ZenHAX

Free Game Research Forum | Official QuickBMS support | twitter @zenhax | SSL HTTPS://zenhax.com
It is currently Tue Jun 02, 2020 6:20 pm

All times are UTC




Post new topic  Reply to topic  [ 9 posts ] 
Author Message
PostPosted: Sun Mar 29, 2020 6:53 pm 
User avatar

Joined: Fri Mar 30, 2018 2:48 am
Posts: 278
Hello guys!

Do you also wish modding Unreal Engine 4 wasn't a hazzle where you need to figure out if the PAKs are encrypted or signed and if the paths are proper?

So do we!

Forget about unpacking PAK archives and corrupting your games every update.
Forget about repacking your game and corrupting encryption or signatures.
Forget about building PAK archives where you can't single out individual mods to build your very own modpaks!

Introducing... Universal Unreal Engine 4 Mod Unlocker!
With the Universal Unreal Engine 4 Mod Unlocker, you can unlock the simplest way of modding on almost ALL Unreal Engine 4 games!
This is revolutionary! :D (cough cough! not really; along the way, we found out that emoose did it for Dragon Quest way before us xD haha).
BUT, without his source, we wouldn't have figured out how to autoload the DLLs or gotten MinHook working properly, so huge thanks to emoose!
His work can be found here: https://github.com/emoose/DQXIHook

Universal Unreal Engine 4 Mod Unlocker Currently Supports:

4.14
4.15
4.16
4.17
4.18
4.19
4.20
4.21
4.22
4.23
4.24

We run a Discord server with almost 7000 members, filled with knowledge and wisdom!
So feel free to join and become part of the community: https://discordapp.com/invite/Mt3qzgN
If you want to watch the premiere of the Universal Unreal Engine 4 Mod Unlocker release or just watch the tutorial after it has premiered,
follow this link: https://youtu.be/O7eOCyciB3U

If you have any questions, feel free to ask them here on Zenhax, on youtube or in the discord :)

Download: https://illusory.dev/

UPDATE 0.18:
-Added support for 4.14

UPDATE 0.17:
-Added support for 4.15

UPDATE 0.16:
-Added support for 4.16

UPDATE 0.15:
-Added support for 4.17

UPDATE 0.14:
-Added support for 4.19

UPDATE 0.13:
-Added support for 4.20
-Added compatibility list to installer

UPDATE 0.12:
-Added support for 4.18
-Fixed the Dll-Loading for older versions of the engine (REMOVING THE NEED TO USE A DLL INJECTOR FOR OLDER GAMES)
-SDK Dump done from game that has a difference in the FString Class to improve compatibility

UPDATE 0.11:
- Added support for 4.21

/Illusory Software

_________________
If you appreciate my work and want to donate:
Paypal: ghfear@hotmail.com

AES Key Finder 1.8: https://zenhax.com/viewtopic.php?f=17&t=9407&start=20


Last edited by GHFear on Fri May 08, 2020 1:44 pm, edited 15 times in total.

Top
   
PostPosted: Sun Mar 29, 2020 10:46 pm 

Joined: Sat Sep 28, 2019 7:00 pm
Posts: 117
No offense, but... why? Considering that the "modpatch" stuff requires steamstub to be removed, it will not work as expected for legit games (steam will restore original exe upon launch), it will not work at all for any additionally protected files (denuvo / EAC / arxan), it will not even work for some cracked games with denuvo (it prevents such injections). Also, if game saves are steamid/license dependent, with any emu the legit user will lose saves (in most cases it can be fixed, but still).

Considering that the usual method with mod paks doesn't have most of the above problems and that some UE4 games are working with NoRedist folder without any injectors by default, I wonder, why you didn't create a comfortable and convenient shell for usual method. The time required to install and use the "modpatch" is almost the same as time required to learn usual way. It's more universal and it has less potential compatibility problems.

And you're even asking donations for this stuff, even in the installer -_-

_________________
You can request AES keys on rin forums (the list with keys is also there)
AES keys finder and latest UE4 bms scripts: in this post


Top
   
PostPosted: Mon Mar 30, 2020 1:09 am 
User avatar

Joined: Sat Dec 27, 2014 8:49 pm
Posts: 174
It's a bit disappointing to see how much of other peoples stuff this requires and you used, but you are gating features/updates behind a paywall.

What I mean by this is:

1. You used emoose's DQXIHook code directly and just renamed the output file. Original source code is here:
https://github.com/emoose/DQXIHook

The code is all his stuff with the exception of you adjusting it to not be specific to DQ.
The actual hook is the same.

His:
    Code:
    bool FileExists(LPCWSTR path)
    {
       DWORD dwAttrib = GetFileAttributesW(path);
       return (dwAttrib != INVALID_FILE_ATTRIBUTES && !(dwAttrib & FILE_ATTRIBUTE_DIRECTORY));
    }
    void* __fastcall PakFile__Find_hook(void* thisptr, void* Filename)
    {
       const TCHAR* fname = *(TCHAR**)Filename;

       if (wcsstr(fname, gameDataStart) && FileExists(fname))
          return 0; // file exists loosely, return false so the game thinks that it doesn't exist in the .pak

       return PakFile__Find_orig(thisptr, Filename);
    }

Yours:
    Code:
    __int64 __fastcall sub_1800011F0(__int64 a1, const wchar_t **a2, __int64 a3)
    {
      const WCHAR *v3; // rbx
      const wchar_t **v4; // rdi
      __int64 v5; // rbp
      __int64 v6; // rsi
      DWORD v7; // eax
      __int64 result; // rax

      v3 = *a2;
      v4 = a2;
      v5 = a1;
      v6 = a3;
      if ( !wcsstr(*a2, L"../../../") || (v7 = GetFileAttributesW(v3), v7 == -1) || v7 & 0x10 )
        result = qword_1800089B0(v5, v4, v6);
      else
        result = 0i64;
      return result;
    }

You even left debug symbols/info in which further proves this:
Code:
C:\Users\GHFea\Documents\GitHub\illusorypakhooksource\x64\Release\DQXIHook.pdb


2. Your setup as it is relies on things to even work.
- My personal Steamless project.
- An injector. (In your case, you showed with ExtremeInjector.)
- An offline Steam Emulator. (In your case, you showed with Goldberg.)

Steamless isn't required to get something like this to work. Understanding how injection works and how SteamStub works would get around all of that along with the issue you had in your video of the game double-loading/restarting itself. This is all stuff that is easily fixed/avoided if you understand the base of what you're doing/working on.


I don't want to sound harsh or mean towards your project/goal, but I would highly encourage you to rethink your Patreon and just leave open a means of people to donate as a way to say thanks if you are going to use everyone else's stuff to do this. It's pretty crappy for you to ask for money directly for new features/early access to something like this when it's like.. 99% not yours to begin with.

_________________
My personal site: http://atom0s.com
Donations can be made via Paypal: Click Here


Top
   
PostPosted: Mon Mar 30, 2020 4:07 am 
User avatar

Joined: Fri Mar 30, 2018 2:48 am
Posts: 278
atom0s wrote:
It's a bit disappointing to see how much of other peoples stuff this requires and you used, but you are gating features/updates behind a paywall.

What I mean by this is:

1. You used emoose's DQXIHook code directly and just renamed the output file. Original source code is here:
https://github.com/emoose/DQXIHook

The code is all his stuff with the exception of you adjusting it to not be specific to DQ.
The actual hook is the same.

His:
    Code:
    bool FileExists(LPCWSTR path)
    {
       DWORD dwAttrib = GetFileAttributesW(path);
       return (dwAttrib != INVALID_FILE_ATTRIBUTES && !(dwAttrib & FILE_ATTRIBUTE_DIRECTORY));
    }
    void* __fastcall PakFile__Find_hook(void* thisptr, void* Filename)
    {
       const TCHAR* fname = *(TCHAR**)Filename;

       if (wcsstr(fname, gameDataStart) && FileExists(fname))
          return 0; // file exists loosely, return false so the game thinks that it doesn't exist in the .pak

       return PakFile__Find_orig(thisptr, Filename);
    }

Yours:
    Code:
    __int64 __fastcall sub_1800011F0(__int64 a1, const wchar_t **a2, __int64 a3)
    {
      const WCHAR *v3; // rbx
      const wchar_t **v4; // rdi
      __int64 v5; // rbp
      __int64 v6; // rsi
      DWORD v7; // eax
      __int64 result; // rax

      v3 = *a2;
      v4 = a2;
      v5 = a1;
      v6 = a3;
      if ( !wcsstr(*a2, L"../../../") || (v7 = GetFileAttributesW(v3), v7 == -1) || v7 & 0x10 )
        result = qword_1800089B0(v5, v4, v6);
      else
        result = 0i64;
      return result;
    }

You even left debug symbols/info in which further proves this:
Code:
C:\Users\GHFea\Documents\GitHub\illusorypakhooksource\x64\Release\DQXIHook.pdb


2. Your setup as it is relies on things to even work.
- My personal Steamless project.
- An injector. (In your case, you showed with ExtremeInjector.)
- An offline Steam Emulator. (In your case, you showed with Goldberg.)

Steamless isn't required to get something like this to work. Understanding how injection works and how SteamStub works would get around all of that along with the issue you had in your video of the game double-loading/restarting itself. This is all stuff that is easily fixed/avoided if you understand the base of what you're doing/working on.


I don't want to sound harsh or mean towards your project/goal, but I would highly encourage you to rethink your Patreon and just leave open a means of people to donate as a way to say thanks if you are going to use everyone else's stuff to do this. It's pretty crappy for you to ask for money directly for new features/early access to something like this when it's like.. 99% not yours to begin with.



Hello, atom0s.
As I Said in the original post, the dxgi proxy and minhook part was taken from emoose later on, yes. :)
We started fresh on his project because it was much easier to transfer our Main.cpp to his project than the other way around.
I do state that this wouldnt even be possible without you guys work on my YouTube as well. It's No secret really.
The dll is supposed to be renamed btw. Because It's using dxgi to load the DLL.
It's not some sort of Scheme to hide that we compiled from His source.
Where the work is and why I made a Patreon, is in expanding compatibility, adding features and hopefully making it NOT rely so much on things like steamless, goldberg and sometimes extremeinjector.
If you play cracked games, it usually Always works straight out of the box, but since I didnt want to encourage piracy, I decided to include these tools as part of the video.
The patreon is optional and the stuff on there Will be moved to public in a Short amount of time and I dont expect to make anything from it anyway.
It's just a fun way to have an Early Access and feel a Little more official.

Hope I cleared some things up.

_________________
If you appreciate my work and want to donate:
Paypal: ghfear@hotmail.com

AES Key Finder 1.8: https://zenhax.com/viewtopic.php?f=17&t=9407&start=20


Last edited by GHFear on Mon Mar 30, 2020 5:00 am, edited 1 time in total.

Top
   
PostPosted: Mon Mar 30, 2020 4:53 am 
User avatar

Joined: Fri Mar 30, 2018 2:48 am
Posts: 278
spiritovod wrote:
No offense, but... why? Considering that the "modpatch" stuff requires steamstub to be removed, it will not work as expected for legit games (steam will restore original exe upon launch), it will not work at all for any additionally protected files (denuvo / EAC / arxan), it will not even work for some cracked games with denuvo (it prevents such injections). Also, if game saves are steamid/license dependent, with any emu the legit user will lose saves (in most cases it can be fixed, but still).

Considering that the usual method with mod paks doesn't have most of the above problems and that some UE4 games are working with NoRedist folder without any injectors by default, I wonder, why you didn't create a comfortable and convenient shell for usual method. The time required to install and use the "modpatch" is almost the same as time required to learn usual way. It's more universal and it has less potential compatibility problems.

And you're even asking donations for this stuff, even in the installer -_-


This is mostly meant to be used for modding Single Player UE4 games.
It is very rare that those games have much, if any protection in them, except for encrypting and signing their PAKs.
Why anyone would want to mod multiplayer games with Denuvo or EAC is beyond me and not something I support anyway.
This method is just a much cleaner method than working with PAKs. I have done both and I would never go back to modding with PAKs.
It's way too limited in how you can mix mods from different people. (sure, you can unpack their modPAK and build your own, but once again it takes way too much time for someone with few hours to spare in their day)

_________________
If you appreciate my work and want to donate:
Paypal: ghfear@hotmail.com

AES Key Finder 1.8: https://zenhax.com/viewtopic.php?f=17&t=9407&start=20


Top
   
PostPosted: Mon Mar 30, 2020 5:49 am 
User avatar

Joined: Fri Mar 30, 2018 2:48 am
Posts: 278
atom0s wrote:
it's......


I think perhaps I got a bit carried away with the patreon.
It was meant to give myself an incentive to keep working on this and make it fun for people who still wanted to donate a penny.
But after reading your points, I do agree, it's clear that it still relies too heavily on other peoples software.
So I did decided to put the Patreon on hold until I have more original features to show for.
This has been done already and all links are now for the Early access build 4.21 - 4.24.
Thanks for the feedback, atom0s. o/

_________________
If you appreciate my work and want to donate:
Paypal: ghfear@hotmail.com

AES Key Finder 1.8: https://zenhax.com/viewtopic.php?f=17&t=9407&start=20


Top
   
PostPosted: Mon Mar 30, 2020 12:11 pm 

Joined: Sat Sep 28, 2019 7:00 pm
Posts: 117
GHFear wrote:
It's way too limited in how you can mix mods from different people. (sure, you can unpack their modPAK and build your own, but once again it takes way too much time for someone with few hours to spare in their day)

It seems you don't have a clue how mods for UE4 games works, despite digging into that field for a while, do you? You don't need to repack anything if you want to use more than one mod pak. And if different mods are replacing the same assets, your modpatch approach will have the same problems as usual way. Also, take a look at all UE4 games with single mode and denuvo like Code Vein or SW Jedi - and also at fighting multiplayer games (Street Fighter, Soulcalibur, Granblue Fantasy), which usually has a lot of modding. And I didn't even mentioned games like Conan Exiles (denuvo + custom engine 4.16), which is essentially one big mod.
So, please, don't call your stuff "universal" if it doesn't work with a lot of games by design.

_________________
You can request AES keys on rin forums (the list with keys is also there)
AES keys finder and latest UE4 bms scripts: in this post


Top
   
PostPosted: Mon Mar 30, 2020 2:38 pm 
User avatar

Joined: Fri Mar 30, 2018 2:48 am
Posts: 278
spiritovod wrote:
[It seems you don't have a clue how mods for UE4 games works, despite digging into that field for a while, do you? You don't need to repack anything if you want to use more than one mod pak. And if different mods are replacing the same assets, your modpatch approach will have the same problems as usual way.


Let's not sink so low as to arguing over something so trivial as mods.
Keep it civil.

Then explain this to me, please.

I have 2 modPAKs.
They both have 100 texture mods in them, replacing THE SAME assets.
How would I quickly hand-pick a couple from one modPAK and a couple from the other modPAK and then leave the rest of them out completely without having to unpack or repack the modPAKs?

I would love to know.
Because that scenario is the reason I started working on this.
In my understanding, looking at the source code of UE4, the PAK archive with the highest version number has full priority over the same files found in both PAKs. To my understanding, that means if I download 2 peoples modpaks that are replacing the same textures, I can't just handpick out a couple from one PAK and a couple from the other without unpacking and rebuilding a new PAK archive.

If I am wrong, then I would love to know how this is solved.
If I am right, then this is obviously the superior way of doing it for the games where it can be done.

_________________
If you appreciate my work and want to donate:
Paypal: ghfear@hotmail.com

AES Key Finder 1.8: https://zenhax.com/viewtopic.php?f=17&t=9407&start=20


Top
   
PostPosted: Mon Mar 30, 2020 10:02 pm 

Joined: Sat Sep 28, 2019 7:00 pm
Posts: 117
Your point is kind of valid in the case when mods are using the same assets, but still no. Consider redistribution of mods. You never redistribute 100 assets one-by-one, but in an archive. So we have zip archive, which you need to extract and pak, which you need to... extract? Simple gui or even bat file is enough to extract a pak in two clicks. I don't see any "superior" stuff here, except that the usual way is universal and works for all UE4 games (aside from those with special integrity checks), while yours don't and it brings more problems than solutions, especially for legit game owners.

I'm not going to keep up the conversation, because it's pointless.

_________________
You can request AES keys on rin forums (the list with keys is also there)
AES keys finder and latest UE4 bms scripts: in this post


Top
   
Display posts from previous:  Sort by  
Post new topic  Reply to topic  [ 9 posts ] 

All times are UTC


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Powered by phpBB® Forum Software © phpBB Limited