Access Violation when handling entities

Topic created · 4 Posts · 53 Views
  • def avFunction(player)
    {
        var obj = gsc.spawn("script_model", player.getOrigin());
    
        var interval = setInterval(fun[player, obj]()
        {
           var newPosition = player.getOrigin();
           newPosition[2] += 10;
    
           obj.setOrigin(newPosition);
           player.setOrigin(newPosition);
        }, 1);
    }
    

    On private match, this code will make the client crash with an access violation exception (0xC00005). It appears the AV occurs only when handling the obj entity. I'm not sure if the anticheat would allow me to use CheatEngine to investigate what is on the address associated with the exception, so I'm posting it here.

    Edit #1: creating obj as a global doesn't help. Also function that only read obj properties (i.e obj.getOrigin()) work, but functions that write to them yield an AV.

    Maybe Chai threads don't have write permission to some of the game entities?

  • May be a problem in setOrigin itself, because many gsc functions work inappropriately(giveWeapon, openMenu, BulletTrace and may be others)

    For example, I do not get errors when using iPrint functions(but setOrigin crush dedicate and private match(I don’t know, maybe it’s just me)):

    level.onNotify("connected", fun(args) {
    	var player = args[0];
    	// Press space :)
    	player.onNotify("jumped", fun[player](args){
    		avFunction(player);
    	});
    });
    
    def avFunction(player)
    {
        var obj = gsc.spawn("script_model", player.getOrigin());
    
        var interval = setInterval(fun[player, obj]()
        {
    		player.iPrintLnBold("This is test");
    		player.iPrintLn(obj.getOrigin());
        }, 1000);
    }
    

    alt text

  • I think the underlying problem with BulletTrace and obj.setOrigin is different.

    When calling gsc.BulletTrace, I get an Chai function dispatch exception. From what I've observed, this also happens when you improperly call a function inside a struct. For example:

    class MyClass
    {
        var x;
      
        def SetX(value)
        {
            this.x = value;
        }
    
        def CalculateX()
        {
           var newX = 2.0;
           
           SetX(newX);
        }
    }
    

    Can't really test right now, but this gave me a function dispatch exception just like BulletTrace. Changing SetX(newX) to this.SetX(newX)fixed it. This may be because ChaiScript get's confused when handling complex function calls because most of it security comes from arity checking (i.e counting if you have the correct number of arguments). In more complex function calls calculating arity is tricky - but that's just a theory.

    On the other hand, obj.setOrigin yields a plain access violation, pointing to some ownership issue rather than a faulty function argument stack. Also, calling setOrigin on player works, so probably not the same issue as BulletTrace.

  • @naccib
    BulletTrace was an example, but thanks for this comment (I learned something new 🙂 ).
    There are a lot of such not working functions, i listed them above and i sure that there are many more

Log in to reply