Bind world-region restore callback strip
This commit is contained in:
parent
ec9df1eb5a
commit
2d2a83957f
3 changed files with 21 additions and 11 deletions
|
|
@ -3650,6 +3650,10 @@ fn build_region_service_trace_report(
|
||||||
"0x00421510 world_region_collection_refresh_records_from_tagged_bundle".to_string(),
|
"0x00421510 world_region_collection_refresh_records_from_tagged_bundle".to_string(),
|
||||||
"0x0041f5c0 world_region_load_tagged_payload_and_profile_collection_0x37f".to_string(),
|
"0x0041f5c0 world_region_load_tagged_payload_and_profile_collection_0x37f".to_string(),
|
||||||
"0x00455fc0 shared region tagged-payload reload companion".to_string(),
|
"0x00455fc0 shared region tagged-payload reload companion".to_string(),
|
||||||
|
"0x00455870 region triplet-band tagged restore callback (world-region vtable +0x48)"
|
||||||
|
.to_string(),
|
||||||
|
"0x00455930 region triplet-band tagged serializer callback (world-region vtable +0x4c)"
|
||||||
|
.to_string(),
|
||||||
];
|
];
|
||||||
let next_owner_questions = vec![
|
let next_owner_questions = vec![
|
||||||
"Which persisted owner seam rebuilds or restores [region+0x25e/+0x276/+0x302/+0x316]?".to_string(),
|
"Which persisted owner seam rebuilds or restores [region+0x25e/+0x276/+0x302/+0x316]?".to_string(),
|
||||||
|
|
@ -3696,11 +3700,12 @@ fn build_region_service_trace_report(
|
||||||
"the checked-in function map already grounds 0x00421510 as the tagged region-collection load owner that dispatches each live record through vtable slot +0x40".to_string(),
|
"the checked-in function map already grounds 0x00421510 as the tagged region-collection load owner that dispatches each live record through vtable slot +0x40".to_string(),
|
||||||
"the checked-in function map already grounds 0x0041f5c0 as the per-record load slot that reloads the tagged payload through 0x00455fc0 and then rebuilds profile collection [region+0x37f]".to_string(),
|
"the checked-in function map already grounds 0x0041f5c0 as the per-record load slot that reloads the tagged payload through 0x00455fc0 and then rebuilds profile collection [region+0x37f]".to_string(),
|
||||||
"constructor-side evidence now proves the latches are initialized locally, so the remaining gap can legitimately be framed as post-construction restore or rebuild".to_string(),
|
"constructor-side evidence now proves the latches are initialized locally, so the remaining gap can legitimately be framed as post-construction restore or rebuild".to_string(),
|
||||||
"direct disassembly of 0x00455fc0 now shows the shared loader only clearing and reseeding the common 0x23a-family string/scalar bands before dispatching vtable slot +0x48, which means [region+0x276/+0x302/+0x316] are not restored directly by that shared helper".to_string(),
|
"direct disassembly of 0x0041f590/0x0041f5b0 now proves the world-region vtable root is 0x005c9a28, so the 0x00455fc0 dispatch at slot +0x48 lands on 0x00455870 and the serializer sibling at +0x4c lands on 0x00455930".to_string(),
|
||||||
|
"direct disassembly of 0x00455870/0x00455930 now shows that callback pair only restores and serializes two triplet-like three-lane scalar bands through 0x531150/0x531030 plus 0x530720/0x52e8b0, not [region+0x276/+0x302/+0x316]".to_string(),
|
||||||
],
|
],
|
||||||
blockers: vec![
|
blockers: vec![
|
||||||
"which region-specific vtable slot +0x48 callback runs after 0x00455fc0 on the world-region table".to_string(),
|
"which later restore or rebuild owner rehydrates [region+0x276/+0x302/+0x316] after the shared payload loader and triplet-band callback complete".to_string(),
|
||||||
"whether [region+0x276/+0x302/+0x316] are serialized in that region-specific callback or rebuilt immediately after payload load".to_string(),
|
"whether [region+0x25e] severity/source and any stable region id/class discriminator are serialized elsewhere in the tagged region body or recomputed immediately post-load".to_string(),
|
||||||
],
|
],
|
||||||
},
|
},
|
||||||
SmpServiceConsumerHypothesis {
|
SmpServiceConsumerHypothesis {
|
||||||
|
|
@ -21853,7 +21858,7 @@ mod tests {
|
||||||
assert_eq!(trace.queued_notice_record_count, 0);
|
assert_eq!(trace.queued_notice_record_count, 0);
|
||||||
assert!(!trace.atlas_candidate_consumers.is_empty());
|
assert!(!trace.atlas_candidate_consumers.is_empty());
|
||||||
assert_eq!(trace.known_owner_bridge_fields.len(), 6);
|
assert_eq!(trace.known_owner_bridge_fields.len(), 6);
|
||||||
assert_eq!(trace.known_bridge_helpers.len(), 9);
|
assert_eq!(trace.known_bridge_helpers.len(), 11);
|
||||||
assert_eq!(trace.next_owner_questions.len(), 3);
|
assert_eq!(trace.next_owner_questions.len(), 3);
|
||||||
assert_eq!(trace.candidate_consumer_hypotheses.len(), 4);
|
assert_eq!(trace.candidate_consumer_hypotheses.len(), 4);
|
||||||
assert_eq!(
|
assert_eq!(
|
||||||
|
|
|
||||||
|
|
@ -3058,8 +3058,11 @@ The low helper strip beneath that shared family is tighter now too: `0x0052ecd0`
|
||||||
`0x0056ae30` dispatches selector `3` over the active registry, `0x0056ae80` marks pending flag
|
`0x0056ae30` dispatches selector `3` over the active registry, `0x0056ae80` marks pending flag
|
||||||
`0x100` by key, `0x0056aeb0` closes the digital driver, and `0x0056aee0/0x0056af20` are the
|
`0x100` by key, `0x0056aeb0` closes the digital driver, and `0x0056aee0/0x0056af20` are the
|
||||||
constructor/destructor pair for that sibling service object. One other sibling table is no longer
|
constructor/destructor pair for that sibling service object. One other sibling table is no longer
|
||||||
anonymous either: local `.rdata` at `0x005c9a60` is the world-region record family, while the
|
anonymous either: local `.rdata` at `0x005c9a28` is the actual world-region record-family vtable
|
||||||
smaller collection table at `0x005c9ae0` is the live region manager stored at `0x0062bae0`.
|
root, while the smaller collection table at `0x005c9ae0` is the live region manager stored at
|
||||||
|
`0x0062bae0`. The same root now also resolves the restore-side virtual strip precisely:
|
||||||
|
`0x0041f5c0` is slot `+0x40`, `0x0041f650` is slot `+0x44`, `0x00455870` is slot `+0x48`, and
|
||||||
|
`0x00455930` is slot `+0x4c`.
|
||||||
Constructor-side evidence is the anchor here. `0x00421660` allocates one `0x389`-sized region
|
Constructor-side evidence is the anchor here. `0x00421660` allocates one `0x389`-sized region
|
||||||
row, resolves the new record, and forwards into `0x00421200`, which seeds region id
|
row, resolves the new record, and forwards into `0x00421200`, which seeds region id
|
||||||
`[region+0x23a]`, class `[region+0x23e]`, profile collection `[region+0x37f]`, name buffer
|
`[region+0x23a]`, class `[region+0x23e]`, profile collection `[region+0x37f]`, name buffer
|
||||||
|
|
|
||||||
|
|
@ -95,11 +95,13 @@ Working rule:
|
||||||
through `0x00455fc0` before rebuilding profile collection `[region+0x37f]`. So the next region
|
through `0x00455fc0` before rebuilding profile collection `[region+0x37f]`. So the next region
|
||||||
pass should ask whether `[region+0x276/+0x302/+0x316]` are restored directly inside that payload
|
pass should ask whether `[region+0x276/+0x302/+0x316]` are restored directly inside that payload
|
||||||
load or rebuilt immediately after it, rather than treating “restore seam” as a generic unknown.
|
load or rebuilt immediately after it, rather than treating “restore seam” as a generic unknown.
|
||||||
- Direct disassembly of `0x00455fc0` now answers part of that question: the shared loader clears and
|
- Direct disassembly now closes that callback identity too: `0x0041f590/0x0041f5b0` prove the
|
||||||
reseeds the common `0x23a`-family string/scalar bands, then dispatches object vtable slot `+0x48`
|
world-region vtable root is `0x005c9a28`, so the `0x00455fc0` dispatch at slot `+0x48` lands on
|
||||||
and re-enters `0x0052ebd0`; it does not touch `[region+0x276/+0x302/+0x316]` directly. That
|
`0x00455870` and the serializer sibling at `+0x4c` lands on `0x00455930`. Those two callbacks
|
||||||
narrows the remaining restore target further to the world-region table’s region-specific
|
only restore and serialize two triplet-like three-lane scalar bands through
|
||||||
`+0x48` callback or the immediate post-load owner above it.
|
`0x00531150/0x00531030` plus `0x00530720/0x0052e8b0`; they still do not touch
|
||||||
|
`[region+0x276/+0x302/+0x316]`. That means the remaining region restore target is now the later
|
||||||
|
owner that rebuilds those latches or the separate tagged body seam that persists them.
|
||||||
- Reconstruct the save-side placed-structure collection body on top of the newly grounded
|
- Reconstruct the save-side placed-structure collection body on top of the newly grounded
|
||||||
`0x36b1/0x36b2/0x36b3` header seam so the blocked city-connection / linked-transit branch can
|
`0x36b1/0x36b2/0x36b3` header seam so the blocked city-connection / linked-transit branch can
|
||||||
stop depending on atlas-only placed-structure and local-runtime refresh notes, especially the
|
stop depending on atlas-only placed-structure and local-runtime refresh notes, especially the
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue