Can anyone link me here the first MK11.exe and the MK11.exe from first update? Thanks! I wanna check-up on something in main thread profiling thread; if the CRC32 was there
EDIT: Welp, it's official. The other check's killed as well. Tried the Krypt, all's fine.
Can anyone link me here the first MK11.exe and the MK11.exe from first update? Thanks! I wanna check-up on something in main thread profiling thread; if the CRC32 was there
I'm uploading one from the previous update now, probable be another 5-10 minutes.
Well done great work.
Bypassing CE is possible manually on each run, which is the method I'm doing now by terminating thread 16, which is an unstable, but sufficient to me, method. However, your methods, since you have experience, seem so interesting and it's exciting to read what you are saying. It's simply amazing to see how little time it took you to get all that. Kudos to you! Thank you for accepting our pleas and looking into this
Can anyone link me here the first MK11.exe and the MK11.exe from first update? Thanks! I wanna check-up on something in main thread profiling thread; if the CRC32 was there
EDIT: Welp, it's official. The other check's killed as well. Tried the Krypt, all's fine.
Tell me one more thing; are you guys using D3D11 or D3D12?
Get this: [Link]. Install it, open it, head to MK11.exe in the list, double-click it and go to the Modules tab. In here, click the first column header to sort modules alphabetically, then scroll to find your DX lib:
Based on the replies I will post a nice proxy DLL. Just so I don't touch the game's modules
So @Sunbeam, thanks again but I've got a few remarks and questions.
First of all, how did you locate the thread function that triggers anti CE? I don't mean actually, I mean logically. When you sit down and say "let's find the anti-ce function" what do you do? Are there particular routines that you try? For me I just try to launch CE, get the message box, and trace the call stack and break on the caller function.
Second of all, there are 5 looping threads:
- Thread 16 (what I posted earlier) in charge of Anti-CE
- Thread 17 (directly after thread 16) in charge of exiting the game on crc fail
- Thread 21/23 (I'm unsure) in charge of reading the running process names (open procmon you'll notice CreateFileW opens every process u have)
- Thread 80/81 (unsure) in charge of spamming CreateFileW on all hid devices
- Main Thread keeps looping around for some reason
My other question is once I disabled Threads 16, 17, and 21/23 (simply terminate in x64dbg) the game would throw exception violation instead of crashing (which proves that I did sth right?), but I can't move forward as game cannot progress anymore. This deemed it impossible for me to run AOB Injections in CE since changing the code still forces game to quit, so can you tell me what approach did you do so that you caused the game to resume properly?
_________
Finally, while we're at it, and if you love challenges so much, I challenge you to take a look at the ini/eng/json files encryption. They're protected with what I believe is XOR -> AES -> oodle. They're loaded at [Link]. The functions that work on them are CreateFileW (from the import module at mk11, not the export model at kernelbase32.dll). They are called 3 times per file before being actually read. First call is to get size, 2nd call is to compare against the ContentValidation.txt SHA1 hashes, 3rd call is to read and decrypt the files. Think you're interested in taking a jab?
Your work interest me as Reverse Engineering is one of my favorite fields, and I feel like I can learn a lot from you. The video posted by Tim last week was my first attempt at x64dbg, and I would love to say that because of it I was able to create a Mod Loader for the game. Thanks to both of you for your amazing work.
Posting it later today; need to get some sleep While at it, also fuck Microsoft and their idiotic decision to stop allowing inline __asm into x64 C++ Really.. FUCK YOU. Had to go extra lengths to get a fucking "JMP QWORD PTR [API]". Don't get me started with MingW and gcc.
So fucking easy...
It should work even so 
Really.. FUCK YOU. Had to go extra lengths to get a fucking "JMP QWORD PTR [API]". Don't get me started with MingW and gcc.
