API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Aug 31st, 2022
67
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 6.19 KB | None | 0 0
raw download clone embed print report
  1. Microsoft (R) Windows Debugger Version 10.0.25136.1001 AMD64
  2. Copyright (c) Microsoft Corporation. All rights reserved.
  3.  
  4.  
  5. Loading Dump File [C:\Users\Peyton\Desktop\dmps\083122-8296-01.dmp]
  6. Mini Kernel Dump File: Only registers and stack trace are available
  7.  
  8.  
  9. ************* Path validation summary **************
  10. Response Time (ms) Location
  11. Deferred srv*
  12. Symbol search path is: srv*
  13. Executable search path is:
  14. Windows 10 Kernel Version 19041 MP (20 procs) Free x64
  15. Product: WinNt, suite: TerminalServer SingleUserTS
  16. Edition build lab: 19041.1.amd64fre.vb_release.191206-1406
  17. Machine Name:
  18. Kernel base = 0xfffff807`0d800000 PsLoadedModuleList = 0xfffff807`0e42a250
  19. Debug session time: Wed Aug 31 16:23:39.529 2022 (UTC - 4:00)
  20. System Uptime: 0 days 0:02:34.130
  21. Loading Kernel Symbols
  22. ...............................................................
  23. ................................................................
  24. ................................................................
  25. ...............................
  26. Loading User Symbols
  27. Loading unloaded module list
  28. ..............
  29. For analysis of this file, run !analyze -v
  30. nt!KeBugCheckEx:
  31. fffff807`0dbf88c0 48894c2408 mov qword ptr [rsp+8],rcx ss:0018:ffffba85`ac8af370=0000000000000139
  32. 9: kd> !analyze -v
  33. *******************************************************************************
  34. * *
  35. * Bugcheck Analysis *
  36. * *
  37. *******************************************************************************
  38.  
  39. KERNEL_SECURITY_CHECK_FAILURE (139)
  40. A kernel component has corrupted a critical data structure. The corruption
  41. could potentially allow a malicious user to gain control of this machine.
  42. Arguments:
  43. Arg1: 0000000000000003, A LIST_ENTRY has been corrupted (i.e. double remove).
  44. Arg2: ffffba85ac8af690, Address of the trap frame for the exception that caused the BugCheck
  45. Arg3: ffffba85ac8af5e8, Address of the exception record for the exception that caused the BugCheck
  46. Arg4: 0000000000000000, Reserved
  47.  
  48. Debugging Details:
  49. ------------------
  50.  
  51. *** WARNING: Unable to verify checksum for win32k.sys
  52.  
  53. KEY_VALUES_STRING: 1
  54.  
  55. Key : Analysis.CPU.mSec
  56. Value: 1999
  57.  
  58. Key : Analysis.DebugAnalysisManager
  59. Value: Create
  60.  
  61. Key : Analysis.Elapsed.mSec
  62. Value: 3063
  63.  
  64. Key : Analysis.Init.CPU.mSec
  65. Value: 218
  66.  
  67. Key : Analysis.Init.Elapsed.mSec
  68. Value: 2112
  69.  
  70. Key : Analysis.Memory.CommitPeak.Mb
  71. Value: 97
  72.  
  73. Key : Bugcheck.Code.DumpHeader
  74. Value: 0x139
  75.  
  76. Key : Bugcheck.Code.Register
  77. Value: 0x139
  78.  
  79. Key : FailFast.Name
  80. Value: CORRUPT_LIST_ENTRY
  81.  
  82. Key : FailFast.Type
  83. Value: 3
  84.  
  85. Key : WER.OS.Branch
  86. Value: vb_release
  87.  
  88. Key : WER.OS.Timestamp
  89. Value: 2019-12-06T14:06:00Z
  90.  
  91. Key : WER.OS.Version
  92. Value: 10.0.19041.1
  93.  
  94.  
  95. FILE_IN_CAB: 083122-8296-01.dmp
  96.  
  97. BUGCHECK_CODE: 139
  98.  
  99. BUGCHECK_P1: 3
  100.  
  101. BUGCHECK_P2: ffffba85ac8af690
  102.  
  103. BUGCHECK_P3: ffffba85ac8af5e8
  104.  
  105. BUGCHECK_P4: 0
  106.  
