1+ #include < Windows.h>
2+ #include < MinHook.h>
3+ #include < Hooking.Patterns.h>
4+
5+ #include < cassert>
6+ #include < fstream>
7+ #include < set>
8+
9+ std::ofstream file;
10+ std::set<unsigned int > hashes;
11+
12+ void Log (unsigned int hash, const char * filename)
13+ {
14+ // keep internal list so we don't write 100 duplicates to log
15+ if (hashes.find (hash) == hashes.end ())
16+ {
17+ hashes.insert (hash);
18+
19+ file << filename << std::endl;
20+ }
21+ }
22+
23+ unsigned int (__stdcall* orgArchiveFileSystem_CalculateHash)(const char * filename);
24+ unsigned int __stdcall ArchiveFileSystem_CalculateHash (const char * filename)
25+ {
26+ auto hash = orgArchiveFileSystem_CalculateHash (filename);
27+
28+ Log (hash, filename);
29+
30+ return hash;
31+ }
32+
33+ // tiger variant
34+ #ifndef _WIN64
35+ unsigned int (__cdecl* orgTigerArchiveFileSystem_CalculateHash)(const char * filename);
36+ unsigned int __cdecl TigerArchiveFileSystem_CalculateHash (const char * filename)
37+ #else
38+ unsigned int (__fastcall* orgTigerArchiveFileSystem_CalculateHash)(const char * filename);
39+ unsigned int __fastcall TigerArchiveFileSystem_CalculateHash (const char * filename)
40+ #endif
41+ {
42+ auto hash = orgTigerArchiveFileSystem_CalculateHash (filename);
43+
44+ Log (hash, filename);
45+
46+ return hash;
47+ }
48+
49+ template <typename T>
50+ T GetAddress (void * ptr)
51+ {
52+ #ifndef _WIN64
53+ return (T)((__int32)ptr + *(__int32*)((__int32)ptr + 1 ) + 5 );
54+ #else
55+ return (T)((__int64)ptr + *(__int32*)((__int64)ptr + 1 ) + 5 );
56+ #endif
57+ }
58+
59+ void Initialize ()
60+ {
61+ MH_Initialize ();
62+
63+ // set hooks
64+ #ifndef _WIN64
65+ auto archiveCalculateHash = hook::pattern (" 83 EC 0C 8B 44 24 10 53 55 56 57 8B D9 50 89 5C 24 1C E8" count_hint (1 );
66+ auto tigerCalculateHash = hook::pattern (" 89 4D FC 33 FF 89 45 F8 8B F0 E8" count_hint (1 );
67+
68+ if (!archiveCalculateHash.empty ())
69+ {
70+ MH_CreateHook (
71+ GetAddress<void *>(archiveCalculateHash.get_first (18 )),
72+ ArchiveFileSystem_CalculateHash,
73+ reinterpret_cast <void **>(&orgArchiveFileSystem_CalculateHash));
74+ }
75+
76+ if (!tigerCalculateHash.empty ())
77+ {
78+ MH_CreateHook (
79+ GetAddress<void *>(tigerCalculateHash.get_first (10 )),
80+ TigerArchiveFileSystem_CalculateHash,
81+ reinterpret_cast <void **>(&orgTigerArchiveFileSystem_CalculateHash));
82+ }
83+ #else
84+ auto tigerCalculateHash = hook::pattern (" 8B 71 30 48 8B E9 48 8B CA 33 DB 44 8B DE E8" count_hint (1 );
85+
86+ if (!tigerCalculateHash.empty ())
87+ {
88+ MH_CreateHook (
89+ GetAddress<void *>(tigerCalculateHash.get_first (14 )),
90+ TigerArchiveFileSystem_CalculateHash,
91+ reinterpret_cast <void **>(&orgTigerArchiveFileSystem_CalculateHash));
92+ }
93+ #endif
94+
95+ // open output file
96+ file.open (" ./filelist.txt"
97+
98+ MH_EnableHook (MH_ALL_HOOKS);
99+ }
100+
101+ void Uninitialize ()
102+ {
103+ MH_Uninitialize ();
104+
105+ file.close ();
106+ hashes.clear ();
107+ }
108+
109+ BOOL APIENTRY DllMain (HMODULE hModule, DWORD ul_reason_for_call, LPVOID lpReserved)
110+ {
111+ switch (ul_reason_for_call)
112+ {
113+ case DLL_PROCESS_ATTACH:
114+ Initialize ();
115+
116+ break ;
117+ case DLL_PROCESS_DETACH:
118+ Uninitialize ();
119+
120+ break ;
121+ case DLL_THREAD_ATTACH:
122+ case DLL_THREAD_DETACH:
123+ break ;
124+ }
125+
126+ return TRUE ;
127+ }
0 commit comments