Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Microsoft (R) Windows Debugger Version 10.0.25136.1001 AMD64
- Copyright (c) Microsoft Corporation. All rights reserved.
- Loading Dump File [C:\Users\Peyton\Desktop\dmps\083122-8296-01.dmp]
- Mini Kernel Dump File: Only registers and stack trace are available
- ************* Path validation summary **************
- Response Time (ms) Location
- Deferred srv*
- Symbol search path is: srv*
- Executable search path is:
- Windows 10 Kernel Version 19041 MP (20 procs) Free x64
- Product: WinNt, suite: TerminalServer SingleUserTS
- Edition build lab: 19041.1.amd64fre.vb_release.191206-1406
- Machine Name:
- Kernel base = 0xfffff807`0d800000 PsLoadedModuleList = 0xfffff807`0e42a250
- Debug session time: Wed Aug 31 16:23:39.529 2022 (UTC - 4:00)
- System Uptime: 0 days 0:02:34.130
- Loading Kernel Symbols
- ...............................................................
- ................................................................
- ................................................................
- ...............................
- Loading User Symbols
- Loading unloaded module list
- ..............
- For analysis of this file, run !analyze -v
- nt!KeBugCheckEx:
- fffff807`0dbf88c0 48894c2408 mov qword ptr [rsp+8],rcx ss:0018:ffffba85`ac8af370=0000000000000139
- 9: kd> !analyze -v
- *******************************************************************************
- * *
- * Bugcheck Analysis *
- * *
- *******************************************************************************
- KERNEL_SECURITY_CHECK_FAILURE (139)
- A kernel component has corrupted a critical data structure. The corruption
- could potentially allow a malicious user to gain control of this machine.
- Arguments:
- Arg1: 0000000000000003, A LIST_ENTRY has been corrupted (i.e. double remove).
- Arg2: ffffba85ac8af690, Address of the trap frame for the exception that caused the BugCheck
- Arg3: ffffba85ac8af5e8, Address of the exception record for the exception that caused the BugCheck
- Arg4: 0000000000000000, Reserved
- Debugging Details:
- ------------------
- *** WARNING: Unable to verify checksum for win32k.sys
- KEY_VALUES_STRING: 1
- Key : Analysis.CPU.mSec
- Value: 1999
- Key : Analysis.DebugAnalysisManager
- Value: Create
- Key : Analysis.Elapsed.mSec
- Value: 3063
- Key : Analysis.Init.CPU.mSec
- Value: 218
- Key : Analysis.Init.Elapsed.mSec
- Value: 2112
- Key : Analysis.Memory.CommitPeak.Mb
- Value: 97
- Key : Bugcheck.Code.DumpHeader
- Value: 0x139
- Key : Bugcheck.Code.Register
- Value: 0x139
- Key : FailFast.Name
- Value: CORRUPT_LIST_ENTRY
- Key : FailFast.Type
- Value: 3
- Key : WER.OS.Branch
- Value: vb_release
- Key : WER.OS.Timestamp
- Value: 2019-12-06T14:06:00Z
- Key : WER.OS.Version
- Value: 10.0.19041.1
- FILE_IN_CAB: 083122-8296-01.dmp
- BUGCHECK_CODE: 139
- BUGCHECK_P1: 3
- BUGCHECK_P2: ffffba85ac8af690
- BUGCHECK_P3: ffffba85ac8af5e8
- BUGCHECK_P4: 0
- TRAP_FRAME: ffffba85ac8af690 -- (.trap 0xffffba85ac8af690)
- NOTE: The trap frame does not contain all registers.
- Some register values may be zeroed or incorrect.
- rax=ffffbd0e7ed5b068 rbx=0000000000000000 rcx=0000000000000003
- rdx=0000000000000000 rsi=0000000000000000 rdi=0000000000000000
- rip=fffff8070da9dae8 rsp=ffffba85ac8af820 rbp=ffffbd0e7ed5b160
- r8=0000000000000000 r9=0000000000000000 r10=0000000000000000
- r11=0000000000000000 r12=0000000000000000 r13=0000000000000000
- r14=0000000000000000 r15=0000000000000000
- iopl=0 nv up ei ng nz na pe cy
- nt!KiProcessExpiredTimerList+0x248:
- fffff807`0da9dae8 cd29 int 29h
- Resetting default scope
- EXCEPTION_RECORD: ffffba85ac8af5e8 -- (.exr 0xffffba85ac8af5e8)
- ExceptionAddress: fffff8070da9dae8 (nt!KiProcessExpiredTimerList+0x0000000000000248)
- ExceptionCode: c0000409 (Security check failure or stack buffer overrun)
- ExceptionFlags: 00000001
- NumberParameters: 1
- Parameter[0]: 0000000000000003
- Subcode: 0x3 FAST_FAIL_CORRUPT_LIST_ENTRY
- BLACKBOXBSD: 1 (!blackboxbsd)
- BLACKBOXNTFS: 1 (!blackboxntfs)
- BLACKBOXPNP: 1 (!blackboxpnp)
- BLACKBOXWINLOGON: 1
- CUSTOMER_CRASH_COUNT: 1
- PROCESS_NAME: System
- ERROR_CODE: (NTSTATUS) 0xc0000409 - The system detected an overrun of a stack-based buffer in this application. This overrun could potentially allow a malicious user to gain control of this application.
- EXCEPTION_CODE_STR: c0000409
- EXCEPTION_PARAMETER1: 0000000000000003
- EXCEPTION_STR: 0xc0000409
- STACK_TEXT:
- ffffba85`ac8af368 fffff807`0dc0a869 : 00000000`00000139 00000000`00000003 ffffba85`ac8af690 ffffba85`ac8af5e8 : nt!KeBugCheckEx
- ffffba85`ac8af370 fffff807`0dc0ac90 : 7f7f7f7f`7f087f0d 7f7f7f0f`7f7f7f12 00000000`08100a0b fffff807`0dd1a21e : nt!KiBugCheckDispatch+0x69
- ffffba85`ac8af4b0 fffff807`0dc09023 : ffffba85`ac8af828 00000000`00000006 00000000`00000000 00000000`00000000 : nt!KiFastFailDispatch+0xd0
- ffffba85`ac8af690 fffff807`0da9dae8 : ffffbd0e`7f2391c0 00000000`00000000 ffffbd0e`7dcb8230 ffffbd0e`7e7571f0 : nt!KiRaiseSecurityCheckFailure+0x323
- ffffba85`ac8af820 fffff807`0da6766d : 00000000`00000000 00000000`00000000 00000000`00140001 00000000`0000170f : nt!KiProcessExpiredTimerList+0x248
- ffffba85`ac8af910 fffff807`0dbfc45e : ffffffff`00000000 ffff8c80`76328180 ffff8c80`76333540 ffffbd0e`7bf96080 : nt!KiRetireDpcList+0x5dd
- ffffba85`ac8afba0 00000000`00000000 : ffffba85`ac8b0000 ffffba85`ac8a9000 00000000`00000000 00000000`00000000 : nt!KiIdleLoop+0x9e
- SYMBOL_NAME: nt!KiProcessExpiredTimerList+248
- MODULE_NAME: nt
- IMAGE_NAME: ntkrnlmp.exe
- IMAGE_VERSION: 10.0.19041.1889
- STACK_COMMAND: .cxr; .ecxr ; kb
- BUCKET_ID_FUNC_OFFSET: 248
- FAILURE_BUCKET_ID: 0x139_3_CORRUPT_LIST_ENTRY_KTIMER_LIST_CORRUPTION_nt!KiProcessExpiredTimerList
- OS_VERSION: 10.0.19041.1
- BUILDLAB_STR: vb_release
- OSPLATFORM_TYPE: x64
- OSNAME: Windows 10
- FAILURE_ID_HASH: {9db7945b-255d-24a1-9f2c-82344e883ab8}
- Followup: MachineOwner
- ---------
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement