************* Path validation summary **************
Response Time (ms) Location.
Deferred srv*
Symbol search path is: srv*
Executable search path is:
Windows 10 Kernel Version 19041 MP (12 procs) Free x64.
Product: WinNt, suite: TerminalServer SingleUserTS.
Machine Name:
Kernel base = 0xfffff802`38c00000 PsLoadedModuleList = 0xfffff802`3982a490
Debug session time: Tue Mar 23 23:50:26.725 2021 (UTC + 3:00)
System Uptime: 0 days 10:50:22.355
Loading Kernel Symbols.
..
Press ctrl-c (cdb, kd, ntsd) or ctrl-break (windbg) to abort symbol loads that take too long.
Run !sym noisy before .reload to track down problems loading symbols.
.............................................................
................................................................
................................................................
.......
Loading User Symbols.
Loading unloaded module list.
............
For analysis of this file, run !analyze -v
nt!KeBugCheckEx:
fffff802`38ff5c50 48894c2408 mov qword ptr [rsp+8],rcx ss:0018:fffff106`e1299650=00000000000000a0
0: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
INTERNAL_POWER_ERROR (a0)
The power policy manager experienced a fatal error.
Arguments:
Arg1: 000000000000010e, The disk subsystem returned corrupt data while reading from the.
hibernation file.
Arg2: 000000000000000a.
Arg3: 0000000000003698, Incorrect checksum.
Arg4: 0000000000005d1d, Previous disk read's checksum.
Debugging Details:
------------------
KEY_VALUES_STRING: 1
Key : Analysis.CPU.mSec
Value: 2733.
Key : Analysis.DebugAnalysisManager
Value: Create.
Key : Analysis.Elapsed.mSec
Value: 2810.
Key : Analysis.Init.CPU.mSec
Value: 499.
Key : Analysis.Init.Elapsed.mSec
Value: 12863.
Key : Analysis.Memory.CommitPeak.Mb
Value: 74.
DUMP_FILE_ATTRIBUTES: 0x9.
Hiber Crash Dump.
Kernel Generated Triage Dump.
BUGCHECK_CODE: a0.
BUGCHECK_P1: 10e.
BUGCHECK_P2: a
BUGCHECK_P3: 3698.
BUGCHECK_P4: 5d1d.
CUSTOMER_CRASH_COUNT: 1
STACK_TEXT:
fffff106`e1299648 fffff802`395a07ee : 00000000`000000a0 00000000`0000010e 00000000`0000000a 00000000`00003698 : nt!KeBugCheckEx
fffff106`e1299650 fffff802`395adc01 : 00000000`00000001 ffffab87`5bc5a050 00000000`9fb97000 ffffab87`71bb2000 : nt!PopHiberChecksumHiberFileData+0x103ae
fffff106`e12996b0 fffff802`3959fdc7 : 00000000`00000000 ffff9802`19139f38 00000000`00000001 00000000`00000001 : nt!PopRequestRead+0x7d
fffff106`e1299720 fffff802`3958f5d0 : 00007225`d7f64f75 ffff9802`19139f38 00000000`00000000 00000000`00000000 : nt!PopRestoreHiberContext+0x1069f
fffff106`e12997b0 fffff802`3958f316 : fffff802`39850620 fffff106`e1299930 fffff802`39850620 00000000`00000100 : nt!PopHandleNextState+0x210
fffff106`e1299800 fffff802`3958f093 : 00000000`00000100 fffff802`39850620 0000005a`dc38e993 00000000`00989680 : nt!PopIssueNextState+0x1a
fffff106`e1299830 fffff802`39591c99 : fffff106`e1299b20 00000000`00000000 00000000`00000000 fffff802`39591a1f : nt!PopInvokeSystemStateHandler+0x33b
fffff106`e1299a30 fffff802`3958c98a : ffffffff`00000000 ffffffff`ffffffff 00000000`00000000 00000000`00000000 : nt!PopEndMirroring+0x1e9
fffff106`e1299af0 fffff802`3958c675 : 00000000`00000000 00000000`00000000 00000000`00000001 00000000`00000000 : nt!MmDuplicateMemory+0x2be
fffff106`e1299b80 fffff802`38f17e85 : ffffab87`6764c000 ffffab87`6764c040 fffff802`3958c540 00000000`00000001 : nt!PopTransitionToSleep+0x135
fffff106`e1299c10 fffff802`38ffd2a8 : ffffbf80`2e1e8180 ffffab87`6764c040 fffff802`38f17e30 00000000`00000246 : nt!PspSystemThreadStartup+0x55
fffff106`e1299c60 00000000`00000000 : fffff106`e129a000 fffff106`e1294000 00000000`00000000 00000000`00000000 : nt!KiStartSystemThread+0x28
SYMBOL_NAME: nt!PopHiberChecksumHiberFileData+103ae
MODULE_NAME: nt.
