Im curious as to how you have found the memory values to change

[Celibistrial]

sorry for opening a thread , but i couldn't find another way to contact you

[34736384]

just static analysis using ida

[Celibistrial]

Ok ill try using that software (the software i was using gets blocked by mhyprot)

[Celibistrial]

Also how do you get past mhyprot?(The code you inject into genshin)

[34736384]

static analysis is only analyzing the file on disk, there were no need to have the game running. as of handle bypass, the parent process(unlocker) has a full access handle to child process(game) unless the handle is stripped on launch

for the fps unlock feature there were no code being injected into the game, it's only changing an integer inside a rw region

[Celibistrial]

Ohh ok, Thanks a lot! I have one more question how did you find the integer to change, I opened up genshinimpact.exe in ida and there is not really a clear indication of which variable does what. How did you fine the correct variable?

[Celibistrial]

Also since you have a full access handle to the game mhyprot cant detect writes to the game process memory right?(I had thought the way it worked is it runs all the code before mhyprot launches, but apparently not because you can change fps cap after game launch)

[34736384]

mhyprot cant detect writes to the game process memory right? they can if they wanted to

for the fps value, if you take a look at the source, the value resides in unityplayer

[Celibistrial]

So you opened UnityPlayer.dll in ida? (to find the address) Also what settings to do you use ?

[34736384]

just defaults

[Celibistrial]

So I have found the signature and stuff. Wrote the code, unfortunately, the memory address I want to modify resides in GenshinImpact.exe, which is protected by mhyprot2. CheatEngine is able to bypass mhyprot2 (so it can access and change memory addresses) if it attaches to the game before mhyprot2 loads. Do you know how to bypass it?

[34736384]

just use the same method as shown in my source

[Celibistrial]

Your code modifies an address in UnityPlayer.dll which is not protected by mhyprot2.(I can read and write to UnityPlayer.dll but not to GenshinImpact.exe.).

[34736384]

Your code modifies an address in UnityPlayer.dll which is not protected by mhyprot2 No, UnityPlayer.dll is a part of GenshinImpact.exe which is indeed protected by the driver. There isn't a way to open a handle to a DLL. The handle it's called a process handle, and dll itself is not a process.

[Celibistrial]

Oh ok, thanks! I'll look into it further.

[Celibistrial]

Hmmm I've cloned your repo and modified the code(only the pattern scan function and signature are different) Exception thrown at 0x00007FF7BD4838B7 in unlockfps.exe: 0xC0000005: Access violation reading location 0x00000000000000C4.

[Celibistrial]

char* ScanBasic(char* pattern, char* mask, char* begin, intptr_t size)
{
    intptr_t patternLen = strlen(mask);

    for (int i = 0; i < size; i++)
    {
        bool found = true;
        for (int j = 0; j < patternLen; j++)
        {
            if (mask[j] != '?' && pattern[j] != *(char*)((intptr_t)begin + i + j))
            {
                found = false;
                break;
            }
        }
        if (found)
        {
            return (begin + i);
        }
    }
    return nullptr;
}

This is the pattern scan function.

[Celibistrial]

char* caddress = ScanBasic((char*)"9A 99 19 3B 9A 99 19 3B 00 00 80 BF 02 00 00 00 02 00", (char*)"9A 99 19 3B 9A 99 19 3B 00 00 80 BF 02 00 00 00 02 00", (char*)pi.hProcess, (intptr_t)sizeof(pi.hProcess));

I probably made a stupid mistake lol

[34736384]

I won't spoon feed so, That's not how you use your pattern scan Just look at my source and see how I utilized the pattern scan function

[Celibistrial]

Ok

[Celibistrial]

Thanks for your help, I have managed to complete the project, how high is the risk of a ban?(I'm changing the in-game sensitivity).