From d11606762f3320b624d38cd677de6882f7a07c3a Mon Sep 17 00:00:00 2001 From: 0xvpr Date: Mon, 26 Feb 2024 17:25:04 -0500 Subject: [PATCH] full asm transition complete --- Makefile | 57 +++++----------------------- compile_flags.txt | 9 ----- include/entity.h | 78 -------------------------------------- include/hacks.h | 84 ----------------------------------------- include/mem.h | 61 ------------------------------ include/offsets.h | 13 ------- resources/notes_sp3.txt | 78 ++++++++++++++++++++++++++++++++++++++ src/hacks.asm | 35 +++++++++++++++++ src/hacks.c | 46 ---------------------- 9 files changed, 123 insertions(+), 338 deletions(-) delete mode 100644 compile_flags.txt delete mode 100644 include/entity.h delete mode 100644 include/hacks.h delete mode 100644 include/mem.h delete mode 100644 include/offsets.h delete mode 100644 src/hacks.c diff --git a/Makefile b/Makefile index c1bfb54..fa3a2f2 100644 --- a/Makefile +++ b/Makefile @@ -1,78 +1,41 @@ PROJECT = sp3 -CC = i686-w64-mingw32-gcc -CFLAGS = -std=c99 -O2 -m32\ - -Wall -Wextra -Werror -Wshadow -Wconversion\ - -Wno-attributes\ - LD = i686-w64-mingw32-ld -LDFLAGS = -shared --entry=_DllMain@12 +LDFLAGS = -s -shared --entry=_DllMain@12 ASM = nasm ASFLAGS = -f win32 -BIN = lib +LIB = lib BUILD = build DEBUG = $(OBJ)/debug RELEASE = $(OBJ)/release SRC = src OBJ = build -SOURCES = $(wildcard $(SRC)/*.c) -DBG_OBJECTS = $(patsubst $(SRC)/%.c,$(DEBUG)/%_d.o,$(SOURCES)) -REL_OBJECTS = $(patsubst $(SRC)/%.c,$(RELEASE)/%.o,$(SOURCES)) - -INCLUDE = include -INCLUDES = $(addprefix -I,$(INCLUDE)) -HEADERS = $(wildcard $(INCLUDE)/*.h) +SOURCES = $(wildcard $(SRC)/*.asm) +OBJECTS = $(patsubst $(SRC)/%.asm,$(OBJ)/%.obj,$(SOURCES)) LIB_FILES = d3d9 d3dx9 kernel32 user32 msvcrt LIBS = $(addprefix -l,$(LIB_FILES)) -ASM_TARGET = health_detour -ASM_SRC = $(SRC) -ASM_OBJ = $(BUILD) -ASM_SOURCES = $(wildcard $(ASM_SRC)/*.asm) -ASM_OBJECTS = $(patsubst $(ASM_SRC)/%.asm,$(ASM_OBJ)/%.obj,$(ASM_SOURCES)) - MAKEFLAGS += $(addprefix -j,$(shell nproc)) all: release -debug: $(DEBUG) -$(DEBUG): $(BIN)/$(PROJECT)_d.dll -$(DEBUG): CFLAGS += -g - release: $(PROJECT) -$(PROJECT): $(BIN)/$(PROJECT).dll -$(PROJECT): CFLAGS += -march=native -mavx2 -mtune=native -Ofast -fPIE -funsafe-math-optimizations -fomit-frame-pointer -$(PROJECT): CFLAGS += -funroll-loops -funsafe-loop-optimizations -funswitch-loops -floop-parallelize-all -$(PROJECT): CFLAGS += -finline-functions -falign-functions -falign-loops -falign-jumps -fno-function-sections -$(PROJECT): CFLAGS += -fno-ident -fvisibility=hidden -fstrict-aliasing -$(PROJECT): CFLAGS += -DUNICODE -D_WIN32 -DVC_EXTRALEAN -#$(PROJECT): LDFLAGS += -s +$(PROJECT): $(LIB)/$(PROJECT).dll -$(BIN)/$(PROJECT)_d.dll: $(OBJ) $(BIN) $(ASM_OBJECTS) $(DBG_OBJECTS) - $(LD) $(LDFLAGS) $(ASM_OBJECTS) $(DBG_OBJECTS) $(LIBS) -o $@ +$(LIB)/$(PROJECT).dll: $(OBJ) $(LIB) $(OBJECTS) + $(LD) $(LDFLAGS) $(OBJECTS) $(LIBS) -o $@ -$(BIN)/$(PROJECT).dll: $(OBJ) $(BIN) $(ASM_OBJECTS) $(REL_OBJECTS) - $(LD) $(LDFLAGS) $(ASM_OBJECTS) $(REL_OBJECTS) $(LIBS) -o $@ - -$(ASM_OBJECTS): $(ASM_OBJ)/%.obj: $(ASM_SRC)/%.asm +$(OBJECTS): $(OBJ)/%.obj: $(SRC)/%.asm $(ASM) $(ASFLAGS) $^ -o $@ -$(DBG_OBJECTS): $(DEBUG)/%_d.o: $(SRC)/%.c - $(CC) $(CFLAGS) $(INCLUDES) -c $^ -o $@ - -$(REL_OBJECTS): $(RELEASE)/%.o: $(SRC)/%.c - $(CC) $(CFLAGS) $(INCLUDES) -c $^ -o $@ - $(OBJ): - mkdir -p build/asm - mkdir -p build/debug - mkdir -p build/release + mkdir -p build -$(BIN): +$(LIB): mkdir -p lib .PHONY: docker-container diff --git a/compile_flags.txt b/compile_flags.txt deleted file mode 100644 index 8c5fbcf..0000000 --- a/compile_flags.txt +++ /dev/null @@ -1,9 +0,0 @@ --std=c99 ---target=i686-pc-windows-gnu --Iinclude --Wall --Wextra --Werror --Wshadow --Wpedantic --Wconversion diff --git a/include/entity.h b/include/entity.h deleted file mode 100644 index da12eb8..0000000 --- a/include/entity.h +++ /dev/null @@ -1,78 +0,0 @@ -#ifndef ENTITY_HEADER -#define ENTITY_HEADER - -#ifndef TYPE -#define TYPE(x) ((uintptr_t)x) -#endif /* TYPE */ - -typedef struct PlayerVtable -{ - void (__stdcall * func_00_10CD6AF0)(int arg1, int arg2, void * unknown); // To Reverse Engineer - void (__stdcall * func_01_10CD6B00)(void); // To Reverse Engineer - void (__stdcall * func_02_10CD6B10)(void); // To Reverse Engineer - void (__thiscall * func_03_10B8C520)(void * this, unsigned char byte); // To Reverse Engineer - void (__fastcall * func_04_1098DCC0)(int arg1); // To Reverse Engineer - void (__fastcall * func_05_10A7E240)(int * arg1); // To Reverse Engineer - void (__stdcall * func_06_10A799B0)(void); // To Reverse Engineer - void (__fastcall * func_07_10CD7AC0)(int arg1); // To Reverse Engineer - void (__fastcall * func_08_10B7E0A0)(int * arg1); // To Reverse Engineer - void (__fastcall * func_09_10993690)(int arg1); // To Reverse Engineer - void (__thiscall * func_10_1098DD40)(void * this); // To Reverse Engineer - void (__fastcall * func_11_1092B9A0)(int arg1); // To Reverse Engineer - void (__thiscall * func_12_10CF51B0)(void * this, int arg1, int arg2); // arg1 == 0x2B2 and arg2 != 0 - void (__thiscall * func_13_10CEE8A0)(void * this, int arg1, int arg2, int arg3); // args are non-zero - void (__stdcall * func_14_10A797F0)(void); // To Reverse Engineer - void (__stdcall * func_15_10CD6AD0)(void); // To Reverse Engineer - void (__fastcall * func_16_109957C0)(int arg1); // To Reverse Engineer - void (__thiscall * func_17_1098FDE0)(void * this, int arg1); // if arg2 == _DAT_111f690c - void (__thiscall * func_18_10CF4890)(void * this, int arg1, int arg2, int arg3); // WHOLE LOTTA GANG SHIT - void (__thiscall * func_19_10CDB320)(void * this, int arg1, int arg2, int arg3); // WHOLE LOTTA GANG SHIT - void (__thiscall * func_20_10CDFEB0)(void * this); // Maybe not a fastcall???? - int (__stdcall * func_21_10CDB910)(void); // To Reverse Engineer - int (__stdcall * func_22_1092AF90)(void); // To Reverse Engineer - int (__stdcall * func_23_1092AFA0)(void); // To Reverse Engineer - int (__thiscall * func_24_10A88BD0)(void * this, int arg1, int arg2, int arg3, // wtf ....................... - int arg4, void * arg5,void * arg6,void * arg7, int arg8, int arg9, // ........................... - int arg10); // ....................is this - void (__stdcall * func_25_1092AFB0)(void); // To Reverse Engineer - void (__stdcall * func_26_1092AFC0)(void); // To Reverse Engineer - void (__stdcall * func_27_1092AFD0)(void); // To Reverse Engineer - void (__thiscall * func_28_10B852D0)(void * unknown); // No fucking clue but its huge -} PlayerVtable; - -typedef struct _Entity -{ - PlayerVtable* lpVtable; // + 0x0000 - char __0x0E8__[0x0E4]; // [ padding ] - float x; // + 0x00E8 - float y; // + 0x00EC - float z; // + 0x00F0 - char __0x420__[0x32C]; // [ padding ] - int health; // + 0x0420 -} Entity; - -typedef struct _GameWorld -{ - Entity** entities; - unsigned n_entities; -} GameWorld; - -typedef struct _Door -{ - unsigned door_type; // + 0x0000 - char __0x4B8__[0x4B4]; // [ padding ] - int access; // + 0x04B8 -} Door; - -typedef struct _Weapon -{ - int current_ammo; // + 0x0000 - int max_clip_size; // + 0x0004 - int total_ammo; // + 0x0008 - char __0x51C__[0x0F0]; // [ padding ] - float minimum_reticle; // + 0x051C - float bloom_x; // + 0x0520 - float bloom_y; // + 0x0524 -} Weapon; - -#endif /* ENTITY_HEADER */ diff --git a/include/hacks.h b/include/hacks.h deleted file mode 100644 index 7545c4f..0000000 --- a/include/hacks.h +++ /dev/null @@ -1,84 +0,0 @@ -#ifndef HACKS_HEADER -#define HACKS_HEADER - -#define GOD_MODE 0x00000000 -#define GHOST_MODE 0x00000001 -#define SUPER_WEAPONS 0x00000002 -#define DISABLE_ALARMS 0x00000003 -#define DISABLE_ENEMIES 0x00000004 -#define UNLOCK_ALL_DOORS 0x00000005 -#define MAX_MENU_ITEMS 0x00000006 - -#define DOOR_ALL_ACCESS 0x00000004 - -#define PLAYER 0x110E8B50 -#define DOOR 0x110FDDD8 -#define NPC 0x110F88D8 - -/** - * Prevents the game from subtracting the player's HP - * while also enabling one shot kill for all other NPC's - * - * @param bool bGodMode - * @return void - */ -void hack_god_mode(int); - -/** - * Prevents the visibility meter from rising above 0.001. - * - * Cameras WILL still see you. Enemies with night vision - * Enemies WILL still hear you at 0 threshhold. - * - * Enemies WILL still drop your ass. - * - * @param bool bGhostMode - * @return void - */ -void hack_ghost_mode(int); - -/** - * Toggles: rapid fire, infinite ammo (if previously non-zero), - * no recoil, no spread, - * - * @param bool bSuperWeapons - * @return void - */ -void hack_super_weapons(int); - -/** - * Disable alarms - * - * @param bDisableAlarms - * @return void - */ -void hack_disable_alarms(int); - -/** - * Reduces all enemies in the current level's hp - * to zero. - * - * This WILL break the game's state triggering - * mechanics. Toggle as needed to progress in a - * mission. - * - * @param bool bDisableEnemies - * @return unsigned int - */ -unsigned int hack_disable_enemies(int); - -/** - * Unlock all of the doors in a level. - * - * @param void - * @return void - */ -unsigned hack_unlock_all_doors(void); - -/** - * Test TODO - * -*/ -void hack_test(void); - -#endif /* HACKS_HEADER */ diff --git a/include/mem.h b/include/mem.h deleted file mode 100644 index 192c0a3..0000000 --- a/include/mem.h +++ /dev/null @@ -1,61 +0,0 @@ -#ifndef MEM_HEADER -#define MEM_HEADER - -#include - -/** - * Finds the Dynamic Memory Access address of an embedded process. - * - * @param: uintptr_t ptr - * @param: unsigned offsets[] - * @param: size_t size - * - * @return: uintptr_t -**/ -uintptr_t memory_find_dynamic_address(uintptr_t ptr, uint16_t* offsets, size_t size); - -/** - * Byte replacement from source to destination. - * - * @param: void destination - * @param: size_t size - * - * @return: void -**/ -void memory_nop(void* dst, size_t nmemb); - -/** - * Byte replacement from source to destination. - * - * @param: void destination - * @param: void source - * @param: size_t size - * - * @return: void -**/ -void memory_patch(void* dst, const void* src, size_t size); - -/** - * Hooks into a function and detours the target function to another function. - * - * @param: void* targetFunc - * @param: void* myFunc - * @param: size_t size - * - * @return: bool -**/ -/*__attribute__((always_inline))*/ -int memory_detour(void* targetFunc, void(* myFunc)(), size_t size); - -/** - * Hooks into a function and detours the target function to another function, then jumps back. - * - * @param: void* src - * @param: void* dst - * @param: size_t size - * - * @return: char* -**/ -char* memory_tramp_hook(char* targetFunc, char* myFunc, size_t size); - -#endif /* MEM_HEADER */ diff --git a/include/offsets.h b/include/offsets.h deleted file mode 100644 index f412a62..0000000 --- a/include/offsets.h +++ /dev/null @@ -1,13 +0,0 @@ -#ifndef OFFSETS_HEADER -#define OFFSETS_HEADER - -#include -#include - -uint32_t offsets_game_world_base = 0x00A0DFEC; -uint16_t offsets_game_world_pointers[2] = { - 0x78, - 0x5E4 -}; - -#endif /* OFFSETS_HEADER */ diff --git a/resources/notes_sp3.txt b/resources/notes_sp3.txt index 70fa61a..f7ded53 100644 --- a/resources/notes_sp3.txt +++ b/resources/notes_sp3.txt @@ -94,3 +94,81 @@ consolecommand= testrendev= delagbuffers= +#ifndef ENTITY_HEADER +#define ENTITY_HEADER + +#ifndef TYPE +#define TYPE(x) ((uintptr_t)x) +#endif /* TYPE */ + +typedef struct PlayerVtable +{ + void (__stdcall * func_00_10CD6AF0)(int arg1, int arg2, void * unknown); // To Reverse Engineer + void (__stdcall * func_01_10CD6B00)(void); // To Reverse Engineer + void (__stdcall * func_02_10CD6B10)(void); // To Reverse Engineer + void (__thiscall * func_03_10B8C520)(void * this, unsigned char byte); // To Reverse Engineer + void (__fastcall * func_04_1098DCC0)(int arg1); // To Reverse Engineer + void (__fastcall * func_05_10A7E240)(int * arg1); // To Reverse Engineer + void (__stdcall * func_06_10A799B0)(void); // To Reverse Engineer + void (__fastcall * func_07_10CD7AC0)(int arg1); // To Reverse Engineer + void (__fastcall * func_08_10B7E0A0)(int * arg1); // To Reverse Engineer + void (__fastcall * func_09_10993690)(int arg1); // To Reverse Engineer + void (__thiscall * func_10_1098DD40)(void * this); // To Reverse Engineer + void (__fastcall * func_11_1092B9A0)(int arg1); // To Reverse Engineer + void (__thiscall * func_12_10CF51B0)(void * this, int arg1, int arg2); // arg1 == 0x2B2 and arg2 != 0 + void (__thiscall * func_13_10CEE8A0)(void * this, int arg1, int arg2, int arg3); // args are non-zero + void (__stdcall * func_14_10A797F0)(void); // To Reverse Engineer + void (__stdcall * func_15_10CD6AD0)(void); // To Reverse Engineer + void (__fastcall * func_16_109957C0)(int arg1); // To Reverse Engineer + void (__thiscall * func_17_1098FDE0)(void * this, int arg1); // if arg2 == _DAT_111f690c + void (__thiscall * func_18_10CF4890)(void * this, int arg1, int arg2, int arg3); // WHOLE LOTTA GANG SHIT + void (__thiscall * func_19_10CDB320)(void * this, int arg1, int arg2, int arg3); // WHOLE LOTTA GANG SHIT + void (__thiscall * func_20_10CDFEB0)(void * this); // Maybe not a fastcall???? + int (__stdcall * func_21_10CDB910)(void); // To Reverse Engineer + int (__stdcall * func_22_1092AF90)(void); // To Reverse Engineer + int (__stdcall * func_23_1092AFA0)(void); // To Reverse Engineer + int (__thiscall * func_24_10A88BD0)(void * this, int arg1, int arg2, int arg3, // wtf ....................... + int arg4, void * arg5,void * arg6,void * arg7, int arg8, int arg9, // ........................... + int arg10); // ....................is this + void (__stdcall * func_25_1092AFB0)(void); // To Reverse Engineer + void (__stdcall * func_26_1092AFC0)(void); // To Reverse Engineer + void (__stdcall * func_27_1092AFD0)(void); // To Reverse Engineer + void (__thiscall * func_28_10B852D0)(void * unknown); // No fucking clue but its huge +} PlayerVtable; + +typedef struct _Entity +{ + PlayerVtable* lpVtable; // + 0x0000 + char __0x0E8__[0x0E4]; // [ padding ] + float x; // + 0x00E8 + float y; // + 0x00EC + float z; // + 0x00F0 + char __0x420__[0x32C]; // [ padding ] + int health; // + 0x0420 +} Entity; + +typedef struct _GameWorld +{ + Entity** entities; + unsigned n_entities; +} GameWorld; + +typedef struct _Door +{ + unsigned door_type; // + 0x0000 + char __0x4B8__[0x4B4]; // [ padding ] + int access; // + 0x04B8 +} Door; + +typedef struct _Weapon +{ + int current_ammo; // + 0x0000 + int max_clip_size; // + 0x0004 + int total_ammo; // + 0x0008 + char __0x51C__[0x0F0]; // [ padding ] + float minimum_reticle; // + 0x051C + float bloom_x; // + 0x0520 + float bloom_y; // + 0x0524 +} Weapon; + +#endif /* ENTITY_HEADER */ diff --git a/src/hacks.asm b/src/hacks.asm index 59e4176..c949a13 100644 --- a/src/hacks.asm +++ b/src/hacks.asm @@ -6,6 +6,7 @@ global _hack_god_mode global _hack_ghost_mode global _hack_super_weapons global _hack_disable_alarms +global _hack_disable_enemies global _hack_unlock_all_doors global _hack_no_clip global _hack_test @@ -469,6 +470,40 @@ super_weapons_disabled: nop nop +_hack_disable_enemies: + push ebx + sub esp,0x1C + mov eax, dword [game_world_base] + mov dword [esp+0x8],0x2 + add eax, dword [_g_module_base_addr] + mov dword [esp+0x4], game_world_offsets + mov dword [esp],eax + call _memory_find_dynamic_address + test eax,eax + jz disable_enemies_exit + xor ecx, ecx + mov edx, dword [eax+0x4] ; n_entities + mov eax, dword [eax] + xor dword [esp + 0x24], 0x1 ; flip bEnabled +disable_enemies_main_loop: + cmp ecx,edx + je disable_enemies_exit + lea ebx, [eax+ecx*0x4] + mov ebx, dword [ebx+0x0] + cmp dword [ebx], TYPE_NPC ; Check type + jne not_npc + imul edi, dword [esp + 0x24], 0x96 ; !bEnabled * 150 + mov dword [ebx + 0x420], edi +not_npc: + inc ecx + jmp disable_enemies_main_loop +disable_enemies_exit: + xor eax, eax + xor ecx, eax + add esp, 0x1c + pop ebx + ret + _hack_unlock_all_doors: push ebx sub esp,0x1c diff --git a/src/hacks.c b/src/hacks.c deleted file mode 100644 index f9581fe..0000000 --- a/src/hacks.c +++ /dev/null @@ -1,46 +0,0 @@ -#include "hacks.h" - -#include "offsets.h" -#include "entity.h" -#include "mem.h" - -extern uintptr_t g_module_base_addr; - -unsigned int hack_disable_enemies(int bEnabled) -{ - GameWorld* gameWorld = (GameWorld *)memory_find_dynamic_address(g_module_base_addr + offsets_game_world_base, - offsets_game_world_pointers, - (sizeof(offsets_game_world_pointers)/sizeof(offsets_game_world_pointers[0]))); - if (!gameWorld) - { - return 0; - } - - size_t size = gameWorld->n_entities; - - unsigned int total_entities_changed = 0; - for (size_t i = 0; i < size; i++) - { - Entity* entity = gameWorld->entities[i]; - if (!entity) - { - break; - } - - if (TYPE(entity->lpVtable) == NPC) - { - if (bEnabled) - { - entity->health = 0; - ++total_entities_changed; - } - else - { - entity->health = 150; - ++total_entities_changed; - } - } - } - - return total_entities_changed; -}