The faults at 0x01204745 are because ManalinkEx.dll isn't getting mapped to its default address at 0x1000000, the same thing that gave me so much trouble when I was running Vista. The solution's the same as it's always been: to eliminate ManalinkEx.dll entirely. None of the cards still in it are used, and there aren't any references into it from ManalinkEh.dll left, but there's still a handful of injected jumps from Magic.exe: (comments added, obviously)
- Code: Select all
dgk@Dirge:0/cygdrive/g/mtg/Manalink 3.0/Program$ objdump -M intel -d Magic.exe | egrep -i '(call|j).*0x0*1[0-9a-f]{6}'
4030b0: e8 e5 fa df 00 call 0x1202b9a ; This and the next one are in card_generic_legend(), which has been replaced in ManalinkEh.dll
4030ff: e8 96 fa df 00 call 0x1202b9a
40b928: e9 13 4a e6 00 jmp 0x1270340 ; In copy_to_display(). Added by me in patches/patch_copy_to_display.pl
42e953: e9 38 17 e4 00 jmp 0x1270090 ; This and the next are in charge_mana(). Added by me in patches/patch_charge_mana.pl
42eac9: e9 12 16 e4 00 jmp 0x12700e0
42ff0a: e9 f5 01 e4 00 jmp 0x1270104 ; This and the next one are in autotap_mana_source(). Added by me in patches/patch_charge_mana.pl
43001a: e9 1b 01 e4 00 jmp 0x127013a
43460d: e9 be bb e3 00 jmp 0x12701d0 ; In activate(). Added by me in patches/patch_tapped_to_play_ability.pl
43549e: e9 cd ac e3 00 jmp 0x1270170 ; In get_abilities(), which has been replaced in ManalinkEh.dll
440f06: e9 71 39 dc 00 jmp 0x120487c ; A replacement of sub_440F00(), [s]which doesn't seem to get called by anything[/s]. It shells out to ".\LaunchMCu.exe /MTGshell", if anyone happens to know what that was.
4486cd: e9 1c c0 db 00 jmp 0x12046ee ; In dlgproc_GauntletPage(); it contains the jump into ManalinkEh.dll at address 0x2001d49 (set_challenge() in functions/rules_engine.c)
4671bc: e9 47 d5 d9 00 jmp 0x1204708 ; In get_card_or_subtype_name(), which has been replaced in ManalinkEh.dll
46a028: e9 18 a9 d9 00 jmp 0x1204945 ; This and the next two are in sub_46A000(), which loads imagery for the "Play or draw" dialog
46a05e: e9 f4 a8 d9 00 jmp 0x1204957
46a08b: e9 fd a8 d9 00 jmp 0x120498d
46a118: e9 16 a8 d9 00 jmp 0x1204933 ; This and the next two are in sub_46A0F0(), which loads imagery for the "Mulligan" dialog
46a14e: e9 16 a8 d9 00 jmp 0x1204969
46a17b: e9 1f a8 d9 00 jmp 0x120499f
46b71b: e9 01 92 d9 00 jmp 0x1204921 ; In sub_46B6F0(), which loads imagery for the "End duel" dialog
472815: e9 98 22 d9 00 jmp 0x1204ab2 ; In count_colors_of_lands_in_play(), which has been replaced in ManalinkEh.dll
479bf7: e9 c7 aa d8 00 jmp 0x12046c3 ; In shuffle(); it contains the jump into ManalinkEh.dll at address 0x2001d17 (deck_was_shuffled() in cards/zendikar.c)
489e81: e9 7a 61 de 00 jmp 0x1270000 ; In wndproc_CardClass(). Added by me in patches/patch_icons.pl
48cb60: e9 db 34 de 00 jmp 0x1270040 ; A replacement of card_instances_will_have_same_icons(). Added by me in patches/patch_icons.pl
48cbb4: e9 19 7c d7 00 jmp 0x12047d2 ; In get_special_counters_name(), which has been replaced in ManalinkEh.dll
4cea26: e9 1a 5d d3 00 jmp 0x1204745 ; This and the next one are in sub_4CEA20(), which loads imagery for the start-up menu. It's always the first one called, hence the first to crash.
4cebb6: e9 c1 5b d3 00 jmp 0x120477c
4d2bad: e8 6e d6 d9 00 call 0x1270220 ; In draw_smallcard_activation_card(). Added by me in patches/patch_drawfullcard_drawsmallcard_color.pl
4d307c: e9 30 19 d3 00 jmp 0x12049b1 ; In draw_smallcard(), displaying icons
4d4ca9: e9 ee fa d2 00 jmp 0x120479c ; In get_counter_type_by_id(), which has been replaced in ManalinkEh.dll
Plenty of unused space is available in the Magic.exe image now to jump to instead, now that almost none of the original card functions are still used.
I won't be able to debug the cardartlib.dll crash without the exact cardartlib.dll build you're using; there wasn't one distributed with the Fates Reforged patch, or I'd have tried with that.
Better would be to elicit a crash while using the cardartlib.dll from any of the recent Shandalar updates, RT3 or later, since I still have debugging data for them. The one from TH1 is attached. (If you use a different one, please specify the version.)
It's still infuriating that this isn't making a program-crash popup. That'll make it much harder to get a full dump if that proves necessary, and it probably will.
(edit: remove attachment)