Categories > Coding > C++ >

[REL] C++ Roblox Print Function Signature Scanner

Posts: 283

Threads: 48

Joined: May, 2022

Reputation: -4

Posted

This is based off a previous release which was my internal signature scanner.

This scans for roblox's print to developer console and then calls it, this will work for any roblox version.

 

This can easily be expanded into a bigger project if you'd like to build upon it.

https://github.com/expressiongz/cpp-roblox-print-signature-scan

#include <iostream>
#include <Windows.h>
#include <thread>
#include <vector>
#include <optional>

[[nodiscard]] std::optional<std::uint32_t> signature_scan_primitive( const std::string_view pattern, const std::uint32_t start_address_rva, const std::uint32_t end_address_rva )
{
	static const auto module_base_address = reinterpret_cast< std::uint32_t >( GetModuleHandleA( nullptr ) );

	if ( end_address_rva < start_address_rva )
		return std::nullopt;

	const auto end = module_base_address + end_address_rva;
	auto start = module_base_address + start_address_rva;

	std::vector< std::pair< bool, std::uint8_t > > byte_pattern{ };
	for( auto iterator_start = pattern.begin(); iterator_start < pattern.end(); ++iterator_start )
	{
		switch( *iterator_start )
		{
		case ' ':
			continue;
		case '?':
			byte_pattern.emplace_back( std::make_pair< bool, std::uint8_t >( true, 0x00 ) );
			continue;
		default:
			std::string cached_byte_string( iterator_start - 1, (++iterator_start) + 1 );
			byte_pattern.emplace_back( std::make_pair< bool, std::uint8_t >( false, static_cast< std::uint8_t >( std::stoul( cached_byte_string, nullptr, 16 ) ) ) );
		}
	}

	while( start < end )
	{
		auto found_pattern = true;

		for( const auto& [ wildcard, byte ] : byte_pattern )
		{
			++start;
			if ( wildcard )
				continue;

			if ( *reinterpret_cast< std::uint8_t* >( start ) != byte )
			{
				found_pattern = false;
				break;
			}
		}
		if ( found_pattern )
			return start - ( byte_pattern.size( ) - 1 );
	}
	return std::nullopt;
}


__forceinline std::uint32_t signature_scan( const std::string_view function_name, const std::string_view pattern, const std::uint32_t start_address, const std::uint32_t end_address)
{
	const auto signature = signature_scan_primitive( pattern, start_address, end_address ).value_or( 0 );
	return signature ? signature : 0;
} 

void main_thread( HMODULE dll_module )
{

	AllocConsole( );
	std::FILE* filestream{ nullptr };
	freopen_s( &filestream, "CONOUT$", "w", stdout );

	SetConsoleTitleA( "sentiment scanner" );

	const auto print_signature = [ ]( ) -> std::uint32_t
	{
		const auto base = reinterpret_cast< std::uint32_t >( GetModuleHandleA( nullptr ) );
		const auto dos_header = reinterpret_cast< IMAGE_DOS_HEADER* >( GetModuleHandleA( nullptr ) );
		const auto nt_headers = reinterpret_cast< IMAGE_NT_HEADERS* >( base + dos_header->e_lfanew );
		const auto optional_header = nt_headers->OptionalHeader;
		
		const auto signature = signature_scan( "print", "55 8B EC 6A FF 68 ? ? ? ? 64 A1 00 00 00 00 50 64 89 25 00 00 00 00 83 EC 1C 8B 55 0C 8D" , optional_header.BaseOfCode, optional_header.SizeOfCode );
		return signature ? signature : 0;
	}( );

	std::printf( "constexpr auto print = 0x%x;\n//rva\nconstexpr auto print = 0x%x;\n", print_signature, print_signature - reinterpret_cast< std::uint32_t >( GetModuleHandleA( nullptr ) ) );
	const auto print = reinterpret_cast< unsigned int( __cdecl* )( int, const char*, ... ) >( print_signature );

	print( 0, "ty kind sentiment dumper" );
	FreeLibrary( dll_module );

}


bool __stdcall DllMain( HMODULE dll_module, const std::uint32_t reason_for_call, void* )
{
	if( reason_for_call	== DLL_PROCESS_ATTACH )
	{
		std::thread{ main_thread, dll_module }.detach( );
	}

	return true;

}

 

https://media.discordapp.net/attachments/901227777741692968/1004610688393687040/unknown.png

 

questions and suggestions always encouraged in the comments or dms within discord.

  • 1

https://media.discordapp.net/attachments/1044764388546068510/1051935933836050482/Signature_4.png

SirZyx

Sir Zyx

Posts: 58

Threads: 1

Joined: Nov, 2020

Reputation: 0

Replied

vouch great release i can now update my print exploit 🙏

  • 0

sirzyx.#7222

https://sirzyx.ml/

Ballistic

Ballistic

Posts: 30

Threads: 3

Joined: Aug, 2022

Reputation: 5

Replied

@SirZyx bro your alive now

  • 0

Ballistic Discord Invite: https://discord.com/invite/J85S63RzRj

SirZyx

Sir Zyx

Posts: 58

Threads: 1

Joined: Nov, 2020

Reputation: 0

Replied

@Ballistic been alive just not on yt

  • 0

Added

when was this screenshot? pretty sure current print is 0x805230

  • 0

sirzyx.#7222

https://sirzyx.ml/

Posts: 283

Threads: 48

Joined: May, 2022

Reputation: -4

Replied

@SirZyx

 

roblox keeps updating then reverting, I think they reverted twice lol.

 

the screenshot was taken a few hours before the post.

I re-scanned as I'm replying to this message and the virtual address is indeed 0x5c5230

while the relative virtual address is 0x405230. I'm not sure where you got that address from lol

  • 0

https://media.discordapp.net/attachments/1044764388546068510/1051935933836050482/Signature_4.png

SirZyx

Sir Zyx

Posts: 58

Threads: 1

Joined: Nov, 2020

Reputation: 0

Replied

i redumped a few hours ago and got it like any other person would. it works though

  • 0

Added

idk if its showing but heres an image

  • 0

sirzyx.#7222

https://sirzyx.ml/

Posts: 283

Threads: 48

Joined: May, 2022

Reputation: -4

Replied

@SirZyx

 

to show an image you need to put a link, for example a discord image link or imgur or gyazo and they will automatically embed.

  • 0

https://media.discordapp.net/attachments/1044764388546068510/1051935933836050482/Signature_4.png

SirZyx

Sir Zyx

Posts: 58

Threads: 1

Joined: Nov, 2020

Reputation: 0

Replied

https://cdn.discordapp.com/attachments/1004619138108493885/1004627674012078090/unknown.png

  • 0

sirzyx.#7222

https://sirzyx.ml/

Posts: 283

Threads: 48

Joined: May, 2022

Reputation: -4

Replied

@SirZyx

 

 

https://media.discordapp.net/attachments/792181753682853908/1004628994844524646/unknown.png

 

:shrug: not sure what you want me to tell you. this is the same address one of my friends got too, maybe you have a different roblox version?

  • 0

https://media.discordapp.net/attachments/1044764388546068510/1051935933836050482/Signature_4.png

SirZyx

Sir Zyx

Posts: 58

Threads: 1

Joined: Nov, 2020

Reputation: 0

Replied

version-9045f70ea522489c

  • 0

sirzyx.#7222

https://sirzyx.ml/

Entity

Usability >> modern

vip

Posts: 416

Threads: 40

Joined: May, 2022

Reputation: 51

Replied

@SirZyx print is = 0xC25230 

  • 0

Posts: 2016

Threads: 198

Joined: Apr, 2021

Reputation: 16

Replied

Vouch

I can now update my print exploit and make it paid haha

  • 0

Random quote here...

Posts: 32

Threads: 5

Joined: Jun, 2022

Reputation: 4

Replied

why sig scan? its not that good cuz the sig could change so you could use a string like "Started Recording" or whatever it was called and just use eyestep to get the next call this is a much better way. ;)

  • 1

Next >>>

Users viewing this thread:

( Members: 0, Guests: 1, Total: 1 )