traison Posted May 16, 2023 Posted May 16, 2023 (edited) I got the debugger in there but got kicked out when it hit my breakpoint just before where the game crashes. I'm not good enough at reading assembly to translate this to english (or rather, it would take me a day to do), however, here's the notable calls made from this function in chronological order: Â skyrimse.Character::sub_1405D2A50 skyrimse.TESRace::sub_14036C5A0 skyrimse.Character::sub_1405D2A50 skyrimse.Character::GetBaseForm_1405F82D0 skyrimse.FUN_140699020 Â It crashes a few instructions after FUN_140699020, and that method itself is very short (5-6 instructions) and doesn't seem to be doing anything major. Most likely it would still be in the process of dealing with GetBaseForm_1405F82D0 at this point, or preparing for the next call... Â skyrimse.TESNPC::sub_140368460 Â sub_140368460 is a comparison loop of some kind. Could be for a string, or some other array type. I feel like everything here points at the return value from GetBaseForm, however at the moment I can't really say what that would mean. Could it be GetActorBase, considering this seems to be a member of a Character class? Why would this be failing? I have no idea. Â The entire function in its full assembly glory is attached, just in case. The contents of the 4th column is irrelevant because RIP is somewhere else and this column is used for speculation. The instruction where you're crashing is on line 64, offset 00007FF6B358A03D. Â I'm going to have to continue this at another time. It's getting late. Â Edit: Note that this is how the function appears on my end. If you have another mod that modifies this memory space, causing the crash, then none of that would be visible in this assembly dump. Â func.txt Edited May 16, 2023 by traison
Elizinator Posted May 16, 2023 Author Posted May 16, 2023 1 minute ago, traison said: It crashes a few instructions after FUN_140699020 i knew it. fun detected. Â the GetActorBase suggestion gives me some ideas. i can think of many mods which rely on that. SPID,KWID, and a mod i use which dynamically adjusts all npcs stats. would definitely go a ways to explain why loading a save with no other actors present doesnt cause the bug.
traison Posted May 17, 2023 Posted May 17, 2023 Been trying to get breakpoints working for 6 hours now and it just isn't happening without some drastic measures. It seems this may be one situation where having MO2 absolutely sucks, as I believe without it I would have gotten it. Like I said, drastic measures...  I also can't think of any reason for the crash, or what it might be doing with that GetBaseForm output. I see that GetBaseForm simply returns a value from memory (it's 1 instruction long); this is likely some class property and nothing more. There's a jne (jump if not equal) after it that, if it were to take it it would jump over the instruction that causes the crash. Without breakpoints I can't get in there to see what the value it is comparing GetBaseForm's output to should be for the jump to occur so that's a deadend too. FUN_140699020 replaces the value in RAX (the output from GetBaseForm) with some static value loaded from memory (again, no breakpoints no info) and after this (or shortly after this) RAX is most likely null and things explode.  I'm like 99% if you can get GetBaseForm to return something other than what it is returning now it may solve your issue. What does this mean? I do not know. Change your race to a non-vampire? Spoiler prid 14 setrace breton  Do you have any mods that touch the base record of the player (formid 0x7)?  What does all this have to do with having npcs nearby in the same cell? Don't know, that makes even less sense. Maybe GetBaseForm is not executed on the player, but again, where's the logic in that? The function that opens the race menu does not take a parameter so logic dictates that it would be hardcoded to use the player actor where relevant.  This is a tricky issue for sure. I'm out of ideas for the moment.
Elizinator Posted May 17, 2023 Author Posted May 17, 2023 (edited) ill try curing vampirism to see. i spent a big chunk of the night testing mods which might be checking NPCs for forms. nothing. as far as changing base player record, im not even sure what kind of mod would do that. Bodychange? but i get the crash with that one disabled. one of the first things i tried, since it was apparently related to face parts. Â EDIT: called up the entire load order in xEdit. nothing touches player base record. unless that's something a dll can do. Â EDIT2: changing back to vanilla breton did nothing =/ Edited May 17, 2023 by Elizinator
traison Posted May 17, 2023 Posted May 17, 2023 (edited) Just tested without RaceMenu loaded. Game was not happy but it stayed on long enough for me to see that the function where the fault occurs was not changed by RM. The vanilla bug theory is unfortunately still on the table. Engine Fixes next I guess. Last time I removed that it didn't go too well... Â Edit: Engine Fixes is not present in this function either. Â Edit again: This is probably not that useful. If you have different versions of these mods then all tests are invalid. Need to think of something else. I'm on 1.5.97, so: (Part 1) SSE Engine Fixes for 1.5.39 - 1.5.97-17230-5-9-1-1664974289 RaceMenu Special Edition v0-4-16-19080-0-4-16-1601805673 Edited May 17, 2023 by traison
Elizinator Posted May 17, 2023 Author Posted May 17, 2023 im also still on 1.5.97. IIRC i tried removing engine fixes and it just crashed on load. i have essentially the default settings, except [ AnimationLoadSignedCrash = false ] as required by another mod  im definitely prepared to accept the previously unseen vanilla bug theory at this stage.
traison Posted May 17, 2023 Posted May 17, 2023 (edited) You think you could work a debugger? Did you look at that func.txt file I sent earlier, was it written in an alien language? The tools I use here do not require installing, simply delete when done. I'm thinking you could maybe do a similar dump of the function on your end. Â Edit: Idea being that if the function was altered by something, you can go dll hunting and we can close off the vanilla bug idea. If it's not altered then, well, no good. Edited May 17, 2023 by traison
Elizinator Posted May 17, 2023 Author Posted May 17, 2023 its definitely outside of my area of expertise. I did look at the file, and it was mostly opaque to me. i do not understand assembly, and have no technical training. so if you think a mere user can handle it, its something to consider. otherwise, were also getting near the point of the hunt not being worth it to continue. i am curious though, since this wound up being way more intricate than expected.
traison Posted May 17, 2023 Posted May 17, 2023 I'll see about creating a video for you tomorrow of me redoing it, then you can decide if its a thing you can do. With instructions it is not complicated, just some people completely lock up when they see powershell or an error message for instance - for them this is impossible. For a curious mind it shouldn't be too bad.
traison Posted May 18, 2023 Posted May 18, 2023 Apparently you can't receive messages here on LL. Something you disabled?
Elizinator Posted May 19, 2023 Author Posted May 19, 2023 17 hours ago, traison said: Apparently you can't receive messages here on LL. Something you disabled? yeah. should be fine now though
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now