DuskWanderer Posted August 17, 2024 Posted August 17, 2024 Essentially I've been trying to fix this semi-common CTD for a little over... two years... and I figure I should give up the stubbornness and just ask you all if you know what's going on. The game itself runs fine, and the issue exclusively occurs when I try to load some existing saves. It appears that at some point something goes wrong and every save made after a certain point of gameplay develops the CTD issue, forcing me to test prior saves until I load one that doesn't crash me. Here's one of the logs, although I have a LOT that all say similar: CRASH LOG Additionally, since the log points to Skee64.dll constantly here's my Skee64.ini: INI SETTINGS It seems to have something to do with the NPC skeleton files, although nothing I've tried so far, and I've tried a lot, has fixed it. Things I've tried include: Using NetImmerse Override Cleaner and Resaver Loading an earlier save that doesn't crash, then trying to load the bad saves in-game. Using player.kill to purge active scripts, then try to load a bad save. If you could help me put this white whale to rest I'd sincerely appreciate it. Should further information be required I'll happily supply it.
DuskWanderer Posted August 17, 2024 Author Posted August 17, 2024 46 minutes ago, traison said: What version of RaceMenu? I'm on Skyrim 1.640 still, so 0.4.19.14.
traison Posted August 17, 2024 Posted August 17, 2024 Post skee64.log, there's things being printed to the log around here (in the code).
DuskWanderer Posted August 17, 2024 Author Posted August 17, 2024 58 minutes ago, traison said: Post skee64.log, there's things being printed to the log around here (in the code). Here
traison Posted August 17, 2024 Posted August 17, 2024 That log does not appear to be from a session where a crash occured. This is the same issue as here. No solution. So, if we assume OverrideRegistration has something to do with skin overrides, one potential thing to try would be to get rid of all skin overrides. If you have NPCs with overrides, disable all mods using them and start a new game. If your player character has them, save a preset in RaceMenu and remove them from that preset using Notepad. Then reapply the modified preset in RaceMenu. Its also possible, considering the thread I linked above is using the exact same version, that this is simply a bug in that version of RaceMenu. 1
DuskWanderer Posted August 17, 2024 Author Posted August 17, 2024 (edited) 39 minutes ago, traison said: That log does not appear to be from a session where a crash occured. Apologies, I've regenerated it from a broken save: Here. 39 minutes ago, traison said: This is the same issue as here. No solution. Based on what is being described this is spot on 100% the same issue. Here's hoping we'll succeed where in the past it was failed. 39 minutes ago, traison said: So, if we assume OverrideRegistration has something to do with skin overrides, one potential thing to try would be to get rid of all skin overrides. If you have NPCs with overrides, disable all mods using them and start a new game. If your player character has them, save a preset in RaceMenu and remove them from that preset using Notepad. Then reapply the modified preset in RaceMenu. I'm not super familiar with OverrideRegistration, so when I open my present in RaceMenu what specifically should I look for? Edited August 17, 2024 by DuskWanderer
traison Posted August 17, 2024 Posted August 17, 2024 8 minutes ago, DuskWanderer said: when I open my present in RaceMenu what specifically should I look for? Instructions were in the post you quoted: Save a preset in RaceMenu. Open it in Notepad. Remove skin overrides from the preset. Reapply the modified preset in RaceMenu. As for whats going on in skee64.log: Delete meshes\clothes\farmclothes01\shoesf.tri and see if the problem changes any.
DuskWanderer Posted August 17, 2024 Author Posted August 17, 2024 (edited) Here's everything that was in my preset's Skin Overrides. I've made a copy and removed it. I've also purged the shoesf.tri. We'll see if it works. I can't load any of the busted saves still so I'll have to wait to see if it happens again. Edited August 17, 2024 by DuskWanderer
traison Posted August 17, 2024 Posted August 17, 2024 The 3rd entry in that list is invalid, but I doubt it would be causing a CTD. Also if you can't load your saves without it crashing then obviously it's not fixed. I have no more ideas at the moment.
DuskWanderer Posted August 17, 2024 Author Posted August 17, 2024 Alright. Thank you for your time so far, and should anything come to mind let me know.
traison Posted August 17, 2024 Posted August 17, 2024 (edited) Which SKSE version? Edit: Probably 2.2.2, but it doesn't matter. None of the sources for 640 seem to actually build the 640 dll. They're all set to build $(ProjectName)_1_6_323, meaning the dll for 1.6.323. I tried building anyways, just to check. The offsets do not line up in the compiled dlls. Without the source there's no pdb file, without the pdb file the assembly code gets a bit difficult to read. I'd rather not spend a week on this. I suppose we could try building the sources for 2.2.2, renaming the dll and having you crash on that dll. This would get new offsets that I can then analyze on this end using the associated pdb file. I realize few people seem to care about downloading dll files, probably thinking they're safe and what not. But I'd prefer you do not make uninformed decisions, so: dlls are the same as executables, you wouldn't (shouldn't) download a program without knowing what it does and where it came from. You up for this experiment? Edited August 17, 2024 by traison
DuskWanderer Posted August 18, 2024 Author Posted August 18, 2024 It's actually SKSE 2.2.3. And yes, I'm willing to test .dlls even with your appreciated warning in mind. This CTD has tormented me for too long, I wish to see it end.
