Can't start BattlEye inside Sandboxie

[bno1]

Hi guys. I'm having a problem to make BattlEye anticheat start inside Sandboxie. Let me quickly explain the scenario:

Steam.exe = Works fine
Arma3launcher.exe = Works fine
Arma3.exe(game) = Works fine
arma3battleye.exe(game+battleye) = Fails to launch

When i try to open "arma3battleye.exe", pop ups on the screen a small window the following errors(image attached):

22:28:48: Starting BattlEye Service...
22:28:58: Failed to start BattlEye Service (0).
22:28:58: Installing BattlEye Service...
22:28:58: Failed to install BattlEye Service.

The service "BEService" executable(which is located at C:\Program Files (x86)\Common Files\BattlEye\BEService.exe) starts successfully, but outside sandbox.

I've tried to use latest version of Sandboxie and the oldest version(3.56), I've tried to enable all stuff not present anymore, driver and hooks access, and tried to change some setting at Sandboxie.ini but have no success.

Is there a way to make Battleye work with Sandboxie? Thanks.

[chris@invincea]

@bno1

Have you tried running BattlEye outside of Sandboxie to see which processes run then run those processes within Sandboxie?

[bno1]

Hi Chris.

Yes, I've tried to do it, and the only process which opens when I run arma3battleye.exe is BEService.exe, and it is not just a .exe, it is a service executable, which is started even when I open arma3battleye.exe inside Sandboxie.

When I try to open BEService.exe, being inside or outside Sandboxie, it just opens a black window(exactly like Windows cmd) then closes, no message, no error, nothing. There are no parameters at BEService.exe service and "Process Explorer" shows the same, there are no parameters used to start BEService.exe. That's odd because opening arma3battleye.exe outside Sandboxie causes BEService.exe to open/start automatically, and it remains opened/started until I close the game.

I was just brainstorming... what if arma3battleye.exe send something to BEService.exe, then BEService.exe start and can't contact back due to isolation? I mean, BEService.exe is a Windows service, not just an executable. That could possibly explain why it wont open inside Sandboxie but outside. arma3battleye.exe could be starting the service and being unable to contact or see the started service, so it thinks it failed... But yeah, it is just a theory.

[Syrinx]

The service "BEService" executable(which is located at C:\Program Files (x86)\Common Files\BattlEye\BEService.exe) starts successfully, but outside sandbox.

If this is accurate there may be something needed for communication from within the box. Please try using
(Sandboxie Control/GUI) Menu > File > Resource Access Monitor
and starting the game/service as you normally would when it fails. [preferably without any other boxes open/active]
Please paste or PM the resulting contents and maybe there will be something we can open to allow it to communicate.

Normally I'd test it myself but from this list here: https://www.battleye.com/downloads/
I didn't find any free games that use it. I'm not going to buy a game I don't want just to test it, sorry!

[bno1]

Hi Syrinx.

Sure, no problem, anything you need to solve this case, you just need to ask me, then I will do it. BEService.exe opens outside sandbox, the info is accurate. I have attached two images, before and after open arma3battleye.exe.

I'm using Sandboxie 3.76 and here is the Resource Access Monitor log as requested:

Code: Select all

(Drive)     \Device\CdRom0
(Drive)     \Device\HarddiskVolume4
(Drive)     \Device\HarddiskVolume5
(Drive)     \Device\HarddiskVolume6
(Drive)     \Device\HarddiskVolume7
Clsid       -------------------------------
File/Key    -------------------------------
Image       -------------------------------
Image       *:\program files (x86)\steam\steamapps\common\arma 3\arma3battleye.exe
Image       c:\program files\sandboxie\32\sbiedll.dll
Image       c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
Image       c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
Image       c:\windows\system32\apphelp.dll
Image       c:\windows\system32\devrtl.dll
Image       c:\windows\system32\dwmapi.dll
Image       c:\windows\system32\imm32.dll
Image       c:\windows\system32\lz32.dll
Image       c:\windows\system32\mpr.dll
Image       c:\windows\system32\ntmarta.dll
Image       c:\windows\system32\propsys.dll
Image       c:\windows\system32\secur32.dll
Image       c:\windows\system32\sfc.dll
Image       c:\windows\system32\sfc_os.dll
Image       c:\windows\system32\uxtheme.dll
Image       c:\windows\system32\version.dll
Image       c:\windows\syswow64\advapi32.dll
Image       c:\windows\syswow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
Image       c:\windows\syswow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
Image       c:\windows\syswow64\api-ms-win-downlevel-ole32-l1-1-0.dll
Image       c:\windows\syswow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
Image       c:\windows\syswow64\api-ms-win-downlevel-user32-l1-1-0.dll
Image       c:\windows\syswow64\api-ms-win-downlevel-version-l1-1-0.dll
Image       c:\windows\syswow64\cfgmgr32.dll
Image       c:\windows\syswow64\clbcatq.dll
Image       c:\windows\syswow64\cryptbase.dll
Image       c:\windows\syswow64\devobj.dll
Image       c:\windows\syswow64\gdi32.dll
Image       c:\windows\syswow64\iertutil.dll
Image       c:\windows\syswow64\kernel32.dll
Image       c:\windows\syswow64\kernelbase.dll
Image       c:\windows\syswow64\lpk.dll
Image       c:\windows\syswow64\msctf.dll
Image       c:\windows\syswow64\msvcrt.dll
Image       c:\windows\syswow64\normaliz.dll
Image       c:\windows\syswow64\ntdll.dll
Image       c:\windows\syswow64\ole32.dll
Image       c:\windows\syswow64\oleaut32.dll
Image       c:\windows\syswow64\profapi.dll
Image       c:\windows\syswow64\rpcrt4.dll
Image       c:\windows\syswow64\sechost.dll
Image       c:\windows\syswow64\setupapi.dll
Image       c:\windows\syswow64\shell32.dll
Image       c:\windows\syswow64\shlwapi.dll
Image       c:\windows\syswow64\sspicli.dll
Image       c:\windows\syswow64\urlmon.dll
Image       c:\windows\syswow64\user32.dll
Image       c:\windows\syswow64\userenv.dll
Image       c:\windows\syswow64\usp10.dll
Image       c:\windows\syswow64\wininet.dll
Image       c:\windows\syswow64\wldap32.dll
Image       c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
Ipc         -------------------------------
Ipc         \rpc control\epmapper
Ipc         \sessions\1\basenamedobjects\defaulttabtip-mainui
Ipc         \sessions\1\basenamedobjects\global\__comcatalogcache__
Ipc         \sessions\1\basenamedobjects\global\c:*programdata*microsoft*windows*caches*{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x0000000000000012.db
Ipc         \sessions\1\basenamedobjects\global\c:*programdata*microsoft*windows*caches*{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000002.db
Ipc         \sessions\1\basenamedobjects\global\c:*programdata*microsoft*windows*caches*cversions.2
Ipc         \sessions\1\basenamedobjects\global\c:*programdata*microsoft*windows*caches*cversions.2.ro
Ipc         \sessions\1\basenamedobjects\global\sc_autostartcomplete
Ipc         \sessions\1\basenamedobjects\global\windows_shell_global_counters
Ipc         \sessions\1\basenamedobjects\hookswitchhookenabledevent
Ipc         \sessions\1\basenamedobjects\local\c:*programdata*microsoft*windows*caches*cversions.2
Ipc         \sessions\1\basenamedobjects\local\c:*users*******appdata*local*microsoft*windows*caches*{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x00000000000000ba.db
Ipc         \sessions\1\basenamedobjects\local\c:*users*******appdata*local*microsoft*windows*caches*cversions.1
Ipc         \sessions\1\basenamedobjects\local\c:*users*******appdata*local*microsoft*windows*caches*cversions.1.ro
Ipc         \sessions\1\basenamedobjects\local\shell.cmrupidllist
Ipc         \sessions\1\basenamedobjects\local\urlzonessm_*****
Ipc         \sessions\1\basenamedobjects\local\zonescachecountermutex
Ipc         \sessions\1\basenamedobjects\local\zoneslockedcachecountermutex
Ipc         \sessions\1\basenamedobjects\sbie_boxed_dummyevent_2648
Ipc         \sessions\1\basenamedobjects\sbie_boxed_dummyevent_3204
Ipc         \sessions\1\basenamedobjects\sbie_boxed_serviceinitcomplete_dcomlaunch
Ipc         \sessions\1\basenamedobjects\sbie_boxed_serviceinitcomplete_rpcss
Ipc         \sessions\1\basenamedobjects\windows_shell_global_counters
Ipc      O  \kernelobjects\maximumcommitcondition
Ipc      O  \knowndlls32\advapi32.dll
Ipc      O  \knowndlls32\api-ms-win-appmodel-runtime-l1-1-1.dll
Ipc      O  \knowndlls32\api-ms-win-core-fibers-l1-1-1.dll
Ipc      O  \knowndlls32\api-ms-win-core-localization-l1-2-1.dll
Ipc      O  \knowndlls32\api-ms-win-core-synch-l1-2-0.dll
Ipc      O  \knowndlls32\api-ms-win-downlevel-advapi32-l1-1-0.dll
Ipc      O  \knowndlls32\api-ms-win-downlevel-advapi32-l2-1-0.dll
Ipc      O  \knowndlls32\api-ms-win-downlevel-normaliz-l1-1-0.dll
Ipc      O  \knowndlls32\api-ms-win-downlevel-ole32-l1-1-0.dll
Ipc      O  \knowndlls32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
Ipc      O  \knowndlls32\api-ms-win-downlevel-user32-l1-1-0.dll
Ipc      O  \knowndlls32\api-ms-win-downlevel-version-l1-1-0.dll
Ipc      O  \knowndlls32\cfgmgr32.dll
Ipc      O  \knowndlls32\clbcatq.dll
Ipc      O  \knowndlls32\cryptbase.dll
Ipc      O  \knowndlls32\devobj.dll
Ipc      O  \knowndlls32\devrtl.dll
Ipc      O  \knowndlls32\dwmapi.dll
Ipc      O  \knowndlls32\ext-ms-win-kernel32-package-current-l1-1-0.dll
Ipc      O  \knowndlls32\gdi32.dll
Ipc      O  \knowndlls32\iertutil.dll
Ipc      O  \knowndlls32\lpk.dll
Ipc      O  \knowndlls32\lz32.dll
Ipc      O  \knowndlls32\mpr.dll
Ipc      O  \knowndlls32\msctf.dll
Ipc      O  \knowndlls32\msvcrt.dll
Ipc      O  \knowndlls32\normaliz.dll
Ipc      O  \knowndlls32\ntmarta.dll
Ipc      O  \knowndlls32\ole32.dll
Ipc      O  \knowndlls32\oleaut32.dll
Ipc      O  \knowndlls32\profapi.dll
Ipc      O  \knowndlls32\propsys.dll
Ipc      O  \knowndlls32\rpcrt4.dll
Ipc      O  \knowndlls32\secur32.dll
Ipc      O  \knowndlls32\setupapi.dll
Ipc      O  \knowndlls32\sfc_os.dll
Ipc      O  \knowndlls32\shell32.dll
Ipc      O  \knowndlls32\shlwapi.dll
Ipc      O  \knowndlls32\sspicli.dll
Ipc      O  \knowndlls32\user32.dll
Ipc      O  \knowndlls32\userenv.dll
Ipc      O  \knowndlls32\usp10.dll
Ipc      O  \knowndlls32\version.dll
Ipc      O  \knowndlls32\wininet.dll
Ipc      O  \knowndlls32\wldap32.dll
Ipc      O  \rpc control\lsarpc_endpoint
Ipc      O  \rpc control\lsasspirpc
Ipc      O  \rpc control\plugplay
Ipc      O  \rpc control\sbiesvcport
Ipc      O  \security\lsa_authentication_initialized
Ipc      O  \sessions\1\basenamedobjects\cicloadwinstawinsta0
Ipc      O  \sessions\1\basenamedobjects\local\msctf.ctfactivated.default1
Ipc      O  \sessions\1\basenamedobjects\local\msctf.ctfmonitorinstmutexdefault1
Ipc      O  \themeapiport
Pipe        -------------------------------
Pipe        \device\0000006c
Pipe        \device\00000088
Pipe        \device\harddiskvolume4
Pipe        \device\harddiskvolume5
Pipe        \device\harddiskvolume6
Pipe        \device\harddiskvolume7
Pipe        \device\ksecdd
Pipe        \device\mountpointmanager
Pipe        \device\namedpipe\battleye
Pipe        \Device\NamedPipe\BattlEye
Pipe        \device\namedpipe\battleye
WinCls      -------------------------------
WinCls   O  $:arma3battleye.exe
WinCls   O  $:explorer.exe
WinCls   O  $:Start.exe
WinCls   O  Shell_TrayWnd
WinCls   X  Progman
WinCls   X  Valve001

[Syrinx]

This one stands out:
\device\namedpipe\battleye
Please try adding that under
Sandbox Settings > Resource Access > File Access > Full Access
Direct Access may also work but for the sake of easier testing go with Full first please and if that helps then you can remove it and try Direct.

Others that caught my eye if that doesn't do it but I'm not so sure about would be under the IPC section:
*\basenamedobjects*\local\shell.cmrupidllist
*\basenamedobjects*\hookswitchhookenabledevent
They could be due to something else running on your system that I just haven't seen on mine and completely unrelated.

Opening up \device\namedpipe\battleye may help even if it doesn't 'work' so if it still gives you trouble can you grab another log while that rule is active?
Also keep in mind the box must be closed (nothing running inside) before any added/changed rules are applied.

[bno1]

Helo again.

I've added all parameters as requested, but no success, it gave me the same error.

Sure, I can do every test you want, here is the new log, using the parameters:

Code: Select all

(Drive)     \Device\CdRom0
(Drive)     \Device\HarddiskVolume4
(Drive)     \Device\HarddiskVolume5
(Drive)     \Device\HarddiskVolume6
(Drive)     \Device\HarddiskVolume7
Clsid       -------------------------------
File/Key    -------------------------------
Image       -------------------------------
Image       *:\program files (x86)\steam\steamapps\common\arma 3\arma3battleye.exe
Image       c:\program files\sandboxie\32\sbiedll.dll
Image       c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
Image       c:\windows\system32\dwmapi.dll
Image       c:\windows\system32\imm32.dll
Image       c:\windows\system32\lz32.dll
Image       c:\windows\system32\propsys.dll
Image       c:\windows\system32\uxtheme.dll
Image       c:\windows\syswow64\advapi32.dll
Image       c:\windows\syswow64\cryptbase.dll
Image       c:\windows\syswow64\gdi32.dll
Image       c:\windows\syswow64\kernel32.dll
Image       c:\windows\syswow64\kernelbase.dll
Image       c:\windows\syswow64\lpk.dll
Image       c:\windows\syswow64\msctf.dll
Image       c:\windows\syswow64\msvcrt.dll
Image       c:\windows\syswow64\ntdll.dll
Image       c:\windows\syswow64\ole32.dll
Image       c:\windows\syswow64\oleaut32.dll
Image       c:\windows\syswow64\rpcrt4.dll
Image       c:\windows\syswow64\sechost.dll
Image       c:\windows\syswow64\shell32.dll
Image       c:\windows\syswow64\shlwapi.dll
Image       c:\windows\syswow64\sspicli.dll
Image       c:\windows\syswow64\user32.dll
Image       c:\windows\syswow64\usp10.dll
Image       c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
Ipc         -------------------------------
Ipc         \rpc control\epmapper
Ipc         \sessions\1\basenamedobjects\defaulttabtip-mainui
Ipc         \sessions\1\basenamedobjects\sbie_boxed_dummyevent_3624
Ipc         \sessions\1\basenamedobjects\sbie_boxed_serviceinitcomplete_dcomlaunch
Ipc         \sessions\1\basenamedobjects\sbie_boxed_serviceinitcomplete_rpcss
Ipc         \sessions\1\basenamedobjects\windows_shell_global_counters
Ipc      O  \knowndlls32\advapi32.dll
Ipc      O  \knowndlls32\api-ms-win-appmodel-runtime-l1-1-1.dll
Ipc      O  \knowndlls32\api-ms-win-core-fibers-l1-1-1.dll
Ipc      O  \knowndlls32\api-ms-win-core-localization-l1-2-1.dll
Ipc      O  \knowndlls32\api-ms-win-core-synch-l1-2-0.dll
Ipc      O  \knowndlls32\cryptbase.dll
Ipc      O  \knowndlls32\dwmapi.dll
Ipc      O  \knowndlls32\ext-ms-win-kernel32-package-current-l1-1-0.dll
Ipc      O  \knowndlls32\gdi32.dll
Ipc      O  \knowndlls32\lpk.dll
Ipc      O  \knowndlls32\lz32.dll
Ipc      O  \knowndlls32\msctf.dll
Ipc      O  \knowndlls32\msvcrt.dll
Ipc      O  \knowndlls32\ole32.dll
Ipc      O  \knowndlls32\oleaut32.dll
Ipc      O  \knowndlls32\propsys.dll
Ipc      O  \knowndlls32\rpcrt4.dll
Ipc      O  \knowndlls32\shell32.dll
Ipc      O  \knowndlls32\shlwapi.dll
Ipc      O  \knowndlls32\sspicli.dll
Ipc      O  \knowndlls32\user32.dll
Ipc      O  \knowndlls32\usp10.dll
Ipc      O  \rpc control\dhcpcsvc6
Ipc      O  \rpc control\sbiesvcport
Ipc      O  \sessions\1\basenamedobjects\cicloadwinstawinsta0
Ipc      O  \sessions\1\basenamedobjects\hookswitchhookenabledevent
Ipc      O  \sessions\1\basenamedobjects\local\msctf.ctfactivated.default1
Ipc      O  \sessions\1\basenamedobjects\local\msctf.ctfmonitorinstmutexdefault1
Ipc      O  \themeapiport
Pipe        -------------------------------
Pipe        \device\00000081
Pipe        \device\ksecdd
Pipe     O  \device\netbt_tcpip_{07c80ace-dd67-4c71-bf87-9c8b8b6d0973}
Pipe     O  \device\netbt_tcpip_{3f255904-b7e4-4ee2-a532-a948203a54d4}
Pipe     O  \device\netbt_tcpip_{69c6336b-836b-4e52-b505-7310dc2a17be}
Pipe     O  \device\netbt_tcpip_{846ee342-7039-11de-9d20-806e6f6e6963}
WinCls      -------------------------------
WinCls   O  $:explorer.exe
WinCls   O  Shell_TrayWnd
WinCls   X  Valve001

[Syrinx]

Odd, the new resource access log doesn't even show the battleye one. Was the service running outside sandboxie at the time?
Unfortunately I didn't see anything new in that one at all. I was hoping that by opening \device\namedpipe\battleye it might begin to communicate with the service and have some extra stuff we might need to add as I have seen sometimes in the past.

You could try adding $:BEService.exe to the IPC Direct Access area but that's just a stray thought, nothing I've seen in the logs hint at this helping any.
Sorry, running out of ideas atm.