Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- *******************************************************************************
- * *
- * Bugcheck Analysis *
- * *
- *******************************************************************************
- KERNEL_SECURITY_CHECK_FAILURE (139)
- A kernel component has corrupted a critical data structure. The corruption
- could potentially allow a malicious user to gain control of this machine.
- Arguments:
- Arg1: 000000000000001d, Type of memory safety violation
- Arg2: ffffce8a79daa0d0, Address of the trap frame for the exception that caused the bugcheck
- Arg3: ffffce8a79daa028, Address of the exception record for the exception that caused the bugcheck
- Arg4: 0000000000000000, Reserved
- Debugging Details:
- ------------------
- KEY_VALUES_STRING: 1
- PROCESSES_ANALYSIS: 1
- STACKHASH_ANALYSIS: 1
- TIMELINE_ANALYSIS: 1
- DUMP_CLASS: 1
- DUMP_QUALIFIER: 400
- BUILD_VERSION_STRING: 17134.1.amd64fre.rs4_release.180410-1804
- DUMP_TYPE: 2
- BUGCHECK_P1: 1d
- BUGCHECK_P2: ffffce8a79daa0d0
- BUGCHECK_P3: ffffce8a79daa028
- BUGCHECK_P4: 0
- TRAP_FRAME: ffffce8a79daa0d0 -- (.trap 0xffffce8a79daa0d0)
- NOTE: The trap frame does not contain all registers.
- Some register values may be zeroed or incorrect.
- rax=ffffd1866a5f3c00 rbx=0000000000000000 rcx=000000000000001d
- rdx=ffffd18675b550c0 rsi=0000000000000000 rdi=0000000000000000
- rip=fffff80338a7cd84 rsp=ffffce8a79daa260 rbp=0000000000000001
- r8=0000000000000003 r9=0000000000000000 r10=0000000000000000
- r11=ffffe50000000000 r12=0000000000000000 r13=0000000000000000
- r14=0000000000000000 r15=0000000000000000
- iopl=0 nv up ei ng nz na pe cy
- nt!RtlAvlRemoveNode+0x170af4:
- fffff803`38a7cd84 cd29 int 29h
- Resetting default scope
- EXCEPTION_RECORD: ffffce8a79daa028 -- (.exr 0xffffce8a79daa028)
- ExceptionAddress: fffff80338a7cd84 (nt!RtlAvlRemoveNode+0x0000000000170af4)
- ExceptionCode: c0000409 (Security check failure or stack buffer overrun)
- ExceptionFlags: 00000001
- NumberParameters: 1
- Parameter[0]: 000000000000001d
- Subcode: 0x1d FAST_FAIL_INVALID_BALANCED_TREE
- CPU_COUNT: 10
- CPU_MHZ: e6d
- CPU_VENDOR: AuthenticAMD
- CPU_FAMILY: 17
- CPU_MODEL: 8
- CPU_STEPPING: 2
- CUSTOMER_CRASH_COUNT: 1
- BUGCHECK_STR: 0x139
- PROCESS_NAME: svchost.exe
- CURRENT_IRQL: 2
- DEFAULT_BUCKET_ID: FAIL_FAST_INVALID_BALANCED_TREE
- ERROR_CODE: (NTSTATUS) 0xc0000409 - The system detected an overrun of a stack-based buffer in this application. This overrun could potentially allow a malicious user to gain control of this application.
- EXCEPTION_CODE: (NTSTATUS) 0xc0000409 - The system detected an overrun of a stack-based buffer in this application. This overrun could potentially allow a malicious user to gain control of this application.
- EXCEPTION_CODE_STR: c0000409
- EXCEPTION_PARAMETER1: 000000000000001d
- ANALYSIS_SESSION_HOST: DESKTOP-D3Q8Q3F
- ANALYSIS_SESSION_TIME: 01-20-2019 17:44:00.0369
- ANALYSIS_VERSION: 10.0.18303.1000 amd64fre
- LAST_CONTROL_TRANSFER: from fffff80338a5dc69 to fffff80338a4d0a0
- STACK_TEXT:
- ffffce8a`79da9da8 fffff803`38a5dc69 : 00000000`00000139 00000000`0000001d ffffce8a`79daa0d0 ffffce8a`79daa028 : nt!KeBugCheckEx
- ffffce8a`79da9db0 fffff803`38a5e010 : 00000000`00000001 fffff803`3893af15 ffffbd80`58ddf180 00000000`ffffffff : nt!KiBugCheckDispatch+0x69
- ffffce8a`79da9ef0 fffff803`38a5c61f : ffffd186`6aa4f700 fffff803`38c77390 00000000`ffffffff fffff803`388d812f : nt!KiFastFailDispatch+0xd0
- ffffce8a`79daa0d0 fffff803`38a7cd84 : ffffce8a`79daa3b0 fffff803`3893763f ffffd186`00000040 ffffd186`6aa4f700 : nt!KiRaiseSecurityCheckFailure+0x2df
- ffffce8a`79daa260 fffff803`388da6e3 : ffffce8a`79daa598 ffffd186`786e2680 ffffe572`80000000 ffffd186`6aa4f700 : nt!RtlAvlRemoveNode+0x170af4
- ffffce8a`79daa2b0 fffff803`3899ce86 : 00000000`0127b77f ffffd186`71e216d0 00000000`00000000 fffff803`388fceeb : nt!MiDeleteVad+0x10c3
- ffffce8a`79daa5e0 fffff803`38d6af8b : 00000000`00000000 00000000`00000000 ffffd186`769730c0 00000000`00000001 : nt!MiFreeVadRange+0x92
- ffffce8a`79daa640 fffff803`38d6abdb : ffffd186`6f2c8250 ffffe58c`562d7900 ffffd186`00000002 ffffe58c`562d7900 : nt!MmFreeVirtualMemory+0x37b
- ffffce8a`79daa770 fffff803`38a5d743 : ffffd186`6aa4f700 00000012`00000000 00000000`00000000 00000000`00000000 : nt!NtFreeVirtualMemory+0x8b
- ffffce8a`79daa7d0 fffff803`38a50aa0 : fffff803`38d58b7f ffffd186`6aa4f700 00000000`00000001 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
- ffffce8a`79daa968 fffff803`38d58b7f : ffffd186`6aa4f700 00000000`00000001 00000000`00000000 ffffd186`6aa4f700 : nt!KiServiceLinkage
- ffffce8a`79daa970 fffff803`38de8966 : ffffce8a`00000000 00000012`7b77f900 00000012`7b4fc000 fffff803`38a5d743 : nt!PspExitThread+0x39f
- ffffce8a`79daaa70 fffff803`38de89c6 : 00000000`00000000 00000000`00000000 ffffd186`6aa4f700 fffff803`38d6fe87 : nt!PspTerminateThreadByPointer+0x96
- ffffce8a`79daaab0 fffff803`38a5d743 : 00000000`00000000 ffffd186`6aa4f700 ffffce8a`79daab80 00000000`c000007a : nt!NtTerminateThread+0x4a
- ffffce8a`79daab00 00007ffb`6151b404 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
- 00000012`7b77f9c8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x00007ffb`6151b404
- THREAD_SHA1_HASH_MOD_FUNC: 8b955dd2fda45afce02af097fe4b162f6cb783df
- THREAD_SHA1_HASH_MOD_FUNC_OFFSET: 5a2d0bafc8220e5d8a7019d8be1f33505a20167d
- THREAD_SHA1_HASH_MOD: 38bc5fec3f0409c265cf5c87da6f8f8859d0711c
- FOLLOWUP_IP:
- nt!KiFastFailDispatch+d0
- fffff803`38a5e010 c644242000 mov byte ptr [rsp+20h],0
- FAULT_INSTR_CODE: 202444c6
- SYMBOL_STACK_INDEX: 2
- SYMBOL_NAME: nt!KiFastFailDispatch+d0
- FOLLOWUP_NAME: MachineOwner
- MODULE_NAME: nt
- IMAGE_NAME: ntkrnlmp.exe
- DEBUG_FLR_IMAGE_TIMESTAMP: 5c2b0c3d
- IMAGE_VERSION: 10.0.17134.523
- STACK_COMMAND: .thread ; .cxr ; kb
- BUCKET_ID_FUNC_OFFSET: d0
- FAILURE_BUCKET_ID: 0x139_1d_INVALID_BALANCED_TREE_nt!KiFastFailDispatch
- BUCKET_ID: 0x139_1d_INVALID_BALANCED_TREE_nt!KiFastFailDispatch
- PRIMARY_PROBLEM_CLASS: 0x139_1d_INVALID_BALANCED_TREE_nt!KiFastFailDispatch
- TARGET_TIME: 2019-01-18T09:24:25.000Z
- OSBUILD: 17134
- OSSERVICEPACK: 523
- SERVICEPACK_NUMBER: 0
- OS_REVISION: 0
- SUITE_MASK: 272
- PRODUCT_TYPE: 1
- OSPLATFORM_TYPE: x64
- OSNAME: Windows 10
- OSEDITION: Windows 10 WinNt TerminalServer SingleUserTS
- OS_LOCALE:
- USER_LCID: 0
- OSBUILD_TIMESTAMP: 2018-12-31 22:44:13
- BUILDDATESTAMP_STR: 180410-1804
- BUILDLAB_STR: rs4_release
- BUILDOSVER_STR: 10.0.17134.1.amd64fre.rs4_release.180410-1804
- ANALYSIS_SESSION_ELAPSED_TIME: 1fc8
- ANALYSIS_SOURCE: KM
- FAILURE_ID_HASH_STRING: km:0x139_1d_invalid_balanced_tree_nt!kifastfaildispatch
- FAILURE_ID_HASH: {67ec97ad-ad0b-071e-ab87-6dc661e22d1b}
- Followup: MachineOwner
- ---------
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement