Welcome!

Join our community of MMO enthusiasts and game developers! By registering, you'll gain access to discussions on the latest developments in MMO server files and collaborate with like-minded individuals. Join us today and unlock the potential of MMO server development!

Join Today!

[not solved] Game crash (0x00000005) on characterInfo load for some isolate player

Skilled Illusionist
Joined
Jul 10, 2008
Messages
371
Reaction score
94
Hi all,

I come here with a trouble, I have a player with a low profile computer on windows 10 who crash when he see the ngc mother ship or the blue bishop.

I have look with him and a debbugger where it crash:

here the full function related to the null not check varaible:
Code:
BOOL CCharacterInfo::Load(char* strName,int nMonsterTransformer /* = 0 */, float nMonsterTransScale /* = 0.0f */)
//end 2010. 03. 18 by jskim ¸ó½ºÅͺ¯½Å Ä«µå
{
	FLOG( "CCharacterInfo::Load(char* strName)" );
	DBGOUT_EFFECT(" Character file[this:0x%08X][name:%s]\n", this, strName );	
	
	if (!g_pD3dApp->m_pEffectRender) return FALSE;
 
	DataHeader* pDataHeader = g_pD3dApp->m_pEffectRender->FindObjectInfo(strName);
	if (!pDataHeader) return FALSE;
//	{
//		DBGOUT("ÀÌÆåÆ® ÆÄÀÏÀÌ ¾ø½À´Ï´Ù.[%s](objectInfo.inf)\n", strName);
//		return FALSE;
//	}
	
	char* pData = pDataHeader->m_pData;
	memcpy((void*)this, pData, sizeof(CharacterData));
	pData += sizeof(CharacterData);
	// ¹Ùµð ÄÁµð¼Ç Á¤º¸
	for (int i = 0; i < m_nBodyConditionNumber; i++)
	{
		CBodyConditionInfo* pBody = new CBodyConditionInfo;
		memcpy((void*)pBody, pData, sizeof(BodyConditionData));
		pData += sizeof(BodyConditionData);
		pBody->m_pParent = this;
		m_mapBodyCondition[pBody->m_nBodyCondition] = pBody;
		// ÀÌÆåÆ® Á¤º¸
		DBGOUT_EFFECT("	BodyCondition[%I64X]\n", pBody->m_nBodyCondition );
		for (int j = 0; j < pBody->m_nEffectNumber; j++)
		{
			CEffectInfo* pEffect = new CEffectInfo;

			memcpy((void*)pEffect, pData, sizeof(EffectData));
			pData += sizeof(EffectData);
			pEffect->m_pParent = pBody;
			// 2010. 03. 18 by jskim ¸ó½ºÅͺ¯½Å Ä«µå
			if (nMonsterTransformer)
			{
				pEffect->m_vPos.x *= nMonsterTransScale;
				pEffect->m_vPos.y *= nMonsterTransScale;
				pEffect->m_vPos.z *= nMonsterTransScale;
			}
			//end 2010. 03. 18 by jskim ¸ó½ºÅͺ¯½Å Ä«µå

			pBody->m_vecEffect.push_back(pEffect);
			DBGOUT_EFFECT("		Effect[%s]\n", pEffect->m_strEffectName);
		}
	}
	return TRUE;

}

the wrong line is this one:

Code:
memcpy((void*)pEffect, pData, sizeof(EffectData));

as CEffectInfo have for parent EffectData his size is bigger than Effect data, so it's mean pData can not be read for sizeof(EffectData) bytes.

this trouble arrive actually only to one player, and I don't find a way to solve it (searching since yesterday)

if you have any Idea to make me on the way to solve it I will be happy to read it.

(or my be my asset file have something wrong, but I don't thing cause other player doesn't have any trouble)
 
Skilled Illusionist
Joined
Jul 10, 2008
Messages
371
Reaction score
94
it looks like it's simply caused by the different size of the classes.

on my investigation CEffectInfo have as parent EffectData

EffectData is a structure with some attribute CEffectInfo just add some method to work with these attribute it's look fine

I think more on a trouble with variable size from a system to an other as this trouble happen on windows 10 and disappear when you start the program with windows XP compatibility mode (that is a good temporary work around but not a good one for me)

I will try to force 32 bit variable size and see what happen on my side.
 
Upvote 0
Skilled Illusionist
Joined
Jul 10, 2008
Messages
371
Reaction score
94
check missing file on server side.

nice try but not a good solution for a more complex trouble than just not know how to setup a server

when a server file is missing all player crash at start and not just when they see 2 specific monsters.
 
Upvote 0
[emoji848]
Legend
Joined
Dec 3, 2011
Messages
2,232
Reaction score
1,518
Welp.. you're facing the most generic problem in native programming. There is no simple solution to this. In such a case you always have to check for pointer addresses and memory behind those. Either of those are corrupt.

Class sizes are very unlikely a problem here. If there was a problem with that, people would've consistently crashed at this place for the past ~8 years. Makes little sense.

You need to dig a lot deeper here. That method is parsing a zip file entry to effect data. There are many things that can go wrong on the way. System out of memory, invalid client files, etc.

I would suspect invalid data on the file headers (effect amount, body condition amount, zip file entries, entry lenghts). If that data is valid, then a single entry might be wrongly read or the file on this client's system is simply corrupt.

Code:
memcpy((void*)pEffect, pData, sizeof(EffectData));

Copies memory from a specific place in the file entry into the newly allocated CEffectInfo object memory. Inherited objects are always at least the same size of their parents. An inheritance is an extension. But there is no validation of the pData memory at all. It could not hold an EffectData entry or a corrupt one.

Problems like these can only be diagnosed by logging / debugging. There are quite a few of them in this broken a** game.
 
Upvote 0
Skilled Illusionist
Joined
Jul 10, 2008
Messages
371
Reaction score
94
so normally pdata is end by an eof byte and so we can check the size left for reading before trying to copy it (and just let a log "file format is not good")

but here I see an other thing same file work well for some OS (like seven xp or 8) the trouble only occur on win 10 user may be a change in wow64.exe don't read thing like in other OS and so we can solve this by forcing 32 bit version of variable may be?

I will look far in this direction and try to find a clean work around.

thanks for answer.
 
Upvote 0
Back
Top