Weird problem crashes the game when a sequence of numbers are set, but doesn't with other sequences

Anything Cheat Engine related, bugs, suggestions, helping others, etc..
Post Reply
hjk7891
Noobzor
Noobzor
Posts: 6
Joined: Sat Jan 16, 2021 3:15 am
Reputation: 2

Weird problem crashes the game when a sequence of numbers are set, but doesn't with other sequences

Post by hjk7891 »

I made an experience multiplier for a PCSX2 game, and the table includes a custom record to specify the multiplier value. It works fine, but depending on what number the value is set, the game crashes. After some testings, I ended up with the following list:

Code: Select all

crash   3   5,6,7              13,14,15                21,22,23                29,30,31                37,38,39          43,44,45,46,47
works 2   4       8,9,10,11,12          16,17,18,19,20          24,25,26,27,28          32,33,34,35,36          40,41,42                48,49,50,51,52...
And here's the code in Lua:

Code: Select all

expUpdaterAddress = AOBScan("89 11 C7 05 B8 A1 3E 01 0C E3 20 00 A1")

if expUpdaterAddress == nil then
   showMessage("Couldn't find the updater bytes!")
   return 0
end

expUpdaterAddress = expUpdaterAddress[0]

autoAssemble([[
alloc(expMultiplier,32)
label(originalcode)
label(expMultiplierValue)
registersymbol(expMultiplierValue)

expMultiplier:

expMultiplierValue:
dd (int)10

code:
sub edx,[ecx]                   // Subtract the new EXP from the current one to get only the EXP just received.
imul edx,[expMultiplierValue]   // Multiply the newly received EXP by the multiplier value.
add edx,[ecx]                   // Sum back the current EXP to the new one.

originalcode:
mov [ecx],edx
db C7 05 B8 A1 3E 01 0C E3 20 00

jmp return

]]..expUpdaterAddress..[[:
jmp expMultiplier
nop 7
return:
]])
The same code is used in other multipliers, but they seem to work fine with whatever value.

Here's the custom input field:

Image

I have no idea why this is happening. Can it be a game-specific problem or am I missing something?
Last edited by hjk7891 on Fri Jan 22, 2021 12:36 am, edited 2 times in total.

aSwedishMagyar
Table Makers
Table Makers
Posts: 670
Joined: Mon Jul 06, 2020 3:19 am
Reputation: 1188

Re: Weird problem crashes the game when a sequence of numbers are set, but doesn't with other sequences

Post by aSwedishMagyar »

Mind posting the code around that injection point? Just make an AOB script using the template and post the additional info at the bottom of it.

hjk7891
Noobzor
Noobzor
Posts: 6
Joined: Sat Jan 16, 2021 3:15 am
Reputation: 2

Re: Weird problem crashes the game when a sequence of numbers are set, but doesn't with other sequences

Post by hjk7891 »

Code: Select all

// ORIGINAL CODE - INJECTION POINT: 3071C937

3071C906: 0F 85 55 00 00 00              -  jne 3071C961
3071C90C: 8B 15 30 9F 3E 01              -  mov edx,[pcsx2.exe+1199F30]
3071C912: 8B 0D 60 9F 3E 01              -  mov ecx,[pcsx2.exe+1199F60]
3071C918: 81 C1 28 02 00 00              -  add ecx,00000228
3071C91E: 89 C8                          -  mov eax,ecx
3071C920: C1 E8 0C                       -  shr eax,0C
3071C923: 8B 04 85 30 90 0F 1C           -  mov eax,[eax*4+1C0F9030]
3071C92A: BB 39 C9 71 30                 -  mov ebx,3071C939
3071C92F: 01 C1                          -  add ecx,eax
3071C931: 0F 88 E9 87 70 D2              -  js pcsx2.exe+2BD5120
// ---------- INJECTING HERE ----------
3071C937: 89 11                          -  mov [ecx],edx
3071C939: C7 05 B8 A1 3E 01 0C E3 20 00  -  mov [pcsx2.exe+119A1B8],0020E30C
// ---------- DONE INJECTING  ----------
3071C943: A1 D0 A2 3E 01                 -  mov eax,[pcsx2.exe+119A2D0]
3071C948: 83 C0 0E                       -  add eax,0E
3071C94B: A3 D0 A2 3E 01                 -  mov [pcsx2.exe+119A2D0],eax
3071C950: 2B 05 D0 7F 3D 01              -  sub eax,[pcsx2.exe+1187FD0]
3071C956: 0F 88 5A 00 00 00              -  js 3071C9B6
3071C95C: E9 9F B6 78 D2                 -  jmp pcsx2.exe+2C58000
3071C961: 8B 15 30 9F 3E 01              -  mov edx,[pcsx2.exe+1199F30]
3071C967: 8B 0D 60 9F 3E 01              -  mov ecx,[pcsx2.exe+1199F60]
3071C96D: 81 C1 28 02 00 00              -  add ecx,00000228
3071C973: 89 C8                          -  mov eax,ecx

