Вопрос Crashing in checking illusion

[Trna]

00000157048D2A8E 83 3C 38 FF cmp dword ptr [rax+rdi],0FFFFFFFFh
0xc0000005 -> The thread tried to read from or write to a virtual address for which it does not have the appropriate access

void Hacks::ColorIfIllusion(CBaseEntity* entity)
{
    const char* className = entity->SchemaBinding()->BinaryName;

    if (!className)
        return;

    if (strstr(className, "CDOTA_Unit_Hero_ArcWarden")) return;
    if (strstr(className, "C_DOTA_Unit_Hero_Morphling")) return;
    if (strstr(className, "C_DOTA_Unit_Hero_Meepo")) return;


    const auto assignedHero = (CDOTABaseNPC_Hero*)entity;

    if (!assignedHero)
        return;

    if (assignedHero->IsIllusion()) # No access (invalid address in here)
    {
        assignedHero->SetColor(ToUC(Settings::Visuals::IllusionColor));

        if (Settings::Visuals::bIllusionHideHP)
        {
            assignedHero->SetHealthbarOffset(10000);
        }
    }
}

bool CDOTABaseNPC_Hero::IsIllusion() const
{
    return Member<ENT_HANDLE>(Netvars["C_DOTA_BaseNPC_Hero"]["m_hReplicatingOtherHeroModel"]) != (uint32_t)4294967295; # Where crash happens
}

I guess it's because I'm doing these stuff in wrong function (FrameStageNotify) and entity is getting removed when I'm doing this check. but strange thing is it's crashing in this exact location. there are a lot of other functions using entity in my FrameStageNotify hook.
Any idea why my cheat is crashing?
Edit:

 for (int32_t i = 0; i <= Interfaces::EntitySystem->GetHighestEntityIndex(); i++)
    {
        auto* entity = Interfaces::EntitySystem->GetEntity(i);

        if (!entity)
            continue;

        auto binaryName = entity->SchemaBinding()->BinaryName;

        if (!binaryName)
            continue;

        if (Settings::Visuals::bIllusionESP && strstr(binaryName, "Unit_Hero"))
        {
            Hacks::ColorIfIllusion(entity);
            continue;
        }

Okay it's the first function that I'm calling, it's because of that It's getting crashed in this function everytime. Any solution? I guess FrameStage is not good place to work with entities.

 

[Liberalist]

00000157048D2A8E 83 3C 38 FF cmp dword ptr [rax+rdi],0FFFFFFFFh
0xc0000005 -> The thread tried to read from or write to a virtual address for which it does not have the appropriate access

void Hacks::ColorIfIllusion(CBaseEntity* entity)
{
    const char* className = entity->SchemaBinding()->BinaryName;

    if (!className)
        return;

    if (strstr(className, "CDOTA_Unit_Hero_ArcWarden")) return;
    if (strstr(className, "C_DOTA_Unit_Hero_Morphling")) return;
    if (strstr(className, "C_DOTA_Unit_Hero_Meepo")) return;


    const auto assignedHero = (CDOTABaseNPC_Hero*)entity;

    if (!assignedHero)
        return;

    if (assignedHero->IsIllusion()) # No access (invalid address in here)
    {
        assignedHero->SetColor(ToUC(Settings::Visuals::IllusionColor));

        if (Settings::Visuals::bIllusionHideHP)
        {
            assignedHero->SetHealthbarOffset(10000);
        }
    }
}

bool CDOTABaseNPC_Hero::IsIllusion() const
{
    return Member<ENT_HANDLE>(Netvars["C_DOTA_BaseNPC_Hero"]["m_hReplicatingOtherHeroModel"]) != (uint32_t)4294967295; # Where crash happens
}

I guess it's because I'm doing these stuff in wrong function (FrameStageNotify) and entity is getting removed when I'm doing this check. but strange thing is it's crashing in this exact location. there are a lot of other functions using entity in my FrameStageNotify hook.
Any idea why my cheat is crashing?
Edit:

 for (int32_t i = 0; i <= Interfaces::EntitySystem->GetHighestEntityIndex(); i++)
    {
        auto* entity = Interfaces::EntitySystem->GetEntity(i);

        if (!entity)
            continue;

        auto binaryName = entity->SchemaBinding()->BinaryName;

        if (!binaryName)
            continue;

        if (Settings::Visuals::bIllusionESP && strstr(binaryName, "Unit_Hero"))
        {
            Hacks::ColorIfIllusion(entity);
            continue;
        }

Okay it's the first function that I'm calling, it's because of that It's getting crashed in this function everytime. Any solution? I guess FrameStage is not good place to work with entities.

are you actually sure you're not just calling your ColorIfIllusion on a non-C_DOTABaseNPC_Hero?
"Unit_Hero" doesn't seem like the best way to check for a hero. C_DOTA_Unit_Hero_Beastmaster_Boar for example is not a hero.
have you actually checked what entity you're crashing on?
00000157048D2A8E 83 3C 38 FF cmp dword ptr [rax+rdi],0FFFFFFFFh
what's in rax and what's in rdi(either rax or rdi should be an entity and the other should be the offset to m_hReplicatingOtherHeroModel)? check it. and then check how you obtained that entity(go to the caller's stack frame and check that i value from your loop, then manually find the entity at index i and check that there even is one, that you're not going out ouf bounds(maybe your GetHighestEntityIndex is wrong?), etc.). basically - attach a debugger(visual studio offers decent source-level debugging and in my opinion uncomfortable assembly-level debugging, whereas x64dbg offsers uncomfortable source-level debugging and decent assembly-level debugging); add some logging, identify exact circumstamces, etc.; a crash is a good thing because it's immediately noticeable and if it's consistently reproducible - that's even better because you can debug as much as you like. much better than if you had some random shit with unpredictable consequences that occured under unknown circumstances

 

[Trna]

are you actually sure you're not just calling your ColorIfIllusion on a non-C_DOTABaseNPC_Hero?
"Unit_Hero" doesn't seem like the best way to check for a hero. C_DOTA_Unit_Hero_Beastmaster_Boar for example is not a hero.
have you actually checked what entity you're crashing on?
00000157048D2A8E 83 3C 38 FF cmp dword ptr [rax+rdi],0FFFFFFFFh
what's in rax and what's in rdi(either rax or rdi should be an entity and the other should be the offset to m_hReplicatingOtherHeroModel)? check it. and then check how you obtained that entity(go to the caller's stack frame and check that i value from your loop, then manually find the entity at index i and check that there even is one, that you're not going out ouf bounds(maybe your GetHighestEntityIndex is wrong?), etc.). basically - attach a debugger(visual studio offers decent source-level debugging and in my opinion uncomfortable assembly-level debugging, whereas x64dbg offsers uncomfortable source-level debugging and decent assembly-level debugging); add some logging, identify exact circumstamces, etc.; a crash is a good thing because it's immediately noticeable and if it's consistently reproducible - that's even better because you can debug as much as you like. much better than if you had some random shit with unpredictable consequences that occured under unknown circumstances

1. I find out C_DOTA_BaseNPC->m_iUnitType. it's 1 when entity is a hero. I changed the code to:

 if (baseNpc->GetUnitType() == 1)
    {
        Hacks::ColorIfIllusion(entity);
        continue;
    }

2. I don't play with debugger attached, I analyzed the .dmp file.
rdi = 1712141965312 (entity)
rax = 6256 (m_hReplicatingOtherHeroModel)

dword ptr [rax+2100h],r15d

Here rax is CGameEntitySystem, 2100 is HighestEntityIndex and r15d = i. in dmp file r15d = 1690 when crash happens. (I can't understand if it really exists or not with just dmp file, but I don't think the issue is HighestEntityIndex offset).

I'm going to test if using m_iUnitType fixed my problem or not. thank you very much.

 

[Liberalist]

1. I find out C_DOTA_BaseNPC->m_iUnitType. it's 1 when entity is a hero. I changed the code to:

 if (baseNpc->GetUnitType() == 1)
    {
        Hacks::ColorIfIllusion(entity);
        continue;
    }

2. I don't play with debugger attached, I analyzed the .dmp file.
rdi = 1712141965312 (entity)
rax = 6256 (m_hReplicatingOtherHeroModel)

dword ptr [rax+2100h],r15d

Here rax is CGameEntitySystem, 2100 is HighestEntityIndex and r15d = i. in dmp file r15d = 1690 when crash happens. (I can't understand if it really exists or not with just dmp file, but I don't think the issue is HighestEntityIndex offset).

I'm going to test if using m_iUnitType fixed my problem or not. thank you very much.

1.
except don't forget that m_iUnitType requires the entity to be of type C_DOTA_BaseNPC at least. checking it on a non-npc will not work. you should first check that the entity is at least an npc(all entities actually have an m_bIsDOTANPC member it's just not described). read posts

Get the entitiy class name

ihave all entities but i just wanna understand which one is hero and which one is tower which one is creeps etc ... he my CBaseEntity.h , CDOTABaseNPC.h #pragma once enum DOTA_GC_TEAM : int { DOTA_GC_TEAM_GOOD_GUYS = 0, DOTA_GC_TEAM_BAD_GUYS = 1, DOTA_GC_TEAM_BROADCASTER = 2...

yougame.biz

Get the entitiy class name

ihave all entities but i just wanna understand which one is hero and which one is tower which one is creeps etc ... he my CBaseEntity.h , CDOTABaseNPC.h #pragma once enum DOTA_GC_TEAM : int { DOTA_GC_TEAM_GOOD_GUYS = 0, DOTA_GC_TEAM_BAD_GUYS = 1, DOTA_GC_TEAM_BROADCASTER = 2...

yougame.biz

2.
you might want to start playing with the debugger attached because post-mortem debugging isn't as powerful