There’s currently no log as it BSOD my machine. I do have a windows dump file I’ll pull up here but this is 100% unacceptable. Never have I had anticheats do so poorly and cause so many issues then EasyAntiCheat.
************* Path validation summary **************
Response Time (ms) Location
Deferred srv*
Symbol search path is: srv*
Executable search path is:
Windows 10 Kernel Version 19041 MP (12 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Edition build lab: 19041.1.amd64fre.vb_release.191206-1406
Machine Name:
Kernel base = 0xfffff8042bc00000 PsLoadedModuleList = 0xfffff804
2c82a2b0
Debug session time: Wed Dec 7 12:52:01.313 2022 (UTC - 5:00)
System Uptime: 2 days 11:39:52.975
Loading Kernel Symbols
…
…Page 141a13 not present in the dump file. Type “.hh dbgerr004” for details
…Page 14724e not present in the dump file. Type “.hh dbgerr004” for details
…
…
…
Loading User Symbols
Loading unloaded module list
…
For analysis of this file, run !analyze -v
nt!KeBugCheckEx:
fffff8042bff92d0 48894c2408 mov qword ptr [rsp+8],rcx ss:0018:ffffdc08
1e5cb550=0000000000000139
3: kd> !analyze -v
-
*
-
Bugcheck Analysis *
-
*
KERNEL_SECURITY_CHECK_FAILURE (139)
A kernel component has corrupted a critical data structure. The corruption
could potentially allow a malicious user to gain control of this machine.
Arguments:
Arg1: 0000000000000eac, Type of memory safety violation
Arg2: ffffdc081e5cb870, Address of the trap frame for the exception that caused the BugCheck
Arg3: ffffdc081e5cb7c8, Address of the exception record for the exception that caused the BugCheck
Arg4: 0000000000000000, Reserved
Debugging Details:
KEY_VALUES_STRING: 1
Key : Analysis.CPU.mSec
Value: 3139
Key : Analysis.DebugAnalysisManager
Value: Create
Key : Analysis.Elapsed.mSec
Value: 5097
Key : Analysis.IO.Other.Mb
Value: 9
Key : Analysis.IO.Read.Mb
Value: 0
Key : Analysis.IO.Write.Mb
Value: 26
Key : Analysis.Init.CPU.mSec
Value: 2296
Key : Analysis.Init.Elapsed.mSec
Value: 18329
Key : Analysis.Memory.CommitPeak.Mb
Value: 99
Key : Bugcheck.Code.DumpHeader
Value: 0x139
Key : Bugcheck.Code.KiBugCheckData
Value: 0x139
Key : Bugcheck.Code.Register
Value: 0x139
Key : FailFast.Type
Value: 3756
Key : WER.OS.Branch
Value: vb_release
Key : WER.OS.Timestamp
Value: 2019-12-06T14:06:00Z
Key : WER.OS.Version
Value: 10.0.19041.1
FILE_IN_CAB: MEMORY.DMP
BUGCHECK_CODE: 139
BUGCHECK_P1: eac
BUGCHECK_P2: ffffdc081e5cb870
BUGCHECK_P3: ffffdc081e5cb7c8
BUGCHECK_P4: 0
TRAP_FRAME: ffffdc081e5cb870 – (.trap 0xffffdc081e5cb870)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=fffff80579a3c10f rbx=0000000000000000 rcx=0000000000000eac
rdx=0000000001091080 rsi=0000000000000000 rdi=0000000000000000
rip=fffff80579a3c114 rsp=ffffdc081e5cba08 rbp=fffffffff75f7cef
r8=0000000000000000 r9=fffff80579640074 r10=ffffdc081e5cbb98
r11=0000000000000030 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei pl nz na po nc
EasyAntiCheat_EOS+0xa5c114:
fffff805`79a3c114 cd29 int 29h
Resetting default scope
EXCEPTION_RECORD: ffffdc081e5cb7c8 – (.exr 0xffffdc081e5cb7c8)
ExceptionAddress: fffff80579a3c114 (EasyAntiCheat_EOS+0x0000000000a5c114)
ExceptionCode: c0000409 (Security check failure or stack buffer overrun)
ExceptionFlags: 00000001
NumberParameters: 1
Parameter[0]: 0000000000000eac
Subcode: 0xeac (unknown subcode)
BLACKBOXBSD: 1 (!blackboxbsd)
BLACKBOXNTFS: 1 (!blackboxntfs)
BLACKBOXPNP: 1 (!blackboxpnp)
BLACKBOXWINLOGON: 1
PROCESS_NAME: System
ERROR_CODE: (NTSTATUS) 0xc0000409 - The system detected an overrun of a stack-based buffer in this application. This overrun could potentially allow a malicious user to gain control of this application.
EXCEPTION_CODE_STR: c0000409
EXCEPTION_PARAMETER1: 0000000000000eac
EXCEPTION_STR: 0xc0000409
STACK_TEXT:
ffffdc081e5cb548 fffff804
2c00d329 : 0000000000000139 00000000
00000eac ffffdc081e5cb870 ffffdc08
1e5cb7c8 : nt!KeBugCheckEx
ffffdc081e5cb550 fffff804
2c00d890 : 0000000000000000 ffffdc08
1e5cbb98 0000000000000001 00000000
00000000 : nt!KiBugCheckDispatch+0x69
ffffdc081e5cb690 fffff804
2c00b85d : 0000000000000000 00000000
00000000 fb53a727f736a217 f827a778
f4ffcfbf : nt!KiFastFailDispatch+0xd0
ffffdc081e5cb870 fffff805
79a3c114 : f183b6b7f125d875 fa8a24c1
faea2f0b fb87b412f400063b f06102d9
ff7e5936 : nt!KiRaiseSecurityCheckFailure+0x31d
ffffdc081e5cba08 f183b6b7
f125d875 : fa8a24c1faea2f0b fb87b412
f400063b f06102d9ff7e5936 f202498a
fdb4bda4 : EasyAntiCheat_EOS+0xa5c114
ffffdc081e5cba10 fa8a24c1
faea2f0b : fb87b412f400063b f06102d9
ff7e5936 f202498afdb4bda4 f38d22cf
f649d1b1 : 0xf183b6b7f125d875 ffffdc08
1e5cba18 fb87b412f400063b : f06102d9
ff7e5936 f202498afdb4bda4 f38d22cf
f649d1b1 ffffffffffffffff : 0xfa8a24c1
faea2f0b
ffffdc081e5cba20 f06102d9
ff7e5936 : f202498afdb4bda4 f38d22cf
f649d1b1 ffffffffffffffff 00000000
00000000 : 0xfb87b412f400063b ffffdc08
1e5cba28 f202498afdb4bda4 : f38d22cf
f649d1b1 ffffffffffffffff 00000000
00000000 0000000000000000 : 0xf06102d9
ff7e5936
ffffdc081e5cba30 f38d22cf
f649d1b1 : ffffffffffffffff 00000000
00000000 0000000000000000 00000000
00000000 : 0xf202498afdb4bda4 ffffdc08
1e5cba38 ffffffffffffffff : 00000000
00000000 0000000000000000 00000000
00000000 0000000000000000 : 0xf38d22cf
f649d1b1
ffffdc081e5cba40 00000000
00000000 : 0000000000000000 00000000
00000000 0000000000000000 00000000
00000000 : 0xffffffff`ffffffff
SYMBOL_NAME: EasyAntiCheat_EOS+a5c114
MODULE_NAME: EasyAntiCheat_EOS
IMAGE_NAME: EasyAntiCheat_EOS.sys
IMAGE_VERSION: 1.0.0.0
STACK_COMMAND: .cxr; .ecxr ; kb
BUCKET_ID_FUNC_OFFSET: a5c114
FAILURE_BUCKET_ID: 0x139_MISSING_GSFRAME_EasyAntiCheat_EOS!unknown_function
OS_VERSION: 10.0.19041.1
BUILDLAB_STR: vb_release
OSPLATFORM_TYPE: x64
OSNAME: Windows 10
FAILURE_ID_HASH: {dde04553-d42f-b4d7-f06a-e1871a067075}
Followup: MachineOwner