Crash Offsets
-
So I thought it may be a good idea to create a centralized list of crash offsets for FLServer so that we may eventually find fixes for all of them.
After months of running, there are a few offsets that really spring up often. I’ll list mine here:
common.dll
0xecaf6 - quite rarecontent.dll
0xc458f - very frequent, could be NPC-related
0x490a5 - same as aboveremoteclient.dll
0x9692 - infrequentTo find out your own crash offsets, do the following:
[olist]- Start, Run, “eventvwr.msc”
- Applications node in the left-side list
- Double-click on any error with “Freelancer-Server” as the Source
- In the Description text box, look at the end for something similar to flserver.exe, <version>, <error dll=“”>, <dll version=“”>, <crash offset=“”>.</crash></dll></error></version>
- Note down the <error dll=“”>and <crash offset=“”>information and post it up here.</crash></error>[/olist]
Please also post if you have found fixes for any offset listed here.
For the content.dll crashes, you can reduce their frequency by using Cannon’s player control plugin (available on the Forge) which stops many of the exceptions thrown from causing a crash.
-
dumped and parsed about a year of my eventlog.
there were many crashed in unknown modules, i cut them here.```
common.dll
0005e010 => 4
000af690 => 5
000e3f9d => 1
000ecaf6 => 5
000f24a0 => 1
0010960c => 3
0013c288 => 1
content.dll
000150ce => 1
00093b01 => 3
000ab23d => 5
000c458f => 1
flserver.exe
0000db53 => 4
00015f16 => 1
ntdll.dll
000210c8 => 1
00025052 => 8
0004f053 => 1
server.dll
000078d3 => 3
00014990 => 3
0002c267 => 1
0002c290 => 1tools for parsing: 1\. [Dump Event Log (dumpel.exe)](http://support.microsoft.com/kb/927229). Must be installed on server. 1.1\. Command line: dumpel.exe -f C:\1.log -l application -t or something like that. 2\. php cli parser:
-
common.dll
0005e010 - part of function Fuse::UnBurn, if that helps
000af690 - INI_Reader constructor; problem with normal FLHook, I think (uses 1024 bytes of data, but 5480 bytes are required; plugin version uses 8192)
000e3f9d - memory allocation failure
000f24a0 - deliberate segfault (presumably a “this should never happen” scenario)server.dll
000078d3 - called as part of pub::SpaceObj::Dock
00014990 - also part of docking, and others (it’s a function to swap the sign of a vector)
0002c267 - seems to be another part of docking, and others
0002c290 - same as above -
And how to fix one of the above?
Is there a sample? -
adoxa wrote:
common.dll
0005e010 - part of function Fuse::UnBurn, if that helps
000af690 - INI_Reader constructor; problem with normal FLHook, I think (uses 1024 bytes of data, but 5480 bytes are required; plugin version uses 8192)first - probably caused by faulty fuse we had in our cruisers. it crashed several times during tests when nanobots were used while fuse being already ignited.
second - yes, noticed that not so long ago, thx for reminding ^^ -
How about this??
The description for Event ID ( 1000 ) in Source ( Freelancer-Server ) cannot be found. The local computer may not have the necessary registry information or message DLL files to display messages from a remote computer. You may be able to use the /AUXSOURCE= flag to retrieve this description; see Help and Support for details. The following information is part of the event: flserver.exe, 4.60.1254.11, engbase.dll, 1.11.0.173, 000124bd.
0000: 41 70 70 6c 69 63 61 74 Applicat
0008: 69 6f 6e 20 46 61 69 6c ion Fail
0010: 75 72 65 20 20 66 6c 73 ure fls
0018: 65 72 76 65 72 2e 65 78 erver.ex
0020: 65 20 34 2e 36 30 2e 31 e 4.60.1
0028: 32 35 34 2e 31 31 20 69 254.11 i
0030: 6e 20 65 6e 67 62 61 73 n engbas
0038: 65 2e 64 6c 6c 20 31 2e e.dll 1.
0040: 31 31 2e 30 2e 31 37 33 11.0.173
0048: 20 61 74 20 6f 66 66 73 at offs
0050: 65 74 20 30 30 30 31 32 et 00012
0058: 34 62 64 0d 0a 4bd… -
000078d3 - called as part of pub::SpaceObj::Dock - This is fixed in flhook plugin 1.6.1 by wrapping the call in an exception handler. This works well enough.
There are a few dirty hacks in CrashCatcher.cpp in the player control plugin that wrap exception handlers around a few common crash point (on discovery anyway).
-
I have crashes at server.dll 0002247f dunno what does this mean…
-
06D02465 6800000200 push 00020000 06D0246A 8D88E4000000 lea ecx, [eax+E4] 06D02470 FF152440D606 call [Common.?FindFirst@CEquipManager@@QAEPAVCEquip@@I@Z] 06D02476 50 push eax 06D02477 FF15E445D606 call [Common.?cast@CEEngine@@SAPAV1@PAVCEquip@@@Z] 06D0247D 8BF8 mov edi, eax 06D0247F 8A4754 mov al, [edi+54] // C++ pseudocode CEquip* equip = CEquipManager::FindFirst( 0x20000 ); CEEngine* engine = CEEngine::cast( equip ); bool cruise = engine->cruise; // crashes here ```So, at a guess, it's trying to activate cruise on a ship that has no engine.
-
Thanks!
-
Pfff…
0000: 41 70 70 6c 69 63 61 74 Applicat
0008: 69 6f 6e 20 46 61 69 6c ion Fail
0010: 75 72 65 20 20 66 6c 73 ure fls
0018: 65 72 76 65 72 2e 65 78 erver.ex
0020: 65 20 34 2e 38 35 2e 33 e 4.85.3
0028: 2e 32 20 69 6e 20 6e 74 .2 in nt
0030: 64 6c 6c 2e 64 6c 6c 20 dll.dll
0038: 35 2e 31 2e 32 36 30 30 5.1.2600
0040: 2e 35 37 35 35 20 61 74 .5755 at
0048: 20 6f 66 66 73 65 74 20 offset
0050: 30 30 30 31 31 36 38 39 00011689
0058: 0d 0a …Looks like something wrong with os/hardware?
-
<version>, <error dll=“”>, <dll version=“”>, <crash offset=“”>.
4.85.3.2, engbase.dll, 1.11.0.173, 0000b8ae.Anyone know anything about this one? Aparently it’s happening when someone tries to load a character.
EDIT: After the VersionNumber and ProductNumber were changed in engbase.dll, it seems to have been fixed. (Which is odd, because I can run FLServer fine with the original file.)</crash></dll></error></version>
-
I wonder, can this be used to point out why a server crashes? Sounds like a stupid question, but my issue this. I have created a new ship, but the server and game both crash as I try to undock. Will this point me in a direction to look?
Oh, and FF, I love that sig LOL
-
w0dk4 wrote:
0xc458f - very frequent, could be NPC-related
This is related to multiple players/ships suiciding at the same moment into a planet/death zone. At least we could reproduce it that way on Hamburg City.
What did you return in case of an exception (assuming you did surround it with try…catch)?
-
Alright, I first tried try/catch (mixed up the return value with another function, for this one the result is never used), but it turned out that there already are exceptions used, since the catch block got executed very often. I now patch directly the part where it crashes and check whether edx is zero. In case it is, I set eax and also ecx+2Ch to zero. Since I could reproduce the bug I could test that this fixes the crash.