API tools faq
paste
jlco

again

jlco
Mar 10th, 2019
265
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 8.04 KB | None | 0 0
raw download clone embed print report
  1.  
  2. Microsoft (R) Windows Debugger Version 10.0.17763.132 AMD64
  3. Copyright (c) Microsoft Corporation. All rights reserved.
  4.  
  5.  
  6. Loading Dump File [C:\Users\joeyl\Documents\sadface\031019-6828-01.dmp]
  7. Mini Kernel Dump File: Only registers and stack trace are available
  8.  
  9. Symbol search path is: srv*
  10. Executable search path is:
  11. Windows 10 Kernel Version 17134 MP (12 procs) Free x64
  12. Product: WinNt, suite: TerminalServer SingleUserTS Personal
  13. Machine Name:
  14. Kernel base = 0xfffff801`1721f000 PsLoadedModuleList = 0xfffff801`175cd150
  15. Debug session time: Sun Mar 10 22:15:09.175 2019 (UTC - 4:00)
  16. System Uptime: 0 days 0:38:20.742
  17. Loading Kernel Symbols
  18. ...............................................................
  19. ................................................................
  20. ........................................................
  21. Loading User Symbols
  22. Loading unloaded module list
  23. .........
  24. *******************************************************************************
  25. * *
  26. * Bugcheck Analysis *
  27. * *
  28. *******************************************************************************
  29.  
  30. Use !analyze -v to get detailed debugging information.
  31.  
  32. BugCheck 139, {3, ffffd9851bf25530, ffffd9851bf25488, 0}
  33.  
  34. Probably caused by : ntkrnlmp.exe ( nt!KiSwapThread+501 )
  35.  
  36. Followup: MachineOwner
  37. ---------
  38.  
  39. 10: kd> !analyze -v
  40. *******************************************************************************
  41. * *
  42. * Bugcheck Analysis *
  43. * *
  44. *******************************************************************************
  45.  
  46. KERNEL_SECURITY_CHECK_FAILURE (139)
  47. A kernel component has corrupted a critical data structure. The corruption
  48. could potentially allow a malicious user to gain control of this machine.
  49. Arguments:
  50. Arg1: 0000000000000003, A LIST_ENTRY has been corrupted (i.e. double remove).
  51. Arg2: ffffd9851bf25530, Address of the trap frame for the exception that caused the bugcheck
  52. Arg3: ffffd9851bf25488, Address of the exception record for the exception that caused the bugcheck
  53. Arg4: 0000000000000000, Reserved
  54.  
  55. Debugging Details:
  56. ------------------
  57.  
  58.  
  59. KEY_VALUES_STRING: 1
  60.  
  61.  
  62. STACKHASH_ANALYSIS: 1
  63.  
  64. TIMELINE_ANALYSIS: 1
  65.  
  66.  
  67. DUMP_CLASS: 1
  68.  
  69. DUMP_QUALIFIER: 400
  70.  
  71. BUILD_VERSION_STRING: 10.0.17134.590 (WinBuild.160101.0800)
  72.  
  73. DUMP_FILE_ATTRIBUTES: 0x8
  74. Kernel Generated Triage Dump
  75.  
  76. DUMP_TYPE: 2
  77.  
  78. BUGCHECK_P1: 3
  79.  
  80. BUGCHECK_P2: ffffd9851bf25530
  81.  
  82. BUGCHECK_P3: ffffd9851bf25488
  83.  
  84. BUGCHECK_P4: 0
  85.  
  86. TRAP_FRAME: ffffd9851bf25530 -- (.trap 0xffffd9851bf25530)
  87. NOTE: The trap frame does not contain all registers.
  88. Some register values may be zeroed or incorrect.
  89. rax=ffffb48aa34eea60 rbx=0000000000000000 rcx=0000000000000003
  90. rdx=ffffb48aa773d670 rsi=0000000000000000 rdi=0000000000000000
  91. rip=fffff80117405417 rsp=ffffd9851bf256c0 rbp=ffffd9851bf25808
  92. r8=0000000000000002 r9=0000000000000000 r10=ffff80012ddb9180
  93. r11=ffffb48aa3ae95e0 r12=0000000000000000 r13=0000000000000000
  94. r14=0000000000000000 r15=0000000000000000
  95. iopl=0 nv up ei pl nz na po nc
  96. nt!IopCompleteRequest+0x14be87:
  97. fffff801`17405417 cd29 int 29h
  98. Resetting default scope
  99.  
  100. EXCEPTION_RECORD: ffffd9851bf25488 -- (.exr 0xffffd9851bf25488)
  101. ExceptionAddress: fffff80117405417 (nt!IopCompleteRequest+0x000000000014be87)
  102. ExceptionCode: c0000409 (Security check failure or stack buffer overrun)
  103. ExceptionFlags: 00000001
  104. NumberParameters: 1
  105. Parameter[0]: 0000000000000003
  106. Subcode: 0x3 FAST_FAIL_CORRUPT_LIST_ENTRY
  107.  
  108. CPU_COUNT: c
  109.  
  110. CPU_MHZ: d42
  111.  
  112. CPU_VENDOR: AuthenticAMD
  113.  
  114. CPU_FAMILY: 17
  115.  
  116. CPU_MODEL: 8
  117.  
  118. CPU_STEPPING: 2
  119.  
  120. CUSTOMER_CRASH_COUNT: 1
  121.  
  122. BUGCHECK_STR: 0x139
  123.  
  124. PROCESS_NAME: nvcontainer.ex
  125.  
  126. CURRENT_IRQL: 2
  127.  
  128. DEFAULT_BUCKET_ID: FAIL_FAST_CORRUPT_LIST_ENTRY
  129.  
  130. ERROR_CODE: (NTSTATUS) 0xc0000409 - The system detected an overrun of a stack-based buffer in this application. This overrun could potentially allow a malicious user to gain control of this application.
  131.  
  132. EXCEPTION_CODE: (NTSTATUS) 0xc0000409 - The system detected an overrun of a stack-based buffer in this application. This overrun could potentially allow a malicious user to gain control of this application.
  133.  
  134. EXCEPTION_CODE_STR: c0000409
  135.  
  136. EXCEPTION_PARAMETER1: 0000000000000003
  137.  
  138. ANALYSIS_SESSION_HOST: PC-JOEY
  139.  
  140. ANALYSIS_SESSION_TIME: 03-10-2019 22:39:50.0870
  141.  
  142. ANALYSIS_VERSION: 10.0.17763.132 amd64fre
  143.  
  144. IRP_ADDRESS: ffff80012ddb9108
  145.  
  146. LAST_CONTROL_TRANSFER: from fffff801173d9c69 to fffff801173c90c0
  147.  
  148. STACK_TEXT:
  149. ffffd985`1bf25208 fffff801`173d9c69 : 00000000`00000139 00000000`00000003 ffffd985`1bf25530 ffffd985`1bf25488 : nt!KeBugCheckEx
  150. ffffd985`1bf25210 fffff801`173da010 : 00000000`00000001 00001f80`00730080 00000000`89610038 ffffb48a`a695caa0 : nt!KiBugCheckDispatch+0x69
  151. ffffd985`1bf25350 fffff801`173d861f : ffffb48a`a7058ca0 ffffd985`1bf25b80 ffffffff`ffffff82 fffff801`1724f1b1 : nt!KiFastFailDispatch+0xd0
  152. ffffd985`1bf25530 fffff801`17405417 : ffffb48a`a34eea40 ffffb48a`a7058ca0 ffffb48a`a34eea40 ffffb48a`20206f49 : nt!KiRaiseSecurityCheckFailure+0x2df
  153. ffffd985`1bf256c0 fffff801`172b9161 : ffff8001`2ddb9180 00000000`00000000 00000000`00000000 00000000`00000000 : nt!IopCompleteRequest+0x14be87
  154. ffffd985`1bf257b0 fffff801`172b6601 : 00000000`00000100 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiDeliverApc+0x171
  155. ffffd985`1bf25840 fffff801`172b5bbb : 000000ba`a17ff401 00000000`00000000 00000000`00000000 ffffd985`1bf25968 : nt!KiSwapThread+0x501
  156. ffffd985`1bf25910 fffff801`172b52df : 00000000`7457624f 00000000`00000000 00000000`00000000 ffffb48a`a773d1c0 : nt!KiCommitThreadWait+0x13b
  157. ffffd985`1bf259b0 fffff801`1771bd3c : ffffb48a`a5a2dc20 00000000`00000006 00000000`00000001 ffffd985`1bf25b01 : nt!KeWaitForSingleObject+0x1ff
  158. ffffd985`1bf25a90 fffff801`173d9743 : ffffb48a`a773d080 00000000`00000000 00000000`00000000 ffffb48a`a5a2dc20 : nt!NtWaitForSingleObject+0xfc
  159. ffffd985`1bf25b00 00007ff9`fa0daa24 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
  160. 000000ba`a17ff2c8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x00007ff9`fa0daa24
  161.  
  162.  
  163. THREAD_SHA1_HASH_MOD_FUNC: 6722c55b9b5bd221c77264f9b98cdb63fac30652
  164.  
  165. THREAD_SHA1_HASH_MOD_FUNC_OFFSET: b0e8983e61cc4e710118674f3c868d55208da690
  166.  
  167. THREAD_SHA1_HASH_MOD: b28610981796779b4ac02f58898fde25728a775c
  168.  
  169. FOLLOWUP_IP:
  170. nt!KiSwapThread+501
  171. fffff801`172b6601 e9e7fdffff jmp nt!KiSwapThread+0x2ed (fffff801`172b63ed)
  172.  
  173. FAULT_INSTR_CODE: fffde7e9
  174.  
  175. SYMBOL_STACK_INDEX: 6
  176.  
  177. SYMBOL_NAME: nt!KiSwapThread+501
  178.  
  179. FOLLOWUP_NAME: MachineOwner
  180.  
  181. MODULE_NAME: nt
  182.  
  183. IMAGE_NAME: ntkrnlmp.exe
  184.  
  185. DEBUG_FLR_IMAGE_TIMESTAMP: 5c5a45ab
  186.  
  187. IMAGE_VERSION: 10.0.17134.590
  188.  
  189. STACK_COMMAND: .thread ; .cxr ; kb
  190.  
  191. BUCKET_ID_FUNC_OFFSET: 501
  192.  
  193. FAILURE_BUCKET_ID: 0x139_3_CORRUPT_LIST_ENTRY_KTIMER_LIST_CORRUPTION_nt!KiSwapThread
  194.  
  195. BUCKET_ID: 0x139_3_CORRUPT_LIST_ENTRY_KTIMER_LIST_CORRUPTION_nt!KiSwapThread
  196.  
  197. PRIMARY_PROBLEM_CLASS: 0x139_3_CORRUPT_LIST_ENTRY_KTIMER_LIST_CORRUPTION_nt!KiSwapThread
  198.  
  199. TARGET_TIME: 2019-03-11T02:15:09.000Z
  200.  
  201. OSBUILD: 17134
  202.  
  203. OSSERVICEPACK: 590
  204.  
  205. SERVICEPACK_NUMBER: 0
  206.  
  207. OS_REVISION: 0
  208.  
  209. SUITE_MASK: 784
  210.  
  211. PRODUCT_TYPE: 1
  212.  
  213. OSPLATFORM_TYPE: x64
  214.  
  215. OSNAME: Windows 10
  216.  
  217. OSEDITION: Windows 10 WinNt TerminalServer SingleUserTS Personal
  218.  
  219. OS_LOCALE:
  220.  
  221. USER_LCID: 0
  222.  
  223. OSBUILD_TIMESTAMP: 2019-02-05 21:25:47
  224.  
  225. BUILDDATESTAMP_STR: 160101.0800
  226.  
  227. BUILDLAB_STR: WinBuild
  228.  
  229. BUILDOSVER_STR: 10.0.17134.590
  230.  
  231. ANALYSIS_SESSION_ELAPSED_TIME: 546
  232.  
  233. ANALYSIS_SOURCE: KM
  234.  
  235. FAILURE_ID_HASH_STRING: km:0x139_3_corrupt_list_entry_ktimer_list_corruption_nt!kiswapthread
  236.  
  237. FAILURE_ID_HASH: {364d2a10-fb5b-e8e9-9b5b-39c85a1b5a41}
  238.  
  239. Followup: MachineOwner
  240. ---------
Advertisement
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!