traison Posted August 18, 2024 Posted August 18, 2024 (edited) Right so after some fumbling around I got a suitable skse64 dll built, so I also obtained the pdb file. Unfortunately there wasn't as much to gain from that as I had hoped but basically it seems to go like this: SKSE opens the co-save. SKSE starts loading something it calls chunks. These may be plugin-specific save data blocks. RaceMenu is involved next, so we can perhaps assume this is RaceMenu's chunk. RaceMenu dies while loading override registrations from this chunk. Override registrations I can only assume are skin overrides, so my initial assement still stands: get rid of everything skin override related. Your save if probably borked regardless, but you probably weren't looking to rescue it anyways. Remove overrides from your player with the RaceMenu preset hack mentioned above. Remove mods like mucle and pregnancy normal map swappers and start a new game to clear overrides attached to NPCs. Maybe you already did some or all of this. There's no source for RaceMenu that I'm aware of, no PDB file. So we can't do the same thing for it. Edit: Actually you may be able to rescue the save by disabling RaceMenu before loading the broken save. That is assuming disabling RaceMenu doesn't cause too much damage elsewhere. Edit again: It would also be technically possible to bytecode patch SKEE to skip loading of this chunk data. But that seems too much effort for something that will most likely break again later. Edited August 18, 2024 by traison 1
traison Posted August 18, 2024 Posted August 18, 2024 (edited) Actually I might have found a byte to patch. skee64.dll, offset 0x5710d (356621), change the byte from 84 to 85. Changes the instruction from JZ to JNZ. This looks like it would skip the entire chunk loading. Disclaimer: Didn't test. Use at your own risk. Keep away from children. If computer breaks, buy a new one. Bla bla bla... Edit: and for any emerging hackers and other curious people out there, don't go stabbing your own skee64.dll like this unless its checksum matches this one exactly: d28195ed035cd19604d2f0c97bad6c44 Edited August 20, 2024 by traison
DuskWanderer Posted August 18, 2024 Author Posted August 18, 2024 I'll test the first suggestion, well, first. Going from there as necessary. As for the byte patch, would you be willing to provide the modified file? I haven't the technical knowledge to safely do so myself currently.
traison Posted August 18, 2024 Posted August 18, 2024 14 minutes ago, DuskWanderer said: As for the byte patch, would you be willing to provide the modified file? I haven't the technical knowledge to safely do so myself currently. Sure, check PMs again.
traison Posted August 20, 2024 Posted August 20, 2024 (edited) DuskWanderer reported the dll hack was a successful workaround for this issue. Here's the dll for others that may be affected as well. Instructions: Make sure your current skee64.dll has this md5 checksum: d28195ed035cd19604d2f0c97bad6c44 This should be the dll from 0.4.19.14, but when doing hacks like this, the checksum is what determines if its the same or not. The version is informative, the checksum is enforcing, if that makes sense. Install the archive below as a separate mod. Have it override RaceMenu. Edit: See DuskWanderer's post below for further instructions. Run the game. Load a save that was crashing. Preferably one you want to "rescue". Save the game. Quit teh game. Remove my hacked dll. The real fix to this issue is still going to be to avoid skinOverrides. skee_workaround.7z Edited August 20, 2024 by traison 2
DuskWanderer Posted August 20, 2024 Author Posted August 20, 2024 (edited) You will need to reapply your Racemenu/OBody settings after doing this, but it's definitely a worthwhile tradeoff. Don't forget to save the presets *before* using the modified DLL above to make the process easier, and also remove the Overrides from them as traison explained prior. Thank you SO MUCH for helping me with this Traison. You were a massive help and I appreciate the time you spent assisting me. Edited August 20, 2024 by DuskWanderer
traison Posted August 20, 2024 Posted August 20, 2024 The patch offset for RaceMenu 0.4.16 (6df8589175031c701b7fc5d2befa9f4a) (latest for 1.5.97) is 0x4d72b. Change byte value from 84 to 85.
traison Posted May 5, 2025 Posted May 5, 2025 (edited) I realize I necro an old thread again, but this issue still seems to pop up quite a bit so... The patch offset for RaceMenu 0.4.19.16 (65e3b00fc95967607646a8d49cef2816) (latest for 1.6.1170.0) is 0xa6e71. Change byte value from 84 to 85. Some important notes here: It's obviously been like a year since I last looked at this. This fix may not be in the same part of the code as the previous 2 fixes. This has not been tested. Edit: If this doesn't work, drop the callstack of your crash from 1.6.1170.0 here, and I'll see about finding another location to cut it off. Edit: Tested and works. Edited July 11, 2025 by traison 1
DuskWanderer Posted July 11, 2025 Author Posted July 11, 2025 (edited) On 5/5/2025 at 2:45 PM, traison said: I realize I necro an old thread again, but this issue still seems to pop up quite a bit so... The patch offset for RaceMenu 0.4.19.16 (65e3b00fc95967607646a8d49cef2816) (latest for 1.6.1170.0) is 0xa6e71. Change byte value from 84 to 85. Some important notes here: It's obviously been like a year since I last looked at this. This fix may not be in the same part of the code as the previous 2 fixes. This has not been tested. Edit: If this doesn't work, drop the callstack of your crash from 1.6.1170.0 here, and I'll see about finding another location to cut it off. Salutations again @traison. After a great many months of this issue being absent since our last correspondence, I've finally caught it again, this time in RaceMenu 0.4.19.16 (1.6.1170). After so long I'd begun to suspect that 4.19.16 didn't have the issue, but now there's confirmation it still lives. Here's the crashlog. Notably all my Racemenu presets had been purged of SkinOverrides, and have been for a good while. Yet the crash has returned all the same. Since the old fix file was for 4.19.14, I suspect a new one is needed for the latest build. Alas, I still haven't quite figured out how to modify .dlls, so I have not been able to test the method in the quote above. If you are willing to do so then I will happily test it. This bug caused me so much annoyance once before that I won't hesitate in any chance to help strike it down. It will be interesting to see if it works as expected, or if as concerned it may require something new. Edited July 11, 2025 by DuskWanderer
traison Posted July 11, 2025 Posted July 11, 2025 (edited) 8 hours ago, DuskWanderer said: Notably all my Racemenu presets had been purged of SkinOverrides, and have been for a good while. Yet the crash has returned all the same. Its most likely an issue that builds up over time. Say RM has a capacity to load 1000 overrides from the SKSE co-save. Get to 1001 and the thing dies. That would be my guess, based on nothing more than that this issue happens after a while; and it comes back a while after purging overrides. The real fix (in the absence of the RM source code) here has always been to reduce or remove the mods using RM overrides. I use overrides myself in my own mods, but they're limited to specific characters; usually only the player and a follower or 2. So you can have fun with overrides, just don't use something like SPID to push them to every NPC in Skyrim. 8 hours ago, DuskWanderer said: I still haven't quite figured out how to modify .dlls... Give a man a fish, and to you feed him for a day. Teach a man to fish, and you feed him for a lifetime; or at least until his fishing rod breaks. How to find bait: (optional) Using Windows Explorer, browse your way to where skee64.dll is located. Click on the address bar, and replace the current path with "powershell". Press enter. Get-FileHash skee64.dll -Algorithm MD5 Make sure the hash matches one mentioned in one of my posts above. How to fish: Go grab XVI32. No install required, unzip and run. Delete when done, unless you want souvenirs. Open skee64.dll. Ctrl+G (Address -> Goto...) Input the patch offset from my post above, sans the hex decimal prefix (0x). Change "Go mode" to "absolute". 0xa6e71 -> a6e71 (optional) Make sure the byte you landed at has the correct value as per my instructions above (84). Make sure the left side of the application is selected: the background of the 2-digit byte listing should be white, and the ascii listing greyish. Click on the byte on the left side to change focus, if needed. Change the byte value as per my instructions above by simply typing the new number (85). 84 (JZ) -> 85 (JNZ) (optional) Create a backup of your original skee64.dll. Ctrl + S (File -> Save) How to make rod: https://x64dbg.com/ Bruh. Edited July 11, 2025 by traison
DuskWanderer Posted July 11, 2025 Author Posted July 11, 2025 I kneel to you, wise one. Thank you for the lesson. In exchange, here is what I caught. It went as described, and worked as described. Perfectly. Thank you so much! skee_workaround1.6.1170.7z 1
traison Posted August 14, 2025 Posted August 14, 2025 The patch offset for RaceMenu 0.4.19.14 GOG (2edbd15187134395a0898d13c8372026) (latest for 1.6.1179.0) is 0x5714d. Change byte value from 84 to 85. Important notes: Not tested. Made from pattern matching rather than a crash log. Byte pattern used: 48 8b d8 48 8b 46 48 4c 8d 44 24 38 The patch offset is 14 bytes from this pattern. Note that this pattern is not guaranteed to stay the same or exist in all RaceMenu versions. Searching for this pattern should obviously only find one match.
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now