[Dump Analyzing] KERNEL_SECURITY_CHECK_FAILURE (139)

T

Terkariki

Hello! My PC started crashing suddenly and the 1st time when it crashed I got a BSOD but now it just gets Black Screen and the sounds (like music etc) stop. So I analyzed the DMP file of the BSOD but I don't know much about this stuff so I would like to get some help.


[COLOR=rgba(30, 30, 30, 1)]KERNEL_SECURITY_CHECK_FAILURE (139)
A kernel component has corrupted a critical data structure. The corruption
could potentially allow a malicious user to gain control of this machine.
Arguments:
Arg1: 0000000000000003, A LIST_ENTRY has been corrupted (i.e. double remove).
Arg2: fffff80150e1d990, Address of the trap frame for the exception that caused the bugcheck
Arg3: fffff80150e1d8e8, Address of the exception record for the exception that caused the bugcheck
Arg4: 0000000000000000, Reserved

Debugging Details:
------------------


KEY_VALUES_STRING: 1

Key : Analysis.CPU.mSec
Value: 2687

Key : Analysis.DebugAnalysisProvider.CPP
Value: Create: 8007007e on DESKTOP-6RNKTM5

Key : Analysis.DebugData
Value: CreateObject

Key : Analysis.DebugModel
Value: CreateObject

Key : Analysis.Elapsed.mSec
Value: 51319

Key : Analysis.Memory.CommitPeak.Mb
Value: 77

Key : Analysis.System
Value: CreateObject

Key : WER.OS.Branch
Value: vb_release

Key : WER.OS.Timestamp
Value: 2019-12-06T14:06:00Z

Key : WER.OS.Version
Value: 10.0.19041.1


ADDITIONAL_XML: 1

OS_BUILD_LAYERS: 1

BUGCHECK_CODE: 139

BUGCHECK_P1: 3

BUGCHECK_P2: fffff80150e1d990

BUGCHECK_P3: fffff80150e1d8e8

BUGCHECK_P4: 0

TRAP_FRAME: fffff80150e1d990 -- [/COLOR][COLOR=rgba(0, 0, 255, 1)](.trap 0xfffff80150e1d990)
[/COLOR][COLOR=rgba(30, 30, 30, 1)]NOTE: The trap frame does not contain all registers.
[/COLOR][COLOR=rgba(0, 0, 255, 1)]Some register values may be zeroed or incorrect.
[/COLOR][COLOR=rgba(30, 30, 30, 1)]rax=ffffb003d9c70158 rbx=0000000000000000 rcx=0000000000000003
rdx=ffffb003e1703158 rsi=0000000000000000 rdi=0000000000000000
rip=fffff8014a6127b0 rsp=fffff80150e1db20 rbp=fffff80147e0a180
r8=0000000000000102 r9=0000000000000000 r10=0000000000000000
r11=fffff80150e1dc10 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei pl nz ac po nc
nt!KiTryUnwaitThread+0x1c6460:
fffff801`4a6127b0 cd29 int 29h
Resetting default scope

EXCEPTION_RECORD: fffff80150e1d8e8 -- [/COLOR][COLOR=rgba(0, 0, 255, 1)](.exr 0xfffff80150e1d8e8)
[/COLOR][COLOR=rgba(30, 30, 30, 1)]ExceptionAddress: fffff8014a6127b0 (nt!KiTryUnwaitThread+0x00000000001c6460)
ExceptionCode: c0000409 (Security check failure or stack buffer overrun)
ExceptionFlags: 00000001
NumberParameters: 1
Parameter[0]: 0000000000000003
Subcode: 0x3 FAST_FAIL_CORRUPT_LIST_ENTRY

BLACKBOXBSD: 1 ([/COLOR][COLOR=rgba(0, 0, 255, 1)]!blackboxbsd[/COLOR][COLOR=rgba(30, 30, 30, 1)])


BLACKBOXNTFS: 1 ([/COLOR][COLOR=rgba(0, 0, 255, 1)]!blackboxntfs[/COLOR][COLOR=rgba(30, 30, 30, 1)])


BLACKBOXPNP: 1 ([/COLOR][COLOR=rgba(0, 0, 255, 1)]!blackboxpnp[/COLOR][COLOR=rgba(30, 30, 30, 1)])


BLACKBOXWINLOGON: 1

CUSTOMER_CRASH_COUNT: 1

PROCESS_NAME: dwm.exe

ERROR_CODE: (NTSTATUS) 0xc0000409 - A rendszer veremalap gyors t t r-t lcsordul st szlelt az alkalmaz sban, amely lehet v teheti, hogy egy rosszindulat felhaszn l tvegye az ir ny t s t.

EXCEPTION_CODE_STR: c0000409

EXCEPTION_PARAMETER1: 0000000000000003

DPC_STACK_BASE: FFFFF80150E1DFB0

EXCEPTION_STR: 0xc0000409

STACK_TEXT:
fffff801`50e1d668 fffff801`4a607a69 : 00000000`00000139 00000000`00000003 fffff801`50e1d990 fffff801`50e1d8e8 : nt!KeBugCheckEx
fffff801`50e1d670 fffff801`4a607e90 : fffff801`4a4ed580 fffff801`4a4e8fe0 ffffb003`d5ede000 ffffb003`d8cb5830 : nt!KiBugCheckDispatch+0x69
fffff801`50e1d7b0 fffff801`4a606223 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiFastFailDispatch+0xd0
fffff801`50e1d990 fffff801`4a6127b0 : 00000000`00400a02 00000000`00000000 00400a02`00000010 00023b48`e799fc56 : nt!KiRaiseSecurityCheckFailure+0x323
fffff801`50e1db20 fffff801`4a4452d6 : ffffb003`d9c70188 fffff801`00000000 ffffb003`d9c70250 00000000`00000000 : nt!KiTryUnwaitThread+0x1c6460
fffff801`50e1db80 fffff801`4a444e7c : ffffb003`d9c70180 00000000`00000008 fffff801`50e1de68 fffff801`00000002 : nt!KiTimerWaitTest+0x1e6
fffff801`50e1dc30 fffff801`4a406eed : fffff801`47e0a180 00000000`00000000 00000000`00000008 00000000`00c547f3 : nt!KiProcessExpiredTimerList+0xdc
fffff801`50e1dd20 fffff801`4a5fcac5 : 00000000`00000000 fffff801`47e0a180 ffffd981`90139a00 00000089`43a9b990 : nt!KiRetireDpcList+0x5dd
fffff801`50e1dfb0 fffff801`4a5fc8b0 : fffff801`4a5f1b70 fffff801`4a4ec5ca ffff8208`38c7f910 00000089`43a9b770 : nt!KxRetireDpcList+0x5
ffff9208`80a5aac0 fffff801`4a5fc165 : 00000089`43a9b990 fffff801`4a5f6dd1 0000022a`c523ca48 00000000`04029000 : nt!KiDispatchInterruptContinue
ffff9208`80a5aaf0 fffff801`4a5f6dd1 : 0000022a`c523ca48 00000000`04029000 ffff9208`80a5ab18 00000000`00000000 : nt!KiDpcInterruptBypass+0x25
ffff9208`80a5ab00 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiChainedDispatch+0xb1


SYMBOL_NAME: nt!KiTimerWaitTest+1e6

MODULE_NAME: [/COLOR][COLOR=rgba(0, 0, 255, 1)]nt

[/COLOR][COLOR=rgba(30, 30, 30, 1)]IMAGE_NAME: ntkrnlmp.exe

IMAGE_VERSION: 10.0.19041.804

STACK_COMMAND: .thread ; .cxr ; kb

BUCKET_ID_FUNC_OFFSET: 1e6

FAILURE_BUCKET_ID: 0x139_3_CORRUPT_LIST_ENTRY_KTIMER_LIST_CORRUPTION_nt!KiTimerWaitTest

OS_VERSION: 10.0.19041.1

BUILDLAB_STR: vb_release

OSPLATFORM_TYPE: x64

OSNAME: Windows 10

FAILURE_ID_HASH: {efb56395-a173-53f8-073d-d3c8cfd50e2b}

Followup: MachineOwner
[/COLOR]

Continue reading...
 
Back
Top Bottom