Cheat Engine - crashes attaching to app?

[apocalyptech]

I've been attempting to use Cheat Engine 7.0 to assist in some modding (namely, to use DLL Injection to enable the ingame console for a game which doesn't otherwise allow it), but I've been having a fairly consistent crash when trying to attach it to the process in question. I'd been assuming that it just Wasn't Going To Work At All (and was prepared to admit defeat), but for some unknown-to-me reason yesterday, it started working without any obvious changes on my end, for a good hour or so, though multiple launches of the game in question. Even the DLL injection worked great. I then took a few hours' break to have dinner and run some other errands, though, and when I got back, it was back to the crashing behavior.

For some further details, the game itself was Borderlands 3 (via Epic Games Store), being run via a Protonified Wine install provided by Lutris. I'd been launching CE with the same environment vars that the game was using, including WINEPREFIX, which presumably works fine because it sees the proper processes and even worked perfectly for awhile yesterday. Rather than continuing to try launching the game constantly, I've taken to trying to attach CE to the EGS process itself, which is crashing CE in the same way, so at the moment I'm not even trying to attach to the game itself. I did try attaching it to some other processes running inside the same WINEPREFIX (such as a running "winecfg" process) and that did work fine - CE attached properly and I was able to browse memory and the like. So clearly it's at least partially working, maybe related somehow to executable size or something? Though I'm still mystified as to why it started working for awhile without warning yesterday.

When CE crashes, the terminal where I've launched it gets a bunch of these:

Code: Select all

011c:err:dbghelp_msc:pe_load_debug_directory Got a page fault while loading symbols

But possibly the more relevant error might be this one:

Code: Select all

wine: Unhandled page fault on read access to 0x7fbe9c920008 at address 0x7bc80dab (thread 0168)

One thing that I do still have in place is that I've done a "setcap cap_sys_ptrace=eip wineserver" on the wineserver in question, which I've heard might be required in order to allow CE to peek into other processes' memory, so that's been set up for some time. I've also read about the possibility of setting /proc/sys/kernel/yama/ptrace_scope to a lower security level, though I wouldn't be fond of that as a long-term solution. I'd tried it out briefly anyway and it didn't seem to make a difference.

One potential culprit which was brought up in IRC when I asked there was that I could potentially be running into weirdness related to address randomization, which might certainly go a long way to explaining the oddity of having it work totally fine for awhile yesterday -- I'd be especially loath to turn that off, though.

I've also noted that CE's behavior otherwise isn't always 100% predictable - occasionally while testing this I'll start up CE but it'll not actually start properly, and sometimes rather than an outright crash it might freeze for a bit, leaving a non-updating window in its wake that I have to kill from the command line. So it's seemingly not entirely predictable overall. Anyway, if anyone else does have more experience running CE in Wine, I'm all ears. Thanks!

[apocalyptech]

As a quick little sort-of-update, this at least continues to be a consistently non-consistent problem. I'd been poking around trying various things, eventually decided to go ahead and turn off address randomization temporarily (via /proc/sys/kernel/randomize_va_space), and the first run I did with that worked fine -- CE was able to attach without problems! Of course, the next two tests had the exact same crashing behavior, so I think the randomize_va_space thing was a total red herring. Which is nice since I wouldn't've left that disabled anyway.

Possibly this is something where I've got to just try launching it twenty times and it'll eventually Just Work, Magically.

[apocalyptech]

One more tiny update here -- CE itself continues to crash when trying to attach to the app, but in the meantime I did stumble across another DLL injector app which actually works reliably in Wine for me (as in, I've yet to have it fail). Specifically, the one that comes with the Universal Unreal Engine 4 Console Unlocker.

Obviously the full app being distributed there is specifically geared to unlocking Unreal Engine 4 games' consoles, but the DLL injector that comes with should theoretically be general purpose, and it's the first one I've found that seems to be perfectly happy to work inside Wine. So if anyone else stumbles across this post looking for DLL injection in Wine, that one may work for you if other solutions (like CE) are failing.

Of course, I would still love to get CE working as well, for all the other bells and whistles you get via that, but I still don't have any further insights into that.

[huan]

Hello @apocalyptech,

I'm so glad to read your posts because I'm trying to do the same thing as you did: Inject a DLL into another process in Wine.

Will try `setcap cap_sys_ptrace=eip wineserver` and `/proc/sys/kernel/randomize_va_space`, then let you know what happens from my side.

BTW: I'm trying to use wine in a docker container to archiving this.

[apocalyptech]

Aha, good luck! Those two tweaks didn't work at all for me, but perhaps they'll do the trick for you.

One further update I've been meaning to make, actually: the Universal Unreal Engine 4 Console Unlocker page used to link to two versions: a newer, fancier version which included a lot of camera controls and stuff, with a UI to tweak things, and an older version which just had an injector and a simple DLL. It was actually always that older version which worked fine for me -- the new version doesn't play nicely with Wine, it seems.

UUU stopped linking to the old version a little while ago (I opened up an issue to see if they'd start linking to it again), but the injector that had been bundled in the old version was actually IGCS Injector. So I'd recommend trying that one, because it seems to work fine for me in Wine.

[apocalyptech]

A necropost from nearly a year later! Exciting.

Anyway, just wanted to say that I was back at this... The old IGCS Injector I mentioned before, in conjunction with UUU, has continued to work just fine. I've been trying to inject a DLL for some fancier new in-development BL3 modding stuff, though, and IGCS Injector isn't able to inject this one, alas...

Mostly I just wanted to come back here and report that Cheat Engine 7.2, at least, seems to reliably connect to the process, at least, even though its DLL Injection functionality ends up crashing the app. It's a bit of progress at least! If anyone else finds this, looking for ways to dig into their wine-running apps, CE 7.2+ might do the trick for you.

That's all!