2: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
MEMORY_MANAGEMENT (1a)
# Any other values for parameter 1 must be individually examined.
Arguments:
Arg1: 0000000000041792, A corrupt PTE has been detected. Parameter 2 contains the address of
the PTE. Parameters 3/4 contain the low/high parts of the PTE.
Arg2: ffff85012397a200
Arg3: 0000000020000000
Arg4: 0000000000000000
Debugging Details:
------------------
KEY_VALUES_STRING: 1
Key : Analysis.CPU.mSec
Value: 3015
Key : Analysis.Elapsed.mSec
Value: 4620
Key : Analysis.IO.Other.Mb
Value: 0
Key : Analysis.IO.Read.Mb
Value: 0
Key : Analysis.IO.Write.Mb
Value: 0
Key : Analysis.Init.CPU.mSec
Value: 453
Key : Analysis.Init.Elapsed.mSec
Value: 2285
Key : Analysis.Memory.CommitPeak.Mb
Value: 98
Key : Bugcheck.Code.LegacyAPI
Value: 0x1a
Key : Failure.Bucket
Value: MEMORY_CORRUPTION_ONE_BIT
Key : Failure.Hash
Value: {e3faf315-c3d0-81db-819a-6c43d23c63a7}
Key : MemoryManagement.PFN
Value: 20000
Key : WER.OS.Branch
Value: ni_release
Key : WER.OS.Version
Value: 10.0.22621.1
BUGCHECK_CODE: 1a
BUGCHECK_P1: 41792
BUGCHECK_P2: ffff85012397a200
BUGCHECK_P3: 20000000
BUGCHECK_P4: 0
FILE_IN_CAB: 062223-5093-01.dmp
MEMORY_CORRUPTOR: ONE_BIT
BLACKBOXBSD: 1 (!blackboxbsd)
BLACKBOXNTFS: 1 (!blackboxntfs)
BLACKBOXPNP: 1 (!blackboxpnp)
BLACKBOXWINLOGON: 1
CUSTOMER_CRASH_COUNT: 1
PROCESS_NAME: steamwebhelper.exe
STACK_TEXT:
ffffad08`11f06dd8 fffff802`15aa311a : 00000000`0000001a 00000000`00041792 ffff8501`2397a200 00000000`20000000 : nt!KeBugCheckEx
ffffad08`11f06de0 fffff802`15831666 : 00000000`00000000 ffff8501`2397aff8 ffff8387`b71eef1c ffffd107`99c55740 : nt!MiDeleteVa+0x2291da
ffffad08`11f06ed0 fffff802`15831a2a : ffffad08`00000000 ffffd107`99c55740 ffff8542`00000000 ffffad08`11f07300 : nt!MiWalkPageTablesRecursively+0x266
ffffad08`11f06f60 fffff802`15831a2a : ffffad08`11f072b0 ffffd107`99c55740 ffff8542`00000000 ffffad08`11f07310 : nt!MiWalkPageTablesRecursively+0x62a
ffffad08`11f06ff0 fffff802`15831a2a : ffffad08`11f072b0 ffffd107`99c55740 ffff8542`00000000 ffffad08`11f07320 : nt!MiWalkPageTablesRecursively+0x62a
ffffad08`11f07080 fffff802`15848de1 : 00000000`00000000 ffffd107`99c55740 00000000`00000000 ffffad08`11f07330 : nt!MiWalkPageTablesRecursively+0x62a
ffffad08`11f07110 fffff802`15879ea2 : ffffad08`11f072b0 ffffad08`00000001 00000000`00000002 ffff8542`00000000 : nt!MiWalkPageTables+0x371
ffffad08`11f07210 fffff802`1588aeee : ffffd107`98911080 fffff802`158843e2 ffffad08`11f075b0 ffffd107`99a21480 : nt!MiDeletePagablePteRange+0x3c2
ffffad08`11f07520 fffff802`15ca6417 : 00000000`00000000 00000000`00000001 00000000`00000000 ffffad08`11f075f0 : nt!MiDeleteVirtualAddresses+0x4e
ffffad08`11f07570 fffff802`15d73e4d : 00000247`2f140000 ffffd107`99a21480 00000000`00000000 00000000`00000000 : nt!MiDeleteVad+0x1b7
ffffad08`11f07630 fffff802`15d73a13 : ffffd107`99a21480 00000000`00000000 ffffd107`98911080 00000000`00000000 : nt!MiUnmapVad+0x49
ffffad08`11f07660 fffff802`15c88169 : ffffd107`99a21520 ffffd107`99a21520 ffffd107`99a21520 ffffd107`99c550c0 : nt!MiCleanVad+0x2f
ffffad08`11f07690 fffff802`15cdd159 : ffffffff`00000000 ffffffff`ffffffff 00000000`00000001 ffffd107`99c550c0 : nt!MmCleanProcessAddressSpace+0x10d
ffffad08`11f07710 fffff802`15d04fea : ffffd107`99c550c0 ffffe68b`54b03060 ffffad08`11f07939 00000000`00000000 : nt!PspRundownSingleProcess+0xc1
ffffad08`11f077a0 fffff802`15d062b8 : 00000000`00000000 00000000`00000001 ffffd107`989110f4 0000004e`2f2ac000 : nt!PspExitThread+0x64e
ffffad08`11f078a0 fffff802`1591350d : 00000247`30b59000 00000000`00000004 ffffad08`11f07ae0 ffffae00`f2fd1180 : nt!KiSchedulerApcTerminate+0x38
ffffad08`11f078e0 fffff802`15a32420 : ffff8387`b71ef401 ffffad08`11f079a0 00000000`00000000 00000000`00000000 : nt!KiDeliverApc+0x47d
ffffad08`11f079a0 fffff802`15a4108f : ffffd107`98911080 00000000`00000000 00000000`00000000 ffffd107`00000000 : nt!KiInitiateUserApc+0x70
ffffad08`11f07ae0 00007ffa`3d172844 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceExit+0x9f
0000004e`302ff4a8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x00007ffa`3d172844
MODULE_NAME: hardware
IMAGE_NAME: memory_corruption
STACK_COMMAND: .cxr; .ecxr ; kb
FAILURE_BUCKET_ID: MEMORY_CORRUPTION_ONE_BIT
OS_VERSION: 10.0.22621.1
BUILDLAB_STR: ni_release
OSPLATFORM_TYPE: x64
OSNAME: Windows 10
FAILURE_ID_HASH: {e3faf315-c3d0-81db-819a-6c43d23c63a7}
Followup: MachineOwner
---------
3: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
KERNEL_SECURITY_CHECK_FAILURE (139)
A kernel component has corrupted a critical data structure. The corruption
could potentially allow a malicious user to gain control of this machine.
Arguments:
Arg1: 0000000000000eac, Type of memory safety violation
Arg2: ffff9786d700c840, Address of the trap frame for the exception that caused the BugCheck
Arg3: ffff9786d700c798, Address of the exception record for the exception that caused the BugCheck
Arg4: 0000000000000000, Reserved
Debugging Details:
------------------
*** WARNING: Unable to verify timestamp for EasyAntiCheat_EOS.sys
KEY_VALUES_STRING: 1
Key : Analysis.CPU.mSec
Value: 3437
Key : Analysis.Elapsed.mSec
Value: 4261
Key : Analysis.IO.Other.Mb
Value: 0
Key : Analysis.IO.Read.Mb
Value: 0
Key : Analysis.IO.Write.Mb
Value: 0
Key : Analysis.Init.CPU.mSec
Value: 437
Key : Analysis.Init.Elapsed.mSec
Value: 1625
Key : Analysis.Memory.CommitPeak.Mb
Value: 87
Key : Bugcheck.Code.LegacyAPI
Value: 0x139
Key : FailFast.Type
Value: 3756
Key : Failure.Bucket
Value: 0x139_MISSING_GSFRAME_EasyAntiCheat_EOS!unknown_function
Key : Failure.Hash
Value: {dde04553-d42f-b4d7-f06a-e1871a067075}
Key : WER.OS.Branch
Value: ni_release
Key : WER.OS.Version
Value: 10.0.22621.1
BUGCHECK_CODE: 139
BUGCHECK_P1: eac
BUGCHECK_P2: ffff9786d700c840
BUGCHECK_P3: ffff9786d700c798
BUGCHECK_P4: 0
FILE_IN_CAB: 062423-5046-01.dmp
TRAP_FRAME: ffff9786d700c840 -- (.trap 0xffff9786d700c840)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=0000000000000000 rbx=0000000000000000 rcx=0000000000000eac
rdx=0000000000000030 rsi=0000000000000000 rdi=0000000000000000
rip=fffff806b87cca4d rsp=ffff9786d700c9d0 rbp=fffff806b87cca48
r8=0000000000000030 r9=ffff9786d700cb78 r10=ffff8502fe13d720
r11=0000000000000000 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei pl zr na po nc
EasyAntiCheat_EOS+0xafca4d:
fffff806`b87cca4d cd29 int 29h
Resetting default scope
EXCEPTION_RECORD: ffff9786d700c798 -- (.exr 0xffff9786d700c798)
ExceptionAddress: fffff806b87cca4d (EasyAntiCheat_EOS+0x0000000000afca4d)
ExceptionCode: c0000409 (Security check failure or stack buffer overrun)
ExceptionFlags: 00000001
NumberParameters: 1
Parameter[0]: 0000000000000eac
Subcode: 0xeac (unknown subcode)
BLACKBOXBSD: 1 (!blackboxbsd)
BLACKBOXNTFS: 1 (!blackboxntfs)
BLACKBOXPNP: 1 (!blackboxpnp)
BLACKBOXWINLOGON: 1
CUSTOMER_CRASH_COUNT: 1
PROCESS_NAME: System
ERROR_CODE: (NTSTATUS) 0xc0000409 - Sistem, bu uygulamada y n tabanl bir arabelle in ta t n alg lad . Bu ta ma, k t niyetli bir kullan c n n bu uygulaman n denetimini ele ge irmesine olanak verebilir.
EXCEPTION_CODE_STR: c0000409
EXCEPTION_PARAMETER1: 0000000000000eac
EXCEPTION_STR: 0xc0000409
STACK_TEXT:
ffff9786`d700c518 fffff806`550418a9 : 00000000`00000139 00000000`00000eac ffff9786`d700c840 ffff9786`d700c798 : nt!KeBugCheckEx
ffff9786`d700c520 fffff806`55041e32 : 03d734e3`90ab47a2 ffff8502`fde81080 ffffcc81`f7ca2850 ffffcc81`f7ca227d : nt!KiBugCheckDispatch+0x69
ffff9786`d700c660 fffff806`5503fc06 : ffb4d5ab`fdcd813f ffffffff`3e87a70a fb9f6b64`f6991629 faa231d3`f3228f64 : nt!KiFastFailDispatch+0xb2
ffff9786`d700c840 fffff806`b87cca4d : a58a3f3f`ff24b9c5 fc9ff72f`ffffffff fef5660f`fc0eeae2 fb1bd37d`fe9ae942 : nt!KiRaiseSecurityCheckFailure+0x346
ffff9786`d700c9d0 a58a3f3f`ff24b9c5 : fc9ff72f`ffffffff fef5660f`fc0eeae2 fb1bd37d`fe9ae942 f03c07eb`f9bcf24a : EasyAntiCheat_EOS+0xafca4d
ffff9786`d700c9d8 fc9ff72f`ffffffff : fef5660f`fc0eeae2 fb1bd37d`fe9ae942 f03c07eb`f9bcf24a fa3ff65c`0093c85f : 0xa58a3f3f`ff24b9c5
ffff9786`d700c9e0 fef5660f`fc0eeae2 : fb1bd37d`fe9ae942 f03c07eb`f9bcf24a fa3ff65c`0093c85f ffff9786`d700cb20 : 0xfc9ff72f`ffffffff
ffff9786`d700c9e8 fb1bd37d`fe9ae942 : f03c07eb`f9bcf24a fa3ff65c`0093c85f ffff9786`d700cb20 00000000`00000000 : 0xfef5660f`fc0eeae2
ffff9786`d700c9f0 f03c07eb`f9bcf24a : fa3ff65c`0093c85f ffff9786`d700cb20 00000000`00000000 00000000`00000000 : 0xfb1bd37d`fe9ae942
ffff9786`d700c9f8 fa3ff65c`0093c85f : ffff9786`d700cb20 00000000`00000000 00000000`00000000 00000000`00000000 : 0xf03c07eb`f9bcf24a
ffff9786`d700ca00 ffff9786`d700cb20 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0xfa3ff65c`0093c85f
ffff9786`d700ca08 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0xffff9786`d700cb20
SYMBOL_NAME: EasyAntiCheat_EOS+afca4d
MODULE_NAME: EasyAntiCheat_EOS
IMAGE_NAME: EasyAntiCheat_EOS.sys
STACK_COMMAND: .cxr; .ecxr ; kb
BUCKET_ID_FUNC_OFFSET: afca4d
FAILURE_BUCKET_ID: 0x139_MISSING_GSFRAME_EasyAntiCheat_EOS!unknown_function
OS_VERSION: 10.0.22621.1
BUILDLAB_STR: ni_release
OSPLATFORM_TYPE: x64
OSNAME: Windows 10
FAILURE_ID_HASH: {dde04553-d42f-b4d7-f06a-e1871a067075}
Followup: MachineOwner
---------