Upload Project

InstantReplayUnlock/InstantReplayUnlock.vcxproj

@@ -0,0 +1,176 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup Label="ProjectConfigurations">
+    <ProjectConfiguration Include="Debug|Win32">
+      <Configuration>Debug</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|Win32">
+      <Configuration>Release</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Debug|x64">
+      <Configuration>Debug</Configuration>
+      <Platform>x64</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|x64">
+      <Configuration>Release</Configuration>
+      <Platform>x64</Platform>
+    </ProjectConfiguration>
+  </ItemGroup>
+  <PropertyGroup Label="Globals">
+    <VCProjectVersion>16.0</VCProjectVersion>
+    <Keyword>Win32Proj</Keyword>
+    <ProjectGuid>{70c1ed05-5693-4eb4-a491-2c2c12cf0007}</ProjectGuid>
+    <RootNamespace>InstantReplayUnlock</RootNamespace>
+    <WindowsTargetPlatformVersion>10.0</WindowsTargetPlatformVersion>
+    <ProjectName>NvFBC Hijack</ProjectName>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>true</UseDebugLibraries>
+    <PlatformToolset>v142</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>false</UseDebugLibraries>
+    <PlatformToolset>v142</PlatformToolset>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>true</UseDebugLibraries>
+    <PlatformToolset>v142</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="Configuration">
+    <ConfigurationType>DynamicLibrary</ConfigurationType>
+    <UseDebugLibraries>false</UseDebugLibraries>
+    <PlatformToolset>v142</PlatformToolset>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
+  <ImportGroup Label="ExtensionSettings">
+    <Import Project="$(VCTargetsPath)\BuildCustomizations\masm.props" />
+  </ImportGroup>
+  <ImportGroup Label="Shared">
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <PropertyGroup Label="UserMacros" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <LinkIncremental>true</LinkIncremental>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <LinkIncremental>false</LinkIncremental>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
+    <LinkIncremental>true</LinkIncremental>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
+    <LinkIncremental>false</LinkIncremental>
+    <IncludePath>..\deps\MinHook\include\;$(IncludePath)</IncludePath>
+    <LibraryPath>..\deps\MinHook\lib;$(LibraryPath)</LibraryPath>
+    <TargetName>NvFBC64</TargetName>
+  </PropertyGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <ClCompile>
+      <WarningLevel>Level3</WarningLevel>
+      <SDLCheck>true</SDLCheck>
+      <PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <ConformanceMode>true</ConformanceMode>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <ModuleDefinitionFile>nvfbc.def</ModuleDefinitionFile>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <ClCompile>
+      <WarningLevel>Level3</WarningLevel>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <IntrinsicFunctions>true</IntrinsicFunctions>
+      <SDLCheck>true</SDLCheck>
+      <PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <ConformanceMode>true</ConformanceMode>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+      <OptimizeReferences>true</OptimizeReferences>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <ModuleDefinitionFile>nvfbc.def</ModuleDefinitionFile>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
+    <ClCompile>
+      <WarningLevel>Level3</WarningLevel>
+      <SDLCheck>true</SDLCheck>
+      <PreprocessorDefinitions>_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <ConformanceMode>true</ConformanceMode>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <ModuleDefinitionFile>nvfbc.def</ModuleDefinitionFile>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
+    <ClCompile>
+      <WarningLevel>Level3</WarningLevel>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <IntrinsicFunctions>true</IntrinsicFunctions>
+      <SDLCheck>true</SDLCheck>
+      <PreprocessorDefinitions>NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <ConformanceMode>true</ConformanceMode>
+      <RuntimeLibrary>MultiThreaded</RuntimeLibrary>
+      <BufferSecurityCheck>false</BufferSecurityCheck>
+      <LanguageStandard>stdcpp17</LanguageStandard>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+      <OptimizeReferences>true</OptimizeReferences>
+      <GenerateDebugInformation>false</GenerateDebugInformation>
+      <ModuleDefinitionFile>
+      </ModuleDefinitionFile>
+      <AdditionalDependencies>libMinHook.x64.lib;%(AdditionalDependencies)</AdditionalDependencies>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemGroup>
+    <ClCompile Include="main.cpp" />
+    <ClCompile Include="scanner.cpp" />
+  </ItemGroup>
+  <ItemGroup>
+    <MASM Include="nvfbc.asm">
+      <FileType>Document</FileType>
+    </MASM>
+  </ItemGroup>
+  <ItemGroup>
+    <ClInclude Include="nt.h" />
+    <ClInclude Include="resource.h" />
+    <ClInclude Include="scanner.h" />
+  </ItemGroup>
+  <ItemGroup>
+    <ResourceCompile Include="Version.rc" />
+  </ItemGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
+  <ImportGroup Label="ExtensionTargets">
+    <Import Project="$(VCTargetsPath)\BuildCustomizations\masm.targets" />
+  </ImportGroup>
+</Project>

InstantReplayUnlock/InstantReplayUnlock.vcxproj.filters

@@ -0,0 +1,46 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup>
+    <Filter Include="源文件">
+      <UniqueIdentifier>{4FC737F1-C7A5-4376-A066-2A32D752A2FF}</UniqueIdentifier>
+      <Extensions>cpp;c;cc;cxx;c++;cppm;ixx;def;odl;idl;hpj;bat;asm;asmx</Extensions>
+    </Filter>
+    <Filter Include="头文件">
+      <UniqueIdentifier>{93995380-89BD-4b04-88EB-625FBE52EBFB}</UniqueIdentifier>
+      <Extensions>h;hh;hpp;hxx;h++;hm;inl;inc;ipp;xsd</Extensions>
+    </Filter>
+    <Filter Include="资源文件">
+      <UniqueIdentifier>{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}</UniqueIdentifier>
+      <Extensions>rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms</Extensions>
+    </Filter>
+  </ItemGroup>
+  <ItemGroup>
+    <ClCompile Include="main.cpp">
+      <Filter>源文件</Filter>
+    </ClCompile>
+    <ClCompile Include="scanner.cpp">
+      <Filter>源文件</Filter>
+    </ClCompile>
+  </ItemGroup>
+  <ItemGroup>
+    <MASM Include="nvfbc.asm">
+      <Filter>源文件</Filter>
+    </MASM>
+  </ItemGroup>
+  <ItemGroup>
+    <ClInclude Include="scanner.h">
+      <Filter>头文件</Filter>
+    </ClInclude>
+    <ClInclude Include="nt.h">
+      <Filter>头文件</Filter>
+    </ClInclude>
+    <ClInclude Include="resource.h">
+      <Filter>头文件</Filter>
+    </ClInclude>
+  </ItemGroup>
+  <ItemGroup>
+    <ResourceCompile Include="Version.rc">
+      <Filter>资源文件</Filter>
+    </ResourceCompile>
+  </ItemGroup>
+</Project>

InstantReplayUnlock/Version.rc

@@ -0,0 +1,98 @@
+// Microsoft Visual C++ 生成的资源脚本。
+//
+#include "resource.h"
+
+#define APSTUDIO_READONLY_SYMBOLS
+/////////////////////////////////////////////////////////////////////////////
+//
+// 从 TEXTINCLUDE 2 资源生成。
+//
+#include "winres.h"
+
+/////////////////////////////////////////////////////////////////////////////
+#undef APSTUDIO_READONLY_SYMBOLS
+
+/////////////////////////////////////////////////////////////////////////////
+// Chinese (Simplified, China) 资源
+
+#if !defined(AFX_RESOURCE_DLL) || defined(AFX_TARG_CHS)
+LANGUAGE 4, 2
+
+#ifdef APSTUDIO_INVOKED
+/////////////////////////////////////////////////////////////////////////////
+//
+// TEXTINCLUDE
+//
+
+1 TEXTINCLUDE  
+BEGIN
+    "resource.h\0"
+END
+
+2 TEXTINCLUDE  
+BEGIN
+    "#include ""winres.h""\r\n"
+    "\0"
+END
+
+3 TEXTINCLUDE  
+BEGIN
+    "\r\n"
+    "\0"
+END
+
+#endif    // APSTUDIO_INVOKED
+
+#endif    // Chinese (Simplified, China) 资源
+/////////////////////////////////////////////////////////////////////////////
+
+
+
+#ifndef APSTUDIO_INVOKED
+/////////////////////////////////////////////////////////////////////////////
+//
+// 从 TEXTINCLUDE 3 资源生成。
+//
+
+
+/////////////////////////////////////////////////////////////////////////////
+#endif    // 不是 APSTUDIO_INVOKED
+
+/////////////////////////////////////////////////////////////////////////////
+//
+// Version
+//
+
+VS_VERSION_INFO VERSIONINFO
+FILEVERSION 6, 14, 15, 7688
+PRODUCTVERSION 6, 14, 15, 7688
+FILEFLAGSMASK 0x3fL
+#ifdef _DEBUG
+FILEFLAGS 0x1L
+#else
+FILEFLAGS 0x0L
+#endif
+FILEOS 0x40004L              // VOS__WINDOWS32
+FILETYPE 0x2L                // VFT_DLL
+FILESUBTYPE 0x0L
+BEGIN
+BLOCK "StringFileInfo"
+BEGIN
+BLOCK "040904b0"      // LANG_ENGLISH + SUBLANG_ENGLISH_US, Unicode codepage
+BEGIN
+VALUE "CompanyName", "NVIDIA Corporation\0"
+VALUE "FileDescription", "NVIDIA Frame Buffer Capture Library, Version\0"
+VALUE "FileVersion", "6.14.15.7688\0"
+VALUE "InternalName", "NVFBC\0"
+VALUE "OriginalFilename", "NVFBC.dll\0"
+VALUE "ProductName", "NVIDIA Frame Buffer Capture Library\0"
+VALUE "ProductVersion", "6.14.15.7688\0"
+VALUE "LegalCopyright", "(C) 2025 NVIDIA Corporation. All rights reserved.\0"
+END
+END
+BLOCK "VarFileInfo"
+BEGIN
+VALUE "Translation", 0x0409, 1200
+END
+END
+

InstantReplayUnlock/main.cpp

@@ -0,0 +1,240 @@
+#include <Windows.h>
+#include <tlhelp32.h>
+#include <string>
+#include "MinHook.h"
+#include "scanner.h"
+#include "nt.h"
+
+#define FUNCTION_SIG "48 8b 91 ? ? ? ? 48 85 d2 74 ? 48 8b 51"
+
+#define FUNCTION_COUNT 9
+
+def_LdrRegisterDllNotification Org_LdrRegisterDllNotification = NULL;
+def_LdrUnregisterDllNotification Org_LdrUnregisterDllNotification = NULL;
+def_FreeLibrary Org_FreeLibrary = NULL;
+inline PVOID Cookie = NULL;
+inline void* sigpointer =  nullptr;
+extern "C" uintptr_t functions[FUNCTION_COUNT] = { 0 };
+std::string functionNames[] =
+{
+	"NvFBC_Create",
+	"NvFBC_CreateEx",
+	"NvFBC_Enable",
+	"NvFBC_GetSDKVersion",
+	"NvFBC_GetStatus",
+	"NvFBC_GetStatusEx",
+	"NvFBC_SetGlobalFlags",
+	"NvFBC_UnloadNvAPI",
+	"NvOptimusEnablement"
+};
+
+
+typedef enum _NVFBCRESULT
+{
+	NVFBC_SUCCESS = 0,
+	NVFBC_ERROR_GENERIC = -1,                     /**< Unexpected failure in NVFBC. */
+	NVFBC_ERROR_INVALID_PARAM = -2,               /**< One or more of the paramteres passed to NvFBC are invalid [This include NULL pointers]. */
+	NVFBC_ERROR_INVALIDATED_SESSION = -3,         /**< NvFBC session is invalid. Client needs to recreate session. */
+	NVFBC_ERROR_PROTECTED_CONTENT = -4,           /**< Protected content detected. Capture failed. */
+	NVFBC_ERROR_DRIVER_FAILURE = -5,              /**< GPU driver returned failure to process NvFBC command. */
+	NVFBC_ERROR_CUDA_FAILURE = -6,              /**< CUDA driver returned failure to process NvFBC command. */
+	NVFBC_ERROR_UNSUPPORTED = -7,              /**< API Unsupported on this version of NvFBC. */
+	NVFBC_ERROR_HW_ENC_FAILURE = -8,             /**< HW Encoder returned failure to process NVFBC command. */
+	NVFBC_ERROR_INCOMPATIBLE_DRIVER = -9,         /**< NVFBC is not compatible with this version of the GPU driver. */
+	NVFBC_ERROR_UNSUPPORTED_PLATFORM = -10,       /**< NVFBC is not supported on this platform. */
+	NVFBC_ERROR_OUT_OF_MEMORY = -11,             /**< Failed to allocate memory. */
+	NVFBC_ERROR_INVALID_PTR = -12,             /**< A NULL pointer was passed. */
+	NVFBC_ERROR_INCOMPATIBLE_VERSION = -13,       /**< An API was called with a parameter struct that has an incompatible version. Check dwVersion field of paramter struct. */
+	NVFBC_ERROR_OPT_CAPTURE_FAILURE = -14,        /**< Desktop Capture failed. */
+	NVFBC_ERROR_INSUFFICIENT_PRIVILEGES = -15,   /**< User doesn't have appropriate previlages. */
+	NVFBC_ERROR_INVALID_CALL = -16,               /**< NVFBC APIs called in wrong sequence. */
+	NVFBC_ERROR_SYSTEM_ERROR = -17,               /**< Win32 error. */
+	NVFBC_ERROR_INVALID_TARGET = -18,             /**< The target adapter idx can not be used for NVFBC capture. It may not correspond to an NVIDIA GPU, or may not be attached to desktop. */
+	NVFBC_ERROR_DYNAMIC_DISABLE = -20,            /**< NvFBC is dynamically disabled. Cannot continue to capture */
+} NVFBCRESULT;
+
+// [index: 000] [ordinal: 001] NvFBC_Create
+#pragma comment(linker, "/EXPORT:NvFBC_Create=func_9be0fbdc869f417b9f29c27e9d9c0cfd,@1")
+extern "C" void func_9be0fbdc869f417b9f29c27e9d9c0cfd();
+
+// [index: 001] [ordinal: 002] NvFBC_CreateEx
+#pragma comment(linker, "/EXPORT:NvFBC_CreateEx=func_92a7155ee30d412ea0e85c05d5ef3cd8,@2")
+extern "C" void func_92a7155ee30d412ea0e85c05d5ef3cd8();
+
+// [index: 002] [ordinal: 003] NvFBC_Enable
+#pragma comment(linker, "/EXPORT:NvFBC_Enable=func_358080a229af49bb96c3968f7c8d7444,@3")
+extern "C" void func_358080a229af49bb96c3968f7c8d7444();
+
+// [index: 003] [ordinal: 004] NvFBC_GetSDKVersion
+#pragma comment(linker, "/EXPORT:NvFBC_GetSDKVersion=func_a3384a768753452cbccab384f5f330c1,@4")
+extern "C" void func_a3384a768753452cbccab384f5f330c1();
+
+// [index: 004] [ordinal: 005] NvFBC_GetStatus
+#pragma comment(linker, "/EXPORT:NvFBC_GetStatus=func_c5a74b9ae49d4851930995268cee4e2f,@5")
+extern "C" void func_c5a74b9ae49d4851930995268cee4e2f();
+
+// [index: 005] [ordinal: 006] NvFBC_GetStatusEx
+#pragma comment(linker, "/EXPORT:NvFBC_GetStatusEx=func_7a0e96ba3cf34b0e9815e3a16dc3d347,@6")
+extern "C" void func_7a0e96ba3cf34b0e9815e3a16dc3d347();
+
+// [index: 006] [ordinal: 007] NvFBC_SetGlobalFlags
+#pragma comment(linker, "/EXPORT:NvFBC_SetGlobalFlags=func_2fd4dec9416b42de88a5afbe23ed4a8d,@7")
+extern "C" void func_2fd4dec9416b42de88a5afbe23ed4a8d();
+
+// [index: 007] [ordinal: 008] NvFBC_UnloadNvAPI
+#pragma comment(linker, "/EXPORT:NvFBC_UnloadNvAPI=func_e8c80ebd98bb45e0b591f52e5fbfa998,@8")
+extern "C" NVFBCRESULT func_e8c80ebd98bb45e0b591f52e5fbfa998() {
+	return NVFBC_ERROR_GENERIC; //malware reject
+};
+
+// [index: 008] [ordinal: 009] NvOptimusEnablement
+#pragma comment(linker, "/EXPORT:NvOptimusEnablement=func_5e40589f71e44de1827491903b6e99af,@9")
+extern "C" void func_5e40589f71e44de1827491903b6e99af();
+
+
+void* Org_GetWindowDisplayAffinity = nullptr;
+BOOL WINAPI Hook_GetWindowDisplayAffinity(IN HWND hWnd, OUT DWORD* pwdAffinity) {
+	*pwdAffinity = WDA_NONE;
+	return TRUE;
+}
+
+void* Org_Module32FirstW = nullptr;
+BOOL WINAPI Hook_Module32FirstW(IN HANDLE hSnapshot, IN OUT LPMODULEENTRY32W lpme) {
+	return FALSE;
+}
+
+BOOL Hook_FreeLibrary(IN HMODULE hLibModule) {
+
+	if (hLibModule == GetModuleHandleA("NvFBC64.dll"))
+	{
+		//MessageBoxA(nullptr,"SELF FREELIBRARY","WARN",MB_OK);
+		//Org_LdrUnregisterDllNotification(Cookie);
+		//MH_DisableHook(MH_ALL_HOOKS);
+		//MH_Uninitialize();
+		return false; //reject // iam malware
+		//Sleep(1000);
+	}
+	return Org_FreeLibrary(hLibModule);
+}
+
+void* Org_sub_7FFE7411BB10 = nullptr;
+__int64 __fastcall Hook_sub_7FFE7411BB10(__int64 a1)
+{
+	/*
+	return *(unsigned __int64*)(a1 + 10896)
+		&& 
+		(*(unsigned int*)(*(unsigned __int64*)(a1 + 24) + 368LL) || *(unsigned int*)(*(unsigned __int64*)(a1 + 24) + 640LL));*/
+	*(unsigned int*)(*(unsigned __int64*)(a1 + 24) + 368LL) = 0;
+	*(unsigned int*)(*(unsigned __int64*)(a1 + 24) + 640LL) = 0;
+	return 0;
+}
+
+void CALLBACK DLLNotification(ULONG Reason, PLDR_DLL_NOTIFICATION_DATA NotificationData, PVOID Context) {
+	switch (Reason)
+	{
+		case LDR_DLL_NOTIFICATION_REASON_LOADED:
+		{
+			if (wcsstr(NotificationData->Loaded.FullDllName->Buffer, L"nvd3dumx.dll") != NULL) {
+				sigpointer = sig(GetModuleHandleA("nvd3dumx.dll"), FUNCTION_SIG);
+				if (sigpointer == nullptr)
+				{
+					MessageBoxA(nullptr, "nvd3dumx sig not found!", "ERROR", MB_ICONERROR | MB_OK);
+				}
+				else
+				{
+					MH_CreateHook(sigpointer, &Hook_sub_7FFE7411BB10, &Org_sub_7FFE7411BB10);
+				}
+				MH_EnableHook(sigpointer);
+			}
+			break;
+		}
+		case LDR_DLL_NOTIFICATION_REASON_UNLOADED:
+		{
+			
+			if (wcsstr(NotificationData->Unloaded.FullDllName->Buffer, L"nvd3dumx.dll") != NULL)
+			{
+				/*
+				Org_LdrUnregisterDllNotification(Cookie);
+				MH_DisableHook(MH_ALL_HOOKS);
+				MH_Uninitialize();
+				*/
+				if (sigpointer!=nullptr)
+				{
+					MH_DisableHook(sigpointer);
+				}
+			}
+			
+			break;
+		}
+	}
+	/*
+	if (Reason == LDR_DLL_NOTIFICATION_REASON_LOADED) {
+		//wprintf(L"[LdrDllNotification] %s\n", NotificationData->Loaded.FullDllName->Buffer);
+		
+	}
+	//return;
+	*/
+}
+
+BOOL WINAPI DllMain(HINSTANCE hinstModule, DWORD dwReason, LPVOID lpvReserved)
+{
+	if (dwReason == DLL_PROCESS_ATTACH)
+	{
+		DisableThreadLibraryCalls(hinstModule);
+		auto moduleHandle = LoadLibraryA("NvFBC64_original.dll");
+		if (moduleHandle != nullptr)
+		{
+			for (auto i = 0; i < FUNCTION_COUNT; i++)
+			{
+				auto address = GetProcAddress(moduleHandle, functionNames[i].c_str());
+				functions[i] = reinterpret_cast<uintptr_t>(address);
+			}
+		}
+		
+		if (MH_Initialize() != MH_OK) {
+			MessageBoxA(nullptr, "MH Init Error!", "ERROR", MB_ICONERROR | MB_OK);
+			exit(1);
+		}
+
+
+		MH_CreateHookApi(L"user32.dll","GetWindowDisplayAffinity",&Hook_GetWindowDisplayAffinity,&Org_GetWindowDisplayAffinity);
+		MH_CreateHookApi(L"kernel32.dll", "Module32FirstW", &Hook_Module32FirstW, &Org_Module32FirstW);
+		MH_CreateHookApi(L"kernel32.dll", "FreeLibrary", &Hook_FreeLibrary, reinterpret_cast<LPVOID*>(&Org_FreeLibrary));
+		MH_EnableHook(MH_ALL_HOOKS);
+
+		//MessageBoxA(nullptr, "DEBUG", "HOOK RD", MB_OK);
+
+		Org_LdrRegisterDllNotification = (def_LdrRegisterDllNotification)GetProcAddress(GetModuleHandleA("ntdll.dll"), "LdrRegisterDllNotification");
+		Org_LdrUnregisterDllNotification = (def_LdrUnregisterDllNotification)GetProcAddress(GetModuleHandleA("ntdll.dll"), "LdrUnregisterDllNotification");
+		Org_LdrRegisterDllNotification(0, DLLNotification, NULL, &Cookie);
+		//LoadLibraryA("nvd3dumx.dll");
+		/*
+		void* SigPointer = sig(GetModuleHandleA("nvd3dumx.dll"),FUNCTION_SIG);
+		if (SigPointer == nullptr)
+		{
+			MessageBoxA(nullptr, "nvd3dumx sig not found!", "ERROR",MB_ICONERROR|MB_OK);
+		}
+		else
+		{
+			MH_CreateHook(SigPointer,&Hook_sub_7FFE7411BB10,&Org_sub_7FFE7411BB10);
+		}
+		*/
+		
+
+		/*
+		HANDLE NvModule = GetModuleHandleA("nvd3dumx.dll");
+		if (NvModule == INVALID_HANDLE_VALUE)
+		{
+			MessageBoxA(nullptr, "NOMODULE","NOMODULE",MB_OK);
+		}
+		*/
+	}
+	else if (dwReason == DLL_PROCESS_DETACH)
+	{
+		Org_LdrUnregisterDllNotification(&Cookie);
+		MH_DisableHook(MH_ALL_HOOKS);
+		MH_Uninitialize();
+	}
+
+	return TRUE;
+}

InstantReplayUnlock/nt.h

@@ -0,0 +1,52 @@
+#pragma once
+enum LDR_DLL_NOTIFICATION_REASON
+{
+    LDR_DLL_NOTIFICATION_REASON_LOADED = 1,
+    LDR_DLL_NOTIFICATION_REASON_UNLOADED = 2,
+};
+
+typedef struct tag_UNICODE_STRING {
+    USHORT Length;
+    USHORT MaximumLength;
+    PWSTR  Buffer;
+} __UNICODE_STRING, * PUNICODE_STRING, * PCUNICODE_STRING;
+
+typedef struct _LDR_DLL_LOADED_NOTIFICATION_DATA {
+    ULONG Flags;                    //Reserved.
+    PCUNICODE_STRING FullDllName;   //The full path name of the DLL module.
+    PCUNICODE_STRING BaseDllName;   //The base file name of the DLL module.
+    PVOID DllBase;                  //A pointer to the base address for the DLL in memory.
+    ULONG SizeOfImage;              //The size of the DLL image, in bytes.
+} LDR_DLL_LOADED_NOTIFICATION_DATA, * PLDR_DLL_LOADED_NOTIFICATION_DATA;
+
+typedef struct _LDR_DLL_UNLOADED_NOTIFICATION_DATA {
+    ULONG Flags;                    //Reserved.
+    PCUNICODE_STRING FullDllName;   //The full path name of the DLL module.
+    PCUNICODE_STRING BaseDllName;   //The base file name of the DLL module.
+    PVOID DllBase;                  //A pointer to the base address for the DLL in memory.
+    ULONG SizeOfImage;              //The size of the DLL image, in bytes.
+} LDR_DLL_UNLOADED_NOTIFICATION_DATA, * PLDR_DLL_UNLOADED_NOTIFICATION_DATA;
+
+typedef union _LDR_DLL_NOTIFICATION_DATA {
+    LDR_DLL_LOADED_NOTIFICATION_DATA Loaded;
+    LDR_DLL_UNLOADED_NOTIFICATION_DATA Unloaded;
+} LDR_DLL_NOTIFICATION_DATA, * PLDR_DLL_NOTIFICATION_DATA;
+
+typedef VOID(CALLBACK* PLDR_DLL_NOTIFICATION_FUNCTION)(
+    _In_     ULONG                       NotificationReason,
+    _In_     PLDR_DLL_NOTIFICATION_DATA NotificationData,
+    _In_opt_ PVOID                       Context
+    );
+
+typedef NTSTATUS(NTAPI* def_LdrRegisterDllNotification)(
+    _In_     ULONG                          Flags,
+    _In_     PLDR_DLL_NOTIFICATION_FUNCTION NotificationFunction,
+    _In_opt_ PVOID                          Context,
+    _Out_    PVOID* Cookie
+    );
+
+typedef NTSTATUS(NTAPI* def_LdrUnregisterDllNotification)(
+    _In_ PVOID Cookie
+    );
+
+typedef BOOL(WINAPI* def_FreeLibrary)(HMODULE hLibModule);

InstantReplayUnlock/nvfbc.asm

@@ -0,0 +1,51 @@
+.code
+
+extern functions:qword
+
+; NvFBC_Create
+func_9be0fbdc869f417b9f29c27e9d9c0cfd proc
+  jmp functions[8 * 0]
+func_9be0fbdc869f417b9f29c27e9d9c0cfd endp
+
+; NvFBC_CreateEx
+func_92a7155ee30d412ea0e85c05d5ef3cd8 proc
+  jmp functions[8 * 1]
+func_92a7155ee30d412ea0e85c05d5ef3cd8 endp
+
+; NvFBC_Enable
+func_358080a229af49bb96c3968f7c8d7444 proc
+  jmp functions[8 * 2]
+func_358080a229af49bb96c3968f7c8d7444 endp
+
+; NvFBC_GetSDKVersion
+func_a3384a768753452cbccab384f5f330c1 proc
+  jmp functions[8 * 3]
+func_a3384a768753452cbccab384f5f330c1 endp
+
+; NvFBC_GetStatus
+func_c5a74b9ae49d4851930995268cee4e2f proc
+  jmp functions[8 * 4]
+func_c5a74b9ae49d4851930995268cee4e2f endp
+
+; NvFBC_GetStatusEx
+func_7a0e96ba3cf34b0e9815e3a16dc3d347 proc
+  jmp functions[8 * 5]
+func_7a0e96ba3cf34b0e9815e3a16dc3d347 endp
+
+; NvFBC_SetGlobalFlags
+func_2fd4dec9416b42de88a5afbe23ed4a8d proc
+  jmp functions[8 * 6]
+func_2fd4dec9416b42de88a5afbe23ed4a8d endp
+
+; NvFBC_UnloadNvAPI
+;func_e8c80ebd98bb45e0b591f52e5fbfa998 proc
+;  jmp functions[8 * 7]
+;func_e8c80ebd98bb45e0b591f52e5fbfa998 endp
+
+; NvOptimusEnablement
+func_5e40589f71e44de1827491903b6e99af proc
+  jmp functions[8 * 8]
+func_5e40589f71e44de1827491903b6e99af endp
+
+
+end

InstantReplayUnlock/resource.h

@@ -0,0 +1,14 @@
+//{{NO_DEPENDENCIES}}
+// Microsoft Visual C++ generated include file.
+// Used by Version.rc
+
+// 新对象的下一组默认值
+// 
+#ifdef APSTUDIO_INVOKED
+#ifndef APSTUDIO_READONLY_SYMBOLS
+#define _APS_NEXT_RESOURCE_VALUE        101
+#define _APS_NEXT_COMMAND_VALUE         40001
+#define _APS_NEXT_CONTROL_VALUE         1001
+#define _APS_NEXT_SYMED_VALUE           101
+#endif
+#endif

InstantReplayUnlock/scanner.cpp

@@ -0,0 +1,53 @@
+#include "scanner.h"
+
+std::uint8_t* sig(const HMODULE module, const std::string& byte_array) {
+    if (!module)
+        return nullptr;
+
+    static const auto pattern_to_byte = [&](std::string pattern) {
+        std::vector<int> bytes{};
+        const auto start = const_cast<char*>(pattern.c_str());
+        const auto end = const_cast<char*>(pattern.c_str()) + pattern.length();
+
+        for (auto current = start; current < end; ++current) {
+            if (*current == '?') {
+                ++current;
+
+                if (*current == '?')
+                    ++current;
+
+                bytes.push_back(-1);
+            }
+            else {
+                bytes.push_back(std::strtoul(current, &current, 16));
+            }
+        }
+        return bytes;
+    };
+
+    const auto dos_header = reinterpret_cast<PIMAGE_DOS_HEADER>(module);
+    const auto nt_headers =
+        reinterpret_cast<PIMAGE_NT_HEADERS>(reinterpret_cast<std::uint8_t*>(module) + dos_header->e_lfanew);
+
+    const auto size_of_image = nt_headers->OptionalHeader.SizeOfImage;
+    const auto pattern_bytes = pattern_to_byte(byte_array);
+    const auto scan_bytes = reinterpret_cast<std::uint8_t*>(module);
+
+    const auto pattern_size = pattern_bytes.size();
+    const auto pattern_data = pattern_bytes.data();
+
+    for (auto i = 0ul; i < size_of_image - pattern_size; ++i) {
+        bool found = true;
+
+        for (auto j = 0ul; j < pattern_size; ++j) {
+            if (scan_bytes[i + j] != pattern_data[j] && pattern_data[j] != -1) {
+                found = false;
+                break;
+            }
+        }
+        if (found)
+            return &scan_bytes[i];
+    }
+
+    return nullptr;
+}

InstantReplayUnlock/scanner.h

@@ -0,0 +1,7 @@
+#pragma once
+#include <Windows.h>
+#include <cstdio>
+#include <string>
+#include <vector>
+
+std::uint8_t* sig(const HMODULE module, const std::string& byte_array);