Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Microsoft (R) Windows Debugger Version 10.0.14321.1024 X86
- Copyright (c) Microsoft Corporation. All rights reserved.
- Auto Dump Analyzer by gardenman
- Time to debug file(s): 00 hours and 01 minutes and 38 seconds
- ========================================================================
- =================== Dump File: 080417-4046-01.dmp ====================
- ========================================================================
- Mini Kernel Dump File: Only registers and stack trace are available
- Windows 10 Kernel Version 15063 MP (4 procs) Free x64
- Product: WinNt, suite: TerminalServer SingleUserTS
- Built by: 15063.0.amd64fre.rs2_release.170317-1834
- Kernel base = 0xfffff801`1c815000 PsLoadedModuleList = 0xfffff801`1cb615a0
- Debug session time: Fri Aug 4 06:41:31.250 2017 (UTC - 4:00)
- System Uptime: 0 days 0:09:45.962
- BugCheck 139, {3, ffffb10199747160, ffffb101997470b8, 0}
- Probably caused by : memory_corruption
- Followup: memory_corruption
- KERNEL_SECURITY_CHECK_FAILURE (139)
- A kernel component has corrupted a critical data structure. The corruption
- could potentially allow a malicious user to gain control of this machine.
- Arguments:
- Arg1: 0000000000000003, A LIST_ENTRY has been corrupted (i.e. double remove).
- Arg2: ffffb10199747160, Address of the trap frame for the exception that caused the bugcheck
- Arg3: ffffb101997470b8, Address of the exception record for the exception that caused the bugcheck
- Arg4: 0000000000000000, Reserved
- Debugging Details:
- DUMP_CLASS: 1
- DUMP_QUALIFIER: 400
- BUILD_VERSION_STRING: 10.0.15063.0 (WinBuild.160101.0800)
- SYSTEM_MANUFACTURER: Gigabyte Technology Co., Ltd.
- SYSTEM_PRODUCT_NAME: H110M-S2H
- SYSTEM_SKU: Default string
- SYSTEM_VERSION: Default string
- BIOS_VENDOR: American Megatrends Inc.
- BIOS_VERSION: F21
- BIOS_DATE: 05/23/2017
- BASEBOARD_MANUFACTURER: Gigabyte Technology Co., Ltd.
- BASEBOARD_PRODUCT: H110M-S2H-CF
- BASEBOARD_VERSION: x.x
- DUMP_TYPE: 2
- TRAP_FRAME: ffffb10199747160 -- (.trap 0xffffb10199747160)
- NOTE: The trap frame does not contain all registers.
- Some register values may be zeroed or incorrect.
- rax=ffff800c415d5478 rbx=0000000000000000 rcx=0000000000000003
- rdx=ffffb10199747358 rsi=0000000000000000 rdi=0000000000000000
- rip=fffff80a7f58e5c1 rsp=ffffb101997472f0 rbp=ffffb10199747b00
- r8=0000000000010000 r9=ffff800c415d5478 r10=0000000000010000
- r11=000000000000ffff r12=0000000000000000 r13=0000000000000000
- r14=0000000000000000 r15=0000000000000000
- iopl=0 nv up ei ng nz na pe cy
- afd!AfdBReceiveEventHandler+0x5af1:
- fffff80a`7f58e5c1 cd29 int 29h
- Resetting default scope
- EXCEPTION_RECORD: ffffb101997470b8 -- (.exr 0xffffb101997470b8)
- ExceptionAddress: fffff80a7f58e5c1 (afd!AfdBReceiveEventHandler+0x0000000000005af1)
- ExceptionCode: c0000409 (Security check failure or stack buffer overrun)
- ExceptionFlags: 00000001
- NumberParameters: 1
- Parameter[0]: 0000000000000003
- Subcode: 0x3 FAST_FAIL_CORRUPT_LIST_ENTRY
- CPU_COUNT: 4
- CPU_MHZ: e70
- CPU_VENDOR: GenuineIntel
- CPU_FAMILY: 6
- CPU_MODEL: 5e
- CPU_STEPPING: 3
- CPU_MICROCODE: 6,5e,3,0 (F,M,S,R) SIG: A6'00000000 (cache) A6'00000000 (init)
- CUSTOMER_CRASH_COUNT: 1
- DEFAULT_BUCKET_ID: CODE_CORRUPTION
- BUGCHECK_STR: 0x139
- PROCESS_NAME: Agent.exe
- CURRENT_IRQL: 2
- ERROR_CODE: (NTSTATUS) 0xc0000409 - The system detected an overrun of a stack-based buffer in this application. This overrun could potentially allow a malicious user to gain control of this application.
- EXCEPTION_CODE: (NTSTATUS) 0xc0000409 - The system detected an overrun of a stack-based buffer in this application. This overrun could potentially allow a malicious user to gain control of this application.
- EXCEPTION_CODE_STR: c0000409
- EXCEPTION_PARAMETER1: 0000000000000003
- LAST_CONTROL_TRANSFER: from fffff8011c98c3a9 to fffff8011c980fd0
- STACK_TEXT:
- ffffb101`99746e38 fffff801`1c98c3a9 : 00000000`00000139 00000000`00000003 ffffb101`99747160 ffffb101`997470b8 : nt!KeBugCheckEx
- ffffb101`99746e40 fffff801`1c98c710 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiBugCheckDispatch+0x69
- ffffb101`99746f80 fffff801`1c98b6f7 : ffffffff`0000ff00 00000000`ff000000 64646464`64646464 00000000`00000000 : nt!KiFastFailDispatch+0xd0
- ffffb101`99747160 fffff80a`7f58e5c1 : ffffb101`997476e0 ffffb101`99747b00 ffff800c`3be65870 ffff800c`43e919b8 : nt!KiRaiseSecurityCheckFailure+0xf7
- ffffb101`997472f0 fffff80a`7f562351 : ffff800c`00000001 00000000`00000000 00000000`00000000 00000000`00000000 : afd!AfdBReceiveEventHandler+0x5af1
- ffffb101`997474e0 fffff801`1cc71b22 : ffff800c`00000000 ffff800c`3ebd5410 00000000`00012017 ffff800c`4172b8c0 : afd!AfdFastIoDeviceControl+0x7d1
- ffffb101`99747860 fffff801`1cc71756 : 800c3e56`a610b369 00000000`000005fc 00000000`00000001 00000000`00000000 : nt!IopXxxControlFile+0x3b2
- ffffb101`997479a0 fffff801`1c98bf13 : 00000000`00000000 00000000`00000001 00000000`00000001 ffff800c`3f399700 : nt!NtDeviceIoControlFile+0x56
- ffffb101`99747a10 00000000`6e3e21cc : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
- 00000000`05dbee08 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x6e3e21cc
- STACK_COMMAND: kb
- CHKIMG_EXTENSION: !chkimg -lo 50 -d !nt
- fffff8011c91dcba - nt!MiModifiedWriterNoReservationSort+a
- [ fa:ad ]
- fffff8011ca95373-fffff8011ca95375 3 bytes - nt!ExFreePoolWithTag+363
- [ 40 fb f6:80 54 a9 ]
- fffff8011ca956a6-fffff8011ca956a7 2 bytes - nt!ExFreePoolWithTag+696 (+0x333)
- [ 80 f6:00 a9 ]
- 6 errors : !nt (fffff8011c91dcba-fffff8011ca956a7)
- MODULE_NAME: memory_corruption
- IMAGE_NAME: memory_corruption
- FOLLOWUP_NAME: memory_corruption
- DEBUG_FLR_IMAGE_TIMESTAMP: 0
- MEMORY_CORRUPTOR: LARGE
- FAILURE_BUCKET_ID: MEMORY_CORRUPTION_LARGE
- BUCKET_ID: MEMORY_CORRUPTION_LARGE
- PRIMARY_PROBLEM_CLASS: MEMORY_CORRUPTION_LARGE
- TARGET_TIME: 2017-08-04T10:41:31.000Z
- OSBUILD: 15063
- OSSERVICEPACK: 0
- SERVICEPACK_NUMBER: 0
- OS_REVISION: 0
- SUITE_MASK: 272
- PRODUCT_TYPE: 1
- OSPLATFORM_TYPE: x64
- OSNAME: Windows 10
- OSEDITION: Windows 10 WinNt TerminalServer SingleUserTS
- USER_LCID: 0
- OSBUILD_TIMESTAMP: 2017-03-18 00:40:44
- BUILDDATESTAMP_STR: 160101.0800
- BUILDLAB_STR: WinBuild
- BUILDOSVER_STR: 10.0.15063.0
- ANALYSIS_SESSION_ELAPSED_TIME: 295b
- ANALYSIS_SOURCE: KM
- FAILURE_ID_HASH_STRING: km:memory_corruption_large
- FAILURE_ID_HASH: {e29154ac-69a4-0eb8-172a-a860f73c0a3c}
- Followup: memory_corruption
- ========================================================================
- ============================== Drivers ===============================
- ========================================================================
- Image path: \SystemRoot\System32\Drivers\avusbflt.sys
- Image name: avusbflt.sys
- Info Link : http://www.carrona.org/drivers/driver.php?id=avusbflt.sys
- Timestamp : Wed May 3 2017
- Image path: \SystemRoot\system32\DRIVERS\avdevprot.sys
- Image name: avdevprot.sys
- Info Link : http://www.carrona.org/drivers/driver.php?id=avdevprot.sys
- Timestamp : Wed May 3 2017
- Image path: \SystemRoot\system32\DRIVERS\avkmgr.sys
- Image name: avkmgr.sys
- Info Link : http://www.carrona.org/drivers/driver.php?id=avkmgr.sys
- Timestamp : Fri Dec 16 2016
- Image path: \SystemRoot\system32\DRIVERS\avipbb.sys
- Image name: avipbb.sys
- Info Link : http://www.carrona.org/drivers/driver.php?id=avipbb.sys
- Timestamp : Thu Jul 6 2017
- Image path: \SystemRoot\system32\DRIVERS\lvrs64.sys
- Image name: lvrs64.sys
- Info Link : http://www.carrona.org/drivers/driver.php?id=lvrs64.sys
- Timestamp : Mon Oct 22 2012
- Image path: \SystemRoot\system32\DRIVERS\lvuvc64.sys
- Image name: lvuvc64.sys
- Info Link : http://www.carrona.org/drivers/driver.php?id=lvuvc64.sys
- Timestamp : Mon Oct 22 2012
- Image path: \SystemRoot\system32\DRIVERS\avgntflt.sys
- Image name: avgntflt.sys
- Info Link : http://www.carrona.org/drivers/driver.php?id=avgntflt.sys
- Timestamp : Mon Jul 10 2017
- Image path: \SystemRoot\system32\DRIVERS\avnetflt.sys
- Image name: avnetflt.sys
- Info Link : http://www.carrona.org/drivers/driver.php?id=avnetflt.sys
- Timestamp : Fri Dec 16 2016
- Image path: \??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys
- Image name: MBAMSwissArmy.sys
- Info Link : http://www.carrona.org/drivers/driver.php?id=MBAMSwissArmy.sys
- Timestamp : Fri Jun 2 2017
- Image path: \SystemRoot\System32\drivers\lvbflt64.sys
- Image name: lvbflt64.sys
- Info Link : http://www.carrona.org/drivers/driver.php?id=lvbflt64.sys
- Timestamp : Mon Oct 22 2012
- Image path: \SystemRoot\System32\drivers\TeeDriverW8x64.sys
- Image name: TeeDriverW8x64.sys
- Info Link : http://www.carrona.org/drivers/driver.php?id=TeeDriverW8x64.sys
- ADA Info : Intel® Management Engine Interface
- Timestamp : Wed Aug 31 2016
- Image path: \SystemRoot\System32\drivers\rt640x64.sys
- Image name: rt640x64.sys
- Info Link : http://www.carrona.org/drivers/driver.php?id=rt640x64.sys
- ADA Info : Realtek NICDRV 8169 PCIe GBE Family Controller driver http://www.realtek.com.tw
- Timestamp : Thu Oct 1 2015
- Image path: \SystemRoot\system32\drivers\nvvad64v.sys
- Image name: nvvad64v.sys
- Info Link : http://www.carrona.org/drivers/driver.php?id=nvvad64v.sys
- ADA Info : Nvidia Virtual Audio Driver http://www.nvidia.com/
- Timestamp : Wed Apr 12 2017
- Image path: \SystemRoot\System32\drivers\nvvhci.sys
- Image name: nvvhci.sys
- Info Link : http://www.carrona.org/drivers/driver.php?id=nvvhci.sys
- ADA Info : Virtual USB Host Controller driver http://www.nvidia.com/
- Timestamp : Tue Dec 27 2016
- Image path: \SystemRoot\system32\drivers\nvhda64v.sys
- Image name: nvhda64v.sys
- Info Link : http://www.carrona.org/drivers/driver.php?id=nvhda64v.sys
- ADA Info : Nvidia HDMI Audio Device http://www.nvidia.com/
- Timestamp : Tue May 16 2017
- Image path: \SystemRoot\system32\drivers\RTKVHD64.sys
- Image name: RTKVHD64.sys
- Info Link : http://www.carrona.org/drivers/driver.php?id=RTKVHD64.sys
- ADA Info : Realtek Audio Driver system driver http://www.realtek.com.tw
- Timestamp : Fri Jan 22 2016
- Image path: \SystemRoot\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_24ddebfb518b5a55\nvlddmkm.sys
- Image name: nvlddmkm.sys
- Info Link : http://www.carrona.org/drivers/driver.php?id=nvlddmkm.sys
- ADA Info : Nvidia Graphics Card driver http://www.nvidia.com/
- Timestamp : Tue Jul 18 2017
- Image path: \SystemRoot\System32\drivers\sshid.sys
- Image name: sshid.sys
- Info Link : http://www.carrona.org/drivers/driver.php?id=sshid.sys
- Timestamp : Mon Jun 26 2017
- Unloaded modules:
- fffff80a`804c0000 fffff80a`804fd000 WUDFRd.sys
- fffff80a`7e5f0000 fffff80a`7e60c000 EhStorClass.
- fffff80a`80150000 fffff80a`8015b000 cldflt.sys
- fffff80a`7f060000 fffff80a`7f06f000 dump_storpor
- fffff80a`7f0a0000 fffff80a`7f0c7000 dump_storahc
- fffff80a`7f0f0000 fffff80a`7f10d000 dump_dumpfve
- fffff80a`7e8d0000 fffff80a`7e8f0000 dam.sys
- fffff80a`7ef70000 fffff80a`7ef7f000 hwpolicy.sys
- ========================================================================
- ============================== BIOS INFO =============================
- ========================================================================
- [SMBIOS Data Tables v3.0]
- [DMI Version - 0]
- [2.0 Calling Convention - No]
- [Table Size - 4249 bytes]
- [BIOS Information (Type 0) - Length 24 - Handle 0000h]
- Vendor American Megatrends Inc.
- BIOS Version F21
- BIOS Starting Address Segment f000
- BIOS Release Date 05/23/2017
- BIOS ROM Size 800000
- BIOS Characteristics
- 07: - PCI Supported
- 11: - Upgradeable FLASH BIOS
- 12: - BIOS Shadowing Supported
- 15: - CD-Boot Supported
- 16: - Selectable Boot Supported
- 17: - BIOS ROM Socketed
- 19: - EDD Supported
- 23: - 1.2MB Floppy Supported
- 24: - 720KB Floppy Supported
- 25: - 2.88MB Floppy Supported
- 26: - Print Screen Device Supported
- 28: - Serial Services Supported
- 29: - Printer Services Supported
- 32: - BIOS Vendor Reserved
- BIOS Characteristic Extensions
- 00: - ACPI Supported
- 01: - USB Legacy Supported
- 08: - BIOS Boot Specification Supported
- 10: - Specification Reserved
- 11: - Specification Reserved
- BIOS Major Revision 5
- BIOS Minor Revision 12
- EC Firmware Major Revision 255
- EC Firmware Minor Revision 255
- [System Information (Type 1) - Length 27 - Handle 0001h]
- Manufacturer Gigabyte Technology Co., Ltd.
- Product Name H110M-S2H
- Version Default string
- UUID 00000000-0000-0000-0000-000000000000
- Wakeup Type Power Switch
- SKUNumber Default string
- Family Default string
- [BaseBoard Information (Type 2) - Length 15 - Handle 0002h]
- Manufacturer Gigabyte Technology Co., Ltd.
- Product H110M-S2H-CF
- Version x.x
- Feature Flags 09h
- 1573200392: - ?ÿU?ì?ì¡H.Ø]3Å?Eü3ÀW?}?Eô?Eø?ÿu
- ¸@
- 1573200432: - ?ÿU?ì?ì¡H.Ø]3Å?Eü3ÀW?}?Eô?Eø?ÿu
- ¸@
- Location Default string
- Chassis Handle 0003h
- Board Type 0ah - Processor/Memory Module
- Number of Child Handles 0
- [System Enclosure (Type 3) - Length 22 - Handle 0003h]
- Manufacturer Default string
- Chassis Type Desktop
- Version Default string
- Bootup State Safe
- Power Supply State Safe
- Thermal State Safe
- Security Status None
- OEM Defined 0
- Height 0U
- Number of Power Cords 1
- Number of Contained Elements 0
- Contained Element Size 3
- [Onboard Devices Information (Type 10) - Length 6 - Handle 0021h]
- Number of Devices 1
- 01: Type Video [enabled]
- [OEM Strings (Type 11) - Length 5 - Handle 0022h]
- Number of Strings 1
- 1 Default string
- [System Configuration Options (Type 12) - Length 5 - Handle 0023h]
- [Physical Memory Array (Type 16) - Length 23 - Handle 003dh]
- Location 03h - SystemBoard/Motherboard
- Use 03h - System Memory
- Memory Error Correction 03h - None
- Maximum Capacity 67108864KB
- Number of Memory Devices 4
- [Memory Device (Type 17) - Length 40 - Handle 003eh]
- Physical Memory Array Handle 003dh
- Total Width 64 bits
- Data Width 64 bits
- Size 8192MB
- Form Factor 09h - DIMM
- Device Locator ChannelA-DIMM0
- Bank Locator BANK 0
- Memory Type 1ah - Specification Reserved
- Type Detail 0080h - Synchronous
- Speed 2133MHz
- Manufacturer Kingston
- Part Number KHX2133C14/8G
- [Memory Device (Type 17) - Length 40 - Handle 003fh]
- Physical Memory Array Handle 003dh
- Total Width 0 bits
- Data Width 0 bits
- Form Factor 02h - Unknown
- Device Locator ChannelA-DIMM1
- Bank Locator BANK 1
- Memory Type 02h - Unknown
- Type Detail 0000h -
- Speed 0MHz
- [Memory Device (Type 17) - Length 40 - Handle 0040h]
- Physical Memory Array Handle 003dh
- Total Width 64 bits
- Data Width 64 bits
- Size 8192MB
- Form Factor 09h - DIMM
- Device Locator ChannelB-DIMM0
- Bank Locator BANK 2
- Memory Type 1ah - Specification Reserved
- Type Detail 0080h - Synchronous
- Speed 2133MHz
- Manufacturer Kingston
- Part Number KHX2133C14/8G
- [Memory Device (Type 17) - Length 40 - Handle 0041h]
- Physical Memory Array Handle 003dh
- Total Width 0 bits
- Data Width 0 bits
- Form Factor 02h - Unknown
- Device Locator ChannelB-DIMM1
- Bank Locator BANK 3
- Memory Type 02h - Unknown
- Type Detail 0000h -
- Speed 0MHz
- [Memory Array Mapped Address (Type 19) - Length 31 - Handle 0042h]
- Starting Address 00000000h
- Ending Address 00ffffffh
- Memory Array Handle 003dh
- Partition Width 02
- [Cache Information (Type 7) - Length 19 - Handle 0043h]
- Socket Designation L1 Cache
- Cache Configuration 0180h - WB Enabled Int NonSocketed L1
- Maximum Cache Size 0080h - 128K
- Installed Size 0080h - 128K
- Supported SRAM Type 0020h - Synchronous
- Current SRAM Type 0020h - Synchronous
- Cache Speed 0ns
- Error Correction Type ParitySingle-Bit ECC
- System Cache Type Unified
- Associativity 8-way Set-Associative
- [Cache Information (Type 7) - Length 19 - Handle 0044h]
- Socket Designation L2 Cache
- Cache Configuration 0181h - WB Enabled Int NonSocketed L2
- Maximum Cache Size 0200h - 512K
- Installed Size 0200h - 512K
- Supported SRAM Type 0020h - Synchronous
- Current SRAM Type 0020h - Synchronous
- Cache Speed 0ns
- Error Correction Type Multi-Bit ECC
- System Cache Type Unified
- Associativity 4-way Set-Associative
- [Cache Information (Type 7) - Length 19 - Handle 0045h]
- Socket Designation L3 Cache
- Cache Configuration 0182h - WB Enabled Int NonSocketed L3
- Maximum Cache Size 0c00h - 3072K
- Installed Size 0c00h - 3072K
- Supported SRAM Type 0020h - Synchronous
- Current SRAM Type 0020h - Synchronous
- Cache Speed 0ns
- Error Correction Type Specification Reserved
- System Cache Type Unified
- Associativity Specification Reserved
- [Processor Information (Type 4) - Length 48 - Handle 0046h]
- Socket Designation U3E1
- Processor Type Central Processor
- Processor Family ceh - Specification Reserved
- Processor Manufacturer Intel(R) Corporation
- Processor ID e3060500fffbebbf
- Processor Version Intel(R) Core(TM) i3-6100 CPU @ 3.70GHz
- Processor Voltage 8bh - 1.1V
- External Clock 100MHz
- Max Speed 8300MHz
- Current Speed 3700MHz
- Status Enabled Populated
- Processor Upgrade Other
- L1 Cache Handle 0043h
- L2 Cache Handle 0044h
- L3 Cache Handle 0045h
- [Memory Device Mapped Address (Type 20) - Length 35 - Handle 0047h]
- Starting Address 00000000h
- Ending Address 007fffffh
- Memory Device Handle 003eh
- Mem Array Mapped Adr Handle 0042h
- Interleave Position 01
- Interleave Data Depth 02
- [Memory Device Mapped Address (Type 20) - Length 35 - Handle 0048h]
- Starting Address 00800000h
- Ending Address 00ffffffh
- Memory Device Handle 0040h
- Mem Array Mapped Adr Handle 0042h
- Interleave Position 02
- Interleave Data Depth 02
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement