search

TheSuperHackers / GeneralsGamePatch

Community Patch to fix and improve original Generals Zero Hour 1.04
Other
56 stars 19 forks source link

Memory corruption on loading into Network match 2 #518

Open xezon opened 2 years ago

xezon commented 2 years ago

Application Verifier is enabled with "Basics" enabled. 100% Crash on loading into Skirmish match with Mortal Temptation map.

Mortal Temptation ZH v1.zip

ZH CD version game.dat

>   KernelBase.dll!755bb512()   
    [Frames below may be incorrect and/or missing, no symbols loaded for KernelBase.dll]    
    KernelBase.dll!755bb512()   
    KernelBase.dll!755d9d2a()   
    msvcrt.dll!7540a718()   
    atiumdag.dll!5f3458f4()     
    game.dat!00830997()     
    game.dat!0082f7dd()     
    game.dat!0081ad88()     
    game.dat!0081ac1c()     
    game.dat!00815aaa()     
    game.dat!00932aa9()     
    game.dat!00763e0b()     
    game.dat!008095ae()     
    game.dat!00740709()     
    game.dat!004140d8()     
    game.dat!006df73e()     
    game.dat!007cf97b()     
    game.dat!004fab69()     
    game.dat!004fabc1()     
    game.dat!004fac43()     
    game.dat!007a964d()     
    game.dat!0073e78d()     
    game.dat!0046fdab()     
    game.dat!00539dbb()     
    game.dat!004ad2e0()     
    game.dat!0040fcf4()     
    game.dat!00741c89()     
    game.dat!0040fdaa()     
    game.dat!00413866()     
    game.dat!00401c46()     
    verifier.dll!_AVrfpDphPostProcessing@4()  + 0x1a bytes  
    verifier.dll!_AVrfpDphPlaceOnDelayFree@8()  + 0x258 bytes   
    0019fbb8()  
    ntdll.dll!773bfe30()    
    ntdll.dll!7737636b()    
    ntdll.dll!7732288a()    
    vfbasics.dll!_AVrfpSRWLockFreeMemoryChecks@16()  + 0xab bytes   
    verifier.dll!_AVrfpDphFindBusyMemoryNoCheck@8()  + 0x4f bytes   
    6172656e()  
    ntdll.dll!773c05c8()    
    vfbasics.dll!_AVrfpFreeForOwnersTree@8()  + 0x3a bytes  
    ntdll.dll!7737e4ac()    
    msvcrt.dll!754170f2()   
    msvcrt.dll!75436f95()   
    msvcrt.dll!754364f1()   
    msvcrt.dll!75426e3d()   
    msvcrt.dll!75426e23()   
    game.dat!008e0c57()     
    game.dat!006e0069()     
    game.dat!006e0069()     
    game.dat!006e0069()     
    game.dat!006e0069()     
    game.dat!006e0069()     
    game.dat!00650052()     
    game.dat!00650052()     
    game.dat!006e0069()     
    game.dat!006e0069()     
    game.dat!006e0069()     
    game.dat!005c0032()     
    game.dat!005c0032()     
    game.dat!006e0069()     
    game.dat!006e0069()     
EAX = 0019F218 EBX = 0019F2E8 ECX = 00000003 EDX = 00000000 ESI = 753D3DA8 EDI = 0096C9C8 EIP = 755BB512 ESP = 0019F218 EBP = 0019F270 EFL = 00200216 

0019F26C = 0F285AE6 
755BB4E6  test        ecx,ecx 
755BB4E8  je          755BB523 
755BB4EA  mov         eax,dword ptr [ebp+10h] 
755BB4ED  cmp         eax,0Fh 
755BB4F0  ja          755BB52A 
755BB4F2  mov         dword ptr [esp+10h],eax 
755BB4F6  shl         eax,2 
755BB4F9  push        eax  
755BB4FA  push        ecx  
755BB4FB  lea         eax,[esp+1Ch] 
755BB4FF  push        eax  
755BB500  call        755C4E24 
755BB505  add         esp,0Ch 
755BB508  lea         eax,[esp] 
755BB50B  push        eax  
755BB50C  call        dword ptr ds:[7566C3FCh] 
755BB512  mov         ecx,dword ptr [esp+54h]  <------ crash here: indicates corrupted stack
755BB516  xor         ecx,esp 
755BB518  call        755C0340 
755BB51D  mov         esp,ebp 
755BB51F  pop         ebp  
755BB520  ret         10h  
755BB523  and         dword ptr [esp+10h],0 
755BB528  jmp         755BB508 
755BB52A  push        0Fh  
755BB52C  pop         eax  
755BB52D  jmp         755BB4F2 
755BB52F  int         3    
755BB530  int         3    
755BB531  int         3    
755BB532  int         3    
755BB533  int         3    
755BB534  int         3    
755BB535  int         3
tomsons26 commented 2 years ago

007cf97b W3DGameWinDefaultDraw calls 006DF710 GameWindowManager::winDrawImage and thats where it goes wrong. Likely same issue as #517