Changing execution order of Animator so it can blend with Physics

I’m trying to make an effect that a ragdolled character controlled by an animator also affected by the physics collisions. Similar to this game: Crazy Shopping.

The problem is animator controller overrides every change that happens in the Fixed Update or internal physics update (even when the animator update mode set to Animate physics). enter image description here

I think this can be achieved by some how changing the order of execution of the animator so it can happen before physics update. This way physics can affect the animated object. There are solutions like using a second object which contains the ragdoll and in the LateUpdate you can set the positions and rotations of the animated object which works ok but not the thing in my head.

ActiveRagdoll by MetalCore999 is also a really great work which i would love to learn how it works in behind.

How can i achieve this? i don’t even know if my solution would work properly?

Do you have any suggestion or a different way of thinking. I would really appreciate a road map on this.

Can’t help the engine to choose the correct execution plan

The stuff are pretty complex to share the original code (a lot of routines, a lot of tables), so I will try to summarize.

Environment:

  • SQL Server 2016
  • standard edition

Objects:

  • wide table with the following columns:

    ID BIGINT PK IDENTITY Filter01  Filter02  Filter03  .. and many columns    
  • stored procedure returning visible ID from the given table depending on filter parameters

  • the table has the following indexes:

    PK on ID NCI on Filter01 INCLUDE(Filter02, Filter03) NCI on Filter02 INCLUDE(Filter01, Filter03) 

Basically, in the routine I am creating three temporary tables – each holding current filtering values and then join them with the main table. In some cases, Filter02 values are not specified (so the join with this table is skipped) – the other tables are always joined. So, I have something like this:

SELECT * FROM maintable  INNER JOIN #Filter01Values -- always exists INNER JOIN #Filter02Values -- sometimes skipped INNER JOIN #Filter03Values -- always exists 

So, how the IDs are distributed – in 99% of the cases it will be best to filter by Filter02Value and I guess, because of this, the engine is using the NCI on Filter02 INCLUDE(Filter01, Filter03) index.

The issue is that in the rest 1% the query fails badly:

enter image description here

In green is the Filter02 values table and you can see that filtering on this does not reduce the read rows at all. Then when the filtering by Filter01 is done (in red) about 100 rows are returned.

So, this is happening only when the stored procedure is executed. If I execute its code with these parameters I nice execution plan:

enter image description here

In such case, the engine is filtering by Filter01 first and Filter02 third.

I am building and executing dynamic T-SQL statement and I add OPTION(RECOMPILE) at at the end, but it does not change anything. If I add WITH RECOMPILE on the stored procedure level, everything is fine.

Note, the values in the temporary tables for filtering are not populating in the dynamic-tsql statement. The tables are defined, populated and then the statement is built.

So, my questions are:

  • is the engine building a new plan for my dynamic statement as I have OPTION(recompile) – if yes, why is wrong
  • is the engine using the values populated in my filter02 temporary table to build the initial plan – maybe yes, that’s why it is choosing the wrong plan
  • using recompile on procedure level feels very hard/lazy fix – do you have any ideas how I can assist the engine further and skip this option – new indexes for examples (I have try a lot)

Is there a vulnerability other than XSS which can result in client side script execution?

If the intention of attacker is to execute an arbitrary client side script in the context of a web application, is XSS the only possible attack other than compromising the server with an RCE or a sub-resource supply chain attack? I am looking for attacks which can be mitigated by an application owner rather than attacks which the application cannot control.

  • XSS is Cross Site Scripting – Be it reflected, persistent or DOM based.
  • A sub-resource supply chain attack is where you compromise a sub resource such as CSS, javascript, flash objects etc by compromising the supply chain ie; compromising the CDNs, S3 buckets etc or by MITM a subresource loaded over non-https channel.

Journey of a process from compilation to execution

I am reading operating system, and after reading some topics (Processes, Main Memory management) I got somewhat confused. I have knowledge about certain things but I am not able to combine and visualize them. Let’s take an example – I have a simple programme as follow:

#include<bits/stdc++.h> using namespace std;  int add(int a,int b){   return a+b; }  int main(){   int a=1,b=2;   int c=add(a,b);   cout<<c<<endl; } 

I want to know how this program will be loaded into the main memory and how will be getting the computation done.
I have certain points which I want to incorporate in the overall process.

  1. At what stage and where will I be getting the 4 sections of memory .( Text, Data, Stack and Heap).
  2. At what stage will the process be getting its PCB(Process Control Block.) Does PCB contains the 4 sections of process?
  3. When and where is the role of CPU?
  4. Address binding.
  5. Loading
  6. Linking.
  7. Logical and physical address space.
  8. Paging

    Please explain how the process will be executed including the above steps and other steps which take place in general.
    P.S. Please explain by assuming some memory addresses.

Does a generator really stops the execution at the machine code level, and does it not use the stack?

Never have I heard of a partially executed function before. But it seems the idea of it has been out for some time. Does a generator really stop execution at the machine code level, and that next time when the iterator is invoked, then there is a jump back to that machine code location to continue the execution?

It seems quite strange, as

  1. it differ from mathmatics for what a function is.
  2. the traditional function will add to the stack, and once finished, everything is popped from the stack. But the generator is like a function that stays… so nothing is popped from the stack. So does it use something other than the stack for memory?

Example: JavaScript ES6 Generator:

function* generator() {     yield 1;     yield 3;     yield 5; }  const iterator = generator();  console.log(iterator.next()); console.log(iterator.next()); console.log(iterator.next()); console.log(iterator.next()); 

result:

{value: 1, done: false} {value: 3, done: false} {value: 5, done: false} {value: undefined, done: true} 

Does a Buffer Overflow vulnerability always mean a code execution vulnerability?

Since Buffer Overflows always let an evil hacker to write outside the buffer and overwrite the return pointer to a shellcode the evil hacker can place, does it mean that a successful exploitation of a Stack Buffer Overflow always mean the ability to invoke a shell if done the right way? At least in theory, if you assume that DEP and ASLR is not in place.

Remote code execution over WAN

Say I am on a a computer behind a NAT and I want to execute an RCE exploit on another computer behind a different NAT(note that no ports are forwarded to the victim’s computer on his/her NAT) Could I then run an exploit like this(assuming that I already know that the target computer is vulnerable to that exploit) and hope to get a shell, if yes what changes are to be implemented such that the exploit is successful?

How to avoid neccessity to re-enter password during schell script execution

I am working on a shell script performing recurring tasks of

  • git commit
  • git push
  • mvn release:prepare
  • mvn release:perform

in a couple of paths of a JAVA software project.

Now each of these commands asks for my rsa token password at least once, sometimes even multiple times: “Enter passphrase for key /…./.ssh/id_rsa:”

Is there a way to get around this? It would be OK if I had to enter the password once per script execution.

One boundary condition: I cannot use “spawn, expect, send”