commit fe8c405b945ff7dac65fb81454281ffa57a07521 Author: goduser Date: Thu Oct 23 09:15:12 2025 +0800 Upload Project diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 0000000..1ff0c42 --- /dev/null +++ b/.gitattributes @@ -0,0 +1,63 @@ +############################################################################### +# Set default behavior to automatically normalize line endings. +############################################################################### +* text=auto + +############################################################################### +# Set default behavior for command prompt diff. +# +# This is need for earlier builds of msysgit that does not have it on by +# default for csharp files. +# Note: This is only used by command line +############################################################################### +#*.cs diff=csharp + +############################################################################### +# Set the merge driver for project and solution files +# +# Merging from the command prompt will add diff markers to the files if there +# are conflicts (Merging from VS is not affected by the settings below, in VS +# the diff markers are never inserted). Diff markers may cause the following +# file extensions to fail to load in VS. An alternative would be to treat +# these files as binary and thus will always conflict and require user +# intervention with every merge. To do so, just uncomment the entries below +############################################################################### +#*.sln merge=binary +#*.csproj merge=binary +#*.vbproj merge=binary +#*.vcxproj merge=binary +#*.vcproj merge=binary +#*.dbproj merge=binary +#*.fsproj merge=binary +#*.lsproj merge=binary +#*.wixproj merge=binary +#*.modelproj merge=binary +#*.sqlproj merge=binary +#*.wwaproj merge=binary + +############################################################################### +# behavior for image files +# +# image files are treated as binary by default. +############################################################################### +#*.jpg binary +#*.png binary +#*.gif binary + +############################################################################### +# diff behavior for common document formats +# +# Convert binary document formats to text before diffing them. This feature +# is only available from the command line. Turn it on by uncommenting the +# entries below. +############################################################################### +#*.doc diff=astextplain +#*.DOC diff=astextplain +#*.docx diff=astextplain +#*.DOCX diff=astextplain +#*.dot diff=astextplain +#*.DOT diff=astextplain +#*.pdf diff=astextplain +#*.PDF diff=astextplain +#*.rtf diff=astextplain +#*.RTF diff=astextplain diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..9491a2f --- /dev/null +++ b/.gitignore @@ -0,0 +1,363 @@ +## Ignore Visual Studio temporary files, build results, and +## files generated by popular Visual Studio add-ons. +## +## Get latest from https://github.com/github/gitignore/blob/master/VisualStudio.gitignore + +# User-specific files +*.rsuser +*.suo +*.user +*.userosscache +*.sln.docstates + +# User-specific files (MonoDevelop/Xamarin Studio) +*.userprefs + +# Mono auto generated files +mono_crash.* + +# Build results +[Dd]ebug/ +[Dd]ebugPublic/ +[Rr]elease/ +[Rr]eleases/ +x64/ +x86/ +[Ww][Ii][Nn]32/ +[Aa][Rr][Mm]/ +[Aa][Rr][Mm]64/ +bld/ +[Bb]in/ +[Oo]bj/ +[Oo]ut/ +[Ll]og/ +[Ll]ogs/ + +# Visual Studio 2015/2017 cache/options directory +.vs/ +# Uncomment if you have tasks that create the project's static files in wwwroot +#wwwroot/ + +# Visual Studio 2017 auto generated files +Generated\ Files/ + +# MSTest test Results +[Tt]est[Rr]esult*/ +[Bb]uild[Ll]og.* + +# NUnit +*.VisualState.xml +TestResult.xml +nunit-*.xml + +# Build Results of an ATL Project +[Dd]ebugPS/ +[Rr]eleasePS/ +dlldata.c + +# Benchmark Results +BenchmarkDotNet.Artifacts/ + +# .NET Core +project.lock.json +project.fragment.lock.json +artifacts/ + +# ASP.NET Scaffolding +ScaffoldingReadMe.txt + +# StyleCop +StyleCopReport.xml + +# Files built by Visual Studio +*_i.c +*_p.c +*_h.h +*.ilk +*.meta +*.obj +*.iobj +*.pch +*.pdb +*.ipdb +*.pgc +*.pgd +*.rsp +*.sbr +*.tlb +*.tli +*.tlh +*.tmp +*.tmp_proj +*_wpftmp.csproj +*.log +*.vspscc +*.vssscc +.builds +*.pidb +*.svclog +*.scc + +# Chutzpah Test files +_Chutzpah* + +# Visual C++ cache files +ipch/ +*.aps +*.ncb +*.opendb +*.opensdf +*.sdf +*.cachefile +*.VC.db +*.VC.VC.opendb + +# Visual Studio profiler +*.psess +*.vsp +*.vspx +*.sap + +# Visual Studio Trace Files +*.e2e + +# TFS 2012 Local Workspace +$tf/ + +# Guidance Automation Toolkit +*.gpState + +# ReSharper is a .NET coding add-in +_ReSharper*/ +*.[Rr]e[Ss]harper +*.DotSettings.user + +# TeamCity is a build add-in +_TeamCity* + +# DotCover is a Code Coverage Tool +*.dotCover + +# AxoCover is a Code Coverage Tool +.axoCover/* +!.axoCover/settings.json + +# Coverlet is a free, cross platform Code Coverage Tool +coverage*.json +coverage*.xml +coverage*.info + +# Visual Studio code coverage results +*.coverage +*.coveragexml + +# NCrunch +_NCrunch_* +.*crunch*.local.xml +nCrunchTemp_* + +# MightyMoose +*.mm.* +AutoTest.Net/ + +# Web workbench (sass) +.sass-cache/ + +# Installshield output folder +[Ee]xpress/ + +# DocProject is a documentation generator add-in +DocProject/buildhelp/ +DocProject/Help/*.HxT +DocProject/Help/*.HxC +DocProject/Help/*.hhc +DocProject/Help/*.hhk +DocProject/Help/*.hhp +DocProject/Help/Html2 +DocProject/Help/html + +# Click-Once directory +publish/ + +# Publish Web Output +*.[Pp]ublish.xml +*.azurePubxml +# Note: Comment the next line if you want to checkin your web deploy settings, +# but database connection strings (with potential passwords) will be unencrypted +*.pubxml +*.publishproj + +# Microsoft Azure Web App publish settings. Comment the next line if you want to +# checkin your Azure Web App publish settings, but sensitive information contained +# in these scripts will be unencrypted +PublishScripts/ + +# NuGet Packages +*.nupkg +# NuGet Symbol Packages +*.snupkg +# The packages folder can be ignored because of Package Restore +**/[Pp]ackages/* +# except build/, which is used as an MSBuild target. +!**/[Pp]ackages/build/ +# Uncomment if necessary however generally it will be regenerated when needed +#!**/[Pp]ackages/repositories.config +# NuGet v3's project.json files produces more ignorable files +*.nuget.props +*.nuget.targets + +# Microsoft Azure Build Output +csx/ +*.build.csdef + +# Microsoft Azure Emulator +ecf/ +rcf/ + +# Windows Store app package directories and files +AppPackages/ +BundleArtifacts/ +Package.StoreAssociation.xml +_pkginfo.txt +*.appx +*.appxbundle +*.appxupload + +# Visual Studio cache files +# files ending in .cache can be ignored +*.[Cc]ache +# but keep track of directories ending in .cache +!?*.[Cc]ache/ + +# Others +ClientBin/ +~$* +*~ +*.dbmdl +*.dbproj.schemaview +*.jfm +*.pfx +*.publishsettings +orleans.codegen.cs + +# Including strong name files can present a security risk +# (https://github.com/github/gitignore/pull/2483#issue-259490424) +#*.snk + +# Since there are multiple workflows, uncomment next line to ignore bower_components +# (https://github.com/github/gitignore/pull/1529#issuecomment-104372622) +#bower_components/ + +# RIA/Silverlight projects +Generated_Code/ + +# Backup & report files from converting an old project file +# to a newer Visual Studio version. Backup files are not needed, +# because we have git ;-) +_UpgradeReport_Files/ +Backup*/ +UpgradeLog*.XML +UpgradeLog*.htm +ServiceFabricBackup/ +*.rptproj.bak + +# SQL Server files +*.mdf +*.ldf +*.ndf + +# Business Intelligence projects +*.rdl.data +*.bim.layout +*.bim_*.settings +*.rptproj.rsuser +*- [Bb]ackup.rdl +*- [Bb]ackup ([0-9]).rdl +*- [Bb]ackup ([0-9][0-9]).rdl + +# Microsoft Fakes +FakesAssemblies/ + +# GhostDoc plugin setting file +*.GhostDoc.xml + +# Node.js Tools for Visual Studio +.ntvs_analysis.dat +node_modules/ + +# Visual Studio 6 build log +*.plg + +# Visual Studio 6 workspace options file +*.opt + +# Visual Studio 6 auto-generated workspace file (contains which files were open etc.) +*.vbw + +# Visual Studio LightSwitch build output +**/*.HTMLClient/GeneratedArtifacts +**/*.DesktopClient/GeneratedArtifacts +**/*.DesktopClient/ModelManifest.xml +**/*.Server/GeneratedArtifacts +**/*.Server/ModelManifest.xml +_Pvt_Extensions + +# Paket dependency manager +.paket/paket.exe +paket-files/ + +# FAKE - F# Make +.fake/ + +# CodeRush personal settings +.cr/personal + +# Python Tools for Visual Studio (PTVS) +__pycache__/ +*.pyc + +# Cake - Uncomment if you are using it +# tools/** +# !tools/packages.config + +# Tabs Studio +*.tss + +# Telerik's JustMock configuration file +*.jmconfig + +# BizTalk build output +*.btp.cs +*.btm.cs +*.odx.cs +*.xsd.cs + +# OpenCover UI analysis results +OpenCover/ + +# Azure Stream Analytics local run output +ASALocalRun/ + +# MSBuild Binary and Structured Log +*.binlog + +# NVidia Nsight GPU debugger configuration file +*.nvuser + +# MFractors (Xamarin productivity tool) working folder +.mfractor/ + +# Local History for Visual Studio +.localhistory/ + +# BeatPulse healthcheck temp database +healthchecksdb + +# Backup folder for Package Reference Convert tool in Visual Studio 2017 +MigrationBackup/ + +# Ionide (cross platform F# VS Code tools) working folder +.ionide/ + +# Fody - auto-generated XML schema +FodyWeavers.xsd \ No newline at end of file diff --git a/InstantReplayUnlock.sln b/InstantReplayUnlock.sln new file mode 100644 index 0000000..8525254 --- /dev/null +++ b/InstantReplayUnlock.sln @@ -0,0 +1,31 @@ + +Microsoft Visual Studio Solution File, Format Version 12.00 +# Visual Studio Version 16 +VisualStudioVersion = 16.0.33328.57 +MinimumVisualStudioVersion = 10.0.40219.1 +Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "NvFBC Hijack", "InstantReplayUnlock\InstantReplayUnlock.vcxproj", "{70C1ED05-5693-4EB4-A491-2C2C12CF0007}" +EndProject +Global + GlobalSection(SolutionConfigurationPlatforms) = preSolution + Debug|x64 = Debug|x64 + Debug|x86 = Debug|x86 + Release|x64 = Release|x64 + Release|x86 = Release|x86 + EndGlobalSection + GlobalSection(ProjectConfigurationPlatforms) = postSolution + {70C1ED05-5693-4EB4-A491-2C2C12CF0007}.Debug|x64.ActiveCfg = Debug|x64 + {70C1ED05-5693-4EB4-A491-2C2C12CF0007}.Debug|x64.Build.0 = Debug|x64 + {70C1ED05-5693-4EB4-A491-2C2C12CF0007}.Debug|x86.ActiveCfg = Debug|Win32 + {70C1ED05-5693-4EB4-A491-2C2C12CF0007}.Debug|x86.Build.0 = Debug|Win32 + {70C1ED05-5693-4EB4-A491-2C2C12CF0007}.Release|x64.ActiveCfg = Release|x64 + {70C1ED05-5693-4EB4-A491-2C2C12CF0007}.Release|x64.Build.0 = Release|x64 + {70C1ED05-5693-4EB4-A491-2C2C12CF0007}.Release|x86.ActiveCfg = Release|Win32 + {70C1ED05-5693-4EB4-A491-2C2C12CF0007}.Release|x86.Build.0 = Release|Win32 + EndGlobalSection + GlobalSection(SolutionProperties) = preSolution + HideSolutionNode = FALSE + EndGlobalSection + GlobalSection(ExtensibilityGlobals) = postSolution + SolutionGuid = {A58963CB-7D4D-49C8-A27D-3664A53FDE0F} + EndGlobalSection +EndGlobal diff --git a/InstantReplayUnlock/InstantReplayUnlock.vcxproj b/InstantReplayUnlock/InstantReplayUnlock.vcxproj new file mode 100644 index 0000000..77f8021 --- /dev/null +++ b/InstantReplayUnlock/InstantReplayUnlock.vcxproj @@ -0,0 +1,176 @@ + + + + + Debug + Win32 + + + Release + Win32 + + + Debug + x64 + + + Release + x64 + + + + 16.0 + Win32Proj + {70c1ed05-5693-4eb4-a491-2c2c12cf0007} + InstantReplayUnlock + 10.0 + NvFBC Hijack + + + + Application + true + v142 + Unicode + + + Application + false + v142 + true + Unicode + + + Application + true + v142 + Unicode + + + DynamicLibrary + false + v142 + true + Unicode + + + + + + + + + + + + + + + + + + + + + + true + + + false + + + true + + + false + ..\deps\MinHook\include\;$(IncludePath) + ..\deps\MinHook\lib;$(LibraryPath) + NvFBC64 + + + + Level3 + true + WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) + true + + + Console + true + nvfbc.def + + + + + Level3 + true + true + true + WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) + true + + + Console + true + true + true + nvfbc.def + + + + + Level3 + true + _DEBUG;_CONSOLE;%(PreprocessorDefinitions) + true + + + Console + true + nvfbc.def + + + + + Level3 + true + true + true + NDEBUG;_CONSOLE;%(PreprocessorDefinitions) + true + MultiThreaded + false + stdcpp17 + + + Console + true + true + false + + + libMinHook.x64.lib;%(AdditionalDependencies) + + + + + + + + + Document + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/InstantReplayUnlock/InstantReplayUnlock.vcxproj.filters b/InstantReplayUnlock/InstantReplayUnlock.vcxproj.filters new file mode 100644 index 0000000..c10decd --- /dev/null +++ b/InstantReplayUnlock/InstantReplayUnlock.vcxproj.filters @@ -0,0 +1,46 @@ + + + + + {4FC737F1-C7A5-4376-A066-2A32D752A2FF} + cpp;c;cc;cxx;c++;cppm;ixx;def;odl;idl;hpj;bat;asm;asmx + + + {93995380-89BD-4b04-88EB-625FBE52EBFB} + h;hh;hpp;hxx;h++;hm;inl;inc;ipp;xsd + + + {67DA6AB6-F800-4c08-8B7A-83BB121AAD01} + rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms + + + + + 源文件 + + + 源文件 + + + + + 源文件 + + + + + 头文件 + + + 头文件 + + + 头文件 + + + + + 资源文件 + + + \ No newline at end of file diff --git a/InstantReplayUnlock/Version.rc b/InstantReplayUnlock/Version.rc new file mode 100644 index 0000000..58ed31e --- /dev/null +++ b/InstantReplayUnlock/Version.rc @@ -0,0 +1,98 @@ +// Microsoft Visual C++ ɵԴű +// +#include "resource.h" + +#define APSTUDIO_READONLY_SYMBOLS +///////////////////////////////////////////////////////////////////////////// +// +// TEXTINCLUDE 2 Դɡ +// +#include "winres.h" + +///////////////////////////////////////////////////////////////////////////// +#undef APSTUDIO_READONLY_SYMBOLS + +///////////////////////////////////////////////////////////////////////////// +// Chinese (Simplified, China) Դ + +#if !defined(AFX_RESOURCE_DLL) || defined(AFX_TARG_CHS) +LANGUAGE 4, 2 + +#ifdef APSTUDIO_INVOKED +///////////////////////////////////////////////////////////////////////////// +// +// TEXTINCLUDE +// + +1 TEXTINCLUDE +BEGIN + "resource.h\0" +END + +2 TEXTINCLUDE +BEGIN + "#include ""winres.h""\r\n" + "\0" +END + +3 TEXTINCLUDE +BEGIN + "\r\n" + "\0" +END + +#endif // APSTUDIO_INVOKED + +#endif // Chinese (Simplified, China) Դ +///////////////////////////////////////////////////////////////////////////// + + + +#ifndef APSTUDIO_INVOKED +///////////////////////////////////////////////////////////////////////////// +// +// TEXTINCLUDE 3 Դɡ +// + + +///////////////////////////////////////////////////////////////////////////// +#endif // APSTUDIO_INVOKED + +///////////////////////////////////////////////////////////////////////////// +// +// Version +// + +VS_VERSION_INFO VERSIONINFO +FILEVERSION 6, 14, 15, 7688 +PRODUCTVERSION 6, 14, 15, 7688 +FILEFLAGSMASK 0x3fL +#ifdef _DEBUG +FILEFLAGS 0x1L +#else +FILEFLAGS 0x0L +#endif +FILEOS 0x40004L // VOS__WINDOWS32 +FILETYPE 0x2L // VFT_DLL +FILESUBTYPE 0x0L +BEGIN +BLOCK "StringFileInfo" +BEGIN +BLOCK "040904b0" // LANG_ENGLISH + SUBLANG_ENGLISH_US, Unicode codepage +BEGIN +VALUE "CompanyName", "NVIDIA Corporation\0" +VALUE "FileDescription", "NVIDIA Frame Buffer Capture Library, Version\0" +VALUE "FileVersion", "6.14.15.7688\0" +VALUE "InternalName", "NVFBC\0" +VALUE "OriginalFilename", "NVFBC.dll\0" +VALUE "ProductName", "NVIDIA Frame Buffer Capture Library\0" +VALUE "ProductVersion", "6.14.15.7688\0" +VALUE "LegalCopyright", "(C) 2025 NVIDIA Corporation. All rights reserved.\0" +END +END +BLOCK "VarFileInfo" +BEGIN +VALUE "Translation", 0x0409, 1200 +END +END + diff --git a/InstantReplayUnlock/main.cpp b/InstantReplayUnlock/main.cpp new file mode 100644 index 0000000..077577a --- /dev/null +++ b/InstantReplayUnlock/main.cpp @@ -0,0 +1,240 @@ +#include +#include +#include +#include "MinHook.h" +#include "scanner.h" +#include "nt.h" + +#define FUNCTION_SIG "48 8b 91 ? ? ? ? 48 85 d2 74 ? 48 8b 51" + +#define FUNCTION_COUNT 9 + +def_LdrRegisterDllNotification Org_LdrRegisterDllNotification = NULL; +def_LdrUnregisterDllNotification Org_LdrUnregisterDllNotification = NULL; +def_FreeLibrary Org_FreeLibrary = NULL; +inline PVOID Cookie = NULL; +inline void* sigpointer = nullptr; +extern "C" uintptr_t functions[FUNCTION_COUNT] = { 0 }; +std::string functionNames[] = +{ + "NvFBC_Create", + "NvFBC_CreateEx", + "NvFBC_Enable", + "NvFBC_GetSDKVersion", + "NvFBC_GetStatus", + "NvFBC_GetStatusEx", + "NvFBC_SetGlobalFlags", + "NvFBC_UnloadNvAPI", + "NvOptimusEnablement" +}; + + +typedef enum _NVFBCRESULT +{ + NVFBC_SUCCESS = 0, + NVFBC_ERROR_GENERIC = -1, /**< Unexpected failure in NVFBC. */ + NVFBC_ERROR_INVALID_PARAM = -2, /**< One or more of the paramteres passed to NvFBC are invalid [This include NULL pointers]. */ + NVFBC_ERROR_INVALIDATED_SESSION = -3, /**< NvFBC session is invalid. Client needs to recreate session. */ + NVFBC_ERROR_PROTECTED_CONTENT = -4, /**< Protected content detected. Capture failed. */ + NVFBC_ERROR_DRIVER_FAILURE = -5, /**< GPU driver returned failure to process NvFBC command. */ + NVFBC_ERROR_CUDA_FAILURE = -6, /**< CUDA driver returned failure to process NvFBC command. */ + NVFBC_ERROR_UNSUPPORTED = -7, /**< API Unsupported on this version of NvFBC. */ + NVFBC_ERROR_HW_ENC_FAILURE = -8, /**< HW Encoder returned failure to process NVFBC command. */ + NVFBC_ERROR_INCOMPATIBLE_DRIVER = -9, /**< NVFBC is not compatible with this version of the GPU driver. */ + NVFBC_ERROR_UNSUPPORTED_PLATFORM = -10, /**< NVFBC is not supported on this platform. */ + NVFBC_ERROR_OUT_OF_MEMORY = -11, /**< Failed to allocate memory. */ + NVFBC_ERROR_INVALID_PTR = -12, /**< A NULL pointer was passed. */ + NVFBC_ERROR_INCOMPATIBLE_VERSION = -13, /**< An API was called with a parameter struct that has an incompatible version. Check dwVersion field of paramter struct. */ + NVFBC_ERROR_OPT_CAPTURE_FAILURE = -14, /**< Desktop Capture failed. */ + NVFBC_ERROR_INSUFFICIENT_PRIVILEGES = -15, /**< User doesn't have appropriate previlages. */ + NVFBC_ERROR_INVALID_CALL = -16, /**< NVFBC APIs called in wrong sequence. */ + NVFBC_ERROR_SYSTEM_ERROR = -17, /**< Win32 error. */ + NVFBC_ERROR_INVALID_TARGET = -18, /**< The target adapter idx can not be used for NVFBC capture. It may not correspond to an NVIDIA GPU, or may not be attached to desktop. */ + NVFBC_ERROR_DYNAMIC_DISABLE = -20, /**< NvFBC is dynamically disabled. Cannot continue to capture */ +} NVFBCRESULT; + +// [index: 000] [ordinal: 001] NvFBC_Create +#pragma comment(linker, "/EXPORT:NvFBC_Create=func_9be0fbdc869f417b9f29c27e9d9c0cfd,@1") +extern "C" void func_9be0fbdc869f417b9f29c27e9d9c0cfd(); + +// [index: 001] [ordinal: 002] NvFBC_CreateEx +#pragma comment(linker, "/EXPORT:NvFBC_CreateEx=func_92a7155ee30d412ea0e85c05d5ef3cd8,@2") +extern "C" void func_92a7155ee30d412ea0e85c05d5ef3cd8(); + +// [index: 002] [ordinal: 003] NvFBC_Enable +#pragma comment(linker, "/EXPORT:NvFBC_Enable=func_358080a229af49bb96c3968f7c8d7444,@3") +extern "C" void func_358080a229af49bb96c3968f7c8d7444(); + +// [index: 003] [ordinal: 004] NvFBC_GetSDKVersion +#pragma comment(linker, "/EXPORT:NvFBC_GetSDKVersion=func_a3384a768753452cbccab384f5f330c1,@4") +extern "C" void func_a3384a768753452cbccab384f5f330c1(); + +// [index: 004] [ordinal: 005] NvFBC_GetStatus +#pragma comment(linker, "/EXPORT:NvFBC_GetStatus=func_c5a74b9ae49d4851930995268cee4e2f,@5") +extern "C" void func_c5a74b9ae49d4851930995268cee4e2f(); + +// [index: 005] [ordinal: 006] NvFBC_GetStatusEx +#pragma comment(linker, "/EXPORT:NvFBC_GetStatusEx=func_7a0e96ba3cf34b0e9815e3a16dc3d347,@6") +extern "C" void func_7a0e96ba3cf34b0e9815e3a16dc3d347(); + +// [index: 006] [ordinal: 007] NvFBC_SetGlobalFlags +#pragma comment(linker, "/EXPORT:NvFBC_SetGlobalFlags=func_2fd4dec9416b42de88a5afbe23ed4a8d,@7") +extern "C" void func_2fd4dec9416b42de88a5afbe23ed4a8d(); + +// [index: 007] [ordinal: 008] NvFBC_UnloadNvAPI +#pragma comment(linker, "/EXPORT:NvFBC_UnloadNvAPI=func_e8c80ebd98bb45e0b591f52e5fbfa998,@8") +extern "C" NVFBCRESULT func_e8c80ebd98bb45e0b591f52e5fbfa998() { + return NVFBC_ERROR_GENERIC; //malware reject +}; + +// [index: 008] [ordinal: 009] NvOptimusEnablement +#pragma comment(linker, "/EXPORT:NvOptimusEnablement=func_5e40589f71e44de1827491903b6e99af,@9") +extern "C" void func_5e40589f71e44de1827491903b6e99af(); + + +void* Org_GetWindowDisplayAffinity = nullptr; +BOOL WINAPI Hook_GetWindowDisplayAffinity(IN HWND hWnd, OUT DWORD* pwdAffinity) { + *pwdAffinity = WDA_NONE; + return TRUE; +} + +void* Org_Module32FirstW = nullptr; +BOOL WINAPI Hook_Module32FirstW(IN HANDLE hSnapshot, IN OUT LPMODULEENTRY32W lpme) { + return FALSE; +} + +BOOL Hook_FreeLibrary(IN HMODULE hLibModule) { + + if (hLibModule == GetModuleHandleA("NvFBC64.dll")) + { + //MessageBoxA(nullptr,"SELF FREELIBRARY","WARN",MB_OK); + //Org_LdrUnregisterDllNotification(Cookie); + //MH_DisableHook(MH_ALL_HOOKS); + //MH_Uninitialize(); + return false; //reject // iam malware + //Sleep(1000); + } + return Org_FreeLibrary(hLibModule); +} + +void* Org_sub_7FFE7411BB10 = nullptr; +__int64 __fastcall Hook_sub_7FFE7411BB10(__int64 a1) +{ + /* + return *(unsigned __int64*)(a1 + 10896) + && + (*(unsigned int*)(*(unsigned __int64*)(a1 + 24) + 368LL) || *(unsigned int*)(*(unsigned __int64*)(a1 + 24) + 640LL));*/ + *(unsigned int*)(*(unsigned __int64*)(a1 + 24) + 368LL) = 0; + *(unsigned int*)(*(unsigned __int64*)(a1 + 24) + 640LL) = 0; + return 0; +} + +void CALLBACK DLLNotification(ULONG Reason, PLDR_DLL_NOTIFICATION_DATA NotificationData, PVOID Context) { + switch (Reason) + { + case LDR_DLL_NOTIFICATION_REASON_LOADED: + { + if (wcsstr(NotificationData->Loaded.FullDllName->Buffer, L"nvd3dumx.dll") != NULL) { + sigpointer = sig(GetModuleHandleA("nvd3dumx.dll"), FUNCTION_SIG); + if (sigpointer == nullptr) + { + MessageBoxA(nullptr, "nvd3dumx sig not found!", "ERROR", MB_ICONERROR | MB_OK); + } + else + { + MH_CreateHook(sigpointer, &Hook_sub_7FFE7411BB10, &Org_sub_7FFE7411BB10); + } + MH_EnableHook(sigpointer); + } + break; + } + case LDR_DLL_NOTIFICATION_REASON_UNLOADED: + { + + if (wcsstr(NotificationData->Unloaded.FullDllName->Buffer, L"nvd3dumx.dll") != NULL) + { + /* + Org_LdrUnregisterDllNotification(Cookie); + MH_DisableHook(MH_ALL_HOOKS); + MH_Uninitialize(); + */ + if (sigpointer!=nullptr) + { + MH_DisableHook(sigpointer); + } + } + + break; + } + } + /* + if (Reason == LDR_DLL_NOTIFICATION_REASON_LOADED) { + //wprintf(L"[LdrDllNotification] %s\n", NotificationData->Loaded.FullDllName->Buffer); + + } + //return; + */ +} + +BOOL WINAPI DllMain(HINSTANCE hinstModule, DWORD dwReason, LPVOID lpvReserved) +{ + if (dwReason == DLL_PROCESS_ATTACH) + { + DisableThreadLibraryCalls(hinstModule); + auto moduleHandle = LoadLibraryA("NvFBC64_original.dll"); + if (moduleHandle != nullptr) + { + for (auto i = 0; i < FUNCTION_COUNT; i++) + { + auto address = GetProcAddress(moduleHandle, functionNames[i].c_str()); + functions[i] = reinterpret_cast(address); + } + } + + if (MH_Initialize() != MH_OK) { + MessageBoxA(nullptr, "MH Init Error!", "ERROR", MB_ICONERROR | MB_OK); + exit(1); + } + + + MH_CreateHookApi(L"user32.dll","GetWindowDisplayAffinity",&Hook_GetWindowDisplayAffinity,&Org_GetWindowDisplayAffinity); + MH_CreateHookApi(L"kernel32.dll", "Module32FirstW", &Hook_Module32FirstW, &Org_Module32FirstW); + MH_CreateHookApi(L"kernel32.dll", "FreeLibrary", &Hook_FreeLibrary, reinterpret_cast(&Org_FreeLibrary)); + MH_EnableHook(MH_ALL_HOOKS); + + //MessageBoxA(nullptr, "DEBUG", "HOOK RD", MB_OK); + + Org_LdrRegisterDllNotification = (def_LdrRegisterDllNotification)GetProcAddress(GetModuleHandleA("ntdll.dll"), "LdrRegisterDllNotification"); + Org_LdrUnregisterDllNotification = (def_LdrUnregisterDllNotification)GetProcAddress(GetModuleHandleA("ntdll.dll"), "LdrUnregisterDllNotification"); + Org_LdrRegisterDllNotification(0, DLLNotification, NULL, &Cookie); + //LoadLibraryA("nvd3dumx.dll"); + /* + void* SigPointer = sig(GetModuleHandleA("nvd3dumx.dll"),FUNCTION_SIG); + if (SigPointer == nullptr) + { + MessageBoxA(nullptr, "nvd3dumx sig not found!", "ERROR",MB_ICONERROR|MB_OK); + } + else + { + MH_CreateHook(SigPointer,&Hook_sub_7FFE7411BB10,&Org_sub_7FFE7411BB10); + } + */ + + + /* + HANDLE NvModule = GetModuleHandleA("nvd3dumx.dll"); + if (NvModule == INVALID_HANDLE_VALUE) + { + MessageBoxA(nullptr, "NOMODULE","NOMODULE",MB_OK); + } + */ + } + else if (dwReason == DLL_PROCESS_DETACH) + { + Org_LdrUnregisterDllNotification(&Cookie); + MH_DisableHook(MH_ALL_HOOKS); + MH_Uninitialize(); + } + + return TRUE; +} diff --git a/InstantReplayUnlock/nt.h b/InstantReplayUnlock/nt.h new file mode 100644 index 0000000..98f8c77 --- /dev/null +++ b/InstantReplayUnlock/nt.h @@ -0,0 +1,52 @@ +#pragma once +enum LDR_DLL_NOTIFICATION_REASON +{ + LDR_DLL_NOTIFICATION_REASON_LOADED = 1, + LDR_DLL_NOTIFICATION_REASON_UNLOADED = 2, +}; + +typedef struct tag_UNICODE_STRING { + USHORT Length; + USHORT MaximumLength; + PWSTR Buffer; +} __UNICODE_STRING, * PUNICODE_STRING, * PCUNICODE_STRING; + +typedef struct _LDR_DLL_LOADED_NOTIFICATION_DATA { + ULONG Flags; //Reserved. + PCUNICODE_STRING FullDllName; //The full path name of the DLL module. + PCUNICODE_STRING BaseDllName; //The base file name of the DLL module. + PVOID DllBase; //A pointer to the base address for the DLL in memory. + ULONG SizeOfImage; //The size of the DLL image, in bytes. +} LDR_DLL_LOADED_NOTIFICATION_DATA, * PLDR_DLL_LOADED_NOTIFICATION_DATA; + +typedef struct _LDR_DLL_UNLOADED_NOTIFICATION_DATA { + ULONG Flags; //Reserved. + PCUNICODE_STRING FullDllName; //The full path name of the DLL module. + PCUNICODE_STRING BaseDllName; //The base file name of the DLL module. + PVOID DllBase; //A pointer to the base address for the DLL in memory. + ULONG SizeOfImage; //The size of the DLL image, in bytes. +} LDR_DLL_UNLOADED_NOTIFICATION_DATA, * PLDR_DLL_UNLOADED_NOTIFICATION_DATA; + +typedef union _LDR_DLL_NOTIFICATION_DATA { + LDR_DLL_LOADED_NOTIFICATION_DATA Loaded; + LDR_DLL_UNLOADED_NOTIFICATION_DATA Unloaded; +} LDR_DLL_NOTIFICATION_DATA, * PLDR_DLL_NOTIFICATION_DATA; + +typedef VOID(CALLBACK* PLDR_DLL_NOTIFICATION_FUNCTION)( + _In_ ULONG NotificationReason, + _In_ PLDR_DLL_NOTIFICATION_DATA NotificationData, + _In_opt_ PVOID Context + ); + +typedef NTSTATUS(NTAPI* def_LdrRegisterDllNotification)( + _In_ ULONG Flags, + _In_ PLDR_DLL_NOTIFICATION_FUNCTION NotificationFunction, + _In_opt_ PVOID Context, + _Out_ PVOID* Cookie + ); + +typedef NTSTATUS(NTAPI* def_LdrUnregisterDllNotification)( + _In_ PVOID Cookie + ); + +typedef BOOL(WINAPI* def_FreeLibrary)(HMODULE hLibModule); \ No newline at end of file diff --git a/InstantReplayUnlock/nvfbc.asm b/InstantReplayUnlock/nvfbc.asm new file mode 100644 index 0000000..4d22a5f --- /dev/null +++ b/InstantReplayUnlock/nvfbc.asm @@ -0,0 +1,51 @@ +.code + +extern functions:qword + +; NvFBC_Create +func_9be0fbdc869f417b9f29c27e9d9c0cfd proc + jmp functions[8 * 0] +func_9be0fbdc869f417b9f29c27e9d9c0cfd endp + +; NvFBC_CreateEx +func_92a7155ee30d412ea0e85c05d5ef3cd8 proc + jmp functions[8 * 1] +func_92a7155ee30d412ea0e85c05d5ef3cd8 endp + +; NvFBC_Enable +func_358080a229af49bb96c3968f7c8d7444 proc + jmp functions[8 * 2] +func_358080a229af49bb96c3968f7c8d7444 endp + +; NvFBC_GetSDKVersion +func_a3384a768753452cbccab384f5f330c1 proc + jmp functions[8 * 3] +func_a3384a768753452cbccab384f5f330c1 endp + +; NvFBC_GetStatus +func_c5a74b9ae49d4851930995268cee4e2f proc + jmp functions[8 * 4] +func_c5a74b9ae49d4851930995268cee4e2f endp + +; NvFBC_GetStatusEx +func_7a0e96ba3cf34b0e9815e3a16dc3d347 proc + jmp functions[8 * 5] +func_7a0e96ba3cf34b0e9815e3a16dc3d347 endp + +; NvFBC_SetGlobalFlags +func_2fd4dec9416b42de88a5afbe23ed4a8d proc + jmp functions[8 * 6] +func_2fd4dec9416b42de88a5afbe23ed4a8d endp + +; NvFBC_UnloadNvAPI +;func_e8c80ebd98bb45e0b591f52e5fbfa998 proc +; jmp functions[8 * 7] +;func_e8c80ebd98bb45e0b591f52e5fbfa998 endp + +; NvOptimusEnablement +func_5e40589f71e44de1827491903b6e99af proc + jmp functions[8 * 8] +func_5e40589f71e44de1827491903b6e99af endp + + +end diff --git a/InstantReplayUnlock/resource.h b/InstantReplayUnlock/resource.h new file mode 100644 index 0000000..9d57d84 --- /dev/null +++ b/InstantReplayUnlock/resource.h @@ -0,0 +1,14 @@ +//{{NO_DEPENDENCIES}} +// Microsoft Visual C++ generated include file. +// Used by Version.rc + +// ¶һĬֵ +// +#ifdef APSTUDIO_INVOKED +#ifndef APSTUDIO_READONLY_SYMBOLS +#define _APS_NEXT_RESOURCE_VALUE 101 +#define _APS_NEXT_COMMAND_VALUE 40001 +#define _APS_NEXT_CONTROL_VALUE 1001 +#define _APS_NEXT_SYMED_VALUE 101 +#endif +#endif diff --git a/InstantReplayUnlock/scanner.cpp b/InstantReplayUnlock/scanner.cpp new file mode 100644 index 0000000..d9f28c0 --- /dev/null +++ b/InstantReplayUnlock/scanner.cpp @@ -0,0 +1,53 @@ +#include "scanner.h" + +std::uint8_t* sig(const HMODULE module, const std::string& byte_array) { + if (!module) + return nullptr; + + static const auto pattern_to_byte = [&](std::string pattern) { + std::vector bytes{}; + const auto start = const_cast(pattern.c_str()); + const auto end = const_cast(pattern.c_str()) + pattern.length(); + + for (auto current = start; current < end; ++current) { + if (*current == '?') { + ++current; + + if (*current == '?') + ++current; + + bytes.push_back(-1); + } + else { + bytes.push_back(std::strtoul(current, ¤t, 16)); + } + } + return bytes; + }; + + const auto dos_header = reinterpret_cast(module); + const auto nt_headers = + reinterpret_cast(reinterpret_cast(module) + dos_header->e_lfanew); + + const auto size_of_image = nt_headers->OptionalHeader.SizeOfImage; + const auto pattern_bytes = pattern_to_byte(byte_array); + const auto scan_bytes = reinterpret_cast(module); + + const auto pattern_size = pattern_bytes.size(); + const auto pattern_data = pattern_bytes.data(); + + for (auto i = 0ul; i < size_of_image - pattern_size; ++i) { + bool found = true; + + for (auto j = 0ul; j < pattern_size; ++j) { + if (scan_bytes[i + j] != pattern_data[j] && pattern_data[j] != -1) { + found = false; + break; + } + } + if (found) + return &scan_bytes[i]; + } + + return nullptr; +} \ No newline at end of file diff --git a/InstantReplayUnlock/scanner.h b/InstantReplayUnlock/scanner.h new file mode 100644 index 0000000..eb6df01 --- /dev/null +++ b/InstantReplayUnlock/scanner.h @@ -0,0 +1,7 @@ +#pragma once +#include +#include +#include +#include + +std::uint8_t* sig(const HMODULE module, const std::string& byte_array); \ No newline at end of file diff --git a/README.MD b/README.MD new file mode 100644 index 0000000..ed30b1b --- /dev/null +++ b/README.MD @@ -0,0 +1,2 @@ +## NVShadowPlayUnlock +Compilation Mode: Release X64 \ No newline at end of file diff --git a/deps/MinHook/include/MinHook.h b/deps/MinHook/include/MinHook.h new file mode 100644 index 0000000..492d83f --- /dev/null +++ b/deps/MinHook/include/MinHook.h @@ -0,0 +1,185 @@ +/* + * MinHook - The Minimalistic API Hooking Library for x64/x86 + * Copyright (C) 2009-2017 Tsuda Kageyu. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED + * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A + * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER + * OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, + * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, + * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR + * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF + * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING + * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +#pragma once + +#if !(defined _M_IX86) && !(defined _M_X64) && !(defined __i386__) && !(defined __x86_64__) + #error MinHook supports only x86 and x64 systems. +#endif + +#include + +// MinHook Error Codes. +typedef enum MH_STATUS +{ + // Unknown error. Should not be returned. + MH_UNKNOWN = -1, + + // Successful. + MH_OK = 0, + + // MinHook is already initialized. + MH_ERROR_ALREADY_INITIALIZED, + + // MinHook is not initialized yet, or already uninitialized. + MH_ERROR_NOT_INITIALIZED, + + // The hook for the specified target function is already created. + MH_ERROR_ALREADY_CREATED, + + // The hook for the specified target function is not created yet. + MH_ERROR_NOT_CREATED, + + // The hook for the specified target function is already enabled. + MH_ERROR_ENABLED, + + // The hook for the specified target function is not enabled yet, or already + // disabled. + MH_ERROR_DISABLED, + + // The specified pointer is invalid. It points the address of non-allocated + // and/or non-executable region. + MH_ERROR_NOT_EXECUTABLE, + + // The specified target function cannot be hooked. + MH_ERROR_UNSUPPORTED_FUNCTION, + + // Failed