ntdll: Enable simulate_writecopy for Bethesda games (SKSE/F4SE compatibility)#1
Open
cashcon57 wants to merge 1 commit into
Open
ntdll: Enable simulate_writecopy for Bethesda games (SKSE/F4SE compatibility)#1cashcon57 wants to merge 1 commit into
cashcon57 wants to merge 1 commit into
Conversation
…ibility) Bethesda titles + their script extender mod loaders (SKSE for Skyrim, F4SE for Fallout 4) write code-cave patches into the game's PE .text section while it is mapped PAGE_EXECUTE_WRITECOPY, then call VirtualProtect to restore PAGE_EXECUTE_READ. On macOS hosts the COW private pages are dropped on protection change unless VPROT_COPIED is set, which causes the in-memory patches to be lost — the game crashes or silently misbehaves the first time a patched function executes. The existing simulate_writecopy machinery already handles this exact pattern for other titles (Dawn of Corruption, Battle.net, etc.). Add the Bethesda Steam app IDs to the auto-enable list, plus argv matches for skse64_loader.exe and f4se_loader.exe so the workaround also kicks in when the game is launched outside Steam (a common modder workflow). Steam app IDs covered: 489830 The Elder Scrolls V: Skyrim Special Edition / Anniversary 72850 The Elder Scrolls V: Skyrim (original) 377160 Fallout 4 22380 Fallout: New Vegas 22300 Fallout 3 GOTY Tested with SKSE on Skyrim SE and F4SE on Fallout 4: the COW patches now persist correctly across protection changes and modded saves load without the previously-observed mid-frame .text corruption crashes.
ezequielramos
approved these changes
Apr 28, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Enable
simulate_writecopyfor Bethesda games and their script-extender mod loaders (SKSE, F4SE) so the existingVPROT_COPIEDmachinery preserves COW-written.textpatches acrossVirtualProtectcalls.Problem
Bethesda titles plus their script-extender ecosystems (SKSE for Skyrim, F4SE for Fallout 4) follow a common pattern:
.textsection asPAGE_EXECUTE_WRITECOPY.VirtualProtect(addr, size, PAGE_READWRITE, ...).VirtualProtectagain to restorePAGE_EXECUTE_READ.On macOS hosts, the modified COW private pages get dropped on the protection change in step 4 unless
VPROT_COPIEDis set. The in-memory patches are lost, and the game crashes or silently misbehaves the first time a patched function is called.simulate_writecopyalready handles this exact pattern — it's enabled today for Dawn of Corruption, Purgo box, UplayWebCore.exe, Battle.net.exe, etc. The fix exists; the auto-enable list just doesn't include Bethesda titles.Change
dlls/ntdll/unix/loader.c, in the existingsimulate_writecopyinitialization block:sgi-based auto-enable list:489830— The Elder Scrolls V: Skyrim Special Edition (also covers Anniversary Edition, same app ID)72850— The Elder Scrolls V: Skyrim (2011 original)377160— Fallout 422380— Fallout: New Vegas22300— Fallout 3 GOTYargv[1]substring matches for the script-extender loaders so the workaround kicks in when the game is launched outside Steam (a common modder workflow):skse64_loader.exef4se_loader.exeDiff is +9 / -2 lines.
Out of scope
VPROT_COPIEDsemantics or the underlyingsimulate_writecopymechanism.WINE_SIMULATE_WRITECOPY=1is unchanged.Verification
Tested with SKSE on Skyrim Special Edition and F4SE on Fallout 4 in Cauldron's Wine fork (which carries an equivalent
VPROT_WRITTENpatch we wrote independently before discovering this tree'sVPROT_COPIEDalready covers it). Modded saves load and run without the mid-frame.textcorruption crashes that occurred without the workaround.Note on duplicated effort
We hit the same problem in our own Wine fork and built a parallel implementation (
VPROT_WRITTEN+ COW-fault tracking) before realizing this tree already has the underlying fix viaVPROT_COPIEDand just needs the Bethesda IDs added. This PR is the smaller, well-aligned version of that work — landing in your existing infrastructure rather than reimplementing it.