AVAST and War Thunder (game) lock horns

Hello,
Over the weekend i had to reboot my computer to complete a windows update and i think an AVAST update took place at the same time. Since the reboot, whenever i run the War Thunder executable i get a crash message just titled ‘Fatal Error’ and when i click on ok,the game closes.
My Event Viewer logs show:
Faulting application name: aces.exe, version: 1.97.0.61, time stamp: 0x5e709034
Faulting module name: aswAMSI.dll, version: 20.1.5069.0, time stamp: 0x5e4bd38b

Faulting application path: D:\Program Files (x86)\Steam\steamapps\common\War Thunder\win64\aces.exe
Faulting module path: C:\Program Files\AVAST Software\Avast\aswAMSI.dll

Im being advised on the War Thunder forums that this is an Avast issue as that the only way to resolve this is to uninstall Avast and to find another AV software.

Any advice on how i get this all working again?

  • Which Avast…? (Free/Pro/IS/Premium)
  • Which version/build of Avast…?
  • OS…? (32/64 Bit…? - which SP/Build…?)
  • Other security related software installed…?
  • Which AV(s) did you use before Avast…?

Hi,
Its Avast Premium Security
Program Version 20.1.2397 (Build 20.1.5069.559)
Virus Definitions Version 200319-0
UI Version 1.0.460

Im Running Windows 10 Pro Build 1909 64Bit

No other security installed apart from what comes as part of Windows 10, and no other AV has been present on this pc since it was built

Hi Gavin10,
can you try to use procdump utility to create just use mode dump of aces.exe you can download it from :

https://docs.microsoft.com/en-us/sysinternals/downloads/procdump

Run this command on cmd line as admin it registers procdump as the Just-in-Time (AeDebug) debugger. Makes full dumps in c:\dumps (you have to create this folder in advance !!).

C:>procdump -ma -i c:\dumps

Zip the dump folder as Gavin10_3_2020.zip and upload it to avast ftp server for more details see:
https://support.avast.com/en-eu/article/FTP-file-upload

Thanks for help !

Hi,
Sorry, procdump isn’t something i have used before. I have downloaded it and run it using the command line switches provided and have this:

C:\Dumps>procdump64 -ma -i c:/Dumps

ProcDump v9.0 - Sysinternals process dump utility
Copyright (C) 2009-2017 Mark Russinovich and Andrew Richards
Sysinternals - www.sysinternals.com

Set to:
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AeDebug
(REG_SZ) Auto = 1
(REG_SZ) Debugger = “C:\Dumps\procdump64.exe” -accepteula -ma -j “c:/Dumps” %ld %ld %p

ProcDump is now set as the Just-in-time (AeDebug) debugger.

Where do i go from here? Running the game doesn’t result in any files in the Dumps folder.

I should add that the error i get on screen is generated by the game, its not a windows crash screen. Im unsure if that makes any difference to how procdump works

Hi Gavin10,
if any applications crashes its dump should appear in c:\dumps folder. From event log it looked like an application crash. Can you collect avast logs and send upload it ?

Here is how to link https://kb.support.business.avast.com/GetPublicArticle?title=How-to-collect-logs-for-AVG-AntiVirus-and-Internet-Security-Business-Editions

Just copy/paste here the log ID !
Thank you

Hi Kwik,
I have collected the Avast logs as instructed. The log file ID is as follows:
20200323_2114_GKX4B_24642.zip

Curiously, i looked in the c:\dumps folder this morning and there is an explorer.exe dump file in there, so procdump is obviously working. Would i be expecting an aces.exe dump for the issue we are looking at though?

I got same problem! Are you fixed it now? Please so me how! I’m tried many times but it still that!

Still early on in the troubleshooting mate. I do hope to have a positive result though

Hi Gavin,
I cant find 20200323_2114_GKX4B_24642.zip package in our system.
Can you try to upload it again to avast ftp server please https://support.avast.com/en-eu/article/FTP-file-upload.

There is a way how to disable whole amsi via registry modification but I wouldnt recommend it !

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows Script\Settings
Create or modify DWORD value: AmsiEnable = 0

Hi kwiq
I have uploaded the file to the incoming folder on your FTP

I think Ill hold off that regedit for now in the hope of a proper fix.

Hi,
So i had another look at the dump files and found a few for aces.exe in my /local/crashdumps folder.

I have uploaded the zipped dump file to the \incoming folder and passworded it as virus as per the instructions on the site

Post the name of the file, so the devs can find it. :wink:

Yes, sorry. Filename is as requested in an earlier post. Gavin10_3_2020.zip

Hi Gavin10
here is what we found :
APPLICATION_VERIFIER_FLAGS: 0

CONTEXT: (.ecxr)
rax=0000000000010030 rbx=00000000ffffffff rcx=0000000000000000
rdx=000000a03d30d258 rsi=0000000000000100 rdi=0000000000000000
rip=00007ffea1d25578 rsp=000000a03d30d1e8 rbp=0000000000000000
r8=0000040000000000 r9=0000000000000006 r10=000000a03d2fd000
r11=000000a03d303000 r12=00007ffea1cfbfe0 r13=0000000000000001
r14=00007ffea1e547b0 r15=0000000000000000
iopl=0 nv up ei ng nz na po nc
cs=0033 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00010286
aswAMSI!__chkstk+0x38:
00007ffea1d25578 41c60300 mov byte ptr [r11],0 ds:000000a03d303000=??
Resetting default scope

EXCEPTION_RECORD: (.exr -1)
ExceptionAddress: 00007ffea1d25578 (aswAMSI!__chkstk+0x0000000000000038)
ExceptionCode: c00000fd (Stack overflow)
ExceptionFlags: 00000000
NumberParameters: 2
Parameter[0]: 0000000000000001
Parameter[1]: 000000a03d303000

PROCESS_NAME: aces.exe

ERROR_CODE: (NTSTATUS) 0xc00000fd - A new guard page for the stack cannot be created.

EXCEPTION_CODE_STR: c00000fd

EXCEPTION_PARAMETER1: 0000000000000001

EXCEPTION_PARAMETER2: 000000a03d303000

STACK_TEXT:
000000a03d30d1e8 00007ffea1cea46a : 00000000ffffffff 00007ffea1cebf71 0000000000000000 000000a03d30d258 : aswAMSI!__chkstk+0x38
000000a03d30d200 00007ffea1cebf71 : 0000000000000000 000000a03d30d258 0310080000090600 bfebfbff7ffafbff : aswAMSI!dep_osGetModName+0x1a
000000a03d30d210 00007ffea1ce9194 : 00007ffea1e547b0 000000a000000100 000002091a5e2bb0 0000000000000000 : aswAMSI!dep_brandFindRegistryKey+0x81
000000a03d30d2a0 00007ffea1c61f3e : 00007ffe00000001 00007ffea1d95830 00006ceb00000000 fffffffffffffffe : aswAMSI!aswcmnosDllMain+0x74
000000a03d30d2f0 00007ffea1d57e6b : 0000000000000000 000000a03d30d718 0000000000000005 00000000000000cf : aswAMSI!dynamic initializer for 'rootOSInit''+0xe 000000a03d30d350 00007ffea1cfbccf : 0000000000000000 000000a03d30d718 0000000000000000 00007ffebf5850aa : aswAMSI!_initterm+0x43 000000a03d30d380 00007ffea1cfbf45 : 00007ffea1c60000 0000000000000000 0000000000000001 0000020900000100 : aswAMSI!dllmain_crt_process_attach+0xaf 000000a03d30d3c0 00007ffebf5850a1 : 00007ffea1c60000 0000000000000001 0000000000000000 000000007ffe0385 : aswAMSI!dllmain_dispatch+0x75 000000a03d30d420 00007ffebf5c9405 : 0000020917654b60 00007ffea1c60000 00007ffe00000001 00007ffea1d42640 : ntdll!LdrpCallInitRoutine+0x65 000000a03d30d490 00007ffebf5c91f8 : 000002091a458710 00007ffebf58c900 000002091a458701 00007ffe00000001 : ntdll!LdrpInitializeNode+0x1b1 000000a03d30d5d0 00007ffebf58aa97 : 0000000000000000 0000000000000000 000000a03d30d7d0 000000a03d30d718 : ntdll!LdrpInitializeGraphRecurse+0x80 000000a03d30d610 00007ffebf582591 : 000000a03d30d718 000000a03d30d720 000000a03d30d700 000000a03d30d720 : ntdll!LdrpPrepareModuleForExecution+0xbf 000000a03d30d650 00007ffebf5822a8 : 000000a03d30d720 000000a03d30d8c0 000000a03d30d9b0 000000a03d30d8b0 : ntdll!LdrpLoadDllInternal+0x199 000000a03d30d6d0 00007ffebf581764 : 0000000000000000 0000000000000001 0000000000000001 00007ffebdfc0149 : ntdll!LdrpLoadDll+0xa8 000000a03d30d880 00007ffebd0956f0 : 000000a03d30da70 0000000000000000 000000a03d30de90 00007ffebc4c1dd3 : ntdll!LdrLoadDll+0xe4 000000a03d30d970 00007ffe68a7d240 : 00007ffe00000000 000000a03d30e188 000002091a88ea50 0000000000000000 : KERNELBASE!LoadLibraryExW+0x170 000000a03d30d9e0 00007ffe00000000 : 000000a03d30e188 000002091a88ea50 0000000000000000 000000a03d30da70 : gameoverlayrenderer64+0x9d240 000000a03d30d9e8 000000a03d30e188 : 000002091a88ea50 0000000000000000 000000a03d30da70 00007ffeb3454d17 : 0x00007ffe00000000
000000a03d30d9f0 000002091a88ea50 : 0000000000000000 000000a03d30da70 00007ffeb3454d17 0000000000000000 : 0x000000a03d30e188 000000a03d30d9f8 0000000000000000 : 000000a03d30da70 00007ffeb3454d17 0000000000000000 000000000000020a : 0x000002091a88ea50

FAULTING_SOURCE_LINE: d:\agent_work\3\s\src\vctools\crt\vcstartup\src\misc\amd64\chkstk.asm

FAULTING_SOURCE_FILE: d:\agent_work\3\s\src\vctools\crt\vcstartup\src\misc\amd64\chkstk.asm

FAULTING_SOURCE_LINE_NUMBER: 109

FAULTING_SOURCE_CODE:
No source found for ‘d:\agent_work\3\s\src\vctools\crt\vcstartup\src\misc\amd64\chkstk.asm’

SYMBOL_NAME: aswAMSI!__chkstk+38

MODULE_NAME: aswAMSI

IMAGE_NAME: aswAMSI.dll

STACK_COMMAND: dt ntdll!LdrpLastDllInitializer BaseDllName ; dt ntdll!LdrpFailureData ; ~9s ; .ecxr ; kb

FAILURE_BUCKET_ID: STACK_OVERFLOW_c00000fd_aswAMSI.dll!__chkstk

OS_VERSION: 10.0.18362.1

BUILDLAB_STR: 19h1_release

OSPLATFORM_TYPE: x64

OSNAME: Windows 10

aces.exe ran out of stack because aswamsi added few frames to load library stack.
We will try to fix it asap
Thank you for help !

Awesome work. Thanks for getting to the bottom of this.

I hope there is a fix soon