API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Aug 18th, 2021
72
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 6.03 KB | None | 0 0
raw download clone embed print report
  1. Microsoft (R) Windows Debugger Version 10.0.22415.1002 AMD64
  2. Copyright (c) Microsoft Corporation. All rights reserved.
  3.  
  4.  
  5. Loading Dump File [C:\Windows\MEMORY.DMP]
  6. Kernel Bitmap Dump File: Kernel address space is available, User address space may not be available.
  7.  
  8. Symbol search path is: srv*
  9. Executable search path is:
  10. Windows 10 Kernel Version 19041 MP (12 procs) Free x64
  11. Product: WinNt, suite: TerminalServer SingleUserTS
  12. Edition build lab: 19041.1.amd64fre.vb_release.191206-1406
  13. Machine Name:
  14. Kernel base = 0xfffff802`01c00000 PsLoadedModuleList = 0xfffff802`0282a190
  15. Debug session time: Wed Aug 18 00:13:22.133 2021 (UTC + 2:00)
  16. System Uptime: 0 days 3:45:51.318
  17. Loading Kernel Symbols
  18. ...............................................................
  19. ................................................................
  20. ...........................................................
  21. Loading User Symbols
  22.  
  23. Loading unloaded module list
  24. ......
  25. For analysis of this file, run !analyze -v
  26. nt!KeBugCheckEx:
  27. fffff802`01ff71d0 48894c2408 mov qword ptr [rsp+8],rcx ss:0018:ffffae04`a3341640=0000000000000139
  28. 5: kd> !analyze -v
  29. *******************************************************************************
  30. * *
  31. * Bugcheck Analysis *
  32. * *
  33. *******************************************************************************
  34.  
  35. KERNEL_SECURITY_CHECK_FAILURE (139)
  36. A kernel component has corrupted a critical data structure. The corruption
  37. could potentially allow a malicious user to gain control of this machine.
  38. Arguments:
  39. Arg1: 0000000000000003, A LIST_ENTRY has been corrupted (i.e. double remove).
  40. Arg2: ffffae04a3341960, Address of the trap frame for the exception that caused the BugCheck
  41. Arg3: ffffae04a33418b8, Address of the exception record for the exception that caused the BugCheck
  42. Arg4: 0000000000000000, Reserved
  43.  
  44. Debugging Details:
  45. ------------------
  46.  
  47.  
  48. KEY_VALUES_STRING: 1
  49.  
  50. Key : Analysis.CPU.mSec
  51. Value: 2218
  52.  
  53. Key : Analysis.DebugAnalysisManager
  54. Value: Create
  55.  
  56. Key : Analysis.Elapsed.mSec
  57. Value: 6532
  58.  
  59. Key : Analysis.Init.CPU.mSec
  60. Value: 436
  61.  
  62. Key : Analysis.Init.Elapsed.mSec
  63. Value: 120730
  64.  
  65. Key : Analysis.Memory.CommitPeak.Mb
  66. Value: 84
  67.  
  68. Key : FailFast.Name
  69. Value: CORRUPT_LIST_ENTRY
  70.  
  71. Key : FailFast.Type
  72. Value: 3
  73.  
  74. Key : Memory.System.Errors.BadPageCount
  75. Value: 114
  76.  
  77. Key : Memory.System.Errors.ScrubErrors
  78. Value: 114
  79.  
  80. Key : WER.OS.Branch
  81. Value: vb_release
  82.  
  83. Key : WER.OS.Timestamp
  84. Value: 2019-12-06T14:06:00Z
  85.  
  86. Key : WER.OS.Version
  87. Value: 10.0.19041.1
  88.  
  89.  
  90. BUGCHECK_CODE: 139
  91.  
  92. BUGCHECK_P1: 3
  93.  
  94. BUGCHECK_P2: ffffae04a3341960
  95.  
  96. BUGCHECK_P3: ffffae04a33418b8
  97.  
  98. BUGCHECK_P4: 0
  99.  
  100. TRAP_FRAME: ffffae04a3341960 -- (.trap 0xffffae04a3341960)
  101. NOTE: The trap frame does not contain all registers.
  102. Some register values may be zeroed or incorrect.
  103. rax=ffffb78ffd093a28 rbx=0000000000000000 rcx=0000000000000003
  104. rdx=0000000000000000 rsi=0000000000000000 rdi=0000000000000000
  105. rip=fffff802020483fa rsp=ffffae04a3341af0 rbp=0000000000000000
  106. r8=ffffb78ffd093a20 r9=0000000000000000 r10=0000000000000000
  107. r11=0000000000000000 r12=0000000000000000 r13=0000000000000000
  108. r14=0000000000000000 r15=0000000000000000
  109. iopl=0 nv up ei ng nz ac pe cy
  110. nt!KeRemovePriQueue+0x18fcaa:
  111. fffff802`020483fa cd29 int 29h
  112. Resetting default scope
  113.  
  114. EXCEPTION_RECORD: ffffae04a33418b8 -- (.exr 0xffffae04a33418b8)
  115. ExceptionAddress: fffff802020483fa (nt!KeRemovePriQueue+0x000000000018fcaa)
  116. ExceptionCode: c0000409 (Security check failure or stack buffer overrun)
  117. ExceptionFlags: 00000001
  118. NumberParameters: 1
  119. Parameter[0]: 0000000000000003
  120. Subcode: 0x3 FAST_FAIL_CORRUPT_LIST_ENTRY
  121.  
  122. BLACKBOXBSD: 1 (!blackboxbsd)
  123.  
  124.  
  125. BLACKBOXNTFS: 1 (!blackboxntfs)
  126.  
  127.  
  128. BLACKBOXWINLOGON: 1
  129.  
  130. PROCESS_NAME: System
  131.  
  132. BAD_PAGES_DETECTED: 72
  133.  
  134. ERROR_CODE: (NTSTATUS) 0xc0000409 - Il sistema ha rilevato un sovraccarico di un buffer basato su stack in questa applicazione. Il sovraccarico potrebbe consentire a un utente non autorizzato di assumere il controllo dell'applicazione.
  135.  
  136. EXCEPTION_CODE_STR: c0000409
  137.  
  138. EXCEPTION_PARAMETER1: 0000000000000003
  139.  
  140. EXCEPTION_STR: 0xc0000409
  141.  
  142. STACK_TEXT:
  143. ffffae04`a3341638 fffff802`02009169 : 00000000`00000139 00000000`00000003 ffffae04`a3341960 ffffae04`a33418b8 : nt!KeBugCheckEx
  144. ffffae04`a3341640 fffff802`02009590 : ffffb781`05ab8e58 ffffae04`00000002 ffffb781`05ab8e58 fffff802`deadbeef : nt!KiBugCheckDispatch+0x69
  145. ffffae04`a3341780 fffff802`02007923 : 00000000`00000000 00000000`00000000 00000000`00000103 00000000`00000000 : nt!KiFastFailDispatch+0xd0
  146. ffffae04`a3341960 fffff802`020483fa : ffffb781`0995a040 fffff802`00000000 00000000`0000000f 00000000`00000000 : nt!KiRaiseSecurityCheckFailure+0x323
  147. ffffae04`a3341af0 fffff802`01eb84a0 : ffffb781`0995a040 fffff802`01ee5360 ffffb78f`fd093a20 ffffb78f`00000000 : nt!KeRemovePriQueue+0x18fcaa
  148. ffffae04`a3341b70 fffff802`01f55845 : ffffb781`0995a040 00000000`00000080 ffffb78f`fd092040 00000000`00000001 : nt!ExpWorkerThread+0xa0
  149. ffffae04`a3341c10 fffff802`01ffe828 : ffffdf80`b8e40180 ffffb781`0995a040 fffff802`01f557f0 00000000`00000000 : nt!PspSystemThreadStartup+0x55
  150. ffffae04`a3341c60 00000000`00000000 : ffffae04`a3342000 ffffae04`a333c000 00000000`00000000 00000000`00000000 : nt!KiStartSystemThread+0x28
  151.  
  152.  
  153. SYMBOL_NAME: PAGE_NOT_ZERO
  154.  
  155. MODULE_NAME: hardware
  156.  
  157. IMAGE_NAME: hardware_ram
  158.  
  159. STACK_COMMAND: .thread ; .cxr ; kb
  160.  
  161. FAILURE_BUCKET_ID: PAGE_NOT_ZERO_0x139
  162.  
  163. OS_VERSION: 10.0.19041.1
  164.  
  165. BUILDLAB_STR: vb_release
  166.  
  167. OSPLATFORM_TYPE: x64
  168.  
  169. OSNAME: Windows 10
  170.  
  171. FAILURE_ID_HASH: {2d547d65-0fa4-e377-ce77-fe92fd743dbf}
  172.  
  173. Followup: MachineOwner
  174. ---------
  175.  
  176. *** Memory manager detected 114 instance(s) of page corruption, target is likely to have memory corruption.
  177.  
  178.  
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!