Jump to content
MaxCheaters Official Group on X
MaxCheaters Official Group on Discord
--> Place your ad text here <--

Better Crash Report for General Protection Fault

eressea

By eressea
in Client Development Discussion

 Share

Recommended Posts

eressea Newbie

eressea

Posted
Posted

Hi, I've found a nice way to get better GPF crash reports from the client:

crashreport1.png.2b31a2d39653d6b7d6fc2e30d5f9970c.pngcrashreport2.png.401790f57b210237725a6a1b43b91b48.png

It's simple, there are just few things that must be done to get it working.

1. Create buffer for register and modules dump and function that fills it: 

wchar_t MyExceptionBuffer[0x1000];

LONG WINAPI MyUnhandledExceptionFilter(_In_ struct _EXCEPTION_POINTERS *ExceptionInfo)
{
	if (ExceptionInfo->ExceptionRecord->ExceptionCode == EXCEPTION_ACCESS_VIOLATION) {
		wsprintf(
			MyExceptionBuffer,
			L"EAX=0x%08X CS=0x%04X EIP=0x%08X EFLGS=0x%08X\r\n"
			L"EBX=0x%08X SS=0x%04X ESP=0x%08X EBP=0x%08X\r\n"
			L"ECX=0x%08X DS=0x%04X ESI=0x%08X FS=0x%04X\r\n"
			L"EDX=0x%08X ES=0x%04X EDI=0x%08X GS=0x%04X\r\n"
			L"\r\n"
			L"l2.exe:      0x%08X\r\n"
			L"core.dll:    0x%08X\r\n"
			L"engine.dll:  0x%08X\r\n"
			L"nwindow.dll: 0x%08X\r\n",
			ExceptionInfo->ContextRecord->Eax,
			ExceptionInfo->ContextRecord->SegCs,
			ExceptionInfo->ContextRecord->Eip,
			ExceptionInfo->ContextRecord->EFlags,
			ExceptionInfo->ContextRecord->Ebx,
			ExceptionInfo->ContextRecord->SegSs,
			ExceptionInfo->ContextRecord->Esp,
			ExceptionInfo->ContextRecord->Ebp,
			ExceptionInfo->ContextRecord->Ecx,
			ExceptionInfo->ContextRecord->SegDs,
			ExceptionInfo->ContextRecord->Esi,
			ExceptionInfo->ContextRecord->SegFs,
			ExceptionInfo->ContextRecord->Edx,
			ExceptionInfo->ContextRecord->SegEs,
			ExceptionInfo->ContextRecord->Edi,
			ExceptionInfo->ContextRecord->SegGs,
			GetModuleHandleA("l2.exe"),
			GetModuleHandleA("core.dll"),
			GetModuleHandleA("engine.dll"),
			GetModuleHandleA("nwindow.dll"));
	}
	return 0;
}

2. Call AddVectoredExceptionHandler: 

AddVectoredExceptionHandler(1, MyUnhandledExceptionFilter);

3. Don't forget to initialize the buffer 

MyExceptionBuffer[0] = 0;

4. Now if it crashes, MyExceptionBuffer will be filled with register dump - now we have to hack it so it will be shown. Create function that wraps appStrncat: 

wchar_t* appStrncatWrapper(wchar_t *destination, const wchar_t *source, int maxCount)
{
	if (std::wstring(L"MainLoop") != source || !MyExceptionBuffer[0]) {
		return wcsncat(destination, source, maxCount);
	}
	std::wstring data(source);
	data += L"\r\n\r\n";
	data += MyExceptionBuffer;
	return wcsncat(destination, data.c_str(), maxCount);
}

5. Hook our appStrncatWrapper function to the right place - this example is for interlude, for other clients you have to use IDA and find the same code: 

WriteInstructionCall(reinterpret_cast<UINT32>(GetModuleHandle(L"core.dll")) + 0x52287, reinterpret_cast<UINT32>(appStrncatWrapper));

Now when the client crashes with GPF error (access violation) and the code is called from MainLoop, you'll see nice crash info with details :)

Enjoy!

  • Like 3
  • Upvote 2
  • 8 months later...
DimensionalGames Newbie

DimensionalGames

Posted
Posted
On 10/4/2017 at 6:37 PM, eressea said:

Hi, I've found a nice way to get better GPF crash reports from the client:

crashreport1.png.2b31a2d39653d6b7d6fc2e30d5f9970c.pngcrashreport2.png.401790f57b210237725a6a1b43b91b48.png

It's simple, there are just few things that must be done to get it working.

