|
That thing is... evil. It's like they wrote it by hand, which would be... I worry for their mental health. |
|
zars15Join Date: 2008-11-10
Post Count: 9999 |
...Sorcus worked hard, much? |
|
|
They shall be defeated. It is inevitable. |
|
digpoeJoin Date: 2008-11-02
Post Count: 9092 |
*bypasses it with cheat engine* :l It's probably uglycoded. And it might not even work properly. But still, why hand typed... Must be an eyesore to look at human typed code, instead of pregenerated machinecode. *hinting that self is machine* |
|
|
By new you mean the un-broken one? They had it implemented for like a week, but very stupidly since then had it running it's own thread instead of in the main loop. You could just crash it and it would be fine. Now they have it in the main game loop, so if you crash it you hang the entire app \o/
Any why is it bad if they programmed it by hand? |
|
MaradarJoin Date: 2012-03-06
Post Count: 4478 |
Memory checker? Sweet jesus no, anything but something like that.
signature.exe has stopped responding. |
|
dop5k5Join Date: 2013-03-18
Post Count: 42 |
>Now they have it in the main game loop, so if you crash it you hang the entire app
There has been another update since that, and they were aware of the bypass after the crash one. |
|
|
Oooh, an update? Sounds fun.
And yea, I kinda expected that they would notice the 'Roblox has crashed' dialog in all the script exec tutorials on youtube =P
Nice hat ;P |
|
dop5k5Join Date: 2013-03-18
Post Count: 42 |
Yeah, for some reason in the last version you could cause the caller subroutine to perform an infinite loop, which would bypass the check.
Seems it wasn't actually in the same thread as mostly everything else k. |
|
|
I actually noticed that. NOP'ing a LEA would force it to keep on failing a test and looping, but I assumed it was just being called by a game Job and as a subroutine.
What happens now? Did a quick test and it just seems to do the same thing. |
|
|
I just traced it back to the scheduler. I'm thinking there might be a way of removing it from said scheduler? |
|
|
The actual TaskShedular? If so, I doubt it since that handles mostly everything for the game...The call to the specific ProgramMemoryChecker sub seems to be static though, instead of reading the offset from a word |
|
|
Ooooh, that is EXTRA fun. It doesn't do a hard crash but instead acts like you Instanced a ManualSurfaceJoint! |
|
dop5k5Join Date: 2013-03-18
Post Count: 42 |
There are two return addresses for the subroutine that contains instructions that access memory btw k. |
|
|
Well, yea but the left one is if it doesn't even attempt to calculate a hashState, or if it hits an error. That might just be to see if it actually is still running? Try adding a jmp to that last label? |
|
|
Are we talking about the same "mov ebp,[ecx+04]"? |
|
dop5k5Join Date: 2013-03-18
Post Count: 42 |
@Render
Already reported a working bypass :P
|
|
|
Well that was quick. Not like you can get any more hats for a reward either =P
And popin, I don't think so? The sub I am looking at never uses ebp...? |
|
|
I found the sub that calls the manual crash though, so I can probably NOP that. Does that count as a 'bypass'? |
|
|
Annnnd bypass works. Stopping that call makes it not crash, but still disconnects. Infinite loop in sub here I come.
Roblox, i r disappoint. |
|
|
I set a breakpoint for access to an address... I have no idea what you're fighting. I'm just contesting the disconnect. |
|
|
Oh, you're editting the address that does a trace on .data segment? I tried that, but it seem to be a different address is calling every time.
The code I am looking at is the actual class that does the memory check, which I strangely can't find an xref to the subroutine I got from a trace from. So I'm a tad confused. |
|
|
I set a break and trace on the "clc" right after the checker. It came back out where the task scheduler should have been... |
|
|
I'm pretty sure we are all talking about different parts of the code. Also, even if I crash the thread that does the checks and disable the application-crasher, it still disconnects me. I probably have to do the LEA hax again =( |
|
|
Are we on version-5c703d6176af434b? |
|