WS_ExamineSpellInfo crash

[John Adams]

First, ANAL doesn't support Substructs yet - so this bug COULD be a by-product of how I'm hacking it to work by combining all substructs into a new, single struct so ANAL can still display the data - which works 99% of the time. In this one case, something is blowing up and wanted to bug it in case it's a valid crash. Now that I have explained myself to death, here's the crash

Normal WS_SpellInfo packets are larger than this, so it's likely the fact ANAL is picking this packet up and trying to display it as a full spell packet, when it's not. I don't know what it is, in fact...

-- OP_ClientCmdMsg::OP_EqExamineInfoCmd --
10/28/2012 02:46:44
69.174.200.157 -> 192.168.1.65
0000: 00 3A 1F 00 00 00 FF 7A 02 01 00 00 00 00 FE 3F .:.....z.......?
0010: 05 66 C4 00 00 46 00 00 00 01 00 00 00 00 00 00 .f...F..........
0020 00 00 00 00 00 .....

Crash is:

System.IndexOutOfRangeException: Index was outside the bounds of the array.
at EQ2PacketAnalyzer.DataStruct.LoadData(Byte[] bytes, Int32& index, DataStruct ds_array_size) in D:\dev\eq2\eq2tools\trunk\DevTools\PacketAnalyzer\PacketAnalyzer\Packets\DataStruct.cs:line 510
at EQ2PacketAnalyzer.DataStruct.LoadData(Byte[] bytes, Int32& index) in D:\dev\eq2\eq2tools\trunk\DevTools\PacketAnalyzer\PacketAnalyzer\Packets\DataStruct.cs:line 690
at EQ2PacketAnalyzer.PacketStruct.LoadData(Byte[] bytes, Int32 index) in D:\dev\eq2\eq2tools\trunk\DevTools\PacketAnalyzer\PacketAnalyzer\Packets\PacketStruct.cs:line 590
at EQ2PacketAnalyzer.Main.LoadPacketStruct(TreeNode node) in D:\dev\eq2\eq2tools\trunk\DevTools\PacketAnalyzer\PacketAnalyzer\Main.cs:line 415
at EQ2PacketAnalyzer.Main.treeView_opcodes_AfterSelect(Object sender, TreeViewEventArgs e) in D:\dev\eq2\eq2tools\trunk\DevTools\PacketAnalyzer\PacketAnalyzer\Main.cs:line 383
at System.Windows.Forms.TreeView.OnAfterSelect(TreeViewEventArgs e)
at System.Windows.Forms.TreeView.TvnSelected(NMTREEVIEW* nmtv)
at System.Windows.Forms.TreeView.WmNotify(Message& m)
at System.Windows.Forms.TreeView.WndProc(Message& m)
at System.Windows.Forms.Control.ControlNativeWindow.OnMessage(Message& m)
at System.Windows.Forms.Control.ControlNativeWindow.WndProc(Message& m)
at System.Windows.Forms.NativeWindow.Callback(IntPtr hWnd, Int32 msg, IntPtr wparam, IntPtr lparam)

This happens only on select packets in the OP_ClientCmdMsg::OP_EqExamineInfoCmd tree, in the 1191\Court of Al Afaz.log. The ANAL-formatted struct you need is this:

WorldStructsANAL.zip

I can explain more why the structs need to be mashed together for ANAL if needed.

PS: Point your ANAL to this new struct

[Zcoretri]

That is not a Spell packet...its something else we have yet to identify.
You need more schooling, lol

Code: Select all

-- OP_ClientCmdMsg::OP_EqExamineInfoCmd --
10/28/2012 02:46:44
69.174.200.157 -> 192.168.1.65
0000: 00 3A 1F 00 00 00 FF 7A 02 01 00 00 00 00 FE 3F .:.....z.......?
0010: 05 66 C4 00 00 46 00 00 00 01 00 00 00 00 00 00 .f...F..........
0020 00 00 00 00 00 .....

starting at the opcode
FF 7A 02 = opcode
next is WS_ExamineInfoHeader
01 = show_name
00 00 00 = unknown (size=3)
00 = show_popup
FE 3F = packettype
05 = packetsubtype

after the packetsubtype of 05...unknown bytes at this time.

These are packetsubtype that I know of

00 = Bag (meaning item was in someones bag, you do not get full item info here)
02 = Recipe
04 = AA
05 = unknown
80 = item
81 = special spell (these come from examining buffs on NPC's or detriments on you)
83 = spells/combat arts

[John Adams]

Yep, I am plenty schooled, thanks. I know what a type and subtype are. This is about a crash in PacketAnalyzer, that is all.

[xinux]

This is showing up after you use http://eq2.wikia.com/wiki/Acceleration_Strike which applies a buff Called Acceleration Counter with 3 charges everytime a charge get's used is when -- OP_ClientCmdMsg::OP_EqExamineInfoCmd -- show's up.

After 05 = packetsubtype here is what i've noticed.

66 C4 00 00 46 = Only changes when a new Buff is applied
00 00 00 = unknown
01 = Number of charges remaining

[xinux]

Ok it's a little odd here is some examples... Notice how the first one with 3 charges the first byte after 05 is different then they are the same.

Code: Select all

-- OP_ClientCmdMsg::OP_EqExamineInfoCmd --
11/3/2012 12:51:50
69.174.200.160 -> 192.168.1.104
0000:	00 3A 20 00 00 00 FF 7A 02 01 00 00 00 00 00 FE .: ....z........
0010:	3F 05 B2 42 09 00 01 00 00 00 03 00 00 00 00 00 ?..B............
0020:	00 00 00 00 00 00

-- OP_ClientCmdMsg::OP_EqExamineInfoCmd --
11/3/2012 12:51:54
69.174.200.160 -> 192.168.1.104
0000:	00 3A 20 00 00 00 FF 7A 02 01 00 00 00 00 00 FE .: ....z........
0010:	3F 05 B5 42 09 00 01 00 00 00 02 00 00 00 00 00 ?..B............
0020:	00 00 00 00 00 00  

-- OP_ClientCmdMsg::OP_EqExamineInfoCmd --
11/3/2012 12:51:58
69.174.200.160 -> 192.168.1.104
0000:	00 3A 20 00 00 00 FF 7A 02 01 00 00 00 00 00 FE .: ....z........
0010:	3F 05 B5 42 09 00 01 00 00 00 01 00 00 00 00 00 ?..B............
0020:	00 00 00 00 00 00  

-- OP_ClientCmdMsg::OP_EqExamineInfoCmd --
11/3/2012 12:52:00
69.174.200.160 -> 192.168.1.104
0000:	00 3A 20 00 00 00 FF 7A 02 01 00 00 00 00 00 FE .: ....z........
0010:	3F 05 B5 42 09 00 01 00 00 00 00 00 00 00 00 00 ?..B............
0020:	00 00 00 00 00 00

Same character next group of mobs new buff.

Code: Select all

-- OP_ClientCmdMsg::OP_EqExamineInfoCmd --
11/3/2012 12:52:20
69.174.200.160 -> 192.168.1.104
0000:	00 3A 20 00 00 00 FF 7A 02 01 00 00 00 00 00 FE .: ....z........
0010:	3F 05 C8 49 09 00 04 00 00 00 03 00 00 00 00 00 ?..I............
0020:	00 00 00 00 00 00   

-- OP_ClientCmdMsg::OP_EqExamineInfoCmd --
11/3/2012 12:52:28
69.174.200.160 -> 192.168.1.104
0000:	00 3A 20 00 00 00 FF 7A 02 01 00 00 00 00 00 FE .: ....z........
0010:	3F 05 CB 49 09 00 04 00 00 00 02 00 00 00 00 00 ?..I............
0020:	00 00 00 00 00 00                               ......

-- OP_ClientCmdMsg::OP_EqExamineInfoCmd --
11/3/2012 12:52:31
69.174.200.160 -> 192.168.1.104
0000:	00 3A 20 00 00 00 FF 7A 02 01 00 00 00 00 00 FE .: ....z........
0010:	3F 05 CB 49 09 00 04 00 00 00 01 00 00 00 00 00 ?..I............
0020:	00 00 00 00 00 00                               ......

-- OP_ClientCmdMsg::OP_EqExamineInfoCmd --
11/3/2012 12:52:33
69.174.200.160 -> 192.168.1.104
0000:	00 3A 20 00 00 00 FF 7A 02 01 00 00 00 00 00 FE .: ....z........
0010:	3F 05 CB 49 09 00 04 00 00 00 00 00 00 00 00 00 ?..I............
0020:	00 00 00 00 00 00                               ......

[John Adams]

lol, you do realize this is about a PacketAnalyzer crash, and not about figuring out the packet? Might save that for a different thread, since this Bug will be archived once we fix it

[Scatman]

It's most likely the substruct issue, but I'll take a gander at it regardless. I think I will be rewriting how structs work anyway.

[Cynnar]

Checking to see if this can be archived.