Will maybe later if i have more time install VS 2019 and compile some. I guess this could be an explanation why we have different results for the strings. Hmm the strange thing is that Carrion never jumped into JIT generated code, and i didn't find the DLL that contains JIT code (but i didn't look into it too much, already uninstalled the game)Īlso strange that you didn't find the string as UTF 16, do you have a DLL and EXE like me in your compiled test? i have a feeling that you only have a EXE without DLL.įor my test i've used Visual Studio 2017 coz i have problems with Visual Studio 2019 and Unity.VS 2017 only supports. X64dbg or cheat engines referenced strings search didn't find it. You can see my "Testy" as wstring in the dump( RDX address) - i found my string with a UTF-16 search with cheat engine. Simple console application that writes a "Testy" string with Console.WriteLineĬompiling/publishing created a executable and a DLLĮxecutable loops native code,then jumps to JIT code from the DLL and then again native code to call the Console.WriteLine(System.Console)Ĭall 7FFEFC6F1950 = Console.dll+1950 - precompiled NET Core (i never used it or have seen it in a game before) And some security stuff to prevent buffer overflows such as guard values. The actual executable might be compressed and uncompressed in memory at runtime or some crap. Some precompiled native stuff mixed with JIT bytecode. I think there is a few things going on under the hood. Poking through it with a hex editor I noticed it was also inserting some kind of a randomly generated word soup into the binary with broken fragments of html and so on. I put in some 'magic numbers' like a loop that ran 13371337 iterations and couldn't find them in there either. Now I know I wasn't running any obfuscation stuff. I make a "hello world" program, the produced dll seemed normal and I could find the string (as widechar utf16), but when I turned it into a executable (with trimmed and single self contained binary) I could no longer find the hello world string. From my limited poking around it does some weird stuff to executables. NET which is normally quite moddable as you can decompile the assemblies). I'm not sure that (or at least all of it) is actually deliberate obfuscation/anti-cheat or even the developers doing. Really funny how much shit is accessing the health value. I've reversed how it works and made a proper god mode for the steam version(works also for the windows-store version) Its not their first game with custom anti-cheat,looks like Devolver Digital really hates modding/cheating. Well, changing health value crashes the game and all strings are obfuscated.
0 kommentar(er)
