Executing Function in The Forest crashes Game

Memory scanning, code injection, debugger internals and other gamemodding related discussion
Post Reply
Bloodybone
Table Makers
Table Makers
Posts: 209
Joined: Thu Aug 03, 2017 6:19 am
Reputation: 26

Executing Function in The Forest crashes Game

Post by Bloodybone » Mon May 14, 2018 9:38 pm

So my Problem is that if I execute an function in the Game crashes the Game



Example:

[CODE=cea][ENABLE]

alloc(thread,248)

createthread(thread)

registersymbol(thread)

label(jump1)

label(jump2)

label(jump3)



thread:

push rbp

mov rbp,rsp

push rsi

sub rsp,08 { 8 }

mov rsi,rcx

movzx eax,byte ptr [rsi+000000C4]

test eax,eax

jne jump1

mov byte ptr [rsi+000000C4],01 { 1 }

jmp jump2

jump1:

movzx eax,byte ptr [rsi+000000C5]

test eax,eax

jne jump3

mov byte ptr [rsi+000000C5],01 { 1 }

jmp jump2

jump3:

mov byte ptr [rsi+000000C4],00 { 0 }

mov byte ptr [rsi+000000C5],00 { 0 }

jump2:

mov rcx,rsi

sub rsp,20 { 32 }

mov r11,0000000008DC10A0 { [98EF5BE8] }

call r11

add rsp,20 { 32 }

mov rsi,[rbp-08]

leave

ret



[DISABLE][/CODE]



The thing that function should do is toggle an Overlay that you can toggle with the specific debug command but I want it to be toogled through this script but when I activate it, it just crashes the game. I also tried some other functions and they all crash the game too. Therefore I think I'm doing something wrong.
Last edited by Bloodybone on Thu Jan 01, 1970 12:00 am, edited 2 times in total.

User avatar
TheyCallMeTim13
Administration
Administration
Posts: 1178
Joined: Fri Mar 03, 2017 12:31 am
Reputation: 231
Contact:

Executing Function in The Forest crashes Game

Post by TheyCallMeTim13 » Mon May 14, 2018 10:08 pm

What values are you PUSHing to the stack?



I think you need to figure out what arguments the function needs and PUSH those to the stack.

User avatar
FreeER
RCE Fanatics
RCE Fanatics
Posts: 142
Joined: Fri Mar 10, 2017 7:11 pm
Reputation: 12
Contact:

Executing Function in The Forest crashes Game

Post by FreeER » Mon May 14, 2018 10:26 pm

iirc that game uses mono and you have to attach the thread to mono see [URL='https://forum.cheatengine.org/viewtopic.php?p=5722879&sid=dbe80103f49836a7f0c272e5a2bee44a#5722879']DBs comment here[/URL]

Though it also looks like you just copy-pasted a function and expect it to work without actually setting the expected arguments in registers or pushing a return address on the stack (it [I]expects [/I]to be [B]call[/B]ed after all, not simply run).

Bloodybone
Table Makers
Table Makers
Posts: 209
Joined: Thu Aug 03, 2017 6:19 am
Reputation: 26

Executing Function in The Forest crashes Game

Post by Bloodybone » Mon May 14, 2018 11:00 pm

[QUOTE="FreeER, post: 45947, member: 980"]iirc that game uses mono and you have to attach the thread to mono see [URL='https://forum.cheatengine.org/viewtopic.php?p=5722879&sid=dbe80103f49836a7f0c272e5a2bee44a#5722879']DBs comment here[/URL]

Though it also looks like you just copy-pasted a function and expect it to work without actually setting the expected arguments in registers or pushing a return address on the stack (it [I]expects [/I]to be [B]call[/B]ed after all, not simply run).[/QUOTE]

I don't really know how I can attach the thread to mono. I've never done anything similar to this before and therefore I'm a noob in this kind of Stuff. And yes I just copy-pasted the function.
Last edited by Bloodybone on Mon May 14, 2018 11:07 pm, edited 2 times in total.

User avatar
SunBeam
Trouble Makers
Trouble Makers
Posts: 1649
Joined: Sun Feb 04, 2018 7:16 pm
Reputation: 289

Executing Function in The Forest crashes Game

Post by SunBeam » Tue May 15, 2018 7:32 am

See my [B]BattleTech[/B] table [URL='https://fearlessrevolution.com/threads/battletech.6603/page-12#post-45978']here[/URL]. Check [I]Cheat Handler[/I] script; that's how you attach/detach. Also, I highly doubt this is valid every time you open the game:



[code=CEA]

mov r11,0000000008DC10A0 { [98EF5BE8] }

[/code]
Last edited by SunBeam on Thu Jan 01, 1970 12:00 am, edited 1 time in total.

Bloodybone
Table Makers
Table Makers
Posts: 209
Joined: Thu Aug 03, 2017 6:19 am
Reputation: 26

Executing Function in The Forest crashes Game

Post by Bloodybone » Tue May 15, 2018 11:49 am

[QUOTE="SunBeam, post: 45983, member: 12587"]See my [B]BattleTech[/B] table [URL='https://fearlessrevolution.com/threads/battletech.6603/page-12#post-45978']here[/URL]. Check [I]Cheat Handler[/I] script; that's how you attach/detach. Also, I highly doubt this is valid every time you open the game:



[code=CEA]

mov r11,0000000008DC10A0 { [98EF5BE8] }

[/code][/QUOTE]

Ok that should work thanks but I still have one question: What does the "@@:" and the "short @f" mean?
Last edited by Bloodybone on Tue May 15, 2018 12:05 pm, edited 2 times in total.

User avatar
SunBeam
Trouble Makers
Trouble Makers
Posts: 1649
Joined: Sun Feb 04, 2018 7:16 pm
Reputation: 289

Executing Function in The Forest crashes Game

Post by SunBeam » Tue May 15, 2018 12:21 pm

"@@" is a generic label; doesn't stand for anything, it's just used so "je short @f" knows where to hop to. JE will hop to @@ label; @f = forward; @b = backwards. Keep in mind @f/@b will jump to first encountered label, even if it's not @@.

Bloodybone
Table Makers
Table Makers
Posts: 209
Joined: Thu Aug 03, 2017 6:19 am
Reputation: 26

Executing Function in The Forest crashes Game

Post by Bloodybone » Tue May 15, 2018 12:28 pm

[QUOTE="SunBeam, post: 46000, member: 12587"]"@@" is a generic label; doesn't stand for anything, it's just used so "je short @f" knows where to hop to. JE will hop to @@ label; @f = forward; @b = backwards. Keep in mind @f/@b will jump to first encountered label, even if it's not @@.[/QUOTE]

Oh ok thanks :)

1526388402

I still have another little question: In your Script you have for exaple "GodMode_do" and I wan't to know if that is the function that you find if you search for it in mono or if it is a made up name because the Script has to know where it has to call so thats what I think.



Edit: I found it out but under "ToggleEnableConsole_do:", how did you find out what you had to put there like what I don't under stand is:

[CODE=cea]mov cl,al

test cl,cl

sete cl[/CODE]
Last edited by Bloodybone on Tue May 15, 2018 12:59 pm, edited 5 times in total.

Post Reply

Who is online

Users browsing this forum: No registered users