BSOD with Battleye and GhostRecon Breakpoint

kfarley215 · Oct 3, 2021

Typical BSOD when Battleye is launched for GhostRecon Wildlands. I can't figure it out Debug files attached. I appreciate the assistance!

MrPepka · Oct 3, 2021

Submit a complete memory dump (MEMORY.dmp file from C:\Windows)

kfarley215 · Oct 3, 2021

The dump file and a compressed exceed server limits, but a link to the file is here: MEMORY.zip

Thanks!

x BlueRobot · Oct 4, 2021

Please remove or update BattleEye, it's the reason for the crashes and typically crashes almost all the time.

Rich (BB code):

2: kd> lmvm BEDaisy
Browse full module list
start             end                 module name
fffff805`a2cc0000 fffff805`a2ffb000   BEDaisy    (no symbols)           
    Loaded symbol image file: BEDaisy.sys
    Image path: \??\C:\Program Files (x86)\Common Files\BattlEye\BEDaisy.sys
    Image name: BEDaisy.sys
    Browse all global symbols  functions  data
    Timestamp:        Thu Jan  7 19:19:25 2021 (5FF75EBD)
    CheckSum:         003443DC
    ImageSize:        0033B000
    Translations:     0000.04b0 0000.04e4 0409.04b0 0409.04e4
    Information from resource tables:

kfarley215 · Oct 4, 2021

First off, thanks for checking into this. Now, here are the reasons behind this issue.

1. Ubisoft requires Battleye for its newer games; Ghost Recon: Breakpoint and Watchdogs: Legion. It is not an option.

2. Both games were working until 2 weeks ago. This may be related to a Windows 10 update.

3. I have uninstalled both games and Battleye numerous times and the problem does not change.

4. Other Ubisoft games work, so this appears to be Battleye related.

Is there a way to determine what instruction in Battleye is causing this issue?

I am also going back and forth with Ubisoft on this issue but they think it is a network port issue, when it is not a network port issue as I have not changed my network equipment or setup in 2 years.

Thanks, again!

x BlueRobot · Oct 5, 2021

It's not a network-related issue, it's related to how the their driver is queuing up APC objects. Here's the exception code:

Rich (BB code):

2: kd> .exr 0xffffcf00643271d8
ExceptionAddress: fffff8050908722d (nt!KiExitDispatcher+0x00000000000001ad)
   ExceptionCode: c0000409 (Security check failure or stack buffer overrun)
  ExceptionFlags: 00000001
NumberParameters: 1
   Parameter[0]: 0000000000000003
Subcode: 0x3 FAST_FAIL_CORRUPT_LIST_ENTRY

Here's the call stack:

Rich (BB code):

2: kd> knL
 # Child-SP          RetAddr           Call Site
00 ffffcf00`64326f58 fffff805`09209169 nt!KeBugCheckEx
01 ffffcf00`64326f60 fffff805`09209590 nt!KiBugCheckDispatch+0x69
02 ffffcf00`643270a0 fffff805`09207923 nt!KiFastFailDispatch+0xd0
03 ffffcf00`64327280 fffff805`0908722d nt!KiRaiseSecurityCheckFailure+0x323
04 ffffcf00`64327410 fffff805`090fb651 nt!KiExitDispatcher+0x1ad << Exception thrown here
05 ffffcf00`64327480 fffff805`a2ff207a nt!KeInsertQueueApc+0x151 << Crash here, linked list is corrupted
06 ffffcf00`64327520 fffff805`a2fecebd BEDaisy+0x33207a << BattleEye Driver
07 ffffcf00`64327790 fffff805`a2fefff1 BEDaisy+0x32cebd
08 ffffcf00`643278e0 fffff805`09155855 BEDaisy+0x32fff1
09 ffffcf00`64327b10 fffff805`091fe818 nt!PspSystemThreadStartup+0x55
0a ffffcf00`64327b60 00000000`00000000 nt!KiStartSystemThread+0x28

APC queues are implemented as a doubly linked lists, which explains why the driver has caused a list entry related exception. It appears, according to WinDbg, that the driver has attempted to remove an entry from the linked list which has already been removed. This is known as a double free and is a critical system error hence the bugcheck. From my understanding, KiExitDispatcher will actually check and see if there is any pending APCs in the APC queue and the execute them. This will cause the linked list to be "emptied".

MrPepka · Oct 5, 2021

The question is, can BattlEye really be unanimously guilty? It should be remembered that BattlEye is anti-cheat software, and these, like any other software, uses undocumented APIs (including that is why you should not use Driver Verifier on such software), maybe another driver that conflicts with the one from BattlEye is really problematic ? BattlEye itself works for others, why can't OP?

x BlueRobot · Oct 5, 2021

MrPepka said:
BattlEye itself works for others, why can't OP?

