|
Cheat Engine The Official Site of Cheat Engine
|
View previous topic :: View next topic |
Author |
Message |
AndryS1 How do I cheat? Reputation: 0
Joined: 11 Aug 2022 Posts: 4
|
Posted: Thu Aug 11, 2022 11:15 pm Post subject: javaInjectAgent() causes crash of the game |
|
|
I discovered for myself that the cheat engine can do some tricks with java apps and this is a very useful feature for me. But when I tried this I ran into the issue described below
When I try to inject the agent by calling javaInjectAgent() the game just crashes. I did a little research and got stuck on this: Executing the autoAssemble function with javaInjectAgent() causes the game to throw an access violation exception and exit with code 0xC0000005. At the time of the crash, there is no CEJVMTI.dll in the process modules.
I thought the game process didn't have access to the CE folder files to open CEJVMTI.dll, but running as administrator didn't help either.
Does anyone have any ideas on this? Maybe someone faced a similar problem before?
Java Runtime is 17.0.3
|
|
Back to top |
|
|
Dark Byte Site Admin Reputation: 458
Joined: 09 May 2003 Posts: 25296 Location: The netherlands
|
Posted: Fri Aug 12, 2022 3:15 am Post subject: |
|
|
are you/is the game using openjdk or oraclejdk?
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
Back to top |
|
|
AndryS1 How do I cheat? Reputation: 0
Joined: 11 Aug 2022 Posts: 4
|
Posted: Sat Aug 13, 2022 3:17 pm Post subject: |
|
|
Dark Byte wrote: | are you/is the game using openjdk or oraclejdk? |
As far as I know it uses OpenJDK. Does CE only support OracleJDK?
|
|
Back to top |
|
|
Dark Byte Site Admin Reputation: 458
Joined: 09 May 2003 Posts: 25296 Location: The netherlands
|
Posted: Sat Aug 13, 2022 5:24 pm Post subject: |
|
|
it might depend on the version.
i think there's also an environment variable you can set to make it load the ce jvmti agent
also is this a selfcompiled CE or fetched without using the installer?
if so you may have to adjust the file protections. (icacls) even if running the launcher as admin it may load the java runtime process as low integrity
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
Back to top |
|
|
AndryS1 How do I cheat? Reputation: 0
Joined: 11 Aug 2022 Posts: 4
|
Posted: Mon Aug 15, 2022 12:21 pm Post subject: |
|
|
Dark Byte wrote: | it might depend on the version.
i think there's also an environment variable you can set to make it load the ce jvmti agent
also is this a selfcompiled CE or fetched without using the installer?
if so you may have to adjust the file protections. (icacls) even if running the launcher as admin it may load the java runtime process as low integrity |
This is something more interesting. I decompiled part of jvm.dll and, to be more specific, my precious JVM_EnqueueOperation. After that I connected a debugger via IDA to see what was going wrong.
An exception occurs when the game tries to read pipename[0] (see screenshots below). Is it possible that the java.lua script is wrong? (pipename is an argument that is directly passed to the function).
Here is the lua script passed to autoAssemble function for x64 applications:
Code: | globalalloc(bla,1024)
globalalloc(cmd,16)
globalalloc(arg0,256)
globalalloc(arg1,256)
globalalloc(arg2,256)
globalalloc(result,4)
globalalloc(pipename,256)
cmd:
db 'load',0
arg0:
db ']]..dllpath..[[',0
arg1:
db 0
arg2:
db 0
pipename:
db '\\.\pipe\cejavapipe',0
bla:
sub rsp,8
sub rsp,30
mov rcx,cmd
mov rdx,arg0
mov r8,arg1
mov r9,arg2
mov [rsp],cmd
mov [rsp+8],arg0
mov [rsp+10],arg1
mov [rsp+18],arg2
mov [rsp+20],pipename
call jvm.JVM_EnqueueOperation
mov [result],eax
add rsp,38
ret
createthread(bla) |
This is how JVM_EnqueueOperation looks like to me:
at the moment the exception is thrown, pipename is equal to this:
which is invalid pointer, as you can see here:
Any idea what it can be?
|
|
Back to top |
|
|
Dark Byte Site Admin Reputation: 458
Joined: 09 May 2003 Posts: 25296 Location: The netherlands
|
Posted: Mon Aug 15, 2022 1:51 pm Post subject: |
|
|
I see. change
Code: |
mov rcx,cmd
mov rdx,arg0
mov r8,arg1
mov r9,arg2
mov [rsp],cmd
mov [rsp+8],arg0
mov [rsp+10],arg1
mov [rsp+18],arg2
mov [rsp+20],pipename
|
to
Code: |
mov rcx,cmd
mov rdx,arg0
mov r8,arg1
mov r9,arg2
mov rax,pipename
mov [rsp],rcx
mov [rsp+8],rdx
mov [rsp+10],r8
mov [rsp+18],r9
mov [rsp+20],rax
|
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
Back to top |
|
|
AndryS1 How do I cheat? Reputation: 0
Joined: 11 Aug 2022 Posts: 4
|
Posted: Tue Aug 16, 2022 5:11 pm Post subject: |
|
|
Dark Byte wrote: | I see. change
Code: |
mov rcx,cmd
mov rdx,arg0
mov r8,arg1
mov r9,arg2
mov [rsp],cmd
mov [rsp+8],arg0
mov [rsp+10],arg1
mov [rsp+18],arg2
mov [rsp+20],pipename
|
to
Code: |
mov rcx,cmd
mov rdx,arg0
mov r8,arg1
mov r9,arg2
mov rax,pipename
mov [rsp],rcx
mov [rsp+8],rdx
mov [rsp+10],r8
mov [rsp+18],r9
mov [rsp+20],rax
|
|
OMG, such a stupid mistake. I should have seen it, sorry for wasting time. Now everything works as it should, thank you very much for your help. It literally saved me.
Also, I've created a pull request on a github repo that fixes this so no one has this issue in the next version.
|
|
Back to top |
|
|
|
|
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum You cannot attach files in this forum You can download files in this forum
|
|