IMAGE_NAME: ntkrnlmp.exe
IMAGE_VERSION: 10.0.19041.868
STACK_COMMAND: .thread ; .cxr ; kb.
BUCKET_ID_FUNC_OFFSET: 103ae.
FAILURE_BUCKET_ID: 0xa0_10e_nt!PopHiberChecksumHiberFileData
OSPLATFORM_TYPE: x64.
OSNAME: Windows 10.
FAILURE_ID_HASH: {28ba2091-a476-6f77-2dec-6241bccd4685}
Followup: MachineOwner.
---------
************* Path validation summary **************
Response Time (ms) Location.
Deferred srv*
Symbol search path is: srv*
Executable search path is:
Windows 10 Kernel Version 19041 MP (12 procs) Free x64.
Product: WinNt, suite: TerminalServer SingleUserTS.
Edition build lab: 19041.1.amd64fre.vb_release.191206-1406
Machine Name:
Kernel base = 0xfffff804`6f200000 PsLoadedModuleList = 0xfffff804`6fe2a490
Debug session time: Fri Mar 26 17:54:38.627 2021 (UTC + 3:00)
System Uptime: 1 days 4:01:13.256
Loading Kernel Symbols.
...............................................................
................................................................
................................................................
..
Loading User Symbols.
Loading unloaded module list.
.........................
For analysis of this file, run !analyze -v
nt!KeBugCheckEx:
fffff804`6f5f5c50 48894c2408 mov qword ptr [rsp+8],rcx ss:0018:ffffef01`b9861170=0000000000000139
9: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
KERNEL_SECURITY_CHECK_FAILURE (139)
A kernel component has corrupted a critical data structure. The corruption.
could potentially allow a malicious user to gain control of this machine.
Arguments:
Arg1: 0000000000000003, A LIST_ENTRY has been corrupted (i.e. double remove).
Arg2: ffffef01b9861490, Address of the trap frame for the exception that caused the BugCheck.
Arg3: ffffef01b98613e8, Address of the exception record for the exception that caused the BugCheck.
Arg4: 0000000000000000, Reserved.
Debugging Details:
------------------
KEY_VALUES_STRING: 1
Key : Analysis.CPU.mSec
Value: 4109.
Key : Analysis.DebugAnalysisManager
Value: Create.
Key : Analysis.Elapsed.mSec
Value: 4200.
Key : Analysis.Init.CPU.mSec
Value: 437.
Key : Analysis.Init.Elapsed.mSec
Value: 9573.
Key : Analysis.Memory.CommitPeak.Mb
Value: 72.
Key : FailFast.Name
Value: CORRUPT_LIST_ENTRY.
Key : FailFast.Type
Value: 3
Key : WER.OS.Branch
Value: vb_release.
Key : WER.OS.Timestamp
Value: 2019-12-06T14:06:00Z
Key : WER.OS.Version
Value: 10.0.19041.1
BUGCHECK_CODE: 139.
BUGCHECK_P1: 3
BUGCHECK_P2: ffffef01b9861490.
BUGCHECK_P3: ffffef01b98613e8.
BUGCHECK_P4: 0
TRAP_FRAME: ffffef01b9861490 -- (.trap 0xffffef01b9861490)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=ffffa001496b0018 rbx=0000000000000000 rcx=0000000000000003
rdx=ffffa001496b0078 rsi=0000000000000000 rdi=0000000000000000
rip=fffff8046f645027 rsp=ffffef01b9861620 rbp=ffffef01b9861780
r8=ffffef01b9861630 r9=ffffa001532b2980 r10=ffffa001532b2980
r11=ffffa0013d506858 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei pl nz na po nc.
nt!MiGetWsAndInsertVad+0x1a28d7:
fffff804`6f645027 cd29 int 29h.
Resetting default scope.
EXCEPTION_RECORD: ffffef01b98613e8 -- (.exr 0xffffef01b98613e8)
ExceptionAddress: fffff8046f645027 (nt!MiGetWsAndInsertVad+0x00000000001a28d7)
ExceptionCode: c0000409 (Security check failure or stack buffer overrun)
ExceptionFlags: 00000001.
NumberParameters: 1
Parameter[0]: 0000000000000003.
Subcode: 0x3 FAST_FAIL_CORRUPT_LIST_ENTRY
CUSTOMER_CRASH_COUNT: 1
PROCESS_NAME: nvcontainer.exe
ERROR_CODE: (NTSTATUS) 0xc0000409 - Sistem, bu uygulamada y n tabanl bir arabelle in ta t n alg lad . Bu ta ma, k t niyetli bir kullan c n n bu uygulaman n denetimini ele ge irmesine olanak verebilir.
EXCEPTION_CODE_STR: c0000409.
EXCEPTION_PARAMETER1: 0000000000000003.
EXCEPTION_STR: 0xc0000409.
STACK_TEXT:
ffffef01`b9861168 fffff804`6f607b69 : 00000000`00000139 00000000`00000003 ffffef01`b9861490 ffffef01`b98613e8 : nt!KeBugCheckEx
ffffef01`b9861170 fffff804`6f607f90 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiBugCheckDispatch+0x69
ffffef01`b98612b0 fffff804`6f606323 : 00000000`00000861 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiFastFailDispatch+0xd0
ffffef01`b9861490 fffff804`6f645027 : ffffa001`496b0010 ffffef01`00000001 ffffa001`00000000 ffffa001`496b0078 : nt!KiRaiseSecurityCheckFailure+0x323
ffffef01`b9861620 fffff804`6f836734 : 00000000`00000842 ffffef01`b9861780 ffffa001`532c7d80 ffffa001`532c7d80 : nt!MiGetWsAndInsertVad+0x1a28d7
ffffef01`b9861680 fffff804`6f8323bc : ffffa001`496b0010 00000000`00000000 ffffef01`b9861858 ffffef01`b98619b8 : nt!MiMapViewOfImageSection+0x514
ffffef01`b9861800 fffff804`6f833d79 : 00000000`00000000 ffffef01`b9861b80 00000207`3e019d40 00000000`00000000 : nt!MiMapViewOfSection+0x3fc
ffffef01`b9861950 fffff804`6f6075b8 : ffffa001`4abaf080 000000e1`0f4ff408 00000000`00000000 00000000`00000000 : nt!NtMapViewOfSection+0x159
ffffef01`b9861a90 00007ffb`c4b4d114 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x28
000000e1`0f4ff3e8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x00007ffb`c4b4d114
SYMBOL_NAME: nt!KiFastFailDispatch+d0
MODULE_NAME: nt.
IMAGE_NAME: ntkrnlmp.exe
IMAGE_VERSION: 10.0.19041.868
STACK_COMMAND: .thread ; .cxr ; kb.
BUCKET_ID_FUNC_OFFSET: d0.
FAILURE_BUCKET_ID: 0x139_3_CORRUPT_LIST_ENTRY_nt!KiFastFailDispatch
OS_VERSION: 10.0.19041.1
BUILDLAB_STR: vb_release.
OSPLATFORM_TYPE: x64.
OSNAME: Windows 10.
FAILURE_ID_HASH: {3aede96a-54dd-40d6-d4cb-2a161a843851}
Followup: MachineOwner.
---------
************* Path validation summary **************
Response Time (ms) Location.
Deferred srv*
Symbol search path is: srv*
Executable search path is:
Windows 10 Kernel Version 19041 MP (12 procs) Free x64.
Product: WinNt, suite: TerminalServer SingleUserTS.
Edition build lab: 19041.1.amd64fre.vb_release.191206-1406
Machine Name:
Kernel base = 0xfffff807`4b600000 PsLoadedModuleList = 0xfffff807`4c22a490
Debug session time: Mon Mar 29 21:22:35.559 2021 (UTC + 3:00)
System Uptime: 1 days 3:44:53.190
Loading Kernel Symbols.
...............................................................
................................................................
................................................................
...
Loading User Symbols.
Loading unloaded module list.
........................
For analysis of this file, run !analyze -v
nt!KeBugCheckEx:
fffff807`4b9f5c50 48894c2408 mov qword ptr [rsp+8],rcx ss:0018:fffff90e`62426980=000000000000003b
2: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
SYSTEM_SERVICE_EXCEPTION (3b)
An exception happened while executing a system service routine.
Arguments:
Arg1: 00000000c0000005, Exception code that caused the BugCheck.
Arg2: fffff8074b9fdb87, Address of the instruction which caused the BugCheck.
Arg3: fffff90e62427280, Address of the context record for the exception that caused the BugCheck.
Arg4: 0000000000000000, zero.
Debugging Details:
------------------
KEY_VALUES_STRING: 1
Key : Analysis.CPU.mSec
Value: 5874.
Key : Analysis.DebugAnalysisManager
Value: Create.
Key : Analysis.Elapsed.mSec
Value: 7377.
Key : Analysis.Init.CPU.mSec
Value: 390.
Key : Analysis.Init.Elapsed.mSec
Value: 8148.
Key : Analysis.Memory.CommitPeak.Mb
Value: 79.
Key : WER.OS.Branch
Value: vb_release.
Key : WER.OS.Timestamp
Value: 2019-12-06T14:06:00Z
Key : WER.OS.Version
Value: 10.0.19041.1
BUGCHECK_CODE: 3b.
BUGCHECK_P1: c0000005.
BUGCHECK_P2: fffff8074b9fdb87.
BUGCHECK_P3: fffff90e62427280.
BUGCHECK_P4: 0
CONTEXT: fffff90e62427280 -- (.cxr 0xfffff90e62427280)
rax=0000003e40fe0013 rbx=ffffa70faf87d07e rcx=fffff8074d7ef140
rdx=f8a2be4226ad34d4 rsi=0000000000000006 rdi=fffff90e62428080
rip=fffff8074b9fdb87 rsp=fffff90e62427c80 rbp=0000000000000008
r8=f8a2be4226ad34d0 r9=0000000000000003 r10=fffff8074d7ef140
r11=0000000000000003 r12=0000000000000000 r13=0000000000000000
r14=0000000000000001 r15=fffff90e6242811c
iopl=0 nv up ei ng nz na pe nc.
cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00050282
nt!ExpInterlockedPopEntrySListFault:
fffff807`4b9fdb87 498b08 mov rcx,qword ptr [r8] ds:002b:f8a2be42`26ad34d0=????????????????
Resetting default scope.
BLACKBOXBSD: 1 (!blackboxbsd)
BLACKBOXNTFS: 1 (!blackboxntfs)
BLACKBOXPNP: 1 (!blackboxpnp)
BLACKBOXWINLOGON: 1
CUSTOMER_CRASH_COUNT: 1
PROCESS_NAME: nvcontainer.exe
STACK_TEXT:
fffff90e`62427c80 fffff807`4d82af37 : fffff90e`624280e0 ffffa70f`c1da6920 00000000`00000001 fffff807`4d7a8030 : nt!ExpInterlockedPopEntrySListFault
fffff90e`62427c90 fffff807`4d82715b : ffff8f89`5abbe010 fffff90e`62428080 ffff8f89`5abbe010 00000000`00000000 : Ntfs!NtfsCommonCreate+0x897
fffff90e`62427f70 fffff807`4b852f55 : ffff8f89`4efe3030 ffff8f89`5abbe010 fffff90e`62428200 ffff8f89`584458f0 : Ntfs!NtfsFsdCreate+0x1db
fffff90e`624281f0 fffff807`47636ccf : ffff8f89`58445900 fffff90e`624282e0 fffff90e`624282e9 fffff807`47635b37 : nt!IofCallDriver+0x55
fffff90e`62428230 fffff807`4766bbd4 : fffff90e`624282e0 ffff8f89`58445948 ffff8f89`4ee4ad60 00000000`00000000 : FLTMGR!FltpLegacyProcessingAfterPreCallbacksCompleted+0x28f
fffff90e`624282a0 fffff807`4b852f55 : ffff8f89`58445800 ffff8f89`4eecd8f0 00000000`00000000 00000000`00000000 : FLTMGR!FltpCreate+0x324
fffff90e`62428350 fffff807`4b854544 : 00000000`00000000 ffff8f89`5abbe010 ffff8f89`4efa66c0 ffff8f89`4ee4ad60 : nt!IofCallDriver+0x55
fffff90e`62428390 fffff807`4bbfefad : fffff90e`62428650 ffff8f89`4eecd8f0 ffff8f89`58445988 fffff90e`00000001 : nt!IoCallDriverWithTracing+0x34
