2023-06-05 21:23:08 +00:00
|
|
|
BITS 64
|
|
|
|
|
|
|
|
main: ; Replacement entry point
|
|
|
|
push rbp
|
|
|
|
mov rbp, rsp
|
|
|
|
sub rsp, 30h + 90h
|
|
|
|
|
|
|
|
|
|
|
|
call GetKernel32ModuleHandle
|
|
|
|
mov [rbp - 8h], rax ; kernel32.dll
|
|
|
|
|
|
|
|
mov rcx, rax
|
|
|
|
call GetAddressOf_GetProcAddress
|
|
|
|
mov [rbp - 10h], rax ; *GetProcAddress
|
|
|
|
|
|
|
|
|
|
|
|
mov rcx, [rbp - 8h] ; kernel32.dll
|
|
|
|
lea rdx, [rel s_LoadLibraryA]
|
|
|
|
mov rax, [rbp - 10h] ; *GetProcAddress
|
|
|
|
call rax ; rax = *LoadLibraryA
|
|
|
|
|
|
|
|
lea rcx, [rel dllPath]
|
|
|
|
call rax ; LoadLibraryA(dllPath)
|
|
|
|
|
|
|
|
|
|
|
|
mov rcx, [rbp - 8h] ; kernel32.dll
|
|
|
|
lea rdx, [rel s_GetModuleHandleA]
|
|
|
|
mov rax, [rbp - 10h] ; *GetProcAddress
|
|
|
|
call rax ; rax = *GetModuleHandle
|
2023-06-08 12:27:51 +00:00
|
|
|
mov [rbp - 18h], rax
|
2023-06-05 21:23:08 +00:00
|
|
|
|
|
|
|
mov rcx, 0
|
|
|
|
call rax ; rax = .exe base address
|
|
|
|
mov [rbp - 20h], rax
|
|
|
|
|
|
|
|
mov rcx, [rbp - 8h] ; kernel32.dll
|
|
|
|
lea rdx, [rel s_GetCommandLineW]
|
|
|
|
mov rax, [rbp - 10h] ; *GetProcAddress
|
|
|
|
call rax ; rax = *GetCommandLineW
|
|
|
|
|
|
|
|
call rax ; rax = command line
|
|
|
|
mov [rbp - 28h], rax
|
|
|
|
|
|
|
|
|
|
|
|
lea rcx, [rel s_UnityPlayer.dll]
|
2023-06-08 12:27:51 +00:00
|
|
|
mov rax, [rbp - 18h] ; *GetModuleHandleA
|
2023-06-05 21:23:08 +00:00
|
|
|
call rax ; rax = UnityPlayer.dll
|
|
|
|
|
|
|
|
mov rcx, rax
|
|
|
|
lea rdx, [rel s_UnityMain]
|
|
|
|
mov rax, [rbp - 10h] ; *GetProcAddress
|
|
|
|
call rax ; rax = *UnityMain
|
|
|
|
|
|
|
|
mov rcx, [rbp - 20h] ; .exe base address
|
|
|
|
mov rdx, 0 ; hPrevInstance - 0
|
|
|
|
mov r8, [rbp - 28h] ; command line
|
|
|
|
mov r9, 1 ; SW_NORMAL
|
|
|
|
call rax ; UnityMain(...)
|
|
|
|
|
|
|
|
|
|
|
|
add rsp, 30h + 90h
|
|
|
|
pop rbp
|
|
|
|
ret
|
|
|
|
|
|
|
|
|
2023-06-24 23:19:24 +00:00
|
|
|
%include "gpa.inc"
|
2023-06-05 21:23:08 +00:00
|
|
|
|
|
|
|
|
|
|
|
; Strings
|
|
|
|
s_LoadLibraryA: db "LoadLibraryA", 0
|
|
|
|
s_GetModuleHandleA: db "GetModuleHandleA", 0
|
|
|
|
s_GetCommandLineW: db "GetCommandLineW", 0
|
|
|
|
s_UnityPlayer.dll: db "UnityPlayer.dll", 0
|
|
|
|
s_UnityMain: db "UnityMain", 0
|
|
|
|
|
|
|
|
dllPath:
|
|
|
|
; This will be filled out by the launcher payload dll
|
|
|
|
; Path to the dll to inject into the game
|