Anticheat is required on the servers I'd like to use (TS DM), and I'm interested in moving toward a fix.
With some twiddling with EMET, I disabled mandatory ASLR and bottom-up ASLR, and that did not resolve the issue. It was catching "ROP Caller Check" and "ROP Simulate Execution Flow", so I disabled them as well -- and I'm back to the access violation crash. I'd have to guess there is a magic number or unsafe address calculation going on that is only correct once in a great while.
I get this too (Win 8.1, all manner of compat modes), and it's almost 100% of connections, a couple of seconds after spawning. Long enough to move a few feet and get fragged by Optica if he's on, but that's about it. I've only gotten a game or two since TS required anticheat recently. I was actually scouring the forums for the tenth time last night when I noticed a new post here, so I'm glad to see you are listening, r1ch.
I've attached a debugger before connecting (and loading anticheat). When using both ref_gl and ref_r1gl, the result is the same:
Unhandled exception at 0x66BD0A50 (anticheat.dll) in r1q2.exe: 0xC0000005: Access violation writing location 0xFFFFFFE5.
r1q2.exe is 8.0.1.2 ref_r1gl.dll is 0.1.5.41
I'm not sure whether this is happening during LoadLibrary, Initialize, or somewhere soon after. There are two breakpoints triggered during the LoadLibrary call, then the access violation is thrown. A partial stack as of the second breakpoint is below. I couldn't get anything useful by breaking at the exception throw. I do have dumps if that would be useful, and I'm willing to jump in and help debug this, but I can't make much more progress without at least a PDB.
Since the rendering, input, and sound start up before crash (after blocking on loading anticheat), and every so often, the crash does not happen, it seems to be somewhere down the line. That is, the client_connect section of CL_ConnectionlessPacket would seem to be completing.
Show Posts