| View previous topic :: View next topic |
| Author |
Message |
savopem665
How do I cheat?
![]() Reputation: 0
Joined: 05 Feb 2020
Posts: 8
|
 Posted: Wed Jun 10, 2020 11:56 pm Post subject: Fixing a game crash with Cheat Engline |
 |
|
There's a very old single player game I'm playing that has a nasty bug I want to fix. Sometimes if you open the UI, the game crashes. It's pretty random, but the more characters you have in game, the higher the chance of this crash occurring. This bug occurs to everyone who plays the game, it is not exclusive to me. It occurs only on windows 10.
The crash is because of:
| Code: | Game.exe+1C297E - 03 81 88010000 - add eax,[ecx+00000188]
|
It has something to do with fonts and colors. A graphics issue, so it's nasty as fuck. When the game crashes, it is because it wrote null to [ecx+00000188], which happens deep inside ntdll.dll. So when this happens:
| Code: | Game.exe+1C2988 - 89 48 34 - mov [eax+34],ecx
|
The crash occurs because eax is 0x00.
This code loops for the name of every character displayed in the UI, and there are no rules that determine for which one it will crash. One time around it might crash on the 5th character, but next time it might be the 13th loop that it crashes on.
Given that the crash happens because eax was null, I thought I would be able to mitigate the crash and trade it for just a graphical glitch if I inputted a valid value for eax, and wrote it within ecx+00000188 for each character that crashes. Surprisingly, this does "somewhat" work, because the code doesn't immediately crash. It continues looping, successfuly exits the loop, runs for a lot of code, and crashes somewhere in gametick.
Given that that idea seems to not work, I don't really know what else is an option I could consider. I know how to detect whether a crash is going to happen, but I don't know how to stop it. I could hook into the function, but where the fuck would I go from there to ensure that nothing goes boom?
|
|
| Back to top |
|
 |
Csimbi
I post too much
 Reputation: 98
Joined: 14 Jul 2007
Posts: 3349
|
| Posted: Thu Jun 11, 2020 2:09 am Post subject: |
|
|
GOG.com devs are great at fixing old games.
Have you tried your luck there?
|
|
| Back to top |
|
|
savopem665
How do I cheat?
![]() Reputation: 0
Joined: 05 Feb 2020
Posts: 8
|
| Posted: Thu Jun 11, 2020 3:35 am Post subject: |
|
|
| Csimbi wrote: | GOGcom devs are great at fixing old games.
Have you tried your luck there? |
Yes, but this game is pretty niche. If I don't fix it, it is likely that no one will bother to do so. And that's why I would greatly appreciate input on how fixing games like this is supposed to be done, especially when a crash comes from gfx randomness.
|
|
| Back to top |
|
|
Csimbi
I post too much
Reputation: 98
Joined: 14 Jul 2007
Posts: 3349
|
| Posted: Thu Jun 11, 2020 11:38 am Post subject: |
|
|
Do you think the crash would not occur if the zero was not written?
If so, add a hook and check the value for 0.
If 0, skip the write.
Auto-attach and auto-enable the script for best effect.
|
|
| Back to top |
|
|
savopem665
How do I cheat?
![]() Reputation: 0
Joined: 05 Feb 2020
Posts: 8
|
| Posted: Fri Jun 12, 2020 2:34 pm Post subject: |
|
|
| Csimbi wrote: | Do you think the crash would not occur if the zero was not written?
If so, add a hook and check the value for 0.
If 0, skip the write.
Auto-attach and auto-enable the script for best effect. |
It's possible to add a breakpoint on:
| Code: | Game.exe+1C2988 - 89 48 34 - mov [eax+34],ecx
|
And then note down the value of EAX. Then continue execution, and on every next loop replace the EAX with the address that we noted down. If we also write that value into [ECX+188], the program will not crash. But this is true only if EAX had been not null in each loop. When EAX is not null, you can replace it with the stored address and it just creates a color font mismatch. But if eax was 0, it crashes after all the loops are complete. The crash is in gametick.
If [ECX+188] didn't get a proper value, the game will crash. If I try to stop the program from writing null to it, it will either have null regardless or be gibberish data, that will crash regardless.
|
|
| Back to top |
|
|
Csimbi
I post too much
Reputation: 98
Joined: 14 Jul 2007
Posts: 3349
|
| Posted: Sun Jun 14, 2020 3:59 pm Post subject: |
|
|
Well, then you could put a test there for EAX and be done with it.
Have you tried that already?
|
|
| Back to top |
|
|
savopem665
How do I cheat?
![]() Reputation: 0
Joined: 05 Feb 2020
Posts: 8
|
| Posted: Mon Jun 15, 2020 3:49 am Post subject: |
|
|
| Csimbi wrote: | Well, then you could put a test there for EAX and be done with it.
Have you tried that already? |
No, but then it would probably crash somewhere else. This is a very large function and the pointer in EAX isn't irrelevant. At one point it even does a "call EAX". But I suppose I could try to test it for every place in code where a crash happens and cross my fingers. Is there any way to make cheat engine put a breakpoint on the line right before a crash happens?
|
|
| Back to top |
|
|
Csimbi
I post too much
Reputation: 98
Joined: 14 Jul 2007
Posts: 3349
|
| Posted: Mon Jun 15, 2020 8:40 am Post subject: |
|
|
Well, a read-write to an [eax+xx] will be a crash anyway if EAX is zero.
Give it a go.
|
|
| Back to top |
|
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
