fivem icon indicating copy to clipboard operation
fivem copied to clipboard

Published 20 hours ago verified publisher icon citizenfx

2944: failed-jupiter-spring

Open gottfriedleibniz opened this issue 1 year ago • 8 comments

2699.16 modified some update routines to include an additional "Dependency" thread check. Some additional obfuscation was added in 2944.0 and is now causing weird interactions with FiveM. Related forum thread.

Tracing its execution: 0x140455D13/2944 (updateBusySpinner) leads to: 0x140455D13 -> 0x140A9A047 -> 0x140455238 -> 0x1412F725C. A dependency worker eventually handles it: 0x1412F2CA3 -> 0x140455F88 -> ros.dll which leads to failed-jupiter-spring.

For reference 2699.16 still contains RTTI and the relevant ROS pattern is 55 48 83 EC 20 48 8D 6C 24 20.... On my local branch I've been nop'ing 0x140A9A047/2944 because that code is not relevant.

gottfriedleibniz avatar Aug 18 '23 00:08 gottfriedleibniz

I am facing with that crash out of no where since 1 month or so. It's very sad how FiveM devs can not fix this crash for more than 1 month.

Cral-Cactus avatar Aug 23 '23 07:08 Cral-Cactus

An analysis I've read in this regard from @duk-37 implies that this is a case of PEB module iteration in a racey fashion. No-op'ing the routine would make sense if this is another anticheat check.

blattersturm avatar Aug 23 '23 10:08 blattersturm

The relevant vtable in 2699.16 is named AnticheatDetectionVerifier1003. It is the only class in that collection updated in 2944. Was unsure if details needed to be obfuscated given its nature.

If worried about second-order effects from just nop'ing parts of this subsystem, it should be possible (maybe? untested) to bypass this trigger as it just seems layered on, e.g., modify the callbacks in 0x140455238/2944 (or use custom functions that mirror 2699.16).

gottfriedleibniz avatar Aug 23 '23 15:08 gottfriedleibniz

If worried about second-order effects from just nop'ing parts of this subsystem, it should be possible (maybe? untested) to bypass this trigger as it just seems layered on, e.g., modify the callbacks in 0x140455238/2944 (or use custom functions that mirror 2699.16).

the """fix""" I had in mind is a bit less invasive than this, but for reasons you mentioned I'd rather not go into specifics; there's a reason nothing other than "broken module scan" was mentioned. Is there a way I can contact you in private?

duk-37 avatar Aug 23 '23 23:08 duk-37

Hello, a few days ago I got this crash code and I want to know what I have to do to fix this problem. I have tried everything tried and clear cache in fivem and everything you can do now to try and fix this problem. Also reinstalled fivem

Only crashes on server with game build 2944 and thought it was becoming very annoying as I have friends who can easily play on the servers without problems.

MikkelONTOP avatar Dec 21 '23 20:12 MikkelONTOP

Is there a working fix for this or an update being pushed to resolve this?

ItsVinnyX avatar Dec 26 '23 13:12 ItsVinnyX

We got the error again, is there a possible fix for it or?

JeroenKla avatar Feb 10 '24 19:02 JeroenKla

A potential fix is currently on Latest/canary. We are looking to see whether it causes regressions elsewhere. Others on the forum have also been asked to provide feedback.

gottfriedleibniz avatar Feb 16 '24 17:02 gottfriedleibniz