48 replies to this topic

[Ascension64]

After painstaking reversing of the executable, I have solved the problem of random Beregost crashes and corruption of saved games. Funnily enough, the error is actually in the ARE file! (AR3300.ARE for BG1, FW3300.ARE for BG1Tutu, AR6700.ARE for BGT).

In a nutshell, the problem is bad search map coordinates for DOOR3304 impeded points when door is open. The search map is 320 x 320, yet there are points where y > 320. This causes a buffer overflow problem, resulting in heap corruption. The heap corruption causes the symptoms we all see with Beregost crashes.

A fix will be incorporated into a new version of BGT-WeiDU. The coded fix below can be used for BG1 and BG1Tutu, editing the COPY_EXISTING ~filename~ as necessary.

Note that while this should solve the random Beregost crashing, it may not cover all types of Beregost crashes. The most obvious of this case would be mods causing problems with objects/creatures in the area, or mod incompatibility (as we saw with BG2Fixpack: http://www.shsforums...post__p__478775).

Fix will only work on new games or saved games where you have not visited Beregost yet, since the area is saved into the BALDUR.SAV file once you have visited it.

BACKUP ~BeregostFix~

AUTHOR ~Asc64~

BEGIN ~BeregostFix~

//AR3300, FW3300, AR6700 (BG1, BGTutu, BGT)
COPY_EXISTING ~AR6700.ARE~ ~override~
  READ_LONG 0xA4 nDoors
  READ_LONG 0xA8 offDoors
  READ_LONG 0x7C offPoints
  READ_LONG 0x80 nPoints

  SET i = 0

  FOR (i = 0; i < nDoors; i += 1) BEGIN
    READ_ASCII ( %offDoors% + %i% * 0xC8 + 0x20 ) DoorId
    PATCH_IF ( "%DoorId%" STRING_EQUAL "DOOR3304" ) BEGIN
      READ_LONG ( %offDoors% + %i% * 0xC8 + 0x48 ) idxPointsImpededOpen
      READ_SHORT ( %offDoors% + %i% * 0xC8 + 0x4C ) nPointsImpededOpen

      SET j = 0
      FOR (j = %idxPointsImpededOpen%; j < %idxPointsImpededOpen% + %nPointsImpededOpen%; j += 1) BEGIN
        READ_SHORT ( %offPoints% + %j% * 0x4) x
        READ_SHORT ( %offPoints% + %j% * 0x4 + 0x2) y

        PATCH_IF ( x = 243 && y = 326 ) BEGIN
          WRITE_SHORT ( %offPoints% + %j% * 0x4) 233
          WRITE_SHORT ( %offPoints% + %j% * 0x4 + 0x2) 302
        END

        PATCH_IF ( x = 243 && y = 327 ) BEGIN
          WRITE_SHORT ( %offPoints% + %j% * 0x4) 233
          WRITE_SHORT ( %offPoints% + %j% * 0x4 + 0x2) 304
        END

        PATCH_IF ( x = 242 && y = 325 ) BEGIN
          WRITE_SHORT ( %offPoints% + %j% * 0x4) 232
          WRITE_SHORT ( %offPoints% + %j% * 0x4 + 0x2) 304
        END

        PATCH_IF ( x = 233 && y = 303 ) BEGIN
        END

      END
    END
  END

[ScuD]

I'm in awe...

[cmorgan]

This (in my book) is the equivalent of finding Atlantis. Thank you! There is nothing, I repeat NOTHING more frustrating to me than having a white-knuckle moment every time i visit Beregost!

Edited by cmorgan, 09 April 2010 - 07:37 AM.

[Daulmakan]

[Wisp]

Great job!

[Hoppy]

Right on!!!

[KathStoneDog]

Wow! That is just......... WOW!

Kath Stonedog

[Taimon]

Well done!
I'm glad to see that you haven't given up on the reversing stuff.

[Fennek]

You are a true hero. I salute you, Sir Ascension 64!

[Xicloing]

Just Wow. Awesome.

[Chevalier]

[Dakk]

What do you know, the time of wonders is not over

[Ascension64]

You can edit Beregost in your BALDUR.SAV file manually with NearInfinity or DLTCEP.
It is probably easier to continue to take precautions around Beregost if you are using a 'vulnerable' saved game, which has been the advice for years.

[Anomaly]

Nothing else to add than praise.

[Lupuss]

Hello, I'm curious as to how I should insert the code posted above into the game. Which file(s) should be edited and how?

Thank you for your input.

[Jarno Mikkola]

Hello, I'm curious as to how I should insert the code posted above into the game. Which file(s) should be edited and how?

My advice is that you don't, unless you know what you are doing... but you would do the editing into the Setup-BGT.tp2 file. Or to a complete new setup-*modname*.tp2 and then install it with the setup-*modname*.exe ... just like any other WeiDU.exe mod.

Edited by Jarno Mikkola, 13 April 2010 - 10:24 PM.

[Lupuss]

The thing is, I've just installed BG Trilogy along with a bunch of other mods and I'd like to avoid the Beregost bug. I've just started the game so I haven't got to Beregost yet (currently in Friendly Arm's Inn). If there's another way to avoid it I'm all ears (I haven't used DLTCEP in a loooooooooong time, I don't even remember how you edit SAV files with it :/)

[Jarno Mikkola]

If there's another way to avoid it I'm all ears

Them listen, just close the door to the Jovial Juggler when you visit the place, and you can avoid the problem in this version... as he problem only occurs when it's open, and the map is reloaded.

[Ascension64]

Just to clarify, the crash will still occur regardless of whether you have the door open or closed. The impeded search map coordinate data is loaded regardless...unless you delete the door from the ARE file.