Categories > Coding > C++ >

Roblox Internals: The Task Scheduler


RealNickk

no longer active

vip

Posts: 3964

Threads: 177

Joined: Feb, 2020

Reputation: 56

  • 3

Posted

This post is the first episode of a series I'm starting to write regarding how Roblox operates underneath the hood. This episode will give you a basic understanding of what the task scheduler is, how it works, its purpose, and how exploits take advantage of it.

 

There's a significant problem when writing a video game engine: you execute many functions with different goals simultaneously — for example, Roblox has to render both physics and graphics — but sometimes you must invoke all of these in a specific order, not all at once. That is the task scheduler's purpose.

 

In Roblox's application initialization subroutine, the task scheduler is one of the first singular and always-alive objects to get instantiated. Roblox uses a function pattern known as a singleton here. The function will check if it has instantiated that object prior, and if it hasn't, it will instantiate the object and store its location in a pointer.

 

https://i.imgur.com/rW2mPyu.png

 

The scheduler runs a handful of threads that loop on a 60hz frequency (sixty loops per second), with a 30hz loop for other components. These will yield until there is an available job. When that condition is met, the thread will execute its step function and move on.

 

The task scheduler uses a class known as a job to execute said functions. Its execution routine name is "step." It may sound familiar if you've used Roblox's scripting engine because "RunService:RenderStepped" is an event fired every frame after rendering. A job will perform a specific task — for example, sending RakNet packets to the server. The step function will return a StepResult — either "Finished" or "Stepped." If the step function returned "Stepped," the task scheduler will (again) execute the step function in the next frame. If the return value is "Finished" instead, the loop thread will flag the job for removal from the queue.

 

When the task scheduler singleton function gets invoked for the first time — the callee being the application initialization subroutine — the callee sets the number of running threads the task scheduler has. When that happens, the task scheduler will run a few of them (with the amount depending on the configuration).

 

https://i.imgur.com/R7SvgQB.png

 

You might wonder why an exploit would need to take advantage of the task scheduler to meet execution, and I don't blame you. Abusing the task scheduler isn't required to achieve script execution, but it's the safest method. Let me tell you why.

 

First, if you attempt to utilize Roblox's general-use Lua state from your own thread at the same time another thread is, you'll end up with a race condition. Roblox crashes due to that 99% of the time. The second point is that the WaitingHybridScriptsJob contains a pointer to the script context object. The script context holds your general-use Lua state, so you don't have to use another method to get the Lua state.

 

Hopefully I went over whatever you wanted to learn about the task schedule by explaining what it is, why it's essential, and how exploits utilize it. If you liked this documentation, let me know. If you still have questions, you can DM me on the platform or reply to the thread. I'll reply as soon as I can.

ThatPhoenix

Dopemine Addict

Posts: 2925

Threads: 63

Joined: May, 2020

Reputation: 26

  • 0

Replied

hot stuff, even though 89% of this stuff went past my head lol will become useful later on

I have left WRD,

I'm always available at Astronemi#8419

(yes that's my new username)

Posts: 391

Threads: 40

Joined: Feb, 2021

Reputation: 10

  • 1

Replied

Thanks, I was trying to learn what a task scheduler was and why was it exploited.

Make more threads like these :D

https://media.discordapp.net/attachments/994643402949926956/1004560140252495960/uqJXQIda.gif

Read me.

Discord: Ad#1085; Don't hesitate to DM me if you need help/anything.

Murz

Chance

Posts: 112

Threads: 3

Joined: Jul, 2021

Reputation: 16

  • 0

Replied

this is hot

though i have to agree i understood 1% of this, though its still hot

https://cdn.discordapp.com/attachments/1022610733520912436/1022957841214083214/sigg2.png

 

Ty for rep: Swiney, Byoke, Lion, Locust, Waves, Weeb, Nickk, darkn, Atari, CubeFaces, Lux14, Rice

Posts: 206

Threads: 19

Joined: Jul, 2021

Reputation: 6

  • 0

Replied

We need more of these informational threads on this forum...

professional neovim user

rust, C/C++, python, lua, and practically any other language you can think of

RealNickk

no longer active

vip

Posts: 3964

Threads: 177

Joined: Feb, 2020

Reputation: 56

  • 0

Replied

@child1010 ong bruh im writing about the scripting engine right now but this might be so big it may as well be a book

Posts: 206

Threads: 19

Joined: Jul, 2021

Reputation: 6

  • 0

Replied

@RealNickk then write it in markdown or something lol

(printed version when)

professional neovim user

rust, C/C++, python, lua, and practically any other language you can think of



Users viewing this thread:


( Members: 0, Guests: 1, Total: 1 )