Battle Eye Crash my Win11 System

Community Technical Support
1

Overview

After updating my War Thunder using BattleEye as an anti-cheat module, the game will always make my win11 blue screen with access to the READONLY memory page. After I used the windbg to read the dump file in Windows dir further, it showed that the BattleEye service was the root of this problem.

Here is the log:

************* Preparing the environment for Debugger Extensions Gallery repositories **************
ExtensionRepository : Implicit
UseExperimentalFeatureForNugetShare : true
AllowNugetExeUpdate : true
NonInteractiveNuget : true
AllowNugetMSCredentialProviderInstall : true
AllowParallelInitializationOfLocalRepositories : true
EnableRedirectToChakraJsProvider : false

– Configuring repositories
----> Repository : LocalInstalled, Enabled: true
----> Repository : UserExtensions, Enabled: true

Preparing the environment for Debugger Extensions Gallery repositories completed, duration 0.000 seconds

************* Waiting for Debugger Extensions Gallery to Initialize **************

Waiting for Debugger Extensions Gallery to Initialize completed, duration 0.016 seconds
----> Repository : UserExtensions, Enabled: true, Packages count: 0
----> Repository : LocalInstalled, Enabled: true, Packages count: 42

Microsoft (R) Windows Debugger Version 10.0.27725.1000 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.

Loading Dump File [C:\Windows\MEMORY.DMP]
Kernel Bitmap Dump File: Kernel address space is available, User address space may not be available.

Primary dump contents written successfully

Symbol search path is: srv*
Executable search path is:
Windows 10 Kernel Version 22621 MP (32 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Edition build lab: 22621.1.amd64fre.ni_release.220506-1250
Kernel base = 0xfffff8012ba00000 PsLoadedModuleList = 0xfffff8012c613510
Debug session time: Fri Feb 14 01:52:15.544 2025 (UTC + 8:00)
System Uptime: 0 days 0:02:57.206
Loading Kernel Symbols




Loading User Symbols

Loading unloaded module list

For analysis of this file, run !analyze -v
nt!KeBugCheckEx:
fffff8012be14c00 48894c2408 mov qword ptr [rsp+8],rcx ss:0018:ffffb20a0d1950a0=0000000000000050
9: kd> !analyze -v

  •                                                                         *

  •                    Bugcheck Analysis                                    *

  •                                                                         *

PAGE_FAULT_IN_NONPAGED_AREA (50)
Invalid system memory was referenced. This cannot be protected by try-except.
Typically the address is just plain bad or it is pointing at freed memory.
Arguments:
Arg1: ffffb20a4882db58, memory referenced.
Arg2: 0000000000000002, X64: bit 0 set if the fault was due to a not-present PTE.
bit 1 is set if the fault was due to a write, clear if a read.
bit 3 is set if the processor decided the fault was due to a corrupted PTE.
bit 4 is set if the fault was due to attempted execute of a no-execute PTE.
- ARM64: bit 1 is set if the fault was due to a write, clear if a read.
bit 3 is set if the fault was due to attempted execute of a no-execute PTE.
Arg3: fffff801936342eb, If non-zero, the instruction address which referenced the bad memory
address.
Arg4: 0000000000000002, (reserved)

Debugging Details:

*** WARNING: Check Image - Checksum mismatch - Dump: 0x7dd2, File: 0x159e7 - C:\ProgramData\Dbg\sym\hal.dll\1865382A6000\hal.dll

KEY_VALUES_STRING: 1

Key  : AV.Type
Value: Write

Key  : Analysis.CPU.mSec
Value: 875

Key  : Analysis.Elapsed.mSec
Value: 1295

Key  : Analysis.IO.Other.Mb
Value: 1

Key  : Analysis.IO.Read.Mb
Value: 1

Key  : Analysis.IO.Write.Mb
Value: 3

Key  : Analysis.Init.CPU.mSec
Value: 109

Key  : Analysis.Init.Elapsed.mSec
Value: 12892

Key  : Analysis.Memory.CommitPeak.Mb
Value: 103

Key  : Analysis.Version.DbgEng
Value: 10.0.27725.1000

Key  : Analysis.Version.Description
Value: 10.2408.27.01 amd64fre

Key  : Analysis.Version.Ext
Value: 1.2408.27.1

Key  : Bugcheck.Code.KiBugCheckData
Value: 0x50

Key  : Bugcheck.Code.LegacyAPI
Value: 0x50

Key  : Bugcheck.Code.TargetModel
Value: 0x50

Key  : Dump.Attributes.AsUlong
Value: 1000

Key  : Dump.Attributes.DiagDataWrittenToHeader
Value: 1

Key  : Dump.Attributes.ErrorCode
Value: 0

Key  : Dump.Attributes.LastLine
Value: Dump completed successfully.

Key  : Dump.Attributes.ProgressPercentage
Value: 100

Key  : Failure.Bucket
Value: AV_W_(null)_BEDaisy!unknown_function

Key  : Failure.Hash
Value: {4024c46b-040f-2932-f980-447accda06b7}

Key  : Hypervisor.Enlightenments.Value
Value: 0

Key  : Hypervisor.Enlightenments.ValueHex
Value: 0

Key  : Hypervisor.Flags.AnyHypervisorPresent
Value: 0

Key  : Hypervisor.Flags.ApicEnlightened
Value: 0

Key  : Hypervisor.Flags.ApicVirtualizationAvailable
Value: 1

Key  : Hypervisor.Flags.AsyncMemoryHint
Value: 0

Key  : Hypervisor.Flags.CoreSchedulerRequested
Value: 0

Key  : Hypervisor.Flags.CpuManager
Value: 0

Key  : Hypervisor.Flags.DeprecateAutoEoi
Value: 0

Key  : Hypervisor.Flags.DynamicCpuDisabled
Value: 0

Key  : Hypervisor.Flags.Epf
Value: 0

Key  : Hypervisor.Flags.ExtendedProcessorMasks
Value: 0

Key  : Hypervisor.Flags.HardwareMbecAvailable
Value: 1

Key  : Hypervisor.Flags.MaxBankNumber
Value: 0

Key  : Hypervisor.Flags.MemoryZeroingControl
Value: 0

Key  : Hypervisor.Flags.NoExtendedRangeFlush
Value: 0

Key  : Hypervisor.Flags.NoNonArchCoreSharing
Value: 0

Key  : Hypervisor.Flags.Phase0InitDone
Value: 0

Key  : Hypervisor.Flags.PowerSchedulerQos
Value: 0

Key  : Hypervisor.Flags.RootScheduler
Value: 0

Key  : Hypervisor.Flags.SynicAvailable
Value: 0

Key  : Hypervisor.Flags.UseQpcBias
Value: 0

Key  : Hypervisor.Flags.Value
Value: 16908288

Key  : Hypervisor.Flags.ValueHex
Value: 1020000

Key  : Hypervisor.Flags.VpAssistPage
Value: 0

Key  : Hypervisor.Flags.VsmAvailable
Value: 0

Key  : Hypervisor.RootFlags.AccessStats
Value: 0

Key  : Hypervisor.RootFlags.CrashdumpEnlightened
Value: 0

Key  : Hypervisor.RootFlags.CreateVirtualProcessor
Value: 0

Key  : Hypervisor.RootFlags.DisableHyperthreading
Value: 0

Key  : Hypervisor.RootFlags.HostTimelineSync
Value: 0

Key  : Hypervisor.RootFlags.HypervisorDebuggingEnabled
Value: 0

Key  : Hypervisor.RootFlags.IsHyperV
Value: 0

Key  : Hypervisor.RootFlags.LivedumpEnlightened
Value: 0

Key  : Hypervisor.RootFlags.MapDeviceInterrupt
Value: 0

Key  : Hypervisor.RootFlags.MceEnlightened
Value: 0

Key  : Hypervisor.RootFlags.Nested
Value: 0

Key  : Hypervisor.RootFlags.StartLogicalProcessor
Value: 0

Key  : Hypervisor.RootFlags.Value
Value: 0

Key  : Hypervisor.RootFlags.ValueHex
Value: 0

Key  : SecureKernel.HalpHvciEnabled
Value: 0

Key  : WER.OS.Branch
Value: ni_release

Key  : WER.OS.Version
Value: 10.0.22621.1

BUGCHECK_CODE: 50

BUGCHECK_P1: ffffb20a4882db58

BUGCHECK_P2: 2

BUGCHECK_P3: fffff801936342eb

BUGCHECK_P4: 2

FILE_IN_CAB: MEMORY.DMP

DUMP_FILE_ATTRIBUTES: 0x1000

FAULTING_THREAD: ffffe78913986080

READ_ADDRESS: unable to get nt!PspSessionIdBitmap
ffffb20a4882db58

MM_INTERNAL_CODE: 2

IMAGE_NAME: BEDaisy.sys

MODULE_NAME: BEDaisy

FAULTING_MODULE: fffff801930f0000 BEDaisy

BLACKBOXBSD: 1 (!blackboxbsd)

BLACKBOXNTFS: 1 (!blackboxntfs)

BLACKBOXWINLOGON: 1

PROCESS_NAME: System

TRAP_FRAME: ffffb20a0d1952c0 – (.trap 0xffffb20a0d1952c0)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=00000000a32aaa00 rbx=0000000000000000 rcx=00000000000003f4
rdx=00000000ffffffff rsi=0000000000000000 rdi=0000000000000000
rip=fffff801936342eb rsp=ffffb20a0d195458 rbp=fffff8019351da86
r8=0000000068dcb0aa r9=0000000000000000 r10=ffffb209ea169a7d
r11=00000000ba582492 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei ng nz ac po nc
BEDaisy+0x5442eb:
fffff801936342eb 4431840400dd3e98 xor dword ptr [rsp+rax-67C12300h],r8d ss:0018:ffffb20a4882db58=???
Resetting default scope

STACK_TEXT:
ffffb20a0d195098 fffff8012be72a7a : 0000000000000050 ffffb20a4882db58 0000000000000002 ffffb20a0d1952c0 : nt!KeBugCheckEx
ffffb20a0d1950a0 fffff8012bc6c41c : 00000000000000ff 0000000000000002 0000000000000000 ffffb20a4882db58 : nt!MiSystemFault+0x23850a
ffffb20a0d1951a0 fffff8012be25e7e : ffffcb0f2600f570 fffff8012bc64e84 ffffb20a0d195a48 ffffb20a0d195391 : nt!MmAccessFault+0x29c
ffffb20a0d1952c0 fffff801936342eb : fffff8019325051a ffffcb0f26002201 fffff800530f0000 0000000000000000 : nt!KiPageFault+0x37e
ffffb20a0d195458 0000000000000001 : 0000000000000000 0000000000000000 0000000000000000 0000000000000000 : BEDaisy+0x5442eb
0000000000000000 0000000000000000 : 0000000000000000 0000000000000000 0000000000000000 0000000000000000 : 0x1

SYMBOL_NAME: BEDaisy+5442eb

STACK_COMMAND: .process /r /p 0xffffe788f974d040; .thread 0xffffe78913986080 ; kb

BUCKET_ID_FUNC_OFFSET: 5442eb

FAILURE_BUCKET_ID: AV_W_(null)_BEDaisy!unknown_function

OS_VERSION: 10.0.22621.1

BUILDLAB_STR: ni_release

OSPLATFORM_TYPE: x64

OSNAME: Windows 10

FAILURE_ID_HASH: {4024c46b-040f-2932-f980-447accda06b7}

Followup: MachineOwner

Seems the calling of an unknown function cause this problem. How to solve this problem or how could I contact the developer to solve this issue?

2

The log seems not interpreted properly. I create a new post to show the windbg log.

************* Preparing the environment for Debugger Extensions Gallery repositories **************
   ExtensionRepository : Implicit
   UseExperimentalFeatureForNugetShare : true
   AllowNugetExeUpdate : true
   NonInteractiveNuget : true
   AllowNugetMSCredentialProviderInstall : true
   AllowParallelInitializationOfLocalRepositories : true
   EnableRedirectToChakraJsProvider : false

   -- Configuring repositories
      ----> Repository : LocalInstalled, Enabled: true
      ----> Repository : UserExtensions, Enabled: true

>>>>>>>>>>>>> Preparing the environment for Debugger Extensions Gallery repositories completed, duration 0.000 seconds

************* Waiting for Debugger Extensions Gallery to Initialize **************

>>>>>>>>>>>>> Waiting for Debugger Extensions Gallery to Initialize completed, duration 0.016 seconds
   ----> Repository : UserExtensions, Enabled: true, Packages count: 0
   ----> Repository : LocalInstalled, Enabled: true, Packages count: 42

Microsoft (R) Windows Debugger Version 10.0.27725.1000 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [C:\Windows\MEMORY.DMP]
Kernel Bitmap Dump File: Kernel address space is available, User address space may not be available.

Primary dump contents written successfully

Symbol search path is: srv*
Executable search path is: 
Windows 10 Kernel Version 22621 MP (32 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Edition build lab: 22621.1.amd64fre.ni_release.220506-1250
Kernel base = 0xfffff801`2ba00000 PsLoadedModuleList = 0xfffff801`2c613510
Debug session time: Fri Feb 14 01:52:15.544 2025 (UTC + 8:00)
System Uptime: 0 days 0:02:57.206
Loading Kernel Symbols
...............................................................
................................................................
................................................................
............................
Loading User Symbols

Loading unloaded module list
.......
For analysis of this file, run !analyze -v
nt!KeBugCheckEx:
fffff801`2be14c00 48894c2408      mov     qword ptr [rsp+8],rcx ss:0018:ffffb20a`0d1950a0=0000000000000050
9: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

PAGE_FAULT_IN_NONPAGED_AREA (50)
Invalid system memory was referenced.  This cannot be protected by try-except.
Typically the address is just plain bad or it is pointing at freed memory.
Arguments:
Arg1: ffffb20a4882db58, memory referenced.
Arg2: 0000000000000002, X64: bit 0 set if the fault was due to a not-present PTE.
	bit 1 is set if the fault was due to a write, clear if a read.
	bit 3 is set if the processor decided the fault was due to a corrupted PTE.
	bit 4 is set if the fault was due to attempted execute of a no-execute PTE.
	- ARM64: bit 1 is set if the fault was due to a write, clear if a read.
	bit 3 is set if the fault was due to attempted execute of a no-execute PTE.
Arg3: fffff801936342eb, If non-zero, the instruction address which referenced the bad memory
	address.
Arg4: 0000000000000002, (reserved)

Debugging Details:
------------------

*** WARNING: Check Image - Checksum mismatch - Dump: 0x7dd2, File: 0x159e7 - C:\ProgramData\Dbg\sym\hal.dll\1865382A6000\hal.dll

KEY_VALUES_STRING: 1

    Key  : AV.Type
    Value: Write

    Key  : Analysis.CPU.mSec
    Value: 875

    Key  : Analysis.Elapsed.mSec
    Value: 1295

    Key  : Analysis.IO.Other.Mb
    Value: 1

    Key  : Analysis.IO.Read.Mb
    Value: 1

    Key  : Analysis.IO.Write.Mb
    Value: 3

    Key  : Analysis.Init.CPU.mSec
    Value: 109

    Key  : Analysis.Init.Elapsed.mSec
    Value: 12892

    Key  : Analysis.Memory.CommitPeak.Mb
    Value: 103

    Key  : Analysis.Version.DbgEng
    Value: 10.0.27725.1000

    Key  : Analysis.Version.Description
    Value: 10.2408.27.01 amd64fre

    Key  : Analysis.Version.Ext
    Value: 1.2408.27.1

    Key  : Bugcheck.Code.KiBugCheckData
    Value: 0x50

    Key  : Bugcheck.Code.LegacyAPI
    Value: 0x50

    Key  : Bugcheck.Code.TargetModel
    Value: 0x50

    Key  : Dump.Attributes.AsUlong
    Value: 1000

    Key  : Dump.Attributes.DiagDataWrittenToHeader
    Value: 1

    Key  : Dump.Attributes.ErrorCode
    Value: 0

    Key  : Dump.Attributes.LastLine
    Value: Dump completed successfully.

    Key  : Dump.Attributes.ProgressPercentage
    Value: 100

    Key  : Failure.Bucket
    Value: AV_W_(null)_BEDaisy!unknown_function

    Key  : Failure.Hash
    Value: {4024c46b-040f-2932-f980-447accda06b7}

    Key  : Hypervisor.Enlightenments.Value
    Value: 0

    Key  : Hypervisor.Enlightenments.ValueHex
    Value: 0

    Key  : Hypervisor.Flags.AnyHypervisorPresent
    Value: 0

    Key  : Hypervisor.Flags.ApicEnlightened
    Value: 0

    Key  : Hypervisor.Flags.ApicVirtualizationAvailable
    Value: 1

    Key  : Hypervisor.Flags.AsyncMemoryHint
    Value: 0

    Key  : Hypervisor.Flags.CoreSchedulerRequested
    Value: 0

    Key  : Hypervisor.Flags.CpuManager
    Value: 0

    Key  : Hypervisor.Flags.DeprecateAutoEoi
    Value: 0

    Key  : Hypervisor.Flags.DynamicCpuDisabled
    Value: 0

    Key  : Hypervisor.Flags.Epf
    Value: 0

    Key  : Hypervisor.Flags.ExtendedProcessorMasks
    Value: 0

    Key  : Hypervisor.Flags.HardwareMbecAvailable
    Value: 1

    Key  : Hypervisor.Flags.MaxBankNumber
    Value: 0

    Key  : Hypervisor.Flags.MemoryZeroingControl
    Value: 0

    Key  : Hypervisor.Flags.NoExtendedRangeFlush
    Value: 0

    Key  : Hypervisor.Flags.NoNonArchCoreSharing
    Value: 0

    Key  : Hypervisor.Flags.Phase0InitDone
    Value: 0

    Key  : Hypervisor.Flags.PowerSchedulerQos
    Value: 0

    Key  : Hypervisor.Flags.RootScheduler
    Value: 0

    Key  : Hypervisor.Flags.SynicAvailable
    Value: 0

    Key  : Hypervisor.Flags.UseQpcBias
    Value: 0

    Key  : Hypervisor.Flags.Value
    Value: 16908288

    Key  : Hypervisor.Flags.ValueHex
    Value: 1020000

    Key  : Hypervisor.Flags.VpAssistPage
    Value: 0

    Key  : Hypervisor.Flags.VsmAvailable
    Value: 0

    Key  : Hypervisor.RootFlags.AccessStats
    Value: 0

    Key  : Hypervisor.RootFlags.CrashdumpEnlightened
    Value: 0

    Key  : Hypervisor.RootFlags.CreateVirtualProcessor
    Value: 0

    Key  : Hypervisor.RootFlags.DisableHyperthreading
    Value: 0

    Key  : Hypervisor.RootFlags.HostTimelineSync
    Value: 0

    Key  : Hypervisor.RootFlags.HypervisorDebuggingEnabled
    Value: 0

    Key  : Hypervisor.RootFlags.IsHyperV
    Value: 0

    Key  : Hypervisor.RootFlags.LivedumpEnlightened
    Value: 0

    Key  : Hypervisor.RootFlags.MapDeviceInterrupt
    Value: 0

    Key  : Hypervisor.RootFlags.MceEnlightened
    Value: 0

    Key  : Hypervisor.RootFlags.Nested
    Value: 0

    Key  : Hypervisor.RootFlags.StartLogicalProcessor
    Value: 0

    Key  : Hypervisor.RootFlags.Value
    Value: 0

    Key  : Hypervisor.RootFlags.ValueHex
    Value: 0

    Key  : SecureKernel.HalpHvciEnabled
    Value: 0

    Key  : WER.OS.Branch
    Value: ni_release

    Key  : WER.OS.Version
    Value: 10.0.22621.1


BUGCHECK_CODE:  50

BUGCHECK_P1: ffffb20a4882db58

BUGCHECK_P2: 2

BUGCHECK_P3: fffff801936342eb

BUGCHECK_P4: 2

FILE_IN_CAB:  MEMORY.DMP

DUMP_FILE_ATTRIBUTES: 0x1000

FAULTING_THREAD:  ffffe78913986080

READ_ADDRESS: unable to get nt!PspSessionIdBitmap
 ffffb20a4882db58 

MM_INTERNAL_CODE:  2

IMAGE_NAME:  BEDaisy.sys

MODULE_NAME: BEDaisy

FAULTING_MODULE: fffff801930f0000 BEDaisy

BLACKBOXBSD: 1 (!blackboxbsd)


BLACKBOXNTFS: 1 (!blackboxntfs)


BLACKBOXWINLOGON: 1

PROCESS_NAME:  System

TRAP_FRAME:  ffffb20a0d1952c0 -- (.trap 0xffffb20a0d1952c0)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=00000000a32aaa00 rbx=0000000000000000 rcx=00000000000003f4
rdx=00000000ffffffff rsi=0000000000000000 rdi=0000000000000000
rip=fffff801936342eb rsp=ffffb20a0d195458 rbp=fffff8019351da86
 r8=0000000068dcb0aa  r9=0000000000000000 r10=ffffb209ea169a7d
r11=00000000ba582492 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0         nv up ei ng nz ac po nc
BEDaisy+0x5442eb:
fffff801`936342eb 4431840400dd3e98 xor     dword ptr [rsp+rax-67C12300h],r8d ss:0018:ffffb20a`4882db58=????????
Resetting default scope

STACK_TEXT:  
ffffb20a`0d195098 fffff801`2be72a7a     : 00000000`00000050 ffffb20a`4882db58 00000000`00000002 ffffb20a`0d1952c0 : nt!KeBugCheckEx
ffffb20a`0d1950a0 fffff801`2bc6c41c     : 00000000`000000ff 00000000`00000002 00000000`00000000 ffffb20a`4882db58 : nt!MiSystemFault+0x23850a
ffffb20a`0d1951a0 fffff801`2be25e7e     : ffffcb0f`2600f570 fffff801`2bc64e84 ffffb20a`0d195a48 ffffb20a`0d195391 : nt!MmAccessFault+0x29c
ffffb20a`0d1952c0 fffff801`936342eb     : fffff801`9325051a ffffcb0f`26002201 fffff800`530f0000 00000000`00000000 : nt!KiPageFault+0x37e
ffffb20a`0d195458 00000000`00000001     : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : BEDaisy+0x5442eb
00000000`00000000 00000000`00000000     : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x1


SYMBOL_NAME:  BEDaisy+5442eb

STACK_COMMAND:  .process /r /p 0xffffe788f974d040; .thread 0xffffe78913986080 ; kb

BUCKET_ID_FUNC_OFFSET:  5442eb

FAILURE_BUCKET_ID:  AV_W_(null)_BEDaisy!unknown_function

OS_VERSION:  10.0.22621.1

BUILDLAB_STR:  ni_release

OSPLATFORM_TYPE:  x64

OSNAME:  Windows 10

FAILURE_ID_HASH:  {4024c46b-040f-2932-f980-447accda06b7}

Followup:     MachineOwner
---------
3

Based on my experience, it may be caused by a dangling pointer or improper access to the memory area. But I can’t fix it myself. I think the development team in Warthunder or BattleEye should solve the problem.

4

I assume you know more than me on this, but just to make sure (because sometimes its hard to see the forest because of all the trees), have you looked at the support page and tried this: (https://support.gaijin.net/hc/en-us/articles/21638218281362-BattlEye-anti-cheat-troubleshooting#h_01J90RX2YM0JBQGN5E1VJCTYN2) ?

Screenshot 2025-02-13 191738

5

I updated my BIOS several days ago (no longer than a week) with the new ROG BIOS. My verifier is also closed. But unfortunately, it does not work.
image
The image above implies that the verifier is closed.
I truly believe the root cause for this problem is the implementation logic inside the BattleEye.

6

I reproduce the error-causing code.

BEDaisy+0x5442eb:
fffff801`936342eb 4431840400dd3e98 xor     dword ptr [rsp+rax-67C12300h],r8d
fffff801`936342f3 410fbed9        movsx   ebx,r9b
fffff801`936342f7 4a8d8c4932d3b915 lea     rcx,[rcx+r9*2+15B9D332h]
fffff801`936342ff 80c916          or      cl,16h
fffff801`93634302 5b              pop     rbx
fffff801`93634303 4981c914929c0e  or      r9,0E9C9214h
fffff801`9363430a ffcd            dec     ebp
fffff801`9363430c 0c9b            or      al,9Bh
fffff801`9363430e 4d63c0          movsxd  r8,r8d
fffff801`93634311 4d13d8          adc     r11,r8
fffff801`93634314 4c8b843de5f6c1dc mov     r8,qword ptr [rbp+rdi-233E091Bh]
fffff801`9363431c 668bb42fedf6c1dc mov     si,word ptr [rdi+rbp-233E0913h]
fffff801`93634324 488dbc386fdc3e98 lea     rdi,[rax+rdi-67C12391h]
fffff801`9363432c c0f863          sar     al,63h
fffff801`9363432f 660fabd1        bts     cx,dx
fffff801`93634333 36664289b4000ddc3e98 mov word ptr ss:[rax+r8-67C123F3h],si

From what I see from reverse engineering, there are several problems in the code.

Unsafe Memory Access:

xor dword ptr [rsp+rax-67C12300h], r8d  ; High-risk stack write with unvalidated offset.  
mov r8, qword ptr [rbp+rdi-233E091Bh]  ; Potential dereference of wild pointer (rbp/rdi not verified).

Unchecked Pointer Arithmetic:

lea rcx, [rcx+r9*2+15B9D332h]          ; Address generation with untrusted inputs (rcx/r9).  
lea rdi, [rax+rdi-67C12391h]           ; Large negative offset risks crossing memory boundaries.

Stack/Register Corruption:

pop rbx                                 ; Potential stack imbalance.  
sar al, 63h                             ; Destructive bitwise operation on register state.

The assembly code exhibits poor pointer hygiene and lack of bounds checks , directly correlating to the observed BSOD (0x50 ) presents above.

7

Then i would contact support for help :)

8

Looks horrible and hope it be fixed soooooon)))

9

Thx, I will get to that~

10

Same problem, and it happened after launch/quit warthunder and during the gaming. The cause including invalid memory and write on read only memory.

11

Also having the exact same issue for about a week now, nothing I’ve tried, including BIOS update, driver update, uninstall/reinstall, has worked.