DSAPI.exe - (NTSTATUS) 0xc0000409 - The system detected an overrun of a stack-based buffer in this application. This overrun

  • Thread starter sometimesIloveazure
  • Start date
S

sometimesIloveazure

Good Morning Everyone,


I am looking for some help here.


I have posted the bug check analysis below.


DSAPI.exe is Dell support assist to my understanding and I have removed this from the computer.


The other things I have noticed are:


The C: is staying at 100% " Active time " but the disk transfer rate is very very low

The HDD starts spinning up and then stops this happens continuously until I put the computer into sleep mode. When I take the computer out of sleep

mode the hard disk drive does not make the noises but the PC is still quite slow.

Checked power options

The HDD has been replaced approximately 6 months ago

I ran a disk check last night on the C:\ and it found no errors but after the check finished the computer hanged and I had to hard restart

I have ran HDD testing software which does not show any errors ( Can[t remember the names of the software )

I have a 2TB drive and 250 GB free of space this is also the drive that windows is installed on
I have Norton installed and ran scans which does not pick up on any viruses

Created a new user profile

Disabled AV


Microsoft (R) Windows Debugger Version 10.0.20153.1000 AMD64

Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [C:\Users\Removed\OneDrive\Desktop\010421-65953-01.dmp]

Mini Kernel Dump File: Only registers and stack trace are available



Symbol search path is: srv*

Executable search path is:

Windows 10 Kernel Version 19041 MP (8 procs) Free x64

Product: WinNt, suite: TerminalServer SingleUserTS

Edition build lab: 19041.1.amd64fre.vb_release.191206-1406

Machine Name:

Kernel base = 0xfffff802`1e000000 PsLoadedModuleList = 0xfffff802`1ec2a2b0

Debug session time: Mon Jan 4 16:51:26.179 2021 (UTC + 8:00)

System Uptime: 1 days 4:08:54.870

Loading Kernel Symbols

...............................................................

................................................................

................................................................

.................................

Loading User Symbols

Loading unloaded module list

..............................................

For analysis of this file, run !analyze -v

nt!KeBugCheckEx:

fffff802`1e3f5780 48894c2408 mov qword ptr [rsp+8],rcx ss:0018:ffff840e`4200d4f0=0000000000000139

2: kd> !analyze -v

*******************************************************************************

* *

* Bugcheck Analysis *

* *

*******************************************************************************



KERNEL_SECURITY_CHECK_FAILURE (139)

A kernel component has corrupted a critical data structure. The corruption

could potentially allow a malicious user to gain control of this machine.

Arguments:

Arg1: 0000000000000003, A LIST_ENTRY has been corrupted (i.e. double remove).

Arg2: ffff840e4200d810, Address of the trap frame for the exception that caused the bugcheck

Arg3: ffff840e4200d768, Address of the exception record for the exception that caused the bugcheck

Arg4: 0000000000000000, Reserved



Debugging Details:

------------------





KEY_VALUES_STRING: 1



Key : Analysis.CPU.mSec

Value: 5843



Key : Analysis.DebugAnalysisProvider.CPP

Value: Create: 8007007e on DESKTOP-6P699JR



Key : Analysis.DebugData

Value: CreateObject



Key : Analysis.DebugModel

Value: CreateObject



Key : Analysis.Elapsed.mSec

Value: 34886



Key : Analysis.Memory.CommitPeak.Mb

Value: 86



Key : Analysis.System

Value: CreateObject



Key : WER.OS.Branch

Value: vb_release



Key : WER.OS.Timestamp

Value: 2019-12-06T14:06:00Z



Key : WER.OS.Version

Value: 10.0.19041.1





ADDITIONAL_XML: 1



OS_BUILD_LAYERS: 1



BUGCHECK_CODE: 139



BUGCHECK_P1: 3



BUGCHECK_P2: ffff840e4200d810



BUGCHECK_P3: ffff840e4200d768



BUGCHECK_P4: 0



TRAP_FRAME: ffff840e4200d810 -- (.trap 0xffff840e4200d810)

NOTE: The trap frame does not contain all registers.

Some register values may be zeroed or incorrect.

rax=ffff8880f3f27d80 rbx=0000000000000000 rcx=0000000000000003

rdx=ffffd20eacb68158 rsi=0000000000000000 rdi=0000000000000000

rip=fffff8021e2651f3 rsp=ffff840e4200d9a0 rbp=ffff8880f3f20180

r8=0000000000000000 r9=00000027e3ddbd4c r10=0000fffff8021e36

r11=ffff840e4200da38 r12=0000000000000000 r13=0000000000000000

r14=0000000000000000 r15=0000000000000000

iopl=0 nv up ei pl nz na po nc

nt!KiCommitThreadWait+0x5c3:

fffff802`1e2651f3 cd29 int 29h

Resetting default scope



EXCEPTION_RECORD: ffff840e4200d768 -- (.exr 0xffff840e4200d768)

ExceptionAddress: fffff8021e2651f3 (nt!KiCommitThreadWait+0x00000000000005c3)

ExceptionCode: c0000409 (Security check failure or stack buffer overrun)

ExceptionFlags: 00000001

NumberParameters: 1

Parameter[0]: 0000000000000003

Subcode: 0x3 FAST_FAIL_CORRUPT_LIST_ENTRY



BLACKBOXBSD: 1 (!blackboxbsd)





BLACKBOXNTFS: 1 (!blackboxntfs)





BLACKBOXPNP: 1 (!blackboxpnp)





BLACKBOXWINLOGON: 1



CUSTOMER_CRASH_COUNT: 1



PROCESS_NAME: DSAPI.exe



ERROR_CODE: (NTSTATUS) 0xc0000409 - The system detected an overrun of a stack-based buffer in this application. This overrun could potentially allow a malicious user to gain control of this application.



EXCEPTION_CODE_STR: c0000409



EXCEPTION_PARAMETER1: 0000000000000003



EXCEPTION_STR: 0xc0000409



STACK_TEXT:

ffff840e`4200d4e8 fffff802`1e407769 : 00000000`00000139 00000000`00000003 ffff840e`4200d810 ffff840e`4200d768 : nt!KeBugCheckEx

ffff840e`4200d4f0 fffff802`1e407b90 : ffff8880`00000000 00000000`00000000 ffff7879`83000000 00000000`00000001 : nt!KiBugCheckDispatch+0x69

ffff840e`4200d630 fffff802`1e405f23 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiFastFailDispatch+0xd0

ffff840e`4200d810 fffff802`1e2651f3 : ffff840e`4200da40 fffff802`1e278387 000000eb`f0f9b331 00000000`00989680 : nt!KiRaiseSecurityCheckFailure+0x323

ffff840e`4200d9a0 fffff802`1e2296d2 : 00000000`00000000 00000000`00000000 ffffd20e`00000000 00000000`00000000 : nt!KiCommitThreadWait+0x5c3

ffff840e`4200da40 fffff802`1e5edd7f : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000002 : nt!KeDelayExecutionThread+0x122

ffff840e`4200dad0 fffff802`1e4071b8 : 00000000`00000000 00000000`00000001 ffffffff`fffe7960 ffff840e`4200db80 : nt!NtDelayExecution+0x5f

ffff840e`4200db00 00007ff9`162ac634 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x28

000000dc`40e7f468 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x00007ff9`162ac634





SYMBOL_NAME: nt!KiCommitThreadWait+5c3



MODULE_NAME: nt



IMAGE_NAME: ntkrnlmp.exe



IMAGE_VERSION: 10.0.19041.685



STACK_COMMAND: .thread ; .cxr ; kb



BUCKET_ID_FUNC_OFFSET: 5c3



FAILURE_BUCKET_ID: 0x139_3_CORRUPT_LIST_ENTRY_KTIMER_LIST_CORRUPTION_nt!KiCommitThreadWait



OS_VERSION: 10.0.19041.1



BUILDLAB_STR: vb_release



OSPLATFORM_TYPE: x64



OSNAME: Windows 10



FAILURE_ID_HASH: {369b7001-cfef-011b-6243-985c04f34d42}



Followup: MachineOwner

Continue reading...
 
Back
Top Bottom