X64dbg or cheat engines referenced strings search didn't find it. You can see my "Testy" as wstring in the dump( RDX address) - i found my string with a UTF-16 search with cheat engine. Simple console application that writes a "Testy" string with Console.WriteLineĬompiling/publishing created a executable and a DLLĮxecutable loops native code,then jumps to JIT code from the DLL and then again native code to call the Console.WriteLine(System.Console)Ĭall 7FFEFC6F1950 = Console.dll+1950 - precompiled NET Core (i never used it or have seen it in a game before) And some security stuff to prevent buffer overflows such as guard values. The actual executable might be compressed and uncompressed in memory at runtime or some crap. Some precompiled native stuff mixed with JIT bytecode. I think there is a few things going on under the hood. Poking through it with a hex editor I noticed it was also inserting some kind of a randomly generated word soup into the binary with broken fragments of html and so on. I put in some 'magic numbers' like a loop that ran 13371337 iterations and couldn't find them in there either. Now I know I wasn't running any obfuscation stuff. I make a "hello world" program, the produced dll seemed normal and I could find the string (as widechar utf16), but when I turned it into a executable (with trimmed and single self contained binary) I could no longer find the hello world string. From my limited poking around it does some weird stuff to executables. NET which is normally quite moddable as you can decompile the assemblies). I'm not sure that (or at least all of it) is actually deliberate obfuscation/anti-cheat or even the developers doing. Really funny how much shit is accessing the health value. I've reversed how it works and made a proper god mode for the steam version(works also for the windows-store version) Its not their first game with custom anti-cheat,looks like Devolver Digital really hates modding/cheating. Well, changing health value crashes the game and all strings are obfuscated.
0 Comments
Leave a Reply. |