Re: Capcom took down fearlessrevolution MHW trainer
Posted: Mon Dec 10, 2018 10:13 am
@predprey: A few remarks (feel free to interfere where due):
- there are also timed/on-trigger checks; same scanners, but this time around "powered" by an in-game event (e.g.: gaining XP from a kil); to submit to the non-grinding alignment, this event would have to happen both not rarely, nor frequently (see Assassin's Creed: Unity); else there's a huge loss in performance, if, for example, they use the crypto markers on a health_read routine
- most of the reads are done on a table of hashed VAs; good thing the public scripts hit the spot, tipping them off which locations to include in that list
- there's no additional coding in the CH trainer; pure and blunt re-routing of the readers - so not SEH, not VEH; just JMPs - didn't expect anything else, to be honest; hence my condescending attitude on his pompous preaching (how else would he be able to say "there are 82 scanners" if not going through the tiresome grinding?
- "If too many people uses this method, Capcom can easily update the integrity checks again, changing the code signatures" - - exactly the logic behind the "I know the scanners location is different" statement; the VA can easily change if they change some compiler settings, not to mention every VMProtected target will use unique VMs with each enveloping action; so, for example, if you start doing some RE on v1.0's VMP and devs decide they forgot some shit, even though game doesn't get updated to v1.1 and is still v1.0, the fact that there's a new .exe will fuck up your analysis; different VMs..
- the post I referenced in my rant, taking you back to tuts4you, mainly MistHill's explanation, should suffice to work your way around the handlers; sure, might not be digestible for any reader, hence losing patience and blatantly ignoring the whole explanation unless there's some method or source-code to be used (yes, am still referring to Caliber here), but should prove a nice read, at least