From 649164d76bf9d06f1a7e6c06aed1a27f5731b8b8 Mon Sep 17 00:00:00 2001 From: Ethan Robards Date: Sun, 13 May 2018 11:16:05 -0500 Subject: [PATCH] Removed frida, incorporated lquis fork, updated for 2.1 --- GGXrdWakeupDPUtil.Library/Fasm.NET.xml | 337 ------------------ .../GGXrdWakeupDPUtil.Library.csproj | 9 +- GGXrdWakeupDPUtil.Library/ReversalTool.cs | 101 ++---- GGXrdWakeupDPUtil.Library/packages.config | 3 +- GGXrdWakeupDPUtil.Test/Form1.cs | 2 +- .../ReversalToolTests.cs | 2 +- GGXrdWakeupDPUtil/App.config | 2 +- GGXrdWakeupDPUtil/Window1.xaml.cs | 2 +- 8 files changed, 30 insertions(+), 428 deletions(-) delete mode 100644 GGXrdWakeupDPUtil.Library/Fasm.NET.xml diff --git a/GGXrdWakeupDPUtil.Library/Fasm.NET.xml b/GGXrdWakeupDPUtil.Library/Fasm.NET.xml deleted file mode 100644 index 3a28ccf..0000000 --- a/GGXrdWakeupDPUtil.Library/Fasm.NET.xml +++ /dev/null @@ -1,337 +0,0 @@ - - - - "Fasm.NET" - - - - -Gets the mnemonics. - - - - -Inserts the text representation of the specified array of objects, followed by the current line terminator at the specified character position. - - The position in this instance where insertion begins. - The composite format string. - The array of objects to write using format. - -Inserts the text representation of the specified array of objects, followed by the current line terminator at the specified character position. - - The position in this instance where insertion begins. - The composite format string. - The array of objects to write using format. - - - -Removes all characters from the current instance. - - -Removes all characters from the current instance. - - - - -Assembles the mnemonics with a given origin address. - - The address used as starting address for the assebmly code. - -Assembles the mnemonics with a given origin address. - - The address used as starting address for the assebmly code. - - - -Assembles the mnemonics. - - -Assembles the mnemonics. - - - - -Adds the text representation of the specified array of objects, followed by the current line terminator. - - The composite format string. - The array of objects to write using format. - -Adds the text representation of the specified array of objects, followed by the current line terminator. - - The composite format string. - The array of objects to write using format. - - - -Initializes a new instance of the class. - - The memory size allocated for the buffer. - The maximum number of pass to perform. - -Initializes a new instance of the class. - - The memory size allocated for the buffer. - The maximum number of pass to perform. - - - -Initializes a new instance of the class. - - The default memory size used is 4096 bytes and the maximum number of pass is 100. - -Initializes a new instance of the class. - - The default memory size used is 4096 bytes and the maximum number of pass is 100. - - - -Assembles the specified files by appending them. - - The path of the files to assemble. - The memory size allocated for the buffer. - The maximum number of pass to perform. - -Assembles the specified files by appending them. - - The path of the files to assemble. - The memory size allocated for the buffer. - The maximum number of pass to perform. - - - -Assembles the specified files by appending them. - - The path of the files to assemble. - The default memory size used is 4096 bytes and the maximum number of pass is 100. - -Assembles the specified files by appending them. - - The path of the files to assemble. - The memory size allocated for the buffer. - The maximum number of pass to perform. - The default memory size used is 4096 bytes and the maximum number of pass is 100. - - - -Assembles the specified file. - - The path of the file to assemble. - The memory size allocated for the buffer. - The maximum number of pass to perform. - -Assembles the specified file. - - The path of the file to assemble. - The memory size allocated for the buffer. - The maximum number of pass to perform. - - - -Assembles the specified file. - - The path of the file to assemble. - The default memory size used is 4096 bytes and the maximum number of pass is 100. - -Assembles the specified file. - - The path of the file to assemble. - The memory size allocated for the buffer. - The maximum number of pass to perform. - The default memory size used is 4096 bytes and the maximum number of pass is 100. - - - -Assembles the given mnemonics. - - The array containing mnemonics to assemble. - The memory size allocated for the buffer. - The maximum number of pass to perform. - -Assembles the given mnemonics. - - The array containing mnemonics to assemble. - The memory size allocated for the buffer. - The maximum number of pass to perform. - - - -Assembles the given mnemonics. - - The array containing mnemonics to assemble. - The default memory size used is 4096 bytes and the maximum number of pass is 100. - -Assembles the given mnemonics. - - The array containing mnemonics to assemble. - The default memory size used is 4096 bytes and the maximum number of pass is 100. - - - -Assembles the given mnemonics. - - The mnemonics to assemble. - The memory size allocated for the buffer. - The maximum number of pass to perform. - -Assembles the given mnemonics. - - The mnemonics to assemble. - The memory size allocated for the buffer. - The maximum number of pass to perform. - - - -Assembles the given mnemonics. - - The mnemonics to assemble. - The default memory size used is 4096 bytes and the maximum number of pass is 100. - -Assembles the given mnemonics. - - The mnemonics to assemble. - The default memory size used is 4096 bytes and the maximum number of pass is 100. - - - -Gets the version of FASM compiler. - - -Gets the version of FASM compiler. - - - - -The maximum number of pass to perform. - - - - -The memory size allocated for the buffer. - - - - -The mnemonics inserted by the user. - - - - -The managed wrapper to interfact with FASM compiler. - - - - -The following structure resides at the beginning of memory block provided -to the fasm_Assemble function. The condition field contains the same value -as the one returned by function. - -When function returns FASM_OK condition, the output_length and -output_data fields are filled - with pointer to generated output -(somewhere within the provided memory block) and the count of bytes stored -there. - -When function returns FASM_ERROR, the error_code is filled with the -code of specific error that happened and error_line is a pointer to the -LINE_HEADER structure, providing information about the line that caused -the error. - - - - -The following structure has two variants - it either defines the line -that was loaded directly from source, or the line that was generated by -macroinstruction. First case has the highest bit of line_number set to 0, -while the second case has this bit set. - -In the first case, the file_path field contains pointer to the path of -source file (empty string if it's the source that was provided directly to -fasm_Assemble function), the line_number is the number of line within -that file (starting from 1) and the file_offset field contains the offset -within the file where the line starts. - -In the second case the macro_calling_line field contains the pointer to -LINE_HEADER structure for the line which called the macroinstruction, and -the macro_line field contains the pointer to LINE_HEADER structure for the -line within the definition of macroinstruction, which generated this one. - - - - -The native function to get the version of FASM compiler embedded in Fasm.obj. - - The return valus is a double word containg major version in lower 16 bits, and minor version in the higher 16 bits. - - - -Initializes a new instance of the class. - - The error code. - The line where is the error. - The offset within the file where the line starts. - The assembled mnemonics when the error occurred. - -Initializes a new instance of the class. - - The error code. - The line where is the error. - The offset within the file where the line starts. - The assembled mnemonics when the error occurred. - - - -The assembled mnemonics when the error occurred. - - - - -The offset within the file where the line starts. - - - - -The line where is the error. - - - - -The error code. - - - - -The private field containing the assembled mnemonics when the error occurred. - - - - -The private field containing the offset within the file where the line starts. - - - - -The private field containing the line where is the error. - - - - -The private field containing the error code. - - - - -The exception that is thrown when a FASM compiler error occurs. - - - - -The enumeration containing all errors of FASM compiler. - - - - -The enumeration containing all results of FASM compiler. - - - - - \ No newline at end of file diff --git a/GGXrdWakeupDPUtil.Library/GGXrdWakeupDPUtil.Library.csproj b/GGXrdWakeupDPUtil.Library/GGXrdWakeupDPUtil.Library.csproj index 123cdf1..0dd0b77 100644 --- a/GGXrdWakeupDPUtil.Library/GGXrdWakeupDPUtil.Library.csproj +++ b/GGXrdWakeupDPUtil.Library/GGXrdWakeupDPUtil.Library.csproj @@ -33,10 +33,7 @@ - ..\packages\Fasm.NET.1.70.03\lib\Fasm.NET.dll - - - C:\Users\Iquis\Downloads\Frida.dll + ..\packages\Fasm.NET.1.70.03.2\lib\Fasm.NET.dll ..\packages\MemorySharp.1.2.0\lib\MemorySharp.dll @@ -44,6 +41,7 @@ + @@ -60,9 +58,6 @@ - - - diff --git a/GGXrdWakeupDPUtil.Library/ReversalTool.cs b/GGXrdWakeupDPUtil.Library/ReversalTool.cs index b8d73e9..cc61d95 100644 --- a/GGXrdWakeupDPUtil.Library/ReversalTool.cs +++ b/GGXrdWakeupDPUtil.Library/ReversalTool.cs @@ -14,7 +14,6 @@ namespace GGXrdWakeupDPUtil.Library { public class ReversalTool : IDisposable { - private readonly Dispatcher _dispatcher; private readonly string _ggprocname = ConfigurationManager.AppSettings.Get("GGProcessName"); @@ -66,23 +65,15 @@ public class ReversalTool : IDisposable private readonly string FaceUpAnimation = "CmnActBDown2Stand"; private const int RecordingSlotSize = 4808; - - + private byte[] _originalCodeAOB; + private byte[] _remoteCodeAOB; private MemorySharp _memorySharp; - - private Frida.Script _script; - private Frida.DeviceManager _deviceManager; - private Frida.Device _device; - private Frida.Session _session; - + private Binarysharp.MemoryManagement.Memory.RemoteAllocation _newmem; + private IntPtr _newmembase; private static bool _runReversalThread; private static readonly object RunReversalThreadLock = new object(); - + private IntPtr _nonRelativeScriptOffset; #region Constructors - public ReversalTool(Dispatcher dispatcher) - { - _dispatcher = dispatcher; - } #endregion @@ -97,9 +88,14 @@ public void AttachToProcess() } _memorySharp = new MemorySharp(process); - - - CreateScript(_dispatcher, _memorySharp.Pid); + _nonRelativeScriptOffset = IntPtr.Add(_memorySharp.Modules.MainModule.BaseAddress, (int)_scriptOffset); + _newmem = _memorySharp.Memory.Allocate(128); + _newmembase = _newmem.Information.AllocationBase; + var originalCodeAOB = _memorySharp.Assembly.Assembler.Assemble("mov ebp,[ebp+0x0C]\n" + "test [edx],ebp\n" + String.Format("jmp 0x{0}", (_nonRelativeScriptOffset + 5).ToString("X8")), _newmembase); + _originalCodeAOB = new byte[originalCodeAOB.Length + 20]; + originalCodeAOB.CopyTo(_originalCodeAOB, 0); + _remoteCodeAOB = _memorySharp.Assembly.Assembler.Assemble(String.Format("mov ebp,[ebp+0x0C]\n" +"cmp edi,3\n" + "jne 0x{0}\n" + "mov ebp,[edx]\n" + "test [edx],ebp\n" + "jmp 0x{1}", IntPtr.Add(_newmembase, 0xA).ToString("X8"), ( _nonRelativeScriptOffset.ToInt32() + 5).ToString("X8")), _newmembase); + _memorySharp.Write(_newmembase, _originalCodeAOB, false); } public NameWakeupData GetDummy() @@ -137,7 +133,13 @@ public void PlayReversal() #if DEBUG Console.WriteLine("Play Reversal"); #endif - _script.Post("{\"type\": \"playback\"}"); + var fc = FrameCount(); + _memorySharp.Write(_newmembase, _remoteCodeAOB, false); + while(FrameCount() < fc + 1) + { + + } + _memorySharp.Write(_newmembase, _originalCodeAOB, false); } @@ -153,6 +155,7 @@ public void StartReversalLoop(SlotInput slotInput, Action errorAction = null) { var currentDummy = GetDummy(); bool localRunReversalThread = true; + _memorySharp.Assembly.Inject(String.Format("jmp 0x{0}", _newmembase.ToString("X8")), _nonRelativeScriptOffset); while (localRunReversalThread) { try @@ -207,6 +210,7 @@ public void StopReversalLoop() lock (RunReversalThreadLock) { _runReversalThread = false; + _memorySharp.Assembly.Inject(new string[] { "mov ebp, [ebp+0x0C]", "test [edx],ebp" }, _nonRelativeScriptOffset); } } @@ -357,54 +361,6 @@ private string ReadAnimationString(int player) return string.Empty; } - private void CreateScript(Dispatcher dispatcher, int pid) - { - if (_script == null) - { - _deviceManager = new Frida.DeviceManager(dispatcher); - _device = _deviceManager.EnumerateDevices().FirstOrDefault(x => x.Type == Frida.DeviceType.Local); - - - - if (_device == null) - { - throw new Exception("Local device not found.This application will now close."); - } - - _session = _device.Attach((uint)pid); - - - var src = - @"var xrdbase = Module.findBaseAddress('GuiltyGearXrd.exe'); - var hookaddr = xrdbase.add(" + "0x" + _scriptOffset.ToString("x") + @"); - var playingback = false; - var running = true; - Interceptor.attach(hookaddr, function(args){ - if(playingback && this.context.edi.equals(ptr('3'))){ - playingback = false; - this.context.ebp = ptr(Memory.readU32(this.context.edx).toString()); - } - }); - var quit = recv('quit', function (value) { - Interceptor.detachAll(); - running = false; - }); - setTimeout( function () { - while (running){ - var op = recv('playback', function (value) { - playingback=true; - }); - op.wait(); - } - }, 0);"; - - _script = _session.CreateScript(src); - _script.Load(); - - - } - } - private int FrameCount() { return _memorySharp.Read(_frameCountOffset); @@ -431,20 +387,7 @@ private int GetWakeupTiming(NameWakeupData currentDummy) public void Dispose() { StopReversalLoop(); - _memorySharp?.Dispose(); - - - _script?.Post("{\"type\": \"quit\"}"); - _script?.Post("{\"type\": \"playback\"}"); - _script?.Unload(); - _session?.Detach(); - - - _script?.Dispose(); - _deviceManager?.Dispose(); - _device?.Dispose(); - _session?.Dispose(); } #endregion diff --git a/GGXrdWakeupDPUtil.Library/packages.config b/GGXrdWakeupDPUtil.Library/packages.config index b0bb9f1..afa24b5 100644 --- a/GGXrdWakeupDPUtil.Library/packages.config +++ b/GGXrdWakeupDPUtil.Library/packages.config @@ -1,5 +1,6 @@  - + + \ No newline at end of file diff --git a/GGXrdWakeupDPUtil.Test/Form1.cs b/GGXrdWakeupDPUtil.Test/Form1.cs index 8d23782..707128d 100644 --- a/GGXrdWakeupDPUtil.Test/Form1.cs +++ b/GGXrdWakeupDPUtil.Test/Form1.cs @@ -23,7 +23,7 @@ private void button1_Click(object sender, EventArgs e) private void Form1_Load(object sender, EventArgs e) { - _reversalTool = new ReversalTool(Dispatcher.CurrentDispatcher); + _reversalTool = new ReversalTool(); _reversalTool.AttachToProcess(); } diff --git a/GGXrdWakeupDPUtil.UnitTests/ReversalToolTests.cs b/GGXrdWakeupDPUtil.UnitTests/ReversalToolTests.cs index f56429b..7521883 100644 --- a/GGXrdWakeupDPUtil.UnitTests/ReversalToolTests.cs +++ b/GGXrdWakeupDPUtil.UnitTests/ReversalToolTests.cs @@ -17,7 +17,7 @@ public class ReversalToolTests public void CheckValidInput_Test(string input, bool isValid) { //Arrange - ReversalTool reversalTool = new ReversalTool(Dispatcher.CurrentDispatcher); + ReversalTool reversalTool = new ReversalTool(); //Act var result = reversalTool.CheckValidInput(input); diff --git a/GGXrdWakeupDPUtil/App.config b/GGXrdWakeupDPUtil/App.config index 483bcd4..6d79eba 100644 --- a/GGXrdWakeupDPUtil/App.config +++ b/GGXrdWakeupDPUtil/App.config @@ -15,7 +15,7 @@ - + diff --git a/GGXrdWakeupDPUtil/Window1.xaml.cs b/GGXrdWakeupDPUtil/Window1.xaml.cs index 683b7a6..476ca8b 100644 --- a/GGXrdWakeupDPUtil/Window1.xaml.cs +++ b/GGXrdWakeupDPUtil/Window1.xaml.cs @@ -26,7 +26,7 @@ public Window1() private void Window_Loaded(object sender, RoutedEventArgs e) { - _reversalTool = new ReversalTool(Dispatcher); + _reversalTool = new ReversalTool(); try {