API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Aug 31st, 2022
80
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 8.55 KB | None | 0 0
raw download clone embed print report
  1. Microsoft (R) Windows Debugger Version 10.0.25136.1001 AMD64
  2. Copyright (c) Microsoft Corporation. All rights reserved.
  3.  
  4.  
  5. Loading Dump File [C:\Users\Peyton\Desktop\dmps\083122-8640-01.dmp]
  6. Mini Kernel Dump File: Only registers and stack trace are available
  7.  
  8.  
  9. ************* Path validation summary **************
  10. Response Time (ms) Location
  11. Deferred srv*
  12. Symbol search path is: srv*
  13. Executable search path is:
  14. Windows 10 Kernel Version 19041 MP (20 procs) Free x64
  15. Product: WinNt, suite: TerminalServer SingleUserTS
  16. Edition build lab: 19041.1.amd64fre.vb_release.191206-1406
  17. Machine Name:
  18. Kernel base = 0xfffff802`65600000 PsLoadedModuleList = 0xfffff802`6622a250
  19. Debug session time: Wed Aug 31 16:19:10.854 2022 (UTC - 4:00)
  20. System Uptime: 0 days 0:43:22.456
  21. Loading Kernel Symbols
  22. ...............................................................
  23. ................................................................
  24. ................................................................
  25. ...............................
  26. Loading User Symbols
  27. Loading unloaded module list
  28. .................
  29. For analysis of this file, run !analyze -v
  30. nt!KeBugCheckEx:
  31. fffff802`659f88c0 48894c2408 mov qword ptr [rsp+8],rcx ss:0018:ffff8e86`4bece320=0000000000000139
  32. 0: kd> !analyze -v
  33. *******************************************************************************
  34. * *
  35. * Bugcheck Analysis *
  36. * *
  37. *******************************************************************************
  38.  
  39. KERNEL_SECURITY_CHECK_FAILURE (139)
  40. A kernel component has corrupted a critical data structure. The corruption
  41. could potentially allow a malicious user to gain control of this machine.
  42. Arguments:
  43. Arg1: 000000000000001d, An RTL_BALANCED_NODE RBTree entry has been corrupted.
  44. Arg2: ffff8e864bece640, Address of the trap frame for the exception that caused the BugCheck
  45. Arg3: ffff8e864bece598, Address of the exception record for the exception that caused the BugCheck
  46. Arg4: 0000000000000000, Reserved
  47.  
  48. Debugging Details:
  49. ------------------
  50.  
  51.  
  52. KEY_VALUES_STRING: 1
  53.  
  54. Key : Analysis.CPU.mSec
  55. Value: 3437
  56.  
  57. Key : Analysis.DebugAnalysisManager
  58. Value: Create
  59.  
  60. Key : Analysis.Elapsed.mSec
  61. Value: 10146
  62.  
  63. Key : Analysis.Init.CPU.mSec
  64. Value: 234
  65.  
  66. Key : Analysis.Init.Elapsed.mSec
  67. Value: 2415
  68.  
  69. Key : Analysis.Memory.CommitPeak.Mb
  70. Value: 94
  71.  
  72. Key : Bugcheck.Code.DumpHeader
  73. Value: 0x139
  74.  
  75. Key : Bugcheck.Code.Register
  76. Value: 0x139
  77.  
  78. Key : FailFast.Name
  79. Value: INVALID_BALANCED_TREE
  80.  
  81. Key : FailFast.Type
  82. Value: 29
  83.  
  84. Key : WER.OS.Branch
  85. Value: vb_release
  86.  
  87. Key : WER.OS.Timestamp
  88. Value: 2019-12-06T14:06:00Z
  89.  
  90. Key : WER.OS.Version
  91. Value: 10.0.19041.1
  92.  
  93.  
  94. FILE_IN_CAB: 083122-8640-01.dmp
  95.  
  96. BUGCHECK_CODE: 139
  97.  
  98. BUGCHECK_P1: 1d
  99.  
  100. BUGCHECK_P2: ffff8e864bece640
  101.  
  102. BUGCHECK_P3: ffff8e864bece598
  103.  
  104. BUGCHECK_P4: 0
  105.  
  106. TRAP_FRAME: ffff8e864bece640 -- (.trap 0xffff8e864bece640)
  107. NOTE: The trap frame does not contain all registers.
  108. Some register values may be zeroed or incorrect.
  109. rax=0000000000000000 rbx=0000000000000000 rcx=000000000000001d
  110. rdx=ffffbc0de5006b28 rsi=0000000000000000 rdi=0000000000000000
  111. rip=fffff80265a45a25 rsp=ffff8e864bece7d8 rbp=0000000000000000
  112. r8=ffffbc0de2521b28 r9=0000000000000000 r10=0000000000000000
  113. r11=ffffbc0de2521b28 r12=0000000000000000 r13=0000000000000000
  114. r14=0000000000000000 r15=0000000000000000
  115. iopl=0 nv up ei pl nz ac po cy
  116. nt!RtlRbRemoveNode+0x19e815:
  117. fffff802`65a45a25 cd29 int 29h
  118. Resetting default scope
  119.  
  120. EXCEPTION_RECORD: ffff8e864bece598 -- (.exr 0xffff8e864bece598)
  121. ExceptionAddress: fffff80265a45a25 (nt!RtlRbRemoveNode+0x000000000019e815)
  122. ExceptionCode: c0000409 (Security check failure or stack buffer overrun)
  123. ExceptionFlags: 00000001
  124. NumberParameters: 1
  125. Parameter[0]: 000000000000001d
  126. Subcode: 0x1d FAST_FAIL_INVALID_BALANCED_TREE
  127.  
  128. BLACKBOXBSD: 1 (!blackboxbsd)
  129.  
  130.  
  131. BLACKBOXNTFS: 1 (!blackboxntfs)
  132.  
  133.  
  134. BLACKBOXPNP: 1 (!blackboxpnp)
  135.  
  136.  
  137. BLACKBOXWINLOGON: 1
  138.  
  139. CUSTOMER_CRASH_COUNT: 1
  140.  
  141. PROCESS_NAME: svchost.exe
  142.  
  143. ERROR_CODE: (NTSTATUS) 0xc0000409 - The system detected an overrun of a stack-based buffer in this application. This overrun could potentially allow a malicious user to gain control of this application.
  144.  
  145. EXCEPTION_CODE_STR: c0000409
  146.  
  147. EXCEPTION_PARAMETER1: 000000000000001d
  148.  
  149. EXCEPTION_STR: 0xc0000409
  150.  
  151. STACK_TEXT:
  152. ffff8e86`4bece318 fffff802`65a0a869 : 00000000`00000139 00000000`0000001d ffff8e86`4bece640 ffff8e86`4bece598 : nt!KeBugCheckEx
  153. ffff8e86`4bece320 fffff802`65a0ac90 : ffffbc0d`00000001 fffff802`658625d3 ffffd18f`43bb63e0 fffff802`61a42dd9 : nt!KiBugCheckDispatch+0x69
  154. ffff8e86`4bece460 fffff802`65a09023 : ffffa401`480c6040 ffffa401`480c60c8 ffffa401`480c6148 ffffa401`480c61c0 : nt!KiFastFailDispatch+0xd0
  155. ffff8e86`4bece640 fffff802`65a45a25 : ffffbc0d`cfc00280 ffffbc0d`e5006b28 fffff802`658a5b75 ffff8e86`4bece868 : nt!KiRaiseSecurityCheckFailure+0x323
  156. ffff8e86`4bece7d8 fffff802`658a5b75 : ffff8e86`4bece868 00000000`00000049 ffffbc0d`e5006b20 00000000`0000004c : nt!RtlRbRemoveNode+0x19e815
  157. ffff8e86`4bece7f0 fffff802`658a595a : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!RtlpHpVsChunkSplit+0x45
  158. ffff8e86`4bece8b0 fffff802`658a8ed8 : 00000000`00000000 00000000`00000480 ffff8e86`4bece9f1 00000000`00000480 : nt!RtlpHpVsContextAllocateInternal+0x1fa
  159. ffff8e86`4bece910 fffff802`65fb21c4 : 00000000`00000000 ffffbc0d`d0e668b8 ffffbc0d`4946744e ffffbc0d`d0e668b8 : nt!ExAllocateHeapPool+0x888
  160. ffff8e86`4becea50 fffff802`67d9ac86 : ffffbc0d`e2da7890 ffffbc0d`d0e667c0 ffffbc0d`e2da79c0 00000000`00000000 : nt!ExAllocatePoolWithTag+0x64
  161. ffff8e86`4beceaa0 fffff802`67d9de33 : ffffd18f`3f051588 00000000`00000011 00000000`00000011 ffffa401`6ea7f128 : Ntfs!FindFirstIndexEntry+0x346
  162. ffff8e86`4beceb50 fffff802`67db0acb : ffffd18f`3f051588 ffffbc0d`d0e667c0 ffffbc0d`d9f034a0 ffff8e86`4becefc0 : Ntfs!NtfsFindIndexEntry+0x63
  163. ffff8e86`4becebd0 fffff802`67dabe9b : ffffd18f`42fcea20 ffff8e86`4becefc0 ffffd18f`42fcea20 00000000`00000000 : Ntfs!NtfsCommonCreate+0xa4b
  164. ffff8e86`4beceeb0 fffff802`658abac5 : ffffd18f`30bc9030 ffffd18f`42fcea20 ffff8e86`4becf200 ffffd18f`43bb63e0 : Ntfs!NtfsFsdCreate+0x1db
  165. ffff8e86`4becf130 fffff802`61a470cf : ffffd18f`43bb6400 ffff8e86`4becf220 ffff8e86`4becf229 fffff802`61a45f3a : nt!IofCallDriver+0x55
  166. ffff8e86`4becf170 fffff802`61a79f54 : ffff8e86`4becf220 ffffd18f`43bb6438 ffffd18f`29096430 00000000`00000000 : FLTMGR!FltpLegacyProcessingAfterPreCallbacksCompleted+0x28f
  167. ffff8e86`4becf1e0 fffff802`658abac5 : ffffd18f`43bb6300 ffffd18f`30ab6930 00000000`00000000 00000000`00000000 : FLTMGR!FltpCreate+0x324
  168. ffff8e86`4becf290 fffff802`658629a4 : 00000000`00000000 ffffd18f`42fcea20 ffffd18f`30b24df0 ffffd18f`29096430 : nt!IofCallDriver+0x55
  169. ffff8e86`4becf2d0 fffff802`65bf1dfd : ffff8e86`4becf590 ffffd18f`30ab6930 ffffd18f`43bb6478 ffff8e86`00000001 : nt!IoCallDriverWithTracing+0x34
  170. ffff8e86`4becf320 fffff802`65c20cbe : ffffd18f`30ab6930 00000000`00000000 ffffd18f`349f8010 ffffd18f`349f8001 : nt!IopParseDevice+0x117d
  171. ffff8e86`4becf490 fffff802`65c01d3a : ffffd18f`349f8000 ffff8e86`4becf6f8 ffffd18f`00000840 ffffd18f`291ab560 : nt!ObpLookupObjectName+0x3fe
  172. ffff8e86`4becf660 fffff802`65c89a55 : ffffd18f`00000000 00000079`33aff468 00000079`33aff6a0 00000079`33aff438 : nt!ObOpenObjectByNameEx+0x1fa
  173. ffff8e86`4becf790 fffff802`65a0a2b5 : ffffd18f`415f7000 ffffd18f`00000000 ffffd18f`415f7080 00000000`00000000 : nt!NtQueryAttributesFile+0x1c5
  174. ffff8e86`4becfa40 00007ff9`4b2ed6e4 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x25
  175. 00000079`33aff3d8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x00007ff9`4b2ed6e4
  176.  
  177.  
  178. SYMBOL_NAME: nt!KiFastFailDispatch+d0
  179.  
  180. MODULE_NAME: nt
  181.  
  182. IMAGE_NAME: ntkrnlmp.exe
  183.  
  184. IMAGE_VERSION: 10.0.19041.1889
  185.  
  186. STACK_COMMAND: .cxr; .ecxr ; kb
  187.  
  188. BUCKET_ID_FUNC_OFFSET: d0
  189.  
  190. FAILURE_BUCKET_ID: 0x139_1d_INVALID_BALANCED_TREE_nt!KiFastFailDispatch
  191.  
  192. OS_VERSION: 10.0.19041.1
  193.  
  194. BUILDLAB_STR: vb_release
  195.  
  196. OSPLATFORM_TYPE: x64
  197.  
  198. OSNAME: Windows 10
  199.  
  200. FAILURE_ID_HASH: {67ec97ad-ad0b-071e-ab87-6dc661e22d1b}
  201.  
  202. Followup: MachineOwner
  203. ---------
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!