Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


javaInjectAgent() causes crash of the game

 
Post new topic   Reply to topic    Cheat Engine Forum Index -> Cheat Engine Lua Scripting
View previous topic :: View next topic  
Author Message
AndryS1
How do I cheat?
Reputation: 0

Joined: 11 Aug 2022
Posts: 4

PostPosted: Thu Aug 11, 2022 11:15 pm    Post subject: javaInjectAgent() causes crash of the game Reply with quote

I discovered for myself that the cheat engine can do some tricks with java apps and this is a very useful feature for me. But when I tried this I ran into the issue described below
When I try to inject the agent by calling javaInjectAgent() the game just crashes. I did a little research and got stuck on this: Executing the autoAssemble function with javaInjectAgent() causes the game to throw an access violation exception and exit with code 0xC0000005. At the time of the crash, there is no CEJVMTI.dll in the process modules.
I thought the game process didn't have access to the CE folder files to open CEJVMTI.dll, but running as administrator didn't help either.

Does anyone have any ideas on this? Maybe someone faced a similar problem before?

Java Runtime is 17.0.3
Back to top
View user's profile Send private message
Dark Byte
Site Admin
Reputation: 457

Joined: 09 May 2003
Posts: 25262
Location: The netherlands

PostPosted: Fri Aug 12, 2022 3:15 am    Post subject: Reply with quote

are you/is the game using openjdk or oraclejdk?
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.

Like my help? Join me on Patreon so i can keep helping
Back to top
View user's profile Send private message MSN Messenger
AndryS1
How do I cheat?
Reputation: 0

Joined: 11 Aug 2022
Posts: 4

PostPosted: Sat Aug 13, 2022 3:17 pm    Post subject: Reply with quote

Dark Byte wrote:
are you/is the game using openjdk or oraclejdk?

As far as I know it uses OpenJDK. Does CE only support OracleJDK?
Back to top
View user's profile Send private message
Dark Byte
Site Admin
Reputation: 457

Joined: 09 May 2003
Posts: 25262
Location: The netherlands

PostPosted: Sat Aug 13, 2022 5:24 pm    Post subject: Reply with quote

it might depend on the version.

i think there's also an environment variable you can set to make it load the ce jvmti agent

also is this a selfcompiled CE or fetched without using the installer?
if so you may have to adjust the file protections. (icacls) even if running the launcher as admin it may load the java runtime process as low integrity

_________________
Do not ask me about online cheats. I don't know any and wont help finding them.

Like my help? Join me on Patreon so i can keep helping
Back to top
View user's profile Send private message MSN Messenger
AndryS1
How do I cheat?
Reputation: 0

Joined: 11 Aug 2022
Posts: 4

PostPosted: Mon Aug 15, 2022 12:21 pm    Post subject: Reply with quote

Dark Byte wrote:
it might depend on the version.

i think there's also an environment variable you can set to make it load the ce jvmti agent

also is this a selfcompiled CE or fetched without using the installer?
if so you may have to adjust the file protections. (icacls) even if running the launcher as admin it may load the java runtime process as low integrity

This is something more interesting. I decompiled part of jvm.dll and, to be more specific, my precious JVM_EnqueueOperation. After that I connected a debugger via IDA to see what was going wrong.
An exception occurs when the game tries to read pipename[0] (see screenshots below). Is it possible that the java.lua script is wrong? (pipename is an argument that is directly passed to the function).
Here is the lua script passed to autoAssemble function for x64 applications:
Code:
                globalalloc(bla,1024)
               
                globalalloc(cmd,16)
                globalalloc(arg0,256)
                globalalloc(arg1,256)
                globalalloc(arg2,256)
                globalalloc(result,4)
               
                globalalloc(pipename,256)
               
                cmd:
                db 'load',0
               
                arg0:
               
                db ']]..dllpath..[[',0
               
                arg1:
                db 0
               
                arg2:
                db 0
               
                pipename:
                db '\\.\pipe\cejavapipe',0
               
               
                bla:
                sub rsp,8
                sub rsp,30
               
                mov rcx,cmd
                mov rdx,arg0
                mov r8,arg1
                mov r9,arg2
               
                mov [rsp],cmd
                mov [rsp+8],arg0
                mov [rsp+10],arg1
                mov [rsp+18],arg2
                mov [rsp+20],pipename
               
                call jvm.JVM_EnqueueOperation
                mov [result],eax
               
                add rsp,38
                ret
               
                createthread(bla)

This is how JVM_EnqueueOperation looks like to me:

at the moment the exception is thrown, pipename is equal to this:

which is invalid pointer, as you can see here:

Any idea what it can be?
Back to top
View user's profile Send private message
Dark Byte
Site Admin
Reputation: 457

Joined: 09 May 2003
Posts: 25262
Location: The netherlands

PostPosted: Mon Aug 15, 2022 1:51 pm    Post subject: Reply with quote

I see. change
Code:

mov rcx,cmd
mov rdx,arg0
mov r8,arg1
mov r9,arg2
               
mov [rsp],cmd
mov [rsp+8],arg0
mov [rsp+10],arg1
mov [rsp+18],arg2
mov [rsp+20],pipename

to
Code:

mov rcx,cmd
mov rdx,arg0
mov r8,arg1
mov r9,arg2
mov rax,pipename
               
mov [rsp],rcx
mov [rsp+8],rdx
mov [rsp+10],r8
mov [rsp+18],r9
mov [rsp+20],rax

_________________
Do not ask me about online cheats. I don't know any and wont help finding them.

Like my help? Join me on Patreon so i can keep helping
Back to top
View user's profile Send private message MSN Messenger
AndryS1
How do I cheat?
Reputation: 0

Joined: 11 Aug 2022
Posts: 4

PostPosted: Tue Aug 16, 2022 5:11 pm    Post subject: Reply with quote

Dark Byte wrote:
I see. change
Code:

mov rcx,cmd
mov rdx,arg0
mov r8,arg1
mov r9,arg2
               
mov [rsp],cmd
mov [rsp+8],arg0
mov [rsp+10],arg1
mov [rsp+18],arg2
mov [rsp+20],pipename

to
Code:

mov rcx,cmd
mov rdx,arg0
mov r8,arg1
mov r9,arg2
mov rax,pipename
               
mov [rsp],rcx
mov [rsp+8],rdx
mov [rsp+10],r8
mov [rsp+18],r9
mov [rsp+20],rax

OMG, such a stupid mistake. I should have seen it, sorry for wasting time. Now everything works as it should, thank you very much for your help. It literally saved me.
Also, I've created a pull request on a github repo that fixes this so no one has this issue in the next version.
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> Cheat Engine Lua Scripting All times are GMT - 6 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites