Implement signature based hooking and small code cleanup

Better signatures have to be created in the future to support roughly all retail r5apex modules. Maybe also load a file from the disk containing offsets for instant hooking before falling back to sigscan
2025-02-09 19:15:03 +01:00 · 2021-04-16 14:12:39 +02:00 · 2021-04-16 14:12:39 +02:00 · 4439f513d0
commit 4439f513d0
parent 0550d053ec
8 changed files with 148 additions and 54 deletions
--- a/r5dev/console.cpp
+++ b/r5dev/console.cpp
@ -5,22 +5,30 @@

 #include <detours.h>

-// Build 313 R5PC_J1624A_CL394493_2019_02_24_09_29_PM
-void (*CommandExecute)(void * self, const char* cmd) = (void (*)(void*, const char*))0x140244900; /*48 89 5C 24 ? 57 48 83 EC 20 48 8D 0D ? ? ? ? 41 8B D8*/
+#include "patterns.h"

 DWORD __stdcall ProcessConsoleWorker(LPVOID);
+FILE* sBuildTxt;
+CHAR sBuildStr[1024];

 void SetupConsole()
 {
 	// Create the console window
 	if (AllocConsole() == FALSE)
 	{
-		OutputDebugString("Failed to create console window!\n");
+		OutputDebugStr("Failed to create console window!\n");
 		return;
 	}

 	// Set the window title
-	SetConsoleTitle("R5PC_J1624A_CL394493_2019_02_24_09_29_PM");
+#pragma warning(suppress : 4996)
+	sBuildTxt = fopen("build.txt", "r");
+	if (sBuildTxt)
+	{
+		while (fgets(sBuildStr, sizeof(sBuildStr), sBuildTxt) != NULL)
+			fclose(sBuildTxt);
+	}
+	SetConsoleTitle(sBuildStr);

 	// Open input/output streams
 	FILE* fDummy;
@ -33,8 +41,7 @@ void SetupConsole()
    CloseHandle(hThread);
 }

-bool (*Cvar_IsFlagSet)(int ** cvar, int flag) = (bool (*)(int**, int))0x1404C87C0;
-bool Hook_Cvar_IsFlagSet(int ** cvar, int flag); /*48 8B 41 48 85 50 38*/
+bool Hook_Cvar_IsFlagSet(int ** cvar, int flag);

 bool Hook_Cvar_IsFlagSet(int ** cvar, int flag)
 {
--- a/r5dev/hooks.cpp
+++ b/r5dev/hooks.cpp
@ -6,34 +6,12 @@

 #include "utilities.h"
 #include "hooks.h"
+#include "patterns.h"

-// TODO pretty sloppy, all hooks / eng offets or patterns should probably go in their own header..
-
-void* SQVM_Print = (void*)0x1410A4330; /*48 8B C4 48 89 50 10 4C 89 40 18 4C 89 48 20 53 56 57 48 81 EC ? ? ? ? 48 8B DA 48 8D 70 18 48 8B F9 E8 ? ? ? ? 48 89 74 24 ? 48 8D 54 24 ? 33 F6 4C 8B CB 41 B8 ? ? ? ? 48 89 74 24 ? 48 8B 08 48 83 C9 01 E8 ? ? ? ? 85 C0 B9 ? ? ? ? 0F 48 C1 0F B6 8C 24 ? ? ? ? 3D ? ? ? ? 48 8B 47 50*/
 void* Hook_SQVM_Print(void* sqvm, char* fmt, ...);
-
-bool (*SQVM_LoadScript)(void* sqvm, const char* script_path, const char* script_name, int flag) = (bool (*)(void*, const char*, const char*, int))0x1410A1510;
-bool Hook_SQVM_LoadScript(void* sqvm, const char* script_path, const char* script_name, int flag); /*E8 ? ? ? ? 84 C0 74 1C 41 B9 ? ? ? ?*/
-
-bool (*NET_ReceiveDatagram)(int, void*, bool) = (bool (*)(int, void*, bool))0x1402B46B0;
-bool Hook_NET_ReceiveDatagram(int sock, void* inpacket, bool raw); /*E8 ? ? ? ? 84 C0 75 35 48 8B D3*/
-
-unsigned int (*NET_SendDatagram)(SOCKET s, const char* ptxt, int len, void* netchan_maybe, bool raw) = (unsigned int (*)(SOCKET, const char*, int, void*, bool))0x1402B2C90;
-unsigned int Hook_NET_SendDatagram(SOCKET s, const char* ptxt, int len, void* netchan_maybe, bool raw); /*E8 ? ? ? ? 40 88 6B 18*/
-
-//
-// TODO move to utils
-// 
-
-typedef unsigned __int64 QWORD;
-
-BOOL FileExists(LPCTSTR szPath)
-{
-	DWORD dwAttrib = GetFileAttributes(szPath);
-
-	return (dwAttrib != INVALID_FILE_ATTRIBUTES &&
-		!(dwAttrib & FILE_ATTRIBUTE_DIRECTORY));
-}
+bool Hook_SQVM_LoadScript(void* sqvm, const char* script_path, const char* script_name, int flag);
+bool Hook_NET_ReceiveDatagram(int sock, void* inpacket, bool raw);
+unsigned int Hook_NET_SendDatagram(SOCKET s, const char* ptxt, int len, void* netchan_maybe, bool raw);

 //
 // Engine Hooks
@ -111,7 +89,7 @@ bool Hook_SQVM_LoadScript(void* sqvm, const char* script_path, const char* scrip
 	printf(" + Loading SQVM Script '%s' ...\n", filepath);
 	if (FileExists(filepath) && SQVM_LoadScript(sqvm, filepath, script_name, flag))
 	{
-		return true; // rediret to disk worked / script exists on disk..
+		return true; // redirect to disk worked / script exists on disk..
 	}
 	
 	printf(" |- FAILED, loading normally / from VPK...\n");
@ -142,7 +120,6 @@ void InstallHooks()
 		// Failed to hook into the process, terminate
 		TerminateProcess(GetCurrentProcess(), 0xBAD0C0DE);
 	}
-
 }

 void RemoveHooks()
--- a/r5dev/patterns.h
+++ b/r5dev/patterns.h
@ -0,0 +1,50 @@
+#pragma once
+#include <Windows.h>
+#include <string>
+
+#include "sigscan.h"
+
+// Define the signatures or offsets to be searched and hooked
+namespace
+{
+	SigScan fScanner;
+
+	// TODO create better signatures
+	LONGLONG hGameConsole = fScanner.FindPattern("r5apex.exe", "\x48\x89\x5C\x24\x08\x57\x48\x83\xEC\x20\x48\x8D\x0D\x27\x61\xa5\x1e\x41\x8B\xD8", "xxxx?xxxxxxxx????xxx");
+	LONGLONG hGameConsoleFlag = fScanner.FindPattern("r5apex.exe", "\x48\x8B\x41\x48\x85\x50\x38", "xxxxxxx");
+
+	LONGLONG hSquirrelVMPrint = fScanner.FindPattern("r5apex.exe", "\x48\x8B\xC4\x48\x89\x50\x10\x4C\x89\x40\x18\x4C\x89\x48\x20\x53\x56\x57\x48\x81\xEC\x30\x08\x00\x00\x48\x8B\xDA\x48\x8D\x70\x18\x48\x8B\xF9\xE8\xa8", "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx");
+	LONGLONG hSquirrelVMScript = fScanner.FindPattern("r5apex.exe", "\x48\x89\x5C\x24\x10\x48\x89\x74\x24\x18\x48\x89\x7C\x24\x20\x48\x89\x4C\x24\x08\x55\x41\x54\x41\x55\x41\x56\x41\x57\x48\x8D\x6C", "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx");
+
+	LONGLONG hNetRXDatagram = fScanner.FindPattern("r5apex.exe", "\x48\x89\x74\x24\x18\x48\x89\x7C\x24\x20\x55\x41\x54\x41\x55\x41\x56\x41\x57\x48\x8D\xAC\x24\x50", "xxxxxxxxxxxxxxxxxxxxxxxx");
+	LONGLONG hNetTXDatagram = fScanner.FindPattern("r5apex.exe", "\x48\x89\x5C\x24\x08\x48\x89\x6C\x24\x10\x48\x89\x74\x24\x18\x57\x48\x83\xEC\x20\x48\x8B\xF9\x41\xb8\x2d", "xxxxxxxxxxxxxxxxxxxxxxxxxx");
+
+
+	void (*CommandExecute)(void* self, const char* cmd) = (void (*)(void*, const char*))hGameConsole; //0x140244900
+	/*48 89 5C 24 ? 57 48 83 EC 20 48 8D 0D ? ? ? ? 41 8B D8*/
+	bool (*Cvar_IsFlagSet)(int** cvar, int flag) = (bool (*)(int**, int))hGameConsoleFlag; //0x1404C87C0
+	/*48 8B 41 48 85 50 38*/
+
+	void* SQVM_Print = (void*)hSquirrelVMPrint; //0x1410A4330
+	/*48 8B C4 48 89 50 10 4C 89 40 18 4C 89 48 20 53 56 57 48 81 EC ? ? ? ? 48 8B DA 48 8D 70 18 48 8B F9 E8 ? ? ? ? 48 89 74 24 ? 48 8D 54 24 ? 33 F6 4C 8B CB 41 B8 ? ? ? ? 48 89 74 24 ? 48 8B 08 48 83 C9 01 E8 ? ? ? ? 85 C0 B9 ? ? ? ? 0F 48 C1 0F B6 8C 24 ? ? ? ? 3D ? ? ? ? 48 8B 47 50*/
+	bool (*SQVM_LoadScript)(void* sqvm, const char* script_path, const char* script_name, int flag) = (bool (*)(void*, const char*, const char*, int))hSquirrelVMScript; //0x1410A1510
+	/*E8 ? ? ? ? 84 C0 74 1C 41 B9 ? ? ? ?*/
+
+	bool (*NET_ReceiveDatagram)(int, void*, bool) = (bool (*)(int, void*, bool))hNetRXDatagram; //0x1402B46B0
+	/*E8 ? ? ? ? 84 C0 75 35 48 8B D3*/
+	unsigned int (*NET_SendDatagram)(SOCKET s, const char* ptxt, int len, void* netchan_maybe, bool raw) = (unsigned int (*)(SOCKET, const char*, int, void*, bool))hNetTXDatagram; //0x1402B2C90
+	/*E8 ? ? ? ? 40 88 6B 18*/
+
+
+	void PrintHAddress() // Test the sigscan results
+	{
+		printf("%lld\n", hGameConsole);
+		printf("%lld\n", hGameConsoleFlag);
+		printf("%lld\n", hSquirrelVMPrint);
+		printf("%lld\n", hSquirrelVMScript);
+		printf("%lld\n", hNetRXDatagram);
+		printf("%lld\n", hNetTXDatagram);
+
+		// TODO implement error handling when sigscan fails/result is 0
+	}
+}
--- a/r5dev/r5dev.vcxproj
+++ b/r5dev/r5dev.vcxproj
@ -173,7 +173,9 @@
  <ItemGroup>
    <ClInclude Include="console.h" />
    <ClInclude Include="hooks.h" />
+    <ClInclude Include="patterns.h" />
    <ClInclude Include="r5dev.h" />
+    <ClInclude Include="sigscan.h" />
    <ClInclude Include="utilities.h" />
  </ItemGroup>
  <ItemGroup>
--- a/r5dev/r5dev.vcxproj.filters
+++ b/r5dev/r5dev.vcxproj.filters
@ -38,6 +38,12 @@
    <ClInclude Include="hooks.h">
      <Filter>Header Files</Filter>
    </ClInclude>
+    <ClInclude Include="patterns.h">
+      <Filter>Header Files</Filter>
+    </ClInclude>
+    <ClInclude Include="sigscan.h">
+      <Filter>Header Files</Filter>
+    </ClInclude>
  </ItemGroup>
  <ItemGroup>
    <None Include="r5dev.def">
--- a/r5dev/sigscan.h
+++ b/r5dev/sigscan.h
@ -0,0 +1,41 @@
+#pragma once
+#include <Psapi.h>
+
+class SigScan
+{
+public:
+	// For getting information about the executing module
+	MODULEINFO GetModuleInfo(const char *szModule)
+	{
+		MODULEINFO modinfo = { 0 };
+		HMODULE hModule = GetModuleHandle(szModule);
+		if (hModule == 0)
+			return modinfo;
+		GetModuleInformation(GetCurrentProcess(), hModule, &modinfo, sizeof(MODULEINFO));
+		return modinfo;
+	}
+
+	// For finding a signature/pattern in memory of the game process
+	LONGLONG FindPattern(const char *module, const char *pattern, const char *mask)
+	{
+		MODULEINFO mInfo = GetModuleInfo(module);
+		LONGLONG base = (LONGLONG)mInfo.lpBaseOfDll;
+		LONGLONG size = (LONGLONG)mInfo.SizeOfImage;
+		LONGLONG patternLength = (LONGLONG)strlen(mask);
+
+		for (LONGLONG i = 0; i < size - patternLength; i++)
+		{
+			bool found = true;
+			for (LONGLONG j = 0; j < patternLength; j++)
+			{
+				found &= mask[j] == '?' || pattern[j] == *(const char*)(base + i + j);
+			}
+			if (found)
+			{
+				return base + i;
+			}
+		}
+
+		return NULL;
+	}
+};
--- a/r5dev/utilities.h
+++ b/r5dev/utilities.h
@ -3,23 +3,36 @@
 #include <stdio.h>
 #include <string>

-static void DbgPrint(LPCSTR Format, ...)
+namespace
 {
-    CHAR Buffer[512] = { 0 };
-    va_list Args;
+    static void DbgPrint(LPCSTR Format, ...)
+    {
+        CHAR Buffer[512] = { 0 };
+        va_list Args;

-    // Get the variable arg pointer.
-    va_start(Args, Format);
+        // Get the variable arg pointer.
+        va_start(Args, Format);

-    // Format print the string.
-    int length = vsnprintf(Buffer, sizeof(Buffer), Format, Args);
-    va_end(Args);
+        // Format print the string.
+        int length = vsnprintf(Buffer, sizeof(Buffer), Format, Args);
+        va_end(Args);

-    // Output the string to the debugger.
-    OutputDebugString(Buffer);
-}
+        // Output the string to the debugger.
+        OutputDebugString(Buffer);
+    }

-static void HexDump(char* data, int len)
-{
-    // todo..
-} 
+    typedef unsigned __int64 QWORD;
+
+    BOOL FileExists(LPCTSTR szPath)
+    {
+        DWORD dwAttrib = GetFileAttributes(szPath);
+
+        return (dwAttrib != INVALID_FILE_ATTRIBUTES &&
+            !(dwAttrib & FILE_ATTRIBUTE_DIRECTORY));
+    }
+
+    static void HexDump(char* data, int len)
+    {
+        // todo..
+    }
+}
--- a/r5launcher/main.cpp
+++ b/r5launcher/main.cpp
@ -18,8 +18,6 @@ void PrintLastError()
    LocalFree(messageBuffer);
 }

-// "C:\\Program Files (x86)\\Origin Games\\Apex"
-
 bool LaunchR5Apex()
 {
    FILE* sLaunchParams;
@ -27,7 +25,7 @@ bool LaunchR5Apex()
    CHAR sCommandDirectory[MAX_PATH];
    LPSTR sCommandLine = sCommandDirectory;

-#pragma warning(suppress : 4996) // Temp since fopen_s() does not parse the arguments over for some reason.
+#pragma warning(suppress : 4996)
    sLaunchParams = fopen("launchparams.txt", "r"); // "+exec autoexec -dev -fnf -noplatform"

    BOOL result;
@ -45,7 +43,7 @@ bool LaunchR5Apex()
    // Load command line arguments from a file on the disk.
    if (sLaunchParams)
    {
-        while (fgets(sArgumentSize, 1024, sLaunchParams) != NULL)
+        while (fgets(sArgumentSize, sizeof(sArgumentSize), sLaunchParams) != NULL)
            fclose(sLaunchParams);
    }

@ -104,6 +102,6 @@ bool LaunchR5Apex()
 int main(int argc, char* argv[], char* envp[])
 {
    LaunchR5Apex();
-
+    Sleep(1000);
    return 0;
 }