yukieiji
commented
6 months ago It appears to be starting bypassing EAC, but EAC seems to be working because of an access error to the protected memory area.
Will other mods besides UE work correctly?
Closed d0clan closed 6 months ago
yukieiji
commented
6 months ago It appears to be starting bypassing EAC, but EAC seems to be working because of an access error to the protected memory area.
Will other mods besides UE work correctly?
d0clan
commented
6 months ago nah, when you starting the game with what i was saying, the eac is not loaded, you can literally even attach with cheat engine, besides you cant be get in game since the game cant find the eac.
other mods i tested HWIDPatch and RuntimeGraphicsSettings they are fine, here you can find https://github.com/knah/ML-UniversalMods
most of game mods stopped update due to EAC, and deobfuscate map provided by melonloader also deleted, so 90% of old mods are not working anymore, because these mods are build depend on deobfuscate map
yukieiji
commented
6 months ago nah, when you starting the game with what i was saying, the eac is not loaded, you can literally even attach with cheat engine, besides you cant be get in game since the game cant find the eac.
Even if the EAC isn't activated, it appears that some defense mechanism is activated because the memory allocated by the VRChat that the UE tried to access is protected.
other mods i tested HWIDPatch and RuntimeGraphicsSettings they are fine, here you can find https://github.com/knah/ML-UniversalMods
Are there any mods for VRChat that aren't generic mods that will work?
most of game mods stopped update due to EAC, and deobfuscate map provided by melonloader also deleted, so 90% of old mods are not working anymore, because these mods are build depend on deobfuscate map
As long as MelonLoader that mod's loader can't support VRChat (and has given up), there is almost nothing I can do about it(Even if there is a means, accessing protected memory areas is tantamount to an act of hacking VRChat, it against the spirit of wholesome modding)
d0clan
commented
6 months ago tried to access is protected.
Can you tell what is the behaviour like? is the il2cpp_runtime_class_init trying to init with unreadable memory? or maybe what you get from debugging?
Are there any mods for VRChat that aren't generic mods that will work?
I think no.
As long as MelonLoader that mod's loader can't support VRChat (and has given up), there is almost nothing I can do about it
No, in fact is not, they're more like rage quits because vrchat doesn't care about the mod community,
accessing protected memory areas is tantamount to an act of hacking VRChat, it against the spirit of wholesome modding
Technically, 90% of mods cant leave the 'protected' memory when they using hook, you know patching .text is also trying to write on protected memory right? (.text is readable,executable but not writable)
accessing protected memory areas is tantamount to an act of hacking VRChat, it against the spirit of wholesome modding
Modding itself is a hack(same behaviours in anticheats eyes), the only thing that differs from cheating is that what it's trying to do is not provide unfair features. i know this not sounds good
I still want your help, in vrchat's map development you can test any map locally (without any anti-cheat measures in local testing), I'm working on a mod to help people understand what's going wrong with their map script when the script halted.
yukieiji
commented
6 months ago Can you tell what is the behaviour like? is the il2cpp_runtime_class_init trying to init with unreadable memory? or maybe what you get from debugging?
The following error exists in the log provided.
Fatal error. System.AccessViolationException: Attempted to read or write protected memory. This is often an indication that other memory is corrupt.
Repeat 2 times:
--------------------------------
at Il2CppInterop.Runtime.IL2CPP.il2cpp_runtime_class_init(IntPtr)
--------------------------------
at Il2Cpp.MonoBehaviourPublicObLi1DiOb2InObGaDiUnique..cctor()
at System.Runtime.CompilerServices.RuntimeHelpers.RunClassConstructor(System.Runtime.CompilerServices.QCallTypeHandle)Looking at this error and the stack trace it appears that UE is trying to access and construct a Unity class when creating the GUI and it isn't working because the area is protected So I think that the UnityEngine DLL used by VRChat is protected when loaded, etc.
I think no.
I haven't read the code of this generic mod in much detail, but I suspect that the reason these mods work is one of the following
UE, by its nature, adds a lot of functionality, so it is possible that the above could work if rewritten natively as it is working. However, I don't see the value of spending a lot of time and making a lot of changes to something that I don't even know if it will work and will likely stop working after future updates(Like any other modder)
Technically, 90% of mods cant leave the 'protected' memory when they using hook, you know patching .text is also trying to write on protected memory right? (.text is readable,executable but not writable)
It isn't possible to read the protected memory area, in fact, this issue occurs when trying to access the protected memory area for reading.
Modding itself is a hack(same behaviours in anticheats eyes), the only thing that differs from cheating is that what it's trying to do is not provide unfair features. i know this not sounds good
I think that bypassing what is protected and making it readable is almost like hacking...
d0clan
commented
6 months ago UnityEngine DLL used by VRChat is protected when loaded, etc.
I don't know if you think this is an anti-cheat issue, but if so, i'm no offensive to say you may not knowing how native things work, this is understandable.
It isn't possible to read the protected memory area, in fact, this issue occurs when trying to access the protected memory area for reading.
This is wrong, System.AccessViolationException: Attempted to read or write protected memory. is told the error at unmanaged code, the access violation is normal error when e.g. reading memory at non-exists address 0x0000001
also e.g. attemp to write memory at non-writable memory zone, you get same exception when you do this. The literal 'protected' is not meaning protected by anticheat, like how UE can detect if there is anticheat running and know the memory is protected? the answer is no, it doesn't.
So i would say better inspect what is the actually issue than say it's by like anticheat or other reasons.
Simple mod that only makes method calls
It's hook, check source. https://github.com/knah/ML-UniversalMods/blob/main/HWIDPatch/HWIDPatchMod.cs#L47
I think that bypassing what is protected and making it readable is almost like hacking...
Let's say only in programming, changing protect attributes (read/write/execute) is very very normal thing. The bypassing is different than that, directly launch the game is means without anticheat on, if there is no anticheat, no way you call it bypass. Only way you call it bypass when somehow you can do same thing with anticheat is on.
UE, by its nature, adds a lot of functionality, so it is possible that the above could work if rewritten natively as it is working. However, I don't see the value of spending a lot of time and making a lot of changes to something that I don't even know if it will work and will likely stop working after future updates(Like any other modder)
I think this maybe related to the internal structure changes since Unity 2022.3. I have seen similar issues talking about this in il2cpp related github repositories.
in short, i dont like to trouble others, if you think there is no need to check, i total understand.
yukieiji
commented
6 months ago First of all, this issues isn't an internal UE bug, but an internal issue that occurs when we call some ordinary C# code.
So the solution is quite simple, just make this pointer-getting code something else, if I can ignore the fact that I can't find that other thing.
yukieiji
commented
6 months ago I don't know if you think this is an anti-cheat issue, but if so, i'm no offensive to say you may not knowing how native things work, this is understandable. It isn't possible to read the protected memory area, in fact, this issue occurs when trying to access the protected memory area for reading. This is wrong, System.AccessViolationException: Attempted to read or write protected memory. is told the error at unmanaged code, the access violation is normal error when e.g. reading memory at non-exists address 0x0000001 also e.g. attemp to write memory at non-writable memory zone, you get same exception when you do this. The literal 'protected' is not meaning protected by anticheat, like how UE can detect if there is anticheat running and know the memory is protected? the answer is no, it doesn't. So i would say better inspect what is the actually issue than say it's by like anticheat or other reasons.
If you want to say that the information passed in the above method is incorrect (e.g. 0x0000001, etc.), can you provide details of the obfuscated component, e.g. with images?(What is the name of the component and is there a component that works properly?)
The current info alone doesn't give us any info beyond some protection has occurred and this issue is occurring.(It looks that way, including the fact that MelonLoader has given up on responding)(I'm telling you that.)
I think this maybe related to the internal structure changes since Unity 2022.3. I have seen similar issues talking about this in il2cpp related github repositories.
Can you give us more details about the issues? I'm not sure if it's a issue, but I'm sure it could help us solve it.
d0clan
commented
6 months ago I also tested other versions, but they produced different errors. The UnityExplorer.ML.IL2CPP.dll release initialize failed with log
[13:34:12.876] [UnityExplorer] UnityExplorer 4.11.2 initializing...
[13:34:12.896] [UnityExplorer] [UniverseLib] UniverseLib 1.5.6 initializing...
