v2.0.1

.gitignore

@@ -3,7 +3,7 @@
 .directory
 
 # File withheld to make abuse more difficult
-game_payload/src/tp6.c
+game_payload/src/core.c
 
 build
 out

README.md

@@ -1,11 +1,11 @@
 ### Games and regions
-- **3rd**: glb v6.7.0
+- **3rd**: glb/sea/cn/tw/kr/jp v6.8.0
-- **SR**: os/cn v1.1.0 (unsafe, refer to [configuration](#configuration)) 
+- **SR**: os/cn v1.2.0 (potentially unsafe, but no bans were reported since v1.1.0) 
 
 It may be possilbe to completely remove the region and version-specific data in the future. Refer to the source code in `game_payload/src` for details.
 
 ### Information
-The anticheat the games use is fundamentally incompatible with Wine in multiple ways. This tool launches the game without it (`injector/launcher_payload`) and imitates it's behaviour (`game_payload`).
+The anticheat the games use is fundamentally incompatible with Wine in multiple ways. This tool launches the game without it (`injector`) and imitates it's behaviour (`game_payload`).
 
 **SR-specific**: this tool disables the use of DirectX shared resources in a rather hacky way. It is required, as there is no (and most likely never will be) shared resources support in DirectX translation layers (WineD3D/DXVK). Refer to [configuration](#configuration) if you wish to run the game without the fix.
 
@@ -18,7 +18,7 @@ The anticheat the games use is fundamentally incompatible with Wine in multiple
 
 **Wine 8.0+ is recommended**, as lower versions leak "The Wine project" as the device identifier. Not critical, but taking a precaution never hurt anyone. **DXVK is strongly recommended.**
 
-**3rd-specific**: In some cases, and if you're not using Proton GE, **a fix for Media Foundation may be required to play videos. The Game may crash without it.** You can download it from [here](https://github.com/z0z0z/mf-install). You might need to [limit the number of cores available to the game](https://github.com/z0z0z/mf-install/issues/44) if your CPU has more than 8.
+**3rd-specific**: In some cases, and if you're not using Proton GE, **a fix for Media Foundation may be required to play videos. The Game may crash without it.**  You can download it from [here](https://github.com/z0z0z/mf-install). You might need to [limit the number of cores available to the game](https://github.com/z0z0z/mf-install/issues/44) if your CPU has more than 8. **IMPORTANT: do not run the mfplat fix under Proton GE. Doing so may irreparably damage your game installation!**
 
 Manual usage instructions:
 - Download the game you want to run
@@ -32,20 +32,19 @@ This tool is capable of starting the games from a different process. This may be
 To pass commandline arguments to the game, append them after the launcher path: `wine jadeite.exe 'Z:\wine\path\to\game.exe' 'Z:\wine\path\to\launcher.exe' -arg1 -arg2 -arg3`. To use the default launcher process, use `--`: `wine jadeite.exe 'Z:\wine\path\to\game.exe' -- -arg1 -arg2 -arg3`.
 
 ### Configuration
-These environment variables can be used to configure the behaviour of the tool.
+These environment variables can be used to configure the behaviour of the tool. Any value except empty string counts as set. `1` will be used in all examples.
 
 - `WAIT_BEFORE_RESUME=1` - show a messagebox and wait for user input before resuming the game process. Useful on my side for debugging
 
 **SR-exclusive**:
-- `I_WANT_A_BAN=1` - allows to launch SR. Please only use testing accounts, as there is an extremely high risk of getting banned
+- `SRFIX_DISABLE=1` - disable shared resources fix. Not recommended. Doing so will most likely cause the game to not run at all
-- `SRFIX_DISABLE=1` - disable shared resources fix
 
 ### Internals
-This tool consists of three parts: the main injector (`injector`), the launcher payload (`injector/launcher_payload`) and the game payload (`game_payload`).
+This tool consists of three parts: the main injector (`injector/src/exe.c`), the launcher payload (`injector/src/dll.c`) and the game payload (`game_payload`).
 
 I am very bad at explaining, so just take a look at the source code. Maybe I'll write a detailed explanation in the future.
 
-A part of the source code is witheld (`game_payload/src/tp6.c`). This is a forced measure to make abuse more difficult. 
+A part of the source code is witheld (`game_payload/src/core.c`). This is a forced measure to make abuse more difficult. However, a precompiled blob is provided in the repo. `build.sh` will use it automatically.
 
 ### Guildelines
 1. **Please don't share this project in public.** This might attract unnecessary attention from either the Game Company or the Anticheat Company

build.sh

@@ -1,12 +1,6 @@
 #!/usr/bin/env bash
 set -e
 
-if ! [ "x$1" = "xdo" ]; then
-    echo "A part of the source code is witheld (game_payload/src/tp6.c) to make abuse more difficult. Please download a binary release"
-    exit
-fi
-shift
-
 strip="x86_64-w64-mingw32-strip"
 
 rm -f jadeite.zip

game_payload/copy_core.sh

@@ -0,0 +1,4 @@
+#!/usr/bin/env sh
+
+cp "$1" "$2"
+cp "$1" "$3"

game_payload/include/core.h

@@ -0,0 +1,7 @@
+#pragma once
+
+#include <windows.h>
+
+#include <game.h>
+
+void core_setup_patcher(struct game_data *game, HMODULE baseModule);

game_payload/include/game.h

@@ -6,6 +6,11 @@ enum game_id {
     GAME_INVALID,
     
     GAME_HI3_GLB,
+    GAME_HI3_SEA,
+    GAME_HI3_CN,
+    GAME_HI3_TW,
+    GAME_HI3_KR,
+    GAME_HI3_JP,
 
     GAME_HSR_OS,
     GAME_HSR_CN
@@ -18,7 +23,7 @@ typedef void (*unityplayer_callback_t)(HMODULE unityModule);
 struct game_data {
     enum game_id id; // Temporary
     const char *name;
-    const char *assembly_path;
+    const char *assembly_name;
     const char *tp6_section_name; // Unused for now
     const char *tvm_section_name;
 

game_payload/include/tp6.h

@@ -1,7 +0,0 @@
-#pragma once
-
-#include <windows.h>
-
-#include <game.h>
-
-void tp6_setup_patcher(struct game_data *game, HMODULE baseModule);

game_payload/meson.build

@@ -1,3 +1,7 @@
+fs = import('fs')
+
+include_dir = include_directories('include')
+
 # Input files
 sources = [
     'src/main.c',
@@ -8,33 +12,71 @@ sources = [
     'src/hi3.c',
     'src/hsr.c',
     'src/utils.c',
-    'src/msg.c',
+    'src/msg.c'
-
-    # File withheld to make abuse more difficult
-    'src/tp6.c'
 ]
 resources = [
-    'res/hi3/glb/allocations.dat',
+    'res/hi3/glb.dat',
-    'res/hi3/glb/entries.dat',
+    'res/hi3/sea.dat',
+    'res/hi3/cn.dat',
+    'res/hi3/tw.dat',
+    'res/hi3/kr.dat',
+    'res/hi3/jp.dat',
 
-    'res/hsr/os/allocations.dat',
+    'res/hsr/os.dat',
-    'res/hsr/os/entries.dat',
+    'res/hsr/cn.dat'
-    'res/hsr/cn/allocations.dat',
-    'res/hsr/cn/entries.dat'
 ]
 
 # Generate resource files for ./res
-res_files = custom_target(
+res_header = custom_target(
-    'resources.[ho]',
+    'resources.h',
-    output: [ 'resources.o', 'resources.h' ],
+    output: 'resources.h',
     input: resources,
-    command: [ gen_res, meson.current_source_dir(), '@OUTPUT0@', '@OUTPUT1@', '@INPUT@' ]
+    command: [ gen_res, '--header', meson.current_source_dir(), '@OUTPUT0@', '@INPUT@' ]
 )
+res_object = custom_target(
+    'resources.o',
+    output: 'resources.o',
+    input: resources,
+    command: [ gen_res, '--object', meson.current_source_dir(), '@OUTPUT0@', '@INPUT@' ]
+)
+
+if fs.exists('src/core.c')
+    # Compile the real file first (dirty hack)
+    core_fake_exe = executable(
+        'core.o',
+        'src/core.c',
+        res_header,
+        link_args: [ '-r' ], # Output an object file
+        include_directories: include_dir
+    )
+    
+    # another dirty hack
+    copy_core = find_program('copy_core.sh')
+
+    core_target = [custom_target(
+        'copy_core',
+        output: 'core.o',
+        input: core_fake_exe.extract_all_objects(recursive: false),
+        command: [ 
+            copy_core, 
+            '@INPUT0@',
+            '@OUTPUT0@', meson.current_source_dir() / 'blob/core.o' 
+        ]
+    )]
+    core_blob = []
+else
+    message('Using precompiled core blob. Refer to the readme for more details')
+    core_target = []
+    core_blob = [ 'blob/core.o' ]
+endif
 
 shared_library(
     'game_payload',
     sources,
-    res_files,
+    res_header,
-    include_directories: 'include',
+    res_object,
+    core_target,
+    objects: core_blob,
+    include_directories: include_dir,
     name_prefix: ''
 )

game_payload/src/ace.c

@@ -9,83 +9,75 @@ static void _dll_notification(ULONG reason, const PLDR_DLL_NOTIFICATION_DATA dat
         return;
     }
 
-    // context should be set to the target module name, lowercase
+    // context should be set to the target module name
     wchar_t *targetModuleName = (wchar_t*)context;
 
-    wchar_t lwModuleName[MAX_PATH];
+    if (wcsicmp(targetModuleName, data->Loaded.BaseDllName->Buffer) != 0) {
-    wcscpy(lwModuleName, data->Loaded.BaseDllName->Buffer);
+        return;
-    _wcslwr(lwModuleName);
-
-    if (wcscmp(targetModuleName, lwModuleName) == 0) {
-        // Replace entry point with a stub
-        void *entryPoint = pe_find_entry_point(data->Loaded.DllBase);
-
-        const char ENTRY_POINT_STUB[] = {
-            0xB8, 0x01, 0x00, 0x00, 0x00,   // mov eax, 1
-            0xC3                            // ret
-        };
-
-        DWORD oldProtect;
-        VirtualProtect(entryPoint, sizeof(ENTRY_POINT_STUB), PAGE_EXECUTE_READWRITE, &oldProtect);
-
-        memcpy(entryPoint, ENTRY_POINT_STUB, sizeof(ENTRY_POINT_STUB));
-
-        VirtualProtect(entryPoint, sizeof(ENTRY_POINT_STUB), oldProtect, &oldProtect);
     }
+
+    // Replace entry point with a stub
+    void *entryPoint = pe_find_entry_point(data->Loaded.DllBase);
+
+    const char ENTRY_POINT_STUB[] = {
+        0xB8, 0x01, 0x00, 0x00, 0x00,   // mov eax, 1
+        0xC3                            // ret
+    };
+
+    DWORD oldProtect;
+    VirtualProtect(entryPoint, sizeof(ENTRY_POINT_STUB), PAGE_EXECUTE_READWRITE, &oldProtect);
+
+    memcpy(entryPoint, ENTRY_POINT_STUB, sizeof(ENTRY_POINT_STUB));
+
+    VirtualProtect(entryPoint, sizeof(ENTRY_POINT_STUB), oldProtect, &oldProtect);
+    
+}
+
+static void _create_driver_file(const char *path) {
+    // They only report presence
+    HANDLE file = CreateFileA(path, GENERIC_WRITE, FILE_SHARE_READ, NULL, CREATE_ALWAYS, FILE_ATTRIBUTE_NORMAL, NULL);
+
+    if (file == INVALID_HANDLE_VALUE) {
+        msg_err_a("Could not create driver file: %s", path);
+    }
+
+    CloseHandle(file);
 }
 
 void ace_fake_driver_files() {
-    // They only report presence
+    _create_driver_file("ACE-BASE.sys");
-    const char *wdDriverPath = "ACE-BASE.sys";
-    const char *s32DriverPath = "C:\\windows\\system32\\drivers\\ACE-BASE.sys";
-
-    HANDLE wdDriverFile = CreateFileA(wdDriverPath, GENERIC_WRITE, FILE_SHARE_READ, NULL, CREATE_ALWAYS, FILE_ATTRIBUTE_NORMAL, NULL);
-    if (!wdDriverFile) {
-        msg_err_a("Could not create driver file: %s", wdDriverPath);
-    }
 
     // Just in case
-    HANDLE s32DriverFile = CreateFileA(s32DriverPath, GENERIC_WRITE, FILE_SHARE_READ, NULL, CREATE_ALWAYS, FILE_ATTRIBUTE_NORMAL, NULL);
+    _create_driver_file("C:\\windows\\system32\\drivers\\ACE-BASE.sys");
-    if (!s32DriverFile) {
+}
-        msg_err_a("Could not create driver file: %s", s32DriverPath);
+
+static HMODULE _load_module_patched(wchar_t *path) {
+    // Get filename from the path
+    wchar_t *name = wcsrchr(path, '\\');
+    name = name ? name + 1 : path;
+
+    void *cookie;
+    LdrRegisterDllNotification(0, &_dll_notification, name, &cookie);
+
+    HMODULE module = LoadLibraryW(path);
+    if (!module) {
+        msg_err_w(L"Could not load module: %ls", path);
     }
 
-    CloseHandle(wdDriverFile);
+    // LoadLibraryW is synchronous; the notification function has already finished executing
-    CloseHandle(s32DriverFile);
+    LdrUnregisterDllNotification(cookie);
+
+    return module;
 }
 
 HMODULE ace_load_base_module(const char *exeName) {
     wchar_t baseModuleName[MAX_PATH];
-    swprintf(baseModuleName, MAX_PATH, L"%sbase.dll", exeName);
+    swprintf(baseModuleName, MAX_PATH, L"%sBase.dll", exeName);
     wcslwr(baseModuleName);
 
-    void *cookie;
+    return _load_module_patched(baseModuleName);
-    LdrRegisterDllNotification(0, &_dll_notification, baseModuleName, &cookie);
-
-    HMODULE baseModule = LoadLibraryW(baseModuleName);
-    if (!baseModule) {
-        msg_err_w(L"Could not load base module: %ls", baseModuleName);
-    }
-
-    // LoadLibraryA is synchronous; the notification function has already finished executing
-    LdrUnregisterDllNotification(cookie);
-
-    return baseModule;
 }
 
 HMODULE ace_load_driver_module() {
-    const char *driverModulePath = "AntiCheatExpert/InGame/x64/ACE-DRV64.dll";
+    return _load_module_patched(L"AntiCheatExpert\\InGame\\x64\\ACE-DRV64.dll");
-
-    void *cookie;
-    LdrRegisterDllNotification(0, &_dll_notification, L"ace-drv64.dll", &cookie);
-
-    HMODULE driverModule = LoadLibraryA(driverModulePath);
-    if (!driverModule) {
-        msg_err_a("Could not load driver module: %s", driverModulePath);
-    }
-
-    // LoadLibraryA is synchronous; the notification function has already finished executing
-    LdrUnregisterDllNotification(cookie);
-
-    return driverModule;
 }

game_payload/src/core.md

@@ -0,0 +1,18 @@
+### 1.0.0
+- First version
+
+### 1.1.0
+- HSR support
+
+### 1.1.9
+- Fixed a bug which could cause the game to crash in odd scenarios
+
+### 1.1.10
+- Fixed a subtle bug introduced in 1.1.9
+
+### 1.1.11
+- Fixed an additional issue introduced in 1.1.9
+
+### 2.0.0
+- Almost a full rewrite, functionality unchanged
+- Added support for HI3 sea/cn/tw/jp/kr

game_payload/src/hi3.c

@@ -4,7 +4,7 @@
 #include <game.h>
 
 const char *HI3_NAME             = "BH3";
-const char *HI3_ASSEMBLY_PATH    = "BH3_Data/Native/UserAssembly.dll";
+const char *HI3_ASSEMBLY_NAME    = "UserAssembly.dll";
 const char *HI3_TP6_SECTION_NAME = ".bh3";
 const char *HI3_TVM_SECTION_NAME = ".tvm0";
 
@@ -14,10 +14,14 @@ struct crc_id_pair {
 };
 
 const struct crc_id_pair HI3_REGIONS[] = {
-    // Only glb for now
     // It may be possible to get rid of region-specific data altogether in the future
 
-    { 0x45221647, GAME_HI3_GLB } // glb v6.7.0
+    { 0xcb8041ff, GAME_HI3_GLB }, // glb v6.8.0
+    { 0x104cbfc5, GAME_HI3_SEA }, // sea v6.8.0
+    { 0x2efd9099, GAME_HI3_CN },  // cn  v6.8.0
+    { 0x30fa5b0f, GAME_HI3_TW },  // tw  v6.8.0
+    { 0xe47327fb, GAME_HI3_KR },  // kr  v6.8.0
+    { 0x992b6b63, GAME_HI3_JP }   // jp  v6.8.0
 };
 
 void hi3_fill_data(struct game_data *buf) {
@@ -36,7 +40,7 @@ void hi3_fill_data(struct game_data *buf) {
     
     buf->id = id;
     buf->name = HI3_NAME;
-    buf->assembly_path = HI3_ASSEMBLY_PATH;
+    buf->assembly_name = HI3_ASSEMBLY_NAME;
     buf->tp6_section_name = HI3_TP6_SECTION_NAME;
     buf->tvm_section_name = HI3_TVM_SECTION_NAME;
 

game_payload/src/hsr.c

@@ -5,7 +5,7 @@
 #include <game.h>
 
 const char *HSR_NAME             = "StarRail";
-const char *HSR_ASSEMBLY_PATH    = "GameAssembly.dll";
+const char *HSR_ASSEMBLY_NAME    = "GameAssembly.dll";
 const char *HSR_TP6_SECTION_NAME = ".ace";
 const char *HSR_TVM_SECTION_NAME = ".tvm0";
 
@@ -17,14 +17,14 @@ struct crc_id_pair {
 const struct crc_id_pair HSR_REGIONS[] = {
     // It may be possible to get rid of region-specific data altogether in the future
 
-    { 0x2df53005, GAME_HSR_OS }, // os v1.1.0
+    { 0x9eb3084e, GAME_HSR_OS }, // os v1.2.0
-    { 0x3e644d26, GAME_HSR_CN }  // cn v1.1.0
+    { 0x14be07e9, GAME_HSR_CN }  // cn v1.2.0
 };
 
 #define JUMP_SIZE (6 + sizeof(void*))
 
 // Temporarily hardcoded offset
-// v1.1.0, same for os and cn
+// v1.2.0, same for os and cn
 #define WTSUD_PATCH_OFFSET 0x16430
 
 char wtsud_original_bytes[JUMP_SIZE];
@@ -71,12 +71,6 @@ static void _unityplayer_callback(HMODULE unityModule) {
 }
 
 void hsr_fill_data(struct game_data *buf) {
-    if (!utils_env_enabled("I_WANT_A_BAN")) {
-        msg_err_a("Using this tool with HSR is unsafe. Refer to the readme for more details");
-    } else {
-        msg_warn_a("Using this tool with HSR will most likely result in a ban. Please only use testing accounts");
-    }
-
     uint32_t crc = utils_file_crc32c("UnityPlayer.dll");
     
     enum game_id id = GAME_INVALID;
@@ -92,7 +86,7 @@ void hsr_fill_data(struct game_data *buf) {
 
     buf->id = id;
     buf->name = HSR_NAME;
-    buf->assembly_path = HSR_ASSEMBLY_PATH;
+    buf->assembly_name = HSR_ASSEMBLY_NAME;
     buf->tp6_section_name = HSR_TP6_SECTION_NAME;
     buf->tvm_section_name = HSR_TVM_SECTION_NAME;
 

game_payload/src/main.c

@@ -3,7 +3,7 @@
 #include <ntdll.h>
 #include <ace.h>
 #include <game.h>
-#include <tp6.h>
+#include <core.h>
 #include <utils.h>
 
 #include <main.h>
@@ -46,7 +46,7 @@ BOOL WINAPI DllMain(HINSTANCE instance, DWORD reason, LPVOID reserved) {
     ace_load_driver_module();
 
     // ...magic
-    tp6_setup_patcher(&game, baseModule);
+    core_setup_patcher(&game, baseModule);
 
     // Load the UnityPlayer module and invoke the callback
     HMODULE unityModule = LoadLibraryA("UnityPlayer.dll");

game_payload/src/tp6.md

@@ -1,5 +0,0 @@
-### 1.0.0
-- First version
-
-### 1.1.0
-- HSR support

game_payload/src/utils.c

@@ -31,5 +31,5 @@ uint32_t utils_file_crc32c(const char *filePath) {
 
 char utils_env_enabled(const char *env) {
     char *envText = getenv(env);
-    return envText && strcmp(envText, "") != 0;
+    return envText && *envText;
 }

gen_resources.sh

@@ -2,19 +2,38 @@
 
 linker="x86_64-w64-mingw32-ld"
 
+# Select output types
+for i in {0..1}
+do
+    case "$1" in
+        --header)
+            gen_header=1
+            shift
+            ;;
+        --object)
+            gen_object=1
+            shift
+            ;;
+    esac 
+done
+
 # Read project directory
 proj_dir=`realpath "$1"`
 shift
 
-# Read output file destinations
+# Read output file destinations and make sure they don't exist
-resources_o=`realpath "$1"`
+if [ "x${gen_object}" = "x1" ]; then
-shift
+    resources_o=`realpath "$1"`
-resources_h=`realpath "$1"`
+    shift
-shift
 
-# Make sure that the header does not exist
+    rm -f "${resources_h}"
-rm -f "${resources_h}"
+fi
-rm -f "${resources_o}"
+if [ "x${gen_header}" = "x1" ]; then
+    resources_h=`realpath "$1"`
+    shift
+
+    rm -f "${resources_o}"
+fi
 
 # Recomupte relative paths to parameters
 idx=0
@@ -26,24 +45,28 @@ do
     idx="$(("${idx}" + 1))"
 done
 
-# Create the object file
+if [ "x${gen_object}" = "x1" ]; then
-pushd "${proj_dir}" >> /dev/null
+    # Create the object file
-$linker -r -b binary -o "${resources_o}" "${resource_files[@]}"
+    pushd "${proj_dir}" >> /dev/null
-popd >> /dev/null
+    $linker -r -b binary -o "${resources_o}" "${resource_files[@]}"
+    popd >> /dev/null
+fi
 
-# Include stddef.h in the resources header (for size_t)
+if [ "x${gen_header}" = "x1" ]; then
-echo "#include <stddef.h>" >> "${resources_h}"
+    # Include stddef.h in the resources header (for size_t)
+    echo "#include <stddef.h>" >> "${resources_h}"
 
-for resource in "${resource_files[@]}"
+    for resource in "${resource_files[@]}"
-do
+    do
-    # Use relative path to the resource as the variable name
+        # Use relative path to the resource as the variable name
-    var_name="_binary_${resource}"
+        var_name="_binary_${resource}"
 
-    # Replace all non-alphanumeric characters with underscores
+        # Replace all non-alphanumeric characters with underscores
-    var_name=`printf "${var_name}" | sed "s/[^a-zA-Z0-9]/_/g"`
+        var_name=`printf "${var_name}" | sed "s/[^a-zA-Z0-9]/_/g"`
 
-    # Define externs in the header
+        # Define externs in the header
-    echo "extern void *${var_name}_start;" >> "${resources_h}"
+        echo "extern void *${var_name}_start;" >> "${resources_h}"
-    echo "extern void *${var_name}_size;" >> "${resources_h}"
+        echo "extern void *${var_name}_size;" >> "${resources_h}"
-    echo "" >> "${resources_h}"
+        echo "" >> "${resources_h}"
-done
+    done
+fi

injector/meson.build

@@ -17,14 +17,14 @@ exe_res_files = custom_target(
     'launcher_p.[oh]',
     output: [ 'launcher_p.o', 'launcher_p.h' ],
     input: [ launcher_payload_bin ],
-    command: [ gen_res, './injector', '@OUTPUT0@', '@OUTPUT1@', '@INPUT@' ]
+    command: [ gen_res, '--header', '--object', './injector', '@OUTPUT0@', '@OUTPUT1@', '@INPUT@' ]
 )
 
 dll_res_files = custom_target(
     'game_p.[oh]',
     output: [ 'game_p.o', 'game_p.h' ],
     input: [ game_payload_bin ],
-    command: [ gen_res, './injector', '@OUTPUT0@', '@OUTPUT1@', '@INPUT@' ]
+    command: [ gen_res, '--header', '--object', './injector', '@OUTPUT0@', '@OUTPUT1@', '@INPUT@' ]
 )
 
 # Main injector exe

injector/src/dll.c

@@ -30,7 +30,7 @@ BOOL WINAPI DllMain(HINSTANCE inst, DWORD reason, LPVOID reserved) {
     // Compute the working directory path
     wchar_t workdir[MAX_PATH];
     wcscpy(workdir, targetExe);
-    *(wcsrchr(workdir, '\\')) = '\0';
+    *(wcsrchr(workdir, L'\\')) = L'\0';
 
     // SAFETY: verify that the injector is not inside the game directory
     HMODULE kernel32 = GetModuleHandleA("kernel32.dll");
@@ -42,7 +42,7 @@ BOOL WINAPI DllMain(HINSTANCE inst, DWORD reason, LPVOID reserved) {
 
         char *i = unixInjectDll, *w = unixWorkdir;
         char startsWith = 0;
-        while (*i != '\0' && *w != '\0') {
+        while (*i && *w) {
             startsWith = *i == *w;
             if (!startsWith) break;
 
@@ -95,7 +95,7 @@ BOOL WINAPI DllMain(HINSTANCE inst, DWORD reason, LPVOID reserved) {
 
     // Optional: wait for user input before resuming (useful for debugging) 
     char *waitEnabled = getenv("WAIT_BEFORE_RESUME");
-    if (waitEnabled && strcmp(waitEnabled, "") != 0) {
+    if (waitEnabled && *waitEnabled) {
         wchar_t message[64];
         wsprintfW(message, L"PID: %ld. Press OK to continue", pi.dwProcessId);
         MessageBoxW(NULL, message, J_MB_TITLE, MB_OK | MB_ICONINFORMATION);

injector/src/game_p.asm

@@ -1,5 +1,50 @@
 BITS 64
 
+; Macro definitions
+
+; read dst, pSrc, size
+%macro read 3
+
+    mov %1, [%2]
+    add %2, %3
+
+%endmacro
+
+; copy pDst, pSrc, temp, tempSize
+%macro copy 4
+
+    mov %3, [%2]
+    mov [%1], %3
+    add %1, %4
+    add %2, %4
+
+%endmacro
+
+; unprotect addr, size, fn
+%macro unprotect 3
+
+    mov rcx, %1
+    mov rdx, %2
+    mov r8, 40h  ; PAGE_EXECUTE_READWRITE
+    lea r9, [rel oldProtect]
+
+    call %3
+
+%endmacro
+
+; reprotect addr, size, fn
+%macro reprotect 3
+
+    mov rcx, %1
+    mov rdx, %2
+    lea r9, [rel oldProtect]
+    mov r8d, [r9]
+
+    call %3
+
+%endmacro
+
+
 main: ; Replacement entry point
     push rsi
     push rdi
@@ -16,6 +61,14 @@ main: ; Replacement entry point
     mov rdi, rax   ; *GetProcAddress
 
 
+    mov rcx, rsi          ; kernel32.dll
+    lea rdx, [rel s_VirtualProtect]
+    call rdi              ; rax = *VirtualProtect
+    
+    mov rcx, rax
+    call RecoverExecutable
+
+
     mov rcx, rsi          ; kernel32.dll
     lea rdx, [rel s_LoadLibraryW]
     call rdi              ; rax = *LoadLibraryW
@@ -63,10 +116,65 @@ main: ; Replacement entry point
     ret
 
 
+RecoverExecutable:  ; expects *VirtualProtect in rcx
+    push rbx
+    push r12
+    push r13
+    push r14
+    sub rsp, 8
+
+    mov r13, rcx
+
+    ; Find the recovery data structure
+    lea rbx, [rel dllPath]
+
+.search:
+    read ax, rbx, 2
+    test ax, ax
+    jnz .search
+
+    ; Recover entry point bytes (6 + 8 = 14 total)
+    read r12, rbx, 8  ; Address
+    mov r14, r12
+
+    unprotect r14, 14, r13
+    copy r12, rbx, rax, 8
+    copy r12, rbx, eax, 4
+    copy r12, rbx, ax,  2
+    reprotect r14, 14, r13
+
+    ; Recover import descriptor bytes (20 total)
+    read r12, rbx, 8
+    mov r14, r12
+
+    unprotect r14, 20, r13
+    copy r12, rbx, rax, 8
+    copy r12, rbx, rax, 8
+    copy r12, rbx, eax, 4
+    reprotect r14, 20, r13
+
+    ; Recover import data directory entry size bytes (4 total)
+    read r12, rbx, 8
+    mov r14, r12
+
+    unprotect r14, 4, r13
+    copy r12, rbx, eax, 4
+    reprotect r14, 4, r13
+
+    add rsp, 8
+    pop r14
+    pop r13
+    pop r12
+    pop rbx
+    ret
+
+
 %include "gpa.asm"
 
+oldProtect: dd 0
 
 ; Strings
+s_VirtualProtect:    db "VirtualProtect", 0
 s_LoadLibraryW:      db "LoadLibraryW", 0
 s_GetModuleHandleA:  db "GetModuleHandleA", 0
 s_GetCommandLineW:   db "GetCommandLineW", 0

injector/src/inject.c

@@ -1,5 +1,22 @@
 #include <inject.h>
 
+#define JUMP_SIZE (6 + sizeof(void*))
+
+// Original values to recover after the injection
+// Recovery is performed by the assembly payload
+#pragma pack(push, 1)
+struct recovery_data {
+    void *entryPointAddress;
+    char entryPointData[JUMP_SIZE];
+
+    void *importDescriptorAddress;
+    IMAGE_IMPORT_DESCRIPTOR importDescriptorData;
+
+    void *sizeFieldAddress;
+    DWORD sizeFieldData;
+};
+#pragma pack(pop)
+
 static inline void write_protected_process_memory(HANDLE process, void *address, const void *buf, size_t size) {
     DWORD oldProtect;
     VirtualProtectEx(process, address, size, PAGE_EXECUTE_READWRITE, &oldProtect);
@@ -13,13 +30,6 @@ static inline void write_protected_process_memory(HANDLE process, void *address,
 void inject(HANDLE process, const void *payload, size_t payloadSize, const wchar_t *dllPath) {
     size_t _; // Contrary to the docs, {Write,Read}ProcessMemory likes to crash if the last arg is NULL
 
-    // Inject the loader into the module
-    size_t dllPathLen = (wcslen(dllPath) + 1) * sizeof(wchar_t);
-
-    char *remoteAlloc = VirtualAllocEx(process, NULL, payloadSize + dllPathLen, MEM_COMMIT, PAGE_EXECUTE_READWRITE);
-    WriteProcessMemory(process, remoteAlloc, payload, payloadSize, &_);
-    WriteProcessMemory(process, remoteAlloc + payloadSize, dllPath, dllPathLen, &_);
-
     // Find the EXE header in the process
     char exeHeader[1024];
     IMAGE_DOS_HEADER *dosHeader = NULL;
@@ -45,7 +55,7 @@ void inject(HANDLE process, const void *payload, size_t payloadSize, const wchar
         }
 
         // Skip DLLs
-        if ((ntHeaders->FileHeader.Characteristics | IMAGE_FILE_DLL) == IMAGE_FILE_DLL) {
+        if ((ntHeaders->FileHeader.Characteristics & IMAGE_FILE_DLL) == IMAGE_FILE_DLL) {
             goto cont;
         }
 
@@ -64,25 +74,60 @@ void inject(HANDLE process, const void *payload, size_t payloadSize, const wchar
 
     char *exe = (char*)memoryInfo.BaseAddress;
 
+
+    // Inject the loader into the process
+    const unsigned char JUMP_INST[] = { 0xFF, 0x25, 0x00, 0x00, 0x00, 0x00 };
+   
+    size_t dllPathSize = (wcslen(dllPath) + 1) * sizeof(wchar_t);
+
+    size_t allocSize = payloadSize + dllPathSize + sizeof(struct recovery_data);
+    char *remoteAlloc = VirtualAllocEx(process, NULL, allocSize, MEM_COMMIT, PAGE_EXECUTE_READWRITE);
+
+    // Write the assembly payload and dll path
+    WriteProcessMemory(process, remoteAlloc, payload, payloadSize, &_);
+    WriteProcessMemory(process, remoteAlloc + payloadSize, dllPath, dllPathSize, &_);
+
+
+    // Modify the executable to run the assembly payload
+    // Recovery data structure
+    struct recovery_data rd;
+
     // Replace the entry point with a jump to the loader
     char *entryPoint = exe + ntHeaders->OptionalHeader.AddressOfEntryPoint;
 
-    const unsigned char JUMP_INST[] = { 0xFF, 0x25, 0x00, 0x00, 0x00, 0x00 };
+    // Save the original entry point address and bytes
+    rd.entryPointAddress = entryPoint;
+    ReadProcessMemory(process, rd.entryPointAddress, rd.entryPointData, sizeof(rd.entryPointData), &_);
 
+    // Replace the entry point with a jump to the assembly payload
     write_protected_process_memory(process, entryPoint, JUMP_INST, sizeof(JUMP_INST));
     write_protected_process_memory(process, entryPoint + sizeof(JUMP_INST), &remoteAlloc, sizeof(remoteAlloc));
 
+
     // Break the import table to prevent any dlls from being loaded
     // Step 1: break the first import descriptor
     char *importDescriptors = exe + ntHeaders->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_IMPORT].VirtualAddress;
+
+    // Save the original descriptor address and bytes
+    rd.importDescriptorAddress = importDescriptors;
+    ReadProcessMemory(process, rd.importDescriptorAddress, &rd.importDescriptorData, sizeof(rd.importDescriptorData), &_);
+
+    // Overwrite with zeroes    
     IMAGE_IMPORT_DESCRIPTOR firstDescriptor;
     ZeroMemory(&firstDescriptor, sizeof(firstDescriptor));
-
     write_protected_process_memory(process, importDescriptors, &firstDescriptor, sizeof(firstDescriptor));
 
     // Step 2: break the image data directory entry
-    size_t ddOffset = ((char*)&(ntHeaders->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_IMPORT].Size)) - exeHeader;
+    char* ddAddr = ((char*)&(ntHeaders->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_IMPORT].Size)) - exeHeader + exe;
-    DWORD newSize = 0;
+    
+    // Save the original value
+    rd.sizeFieldAddress = ddAddr;
+    ReadProcessMemory(process, rd.sizeFieldAddress, &rd.sizeFieldData, sizeof(rd.sizeFieldData), &_);
 
-    write_protected_process_memory(process, exe + ddOffset, &newSize, sizeof(newSize));
+    // Set to 0
+    DWORD newSize = 0;
+    write_protected_process_memory(process, ddAddr, &newSize, sizeof(newSize));
+
+    // Write recovery data to the allocation
+    WriteProcessMemory(process, remoteAlloc + payloadSize + dllPathSize, &rd, sizeof(rd), &_);
 }

meson.build

@@ -1,4 +1,4 @@
-project('jadeite', 'c', version: '1.1.7')
+project('jadeite', 'c', version: '2.0.1')
 
 nasm = find_program('nasm')
 gen_res = find_program('gen_resources.sh')

metadata.json

@@ -1,22 +1,42 @@
 {
     "jadeite": {
-        "version": "1.1.7"
+        "version": "2.0.1"
     },
     "games": {
         "hi3rd": {
             "global": {
                 "status": "verified",
-                "version": "6.7.0"
+                "version": "6.8.0"
+            },
+            "sea": {
+                "status": "verified",
+                "version": "6.8.0"
+            },
+            "china": {
+                "status": "verified",
+                "version": "6.8.0"
+            },
+            "taiwan": {
+                "status": "verified",
+                "version": "6.8.0"
+            },
+            "korea": {
+                "status": "verified",
+                "version": "6.8.0"
+            },
+            "japan": {
+                "status": "verified",
+                "version": "6.8.0"
             }
         },
         "hsr": {
             "global": {
-                "status": "unsafe",
+                "status": "verified",
-                "version": "1.1.0"
+                "version": "1.2.0"
             },
             "china": {
-                "status": "unsafe",
+                "status": "verified",
-                "version": "1.1.0"
+                "version": "1.2.0"
             }
         }
     }