| View previous topic :: View next topic |
| Author |
Message |
Terra_777
Joined: 27 Jun 2008
Posts: 216
Location: Sweden
|
 Posted: Sun Sep 23, 2012 23:59 Post subject: Solving the Memory dealloc crashes |
 |
|
If anyone was still interested I built on from drake's idea:
| drake127 wrote: | After some investigation, I probably managed to find correct malloc and free functions which should be used inside nwserver.exe. Should you need to allocate memory which will be later freed by nwserver (or deallocate memory allocated by nwserver), you have to use these functions, otherwise the application will most likely crash.
I am not 100% certain but these seem to be the correct ones: | Code: | void * (__cdecl *pmalloc)(size_t cb) = 0x00602657;
void (__cdecl *pfree)(void * cb) = 0x0060256E; |
I don't know where I can find names plugin so I cannot confirm whether this will help. If somebody has configured environment, where he or she can try it, I would be glad. I do not have NWNX2 for Windows installed so it would take me quite some time to test it.
Good thing is, this can be tested with any heap buffer (descriptions, names, variables, ...) so I think that if it is not already done, it has quite some advantages.
In other versions of nwserver.exe you can try to look for these signatures (if CRT remains the same): | Code: | free begins at: 55 8B EC 6A FF 68 00 6F
malloc begins at: FF 35 68 F8 EE 05 FF 74 |
Edit: I tested it with GetDescription and it seems that it does not leak and does not crash either. If somebody want to help with actual implementation, send me PM. |
I did some investigating myself, wrote up a class mimic-ing standard C memory handling (malloc, calloc, realloc, free) which can be found here:
nwnx_memory.h
nwnx_memory.cpp
I did some testing with these and they appear to stop the crashing atleast for me. What I did was I first did the whole new/standard malloc tests to add a special ability to a PC. It crashed when the PC left. I then called nwserver's malloc as per Drake's suggestion. The server did not crash when the PC left, tested a few times.
The functions that I did manage to get it to work with are these:
void * __cdecl ExoMalloc( uint ) @ 0x0040D550
void __cdecl ExoFree( void * ) @ 0x0040D560
When I get some more spare time I'll see about implementing these in something more then a test.
_________________
I dun have any signature, I'm happy anyway.
Last edited by Terra_777 on Sat Oct 06, 2012 12:40; edited 1 time in total |
|
| Back to top |
|
 |
drake127
Joined: 26 Jan 2010
Posts: 28
|
| Posted: Mon Sep 24, 2012 11:13 Post subject: Re: Solving the Memory dealloc crashes |
|
|
| Terra_777 wrote: | void * __cdecl ExoMalloc( uint ) @ 0x0040D550
void __cdecl ExoFree( void * ) @ 0x0040D560 |
What are these? Simple wrappers or there is some other logic? How did you found out their names (from linux symbols)? |
|
| Back to top |
|
|
Terra_777
Joined: 27 Jun 2008
Posts: 216
Location: Sweden
|
| Posted: Mon Sep 24, 2012 15:37 Post subject: |
|
|
They're wrappers calling malloc which calls _mh_malloc. I tried calling _mh_malloc and malloc directly but with no luck. Calling these wrappers does the trick and I'm not entirely sure why to be honest.
Got them from the nwserver windows symbols.
_________________
I dun have any signature, I'm happy anyway. |
|
| Back to top |
|
|
virusman
Joined: 30 Jan 2005
Posts: 1020
Location: Russia
|
| Posted: Mon Sep 24, 2012 16:12 Post subject: |
|
|
Explained here:
http://www.nwnx.org/phpBB2/viewtopic.php?t=1777
On Windows, you have to alloc and free memory with the same malloc/free pair. Otherwise, the app will leak or crash when trying to free the memory alloc'd with another malloc.
Basically, you have to call nwserver's free() when freeing anything you got from nwserver and allocate memory with nwserver's malloc() whenever you want to pass the object to nwserver.
_________________
In Soviet Russia, NWN plays you! |
|
| Back to top |
|
|
drake127
Joined: 26 Jan 2010
Posts: 28
|
| Posted: Mon Sep 24, 2012 16:40 Post subject: |
|
|
| Terra_777 wrote: | | Got them from the nwserver windows symbols. |
Really? I didn't seem to have found them (or have them) but I was looking mostly into the CRT code (0x006xxxxx). It is strange that malloc @ 0x006... didn't work for you since I was able to sucessfully deallocate and allocate item descriptions many (million) times.
virusman: Sure, we already found them but the question is whether there is more malloc/free variants in the nwserver's code or they are simply wrappers.
Tomorrow, I'll take my laptop to my work and look at it in IDA. Hopefully, it won't take too much time.
Last edited by drake127 on Mon Sep 24, 2012 16:58; edited 1 time in total |
|
| Back to top |
|
|
virusman
Joined: 30 Jan 2005
Posts: 1020
Location: Russia
|
| Posted: Mon Sep 24, 2012 16:47 Post subject: |
|
|
Yes, ExoMalloc/ExoFree are simple wrappers around malloc/free. They're only used in one class (CExoKeyTable).
_________________
In Soviet Russia, NWN plays you! |
|
| Back to top |
|
|
Terra_777
Joined: 27 Jun 2008
Posts: 216
Location: Sweden
|
| Posted: Mon Sep 24, 2012 18:34 Post subject: |
|
|
Good stuff, I wish I knew this earlier. 
It'll fix the memory issues in cool, funcs and names hopefully.
_________________
I dun have any signature, I'm happy anyway. |
|
| Back to top |
|
|
drake127
Joined: 26 Jan 2010
Posts: 28
|
| Posted: Thu Oct 04, 2012 17:24 Post subject: |
|
|
I finally found some time to look at these functions again and those @0x004... are really simple wrappers around CRT malloc and free @0x006.... It is strange that you succeeded with those but not with the others (we are talking about 1.69 nwserver, right?).
I would be glad to finally see them in use (including plugins as they have to be rewritten to make use of dynamic allocation feature available in NWNX2). |
|
| Back to top |
|
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
