I'm having a problem that is really weird. There's an address that If I add it to the address list, or try to go to it, it makes a game instantly crash.
The line is 'UnityEngine.UI:SetPropertyUtility:SetStruct'. I don't see how that could make a game crash when I'm not injecting or enabling anything. Mono crashes and it makes the game crash. I tried on some other games and the same happens. If that address exists, it crashes the game, If it doesn't it lags Cheat Engine when typing it.
Copy/Pasting the address, makes it crash, and If I type it myself it lags Cheat Engine mid-way. Always when Mono is enabled. Here are 3 examples in the video(I only show one game, but I tried 3 more and the same thing happened):
1- It crashes when I try to add the address to the list.
2- It crashes the moment I enable Mono when having the address in the list.
3- Typing the address lags Cheat Engine and when the address is fully written, it crashes.
Edit: Fixed video URL for the forum media update.
Re: Confusing game crash [Mono problem]
Posted: Sun Mar 03, 2019 3:35 pm
by panraven
Probably the game use a special version mono-***.dll, namely mono-2.0-bdwgc.
Since ce attach to first dll named as "mono-***.dll" using LoadLibrary to use mono api,
then use getProcAddress to find *Exported* api by name,
the crash could be due to calling getProcAddress with an *un-exported* function name,
and ce don't trap exception when the getProcAddress failed.
The suspected mono function should be jit related,
since ce can parse class struct,
but crash when request a function symbol's address (the jit function entry).
Probably the game use a special version mono-***.dll, namely mono-2.0-bdwgc.
Since ce attach to first dll named as "mono-***.dll" using LoadLibrary to use mono api,
then use getProcAddress to find *Exported* api by name,
the crash could be due to calling getProcAddress with an *un-exported* function name,
and ce don't trap exception when the getProcAddress failed.
The suspected mono function should be jit related,
since ce can parse class struct,
but crash when request a function symbol's address (the jit function entry).
The crash is not exclusive to that game. I tried with multiple games, and they have the same exact problem.
And it's not a problem that occurs when attaching it on a wrong DLL. That address does exist, and you can make it work If you go manually using the Mono window and Jit. The thing is that when you try to go directly to the address, then it makes it crash.
And even If you Jit the address, and they try to go manually, the same happens.
Re: Confusing game crash [Mono problem]
Posted: Mon Mar 04, 2019 4:35 pm
by panraven
I see.
I install the game isr from steam and try to see what happens.
So I find the said class UnityEngine.UI:SetPropertyUtility in a decompiler (JustDecompile).
There is 3 function, however only SetColor is normal function, which when I replace the address in video with
UnityEngine.UI:SetPropertyUtility:SetColor the address parse successes.
The SetPropertyUtility:SetStruct is interpreted as
SetPropertyUtility:SetStruct<T> in the decompiler.
The SetPropertyUtility:SetStruct<T> actually a kind of function template, it must be feed with some type parameter (the capital T) to actually instant a function to be jit-ed specific to that type, for instance the usage of the class show by the decompiler are like SetStruct<bool> or SetStruct<float>,
these are 2 separated function in native code form if jit-ed .
It may be related to these function template nature that it cannot be jit-ed without specified the type T, but I'm not going further more
It seems it is not game play related, which most game play logic should be in Assembly-CSharp or some others, but not these generic UI assembly.
May be you can inject a custom ui assembly for your purpose instead of manipulating it using mono-api.
gl
I install the game isr from steam and try to see what happens.
So I find the said class UnityEngine.UI:SetPropertyUtility in a decompiler (JustDecompile).
There is 3 function, however only SetColor is normal function, which when I replace the address in video with
UnityEngine.UI:SetPropertyUtility:SetColor the address parse successes.
The SetPropertyUtility:SetStruct is interpreted as
SetPropertyUtility:SetStruct<T> in the decompiler.
The SetPropertyUtility:SetStruct<T> actually a kind of function template, it must be feed with some type parameter (the capital T) to actually instant a function to be jit-ed specific to that type, for instance the usage of the class show by the decompiler are like SetStruct<bool> or SetStruct<float>,
these are 2 separated function in native code form if jit-ed .
It may be related to these function template nature that it cannot be jit-ed without specified the type T, but I'm not going further more
It seems it is not game play related, which most game play logic should be in Assembly-CSharp or some others, but not these generic UI assembly.
May be you can inject a custom ui assembly for your purpose instead of manipulating it using mono-api.
gl
I understand. But the thing is that the address has things in it, it doesn't need any extra parameter from my side. As I said, you can get to it by Jitting. And when you do, the address you get is exactly 'UnityEngine.UI:SetPropertyUtility'. Then If you copy that, and try to add it to the list, it crashes.
But well... If you're right and there's an extra parameter in it, that I didn't see, then I guess I'll go from Jit instead of directly.
Thanks
Re: Confusing game crash [Mono problem]
Posted: Fri Jun 07, 2019 1:00 pm
by dharmang1910
I also face many crashes in unity games now, while backtracing and injecting. I have windows 10 64 bit latest version. Some unity games have anticheat mechanism i have found and also have exception raising api's so cheat engine can not handle exceptions and game crashes. I also face that game are not crashing in x64dbg but only crashing in Cheat engine. So i feel that in your case there is some exception raises because game lags and then crashes mostly done while exception occurs. Are you also using windows 10 as mine??
I also face many crashes in unity games now, while backtracing and injecting. I have windows 10 64 bit latest version. Some unity games have anticheat mechanism i have found and also have exception raising api's so cheat engine can not handle exceptions and game crashes. I also face that game are not crashing in x64dbg but only crashing in Cheat engine. So i feel that in your case there is some exception raises because game lags and then crashes mostly done while exception occurs. Are you also using windows 10 as mine??
Yes, I do use Windows 10. The thing is that it never happened ~3 years ago. And now I have many constant crashes and freezes. I don't know If it's because of Cheat Engine or because of how those games are made. But it's pretty annoying.
Yes, I do use Windows 10. The thing is that it never happened ~3 years ago. And now I have many constant crashes and freezes. I don't know If it's because of Cheat Engine or because of how those games are made. But it's pretty annoying.
I think there is two possibility. The core components of OS and/or .Net is getting updated or there is some compatibility issue of Cheat engine with windows 10 because DBVM is still not fully compatible with windows 10. And I'm also getting frustrated in Unity games because of frequent crashes.
Btw try this script before doing any backtracing or injecting. I have made this while debugging in x64dbg and found that game is less crashing if the game have implemented exception raising apis.
I think there is two possibility. The core components of OS and/or .Net is getting updated or there is some compatibility issue of Cheat engine with windows 10 because DBVM is still not fully compatible with windows 10. And I'm also getting frustrated in Unity games because of frequent crashes.
Btw try this script before doing any backtracing or injecting. I have made this while debugging in x64dbg and found that game is less crashing if the game have implemented exception raising apis.
I'll sure try that. I hope that it helps with the crashes.
Thanks.
