FSX crashes on startup under Windows 8

flight-simulator-xwindows 8

Trying to run Microsoft Flight Simulator X (Deluxe Edition, with Service Pack 1) under Windows 8 experiences a crash on startup:

enter image description here

Whereas FSX did work on Windows 7.

  • Has anyone tried FSX under Windows 8?
  • Does FSX run for anyone under Windows 8?
  • Has anyone gotten the error under Windows 8?
  • Has anyone fixed the error under Windows 8?
  • Does anyone know if this is a known issue under Windows 8?

Additional Notes

  • tried running with Windows XP, and Windows 7 compatibility modes
  • tried running as an Administrator (i.e. Windows XP compatibility mode)
  • is a fresh install from the dual DVDs
  • i've been trying to get a crash dump, so i can start to debug it, but getting a crash dump in Windows 8 is an extraordinary pain
  • Windows 8 Pro with Media Center, 64-bit

Technical Information

The error i'm getting is extraordinarily common (Bing for simprop c0000005). The audit log shows cursory error details, an access violation (Error code C0000005) in simprop.dll.

Running FSX under a debugger shows me the actual problem:

*** ERROR: Symbol file could not be found.  Defaulted to export symbols for D:\Games\Microsoft Flight Simulator X\simprop.dll - 
eax=0274e8e0 ebx=02bc4f58 ecx=530ca1df edx=0274ed90 esi=00000010 edi=00000008
eip=20c46da7 esp=000cf250 ebp=000cf26c iopl=0         nv up ei pl nz ac po nc
cs=0023  ss=002b  ds=002b  es=002b  fs=0053  gs=002b             efl=00010212
simprop!SimPropertySymbols_LoadFromFile+0x1d17:
20c46da7 3b0f            cmp     ecx,dword ptr [edi]  ds:002b:00000008=????????

The problem is that edi points to address 0x08. When it tries to do the compare:

cmp ecx,[edi]

it crashes with an access violation (error code 0xc0000005) trying to read address 0x00000008.

Trying to reverse engineer the code, i come up with:

simprop.20C4A6A0(Arg1, Arg2, Arg3, Arg4)
{
...
eax = Arg2.Method10(Arg2); //Method10 returns 0x08, the source of the AV
eax = TheCrashingCall(eax); //pass the bad address
...
}

simprop.Method10(Arg1);
{

//return Arg1.28.30 + 8;    
eax = Arg1
ecx = eax+28^
eax = ecx+30^ //eax+30^ is nil (i.e. 00000000)

return eax+8  //this is the source of the invalid 0x08 value
                  //null+8 = 00000008
                  //Later on we will try to access that address.
    //It seems that Arg1 points to an object
    //Arg1.Offset28.Offset30 is null
    //and the code never checks that Arg1.Offset28.Offset30 is null
    //before dereferencing it
}

simprop.TheCrashingCall(Arg1)
{
    ...
//if (Arg1 == something)
eax = Arg1^
edi = EAX
ecx = EDI^
    cmp ecx,[edi]
    ...
}

The Hack Fix

What i have been able to do, is modify simprop.dll, so that if Arg1 is is invalid, then make it null. The code inTheCrashingCallalready detectsnull` argument and does nothing:

simprop.TheCrashingCall(Arg1)
{
    ...
    if (Arg1 == 0x00000008)  //<---added fix
       Arg1 = null;

    if (Arg1 != null)
    {
       if (Arg1 == something)
       {
          eax = Arg1^
          edi = EAX
          ecx = EDI^
          cmp ecx,[edi]
          ...
       }
   }
}

Next Steps

i get the impression, looking at the stack traces, that simprop.dll is a re-invented XML parser (a so called "AceParser"). That would indicate that one of the xml files that ship with FSX, e.g.:

  • propanim.xml
  • propautogen.xml
  • propmaterial.xml
  • proplaunch.xml
  • propmission.xml
  • propui.xml

are not what the parser expects; or perhaps a version compatibility with something in the OS that their parser uses. The real fix is to figure out which part of which XML files is causing problems, why, and work around that.

Either way, the code appears to be referencing a nil pointer by mistake.

Object1
{
    dword offset0;
    dword offset4;
    dword offset8;
    ...
    Object2 offset28;
}

Object2
{
    dword offset0;
    dword offset4;
    dword offset8;
    ...
    Object3 offset30; //is sometimes null, causing AV
}

Object3
{
    dword offset0;
    dword offset4
    dword offset8; //code tries to access junk
}

So that when we access

object1.offset30.offset8

we get an AV. i'd like to determine if Object1 is a standard Windows COM object (e.g. MS XML DOMDocument)

Best Answer

This doesn't really answer your problem, but i have had fsx running for a while now on windows 8 with everything working well, it has occasionally hiven me a fatal error, but only when I've pushed the settings too high ;)

Make sure you have both SPs installed they can be found here: SP1 and SP2. There is also more info on them there and their bug fixes.

Also, try deleting the fsx registry key (look this up first so you don't mess up your system). There is a key somewhere (can't remember where, sorry) that you can delete and it should fix the problem.

Related Topic