Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


Sometimes it crashes the game, sometimes it doesn't...

 
Post new topic   Reply to topic    Cheat Engine Forum Index -> Cheat Engine
View previous topic :: View next topic  
Author Message
Dr.Disrespect
Grandmaster Cheater
Reputation: 3

Joined: 17 Feb 2016
Posts: 526

PostPosted: Sun May 01, 2016 6:11 am    Post subject: Sometimes it crashes the game, sometimes it doesn't... Reply with quote

Hi everyone, the following code sometimes crashes my game, I can't figure out why. Basically, it moves some data into xmm registers and does some float point calculation. Thanks in advance.

Edit:
The error message generated by Windows 10 shows something like this:
"
StackHash_bdcb
....
PCH_E6_FROM_ntdll+0x0007718C
"

It looks like it is related to the stack?

Code:

push edx
push ecx

xor edx,edx
xor ecx,ecx

mov dx,word ptr [ebx+05]

//================================

mov cl,byte ptr [edx+10]         
cvtsi2ss xmm0,ecx               
mulss xmm0,[num1]
mov cl,byte ptr [edx+12]       
cvtsi2ss xmm5,ecx             
//================================

mulss xmm5,[num2]
addss xmm0,xmm5

//===========================
xor edx,edx
mov dx,word ptr [ebx+07]
cvtsi2ss xmm5,edx
movss xmm1,[multiplier]
mulss xmm5,xmm1

//===========================
addss xmm0,xmm5
divss xmm0,[num3]
//===========================
xor edx,edx
cvtss2si edx,xmm0
xor ecx,ecx
mov cl,byte ptr [edi+game.exe+00000015]
add dl,cl
movzx eax,dl

pop ecx
pop edx

jmp exit

originalcode:
movzx eax,byte ptr [edi+game.exe+00000015]

....
....

exit:
jmp returnhere



Last edited by Dr.Disrespect on Mon May 02, 2016 12:11 pm; edited 1 time in total
Back to top
View user's profile Send private message
JohannesJoestar
Advanced Cheater
Reputation: 0

Joined: 01 Nov 2015
Posts: 79

PostPosted: Sun May 01, 2016 10:35 am    Post subject: Reply with quote

Did you try setting a breakpoint on the injection point and see exactly at which line it crashes by stepping (F7) ?
Back to top
View user's profile Send private message
Dr.Disrespect
Grandmaster Cheater
Reputation: 3

Joined: 17 Feb 2016
Posts: 526

PostPosted: Sun May 01, 2016 10:48 am    Post subject: Reply with quote

Aleynacombi wrote:
Did you try setting a breakpoint on the injection point and see exactly at which line it crashes by stepping (F7) ?


No, not yet. Because it has crashed the game only a couple times and I haven't got a chance to do that. It does not always crash the game, which is weird.
Moreover, it causes more crash on Win10 than on Win7... I have been given feedback by the users of my trainer, and all of them use win10. Can the difference of the OS systems cause this kind of problem?
Back to top
View user's profile Send private message
Zanzer
I post too much
Reputation: 126

Joined: 09 Jun 2013
Posts: 3278

PostPosted: Sun May 01, 2016 1:53 pm    Post subject: Reply with quote

Are you sure you're not overwriting something important in XMM0 or XMM5?
You sure you're not dividing by 0 in certain circumstances?

Is there other code you're not showing us?
I notice you have originalcode defined but that never gets executed.

Curious if this causes some sort of overflow exception if the answer is too big.
Code:
add dl,cl
Back to top
View user's profile Send private message
++METHOS
I post too much
Reputation: 92

Joined: 29 Oct 2010
Posts: 4197

PostPosted: Sun May 01, 2016 3:30 pm    Post subject: Reply with quote

Zanzer wrote:
Is there other code you're not showing us?
-But why would that be important? Very Happy
Back to top
View user's profile Send private message
Dr.Disrespect
Grandmaster Cheater
Reputation: 3

Joined: 17 Feb 2016
Posts: 526

PostPosted: Sun May 01, 2016 5:06 pm    Post subject: Reply with quote

Thanks for the reply guys.

@Zaner,
1. Are you sure you're not overwriting something important in XMM0 or XMM5?

I am not sure, and I think I might indeed overwrite something in the xmm registers. How to avoid that? By saving the values in xmm registers onto the stack?

2. You sure you're not dividing by 0 in certain circumstances?

I do not think so. "divss xmm0,[num3] ", num3 is 3.00, not 0.

3. Is there other code you're not showing us?

Nope.

4. I notice you have originalcode defined but that never gets executed.

Yes, I do not want the original code to be executed.

5. Curious if this causes some sort of overflow exception if the answer is too big.

I will check that out.

Thanks.
Back to top
View user's profile Send private message
ParkourPenguin
I post too much
Reputation: 138

Joined: 06 Jul 2014
Posts: 4275

PostPosted: Sun May 01, 2016 5:19 pm    Post subject: Reply with quote

May you post the asm around your injection point?
_________________
I don't know where I'm going, but I'll figure it out when I get there.
Back to top
View user's profile Send private message
Dr.Disrespect
Grandmaster Cheater
Reputation: 3

Joined: 17 Feb 2016
Posts: 526

PostPosted: Sun May 01, 2016 5:30 pm    Post subject: Reply with quote

ParkourPenguin wrote:
May you post the asm around your injection point?


Hi Penguin, here is the code around it:
Code:

add esp,04
mov [ebp-04],ffffffff
shl edi,05
xoe ecx,ecx
jmp 09600000           <------------------------- here is the injection
nop
nop
test eax,eax
cmovs eax,ecx
mov ecx,000000fa
cmp eax,ecx
cmovg eax,ecx
movd xmm0,eax
cvtdq2pd xmm0,xmm0
shr eax,1f
addsd xmm0,[eax*8+game.exe+00000859]
cvtpd2ps xmm0,xmm0
movss [ebp-10],xmm0
movsx eax,byte ptr [ebx+08]
movss xmm0,[game.exe+00051879]
cmp eax,3b
....


There are some instructions that use xmm0, would that be the problem?
Back to top
View user's profile Send private message
Zanzer
I post too much
Reputation: 126

Joined: 09 Jun 2013
Posts: 3278

PostPosted: Sun May 01, 2016 5:35 pm    Post subject: Reply with quote

Did you seriously type all that up by hand?
You know you can select lines in memory viewer and press Ctrl+C to copy them, right?

That instruction overwrites XMM0, so you're fine there. Don't know about XMM5.
Back to top
View user's profile Send private message
Dr.Disrespect
Grandmaster Cheater
Reputation: 3

Joined: 17 Feb 2016
Posts: 526

PostPosted: Sun May 01, 2016 6:13 pm    Post subject: Reply with quote

Zanzer wrote:
Did you seriously type all that up by hand?
You know you can select lines in memory viewer and press Ctrl+C to copy them, right?

That instruction overwrites XMM0, so you're fine there. Don't know about XMM5.


Sadly, I didn't know about copying opcdoe in memory viewer until you told me. Sad

So, if the instructions around the injection overwrite the xmm registers, I will be fine, right? I will check that out. Thanks, Zanzer.
Back to top
View user's profile Send private message
Zanzer
I post too much
Reputation: 126

Joined: 09 Jun 2013
Posts: 3278

PostPosted: Sun May 01, 2016 6:46 pm    Post subject: Reply with quote

End the script with:
Code:
movzx eax,dl
mov ecx,eax

And don't bother push/pop'ing ECX.
Back to top
View user's profile Send private message
Dr.Disrespect
Grandmaster Cheater
Reputation: 3

Joined: 17 Feb 2016
Posts: 526

PostPosted: Sun May 01, 2016 11:29 pm    Post subject: Reply with quote

Zanzer wrote:
End the script with:
Code:
movzx eax,dl
mov ecx,eax

And don't bother push/pop'ing ECX.


Thanks, Zanzer. Very Happy
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> Cheat Engine All times are GMT - 6 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites