Open
Description
Game crashes when exiting Replay Mode while player places beacon. Maybe also happens in regular match. However, this crash is easy to reproduce in Replay Mode when using Frame Step functionality from GenTool to reach specific frame in Replay.
GenTool fixes this crash by injecting naked function at address 0x4544C1 taking 6 bytes.
//////////////////////////////////////////////////////////////////////////////////////
// CPU Disasm (Zero Hour 1.04)
// Address Hex dump Command Comments
// 004544C0 /$ 51 PUSH ECX ; game.004544C0(guessed Arg1)
// 004544C1 |. 8B81 DC000000 MOV EAX,DWORD PTR DS:[ECX+0DC]
// 004544C7 |. 85C0 TEST EAX,EAX
// 004544C9 |. 56 PUSH ESI
// 004544CA |. 8B7424 0C MOV ESI,DWORD PTR SS:[ARG.1]
// 004544CE |. C74424 04 000 MOV DWORD PTR SS:[LOCAL.0],0
// 004544D6 |. 8906 MOV DWORD PTR DS:[ESI],EAX
// 004544D8 |. 74 07 JZ SHORT 004544E1
// 004544DA |. 50 PUSH EAX ; /pTarget => [ARG.ECX+0DC]
// 004544DB |. FF15 2C929300 CALL DWORD PTR DS:[<&KERNEL32.Interlocke ; \KERNEL32.InterlockedIncrement
// 004544E1 |> 8BC6 MOV EAX,ESI
// 004544E3 |. 5E POP ESI
// 004544E4 |. 59 POP ECX
// 004544E5 \. C2 0400 RETN 4
//////////////////////////////////////////////////////////////////////////////////////
DWORD ccFixBeaconCrashRet;
__declspec(naked) void CC_FixBeaconCrash_ZH()
{
__asm
{
pop [ccFixBeaconCrashRet]
test ecx, ecx
je Fix
MOV EAX, DWORD PTR DS:[ECX+0xDC]
jmp End
Fix:
mov eax, 0
End:
push [ccFixBeaconCrashRet]
ret
}
}