  107. TRAP_FRAME: ffffba85ac8af690 -- (.trap 0xffffba85ac8af690)
  108. NOTE: The trap frame does not contain all registers.
  109. Some register values may be zeroed or incorrect.
  110. rax=ffffbd0e7ed5b068 rbx=0000000000000000 rcx=0000000000000003
  111. rdx=0000000000000000 rsi=0000000000000000 rdi=0000000000000000
  112. rip=fffff8070da9dae8 rsp=ffffba85ac8af820 rbp=ffffbd0e7ed5b160
  113. r8=0000000000000000 r9=0000000000000000 r10=0000000000000000
  114. r11=0000000000000000 r12=0000000000000000 r13=0000000000000000
  115. r14=0000000000000000 r15=0000000000000000
  116. iopl=0 nv up ei ng nz na pe cy
  117. nt!KiProcessExpiredTimerList+0x248:
  118. fffff807`0da9dae8 cd29 int 29h
  119. Resetting default scope
  120.  
  121. EXCEPTION_RECORD: ffffba85ac8af5e8 -- (.exr 0xffffba85ac8af5e8)
  122. ExceptionAddress: fffff8070da9dae8 (nt!KiProcessExpiredTimerList+0x0000000000000248)
  123. ExceptionCode: c0000409 (Security check failure or stack buffer overrun)
  124. ExceptionFlags: 00000001
  125. NumberParameters: 1
  126. Parameter[0]: 0000000000000003
  127. Subcode: 0x3 FAST_FAIL_CORRUPT_LIST_ENTRY
  128.  
  129. BLACKBOXBSD: 1 (!blackboxbsd)
  130.  
  131.  
  132. BLACKBOXNTFS: 1 (!blackboxntfs)
  133.  
  134.  
  135. BLACKBOXPNP: 1 (!blackboxpnp)
  136.  
  137.  
  138. BLACKBOXWINLOGON: 1
  139.  
  140. CUSTOMER_CRASH_COUNT: 1
  141.  
  142. PROCESS_NAME: System
  143.  
  144. ERROR_CODE: (NTSTATUS) 0xc0000409 - The system detected an overrun of a stack-based buffer in this application. This overrun could potentially allow a malicious user to gain control of this application.
  145.  
  146. EXCEPTION_CODE_STR: c0000409
  147.  
  148. EXCEPTION_PARAMETER1: 0000000000000003
  149.  
  150. EXCEPTION_STR: 0xc0000409
  151.  
  152. STACK_TEXT:
  153. ffffba85`ac8af368 fffff807`0dc0a869 : 00000000`00000139 00000000`00000003 ffffba85`ac8af690 ffffba85`ac8af5e8 : nt!KeBugCheckEx
  154. ffffba85`ac8af370 fffff807`0dc0ac90 : 7f7f7f7f`7f087f0d 7f7f7f0f`7f7f7f12 00000000`08100a0b fffff807`0dd1a21e : nt!KiBugCheckDispatch+0x69
  155. ffffba85`ac8af4b0 fffff807`0dc09023 : ffffba85`ac8af828 00000000`00000006 00000000`00000000 00000000`00000000 : nt!KiFastFailDispatch+0xd0
  156. ffffba85`ac8af690 fffff807`0da9dae8 : ffffbd0e`7f2391c0 00000000`00000000 ffffbd0e`7dcb8230 ffffbd0e`7e7571f0 : nt!KiRaiseSecurityCheckFailure+0x323
  157. ffffba85`ac8af820 fffff807`0da6766d : 00000000`00000000 00000000`00000000 00000000`00140001 00000000`0000170f : nt!KiProcessExpiredTimerList+0x248
  158. ffffba85`ac8af910 fffff807`0dbfc45e : ffffffff`00000000 ffff8c80`76328180 ffff8c80`76333540 ffffbd0e`7bf96080 : nt!KiRetireDpcList+0x5dd
  159. ffffba85`ac8afba0 00000000`00000000 : ffffba85`ac8b0000 ffffba85`ac8a9000 00000000`00000000 00000000`00000000 : nt!KiIdleLoop+0x9e
  160.  
  161.  
  162. SYMBOL_NAME: nt!KiProcessExpiredTimerList+248
  163.  
  164. MODULE_NAME: nt
  165.  
  166. IMAGE_NAME: ntkrnlmp.exe
  167.  
  168. IMAGE_VERSION: 10.0.19041.1889
  169.  
  170. STACK_COMMAND: .cxr; .ecxr ; kb
  171.  
  172. BUCKET_ID_FUNC_OFFSET: 248
  173.  
  174. FAILURE_BUCKET_ID: 0x139_3_CORRUPT_LIST_ENTRY_KTIMER_LIST_CORRUPTION_nt!KiProcessExpiredTimerList
  175.  
  176. OS_VERSION: 10.0.19041.1
  177.  
  178. BUILDLAB_STR: vb_release
  179.  
  180. OSPLATFORM_TYPE: x64
  181.  
  182. OSNAME: Windows 10
  183.  
  184. FAILURE_ID_HASH: {9db7945b-255d-24a1-9f2c-82344e883ab8}
  185.  
  186. Followup: MachineOwner
  187. ---------
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!