Henry韩
2020-12-27T05:51:51+00:00
For analysis of this file, run !analyze -v
2: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
KERNEL_SECURITY_CHECK_FAILURE (139)
A kernel component has corrupted a critical data structure. The corruption
could potentially allow a malicious user to gain control of this machine.
Arguments:
Arg1: 0000000000000003, A LIST_ENTRY has been corrupted (i.e. double remove).
Arg2: ffff91890077f3b0, Address of the trap frame for the exception that caused the bugcheck
Arg3: ffff91890077f308, Address of the exception record for the exception that caused the bugcheck
Arg4: 0000000000000000, Reserved
Debugging Details:
------------------
KEY_VALUES_STRING: 1
Key : Analysis.CPU.Sec
Value: 1
Key : Analysis.DebugAnalysisProvider.CPP
Value: Create: 8007007e on DESKTOP-DGPH3U9
Key : Analysis.DebugData
Value: CreateObject
Key : Analysis.DebugModel
Value: CreateObject
Key : Analysis.Elapsed.Sec
Value: 2
Key : Analysis.Memory.CommitPeak.Mb
Value: 80
Key : Analysis.System
Value: CreateObject
DUMP_FILE_ATTRIBUTES: 0x8
Kernel Generated Triage Dump
BUGCHECK_CODE: 139
BUGCHECK_P1: 3
BUGCHECK_P2: ffff91890077f3b0
BUGCHECK_P3: ffff91890077f308
BUGCHECK_P4: 0
TRAP_FRAME: ffff91890077f3b0 -- (.trap 0xffff91890077f3b0)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=ffffae0f5b2bf258 rbx=0000000000000000 rcx=0000000000000003
rdx=ffffae0f5b2bf2b8 rsi=0000000000000000 rdi=0000000000000000
rip=fffff80630695b24 rsp=ffff91890077f540 rbp=000000000007c000
r8=ffff91890077f548 r9=ffffae0f6320a150 r10=0000000000000000
r11=ffffae0f5b5526d8 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei ng nz na po cy
nt!MiGetWsAndInsertVad+0x1e4:
fffff806`30695b24 cd29 int 29h
Resetting default scope
EXCEPTION_RECORD: ffff91890077f308 -- (.exr 0xffff91890077f308)
ExceptionAddress: fffff80630695b24 (nt!MiGetWsAndInsertVad+0x00000000000001e4)
ExceptionCode: c0000409 (Security check failure or stack buffer overrun)
ExceptionFlags: 00000001
NumberParameters: 1
Parameter[0]: 0000000000000003
Subcode: 0x3 FAST_FAIL_CORRUPT_LIST_ENTRY
CUSTOMER_CRASH_COUNT: 1
PROCESS_NAME: MicrosoftEdgeU
ERROR_CODE: (NTSTATUS) 0xc0000409 - <Unable to get error code text>
EXCEPTION_CODE_STR: c0000409
EXCEPTION_PARAMETER1: 0000000000000003
EXCEPTION_STR: 0xc0000409
STACK_TEXT:
ffff9189`0077f088 fffff806`307d41e9 : 00000000`00000139 00000000`00000003 ffff9189`0077f3b0 ffff9189`0077f308 : nt!KeBugCheckEx
ffff9189`0077f090 fffff806`307d4610 : 00000000`00000000 00000000`00000000 00000001`00000000 87000004`00000000 : nt!KiBugCheckDispatch+0x69
ffff9189`0077f1d0 fffff806`307d29a3 : ffffae0f`60944f68 00000000`00000000 ffffae0f`5f6da060 fffff806`30bf0d03 : nt!KiFastFailDispatch+0xd0
ffff9189`0077f3b0 fffff806`30695b24 : ffffae0f`5b552640 ffffae0f`00000000 ffffae0f`00000001 ffffae0f`5b2bf250 : nt!KiRaiseSecurityCheckFailure+0x323
ffff9189`0077f540 fffff806`30c7ba19 : 00000000`00000842 ffff9189`0077f680 ffffae0f`6320a320 00000000`00000000 : nt!MiGetWsAndInsertVad+0x1e4
ffff9189`0077f580 fffff806`30c86ba7 : ffffae0f`5b2bf250 00000000`00000000 ffff9189`0077f758 ffff9189`0077f8b8 : nt!MiMapViewOfImageSection+0x509
ffff9189`0077f700 fffff806`30c85d18 : 00000000`00000021 ffff9189`0077fa80 00000000`00000000 00000000`00000000 : nt!MiMapViewOfSection+0x3f7
ffff9189`0077f850 fffff806`307d3c15 : ffffae0f`6025e080 00000000`00f8e148 00000000`00f8ead0 00000000`00000021 : nt!NtMapViewOfSection+0x158
ffff9189`0077f990 00007fff`6f45c574 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x25
00000000`00f8e128 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x00007fff`6f45c574
SYMBOL_NAME: nt!KiFastFailDispatch+d0
MODULE_NAME: nt
IMAGE_NAME: ntkrnlmp.exe
IMAGE_VERSION: 10.0.18362.778
STACK_COMMAND: .thread ; .cxr ; kb
BUCKET_ID_FUNC_OFFSET: d0
FAILURE_BUCKET_ID: 0x139_3_CORRUPT_LIST_ENTRY_nt!KiFastFailDispatch
OSPLATFORM_TYPE: x64
OSNAME: Windows 10
FAILURE_ID_HASH: {3aede96a-54dd-40d6-d4cb-2a161a843851}
Followup: MachineOwner
---------
2: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
KERNEL_SECURITY_CHECK_FAILURE (139)
A kernel component has corrupted a critical data structure. The corruption
could potentially allow a malicious user to gain control of this machine.
Arguments:
Arg1: 0000000000000003, A LIST_ENTRY has been corrupted (i.e. double remove).
Arg2: ffff91890077f3b0, Address of the trap frame for the exception that caused the bugcheck
Arg3: ffff91890077f308, Address of the exception record for the exception that caused the bugcheck
Arg4: 0000000000000000, Reserved
Debugging Details:
------------------
KEY_VALUES_STRING: 1
Key : Analysis.CPU.Sec
Value: 1
Key : Analysis.DebugAnalysisProvider.CPP
Value: Create: 8007007e on DESKTOP-DGPH3U9
Key : Analysis.DebugData
Value: CreateObject
Key : Analysis.DebugModel
Value: CreateObject
Key : Analysis.Elapsed.Sec
Value: 2
Key : Analysis.Memory.CommitPeak.Mb
Value: 80
Key : Analysis.System
Value: CreateObject
DUMP_FILE_ATTRIBUTES: 0x8
Kernel Generated Triage Dump
BUGCHECK_CODE: 139
BUGCHECK_P1: 3
BUGCHECK_P2: ffff91890077f3b0
BUGCHECK_P3: ffff91890077f308
BUGCHECK_P4: 0
TRAP_FRAME: ffff91890077f3b0 -- (.trap 0xffff91890077f3b0)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=ffffae0f5b2bf258 rbx=0000000000000000 rcx=0000000000000003
rdx=ffffae0f5b2bf2b8 rsi=0000000000000000 rdi=0000000000000000
rip=fffff80630695b24 rsp=ffff91890077f540 rbp=000000000007c000
r8=ffff91890077f548 r9=ffffae0f6320a150 r10=0000000000000000
r11=ffffae0f5b5526d8 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei ng nz na po cy
nt!MiGetWsAndInsertVad+0x1e4:
fffff806`30695b24 cd29 int 29h
Resetting default scope
EXCEPTION_RECORD: ffff91890077f308 -- (.exr 0xffff91890077f308)
ExceptionAddress: fffff80630695b24 (nt!MiGetWsAndInsertVad+0x00000000000001e4)
ExceptionCode: c0000409 (Security check failure or stack buffer overrun)
ExceptionFlags: 00000001
NumberParameters: 1
Parameter[0]: 0000000000000003
Subcode: 0x3 FAST_FAIL_CORRUPT_LIST_ENTRY
CUSTOMER_CRASH_COUNT: 1
PROCESS_NAME: MicrosoftEdgeU
ERROR_CODE: (NTSTATUS) 0xc0000409 - <Unable to get error code text>
EXCEPTION_CODE_STR: c0000409
EXCEPTION_PARAMETER1: 0000000000000003
EXCEPTION_STR: 0xc0000409
STACK_TEXT:
ffff9189`0077f088 fffff806`307d41e9 : 00000000`00000139 00000000`00000003 ffff9189`0077f3b0 ffff9189`0077f308 : nt!KeBugCheckEx
ffff9189`0077f090 fffff806`307d4610 : 00000000`00000000 00000000`00000000 00000001`00000000 87000004`00000000 : nt!KiBugCheckDispatch+0x69
ffff9189`0077f1d0 fffff806`307d29a3 : ffffae0f`60944f68 00000000`00000000 ffffae0f`5f6da060 fffff806`30bf0d03 : nt!KiFastFailDispatch+0xd0
ffff9189`0077f3b0 fffff806`30695b24 : ffffae0f`5b552640 ffffae0f`00000000 ffffae0f`00000001 ffffae0f`5b2bf250 : nt!KiRaiseSecurityCheckFailure+0x323
ffff9189`0077f540 fffff806`30c7ba19 : 00000000`00000842 ffff9189`0077f680 ffffae0f`6320a320 00000000`00000000 : nt!MiGetWsAndInsertVad+0x1e4
ffff9189`0077f580 fffff806`30c86ba7 : ffffae0f`5b2bf250 00000000`00000000 ffff9189`0077f758 ffff9189`0077f8b8 : nt!MiMapViewOfImageSection+0x509
ffff9189`0077f700 fffff806`30c85d18 : 00000000`00000021 ffff9189`0077fa80 00000000`00000000 00000000`00000000 : nt!MiMapViewOfSection+0x3f7
ffff9189`0077f850 fffff806`307d3c15 : ffffae0f`6025e080 00000000`00f8e148 00000000`00f8ead0 00000000`00000021 : nt!NtMapViewOfSection+0x158
ffff9189`0077f990 00007fff`6f45c574 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x25
00000000`00f8e128 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x00007fff`6f45c574
SYMBOL_NAME: nt!KiFastFailDispatch+d0
MODULE_NAME: nt
IMAGE_NAME: ntkrnlmp.exe
IMAGE_VERSION: 10.0.18362.778
STACK_COMMAND: .thread ; .cxr ; kb
BUCKET_ID_FUNC_OFFSET: d0
FAILURE_BUCKET_ID: 0x139_3_CORRUPT_LIST_ENTRY_nt!KiFastFailDispatch
OSPLATFORM_TYPE: x64
OSNAME: Windows 10
FAILURE_ID_HASH: {3aede96a-54dd-40d6-d4cb-2a161a843851}
Followup: MachineOwner
---------