Categories > Coding > C++ >
[REL] C++ Roblox Print Function Signature Scanner
Posted
This is based off a previous release which was my internal signature scanner.
This scans for roblox's print to developer console and then calls it, this will work for any roblox version.
This can easily be expanded into a bigger project if you'd like to build upon it.
https://github.com/expressiongz/cpp-roblox-print-signature-scan
#include <iostream>
#include <Windows.h>
#include <thread>
#include <vector>
#include <optional>
[[nodiscard]] std::optional<std::uint32_t> signature_scan_primitive( const std::string_view pattern, const std::uint32_t start_address_rva, const std::uint32_t end_address_rva )
{
static const auto module_base_address = reinterpret_cast< std::uint32_t >( GetModuleHandleA( nullptr ) );
if ( end_address_rva < start_address_rva )
return std::nullopt;
const auto end = module_base_address + end_address_rva;
auto start = module_base_address + start_address_rva;
std::vector< std::pair< bool, std::uint8_t > > byte_pattern{ };
for( auto iterator_start = pattern.begin(); iterator_start < pattern.end(); ++iterator_start )
{
switch( *iterator_start )
{
case ' ':
continue;
case '?':
byte_pattern.emplace_back( std::make_pair< bool, std::uint8_t >( true, 0x00 ) );
continue;
default:
std::string cached_byte_string( iterator_start - 1, (++iterator_start) + 1 );
byte_pattern.emplace_back( std::make_pair< bool, std::uint8_t >( false, static_cast< std::uint8_t >( std::stoul( cached_byte_string, nullptr, 16 ) ) ) );
}
}
while( start < end )
{
auto found_pattern = true;
for( const auto& [ wildcard, byte ] : byte_pattern )
{
++start;
if ( wildcard )
continue;
if ( *reinterpret_cast< std::uint8_t* >( start ) != byte )
{
found_pattern = false;
break;
}
}
if ( found_pattern )
return start - ( byte_pattern.size( ) - 1 );
}
return std::nullopt;
}
__forceinline std::uint32_t signature_scan( const std::string_view function_name, const std::string_view pattern, const std::uint32_t start_address, const std::uint32_t end_address)
{
const auto signature = signature_scan_primitive( pattern, start_address, end_address ).value_or( 0 );
return signature ? signature : 0;
}
void main_thread( HMODULE dll_module )
{
AllocConsole( );
std::FILE* filestream{ nullptr };
freopen_s( &filestream, "CONOUT$", "w", stdout );
SetConsoleTitleA( "sentiment scanner" );
const auto print_signature = [ ]( ) -> std::uint32_t
{
const auto base = reinterpret_cast< std::uint32_t >( GetModuleHandleA( nullptr ) );
const auto dos_header = reinterpret_cast< IMAGE_DOS_HEADER* >( GetModuleHandleA( nullptr ) );
const auto nt_headers = reinterpret_cast< IMAGE_NT_HEADERS* >( base + dos_header->e_lfanew );
const auto optional_header = nt_headers->OptionalHeader;
const auto signature = signature_scan( "print", "55 8B EC 6A FF 68 ? ? ? ? 64 A1 00 00 00 00 50 64 89 25 00 00 00 00 83 EC 1C 8B 55 0C 8D" , optional_header.BaseOfCode, optional_header.SizeOfCode );
return signature ? signature : 0;
}( );
std::printf( "constexpr auto print = 0x%x;\n//rva\nconstexpr auto print = 0x%x;\n", print_signature, print_signature - reinterpret_cast< std::uint32_t >( GetModuleHandleA( nullptr ) ) );
const auto print = reinterpret_cast< unsigned int( __cdecl* )( int, const char*, ... ) >( print_signature );
print( 0, "ty kind sentiment dumper" );
FreeLibrary( dll_module );
}
bool __stdcall DllMain( HMODULE dll_module, const std::uint32_t reason_for_call, void* )
{
if( reason_for_call == DLL_PROCESS_ATTACH )
{
std::thread{ main_thread, dll_module }.detach( );
}
return true;
}
https://media.discordapp.net/attachments/901227777741692968/1004610688393687040/unknown.png
questions and suggestions always encouraged in the comments or dms within discord.
https://media.discordapp.net/attachments/1044764388546068510/1051935933836050482/Signature_4.png
Replied
vouch great release i can now update my print exploit ðŸ™
Cancel
Post
sirzyx.#7222
https://sirzyx.ml/
Ballistic Discord Invite: https://discord.com/invite/J85S63RzRj
Added
when was this screenshot? pretty sure current print is 0x805230
Cancel
Post
sirzyx.#7222
https://sirzyx.ml/
Replied
roblox keeps updating then reverting, I think they reverted twice lol.
the screenshot was taken a few hours before the post.
I re-scanned as I'm replying to this message and the virtual address is indeed 0x5c5230
while the relative virtual address is 0x405230. I'm not sure where you got that address from lol
Cancel
Post
https://media.discordapp.net/attachments/1044764388546068510/1051935933836050482/Signature_4.png
Replied
i redumped a few hours ago and got it like any other person would. it works though
Cancel
Post
Added
idk if its showing but heres an image
Cancel
Post
sirzyx.#7222
https://sirzyx.ml/
Replied
to show an image you need to put a link, for example a discord image link or imgur or gyazo and they will automatically embed.
Cancel
Post
https://media.discordapp.net/attachments/1044764388546068510/1051935933836050482/Signature_4.png
Replied
https://cdn.discordapp.com/attachments/1004619138108493885/1004627674012078090/unknown.png
Cancel
Post
sirzyx.#7222
https://sirzyx.ml/
Replied
https://media.discordapp.net/attachments/792181753682853908/1004628994844524646/unknown.png
:shrug: not sure what you want me to tell you. this is the same address one of my friends got too, maybe you have a different roblox version?
Cancel
Post
https://media.discordapp.net/attachments/1044764388546068510/1051935933836050482/Signature_4.png
Replied
version-9045f70ea522489c
Cancel
Post
sirzyx.#7222
https://sirzyx.ml/
Replied
Vouch
I can now update my print exploit and make it paid haha
Cancel
Post
Random quote here...
Replied
why sig scan? its not that good cuz the sig could change so you could use a string like "Started Recording" or whatever it was called and just use eyestep to get the next call this is a much better way. ;)
Cancel
Post
Users viewing this thread:
( Members: 0, Guests: 1, Total: 1 )
Cancel
Post