1. Create buffer for register and modules dump and function that fills it: 


wchar_t MyExceptionBuffer[0x1000];

LONG WINAPI MyUnhandledExceptionFilter(_In_ struct _EXCEPTION_POINTERS *ExceptionInfo)
{
	if (ExceptionInfo->ExceptionRecord->ExceptionCode == EXCEPTION_ACCESS_VIOLATION) {
		wsprintf(
			MyExceptionBuffer,
			L"EAX=0x%08X CS=0x%04X EIP=0x%08X EFLGS=0x%08X\r\n"
			L"EBX=0x%08X SS=0x%04X ESP=0x%08X EBP=0x%08X\r\n"
			L"ECX=0x%08X DS=0x%04X ESI=0x%08X FS=0x%04X\r\n"
			L"EDX=0x%08X ES=0x%04X EDI=0x%08X GS=0x%04X\r\n"
			L"\r\n"
			L"l2.exe:      0x%08X\r\n"
			L"core.dll:    0x%08X\r\n"
			L"engine.dll:  0x%08X\r\n"
			L"nwindow.dll: 0x%08X\r\n",
			ExceptionInfo->ContextRecord->Eax,
			ExceptionInfo->ContextRecord->SegCs,
			ExceptionInfo->ContextRecord->Eip,
			ExceptionInfo->ContextRecord->EFlags,
			ExceptionInfo->ContextRecord->Ebx,
			ExceptionInfo->ContextRecord->SegSs,
			ExceptionInfo->ContextRecord->Esp,
			ExceptionInfo->ContextRecord->Ebp,
			ExceptionInfo->ContextRecord->Ecx,
			ExceptionInfo->ContextRecord->SegDs,
			ExceptionInfo->ContextRecord->Esi,
			ExceptionInfo->ContextRecord->SegFs,
			ExceptionInfo->ContextRecord->Edx,
			ExceptionInfo->ContextRecord->SegEs,
			ExceptionInfo->ContextRecord->Edi,
			ExceptionInfo->ContextRecord->SegGs,
			GetModuleHandleA("l2.exe"),
			GetModuleHandleA("core.dll"),
			GetModuleHandleA("engine.dll"),
			GetModuleHandleA("nwindow.dll"));
	}
	return 0;
}

2. Call AddVectoredExceptionHandler: 


AddVectoredExceptionHandler(1, MyUnhandledExceptionFilter);

3. Don't forget to initialize the buffer 


MyExceptionBuffer[0] = 0;

4. Now if it crashes, MyExceptionBuffer will be filled with register dump - now we have to hack it so it will be shown. Create function that wraps appStrncat: 


wchar_t* appStrncatWrapper(wchar_t *destination, const wchar_t *source, int maxCount)
{
	if (std::wstring(L"MainLoop") != source || !MyExceptionBuffer[0]) {
		return wcsncat(destination, source, maxCount);
	}
	std::wstring data(source);
	data += L"\r\n\r\n";
	data += MyExceptionBuffer;
	return wcsncat(destination, data.c_str(), maxCount);
}

5. Hook our appStrncatWrapper function to the right place - this example is for interlude, for other clients you have to use IDA and find the same code: 


WriteInstructionCall(reinterpret_cast<UINT32>(GetModuleHandle(L"core.dll")) + 0x52287, reinterpret_cast<UINT32>(appStrncatWrapper));

Now when the client crashes with GPF error (access violation) and the code is called from MainLoop, you'll see nice crash info with details :)

Enjoy!

sorry for the dumb question, but in which file am i adding this and how?

sepultribe Newbie

sepultribe

Posted
Posted
3 hours ago, DimensionalGames said:

sorry for the dumb question, but in which file am i adding this and how?

 

should be the l2.exe you would inject with this code.

 

great stuff OP, hadn't seen this one.

eressea Newbie

eressea

Posted
  • Author
Posted
6 hours ago, DimensionalGames said:

yeah but how is it possible to do this?? ive never worked with client :/

 

Get Visual Studio (with support for Windows XP if you want to support players with this obsolete system), create new C++ Win32 project -> choose DLL. Implement those bits I've posted and build DLL. Then edit l2.exe to load this DLL.

DimensionalGames Newbie

DimensionalGames

Posted
Posted
On 6/21/2018 at 8:21 AM, eressea said:

 

Get Visual Studio (with support for Windows XP if you want to support players with this obsolete system), create new C++ Win32 project -> choose DLL. Implement those bits I've posted and build DLL. Then edit l2.exe to load this DLL.

i know about the first, but how do i edit the l2.exe? btw thx for answering. This way i can add more too? also are there any dependencies for the dll (other dlls?)

eressea Newbie

eressea

Posted
  • Author
Posted
6 hours ago, DimensionalGames said:

i know about the first, but how do i edit the l2.exe? btw thx for answering. This way i can add more too? also are there any dependencies for the dll (other dlls?)

 

There are tools like CFF Explorer etc, you just open l2.exe there and add an import to import table.

If you write your DLL, it's up to you what it will depend on. If it depends on other DLLs, it will automatically load them so you still need just to add your DLL to import table of l2.exe and system will do the rest for you.

DimensionalGames Newbie

DimensionalGames

Posted
Posted
On 6/23/2018 at 10:36 AM, eressea said:

 

There are tools like CFF Explorer etc, you just open l2.exe there and add an import to import table.

If you write your DLL, it's up to you what it will depend on. If it depends on other DLLs, it will automatically load them so you still need just to add your DLL to import table of l2.exe and system will do the rest for you.

one last question :D is it possible to write the dll in C#?

eressea Newbie

eressea

Posted
  • Author
Posted
8 hours ago, DimensionalGames said:

one last question :D is it possible to write the dll in C#?

 

Short answer: No.

Long answer: There's some chance it could be done (somehow) but it would be very very hard (and maybe you would still have to write some parts in assembly).

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing


×
×
  • Create New...