Why is this AI slop here? The "author" deleted his twitter account and added the disclaimer at the top of this post that it's all written by AI and he's not an actual "programmer or reverse engineer". The fact that…
An interpreter for a machine language is usually just called an emulator.
I'm pretty sure it's just a small mistake in the article on the exact syscall used to query the token information. Checked a kernel from November 2024 vs a current one and from I can tell, this used to be the actual…
SRW lock uses the WaitOnAddress primitives nowadays, not keyed events.
Yes and no. The GTA SA bug was reading of an uninitialized variable. The value it contained was correct simply by chance as it was placed there by the previous invocation of the function and never overwritten by…
> The anti-tamper codes, if any tampering is detected will crash on undefined/unallocated regions. That's basically the whole point of any anti-tamper product. I just think you picked a terrible example of a feature…
> As Windows matures, behaviour can change, breaking certain stuff. How do you expect the aforementioned tech to break the games it's on? If anything it "breaking" will just make the anti-tamper feature ineffective.
> If people have enabled that setting, or left that default on, then that's their problem; it's not Windows Defender's fault. There is no such setting for Defender. The file scanning is either on or defender is…
> Let’s cut the bullshit, Defender is basically unchanged as a concept since Windows Vista or maybe even Windows XP. It runs completely fine on 15 year old hardware. Exactly. It's the same legacy scan every fucking…
By "actual code" I meant the assembly that the application logic compiles down to, not the entire executable. But as far as the entire package goes, compiling it using clang with some flags I can get down to 19.5k…
> those global variables... What about them? In a 500 loc app there is no practical difference and there's only ~20 of them with clear purpose. > Use std::string <...> or std::list <...> remove all the malloc, etc >…
The actual code in the repo definitely compiles to less than 10k. The rest is bloat from linking CRT statically.
> Are they able to load a .so/dylib file during runtime and just call a method on it as long as they know the name of the method? Yes, usually that's the entire point of an .so/.dylib/.dll - to load it and call it's…
Showing a 5000$ bounty example of "enumerating all apps" sounds a bit disingenuous when this is more of a "check if this exact app by bundle name was installed not through store. I also don't think that this deserves to…
> Also, it would be silly to bottleneck your protocol implementation benchmark on encryption that would be shared amongst implementations because that does not highlight your overhead advantages It would be great if…
> what is presumably a single core I would guess that it's not a single core benchmark and that's the speed of the overall multi-threaded system. > Is that considered fast? You can squeeze out around 5GB/s/core with…
You're missing the fact that there is basically no bug here. All this does is: * Store data in a database. * Kill AV software provided you have admin privileges. The latter might be remediated by MS down the line, but…
Because this has no actual value for anyone and MS would (did?) ignore him.
There is nothing inherently wrong with throwing an exception from an APC. Windows supports it and will unwind the stack correctly. If you wrote all the code absolutely nothing will go wrong. The issue is more about the…
> WDYM? The root cause is "you passed ownership to stack-based memory to the kernel and didn't ensure it's valid when it called you back", why would "consent of lower frames" matter here? There is no "called back" in…
> The problem boils down to usage of stack memory after the memory is given to somebody else. While this isn't incorrect in this case the problem seems to be caused by stack unwinding without the consent of lower frames…
> You can do DMA cheating if that’s a non-negotiable for you but it is far more expensive. Cheap DMA cards go for couple hundred dollars which isn't all that much. Although unlike what most people tend to believe, the…
> That seems like something that would be solvable with location-style differential privacy. Report a number of plausible locations to the client small enough that it can efficiently anticipate them all, but large…
> I said it because I think other kernel level anticheat don't do it. It is done by FACEIT and ESEA. > If I remember correctly I can just enable/disable the easy anticheat service, sane with the EA thing, I don't need…
> With the way that computer vision and AI continue to improve, I imagine that we will soon have completely external and undetectable cheating peripherals, simply capture the screen direct from the display output, and…
Why is this AI slop here? The "author" deleted his twitter account and added the disclaimer at the top of this post that it's all written by AI and he's not an actual "programmer or reverse engineer". The fact that…
An interpreter for a machine language is usually just called an emulator.
I'm pretty sure it's just a small mistake in the article on the exact syscall used to query the token information. Checked a kernel from November 2024 vs a current one and from I can tell, this used to be the actual…
SRW lock uses the WaitOnAddress primitives nowadays, not keyed events.
Yes and no. The GTA SA bug was reading of an uninitialized variable. The value it contained was correct simply by chance as it was placed there by the previous invocation of the function and never overwritten by…
> The anti-tamper codes, if any tampering is detected will crash on undefined/unallocated regions. That's basically the whole point of any anti-tamper product. I just think you picked a terrible example of a feature…
> As Windows matures, behaviour can change, breaking certain stuff. How do you expect the aforementioned tech to break the games it's on? If anything it "breaking" will just make the anti-tamper feature ineffective.
> If people have enabled that setting, or left that default on, then that's their problem; it's not Windows Defender's fault. There is no such setting for Defender. The file scanning is either on or defender is…
> Let’s cut the bullshit, Defender is basically unchanged as a concept since Windows Vista or maybe even Windows XP. It runs completely fine on 15 year old hardware. Exactly. It's the same legacy scan every fucking…
By "actual code" I meant the assembly that the application logic compiles down to, not the entire executable. But as far as the entire package goes, compiling it using clang with some flags I can get down to 19.5k…
> those global variables... What about them? In a 500 loc app there is no practical difference and there's only ~20 of them with clear purpose. > Use std::string <...> or std::list <...> remove all the malloc, etc >…
The actual code in the repo definitely compiles to less than 10k. The rest is bloat from linking CRT statically.
> Are they able to load a .so/dylib file during runtime and just call a method on it as long as they know the name of the method? Yes, usually that's the entire point of an .so/.dylib/.dll - to load it and call it's…
Showing a 5000$ bounty example of "enumerating all apps" sounds a bit disingenuous when this is more of a "check if this exact app by bundle name was installed not through store. I also don't think that this deserves to…
> Also, it would be silly to bottleneck your protocol implementation benchmark on encryption that would be shared amongst implementations because that does not highlight your overhead advantages It would be great if…
> what is presumably a single core I would guess that it's not a single core benchmark and that's the speed of the overall multi-threaded system. > Is that considered fast? You can squeeze out around 5GB/s/core with…
You're missing the fact that there is basically no bug here. All this does is: * Store data in a database. * Kill AV software provided you have admin privileges. The latter might be remediated by MS down the line, but…
Because this has no actual value for anyone and MS would (did?) ignore him.
There is nothing inherently wrong with throwing an exception from an APC. Windows supports it and will unwind the stack correctly. If you wrote all the code absolutely nothing will go wrong. The issue is more about the…
> WDYM? The root cause is "you passed ownership to stack-based memory to the kernel and didn't ensure it's valid when it called you back", why would "consent of lower frames" matter here? There is no "called back" in…
> The problem boils down to usage of stack memory after the memory is given to somebody else. While this isn't incorrect in this case the problem seems to be caused by stack unwinding without the consent of lower frames…
> You can do DMA cheating if that’s a non-negotiable for you but it is far more expensive. Cheap DMA cards go for couple hundred dollars which isn't all that much. Although unlike what most people tend to believe, the…
> That seems like something that would be solvable with location-style differential privacy. Report a number of plausible locations to the client small enough that it can efficiently anticipate them all, but large…
> I said it because I think other kernel level anticheat don't do it. It is done by FACEIT and ESEA. > If I remember correctly I can just enable/disable the easy anticheat service, sane with the EA thing, I don't need…
> With the way that computer vision and AI continue to improve, I imagine that we will soon have completely external and undetectable cheating peripherals, simply capture the screen direct from the display output, and…