0: kd> !analyze -v************************************************************

1. 0: kd> !analyze -v
2. *******************************************************************************
3. * *
4. * Bugcheck Analysis *
5. * *
6. *******************************************************************************
7.  
8. KERNEL_SECURITY_CHECK_FAILURE (139)
9. A kernel component has corrupted a critical data structure. The corruption
10. could potentially allow a malicious user to gain control of this machine.
11. Arguments:
12. Arg1: 0000000000000003, A LIST_ENTRY has been corrupted (i.e. double remove).
13. Arg2: ffffe3847095f280, Address of the trap frame for the exception that caused the BugCheck
14. Arg3: ffffe3847095f1d8, Address of the exception record for the exception that caused the BugCheck
15. Arg4: 0000000000000000, Reserved
16.  
17. Debugging Details:
18. ------------------
19.  
20.  
21. KEY_VALUES_STRING: 1
22.  
23. Key : Analysis.CPU.mSec
24. Value: 3296
25.  
26. Key : Analysis.Elapsed.mSec
27. Value: 14439
28.  
29. Key : Analysis.IO.Other.Mb
30. Value: 1
31.  
32. Key : Analysis.IO.Read.Mb
33. Value: 0
34.  
35. Key : Analysis.IO.Write.Mb
36. Value: 2
37.  
38. Key : Analysis.Init.CPU.mSec
39. Value: 546
40.  
41. Key : Analysis.Init.Elapsed.mSec
42. Value: 5403
43.  
44. Key : Analysis.Memory.CommitPeak.Mb
45. Value: 93
46.  
47. Key : Bugcheck.Code.LegacyAPI
48. Value: 0x139
49.  
50. Key : FailFast.Name
51. Value: CORRUPT_LIST_ENTRY
52.  
53. Key : FailFast.Type
54. Value: 3
55.  
56. Key : Failure.Bucket
57. Value: 0x139_3_CORRUPT_LIST_ENTRY_BEDaisy!unknown_function
58.  
59. Key : Failure.Hash
60. Value: {59d8eb10-b2e4-7df6-f6a5-49968226dbb8}
61.  
62. Key : WER.OS.Branch
63. Value: vb_release
64.  
65. Key : WER.OS.Version
66. Value: 10.0.19041.1
67.  
68.  
69. BUGCHECK_CODE: 139
70.  
71. BUGCHECK_P1: 3
72.  
73. BUGCHECK_P2: ffffe3847095f280
74.  
75. BUGCHECK_P3: ffffe3847095f1d8
76.  
77. BUGCHECK_P4: 0
78.  
79. FILE_IN_CAB: 061023-27984-01.dmp
80.  
81. TRAP_FRAME: ffffe3847095f280 -- (.trap 0xffffe3847095f280)
82. NOTE: The trap frame does not contain all registers.
83. Some register values may be zeroed or incorrect.
84. rax=fffff805a96fbc08 rbx=0000000000000000 rcx=0000000000000003
85. rdx=0000000000000000 rsi=0000000000000000 rdi=0000000000000000
86. rip=fffff8058261994d rsp=ffffe3847095f410 rbp=ffff8b030c824080
87. r8=0000000000000001 r9=0000000000000002 r10=0000000000000001
88. r11=fffff8057ff81180 r12=0000000000000000 r13=0000000000000000
89. r14=0000000000000000 r15=0000000000000000
90. iopl=0 nv up ei pl nz na pe cy
91. nt!KiExitDispatcher+0x1ad:
92. fffff805`8261994d cd29 int 29h
93. Resetting default scope
94.  
95. EXCEPTION_RECORD: ffffe3847095f1d8 -- (.exr 0xffffe3847095f1d8)
96. ExceptionAddress: fffff8058261994d (nt!KiExitDispatcher+0x00000000000001ad)
97. ExceptionCode: c0000409 (Security check failure or stack buffer overrun)
98. ExceptionFlags: 00000001
99. NumberParameters: 1
100. Parameter[0]: 0000000000000003
101. Subcode: 0x3 FAST_FAIL_CORRUPT_LIST_ENTRY
102.  
103. BLACKBOXBSD: 1 (!blackboxbsd)
104.  
105.  
106. BLACKBOXNTFS: 1 (!blackboxntfs)
107.  
108.  
109. BLACKBOXPNP: 1 (!blackboxpnp)
110.  
111.  
112. BLACKBOXWINLOGON: 1
113.  
114. CUSTOMER_CRASH_COUNT: 1
115.  
116. PROCESS_NAME: System
117.  
118. ERROR_CODE: (NTSTATUS) 0xc0000409 - The system detected an overrun of a stack-based buffer in this application. This overrun could potentially allow a malicious user to gain control of this application.
119.  
120. EXCEPTION_CODE_STR: c0000409
121.  
122. EXCEPTION_PARAMETER1: 0000000000000003
123.  
124. EXCEPTION_STR: 0xc0000409
125.  
126. STACK_TEXT:
127. ffffe384`7095ef58 fffff805`8280fd29 : 00000000`00000139 00000000`00000003 ffffe384`7095f280 ffffe384`7095f1d8 : nt!KeBugCheckEx
128. ffffe384`7095ef60 fffff805`82810290 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiBugCheckDispatch+0x69
129. ffffe384`7095f0a0 fffff805`8280e25d : 00000000`0000000f 00000000`00000000 00000000`00000000 55555555`55555555 : nt!KiFastFailDispatch+0xd0
130. ffffe384`7095f280 fffff805`8261994d : 00000000`00000000 ffffe384`7095f4c1 ffff8b03`180f7000 fffff805`00000000 : nt!KiRaiseSecurityCheckFailure+0x31d
131. ffffe384`7095f410 fffff805`826ebd01 : fffff805`7ff81180 00000000`00000000 fffff805`7ff81101 fffff805`82db7074 : nt!KiExitDispatcher+0x1ad
132. ffffe384`7095f480 fffff808`c8b387b1 : 00000000`00000100 ffff8b03`1b3e0068 ffffd104`3f562a70 00000000`00000002 : nt!KeInsertQueueApc+0x151
133. ffffe384`7095f520 00000000`00000100 : ffff8b03`1b3e0068 ffffd104`3f562a70 00000000`00000002 00000000`00000000 : BEDaisy+0x3287b1
134. ffffe384`7095f528 ffff8b03`1b3e0068 : ffffd104`3f562a70 00000000`00000002 00000000`00000000 00000000`00000000 : 0x100
135. ffffe384`7095f530 ffffd104`3f562a70 : 00000000`00000002 00000000`00000000 00000000`00000000 00000000`00000000 : 0xffff8b03`1b3e0068
136. ffffe384`7095f538 00000000`00000002 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0xffffd104`3f562a70
137. ffffe384`7095f540 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00003601 : 0x2
138.  
139.  
140. SYMBOL_NAME: BEDaisy+3287b1
141.  
142. MODULE_NAME: BEDaisy
143.  
144. IMAGE_NAME: BEDaisy.sys
145.  
146. STACK_COMMAND: .cxr; .ecxr ; kb
147.  
148. BUCKET_ID_FUNC_OFFSET: 3287b1
149.  
150. FAILURE_BUCKET_ID: 0x139_3_CORRUPT_LIST_ENTRY_BEDaisy!unknown_function
151.  
152. OS_VERSION: 10.0.19041.1
153.  
154. BUILDLAB_STR: vb_release
155.  
156. OSPLATFORM_TYPE: x64
157.  
158. OSNAME: Windows 10
159.  
160. FAILURE_ID_HASH: {59d8eb10-b2e4-7df6-f6a5-49968226dbb8}
161.  
162. Followup: MachineOwner
163. ---------
164.  
165.