KubiPL Posted August 25, 2014 Share Posted August 25, 2014 Hello, can you help me find out what this is exactly doing? What is related to this, what can crash at this address. 00756B89 (main 00756960) sub rxD3D9Instance: .text:00756960 ; =============== S U B R O U T I N E ======================================= .text:00756960 .text:00756960 .text:00756960 sub_756960 proc near ; CODE XREF: sub_7575F0+146p .text:00756960 ; .text:007584CDp ... .text:00756960 .text:00756960 var_2C = dword ptr -2Ch .text:00756960 var_20 = dword ptr -20h .text:00756960 resEntry = dword ptr -1Ch .text:00756960 var_18 = dword ptr -18h .text:00756960 var_14 = dword ptr -14h .text:00756960 var_10 = dword ptr -10h .text:00756960 var_C = dword ptr -0Ch .text:00756960 var_8 = dword ptr -8 .text:00756960 var_4 = dword ptr -4 .text:00756960 arg_0 = dword ptr 4 .text:00756960 arg_4 = dword ptr 8 .text:00756960 arg_8 = dword ptr 0Ch .text:00756960 arg_C = dword ptr 10h .text:00756960 arg_10 = dword ptr 14h .text:00756960 arg_14 = dword ptr 18h .text:00756960 arg_18 = dword ptr 1Ch .text:00756960 .text:00756960 sub esp, 1Ch .text:00756963 push ebx .text:00756964 push ebp .text:00756965 mov ebp, [esp+24h+arg_10] .text:00756969 xor eax, eax .text:0075696B push esi .text:0075696C push edi .text:0075696D mov ax, [ebp+4] .text:00756971 xor ebx, ebx .text:00756973 mov [esp+2Ch+var_18], ebx .text:00756977 lea eax, [eax+eax*8] .text:0075697A lea edi, ds:40h[eax*4] .text:00756981 mov eax, [esp+2Ch+arg_18] .text:00756985 cmp eax, ebx .text:00756987 jz short loc_7569C4 .text:00756989 mov edx, ds:rwInterface .text:0075698F lea ecx, [edi+18h] .text:00756992 push 3050Dh .text:00756997 push ecx .text:00756998 call dword ptr [edx+134h] .text:0075699E mov esi, eax .text:007569A0 mov eax, [esp+34h+arg_C] .text:007569A4 add esp, 8 .text:007569A7 mov [esp+2Ch+resEntry], esi .text:007569AB mov [eax], esi .text:007569AD mov [esi], ebx .text:007569AF mov [esi+4], ebx .text:007569B2 mov [esi+8], edi .text:007569B5 mov [esi+0Ch], ebx .text:007569B8 mov [esi+10h], ebx .text:007569BB .text:007569BB loc_7569BB: .text:007569BB mov dword ptr [esi+14h], offset sub_4C9990 .text:007569C2 jmp short loc_7569E2 .text:007569C4 ; --------------------------------------------------------------------------- .text:007569C4 .text:007569C4 loc_7569C4: ; CODE XREF: sub_756960+27j .text:007569C4 mov ecx, [esp+2Ch+arg_C] .text:007569C8 mov edx, [esp+2Ch+arg_4] .text:007569CC push offset sub_4C9990 .text:007569D1 push edi .text:007569D2 push ecx .text:007569D3 push edx .text:007569D4 call RwResourcesAllocateEntry .text:007569D9 add esp, 10h .text:007569DC mov [esp+2Ch+resEntry], eax .text:007569E0 mov esi, eax .text:007569E2 .text:007569E2 loc_7569E2: ; CODE XREF: sub_756960+62j .text:007569E2 mov ecx, edi .text:007569E4 lea ebx, [esi+18h] .text:007569E7 mov edx, ecx .text:007569E9 xor eax, eax .text:007569EB mov edi, ebx .text:007569ED shr ecx, 2 .text:007569F0 rep stosd .text:007569F2 mov ecx, edx .text:007569F4 xor edx, edx .text:007569F6 and ecx, 3 .text:007569F9 rep stosb .text:007569FB xor eax, eax .text:007569FD xor ecx, ecx .text:007569FF mov ax, [ebp+6] .text:00756A03 lea edi, [ebx+8] .text:00756A06 mov [ebx], eax .text:00756A08 mov cx, [ebp+4] .text:00756A0C mov [ebx+4], ecx .text:00756A0F mov [esp+2Ch+arg_4], edx .text:00756A13 mov [edi], edx .text:00756A15 mov [ebx+38h], edx .text:00756A18 mov eax, [ebp+0] .text:00756A1B mov [esp+2Ch+var_4], edi .text:00756A1F test ah, 1 .text:00756A22 jnz loc_756ADF .text:00756A28 xor ecx, ecx .text:00756A2A mov cx, [ebp+4] .text:00756A2E cmp ecx, edx .text:00756A30 jz short loc_756A40 .text:00756A32 lea eax, [ebp+14h] .text:00756A35 .text:00756A35 loc_756A35: ; CODE XREF: sub_756960+DEj .text:00756A35 mov edx, [eax] .text:00756A37 add eax, 0Ch .text:00756A3A add [ebx+38h], edx .text:00756A3D dec ecx .text:00756A3E jnz short loc_756A35 .text:00756A40 .text:00756A40 loc_756A40: ; CODE XREF: sub_756960+D0j .text:00756A40 mov edx, [ebx+38h] .text:00756A43 test edx, edx .text:00756A45 jz loc_756ADD .text:00756A4B mov eax, [ebp+0] .text:00756A4E mov ecx, ds:dword_C9B8C0 .text:00756A54 and eax, 0FFh .text:00756A59 add eax, ecx .text:00756A5B mov ecx, ds:rwInterface .text:00756A61 cmp byte ptr [eax+ecx+8], 4 .text:00756A66 jnz short loc_756AA6 .text:00756A68 mov cl, byte ptr [esp+2Ch+arg_8] .text:00756A6C mov eax, 55555555h .text:00756A71 cmp cl, 0FFh .text:00756A74 jnz short loc_756A85 .text:00756A76 mov ecx, [esp+2Ch+arg_0] .text:00756A7A xor eax, eax .text:00756A7C mov ax, [ecx+84h] .text:00756A83 jmp short loc_756A94 .text:00756A85 ; --------------------------------------------------------------------------- .text:00756A85 .text:00756A85 loc_756A85: ; CODE XREF: sub_756960+114j .text:00756A85 cmp cl, 1 .text:00756A88 jnz short loc_756A94 .text:00756A8A mov eax, [esp+2Ch+arg_0] .text:00756A8E mov ecx, [eax+18h] .text:00756A91 mov eax, [ecx+10h] .text:00756A94 .text:00756A94 loc_756A94: ; CODE XREF: sub_756960+123j .text:00756A94 ; sub_756960+128j .text:00756A94 lea eax, [eax+eax*2] .text:00756A97 cmp edx, eax .text:00756A99 jbe short loc_756AA6 .text:00756A9B mov [esp+2Ch+var_18], 1 .text:00756AA3 mov [ebx+38h], eax .text:00756AA6 .text:00756AA6 loc_756AA6: ; CODE XREF: sub_756960+106j .text:00756AA6 ; sub_756960+139j .text:00756AA6 mov edx, [ebx+38h] .text:00756AA9 push edi .text:00756AAA push edx .text:00756AAB call sub_4C9970 .text:00756AB0 add esp, 8 .text:00756AB3 test eax, eax .text:00756AB5 jz short loc_756ACA .text:00756AB7 mov eax, [edi] .text:00756AB9 lea edx, [esp+2Ch+arg_4] .text:00756ABD push 0 .text:00756ABF push edx .text:00756AC0 mov ecx, [eax] .text:00756AC2 push 0 .text:00756AC4 push 0 .text:00756AC6 push eax .text:00756AC7 call dword ptr [ecx+2Ch] .text:00756ACA .text:00756ACA loc_756ACA: ; CODE XREF: sub_756960+155j .text:00756ACA mov eax, [esp+40h+var_2C] .text:00756ACE xor edx, edx .text:00756AD0 test eax, eax .text:00756AD2 jz short loc_756ADF .text:00756AD4 mov dword ptr [ebx+0Ch], 4 .text:00756ADB jmp short loc_756B05 .text:00756ADD ; --------------------------------------------------------------------------- .text:00756ADD .text:00756ADD loc_756ADD: ; CODE XREF: sub_756960+E5j .text:00756ADD xor edx, edx .text:00756ADF .text:00756ADF loc_756ADF: ; CODE XREF: sub_756960+C2j .text:00756ADF ; sub_756960+172j .text:00756ADF mov eax, [ebp+0] .text:00756AE2 mov ecx, ds:dword_C9B8C0 .text:00756AE8 mov edi, ds:rwInterface .text:00756AEE and eax, 0FFh .text:00756AF3 add eax, ecx .text:00756AF5 xor ecx, ecx .text:00756AF7 mov cl, [eax+edi+8] .text:00756AFB mov eax, ds:dword_874FEC[ecx*4] .text:00756B02 mov [ebx+0Ch], eax .text:00756B05 .text:00756B05 loc_756B05: ; CODE XREF: sub_756960+17Bj .text:00756B05 lea eax, [ebx+14h] .text:00756B08 mov ecx, 2 .text:00756B0D .text:00756B0D loc_756B0D: ; CODE XREF: sub_756960+1C5j .text:00756B0D mov [eax-4], edx .text:00756B10 mov [eax], edx .text:00756B12 mov [eax+4], edx .text:00756B15 mov [eax+8], dx .text:00756B19 mov byte ptr [eax+0Ah], 0 .text:00756B1D mov byte ptr [eax+0Bh], 0 .text:00756B21 add eax, 10h .text:00756B24 dec ecx .text:00756B25 jnz short loc_756B0D .text:00756B27 lea edi, [esi+18h] .text:00756B2A xor eax, eax .text:00756B2C mov [esp+2Ch+var_14], eax .text:00756B30 mov [esp+2Ch+arg_C], eax .text:00756B34 mov [edi+34h], eax .text:00756B37 mov ax, [ebp+4] .text:00756B3B lea ecx, [edi+40h] .text:00756B3E lea esi, [ebp+10h] .text:00756B41 test eax, eax .text:00756B43 mov [esp+2Ch+arg_8], ecx .text:00756B47 mov [esp+2Ch+var_C], esi .text:00756B4B jz loc_756CFF .text:00756B51 lea ebp, [ecx+4] .text:00756B54 mov [esp+2Ch+var_8], eax .text:00756B58 .text:00756B58 loc_756B58: ; CODE XREF: sub_756960+399j .text:00756B58 mov ecx, [esp+2Ch+arg_10] .text:00756B5C mov ebx, [esi+4] .text:00756B5F mov eax, [ecx] .text:00756B61 test ah, 1 .text:00756B64 jz short loc_756B7A .text:00756B66 mov eax, [esp+2Ch+var_14] .text:00756B6A mov [ebp+14h], ebx .text:00756B6D mov [ebp+0], eax .text:00756B70 add eax, ebx .text:00756B72 mov [esp+2Ch+var_14], eax .text:00756B76 xor ecx, ecx .text:00756B78 jmp short loc_756BBE .text:00756B7A ; --------------------------------------------------------------------------- .text:00756B7A .text:00756B7A loc_756B7A: ; CODE XREF: sub_756960+204j .text:00756B7A mov edi, [esi] .text:00756B7C xor ecx, ecx .text:00756B7E cmp ebx, ecx .text:00756B80 mov [esp+2Ch+var_10], ebx .text:00756B84 jz short loc_756BB8 .text:00756B86 or edx, 0FFFFFFFFh .text:00756B89 [color=#FF0000].text:00756B89 loc_756B89: ; CODE XREF: sub_756960+249j .text:00756B89 mov ax, [edi] .text:00756B8C and eax, 0FFFFh .text:00756B91 cmp edx, eax .text:00756B93 jb short loc_756B97 .text:00756B95 mov edx, eax .text:00756B97[/color] .text:00756B97 loc_756B97: ; CODE XREF: sub_756960+233j .text:00756B97 cmp ecx, eax .text:00756B99 ja short loc_756B9D .text:00756B9B mov ecx, eax Link to comment
0 MTA Team ccw Posted August 25, 2014 MTA Team Share Posted August 25, 2014 GTA is trying to create an instance of a 3D model, but fails due to incorrect data. Possible cause is memory corruption by some unrelated problem. That crash address is very rare. Do you get it often? Link to comment
0 KubiPL Posted August 25, 2014 Author Share Posted August 25, 2014 Yes, half of my players (~200) got this crash randomly, not always in places where this crash occur. Maybe dump from registers can say more: EAX: 0x00000001 EBX: 0x00000004 ECX: 0x00000000 EDX: 0xFFFFFFFF ESI: 0x140A9A2C EDI: 0xC1000000 EBP: 0x0BA97800 ESP: 0x0028FC0C Link to comment
0 MTA Team ccw Posted August 25, 2014 MTA Team Share Posted August 25, 2014 Your players must be having a crash with a different address, because 00756B89 is very rare. Link to comment
0 KubiPL Posted August 25, 2014 Author Share Posted August 25, 2014 No, every player have this crash address, day by day they sending me info with this crash address. What can corrupt memory? Link to comment
0 MTA Team ccw Posted August 25, 2014 MTA Team Share Posted August 25, 2014 Strange. For some reason we are not receiving the crash dumps for 00756B89. Ask your users to zip the files from MTA/dumps/ and upload them here: http://upload.mtasa.com/ Link to comment
0 vx89 Posted August 25, 2014 Share Posted August 25, 2014 I wonder how do you debug that trace. // feeling stupid Link to comment
0 KubiPL Posted August 26, 2014 Author Share Posted August 26, 2014 I can't becouse crash occur on SA-MP client not MTA, unfortunately. SA-MP dev team aren't helpful and they only say to remove objects.. I mention that you can help me, becouse you all know more and you really can help me. Can I send crash logs from this client? Link to comment
0 Woovie Posted September 2, 2014 Share Posted September 2, 2014 We can't fix SAMP bugs, sorry. Link to comment
0 Ransom Posted September 3, 2014 Share Posted September 3, 2014 I can't becouse crash occur on SA-MP client not MTA, unfortunately. SA-MP dev team aren't helpful and they only say to remove objects.. I mention that you can help me, becouse you all know more and you really can help me. Can I send crash logs from this client? Are you serious right now? Why don't you go ask Apple to support your Microsoft product too... Link to comment
Question
KubiPL
Hello, can you help me find out what this is exactly doing? What is related to this, what can crash at this address.
00756B89 (main 00756960) sub rxD3D9Instance:
Link to comment
10 answers to this question
Recommended Posts