this post was submitted on 01 Apr 2024
46 points (97.9% liked)

Game Development

3470 readers
8 users here now

Welcome to the game development community! This is a place to talk about and post anything related to the field of game development.

Community Wiki

founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 1 points 7 months ago* (last edited 7 months ago)

Anti viruses won’t care as it won’t be injecting executable code.

When I first started working on malware for my offensive cybersec job, I felt pretty at loss about how the fuck are you supposed to execute anything, if you simply have to 1) allocate memory with READ_WRITE_EXECUTE, and then 2) execute the memory.

I thought that's something that legit programs don't have any reason to do - why would you ever need to allocate RWX memory? I've never done that in my entire programming career, and every bit of your code is already loaded into memory once you start the program - at a special, protected part of memory. There's no reason to ever allocate anything manually. And I spent a lot of time trying to figure out how to deal with this issue when writing malware, since I kind of expected that once you try to allocate RWX memory manually, and god-forbid execute it the AV will simply not allow it and flag it as highly suspicious.

Well. It turned out that actually almost everything I've ever written does use this call. A lot. That's when I learned what "JIT compilation" means, and that I've really misunderstood the basic concepts of C#.

So, surprisingly, most of programs you run (that are in C#) actually inject executable code at runtime. Although, I'm not sure if Unity actually doesn't compile into something that's not JIT C#. I guess only if you use ILL2CPP?