Skip to content

Instantly share code, notes, and snippets.

@haram

haram/decode_ptr.hpp

Created December 29, 2020 23:54
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save haram/1276842570edada6ebd36e812cf135bb to your computer and use it in GitHub Desktop.
Save haram/1276842570edada6ebd36e812cf135bb to your computer and use it in GitHub Desktop.
Download ZIP
Raw
decode_ptr.hpp
namespace sdk
{
namespace detail
{
static __int64 __fastcall sub_17F7660(unsigned __int64 a1, unsigned __int64 a2, int a3)
{
unsigned __int64 v3; // r8
__int64 result; // rax
unsigned __int64 v5; // r9
unsigned __int64 v6; // r9
__int64 v7; // r10
__int64 v8; // r9
unsigned __int64 v9; // rdx
unsigned __int64 v10; // rdx
int v11; // eax
unsigned __int64 v12; // rdx
unsigned __int64 v13; // rdx
unsigned __int64 v14; // rcx
unsigned __int64 v15; // rcx
unsigned __int64 v16; // r9
v3 = a3 & 0xFFFFFF;
if (a2 < 0x29)
{
result = 0i64;
if (a2 >= 8)
goto LABEL_8;
}
else if (v3 <= read_vmem<uint64_t>(a1 + 112) >> 40)
{
a2 = 40i64;
result = 0i64;
LABEL_8:
while (1)
{
v5 = read_vmem<uint64_t>(a1 + 16) >> 40;
if (v3 <= v5)
break;
a1 += 24i64;
a2 -= 8i64;
result += 8i64;
if (a2 <= 7)
goto LABEL_13;
}
if (v3 == v5)
return (unsigned int)result | 7;
}
else
{
a1 += 120i64;
a2 -= 40i64;
result = 40i64;
if (a2 >= 8)
goto LABEL_8;
}
LABEL_13:
switch (a2)
{
case 0ui64:
return (unsigned int)~(_DWORD)result;
case 1ui64:
v6 = read_vmem<uint64_t>(a1);
goto LABEL_43;
case 2ui64:
v6 = read_vmem<uint64_t>(a1);
goto LABEL_38;
case 3ui64:
v7 = read_vmem<uint64_t>(a1 + 8);
goto LABEL_34;
case 4ui64:
v7 = read_vmem<uint64_t>(a1 + 8);
goto LABEL_30;
case 5ui64:
v7 = read_vmem<uint64_t>(a1 + 8);
goto LABEL_26;
case 6ui64:
v8 = read_vmem<uint64_t>(a1 + 16);
goto LABEL_22;
default:
v8 = read_vmem<uint64_t>(a1 + 16);
v9 = (read_vmem<uint64_t>(a1 + 16) >> 16) & 0xFFFFFFi64;
if (v3 > v9)
return (unsigned int)result ^ 0xFFFFFFF8;
if (v3 == v9)
return (unsigned int)result | 6;
LABEL_22:
v7 = read_vmem<uint64_t>(a1 + 8);
v10 = (read_vmem<uint64_t>(a1 + 8) >> 56) | ((unsigned __int64)(unsigned __int16)v8 << 8);
if (v3 > v10)
{
v11 = result | 5;
return (unsigned int)(-2 - v11);
}
if (v3 == v10)
return (unsigned int)result | 5;
LABEL_26:
v12 = HIDWORD(v7) & 0xFFFFFF;
if (v3 > v12)
return (unsigned int)result ^ 0xFFFFFFFA;
if (v3 == v12)
return (unsigned int)result | 4;
LABEL_30:
v13 = (unsigned int)v7 >> 8;
if (v3 > v13)
{
v11 = result | 3;
return (unsigned int)(-2 - v11);
}
if (v3 == v13)
return (unsigned int)result | 3;
LABEL_34:
v6 = read_vmem<uint64_t>(a1);
v14 = (read_vmem<uint64_t>(a1) >> 48) | ((unsigned __int64)(unsigned __int8)v7 << 16);
if (v3 > v14)
return (unsigned int)result ^ 0xFFFFFFFC;
if (v3 == v14)
return (unsigned int)result | 2;
LABEL_38:
v15 = (v6 >> 24) & 0xFFFFFF;
if (v3 > v15)
{
v11 = result | 1;
return (unsigned int)(-2 - v11);
}
if (v3 == v15)
return (unsigned int)result | 1;
LABEL_43:
v16 = v6 & 0xFFFFFF;
if (v3 > v16)
return (unsigned int)result ^ 0xFFFFFFFE;
if (v3 != v16)
return (unsigned int)~(_DWORD)result;
return result;
}
}
static __int64 __fastcall sub_17F7800(unsigned __int64 a1, unsigned __int64 a2, __int64 a3)
{
unsigned __int64 v3; // r8
__int64 result; // rax
unsigned __int64 v5; // r10
unsigned __int64 v6; // rcx
unsigned __int64 v7; // r11
__int64 v8; // r10
unsigned __int64 v9; // r11
unsigned __int64 v10; // rsi
unsigned __int64 v11; // rdx
int v12; // eax
unsigned __int64 v13; // rsi
unsigned __int64 v14; // rsi
unsigned __int64 v15; // rdx
unsigned __int64 v16; // rsi
unsigned __int64 v17; // rcx
v3 = a3 & 0xFFFFFFFFFFi64;
if (a2 < 0x19)
{
result = 0i64;
if (a2 >= 8)
goto LABEL_8;
}
else if (v3 <= read_vmem<uint64_t>(a1 + 112) >> 24)
{
a2 = 24i64;
result = 0i64;
LABEL_8:
while (1)
{
v5 = read_vmem<uint64_t>(a1 + 32) >> 24;
if (v3 <= v5)
break;
a1 += 40i64;
a2 -= 8i64;
result += 8i64;
if (a2 <= 7)
goto LABEL_13;
}
if (v3 == v5)
return (unsigned int)result | 7;
}
else
{
a1 += 120i64;
a2 -= 24i64;
result = 24i64;
if (a2 >= 8)
goto LABEL_8;
}
LABEL_13:
switch (a2)
{
case 0ui64:
return (unsigned int)~(_DWORD)result;
case 1ui64:
v6 = read_vmem<uint64_t>(a1);
goto LABEL_43;
case 2ui64:
v7 = read_vmem<uint64_t>(a1 + 8);
goto LABEL_38;
case 3ui64:
v7 = read_vmem<uint64_t>(a1 + 8);
goto LABEL_34;
case 4ui64:
v8 = read_vmem<uint64_t>(a1 + 16);
goto LABEL_30;
case 5ui64:
v9 = read_vmem<uint64_t>(a1 + 24);
goto LABEL_26;
case 6ui64:
v9 = read_vmem<uint64_t>(a1 + 24);
goto LABEL_22;
default:
v9 = read_vmem<uint64_t>(a1 + 24);
v10 = (read_vmem<uint64_t>(a1 + 24) >> 48) | (read_vmem<uint64_t>(a1 + 32) << 16) & 0xFFFFFF0000i64;
if (v3 > v10)
return (unsigned int)result ^ 0xFFFFFFF8;
if (v3 == v10)
return (unsigned int)result | 6;
LABEL_22:
v11 = (v9 >> 8) & 0xFFFFFFFFFFi64;
if (v3 > v11)
{
v12 = result | 5;
return (unsigned int)(-2 - v12);
}
if (v3 == v11)
return (unsigned int)result | 5;
LABEL_26:
v8 = read_vmem<uint64_t>(a1 + 16);
v13 = (read_vmem<uint64_t>(a1 + 16) >> 32) | ((unsigned __int64)(unsigned __int8)v9 << 32);
if (v3 > v13)
return (unsigned int)result ^ 0xFFFFFFFA;
if (v3 == v13)
return (unsigned int)result | 4;
LABEL_30:
v7 = read_vmem<uint64_t>(a1 + 8);
v14 = (read_vmem<uint64_t>(a1 + 8) >> 56) | (v8 << 8) & 0xFFFFFFFF00i64;
if (v3 > v14)
{
v12 = result | 3;
return (unsigned int)(-2 - v12);
}
if (v3 == v14)
return (unsigned int)result | 3;
LABEL_34:
v15 = (v7 >> 16) & 0xFFFFFFFFFFi64;
if (v3 > v15)
return (unsigned int)result ^ 0xFFFFFFFC;
if (v3 == v15)
return (unsigned int)result | 2;
LABEL_38:
v6 = read_vmem<uint64_t>(a1);
v16 = (v6 >> 40) | (v7 << 24) & 0xFFFF000000i64;
if (v3 > v16)
{
v12 = result | 1;
return (unsigned int)(-2 - v12);
}
if (v3 == v16)
return (unsigned int)result | 1;
LABEL_43:
v17 = v6 & 0xFFFFFFFFFFi64;
if (v3 > v17)
return (unsigned int)result ^ 0xFFFFFFFE;
if (v3 != v17)
return (unsigned int)~(_DWORD)result;
return result;
}
}
static __int64 __fastcall sub_17F7A00(unsigned __int64 a1, unsigned __int64 a2, __int64 a3)
{
unsigned __int64 v3; // r8
__int64 result; // rax
unsigned __int64 v5; // r10
unsigned __int64 v6; // rcx
__int64 v7; // rdi
unsigned __int64 v8; // rdx
unsigned __int64 v9; // rsi
unsigned __int64 v10; // rcx
v3 = a3 & 0xFFFFFFFFFFFFi64;
if (a2 < 0x15)
{
result = 0i64;
if (a2 >= 4)
goto LABEL_8;
}
else if (v3 <= read_vmem<uint64_t>(a1 + 112) >> 16)
{
a2 = 20i64;
result = 0i64;
LABEL_8:
while (1)
{
v5 = read_vmem<uint64_t>(a1 + 16) >> 16;
if (v3 <= v5)
break;
a1 += 24i64;
a2 -= 4i64;
result += 4i64;
if (a2 <= 3)
goto LABEL_13;
}
if (v3 == v5)
return (unsigned int)result | 3;
}
else
{
a1 += 120i64;
a2 -= 20i64;
result = 20i64;
if (a2 >= 4)
goto LABEL_8;
}
LABEL_13:
switch (a2)
{
case 0ui64:
return (unsigned int)~(_DWORD)result;
case 2ui64:
v7 = read_vmem<uint64_t>(a1 + 8);
break;
case 1ui64:
v6 = read_vmem<uint64_t>(a1);
goto LABEL_26;
default:
v7 = read_vmem<uint64_t>(a1 + 8);
v8 = (read_vmem<uint64_t>(a1 + 8) >> 32) | ((unsigned __int64)(unsigned __int16)read_vmem<uint64_t>(a1 + 16) << 32);
if (v3 > v8)
return (unsigned int)result ^ 0xFFFFFFFC;
if (v3 == v8)
return (unsigned int)result | 2;
break;
}
v6 = read_vmem<uint64_t>(a1);
v9 = (v6 >> 48) | (v7 << 16) & 0xFFFFFFFF0000i64;
if (v3 > v9)
return -2 - ((unsigned int)result | 1);
if (v3 == v9)
return (unsigned int)result | 1;
LABEL_26:
v10 = v6 & 0xFFFFFFFFFFFFi64;
if (v3 > v10)
return (unsigned int)result ^ 0xFFFFFFFE;
if (v3 != v10)
return (unsigned int)~(_DWORD)result;
return result;
}
static __int64 __fastcall sub_17F7B10(unsigned __int64 a1, unsigned __int64 a2, __int64 a3)
{
unsigned __int64 v3; // r8
__int64 result; // rax
unsigned __int64 v5; // r10
unsigned __int64 v6; // rcx
__int64 v7; // r10
__int64 v8; // r11
__int64 v9; // r10
__int64 v10; // r10
unsigned __int64 v11; // rdx
__int64 v12; // rdx
unsigned __int64 v13; // rsi
int v14; // eax
unsigned __int64 v15; // rdx
unsigned __int64 v16; // rsi
unsigned __int64 v17; // rsi
unsigned __int64 v18; // rsi
unsigned __int64 v19; // rcx
v3 = a3 & 0xFFFFFFFFFFFFFFi64;
if (a2 < 0x11)
{
result = 0i64;
if (a2 >= 8)
goto LABEL_8;
}
else if (v3 <= read_vmem<uint64_t>(a1 + 104) >> 8)
{
a2 = 16i64;
result = 0i64;
LABEL_8:
while (1)
{
v5 = read_vmem<uint64_t>(a1 + 48) >> 8;
if (v3 <= v5)
break;
a1 += 56i64;
a2 -= 8i64;
result += 8i64;
if (a2 <= 7)
goto LABEL_13;
}
if (v3 == v5)
return (unsigned int)result | 7;
}
else
{
a1 += 112i64;
a2 -= 16i64;
result = 16i64;
if (a2 >= 8)
goto LABEL_8;
}
LABEL_13:
switch (a2)
{
case 0ui64:
return (unsigned int)~(_DWORD)result;
case 1ui64:
v6 = read_vmem<uint64_t>(a1);
goto LABEL_43;
case 2ui64:
v7 = read_vmem<uint64_t>(a1 + 8);
goto LABEL_38;
case 3ui64:
v8 = read_vmem<uint64_t>(a1 + 16);
goto LABEL_34;
case 4ui64:
v9 = read_vmem<uint64_t>(a1 + 24);
goto LABEL_30;
case 5ui64:
v12 = read_vmem<uint64_t>(a1 + 32);
goto LABEL_26;
case 6ui64:
v10 = read_vmem<uint64_t>(a1 + 40);
goto LABEL_22;
default:
v10 = read_vmem<uint64_t>(a1 + 40);
v11 = (read_vmem<uint64_t>(a1 + 40) >> 16) | ((unsigned __int64)(unsigned __int8)read_vmem<uint64_t>(a1 + 48) << 48);
if (v3 > v11)
return (unsigned int)result ^ 0xFFFFFFF8;
if (v3 == v11)
return (unsigned int)result | 6;
LABEL_22:
v12 = read_vmem<uint64_t>(a1 + 32);
v13 = (read_vmem<uint64_t>(a1 + 32) >> 24) | ((unsigned __int64)(unsigned __int16)v10 << 40);
if (v3 > v13)
{
v14 = result | 5;
return (unsigned int)(-2 - v14);
}
if (v3 == v13)
return (unsigned int)result | 5;
LABEL_26:
v9 = read_vmem<uint64_t>(a1 + 24);
v15 = (read_vmem<uint64_t>(a1 + 24) >> 32) | ((unsigned __int64)(v12 & 0xFFFFFF) << 32);
if (v3 > v15)
return (unsigned int)result ^ 0xFFFFFFFA;
if (v3 == v15)
return (unsigned int)result | 4;
LABEL_30:
v8 = read_vmem<uint64_t>(a1 + 16);
v16 = (read_vmem<uint64_t>(a1 + 16) >> 40) | (v9 << 24) & 0xFFFFFFFF000000i64;
if (v3 > v16)
{
v14 = result | 3;
return (unsigned int)(-2 - v14);
}
if (v3 == v16)
return (unsigned int)result | 3;
LABEL_34:
v7 = read_vmem<uint64_t>(a1 + 8);
v17 = (read_vmem<uint64_t>(a1 + 8) >> 48) | (v8 << 16) & 0xFFFFFFFFFF0000i64;
if (v3 > v17)
return (unsigned int)result ^ 0xFFFFFFFC;
if (v3 == v17)
return (unsigned int)result | 2;
LABEL_38:
v6 = read_vmem<uint64_t>(a1);
v18 = (v6 >> 56) | (v7 << 8) & 0xFFFFFFFFFFFF00i64;
if (v3 > v18)
{
v14 = result | 1;
return (unsigned int)(-2 - v14);
}
if (v3 == v18)
return (unsigned int)result | 1;
LABEL_43:
v19 = v6 & 0xFFFFFFFFFFFFFFi64;
if (v3 > v19)
