L4D1_2-Plugins/GetCollideableTriggerTestBox_Detour/crash_data/Explain_Win_GetCollideableTriggerTestBox_Detour.txt at master · fbef0102/L4D1_2-Plugins · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
	/*
		SV_SolidMoved() func:
		...

		  if ( *(_BYTE *)a2 & 4 && (v6 = *(_DWORD *)(a2 + 12)) != 0 )
	    	v7 = (*(int (__thiscall **)(int))(*(_DWORD *)v6 + 12))(v6);
		  else
	>	    v7 = 0;
		  *((_DWORD *)v4 + 25) = v7;
		  CM_GetCollideableTriggerTestBox((float *)&v10, (float *)&v11, v7, a4);

		  // proto:
		  CM_GetCollideableTriggerTestBox(Vector *, Vector *, ICollideable *, bool)

		  // Perhaps, crash happened due to v7 = 0, that is extracted from malformed entity:
		  causing null ICollideable. Crash place:

		  	55                                      push    ebp
			8B EC                                   mov     ebp, esp
			80 7D 0C 00                             cmp     byte ptr [ebp+arg_4], 0
			53                                      push    ebx
			8B 5D 08                                mov     ebx, [ebp+arg_0]
			74 43                                   jz      short loc_1020FBF0
		>	8B 03                                   mov     eax, [ebx]
			8B 50 2C                                mov     edx, [eax+2Ch]
			8B CB                                   mov     ecx, ebx
			FF D2                                   call    edx
  */