Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


Detecting point of crash with Cheat Engine Debugger

 
Post new topic   Reply to topic    Cheat Engine Forum Index -> Cheat Engine
View previous topic :: View next topic  
Author Message
anssik
How do I cheat?
Reputation: 0

Joined: 26 Mar 2014
Posts: 4

PostPosted: Wed Mar 26, 2014 1:45 pm    Post subject: Detecting point of crash with Cheat Engine Debugger Reply with quote

Hello !

I am debugging a program without source code, and trying to fix a crash. The program has anti-debugger capabilities , and shuts down when using Ollydbg , but I found the CE's VEH debugger the solve this problem and being able to attach to it.

So my question is, how do I follow the programs execution in the debugger and locate the point in memory where the crash occurs?
Back to top
View user's profile Send private message
Gniarf
Grandmaster Cheater Supreme
Reputation: 43

Joined: 12 Mar 2012
Posts: 1285

PostPosted: Wed Mar 26, 2014 2:15 pm    Post subject: Reply with quote

Simplest way to find where a program crashed it to ask windows. You remember the popup that tell you the program crashed and asks you if you want to submit an error report to MS? Click on "View problem details", the crash occurred at Fault Module Name+Exception Offset.

Also you could try attaching ollydbg AFTER the program has crashed (set olly as JIT debugger), the protection might let you enough time to at least see the function that crashed.

You could also use CE to view debug events (memory viewer->view->debug events) once a debugger has been attached.

_________________
DO NOT PM me if you want help on making/fixing/using a hack.
Back to top
View user's profile Send private message
anssik
How do I cheat?
Reputation: 0

Joined: 26 Mar 2014
Posts: 4

PostPosted: Wed Mar 26, 2014 2:19 pm    Post subject: Reply with quote

Thank you for replying.

Such popup does not happen? It just crashes to desktop without any error messages.

I figured the program calls KernelBase.RaiseException though on the crashing point (I used Debug Events), but I can't figure out how to go a step back to see which part of the code calls the function.

If I place a breakpoint using F5 to the RaiseException function, my whole desktop freezes (I think it breakpoints the function for all other programs too then).
Back to top
View user's profile Send private message
Gniarf
Grandmaster Cheater Supreme
Reputation: 43

Joined: 12 Mar 2012
Posts: 1285

PostPosted: Wed Mar 26, 2014 2:54 pm    Post subject: Reply with quote

Crap I guess the have something like (in c++)
Code:
try:
{
  //some code
  if (problem)
    throw("DeadlyError");
}
catch(...)
{
  ExitProcess(-1);
}


I can't think of a good way to locate the crashpoint there (maybe someone else has an idea), my least bad solution is to put a breakpoint in a known safe location before the crash (try to find a function related to what you where doing just before the crash) and trace over/out until you crash. Then restart game, and step into the last function you stepped over before the crash.

You could also use olly to find the address of all call dword [&Kernel32.RaiseException] (usually programs call the kernel32 version which then calls the kernelbase one; BTW see if you can put a BP there), then put BPs there with CE... But that will only work is this module called RaiseException directly (and not one of its dlls).

_________________
DO NOT PM me if you want help on making/fixing/using a hack.
Back to top
View user's profile Send private message
anssik
How do I cheat?
Reputation: 0

Joined: 26 Mar 2014
Posts: 4

PostPosted: Wed Mar 26, 2014 5:38 pm    Post subject: Reply with quote

I think I have located the function that crashes to one of the DLLs. The problems are , that the crash is random, so it does not always occur, and also that it's in a middle of a join procedure in a multiplayer game, so I really cant just break on every step or the other end timeouts the procedure. Is it possible to record two traces and compare them somehow, like one where the join succeeds and one where it crashes in the middle of the joining process?
Back to top
View user's profile Send private message
Gniarf
Grandmaster Cheater Supreme
Reputation: 43

Joined: 12 Mar 2012
Posts: 1285

PostPosted: Wed Mar 26, 2014 5:54 pm    Post subject: Reply with quote

CE has something called the ultimap, which should be a bit like olly's run trace but requires the kernel mode debugger (aka DBVM). I've never used it so I can give more help in that regard (I kinda have an allergy to DBVM).

The other option would be to put breakpoints at key points, and then use a lua script that would log some stuff and near instantly resume execution. If you want to go that way, consult main.lua in your cheat engine dir and look up debugger_onBreakpoint(). BTW you can write text files with lua.


...And just in case, are you sure the protection will let you fix the bug once you locate it? 'Coz if you fix the bug but the protection thinks your code modification is a cracking/cheat attempt and CTD or bans you, then you're probably going to rage hard. If it does have integrity checks, stealthedit (plugin for CE) might help. Might.

_________________
DO NOT PM me if you want help on making/fixing/using a hack.
Back to top
View user's profile Send private message
anssik
How do I cheat?
Reputation: 0

Joined: 26 Mar 2014
Posts: 4

PostPosted: Wed Mar 26, 2014 6:18 pm    Post subject: Reply with quote

Ultimap says it works only on Intel processors. I have AMD. Sad

Yeah the game's protection crashes the game if any of the game's memory space is modified, but the DLL can be hex edited and it does not crash.

I'm going to check the LUA stuff out. Thanks.
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> Cheat Engine All times are GMT - 6 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites