cleolibrary / CLEO-Redux

Experimental JavaScript runtime for GTA 3D era games/GTA IV/Bully
https://re.cleo.li
Other
209 stars 20 forks source link

Redux 0.9.1 cause game crash when call Memory function with string param #36

Closed tntd2k2 closed 2 years ago

tntd2k2 commented 2 years ago

This is when i run with redux 0.9.0 0 9 0 ans with redux 0.9.1 0 9 1

This is my code

const _SAMP_CHAT_INFO_OFFSET_03DL = 0x2ACA10;
const _FUNC_ADDTOCHATWND_03DL = 0x67650;
const _send_chat_message = (_color, _message) => {
    let _chat_info = Memory.Read(_library + _SAMP_CHAT_INFO_OFFSET_03DL, 4, true);
        return Memory.CallMethod(_library + _FUNC_ADDTOCHATWND_03DL, _chat_info, 5, 0, 8, _message, 0, _color, 0);
}
const _say = (_message) => {
    return Memory.CallFunction(_library + 0x5860, 1, 0, _message);
}
const _send_command = (_command) => {
    return Memory.CallFunction(_library + 0x69340, 1, 0, _command);
}
do {
    wait(1000);
    var _is_samp_available = Memory.Read(0xC8D4C0, 4, true);
} while (_is_samp_available != 9);
const _library = DynamicLibrary.Load("samp.dll");
const _player = new Player(0);
const COOLDOWN = 5000;
TIMERA = COOLDOWN;

while (true) {
    wait(250);
    if(TIMERA >= COOLDOWN) {
        TIMERA = 0;
        log('/time')
        _say('/time')
        _send_command('/time');
        _send_chat_message(0xFFFFFF, '/time');
    }
}
tntd2k2 commented 2 years ago

It's cause crash with function _send_chat_message.

x87 commented 2 years ago

Can you enable LogOpcodes option in cleo.ini and show me the cleo_redux.log?

tntd2k2 commented 2 years ago

Can you enable LogOpcodes option in cleo.ini and show me the cleo_redux.log?

22:43:49 [INFO] CLEO Redux 0.9.1 (x86)
22:43:49 [INFO] Copyright (c) 2021-2022, Seemann. Available under the license agreement at https://re.cleo.li/LICENSE.txt
22:43:49 [INFO] Visit re.cleo.li for news and updates.
22:43:49 [INFO] Host identified as San Andreas (1.0)
22:43:49 [INFO] Image base address 0x400000
22:43:49 [INFO] CleoConfig { log_opcodes: true, allow_cs: true, allow_js: true, check_updates: true, allow_fxt: true, allow_js_runtime_extensions: false, permission_level: Lax }
22:43:49 [INFO] Found another instance of CLEO. Compiled scripts support is delegated.
22:43:49 [INFO] Registering custom commands
22:43:49 [INFO] Registering unsafe command 0A8C WRITE_MEMORY with required permission mem
22:43:49 [INFO] Registering unsafe command 0A8D READ_MEMORY with required permission mem
22:43:49 [INFO] Registering unsafe command 0AA5 CALL_FUNCTION with required permission mem
22:43:49 [INFO] Registering unsafe command 0AA6 CALL_METHOD with required permission mem
22:43:49 [INFO] Registering unsafe command 0AA7 CALL_FUNCTION_RETURN with required permission mem
22:43:49 [INFO] Registering unsafe command 0AA8 CALL_METHOD_RETURN with required permission mem
22:43:49 [INFO] Registering command 0AB0 IS_KEY_PRESSED
22:43:49 [INFO] SDK version 1
22:43:49 [INFO] Loading plugins from C:\Users\dev.tntd2k2\Desktop\GTA SanAndreas Online\CLEO\CLEO_PLUGINS
22:43:49 [INFO] Meta version 0.211
22:43:49 [INFO] FXT files successfully loaded
22:43:51 [INFO] New event received: "init scripts"
22:43:51 [INFO] Started scanning the CLEO directory
22:43:51 [INFO] Found JS script C:\Users\dev.tntd2k2\Desktop\GTA SanAndreas Online\CLEO\[mem]autothuhoachluoi.js
22:43:51 [INFO] Successfully loaded [mem]autothuhoachluoi.js and created a script with the name "[mem]au"
22:43:51 [INFO] ["[mem]au"] wait(0)
22:43:51 [INFO] ["[mem]au"] wait(1000)
22:43:52 [INFO] ["[mem]au"] wait(250)
22:43:52 [INFO] ["[mem]au"] wait(5000)
22:43:57 [ERROR] script [mem]au has timed out after the default timeout of 2 seconds
22:43:57 [INFO] LastCommandDebugInfo { id: 2726, input: [Int(65893968), Int(507447824), Int(5), Int(0), Int(0), Int(16777215), Int(0), String("/time"), Int(8)], output: [], if_result: false }
22:43:57 [INFO] script "[mem]au" has been disposed
tntd2k2 commented 2 years ago

function _say and _send_command return call with string "D¡" 0 9 1_2

tntd2k2 commented 2 years ago

Another problem with Memory.CallMethod is when i call

CallMethod(address: int, struct: int, numParams: int, pop: int, ...funcParams: number[]): void;

Memory.CallMethod(_address, _struct, 5, 0, 0, _color, 0, _message, 8);

...funcParams must be [0, _color, 0, _message, 8] but it was [8, _message, 0, _color, 0]

x87 commented 2 years ago

...funcParams must be [0, _color, 0, _message, 8] but it was [8, _message, 0, _color, 0]

where do you see [8, _message, 0, _color, 0]? From your log it is

22:43:57 [INFO] LastCommandDebugInfo { id: 2726, input: [Int(65893968), Int(507447824), Int(5), Int(0), Int(0), Int(16777215), Int(0), String("/time"), Int(8)], output: [], if_result: false }

Int(0), Int(16777215), Int(0), String("/time"), Int(8)

x87 commented 2 years ago

Also passing string arguments into call functions is not supported, I'm wondering how it could have worked in 0.9.0, since those methods only accept integer numbers as arguments

tntd2k2 commented 2 years ago

...funcParams must be [0, _color, 0, _message, 8] but it was [8, _message, 0, _color, 0]

where do you see [8, _message, 0, _color, 0]? From your log it is

22:43:57 [INFO] LastCommandDebugInfo { id: 2726, input: [Int(65893968), Int(507447824), Int(5), Int(0), Int(0), Int(16777215), Int(0), String("/time"), Int(8)], output: [], if_result: false }

Int(0), Int(16777215), Int(0), String("/time"), Int(8)

I converted a snippets from ugbase.eu This is snippets in opcode

:_send_chat_message
    if
        0AA2: 2@ = "samp.dll"
    then
        0085: 3@ = 2@
        3@ += 0x2ACA10
        0A8D: 3@ = readMem 3@ sz 4 vp 1
        0085: 4@ = 2@
        4@ += 0x67650 
        0AA6: call 4@ struct 3@ num_params 5 pop 0 params 0 0@ 0 1@ 8
    end
    0AB2: 0

I have reversed the params to correct it.

https://user-images.githubusercontent.com/47687492/155567679-82588715-f092-4578-8467-304b48fca269.mp4

x87 commented 2 years ago

In JavaScript you should pass the arguments in the same order your target function expects. https://re.cleo.li/docs/en/using-memory.html#calling-foreign-functions

In SCM code they are reversed, but not in JS. Does it make sense?

x87 commented 2 years ago

So if 8 is the first argument in the method you have been calling, then your code is correct in this part.

Don't pay much attention to the order in the log

x87 commented 2 years ago

I think the only issue here is that you pass string argument directly to the function. It should not work.

Was it working 100% in 0.9.0?

tntd2k2 commented 2 years ago

I think the only issue here is that you pass string argument directly to the function. It should not work.

Was it working 100% in 0.9.0?

It was. 100%.

https://user-images.githubusercontent.com/47687492/155569226-12d43df5-e2c8-4783-82db-867be6763d9c.mp4

x87 commented 2 years ago

Ok, I will look into it

x87 commented 2 years ago

thanks for the detailed report

x87 commented 2 years ago

in 0.9.0 call_method was handled by CLEO Library that supports string arguments for this command. That is why your script worked.

Since 0.9.1 CLEO Redux handles call_method command with its own implementation that only supports number arguments. That is what confused me, as I knew string arguments have not been supported yet.

I will look into adding string arguments support in CLEO Redux.

x87 commented 2 years ago

@tntd2k2 please test with 0.9.2

tntd2k2 commented 2 years ago

@x87 Now Memory.Read() return wrong value with dll. 0 9 2 P/s: Game memory work fine only return false value with dll.

tntd2k2 commented 2 years ago

Compare with 0.9.0 0 9 0

x87 commented 2 years ago

@tntd2k2 thanks for the report. I need to clarify a few things first.

1) Was the initial issue with string arguments resolved? Does it work now? 2) Is the second issue with Memory.Read reproducible on 0.9.1?

tntd2k2 commented 2 years ago

@tntd2k2 thanks for the report. I need to clarify a few things first.

  1. Was the initial issue with string arguments resolved? Does it work now?
  2. Is the second issue with Memory.Read reproducible on 0.9.1?

@x87

  1. Because of Memory.Read() issue so i can't test with samp.dll but i have tested with Get gxt text address by gxt name and it worked. 0 9 2 aaa
tntd2k2 commented 2 years ago
  1. This is a bug from 0.9.1 Works well with game address. 0 9 1_2
tntd2k2 commented 2 years ago

Sometimes it crash when i use Memory function with game address. P/s: Tested on 0.9.1 and same error in 0.9.2 SA-MP Log:

SA-MP 0.3DL
Exception At Address: 0x0046444C
Exception: 0xC0000005 - Access violation writing location 0xFDC2C523

Registers:
EAX: 0x00005243 EBX: 0x00A43C78 ECX: 0x14AAE5C0 EDX: 0x3F477660
ESI: 0x00C1AEB8 EDI: 0x6A465243 EBP: 0x00000001 ESP: 0x073AF2B0
EFLAGS: 0x00010246

Backtrace:
0x0046444C in gta_sa.exe
0x6A46DEB5 rust_eh_personality+0x1C875 in cleo_redux.asi+0x1DEB5
0x6A46DEF0 rust_eh_personality+0x1C8B0 in cleo_redux.asi+0x1DEF0
0x6A451534 in cleo_redux.asi+0x1534
0x6A472038 rust_eh_personality+0x209F8 in cleo_redux.asi+0x22038
0x6A46C02E rust_eh_personality+0x1A9EE in cleo_redux.asi+0x1C02E
0x6A47BC78 UpdateCompareFlag+0x698 in cleo_redux.asi+0x2BC78
0x6A469C41 rust_eh_personality+0x18601 in cleo_redux.asi+0x19C41
0x6A477B3E rust_eh_personality+0x264FE in cleo_redux.asi+0x27B3E
0x6A483E69 UpdateCompareFlag+0x8889 in cleo_redux.asi+0x33E69
0x6A451339 in cleo_redux.asi+0x1339
0x6A4B4F01 UpdateCompareFlag+0x39921 in cleo_redux.asi+0x64F01
0x6A51C01A UpdateCompareFlag+0xA0A3A in cleo_redux.asi+0xCC01A
0x6A51BD01 UpdateCompareFlag+0xA0721 in cleo_redux.asi+0xCBD01
0x6A5097C4 UpdateCompareFlag+0x8E1E4 in cleo_redux.asi+0xB97C4
0x6A51CB86 UpdateCompareFlag+0xA15A6 in cleo_redux.asi+0xCCB86
0x6A51C095 UpdateCompareFlag+0xA0AB5 in cleo_redux.asi+0xCC095
0x6A56F065 UpdateCompareFlag+0xF3A85 in cleo_redux.asi+0x11F065
0x6A536053 UpdateCompareFlag+0xBAA73 in cleo_redux.asi+0xE6053

ASI plugins:
audio.asi
cleo.asi
cleo_redux.asi
MobileHud.asi
NormalMapFix.asi
OutFitFix.asi
samp.asi
SAMPGraphicRestore.asi
ShellFix.asi
StreamMemFix.asi
GTASA.WidescreenFix.asi

Cleo:
3dtext.cs
adminlist.cs
cmd.cs
Lag_03DL.cs
Wallhack RGAME.cs

Address code: 89 B4 90 60 99
Before address code: 8B 33 0F B7 C7

Stack:
+0000: 0x6A46DEB5   0x14AAE5C0   0x01BEEE38   0x00000AA8
+0010: 0x6A46DEF0   0x00000001   0x14AAE5C0   0x00000003
+0020: 0x6A451534   0x6A472038   0x14AAE5C0   0x00000AA8
+0030: 0x6A46C02E   0x01BEEE38   0x14AAE5C0   0x00000AA8
+0040: 0x0AA84D2E   0x366F1A40   0x00000040   0x00000001
+0050: 0x6A47BC78   0x6A612034   0x073AF30C   0x6A612034
+0060: 0x366F1D58   0x6A469C41   0x366F1D7A   0x073AF4D0
+0070: 0x073AF4D0   0x073AF380   0x14AAE5C0   0x073AF450

Game work: 421 sec

Pos: -2596.146240 2273.310059 8.314998

Game Version: US 1.0

Memory: 572 MB
Stream memory: 137/1024 MB

Windows 10 64 bit

Redux_log:

01:50:51 [INFO] Successfully loaded [mem][dll]3dtextlabel.js and created a script with the name "[mem][d"
01:50:51 [INFO] Loading JS runtime extensions from C:\Users\dev.tntd2k2\Desktop\San Andreas\CLEO\CLEO_PLUGINS
01:50:51 [INFO] ["[mem][d"] wait(0)
01:50:51 [INFO] ["[mem][d"] wait(1000)
01:50:52 [INFO] loading dynamic library samp.dll
01:50:52 [INFO] ["[mem][d"] wait(250)
01:50:54 [ERROR] script [mem][d has timed out after the default timeout of 2 seconds
01:50:54 [INFO] LastCommandDebugInfo { id: 2728, input: [Int(6946896), Int(12694336), Int(1), Int(0), String("CRED445")], output: [], if_result: false }
01:50:54 [INFO] script "[mem][d" has been disposed

0 9 1_3

x87 commented 2 years ago

It's difficult to narrow down a particular problem especially dealing with screenshots.

Let's focus on a single command that is not working in your opinion. I assume it's

let _chat_info = Memory.Read(_library + _SAMP_CHAT_INFO_OFFSET_03DL, 4, true);

1) What are the input arguments to this function: what is the value of _library and what is the value of _SAMP_CHAT_INFO_OFFSET_03DL? 2) What is the result stored in _chat_info? 3) What is the actual value at this address if you read it with Cheat Engine?

Please test with 0.9.2

tntd2k2 commented 2 years ago

1.

const _library = DynamicLibrary.Load('samp.dll')
const _SAMP_CHAT_INFO_OFFSET_03DL = 0x2ACA10

2, 3. I think it was problem in DynamicLibrary.Load

DynamicLibrary.Load('samp.dll') = 497865208
Memory.Read(_library, 4, true) = 61734912 (give another value when reload script)
samp.dll value in cheat engine = 9460301 (4 bytes)
x87 commented 2 years ago

Are you using dylib plugin ? Check if there is dylib.cleo in CLEO_PLUGINS. If yes, try without it.

tntd2k2 commented 2 years ago

Are you using dylib plugin ? Check if there is dylib.cleo in CLEO_PLUGINS. If yes, try without it.

@x87 It's work well when remove dylib.cleo (include string argument)

x87 commented 2 years ago

so DynamicLibrary.Load in dylib.cleo has been implemented in a way that is incompatible with the CLEO Library. What's returned as a result is not an initial address of the library code in the memory, so you can't use it to directly access the library code with Memory.Read.

tntd2k2 commented 2 years ago

so DynamicLibrary.Load in dylib.cleo has been implemented in a way that is incompatible with the CLEO Library. What's returned as a result is not an initial address of the library code in the memory, so you can't use it to directly access the library code with Memory.Read.

That's right.