Executing Function in The Forest crashes Game

Bloodybone

Expert Cheater
Aug 3, 2017
117
0
16
#1
So my Problem is that if I execute an function in the Game crashes the Game

Example:
CEA:
[ENABLE]
alloc(thread,248)
createthread(thread)
registersymbol(thread)
label(jump1)
label(jump2)
label(jump3)

thread:
push rbp
mov rbp,rsp
push rsi
sub rsp,08 { 8 }
mov rsi,rcx
movzx eax,byte ptr [rsi+000000C4]
test eax,eax
jne jump1
mov byte ptr [rsi+000000C4],01 { 1 }
jmp jump2
jump1:
movzx eax,byte ptr [rsi+000000C5]
test eax,eax
jne jump3
mov byte ptr [rsi+000000C5],01 { 1 }
jmp jump2
jump3:
mov byte ptr [rsi+000000C4],00 { 0 }
mov byte ptr [rsi+000000C5],00 { 0 }
jump2:
mov rcx,rsi
sub rsp,20 { 32 }
mov r11,0000000008DC10A0 { [98EF5BE8] }
call r11
add rsp,20 { 32 }
mov rsi,[rbp-08]
leave
ret

[DISABLE]
The thing that function should do is toggle an Overlay that you can toggle with the specific debug command but I want it to be toogled through this script but when I activate it, it just crashes the game. I also tried some other functions and they all crash the game too. Therefore I think I'm doing something wrong.
 

TheyCallMeTim13

Wiki Monster
Talents
Fearless Donors
Mar 3, 2017
411
45
28
#2
What values are you PUSHing to the stack?

I think you need to figure out what arguments the function needs and PUSH those to the stack.
 

FreeER

RCE Fanatics
Talents
Mar 10, 2017
82
2
8
#3
iirc that game uses mono and you have to attach the thread to mono see DBs comment here
Though it also looks like you just copy-pasted a function and expect it to work without actually setting the expected arguments in registers or pushing a return address on the stack (it expects to be called after all, not simply run).
 

Bloodybone

Expert Cheater
Aug 3, 2017
117
0
16
#4
iirc that game uses mono and you have to attach the thread to mono see DBs comment here
Though it also looks like you just copy-pasted a function and expect it to work without actually setting the expected arguments in registers or pushing a return address on the stack (it expects to be called after all, not simply run).
I don't really know how I can attach the thread to mono. I've never done anything similar to this before and therefore I'm a noob in this kind of Stuff. And yes I just copy-pasted the function.
 
Last edited:

SunBeam

Trouble-Maker
Talents
Feb 4, 2018
576
299
63
Best answer #5
See my BattleTech table here. Check Cheat Handler script; that's how you attach/detach. Also, I highly doubt this is valid every time you open the game:

CEA:
mov r11,0000000008DC10A0 { [98EF5BE8] }
 

Bloodybone

Expert Cheater
Aug 3, 2017
117
0
16
#6
See my BattleTech table here. Check Cheat Handler script; that's how you attach/detach. Also, I highly doubt this is valid every time you open the game:

CEA:
mov r11,0000000008DC10A0 { [98EF5BE8] }
Ok that should work thanks but I still have one question: What does the "@@:" and the "short @f" mean?
 
Last edited:

SunBeam

Trouble-Maker
Talents
Feb 4, 2018
576
299
63
#7
"@@" is a generic label; doesn't stand for anything, it's just used so "je short @f" knows where to hop to. JE will hop to @@ label; @f = forward; @b = backwards. Keep in mind @f/@b will jump to first encountered label, even if it's not @@.
 

Bloodybone

Expert Cheater
Aug 3, 2017
117
0
16
#8
"@@" is a generic label; doesn't stand for anything, it's just used so "je short @f" knows where to hop to. JE will hop to @@ label; @f = forward; @b = backwards. Keep in mind @f/@b will jump to first encountered label, even if it's not @@.
Oh ok thanks :)
Post automatically merged:

I still have another little question: In your Script you have for exaple "GodMode_do" and I wan't to know if that is the function that you find if you search for it in mono or if it is a made up name because the Script has to know where it has to call so thats what I think.

Edit: I found it out but under "ToggleEnableConsole_do:", how did you find out what you had to put there like what I don't under stand is:
CEA:
mov cl,al
test cl,cl
sete cl
 
Last edited:
Top Bottom