1
0
mirror of synced 2024-12-18 02:15:52 +01:00

Add base for skipping amauthd, not functional yet

This commit is contained in:
BroGamer 2022-09-15 14:40:55 +12:00
parent 3576c04073
commit 6f998add2b
7 changed files with 396 additions and 9 deletions

2
dist/config.toml vendored
View File

@ -2,6 +2,8 @@
drumMax = 20000 drumMax = 20000
drumMin = 10000 drumMin = 10000
server = "vsapi.taiko-p.jp"
accessCode1 = 1 accessCode1 = 1
chipId1 = 1 chipId1 = 1

View File

@ -8,11 +8,10 @@ HOOK_DYNAMIC (u8, __fastcall, qrReadFromCOM1, u64 a1) {
return 1; return 1;
} }
i32 __stdcall DllMain (HMODULE mod, DWORD cause, void *ctx) { void
if (cause != DLL_PROCESS_ATTACH) return 1; PreInit () {
toml_table_t *config = openConfig (configPath ("plugins/patches.toml")); toml_table_t *config = openConfig (configPath ("plugins/patches.toml"));
if (!config) return 1; if (!config) return;
void *handle = GetModuleHandle (0); void *handle = GetModuleHandle (0);
WRITE_MEMORY (ASLR (0x1400239C0, handle), u8, 0xC3); // Stop error WRITE_MEMORY (ASLR (0x1400239C0, handle), u8, 0xC3); // Stop error
if (readConfigBool (config, "unlock_songs", true)) WRITE_MEMORY (ASLR (0x140314E8D, handle), u8, 0xB0, 0x01); // Unlock songs if (readConfigBool (config, "unlock_songs", true)) WRITE_MEMORY (ASLR (0x140314E8D, handle), u8, 0xB0, 0x01); // Unlock songs
@ -39,6 +38,4 @@ i32 __stdcall DllMain (HMODULE mod, DWORD cause, void *ctx) {
INSTALL_HOOK_DYNAMIC (qrVtable1, amHandle + 0x1BA00); INSTALL_HOOK_DYNAMIC (qrVtable1, amHandle + 0x1BA00);
INSTALL_HOOK_DYNAMIC (qrReadFromCOM1, amHandle + 0x1BC20); INSTALL_HOOK_DYNAMIC (qrReadFromCOM1, amHandle + 0x1BC20);
return 1;
} }

View File

@ -0,0 +1,31 @@
OUT = what_the_fuck
CXX := x86_64-w64-mingw32-g++
TARGET := x86_64-pc-windows-gnu
SRC = dllmain.cpp
OBJ = ${addprefix ../../${TARGET}/patches/what_the_fuck/,${SRC:.cpp=.o}}
EXTERN_SRC = src/helpers.c tomlc99/toml.c minhook/src/buffer.c minhook/src/hook.c minhook/src/trampoline.c minhook/src/hde/hde32.c minhook/src/hde/hde64.c
EXTERN_OBJ = ${addprefix ../../${TARGET}/,${EXTERN_SRC:.c=.o}}
CXXFLAGS = -std=c++11 -I../../src -I../../minhook/include -I../../tomlc99 -Wall -Ofast -DWIN32_LEAN_AND_MEAN -D_WIN32_WINNT=_WIN32_WINNT_WIN7
LDFLAGS := -shared -static -static-libgcc -s
LIBS := -lmingw32 -luuid -lgdi32 -lwinmm -limm32 -lole32 -loleaut32 -lsetupapi -lversion -pthread
all: options ${OUT}
.PHONY: dirs
dirs:
@mkdir -p ../../${TARGET}/patches/what_the_fuck
.PHONY: options
options:
@echo "CFLAGS = ${CFLAGS}"
@echo "LDFLAGS = ${LDFLAGS}"
@echo "CXX = ${CXX}"
../../${TARGET}/patches/what_the_fuck/%.o: %.cpp
@echo BUILD $@
@${CXX} -c ${CXXFLAGS} $< -o $@
.PHONY: ${OUT}
${OUT}: dirs ${OBJ}
@echo LINK $@
@${CXX} ${CXXFLAGS} -o ../../${TARGET}/$@.dll ${OBJ} ${EXTERN_OBJ} ${LDFLAGS} ${LIBS}

View File

@ -0,0 +1,280 @@
// Here be lions
#include <chrono>
#include <combaseapi.h>
#include <thread>
#include <unknwn.h>
#include <winerror.h>
#include <winnt.h>
// Needs to be after for DEFINE_GUID
#include "helpers.h"
extern "C" {
DWORD reg = 0;
DEFINE_GUID (IID_CAuthFactory, 0x4603BB03, 0x058D, 0x43D9, 0xB9, 0x6F, 0x63, 0x9B, 0xE9, 0x08, 0xC1, 0xED);
DEFINE_GUID (IID_CAuth, 0x045A5150, 0xD2B3, 0x4590, 0xA3, 0x8B, 0xC1, 0x15, 0x86, 0x78, 0xE1, 0xAC);
class CAuth : public IUnknown {
public:
STDMETHODIMP
QueryInterface (REFIID riid, LPVOID *ppvObj) {
wchar_t *iid_str;
StringFromCLSID (riid, &iid_str);
printf ("QueryInterface %ls\n", iid_str);
if (riid == IID_IUnknown || riid == IID_CAuth) {
*ppvObj = this;
this->AddRef ();
return 0;
} else {
*ppvObj = 0;
return E_NOINTERFACE;
}
}
STDMETHODIMP_ (ULONG) AddRef () { return this->refCount++; }
STDMETHODIMP_ (ULONG) Release () {
this->refCount--;
if (this->refCount <= 0) {
delete this;
return 0;
}
return this->refCount;
}
// Seems to verify that local network is valid?
virtual i64
Unk3 (u32 a1) {
return 1;
}
virtual i64
Unk4 () {
return 1;
}
// Seems to check a config field, something to do with server/client
virtual i32
Unk5 () {
return 0;
}
// Seems to check that some config field is valid
virtual i64
Unk6 () {
return 1;
}
// Sets a random global to 1
virtual i32
Unk7 () {
return 0;
}
// Set some global vars
virtual i32
Unk8 () {
return 0;
}
// Puts some globals into a1
virtual i32
Unk9 (i32 *a1) {
printf ("Unk9\n");
a1[0x28] = 0;
a1[1] = 1;
a1[7] = 1;
a1[0x2C] = 1;
a1[0x2A] = 1;
a1[0x2E] = 1;
a1[0x31] = 0x11;
a1[0x30] = 1;
a1[0x2F] = 1;
return 0;
}
// Copies from a global to a1
virtual i32
Unk10 (void *a1) {
printf ("Unk10\n");
memset (a1, 0, 0xA8);
return 0;
}
// Lotsa fancy stuff here
virtual i32
Unk11 (char *a1) {
printf ("Unk11\n");
memset (a1, 0, 0x13C);
strncpy_s (a1, 4, "1", 3);
strncpy_s (a1 + 4, 0x10, "ALLNET", 0xF);
strncpy_s (a1 + 20, 8, "SWBY", 7);
strncpy_s (a1 + 28, 8, "12.00", 7);
strncpy_s (a1 + 36, 8, "S121", 7);
strncpy_s (a1 + 44, 8, "08.18", 7);
strncpy_s (a1 + 52, 4, "0", 3);
strncpy_s (a1 + 56, 4, "PCB", 3);
strncpy_s (a1 + 60, 0x100, "https://v402-front.mucha-prd.nbgi-amnet.jp:10122/mucha_front/", 0xFF);
return 0;
}
// Some config stuff, unsure if true or false wanted
virtual i32
Unk12 () {
return 1;
}
virtual i32
Unk13 () {
return 1;
}
// Seems to be some kind of copy? Can return E_FAIL and E_ACCESSDENIED
virtual i32
Unk14 (void *a1) {
printf ("Unk14\n");
memset (a1, 0, 0x8A2);
return 0;
}
// Can return E_FAIL E_ABORT E_UNEXPECTED
virtual i32
Unk15 () {
return 0;
}
// Config stuff
virtual i32
Unk16 () {
return 0;
}
virtual i32
Unk17 () {
return 0;
}
// Seems to be some kind of copy? Can return E_FAIL and E_ACCESSDENIED
virtual i32
Unk18 (void *a1) {
printf ("Unk18\n");
return 0;
}
// Fancy stuff happening here
virtual i32
Unk19 (void *a1) {
printf ("Unk19\n");
return 0;
}
// Can return E_FAIL E_ABORT E_UNEXPECTED E_NOTIMPL
// Something to do with MH
virtual i32
Unk20 () {
printf ("Unk20\n");
return 0;
}
// Can return E_FAIL E_ABORT E_UNEXPECTED E_NOTIMPL
// Something to do with a list<T>
// Maybe an init function
virtual i32
Unk21 () {
return 1;
}
virtual i32
Unk22 () {
return 0;
}
virtual i32
Unk23 () {
return 0;
}
// E_FAIL E_NOTIMPL
virtual i32
Unk24 () {
return 0;
}
// E_FAIL E_UNEXPECTED E_NOTIMPL
virtual i32
Unk25 () {
return 1;
}
// E_FAIL E_NOTIMPL
virtual i32
Unk26 () {
return 0;
}
// E_FAIL E_UNEXPECTED E_NOTIMPL
virtual i32
Unk27 () {
return 1;
}
// E_FAIL E_NOTIMPL
virtual i32
Unk28 () {
return 0;
}
// E_FAIL E_ACCESSDENIED
virtual i32
Unk29 () {
return 0;
}
virtual i32
Unk30 () {
return 0;
}
// nothing special
virtual i32
PrintDebugInfo () {
return 0;
}
virtual i32
Unk32 (void *a1) {
return 0;
}
virtual void
Unk33 () {}
public:
CAuth () { printf ("CAuth\n"); }
virtual ~CAuth () {}
private:
i32 refCount = 0;
};
class CAuthFactory : public IClassFactory {
public:
STDMETHODIMP
QueryInterface (REFIID riid, LPVOID *ppvObj) {
wchar_t *iid_str;
StringFromCLSID (riid, &iid_str);
printf ("QueryInterface %ls\n", iid_str);
if (riid == IID_IUnknown || riid == IID_IClassFactory || riid == IID_CAuthFactory) {
*ppvObj = this;
this->AddRef ();
return 0;
} else {
*ppvObj = 0;
return E_NOINTERFACE;
}
}
STDMETHODIMP_ (ULONG) AddRef () { return 2; }
STDMETHODIMP_ (ULONG) Release () { return 1; }
virtual HRESULT
CreateInstance (IUnknown *outer, REFIID riid, void **object) {
if (outer != 0) return CLASS_E_NOAGGREGATION;
wchar_t *iid_str;
StringFromCLSID (riid, &iid_str);
printf ("CreateInstance %ls\n", iid_str);
if (riid == IID_CAuth) {
CAuth *auth = new CAuth ();
return auth->QueryInterface (riid, object);
} else {
*object = 0;
return E_NOINTERFACE;
}
}
virtual HRESULT
LockServer (i32 lock) {
return 0;
}
};
void
Init () {
CoInitializeEx (0, 0);
CoRegisterClassObject (IID_CAuthFactory, (IUnknown *)new CAuthFactory (), 4, 1, &reg);
}
void
Exit () {
CoRevokeClassObject (reg);
CoUninitialize ();
}
}

View File

@ -14,7 +14,6 @@ HOOK_DYNAMIC (u32, __stdcall, XinputGetCapabilites, u32 index, u32 flags, void *
// bnusio stuff // bnusio stuff
RETURN_FALSE (i64, __stdcall, bnusio_ClearSram); RETURN_FALSE (i64, __stdcall, bnusio_ClearSram);
RETURN_FALSE (i64, __stdcall, bnusio_Close);
RETURN_FALSE (i64, __fastcall, bnusio_Communication, i32 a1); RETURN_FALSE (i64, __fastcall, bnusio_Communication, i32 a1);
RETURN_FALSE (i64, __fastcall, bnusio_DecService, i32 a1, u16 a2); RETURN_FALSE (i64, __fastcall, bnusio_DecService, i32 a1, u16 a2);
RETURN_FALSE (void *, __fastcall, bnusio_GetBuffer, u16 a1, i64 a2, i16 a3); RETURN_FALSE (void *, __fastcall, bnusio_GetBuffer, u16 a1, i64 a2, i16 a3);
@ -67,7 +66,6 @@ HOOK_DYNAMIC (void, __stdcall, bngrw_fin) { return; }
HOOK_DYNAMIC (u64, __stdcall, bngrw_GetFwVersion) { return 0; } HOOK_DYNAMIC (u64, __stdcall, bngrw_GetFwVersion) { return 0; }
HOOK_DYNAMIC (u64, __stdcall, bngrw_GetStationID) { return 0; } HOOK_DYNAMIC (u64, __stdcall, bngrw_GetStationID) { return 0; }
HOOK_DYNAMIC (u64, __stdcall, bngrw_GetRetryCount) { return 0; } HOOK_DYNAMIC (u64, __stdcall, bngrw_GetRetryCount) { return 0; }
HOOK_DYNAMIC (u64, __stdcall, bngrw_Init) { return 0; }
HOOK_DYNAMIC (u64, __stdcall, bngrw_IsCmdExec) { return 0xFFFFFFFF; } HOOK_DYNAMIC (u64, __stdcall, bngrw_IsCmdExec) { return 0xFFFFFFFF; }
HOOK_DYNAMIC (u64, __stdcall, bngrw_ReqAction) { return 1; } HOOK_DYNAMIC (u64, __stdcall, bngrw_ReqAction) { return 1; }
HOOK_DYNAMIC (u64, __stdcall, bngrw_ReqAiccAuth) { return 1; } HOOK_DYNAMIC (u64, __stdcall, bngrw_ReqAiccAuth) { return 1; }
@ -100,7 +98,6 @@ init_boilerplate () {
INSTALL_HOOK_DYNAMIC (bngrw_GetFwVersion, PROC_ADDRESS ("bngrw.dll", "BngRwGetFwVersion")); INSTALL_HOOK_DYNAMIC (bngrw_GetFwVersion, PROC_ADDRESS ("bngrw.dll", "BngRwGetFwVersion"));
INSTALL_HOOK_DYNAMIC (bngrw_GetStationID, PROC_ADDRESS ("bngrw.dll", "BngRwGetStationID")); INSTALL_HOOK_DYNAMIC (bngrw_GetStationID, PROC_ADDRESS ("bngrw.dll", "BngRwGetStationID"));
INSTALL_HOOK_DYNAMIC (bngrw_GetRetryCount, PROC_ADDRESS ("bngrw.dll", "BngRwGetTotalRetryCount")); INSTALL_HOOK_DYNAMIC (bngrw_GetRetryCount, PROC_ADDRESS ("bngrw.dll", "BngRwGetTotalRetryCount"));
INSTALL_HOOK_DYNAMIC (bngrw_Init, PROC_ADDRESS ("bngrw.dll", "BngRwInit"));
INSTALL_HOOK_DYNAMIC (bngrw_IsCmdExec, PROC_ADDRESS ("bngrw.dll", "BngRwIsCmdExec")); INSTALL_HOOK_DYNAMIC (bngrw_IsCmdExec, PROC_ADDRESS ("bngrw.dll", "BngRwIsCmdExec"));
INSTALL_HOOK_DYNAMIC (bngrw_ReqAction, PROC_ADDRESS ("bngrw.dll", "BngRwReqAction")); INSTALL_HOOK_DYNAMIC (bngrw_ReqAction, PROC_ADDRESS ("bngrw.dll", "BngRwReqAction"));
INSTALL_HOOK_DYNAMIC (bngrw_ReqAiccAuth, PROC_ADDRESS ("bngrw.dll", "BngRwReqAiccAuth")); INSTALL_HOOK_DYNAMIC (bngrw_ReqAiccAuth, PROC_ADDRESS ("bngrw.dll", "BngRwReqAiccAuth"));

View File

@ -12,6 +12,8 @@ char accessCode2[21] = "00000000000000000002";
char chipId1[33] = "00000000000000000000000000000001"; char chipId1[33] = "00000000000000000000000000000001";
char chipId2[33] = "00000000000000000000000000000002"; char chipId2[33] = "00000000000000000000000000000002";
char *server = "vsapi.taiko-p.jp";
typedef i32 (*callbackAttach) (i32, i32, i32 *); typedef i32 (*callbackAttach) (i32, i32, i32 *);
typedef void (*callbackTouch) (i32, i32, u8[168], u64); typedef void (*callbackTouch) (i32, i32, u8[168], u64);
bool waitingForTouch = false; bool waitingForTouch = false;
@ -133,6 +135,66 @@ u32 __stdcall bnusio_GetSwIn () {
return sw; return sw;
} }
i64 __stdcall bnusio_Close () {
wchar_t path[MAX_PATH];
GetModuleFileNameW (NULL, path, MAX_PATH);
*wcsrchr (path, '\\') = '\0';
SetCurrentDirectoryW (path);
WIN32_FIND_DATAW fd;
HANDLE hFind = FindFirstFileW (L"plugins/*.dll", &fd);
if (hFind != INVALID_HANDLE_VALUE) {
do {
if (fd.dwFileAttributes & FILE_ATTRIBUTE_DIRECTORY) continue;
wchar_t filePath[MAX_PATH];
wcscpy (filePath, path);
wcscat (filePath, L"/plugins/");
wcscat (filePath, fd.cFileName);
HMODULE hModule = LoadLibraryW (filePath);
if (!hModule) {
wchar_t buf[128];
swprintf (buf, 128, L"Failed to load plugin %d", GetLastError ());
MessageBoxW (NULL, buf, fd.cFileName, MB_ICONERROR);
} else {
FARPROC initEvent = GetProcAddress (hModule, "Exit");
if (initEvent) ((event *)initEvent) ();
}
} while (FindNextFileW (hFind, &fd));
FindClose (hFind);
}
return 0;
}
HOOK_DYNAMIC (u64, __stdcall, bngrw_Init) {
wchar_t path[MAX_PATH];
GetModuleFileNameW (NULL, path, MAX_PATH);
*wcsrchr (path, '\\') = '\0';
SetCurrentDirectoryW (path);
WIN32_FIND_DATAW fd;
HANDLE hFind = FindFirstFileW (L"plugins/*.dll", &fd);
if (hFind != INVALID_HANDLE_VALUE) {
do {
if (fd.dwFileAttributes & FILE_ATTRIBUTE_DIRECTORY) continue;
wchar_t filePath[MAX_PATH];
wcscpy (filePath, path);
wcscat (filePath, L"/plugins/");
wcscat (filePath, fd.cFileName);
HMODULE hModule = LoadLibraryW (filePath);
if (!hModule) {
wchar_t buf[128];
swprintf (buf, 128, L"Failed to load plugin %d", GetLastError ());
MessageBoxW (NULL, buf, fd.cFileName, MB_ICONERROR);
} else {
FARPROC initEvent = GetProcAddress (hModule, "Init");
if (initEvent) ((event *)initEvent) ();
}
} while (FindNextFileW (hFind, &fd));
FindClose (hFind);
}
return 0;
}
HOOK_DYNAMIC (u64, __stdcall, bngrw_attach, i32 a1, char *a2, i32 a3, i32 a4, callbackAttach callback, i32 *a6) { HOOK_DYNAMIC (u64, __stdcall, bngrw_attach, i32 a1, char *a2, i32 a3, i32 a4, callbackAttach callback, i32 *a6) {
// This is way too fucking jank // This is way too fucking jank
attachCallback = callback; attachCallback = callback;
@ -147,6 +209,10 @@ HOOK_DYNAMIC (i32, __stdcall, bngrw_reqWaitTouch, u32 a1, i32 a2, u32 a3, callba
return 1; return 1;
} }
HOOK_DYNAMIC (i32, __stdcall, ws2_getaddrinfo, char *node, char *service, void *hints, void *out) {
return originalws2_getaddrinfo (server, service, hints, out);
}
i32 __stdcall DllMain (HMODULE mod, DWORD cause, void *ctx) { i32 __stdcall DllMain (HMODULE mod, DWORD cause, void *ctx) {
if (cause == DLL_PROCESS_DETACH) DisposePoll (); if (cause == DLL_PROCESS_DETACH) DisposePoll ();
if (cause != DLL_PROCESS_ATTACH) return true; if (cause != DLL_PROCESS_ATTACH) return true;
@ -155,6 +221,9 @@ i32 __stdcall DllMain (HMODULE mod, DWORD cause, void *ctx) {
INSTALL_HOOK_DYNAMIC (bngrw_attach, PROC_ADDRESS ("bngrw.dll", "BngRwAttach")); INSTALL_HOOK_DYNAMIC (bngrw_attach, PROC_ADDRESS ("bngrw.dll", "BngRwAttach"));
INSTALL_HOOK_DYNAMIC (bngrw_reqWaitTouch, PROC_ADDRESS ("bngrw.dll", "BngRwReqWaitTouch")); INSTALL_HOOK_DYNAMIC (bngrw_reqWaitTouch, PROC_ADDRESS ("bngrw.dll", "BngRwReqWaitTouch"));
INSTALL_HOOK_DYNAMIC (bngrw_Init, PROC_ADDRESS ("bngrw.dll", "BngRwInit"));
INSTALL_HOOK_DYNAMIC (ws2_getaddrinfo, PROC_ADDRESS ("ws2_32.dll", "getaddrinfo"));
// Set current directory to the directory of the executable // Set current directory to the directory of the executable
// Find all files in the plugins directory that end with .dll // Find all files in the plugins directory that end with .dll
@ -179,6 +248,9 @@ i32 __stdcall DllMain (HMODULE mod, DWORD cause, void *ctx) {
wchar_t buf[128]; wchar_t buf[128];
swprintf (buf, 128, L"Failed to load plugin %d", GetLastError ()); swprintf (buf, 128, L"Failed to load plugin %d", GetLastError ());
MessageBoxW (NULL, buf, fd.cFileName, MB_ICONERROR); MessageBoxW (NULL, buf, fd.cFileName, MB_ICONERROR);
} else {
FARPROC preInitEvent = GetProcAddress (hModule, "PreInit");
if (preInitEvent) ((event *)preInitEvent) ();
} }
} while (FindNextFileW (hFind, &fd)); } while (FindNextFileW (hFind, &fd));
FindClose (hFind); FindClose (hFind);
@ -188,6 +260,7 @@ i32 __stdcall DllMain (HMODULE mod, DWORD cause, void *ctx) {
if (config) { if (config) {
drumMax = readConfigInt (config, "drumMax", drumMax); drumMax = readConfigInt (config, "drumMax", drumMax);
drumMin = readConfigInt (config, "drumMin", drumMin); drumMin = readConfigInt (config, "drumMin", drumMin);
server = readConfigString (config, "server", server);
i64 accessCode1Int = readConfigInt (config, "accessCode1", 1); i64 accessCode1Int = readConfigInt (config, "accessCode1", 1);
i64 accessCode2Int = readConfigInt (config, "accessCode2", 2); i64 accessCode2Int = readConfigInt (config, "accessCode2", 2);
i64 chipId1Int = readConfigInt (config, "chipId1", 1); i64 chipId1Int = readConfigInt (config, "chipId1", 1);

View File

@ -14,6 +14,13 @@ typedef uint8_t u8;
typedef uint16_t u16; typedef uint16_t u16;
typedef uint32_t u32; typedef uint32_t u32;
typedef uint64_t u64; typedef uint64_t u64;
typedef void event ();
#ifdef DEFINE_GUID
#undef DEFINE_GUID
#endif
#define DEFINE_GUID(name, l, w1, w2, b1, b2, b3, b4, b5, b6, b7, b8) const GUID name = { l, w1, w2, { b1, b2, b3, b4, b5, b6, b7, b8 } }
#ifdef BASE_ADDRESS #ifdef BASE_ADDRESS
#define ASLR(address, handle) ((u64)handle + (u64)address - (u64)BASE_ADDRESS) #define ASLR(address, handle) ((u64)handle + (u64)address - (u64)BASE_ADDRESS)