sbryzl
Expert Cheater
Expert Cheater
Posts: 143
Joined: Sat Mar 04, 2017 4:47 am
Reputation: 90

Re: Weird problem crashes the game when a sequence of numbers are set, but doesn't with other sequences

Post by sbryzl »

At the injection point you jump to expMultiplier which is also where expMultiplierValue is which is 10. It's trying to read your variable as assembly code. Better to put the variable at the end or somewhere out of way or jump to code instead.

Code: Select all

expMultiplier:

code:
sub edx,[ecx]                   // Subtract the new EXP from the current one to get only the EXP just received.
imul edx,[expMultiplierValue]   // Multiply the newly received EXP by the multiplier value.
add edx,[ecx]                   // Sum back the current EXP to the new one.

originalcode:
mov [ecx],edx
db C7 05 B8 A1 3E 01 0C E3 20 00

jmp return

expMultiplierValue:
dd (int)10

aSwedishMagyar
Table Makers
Table Makers
Posts: 670
Joined: Mon Jul 06, 2020 3:19 am
Reputation: 1188

Re: Weird problem crashes the game when a sequence of numbers are set, but doesn't with other sequences

Post by aSwedishMagyar »

Try seeing what accesses 'pcsx2.exe+1199F30' and whether you can directly modify the actual added XP. Could be that the game is checking what the amount added was and what your new xp is.

I don't think it has to do with what multiplier value you are using.

Does the game crash immediately when you use that number or only after a short while?

hjk7891
Noobzor
Noobzor
Posts: 6
Joined: Sat Jan 16, 2021 3:15 am
Reputation: 2

Re: Weird problem crashes the game when a sequence of numbers are set, but doesn't with other sequences

Post by hjk7891 »

sbryzl wrote:
Fri Jan 22, 2021 12:48 am
At the injection point you jump to expMultiplier which is also where expMultiplierValue is which is 10. It's trying to read your variable as assembly code. Better to put the variable at the end or somewhere out of way or jump to code instead.
Oh, man, you're right. Changing to "jmp code" fixed it. The other multipliers all jmped to "code", that's why they were working. It's now working fine with any value. Thanks!

I still don't know though what this has to do with crashing the game when the multiplier is 3, 5 or 6, but work fine when it's 8, 9, or 10...
aSwedishMagyar wrote:
Fri Jan 22, 2021 1:09 am
I don't think it has to do with what multiplier value you are using.

Does the game crash immediately when you use that number or only after a short while?
It crashes immediately, as soon as I type one of the problematic numbers above and hit enter, the game crashes.

aSwedishMagyar
Table Makers
Table Makers
Posts: 670
Joined: Mon Jul 06, 2020 3:19 am
Reputation: 1188

Re: Weird problem crashes the game when a sequence of numbers are set, but doesn't with other sequences

Post by aSwedishMagyar »

sbryzl wrote:
Fri Jan 22, 2021 12:48 am
At the injection point you jump to expMultiplier which is also where expMultiplierValue is which is 10. It's trying to read your variable as assembly code. Better to put the variable at the end or somewhere out of way or jump to code instead.
I'm so used to putting it under the jmp return part I didn't even see that. That is definitely the issue.

Post Reply

Who is online

Users browsing this forum: No registered users