[C++ WoWX]

[maphack122]

I have a problem updating WoWX. The game crashes on

Code:

void BroadcastEvent( DWORD dwEventID, const char * pszFmt, void *... ).

The crashes are only when the strings ( like for event CHAT_MSG_SYSTEM) contain russian letters.

Code:

sConverter << pArgs[i-1].pszString;

.

Code:

#define PATTERN_EVENTBASE 0x00D3F7D8

The function is

Code:

void BroadcastEvent( DWORD dwEventID, const char * pszFmt, void *... )
{
	CEvent ** ppEvents = *reinterpret_cast<CEvent ***>( PATTERN_EVENTBASE );
	//CEvent ** ppEvents = *reinterpret_cast<CEvent ***>( gpWoWX->GetFindPattern()->GetAddress("EventBase") );
	CEvent * pEvent = ppEvents[ dwEventID ];

	if( !pEvent )
		return;

	std::vector<std::string> vArgs;
	vArgs.push_back( pEvent->GetName() );

	OutputDebugString( pEvent->GetName() ); /// DEBUG

	if( strcmp(pEvent->GetName(),"CALENDAR_ACTION_PENDING")==0)
	{
		return;
	}

	if( pszFmt && *pszFmt )
	{
		va_list vaList;
		va_start( vaList, pszFmt );

		DWORD dwLen = static_cast<DWORD>( strlen( pszFmt ) );

		assert( ( dwLen / 2 ) < 16 );
		static SArg pArgs[16];

		for( DWORD dwCounter = 1, dwArg = 0; dwCounter < dwLen; dwCounter += 2 )
		{
			SArg CurArg;

			CurArg.cType = pszFmt[ dwCounter ];
			switch( CurArg.cType )
			{
			case 's':
				{
					CurArg.pszString = va_arg( vaList, char* );
					break;
				}
			case 'f':
				{
					CurArg.fNumber = va_arg( vaList, double );
					break;
				}
			case 'u':
				{
					CurArg.dwNumber = va_arg( vaList, DWORD );
					break;
				}
			case 'd':
				{
					CurArg.iNumber = va_arg( vaList, int );
					break;
				}
			case 'b':
				{
					CurArg.bBoolean = va_arg( vaList, bool );
					break;
				}
			}

			pArgs[ dwArg++ ] = CurArg;
		}
		va_end( vaList );

		for( DWORD i = 1; i < ( dwLen / 2 ) + 1; i++ )
		{
			std::stringstream sConverter;
			
			switch( pArgs[i-1].cType )
			{
			case 'i':
			case 'd':
				{
					sConverter << pArgs[i-1].iNumber;
					break;
				}
			case 'f':
				{
					sConverter << pArgs[i-1].fNumber;
					break;
				}
			case 's':
				{
					sConverter << pArgs[i-1].pszString;
					break;
				}
			case 'b':
				{
					sConverter << ( pArgs[i-1].bBoolean ? 0 : 1 );
					break;
				}
			}

			vArgs.push_back( sConverter.str() );
		}

		if( gpWoWX->Module_HandleEvent( vArgs ) )
		{
			DWORD dwNumArgs = dwLen / 2, dwSize = GetStackSize( pArgs, dwNumArgs );
			for( DWORD dwCounter = dwNumArgs - 1; dwCounter >= 0 && dwCounter < dwNumArgs; dwCounter-- )
			{
				SArg CurArg = pArgs[ dwCounter ];
				switch( CurArg.cType )
				{
				case 'f':
					{
						DWORD dwTemp = 0;
						double fNumber = CurArg.fNumber;
						_asm
						{
							fld QWORD PTR SS:[fNumber]
							FSTP dwTemp
							FLD dwTemp
							sub esp, 8
							FSTP QWORD PTR SS:[ESP]
						}
						break;
					}
				default:
					{
						_asm push CurArg.dwNumber
						break;
					}
				}
			}
			oBroadcastEvent( dwEventID, pszFmt );
			_asm add esp, dwSize
		}
	}
	else
	{
		if( gpWoWX->Module_HandleEvent( vArgs ) )
			oBroadcastEvent( dwEventID, pszFmt );
	}
}

Original function :

Code:

void __cdecl sub_81AC90(int a1, int a2, int a3)
{
  int v3; // ecx@2
  int v4; // eax@3
  signed int v5; // ebx@5
  int v6; // esi@5
  char v7; // zf@5
  int v8; // ecx@8
  char v9; // al@9
  int v10; // edi@10
  int v11; // esi@10
  int v12; // ecx@11
  int v13; // eax@13
  double v14; // st7@15
  const char *v15; // eax@17
  double v16; // [sp+0h] [bp-20h]@14
  int v17; // [sp+18h] [bp-8h]@5
  int v18; // [sp+1Ch] [bp-4h]@5
  int v19; // [sp+2Ch] [bp+Ch]@11

  if ( dword_D3F7D4 )
  {
    v3 = *((_DWORD *)dword_D3F7D8 + a1);
    if ( v3 )
    {
      v4 = *(_DWORD *)(v3 + 32);
      if ( !(v4 & 1) )
      {
        if ( v4 )
        {
          v5 = 1;
          v7 = dword_D413A0++ == -1;
          v6 = dword_D3F78C;
          v18 = dword_D3F78C;
          v17 = dword_D4139C;
          if ( !v7 )
          {
            if ( !dword_D413A4 )
              dword_D4139C = 0;
          }
          FrameScript__PushString(dword_D3F78C, *(const char **)(v3 + 20));
          v8 = a2;
          if ( a2 )
          {
            v9 = *(_BYTE *)a2;
            if ( *(_BYTE *)a2 )
            {
              v11 = a3 - 4;
              v10 = a3 - 8;
              do
              {
                v12 = v8 + 1;
                v19 = v12;
                if ( v9 == 37 )
                {
                  switch ( *(_BYTE *)v12 )
                  {
                    case 98:
                      v13 = *(_DWORD *)(v11 + 4);
                      v11 += 4;
                      v10 += 4;
                      FrameScript_pushboolean(v18, v13);
                      goto LABEL_18;
                    case 100:
                      v11 += 4;
                      v10 += 4;
                      FrameScript_PushNumber(v18, v16);
                      goto LABEL_18;
                    case 117:
                      v14 = (double)*(unsigned int *)(v11 + 4);
                      v11 += 4;
                      v10 += 4;
                      FrameScript_PushNumber(v18, v14);
                      goto LABEL_18;
                    case 102:
                      v10 += 8;
                      v11 += 8;
                      FrameScript_PushNumber(v18, v16);
                      goto LABEL_18;
                    case 115:
                      v15 = *(const char **)(v11 + 4);
                      v11 += 4;
                      v10 += 4;
                      FrameScript__PushString(v18, v15);
LABEL_18:
                      ++v5;
                      break;
                    default:
                      break;
                  }
                }
                v8 = v19;
                v9 = *(_BYTE *)v19;
              }
              while ( *(_BYTE *)v19 );
              v6 = v18;
            }
          }
          sub_81AA00(a1, v6, v5);
          FrameScript__SetTop(v6, -1 - v5);
          if ( dword_D413A0 )
          {
            if ( !dword_D413A4 )
              dword_D4139C = v17;
          }
          --dword_D413A0;
          if ( dword_D413A0 <= 0 )
            dword_D413A0 = 0;
        }
      }
    }
  }
}

[Sonic Waffle]

Are you converting using UTF-8?

[maphack122]

No. But this problem happened only with new patch. On 3.3.3a all strings were converted normally. I should convert all strings in events to UTF-8? (Sorry for my bad english, i am not the native speaker)

[Sonic Waffle]

It's worth a try, otherwise, I have no clue. :/

[maphack122]

I fixed it.

Code:

if((DWORD)pArgs[i-1].pszString>0x1000)
					{
						sConverter << pArgs[i-1].pszString;
					}

. When the game crashes, the pointer is invalid. (it was 0x16 ). This is not the solution of the problem, but it works.