to allocate memory. + MH_ERROR_MEMORY_ALLOC, + + // Failed to change the memory protection. + MH_ERROR_MEMORY_PROTECT, + + // The specified module is not loaded. + MH_ERROR_MODULE_NOT_FOUND, + + // The specified function is not found. + MH_ERROR_FUNCTION_NOT_FOUND +} +MH_STATUS; + +// Can be passed as a parameter to MH_EnableHook, MH_DisableHook, +// MH_QueueEnableHook or MH_QueueDisableHook. +#define MH_ALL_HOOKS NULL + +#ifdef __cplusplus +extern "C" { +#endif + + // Initialize the MinHook library. You must call this function EXACTLY ONCE + // at the beginning of your program. + MH_STATUS WINAPI MH_Initialize(VOID); + + // Uninitialize the MinHook library. You must call this function EXACTLY + // ONCE at the end of your program. + MH_STATUS WINAPI MH_Uninitialize(VOID); + + // Creates a hook for the specified target function, in disabled state. + // Parameters: + // pTarget [in] A pointer to the target function, which will be + // overridden by the detour function. + // pDetour [in] A pointer to the detour function, which will override + // the target function. + // ppOriginal [out] A pointer to the trampoline function, which will be + // used to call the original target function. + // This parameter can be NULL. + MH_STATUS WINAPI MH_CreateHook(LPVOID pTarget, LPVOID pDetour, LPVOID *ppOriginal); + + // Creates a hook for the specified API function, in disabled state. + // Parameters: + // pszModule [in] A pointer to the loaded module name which contains the + // target function. + // pszProcName [in] A pointer to the target function name, which will be + // overridden by the detour function. + // pDetour [in] A pointer to the detour function, which will override + // the target function. + // ppOriginal [out] A pointer to the trampoline function, which will be + // used to call the original target function. + // This parameter can be NULL. + MH_STATUS WINAPI MH_CreateHookApi( + LPCWSTR pszModule, LPCSTR pszProcName, LPVOID pDetour, LPVOID *ppOriginal); + + // Creates a hook for the specified API function, in disabled state. + // Parameters: + // pszModule [in] A pointer to the loaded module name which contains the + // target function. + // pszProcName [in] A pointer to the target function name, which will be + // overridden by the detour function. + // pDetour [in] A pointer to the detour function, which will override + // the target function. + // ppOriginal [out] A pointer to the trampoline function, which will be + // used to call the original target function. + // This parameter can be NULL. + // ppTarget [out] A pointer to the target function, which will be used + // with other functions. + // This parameter can be NULL. + MH_STATUS WINAPI MH_CreateHookApiEx( + LPCWSTR pszModule, LPCSTR pszProcName, LPVOID pDetour, LPVOID *ppOriginal, LPVOID *ppTarget); + + // Removes an already created hook. + // Parameters: + // pTarget [in] A pointer to the target function. + MH_STATUS WINAPI MH_RemoveHook(LPVOID pTarget); + + // Enables an already created hook. + // Parameters: + // pTarget [in] A pointer to the target function. + // If this parameter is MH_ALL_HOOKS, all created hooks are + // enabled in one go. + MH_STATUS WINAPI MH_EnableHook(LPVOID pTarget); + + // Disables an already created hook. + // Parameters: + // pTarget [in] A pointer to the target function. + // If this parameter is MH_ALL_HOOKS, all created hooks are + // disabled in one go. + MH_STATUS WINAPI MH_DisableHook(LPVOID pTarget); + + // Queues to enable an already created hook. + // Parameters: + // pTarget [in] A pointer to the target function. + // If this parameter is MH_ALL_HOOKS, all created hooks are + // queued to be enabled. + MH_STATUS WINAPI MH_QueueEnableHook(LPVOID pTarget); + + // Queues to disable an already created hook. + // Parameters: + // pTarget [in] A pointer to the target function. + // If this parameter is MH_ALL_HOOKS, all created hooks are + // queued to be disabled. + MH_STATUS WINAPI MH_QueueDisableHook(LPVOID pTarget); + + // Applies all queued changes in one go. + MH_STATUS WINAPI MH_ApplyQueued(VOID); + + // Translates the MH_STATUS to its name as a string. + const char * WINAPI MH_StatusToString(MH_STATUS status); + +#ifdef __cplusplus +} +#endif diff --git a/deps/MinHook/lib/libMinHook.x64.lib b/deps/MinHook/lib/libMinHook.x64.lib new file mode 100644 index 0000000..1dd2d0c Binary files /dev/null and b/deps/MinHook/lib/libMinHook.x64.lib differ diff --git a/deps/MinHook/lib/libMinHook.x86.lib b/deps/MinHook/lib/libMinHook.x86.lib new file mode 100644 index 0000000..7aebabb Binary files /dev/null and b/deps/MinHook/lib/libMinHook.x86.lib differ