|
|
|
|
@ -3164,17 +3164,17 @@ void TryToFindTwinuiPCShellOffsets(DWORD* pOffsets)
@@ -3164,17 +3164,17 @@ void TryToFindTwinuiPCShellOffsets(DWORD* pOffsets)
|
|
|
|
|
pOffsets[0] = (DWORD)(match + 5 + *(int*)(match + 1) - pFile); |
|
|
|
|
} |
|
|
|
|
#elif defined(_M_ARM64) |
|
|
|
|
// ?? AE 00 71 ?? ?? 00 54 ?? 06 40 F9 E3 03 ?? AA E2 03 ?? AA E1 03 ?? 2A ?? ?? ?? ??
|
|
|
|
|
// ?? ?? 00 71 ?? ?? 00 54 ?? ?? 40 F9 E3 03 ?? AA E2 03 ?? AA E1 03 ?? 2A ?? ?? ?? ??
|
|
|
|
|
// ^^^^^^^^^^^
|
|
|
|
|
// Ref: CMultitaskingViewFrame::v_WndProc()
|
|
|
|
|
PBYTE match = (PBYTE)FindPattern( |
|
|
|
|
pFile, dwSize, |
|
|
|
|
"\xAE\x00\x71\x00\x00\x00\x54\x00\x06\x40\xF9\xE3\x03\x00\xAA\xE2\x03\x00\xAA\xE1\x03\x00\x2A", |
|
|
|
|
"xxx??xx?xxxxx?xxx?xxx?x" |
|
|
|
|
"\x00\x71\x00\x00\x00\x54\x00\x00\x40\xF9\xE3\x03\x00\xAA\xE2\x03\x00\xAA\xE1\x03\x00\x2A", |
|
|
|
|
"xx??xx??xxxx?xxx?xxx?x" |
|
|
|
|
); |
|
|
|
|
if (match) |
|
|
|
|
{ |
|
|
|
|
match += 23; |
|
|
|
|
match += 22; |
|
|
|
|
pOffsets[0] = (DWORD)FileOffsetToRVA(pFile, (PBYTE)ARM64_FollowBL((DWORD*)match) - pFile); |
|
|
|
|
} |
|
|
|
|
#endif |
|
|
|
|
@ -3186,25 +3186,25 @@ void TryToFindTwinuiPCShellOffsets(DWORD* pOffsets)
@@ -3186,25 +3186,25 @@ void TryToFindTwinuiPCShellOffsets(DWORD* pOffsets)
|
|
|
|
|
if (!pOffsets[1] || pOffsets[1] == 0xFFFFFFFF) |
|
|
|
|
{ |
|
|
|
|
#if defined(_M_X64) |
|
|
|
|
// Don't worry if this is too long, this works on 17763 and 25951
|
|
|
|
|
// 40 55 53 56 57 41 54 41 55 41 56 41 57 48 8D AC 24 ? ? ? ? 48 81 EC ? ? ? ? 48 8B 05 ? ? ? ? 48 33 C4 48 89 85 ? ? ? ? 4C 8B B5 ? ? ? ? 41 8B C1
|
|
|
|
|
// Don't worry if this is too long, this works on 17763 ~ 27943
|
|
|
|
|
// 40 55 53 56 57 41 54 41 55 41 56 41 57 48 8D AC 24 ? ? ? ? 48 81 EC ? ? ? ? 48 8B 05 ? ? ? ? 48 33 C4 48 89 85 ? ? ? ? 4C 8B ? ? ? ? ? 41 8B C1
|
|
|
|
|
PBYTE match = (PBYTE)FindPattern( |
|
|
|
|
pFile, dwSize, |
|
|
|
|
"\x40\x55\x53\x56\x57\x41\x54\x41\x55\x41\x56\x41\x57\x48\x8D\xAC\x24\x00\x00\x00\x00\x48\x81\xEC\x00\x00\x00\x00\x48\x8B\x05\x00\x00\x00\x00\x48\x33\xC4\x48\x89\x85\x00\x00\x00\x00\x4C\x8B\xB5\x00\x00\x00\x00\x41\x8B\xC1", |
|
|
|
|
"xxxxxxxxxxxxxxxxx????xxx????xxx????xxxxxx????xxx????xxx" |
|
|
|
|
"\x40\x55\x53\x56\x57\x41\x54\x41\x55\x41\x56\x41\x57\x48\x8D\xAC\x24\x00\x00\x00\x00\x48\x81\xEC\x00\x00\x00\x00\x48\x8B\x05\x00\x00\x00\x00\x48\x33\xC4\x48\x89\x85\x00\x00\x00\x00\x4C\x8B\x00\x00\x00\x00\x00\x41\x8B\xC1", |
|
|
|
|
"xxxxxxxxxxxxxxxxx????xxx????xxx????xxxxxx????xx?????xxx" |
|
|
|
|
); |
|
|
|
|
if (match) |
|
|
|
|
{ |
|
|
|
|
pOffsets[1] = (DWORD)(match - pFile); |
|
|
|
|
} |
|
|
|
|
#elif defined(_M_ARM64) |
|
|
|
|
// 40 F9 43 03 1C 32 E4 03 15 AA ?? ?? FF 97
|
|
|
|
|
// 40 F9 43 03 1C 32 E4 03 ?? AA ?? ?? FF 97
|
|
|
|
|
// ^^^^^^^^^^^
|
|
|
|
|
// Ref: ImmersiveContextMenuHelper::ApplyOwnerDrawToMenu()
|
|
|
|
|
PBYTE match = (PBYTE)FindPattern( |
|
|
|
|
pFile, dwSize, |
|
|
|
|
"\x40\xF9\x43\x03\x1C\x32\xE4\x03\x15\xAA\x00\x00\xFF\x97", |
|
|
|
|
"xxxxxxxxxx??xx" |
|
|
|
|
"\x40\xF9\x43\x03\x1C\x32\xE4\x03\x00\xAA\x00\x00\xFF\x97", |
|
|
|
|
"xxxxxxxx?x??xx" |
|
|
|
|
); |
|
|
|
|
if (match) |
|
|
|
|
{ |
|
|
|
|
@ -3231,12 +3231,12 @@ void TryToFindTwinuiPCShellOffsets(DWORD* pOffsets)
@@ -3231,12 +3231,12 @@ void TryToFindTwinuiPCShellOffsets(DWORD* pOffsets)
|
|
|
|
|
pOffsets[2] = (DWORD)(match - pFile); |
|
|
|
|
} |
|
|
|
|
#elif defined(_M_ARM64) |
|
|
|
|
// 7F 23 03 D5 F3 53 BF A9 FD 7B BB A9 FD 03 00 91 F3 03 00 AA F4 03 01 AA ?? ?? ?? ?? FF ?? 03 A9
|
|
|
|
|
// 7F 23 03 D5 F3 53 BF A9 FD 7B BB A9 FD 03 00 91 ?? 03 00 AA ?? 03 01 AA ?? ?? ?? ?? FF ?? 03 A9
|
|
|
|
|
// ----------- PACIBSP, don't scan for this because it's everywhere
|
|
|
|
|
PBYTE match = (PBYTE)FindPattern( |
|
|
|
|
pFile, dwSize, |
|
|
|
|
"\xF3\x53\xBF\xA9\xFD\x7B\xBB\xA9\xFD\x03\x00\x91\xF3\x03\x00\xAA\xF4\x03\x01\xAA\x00\x00\x00\x00\xFF\x00\x03\xA9", |
|
|
|
|
"xxxxxxxxxxxxxxxxxxxx????x?xx" |
|
|
|
|
"\xF3\x53\xBF\xA9\xFD\x7B\xBB\xA9\xFD\x03\x00\x91\x00\x03\x00\xAA\x00\x03\x01\xAA\x00\x00\x00\x00\xFF\x00\x03\xA9", |
|
|
|
|
"xxxxxxxxxxxx?xxx?xxx????x?xx" |
|
|
|
|
); |
|
|
|
|
if (match) |
|
|
|
|
{ |
|
|
|
|
@ -3264,17 +3264,32 @@ void TryToFindTwinuiPCShellOffsets(DWORD* pOffsets)
@@ -3264,17 +3264,32 @@ void TryToFindTwinuiPCShellOffsets(DWORD* pOffsets)
|
|
|
|
|
match += 17; |
|
|
|
|
pOffsets[3] = (DWORD)(match + 5 + *(int*)(match + 1) - pFile); |
|
|
|
|
} |
|
|
|
|
else |
|
|
|
|
{ |
|
|
|
|
// 48 8B ? E8 ? ? ? ? 4C 8D 47 ? 48 8B ? 48 8B CE E8 ? ? ? ? 90
|
|
|
|
|
// ^^^^^^^
|
|
|
|
|
match = (PBYTE)FindPattern( |
|
|
|
|
pFile, dwSize, |
|
|
|
|
"\x48\x8B\xCB\xE8\x00\x00\x00\x00\x4C\x8D\x47\x00\x48\x8B\x00\x48\x8B\xCE\xE8\x00\x00\x00\x00\x90", |
|
|
|
|
"xx?x????xxx?xx?xxxx????x" |
|
|
|
|
); |
|
|
|
|
if (match) |
|
|
|
|
{ |
|
|
|
|
match += 18; |
|
|
|
|
pOffsets[3] = (DWORD)(match + 5 + *(int*)(match + 1) - pFile); |
|
|
|
|
} |
|
|
|
|
} |
|
|
|
|
#elif defined(_M_ARM64) |
|
|
|
|
// 82 62 00 91 ?? ?? 00 91 E0 03 ?? AA ?? ?? ?? ?? 1F 20 03 D5
|
|
|
|
|
// ^^^^^^^^^^^
|
|
|
|
|
// ?? 0A 40 F9 ?? 02 40 F9 ?? ?? 00 F9 ?? ?? ?? ?? ?? 62 00 91 ?? ?? 00 91 E0 03 ?? AA ?? ?? ?? ?? 1F 20 03 D5
|
|
|
|
|
// ^^^^^^^^^^^
|
|
|
|
|
PBYTE match = (PBYTE)FindPattern( |
|
|
|
|
pFile, dwSize, |
|
|
|
|
"\x82\x62\x00\x91\x00\x00\x00\x91\xE0\x03\x00\xAA\x00\x00\x00\x00\x1F\x20\x03\xD5", |
|
|
|
|
"xxxx??xxxx?x????xxxx" |
|
|
|
|
"\x0A\x40\xF9\x00\x02\x40\xF9\x00\x00\x00\xF9\x00\x00\x00\x00\x00\x62\x00\x91\x00\x00\x00\x91\xE0\x03\x00\xAA\x00\x00\x00\x00\x1F\x20\x03\xD5", |
|
|
|
|
"xxx?xxx??xx?????xxx??xxxx?x????xxxx" |
|
|
|
|
); |
|
|
|
|
if (match) |
|
|
|
|
{ |
|
|
|
|
match += 12; |
|
|
|
|
match += 27; |
|
|
|
|
pOffsets[3] = (DWORD)FileOffsetToRVA(pFile, (PBYTE)ARM64_FollowBL((DWORD*)match) - pFile); |
|
|
|
|
} |
|
|
|
|
#endif |
|
|
|
|
@ -3375,11 +3390,11 @@ void TryToFindTwinuiPCShellOffsets(DWORD* pOffsets)
@@ -3375,11 +3390,11 @@ void TryToFindTwinuiPCShellOffsets(DWORD* pOffsets)
|
|
|
|
|
} |
|
|
|
|
} |
|
|
|
|
#elif defined(_M_ARM64) |
|
|
|
|
// F3 53 BE A9 F5 5B 01 A9 FD 7B ?? A9 FD 03 00 91 30 00 80 92 F5 03 04 AA B0 ?? 00 F9 F3 03 00 AA BF 02 00 F9 68 2E 40 F9 F6 03 03 AA B3 23 02 A9 ?? ?? 00 B5
|
|
|
|
|
// F3 53 BE A9 F5 5B 01 A9 FD 7B ?? A9 FD 03 00 91 30 00 80 92 ?? 03 04 AA B0 ?? 00 F9 ?? 03 00 AA ?? 02 00 F9 ?? 2E 40 F9 ?? 03 03 AA ?? 23 02 A9 ?? ?? 00 B5
|
|
|
|
|
PBYTE match = (PBYTE)FindPattern( |
|
|
|
|
pFile, dwSize, |
|
|
|
|
"\xF3\x53\xBE\xA9\xF5\x5B\x01\xA9\xFD\x7B\x00\xA9\xFD\x03\x00\x91\x30\x00\x80\x92\xF5\x03\x04\xAA\xB0\x00\x00\xF9\xF3\x03\x00\xAA\xBF\x02\x00\xF9\x68\x2E\x40\xF9\xF6\x03\x03\xAA\xB3\x23\x02\xA9\x00\x00\x00\xB5", |
|
|
|
|
"xxxxxxxxxx?xxxxxxxxxxxxxx?xxxxxxxxxxxxxxxxxxxxxx??xx" |
|
|
|
|
"\xF3\x53\xBE\xA9\xF5\x5B\x01\xA9\xFD\x7B\x00\xA9\xFD\x03\x00\x91\x30\x00\x80\x92\x00\x03\x04\xAA\xB0\x00\x00\xF9\x00\x03\x00\xAA\x00\x02\x00\xF9\x00\x2E\x40\xF9\x00\x03\x03\xAA\x00\x23\x02\xA9\x00\x00\x00\xB5", |
|
|
|
|
"xxxxxxxxxx?xxxxxxxxx?xxxx?xx?xxx?xxx?xxx?xxx?xxx??xx" |
|
|
|
|
); |
|
|
|
|
if (match) |
|
|
|
|
{ |
|
|
|
|
@ -3428,11 +3443,11 @@ void TryToFindTwinuiPCShellOffsets(DWORD* pOffsets)
@@ -3428,11 +3443,11 @@ void TryToFindTwinuiPCShellOffsets(DWORD* pOffsets)
|
|
|
|
|
} |
|
|
|
|
} |
|
|
|
|
#elif defined(_M_ARM64) |
|
|
|
|
// F3 53 BC A9 F5 5B 01 A9 F7 13 00 F9 F9 17 00 F9 FB 1B 00 F9 FD 7B BC A9 FD 03 00 91 FF ?? 00 D1 30 00 80 92 FB 03 04 AA
|
|
|
|
|
// F3 53 BC A9 F5 5B 01 A9 F7 13 00 F9 F9 17 00 F9 FB 1B 00 F9 FD 7B BC A9 FD 03 00 91 FF ?? 00 D1 30 00 80 92 ?? 03 04 AA
|
|
|
|
|
PBYTE match = (PBYTE)FindPattern( |
|
|
|
|
pFile, dwSize, |
|
|
|
|
"\xF3\x53\xBC\xA9\xF5\x5B\x01\xA9\xF7\x13\x00\xF9\xF9\x17\x00\xF9\xFB\x1B\x00\xF9\xFD\x7B\xBC\xA9\xFD\x03\x00\x91\xFF\x00\x00\xD1\x30\x00\x80\x92\xFB\x03\x04\xAA", |
|
|
|
|
"xxxxxxxxxxxxxxxxxxxxxxxxxxxxx?xxxxxxxxxx" |
|
|
|
|
"\xF3\x53\xBC\xA9\xF5\x5B\x01\xA9\xF7\x13\x00\xF9\xF9\x17\x00\xF9\xFB\x1B\x00\xF9\xFD\x7B\xBC\xA9\xFD\x03\x00\x91\xFF\x00\x00\xD1\x30\x00\x80\x92\x00\x03\x04\xAA", |
|
|
|
|
"xxxxxxxxxxxxxxxxxxxxxxxxxxxxx?xxxxxx?xxx" |
|
|
|
|
); |
|
|
|
|
if (match) |
|
|
|
|
{ |
|
|
|
|
|
Amrsatrio
3 months ago