PRCN-restore-dll.php

<?php

/*
 * Semi-auto restore Princess Connect ReDive (PC-DMM) C# dll
 * Step I: Run game and use Live RAM Caputurer ( http://www.forensicswiki.org/wiki/Belkasoft_Live_RAM_Capturer )
 * Step II: Use volatility to <pslist> and then <ramdump> ( https://github.com/volatilityfoundation/volatility )
 * Step III: Use this script
 */

if (!file_exists('Assembly-CSharp.dll')) {
  echo 'no dll';
  exit;
}
if (empty($argv[1]) || !file_exists($argv[1])) {
  echo 'no input';
  exit;
}
echo "Reading zero gaps...";
$out = fopen('Assembly-CSharp.dll', 'rb+');
$offset = 0;
$blocks = 0;
$zb = str_repeat("\0", 16);
$zeroblocks = [];
while(1) {
  $chk = fread($out, 16);
  if ($chk == '') break;
  if ($chk == $zb) {
    $blocks++;
  } else {
    if ($blocks > 5) {
      $zeroblocks[] = [
        'start' => $offset - $blocks*16,
        'end' => $offset,
        'len' => $blocks*16
      ];
    }
    $blocks = 0;
  }
  $offset += 16;
}

usort($zeroblocks, function ($b, $a) {return $a['len'] - $b['len'];});
$biggestgap = $zeroblocks[0];
//print_r($biggestgap);
if ($biggestgap['len'] < 1024*1024) {
  echo "too small gap: ".$biggestgap['len'];
  exit;
}
echo "found at 0x".dechex($biggestgap['start'])." len: 0x".dechex($biggestgap['len'])."\n";


echo "Finding keyword offset...";
exec('D:/cygwin64/bin/grep -F TUTORIAL_MAIN_STORY_RELEASE -b -m 1 -o -a '.$argv[1], $output);
if (empty($output)) {
  echo 'empty search';
  exit;
}
$inoffset = intval(explode(':', $output[0])[0]);
echo "memory dump: 0x".dechex($inoffset).', ';

$output = [];
exec('D:/cygwin64/bin/grep -F TUTORIAL_MAIN_STORY_RELEASE -b -m 1 -o -a Assembly-CSharp.dll', $output);
if (empty($output)) {
  echo 'empty search';
  exit;
}
$outoffset = intval(explode(':', $output[0])[0]);
echo "original file: 0x".dechex($outoffset)."\n";

echo "Applying...\n";
$in = fopen($argv[1], 'rb');
fseek($in, $inoffset - ($outoffset - $biggestgap['start']), SEEK_SET);
fseek($out, $biggestgap['start'], SEEK_SET);
for ($i = 0; $i < $biggestgap['len']; $i += 16) {
  if ($i % 4096 == 0)printf("\r%x", $biggestgap['start'] + $i);
  $buf = fread($in, 16);
  fwrite($out, $buf);
}
echo "\nDone\n";

prcn.bat

@echo off
start E:\Game\DMM\priconner\PrincessConnectReDive.exe
start F:\Game\RamCapturer\RamCapture64.exe
echo Wait for dump complete
pause
D:\cygwin64\bin\sh.exe prcn.sh
taskkill /im PrincessConnectReDive.exe
taskkill /im RamCapture64.exe
pause

prcn.sh

#!/bin/sh

process="$(tasklist | /bin/grep -F 'PrincessC')"
pid=${process#* }
while [[ "$pid" != "${pid# }" ]]; do pid="${pid# }"; done
while [[ "$pid" != "${pid% *}" ]]; do pid="${pid% *}"; done
cd ..
for memfile in ../Game/RamCapturer/*.mem; do
	a=a
done
echo $pid
echo $memfile
py -2 vol.py --profile=Win7SP1x64 memdump -D dll -f $memfile -p $pid
cd dll
echo "copy dll"
/usr/bin/cp -f /cygdrive/E/Game/DMM/priconner/PrincessConnectReDive_Data/Managed/Assembly-CSharp.dll ./
/usr/bin/cp -f Assembly-CSharp.dll Assembly-CSharp-ori.dll
php restore-dll.php $pid.dmp
/usr/bin/rm -f $pid.dmp $memfile

update.sh

#!/bin/sh

if [[ $1 == "" || ! -e $1/Assembly-CSharp.dll ]]; then exit; fi

set -x
cd dll
cp ../$1/Assembly-CSharp.dll ./
git add Assembly-CSharp.dll
git commit -m $1
git push origin dll

cd ../Assembly-CSharp
git rm -r -- . >/dev/null

set +x
echo "Wait for dump"
read
cp -r -- ../$1/Assembly-CSharp/* .
set -x
git add .
git commit -m $1
git push origin master