module name is igo64.dll, found in origin installation directory
x64, might edit in x86 sigs too:
un facts:
- seems like they copied valve's homework on game overlays, they also leave all of their strings in unencrypted and log basically everything.
- they use a proprietary library called madCodeHook which costs 2k euros.
x64, might edit in x86 sigs too:
- namespace util::riginhook {
- /* xref: "HookCode: Detected code is PAGE_EXECUTE_READWRITE - possible DRM, aborting." */
- static void hook ( void * address , void * hook , void * original ) {
- const static auto fn = reinterpret_cast< void * ( __fastcall * ) ( void * , void * , void * , std::uint8_t ) >( SIG ( MODULE_ORIGINOVERLAY , _ ( "40 55 56 57 48 81 EC ? ? ? ? 48 8B 05 ? ? ? ? 48 33 C4 48 89 84 24 ? ? ? ?" ) ) );
- fn ( address , hook , original , 0 );
- }
- /* xref: "Unhooking failed: %p" */
- static void unhook ( void * original ) {
- const static auto fn = reinterpret_cast< void * ( __fastcall * ) ( void * ) >( SIG ( MODULE_ORIGINOVERLAY , _ ( "48 89 54 24 ? 53 48 83 EC 30 48 8B D9" ) ) );
- fn ( original );
- }
- }
un facts:
- seems like they copied valve's homework on game overlays, they also leave all of their strings in unencrypted and log basically everything.
- they use a proprietary library called madCodeHook which costs 2k euros.
