Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- ************* Symbol Path validation summary **************
- Response Time (ms) Location
- Deferred SRV*C:\symbols*http://msdl.microsoft.com/download/symbols
- Deferred .sympath srv*c:\MyServerSymbols*http://msdl.microsoft.com/download/symbols
- Microsoft (R) Windows Debugger Version 10.0.10240.9 AMD64
- Copyright (c) Microsoft Corporation. All rights reserved.
- Loading Dump File [C:\Users\James\Desktop\091615-26828-01.dmp]
- Mini Kernel Dump File: Only registers and stack trace are available
- ************* Symbol Path validation summary **************
- Response Time (ms) Location
- Deferred SRV*C:\symbols*http://msdl.microsoft.com/download/symbols
- Deferred .sympath srv*c:\MyServerSymbols*http://msdl.microsoft.com/download/symbols
- Symbol search path is: SRV*C:\symbols*http://msdl.microsoft.com/download/symbols;.sympath srv*c:\MyServerSymbols*http://msdl.microsoft.com/download/symbols
- Executable search path is:
- No .natvis files found at C:\Program Files (x86)\Windows Kits\10\Debuggers\x64\Visualizers.
- Windows 10 Kernel Version 10240 MP (4 procs) Free x64
- Product: WinNt, suite: TerminalServer SingleUserTS
- Built by: 10240.16463.amd64fre.th1.150819-1946
- Machine Name:
- Kernel base = 0xfffff802`e301f000 PsLoadedModuleList = 0xfffff802`e3344030
- Debug session time: Wed Sep 16 15:00:18.917 2015 (UTC + 12:00)
- System Uptime: 2 days 7:30:43.713
- Loading Kernel Symbols
- .
- Press ctrl-c (cdb, kd, ntsd) or ctrl-break (windbg) to abort symbol loads that take too long.
- Run !sym noisy before .reload to track down problems loading symbols.
- ..............................................................
- ................................................................
- ..............................................................
- Loading User Symbols
- ERROR: FindPlugIns 8007007b
- ERROR: Some plugins may not be available [8007007b]
- *******************************************************************************
- * *
- * Bugcheck Analysis *
- * *
- *******************************************************************************
- Use !analyze -v to get detailed debugging information.
- BugCheck 139, {3, ffffd000269ccbe0, ffffd000269ccb38, 0}
- Probably caused by : ntkrnlmp.exe ( nt!KiFastFailDispatch+d0 )
- Followup: MachineOwner
- ---------
- 3: kd> !analyze -v
- ERROR: FindPlugIns 8007007b
- ERROR: Some plugins may not be available [8007007b]
- *******************************************************************************
- * *
- * Bugcheck Analysis *
- * *
- *******************************************************************************
- KERNEL_SECURITY_CHECK_FAILURE (139)
- A kernel component has corrupted a critical data structure. The corruption
- could potentially allow a malicious user to gain control of this machine.
- Arguments:
- Arg1: 0000000000000003, A LIST_ENTRY has been corrupted (i.e. double remove).
- Arg2: ffffd000269ccbe0, Address of the trap frame for the exception that caused the bugcheck
- Arg3: ffffd000269ccb38, Address of the exception record for the exception that caused the bugcheck
- Arg4: 0000000000000000, Reserved
- Debugging Details:
- ------------------
- SYSTEM_SKU: F0D08PA#ABG
- SYSTEM_VERSION: 0881100000305E00000620100
- BIOS_DATE: 11/13/2014
- BASEBOARD_PRODUCT: 216C
- BASEBOARD_VERSION: 30.25
- BUGCHECK_P1: 3
- BUGCHECK_P2: ffffd000269ccbe0
- BUGCHECK_P3: ffffd000269ccb38
- BUGCHECK_P4: 0
- TRAP_FRAME: ffffd000269ccbe0 -- (.trap 0xffffd000269ccbe0)
- NOTE: The trap frame does not contain all registers.
- Some register values may be zeroed or incorrect.
- rax=ffffe00135e00000 rbx=0000000000000000 rcx=0000000000000003
- rdx=ffffe00135edd758 rsi=0000000000000000 rdi=0000000000000000
- rip=fffff802e31ba138 rsp=ffffd000269ccd78 rbp=0000000000000002
- r8=ffffe00135edd758 r9=0000000000000000 r10=ffffe0011ca9a4b0
- r11=0000000000000002 r12=0000000000000000 r13=0000000000000000
- r14=0000000000000000 r15=0000000000000000
- iopl=0 nv up ei pl nz ac po cy
- nt! ?? ::FNODOBFM::`string'+0x3e338:
- fffff802`e31ba138 cd29 int 29h
- Resetting default scope
- EXCEPTION_RECORD: ffffd000269ccb38 -- (.exr 0xffffd000269ccb38)
- ExceptionAddress: fffff802e31ba138 (nt! ?? ::FNODOBFM::`string'+0x000000000003e338)
- ExceptionCode: c0000409 (Security check failure or stack buffer overrun)
- ExceptionFlags: 00000001
- NumberParameters: 1
- Parameter[0]: 0000000000000003
- Subcode: 0x3 FAST_FAIL_CORRUPT_LIST_ENTRY
- CPU_COUNT: 4
- CPU_MHZ: 830
- CPU_VENDOR: AuthenticAMD
- CPU_FAMILY: 15
- CPU_MODEL: 13
- CPU_STEPPING: 1
- CUSTOMER_CRASH_COUNT: 1
- DEFAULT_BUCKET_ID: LIST_ENTRY_CORRUPT
- BUGCHECK_STR: 0x139
- PROCESS_NAME: MsMpEng.exe
- CURRENT_IRQL: 2
- ERROR_CODE: (NTSTATUS) 0xc0000409 - The system detected an overrun of a stack-based buffer in this application. This overrun could potentially allow a malicious user to gain control of this application.
- EXCEPTION_CODE: (NTSTATUS) 0xc0000409 - The system detected an overrun of a stack-based buffer in this application. This overrun could potentially allow a malicious user to gain control of this application.
- EXCEPTION_PARAMETER1: 0000000000000003
- ANALYSIS_VERSION: 10.0.10240.9 amd64fre
- LAST_CONTROL_TRANSFER: from fffff802e3177ba9 to fffff802e316d240
- STACK_TEXT:
- ffffd000`269cc8b8 fffff802`e3177ba9 : 00000000`00000139 00000000`00000003 ffffd000`269ccbe0 ffffd000`269ccb38 : nt!KeBugCheckEx
- ffffd000`269cc8c0 fffff802`e3177ed0 : 00000000`00000038 ffffe001`23080000 00001f80`0010000f 0053002b`002b0010 : nt!KiBugCheckDispatch+0x69
- ffffd000`269cca00 fffff802`e31770f4 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiFastFailDispatch+0xd0
- ffffd000`269ccbe0 fffff802`e31ba138 : fffff802`e30cad64 ffffe001`00400602 00000000`00000000 ffffd000`269cce50 : nt!KiRaiseSecurityCheckFailure+0xf4
- ffffd000`269ccd78 fffff802`e30cad64 : ffffe001`00400602 00000000`00000000 ffffd000`269cce50 fffff802`e3872372 : nt! ?? ::FNODOBFM::`string'+0x3e338
- ffffd000`269ccd80 fffff802`e326b92c : ffffe001`35edd6c0 ffffe001`1ca9a760 00000000`0000001a 00000000`00000008 : nt!KeInsertQueueApc+0x74
- ffffd000`269ccde0 fffff802`e326bafa : 00000000`00304a02 ffffd000`269ccf18 00000000`01020007 00000000`00000028 : nt!EtwpQueueStackWalkApc+0xf8
- ffffd000`269cce50 fffff802`e31b9797 : 00000000`00000000 00000000`00000000 00000000`00000028 ffffd000`269ccf18 : nt!EtwpStackTraceDispatcher+0x116
- ffffd000`269cce80 fffff802`e3172250 : 00000000`00000002 0000005f`4444cbbc ffffe001`35edd6c0 ffffe001`35edd7c0 : nt! ?? ::FNODOBFM::`string'+0x3d997
- ffffd000`269ccf10 00000000`00000000 : ffffd000`269ccfe0 fffff802`e31703d3 ffffe001`35edd6c0 fffff802`e3172240 : nt!SwapContext+0x320
- STACK_COMMAND: kb
- FOLLOWUP_IP:
- nt!KiFastFailDispatch+d0
- fffff802`e3177ed0 c644242000 mov byte ptr [rsp+20h],0
- SYMBOL_STACK_INDEX: 2
- SYMBOL_NAME: nt!KiFastFailDispatch+d0
- FOLLOWUP_NAME: MachineOwner
- MODULE_NAME: nt
- IMAGE_NAME: ntkrnlmp.exe
- DEBUG_FLR_IMAGE_TIMESTAMP: 55d5626b
- IMAGE_VERSION: 10.0.10240.16463
- BUCKET_ID_FUNC_OFFSET: d0
- FAILURE_BUCKET_ID: 0x139_3_nt!KiFastFailDispatch
- BUCKET_ID: 0x139_3_nt!KiFastFailDispatch
- PRIMARY_PROBLEM_CLASS: 0x139_3_nt!KiFastFailDispatch
- ANALYSIS_SOURCE: KM
- FAILURE_ID_HASH_STRING: km:0x139_3_nt!kifastfaildispatch
- FAILURE_ID_HASH: {36173680-6f08-995f-065a-3d368c996911}
- Followup: MachineOwner
- ---------
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement