@maksu hocam bir bakabilirmisiniz ?Merhabalar, sistem masaüstü, bir türlü anlam veremediğim şu reset atma olayına da bir el atarsanız, çok makbule geçer.
Dosya linki dmp.rar
Üstadım.
@Murat5038
Ve.
@maksu
Yardımlarınızı bekliyorum. Donanımsal taramalarda sorun cıkmadı. İnşallah HDD değildir.
Üstadım,Merhabalar, sistem masaüstü, bir türlü anlam veremediğim şu reset atma olayına da bir el atarsanız, çok makbule geçer.
Dosya linki dmp.rar
Üstadım.
@Murat5038
Ve.
@maksu
Yardımlarınızı bekliyorum. Donanımsal taramalarda sorun cıkmadı. İnşallah HDD değildir.
@maksu hocam bir bakabilirmisiniz ?
************* Path validation summary **************
Response Time (ms) Location
Deferred srv*
Symbol search path is: srv*
Executable search path is:
Windows 10 Kernel Version 19041 MP (4 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Edition build lab: 19041.1.amd64fre.vb_release.191206-1406
Machine Name:
Kernel base = 0xfffff805`41800000 PsLoadedModuleList = 0xfffff805`4242a2b0
Debug session time: Sat Jan 9 08:24:07.212 2021 (UTC + 3:00)
System Uptime: 0 days 1:20:00.180
Loading Kernel Symbols
...............................................................
................................................................
.................................................
Loading User Symbols
Loading unloaded module list
..............
For analysis of this file, run !analyze -v
nt!KeBugCheckEx:
fffff805`41bf5780 48894c2408 mov qword ptr [rsp+8],rcx ss:0018:ffffef89`82e1ae30=0000000000000109
0: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
CRITICAL_STRUCTURE_CORRUPTION (109)
This bugcheck is generated when the kernel detects that critical kernel code or
data have been corrupted. There are generally three causes for a corruption:
1) A driver has inadvertently or deliberately modified critical kernel code
or data. See http://www.microsoft.com/whdc/driver/kernel/64bitPatching.mspx
2) A developer attempted to set a normal kernel breakpoint using a kernel
debugger that was not attached when the system was booted. Normal breakpoints,
"bp", can only be set if the debugger is attached at boot time. Hardware
breakpoints, "ba", can be set at any time.
3) A hardware corruption occurred, e.g. failing RAM holding kernel code or data.
Arguments:
Arg1: a39ff6e39278d4fd, Reserved
Arg2: b3b70369e4f71db5, Reserved
Arg3: fffff80542009d54, Failure type dependent information
Arg4: 0000000000000001, Type of corrupted region, can be
0 : A generic data region
1 : Modification of a function or .pdata
2 : A processor IDT
3 : A processor GDT
4 : Type 1 process list corruption
5 : Type 2 process list corruption
6 : Debug routine modification
7 : Critical MSR modification
8 : Object type
9 : A processor IVT
a : Modification of a system service function
b : A generic session data region
c : Modification of a session function or .pdata
d : Modification of an import table
e : Modification of a session import table
f : Ps Win32 callout modification
10 : Debug switch routine modification
11 : IRP allocator modification
12 : Driver call dispatcher modification
13 : IRP completion dispatcher modification
14 : IRP deallocator modification
15 : A processor control register
16 : Critical floating point control register modification
17 : Local APIC modification
18 : Kernel notification callout modification
19 : Loaded module list modification
1a : Type 3 process list corruption
1b : Type 4 process list corruption
1c : Driver object corruption
1d : Executive callback object modification
1e : Modification of module padding
1f : Modification of a protected process
20 : A generic data region
21 : A page hash mismatch
22 : A session page hash mismatch
23 : Load config directory modification
24 : Inverted function table modification
25 : Session configuration modification
26 : An extended processor control register
27 : Type 1 pool corruption
28 : Type 2 pool corruption
29 : Type 3 pool corruption
2a : Type 4 pool corruption
2b : Modification of a function or .pdata
2c : Image integrity corruption
2d : Processor misconfiguration
2e : Type 5 process list corruption
2f : Process shadow corruption
30 : Retpoline code page corruption
101 : General pool corruption
102 : Modification of win32k.sys
Debugging Details:
------------------
*** WARNING: Unable to verify checksum for win32k.sys
KEY_VALUES_STRING: 1
Key : Analysis.CPU.mSec
Value: 11984
Key : Analysis.DebugAnalysisProvider.CPP
Value: Create: 8007007e on DESKTOP-G2EFLS9
Key : Analysis.DebugData
Value: CreateObject
Key : Analysis.DebugModel
Value: CreateObject
Key : Analysis.Elapsed.mSec
Value: 19811
Key : Analysis.Memory.CommitPeak.Mb
Value: 82
Key : Analysis.System
Value: CreateObject
Key : WER.OS.Branch
Value: vb_release
Key : WER.OS.Timestamp
Value: 2019-12-06T14:06:00Z
Key : WER.OS.Version
Value: 10.0.19041.1
ADDITIONAL_XML: 1
OS_BUILD_LAYERS: 1
BUGCHECK_CODE: 109
BUGCHECK_P1: a39ff6e39278d4fd
BUGCHECK_P2: b3b70369e4f71db5
BUGCHECK_P3: fffff80542009d54
BUGCHECK_P4: 1
MEMORY_CORRUPTOR: ONE_BIT
BLACKBOXBSD: 1 (!blackboxbsd)
BLACKBOXNTFS: 1 (!blackboxntfs)
BLACKBOXPNP: 1 (!blackboxpnp)
BLACKBOXWINLOGON: 1
CUSTOMER_CRASH_COUNT: 1
PROCESS_NAME: System
STACK_TEXT:
ffffef89`82e1ae28 00000000`00000000 : 00000000`00000109 a39ff6e3`9278d4fd b3b70369`e4f71db5 fffff805`42009d54 : nt!KeBugCheckEx
CHKIMG_EXTENSION: !chkimg -lo 50 -d !nt
fffff80542009dca - nt!PiCMOpenObjectKey+164b62
[ e9:c9 ]
1 error : !nt (fffff80542009dca)
MODULE_NAME: memory_corruption
IMAGE_NAME: memory_corruption
STACK_COMMAND: .thread ; .cxr ; kb
FAILURE_BUCKET_ID: MEMORY_CORRUPTION_ONE_BIT
OS_VERSION: 10.0.19041.1
BUILDLAB_STR: vb_release
OSPLATFORM_TYPE: x64
OSNAME: Windows 10
FAILURE_ID_HASH: {e3faf315-c3d0-81db-819a-6c43d23c63a7}
Followup: memory_corruption
---------
Microsoft (R) Windows Debugger Version 10.0.20153.1000 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\Users\maksu\Downloads\Compressed\dmp\010121-58218-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
************* Path validation summary **************
Response Time (ms) Location
Deferred srv*
Symbol search path is: srv*
Executable search path is:
Windows 10 Kernel Version 19041 MP (4 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Edition build lab: 19041.1.amd64fre.vb_release.191206-1406
Machine Name:
Kernel base = 0xfffff805`42000000 PsLoadedModuleList = 0xfffff805`42c2a3b0
Debug session time: Sat Jan 2 05:43:03.932 2021 (UTC + 3:00)
System Uptime: 0 days 0:53:33.610
Loading Kernel Symbols
...............................................................
................................................................
........................................
Loading User Symbols
Loading unloaded module list
..........................
For analysis of this file, run !analyze -v
nt!KeBugCheckEx:
fffff805`423f5210 48894c2408 mov qword ptr [rsp+8],rcx ss:0018:fffffc03`0f133950=0000000000000139
1: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
KERNEL_SECURITY_CHECK_FAILURE (139)
A kernel component has corrupted a critical data structure. The corruption
could potentially allow a malicious user to gain control of this machine.
Arguments:
Arg1: 0000000000000000, A stack-based buffer has been overrun.
Arg2: 0000000000000000, Address of the trap frame for the exception that caused the bugcheck
Arg3: 0000000000000000, Address of the exception record for the exception that caused the bugcheck
Arg4: 0000000004000000, Reserved
Debugging Details:
------------------
KEY_VALUES_STRING: 1
Key : Analysis.CPU.mSec
Value: 10734
Key : Analysis.DebugAnalysisProvider.CPP
Value: Create: 8007007e on DESKTOP-G2EFLS9
Key : Analysis.DebugData
Value: CreateObject
Key : Analysis.DebugModel
Value: CreateObject
Key : Analysis.Elapsed.mSec
Value: 15498
Key : Analysis.Memory.CommitPeak.Mb
Value: 78
Key : Analysis.System
Value: CreateObject
Key : WER.OS.Branch
Value: vb_release
Key : WER.OS.Timestamp
Value: 2019-12-06T14:06:00Z
Key : WER.OS.Version
Value: 10.0.19041.1
ADDITIONAL_XML: 1
OS_BUILD_LAYERS: 1
BUGCHECK_CODE: 139
BUGCHECK_P1: 0
BUGCHECK_P2: 0
BUGCHECK_P3: 0
BUGCHECK_P4: 4000000
TRAP_FRAME: 0000000000000000 -- (.trap 0x0)
EXCEPTION_RECORD: 0000000000000000 -- (.exr 0x0)
Cannot read Exception record @ 0000000000000000
BLACKBOXBSD: 1 (!blackboxbsd)
BLACKBOXNTFS: 1 (!blackboxntfs)
BLACKBOXPNP: 1 (!blackboxpnp)
BLACKBOXWINLOGON: 1
CUSTOMER_CRASH_COUNT: 1
PROCESS_NAME: explorer.exe
STACK_TEXT:
fffffc03`0f133948 fffff805`423fdd1b : 00000000`00000139 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KeBugCheckEx
fffffc03`0f133950 fffff805`409f53a6 : ffffe288`76ece000 fffffc03`0f133a00 ffffe288`7179ebf0 00000000`00000000 : nt!guard_icall_bugcheck+0x1b
fffffc03`0f133980 fffff805`409f43bc : fffffc03`0f12e000 fffffc03`0f134000 ffffffff`c0000120 00000000`00000000 : FLTMGR!FltpPassThroughCompletionWorker+0x486
fffffc03`0f133a20 fffff805`422c2fce : 00000000`00000002 ffffe288`74f8fe70 00000000`00000000 ffffe288`6fcc2140 : FLTMGR!FltpPassThroughCompletion+0xc
fffffc03`0f133a50 fffff805`422c2e97 : 00000000`0000009c 00000000`00000001 00000000`00000000 ffff8301`2ad6a770 : nt!IopfCompleteRequest+0x11e
fffffc03`0f133b40 fffff805`42287aa3 : ffffe288`74b31080 ffff8301`00000000 00000000`00000000 fffff805`426c00f4 : nt!IofCompleteRequest+0x17
fffffc03`0f133b70 fffff805`4229598f : ffffe288`74110010 ffffe288`74110010 ffff8301`2ad6a770 ffffe288`76fac680 : nt!FsRtlCancelNotify+0xf3
fffffc03`0f133c30 fffff805`422958da : ffffe288`74b31080 ffffe288`74110030 ffffe288`74b316d0 fffff805`422db39b : nt!IoCancelIrp+0x6f
fffffc03`0f133c70 fffff805`42676184 : fffffc03`0f133d50 ffffe288`74b31500 ffffe288`7b292dd0 fffff805`42212900 : nt!IopCancelIrpsInCurrentThreadList+0x106
fffffc03`0f133ce0 fffff805`425e9df8 : ffffe288`74b31000 ffffe288`74b31080 ffffe288`7773c080 00000000`00000000 : nt!IopCancelIrpsInThreadList+0x3c
fffffc03`0f133d30 fffff805`42676066 : 00000000`00000000 fffffc03`0f133ec0 00000000`0404ee30 ffffe288`7b292dd0 : nt!IopCancelIrpsInThreadListForCurrentProcess+0xc4
fffffc03`0f133df0 fffff805`42406bb8 : ffffe288`74b31080 ffffffff`ffffffff 00000000`00000000 ffffe288`00000000 : nt!NtCancelIoFileEx+0xc6
fffffc03`0f133e40 00007ffb`2ed6cfd4 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x28
00000000`0404ee08 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x00007ffb`2ed6cfd4
SYMBOL_NAME: nt!guard_icall_bugcheck+1b
MODULE_NAME: nt
IMAGE_NAME: ntkrnlmp.exe
IMAGE_VERSION: 10.0.19041.630
STACK_COMMAND: .thread ; .cxr ; kb
BUCKET_ID_FUNC_OFFSET: 1b
FAILURE_BUCKET_ID: 0x139_0_LEGACY_GS_VIOLATION_nt!guard_icall_bugcheck
OS_VERSION: 10.0.19041.1
BUILDLAB_STR: vb_release
OSPLATFORM_TYPE: x64
OSNAME: Windows 10
FAILURE_ID_HASH: {9bee41a7-2ef9-07ca-7e59-7d5a0c6e2d05}
Followup: MachineOwner
---------
Microsoft (R) Windows Debugger Version 10.0.20153.1000 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\Users\maksu\Downloads\Compressed\dmp\010921-25171-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
************* Path validation summary **************
Response Time (ms) Location
Deferred srv*
Symbol search path is: srv*
Executable search path is:
Windows 10 Kernel Version 19041 MP (4 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Edition build lab: 19041.1.amd64fre.vb_release.191206-1406
Machine Name:
Kernel base = 0xfffff803`80600000 PsLoadedModuleList = 0xfffff803`8122a2b0
Debug session time: Sat Jan 9 13:00:16.635 2021 (UTC + 3:00)
System Uptime: 0 days 0:49:55.312
Loading Kernel Symbols
...............................................................
................................................................
...................................................
Loading User Symbols
Loading unloaded module list
...............
For analysis of this file, run !analyze -v
nt!KeBugCheckEx:
fffff803`809f5780 48894c2408 mov qword ptr [rsp+8],rcx ss:0018:ffffcf0d`1326ce00=0000000000000109
3: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
CRITICAL_STRUCTURE_CORRUPTION (109)
This bugcheck is generated when the kernel detects that critical kernel code or
data have been corrupted. There are generally three causes for a corruption:
1) A driver has inadvertently or deliberately modified critical kernel code
or data. See http://www.microsoft.com/whdc/driver/kernel/64bitPatching.mspx
2) A developer attempted to set a normal kernel breakpoint using a kernel
debugger that was not attached when the system was booted. Normal breakpoints,
"bp", can only be set if the debugger is attached at boot time. Hardware
breakpoints, "ba", can be set at any time.
