Avast WEBforum
Consumer Products => Avast Free Antivirus / Premium Security (legacy Pro Antivirus, Internet Security, Premier) => Topic started by: Gavin10 on March 19, 2020, 01:16:16 AM
-
Hello,
Over the weekend i had to reboot my computer to complete a windows update and i think an AVAST update took place at the same time. Since the reboot, whenever i run the War Thunder executable i get a crash message just titled 'Fatal Error' and when i click on ok,the game closes.
My Event Viewer logs show:
Faulting application name: aces.exe, version: 1.97.0.61, time stamp: 0x5e709034
Faulting module name: aswAMSI.dll, version: 20.1.5069.0, time stamp: 0x5e4bd38b
Faulting application path: D:\Program Files (x86)\Steam\steamapps\common\War Thunder\win64\aces.exe
Faulting module path: C:\Program Files\AVAST Software\Avast\aswAMSI.dll
Im being advised on the War Thunder forums that this is an Avast issue as that the only way to resolve this is to uninstall Avast and to find another AV software.
Any advice on how i get this all working again?
-
- Which Avast..? (Free/Pro/IS/Premium)
- Which version/build of Avast..?
- OS..? (32/64 Bit..? - which SP/Build..?)
- Other security related software installed..?
- Which AV(s) did you use before Avast..?
-
Hi,
Its Avast Premium Security
Program Version 20.1.2397 (Build 20.1.5069.559)
Virus Definitions Version 200319-0
UI Version 1.0.460
Im Running Windows 10 Pro Build 1909 64Bit
No other security installed apart from what comes as part of Windows 10, and no other AV has been present on this pc since it was built
-
Hi Gavin10,
can you try to use procdump utility to create just use mode dump of aces.exe you can download it from :
https://docs.microsoft.com/en-us/sysinternals/downloads/procdump
Run this command on cmd line as admin it registers procdump as the Just-in-Time (AeDebug) debugger. Makes full dumps in c:\dumps (you have to create this folder in advance !!).
C:\>procdump -ma -i c:\dumps
Zip the dump folder as Gavin10_3_2020.zip and upload it to avast ftp server for more details see:
https://support.avast.com/en-eu/article/FTP-file-upload
Thanks for help !
-
Hi,
Sorry, procdump isn't something i have used before. I have downloaded it and run it using the command line switches provided and have this:
C:\Dumps>procdump64 -ma -i c:/Dumps
ProcDump v9.0 - Sysinternals process dump utility
Copyright (C) 2009-2017 Mark Russinovich and Andrew Richards
Sysinternals - www.sysinternals.com
Set to:
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AeDebug
(REG_SZ) Auto = 1
(REG_SZ) Debugger = "C:\Dumps\procdump64.exe" -accepteula -ma -j "c:/Dumps" %ld %ld %p
ProcDump is now set as the Just-in-time (AeDebug) debugger.
Where do i go from here? Running the game doesn't result in any files in the Dumps folder.
I should add that the error i get on screen is generated by the game, its not a windows crash screen. Im unsure if that makes any difference to how procdump works
-
Hi Gavin10,
if any applications crashes its dump should appear in c:\dumps folder. From event log it looked like an application crash. Can you collect avast logs and send upload it ?
Here is how to link https://kb.support.business.avast.com/GetPublicArticle?title=How-to-collect-logs-for-AVG-AntiVirus-and-Internet-Security-Business-Editions
Just copy/paste here the log ID !
Thank you
-
Hi Kwik,
I have collected the Avast logs as instructed. The log file ID is as follows:
20200323_2114_GKX4B_24642.zip
Curiously, i looked in the c:\dumps folder this morning and there is an explorer.exe dump file in there, so procdump is obviously working. Would i be expecting an aces.exe dump for the issue we are looking at though?
-
I got same problem! Are you fixed it now? Please so me how! I'm tried many times but it still that!
-
Still early on in the troubleshooting mate. I do hope to have a positive result though
-
Hi Gavin,
I cant find 20200323_2114_GKX4B_24642.zip package in our system.
Can you try to upload it again to avast ftp server please https://support.avast.com/en-eu/article/FTP-file-upload.
