Avast WEBforum

Consumer Products => Avast Free Antivirus / Premium Security (legacy Pro Antivirus, Internet Security, Premier) => Topic started by: Gavin10 on March 19, 2020, 01:16:16 AM

Title: AVAST and War Thunder (game) lock horns
Post by: Gavin10 on March 19, 2020, 01:16:16 AM
Hello,
Over the weekend i had to reboot my computer to complete a windows update and i think an AVAST update took place at the same time. Since the reboot, whenever i run the War Thunder executable i get a crash message just titled 'Fatal Error' and when i click on ok,the game closes.
My Event Viewer logs show:
Faulting application name: aces.exe, version: 1.97.0.61, time stamp: 0x5e709034
Faulting module name: aswAMSI.dll, version: 20.1.5069.0, time stamp: 0x5e4bd38b

Faulting application path: D:\Program Files (x86)\Steam\steamapps\common\War Thunder\win64\aces.exe
Faulting module path: C:\Program Files\AVAST Software\Avast\aswAMSI.dll

Im being advised on the War Thunder forums that this is an Avast issue as that the only way to resolve this is to uninstall Avast and to find another AV software.

Any advice on how i get this all working again?
Title: Re: AVAST and War Thunder (game) lock horns
Post by: Asyn on March 20, 2020, 10:04:10 AM
- Which Avast..? (Free/Pro/IS/Premium)
- Which version/build of Avast..?
- OS..? (32/64 Bit..? - which SP/Build..?)
- Other security related software installed..?
- Which AV(s) did you use before Avast..?
Title: Re: AVAST and War Thunder (game) lock horns
Post by: Gavin10 on March 20, 2020, 10:26:18 AM
Hi,
Its Avast Premium Security
Program Version 20.1.2397 (Build 20.1.5069.559)
Virus Definitions Version 200319-0
UI Version 1.0.460

Im Running Windows 10 Pro Build 1909 64Bit

No other security installed apart from what comes as part of Windows 10, and no other AV has been present on this pc since it was built
Title: Re: AVAST and War Thunder (game) lock horns
Post by: kwiq on March 20, 2020, 10:34:44 AM
Hi Gavin10,
can you try to use procdump utility to create just use mode dump of aces.exe you can download it from :

https://docs.microsoft.com/en-us/sysinternals/downloads/procdump

Run this command on cmd line as admin it registers procdump as the Just-in-Time (AeDebug) debugger. Makes full dumps in c:\dumps (you have to create this folder in advance !!).

C:\>procdump -ma -i c:\dumps

Zip the dump folder as Gavin10_3_2020.zip and upload it to avast ftp server for more details see:
https://support.avast.com/en-eu/article/FTP-file-upload

Thanks for help !
Title: Re: AVAST and War Thunder (game) lock horns
Post by: Gavin10 on March 20, 2020, 11:22:04 AM
Hi,
Sorry, procdump isn't something i have used before. I have downloaded it and run it using the command line switches provided and have this:

C:\Dumps>procdump64 -ma -i c:/Dumps

ProcDump v9.0 - Sysinternals process dump utility
Copyright (C) 2009-2017 Mark Russinovich and Andrew Richards
Sysinternals - www.sysinternals.com

Set to:
  HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AeDebug
    (REG_SZ) Auto     = 1
    (REG_SZ) Debugger = "C:\Dumps\procdump64.exe" -accepteula -ma -j "c:/Dumps" %ld %ld %p

ProcDump is now set as the Just-in-time (AeDebug) debugger.

Where do i go from here? Running the game doesn't result in any files in the Dumps folder.

I should add that the error i get on screen is generated by the game, its not a windows crash screen. Im unsure if that makes any difference to how procdump works
Title: Re: AVAST and War Thunder (game) lock horns
Post by: kwiq on March 23, 2020, 09:40:08 AM
Hi Gavin10,
if any applications crashes its dump should appear in c:\dumps folder. From event log it looked like an application crash. Can you collect avast logs and send upload it ?

Here is how to link https://kb.support.business.avast.com/GetPublicArticle?title=How-to-collect-logs-for-AVG-AntiVirus-and-Internet-Security-Business-Editions

Just copy/paste here the log ID !
Thank you
Title: Re: AVAST and War Thunder (game) lock horns
Post by: Gavin10 on March 23, 2020, 10:23:19 PM
Hi Kwik,
I have collected the Avast logs as instructed. The log file ID is as follows:
20200323_2114_GKX4B_24642.zip

Curiously, i looked in the c:\dumps folder this morning and there is an explorer.exe dump file in there, so procdump is obviously working. Would i be expecting an aces.exe dump for the issue we are looking at though?
Title: Re: AVAST and War Thunder (game) lock horns
Post by: Tantony on March 24, 2020, 08:58:14 AM
I got same problem! Are you fixed it now? Please so me how! I'm tried many times but it still that!
Title: Re: AVAST and War Thunder (game) lock horns
Post by: Gavin10 on March 24, 2020, 11:08:31 AM
Still early on in the troubleshooting mate. I do hope to have a positive result though
Title: Re: AVAST and War Thunder (game) lock horns
Post by: kwiq on March 25, 2020, 09:40:03 AM
Hi Gavin,
I cant find 20200323_2114_GKX4B_24642.zip package in our system.
Can you try to upload it again to avast ftp server please https://support.avast.com/en-eu/article/FTP-file-upload.

There is a way how to disable whole amsi via registry modification but I wouldnt recommend it !

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows Script\Settings
Create or modify DWORD value: AmsiEnable = 0
Title: Re: AVAST and War Thunder (game) lock horns
Post by: Gavin10 on March 25, 2020, 10:31:16 PM
Hi kwiq
I have uploaded the file to the incoming folder on your FTP

I think Ill hold off that regedit for now in the hope of a proper fix.
Title: Re: AVAST and War Thunder (game) lock horns
Post by: Gavin10 on March 30, 2020, 12:10:25 PM
Hi,
So i had another look at the dump files and found a few for aces.exe in my /local/crashdumps folder.

I have uploaded the zipped dump file to the \incoming folder and passworded it as virus as per the instructions on the site
Title: Re: AVAST and War Thunder (game) lock horns
Post by: Asyn on March 30, 2020, 03:27:38 PM
I have uploaded the zipped dump file to the \incoming folder and passworded it as virus as per the instructions on the site
Post the name of the file, so the devs can find it. ;)
Title: Re: AVAST and War Thunder (game) lock horns
Post by: Gavin10 on March 30, 2020, 11:49:04 PM

Zip the dump folder as Gavin10_3_2020.zip and upload it to avast ftp server for more details see:
https://support.avast.com/en-eu/article/FTP-file-upload


Yes, sorry. Filename is as requested in an earlier post. Gavin10_3_2020.zip
Title: Re: AVAST and War Thunder (game) lock horns
Post by: kwiq on April 06, 2020, 09:56:48 AM
Hi Gavin10
here is what we found :
APPLICATION_VERIFIER_FLAGS:  0

CONTEXT:  (.ecxr)
rax=0000000000010030 rbx=00000000ffffffff rcx=0000000000000000
rdx=000000a03d30d258 rsi=0000000000000100 rdi=0000000000000000
rip=00007ffea1d25578 rsp=000000a03d30d1e8 rbp=0000000000000000
 r8=0000040000000000  r9=0000000000000006 r10=000000a03d2fd000
r11=000000a03d303000 r12=00007ffea1cfbfe0 r13=0000000000000001
r14=00007ffea1e547b0 r15=0000000000000000
iopl=0         nv up ei ng nz na po nc
cs=0033  ss=002b  ds=002b  es=002b  fs=0053  gs=002b             efl=00010286
aswAMSI!__chkstk+0x38:
00007ffe`a1d25578 41c60300        mov     byte ptr [r11],0 ds:000000a0`3d303000=??
Resetting default scope

EXCEPTION_RECORD:  (.exr -1)
ExceptionAddress: 00007ffea1d25578 (aswAMSI!__chkstk+0x0000000000000038)
   ExceptionCode: c00000fd (Stack overflow)
  ExceptionFlags: 00000000
NumberParameters: 2
   Parameter[0]: 0000000000000001
   Parameter[1]: 000000a03d303000

PROCESS_NAME:  aces.exe

ERROR_CODE: (NTSTATUS) 0xc00000fd - A new guard page for the stack cannot be created.

EXCEPTION_CODE_STR:  c00000fd

EXCEPTION_PARAMETER1:  0000000000000001

EXCEPTION_PARAMETER2:  000000a03d303000

STACK_TEXT: 
000000a0`3d30d1e8 00007ffe`a1cea46a : 00000000`ffffffff 00007ffe`a1cebf71 00000000`00000000 000000a0`3d30d258 : aswAMSI!__chkstk+0x38
000000a0`3d30d200 00007ffe`a1cebf71 : 00000000`00000000 000000a0`3d30d258 03100800`00090600 bfebfbff`7ffafbff : aswAMSI!dep_osGetModName+0x1a
000000a0`3d30d210 00007ffe`a1ce9194 : 00007ffe`a1e547b0 000000a0`00000100 00000209`1a5e2bb0 00000000`00000000 : aswAMSI!dep_brandFindRegistryKey+0x81
000000a0`3d30d2a0 00007ffe`a1c61f3e : 00007ffe`00000001 00007ffe`a1d95830 00006ceb`00000000 ffffffff`fffffffe : aswAMSI!aswcmnosDllMain+0x74
000000a0`3d30d2f0 00007ffe`a1d57e6b : 00000000`00000000 000000a0`3d30d718 00000000`00000005 00000000`000000cf : aswAMSI!`dynamic initializer for 'rootOSInit''+0xe
000000a0`3d30d350 00007ffe`a1cfbccf : 00000000`00000000 000000a0`3d30d718 00000000`00000000 00007ffe`bf5850aa : aswAMSI!_initterm+0x43
000000a0`3d30d380 00007ffe`a1cfbf45 : 00007ffe`a1c60000 00000000`00000000 00000000`00000001 00000209`00000100 : aswAMSI!dllmain_crt_process_attach+0xaf
000000a0`3d30d3c0 00007ffe`bf5850a1 : 00007ffe`a1c60000 00000000`00000001 00000000`00000000 00000000`7ffe0385 : aswAMSI!dllmain_dispatch+0x75
000000a0`3d30d420 00007ffe`bf5c9405 : 00000209`17654b60 00007ffe`a1c60000 00007ffe`00000001 00007ffe`a1d42640 : ntdll!LdrpCallInitRoutine+0x65
000000a0`3d30d490 00007ffe`bf5c91f8 : 00000209`1a458710 00007ffe`bf58c900 00000209`1a458701 00007ffe`00000001 : ntdll!LdrpInitializeNode+0x1b1
000000a0`3d30d5d0 00007ffe`bf58aa97 : 00000000`00000000 00000000`00000000 000000a0`3d30d7d0 000000a0`3d30d718 : ntdll!LdrpInitializeGraphRecurse+0x80
000000a0`3d30d610 00007ffe`bf582591 : 000000a0`3d30d718 000000a0`3d30d720 000000a0`3d30d700 000000a0`3d30d720 : ntdll!LdrpPrepareModuleForExecution+0xbf
000000a0`3d30d650 00007ffe`bf5822a8 : 000000a0`3d30d720 000000a0`3d30d8c0 000000a0`3d30d9b0 000000a0`3d30d8b0 : ntdll!LdrpLoadDllInternal+0x199
000000a0`3d30d6d0 00007ffe`bf581764 : 00000000`00000000 00000000`00000001 00000000`00000001 00007ffe`bdfc0149 : ntdll!LdrpLoadDll+0xa8
000000a0`3d30d880 00007ffe`bd0956f0 : 000000a0`3d30da70 00000000`00000000 000000a0`3d30de90 00007ffe`bc4c1dd3 : ntdll!LdrLoadDll+0xe4
000000a0`3d30d970 00007ffe`68a7d240 : 00007ffe`00000000 000000a0`3d30e188 00000209`1a88ea50 00000000`00000000 : KERNELBASE!LoadLibraryExW+0x170
000000a0`3d30d9e0 00007ffe`00000000 : 000000a0`3d30e188 00000209`1a88ea50 00000000`00000000 000000a0`3d30da70 : gameoverlayrenderer64+0x9d240
000000a0`3d30d9e8 000000a0`3d30e188 : 00000209`1a88ea50 00000000`00000000 000000a0`3d30da70 00007ffe`b3454d17 : 0x00007ffe`00000000
000000a0`3d30d9f0 00000209`1a88ea50 : 00000000`00000000 000000a0`3d30da70 00007ffe`b3454d17 00000000`00000000 : 0x000000a0`3d30e188
000000a0`3d30d9f8 00000000`00000000 : 000000a0`3d30da70 00007ffe`b3454d17 00000000`00000000 00000000`0000020a : 0x00000209`1a88ea50


FAULTING_SOURCE_LINE:  d:\agent\_work\3\s\src\vctools\crt\vcstartup\src\misc\amd64\chkstk.asm

FAULTING_SOURCE_FILE:  d:\agent\_work\3\s\src\vctools\crt\vcstartup\src\misc\amd64\chkstk.asm

FAULTING_SOURCE_LINE_NUMBER:  109

FAULTING_SOURCE_CODE: 
No source found for 'd:\agent\_work\3\s\src\vctools\crt\vcstartup\src\misc\amd64\chkstk.asm'


SYMBOL_NAME:  aswAMSI!__chkstk+38

MODULE_NAME: aswAMSI

IMAGE_NAME:  aswAMSI.dll

STACK_COMMAND:  dt ntdll!LdrpLastDllInitializer BaseDllName ; dt ntdll!LdrpFailureData ; ~9s ; .ecxr ; kb

FAILURE_BUCKET_ID:  STACK_OVERFLOW_c00000fd_aswAMSI.dll!__chkstk

OS_VERSION:  10.0.18362.1

BUILDLAB_STR:  19h1_release

OSPLATFORM_TYPE:  x64

OSNAME:  Windows 10

aces.exe ran out of stack because aswamsi added few frames to load library stack.
We will try to fix it asap
Thank you for help !
Title: Re: AVAST and War Thunder (game) lock horns
Post by: Gavin10 on April 06, 2020, 10:20:16 AM
Awesome work. Thanks for getting to the bottom of this.

I hope there is a fix soon