Ghost Recon Wildlands blocks sarasio_x64.dll from loading and therefore no sound

[quidlor]

Hi,

Not sure what else to do. When I encounter this issue with other games, I simply close down reaper, load the game, then load reaper again. This however does not work with Ghost Recon Wildlands as it seems the dll doesn't get unloaded after shutting down reaper. The only solution is to restart my computer, load the game and then load reaper. This is a bit problematic when streaming...

Any work around for this?

Love what you do by the way!

[pannal]

27

[quidlor]

Does this mean the same solution for issue #27 needs to be applied to #28 but for its respective company?

[pannal]

If ghost recon wildlands uses BattlEye, then yes. If it uses another "protection" mechanism, you'd have to contact them.

[eiz]

I've contacted BattlEye as well but I wouldn't get your hopes up. I'm not willing to play cat and mouse with anti-cheat software vendors, so either they'll recognize SAR as non-cheat software or not.

[quidlor]

Thanks! I've also contacted Ubisoft and opened a ticket. I'll give an update once I hear back.

[quidlor]

They sent my ticket to their development team which to me means they're not doing anything about it.

[dori4n]

@eiz You will need to digitally sign the binary that hooks into applications, using a code signing certificate issued by a valid certification authority in the Windows Trust Store (can be opened via certmgr.msc for the local signed in user). The easiest way to accomplish this is to use an open source code signing certificate from Certum and signing the dynamic link library binaries as described here:

1. Get a code signing certificate
2. Signing and Checking Code with Authenticode
3. Everything you need to know about Authenticode Code Signing

That is usually enough to install a capture hook into BattlEye and similarly protected games.

PS: You should also sign your installer.

[pannal]

@NightmareJoker2 this is quite interesting. Do you have previous experience with signing stuff to be "compatible" with BattlEye?

[pannal]

@NightmareJoker2 I'd be willing to pay the 80€ for Certum code signing including their smart card. Are you absolutely sure this method works for the latest BE?

[pannal]

@eiz do you have any thoughts on this? Do you have the ability to sign code and to test this out? I'd be willing to pay for the final public code signing once this is confirmed.

[dori4n]

@pannal I don't know for certain it always works, or that it still works. They may have changed things in the past months and only allow approved signers (quite honestly, that's what I would do, allowing people to pay 29 bucks for the ability to cheat seems a bit risky). You are using a driver anyway, which needs to be signed for Windows to load them, so you should be able to test it easily enough. Just sign the binaries and the installer in addition to the drivers. If all else fails, shoot them a message at https://www.battleye.com/contact/ they are usually fairly responsive, but it's the holiday season now, so I wouldn't expect a response before January 7th, next year.

[dori4n]

I have looked into how this affects you further. You are currently using 2048-bit RSA with SHA-1 signatures on SarNdis\SarNdis.cat, SarNdis\SarNdis.sys, SynchronousAudioRouter.cat and SynchronousAudioRouter.sys with a certificate issued by DigiCert SHA2 High Assurance Code Signing CA to Mackenzie Straight (expiry at ‎Monday, ‎November ‎13, ‎2017 1:00:00 PM) validated via DigiCert's root in the trust store and a timestamp from DigiCerts timestamp provider at Saturday, ‎November ‎11, ‎2017 6:33:36 AM, while SarAsio.dll, SarAsio_x64.dll and the installer MSI file have no signatures at all. You will need to use SHA-2 signatures in the future, where SHA-256 is recommended for optimal compatibility with legacy operating systems (as old as Windows XP SP3 for applications, not that you should still use that, and Windows 7 for drivers) and SHA-384 offering best integrity assurance. Applications can set a compile time option, and, via EMET or the Exploit Mitigation options in Windows 10 1709 (Fall Creators Update) and newer, users or system administrators can set a operating system option to require that any libraries loaded or injected via hook procedures have a valid digital signature. There is also an option to require a valid digital signature for process elevation (run as Administrator), some users may have set. Signing your installers or executables that will run or require to be run with administrative privileges is always a good idea, if parts of your application are signed due to other requirements anyway. "Unnecessary" code signatures do not tend to cause problems.

You will need a new certificate for this, since the old one you have been using has expired. https://github.com/eiz/SynchronousAudioRouter/issues/39#issuecomment-353470976 tells me you've gotten a new one already.

I have tested this with the latest version of SAR (0.13 at time of writing), PUBG (my go-to BattlEye test scenario), REAPER and OBS all running in an unelevated context with the above mentioned mitigation options enabled, and have not found any issues, short of my unfamiliarity with REAPER. This also means #27 is essentially resolved or not reproducible. If anyone has issues, it is probably related to one of the applications involved running at a higher process elevation level than the others and a lower elevation process being unable to hook or access the higher elevation one. PSA: Do not run applications as Administrator, unless you have to, you usually don't or can grant permissions to access a required resource to the user or process without granting access to everything else privilege elevation would grant access to. You should also start any application which adds hooks to other applications before starting the application you want to hook into, i.e. start OBS, then REAPER and then the game.

And with that... happy holidays! 🎅

[pannal]

@NightmareJoker2 do I understand correctly, that you've built SAR on your own with those mitigation options enabled? If so, can you share your build so I can verify that #27 is invalid?

Update: You're totally right. I was running REAPER elevated - not doing that fixed the issue with PUBG/BattlEye as it seems.