You could argue that point with any software; some people will have issues with Malwarebytes, whereas, most will not. There could be a bug which only occurs in very particular circumstances. I've written plenty of software which had very nuanced bugs.

kfarley215 · Oct 7, 2021

I have run some error checking, chkdsk and re-installed many applications, including Battleye. I have posted the prior debug information on the Battleye support site. Could someone please review this latest windows.dmp file to see if it points to the same thing? I can't figure out why this appears to be a problem for me but not other users and it only started in the last three weeks with no real changes in my environment. Thanks!

MEMORY.zip

x BlueRobot · Oct 8, 2021

Rich (BB code):

KERNEL_SECURITY_CHECK_FAILURE (139)
A kernel component has corrupted a critical data structure.  The corruption
could potentially allow a malicious user to gain control of this machine.
Arguments:
Arg1: 0000000000000003, A LIST_ENTRY has been corrupted (i.e. double remove).
Arg2: ffffb681eff57280, Address of the trap frame for the exception that caused the bugcheck
Arg3: ffffb681eff571d8, Address of the exception record for the exception that caused the bugcheck
Arg4: 0000000000000000, Reserved

Rich (BB code):

12: kd> .exr 0xffffb681eff571d8
ExceptionAddress: fffff80126c8722d (nt!KiExitDispatcher+0x00000000000001ad)
   ExceptionCode: c0000409 (Security check failure or stack buffer overrun)
  ExceptionFlags: 00000001
NumberParameters: 1
   Parameter[0]: 0000000000000003
Subcode: 0x3 FAST_FAIL_CORRUPT_LIST_ENTRY

Rich (BB code):

12: kd> knL
 # Child-SP          RetAddr           Call Site
00 ffffb681`eff56f58 fffff801`26e09169 nt!KeBugCheckEx
01 ffffb681`eff56f60 fffff801`26e09590 nt!KiBugCheckDispatch+0x69
02 ffffb681`eff570a0 fffff801`26e07923 nt!KiFastFailDispatch+0xd0
03 ffffb681`eff57280 fffff801`26c8722d nt!KiRaiseSecurityCheckFailure+0x323
04 ffffb681`eff57410 fffff801`26cfb651 nt!KiExitDispatcher+0x1ad
05 ffffb681`eff57480 fffff801`c2ef207a nt!KeInsertQueueApc+0x151
06 ffffb681`eff57520 fffff801`c2eecebd BEDaisy+0x33207a
07 ffffb681`eff57790 fffff801`c2eefff1 BEDaisy+0x32cebd
08 ffffb681`eff578e0 fffff801`26d55855 BEDaisy+0x32fff1
09 ffffb681`eff57b10 fffff801`26dfe808 nt!PspSystemThreadStartup+0x55
0a ffffb681`eff57b60 00000000`00000000 nt!KiStartSystemThread+0x28

It's the exact same issue as the previous crash.

Rich (BB code):

12: kd> lmvm BEDaisy
Browse full module list
start             end                 module name
fffff801`c2bc0000 fffff801`c2efb000   BEDaisy    (no symbols)           
    Loaded symbol image file: BEDaisy.sys
    Image path: \??\C:\Program Files (x86)\Common Files\BattlEye\BEDaisy.sys
    Image name: BEDaisy.sys
    Browse all global symbols  functions  data
    Timestamp:        Thu Jan  7 19:19:25 2021 (5FF75EBD)
    CheckSum:         003443DC
    ImageSize:        0033B000
    Translations:     0000.04b0 0000.04e4 0409.04b0 0409.04e4
    Information from resource tables:

xrobwx71 · Oct 8, 2021

If I may interject, I had the exact same issue with BattleEye. It worked fine for months and after a BattleEye update, I started having BSOD's with it as the culprit.

I never found a workaround, I simply quit playing that game, waited a few months and it worked after another BattleEye update.

This is not an isolated incident. If you look at the gaming forums, BattleEye has a lot of problems.

kfarley215 · Oct 8, 2021

Thanks for the great support, all! Amazing to have folks like yourselves help diagnose issues like this. I'm a supporter of the site!

JRodriguez17 · Oct 11, 2021

kfarley215 said:
¡Gracias a todos por el gran apoyo! Es increíble que personas como ustedes ayuden a diagnosticar problemas como este. ¡Soy partidario del sitio!

Tu problema ha sido resuelto, a mi también me pasa lo mismo

x BlueRobot · Oct 11, 2021

JRodriguez17 said:
Tu problema ha sido resuelto, a mi también me pasa lo mismo

Please accompany your post with English translations.

Translation:

Your problem has been solved, the same thing happens to me too

Search

Search

BSOD with Battleye and GhostRecon Breakpoint

kfarley215

Member

Attachments

MrPepka

Sysnative Staff, BSOD Kernel Dump Senior Analyst

kfarley215

Member

x BlueRobot

Administrator

kfarley215

Member

x BlueRobot

Administrator

MrPepka

Sysnative Staff, BSOD Kernel Dump Senior Analyst

x BlueRobot

Administrator

kfarley215

Member

x BlueRobot

Administrator

xrobwx71

Administrator

kfarley215

Member

JRodriguez17

Member

x BlueRobot

Administrator