
+
+.PHONY: dirs
+dirs:
+	@mkdir -p ../../${TARGET}/patches/what_the_fuck
+
+.PHONY: options
+options:
+	@echo "CFLAGS	= ${CFLAGS}"
+	@echo "LDFLAGS	= ${LDFLAGS}"
+	@echo "CXX	= ${CXX}"
+
+../../${TARGET}/patches/what_the_fuck/%.o: %.cpp
+	@echo BUILD $@
+	@${CXX} -c ${CXXFLAGS} $< -o $@
+
+.PHONY: ${OUT}
+${OUT}: dirs ${OBJ}
+	@echo LINK $@
+	@${CXX} ${CXXFLAGS} -o ../../${TARGET}/$@.dll ${OBJ} ${EXTERN_OBJ} ${LDFLAGS} ${LIBS}
diff --git a/patches/what_the_fuck/dllmain.cpp b/patches/what_the_fuck/dllmain.cpp
new file mode 100644
index 0000000..c91e765
--- /dev/null
+++ b/patches/what_the_fuck/dllmain.cpp
@@ -0,0 +1,280 @@
+// Here be lions
+#include <chrono>
+#include <combaseapi.h>
+#include <thread>
+#include <unknwn.h>
+#include <winerror.h>
+#include <winnt.h>
+// Needs to be after for DEFINE_GUID
+#include "helpers.h"
+
+extern "C" {
+
+DWORD reg = 0;
+
+DEFINE_GUID (IID_CAuthFactory, 0x4603BB03, 0x058D, 0x43D9, 0xB9, 0x6F, 0x63, 0x9B, 0xE9, 0x08, 0xC1, 0xED);
+DEFINE_GUID (IID_CAuth, 0x045A5150, 0xD2B3, 0x4590, 0xA3, 0x8B, 0xC1, 0x15, 0x86, 0x78, 0xE1, 0xAC);
+
+class CAuth : public IUnknown {
+  public:
+	STDMETHODIMP
+	QueryInterface (REFIID riid, LPVOID *ppvObj) {
+		wchar_t *iid_str;
+		StringFromCLSID (riid, &iid_str);
+		printf ("QueryInterface %ls\n", iid_str);
+
+		if (riid == IID_IUnknown || riid == IID_CAuth) {
+			*ppvObj = this;
+			this->AddRef ();
+			return 0;
+		} else {
+			*ppvObj = 0;
+			return E_NOINTERFACE;
+		}
+	}
+	STDMETHODIMP_ (ULONG) AddRef () { return this->refCount++; }
+	STDMETHODIMP_ (ULONG) Release () {
+		this->refCount--;
+		if (this->refCount <= 0) {
+			delete this;
+			return 0;
+		}
+		return this->refCount;
+	}
+
+	// Seems to verify that local network is valid?
+	virtual i64
+	Unk3 (u32 a1) {
+		return 1;
+	}
+	virtual i64
+	Unk4 () {
+		return 1;
+	}
+	// Seems to check a config field, something to do with server/client
+	virtual i32
+	Unk5 () {
+		return 0;
+	}
+	// Seems to check that some config field is valid
+	virtual i64
+	Unk6 () {
+		return 1;
+	}
+	// Sets a random global to 1
+	virtual i32
+	Unk7 () {
+		return 0;
+	}
+	// Set some global vars
+	virtual i32
+	Unk8 () {
+		return 0;
+	}
+	// Puts some globals into a1
+	virtual i32
+	Unk9 (i32 *a1) {
+		printf ("Unk9\n");
+		a1[0x28] = 0;
+		a1[1]    = 1;
+		a1[7]    = 1;
+		a1[0x2C] = 1;
+		a1[0x2A] = 1;
+		a1[0x2E] = 1;
+		a1[0x31] = 0x11;
+		a1[0x30] = 1;
+		a1[0x2F] = 1;
+		return 0;
+	}
+	// Copies from a global to a1
+	virtual i32
+	Unk10 (void *a1) {
+		printf ("Unk10\n");
+		memset (a1, 0, 0xA8);
+		return 0;
+	}
+	// Lotsa fancy stuff here
+	virtual i32
+	Unk11 (char *a1) {
+		printf ("Unk11\n");
+		memset (a1, 0, 0x13C);
+		strncpy_s (a1, 4, "1", 3);
+		strncpy_s (a1 + 4, 0x10, "ALLNET", 0xF);
+		strncpy_s (a1 + 20, 8, "SWBY", 7);
+		strncpy_s (a1 + 28, 8, "12.00", 7);
+		strncpy_s (a1 + 36, 8, "S121", 7);
+		strncpy_s (a1 + 44, 8, "08.18", 7);
+		strncpy_s (a1 + 52, 4, "0", 3);
+		strncpy_s (a1 + 56, 4, "PCB", 3);
+		strncpy_s (a1 + 60, 0x100, "https://v402-front.mucha-prd.nbgi-amnet.jp:10122/mucha_front/", 0xFF);
+		return 0;
+	}
+	// Some config stuff, unsure if true or false wanted
+	virtual i32
+	Unk12 () {
+		return 1;
+	}
+	virtual i32
+	Unk13 () {
+		return 1;
+	}
+	// Seems to be some kind of copy? Can return E_FAIL and E_ACCESSDENIED
+	virtual i32
+	Unk14 (void *a1) {
+		printf ("Unk14\n");
+		memset (a1, 0, 0x8A2);
+		return 0;
+	}
+	// Can return E_FAIL E_ABORT E_UNEXPECTED
+	virtual i32
+	Unk15 () {
+		return 0;
+	}
+	// Config stuff
+	virtual i32
+	Unk16 () {
+		return 0;
+	}
+	virtual i32
+	Unk17 () {
+		return 0;
+	}
+	// Seems to be some kind of copy? Can return E_FAIL and E_ACCESSDENIED
+	virtual i32
+	Unk18 (void *a1) {
+		printf ("Unk18\n");
+		return 0;
+	}
+	// Fancy stuff happening here
+	virtual i32
+	Unk19 (void *a1) {
+		printf ("Unk19\n");
+		return 0;
+	}
+	// Can return E_FAIL E_ABORT E_UNEXPECTED E_NOTIMPL
+	// Something to do with MH
+	virtual i32
+	Unk20 () {
+		printf ("Unk20\n");
+		return 0;
+	}
+	// Can return E_FAIL E_ABORT E_UNEXPECTED E_NOTIMPL
+	// Something to do with a list<T>
+	// Maybe an init function
+	virtual i32
+	Unk21 () {
+		return 1;
+	}
+	virtual i32
+	Unk22 () {
+		return 0;
+	}
+	virtual i32
+	Unk23 () {
+		return 0;
+	}
+	// E_FAIL E_NOTIMPL
+	virtual i32
+	Unk24 () {
+		return 0;
+	}
+	// E_FAIL E_UNEXPECTED E_NOTIMPL
+	virtual i32
+	Unk25 () {
+		return 1;
+	}
+	// E_FAIL E_NOTIMPL
+	virtual i32
+	Unk26 () {
+		return 0;
+	}
+	// E_FAIL E_UNEXPECTED E_NOTIMPL
+	virtual i32
+	Unk27 () {
+		return 1;
+	}
+	// E_FAIL E_NOTIMPL
+	virtual i32
+	Unk28 () {
+		return 0;
+	}
+	// E_FAIL E_ACCESSDENIED
+	virtual i32
+	Unk29 () {
+		return 0;
+	}
+	virtual i32
+	Unk30 () {
+		return 0;
+	}
+	// nothing special
+	virtual i32
+	PrintDebugInfo () {
+		return 0;
+	}
+	virtual i32
+	Unk32 (void *a1) {
+		return 0;
+	}
+	virtual void
+	Unk33 () {}
+
+  public:
+	CAuth () { printf ("CAuth\n"); }
+	virtual ~CAuth () {}
+
+  private:
+	i32 refCount = 0;
+};
+
+class CAuthFactory : public IClassFactory {
+  public:
+	STDMETHODIMP
+	QueryInterface (REFIID riid, LPVOID *ppvObj) {
+		wchar_t *iid_str;
+		StringFromCLSID (riid, &iid_str);
+		printf ("QueryInterface %ls\n", iid_str);
