HkCb_CrashProc6F671A0?

Huor

Ahoy, i am currently examine some test and did witness a lot of logging in the console which HkCb_CrashProc6F671A0 (arg1=<number>)

I found this in crashcatcher.cpp with following code:

        // Hook for crash at 0xC71AE (confirmed)
        fpCrashProc6F671A0Old = PatchCallAddr((char*)hModContentAC, 0xBDC80, (char*)HkCb_CrashProc6F671A0);
        PatchCallAddr((char*)hModContentAC, 0xBDCF9, (char*)HkCb_CrashProc6F671A0);
        PatchCallAddr((char*)hModContentAC, 0xBE41C, (char*)HkCb_CrashProc6F671A0);
        PatchCallAddr((char*)hModContentAC, 0xC67E2, (char*)HkCb_CrashProc6F671A0);
        PatchCallAddr((char*)hModContentAC, 0xC6AA5, (char*)HkCb_CrashProc6F671A0);
        PatchCallAddr((char*)hModContentAC, 0xC6BE8, (char*)HkCb_CrashProc6F671A0);
        PatchCallAddr((char*)hModContentAC, 0xC6F71, (char*)HkCb_CrashProc6F671A0);
        PatchCallAddr((char*)hModContentAC, 0xC702A, (char*)HkCb_CrashProc6F671A0);
        PatchCallAddr((char*)hModContentAC, 0xC713B, (char*)HkCb_CrashProc6F671A0);
        PatchCallAddr((char*)hModContentAC, 0xC7180, (char*)HkCb_CrashProc6F671A0);

Does anyone know that the argument that is given to this routine is for? I tried to examine if its an ID or any string or address, but i fail to see a string, an known FL ID or if its an address then there is also nothing valuable i can find out.

Because i am worried where this might come from and its stated in the code that its confirmed - i dont find any information here too. So might anyone please enlighten me where i need to search for the root of this exception? Thanks in advance!</number>

adoxa

For a valid call, if you look at [esi+0xd8] you’ll find the ID_String of an NPCShipArch/npc_ship, whatever that may mean. However, the problem occurs before that, because it is the this pointer itself that is invalid. There looks to be only three calls where that matters (the other calls reference it beforehand, which would crash then): BDC80 & BDCF9 both get it from a call to D3930; BE41C gets it from an argument to BD560 (which gets it from Server, which gets it from Content - pub::Controller::_SendMessage). Other calls to D3930 test for a NULL return, so this may be an actual bug, where it should have tested it, but didn’t. My recommendation - leave the hooks at BDC80 & BDCF9 (and remove the others), remove the log message and don’t worry about it.

Huor

I am having a lot of entries that are coming from

// Hook for crash at 0xEB4B5 (confirmed)
FARPROC fpHook = (FARPROC) HkCb_CrashProc6F8B330Naked;
ReadProcMem ((char*) hModContentAC + 0x11C970, &fpCrashProc6F8B330Old, 4);
WriteProcMem ((char*) hModContentAC + 0x11C970, &fpHook, 4);
WriteProcMem ((char*) hModContentAC + 0x11CA00, &fpHook, 4);

Any idea about what that is about and what the argument refers to? Not sure if its critical, but get the log message a lot and could not narrow it down yet.