Need help with debugging a directx9 game crashing

Qian Hong fracting at gmail.com
Fri Jul 19 08:34:21 CDT 2013 

Hello,

I was debugging on a popular game [1] [2] (9 GB), it crashes on start.

+relay,+seh,+tid log show that there are some calls to
wined3d.wined3d_mutex_lock / wined3d.wined3d_buffer_map /
wined3d.wined3d_mutex_unlock before crashing, so I turn on +d3d9 trace
to get a new log in details.

To my surprise, the game doesn't crash anymore with +d3d9 trace!

After a serials of bisect, I found d3d9_AddRef is the key function
call related to the crashing. If I remove the TRACE statement in line
71, the game will crash with +d3d9 as well; if I upgrade the TRACE in
71 to FIXME, the game will not crash even without +d3d9.

 66 static ULONG WINAPI d3d9_AddRef(IDirect3D9Ex *iface)
 67 {
 68     struct d3d9 *d3d9 = impl_from_IDirect3D9Ex(iface);
 69     ULONG refcount = InterlockedIncrement(&d3d9->refcount);
 70
 71     TRACE("%p increasing refcount to %u.\n", iface, refcount);
 72
 73     return refcount;
 74 }

Further tests show that the simplest hack to avoid crashing is
replacing line 71 to:
FIXME("anything %x\n", 0xdeadbeef);

I have no idea what the real fix is, any suggestion what is the next
step to debug?

Thanks in advance!

Environment:
Wine 1.6-rc5
Ubuntu 12.04.2 LTS
gcc 4.6.3 (Ubuntu/Linaro 4.6.3-1ubuntu5)

The installer ship with native d3dx9_40.dll

Backtrace on crash:
Wine-dbg>c
Unhandled exception: page fault on read access to 0x00000001 in 32-bit
code (0x0649e6e9).
Register dump:
 CS:0073 SS:007b DS:007b ES:007b FS:0033 GS:003b
 EIP:0649e6e9 ESP:0033cc60 EBP:00000000 EFLAGS:00210206(  R- --  I   - -P- )
 EAX:00000001 EBX:19b871e0 ECX:00000000 EDX:00000000
 ESI:23f420b0 EDI:23f4f20c
Stack dump:
0x0033cc60:  80004005 19c0e0c0 00000000 19b871e0
0x0033cc70:  00000000 23f420b0 23f4f1f0 19b871e0
0x0033cc80:  00000018 00000040 0000001c 00000000
0x0033cc90:  0a9101df 00000020 00000034 7bc34159
0x0033cca0:  00110064 ffffffff 0033ccd8 7bc34d2d
0x0033ccb0:  00000000 0000000c 00000010 00000001
Backtrace:
=>0 0x0649e6e9 in kg3dengine (+0x16e6e9) (0x00000000)
0x0649e6e9: movl 0x0(%eax),%ecx



[1] http://jx3.xoyo.com/download
[2] http://jx3.client.cdn.kingsoft.com/JXOnline3-v3.0.4.4980/JXOnline3-v3.0.4.4980.rar

--
Regards,
Qian Hong

-
http://www.winehq.org

More information about the wine-devel mailing list