Magic numbers for versionlib macro?

[megapatato]

Hiya! I'm trying to update this for more recent versions of the game; I've got it compiling for 1.6.659.0, and got the newer versionlibs from the Address Library for SKSE project. After editing the target_version.txt file, I get:

error: proc macro panicked
  --> src\console.rs:83:46
   |
83 |     let target_addr = transmute(image_base + versionlib!(21890));
   |                                              ^^^^^^^^^^^^^^^^^^
   |
   = help: message: no entry found for key

This holds for 1.6.1130 and onwards. From looking up the behavior when building against 1.6.318.0, it seems the macro looks up the corresponding address for a given offset? (e.g. mapping 21890 to 0d3127808 | 0x2fba00, which tracks with what I'm seeing from the offsets file for 1.6.318.0, which has that at 1402fba00)

I see their usage in console, actor reference, cell, mod, npc, and quest contexts. What is the significance of the numbers used for versionlib? How would one find the relevant bits on newer versionslibs ?

[qbx2]

Hello, thank you for sharing. I'll try to check out what happened after work today.

[qbx2]

I just discovered that the author of Address Library mentioned, "SE and AE are too different to match," indicating that we can't simply update the database easily.

As for your inquiry, the number (address ID) is utilized for locating addresses for the machine code and data in SkyrimSE.exe. Initially, I identified the raw addresses by reverse engineering, and @lukasaldersley introduced versionlib here (#1 (comment)).

As a result, we need to reverse engineer it again to find the addresses from the scratch.

EDIT:
Anyway, the address library no more provides the addresses SkyrimSearch depends on...

[qbx2]

The only missing address is 21890. I'm gonna check if I can workaround for it.

cargo test -- --show-output
   Compiling versionlib v0.1.0 (/Users/qbx2/sse-mod-skyrim-search-se/versionlib)
    Finished test [unoptimized + debuginfo] target(s) in 0.33s
     Running unittests src/lib.rs (target/debug/deps/versionlib-8df3f23104905c09)

running 1 test
test tests::it_works ... ok

successes:

---- tests::it_works stdout ----
21890:false
401203:true
51109:true
207886:true
14720:true
14617:true
195816:true
190143:true
195890:true
25259:true


successes:
    tests::it_works

test result: ok. 1 passed; 0 failed; 0 ignored; 0 measured; 0 filtered out; finished in 0.56s

   Doc-tests versionlib

running 0 tests

successes:

successes:

test result: ok. 0 passed; 0 failed; 0 ignored; 0 measured; 0 filtered out; finished in 0.00s

[qbx2]

I think I found it - 441582 and this id does not exist in 1.6.640 or 1.6.659.

@megapatato Could you please test if it works? You can download the build here: https://github.com/qbx2/sse-mod-skyrim-search-se/actions/runs/8555262349

For the history:
https://github.com/Starfield-Reverse-Engineering/Ghidra-Tutorial?tab=readme-ov-file
This documentation was great for me to reverse engineer it again. I used virtual machine to memory-dump unpacked skyrim previously, I could not do that with my new M1 macbook.

[megapatato]

Hey there! I'm glad you were able to take a look at it. I've tested the build, but I got a CTD.

• skse64.log shows the plugin loaded correctly; no messages about wrong game versions or libraries
• ss --help printed the expected output to the console
• ss npc argis yielded a crash-to-desktop

I tested this on a new game, waiting for the initializations to finish (Gate to Sovengarde collection)

The crash logger (this one) starts with the following:

Skyrim SSE v1.6.1170
CrashLoggerSSE v1-12-1-0 Dec 22 2023 02:20:56

Unhandled exception "EXCEPTION_ACCESS_VIOLATION" at 0x7FFD077DD0B6 skyrim_search_se.dll+002D0B6	mov rdx, [rax+0x10]

[...SYSTEM SPECS...]

PROBABLE CALL STACK:
	[ 0] 0x7FFD077DD0B6           skyrim_search_se.dll+002D0B6
	[ 1] 0x7FFD077DE77E           skyrim_search_se.dll+002E77E
	[ 2] 0x7FFD077C1CE0           skyrim_search_se.dll+0011CE0
	[ 3] 0x7FFD077BE6B5           skyrim_search_se.dll+000E6B5
	[ 4] 0x7FFD077CC0BC           skyrim_search_se.dll+001C0BC
	[ 5] 0x7FF6758BB4E7                   SkyrimSE.exe+097B4E7 -> 52952+0x57	nop
	[ 6] 0x7FF6755869A2                   SkyrimSE.exe+06469A2 -> 36564+0xB02	mov rcx, [0x00007FF6780C74F8]
	[ 7] 0x7FFD0C02CA99                   hdtSMP64.dll+00BCA99	cmp byte ptr [rbx+0x10], 0x00 |  C:\Games\Faster HDT-SMP\skse64_2_02_06\src\skse64\hdtSMP64\Hooks.cpp:314 ?onFrame@UnkEngine@hdt@@QEAAXXZ
	[ 8] 0x7FFD0D04A0C3 BetterThirdPersonSelection.dll+007A0C3
	[ 9] 0x7FF67557EAD5                   SkyrimSE.exe+063EAD5 -> 36544+0x165	test bl, bl
	[10] 0x7FF67647BB8E                   SkyrimSE.exe+153BB8E -> 109636+0x106	mov ebx, eax
	[11] 0x7FFDC9A47344                   KERNEL32.DLL+0017344
	[12] 0x7FFDCAA826B1                      ntdll.dll+00526B1

If useful, I can share the rest of the crash log; (void* -> skyrim_search_se.dll appears 23 times in the stack, though I'll be traveling until next week.

[qbx2]

The CTD turns out to be caused by the inappropriate usage of unsafe in prettytable-rs (See issue phsym/prettytable-rs#145). I updated the version and it seems to work well. I am gonna release new version to nexusmods.com now. Thank you so much for your support!

[megapatato]

Works like a charm, thanks!

If you have the time, you might also want to check the documentation on the Nexus page; the second line of the Description pane admits the readme is outdated, and the changelog does not mention v0.10 yet.

[qbx2]

@megapatato I updated the description, although it has not much meaning anyway. The changelog is also updated. Thanks.