|
Cheat Engine The Official Site of Cheat Engine
|
View previous topic :: View next topic |
Author |
Message |
Dr.Disrespect Grandmaster Cheater Reputation: 3
Joined: 17 Feb 2016 Posts: 526
|
Posted: Sun May 01, 2016 6:11 am Post subject: Sometimes it crashes the game, sometimes it doesn't... |
|
|
Hi everyone, the following code sometimes crashes my game, I can't figure out why. Basically, it moves some data into xmm registers and does some float point calculation. Thanks in advance.
Edit:
The error message generated by Windows 10 shows something like this:
"
StackHash_bdcb
....
PCH_E6_FROM_ntdll+0x0007718C
"
It looks like it is related to the stack?
Code: |
push edx
push ecx
xor edx,edx
xor ecx,ecx
mov dx,word ptr [ebx+05]
//================================
mov cl,byte ptr [edx+10]
cvtsi2ss xmm0,ecx
mulss xmm0,[num1]
mov cl,byte ptr [edx+12]
cvtsi2ss xmm5,ecx
//================================
mulss xmm5,[num2]
addss xmm0,xmm5
//===========================
xor edx,edx
mov dx,word ptr [ebx+07]
cvtsi2ss xmm5,edx
movss xmm1,[multiplier]
mulss xmm5,xmm1
//===========================
addss xmm0,xmm5
divss xmm0,[num3]
//===========================
xor edx,edx
cvtss2si edx,xmm0
xor ecx,ecx
mov cl,byte ptr [edi+game.exe+00000015]
add dl,cl
movzx eax,dl
pop ecx
pop edx
jmp exit
originalcode:
movzx eax,byte ptr [edi+game.exe+00000015]
....
....
exit:
jmp returnhere
|
Last edited by Dr.Disrespect on Mon May 02, 2016 12:11 pm; edited 1 time in total |
|
Back to top |
|
|
JohannesJoestar Advanced Cheater Reputation: 0
Joined: 01 Nov 2015 Posts: 79
|
Posted: Sun May 01, 2016 10:35 am Post subject: |
|
|
Did you try setting a breakpoint on the injection point and see exactly at which line it crashes by stepping (F7) ?
|
|
Back to top |
|
|
Dr.Disrespect Grandmaster Cheater Reputation: 3
Joined: 17 Feb 2016 Posts: 526
|
Posted: Sun May 01, 2016 10:48 am Post subject: |
|
|
Aleynacombi wrote: | Did you try setting a breakpoint on the injection point and see exactly at which line it crashes by stepping (F7) ? |
No, not yet. Because it has crashed the game only a couple times and I haven't got a chance to do that. It does not always crash the game, which is weird.
Moreover, it causes more crash on Win10 than on Win7... I have been given feedback by the users of my trainer, and all of them use win10. Can the difference of the OS systems cause this kind of problem?
|
|
Back to top |
|
|
Zanzer I post too much Reputation: 126
Joined: 09 Jun 2013 Posts: 3278
|
Posted: Sun May 01, 2016 1:53 pm Post subject: |
|
|
Are you sure you're not overwriting something important in XMM0 or XMM5?
You sure you're not dividing by 0 in certain circumstances?
Is there other code you're not showing us?
I notice you have originalcode defined but that never gets executed.
Curious if this causes some sort of overflow exception if the answer is too big.
|
|
Back to top |
|
|
++METHOS I post too much Reputation: 92
Joined: 29 Oct 2010 Posts: 4197
|
Posted: Sun May 01, 2016 3:30 pm Post subject: |
|
|
Zanzer wrote: | Is there other code you're not showing us? | -But why would that be important?
|
|
Back to top |
|
|
Dr.Disrespect Grandmaster Cheater Reputation: 3
Joined: 17 Feb 2016 Posts: 526
|
Posted: Sun May 01, 2016 5:06 pm Post subject: |
|
|
Thanks for the reply guys.
@Zaner,
1. Are you sure you're not overwriting something important in XMM0 or XMM5?
I am not sure, and I think I might indeed overwrite something in the xmm registers. How to avoid that? By saving the values in xmm registers onto the stack?
2. You sure you're not dividing by 0 in certain circumstances?
I do not think so. "divss xmm0,[num3] ", num3 is 3.00, not 0.
3. Is there other code you're not showing us?
Nope.
4. I notice you have originalcode defined but that never gets executed.
Yes, I do not want the original code to be executed.
5. Curious if this causes some sort of overflow exception if the answer is too big.
I will check that out.
Thanks.
|
|
Back to top |
|
|
ParkourPenguin I post too much Reputation: 138
Joined: 06 Jul 2014 Posts: 4275
|
Posted: Sun May 01, 2016 5:19 pm Post subject: |
|
|
May you post the asm around your injection point?
_________________
I don't know where I'm going, but I'll figure it out when I get there. |
|
Back to top |
|
|
Dr.Disrespect Grandmaster Cheater Reputation: 3
Joined: 17 Feb 2016 Posts: 526
|
Posted: Sun May 01, 2016 5:30 pm Post subject: |
|
|
ParkourPenguin wrote: | May you post the asm around your injection point? |
Hi Penguin, here is the code around it:
Code: |
add esp,04
mov [ebp-04],ffffffff
shl edi,05
xoe ecx,ecx
jmp 09600000 <------------------------- here is the injection
nop
nop
test eax,eax
cmovs eax,ecx
mov ecx,000000fa
cmp eax,ecx
cmovg eax,ecx
movd xmm0,eax
cvtdq2pd xmm0,xmm0
shr eax,1f
addsd xmm0,[eax*8+game.exe+00000859]
cvtpd2ps xmm0,xmm0
movss [ebp-10],xmm0
movsx eax,byte ptr [ebx+08]
movss xmm0,[game.exe+00051879]
cmp eax,3b
....
|
There are some instructions that use xmm0, would that be the problem?
|
|
Back to top |
|
|
Zanzer I post too much Reputation: 126
Joined: 09 Jun 2013 Posts: 3278
|
Posted: Sun May 01, 2016 5:35 pm Post subject: |
|
|
Did you seriously type all that up by hand?
You know you can select lines in memory viewer and press Ctrl+C to copy them, right?
That instruction overwrites XMM0, so you're fine there. Don't know about XMM5.
|
|
Back to top |
|
|
Dr.Disrespect Grandmaster Cheater Reputation: 3
Joined: 17 Feb 2016 Posts: 526
|
Posted: Sun May 01, 2016 6:13 pm Post subject: |
|
|
Zanzer wrote: | Did you seriously type all that up by hand?
You know you can select lines in memory viewer and press Ctrl+C to copy them, right?
That instruction overwrites XMM0, so you're fine there. Don't know about XMM5. |
Sadly, I didn't know about copying opcdoe in memory viewer until you told me.
So, if the instructions around the injection overwrite the xmm registers, I will be fine, right? I will check that out. Thanks, Zanzer.
|
|
Back to top |
|
|
Zanzer I post too much Reputation: 126
Joined: 09 Jun 2013 Posts: 3278
|
Posted: Sun May 01, 2016 6:46 pm Post subject: |
|
|
End the script with:
Code: | movzx eax,dl
mov ecx,eax |
And don't bother push/pop'ing ECX.
|
|
Back to top |
|
|
Dr.Disrespect Grandmaster Cheater Reputation: 3
Joined: 17 Feb 2016 Posts: 526
|
Posted: Sun May 01, 2016 11:29 pm Post subject: |
|
|
Zanzer wrote: | End the script with:
Code: | movzx eax,dl
mov ecx,eax |
And don't bother push/pop'ing ECX. |
Thanks, Zanzer.
|
|
Back to top |
|
|
|
|
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum You cannot attach files in this forum You can download files in this forum
|
|