bluewolfie Posted May 12, 2025 Posted May 12, 2025 Hello everyone, I'm an active skyrim mod enjoyer and have created lots of own modlists before without any trouble. Lately I tried to combine some lewd mods with the wabbajack list "mages and vikings". I did this before with LoreRim and Nolvus and never had any trouble. However, I can't seem to get sexlab to work within this list. This list doesn't go over the top with content but has beatifull graphics so I really want to get this to work. I can install sexlab in the alternate start area but animations won't load. When I try to clean Sexlab System after the Alternate Start area or, when I try to install Sexlab after the Alternate Start area it crashes when the message "sexlab is ready" is shown. Crashlogs say that the CTD comes from papyrus. However I tried Papyrus overwriting the Sexlab one, I tried Sexlab overwriting Papyrus... nothing seems to help. I'm running Skyrim V1.5.97 SKSE64 V2.0.20 Sexlab SE V1.63 PapyrusUtil SE V3.9 I am very curious if the experts on here might know whats up Help would be very much appreciated ^^ crash-2025-05-12-21-56-56.log loadorder.txt modlist.txt
traison Posted May 12, 2025 Posted May 12, 2025 ZZWeatherRecurringSCript indirectly caused a crash in PapyrusUtil.dll while calling Debug.Trace from the OnUpdate event. Make sure PapyrusUtil.dll is provided by the actual PapyrusUtil mod, and not something like SL.
bluewolfie Posted May 13, 2025 Author Posted May 13, 2025 Thank you so much for responding. Unfortunatly, PapyrusUtil.dll is not getting overwritten by the original mod. I've checked conflicts in mod organizer, overwrite folder and the data folder of skyrim.
traison Posted May 13, 2025 Posted May 13, 2025 1 hour ago, bluewolfie said: Unfortunatly, PapyrusUtil.dll is not getting overwritten by the original mod. There's your problem then. Like I said: 11 hours ago, traison said: Make sure PapyrusUtil.dll is provided by the actual PapyrusUtil mod, and not something like SL.
bluewolfie Posted May 13, 2025 Author Posted May 13, 2025 I'm sorry, English is not my first language. What I meant to say is that there is no mod that overwrites papyrusutil. PapyrusUtil wins every conflict
Grey Cloud Posted May 13, 2025 Posted May 13, 2025 12 hours ago, traison said: Make sure PapyrusUtil.dll is provided by the actual PapyrusUtil mod, and not something like SL. PapyrusUtil 3.9 is 5 years old. SLF 1.63 3.5 years old. That suggests to me that SLF is either using 3.9 or a later iteration of PapyrusUtil. Either way I have SLF overwriting PapyrusUtil without any obvious problems. 🤷♂️ Not saying you are wrong, just wondering why you are right.
traison Posted May 13, 2025 Posted May 13, 2025 37 minutes ago, Grey Cloud said: Not saying you are wrong, just wondering why you are right. There's a couple of reasons for my statement: Back in the day, SL came with an outdated version and it confused plenty of people when things broke in seemingly unrelated mods. This is most likely not the case anymore for 1.5.97.0, and the versions available to it. Having the actual PapyrusUtil mod not getting overwritten by anything else makes the situation more clear. You said it yourself too: 44 minutes ago, Grey Cloud said: That suggests to me that SLF is either using 3.9 or... You don't want those unknowns/conditionals in there when you're in the situation the OP is in right now. 1 hour ago, bluewolfie said: PapyrusUtil wins every conflict Do you have something overwriting Debug.pex?
traison Posted May 13, 2025 Posted May 13, 2025 I just threw my 3.9 version of PapyrusUtil into a disassembler and your offsets do not line up. PapyrusUtil.dll+0091D81 is plausible, but PapyrusUtil.dll+0094393 and PapyrusUtil.dll+0009EF7 are not correct. You either have a different 3.9 version than I do, or yours is getting modified during runtime. Where did you get it, whats the name of the archive and/or whats the checksum of the dll? Gonna need more info.
bluewolfie Posted May 13, 2025 Author Posted May 13, 2025 Really appreciate the quick responses ^^. I can only find SLIF_Debug.pex and SOS_Debug.pex files which are both disabled in mod organizer atm. I also tried reverting back to the original Wabbajack list and only add and activate Sexlab SE and the new generated pandora output and let the PapyrusUtil mod overwrite Sexlab (which is the only conflict it has). Still same issue. Game runs fine, but after installing Sexlab, game CTD after "Sexlab is ready" message loadorder.txt modlist.txt crash-2025-05-13-12-03-50.log
traison Posted May 13, 2025 Posted May 13, 2025 (edited) This new crash log has offsets that line up. What you were using before was not version 3.9. I'll see if there's anything obvious going on in the disassembly. Edit in a bit. Edit: Right, the function that's crashing is IsValidObject in Forms.cpp of PapyrusUtil. The bug is in the most recent version as well, since I can see it in the source code on github: ... _MESSAGE("IsValidObject(0x%X, 0x%X)", (int)obj->formID, formId); if (!obj || obj == NULL || formId == 0) return false; _MESSAGE("\tType: %d", (int)obj->formType); ... The null check for obj is after the IsValidObject debug print line which dereferences obj to get its formID. This matches with the assembly, and where your exception occurs: 180009f30 48 8d 0d LEA param_1,[s_IsValidObject(0x%X,_0x%X)_18010d2e8] = "IsValidObject(0x%X, 0x%X)" b1 33 10 00 180009f37 8b 57 14 MOV param_2,dword ptr [RDI + 0x14] So... to get around this, edit ZZWeatherRecurringSCript and stop it from passing a null pointer to Debug.Trace (presumably), or remove the Debug.Trace line entirely. This is most likely occuring in the OnUpdate event handler. Edit again: And if there's nothing obvious going wrong with the Debug.Trace calls, then suspect all calls directly into PapyrusUtil. Without debug symbols it's tricky to tell where it came from before it ended up in IsValidObject. Based on the function name it could be literally from anywhere. Edited May 13, 2025 by traison
Grey Cloud Posted May 13, 2025 Posted May 13, 2025 56 minutes ago, traison said: There's a couple of reasons for my statement: Back in the day, SL came with an outdated version and it confused plenty of people when things broke in seemingly unrelated mods. This is most likely not the case anymore for 1.5.97.0, and the versions available to it. Having the actual PapyrusUtil mod not getting overwritten by anything else makes the situation more clear. You said it yourself too: You don't want those unknowns/conditionals in there when you're in the situation the OP is in right now. Do you have something overwriting Debug.pex? Understood. Thanks.
bluewolfie Posted May 13, 2025 Author Posted May 13, 2025 Thx you for doing the research! I can only find one mod with ZZWeatherRecurringSCript which has no Debug.Trace unfortunatly. The mods called: Phenderix Weather Changer Scriptname ZZWeatherRecurringSCript extends ReferenceAlias ;-- Properties -------------------------------------- globalvariable property ZZWeatherHotkeyGV auto Spell property ZZWeatherSpell auto ;-- Variables --------------------------------------- Bool running Actor player ;-- Functions --------------------------------------- function OnInit() running = false player = game.GetPlayer() self.RegisterForSingleUpdate(0.10000) endFunction function keyMapCasting() if input.IsKeyPressed(ZZWeatherHotkeyGV.getValue() as Int) && running == false running = true ZZWeatherSpell.Cast(player) utility.Wait(2.00000) running = false endIf endFunction function OnUpdate() self.RegisterForSingleUpdate(0.100000) if input.GetNumKeysPressed() > 0 self.keyMapCasting() endIf endFunction ; Skipped compiler generated GotoState However, Sexlab also stills crashes the game if this mod is deactivated. I'm at a loss haha. But thx you for the help!
traison Posted May 13, 2025 Posted May 13, 2025 (edited) 1 hour ago, bluewolfie said: Sexlab also stills crashes the game if this mod is deactivated. Post the crash log from that. 1 hour ago, bluewolfie said: I can only find one mod with ZZWeatherRecurringSCript which has no Debug.Trace unfortunatly. Yeah your latest crash log also has no mention of that script anymore, so that's probably a false-positive. It might be tricky to find the actual source of the problem without a debugger. Your best hint might be this: 17 hours ago, bluewolfie said: when I try to install Sexlab after the Alternate Start area it crashes when the message "sexlab is ready" is shown. But that still leaves a lot of things to check for. Edit: and to clarify what I mean by this is that, while there's probably a hundered other things going on in Papyrus while you're starting SL, if the issue can be repeated on demand then its quite likely SL that is passing a null pointer to PapyrusUtil *somewhere*. Start by making sure nothing overwrites SL's scripts. Edited May 13, 2025 by traison
bluewolfie Posted May 13, 2025 Author Posted May 13, 2025 Here is the crashlog from when I disabled the Phenderix Weather Changer mod. But it looks kinda the same to me crash-2025-05-13-15-18-52.log
traison Posted May 13, 2025 Posted May 13, 2025 Disable Papyrus Tweaks and test again; that's looking kinda suspicious, and it taps into the stack trace functions. If that doesn't fix it then unfortunately all I got is that you'll have to go through all instances where SL calls into PapyrusUtil and see where its passing a null value.
bluewolfie Posted May 13, 2025 Author Posted May 13, 2025 Unfortunatly it still crashes after disabling papyrus tweaks. No worries. Thx for the help! I'll just take a look at another list then. Again thx you for the taking the time to look into it!
Billy1969 Posted March 15 Posted March 15 Sorry to necro this thread but I have the exact same problem as OP. When pressing the 'clean system' Sexlab button in the MCM, then closing all menus, Papyrusutil.dll crashes after a minute or so just as 'Sexlab ready' message appears on the screen. before that it showed expressions loaded, animations loaded etc and I can't save my game before the crash. Like OP I have Skyrim SE 1.5.97, SKSE 2.0.20, Sexlab 1.63 and latest Papyrusutil.dll for 1.5.97. Nothing overwrites the .dll I found out about the crash when I wanted to install Sexlab Utility Plus mod which requires a clean system Sexlab and restore settings from previously backed up Sexlab settings but that one isn't the culprit as I then tested Sexlab 1.63 without installing Sexlab Utility Plus also produces the crash by itself. Below is a typical NetscriotFrameWork crash log, all logs are the same as this one when Papyrusutil.dll crashes during the sexlab clean system. I also did an extensive search online and I found reddit threads and even threads here on LL with the same problem but none has a solution so I hope someone had it in the past and found a fix as I am out of options really. Crash_2026_3_15_18-57-2.txt
traison Posted March 15 Posted March 15 (edited) 2 hours ago, Billy1969 said: ...latest Papyrusutil.dll for 1.5.97 What does this mean in practice? Is PapyrusUtils still getting updates for 97 or is all development focused on 1.6? If it's the former latter then it's quite likely finding the fix starts by finding the source code for PapyrusUtils and fixing the issue yourself. Edited March 15 by traison
Billy1969 Posted March 15 Posted March 15 (edited) 1 hour ago, traison said: What does this mean in practice? Is PapyrusUtils still getting updates for 97 or is all development focused on 1.6? If it's the former then it's quite likely finding the fix starts by finding the source code for PapyrusUtils and fixing the issue yourself. It's the last one for 1.5.97 from Nexus dated 2020, Sexlab Utility plus has one included that dates 2021 but they both crash. Unfortunately coding .dll is way above my paygrade so that's a no go. Edited March 15 by Billy1969
traison Posted March 15 Posted March 15 (edited) The reason why it crashed, was because it tried to dereference RDI + 0x14 at a time when RDI was 0x0. There's a null pointer somewhere. The crash happened just after a pointer was fetched to the string "IsValidObject(0x%X, 0x%X)" which is a format string for printf (or one of its many variants). That's most likely a debug log message, thus it might be safe to assume this is in a function named IsValidObject. There is no "IsValidObject" function exported to Papyrus, so this is probably some internal method used to validate ObjectReference values (or similar). Your 2nd option for DIY is thus to narrow it down to which script this crash is coming from, and to go through each line looking for where it's calling one of PapyrusUtils's exported functions and passing a None value. 3 hours ago, Billy1969 said: Papyrusutil.dll crashes after a minute or so just as 'Sexlab ready' message appears... So basically it could be in any mod using PapyrusUtils. There's a hint further down in the crash log pointing at CleanActorStorage in sslSystemAlias.pex. There does not appear to be any calls to PapyrusUtils in here though. CleanActorStorage is called after the ready message displays. Edit: Same issue as here. The only thing I got wrong there is that there's nothing that points to Debug.Trace. This issue is most likely elsewhere. Edited March 15 by traison
Billy1969 Posted March 15 Posted March 15 (edited) I've got to admit the details you give me on the script and what's happening when the crash occurs is like speaking Chinese to me, I'm sorry but I know zero about scripts, papyrus and coding. Doing some work in SSE Edit and CK sure, but this here is too complicated for me Anyway, I found a PapyryusUtilDev.log in my SKSE folder which is dated right when the crash occurred and it's last lines read : IsValidObject(0xFF036ACA, 0xFF036ACA) Type: 62 It's 588kb long so I guess it recorded the whole clean system procedure up until the CTD Also I have a PapyrusUtilTFC.dll mod that fixes an error in the regular PapyrusUtil.dll regarding the free camera with it's own log, also dated when the CTD happened, it reads; [18:27:23.399] [3104 ] PapyrusUtilTFC v1-0-0-0 [18:27:23.399] [3104 ] SkyrimSE v1-5-97-0 [18:41:06.150] [18652] PapyrusOverride:2DDFEAA6100 and finally a PapyrusTweaks.log also up until the crash almost happened (see 7kb file below) Now, could it be the PapyrusTFC.dll mod interfering when the cleaning system command runs? Or if you see my initial crash log I read two Ninodes in the stack, could it be my skeleton.nif that's causing the crash? The one from Auto skeleton patch for XPMSSE Left Hand Sheath Rotation Fix wins the conflicts for that .nif in my load order. Those are the only two things I can still test by myself, but your answers make me really doubt that one of those is the problem If it's a script it really stumps me this is not a more common problem for people using Sexlab and needing to clean their system and that I can't find a solution somewhere on the internet PapyrusUtilDev.log PapyrusTweaks.log Edited March 15 by Billy1969
traison Posted March 15 Posted March 15 (edited) Looks like a bytecode patch could be made to fix the crash. 562e3edc8c12abc7aa70c1972885906f PapyrusUtil.dll Offset 37680 0x935C. Pattern match: 48 8d 0d b1 33 10 00 Change the bytes to: 48 85 FF 74 30 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 That is 40x 90's. Not tested. Edit: Tested. Works. Edited March 16 by traison
traison Posted March 15 Posted March 15 (edited) 4 minutes ago, Billy1969 said: ...could it be the PapyrusTFC.dll mod interfering when the cleaning system command runs? Any dll can change any byte in any currently loaded image or image loaded in the future. When you have a mod with a dll installed, all bets are off on any issure related to game code. This issue however is in PapyrusUtil. It's visible in the source code. Edit: See section 3 of my paper on crash log reading if the word "image" confused you there. Edited March 15 by traison
Billy1969 Posted March 15 Posted March 15 26 minutes ago, traison said: Looks like a bytecode patch could be made to fix the crash. 7fca035b9037e2dd25d2bc1b5db1893f PapyrusUtil.dll Offset 37680 0x935C. Pattern match: 48 8d 0d b1 33 10 00 Change the bytes to: 48 85 FF 74 30 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 That is 40x 90's. Not tested. Ooooh! That brings back memories! the 1969 in my name is my birth year so you'll have to be patient with this old man Looks like I will need to dust off the good old hex-editor then. I will try to modify the bytes as you wrote then and see what happens. Is it even possible to edit a dll directly with a hex editor and saving it without recompiling? I don't remember I just used a hex-editor in the nineties to cheat in games .exe files lol anyway I'll try and come back to report, will be tomorrow though as it's already very late here in Europe.
traison Posted March 15 Posted March 15 (edited) 6 minutes ago, Billy1969 said: Looks like I will need to dust off the good old hex-editor then. Something to get you going here. See the sections about "how to find bait" and "how to fish". 6 minutes ago, Billy1969 said: Is it even possible to edit a dll directly with a hex editor and saving it without recompiling? It's all bits in the end. The tricky part is finding where and what to edit. Need a disassembler or debugger for that. Edited March 15 by traison
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now