+
+		if (riid == IID_IUnknown || riid == IID_IClassFactory || riid == IID_CAuthFactory) {
+			*ppvObj = this;
+			this->AddRef ();
+			return 0;
+		} else {
+			*ppvObj = 0;
+			return E_NOINTERFACE;
+		}
+	}
+	STDMETHODIMP_ (ULONG) AddRef () { return 2; }
+	STDMETHODIMP_ (ULONG) Release () { return 1; }
+	virtual HRESULT
+	CreateInstance (IUnknown *outer, REFIID riid, void **object) {
+		if (outer != 0) return CLASS_E_NOAGGREGATION;
+		wchar_t *iid_str;
+		StringFromCLSID (riid, &iid_str);
+		printf ("CreateInstance %ls\n", iid_str);
+		if (riid == IID_CAuth) {
+			CAuth *auth = new CAuth ();
+			return auth->QueryInterface (riid, object);
+		} else {
+			*object = 0;
+			return E_NOINTERFACE;
+		}
+	}
+	virtual HRESULT
+	LockServer (i32 lock) {
+		return 0;
+	}
+};
+
+void
+Init () {
+	CoInitializeEx (0, 0);
+	CoRegisterClassObject (IID_CAuthFactory, (IUnknown *)new CAuthFactory (), 4, 1, &reg);
+}
+
+void
+Exit () {
+	CoRevokeClassObject (reg);
+	CoUninitialize ();
+}
+}
diff --git a/src/boilerplate.c b/src/boilerplate.c
index a905960..c40991d 100644
--- a/src/boilerplate.c
+++ b/src/boilerplate.c
@@ -14,7 +14,6 @@ HOOK_DYNAMIC (u32, __stdcall, XinputGetCapabilites, u32 index, u32 flags, void *
 
 // bnusio stuff
 RETURN_FALSE (i64, __stdcall, bnusio_ClearSram);
-RETURN_FALSE (i64, __stdcall, bnusio_Close);
 RETURN_FALSE (i64, __fastcall, bnusio_Communication, i32 a1);
 RETURN_FALSE (i64, __fastcall, bnusio_DecService, i32 a1, u16 a2);
 RETURN_FALSE (void *, __fastcall, bnusio_GetBuffer, u16 a1, i64 a2, i16 a3);
@@ -67,7 +66,6 @@ HOOK_DYNAMIC (void, __stdcall, bngrw_fin) { return; }
 HOOK_DYNAMIC (u64, __stdcall, bngrw_GetFwVersion) { return 0; }
 HOOK_DYNAMIC (u64, __stdcall, bngrw_GetStationID) { return 0; }
 HOOK_DYNAMIC (u64, __stdcall, bngrw_GetRetryCount) { return 0; }
-HOOK_DYNAMIC (u64, __stdcall, bngrw_Init) { return 0; }
 HOOK_DYNAMIC (u64, __stdcall, bngrw_IsCmdExec) { return 0xFFFFFFFF; }
 HOOK_DYNAMIC (u64, __stdcall, bngrw_ReqAction) { return 1; }
 HOOK_DYNAMIC (u64, __stdcall, bngrw_ReqAiccAuth) { return 1; }
@@ -100,7 +98,6 @@ init_boilerplate () {
 	INSTALL_HOOK_DYNAMIC (bngrw_GetFwVersion, PROC_ADDRESS ("bngrw.dll", "BngRwGetFwVersion"));
 	INSTALL_HOOK_DYNAMIC (bngrw_GetStationID, PROC_ADDRESS ("bngrw.dll", "BngRwGetStationID"));
 	INSTALL_HOOK_DYNAMIC (bngrw_GetRetryCount, PROC_ADDRESS ("bngrw.dll", "BngRwGetTotalRetryCount"));
-	INSTALL_HOOK_DYNAMIC (bngrw_Init, PROC_ADDRESS ("bngrw.dll", "BngRwInit"));
 	INSTALL_HOOK_DYNAMIC (bngrw_IsCmdExec, PROC_ADDRESS ("bngrw.dll", "BngRwIsCmdExec"));
 	INSTALL_HOOK_DYNAMIC (bngrw_ReqAction, PROC_ADDRESS ("bngrw.dll", "BngRwReqAction"));
 	INSTALL_HOOK_DYNAMIC (bngrw_ReqAiccAuth, PROC_ADDRESS ("bngrw.dll", "BngRwReqAiccAuth"));
diff --git a/src/dllmain.c b/src/dllmain.c
index 14608f5..15d21c0 100644
--- a/src/dllmain.c
+++ b/src/dllmain.c
@@ -12,6 +12,8 @@ char accessCode2[21] = "00000000000000000002";
 char chipId1[33]     = "00000000000000000000000000000001";
 char chipId2[33]     = "00000000000000000000000000000002";
 
+char *server = "vsapi.taiko-p.jp";
+
 typedef i32 (*callbackAttach) (i32, i32, i32 *);
 typedef void (*callbackTouch) (i32, i32, u8[168], u64);
 bool waitingForTouch = false;
@@ -133,6 +135,66 @@ u32 __stdcall bnusio_GetSwIn () {
 	return sw;
 }
 
+i64 __stdcall bnusio_Close () {
+	wchar_t path[MAX_PATH];
+	GetModuleFileNameW (NULL, path, MAX_PATH);
+	*wcsrchr (path, '\\') = '\0';
+	SetCurrentDirectoryW (path);
+
+	WIN32_FIND_DATAW fd;
+	HANDLE hFind = FindFirstFileW (L"plugins/*.dll", &fd);
+	if (hFind != INVALID_HANDLE_VALUE) {
+		do {
+			if (fd.dwFileAttributes & FILE_ATTRIBUTE_DIRECTORY) continue;
+			wchar_t filePath[MAX_PATH];
+			wcscpy (filePath, path);
+			wcscat (filePath, L"/plugins/");
+			wcscat (filePath, fd.cFileName);
+			HMODULE hModule = LoadLibraryW (filePath);
+			if (!hModule) {
+				wchar_t buf[128];
+				swprintf (buf, 128, L"Failed to load plugin %d", GetLastError ());
+				MessageBoxW (NULL, buf, fd.cFileName, MB_ICONERROR);
+			} else {
+				FARPROC initEvent = GetProcAddress (hModule, "Exit");
+				if (initEvent) ((event *)initEvent) ();
+			}
+		} while (FindNextFileW (hFind, &fd));
+		FindClose (hFind);
+	}
+	return 0;
+}
+
+HOOK_DYNAMIC (u64, __stdcall, bngrw_Init) {
+	wchar_t path[MAX_PATH];
+	GetModuleFileNameW (NULL, path, MAX_PATH);
+	*wcsrchr (path, '\\') = '\0';
+	SetCurrentDirectoryW (path);
+
+	WIN32_FIND_DATAW fd;
+	HANDLE hFind = FindFirstFileW (L"plugins/*.dll", &fd);
+	if (hFind != INVALID_HANDLE_VALUE) {
+		do {
+			if (fd.dwFileAttributes & FILE_ATTRIBUTE_DIRECTORY) continue;
+			wchar_t filePath[MAX_PATH];
+			wcscpy (filePath, path);
+			wcscat (filePath, L"/plugins/");
+			wcscat (filePath, fd.cFileName);
+			HMODULE hModule = LoadLibraryW (filePath);
+			if (!hModule) {
+				wchar_t buf[128];
+				swprintf (buf, 128, L"Failed to load plugin %d", GetLastError ());
+				MessageBoxW (NULL, buf, fd.cFileName, MB_ICONERROR);
+			} else {
+				FARPROC initEvent = GetProcAddress (hModule, "Init");
+				if (initEvent) ((event *)initEvent) ();
+			}
+		} while (FindNextFileW (hFind, &fd));
+		FindClose (hFind);
+	}
+	return 0;
+}
+
 HOOK_DYNAMIC (u64, __stdcall, bngrw_attach, i32 a1, char *a2, i32 a3, i32 a4, callbackAttach callback, i32 *a6) {
 	// This is way too fucking jank
 	attachCallback = callback;
@@ -147,6 +209,10 @@ HOOK_DYNAMIC (i32, __stdcall, bngrw_reqWaitTouch, u32 a1, i32 a2, u32 a3, callba
 	return 1;
 }
 
+HOOK_DYNAMIC (i32, __stdcall, ws2_getaddrinfo, char *node, char *service, void *hints, void *out) {
+	return originalws2_getaddrinfo (server, service, hints, out);
+}
+
 i32 __stdcall DllMain (HMODULE mod, DWORD cause, void *ctx) {
 	if (cause == DLL_PROCESS_DETACH) DisposePoll ();
 	if (cause != DLL_PROCESS_ATTACH) return true;
@@ -155,6 +221,9 @@ i32 __stdcall DllMain (HMODULE mod, DWORD cause, void *ctx) {
 
 	INSTALL_HOOK_DYNAMIC (bngrw_attach, PROC_ADDRESS ("bngrw.dll", "BngRwAttach"));
 	INSTALL_HOOK_DYNAMIC (bngrw_reqWaitTouch, PROC_ADDRESS ("bngrw.dll", "BngRwReqWaitTouch"));
+	INSTALL_HOOK_DYNAMIC (bngrw_Init, PROC_ADDRESS ("bngrw.dll", "BngRwInit"));
+
+	INSTALL_HOOK_DYNAMIC (ws2_getaddrinfo, PROC_ADDRESS ("ws2_32.dll", "getaddrinfo"));
 
 	// Set current directory to the directory of the executable
 	// Find all files in the plugins directory that end with .dll
@@ -179,6 +248,9 @@ i32 __stdcall DllMain (HMODULE mod, DWORD cause, void *ctx) {
 				wchar_t buf[128];
 				swprintf (buf, 128, L"Failed to load plugin %d", GetLastError ());
 				MessageBoxW (NULL, buf, fd.cFileName, MB_ICONERROR);
+			} else {
+				FARPROC preInitEvent = GetProcAddress (hModule, "PreInit");
+				if (preInitEvent) ((event *)preInitEvent) ();
 			}
 		} while (FindNextFileW (hFind, &fd));
 		FindClose (hFind);
@@ -188,6 +260,7 @@ i32 __stdcall DllMain (HMODULE mod, DWORD cause, void *ctx) {
 	if (config) {
 		drumMax            = readConfigInt (config, "drumMax", drumMax);
 		drumMin            = readConfigInt (config, "drumMin", drumMin);
+		server             = readConfigString (config, "server", server);
 		i64 accessCode1Int = readConfigInt (config, "accessCode1", 1);
 		i64 accessCode2Int = readConfigInt (config, "accessCode2", 2);
 		i64 chipId1Int     = readConfigInt (config, "chipId1", 1);
diff --git a/src/helpers.h b/src/helpers.h
index f648dce..75031b8 100644
--- a/src/helpers.h
+++ b/src/helpers.h
@@ -14,6 +14,13 @@ typedef uint8_t u8;
 typedef uint16_t u16;
 typedef uint32_t u32;
 typedef uint64_t u64;
+typedef void event ();
+
+#ifdef DEFINE_GUID
+#undef DEFINE_GUID
+#endif
+
+#define DEFINE_GUID(name, l, w1, w2, b1, b2, b3, b4, b5, b6, b7, b8) const GUID name = { l, w1, w2, { b1, b2, b3, b4, b5, b6, b7, b8 } }
 
 #ifdef BASE_ADDRESS
 #define ASLR(address, handle) ((u64)handle + (u64)address - (u64)BASE_ADDRESS)