[League of Legends][LOL]Riot Servers bypass inline hook

ImKK 发布于 2024-03-30 1050 次阅读

AI 摘要

标题:[League of Legends][LOL]Riot Servers bypass inline hook 摘要:有时候,代码是最好的语言。在这段代码中,作者展示了如何绕过 Riot 服务器的内联钩子,让人看了顿时心生敬佩。通过对哈希值的操作,他们巧妙地实现了此目的。代码虽简单,却蕴含着深刻的技术内涵。期待更多的更新,让我们从中受益匪浅。

多了不说 说多了怕大家不懂 懂得都懂 直接上代码 实在不行大家自己找一下 对应版本的 stub.dll 看看


constexpr uint64_t hash_array = 0x2D6A10; // 13.24

struct hash_struct {
	char pad1[ 0x68 ];   // will be change
	uint64_t hash[ 4 ];
};

struct section_hash {
	uint64_t og_hash[ 4] ;
	hash_struct* hash_ptr;

	section_hash() = default;

	explicit section_hash( hash_struct* hash ) : hash_ptr( hash ) {
		for ( int i = 0; i < 4; i++ ) {
			og_hash[ i ] = hash_ptr->hash[ i ];
		}
	}

	void restore_hash( ) const {
		for ( int i = 0; i < 4; i++ ) {
			hash_ptr->hash[ i ] = og_hash[ i ];
		}
	}

	void bypass_hash( ) const {
		for ( unsigned long long& i : hash_ptr->hash ) {
			i = 0x0;
		}
	}
};

void replace_hash( const uint64_t func_address ) {
	const int nb_pages = get_league_nb_pages( );
	const uint64_t league = reinterpret_cast< uint64_t >( GetModuleHandleA( nullptr ) );

	for ( int i = 4; i <= nb_pages; i++ ) {
		uint64_t curr_page = league + static_cast< uint64_t >( 0x1000 ) * i;
		const uint64_t next_page = league + static_cast< uint64_t >( 0x1000 ) * ( i + 1 );

		if ( func_address < curr_page || func_address > next_page ) {
			continue;
		}

		if ( hashes.contains( curr_page ) ) {
			hashes[ curr_page ].bypass_hash( );
		}
	}
}

uint64_t hook( void* src, void* dest, size_t size ) {
	const uint64_t detour = detour_func( src, dest, size );
	replace_hash( reinterpret_cast< uint64_t >( src ) );

	return detour;
}

当然这只是最基础的 其他的看心情 不定时更新