Ch40zz

@valigo If the developers implement it correctly these checks run once every 10 seconds or only on special events such as loading screens, when entering a car or w/e. Also his research is done on an old version using VMP - new versions have a dif VM. Whole malware and ACs run in VMs too.

Finally learned why Denuvo destroys performance. It runs normal code through a fantasy stack-based VM that jits the code back together with a bunch of junk jumps on the fly, completely trashing CPU cache and undoing optimizations that developers worked hard on. And this is apart from constant timing and fingerpringing, and a bunch of other evil stuff. Truly a bane of gaming.

This YouTube Twitch Game Bro says he's been a hacker for 20 years and did anti cheat stuff at Blizzard He said he pulled it out into assembly, grabbed the code cave (?) and removed "the polymorphic" (?). What the fuck is this guy talking about youtube.com/shorts/LY2hG-_…

Gamers express concern over anti-cheats and assert them to be spyware running as "root" on Windows. Malware doesn't need to be ran at an elevated privilege (especially "root") to achieve it's objective of exfiltrating sensitive information or "spying" on you by watching what you're doing. All of this can be achieved easily from user mode and can (usually) work even in restricted environments. tl;dr these large game publishers don't need an anti-cheat to spy on you. They can do it easily from user mode.

@LucyIsZombie @NetEaseGames_JP @NetEaseGames_EN @NetEase_Global @MarvelRivals Oh nooo you are right! They make use of "LibreHardwareMonitor" which *still* after all the bad news is using WinRing0... my god Embedded driver here: github.com/LibreHardwareM… Still, why is it dropped as powershell.sys? That was done by Marvel Rivals devs, not by LibreHWMonitor.

@Ch40zz_ @NetEaseGames_JP @NetEaseGames_EN @NetEase_Global @MarvelRivals they launch this for that file

@NetEaseGames_JP @NetEaseGames_EN @NetEase_Global @MarvelRivals What's the reason you guys drop a vulnerable and exploitable driver called WinRing0 (version 1.2.0.5) on everyone's machine and try to hide it as powershell.sys in a legitimate powershell system folder?

@AzakaSekai_ That is no valid reason to require the main game executable to have admin rights?? You can install a service and modify DACL so it can start without admin for example. This is horrible, lazy and insecure design. At least EasyAntiCheat and BattlEye got that correct.

@Ch40zz_ Hoyo is unfortunately not alone - a lot of games require admin access to have the kernel AC temporarily installed. Another one I can think of off the top of my head is NIKKE.

yeah you can use any of these DLLs ZZZ will just eat it up not that this is anything special just funny TAs are using it (also elevation is required by default for any Hoyo games)

@GatorzVR @AzakaSekai_ That is no valid reason to require the main game executable to have admin rights. You can install a service and modify DACL so it can start without admin for example. This is horrible, lazy and insecure design.

@adinathenerd @justmazz_ @gamingatdenuvo No. Devs pay them to get access to the tooling and the actual implementation into the game is done by the game devs. If you virtualize/protect a function running 2000 times a frame it will obviously start to lag. Capcom is notorious for doing it wrong. Game devs have little time.

Life is all about simple pleasures 💜

@Jonathan_Blow All my hope is now on the Snapdragon ARM CPUs for laptops, I pray they fix many of the efficiency issues that plagued my last few laptops. The rest can be fixed with software hacks if you invest some time. Shouldn't be required when paying that much...

@Jonathan_Blow Sounds to me like a bad mix of crappy hardware (x86 is unusable for laptops for a while now, let's hope ARM can fix this efficiency mess for Win too), bad BIOS impl and OS nonsense e.g. malware scans when you don't move your mouse for 30 secs. Had many issues with new laptops too

*** Deeply Negative Tweet Alert!!!!!! *** My ASUS Rog Strix G16 super hyper gaming laptop has lasted approximately 1 year before destroying itself. For about a month it has been in a mode where it's impossible to sleep it (and there is no Hibernate option in Windows any more, it's just Sleep when you are done), so it always wakes up and starts cooking itself in your bag or wherever, and it frequently just starts getting super hot and running fans even when asleep. Now it has cooked itself so hard that the display is going on the fritz, and it feels like imminently I will no longer be able to use the laptop at all. The thing is, this is typical. (I am using this laptop because the other $4000 laptop I bought last year, the Razer Blade 16, was totally unusable out of the box). Every high-end laptop I have bought in the past 6 years has had issues that cause it to deteriorate quickly if you actually use it daily. (I have bought 5 laptops in the past 6 years.) The whole time I have used this laptop before it cooked itself to death, it was bad at basic things, like the audio would skip once in a while, it would inexplicably throttle up or down in performance at weird times, often the SSD is *excruciatingly* slow when the laptop is not plugged in, etc. Completely unacceptable for a high-end laptop, but again, this is typical. There is no amount of money you can spend to make these problems go away. Linus Tech Tips, Dave2D, etc will tell you none of this. They won't even tell you that a laptop is unusable out of the box. They just rave about how thin the bezels are, and how many nits, or some garbage. It's absurd and all these reviewers should lose their jobs. Next laptop I am going to go at least slightly cheaper and non-"gamer" because maybe those will work slightly better. I don't hold out any hope that a laptop would work completely. I have been a heavy laptop user for decades, and I just don't think people understand how reliable and good a Thinkpad T41 was, back in the day. There is nothing like it today; modern laptops are cheap trash in comparison (but they at least contain fast CPUs and GPUs and other things that make number go up to sell to the people who will inevitably be disappointed).

@markrussinovich The driver was abused in a bunch of cheats so yeah, fair game.

@7ndrew This is the VMProtect integrity-check fail dialog... It means the file on disk has been modified by a program, probably malware. Scan your computer for malware instead of blaming the Company lmao

I saw on Reddit that Ubisoft was revoking licensed to The Crew in their launcher. So I opened the launcher and got greeted to The™ Most™ Fucking™ Pathetic™ error message ever. I'm wheezing.

> Want to reverse engineer notepad.exe for lulz to figure out what hotkey is toggling right-to-left reading order because I keep hitting it accidentally > MBA obfuscated imports

@ootiosum This is how I hardened my HV against EAC annoyances too btw, takes a bit of time but you should have all the info required to fix the issue

@ootiosum Still sounds like PG checking for non-legit HVs running on the system. Implement a serial logger and buy a small serial to USB dongle, use putty or w/e on a second PC to read the logs. Just spam info in all vm exits and check the logs to what the last few exits were + ext info.

@intigriti The close button.

What's the first thing you look for when you open a JavaScript file️? 👀

@pcwalton ASan found 2 bugs in total when we introduced it. after that it never found anything again. so yes, depending on the team it might simply not find any issues, especially when talking about automotive and MISRA C

Sorry, when I see this I just assume people aren't telling the truth. I have literally never seen a C++ codebase that doesn't fall over when you first point ASan at it.

@timmisiak Desktop duplication should work on nearly everything unless someone called the DRM API (SetWindowDisplayAffinity). If you want to get your hands dirty, hooking into DWM (DirectX 11 Present) can capture literally everything that is not fullscreen. Goes well together with Desk Dup

Capturing video from a window on Windows is such a mess. The WindowsGraphicsCapture API (win10+) works for Task Manager but "BitBlt" doesn't. But on the WinDbgNext settings dialog, BitBlt is the only method that works... WindowsGraphicsCapture doesn't!

@samrussellnz CPU: *crying in Kernel CET exceptions*

Having trouble with fake JMP obfuscation with PUSH/RET? Here's a way to remove this using Binary Ninja workflows lodsb.com/binary-ninja-w…