Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Code Cave attack #2001

Closed
NieKo2k10 opened this issue Oct 19, 2020 · 1 comment
Closed

Code Cave attack #2001

NieKo2k10 opened this issue Oct 19, 2020 · 1 comment
Labels
bug

Comments

@NieKo2k10
Copy link

NieKo2k10 commented Oct 19, 2020
edited

Describe the bug
I played a online match. I got a client crash after few minutes. The av killed the faf.exe process. The cause was a code cave behaviour.

To Reproduce
Steps to reproduce the behavior:
Do a online match

Log or error message
This is my log file:
Mitigation CodeCave
Timestamp 2020-10-19T17:33:57

Platform 10.0.18362/x64 v321 06_9e-
PID 20256
Application C:\ProgramData\FAForever\bin\ForgedAlliance.exe
Created 2020-10-19T13:44:03
Modified 2020-10-19T17:16:49
Description Supreme Commander Forged Alliance Application 1.5

Process Protection / Code Cave Mitigation: Active code cave detected!

Loaded Modules

00400000-012DB000 ForgedAlliance.exe (Gas Powered Games),
version: 1, 5, 0, 1
75370000-75470000 hmpalert.dll (SurfRight B.V.),
version: 3.7.17.317
75CE0000-75CED000 UMPDC.dll (),
version:
10000000-1001C000 BugSplat.dll (BugSplat, LLC),
version: 3, 1, 0, 1
03000000-0310B000 dbghelp.dll (Microsoft Corporation),
version: 6.4.0007.1 (vbl_core(jshay).050105-2304)
5BD50000-5BE85000 igdumdim32.dll (Intel Corporation),
version: 26.20.100.8142
58570000-5BD48000 igd9dxva32.dll (Intel Corporation),
version: 26.20.100.8142
58430000-58568000 igdgmm32.dll (Intel Corporation),
version: 26.20.100.8142
58340000-5835F000 igdinfo32.dll (),
version:
52050000-5424E000 igc32.dll (Intel Corporation),
version: 26.20.100.8142

SHA256:
4eaf9ffcdcb5fde4b49d93737bd4cb9b6b792cbf5b922514b2472d1b1ec032e5

Process Trace
1 C:\ProgramData\FAForever\bin\ForgedAlliance.exe [20256]
C:\ProgramData\FAForever\bin\ForgedAlliance.exe /init init.lua /nobugreport /log C:\ProgramData\FAForever\logs\game_12902048.log /gpgnet 127.0.0.1:25914 /mean 560.858 /deviation 325.761 /savereplay gpgnet://127.0.0.1:55578/12902048/NieKo.SCFAreplay /countr
2 C:\Program Files\Downlord's FAF Client\downlords-faf-client.exe [2684]
3 C:\Windows\explorer.exe [8392]
4 C:\Windows\System32\userinit.exe [18580]
5 C:\Windows\System32\winlogon.exe [21068]
C:\WINDOWS\System32\WinLogon.exe -SpecialSession
6 C:\Windows\System32\smss.exe [23928]
\SystemRoot\System32\smss.exe 000000c4 00000084 C:\WINDOWS\System32\WinLogon.exe -SpecialSession
7 C:\Windows\System32\smss.exe [684]
\SystemRoot\System32\smss.exe

Thumbprint
a4474038073110416c4fe44a18e2e6533a3d4adc288dba414a451cf3ce2421a7

Expected behavior
No crash

OS
Windows 10 pro
Ab is Sophos intercept x advanced
@NieKo2k10 NieKo2k10 added the bug label Oct 19, 2020
@1-alex98
Copy link
Member

Not a client issue also probably not a FAF issue at all. AV false positives are frequent

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@1-alex98 @NieKo2k10