Avaritia for Unreal Engine
This documentation describes how to integrate Avaritia for Unreal Engine.
Avaritia does NOT support architectures rather than AMD64.
Environment
- City Sample (opens in a new tab)
- Unreal Engine 5.3
CL-30020700
(4366a439b06fdf3c3e300016a53d1d427a1fbc08
) built from source - MSVC
19.40.33813
Building Unreal from source
Building Unreal Engine from source is crucial in this case where we integrating special component - Avaritia for hardening security.
- Optimizing build requires Unreal Engine built from source.
- You will be able to apply custom patches for hardening.
- Whole optimizations could be applied which pre-built binaries does not have.
- Some runtime components could be linked statically (AWS GameLift modules for example, as well as built-in's)
For more information about how to build Unreal Engine from source, see The Official Documentation (opens in a new tab).
Step 1. Cloning Unreal Source
Unreal Engine has very long path and we highly recommend to clone the source on the root of your disk C://UE53
to avoid path length issues.
If you do not have an access to Unreal Engine source, you will need to gain access (opens in a new tab).
Clone and checkout the CL-30020700
, where we use the source from.
git clone https://github.com/EpicGames/UnrealEngine UE53
cd UE53
git checkout "4366a439b06fdf3c3e300016a53d1d427a1fbc08"
Step 2. Patching traditional errors
Unreal Engine source builds are mostly broken even if cloned from the official release tags and you need to fix them menually.
In this documentation, we provide two patches for you.
You can apply these patches by git apply ./my.patch
within the Git context. See git-apply documentation (opens in a new tab).
diff --git a/Engine/Source/Programs/AutomationTool/BuildGraph/BgScriptReader.cs b/Engine/Source/Programs/AutomationTool/BuildGraph/BgScriptReader.cs
index 7b829e22e9dc..ad4e88187509 100644
--- a/Engine/Source/Programs/AutomationTool/BuildGraph/BgScriptReader.cs
+++ b/Engine/Source/Programs/AutomationTool/BuildGraph/BgScriptReader.cs
@@ -1637,7 +1637,10 @@ namespace AutomationTool
BgReport? report;
if (_graph.NameToReport.TryGetValue(reportName, out report))
{
- report.NotifyUsers.UnionWith(users);
+ if (users != null)
+ {
+ report.NotifyUsers.UnionWith(users);
+ }
}
else
{
Step 3. Building
Run the Setup.bat
within the root directory and GenerateProjectFiles.bat
to generate VS solution respectively.
Once you've completed, open UE5.sln
and set Development
- Win64
and build the solution.
This step can take up to 1-2 hours depends on the machine.
Optimizing CitySample
Before building the CitySample, you need to apply some patches to the CitySample project to optimize the build specifically for Avaritia.
// Copyright Epic Games, Inc. All Rights Reserved.
using UnrealBuildTool;
using System;
public class CitySampleTarget : TargetRules
{
public CitySampleTarget(TargetInfo Target) : base(Target)
{
Type = TargetType.Game;
DefaultBuildSettings = BuildSettingsVersion.V4;
ExtraModuleNames.Add("CitySample");
if (BuildEnvironment == TargetBuildEnvironment.Unique)
{
bUseLoggingInShipping = true;
}
if (Target.Platform == UnrealTargetPlatform.Win64)
{
if (Target.Configuration == UnrealTargetConfiguration.Shipping)
{
if (WindowsPlatform.Compiler == WindowsCompiler.VisualStudio2019 ||
WindowsPlatform.Compiler == WindowsCompiler.VisualStudio2022)
{
// Move jump tables to a read-only section.
AdditionalLinkerArguments += " /d2:-jumptablerdata"; // Linker
AdditionalCompilerArguments += " /d2jumptablerdata"; // Compiler
// Generates deterministic binaries.
AdditionalLinkerArguments += " /BREPRO";
// Remove fingerprinting information from the binary.
AdditionalLinkerArguments += " /NOVCFEATURE";
AdditionalLinkerArguments += " /NOCOFFGRPINFO";
}
else if (WindowsPlatform.Compiler == WindowsCompiler.Clang)
{
// Do not generate jump tables if the compiler is Clang.
AdditionalCompilerArguments += " -fno-jump-tables";
}
// Do not strip PDBs. It is required for Avaritia submission and troubleshooting.
// Save the PDB on your symbol server is highly recommended.
bUsePDBFiles = true;
bUseFastPDBLinking = false;
}
}
}
}
Submitting your binary
After building your CitySample project, your directory should look like below.
- CitySample.exe: This is an Unreal Engine bootstrapper to check if dependencies (specifically VC++ redistributables) are met. This executable does not have to be protected.
- CitySample-Win64-Shipping.exe: This is the main executable that you need to protect.
- CitySample-Win64-Shipping.pdb: This PDB symbol file is required for troubleshooting and submitting to Avaritia. Unreal Engine does not put the PDB on the dist directory by default but you may fin this under
$(ProjectDir)/Binaries/Win64
.
PDB symbol file is preffered to save on your symbol server and kept secret. Do NOT publish or distribute any PDBs. See Reproducible Build for more information.
- CitySample-Win64-Shipping.exe
- OpenImageDenoise.dll
- tbb.dll
- tbb12.dll
- tbbmalloc.dll
- ...
- CitySample.exe
This is the template configuration at this time. You should adjust the configuration according to your needs.
{
"import_name": "stub.dll",
"protect_import": true,
"destroy_export": true,
"remove_rich_header": true,
"singleton": false,
"binary_encryption": {
"encrypt_code_chunks": true,
"encrypt_data_chunks": true,
"detect_code_chunk_read": true,
"detect_code_chunk_tampering": true,
"all_reencryption_threshold": 70,
"ignore_no_function_discovered_chunks": true
},
"crash_handler": {
"catch_unhandled_exception": true,
"dispatch_unhandled_exception": false
},
"compatibility": {
"deny_insider_preview": false,
"wine": {
"deny_wine": true
},
"windows7": {
"deny_build_7601": true
},
"windows8": {
"deny_build_9200": true,
"deny_build_9600": true
},
"windows10": {
"deny_build_10240": false,
"deny_build_10586": false,
"deny_build_14393": false,
"deny_build_15063": false,
"deny_build_16299": false,
"deny_build_17134": false,
"deny_build_17763": false,
"deny_build_18362": false,
"deny_build_18363": false,
"deny_build_19041": false,
"deny_build_19042": false,
"deny_build_19043": false,
"deny_build_19044": false,
"deny_build_19045": false
},
"windows11": {
"deny_build_22000": false,
"deny_build_22621": false,
"deny_build_22631": false
},
"custom_windows": {
"deny_revios": true
}
}
}