Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix fortitude's "nemesis" streaming crash #56

Open
tyackman opened this issue Nov 5, 2023 · 12 comments
Open

Fix fortitude's "nemesis" streaming crash #56

tyackman opened this issue Nov 5, 2023 · 12 comments

Comments

@tyackman
Copy link
Contributor

tyackman commented Nov 5, 2023

cout fortitude crash.log
@who-care123
Copy link

who-care123 commented Nov 10, 2023
edited
Loading

E8 ? ? ? ? 48 8B C8 48 8B F0 48 8B 10 FF 52 ? 48 8B CE add(1).rip()
if (auto ptr = *(uint64_t*)(a1 + 0xC10); !ptr) return 0;

@maybegreat48
Copy link
Contributor

That should work, but I'd like to analyze their syncs and block it through the can apply data hook. I'm busy working on something else right now, but I'll get back to this project soon enough

@tyackman
Copy link
Contributor Author

added the sync logs
cout fort.log

@who-care123
Copy link

who-care123 commented Nov 11, 2023
edited
Loading

That should work, but I'd like to analyze their syncs and block it through the can apply data hook. I'm busy working on something else right now, but I'll get back to this project soon enough

I just figured out what the crash is.
RDR has also the invalid trailer attachment crash(trailer attached to a target not a vehicle).
We can check it in CPhysicalAttachDataNode.
But as I said in Yimmenu GTA, I think we also need to check sync or creation(object->GetGameObject)
Btw, I think netObject + 0xB0 is GetGameObject

@who-care123
Copy link

That should work, but I'd like to analyze their syncs and block it through the can apply data hook. I'm busy working on something else right now, but I'll get back to this project soon enough

I just figured out what the crash is. RDR has also the invalid trailer attachment crash(trailer attached to a target not a vehicle). We can check it in CPhysicalAttachDataNode. But as I said in Yimmenu GTA, I think we also need to check sync or creation(object->GetGameObject) Btw, I think netObject + 0xB0 is GetGameObject

Or maybe we can check the attached object type

@elcapone25
Copy link

elcapone25 commented Dec 2, 2023
edited
Loading

you right getGameObject is at 0xB0. 48 89 5C 24 ? 48 89 6C 24 ? 48 89 74 24 ? 57 41 54 41 55 41 56 41 57 48 83 EC 70 48 8B B9 ? ? ? ? here its the signature for the node. + the class class IDK_NODE{
public:
char pad_0[0x10];
uint32_t m_unk; //0x10
char pad_14[0xC];
uint32_t m_unk1; //0x20
uint32_t m_unk2; //0x24
uint32_t m_unk3; //0x28

}; if someone know the name would be good for block this crash

@SkiddyToast
Copy link

you right getGameObject is at 0xB0. 48 89 5C 24 ? 48 89 6C 24 ? 48 89 74 24 ? 57 41 54 41 55 41 56 41 57 48 83 EC 70 48 8B B9 ? ? ? ? here its the signature for the node. + the class class IDK_NODE{ public: char pad_0[0x10]; uint32_t m_unk; //0x10 char pad_14[0xC]; uint32_t m_unk1; //0x20 uint32_t m_unk2; //0x24 uint32_t m_unk3; //0x28

}; if someone know the name would be good for block this crash

The class is much larger than that. It's the vehicle gadget node btw.

@elcapone25
Copy link

you right getGameObject is at 0xB0. 48 89 5C 24 ? 48 89 6C 24 ? 48 89 74 24 ? 57 41 54 41 55 41 56 41 57 48 83 EC 70 48 8B B9 ? ? ? ? here its the signature for the node. + the class class IDK_NODE{ public: char pad_0[0x10]; uint32_t m_unk; //0x10 char pad_14[0xC]; uint32_t m_unk1; //0x20 uint32_t m_unk2; //0x24 uint32_t m_unk3; //0x28
}; if someone know the name would be good for block this crash

The class is much larger than that. It's the vehicle gadget node btw.

thanks for the information :)

@SkiddyToast
Copy link

This should be a sufficient class:

class CGadgetData
{
public:
  uint32_t m_type;
  uint8_t m_data[0xF3];
};
static_assert(sizeof(CGadgetData) == 0xF8);

class CVehicleGadgetNodeData
{
public:
  bool m_has_position;
  char pad_0001[15];
  float m_position[4];
  uint32_t m_num_gadgets;
  CGadgetData m_gadgets[2];
};
static_assert(sizeof(CVehicleGadgetNodeData) == 0x214); // Needs to be 0x220, prob from packing at 16.

@Rxann
Copy link
Contributor

Rxann commented Jun 5, 2024

E8 ? ? ? ? 48 8B C8 48 8B F0 48 8B 10 FF 52 ? 48 8B CE add(1).rip()

if (auto ptr = *(uint64_t*)(a1 + 0xC10); !ptr) return 0;

This produces false positives + Game Crashes. I am not even sure this will block the crash.

@tyackman
Copy link
Contributor Author

tyackman commented Jun 27, 2024
edited
Loading

Fortnut crash may be fixed by #148. Needs further testing. EDIT: Game still eventually shits, though the trailer attachment protection seems to help some.
6-27-24 fort crash.log

@Rxann
Copy link
Contributor

Rxann commented Jul 22, 2024

Nemesis crash seems to be ineffective after @Mr-X-GTA 's PR which allows the menu to not crash. I tested this and did not crash 2 times it was used on me. I will leave this issue open for a bit to see if anyone has any differing opinions on my conclusion.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
6 participants
@tyackman @SkiddyToast @elcapone25 @Rxann @who-care123 @maybegreat48