View Issue Details

IDProjectCategoryView StatusLast Update
0008129Multi Theft Auto : San AndreasClientpublic2014-05-24 00:25
ReporterTosfera Assigned Tosbx320  
Status resolvedResolutionfixed 
Target Version1.4 
Summary0008129: Replacing a specific weaponmodel will crash your client

So, while I'm replacing a specific model ( parachute: 371 ) my client crashes. The model isn't corrupt because if I replace it on another weapon ( let's say M4 ) it does work. Every single model I'm trying to replace on the parachute will crash my client. Not only my client, but also the client of all the players.

Steps To Reproduce

Add a simple parachute model to your meta, and use the following code;

txd = engineLoadTXD ( "bag.txd" );
engineImportTXD ( txd, 371 );
dff = engineLoadDFF ( "bag.dff", 0 );
engineReplaceModel ( dff, 371 );

Whenever you start the script or join the server when the script is running, your client will crash.

Additional Information

Crash error:

Version = 1.3.5-release-6162.3.000
Time = Sun Mar 30 12:42:24 2014
Module = G:\games\GTA - San Andreas\gta_sa.exe
Code = 0xC0000005
Offset = 0x001371AC

EAX=00749100 EBX=0028F2B8 ECX=00000000 EDX=D9DF1DC8 ESI=1EC75880
EDI=00000000 EBP=0497E500 ESP=0028F24C EIP=005371AC FLG=00210246
CS=0023 DS=002B SS=002B ES=002B FS=0053 GS=002B

TagsNo tags attached.


duplicate of 0006608 resolvedsbx320 Multi Theft Auto : San Andreas Custom melee weapons crash the game 
has duplicate 0006731 closed New issues replacing the weapons 
has duplicate 0006868 resolvedsbx320 Multi Theft Auto : San Andreas engineReplaceModel not works with some models 



2014-03-30 13:04

reporter   ~~0020502

I can confirm this issue. Replacing parachute does crash the Client immediately.


2014-03-30 13:56

updater   ~~0020504

Last edited: 2014-03-30 13:57

Attach crashdump from dumps/priv
btw, same crash:


2014-03-30 14:07

updater   ~~0020505

Btw, very old crash... also on 1.3:

Version = 1.3-release-3916.0.000
Time = Thu Apr 05 12:22:01 2012
Module = C:\Program Files\Rockstar Games\GTA San Andreas\gta_sa.exe
Code = 0xC0000005
Offset = 0x001371AC

EAX=00749100 EBX=0028F30C ECX=00000000 EDX=DFEEBD10 ESI=20381388
EDI=00000000 EBP=05113F50 ESP=0028F2A4 EIP=005371AC FLG=00010246
CS=0023 DS=002B SS=002B ES=002B FS=0053 GS=002B


2014-03-30 14:09

viewer   ~~0020506

Might be old, but it is in my way right now. I've had the problem before but found a workaround ( just not replacing it ).


2014-03-30 14:12

updater   ~~0020507

Tosfera, attach an priv crashdump so I can analyze it quickly then.


2014-03-30 14:22

viewer   ~~0020508

I can't attach it anymore, I'd upload it for you on my webhost; ( made it shorter to avoid advertisement :) )


2014-03-30 15:08

updater   ~~0020510


005371ac 8b17 mov edx,dword ptr [edi]

CreateVertexDecl fail: hr:80004005 [0,0,14,0,0,0]
CreateVertexDecl fail: hr:80004005 [0,0,13,0,0,0]
CreateVertexDecl fail: hr:80004005 [0,0,12,0,0,0]
CreateVertexDecl fail: hr:80004005 [0,0,11,0,0,0]4

DirectSound Administrator shared thread array (lock)

Devs, full dumptrace:

Why all this effort.. I also want this crash fixed :)


2014-04-02 02:28

administrator   ~~0020540

Could be due to the new model not having the same layout as the original.


2014-04-02 06:44

viewer   ~~0020541

I believe this would even happen, if you tried replacing specific ID models with their own .dff and .txd


2014-04-08 17:38

manager   ~~0020618

I've experienced this along time ago too but someone should upload a test resource that reproduces the crash.


2014-05-15 10:41

viewer   ~~0020890

Last edited: 2014-05-15 11:13

I've written a quick example of the replacement of a backpack, you can find it at my dropbox on the following link. The resource includes the model;

"Could be due to the new model not having the same layout as the original.",
You can replace a box with a tree, so why would it matter at this object? :o


2014-05-15 13:23

manager   ~~0020894

Last edited: 2014-05-15 13:23

A tree is not a weapon though. Weapons are much more complex than a static object and how is a backpack a weapon model? Oh you mean parachute?


2014-05-15 17:35

administrator   ~~0020901

ArranTuna, I think he's changing the parachute model to a backpack model. I'm sure he doesn't have the parachute resource running.


2014-05-15 20:04

viewer   ~~0020902

The parachute resource is a default resource which is running, and I am replacing the parachute with another model. ^^


2014-05-16 19:55

updater   ~~0020906

@ tosfera, that test resource doesn't work nor does it replace models/crash


2014-05-16 20:04

manager   ~~0020907

Last edited: 2014-05-17 18:44

addEventHandler ( "onClientResourceStart", root,
fuction ()

First of all that should be resourceRoot not root.

Second of all it fails to load because of "fuction" instead of "function"

Edit: Even with those script fixes, it still doesn't work, the parachute is no different to the default one with your resource running.

Edit: Which means we need another test resource for this crash.


2014-05-18 18:43

viewer   ~~0020912

Last edited: 2014-05-18 18:47

I'm sorry, I quite messed up there... You were right Arran, there were some typo's and it isn't getting replace because of the wrong ID given at the replacement of the model. The right ID that had to be replace was 371, an updated version can be found here;

edit; tried to replace another 'weapon' ( tested ID 326, 'Cane' ) which also crashed my client. So I think it'll be what ccw said;

"Could be due to the new model not having the same layout as the original."


2014-05-20 14:26

updater   ~~0020917

Last edited: 2014-05-20 14:35

If needed here's an relevant crashdump:!oN0TzRib!MMwaYGbdr3GNSKkCAWD-MVLD2XEGVzX8nIoYPwtrYM4
(reproduced with the test resource, and only an MTA session to do so, means the dump isn't that huge and only contains info about the crash event)

dump contents:

crashes on offset 0x001371AC (try googling it)

If this crash won't get fixed it might become an problem for future model modding, (one of the most basic things)
please look into it....


2014-05-20 17:47

reporter   ~~0020918

It would be better to fix the custom-vehicle dummy misplacement and other vehicle related issues.


2014-05-20 19:34

administrator   ~~0020920

This doesn't appear to be caused by an bad format of the dff, since even replacing a model with the original SA one crashes the game at the exact offset.

After investigating a bit further it appears that ARRAY_ModelInfo[371] is a CWeaponModelInfoSAInterface*. CWeaponModelInfoSAInterface->AsAtomicModelInfoPtr() returns NULL.

In CFileLoader::SetRelatedModelInfoCB (0x537150) the following code is executed (transcribed into C++):
edi = ARRAY_ModelInfo[AtomicsReplacerModelID]->AsAtomicModelInfoPtr();

This results in edi containing a NULL pointer, instead of a CAtomicModelInfoSAInterface*. This NULL pointer is then used, resulting in the crash.

Going up the callstack of MTA the following comparisation can be found:
else if ( ( m_dwModelID >= 331 && m_dwModelID <= 369 ) || m_dwModelID == 372)
// We are a weapon.
pGame->GetRenderWare ()->ReplaceWeaponModel ( pClump, static_cast < unsigned short > ( m_dwModelID ) );
This check does not include all weapon ids, and thus the model 371 (and also all melee weapons) is misinterpreted to be not a weapon.

Fixed in

Issue History

Date Modified Username Field Change