Errors Got this bug
Reply
Got this bug
Got this trouble with UF MQ2

More +
MQ2Main!GetSpellNameByID+0x1e:
699bdade 803800          cmp     byte ptr [eax],0           ds:002b:f0627077=??
0:000:x86> gn
ModLoad: 74b50000 74c65000   C:\Everquest\DbgHelp.dll
(17f0.17cc): C++ EH exception - code e06d7363 (first chance)
(17f0.17cc): C++ EH exception - code e06d7363 (!!! second chance !!!)
KERNELBASE!RaiseException+0x58:
76fcc42d c9              leave


Is there any solution for this ?? Many thanks.
Mon May 19, 2014 8:03 pm
Probably :)

A stack trace would be more helpful so we could see whats upstream from that. What were you doing at the time? Can you easily recreate the bug?
Tue May 20, 2014 6:54 am
Project Lead
Hi Maudigan , yes always jump this bug on my wizard everytime when i do /macro xxxx



More +
MQ2Main!GetSpellNameByID+0x25:
682fcf75 803800 cmp byte ptr [eax],0 ds:002b:fe8c245a=??
0:000:x86> .sympath SRV*c:\winnt\symbols*http://msdl.microsoft.com/download/symbols
Symbol search path is: SRV*c:\winnt\symbols*http://msdl.microsoft.com/download/symbols
Expanded Symbol search path is: srv*c:\winnt\symbols*http://msdl.microsoft.com/download/symbols

************* Symbol Path validation summary **************
Response Time (ms) Location
Deferred SRV*c:\winnt\symbols*http://msdl.microsoft.com/download/symbols
0:000:x86> r
eax=fe8c245a ebx=0018b96b ecx=0000787e edx=0018b144 esi=00001ca8 edi=00000008
eip=682fcf75 esp=0018a104 ebp=0018a104 iopl=0 nv up ei ng nz na pe nc
cs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00210286
MQ2Main!GetSpellNameByID+0x25:
682fcf75 803800 cmp byte ptr [eax],0 ds:002b:fe8c245a=??
0:000:x86> kv
ChildEBP RetAddr Args to Child
0018a104 682db9bf 0000787e 0018b144 0018c168 MQ2Main!GetSpellNameByID+0x25 (FPO: [Non-Fpo]) (CONV: cdecl) [c:\compilar\mq2main\mq2utilities.cpp @ 871]
0018b120 682d5b19 16cddc60 0018b96b 0018b144 MQ2Main!MQ2CharacterType::GetMember+0x1f4f (FPO: [Non-Fpo]) (CONV: thiscall) [c:\compilar\mq2main\mq2datatypes.cpp @ 2771]
0018b94c 682d5343 00000000 0018b144 0038a218 MQ2Main!ParseMQ2DataPortion+0x499 (FPO: [Non-Fpo]) (CONV: cdecl) [c:\compilar\mq2main\mq2dataapi.cpp @ 236]
0018c174 682f7c00 0018c19c 00000000 0018d99c MQ2Main!ParseMacroData+0x143 (FPO: [Non-Fpo]) (CONV: cdecl) [c:\compilar\mq2main\mq2dataapi.cpp @ 562]
0018c184 682c6dea 16d3ced0 0018c19c 00000027 MQ2Main!ParseMacroParameter+0x20 (FPO: [Non-Fpo]) (CONV: cdecl) [c:\compilar\mq2main\mq2parseapi.cpp @ 125]
0018d99c 682f9592 16d3ced0 320cba20 00000000 MQ2Main!HideDoCommand+0x37a (FPO: [Non-Fpo]) (CONV: cdecl) [c:\compilar\mq2main\mq2commandapi.cpp @ 136]
0018e1bc 682f9eb8 00000001 00000000 682f9f05 MQ2Main!DoNextCommand+0x192 (FPO: [Non-Fpo]) (CONV: cdecl) [c:\compilar\mq2main\mq2pulse.cpp @ 64]
0018e1c8 682f9f05 004f94e9 16d3ced0 00000000 MQ2Main!Heartbeat+0x1d8 (FPO: [0,0,0]) (CONV: cdecl) [c:\compilar\mq2main\mq2pulse.cpp @ 351]
*** WARNING: Unable to verify checksum for C:\Everquest\eqgame.exe
*** ERROR: Module load completed but symbols could not be loaded for C:\Everquest\eqgame.exe
0018e1cc 004f94e9 16d3ced0 00000000 004fcd67 MQ2Main!Detour_ProcessGameEvents+0x5 (FPO: [0,0,0]) (CONV: cdecl) [c:\compilar\mq2main\mq2pulse.cpp @ 372]
WARNING: Stack unwind information not available. Following frames may be wrong.
0018e1d8 004fcd67 034afd58 02deac58 0018e7b0 eqgame+0xf94e9
00000000 00000000 00000000 00000000 00000000 eqgame+0xfcd67
Thu May 22, 2014 6:29 am
Are you on a custom server that patches EQ; I'm guessing custom spells?
Thu May 22, 2014 6:56 am
Project Lead
im on PEQ in lan , and you don't remember me hahahahahaha im the spaniard ;-)


Is there any solution for me ??
Thu May 22, 2014 6:59 am
I've seen that before and I think we narrowed it down to a bad spell file on a custom server. I think it was on a wizard too if I remember right. I'm thinking it might be something bugged out in your spell book, a slot somehow assigned to a spell that doesn't exist... I need to get in there and look at the code again to refresh my memory on what it's doing and see if I can come up with a way to test it. If I don't get back with you this weekend feel free to remind me.

Edit: and I remember you :)
Fri May 23, 2014 6:59 am
Project Lead
c++
More +

PCHAR GetSpellNameByID(DWORD dwSpellID)
{
    PSPELL pSpell = NULL;
    if (ppSpellMgr == NULL) return "Unknown Spell";
    pSpell =  &(*((PSPELLMGR)pSpellMgr)->Spells[dwSpellID]);
    if (pSpell != NULL) {
        if (pSpell->Name != NULL) {
            if (pSpell->Name[0]!='\0') {
                return pSpell->Name;
            }
        }
    }
    return "Unknown Spell";
}


That's the relevant function. I'm a bit rusty and I don't have the assembly in front of me--if you know how to pull the relevant assembly from your debugger and post it that would be awesome.

This is a guess, but its probably using the _fastcall convention which passes the parameter, the spell ID in this case, using the ECX register. The ECX register, assuming its still holding the spell ID at the time of the crash, is set to 787Eh, or this spell: http://mqemulator.net/spell.php?id=30846 which is a wizard spell.

I don't know why your macro would be using that spell though, it makes me think I'm misinterpreting it.

Does your macro us that spell? If it does, can you try to cast the spell without using the macro, preferable in whatever way the macro does it, like /casting 30846 or something like that. Maybe you could post the macro, or PM it to me if its private.
Fri May 23, 2014 6:17 pm
Project Lead
I feel like I should warn you that I don't usually use debuggers :)

I usually diagnose by adding output lines to my code. If it were me, id just change the routine to the following code and then recreate the crash to see what spell id is crashing it. A try/catch block with some WriteChatf output would work too. Once we have the spell id we can work from there.

c++
More +
PCHAR GetSpellNameByID(DWORD dwSpellID)
{
    WriteChatf("spellid: %d", dwSpellID);    DebugSpewAlways("spellid: %d", dwSpellID);    return "Unknown Spell";}        


The only time I mess with assembly is in IDA pro so I'm a little out of my element.
Last edited by Maudigan on Sun May 25, 2014 4:39 pm; edited 1 time in total
Fri May 23, 2014 7:06 pm
Project Lead
Omg !! hahahaha useless of me hahaha , i will try that debugspellalways line , seems that could work and not make crash de macro , but i will test it tomorrow , im out this weekend out from home . i will explain if all run ok or still at the same crash with that new lines.
Sun May 25, 2014 12:20 pm
I've been thinking about this, and it just didn't make sense.... the code looks good. I was thinking a null pointer exception, but the code doesn't look bad. I think it might be an indexing problem on the spell array.

The spells_us.txt files last entry is this:

More +
27999^ESR^BLUE_TRAIL^^^^^^^^^0^0^0^0^0^0^0^0^0^0^0^0^0^0^0^0^0^0^0^0^0^0^0^0^0^0^0^0^0^0^0^0^0^0^0^0^0^0^0^0^0^0^0^0^0^0^0^-1^-1^-1^-1^1^1^1^1^-1^-1^-1^-1^100^100^100^100^100^100^100^100^100^100^100^100^0^3^^0^254^254^254^254^254^254^254^254^254^254^254^254^0^0^52^-1^-1^0^255^255^255^255^255^255^255^255^255^255^255^255^255^255^255^255^44^13^0^-1^^0^0^0^0^0^0^0^0^0^0^0^0^0^0^0^0^0^100^0^-1^0^0^0^0^0^0^0^0^0^0^0^^^^0^0^0^0^0^0^0^0^0^0^0^0^0^0^0^0^0^0^0^0^0^^0^0^0^0^0^0^0^0^0^0^0^0^0^0^0^0^0^0^0^1^0^0^1^0^0^-1^0^0^0^1^0^0^1^1^1^0^-1^0^0^0^0^0^-1^0^1^0^0^1^0^1^0^0^0


and in EQData.h there is the following

c++
More +
#define   TOTAL_SPELL_COUNT             0x6d60      // # of spells allocated in memory (4/7/2009)
#define   TOTAL_ACTUAL_SPELLS           0x1964      // # of ACTUAL spells in game      (9/14/2004) - wrong and unused

// size: 0x17770 08-07-06          
typedef struct _SPELLMGR {
BYTE            unknown[0x68];
struct _SPELL*  Spells[TOTAL_SPELL_COUNT];
} SPELLMGR, *PSPELLMGR;


So the SpellMgr has a collection, Spells, with 6D60h (28000) elements. So the last index would be 27999, which matches the last spell in your clients spell file.

Now, assuming my _fastcall guess is correct, then the index being used on that array is 30846... which doesn't exist. It's an array of pointers, so it just a run together list of 4 byte segments, each one containing a pointer to a spell. 30846 doesn't exist, so what would happen is, it would read past that list of pointers, 11388 bytes past the end. (30846 - 27999 multiplied by 4 bytes is 11388 bytes)

It grabs whatever 4 bytes happens to be at that memory location, and tries to treat it as if it's a pointer to a spell. Whatever those 4 bytes are, they aren't NULL, but they aren't a pointer either. So it gets past all those NULL checks, but crashes when it tries to treat it as an address.

Why might it be feeding it that weird ID? PEQ's database has spells in it that are in the live client, but don't exist in the old clients. When I look in the PEQ database, the highest ID spell is, 32999.

I don't know what exactly your macro is doing that is causing it to try and access information about that particular spell but that's all I can figure. That may be totally wrong... but it's my best guess right now. And it's pretty suspicious that the thing that most seems like it's the index is bigger than the alocated space for that pointer array.

To test it, just add an index check, something like the following. I don't think increasing the constant to make the array bigger would work since it's pointing to an existing structure in the client, unless you added a modern spell file. The array is kind of just getting used as a data type to instruct MacroQuest how to interact with an existing structure within eqgame.exe.


c++
More +
PCHAR GetSpellNameByID(DWORD dwSpellID)
{
    PSPELL pSpell = NULL;
    if (dwSpellID >= TOTAL_SPELL_COUNT) return "Unknown Spell";    if (ppSpellMgr == NULL) return "Unknown Spell";
    pSpell =  &(*((PSPELLMGR)pSpellMgr)->Spells[dwSpellID]);
    if (pSpell != NULL) {
        if (pSpell->Name != NULL) {
            if (pSpell->Name[0]!='\0') {
                return pSpell->Name;
            }
        }
    }
    return "Unknown Spell";
}
Last edited by Maudigan on Mon May 26, 2014 11:27 am; edited 1 time in total
Sun May 25, 2014 3:48 pm
Project Lead
WoW !!! i test this solution you put :
c++
More +

PCHAR GetSpellNameByID(DWORD dwSpellID)
{
    PSPELL pSpell = NULL;
    if (dwSpellID >= TOTAL_SPELL_COUNT) return "Unknown Spell";
    if (ppSpellMgr == NULL) return "Unknown Spell";
    pSpell =  &(*((PSPELLMGR)pSpellMgr)->Spells[dwSpellID]);
    if (pSpell != NULL) {
        if (pSpell->Name != NULL) {
            if (pSpell->Name[0]!='\0') {
                return pSpell->Name;
            }
        }
    }
    return "Unknown Spell";



And for the moment works and not crash , my congratulations for you , today i was start the morning doing some things with the code with the debug lines etc and any work , but you give me a lesson and works hahahaha
YOU ARE THE BEST ONE Maudi !!! Mny thanks friend and now all peeps who gots this bug too got a great solution in the wizards crash.
And i miss one thing this crash appears to me in every macro i write or test , modbot , raiddruid , afknuke ..... the list of macros made by me or downloaded from others was so long , but you did it. MY CONGRATULATIONS FOR YOU AGAIN !!!

Be safe friend you are rocks !!!
Mon May 26, 2014 10:30 am
Thanks :)
glad you're up again.
Mon May 26, 2014 11:20 am
Project Lead
Errors Got this bug
Reply