There is a way how to disable whole amsi via registry modification but I wouldnt recommend it !
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows Script\Settings
Create or modify DWORD value: AmsiEnable = 0
-
Hi kwiq
I have uploaded the file to the incoming folder on your FTP
I think Ill hold off that regedit for now in the hope of a proper fix.
-
Hi,
So i had another look at the dump files and found a few for aces.exe in my /local/crashdumps folder.
I have uploaded the zipped dump file to the \incoming folder and passworded it as virus as per the instructions on the site
-
I have uploaded the zipped dump file to the \incoming folder and passworded it as virus as per the instructions on the site
Post the name of the file, so the devs can find it. ;)
-
Zip the dump folder as Gavin10_3_2020.zip and upload it to avast ftp server for more details see:
https://support.avast.com/en-eu/article/FTP-file-upload
Yes, sorry. Filename is as requested in an earlier post. Gavin10_3_2020.zip
-
Hi Gavin10
here is what we found :
APPLICATION_VERIFIER_FLAGS: 0
CONTEXT: (.ecxr)
rax=0000000000010030 rbx=00000000ffffffff rcx=0000000000000000
rdx=000000a03d30d258 rsi=0000000000000100 rdi=0000000000000000
rip=00007ffea1d25578 rsp=000000a03d30d1e8 rbp=0000000000000000
r8=0000040000000000 r9=0000000000000006 r10=000000a03d2fd000
r11=000000a03d303000 r12=00007ffea1cfbfe0 r13=0000000000000001
r14=00007ffea1e547b0 r15=0000000000000000
iopl=0 nv up ei ng nz na po nc
cs=0033 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00010286
aswAMSI!__chkstk+0x38:
00007ffe`a1d25578 41c60300 mov byte ptr [r11],0 ds:000000a0`3d303000=??
Resetting default scope
EXCEPTION_RECORD: (.exr -1)
ExceptionAddress: 00007ffea1d25578 (aswAMSI!__chkstk+0x0000000000000038)
ExceptionCode: c00000fd (Stack overflow)
ExceptionFlags: 00000000
NumberParameters: 2
Parameter[0]: 0000000000000001
Parameter[1]: 000000a03d303000
PROCESS_NAME: aces.exe
ERROR_CODE: (NTSTATUS) 0xc00000fd - A new guard page for the stack cannot be created.
EXCEPTION_CODE_STR: c00000fd
EXCEPTION_PARAMETER1: 0000000000000001
EXCEPTION_PARAMETER2: 000000a03d303000
STACK_TEXT:
000000a0`3d30d1e8 00007ffe`a1cea46a : 00000000`ffffffff 00007ffe`a1cebf71 00000000`00000000 000000a0`3d30d258 : aswAMSI!__chkstk+0x38
000000a0`3d30d200 00007ffe`a1cebf71 : 00000000`00000000 000000a0`3d30d258 03100800`00090600 bfebfbff`7ffafbff : aswAMSI!dep_osGetModName+0x1a
000000a0`3d30d210 00007ffe`a1ce9194 : 00007ffe`a1e547b0 000000a0`00000100 00000209`1a5e2bb0 00000000`00000000 : aswAMSI!dep_brandFindRegistryKey+0x81
000000a0`3d30d2a0 00007ffe`a1c61f3e : 00007ffe`00000001 00007ffe`a1d95830 00006ceb`00000000 ffffffff`fffffffe : aswAMSI!aswcmnosDllMain+0x74
000000a0`3d30d2f0 00007ffe`a1d57e6b : 00000000`00000000 000000a0`3d30d718 00000000`00000005 00000000`000000cf : aswAMSI!`dynamic initializer for 'rootOSInit''+0xe
000000a0`3d30d350 00007ffe`a1cfbccf : 00000000`00000000 000000a0`3d30d718 00000000`00000000 00007ffe`bf5850aa : aswAMSI!_initterm+0x43
000000a0`3d30d380 00007ffe`a1cfbf45 : 00007ffe`a1c60000 00000000`00000000 00000000`00000001 00000209`00000100 : aswAMSI!dllmain_crt_process_attach+0xaf
000000a0`3d30d3c0 00007ffe`bf5850a1 : 00007ffe`a1c60000 00000000`00000001 00000000`00000000 00000000`7ffe0385 : aswAMSI!dllmain_dispatch+0x75
000000a0`3d30d420 00007ffe`bf5c9405 : 00000209`17654b60 00007ffe`a1c60000 00007ffe`00000001 00007ffe`a1d42640 : ntdll!LdrpCallInitRoutine+0x65
000000a0`3d30d490 00007ffe`bf5c91f8 : 00000209`1a458710 00007ffe`bf58c900 00000209`1a458701 00007ffe`00000001 : ntdll!LdrpInitializeNode+0x1b1
000000a0`3d30d5d0 00007ffe`bf58aa97 : 00000000`00000000 00000000`00000000 000000a0`3d30d7d0 000000a0`3d30d718 : ntdll!LdrpInitializeGraphRecurse+0x80
000000a0`3d30d610 00007ffe`bf582591 : 000000a0`3d30d718 000000a0`3d30d720 000000a0`3d30d700 000000a0`3d30d720 : ntdll!LdrpPrepareModuleForExecution+0xbf
000000a0`3d30d650 00007ffe`bf5822a8 : 000000a0`3d30d720 000000a0`3d30d8c0 000000a0`3d30d9b0 000000a0`3d30d8b0 : ntdll!LdrpLoadDllInternal+0x199
000000a0`3d30d6d0 00007ffe`bf581764 : 00000000`00000000 00000000`00000001 00000000`00000001 00007ffe`bdfc0149 : ntdll!LdrpLoadDll+0xa8
000000a0`3d30d880 00007ffe`bd0956f0 : 000000a0`3d30da70 00000000`00000000 000000a0`3d30de90 00007ffe`bc4c1dd3 : ntdll!LdrLoadDll+0xe4
000000a0`3d30d970 00007ffe`68a7d240 : 00007ffe`00000000 000000a0`3d30e188 00000209`1a88ea50 00000000`00000000 : KERNELBASE!LoadLibraryExW+0x170
000000a0`3d30d9e0 00007ffe`00000000 : 000000a0`3d30e188 00000209`1a88ea50 00000000`00000000 000000a0`3d30da70 : gameoverlayrenderer64+0x9d240
000000a0`3d30d9e8 000000a0`3d30e188 : 00000209`1a88ea50 00000000`00000000 000000a0`3d30da70 00007ffe`b3454d17 : 0x00007ffe`00000000
000000a0`3d30d9f0 00000209`1a88ea50 : 00000000`00000000 000000a0`3d30da70 00007ffe`b3454d17 00000000`00000000 : 0x000000a0`3d30e188
000000a0`3d30d9f8 00000000`00000000 : 000000a0`3d30da70 00007ffe`b3454d17 00000000`00000000 00000000`0000020a : 0x00000209`1a88ea50
FAULTING_SOURCE_LINE: d:\agent\_work\3\s\src\vctools\crt\vcstartup\src\misc\amd64\chkstk.asm
FAULTING_SOURCE_FILE: d:\agent\_work\3\s\src\vctools\crt\vcstartup\src\misc\amd64\chkstk.asm
FAULTING_SOURCE_LINE_NUMBER: 109
FAULTING_SOURCE_CODE:
No source found for 'd:\agent\_work\3\s\src\vctools\crt\vcstartup\src\misc\amd64\chkstk.asm'
SYMBOL_NAME: aswAMSI!__chkstk+38
MODULE_NAME: aswAMSI
IMAGE_NAME: aswAMSI.dll
STACK_COMMAND: dt ntdll!LdrpLastDllInitializer BaseDllName ; dt ntdll!LdrpFailureData ; ~9s ; .ecxr ; kb
FAILURE_BUCKET_ID: STACK_OVERFLOW_c00000fd_aswAMSI.dll!__chkstk
OS_VERSION: 10.0.18362.1
BUILDLAB_STR: 19h1_release
OSPLATFORM_TYPE: x64
OSNAME: Windows 10
aces.exe ran out of stack because aswamsi added few frames to load library stack.
We will try to fix it asap
Thank you for help !
-
Awesome work. Thanks for getting to the bottom of this.
I hope there is a fix soon