Skip to content

Commit

Permalink
Dragon's Dogma 2: Fix integrity crashes
Browse files Browse the repository at this point in the history
  • Loading branch information
praydog committed Mar 24, 2024
1 parent b148470 commit f9aeefd
Show file tree
Hide file tree
Showing 4 changed files with 50 additions and 2 deletions.
2 changes: 1 addition & 1 deletion src/Mods.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,7 @@
Mods::Mods() {
m_mods.emplace_back(REFrameworkConfig::get());

#if defined(RE3) || defined(RE8) || defined(MHRISE)
#if defined(REENGINE_AT)
m_mods.emplace_back(std::make_unique<IntegrityCheckBypass>());
#endif

Expand Down
8 changes: 7 additions & 1 deletion src/REFramework.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -301,10 +301,16 @@ REFramework::REFramework(HMODULE reframework_module)
IntegrityCheckBypass::immediate_patch_re8();
#endif

#if defined(RE4) || defined(SF6) || TDB_VER >= 73
#if defined(RE4) || defined(SF6)
// Fixes new code added in RE4 only.
IntegrityCheckBypass::immediate_patch_re4();
#endif

#if defined(DD2)
// Fixes new code added in DD2 only. Maybe >= TDB73 too. Probably will change.
IntegrityCheckBypass::immediate_patch_dd2();
#endif

// Seen in SF6
IntegrityCheckBypass::remove_stack_destroyer();
suspender.resume();
Expand Down
41 changes: 41 additions & 0 deletions src/mods/IntegrityCheckBypass.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -501,6 +501,47 @@ void IntegrityCheckBypass::immediate_patch_re4() {
spdlog::info("[IntegrityCheckBypass]: Patched conditional_jmp!");
}

void IntegrityCheckBypass::immediate_patch_dd2() {
// Just like RE4, this deals with the scans that are done every frame on the game's memory.
// The scans are still performed, but the crash will be avoided.
// This time, the obfuscation is much worse, and the way the crash is caused is much more indirect.
// They corrupt something that has something to do with the renderer,
// possibly with how it updates constant buffers and/or pipeline state
// this makes the crash look like it comes from DXGI present, due to a GPU error.
// The place this is happening is very simple, but it was not an easy find due to
// how indirect it was + all the obfuscation.
spdlog::info("[IntegrityCheckBypass]: Scanning DD2...");

const auto game = utility::get_executable();
const auto conditional_jmp_block = utility::scan(game, "41 8B ? ? 78 83 ? 07 ? ? 75 ?");

if (conditional_jmp_block) {
// Jnz->Jmp
const auto conditional_jmp = *conditional_jmp_block + 10;

// Create a patch that always jumps.
static auto dd2patch = Patch::create(conditional_jmp, { 0xEB }, true);

spdlog::info("[IntegrityCheckBypass]: Patched conditional_jmp! (DD2)");
} else {
spdlog::error("[IntegrityCheckBypass]: Could not find conditional_jmp for DD2.");
}

const auto second_conditional_jmp_block = utility::scan(game, "49 3B D0 75 ? ? 8B ? ? ? ? ? ? 8B ? ? ? ? ? ? 8B ? ? 8B ? ? ? ? ?");

if (second_conditional_jmp_block) {
// Jnz->Jmp
const auto second_conditional_jmp = *second_conditional_jmp_block + 3;

// Create a patch that always jumps.
static auto dd2patch2 = Patch::create(second_conditional_jmp, { 0xEB }, true);

spdlog::info("[IntegrityCheckBypass]: Patched second_conditional_jmp! (DD2)");
} else {
spdlog::error("[IntegrityCheckBypass]: Could not find second_conditional_jmp for DD2.");
}
}

void IntegrityCheckBypass::remove_stack_destroyer() {
spdlog::info("[IntegrityCheckBypass]: Searching for stack destroyer...");

Expand Down
1 change: 1 addition & 0 deletions src/mods/IntegrityCheckBypass.hpp
Original file line number Diff line number Diff line change
Expand Up @@ -20,6 +20,7 @@ class IntegrityCheckBypass : public Mod {
static void ignore_application_entries();
static void immediate_patch_re8();
static void immediate_patch_re4();
static void immediate_patch_dd2();
static void remove_stack_destroyer();

static void setup_pristine_syscall();
Expand Down

0 comments on commit f9aeefd

Please sign in to comment.