Skip to content

Instantly share code, notes, and snippets.

@yoya3312

yoya3312/hack1.c

Last active January 18, 2019 07:09
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save yoya3312/764bb584f64681e97834089ba445b09e to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save yoya3312/764bb584f64681e97834089ba445b09e to your computer and use it in GitHub Desktop.
Download ZIP
Raw
hack1.c
#include "../../skse64_common/Relocation.h"
#include "../../skse64_common/SafeWrite.h"
#include "../../skse64_common/BranchTrampoline.h"
#include "../../xbyak/xbyak.h"
#include "../config.h"
#include "../../skse64/GameSettings.h"
namespace Hack0
{
#if 0
SSE v1.5.62 Crash on loading prior save with Riverside Lodge
To check [rsi+10h] is 0 or not
.text:0000000140429421 C3 retn
.text:0000000140429422 ; ---------------------------------------------------------------------------
.text:0000000140429422
.text:0000000140429422 loc_140429422: ; CODE XREF: crash_sub_1404293C0+4Aj
.text:0000000140429422 ; crash_sub_1404293C0+4Ej
.text:0000000140429422 48 85 DB test rbx, rbx
.text:0000000140429425 74 26 jz short loc_14042944D
.text:0000000140429427 8B C8 mov ecx, eax
.text:0000000140429429 48 8B D3 mov rdx, rbx
.text:000000014042942C 48 8B 46 10 mov rax, [rsi+10h]
.text:0000000140429430 48 8B 0C C8 mov rcx, [rax+rcx*8]
.text:0000000140429434 48 8B 01 mov rax, [rcx]
.text:0000000140429437 48 8B 5C 24 30 mov rbx, [rsp+28h+arg_0]
.text:000000014042943C 48 8B 74 24 38 mov rsi, [rsp+28h+arg_8]
.text:0000000140429441 48 83 C4 20 add rsp, 20h
.text:0000000140429445 5F pop rdi
.text:0000000140429446 48 FF A0 80 00+ jmp qword ptr [rax+80h]
.text:000000014042944D ; ---------------------------------------------------------------------------
.text:000000014042944D
.text:000000014042944D loc_14042944D: ; CODE XREF: crash_sub_1404293C0+65j
.text:000000014042944D B0 01 mov al, 1
.text:000000014042944F
.text:000000014042944F loc_14042944F: ; CODE XREF: crash_sub_1404293C0+36j
.text:000000014042944F 48 8B 5C 24 30 mov rbx, [rsp+28h+arg_0]
.text:0000000140429454 48 8B 74 24 38 mov rsi, [rsp+28h+arg_8]
.text:0000000140429459 48 83 C4 20 add rsp, 20h
.text:000000014042945D 5F pop rdi
.text:000000014042945E C3 retn
#endif
RelocAddr<uintptr_t> crashed_sub_loc1(0x00429427);
RelocAddr<uintptr_t> crashed_sub_loc2(0x0042944D);
bool Patch()
{
_MESSAGE("- hack0 patches -");
if (config::patch_hack0)
{
_MESSAGE("patch_hack0 enabled");
struct Check_zero_code : Xbyak::CodeGenerator
{
Check_zero_code(void * buf) : Xbyak::CodeGenerator(4096, buf)
{
mov(ecx, eax);
mov(rdx, rbx);
mov(rax, ptr[rsi+0x10]);
//
test(rax, rax);
jz("L_zero");
jmp(ptr[rip]);
dq(crashed_sub_loc1.GetUIntPtr() + 9);
L("L_zero");
// return 1 (not eq)
jmp(ptr[rip]);
dq(crashed_sub_loc2.GetUIntPtr());
}
};
void *codeBuf = g_localTrampoline.StartAlloc();
Check_zero_code code(codeBuf);
g_localTrampoline.EndAlloc(code.getCurr());
g_branchTrampoline.Write6Branch(crashed_sub_loc1.GetUIntPtr(), uintptr_t(code.getCode()));
}
_MESSAGE("success");
return true;
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment