01-29-2016 08:20 AM - last edited on 03-06-2024 02:59 AM by ROGBot
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
KERNEL_SECURITY_CHECK_FAILURE (139)
A kernel component has corrupted a critical data structure. The corruption
could potentially allow a malicious user to gain control of this machine.
Arguments:
Arg1: 0000000000000003, A LIST_ENTRY has been corrupted (i.e. double remove).
Arg2: ffffd0002f269750, Address of the trap frame for the exception that caused the bugcheck
Arg3: ffffd0002f2696a8, Address of the exception record for the exception that caused the bugcheck
Arg4: 0000000000000000, Reserved
Debugging Details:
------------------
TRAP_FRAME: ffffd0002f269750 -- (.trap 0xffffd0002f269750)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=ffffe0019b5a3620 rbx=0000000000000000 rcx=0000000000000003
rdx=ffffe00199fb3050 rsi=0000000000000000 rdi=0000000000000000
rip=fffff802e4fe1d82 rsp=ffffd0002f2698e0 rbp=0000000000000001
r8=ffffe00192ffedb8 r9=0000000000000000 r10=7fffe00192ffedb8
r11=7ffffffffffffffc r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei pl nz ac pe cy
nt! ?? ::FNODOBFM::`string'+0x8c82:
fffff802`e4fe1d82 cd29 int 29h
Resetting default scope
EXCEPTION_RECORD: ffffd0002f2696a8 -- (.exr 0xffffd0002f2696a8)
ExceptionAddress: fffff802e4fe1d82 (nt! ?? ::FNODOBFM::`string'+0x0000000000008c82)
ExceptionCode: c0000409 (Security check failure or stack buffer overrun)
ExceptionFlags: 00000001
NumberParameters: 1
Parameter[0]: 0000000000000003
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: LIST_ENTRY_CORRUPT
BUGCHECK_STR: 0x139
PROCESS_NAME: System
CURRENT_IRQL: 2
ERROR_CODE: (NTSTATUS) 0xc0000409 - Syst m zjistil p
EXCEPTION_CODE: (NTSTATUS) 0xc0000409 - Syst m zjistil p
EXCEPTION_PARAMETER1: 0000000000000003
ANALYSIS_VERSION: 6.3.9600.17237 (debuggers(dbg).140716-0327) amd64fre
EXCEPTION_STR: 0x0
LAST_CONTROL_TRANSFER: from fffff802e4fd52e9 to fffff802e4fca770
STACK_TEXT:
ffffd000`2f269428 fffff802`e4fd52e9 : 00000000`00000139 00000000`00000003 ffffd000`2f269750 ffffd000`2f2696a8 : nt!KeBugCheckEx
ffffd000`2f269430 fffff802`e4fd5610 : 00000000`00000000 00000000`00000008 ffffe001`92ffec08 00000000`00000001 : nt!KiBugCheckDispatch+0x69
ffffd000`2f269570 fffff802`e4fd47f3 : 00000000`00000011 ffffc000`b480b320 ffffd000`2f269840 00000000`00000010 : nt!KiFastFailDispatch+0xd0
ffffd000`2f269750 fffff802`e4fe1d82 : ffffe001`a2e9bef8 fffff802`e4eba72f 00000000`00000000 fffff802`e4e9d197 : nt!KiRaiseSecurityCheckFailure+0xf3
ffffd000`2f2698e0 fffff802`e4e9c2c4 : ffffe001`00000000 ffffe001`a2e9be50 ffffe001`a2e9be50 00000000`ffffffff : nt! ?? ::FNODOBFM::`string'+0x8c82
ffffd000`2f269910 fffff802`e4e9c1e2 : 00000000`00000000 00000000`00000001 00000000`00000001 00000000`00000002 : nt!CcDeallocateBcb+0x1c
ffffd000`2f269940 fffff802`e4e9bdaa : ffffe001`00000001 00000000`01663000 00000000`000002fd 00000000`00000001 : nt!CcUnpinFileDataEx+0x3c2
ffffd000`2f2699a0 fffff802`e4f28180 : 00000000`01663000 ffffd000`2f269aa9 00000000`0019fcf1 00000000`01663000 : nt!CcReleaseByteRangeFromWrite+0xaa
ffffd000`2f2699f0 fffff802`e4f28686 : ffffe001`931fd890 00000000`00000000 00000000`00000001 ffffd000`2f269b98 : nt!CcFlushCachePriv+0x450
ffffd000`2f269b00 fffff802`e4ef2b79 : fffff802`e521b200 ffffe001`9858b800 0000000f`00000000 00000027`260193ca : nt!CcWriteBehindInternal+0x156
ffffd000`2f269b80 fffff802`e4e91125 : ffffc000`b437c4e8 00000000`00000080 ffffe001`8e47e680 ffffe001`9858b800 : nt!ExpWorkerThread+0xe9
ffffd000`2f269c10 fffff802`e4fcf916 : ffffd000`20580180 ffffe001`9858b800 fffff802`e4e910e4 fffff802`e4ed88ca : nt!PspSystemThreadStartup+0x41
ffffd000`2f269c60 00000000`00000000 : ffffd000`2f26a000 ffffd000`2f264000 00000000`00000000 00000000`00000000 : nt!KiStartSystemThread+0x16
STACK_COMMAND: kb
FOLLOWUP_IP:
nt!KiFastFailDispatch+d0
fffff802`e4fd5610 c644242000 mov byte ptr [rsp+20h],0
SYMBOL_STACK_INDEX: 2
SYMBOL_NAME: nt!KiFastFailDispatch+d0
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
IMAGE_NAME: ntkrnlmp.exe
DEBUG_FLR_IMAGE_TIMESTAMP: 568b1c58
IMAGE_VERSION: 10.0.10586.63
BUCKET_ID_FUNC_OFFSET: d0
FAILURE_BUCKET_ID: 0x139_3_nt!KiFastFailDispatch
BUCKET_ID: 0x139_3_nt!KiFastFailDispatch
ANALYSIS_SOURCE: KM
FAILURE_ID_HASH_STRING: km:0x139_3_nt!kifastfaildispatch
FAILURE_ID_HASH: {36173680-6f08-995f-065a-3d368c996911}
Followup: MachineOwner
---------
01-29-2016 09:09 AM