fffff90e`624283e0 fffff807`4bc2797e : ffff8f89`4eecd8f0 00000000`00000000 ffff8f89`5dba7010 ffff8f89`5dba7001 : nt!IopParseDevice+0x117d
fffff90e`62428550 fffff807`4bbeb27a : ffff8f89`5dba7000 fffff90e`624287b8 00000000`00000040 ffff8f89`4bcfa400 : nt!ObpLookupObjectName+0x3fe
fffff90e`62428720 fffff807`4bc6de6e : 00000000`00000000 000000d2`a5bfdba0 00000000`00000000 000000d2`a5bfdb70 : nt!ObOpenObjectByNameEx+0x1fa
fffff90e`62428850 fffff807`4ba075b8 : 000000d2`a5bfe180 ffff8f89`60ad0080 ffff8f89`60ad0080 00000279`ab694c60 : nt!NtQueryFullAttributesFile+0x1ce
fffff90e`62428b00 00007fff`d7b8f4c4 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x28
000000d2`a5bfdb18 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x00007fff`d7b8f4c4
SYMBOL_NAME: Ntfs!NtfsCommonCreate+897
MODULE_NAME: Ntfs.
IMAGE_NAME: Ntfs.sys
IMAGE_VERSION: 10.0.19041.870
STACK_COMMAND: .cxr 0xfffff90e62427280 ; kb.
BUCKET_ID_FUNC_OFFSET: 897.
FAILURE_BUCKET_ID: 0x3B_c0000005_Ntfs!NtfsCommonCreate
OS_VERSION: 10.0.19041.1
BUILDLAB_STR: vb_release.
OSPLATFORM_TYPE: x64.
OSNAME: Windows 10.
FAILURE_ID_HASH: {ce9f51e8-7c78-f364-afad-6aa6232f0f00}
Followup: MachineOwner.
---------
************* Path validation summary **************
Response Time (ms) Location.
Deferred srv*
Symbol search path is: srv*
Executable search path is:
Windows 10 Kernel Version 19041 MP (12 procs) Free x64.
Product: WinNt, suite: TerminalServer SingleUserTS.
Edition build lab: 19041.1.amd64fre.vb_release.191206-1406
Machine Name:
Kernel base = 0xfffff801`2da00000 PsLoadedModuleList = 0xfffff801`2e62a490
Debug session time: Thu Apr 1 09:40:19.877 2021 (UTC + 3:00)
System Uptime: 2 days 12:17:08.508
Loading Kernel Symbols.
...............................................................
................................................................
................................................................
...
Loading User Symbols.
Loading unloaded module list.
..................................
For analysis of this file, run !analyze -v
nt!KeBugCheckEx:
fffff801`2ddf5c50 48894c2408 mov qword ptr [rsp+8],rcx ss:0018:fffff58e`ba8739e0=000000000000003b
9: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
SYSTEM_SERVICE_EXCEPTION (3b)
An exception happened while executing a system service routine.
Arguments:
Arg1: 00000000c0000005, Exception code that caused the BugCheck.
Arg2: fffff8012dc09590, Address of the instruction which caused the BugCheck.
Arg3: fffff58eba8742e0, Address of the context record for the exception that caused the BugCheck.
Arg4: 0000000000000000, zero.
Debugging Details:
------------------
KEY_VALUES_STRING: 1
Key : Analysis.CPU.mSec
Value: 3593.
Key : Analysis.DebugAnalysisManager
Value: Create.
Key : Analysis.Elapsed.mSec
Value: 17246.
Key : Analysis.Init.CPU.mSec
Value: 358.
Key : Analysis.Init.Elapsed.mSec
Value: 6666.
Key : Analysis.Memory.CommitPeak.Mb
Value: 74.
Key : WER.OS.Branch
Value: vb_release.
Key : WER.OS.Timestamp
Value: 2019-12-06T14:06:00Z
Key : WER.OS.Version
Value: 10.0.19041.1
BUGCHECK_CODE: 3b.
BUGCHECK_P1: c0000005.
BUGCHECK_P2: fffff8012dc09590.
BUGCHECK_P3: fffff58eba8742e0.
BUGCHECK_P4: 0
CONTEXT: fffff58eba8742e0 -- (.cxr 0xfffff58eba8742e0)
rax=0000000000000000 rbx=00000000ffffffff rcx=0000000000000000
rdx=fffff58eba874f80 rsi=0072007400730069 rdi=ffff80852e2c9148
rip=fffff8012dc09590 rsp=fffff58eba874ce0 rbp=fffff58eba874e00
r8=0000000000000000 r9=ffffb28ff6c46ecc r10=0000000000000000
r11=fffff58eba874cd8 r12=0000000000040000 r13=ffffb2810ab7ea40
r14=ffff80852e2c9060 r15=ffff808542284e50
iopl=0 nv up ei pl nz na po nc.
cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00050206
nt!SeAccessCheckWithHintWithAdminlessChecks+0x2d0:
fffff801`2dc09590 0fb64601 movzx eax,byte ptr [rsi+1] ds:002b:00720074`0073006a=??
Resetting default scope.
BLACKBOXBSD: 1 (!blackboxbsd)
BLACKBOXNTFS: 1 (!blackboxntfs)
BLACKBOXPNP: 1 (!blackboxpnp)
BLACKBOXWINLOGON: 1
CUSTOMER_CRASH_COUNT: 1
PROCESS_NAME: svchost.exe
STACK_TEXT:
fffff58e`ba874ce0 fffff801`2dc07fe7 : ffff8085`42284e30 ffff8085`415d3850 00000000`00000001 00000000`00000000 : nt!SeAccessCheckWithHintWithAdminlessChecks+0x2d0
fffff58e`ba874ec0 fffff801`2e0225b1 : ffff8085`8c1b2a90 ffff8085`415d3850 00000000`00000001 00000000`00000000 : nt!SeAccessCheck+0x67
fffff58e`ba874f30 fffff801`2e024da6 : 00000000`00000000 fffff58e`ba875180 fffff58e`ba8758a0 00000000`00000000 : nt!CmpCheckOpenAccessOnKeyBody+0x221
fffff58e`ba875020 fffff801`2e0238b3 : 00000001`0000001a fffff58e`ba875370 fffff58e`ba875328 ffffb281`0ab7ea20 : nt!CmpDoParseKey+0x626
fffff58e`ba8752c0 fffff801`2e02797e : fffff801`2e023501 00000000`00000000 ffffb281`0ab7ea20 00000000`00000001 : nt!CmpParseKey+0x2c3
fffff58e`ba875460 fffff801`2dfeb27a : ffffb281`0ab7ea00 fffff58e`ba8756c8 ffffb281`00000040 ffffb28f`f6c46e80 : nt!ObpLookupObjectName+0x3fe
fffff58e`ba875630 fffff801`2dfeb05c : 00000000`00000000 00000000`00000000 000000c6`a91ff4d8 ffffb28f`f6c46e80 : nt!ObOpenObjectByNameEx+0x1fa
fffff58e`ba875760 fffff801`2e08dcf9 : 00000000`00000000 fffff58e`ba875b80 000000c6`a91ff0e8 fffff801`2e02b3e1 : nt!ObOpenObjectByName+0x5c
fffff58e`ba8757b0 fffff801`2e08d89e : ffffc195`ad90f17f ffffaad5`6aa04768 00000000`00000000 000000c6`a91ff0d8 : nt!CmCreateKey+0x449
fffff58e`ba875a40 fffff801`2de075b8 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`0002001f : nt!NtCreateKey+0x2e
fffff58e`ba875a90 00007ffb`2e94cfb4 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x28
000000c6`a91ff078 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x00007ffb`2e94cfb4
SYMBOL_NAME: nt!SeAccessCheckWithHintWithAdminlessChecks+2d0
MODULE_NAME: nt.
IMAGE_NAME: ntkrnlmp.exe
IMAGE_VERSION: 10.0.19041.868
STACK_COMMAND: .cxr 0xfffff58eba8742e0 ; kb.
BUCKET_ID_FUNC_OFFSET: 2d0.
FAILURE_BUCKET_ID: 0x3B_c0000005_nt!SeAccessCheckWithHintWithAdminlessChecks
OS_VERSION: 10.0.19041.1
BUILDLAB_STR: vb_release.
OSPLATFORM_TYPE: x64.
OSNAME: Windows 10.
FAILURE_ID_HASH: {0b2689d7-a444-8aa5-42fe-101057789f8d}
Followup: MachineOwner.
---------
************* Path validation summary **************
Response Time (ms) Location.
Deferred srv*
Symbol search path is: srv*
Executable search path is:
Windows 10 Kernel Version 19041 MP (12 procs) Free x64.
Product: WinNt, suite: TerminalServer SingleUserTS.
Edition build lab: 19041.1.amd64fre.vb_release.191206-1406
Machine Name:
Kernel base = 0xfffff807`12400000 PsLoadedModuleList = 0xfffff807`1302a490
Debug session time: Sun Mar 28 17:37:15.190 2021 (UTC + 3:00)
System Uptime: 1 days 2:28:07.819
Loading Kernel Symbols.
...............................................................
................................................................
................................................................
..
Loading User Symbols.
Loading unloaded module list.
...............
For analysis of this file, run !analyze -v
nt!KeBugCheckEx:
fffff807`127f5c50 48894c2408 mov qword ptr [rsp+8],rcx ss:fffff107`f9b18760=000000000000001a
10: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
MEMORY_MANAGEMENT (1a)
# Any other values for parameter 1 must be individually examined.
Arguments:
Arg1: 0000000000000411, The subtype of the BugCheck.
Arg2: ffffeb00e035a908.
Arg3: 000000000a12d880.
Arg4: ffffc088702f93a8.
Debugging Details:
------------------
KEY_VALUES_STRING: 1
Key : Analysis.CPU.mSec
Value: 4124.
Key : Analysis.DebugAnalysisManager
Value: Create.
Key : Analysis.Elapsed.mSec
Value: 5956.
Key : Analysis.Init.CPU.mSec
Value: 389.
Key : Analysis.Init.Elapsed.mSec
Value: 5352.
Key : Analysis.Memory.CommitPeak.Mb
Value: 73.
Key : WER.OS.Branch
Value: vb_release.
Key : WER.OS.Timestamp
Value: 2019-12-06T14:06:00Z
Key : WER.OS.Version
Value: 10.0.19041.1
BUGCHECK_CODE: 1a.
BUGCHECK_P1: 411.
BUGCHECK_P2: ffffeb00e035a908.
BUGCHECK_P3: a12d880.
BUGCHECK_P4: ffffc088702f93a8.
BLACKBOXBSD: 1 (!blackboxbsd)
BLACKBOXNTFS: 1 (!blackboxntfs)
BLACKBOXPNP: 1 (!blackboxpnp)
BLACKBOXWINLOGON: 1
CUSTOMER_CRASH_COUNT: 1
PROCESS_NAME: svchost.exe
STACK_TEXT:
fffff107`f9b18758 fffff807`12616dc2 : 00000000`0000001a 00000000`00000411 ffffeb00`e035a908 00000000`0a12d880 : nt!KeBugCheckEx
fffff107`f9b18760 fffff807`1260e7ce : fffff107`f9b18880 ffffd505`e079e700 00000000`00000000 00000000`00000002 : nt!MiResolveTransitionFault+0xca2
fffff107`f9b18820 fffff807`1260c6e9 : ffffffff`ffffffff ffffc088`00000004 00000000`c0000016 00000000`00000000 : nt!MiDispatchFault+0x3fe
fffff107`f9b18960 fffff807`12803d5e : 00000000`00000000 ffffd505`e071b860 fffff107`f9b18b80 00000000`00000000 : nt!MmAccessFault+0x189
fffff107`f9b18b00 00007ff9`599390b0 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiPageFault+0x35e
0000006d`78a7f5a0 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x00007ff9`599390b0
SYMBOL_NAME: nt!MiResolveTransitionFault+ca2
MODULE_NAME: nt.
IMAGE_VERSION: 10.0.19041.868
STACK_COMMAND: .thread ; .cxr ; kb.
IMAGE_NAME: ntkrnlmp.exe
BUCKET_ID_FUNC_OFFSET: ca2.
FAILURE_BUCKET_ID: 0x1a_411_nt!MiResolveTransitionFault
OS_VERSION: 10.0.19041.1
BUILDLAB_STR: vb_release.
OSPLATFORM_TYPE: x64.
OSNAME: Windows 10.
FAILURE_ID_HASH: {e9f91d46-cc91-a17c-1d9b-79d82709eb8b}
Followup: MachineOwner.
---------
