PDA

View Full Version : RiSC5dll.dll ????

[ZSZ]Evil_Dragon
7th May, 2008, 08:18 AM
Does anyone know what this is?
(google didn't tell me...)


### -------------------------------------------------------------
### ANTHCHECKER - PLAYER KICK
### -------------------------------------------------------------
### - Player name :
### - Player IP :
### - Player OS : Windows
### - EngineVer : 436
### - RenderDev : Direct3D D3DDrv.dll
### - RenderVer : UT v436 D3D Renderer - Std/No Delta
### - RenderChksm : FE0656E088236E2F1F1D2195D0AF7040
### - RenderSize : 217088 bytes
### - TimeStamp : 07-05-2008 00:15:53
### ----------------- Additional information -----------------
### - GUID : [ZMRe<6>=e773683866>e7?@<hidden>?@<hidden>;>e91290_979330470
### - guid Valid : True
### - KickType : 9
### - AnthChecker : v1.38 (Build 8)
### - Reason : Client loaded an illegal library! (hacked)
### - File : RiSC5dll.dll
### - Checksum : 984a47f747711c0a891f0729b7ebab10
### - Ident : HACKED - Unknown Package
### -------------------------------------------------------------
foX.bl
8th May, 2008, 09:11 AM
http://www.rebellion.net.au/index.php?pageid=risc

server controller mod thing

edit: also adding this dll to the whitelist would be cool for any future versions, tia
qwerty
12th May, 2008, 12:32 AM
thanks! I was trying t find out about this.
*TNT*CryptKeeper
5th June, 2008, 05:07 PM
I would have to question the following line in your log.

### - Reason : Client loaded an illegal library! (hacked)

Why would the client load the file if you do not run this mod?

I have picked up the same issue with a UTDC log.
However I am not going to question the log because there is no reason for the file to have been called while playing on my server. So I can only assume the file is being used as a host for a bot or hack.
Also to help me in this decision I have checked the logs and found that this person was caught using an aimbot previously and because of a dynamic IP has bypassed the ban. I will now ban his entire IP range.

FYI: I have traced the IP to Melbourn Australia.

[UTDCv21] +---------------------------------------------------+
[UTDCv21] Client have corrupt memory
[UTDCv21] Player name......: xxxxxxxxxxxxxxxxx
[UTDCv21] Player IP........: xxxxxxxxxxxxxxx
[UTDCv21] Client UT version: v.4.36
[UTDCv21] Client OS........: Microsoft Windows XPx32 5.1 (Build: 2600)
[UTDCv21] D3DDrv.dll MD5...: DD6E3692F8EAD5E1DF88716024BC25D1
[UTDCv21] Core.dll MD5.....: CCF104341C7452B06295D421167DBA95 (v4.36)
[UTDCv21] Engine.dll MD5...: 30E34C2A9E0EAB908C5DA6F322F4E2D7 (v4.36)
[UTDCv21] Render.dll MD5...: 6F18D6BB2B3DC12D0D2E5AD5CC66586B (v4.36)
[UTDCv21] Galaxy.dll MD5...: CB246E9A387CC002E6EA13264AC0DC08 (v4.36)
[UTDCv21] UTDCx.dll MD5....: E9DE0EE5B80D2CEAD8AC9436D3D5B014
[UTDCv21] MAC hash.........: A377D3AD553B2CA0770A2D369D1B8CD0
[UTDCv21] Mem NTDLL image..: True
[UTDCv21] Corruption hash..: None
[UTDCv21] Altered addresses: RiSC5dll40 37F0F00->CA8278(C:\UnrealTournament_GOTYE_\System\RiSC5dll.dll),
[UTDCv21] Date/Time........: 04-06-2008 / 14:18:46
[UTDCv21] +---------------------------------------------------+
[BSC]MasterJohnny
5th June, 2008, 05:44 PM
It happens if you switch between servers without closing UT.
dodgethis
5th June, 2008, 09:37 PM
Its because of the way UT works. Native code (or classes) can/will set the RF_Keep flag, which keeps the class in memory and the dll's attached to the classes package as well :)
adminthis
5th June, 2008, 09:49 PM
.
:coolgleam