Last active
March 7, 2020 20:38
-
-
Save ahmetabdi/e8efbc3d8d21cd1f123cad63ee8be5b2 to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| uint64_t scan_for_camera_list() { | |
| const auto base = reinterpret_cast<uint64_t>(LI_MODULE("UnityPlayer.dll").get()); | |
| if (!base) | |
| return 0; | |
| const auto dos_header = reinterpret_cast<IMAGE_DOS_HEADER*>(base); | |
| const auto nt_header = reinterpret_cast<IMAGE_NT_HEADERS64*>(base + dos_header->e_lfanew); | |
| uint64_t data_base; | |
| uint64_t data_size; | |
| for (int i = 0;;) | |
| { | |
| const auto section = reinterpret_cast<IMAGE_SECTION_HEADER*>( | |
| base + dos_header->e_lfanew + // nt_header base | |
| sizeof(IMAGE_NT_HEADERS64) + // start of section headers | |
| (i * sizeof(IMAGE_SECTION_HEADER))); // section header at our index | |
| if (RUNTIME_CRC32((char*)section->Name) == STATIC_CRC32(".data")) | |
| { | |
| data_base = section->VirtualAddress + base; | |
| data_size = section->SizeOfRawData; | |
| break; | |
| } | |
| i++; | |
| if (i >= nt_header->FileHeader.NumberOfSections) | |
| { | |
| DEBUG("[!] Section not found\n"); | |
| return 0; | |
| } | |
| } | |
| uint64_t camera_table = 0; | |
| const auto camera_string = memstr((char*)data_base, XOR_STR("AllCameras"), data_size); | |
| for (auto walker = (uint64_t*)camera_string; walker > 0; walker -= 1) | |
| { | |
| if (*walker > 0x100000 && *walker < 0xF00000000000000) | |
| { | |
| // [[[[unityplayer.dll + ctable offset]]] + 0x30] = Camera | |
| camera_table = *walker; | |
| break; | |
| } | |
| } | |
| if (camera_table) | |
| return camera_table; | |
| DEBUG("[!] Unable to locate camera\n"); | |
| return 0; | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment