Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Microsoft (R) Windows Debugger Version 10.0.25136.1001 AMD64
- Copyright (c) Microsoft Corporation. All rights reserved.
- Loading Dump File [C:\Users\Peyton\Desktop\dmps\083122-8640-01.dmp]
- Mini Kernel Dump File: Only registers and stack trace are available
- ************* Path validation summary **************
- Response Time (ms) Location
- Deferred srv*
- Symbol search path is: srv*
- Executable search path is:
- Windows 10 Kernel Version 19041 MP (20 procs) Free x64
- Product: WinNt, suite: TerminalServer SingleUserTS
- Edition build lab: 19041.1.amd64fre.vb_release.191206-1406
- Machine Name:
- Kernel base = 0xfffff802`65600000 PsLoadedModuleList = 0xfffff802`6622a250
- Debug session time: Wed Aug 31 16:19:10.854 2022 (UTC - 4:00)
- System Uptime: 0 days 0:43:22.456
- Loading Kernel Symbols
- ...............................................................
- ................................................................
- ................................................................
- ...............................
- Loading User Symbols
- Loading unloaded module list
- .................
- For analysis of this file, run !analyze -v
- nt!KeBugCheckEx:
- fffff802`659f88c0 48894c2408 mov qword ptr [rsp+8],rcx ss:0018:ffff8e86`4bece320=0000000000000139
- 0: kd> !analyze -v
- *******************************************************************************
- * *
- * Bugcheck Analysis *
- * *
- *******************************************************************************
- KERNEL_SECURITY_CHECK_FAILURE (139)
- A kernel component has corrupted a critical data structure. The corruption
- could potentially allow a malicious user to gain control of this machine.
- Arguments:
- Arg1: 000000000000001d, An RTL_BALANCED_NODE RBTree entry has been corrupted.
- Arg2: ffff8e864bece640, Address of the trap frame for the exception that caused the BugCheck
- Arg3: ffff8e864bece598, Address of the exception record for the exception that caused the BugCheck
- Arg4: 0000000000000000, Reserved
- Debugging Details:
- ------------------
- KEY_VALUES_STRING: 1
- Key : Analysis.CPU.mSec
- Value: 3437
- Key : Analysis.DebugAnalysisManager
- Value: Create
- Key : Analysis.Elapsed.mSec
- Value: 10146
- Key : Analysis.Init.CPU.mSec
- Value: 234
- Key : Analysis.Init.Elapsed.mSec
- Value: 2415
- Key : Analysis.Memory.CommitPeak.Mb
- Value: 94
- Key : Bugcheck.Code.DumpHeader
- Value: 0x139
- Key : Bugcheck.Code.Register
- Value: 0x139
- Key : FailFast.Name
- Value: INVALID_BALANCED_TREE
- Key : FailFast.Type
- Value: 29
- Key : WER.OS.Branch
- Value: vb_release
- Key : WER.OS.Timestamp
- Value: 2019-12-06T14:06:00Z
- Key : WER.OS.Version
- Value: 10.0.19041.1
- FILE_IN_CAB: 083122-8640-01.dmp
- BUGCHECK_CODE: 139
- BUGCHECK_P1: 1d
- BUGCHECK_P2: ffff8e864bece640
- BUGCHECK_P3: ffff8e864bece598
- BUGCHECK_P4: 0
- TRAP_FRAME: ffff8e864bece640 -- (.trap 0xffff8e864bece640)
- NOTE: The trap frame does not contain all registers.
- Some register values may be zeroed or incorrect.
- rax=0000000000000000 rbx=0000000000000000 rcx=000000000000001d
- rdx=ffffbc0de5006b28 rsi=0000000000000000 rdi=0000000000000000
- rip=fffff80265a45a25 rsp=ffff8e864bece7d8 rbp=0000000000000000
- r8=ffffbc0de2521b28 r9=0000000000000000 r10=0000000000000000
- r11=ffffbc0de2521b28 r12=0000000000000000 r13=0000000000000000
- r14=0000000000000000 r15=0000000000000000
- iopl=0 nv up ei pl nz ac po cy
- nt!RtlRbRemoveNode+0x19e815:
- fffff802`65a45a25 cd29 int 29h
- Resetting default scope
- EXCEPTION_RECORD: ffff8e864bece598 -- (.exr 0xffff8e864bece598)
- ExceptionAddress: fffff80265a45a25 (nt!RtlRbRemoveNode+0x000000000019e815)
- ExceptionCode: c0000409 (Security check failure or stack buffer overrun)
- ExceptionFlags: 00000001
- NumberParameters: 1
- Parameter[0]: 000000000000001d
- Subcode: 0x1d FAST_FAIL_INVALID_BALANCED_TREE
- BLACKBOXBSD: 1 (!blackboxbsd)
- BLACKBOXNTFS: 1 (!blackboxntfs)
- BLACKBOXPNP: 1 (!blackboxpnp)
- BLACKBOXWINLOGON: 1
- CUSTOMER_CRASH_COUNT: 1
- PROCESS_NAME: svchost.exe
- ERROR_CODE: (NTSTATUS) 0xc0000409 - The system detected an overrun of a stack-based buffer in this application. This overrun could potentially allow a malicious user to gain control of this application.
- EXCEPTION_CODE_STR: c0000409
- EXCEPTION_PARAMETER1: 000000000000001d
- EXCEPTION_STR: 0xc0000409
- STACK_TEXT:
- ffff8e86`4bece318 fffff802`65a0a869 : 00000000`00000139 00000000`0000001d ffff8e86`4bece640 ffff8e86`4bece598 : nt!KeBugCheckEx
- ffff8e86`4bece320 fffff802`65a0ac90 : ffffbc0d`00000001 fffff802`658625d3 ffffd18f`43bb63e0 fffff802`61a42dd9 : nt!KiBugCheckDispatch+0x69
- ffff8e86`4bece460 fffff802`65a09023 : ffffa401`480c6040 ffffa401`480c60c8 ffffa401`480c6148 ffffa401`480c61c0 : nt!KiFastFailDispatch+0xd0
- ffff8e86`4bece640 fffff802`65a45a25 : ffffbc0d`cfc00280 ffffbc0d`e5006b28 fffff802`658a5b75 ffff8e86`4bece868 : nt!KiRaiseSecurityCheckFailure+0x323
- ffff8e86`4bece7d8 fffff802`658a5b75 : ffff8e86`4bece868 00000000`00000049 ffffbc0d`e5006b20 00000000`0000004c : nt!RtlRbRemoveNode+0x19e815
- ffff8e86`4bece7f0 fffff802`658a595a : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!RtlpHpVsChunkSplit+0x45
- ffff8e86`4bece8b0 fffff802`658a8ed8 : 00000000`00000000 00000000`00000480 ffff8e86`4bece9f1 00000000`00000480 : nt!RtlpHpVsContextAllocateInternal+0x1fa
- ffff8e86`4bece910 fffff802`65fb21c4 : 00000000`00000000 ffffbc0d`d0e668b8 ffffbc0d`4946744e ffffbc0d`d0e668b8 : nt!ExAllocateHeapPool+0x888
- ffff8e86`4becea50 fffff802`67d9ac86 : ffffbc0d`e2da7890 ffffbc0d`d0e667c0 ffffbc0d`e2da79c0 00000000`00000000 : nt!ExAllocatePoolWithTag+0x64
- ffff8e86`4beceaa0 fffff802`67d9de33 : ffffd18f`3f051588 00000000`00000011 00000000`00000011 ffffa401`6ea7f128 : Ntfs!FindFirstIndexEntry+0x346
- ffff8e86`4beceb50 fffff802`67db0acb : ffffd18f`3f051588 ffffbc0d`d0e667c0 ffffbc0d`d9f034a0 ffff8e86`4becefc0 : Ntfs!NtfsFindIndexEntry+0x63
- ffff8e86`4becebd0 fffff802`67dabe9b : ffffd18f`42fcea20 ffff8e86`4becefc0 ffffd18f`42fcea20 00000000`00000000 : Ntfs!NtfsCommonCreate+0xa4b
- ffff8e86`4beceeb0 fffff802`658abac5 : ffffd18f`30bc9030 ffffd18f`42fcea20 ffff8e86`4becf200 ffffd18f`43bb63e0 : Ntfs!NtfsFsdCreate+0x1db
- ffff8e86`4becf130 fffff802`61a470cf : ffffd18f`43bb6400 ffff8e86`4becf220 ffff8e86`4becf229 fffff802`61a45f3a : nt!IofCallDriver+0x55
- ffff8e86`4becf170 fffff802`61a79f54 : ffff8e86`4becf220 ffffd18f`43bb6438 ffffd18f`29096430 00000000`00000000 : FLTMGR!FltpLegacyProcessingAfterPreCallbacksCompleted+0x28f
- ffff8e86`4becf1e0 fffff802`658abac5 : ffffd18f`43bb6300 ffffd18f`30ab6930 00000000`00000000 00000000`00000000 : FLTMGR!FltpCreate+0x324
- ffff8e86`4becf290 fffff802`658629a4 : 00000000`00000000 ffffd18f`42fcea20 ffffd18f`30b24df0 ffffd18f`29096430 : nt!IofCallDriver+0x55
- ffff8e86`4becf2d0 fffff802`65bf1dfd : ffff8e86`4becf590 ffffd18f`30ab6930 ffffd18f`43bb6478 ffff8e86`00000001 : nt!IoCallDriverWithTracing+0x34
- ffff8e86`4becf320 fffff802`65c20cbe : ffffd18f`30ab6930 00000000`00000000 ffffd18f`349f8010 ffffd18f`349f8001 : nt!IopParseDevice+0x117d
- ffff8e86`4becf490 fffff802`65c01d3a : ffffd18f`349f8000 ffff8e86`4becf6f8 ffffd18f`00000840 ffffd18f`291ab560 : nt!ObpLookupObjectName+0x3fe
- ffff8e86`4becf660 fffff802`65c89a55 : ffffd18f`00000000 00000079`33aff468 00000079`33aff6a0 00000079`33aff438 : nt!ObOpenObjectByNameEx+0x1fa
- ffff8e86`4becf790 fffff802`65a0a2b5 : ffffd18f`415f7000 ffffd18f`00000000 ffffd18f`415f7080 00000000`00000000 : nt!NtQueryAttributesFile+0x1c5
- ffff8e86`4becfa40 00007ff9`4b2ed6e4 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x25
- 00000079`33aff3d8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x00007ff9`4b2ed6e4
- SYMBOL_NAME: nt!KiFastFailDispatch+d0
- MODULE_NAME: nt
- IMAGE_NAME: ntkrnlmp.exe
- IMAGE_VERSION: 10.0.19041.1889
- STACK_COMMAND: .cxr; .ecxr ; kb
- BUCKET_ID_FUNC_OFFSET: d0
- FAILURE_BUCKET_ID: 0x139_1d_INVALID_BALANCED_TREE_nt!KiFastFailDispatch
- OS_VERSION: 10.0.19041.1
- BUILDLAB_STR: vb_release
- OSPLATFORM_TYPE: x64
- OSNAME: Windows 10
- FAILURE_ID_HASH: {67ec97ad-ad0b-071e-ab87-6dc661e22d1b}
- Followup: MachineOwner
- ---------
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement