Closed tyackman closed 10 months ago
Are you hooking 48 89 5C 24 08 57 48 83 EC 20 48 8B B9 18 02
? I'll try to fix this in my PR
Nope. Nothing has been hooked additionally.
happened again(modified, packed version): [16:29:31.0923931][INFO/QueueDependency.cpp:52] Caught unwanted dependency: RDR2.exe+ADE790
You're somehow breaking the anticheat patch. Can you list some of your changes? This is the function that is being blocked
char __fastcall rage::Security::SigScanLoop(__int64 a1)
{
int v1; // eax
_DWORD *v2; // rdi
__int64 sig_scan_data; // rbx
__int64 v5; // [rsp-10h] [rbp-28h] BYREF
LARGE_INTEGER time_to_scan; // [rsp+20h] [rbp+8h] BYREF
LARGE_INTEGER v7; // [rsp+28h] [rbp+10h] BYREF
LARGE_INTEGER v8; // [rsp+30h] [rbp+18h] BYREF
__int64 v9; // [rsp+38h] [rbp+20h] BYREF
v2 = *(a1 + 0x30);
sig_scan_data = *(*(a1 + 0x28) + 0x798i64);
sub_7FF777F8CCF8(&time_to_scan);
while ( 1 )
{
v1 = rage::Security::ProcessSigScans(sig_scan_data, &time_to_scan);
if ( v1 == 2 )
break;
if ( v1 != 3 )
{
if ( v1 == 1 )
{
QueryPerformanceCounter(&v7);
time_to_scan = v7;
}
QueryPerformanceCounter(&v8);
if ( ((v8.LowPart - time_to_scan.LowPart) * *&script_time_within_frame_in_microseconds) <= 1000.0 )
continue;
}
*v2 = 2;
return 1;
}
v9 = 0i64;
rage::Security::StoreSecureVariable(sig_scan_data, &v9);
v5 = -1i64;
rage::Security::StoreSecureVariable(sig_scan_data + 96, &v5);
*(sig_scan_data + 0xC0) = 1;
*v2 = 3;
return 1;
}
It does have an anti-debugger thread running including the use of virtualalloc writewatch and some other common antidebugger memes. I'm calling ThreadHideFromDebugger on the debugger thread as well. Only feature I added to the menu that would remain on when I load the menu would be lawless mode (LAW::_SET_LAW_DISABLED). Ive also included cprlib to the cmake lists and use that for web requests. Binary packed using Themida. And incase u get any intrusive thoughts, no, I'm not selling this, its a meme for my friends and I l0l.
Additionally I have added a ped/composite/treasure chest spawner, player model scale and weather changer but they weren't used at the time of the crashes so I don't think they matter, but here they are anyways...
Been testing without the anti-debugger and still caught @ RDR2.exe+ADE790. That leaves Themida on the table pretty much... I guess ill test without packing for a while
Edit: Just caught it again, without using Themida. Not sure...
You'll have to go further and match horsemenu code 1:1 and bisect all the way back to your current fork
It happens on unmodified horsemenu as well. RDR2.exe+ADE790. Happens when loading the menu whilst connected to a server.
It happens on unmodified horsemenu as well. RDR2.exe+ADE790. Happens when loading the menu whilst connected to a server.
Yeah, that makes sense. You're supposed to load the menu in SP or the landing page to completely disable the anticheat
Slow brain moment lol. Thanks m8.
[22:53:27.2553484][INFO/QueueDependency.cpp:52] Caught unwanted dependency: RDR2.exe+27F3254
This is all I got, there was no stack trace, this was also on my modified version, not vanilla horsemenu
Edit: this version was probably packed with themida forgot about that, sorry.