Posted
So the question is pretty self explainatory, without a kernel driver is it still possible to have one of your dlls running undetected in roblox in 2026 or is that a thing of the past, because i'm pretty sure usermode mmap is detected by roblox. So what can you realistically do to have a dll run undetected and be able to execute scripts?
Replied
They scan for non-whitelisted pages using NtQueryVirtualMemory. You either have to whitelist the pages or work around Hyperion's mechanism with instrumentation callbacks.
Cancel
Post
Replied
It's possible like if you're private you can abuse a few things, e.g. code signing certificates (but they're expensive) and page whitelisting is almost impossible (to an extent, they have a ton of integrity & wl mechanisms)
Hyperion uses and does check their IC (they reimplemented it) and you could hook syscalls with an IC but it's not really clean to do, you could also do module stomping (unsure if it still works) and it was fine however you're bound to either the size of the dll that you're stomping (e.g. could vary from a few kbs to like 2 mbs) or you can load multiple modules and stomp all of them and use that as your wl memory
Long term you're better off going km w/ vad or pte manipulation or something similar
Every usermode & kernelmode method can and probably will get detected, many anti-cheats & anti-tampers similar to hyperion have implemented these sort of things to find rwx pages which have been hidden and these can be impl in usermode too so I cannot see what stops hyperion from doing this unfortunately
Cancel
Post
I develop a few things, my discord is .aarch32
Replied
Not realistically.
Cancel
Post
Users viewing this thread:
( Members: 0, Guests: 1, Total: 1 )
Cancel
Post