First and foremost - I am not certain whether people here found any way of searching for those crashing meshes simple way already. I just discovered a method which can be used to identify those meshes. Mind that it's quite time consuming, but accurate, also involves using a lot of low-level tools. I am going to try to explain the guide as simple as it's possible, so everyone ( or almost everyone ) can make use of it, more people can do it - the better.
1. Tools Required
- Olly Debugger v2.01 ( http://ollydbg.de/odbg201h.zip )
- PrGrep searching software ( http://prgrep.com/dwnld.php?lng=en&pg=61 )
- NifSkope, 3DS Max etc. ( for fixing the meshes, search 4 downloads ) [optional]
2. Configuration of the Tools
2a. Configuring PrGrep
Make sure you configure your PrGrep to search for binary files ( the box on the right to the ,,containing" field ) and searching in subdirectories and other options. Set "directory" path to your destination mesh directory ( in this case i've chosen Meshes\tes4, because I wanted to search for invalid meshes from Skyblivion ). A correct configuration looks like this:
( http://i42.tinypic.com/auduew.png full resolution )
2b. Configuring Olly Debugger
Nothing to be configured, just make sure you run it as an administrator.
2c. Configuring the Game
In Launcher, tick all the .esp / .esm you want to try ( in my case I had Skyrim, Skywind, Skyblivion and Skyblivion Beauty/LOD ticked ). Make sure your game runs in windowed mode ( otherwise debugging might get really hard )
3. Starting the game from the debugger.
Start the Olly Debugger. When the big window appears, drag on TES5.exe from Skyrim's folder. Wait, until it ends the analyze ( you can see it being analyzed in the bottom bar below the window ). Hit the f9, it should say "Running" in the lower right box. In case it stops cause of one reason or another, for now, just keep pressing f9 until Skyrim menu starts ( in the another window that is ).
Now, start whatever you would like to do. Run a game, run a COW command from a terminal or whatever you wish to find a crashing mesh. I just did COW Tes4Tamriel 5,5.
When the game is about to crash ( the invalid mesh is being hit by the game engine ), the debugger will stop and you will see something like this ( or similar, but from what I've observed, the crashes are always in similar places ):
( http://i42.tinypic.com/n12p28.png full resolution )
the black address on the left shows the place the crash happened. It's the int3 command.. see the next command ( jmp xxx) ? Click on it and hit enter. You should land in a place similar to this:
( http://i40.tinypic.com/fjkl91.png full resolution )
The thing here now is to see the three ,,mov xx,byte ptr ds:[REGISTER+something]. IN my screenshot it is EBX ( you can see it three times in a row ). Now , search for it on the right panel ( on my screen - EBX =156D9A1A )
Now, in the left down corner, hit the big space ( where zeros on my screenshot are ) and press CTRL+G. Write the offset you've readed prior here, and hit enter. The window here should change and there should be a lot of nonsense characters and random bytes. Copy , let's say, first 8 bytes from this:
( http://i42.tinypic.com/6ss2tj.png full resolution )
That's it - you actually copied a small small part from a mesh which was causing the problem. Now, back to PrGrep, in the ,,Containing" Field paste what you just copied. Remove the paddings ( unnecessary post-spaces etc so its like AA BB CC and nothing else ) and hit search. If you've done everything right, eventually the full path of model ( with an ascii representation of what you've been searching ) will be shown in the window.
4. Fixing [optional]
Crashes which I am describing here are based on the MOPP collision bug which affected quite a few meshes from both skywind and skyblivion. To fix it you can remove the appropiate branch using nifskope or just add a new collision by hand.