Strange crash, propably Hamsandwich ( Trace info included ) - Page 3

XAT · *Last edited by XAT; 03-25-2012 at 11:28.*

Quote:

Originally Posted by Arkshine

To test something, you should start to test only with the plugin hooking Ham_TraceAttack and removing unrelated code, meaning, just hook Ham_TraceAttack and does nothing inside and elsewhere. Also make sure you load only modules of amxx and nothing else.

Ok, i've done as you said. Only TraceAttack hook, 1 amxx plugin, amxx modules only.

Crash is everytime caused by killing this:

PHP Code:


			
#include <amxmodx>
#include <hamsandwich>
#include <fakemeta>

public plugin_init()
{
    register_plugin("TraceAttack Crash", "1.0", "XAT");
    RegisterHam(Ham_TraceAttack, "player", "fw_TraceAttack");
}

public fw_TraceAttack(id, idattacker, Float:damage, Float:direction[3], traceresult, damagebits)
{
    log_amx("Ping!");
    
    if(is_user_alive(id))
    {
        new hit = get_tr2(traceresult, TR_iHitgroup);
    }
    
    log_amx("Pong!");
}

Code:

meta list
Currently loaded plugins:
      description      stat pend  file              vers      src  load  unlod
 [ 1] AMX Mod X        RUN   -    amxmodx_bl_mm_i3  v1.8.2-d  ini  Start ANY
 [ 2] MySQL            RUN   -    mysql_amxx_i386.  v1.8.2-d  pl1  ANY   ANY
 [ 3] SQLite           RUN   -    sqlite_amxx_i386  v1.8.2-d  pl1  ANY   ANY
 [ 4] Fun              RUN   -    fun_amxx_i386.so  v1.8.2-d  pl1  ANY   ANY
 [ 5] Engine           RUN   -    engine_amxx_i386  v1.8.2-d  pl1  ANY   ANY
 [ 6] FakeMeta         RUN   -    fakemeta_amxx_i3  v1.8.2-d  pl1  ANY   ANY
 [ 7] CStrike          RUN   -    cstrike_amxx_i38  v1.8.2-d  pl1  ANY   ANY
 [ 8] CSX              RUN   -    csx_amxx_i386.so  v1.8.2-d  pl1  ANY   ANY
 [ 9] Ham Sandwich     RUN   -    hamsandwich_amxx  v1.8.2-d  pl1  ANY   ANY

Code:

amxx plugins
Currently loaded plugins:
       name                    version     author            file             status
 [  1] TraceAttack Crash       1.0         XAT               crash.amxx       debug
1 plugins, 1 running

Code:

ham hooks
Key                      | Classname                   |        Pre |       Post
--------------------------------------------------------------------------------
traceattack              | player                      |          1 |          0

1 hooks, 1 forwards.

Code:

meta version
Metamod v1.19  2006-04-17 (5:13)
by Will Day <[email protected]>
   http://www.metamod.org/
compiled: Mar 23 2012, 15:34:39 +0100 (debugging)

Code:

amxx version
AMX Mod X 1.8.2-dev (http://www.amxmodx.org)
Authors:
        David "BAILOPAN" Anderson, Pavol "PM OnoTo" Marko
        Felix "SniperBeamer" Geyer, Jonny "Got His Gun" Bergstrom
        Lukasz "SidLuke" Wlasinski, Christian "Basic-Master" Hammacher
        Borja "faluco" Ferrer, Scott "Damaged Soul" Ehlert
Compiled: Mar 24 2012, 18:46:22
Build ID: 1.8.2-dev 9:7ff502465eae
Core mode: JIT+ASM32

I've also edited hamsandwich for testing purposes so it now looks like this (With standard Non-Compiled by me files it also crashes):

PHP Code:


			
void Hook_Void_Entvar_Float_Vector_Trace_Int(Hook *hook, void *pthis, entvars_t *ev1, float f1, Vector v1, TraceResult *tr1, int i1)
{
    PUSH_VOID()
    int iev1=EntvarToIndex(ev1);

    MAKE_VECTOR()
    P_ENTVAR(ev1, iev1)
    P_FLOAT(f1)
    P_VECTOR(v1)
    P_TRACE(tr1)
    P_INT(i1)
    
    LOG_DEVELOPER(PLID, "Hook_Void_Entvar_Float_Vector_Trace_Int pre: i1=%d", i1);

    PRE_START()
        ,iev1, f1, MF_PrepareCellArrayA(reinterpret_cast<cell *>(&v1), 3, false), tr1, i1
    PRE_END()

#if defined _WIN32
    reinterpret_cast<void (__fastcall*)(void*, int, entvars_t *, float, Vector, TraceResult *, int)>(hook->func)(pthis, 0, ev1, f1, v1, tr1, i1);
#elif defined __linux__
    reinterpret_cast<void (*)(void*, entvars_t *, float, Vector, TraceResult *, int)>(hook->func)(pthis, ev1, f1, v1, tr1, i1);
#endif

    LOG_DEVELOPER(PLID, "Hook_Void_Entvar_Float_Vector_Trace_Int post: i1=%d", i1);
    
    POST_START()
        , iev1, f1, MF_PrepareCellArrayA(reinterpret_cast<cell *>(&v1), 3, false), tr1, i1
    POST_END()

    KILL_VECTOR()
    POP()
}

Logs:

Code:

L 03/25/2012 - 17:09:35: [HAMSANDWICH] dev: Hook_Void_Entvar_Float_Vector_Trace_Int pre: i1=64
L 03/25/2012 - 17:09:35: [crash.amxx] Ping!
L 03/25/2012 - 17:09:35: [crash.amxx] Pong!
L 03/25/2012 - 17:09:35: [HAMSANDWICH] dev: Hook_Void_Entvar_Float_Vector_Trace_Int post: i1=64
L 03/25/2012 - 17:09:35: [HAMSANDWICH] dev: Hook_Void_Entvar_Float_Vector_Trace_Int pre: i1=64
L 03/25/2012 - 17:09:35: [crash.amxx] Ping!
L 03/25/2012 - 17:09:35: [crash.amxx] Pong!
Uploading dump (in-process) [proxy '']
/tmp/dumps/crash_20120325170935_1.dmp
success = no
error:  Failed to open/read local data from file/application
Segmentation fault (core dumped)

warning: Can't read pathname for load map: Input/output error.
email debug.log to [email protected]

BinLog:

Code:

4,01324E+09: Plugin "crash.amxx, crash.sma" (0) had public function "fw_TraceAttack" (1) called.
4,01324E+09: Plugin "crash.amxx, crash.sma" (0) hit line 13.
4,01324E+09: Plugin "crash.amxx, crash.sma" (0) hit line 13.
4,01324E+09: Plugin "crash.amxx, crash.sma" (0) called native "log_amx" (8) with 1 parameters.
4,01324E+09: Native parameters: (232)
4,01324E+09: Plugin "crash.amxx" (0) formatted parameter 1 (maxlen 5), result: 
    Ping!
4,01324E+09: Native returned: 0
4,01324E+09: Plugin "crash.amxx, crash.sma" (0) hit line 15.
4,01324E+09: Plugin "crash.amxx, crash.sma" (0) called native "is_user_alive" (9) with 1 parameters.
4,01324E+09: Native parameters: (1)
4,01324E+09: Native returned: 1
4,01324E+09: Plugin "crash.amxx, crash.sma" (0) hit line 17.
4,01324E+09: Plugin "crash.amxx, crash.sma" (0) called native "get_tr2" (10) with 2 parameters.
4,01324E+09: Native parameters: (-5510380, 9)
4,01324E+09: Native returned: 2
4,01324E+09: Plugin "crash.amxx, crash.sma" (0) hit line 20.
4,01324E+09: Plugin "crash.amxx, crash.sma" (0) called native "log_amx" (8) with 1 parameters.
4,01324E+09: Native parameters: (256)
4,01324E+09: Plugin "crash.amxx" (0) formatted parameter 1 (maxlen 5), result: 
    Pong!
4,01324E+09: Native returned: 0
4,01324E+09: Binary log corrupt past this point.

GDB:

Code:

(gdb) bt full
#0  0xf3ea6342 in CBasePlayer::TraceAttack(entvars_s *, float, Vector, TraceResult *, int) () from /home/hlds/cstrike/dlls/cs_i386.so
No symbol table info available.
#1  0xf386467d in Hook_Void_Entvar_Float_Vector_Trace_Int (hook=0x8e1f640, pthis=0xf25065c8, ev1=0xf45adf50, f1=29.8560085, v1=..., tr1=0xffabeb14, i1=64) at hook_callbacks.cpp:628
        iThis = 1
        end = {m_Ptr = 0xf45aded0}
        iev1 = 196
        __vec = 0xf19fffe0
        DoForwards = true
        result = 0
        thisresult = 0
#2  0x08fb2028 in ?? ()
No symbol table info available.
#3  0xf3e6baae in RadiusDamage2(Vector, entvars_s *, entvars_s *, float, float, int, int) () from /home/hlds/cstrike/dlls/cs_i386.so
No symbol table info available.
#4  0xf3e6e0fd in CBaseMonster::RadiusDamage(entvars_s *, entvars_s *, float, int, int) () from /home/hlds/cstrike/dlls/cs_i386.so
No symbol table info available.
#5  0xf3e79bfa in CEnvExplosion::Use(CBaseEntity *, CBaseEntity *, USE_TYPE, float) () from /home/hlds/cstrike/dlls/cs_i386.so
No symbol table info available.
#6  0xf3e7a0cc in ExplosionCreate(Vector const &, Vector const &, edict_s *, int, int) () from /home/hlds/cstrike/dlls/cs_i386.so
No symbol table info available.
#7  0xf3e7baf8 in CBreakable::Die(void) () from /home/hlds/cstrike/dlls/cs_i386.so
No symbol table info available.
#8  0xf3e7b25d in CBreakable::TakeDamage(entvars_s *, entvars_s *, float, int) () from /home/hlds/cstrike/dlls/cs_i386.so
No symbol table info available.
#9  0xf3edb7a0 in ApplyMultiDamage(entvars_s *, entvars_s *) () from /home/hlds/cstrike/dlls/cs_i386.so
No symbol table info available.
#10 0xf3e6d805 in CBaseEntity::FireBullets3(Vector, Vector, float, float, int, int, int, float, entvars_s *, bool, int) () from /home/hlds/cstrike/dlls/cs_i386.so
No symbol table info available.
#11 0xf3eedecb in CAK47::AK47Fire(float, float, int) () from /home/hlds/cstrike/dlls/cs_i386.so
No symbol table info available.
#12 0xf3eedc90 in CAK47::PrimaryAttack(void) () from /home/hlds/cstrike/dlls/cs_i386.so
No symbol table info available.
#13 0xf3eda37b in CBasePlayerWeapon::ItemPostFrame(void) () from /home/hlds/cstrike/dlls/cs_i386.so
No symbol table info available.
#14 0xf3ebbc0d in CBasePlayer::ItemPostFrame(void) () from /home/hlds/cstrike/dlls/cs_i386.so
No symbol table info available.
#15 0xf3eafe23 in CBasePlayer::PostThink(void) () from /home/hlds/cstrike/dlls/cs_i386.so
No symbol table info available.
#16 0xf3e67f88 in PlayerPostThink(edict_s *) () from /home/hlds/cstrike/dlls/cs_i386.so
No symbol table info available.
#17 0xf41bda57 in mm_PlayerPostThink (pEntity=0xf4587a64) at dllapi.cpp:205
        i = 9
        status = MRES_IGNORED
        prev_mres = MRES_IGNORED
        iplug = 0xf4015cc8
        pfn_routine = 0xf3e67f54 <PlayerPostThink(edict_s *)>
        loglevel = 14
        pfn_string = 0xf426aab0 "PlayerPostThink"
        backup_meta_globals = {mres = 4154228860, prev_mres = 4099439204, status = 4158980512, orig_ret = 0xffabf70c, override_ret = 0xc31c8280}
        mres = MRES_IGNORED
#18 0xf79c2e35 in SV_RunCmd () from /home/hlds/engine_i686.so
No symbol table info available.
#19 0xf4587a64 in ?? ()
No symbol table info available.
#20 0x4164c780 in ?? ()
No symbol table info available.
Backtrace stopped: previous frame inner to this frame (corrupt stack?)

Code:

(gdb) frame 17
#17 0xf41bda57 in mm_PlayerPostThink (pEntity=0xf4587a64) at dllapi.cpp:205
205             META_DLLAPI_HANDLE_void(FN_PLAYERPOSTTHINK, pfnPlayerPostThink, (pEntity));
Current language:  auto
The current source language is "auto; currently c++".
(gdb) print iplug->filename
$1 = "addons/amxmodx/modules/hamsandwich_amxx_i386.so"

**Arkshine** · 03-25-2012 , 11:43 Re: Strange crash problem

Give a map with such box. And it crashes only if you hook TraceAttack ? Did you try under windows ?

XAT · *Last edited by XAT; 03-25-2012 at 12:20.*

Quote:

Originally Posted by Arkshine

Give a map with such box.

http://www.sendspace.com/file/2424b5

But it crashes on every map that have exploding crates.

Quote:

Originally Posted by Arkshine

And it crashes only if you hook TraceAttack ?

I think so, i'll try to crash it without hooking this.

Quote:

Originally Posted by Arkshine

Did you try under windows ?

Nope

Edit:

I can't crash it without ham hook, so my word is for now is:

[IMG]http://img831.**************/img831/4659/crashsandwich.jpg[/IMG]

**Arkshine** · 03-25-2012 , 12:53 Re: Strange crash problem

Tried windows/linux with your plugin and be killed by a box, and it doesn't crash.

XAT · 03-25-2012 , 13:02 Re: Strange crash problem

Quote:

Originally Posted by Arkshine

Tried windows/linux with your plugin and be killed by a box, and it doesn't crash.

As i said, it's not everytime, sometimes it crashes after killing one box, sometimes after 50, sometimes after half hour, and thats why its wierd...

Try killing all boxes, then restart round, do that few times, if it doesnt crash restart map and again. After few minutes (max 10) shooting boxes you should get crash like me.

**Arkshine** · 03-25-2012 , 13:38 Re: Strange crash problem

Tried like you said, it still doesn't happen. Find a better way to reproduce the problem, it's way too vague.

Looking at your last gdb, it doesn't seem it would crash in ham. Don't know.

XAT · 03-25-2012 , 15:13 Re: Strange crash problem

I've made freshly new instalation about 10minutes ago. HLDS downloaded from hldsupdatetool, amxmodx directly from amxmodx webpage metamod from it's main page, i put my plugin and map there and went killing boxes. It crashes after 3minutes, same reason...

I've unloaded all amxmodx standard plugins, just my TraceAttack hook.
I didnt even change any other config.

Code:

(gdb) bt
#0  0xf3fb4342 in CBasePlayer::TraceAttack(entvars_s *, float, Vector, TraceResult *, int) () from /home/xat/hlds/cstrike/dlls/cs_i386.so
#1  0xf3d8c551 in ?? () from cstrike/addons/amxmodx/modules/hamsandwich_amxx_i386.so
Backtrace stopped: previous frame inner to this frame (corrupt stack?)

**Arkshine** · 03-25-2012 , 17:56 Re: Strange crash problem

Try to see if it happens with others modules, like Orpheu or Rage. (you can hook virtual functions)
Try again with metamod p32.
Try to see if it happens with windows, it's important.
Try to see if you can get the ham module base address so you can calculate the offset and could look in IDA where it crashes exactly.

It doesn't make sense it happens only killing this box. TraceAttack can be called from a weapon hit or hegrenade. There are nothing specific about the box, it calls RadiusDamage2, like the hegrenade. It may a problem with your system.

XAT · *Last edited by XAT; 03-28-2012 at 13:12.*

Quote:

Originally Posted by Arkshine

Try to see if you can get the ham module base address so you can calculate the offset and could look in IDA where it crashes exactly.

Hmm, it should be this place, if i didn't count wrong:

Code:

From        To
0xf385d3b0  0xf3873068  cstrike/addons/amxmodx/modules/hamsandwich_amxx_i386.so

&

#1  0xf386467d in Hook_Void_Entvar_Float_Vector_Trace_Int (hook=0x8e1f640, pthis=0xf25065c8, ev1=0xf45adf50, f1=29.8560085, v1=..., tr1=0xffabeb14, i1=64) at hook_callbacks.cpp:628

&

0x0000F349 - IDA code start

[IMG]http://img828.**************/img828/8388/idatb.jpg[/IMG]

Quote:

Originally Posted by Arkshine

It doesn't make sense it happens only killing this box. TraceAttack can be called from a weapon hit or hegrenade. There are nothing specific about the box, it calls RadiusDamage2, like the hegrenade. It may a problem with your system.

Actualy, i was trying granedes with my plugin and traceattack wasn't called.
Weapons, i'm sure it won't crash by shooting, i tested it on serwer where players are shooting almost all the time and it was ok.

Quote:

Originally Posted by Arkshine

Try to see if it happens with windows, it's important.

I've been trying to crash it on windows but it seems that bug dosent work here. I will do some more tests.

Quote:

Originally Posted by Arkshine

Try to see if it happens with others modules, like Orpheu or Rage. (you can hook virtual functions)
Try again with metamod p32.

I'll try and post results when i'm done.

Edit:

Metamod-p - same.

Ham dies at hook_callbacks.cpp while calling reinterpret_cast on line:

PHP Code:


			
void Hook_Void_Entvar_Float_Vector_Trace_Int(Hook *hook, void *pthis, entvars_t *ev1, float f1, Vector v1, TraceResult *tr1, int i1)
{
    PUSH_VOID()
    int iev1=EntvarToIndex(ev1);

    MAKE_VECTOR()
    P_ENTVAR(ev1, iev1)
    P_FLOAT(f1)
    P_VECTOR(v1)
    P_TRACE(tr1)
    P_INT(i1)

    PRE_START()
        ,iev1, f1, MF_PrepareCellArrayA(reinterpret_cast<cell *>(&v1), 3, false), tr1, i1
    PRE_END()

#if defined _WIN32
    reinterpret_cast<void (__fastcall*)(void*, int, entvars_t *, float, Vector, TraceResult *, int)>(hook->func)(pthis, 0, ev1, f1, v1, tr1, i1);
#elif defined __linux__
    reinterpret_cast<void (*)(void*, entvars_t *, float, Vector, TraceResult *, int)>(hook->func)(pthis, ev1, f1, v1, tr1, i1); <------------------------ Crash
#endif

    POST_START()
        , iev1, f1, MF_PrepareCellArrayA(reinterpret_cast<cell *>(&v1), 3, false), tr1, i1
    POST_END()

    KILL_VECTOR()
    POP()
}

Check IDA result from above too, i think this is line 00016616.

I think this have something to do with Primary/Secondary weapon attack, dosen't matter what weapon.

I can't test it with orpheu :/

XAT · 04-22-2012 , 15:49 Re: Strange crash problem

Anyone got any idea? I'm encountering this crash everyday.
Please help.