Corrupt.wiki
  • Videogame corruptions
    • Introduction
    • Communities
    • Safety and Ethics of Corruptions
    • What makes a good corruption?
  • Real-Time Corruptor
    • RTC Discord
    • Download RTC
    • Beginner Guides
      • Tutorial Video Guide
      • Corruption Classroom
      • Cheat Sheet Guide
    • In-Depth Guide
      • Introduction
      • Frequently Asked Questions
      • Simple Mode
      • Concepts and Vocabulary
      • General Parameters
      • Corruption Engines
      • Emulation-centric features
      • Classic Vector Lists
      • Glitch Harvester
      • Blast Editor
      • Blast Generator
      • Virtual Memory Domains
      • VMD Generator (Advanced)
      • Cluster Engine (Advanced)
      • Hotkeys
      • Tips, tricks and quirks
    • More RTC Guides
      • RTCV Dev Startup Guide
      • Running RTCV on Linux
      • How to make Passthrough Lists
      • Sequence Loader Plugin
  • Other Corruptors
    • Classic Corruptors
      • Vinesauce ROM Corruptor
      • VineCorrupt
      • Android Vinesauce ROM Corruptor
      • Lesser known corruptors
      • Old Corruptors
    • Scares Scrambler
    • Cheat Engine
    • Web-Based Corruptors
  • Systems
    • NES
      • Corrupting the NES
      • NES Architechture
      • NES Memory Domains
    • SNES
      • Corrupting the SNES
      • SNES Architechture
      • SNES Memory Domains
      • SNES Audio Tinkering
    • Sega Genesis
      • Corrupting the Sega Genesis
      • Genesis Architecture
      • Genesis Memory Domains
      • Cracking the Checksum Routine
    • N64
      • Corrupting the N64
      • N64 Architecture
      • N64 Memory Domains
      • N64 Basic/Advanced ROM Corruption
      • N64 Expert ROM Corruption
    • Gameboy Advance
      • Corrupting the GBA
      • GBA Architecture
      • GBA Memory Domains
    • Nintendo DS
      • Corrupting the DS
      • MelonDS Memory Domains
      • MelonDS-Specific Lists
      • Rom Corruption (Deprecated)
    • Gamecube/Wii
      • Corrupting the GC/Wii
      • Dolphin Memory Domains
      • Dolphin-Specific Lists
      • Using a real Wiimote with Dolphin
      • Dolphin Narry's mod (Deprecated)
    • Playstation 1
      • Corrupting the PSX
      • Advanced corruptions
    • Playstation 2
      • Corrupting the PS2
      • PCSX2 Memory Domains
      • PCSX2-specific Lists
    • Playstation 3
      • Playstation 3 Executable Corruptions
    • Xbox 360
      • Xbox 360 Executable Corruptions (Real Console)
      • Xbox 360 Executable Corruptions (Xenia)
    • Nintendo Switch
      • Switch ROM Corruptions
    • Computers & Mobile
      • Corrupting Android Unity games
      • Corrupting Files with FileStub
      • Corrupting PC Games with ProcessStub
      • Corrupting VMware snapshots
    • Java
      • Java Corruptor Plugin
      • Corrupting Minecraft with the Java Corruptor Plugin and FileStub
      • Corrupting Project Zomboid with the Java Corruptor Plugin and FileStub
Powered by GitBook
On this page
  • Corrupting Bug Fables and other Unity games
  • Jack7D1, May 2021
  • Preface:
  • Tools Used:
  • Setup:
  • Corrupting:
  • Extra Resources:

Was this helpful?

  1. Systems
  2. Computers & Mobile

Corrupting PC Games with ProcessStub

PreviousCorrupting Files with FileStubNextCorrupting VMware snapshots

Last updated 1 year ago

Was this helpful?

This is a guide for corrupting a specific Unity game using ProcessStub, however this is good enough to be a great starter for using ProcessStub on any PC game.

ProcessStub is now an optional component of RTC and is not distributed via the Launcher anymore. You can download ProcessStub as a launcher PKG file at http://optional.fun

Guide written by: Jack7D1 Software used in guide: RTCV, ProcessStub

Corrupting Bug Fables and other Unity games

Jack7D1, May 2021

Abstract:

This paper will discuss the process of corrupting Unity games using the Real Time Corrupter (RTC) and provide documentation of methods and techniques that may be used. This paper largely serves as documentation and as a guide for consequent Unity corruptions. This paper pertains to the use of the RTC and it’s Process Stub and largely to the corruption of Bug Fables. However techniques pre- sented therein have been observed to be helpful in corrupting a wide variety of modern Unity games.

Preface:

WARNING: Corrupting programs is likely to cause LOUD noises and FLASHING LIGHTS from the corrupted program. Assume that corrupting a program will result in DATA LOSS for said program, it should be assumed that corruption of a Unity game is destructive in nature in every case.

Take this into consideration before corrupting any program.

Tools Used:

It has become experimentally apparent that the RTC is best suited for modern, complex games such as Bug Fables. As such this documentation pertains to the use of the RTC with the Process Stub enabled.

Download and install the RTC online. This portion is currently well documented on the aforementioned website and is therefore beyond the scope of this documentation.1

Setup:

Figure 1: RTC Launcher after successful start

It is imperitive to heed all warnings pre- sented by the tools. However the use of a Virtual Machine (VM) is generally not required as Windows provides ample security against collateral damage from process failure.

Figure 2: Initial configuration of a fresh started Process

Stub

  1. See Extra Resources #1

It is important that the target game is fully started and in the run state before proceeding.23 At- taching the stub prior to completely loading the game may result in the game hanging or otherwise fail- ing to start or load, as such the use of Auto-attach is highly discouraged.4 In the game Bug Fables this is achieved by running the game, awaiting the main menu and then loading/creating a save. Once all loading is completed the process stub may be attached.

This Figure is largely an example, and appearance can vary widely. In this scenario the desired program is:

“Bug Fables : 14636”

The number following the process name is the Process ID (PID) and can be ignored for this purpose, however may prove useful for cross identification with a Command Line Interface.

Once the desired game is selected click Hook Process to proceed.

Figure 3: Process Stub Browse Window, Bug Fables selected.

The Addresses in the Memory Domains section can vary greatly on circumstance and are largely non-useful for the purpose at hand.

Configure the Corruption Engine to Vec- tor Engine and the Blast Radius to Pro- portional.

Figure 4: RTC window after successful attach with Bug Fables.

  1. Unity performs most all file integrity checks during program initialization, the use of Process Stub during runtime serves to bypass these checks.

  2. Hooking prior to full load will result in malformed address spaces as the data block domains are too small

  3. Auto attach uses the window title as a discriminator.

The window should now look like this.

At this time setup is complete and a corruption can be properly applied.

Corrupting:

The proper use of Memory Domains is important for successful corrupting, each dll and data block is considered a domain, however they should be organized into two “Super-Domains”.

This table has been determined experimentally.

Super-Domain Name

Dll

Resources

Filter text:

.dll

“UNKNOWN”

Corruption effects:

Physics, loading zones, base logic, nu- merical handling, events and story pro- gression, movement.

Sprites and textures, sounds and music, normal maps, lighting maps, animations, text, events, level geometry, movement.

File Domains:

All .dll files.

“data.unity3d” or ∑ ”level###” files

Stability:

Exceptionally touchy, responsible for all computation, corruption is likely to lead to crashes, however opens many corrup- tion possibilities.

Very stable, to the point of re- quiring a large bolus of intensity for observable effect to be no- ticed.

Suggested Blast Radius:

SPREAD, EVEN, PROPORTIONAL

PROPORTIONAL, BURST, NORMALIZED

Suggested Intensity:

~2000

~100000

Mode Size:

0x1000 bytes

0x401000 bytes

Corrupting both super-domains simultaneously is highly unstable and a proper method had not been found.

Switching between them can be done by entering the filter text of the target super domain into the filter text entry of the Process Stub.

Experimentation is highly encouraged by excluding certain domains via deselection or by adjusting in- tensity, blast radius, limiter list, and value list.

To apply the corruption click Manuel Blast, the corruption should now be applied. If a success then this guide is complete and may be repeated for an additional corruption.5

If the game crashes upon application then consider reducing the intensity, changing other settings or simply trying again.

  1. Manual blasts stack, however additional corruptions exponentially increase the risk of crash.

Extra Resources:

Further guides and documentation that are outside of the scope of this paper.

Begin by opening the RTC Launcher.

Ensure that ProcessStub is installed, then click on it’s icon to open the corrupter.

Attaching the stub can be done simply. Click Browse and select the game in the resulting menu.

If the corrupter window does not look like this ensure it is not in Easy mode by Clicking the ‘Normal Mode’ button in the bottom right.

For aquiring the RTC.

https://redscientist.com/rtc
https://corrupt.wiki/corruptors/rtc
Optional FunOptional Fun