3) A hardware corruption occurred, e.g. failing RAM holding kernel code or data.
Arguments:
Arg1: a3a00fd9bc87e896, Reserved
Arg2: b3b71c600f06314e, Reserved
Arg3: fffff80380e09d54, Failure type dependent information
Arg4: 0000000000000001, Type of corrupted region, can be
0 : A generic data region
1 : Modification of a function or .pdata
2 : A processor IDT
3 : A processor GDT
4 : Type 1 process list corruption
5 : Type 2 process list corruption
6 : Debug routine modification
7 : Critical MSR modification
8 : Object type
9 : A processor IVT
a : Modification of a system service function
b : A generic session data region
c : Modification of a session function or .pdata
d : Modification of an import table
e : Modification of a session import table
f : Ps Win32 callout modification
10 : Debug switch routine modification
11 : IRP allocator modification
12 : Driver call dispatcher modification
13 : IRP completion dispatcher modification
14 : IRP deallocator modification
15 : A processor control register
16 : Critical floating point control register modification
17 : Local APIC modification
18 : Kernel notification callout modification
19 : Loaded module list modification
1a : Type 3 process list corruption
1b : Type 4 process list corruption
1c : Driver object corruption
1d : Executive callback object modification
1e : Modification of module padding
1f : Modification of a protected process
20 : A generic data region
21 : A page hash mismatch
22 : A session page hash mismatch
23 : Load config directory modification
24 : Inverted function table modification
25 : Session configuration modification
26 : An extended processor control register
27 : Type 1 pool corruption
28 : Type 2 pool corruption
29 : Type 3 pool corruption
2a : Type 4 pool corruption
2b : Modification of a function or .pdata
2c : Image integrity corruption
2d : Processor misconfiguration
2e : Type 5 process list corruption
2f : Process shadow corruption
30 : Retpoline code page corruption
101 : General pool corruption
102 : Modification of win32k.sys
Debugging Details:
------------------
*** WARNING: Unable to verify checksum for win32k.sys
KEY_VALUES_STRING: 1
Key : Analysis.CPU.mSec
Value: 11968
Key : Analysis.DebugAnalysisProvider.CPP
Value: Create: 8007007e on DESKTOP-G2EFLS9
Key : Analysis.DebugData
Value: CreateObject
Key : Analysis.DebugModel
Value: CreateObject
Key : Analysis.Elapsed.mSec
Value: 16159
Key : Analysis.Memory.CommitPeak.Mb
Value: 82
Key : Analysis.System
Value: CreateObject
Key : WER.OS.Branch
Value: vb_release
Key : WER.OS.Timestamp
Value: 2019-12-06T14:06:00Z
Key : WER.OS.Version
Value: 10.0.19041.1
ADDITIONAL_XML: 1
OS_BUILD_LAYERS: 1
BUGCHECK_CODE: 109
BUGCHECK_P1: a3a00fd9bc87e896
BUGCHECK_P2: b3b71c600f06314e
BUGCHECK_P3: fffff80380e09d54
BUGCHECK_P4: 1
MEMORY_CORRUPTOR: ONE_BIT
BLACKBOXBSD: 1 (!blackboxbsd)
BLACKBOXNTFS: 1 (!blackboxntfs)
BLACKBOXPNP: 1 (!blackboxpnp)
BLACKBOXWINLOGON: 1
CUSTOMER_CRASH_COUNT: 1
PROCESS_NAME: System
STACK_TEXT:
ffffcf0d`1326cdf8 00000000`00000000 : 00000000`00000109 a3a00fd9`bc87e896 b3b71c60`0f06314e fffff803`80e09d54 : nt!KeBugCheckEx
CHKIMG_EXTENSION: !chkimg -lo 50 -d !nt
fffff80380e09dca - nt!PiCMOpenObjectKey+164b62
[ e9:c9 ]
1 error : !nt (fffff80380e09dca)
MODULE_NAME: memory_corruption
IMAGE_NAME: memory_corruption
STACK_COMMAND: .thread ; .cxr ; kb
FAILURE_BUCKET_ID: MEMORY_CORRUPTION_ONE_BIT
OS_VERSION: 10.0.19041.1
BUILDLAB_STR: vb_release
OSPLATFORM_TYPE: x64
OSNAME: Windows 10
FAILURE_ID_HASH: {e3faf315-c3d0-81db-819a-6c43d23c63a7}
Followup: memory_corruption
---------
Bildirim gelmedi o yüzden geç fark ettim.
Memtest86 ile bellek testi yapın.
Memtest86 USB'den Çalışan RAM Test Programı
RAM'lerinizi test etmek için kullanabileceğiniz en kapsamlı yazılım Memtest86'dır. Aracı USB belleğe yazmak için: Bu video rehberde Memtest86 ile belleklerinizi nasıl test edeceğinizi öğrenebilirsiniz: Adım adım: Öncelikle yazılımı buradan indirin. UEFI desteği olmayan eski sistemler...www.technopat.net
DDU ile ekran kartı sürücüsünü kaldırıp yeniden kurun.
Rehber: DDU ile Sürücü Kaldırma Rehberi
Display Driver Uninstaller (DDU), zamanla bilgisayara takılan farklı monitörler, üst üste güncellenen sürücüler ve Windows güncellemeleri sonrası biriken kayıt defteri ve sürücü dosyalarını silerek temiz bir sürücü kurulumunun yolunu açan kullanışlı bir araçtır. Adım adım sürücü temizliği...www.technopat.net
Bağlı USB cihazlarının hepsini çıkarın. Klavye ve mouse'u başka porta takın.
Varsa yazıcı bağlantısını kesin.
Aşağıdaki rehberi uygulayın. Sonucu paylaşın.
Kod:************* Path validation summary ************** Response Time (ms) Location Deferred srv* Symbol search path is: srv* Executable search path is: Windows 10 Kernel Version 19041 MP (4 procs) Free x64 Product: WinNt, suite: TerminalServer SingleUserTS Edition build lab: 19041.1.amd64fre.vb_release.191206-1406 Machine Name: Kernel base = 0xfffff805`41800000 PsLoadedModuleList = 0xfffff805`4242a2b0 Debug session time: Sat Jan 9 08:24:07.212 2021 (UTC + 3:00) System Uptime: 0 days 1:20:00.180 Loading Kernel Symbols ............................................................... ................................................................ ................................................. Loading User Symbols Loading unloaded module list .............. For analysis of this file, run !analyze -v nt!KeBugCheckEx: fffff805`41bf5780 48894c2408 mov qword ptr [rsp+8],rcx ss:0018:ffffef89`82e1ae30=0000000000000109 0: kd> !analyze -v ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* CRITICAL_STRUCTURE_CORRUPTION (109) This bugcheck is generated when the kernel detects that critical kernel code or data have been corrupted. There are generally three causes for a corruption: 1) A driver has inadvertently or deliberately modified critical kernel code or data. See http://www.microsoft.com/whdc/driver/kernel/64bitPatching.mspx 2) A developer attempted to set a normal kernel breakpoint using a kernel debugger that was not attached when the system was booted. Normal breakpoints, "bp", can only be set if the debugger is attached at boot time. Hardware breakpoints, "ba", can be set at any time. 3) A hardware corruption occurred, e.g. failing RAM holding kernel code or data. Arguments: Arg1: a39ff6e39278d4fd, Reserved Arg2: b3b70369e4f71db5, Reserved Arg3: fffff80542009d54, Failure type dependent information Arg4: 0000000000000001, Type of corrupted region, can be 0 : A generic data region 1 : Modification of a function or .pdata 2 : A processor IDT 3 : A processor GDT 4 : Type 1 process list corruption 5 : Type 2 process list corruption 6 : Debug routine modification 7 : Critical MSR modification 8 : Object type 9 : A processor IVT a : Modification of a system service function b : A generic session data region c : Modification of a session function or .pdata d : Modification of an import table e : Modification of a session import table f : Ps Win32 callout modification 10 : Debug switch routine modification 11 : IRP allocator modification 12 : Driver call dispatcher modification 13 : IRP completion dispatcher modification 14 : IRP deallocator modification 15 : A processor control register 16 : Critical floating point control register modification 17 : Local APIC modification 18 : Kernel notification callout modification 19 : Loaded module list modification 1a : Type 3 process list corruption 1b : Type 4 process list corruption 1c : Driver object corruption 1d : Executive callback object modification 1e : Modification of module padding 1f : Modification of a protected process 20 : A generic data region 21 : A page hash mismatch 22 : A session page hash mismatch 23 : Load config directory modification 24 : Inverted function table modification 25 : Session configuration modification 26 : An extended processor control register 27 : Type 1 pool corruption 28 : Type 2 pool corruption 29 : Type 3 pool corruption 2a : Type 4 pool corruption 2b : Modification of a function or .pdata 2c : Image integrity corruption 2d : Processor misconfiguration 2e : Type 5 process list corruption 2f : Process shadow corruption 30 : Retpoline code page corruption 101 : General pool corruption 102 : Modification of win32k.sys Debugging Details: ------------------ *** WARNING: Unable to verify checksum for win32k.sys KEY_VALUES_STRING: 1 Key : Analysis.CPU.mSec Value: 11984 Key : Analysis.DebugAnalysisProvider.CPP Value: Create: 8007007e on DESKTOP-G2EFLS9 Key : Analysis.DebugData Value: CreateObject Key : Analysis.DebugModel Value: CreateObject Key : Analysis.Elapsed.mSec Value: 19811 Key : Analysis.Memory.CommitPeak.Mb Value: 82 Key : Analysis.System Value: CreateObject Key : WER.OS.Branch Value: vb_release Key : WER.OS.Timestamp Value: 2019-12-06T14:06:00Z Key : WER.OS.Version Value: 10.0.19041.1 ADDITIONAL_XML: 1 OS_BUILD_LAYERS: 1 BUGCHECK_CODE: 109 BUGCHECK_P1: a39ff6e39278d4fd BUGCHECK_P2: b3b70369e4f71db5 BUGCHECK_P3: fffff80542009d54 BUGCHECK_P4: 1 MEMORY_CORRUPTOR: ONE_BIT BLACKBOXBSD: 1 (!blackboxbsd) BLACKBOXNTFS: 1 (!blackboxntfs) BLACKBOXPNP: 1 (!blackboxpnp) BLACKBOXWINLOGON: 1 CUSTOMER_CRASH_COUNT: 1 PROCESS_NAME: System STACK_TEXT: ffffef89`82e1ae28 00000000`00000000 : 00000000`00000109 a39ff6e3`9278d4fd b3b70369`e4f71db5 fffff805`42009d54 : nt!KeBugCheckEx CHKIMG_EXTENSION: !chkimg -lo 50 -d !nt fffff80542009dca - nt!PiCMOpenObjectKey+164b62 [ e9:c9 ] 1 error : !nt (fffff80542009dca) MODULE_NAME: memory_corruption IMAGE_NAME: memory_corruption STACK_COMMAND: .thread ; .cxr ; kb FAILURE_BUCKET_ID: MEMORY_CORRUPTION_ONE_BIT OS_VERSION: 10.0.19041.1 BUILDLAB_STR: vb_release OSPLATFORM_TYPE: x64 OSNAME: Windows 10 FAILURE_ID_HASH: {e3faf315-c3d0-81db-819a-6c43d23c63a7} Followup: memory_corruption --------- Microsoft (R) Windows Debugger Version 10.0.20153.1000 AMD64 Copyright (c) Microsoft Corporation. All rights reserved. Loading Dump File [C:\Users\maksu\Downloads\Compressed\dmp\010121-58218-01.dmp] Mini Kernel Dump File: Only registers and stack trace are available ************* Path validation summary ************** Response Time (ms) Location Deferred srv* Symbol search path is: srv* Executable search path is: Windows 10 Kernel Version 19041 MP (4 procs) Free x64 Product: WinNt, suite: TerminalServer SingleUserTS Edition build lab: 19041.1.amd64fre.vb_release.191206-1406 Machine Name: Kernel base = 0xfffff805`42000000 PsLoadedModuleList = 0xfffff805`42c2a3b0 Debug session time: Sat Jan 2 05:43:03.932 2021 (UTC + 3:00) System Uptime: 0 days 0:53:33.610 Loading Kernel Symbols ............................................................... ................................................................ ........................................ Loading User Symbols Loading unloaded module list .......................... For analysis of this file, run !analyze -v nt!KeBugCheckEx: fffff805`423f5210 48894c2408 mov qword ptr [rsp+8],rcx ss:0018:fffffc03`0f133950=0000000000000139 1: kd> !analyze -v ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* KERNEL_SECURITY_CHECK_FAILURE (139) A kernel component has corrupted a critical data structure. The corruption could potentially allow a malicious user to gain control of this machine. Arguments: Arg1: 0000000000000000, A stack-based buffer has been overrun. Arg2: 0000000000000000, Address of the trap frame for the exception that caused the bugcheck Arg3: 0000000000000000, Address of the exception record for the exception that caused the bugcheck Arg4: 0000000004000000, Reserved Debugging Details: ------------------ KEY_VALUES_STRING: 1 Key : Analysis.CPU.mSec Value: 10734 Key : Analysis.DebugAnalysisProvider.CPP Value: Create: 8007007e on DESKTOP-G2EFLS9 Key : Analysis.DebugData Value: CreateObject Key : Analysis.DebugModel Value: CreateObject Key : Analysis.Elapsed.mSec Value: 15498 Key : Analysis.Memory.CommitPeak.Mb Value: 78 Key : Analysis.System Value: CreateObject Key : WER.OS.Branch Value: vb_release Key : WER.OS.Timestamp Value: 2019-12-06T14:06:00Z Key : WER.OS.Version Value: 10.0.19041.1 ADDITIONAL_XML: 1 OS_BUILD_LAYERS: 1 BUGCHECK_CODE: 139 BUGCHECK_P1: 0 BUGCHECK_P2: 0 BUGCHECK_P3: 0 BUGCHECK_P4: 4000000 TRAP_FRAME: 0000000000000000 -- (.trap 0x0) EXCEPTION_RECORD: 0000000000000000 -- (.exr 0x0) Cannot read Exception record @ 0000000000000000 BLACKBOXBSD: 1 (!blackboxbsd) BLACKBOXNTFS: 1 (!blackboxntfs) BLACKBOXPNP: 1 (!blackboxpnp) BLACKBOXWINLOGON: 1 CUSTOMER_CRASH_COUNT: 1 PROCESS_NAME: explorer.exe STACK_TEXT: fffffc03`0f133948 fffff805`423fdd1b : 00000000`00000139 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KeBugCheckEx fffffc03`0f133950 fffff805`409f53a6 : ffffe288`76ece000 fffffc03`0f133a00 ffffe288`7179ebf0 00000000`00000000 : nt!guard_icall_bugcheck+0x1b fffffc03`0f133980 fffff805`409f43bc : fffffc03`0f12e000 fffffc03`0f134000 ffffffff`c0000120 00000000`00000000 : FLTMGR!FltpPassThroughCompletionWorker+0x486 fffffc03`0f133a20 fffff805`422c2fce : 00000000`00000002 ffffe288`74f8fe70 00000000`00000000 ffffe288`6fcc2140 : FLTMGR!FltpPassThroughCompletion+0xc fffffc03`0f133a50 fffff805`422c2e97 : 00000000`0000009c 00000000`00000001 00000000`00000000 ffff8301`2ad6a770 : nt!IopfCompleteRequest+0x11e fffffc03`0f133b40 fffff805`42287aa3 : ffffe288`74b31080 ffff8301`00000000 00000000`00000000 fffff805`426c00f4 : nt!IofCompleteRequest+0x17 fffffc03`0f133b70 fffff805`4229598f : ffffe288`74110010 ffffe288`74110010 ffff8301`2ad6a770 ffffe288`76fac680 : nt!FsRtlCancelNotify+0xf3 fffffc03`0f133c30 fffff805`422958da : ffffe288`74b31080 ffffe288`74110030 ffffe288`74b316d0 fffff805`422db39b : nt!IoCancelIrp+0x6f fffffc03`0f133c70 fffff805`42676184 : fffffc03`0f133d50 ffffe288`74b31500 ffffe288`7b292dd0 fffff805`42212900 : nt!IopCancelIrpsInCurrentThreadList+0x106 fffffc03`0f133ce0 fffff805`425e9df8 : ffffe288`74b31000 ffffe288`74b31080 ffffe288`7773c080 00000000`00000000 : nt!IopCancelIrpsInThreadList+0x3c fffffc03`0f133d30 fffff805`42676066 : 00000000`00000000 fffffc03`0f133ec0 00000000`0404ee30 ffffe288`7b292dd0 : nt!IopCancelIrpsInThreadListForCurrentProcess+0xc4 fffffc03`0f133df0 fffff805`42406bb8 : ffffe288`74b31080 ffffffff`ffffffff 00000000`00000000 ffffe288`00000000 : nt!NtCancelIoFileEx+0xc6 fffffc03`0f133e40 00007ffb`2ed6cfd4 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x28 00000000`0404ee08 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x00007ffb`2ed6cfd4 SYMBOL_NAME: nt!guard_icall_bugcheck+1b MODULE_NAME: nt IMAGE_NAME: ntkrnlmp.exe IMAGE_VERSION: 10.0.19041.630 STACK_COMMAND: .thread ; .cxr ; kb BUCKET_ID_FUNC_OFFSET: 1b FAILURE_BUCKET_ID: 0x139_0_LEGACY_GS_VIOLATION_nt!guard_icall_bugcheck OS_VERSION: 10.0.19041.1 BUILDLAB_STR: vb_release OSPLATFORM_TYPE: x64 OSNAME: Windows 10 FAILURE_ID_HASH: {9bee41a7-2ef9-07ca-7e59-7d5a0c6e2d05} Followup: MachineOwner --------- Microsoft (R) Windows Debugger Version 10.0.20153.1000 AMD64 Copyright (c) Microsoft Corporation. All rights reserved. Loading Dump File [C:\Users\maksu\Downloads\Compressed\dmp\010921-25171-01.dmp] Mini Kernel Dump File: Only registers and stack trace are available ************* Path validation summary ************** Response Time (ms) Location Deferred srv* Symbol search path is: srv* Executable search path is: Windows 10 Kernel Version 19041 MP (4 procs) Free x64 Product: WinNt, suite: TerminalServer SingleUserTS Edition build lab: 19041.1.amd64fre.vb_release.191206-1406 Machine Name: Kernel base = 0xfffff803`80600000 PsLoadedModuleList = 0xfffff803`8122a2b0 Debug session time: Sat Jan 9 13:00:16.635 2021 (UTC + 3:00) System Uptime: 0 days 0:49:55.312 Loading Kernel Symbols ............................................................... ................................................................ ................................................... Loading User Symbols Loading unloaded module list ............... For analysis of this file, run !analyze -v nt!KeBugCheckEx: fffff803`809f5780 48894c2408 mov qword ptr [rsp+8],rcx ss:0018:ffffcf0d`1326ce00=0000000000000109 3: kd> !analyze -v ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* CRITICAL_STRUCTURE_CORRUPTION (109) This bugcheck is generated when the kernel detects that critical kernel code or data have been corrupted. There are generally three causes for a corruption: 1) A driver has inadvertently or deliberately modified critical kernel code or data. See http://www.microsoft.com/whdc/driver/kernel/64bitPatching.mspx 2) A developer attempted to set a normal kernel breakpoint using a kernel debugger that was not attached when the system was booted. Normal breakpoints, "bp", can only be set if the debugger is attached at boot time. Hardware breakpoints, "ba", can be set at any time. 3) A hardware corruption occurred, e.g. failing RAM holding kernel code or data. Arguments: Arg1: a3a00fd9bc87e896, Reserved Arg2: b3b71c600f06314e, Reserved Arg3: fffff80380e09d54, Failure type dependent information Arg4: 0000000000000001, Type of corrupted region, can be 0 : A generic data region 1 : Modification of a function or .pdata 2 : A processor IDT 3 : A processor GDT 4 : Type 1 process list corruption 5 : Type 2 process list corruption 6 : Debug routine modification 7 : Critical MSR modification 8 : Object type 9 : A processor IVT a : Modification of a system service function b : A generic session data region c : Modification of a session function or .pdata d : Modification of an import table e : Modification of a session import table f : Ps Win32 callout modification 10 : Debug switch routine modification 11 : IRP allocator modification 12 : Driver call dispatcher modification 13 : IRP completion dispatcher modification 14 : IRP deallocator modification 15 : A processor control register 16 : Critical floating point control register modification 17 : Local APIC modification 18 : Kernel notification callout modification 19 : Loaded module list modification 1a : Type 3 process list corruption 1b : Type 4 process list corruption 1c : Driver object corruption 1d : Executive callback object modification 1e : Modification of module padding 1f : Modification of a protected process 20 : A generic data region 21 : A page hash mismatch 22 : A session page hash mismatch 23 : Load config directory modification 24 : Inverted function table modification 25 : Session configuration modification 26 : An extended processor control register 27 : Type 1 pool corruption 28 : Type 2 pool corruption 29 : Type 3 pool corruption 2a : Type 4 pool corruption 2b : Modification of a function or .pdata 2c : Image integrity corruption 2d : Processor misconfiguration 2e : Type 5 process list corruption 2f : Process shadow corruption 30 : Retpoline code page corruption 101 : General pool corruption 102 : Modification of win32k.sys Debugging Details: ------------------ *** WARNING: Unable to verify checksum for win32k.sys KEY_VALUES_STRING: 1 Key : Analysis.CPU.mSec Value: 11968 Key : Analysis.DebugAnalysisProvider.CPP Value: Create: 8007007e on DESKTOP-G2EFLS9 Key : Analysis.DebugData Value: CreateObject Key : Analysis.DebugModel Value: CreateObject Key : Analysis.Elapsed.mSec Value: 16159 Key : Analysis.Memory.CommitPeak.Mb Value: 82 Key : Analysis.System Value: CreateObject Key : WER.OS.Branch Value: vb_release Key : WER.OS.Timestamp Value: 2019-12-06T14:06:00Z Key : WER.OS.Version Value: 10.0.19041.1 ADDITIONAL_XML: 1 OS_BUILD_LAYERS: 1 BUGCHECK_CODE: 109 BUGCHECK_P1: a3a00fd9bc87e896 BUGCHECK_P2: b3b71c600f06314e BUGCHECK_P3: fffff80380e09d54 BUGCHECK_P4: 1 MEMORY_CORRUPTOR: ONE_BIT BLACKBOXBSD: 1 (!blackboxbsd) BLACKBOXNTFS: 1 (!blackboxntfs) BLACKBOXPNP: 1 (!blackboxpnp) BLACKBOXWINLOGON: 1 CUSTOMER_CRASH_COUNT: 1 PROCESS_NAME: System STACK_TEXT: ffffcf0d`1326cdf8 00000000`00000000 : 00000000`00000109 a3a00fd9`bc87e896 b3b71c60`0f06314e fffff803`80e09d54 : nt!KeBugCheckEx CHKIMG_EXTENSION: !chkimg -lo 50 -d !nt fffff80380e09dca - nt!PiCMOpenObjectKey+164b62 [ e9:c9 ] 1 error : !nt (fffff80380e09dca) MODULE_NAME: memory_corruption IMAGE_NAME: memory_corruption STACK_COMMAND: .thread ; .cxr ; kb FAILURE_BUCKET_ID: MEMORY_CORRUPTION_ONE_BIT OS_VERSION: 10.0.19041.1 BUILDLAB_STR: vb_release OSPLATFORM_TYPE: x64 OSNAME: Windows 10 FAILURE_ID_HASH: {e3faf315-c3d0-81db-819a-6c43d23c63a7} Followup: memory_corruption ---------