return (unsigned int)result ^ 0xFFFFFFFE;
if (v3 != v19)
return (unsigned int)~(_DWORD)result;
return result;
}
}
}
static uint8_t byte_array_0[] =
{
0, 2, 3, 4, 6, 6, 8, 8,
12, 12, 12, 12, 16, 16, 16, 16,
24, 24, 24, 24, 24, 24, 24, 24,
32, 32, 32, 32, 32, 32, 32, 32
};
static uint8_t byte_array_1[] =
{
0x00, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x02, 0x02, 0x02,
0x02, 0x02, 0x02, 0x02, 0x00, 0x00, 0x00, 0x00, 0x03, 0x03,
0x05, 0x05, 0x07, 0x0B, 0x0B, 0x0B, 0x0F, 0x0F, 0x0F, 0x0F,
0x17, 0x17, 0x17, 0x17, 0x17, 0x17, 0x20, 0x20, 0x20, 0x20,
0x20, 0x20, 0x20, 0x2F, 0x2F, 0x2F, 0x2F, 0x2F, 0x2F, 0x2F,
0x2F, 0x2F, 0x2F, 0x2F, 0x2F, 0x40, 0x40, 0x40, 0x40, 0x40,
0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00
};
static uint8_t byte_array_2[] =
{
0x00, 0x01, 0x01, 0x01, 0x01, 0x02, 0x03, 0x03, 0x03, 0x03,
0x03, 0x03, 0x03, 0x05, 0x05, 0x05, 0x05, 0x05, 0x05, 0x07,
0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x0A, 0x0A, 0x0A, 0x0A,
0x0A, 0x0A, 0x0A, 0x0A, 0x0A, 0x0A, 0x0A, 0x0A, 0x0D, 0x0D,
0x0D, 0x0D, 0x0D, 0x0D, 0x0D, 0x0D, 0x0D, 0x0D, 0x0D, 0x0D,
0x0D, 0x0D, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x03, 0x03, 0x05, 0x07, 0x07,
0x0B, 0x0B, 0x0B, 0x0F, 0x0F, 0x17, 0x17, 0x17, 0x17, 0x17,
0x17, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x2F, 0x2F,
0x2F, 0x2F, 0x2F, 0x2F, 0x2F, 0x2F, 0x2F, 0x2F, 0x2F, 0x40,
0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40,
0x40, 0x00
};
static uint8_t byte_array_3[] =
{
0x00, 0x01, 0x01, 0x02, 0x02, 0x02, 0x03, 0x03, 0x03, 0x04,
0x04, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0x09, 0x09, 0x09,
0x09, 0x09, 0x09, 0x09, 0x0D, 0x0D, 0x0D, 0x0D, 0x0D, 0x0D,
0x0D, 0x0D, 0x0D, 0x0D, 0x0D, 0x12, 0x12, 0x12, 0x12, 0x12,
0x12, 0x12, 0x12, 0x12, 0x12, 0x12, 0x12, 0x00, 0x00, 0x03,
0x03, 0x05, 0x07, 0x0B, 0x0B, 0x0B, 0x0F, 0x0F, 0x0F, 0x17,
0x17, 0x17, 0x17, 0x17, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
0x2F, 0x2F, 0x2F, 0x2F, 0x2F, 0x2F, 0x2F, 0x2F, 0x2F, 0x2F,
0x3F, 0x3F, 0x3F, 0x3F, 0x3F, 0x3F, 0x3F, 0x3F, 0x3F, 0x3F,
0x3F, 0x00, 0x00, 0x00, 0x00, 0x00
};
static uint8_t byte_array_4[] =
{
0x00, 0x01, 0x01, 0x02, 0x02, 0x04, 0x04, 0x04, 0x05, 0x05,
0x05, 0x08, 0x08, 0x08, 0x08, 0x08, 0x0B, 0x0B, 0x0B, 0x0B,
0x0B, 0x0B, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10,
0x10, 0x10, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15, 0x15,
0x15, 0x15, 0x15, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x03,
0x05, 0x05, 0x07, 0x0B, 0x0B, 0x0F, 0x0F, 0x0F, 0x17, 0x17,
0x17, 0x17, 0x17, 0x20, 0x20, 0x20, 0x20, 0x20, 0x2F, 0x2F,
0x2F, 0x2F, 0x2F, 0x2F, 0x2F, 0x2F, 0x2F, 0x40, 0x40, 0x40,
0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00
};
static uint8_t byte_array_5[] =
{
0x00, 0x01, 0x03, 0x03, 0x03, 0x05, 0x05, 0x06, 0x06, 0x0A,
0x0A, 0x0A, 0x0A, 0x0A, 0x0E, 0x0E, 0x0E, 0x0E, 0x0E, 0x14,
0x14, 0x14, 0x14, 0x14, 0x14, 0x14, 0x14, 0x1B, 0x1B, 0x1B,
0x1B, 0x1B, 0x1B, 0x1B, 0x1B, 0x1B, 0x1B, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x03,
0x05, 0x07, 0x0B, 0x0B, 0x0F, 0x0F, 0x0F, 0x17, 0x17, 0x17,
0x17, 0x20, 0x20, 0x20, 0x20, 0x20, 0x2F, 0x2F, 0x2F, 0x2F,
0x2F, 0x2F, 0x2F, 0x2F, 0x40, 0x40, 0x40, 0x40, 0x40, 0x40,
0x40, 0x40, 0x40, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00
};
static uint8_t byte_array_6[] =
{
0x00, 0x01, 0x03, 0x03, 0x05, 0x05, 0x07, 0x07, 0x07, 0x0B,
0x0B, 0x0B, 0x0B, 0x0F, 0x0F, 0x0F, 0x0F, 0x0F, 0x16, 0x16,
0x16, 0x16, 0x16, 0x16, 0x16, 0x16, 0x1E, 0x1E, 0x1E, 0x1E,
0x1E, 0x1E, 0x1E, 0x1E, 0x1E, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x03,
0x05, 0x07, 0x0B, 0x0B, 0x0F, 0x0F, 0x17, 0x17, 0x17, 0x17,
0x20, 0x20, 0x20, 0x20, 0x2F, 0x2F, 0x2F, 0x2F, 0x2F, 0x2F,
0x2F, 0x2F, 0x3F, 0x3F, 0x3F, 0x3F, 0x3F, 0x3F, 0x3F, 0x3F,
0x00, 0x02, 0x03, 0x04, 0x06, 0x06, 0x08, 0x08, 0x0C, 0x0C,
0x0C, 0x0C, 0x10, 0x10, 0x10, 0x10
};
static uint8_t byte_array_7[] =
{
0x00, 0x01, 0x03, 0x03, 0x05, 0x05, 0x07, 0x07, 0x07, 0x0B,
0x0B, 0x0B, 0x0B, 0x0F, 0x0F, 0x0F, 0x0F, 0x0F, 0x16, 0x16,
0x16, 0x16, 0x16, 0x16, 0x16, 0x16, 0x1E, 0x1E, 0x1E, 0x1E,
0x1E, 0x1E, 0x1E, 0x1E, 0x1E, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x03,
0x05, 0x07, 0x0B, 0x0B, 0x0F, 0x0F, 0x17, 0x17, 0x17, 0x17,
0x20, 0x20, 0x20, 0x20, 0x2F, 0x2F, 0x2F, 0x2F, 0x2F, 0x2F,
0x2F, 0x2F, 0x3F, 0x3F, 0x3F, 0x3F, 0x3F, 0x3F, 0x3F, 0x3F,
0x00, 0x02, 0x03, 0x04, 0x06, 0x06, 0x08, 0x08, 0x0C, 0x0C,
0x0C, 0x0C, 0x10, 0x10, 0x10, 0x10, 0x18, 0x18, 0x18, 0x18,
0x18, 0x18, 0x18, 0x18, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
0x20, 0x20
};
static __int64 __fastcall decode_pointer(__int64 a1, unsigned __int64 a2, __int64* a3)
{
unsigned __int64 v3; // rbx
int v4; // eax
unsigned __int64 v5; // rcx
__int64 result; // rax
unsigned __int64 v7; // rsi
char* v8; // rcx
__int64 v9; // rax
int v10; // ebp
char* v11; // rdx
bool v12; // cf
bool v13; // zf
__int64 v14; // rax
__int64 v15; // r9
__int64* v16; // r11
unsigned __int64 v17; // rdi
unsigned __int64 v18; // rcx
unsigned __int64 v19; // rcx
__int64 v20; // rdx
unsigned __int8* v21; // rax
__int64 v22; // rcx
unsigned __int64 v23; // rdx
__int64 v24; // rbp
unsigned __int64 v25; // rdi
__int64 v26; // rdx
unsigned int v27; // eax
unsigned __int64 v28; // rax
unsigned __int64 v29; // rax
unsigned __int64 v30; // rax
unsigned __int64 v31; // rax
__int64 v32; // rdx
unsigned int v33; // ebp
__int64 v34; // rdx
unsigned int v35; // ebp
__int64 v36; // rcx
unsigned __int64 v37; // rax
__int64 v38; // rdx
unsigned int v39; // edi
unsigned __int8* v40; // rdx
__int64 v41; // rdx
unsigned int v42; // edi
__int64 v43; // rsi
unsigned __int64 v44; // rdi
int v45; // eax
unsigned __int8* v46; // rcx
__int64 v47; // rdx
bool v48; // zf
unsigned __int64 v49; // rdx
__int64 v50; // rbp
unsigned __int64 v51; // rax
unsigned __int64 v52; // rax
unsigned __int64 v53; // rax
__int64 v54; // rsi
int v55; // eax
v3 = a2;
v4 = a1 & 7;
if (v4 == 1)
{
v8 = (char*)(a1 & 0xFFFFFFFFFFFFFFF8ui64);
v9 = read_vmem<uint64_t>((uint64_t)v8) + 1i64;
if (read_vmem((uint64_t)v8 + (8 * v9 + 7)) >= a2)
{
v11 = v8;
do
{
v12 = read_vmem((uint64_t)v11 + 8) < v3;
v13 = read_vmem((uint64_t)v11 + 8) == v3;
v11 += 8;
} while (v12);
v10 = ((unsigned __int64)(v11 - (v8 + 8)) >> 3) ^ -!v13;
if (v10 < 0)
return 0i64;
}
else
{
v10 = ~(_DWORD)v9;
if ((int)v9 >= 0)
return 0i64;
}
v14 = (__int64)read_vmem((uint64_t)v8 + (8 * byte_array_0[v9]));
LABEL_18:
result = v14 + 8i64 * v10;
}
else
{
if (v4 == 3)
{
v5 = a1 & 0xFFFFFFFFFFFFFFF8ui64;
result = v5 + 8;
if (read_vmem<uint8_t>(v5 + 23) != 35)
goto LABEL_19;
result = (read_vmem<uint64_t>(result) & 0xFFFFFFFFFFFFFFF8ui64) + ((a2 >> 52) & 0xFFFFFFF0);
if (read_vmem<uint8_t>(result + 15) != 34)
goto LABEL_19;
v7 = a2 >> 48;
LABEL_6:
result = (read_vmem<uint64_t>(result) & 0xFFFFFFFFFFFFFFF8ui64) + 16i64 * (unsigned __int8)v7;
if (read_vmem<uint8_t>(result + 15) != 33)
goto LABEL_19;
LABEL_42:
if (!((v3 ^ read_vmem<uint64_t>(result + 8)) & 0xFF000000000000i64))
{
result = (read_vmem<uint64_t>(result) & 0xFFFFFFFFFFFFFFF8ui64) + ((v3 >> 36) & 0xFF0);
if (read_vmem<uint8_t>(result + 15) != 32)
goto LABEL_19;
LABEL_44:
if (!((v3 ^ read_vmem<uint64_t>(result + 8)) & 0xFFFF0000000000i64))
{
result = (read_vmem<uint64_t>(result) & 0xFFFFFFFFFFFFFFF8ui64) + ((v3 >> 28) & 0xFF0);
if (read_vmem<uint8_t>(result + 15) != 31)
goto LABEL_19;
LABEL_46:
if (!((v3 ^ read_vmem<uint64_t>(result + 8)) & 0xFFFFFF00000000i64))
{
result = (read_vmem<uint64_t>(result) & 0xFFFFFFFFFFFFFFF8ui64) + ((v3 >> 20) & 0xFF0);
if (read_vmem<uint8_t>(result + 15) != 30)
goto LABEL_19;
LABEL_48:
if (!((v3 ^ read_vmem<uint64_t>(result + 8)) & 0xFFFFFFFF000000i64))
{
result = (read_vmem<uint64_t>(result) & 0xFFFFFFFFFFFFFFF8ui64) + ((v3 >> 12) & 0xFF0);
if (read_vmem<uint8_t>(result + 15) == 29)
{
LABEL_50:
if (!((v3 ^ read_vmem<uint64_t>(result + 8)) & 0xFFFFFFFFFF0000i64))
{
result = (read_vmem<uint64_t>(result) & 0xFFFFFFFFFFFFFFF8ui64) + ((v3 >> 4) & 0xFF0);
goto LABEL_19;
}
return 0i64;
}
LABEL_19:
v7 = v3 >> 48;
while (1)
{
v15 = read_vmem<uint8_t>(result + 15);
v16 = (__int64*)(result + 8);
LODWORD(v17) = BYTE6(v3);
v18 = BYTE6(v3);
switch ((_BYTE)v15)
{
case 8:
case 9:
case 0xA:
case 0xB:
case 0xC:
case 0xD:
case 0xE:
return 0i64;
case 0xF:
v19 = v3 ^ read_vmem((uint64_t)v16);
v20 = 0xFFFFFFFFFF0000i64;
LODWORD(v17) = BYTE1(v3);
goto LABEL_26;
case 0x10:
v19 = v3 ^ read_vmem((uint64_t)v16);
LODWORD(v17) = BYTE2(v3);
v20 = 0xFFFFFFFF000000i64;
goto LABEL_26;
case 0x11:
v19 = v3 ^ read_vmem((uint64_t)v16);
v20 = 0xFFFFFF00000000i64;
LODWORD(v17) = (unsigned int)v3 >> 24;
goto LABEL_26;
case 0x12:
v19 = v3 ^ read_vmem((uint64_t)v16);
v20 = 0xFFFF0000000000i64;
LODWORD(v17) = BYTE4(v3);
goto LABEL_26;
case 0x13:
v19 = v3 ^ read_vmem((uint64_t)v16);
v20 = 0xFF000000000000i64;
LODWORD(v17) = BYTE5(v3);
LABEL_26:
if (!(v20 & v19))
goto LABEL_27;
return 0i64;
case 0x14:
goto LABEL_27;
case 0x15:
v17 = v3 >> 56;
LABEL_27:
v21 = (unsigned __int8*)(read_vmem<uint64_t>(result) & 0xFFFFFFFFFFFFFFF8ui64);
v22 = 0i64;
break;
case 0x16:
v23 = v3 ^ read_vmem((uint64_t)v16);
v24 = 0xFFFFFFFFFF0000i64;
v18 = BYTE1(v3);
goto LABEL_38;
case 0x17:
v23 = v3 ^ read_vmem((uint64_t)v16);
v18 = BYTE2(v3);
v24 = 0xFFFFFFFF000000i64;
goto LABEL_38;
case 0x18:
v23 = v3 ^ read_vmem((uint64_t)v16);
v24 = 0xFFFFFF00000000i64;
v18 = (unsigned int)v3 >> 24;
goto LABEL_38;
case 0x19:
v23 = v3 ^ read_vmem((uint64_t)v16);
v24 = 0xFFFF0000000000i64;
v18 = BYTE4(v3);
goto LABEL_38;
case 0x1A:
v23 = v3 ^ read_vmem((uint64_t)v16);
v24 = 0xFF000000000000i64;
v18 = BYTE5(v3);
LABEL_38:
if (!(v24 & v23))
goto LABEL_39;
return 0i64;
case 0x1B:
goto LABEL_39;
case 0x1C:
v18 = v3 >> 56;
LABEL_39:
v25 = read_vmem<uint64_t>(result) & 0xFFFFFFFFFFFFFFF8ui64;
v26 = 16 * (v18 >> 5);
v27 = read_vmem<uint32_t>(v25 + v26);
if (!_bittest((const LONG*)&v27, v18))
return 0i64;
v28 = (((1 << v18) - 1) & v27 & 0x55555555)
+ (((unsigned __int64)(((1 << v18) - 1) & v27) >> 1) & 0x55555555);
v29 = (v28 & 0x33333333) + ((v28 >> 2) & 0x33333333);
v30 = (v29 & 0x7070707) + ((v29 >> 4) & 0x7070707);
v31 = (v30 & 0xF000F) + ((v30 >> 8) & 0xF000F);
result = (read_vmem<uint64_t>(v25 + v26 + 8) & 0xFFFFFFFFFFFFFFF8ui64)
+ 16 * ((unsigned __int16)v31 + (v31 >> 16));
continue;
case 0x1D:
goto LABEL_50;
case 0x1E:
goto LABEL_48;
case 0x1F:
goto LABEL_46;
case 0x20:
goto LABEL_44;
case 0x21:
goto LABEL_42;
case 0x22:
goto LABEL_6;
case 0x24:
v36 = read_vmem((uint64_t)v16);
if ((v3 ^ read_vmem((uint64_t)v16)) & 0xFFFFFFFFFFFF00i64)
return 0i64;
v36 = (unsigned __int8)v36;
v37 = read_vmem<uint64_t>(result) & 0xFFFFFFFFFFFFFFF8ui64;
if ((unsigned __int8)v3 > (unsigned int)read_vmem<uint8_t>(v37 + (unsigned __int8)v36))
return 0i64;
v38 = v37 - 1;
do
v39 = read_vmem<uint8_t>(++v38);
while ((unsigned __int8)v3 > v39);
v10 = (v38 - v37) ^ -((_BYTE)v39 != (unsigned __int8)v3);
if (v10 < 0)
return 0i64;
v40 = (unsigned __int8*)&byte_array_1; // size: 81
goto LABEL_87;
case 0x25:
v36 = read_vmem((uint64_t)v16);
if ((v3 ^ read_vmem((uint64_t)v16)) & 0xFFFFFFFFFF0000i64)
return 0i64;
v36 = (unsigned __int8)v36;
v37 = read_vmem<uint64_t>(result) & 0xFFFFFFFFFFFFFFF8ui64;
if ((unsigned __int16)v3 > (unsigned int)read_vmem<uint16_t>(v37 + 2i64 * (unsigned __int8)v36))
return 0i64;
v41 = v37 - 2;
do
{
v42 = read_vmem<uint16_t>(v41 + 2);
v41 += 2i64;
} while ((unsigned __int16)v3 > v42);
v10 = ((v41 - v37) >> 1) ^ -((_WORD)v42 != (unsigned __int16)v3);
if (v10 < 0)
return 0i64;
v40 = (unsigned __int8*)&byte_array_2; // size: 112
goto LABEL_87;
case 0x26:
if ((v3 ^ read_vmem((uint64_t)v16)) & 0xFFFFFFFF000000i64)
return 0i64;
v43 = (unsigned __int8)read_vmem((uint64_t)v16) + 1i64;
v44 = read_vmem<uint64_t>(result) & 0xFFFFFFFFFFFFFFF8ui64;
v45 = detail::sub_17F7660(
v44,
v43,
v3);
if (v45 < 0)
return 0i64;
v46 = (unsigned __int8*)&byte_array_3; // size: 96
return v44 + 8i64 * v46[v43] + 8i64 * v45;
case 0x27:
v36 = read_vmem((uint64_t)v16);
if ((v3 ^ read_vmem((uint64_t)v16)) & 0xFFFFFF00000000i64)
return 0i64;
v36 = (unsigned __int8)v36;
v37 = read_vmem<uint64_t>(result) & 0xFFFFFFFFFFFFFFF8ui64;
if (read_vmem<uint32_t>(v37 + 4i64 * (unsigned __int8)v36) < (unsigned int)v3)
return 0i64;
v47 = v37 - 4;
do
{
v12 = read_vmem<uint32_t>(v47 + 4) < (unsigned int)v3;
v48 = read_vmem<uint32_t>(v47 + 4) == (_DWORD)v3;
v47 += 4i64;
} while (v12);
v10 = ((v47 - v37) >> 2) ^ -!v48;
if (v10 < 0)
return 0i64;
v40 = (unsigned __int8*)&byte_array_4; // size: 96
LABEL_87:
v14 = v37 + 8i64 * v40[v36 + 1];
goto LABEL_18;
case 0x28:
if ((v3 ^ read_vmem((uint64_t)v16)) & 0xFFFF0000000000i64)
return 0i64;
v43 = (unsigned __int8)read_vmem((uint64_t)v16) + 1i64;
v44 = read_vmem<uint64_t>(result) & 0xFFFFFFFFFFFFFFF8ui64;
v45 = detail::sub_17F7800(v44, v43, v3);
if (v45 < 0)
return 0i64;
v46 = (unsigned __int8*)&byte_array_5; // size: 96
return v44 + 8i64 * v46[v43] + 8i64 * v45;
case 0x29:
if ((v3 ^ read_vmem((uint64_t)v16)) & 0xFF000000000000i64)
return 0i64;
v43 = (unsigned __int8)read_vmem((uint64_t)v16) + 1i64;
v44 = read_vmem<uint64_t>(result) & 0xFFFFFFFFFFFFFFF8ui64;
v45 = detail::sub_17F7A00(v44, v43, v3);
if (v45 < 0)
return 0i64;
v46 = (unsigned __int8*)&byte_array_6; // size: 96
return v44 + 8i64 * v46[v43] + 8i64 * v45;
case 0x2A:
v43 = read_vmem<uint8_t>(result + 8) + 1i64;
v44 = read_vmem<uint64_t>(result) & 0xFFFFFFFFFFFFFFF8ui64;
v45 = detail::sub_17F7B10(v44, v43, v3);
if (v45 < 0)
return 0i64;
v46 = (unsigned __int8*)&byte_array_7; // size: 112
return v44 + 8i64 * v46[v43] + 8i64 * v45;
case 0x2B:
if ((v3 ^ read_vmem((uint64_t)v16)) & 0xFFFFFFFFFFFF00i64)
return 0i64;
v49 = read_vmem<uint64_t>(result) & 0xFFFFFFFFFFFFFFF8ui64;
v50 = 16i64 * ((unsigned __int8)v3 >> 6);
v51 = read_vmem<uint64_t>(v49 + v50);
if (!_bittest64((const __int64*)&v51, v3))
return 0i64;
v52 = (((1i64 << v3) - 1) & v51 & 0x5555555555555555i64)
+ (((((1i64 << v3) - 1) & v51) >> 1) & 0x5555555555555555i64);
v53 = (((v52 & 0x3333333333333333i64) + ((v52 >> 2) & 0x3333333333333333i64)) & 0x707070707070707i64)
+ ((((v52 & 0x3333333333333333i64) + ((v52 >> 2) & 0x3333333333333333i64)) >> 4) & 0x707070707070707i64);
return (read_vmem<uint64_t>(v49 + v50 + 8) & 0xFFFFFFFFFFFFFFF8ui64)
+ (unsigned int)((0x100000001i64
* ((((v53 & 0xF000F000F000Fi64) + ((v53 >> 8) & 0xF000F000F000Fi64)) & 0x1F0000001Fi64)
+ ((((v53 & 0xF000F000F000Fi64) + ((v53 >> 8) & 0xF000F000F000Fi64)) >> 16) & 0x1F0000001Fi64))) >> 29);
case 0x2C:
case 0x2D:
case 0x2E:
case 0x2F:
case 0x30:
case 0x31:
case 0x32:
if ((read_vmem((uint64_t)v16) ^ v3) & 0xFFFFFFFFFFFFFFi64)
return 0i64;
return result;
case 0x33:
case 0x34:
case 0x35:
case 0x36:
case 0x37:
case 0x38:
if ((unsigned __int8)v3 > (unsigned int)read_vmem<uint8_t>((uint64_t)v16 + v15 - 50))
return 0i64;
v32 = result + 7;
do
v33 = read_vmem<uint8_t>(++v32);
while ((unsigned __int8)v3 > v33);
if ((_BYTE)v33 != (_BYTE)v3)
return 0i64;
return (read_vmem<uint64_t>(result) & 0xFFFFFFFFFFFFFFF8ui64) + 8 * (v32 - (_QWORD)v16);
case 0x39:
case 0x3A:
if ((unsigned __int16)v3 > (unsigned int)(read_vmem<uint16_t>((uint64_t)v16 + v15 - 112)))
return 0i64;
v34 = result + 6;
do
{
v35 = read_vmem<uint16_t>(v34 + 2);
v34 += 2i64;
} while ((unsigned __int16)v3 > v35);
if ((_WORD)v35 != (_WORD)v3)
return 0i64;
return (read_vmem<uint64_t>(result) & 0xFFFFFFFFFFFFFFF8ui64) + 4 * (v34 - (_QWORD)v16);
case 0x3B:
v54 = read_vmem<uint64_t>(result);
v55 = detail::sub_17F7660(
result + 8,
2i64,
v3);
if (v55 < 0)
return 0i64;
return (v54 & 0xFFFFFFFFFFFFFFF8ui64) + 8i64 * v55;
default:
result = -1i64;
if (a3)
*a3 = 0x30500000009i64;
return result;
}
while (read_vmem<uint8_t>((uint64_t)v21 +(v22 + 1)) != (_DWORD)v17)
{
if (++v22 == read_vmem<uint8_t>((uint64_t)v21))
return 0i64;
}
result = read_vmem((uint64_t)v21 + (16 * v22 + 8));
}
}
}
}
}
return 0i64;
}
if (!a1)
return 0i64;
result = -1i64;
if (a3)
*a3 = 0xA700000006i64;
}
return result;
}
}
Raw
unlock_all.cpp
// 48 83 EC 28 48 8B 35 ? ? ? ? 48 8B 4E
// for decryption routine just place read bp and trace
const auto main_build_0 = read_vmem(std::rotl((read_vmem(profile_mgr::m_instance + 0x30) + 0xD536CF32999CF0E0) ^ 0xD7F3CA1161C2BFFF, 0x13));
// 4C 8B 38 48 85 F6 74 67
const auto encoded_array = read_vmem(main_build_0 + 0x980);
// 48 03 ? 08 C6
const auto content_manager = read_vmem(base_address() + 0x7706F48);
const auto operator_list_ptr = read_vmem(((read_vmem(content_manager + 0x48) - 0x7F) ^ 0x2EE7DE880FAB62E3) + 0xD79AF88EFEB74CA1);
const auto operator_list = read_vmem(operator_list_ptr + 0x18);
const auto operator_list_sz = read_vmem(operator_list_ptr + 0x20) & 0x3fffffff;
for (size_t i = 0; i < operator_list_sz; i++)
{
const auto operator_entry = read_vmem(operator_list + (i * 8));
if (!operator_entry)
continue;
const auto unlockable_entry_ptr = sdk::decode_pointer(encoded_array, operator_entry, nullptr);
if (!unlockable_entry_ptr)
continue;
const auto unlockable_entry = read_vmem(unlockable_entry_ptr);
if (!unlockable_entry)
continue;
write_vmem<uint32_t>(unlockable_entry + 0xC, 1);
}
@M3Talic
Copy link

M3Talic commented Dec 30, 2020

very nice mr.yousif

@Chrissucks
Copy link

powerful exploit made by yousifs ( top tier coper )

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment