Segfault when trying to read string from pointer in an injected .dll - c++

I have a .dll file that's being injected into a game's process. It tries to read a small string from a specific area of memory, but whenever that string is accessed as an std::string, the game crashes. I've only just begun scratching the surface of how program memory works, so I'm lost.
In this game, there are instances of objects that have specific properties. Those properties always have the same offset. The property I am trying to read is the Name property, which has an offset of 0x28 for every possible instance. This is the function I'm using to get the name from the instance:
std::string* GetName(int Instance) {
return (std::string*)(*(int*)(Instance + 0x28));
}
I've used a debugger/disassembler to verify that the instance is valid and that the resulting pointer has the value that I need. However, as soon as I try to do something with it, the game crashes. For example, this:
std::string objName = *GetName(obj);
Or this:
std::cout << *GetName(obj);
Or even this (when I got desperate enough):
std::string* objName = (std::string*) obj + 0x28;
std::cout << *objName;
I tried attaching my IDE's debugger to the game, and the most useful information I got was "segmentation fault" when the crash happened. Even my much more knowledgeable friends who helped me out with this are stumped as to what could be wrong.
If there isn't enough information here to find out what the problem is, could I at least get a nudge in the right direction? What could possibly be causing this?

As pointed out by MacroVirus in a comment, the solution was to store the value in a char* then convert that to a new std::string instance. It now works flawlessly. Here is the revised function:
char* GetName(int Instance) {
return (char*)(*(int*)(Instance + 0x28));
}
Thank you for the help! This was driving me crazy.

Related

Access Reading Violation when writing a DICOM with vtkDICOMWriter

I'm trying to write vtkImageData as a DICOM. I keep getting an "Access Reading Violation" when I try to write the image.
Unhandled exception at 0x00007FFDA30ECA50 : 0xC0000005: Access violation reading location 0x000001BD38D5C000
Here is my code:
vtkSmartPointer<vtkDICOMWriter> dcmWriter = vtkSmartPointer<vtkDICOMWriter>::New();
dcmWriter->SetInputData(testDat);
dcmWriter->SetFileName(fullPath.toStdString().c_str());
dcmWriter->Update(); // this line breaks
dcmWriter->Write();
testDat is a vtkSmartPointer<vtkImageData> type and has data in it. Any thoughts on whats causing the error? I can't find anything similar online.
I followed this example: https://github.com/dgobbi/vtk-dicom/blob/master/Examples/TestDICOMWriter.cxx
I don't have metadata, but that shouldn't be a problem.
I need to make some guesses here because you didn't post all of your code, but I suspect that the problem happens in the following line:
dcmWriter->SetFileName(fullPath.toStdString().c_str());
toStdString() is most probably returning a temporary std::string (fullPath looks like a Qt QString), on which you call c_str(). After the statement, your temporary is destroyed and whatever you have passed to SetFileName is now a dangling pointer. Hence the segfault.
Try the following instead::
const auto pathString = fullPath.toStdString();
dcmWriter->SetFileName(pathString.c_str());
This should hopefully work fine. Even if not, it definitely is an issue with your code.
These lines are from the example you posted:
writer->SetFilePrefix("/tmp");
writer->SetFilePattern("%s/IM-0001-%04.4d.dcm");
and you use
dcmWriter->SetFileName(fullPath.toStdString().c_str());
It seems that vtkDICOMWriter writes several files so you probably need to provide a file pattern. Anyway, it's hard to guess why it gives a reading error and it's hard to help if you don't post a full working example.
Last, vtkDICOMWriter is not a class from vtk, it was released separetely (it seems) in 2017. This means it's not tested against the rest of VTK at every new release.

How does a program interact with another program?

Alright, I'm a little bit (honestly way too) confused about how the heck I can make a program interact with another program.
For example, let's say a game, a shooter, when you run an external program and you make your character not able to die, or immediately shoot when detects an enemy, etc...
I was reading a little bit about it, and they say you have to know how the "target" is composed. But I still don't get it.
For example, let's say we've got a simple code like this:
#include <iostream>
#include <windows.h>
int main() {
for(int h = 0; ; h++) {
std::cout << "The H's value is: " << h << std::endl;
Sleep(1000);
}
return 0;
}
Then, how do I create another program where I can change the H's value to zero everytime I press any key?
Don't get me wrong, I ain't trying to hack anyone or anything, I'm just curious about how those programs work.
(Sorry if I've got some grammar issues, English isn't my native language).
Specific to your program in the exapmle if we take that the program is already compiled and you are not allowed to make any changes to the source code the solution would be to build a program which will run with high enough privileges to examine this process's memory and directly change the in-memory value of h, which should be on the top of the stack(or almost).
Speaking of some more "legal" ways to do so you should check you should read about inter process communication which can be done with multiple methods. Read this.
However most "Bots" and programs which help cheaters in games are in many cases graphics based and are able to analyse the image and thus help aim. On the other hand some "recoil reducers" simply move your mouse in the opposite direction of the recoil of the gun in game. So there is a ton of approaches to your question and for every particular case the answer might be different.

Efficient and stable YAML parser for cocos2d-x

I am developing a game using cocos2d-x and C++, and I need to load a bunch of YAML files for this application. I tried using the yaml-cpp library with quite good results.
The problem is that this library seems to be very unstable (at least under cocos2d-x on iOS), since almost 20% of the time it fails loading the same YAML file throwing "end of map not found", "invalid map element", or errors like these ones.
I followed the HowToParseADocument guide, so I think I got it correct. But, since it's not 100% reliable, I am looking for something more stable. Eg:
long size = 0;
unsigned char *yaml = FileUtils::getInstance()->getFileData("file.yml", "r", &size);
std::stringstream is;
is << yaml;
YAML::Parser parser(is);
YAML::Node doc;
while(parser.GetNextDocument(doc)) {
instance->settings = doc.Clone();
}
The parser usally breaks at the parser.GetNextDocument(doc) call. The document I am trying to read is plain YAML with key: value lists in this simple form:
# Comment
section1:
param1: value1
param2: value2
# Comment
section2:
param1: value1
param2: value2
Edit
I am not allowed to disclose the content of the original YAML file, but I can give you some information:
It only contains maps, and not arrays, aliases or other particular constructs
Those values are integers, float or strings
It has been linted with this free tool, with success.
The code I used to read it, posted up there, it's always in that form, and I do not modify it to make the app run correctly. It's just that the app starts and works or starts and does not work. Since I am changing nothing in the middle, I really do not understand what's happening.
It's a bit hard to guess at the solution because you won't provide an actual example, but:
Who owns the data at the unsigned char* returned by getFileData? If that function itself owns the data, then it is no longer valid after the function returns, and so all sorts of crazy stuff might happen.
To validate what's happening here (beyond looking at the implementation of getFileData), you could print out is.string() before calling YAML::Parser parser(is); and see if that prints the expected YAML.

RichEditBox get and set Text C++

How can I set and get the text from a RichEditBox in an Windows 8 C++ App.
I already tried these two approaches, but the program keeps crashing at runtime
cpp
contentText->Document->Selection->GetTextViaStream(Windows::UI::Text::TextGetOptions::FormatRtf, outstream);
contentText->Document->GetText(Windows::UI::Text::TextGetOptions::FormatRtf, tempOutput);
.h
private:
Platform::String^* tempOutput;
Windows::Storage::Streams::IRandomAccessStream^ outstream;
If you program crashes, that's a good thing. It doesn't actually "crash". It throws an exception and your debugger, once attached, will catch it and tell you exactly what went wrong. Next time, start your application with F5. Once it crashes, the debugger will show you what line the problem is in and you can watch all variables to check what went wrong.
In this case, make sure that
contentText is not NULL
Document is not NULL
tempOutput is initialized to a real object
Example:
Platform::String^ tempOutput = gcnew Platform::String();

How to find the real problem line in my code with Application Verifier?

I am now trying to use this Application Verifier debugging tool, but i am stuck, first of all: it breaks the program at a line that is simple variable set line (s = 1; for example)
Secondly, now when i run this program under debugger, my program seems to have changed its behaviour: i am drawing image, and now one of the colors has changed o_O, all those parts of the image that i dont draw on, has changed the color to #CDCDCD when it should be #000000, and i already set the default color to zero, still it becomes to #CDCDCD.
How do i make any sense to this?
Here is the output AV gave me:
VERIFIER STOP 00000002: pid 0x8C0: Access violation exception.
14873000 : Invalid address causing the exception
004E422C : Code address executing the invalid access
0012EB08 : Exception record
0012EB24 : Context record
AVRF: Noncontinuable verifier stop 00000002 encountered. Terminating process ...
The program '[2240] test.exe: Native' has exited with code -1073741823 (0xc0000001).
Typically when breakpoints are hit like this (via AV or an unhandled exception, etc.) inside a debugger, there is a green arrow pointing to a line of code. That arrow is pointing to the next statement to execute when the thread returns from the current function. Perhaps this green arrow is pointing to the line where you wrote "s = 1", but really the offending code is the line above it. Now I can't see your code so I can't exactly know for sure and I don't have enough rep to post a comment - but this is something that is easy to check the next time the breakpoint is hit.
I am willing to bet that s is NOT a "simple" variable. I'm much more likely to believe it's something like this:
class Foo;
int s;
void Bar() {
s = 1;
}
};
Sure, it looks like a simple s=1 statement, but in reality it is a this->s=1 statement. And if this is an invalid pointer, this->s isn't a proper variable either.