PoC that fixes two GTA Online bugs and drastically improves load times for CPU-bound systems

Overview

Project status

Officially fixed by R* 2021-03-16 :)

PoC that fixes two GTA Online bugs and drastically improves load times for CPU-bound systems

All addresses hardcoded for Steam and RL versions 2215/1.53

This is a proof of concept, not meant for casual use

Modifying your game while in online mode might get your account suspended, proceed with care

How to

  • git clone --recurse-submodules https://github.com/tostercx/GTAO_Booster_PoC
  • build the project with MSVC
  • inject the DLL with your favorite injector while the game is starting up

Might have to wait a few seconds before injecting - the game needs to deobfuscate some parts of itself

More details

Writeup

Issues
  • Come on guys? Really?

    Come on guys? Really?

    It's videogames guys, don't expect kids to know how to """INJECT DLL""", it even sounds bad. INJECTING dll...

    So, while in your repositories you mention minhook, i'm not really """into""" freesoftware, so i don't know if i can just make a wrapped exe(3 lines in c# to get an executable, 17 in c++) and give it to you...

    You would have done it, right? This means you can't or something...

    opened by xx1182 25
  • What decompiler software do you use?

    What decompiler software do you use?

    Having borrowed my friend’s completely legitimate copy of the industry-standard disassembler

    I saw in your blog that you used a legal decompiler, but I want to know what it is? thank you.

    opened by shanlanCoding 2
  • Please contact me.

    Please contact me.

    Hi @tostercx, I'm a recruiter for a company called New World Interactive. Could you please e-mail me? I'd love to chat with you.

    [email protected]

    opened by baddspella 1
  • collab

    collab

    @tostercx I'm working on a games-related project. Can't tell you more details here. But I think you might be interested. It has the potential for becoming the next big thing in the game industry. It's not hard. It's doable. I'm just looking for dedicated and interested teammates. Please contact me via fannik#3371 on discord. If you aren't on discord tell me, I can then provide you with an email address.

    opened by Ffannik 1
  • GTA 5 on loading(single player and online) multiple overwrites fix

    GTA 5 on loading(single player and online) multiple overwrites fix

    GTA 5 on loading(single player and online) multiple overwrites UserNotPresentSession.etl log in C:\Windows\System32\SleepStudy to fix please hook SetThreadExecutionState function

    opened by CXVUSER 1
  • My issues are open

    My issues are open

    Not sure how else to get ahold of you tostercx, so I'll just say it here I guess. My issues being closed wasn't your fault. Being a bit of a GitHub newb I forgot to open them on the fork. They're open now, thanks for bringing it to my attention. :D

    opened by QuickNET-Tech 1
  • Added offsets for Social Club & Epic Games version

    Added offsets for Social Club & Epic Games version

    Added a check if game is steam version or not (GetModuleHandleA("steam_api64.dll")), if it's not it uses the offsets for the Social Club version (which are the same offsets as the Epic Games version).

    gta_loading

    Sigs: Call of netcat_insert_dedupe_addr E8 ? ? ? ? 84 C0 74 39 8B 47 08

    strlen_addr 48 8B C1 48 F7 D9

    Call of netcat_insert_direct E8 ? ? ? ? 8B 15 ? ? ? ? 0F B7 0D ? ? ? ?

    opened by PCPisChill 1
  • Errors

    Errors

    "C:\Program Files (x86)\mingw-w64\i686-8.1.0-posix-dwarf-rt_v6-rev0\mingw32\bin\gcc.exe" -g C:\Users\RYZEN\Documents\Scuola\sistemi\GTAO_Booster_PoC\boost.c -o C:\Users\RYZEN\Documents\Scuola\sistemi\GTAO_Booster_PoC\boost.exe
    C:\Users\RYZEN\Documents\Scuola\sistemi\GTAO_Booster_PoC\boost.c: In function 'strlen_cacher':
    C:\Users\RYZEN\Documents\Scuola\sistemi\GTAO_Booster_PoC\boost.c:48:22: warning: cast to pointer from integer of different size [-Wint-to-pointer-cast]
           MH_DisableHook((LPVOID)strlen_addr);
                          ^
    C:\Users\RYZEN\Documents\Scuola\sistemi\GTAO_Booster_PoC\boost.c: In function 'netcat_insert_dedupe_hooked':
    C:\Users\RYZEN\Documents\Scuola\sistemi\GTAO_Booster_PoC\boost.c:79:10: warning: cast to pointer from integer of different size [-Wint-to-pointer-cast]
       if (!(*(uint8_t(__fastcall**)(uint64_t*))(*item + 48))(item))
              ^
    C:\Users\RYZEN\Documents\Scuola\sistemi\GTAO_Booster_PoC\boost.c:88:20: warning: cast to pointer from integer of different size [-Wint-to-pointer-cast]
         MH_DisableHook((LPVOID)netcat_insert_dedupe_addr);
                        ^
    C:\Users\RYZEN\Documents\Scuola\sistemi\GTAO_Booster_PoC\boost.c: In function 'initialize':
    C:\Users\RYZEN\Documents\Scuola\sistemi\GTAO_Booster_PoC\boost.c:99:24: warning: cast from pointer to integer of different size [-Wpointer-to-int-cast]
       uint64_t base_addr = (uint64_t)GetModuleHandleA(NULL);
                            ^
    C:\Users\RYZEN\Documents\Scuola\sistemi\GTAO_Booster_PoC\boost.c:103:26: warning: cast to pointer from integer of different size [-Wint-to-pointer-cast]
       netcat_insert_direct = (netcat_insert_direct_t)(base_addr + 0x5BB07C);
                              ^
    C:\Users\RYZEN\Documents\Scuola\sistemi\GTAO_Booster_PoC\boost.c:107:17: warning: cast to pointer from integer of different size [-Wint-to-pointer-cast]
       MH_CreateHook((LPVOID)strlen_addr, &strlen_cacher, (LPVOID*)&builtin_strlen);
                     ^
    C:\Users\RYZEN\Documents\Scuola\sistemi\GTAO_Booster_PoC\boost.c:108:17: warning: cast to pointer from integer of different size [-Wint-to-pointer-cast]
       MH_CreateHook((LPVOID)netcat_insert_dedupe_addr, &netcat_insert_dedupe_hooked, NULL);
                     ^
    C:\Users\RYZEN\Documents\Scuola\sistemi\GTAO_Booster_PoC\boost.c:110:17: warning: cast to pointer from integer of different size [-Wint-to-pointer-cast]
       MH_EnableHook((LPVOID)strlen_addr);
                     ^
    C:\Users\RYZEN\Documents\Scuola\sistemi\GTAO_Booster_PoC\boost.c:111:17: warning: cast to pointer from integer of different size [-Wint-to-pointer-cast]
       MH_EnableHook((LPVOID)netcat_insert_dedupe_addr);
                     ^
    C:\Users\RYZEN\AppData\Local\Temp\ccW2yPC2.o: In function `strlen_cacher':
    C:/Users/RYZEN/Documents/Scuola/sistemi/GTAO_Booster_PoC/boost.c:48: undefined reference to `[email protected]'
    C:\Users\RYZEN\AppData\Local\Temp\ccW2yPC2.o: In function `@[email protected]':
    C:/Users/RYZEN/Documents/Scuola/sistemi/GTAO_Booster_PoC/boost.c:88: undefined reference to `[email protected]'
    C:\Users\RYZEN\AppData\Local\Temp\ccW2yPC2.o: In function `initialize':
    C:/Users/RYZEN/Documents/Scuola/sistemi/GTAO_Booster_PoC/boost.c:105: undefined reference to `[email protected]'
    C:/Users/RYZEN/Documents/Scuola/sistemi/GTAO_Booster_PoC/boost.c:107: undefined reference to `[email protected]'
    C:/Users/RYZEN/Documents/Scuola/sistemi/GTAO_Booster_PoC/boost.c:108: undefined reference to `[email protected]'
    C:/Users/RYZEN/Documents/Scuola/sistemi/GTAO_Booster_PoC/boost.c:110: undefined reference to `[email protected]'
    C:/Users/RYZEN/Documents/Scuola/sistemi/GTAO_Booster_PoC/boost.c:111: undefined reference to `[email protected]'
    C:\Users\RYZEN\AppData\Local\Temp\ccW2yPC2.o: In function `[email protected]':
    C:/Users/RYZEN/Documents/Scuola/sistemi/GTAO_Booster_PoC/boost.c:124: undefined reference to `[email protected]'
    C:/Program Files (x86)/mingw-w64/i686-8.1.0-posix-dwarf-rt_v6-rev0/mingw32/bin/../lib/gcc/i686-w64-mingw32/8.1.0/../../../../i686-w64-mingw32/lib/../lib/libmingw32.a(lib32_libmingw32_a-crt0_c.o):crt0_c.c:(.text.startup+0x39): undefined reference to `[email protected]'
    collect2.exe: error: ld returned 1 exit status
    
    The terminal process failed to launch (exit code: -1).
    
    opened by RubyTemple 1
  • Add a license to the repository

    Add a license to the repository

    Suggestion to add some form of license to the repository to enable others to be able to provide input without worrying about the IP implications.

    Entirely subject to whatever you want, or if you even want one, but putting this up as a suggestion in case it is something you hadn't considered and are not overly bothered.

    opened by ascopes 1
  • GTA 5 on loading(single player and online) multiple overwrites  UserNotPresentSession.etl log in C:\Windows\System32\SleepStudy to fix please hook this function

    GTA 5 on loading(single player and online) multiple overwrites UserNotPresentSession.etl log in C:\Windows\System32\SleepStudy to fix please hook this function

    EXECUTION_STATE SetThreadExecutionState_hook(EXECUTION_STATE esFlags) { if (esFlags == ES_SYSTEM_REQUIRED | ES_DISPLAY_REQUIRED ) { return SetThreadExecutionState_orig((EXECUTION_STATE) ES_CONTINUOUS | ES_SYSTEM_REQUIRED | ES_DISPLAY_REQUIRED); } return SetThreadExecutionState_orig(esFlags); };

    opened by CXVUSER 0
  • [boost.c] is ill-formed (no diagnosis required): The Standard reserves function names beginning with ‘str’ or ‘mem’ for possible future use.

    [boost.c] is ill-formed (no diagnosis required): The Standard reserves function names beginning with ‘str’ or ‘mem’ for possible future use.

    Hi,

    Issue:

    https://github.com/tostercx/GTAO_Booster_PoC/blob/fd8eaa8661500995442a0fe079b02e740845afe9/boost.c#L33 The name strlen_cached is reserved by the standard.

    cf: ISO/IEC 9899:201x

    • §7.1.3 Reserved identifiers p182
    • §7.31.12 General utilities <stdlib.h> p456
    • §7.31.13 String handling <string.h> p456

    NB: Also reserved are… Well, there's a fat list, really. Here is the most useful link you'll ever get for fast reference to the C and C++ Standards and libraries: cppreference.com C Reserved Identifiers

    Current Behavior:

    Undefined. Any, or none.

    Expected Behavior:

    The behavior of an identical function given a valid, unreserved, name.

    Proposed Solution:

    Change the name of the function. eg: cached_strlen

    bug good first issue wontfix 
    opened by ViralTaco 3
  • Congratulations

    Congratulations

    Congratulations, thank you for your contribution I have been using your dll recently, thank you very much, I am not good at coding, so I can only do this

    opened by lvck1 0
  • Congrats for being noticed by Rockstar Games!

    Congrats for being noticed by Rockstar Games!

    Hey @tostercx, I just read via pcgamer.com that Rockstar Games apparently took notice at your project and decided to implement an official solution based on your findings. Congrats and a personal thank you for improving one of my favorite games! 🙂

    opened by NullEnt1ty 7
GTA Online survival missions in Single Player mode

SurvivalsModCPPVersion You liked the survival missions from GTA Online? Well, me too. This mod aims to recreate the same gamemode in Single Player mod

null 1 Nov 23, 2021
MozJPEG improves JPEG compression efficiency achieving higher visual quality and smaller file sizes at the same time

Mozilla JPEG Encoder Project MozJPEG improves JPEG compression efficiency achieving higher visual quality and smaller file sizes at the same time. It

Mozilla 4.9k Jun 24, 2022
The home for algorithms ranging from searching to search all the way to dynamic programming, branch and bound, etc.

Algorithms The home for algorithms ranging from searching and sorting all the way to dynamic programming algorithms, divide and conquer, etc. What are

null 1 Dec 6, 2021
A C++ library with all the online array problems and etc which I get online

cpp-Library A C++ library with all the online array problems and etc which I get online. Setup To setup it simply just download the repo and then move

Padmashree Jha 6 Dec 6, 2021
This repo contains solutions to coding questions available online on coding platforms like - Codeforces, Codechef, URI Online Judge, and Hackerrank.

CPP_Soln This repo contains solutions to coding questions available online on coding platforms like - Codeforces, Codechef, URI Online Judge , LeetCod

Rijul Jain 3 Nov 1, 2021
A late bound, hope-for-the-best dyld shared cache extractor

yolo_dsc A late bound, hope-for-the-best dyld shared cache extractor why? There are other dsc_extract utilities. They usually require some combination

Rick Mark 14 Mar 17, 2022
🎮 Plants vs. Zombies multiplayer battle, developed via reverse engineering, inline hook and dynamic-link library injection. Two online players defend and attack as the plant side and zombie side respectively.

Plants vs. Zombies Online Battle This project has two original repositories: https://github.com/czs108/Plants-vs.-Zombies-Online-Battle https://github

Liugw 71 Oct 14, 2021
Firmware update for XeniumOS used on Xenium and OpenXenium modchips to provide software fixes and various improvements.

Firmware update for XeniumOS used on Xenium and OpenXenium modchips to provide software fixes and various improvements. About • Features • Installatio

MakeMHz LLC 46 Jun 14, 2022
A DLL that fixes some stuff on Fortnite OT 6.5. Originally based on Alphaium by Cyuubi

How to use Compile as x86 because alpha is 32 bit Setup the responses Inject while in the login screen Wait for the console to tell you to login Respo

null 15 Jun 16, 2022
A small DLL that fixes tool's usage of the Halo 3 shader compiler.

h3-shader-compiler-fix A small DLL that fixes tool's usage of the Halo 3 shader compiler. Tool forgot to initialise the compiler before using it, so t

null 7 Jun 20, 2022
The original NIST RS274NGC G-code interpreter with random build fixes.

rs274ngc Git mirror of the original NIST RS274NGC G-code interpreter. About This is the RS274 (G-code) Interpreter developed for the Next Generation C

null 1 Dec 26, 2021
Two programs to find the LCM of two positive integers.

LCM-finders LCM-finders? LCM-finders is the repo for my LCM finder projects. I made this program in two similar languages. ?? Note: Two languages mean

Chandula Janith 1 Apr 15, 2022
Two mice, two cursors

Mouse multiplexer This is Arduino code that makes it possible to have two mouse cursors when connecting two USB mice to the same machine. It works on

Jacek Fedoryński 11 Jun 20, 2022
This PoC uses two diferent technics for stealing the primary token from all running processes, showing that is possible to impersonate and use whatever token present at any process

StealAllTokens This PoC uses two diferent technics for stealing the primary token from all running processes, showing that is possible to impersonate

lab52.io 42 Jun 15, 2022
Two PoC of accessing process virtual memory via NT Kernel

ProcessVmAccess Two PoC of accessing process virtual memory via NT Kernel Detail You've never interested in accessing process virtual memory through N

Kento Oki 15 Jun 15, 2022
Not related to software bugs and exploits; this repo contains snippets of code that demonstrate some interesting functionality or a handy trick.

Proof-of-Concept Not related to software bugs and exploits; this repo contains snippets of code that demonstrate some interesting functionality or a h

Alisa Esage 31 May 29, 2022
OpenDCDiag is an open-source project designed to identify defects and bugs in CPUs.

OpenDCDiag is an open-source project designed to identify defects and bugs in CPUs. It consists of a set of tests built around a sophisticated CPU testing framework. OpenDCDiag is primarily intended for, but not limited to, Data Center CPUs.

OpenDCDiag 21 Jun 20, 2022
Vulkan and other GPU API bugs I found.

GPU-my-list-of-bugs what is it - list of bugs I found writing shaders, mostly shader bugs. Maybe this is my code bug or/and shader bugs, but this code

Danil 7 Mar 31, 2022
GraphicsFuzz provides tools for automatically finding and simplifying bugs in graphics drivers, specifically graphics shader compilers.

GraphicsFuzz GraphicsFuzz is a set of tools for testing shader compilers GraphicsFuzz provides tools for automatically finding and simplifying bugs in

Google 499 Jun 22, 2022