[13:34:12.914] [UnityExplorer] System.ArgumentException: Class System.Object does not inherit from a class registered in il2cpp
at UnhollowerRuntimeLib.ClassInjector.RegisterTypeInIl2CppImpl(Type type, Boolean logSuccess, INativeClassStruct[] interfaces)
at UnhollowerRuntimeLib.ClassInjector.RegisterTypeInIl2Cpp(Type type, Boolean logSuccess)
at UnhollowerRuntimeLib.ClassInjector.RegisterTypeInIl2CppImpl(Type type, Boolean logSuccess, INativeClassStruct[] interfaces)
at UnhollowerRuntimeLib.ClassInjector.RegisterTypeInIl2Cpp(Type type, Boolean logSuccess)
at UnhollowerRuntimeLib.ClassInjector.RegisterTypeInIl2CppImpl(Type type, Boolean logSuccess, INativeClassStruct[] interfaces)
at UnhollowerRuntimeLib.ClassInjector.RegisterTypeInIl2Cpp(Type type, Boolean logSuccess)
at UnhollowerRuntimeLib.ClassInjector.RegisterTypeInIl2CppImpl(Type type, Boolean logSuccess, INativeClassStruct[] interfaces)
at UnhollowerRuntimeLib.ClassInjector.RegisterTypeInIl2Cpp(Type type, Boolean logSuccess)
at UnhollowerRuntimeLib.ClassInjector.RegisterTypeInIl2CppImpl(Type type, Boolean logSuccess, INativeClassStruct[] interfaces)
at UnhollowerRuntimeLib.ClassInjector.RegisterTypeInIl2Cpp(Type type, Boolean logSuccess)
at UnhollowerRuntimeLib.ClassInjector.RegisterTypeInIl2CppImpl(Type type, Boolean logSuccess, INativeClassStruct[] interfaces)
at UnhollowerRuntimeLib.ClassInjector.RegisterTypeInIl2Cpp(Type type, Boolean logSuccess)
at UnhollowerRuntimeLib.ClassInjector.RegisterTypeInIl2CppImpl(Type type, Boolean logSuccess, INativeClassStruct[] interfaces)
at UnhollowerRuntimeLib.ClassInjector.RegisterTypeInIl2Cpp(Type type, Boolean logSuccess)
at UnhollowerRuntimeLib.ClassInjector.RegisterTypeInIl2CppImpl(Type type, Boolean logSuccess, INativeClassStruct[] interfaces)
at UnhollowerRuntimeLib.ClassInjector.RegisterTypeInIl2Cpp[T]()
at UniverseLib.UniversalBehaviour.Setup() in D:\a\UnityExplorer\UnityExplorer\UniverseLib\src\UniversalBehaviour.cs:line 25
at UniverseLib.Universe.Init(Single startupDelay, Action onInitialized, Action`2 logHandler, UniverseLibConfig config) in D:\a\UnityExplorer\UnityExplorer\UniverseLib\src\Universe.cs:line 101
at UnityExplorer.ExplorerCore.Init(IExplorerLoader loader)
at UnityExplorer.ExplorerMelonMod.OnApplicationStart()
at MelonLoader.MelonEvent.<>c.<Invoke>b__1_0(LemonAction x) in D:\a\MelonLoader\MelonLoader\MelonLoader\Melons\Events\MelonEvent.cs:line 174
at MelonLoader.MelonEventBase`1.Invoke(Action`1 delegateInvoker) in D:\a\MelonLoader\MelonLoader\MelonLoader\Melons\Events\MelonEvent.cs:line 143If you want to say that the information passed in the above method is incorrect (e.g. 0x0000001, etc.), can you provide details of the obfuscated component, e.g. with images?(What is the name of the component and is there a component that works properly?)
I wrote down how to test it when I opened this issue. The game is free, but I still provide you with screenshots. https://imgur.com/a/31mnLtI
this is called ResourceManager in deobfuscate map:
.MonoBehaviourPublicObLi1DiOb2StObObObUnique;I2.Loc.ResourceManager;164
The current info alone doesn't give us any info beyond some protection has occurred and this issue is occurring.(It looks that way, including the fact that MelonLoader has given up on responding)(I'm telling you that.)
i understand
Can you give us more details about the issues? I'm not sure if it's a issue, but I'm sure it could help us solve it.
I'm not very good with the internals of il2cpp, I can only find a few things for you that I 'think' it's relevant: https://github.com/BepInEx/Il2CppInterop/pull/70 https://github.com/sneakyevil/IL2CPP_Resolver/pull/38
yukieiji
commented
6 months ago I also tested other versions, but they produced different errors. The UnityExplorer.ML.IL2CPP.dll release initialize failed with log
IL2Cpp is still incomplete in many parts and there are some time that need to be corrected through updates
this is called ResourceManager in deobfuscate map: .MonoBehaviourPublicObLi1DiOb2StObObObUnique;I2.Loc.ResourceManager;164
Is it possible to retrieve information about MonoBehaviourPublicObLi1DiOb2StObObObUnique being ResourceManager from within the game or from a system associated with the game?
If you want me to de-obfuscate it, I will decline, as it is against VRChat's community guideline's.
Either way, since VRChat's community guideline's says that reverse engineering or bypassing anti-cheat is not allowed, I would judge that an fix that bypasses EAC and allows the use of UE would be against that(I don't want to get into trouble) Therefore, I will no action to this matter.
d0clan
commented
6 months ago Is it possible to retrieve information about MonoBehaviourPublicObLi1DiOb2StObObObUnique being ResourceManager from within the game or from a system associated with the game?
all the thing you need is clearly in my screenshot i provided in preiously comment.
If you want me to de-obfuscate it, I will decline, as it is against VRChat's community guideline's.
i never wanted it?
Either way, since VRChat's community guideline's says that reverse engineering or bypassing anti-cheat is not allowed, I would judge that an fix that bypasses EAC and allows the use of UE would be against that(I don't want to get into trouble)
lol, i never asked for bypass EAC or reverse engineer to VRChat, even i tried hard to explaining to you that i'm not asking for bypass anticheat or reverse engineering to VRChat and you dont seems to read. i first open this issue with title related to Unity 2022.3 not the VRChat itself, i mentioned this game because UE is not working on it, and its made with Unity 2022.3.
this is literally good reason for you to do support for higher unity version, but can't believe you don't read what im saying all the time and end up with refuse to violate guidelines, like what is this has thing to do with guidelines. what a joke.
Therefore, I will no action to this matter.
understood.
I don't want to make things worse, but you owe it to yourself to re-read the entire issue, what I'm saying and what your reply misunderstood. I will not return to this issue, nor do I recommend that you continue to reply here. You have already proven something.
yukieiji
commented
6 months ago lol, i never asked for bypass EAC or reverse engineer to VRChat, even i tried hard to explaining to you that i'm not asking for bypass anticheat or reverse engineering to VRChat and you dont seems to read. i first open this issue with title related to Unity 2022.3 not the VRChat itself, i mentioned this game because UE is not working on it, and its made with Unity 2022.3. this is literally good reason for you to do support for higher unity version, but can't believe you don't read what im saying all the time and end up with refuse to violate guidelines, like what is this has thing to do with guidelines. what a joke.
I know I've been told I don't have to reply, but I just wanted to say a few words.
If you are right, and this issue caused by Unity v2022.3, then I will gladly fix this issue, but the information currently provided doesn't give me any more information than it is a VRChat specific issue.
And if I want to investigate this in VRChat, I have to bypass the EAC and launch VRChat, which I don't want to do, as that would conflict with the community guidelines.
I'm locking this as no further conversation or replies are needed.
From the Developer
VRChat's guidelines ban bypassing the EAC and reverse engineering. Therefore, I will no action to VRChat as I think it's a conflict of this.
Original Ticket
Are you on the latest version of UnityExplorer?
Which release are you using?
MelonLoader IL2CPP CoreCLR
Which game did this occur on?
VRChat (Unity 2022.3.6.11724)
Describe the issue.
crashed when trying to access obfuscated component or any normal class including obfuscated class as member/variable. how to trigger? inspect a gameobject and click on obfuscated component. note: the game has eac, however, you can still use melonloader by launch the
VRChat.exein game folder. when in game, you might see error message but it doesnt matter, there will bePlayerManager xxxin scene, it has a obfuscated component for you to inspect. i think this is not caused by obfuscate, this issue is starts from when VRChat switched to Unity 2022 from 2019 as far as i know. thanks in advance.Relevant log output