I experience frequent PC Crashes resulting in BSOD while playing Battlefield 2042 too! It's become more and frequent. Like, today It happened about 7 times and I have minidump files for 5 of them. Upon analysis of the Microsoft minidump file, it revealed the culprit being a kernel-mode exception that wasn’t handled caused by the eaanticheat.sys driver. The Exception code indicates an Access Violation, meaning the driver attempted to access memory it wasn’t allowed to. The Parameters (Arg3, Arg4) 0000000000000000 and fffffffffffffff suggest the memory address involved was invalid or out of bounds which reinforces the Access Violation Exception code. The stack shows the crash originated in eaanticheat.sys (eaanticheat+0x26da9be), followed by calls to core Windows kernel functions (nt!KiGeneralProtectionFault, nt!KiExceptionDispatch, etc.). This confirms the issue is with the anti-cheat driver triggering a general protection fault, which Windows couldn’t recover from.
Below is the output of the analyzed minidump file I explained above:
************* Path validation summary **************
Response Time (ms) Location
Deferred srv*C:\Symbols*https://msdl.microsoft.com/download/symbols
6: kd> !analyze -v
Loading Kernel Symbols
...............................................................
................................................................
................................................................
...........................
Loading User Symbols
PEB is paged out (Peb.Ldr = 00000000`00374018). Type ".hh dbgerr001" for details
Loading unloaded module list
.........
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
KMODE_EXCEPTION_NOT_HANDLED (1e)
This is a very common BugCheck. Usually the exception address pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this address.
Arguments:
Arg1: ffffffffc0000005, The exception code that was not handled
Arg2: fffff8067d3aa9be, The address that the exception occurred at
Arg3: 0000000000000000, Parameter 0 of the exception
Arg4: ffffffffffffffff, Parameter 1 of the exception
Debugging Details:
------------------
*** WARNING: Unable to verify timestamp for eaanticheat.sys
*************************************************************************
*** ***
*** ***
*** Either you specified an unqualified symbol, or your debugger ***
*** doesn't have full symbol information. Unqualified symbol ***
*** resolution is turned off by default. Please either specify a ***
*** fully qualified symbol module!symbolname, or enable resolution ***
*** of unqualified symbols by typing ".symopt- 100". Note that ***
*** enabling unqualified symbol resolution with network symbol ***
*** server shares in the symbol path may cause the debugger to ***
*** appear to hang for long periods of time when an incorrect ***
*** symbol name is typed or the network symbol server is down. ***
*** ***
*** For some commands to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: ExceptionRecord ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Either you specified an unqualified symbol, or your debugger ***
*** doesn't have full symbol information. Unqualified symbol ***
*** resolution is turned off by default. Please either specify a ***
*** fully qualified symbol module!symbolname, or enable resolution ***
*** of unqualified symbols by typing ".symopt- 100". Note that ***
*** enabling unqualified symbol resolution with network symbol ***
*** server shares in the symbol path may cause the debugger to ***
*** appear to hang for long periods of time when an incorrect ***
*** symbol name is typed or the network symbol server is down. ***
*** ***
*** For some commands to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: ContextRecord ***
*** ***
*************************************************************************
KEY_VALUES_STRING: 1
Key : Analysis.CPU.mSec
Value: 1187
Key : Analysis.Elapsed.mSec
Value: 2897
Key : Analysis.IO.Other.Mb
Value: 10
Key : Analysis.IO.Read.Mb
Value: 1
Key : Analysis.IO.Write.Mb
Value: 47
Key : Analysis.Init.CPU.mSec
Value: 609
Key : Analysis.Init.Elapsed.mSec
Value: 412903
Key : Analysis.Memory.CommitPeak.Mb
Value: 103
Key : Analysis.Version.DbgEng
Value: 10.0.27829.1001
Key : Analysis.Version.Description
Value: 10.2503.24.01 amd64fre
Key : Analysis.Version.Ext
Value: 1.2503.24.1
Key : Bugcheck.Code.LegacyAPI
Value: 0x1e
Key : Bugcheck.Code.TargetModel
Value: 0x1e
Key : Dump.Attributes.AsUlong
Value: 0x21808
Key : Dump.Attributes.DiagDataWrittenToHeader
Value: 1
Key : Dump.Attributes.ErrorCode
Value: 0x0
Key : Dump.Attributes.KernelGeneratedTriageDump
Value: 1
Key : Dump.Attributes.LastLine
Value: Dump completed successfully.
Key : Dump.Attributes.ProgressPercentage
Value: 0
Key : Failure.Bucket
Value: AV_R_eaanticheat!unknown_function
Key : Failure.Exception.IP.Address
Value: 0xfffff8067d3aa9be
Key : Failure.Exception.IP.Module
Value: eaanticheat
Key : Failure.Exception.IP.Offset
Value: 0x26da9be
Key : Failure.Hash
Value: {100f1e0a-abcf-3860-2e0c-3546be52e55a}
Key : Hypervisor.Enlightenments.ValueHex
Value: 0x7417df84
Key : Hypervisor.Flags.AnyHypervisorPresent
Value: 1
Key : Hypervisor.Flags.ApicEnlightened
Value: 0
Key : Hypervisor.Flags.ApicVirtualizationAvailable
Value: 1
Key : Hypervisor.Flags.AsyncMemoryHint
Value: 0
Key : Hypervisor.Flags.CoreSchedulerRequested
Value: 0
Key : Hypervisor.Flags.CpuManager
Value: 1
Key : Hypervisor.Flags.DeprecateAutoEoi
Value: 1
Key : Hypervisor.Flags.DynamicCpuDisabled
Value: 1
Key : Hypervisor.Flags.Epf
Value: 0
Key : Hypervisor.Flags.ExtendedProcessorMasks
Value: 1
Key : Hypervisor.Flags.HardwareMbecAvailable
Value: 1
Key : Hypervisor.Flags.MaxBankNumber
Value: 0
Key : Hypervisor.Flags.MemoryZeroingControl
Value: 0
Key : Hypervisor.Flags.NoExtendedRangeFlush
Value: 0
Key : Hypervisor.Flags.NoNonArchCoreSharing
Value: 1
Key : Hypervisor.Flags.Phase0InitDone
Value: 1
Key : Hypervisor.Flags.PowerSchedulerQos
Value: 0
Key : Hypervisor.Flags.RootScheduler
Value: 0
Key : Hypervisor.Flags.SynicAvailable
Value: 1
Key : Hypervisor.Flags.UseQpcBias
Value: 0
Key : Hypervisor.Flags.Value
Value: 55185662
Key : Hypervisor.Flags.ValueHex
Value: 0x34a10fe
Key : Hypervisor.Flags.VpAssistPage
Value: 1
Key : Hypervisor.Flags.VsmAvailable
Value: 1
Key : Hypervisor.RootFlags.AccessStats
Value: 1
Key : Hypervisor.RootFlags.CrashdumpEnlightened
Value: 1
Key : Hypervisor.RootFlags.CreateVirtualProcessor
Value: 1
Key : Hypervisor.RootFlags.DisableHyperthreading
Value: 0
Key : Hypervisor.RootFlags.HostTimelineSync
Value: 1
Key : Hypervisor.RootFlags.HypervisorDebuggingEnabled
Value: 0
Key : Hypervisor.RootFlags.IsHyperV
Value: 1
Key : Hypervisor.RootFlags.LivedumpEnlightened
Value: 1
Key : Hypervisor.RootFlags.MapDeviceInterrupt
Value: 1
Key : Hypervisor.RootFlags.MceEnlightened
Value: 1
Key : Hypervisor.RootFlags.Nested
Value: 0
Key : Hypervisor.RootFlags.StartLogicalProcessor
Value: 1
Key : Hypervisor.RootFlags.Value
Value: 1015
Key : Hypervisor.RootFlags.ValueHex
Value: 0x3f7
BUGCHECK_CODE: 1e
BUGCHECK_P1: ffffffffc0000005
BUGCHECK_P2: fffff8067d3aa9be
BUGCHECK_P3: 0
BUGCHECK_P4: ffffffffffffffff
FILE_IN_CAB: 071925-12375-01.dmp
TAG_NOT_DEFINED_202b: *** Unknown TAG in analysis list 202b
DUMP_FILE_ATTRIBUTES: 0x21808
Kernel Generated Triage Dump
FAULTING_THREAD: ffff938648d92080
EXCEPTION_PARAMETER1: 0000000000000000
EXCEPTION_PARAMETER2: ffffffffffffffff
READ_ADDRESS: fffff806c8bc44c0: Unable to get MiVisibleState
Unable to get NonPagedPoolStart
Unable to get NonPagedPoolEnd
Unable to get PagedPoolStart
Unable to get PagedPoolEnd
unable to get nt!MmSpecialPagesInUse
ffffffffffffffff
BLACKBOXBSD: 1 (!blackboxbsd)
BLACKBOXNTFS: 1 (!blackboxntfs)
BLACKBOXPNP: 1 (!blackboxpnp)
BLACKBOXWINLOGON: 1
CUSTOMER_CRASH_COUNT: 1
PROCESS_NAME: BF2042.exe
STACK_TEXT:
fffffc8e`c7fd6168 fffff806`c7fc56cb : 00000000`0000001e ffffffff`c0000005 fffff806`7d3aa9be 00000000`00000000 : nt!KeBugCheckEx
fffffc8e`c7fd6170 fffff806`c82b9845 : 00006c79`b726df7f fffff806`7b50090a 00000000`7d7e8c1d 1443d9c7`1ca497ef : nt!KiDispatchException+0xb0b
fffffc8e`c7fd6880 fffff806`c82b4525 : 00000371`38028b7f ffffffff`c7ffffff cbf29c84`84202220 ffffffff`ffffffff : nt!KiExceptionDispatch+0x145
fffffc8e`c7fd6a60 fffff806`7d3aa9be : b2c773a1`b2c69ffa e5e65158`4ec3cdf4 7a105263`739f8279 00000001`80a1af5d : nt!KiGeneralProtectionFault+0x365
fffffc8e`c7fd6bf0 b2c773a1`b2c69ffa : e5e65158`4ec3cdf4 7a105263`739f8279 00000001`80a1af5d 00000000`00000000 : eaanticheat+0x26da9be
fffffc8e`c7fd6bf8 e5e65158`4ec3cdf4 : 7a105263`739f8279 00000001`80a1af5d 00000000`00000000 fffffc8e`c7fd6f10 : 0xb2c773a1`b2c69ffa
fffffc8e`c7fd6c00 7a105263`739f8279 : 00000001`80a1af5d 00000000`00000000 fffffc8e`c7fd6f10 fffffc8e`c7fd74a8 : 0xe5e65158`4ec3cdf4
fffffc8e`c7fd6c08 00000001`80a1af5d : 00000000`00000000 fffffc8e`c7fd6f10 fffffc8e`c7fd74a8 1fffff00`cf617932 : 0x7a105263`739f8279
fffffc8e`c7fd6c10 00000000`00000000 : fffffc8e`c7fd6f10 fffffc8e`c7fd74a8 1fffff00`cf617932 3552f624`9c51c998 : 0x00000001`80a1af5d
SYMBOL_NAME: eaanticheat+26da9be
MODULE_NAME: eaanticheat
IMAGE_NAME: eaanticheat.sys
STACK_COMMAND: .process /r /p 0xffff9386522df080; .thread 0xffff938648d92080 ; kb
BUCKET_ID_FUNC_OFFSET: 26da9be
FAILURE_BUCKET_ID: AV_R_eaanticheat!unknown_function
OSPLATFORM_TYPE: x64
OSNAME: Windows 10
FAILURE_ID_HASH: {100f1e0a-abcf-3860-2e0c-3546be52e55a}
Followup: MachineOwner
---------