Suteki
November 4th, 2007, 19:04
Hi I have a problem with the ASM code of a game. It is a 32 bit application. When I view a unit in the game, the application crashes. I have an OllyDBG debug log.
The "JS S.0040ACFD" is a jump I think that starts the "unit draw" function and the rest is it in action.
I've found (if this helps any)
That on the code:
If I go ahead and just replace 0040AC21 with "JMP 0040ACFD" I no longer get the crash, however there are A Lot of graphical glitches on the screen. (things missing, or are "invisible" at certain angles, and the cursor disappears)
Another forum attempted to help me, if you would like to see what has already been suggested/talked about. Here's the link http://www.asmcommunity.net/board/?topic=28794.msg203470#msg203470 ("http://www.asmcommunity.net/board/?topic=28794.msg203470#msg203470")
I look forward to your responces.
Code:
0040AC1B 0F88 DC000000 JS S.0040ACFD ; JMP 0040ACFD
0040AC21 0FB72E MOVZX EBP,WORD PTR DS:[ESI]
0040AC24 83C6 02 ADD ESI,2
0040AC27 032D C1CE5000 |ADD EBP,DWORD PTR DS:[50CEC1]
0040AC2D 8B0D C9CE5000 |MOV ECX,DWORD PTR DS:[50CEC9]
0040AC33 8B1D CDCE5000 |MOV EBX,DWORD PTR DS:[50CECD]
0040AC39 85C9 |TEST ECX,ECX
0040AC3B 74 3D |JE SHORT S.0040AC7A
0040AC3D 33D2 |/XOR EDX,EDX
0040AC3F 8A55 00 MOV DL,BYTE PTR SS:[EBP] ; 015EA475 <--Crash
0040AC42 45 INC EBP
0040AC43 84D2 TEST DL,DL
0040AC45 78 26 ||JS SHORT S.0040AC6D
0040AC47 F6C2 40 ||TEST DL,40
0040AC4A 75 10 ||JNZ SHORT S.0040AC5C
0040AC4C 03EA ||ADD EBP,EDX
0040AC4E 2BCA ||SUB ECX,EDX
0040AC50 74 28 ||JE SHORT S.0040AC7A
0040AC52 ^79 E9 ||JNS SHORT S.0040AC3D
0040AC54 F7D9 ||NEG ECX
0040AC56 2BE9 ||SUB EBP,ECX
0040AC58 8BD1 ||MOV EDX,ECX
0040AC5A EB 35 ||JMP SHORT S.0040AC91
0040AC5C 80E2 BF ||AND DL,0BF
0040AC5F 45 ||INC EBP
0040AC60 2BCA ||SUB ECX,EDX
0040AC62 74 16 ||JE SHORT S0040AC7A
0040AC64 ^79 D7 ||JNS SHORT S.0040AC3D
0040AC66 F7D9 ||NEG ECX
0040AC68 4D ||DEC EBP
0040AC69 8BD1 ||MOV EDX,ECX
0040AC6B EB 48 ||JMP SHORT S.0040ACB5
0040AC6D 80E2 7F ||AND DL,7F
0040AC70 2BCA ||SUB ECX,EDX
0040AC72 74 06 ||JE SHORT S.0040AC7A
0040AC74 ^79 C7 |\JNS SHORT S.0040AC3D
0040AC76 2BF9 |SUB EDI,ECX
0040AC78 03D9 |ADD EBX,ECX
0040AC7A 85DB |TEST EBX,EBX
0040AC7C 7F 04 |JG SHORT S.0040AC82
0040AC7E 03FB |ADD EDI,EBX
0040AC80 EB 60 |JMP SHORT S.0040ACE2
0040AC82 33D2 |XOR EDX,EDX
0040AC84 8A55 00 MOV DL,BYTE PTR SS:[EBP] <-- Crash
0040AC87 45 INC EBP
0040AC88 84D2 TEST DL,DL
0040AC8A 78 47 JS SHORT S.0040ACD3
0040AC8C F6C2 40 |TEST DL,40
0040AC8F 75 21 |JNZ SHORT S.0040ACB2
0040AC91 2BDA |SUB EBX,EDX
0040AC93 79 02 |JNS SHORT S.0040AC97
0040AC95 03D3 |ADD EDX,EBX
0040AC97 33C0 |XOR EAX,EAX
0040AC99 53 |PUSH EBX
0040AC9A 8A45 00 MOV AL,BYTE PTR SS:[EBP] <--Crash
0040AC9D 45 ||INC EBP
0040AC9E 8A98 C1CD5000 ||MOV BL,BYTE PTR DS:[EAX+50CDC1]
0040ACA4 47 ||INC EDI
0040ACA5 4A ||DEC EDX
0040ACA6 885F FF MOV BYTE PTR DS:[EDI-1],BL
0040ACA9 ^75 EF JNZ SHORT S.0040AC9A
0040ACAB 5B POP EBX
0040ACAC 85DB |TEST EBX,EBX
0040ACAE ^7F D2 |JG SHORT S.0040AC82
0040ACB0 EB 30 |JMP SHORT S.0040ACE2
0040ACB2 80E2 BF |AND DL,0BF
0040ACB5 2BDA |SUB EBX,EDX
0040ACB7 79 02 |JNS SHORT S.0040ACBB
0040ACB9 03D3 |ADD EDX,EBX
0040ACBB 33C0 |XOR EAX,EAX
0040ACBD 8A45 00 |MOV AL,BYTE PTR SS:[EBP] <--Crash
0040ACC0 45 |INC EBP
0040ACC1 8A80 C1CD5000 |MOV AL,BYTE PTR DS:[EAX+50CDC1]
0040ACC7 8807 |/MOV BYTE PTR DS:[EDI],AL
0040ACC9 47 ||INC EDI
0040ACCA 4A ||DEC EDX
0040ACCB ^75 FA |\JNZ SHORT S.0040ACC7
0040ACCD 85DB |TEST EBX,EBX
0040ACCF ^7F B1 |JG SHORT S.0040AC82
0040ACD1 EB 0F |JMP SHORT S.0040ACE2
0040ACD3 80E2 7F |AND DL,7F
0040ACD6 2BDA |SUB EBX,EDX
0040ACD8 79 02 |JNS SHORT S.0040ACDC
0040ACDA 03D3 |ADD EDX,EBX
0040ACDC 03FA |ADD EDI,EDX
0040ACDE 85DB |TEST EBX,EBX
0040ACE0 ^7F A0 |JG SHORT S.0040AC82
0040ACE2 8B2D C5CE5000 |MOV EBP,DWORD PTR DS:[50CEC5]
0040ACE8 8B1D D1CE5000 |MOV EBX,DWORD PTR DS:[50CED1]
0040ACEE 03FD |ADD EDI,EBP
0040ACF0 4B |DEC EBX
0040ACF1 891D D1CE5000 |MOV DWORD PTR DS:[50CED1],EBX
0040ACF7 ^0F89 24FFFFFF \JNS S.0040AC21
The "JS S.0040ACFD" is a jump I think that starts the "unit draw" function and the rest is it in action.
I've found (if this helps any)
That on the code:
Code:
0040AC1B 0F88 DC000000 JS S.0040ACFD ; JMP 0040ACFD
0040AC21 0FB72E MOVZX EBP,WORD PTR DS:[ESI]
If I go ahead and just replace 0040AC21 with "JMP 0040ACFD" I no longer get the crash, however there are A Lot of graphical glitches on the screen. (things missing, or are "invisible" at certain angles, and the cursor disappears)
Code:
0040AC1B |. 0F88 DC000000 JS S.0040ACFD ; JMP 0040ACFD
0040AC21 E9 D7000000 JMP S.0040ACFD
0040AC26 90 NOP
Another forum attempted to help me, if you would like to see what has already been suggested/talked about. Here's the link http://www.asmcommunity.net/board/?topic=28794.msg203470#msg203470 ("http://www.asmcommunity.net/board/?topic=28794.msg203470#msg203470")
I look forward to your responces.