Hint: there are multiple Windows versions with multiple service packs and thousands of updates. What’s the other thing? What will you be comparing it against?
#Good dll injector for roblox code
One thing here is the machine code of EnumProcessModules() function. Look, comparing things requires at least two things.
Refer to where I addressed: “You cannot scan system functions because you’ve got nothing to compare the code against.” I probably misworded this as well, but I didn’t mean actually scanning kernel-mode memory, I meant KERNE元2.DLL which is already loaded within the ROBLOX process. "And ultimately, you cannot scan kernel-mode memory. I don’t recall mentioning this unless I misworded something. “Also you cannot possibly scan all internal Windows functions that EnumProcessModules() might be calling.” If(memcmp((LPVOID*)KernelGetTickCount, (LPVOID*)kerneltickcheck, sizeof((LPVOID*)kerneltickcheck))!=0)Ĭout << (LPVOID*)KernelGetTickCount << endl Ĭout << "Kernel Copy Tick Address: " << "0x" Ĭout << (LPVOID*)kerneltickcheck << endl Memcpy((LPVOID*)kerneltickcheck, (LPVOID*)KernelGetTickCount, 26) HANDLE KernelGetTickCount = GetProcAddress(GetModuleHandle(L"KERNE元2.DLL"), "GetTickCount") You can compare system functions by allocating memory, copying it with memcpy, and comparing it with memcmp, I did it in my program. “You cannot scan system functions because you’ve got nothing to compare the code against.” I think you’re misunderstanding what I’m saying a bit, you can’t vmprotect system functions, yes, but where ROBLOX calls the function from the module that area of code can be vmprotected because the memory check is vmprotected too. You cannot scan system functions because you’ve got nothing to compare the code against.Īlso you cannot possibly scan all internal Windows functions that EnumProcessModules() might be calling.Īnd ultimately, you cannot scan kernel-mode memory. Look, I would suggest you learn a bit more about Windows programming, before we get further into the topic. But for the actual Windows Function of it in Kernel32.dll can also be scanned by some sort of memory check, a method for that I can think of for that off of the top of my head would be using memcmp & memcpy for a basic security check. The EnumProcessModules() function being used in the client could be in some VMProtected area or protected by the memory check, so I don’t think it matters too much. I see that problem and I’m not really sure how you’d go about solving that other than adding as much DLLs as possible to the white list, but that’s a little time consuming.ġ. Or rather, nvidia and ati supply their own version of openg32.lib with their graphics drivers. opengl32.dll loads either nvoglv32.dll or atioglxx.dl depending on what graphics hardware you happen to run.
The problem is, DLLs can load other dlls, e.g. So that would store the DLLs roblox uses and wants to allow and checking for incorrect matches There’s also the idea for a DLL white list. Yes! It’s a perpetual game of cat and mouse.Ģ. Do you mean if the injector actually modifies the function for EnumProcessModules() via the memory? Just my thoughts, but I think a form of anti DLL injection is a good idea, not ordering you guys around though.ġ. When I say “modules” I mean things like: RobloxPlayerBeta.exe, ntdll.dll, KERNE元2.dll HANDLE RobloxProcess = OpenProcess(Access, InheritHandle, rpid) Īnother idea is that you can make a whitelist and allow certain dlls like Xfire to operate but most others to not operate So I’ve come up with a fairly basic solution to this if you guys haven’t thought of it or aren’t able to do it because it’ll open more errors, but why not make it so that the client stores the list of the modules that the client actually uses in an array and then keep checking if the length of the array goes above what it’s supposed to? Example: // sorry you may not like the way I program, keep in mind this is example code I’m positive that they’ve annoyed the people who develop games on here a lot and have at times, made your game unplayable. I’m also sure a lot of you are familiar with these “Alx” and “Nyx” exploits and all those programs that do the same thing. I’m sure most of you are aware of what a DLL(Dynamic Link Library) is. I believe there should be Anti DLL Injection. I thought this would be a good idea or a step further in client security so, here’s my idea.
0 kommentar(er)
