KERNEL_SECURITY_CHECK_FAILURE (139)
A kernel component has corrupted a critical data structure. The corruption
could potentially allow a malicious user to gain control of this machine.
Arguments:
Arg1: 0000000000000039, A shadow stack violation has occurred due to mismatched return addresses
on the call stack vs the shadow stack.
Arg2: ffffc50e59951cc0, Address of the trap frame for the exception that caused the BugCheck
Arg3: ffffc50e59951c18, Address of the exception record for the exception that caused the BugCheck
Arg4: 0000000000000000, Reserved
Debugging Details:
------------------
*** WARNING: Unable to verify timestamp for HoYoKProtect.sys
KEY_VALUES_STRING: 1
Key : Analysis.CPU.mSec
Value: 6561
Key : Analysis.DebugAnalysisManager
Value: Create
Key : Analysis.Elapsed.mSec
Value: 7624
Key : Analysis.IO.Other.Mb
Value: 0
Key : Analysis.IO.Read.Mb
Value: 0
Key : Analysis.IO.Write.Mb
Value: 0
Key : Analysis.Init.CPU.mSec
Value: 1265
Key : Analysis.Init.Elapsed.mSec
Value: 10553
Key : Analysis.Memory.CommitPeak.Mb
Value: 91
Key : Bugcheck.Code.DumpHeader
Value: 0x139
Key : Bugcheck.Code.Register
Value: 0x139
Key : Dump.Attributes.AsUlong
Value: 1808
Key : Dump.Attributes.DiagDataWrittenToHeader
Value: 1
Key : Dump.Attributes.ErrorCode
Value: 0
Key : Dump.Attributes.KernelGeneratedTriageDump
Value: 1
Key : Dump.Attributes.LastLine
Value: Dump completed successfully.
Key : Dump.Attributes.ProgressPercentage
Value: 0
Key : FailFast.Name
Value: CONTROL_INVALID_RETURN_ADDRESS
Key : FailFast.Type
Value: 57
FILE_IN_CAB: 042923-15968-01.dmp
TAG_NOT_DEFINED_202b: *** Unknown TAG in analysis list 202b
DUMP_FILE_ATTRIBUTES: 0x1808
Kernel Generated Triage Dump
BUGCHECK_CODE: 139
BUGCHECK_P1: 39
BUGCHECK_P2: ffffc50e59951cc0
BUGCHECK_P3: ffffc50e59951c18
BUGCHECK_P4: 0
TRAP_FRAME: ffffc50e59951cc0 -- (.trap 0xffffc50e59951cc0)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=00000000000000b8 rbx=0000000000000000 rcx=fffffffffff95806
rdx=ffff800f4eaff000 rsi=0000000000000000 rdi=0000000000000000
rip=fffff8016b24d677 rsp=ffffc50e59951e58 rbp=0000000000000000
r8=fffff8016b1d0ccd r9=0000000100000000 r10=00000001401947b0
r11=ffffc50e59951fe8 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei ng nz na pe cy
HoYoKProtect+0x36d677:
fffff801`6b24d677 ?? ???
Resetting default scope
EXCEPTION_RECORD: ffffc50e59951c18 -- (.exr 0xffffc50e59951c18)
ExceptionAddress: fffff8016b24d677 (HoYoKProtect+0x000000000036d677)
ExceptionCode: c0000409 (Security check failure or stack buffer overrun)
ExceptionFlags: 00000001
NumberParameters: 2
Parameter[0]: 0000000000000039
Parameter[1]: fffffa8970ecafa8
Subcode: 0x39 FAST_FAIL_CONTROL_INVALID_RETURN_ADDRESS Shadow stack violation
BLACKBOXBSD: 1 (!blackboxbsd)
BLACKBOXNTFS: 1 (!blackboxntfs)
BLACKBOXPNP: 1 (!blackboxpnp)
BLACKBOXWINLOGON: 1
CUSTOMER_CRASH_COUNT: 1
PROCESS_NAME: System
ERROR_CODE: (NTSTATUS) 0xc0000409 - Sistem, bu uygulamada y n tabanl bir arabelle in ta t n alg lad . Bu ta ma, k t niyetli bir kullan c n n bu uygulaman n denetimini ele ge irmesine olanak verebilir.
EXCEPTION_CODE_STR: c0000409
EXCEPTION_PARAMETER1: 0000000000000039
EXCEPTION_PARAMETER2: fffffa8970ecafa8
EXCEPTION_STR: 0xc0000409
STACK_TEXT:
ffffc50e`59951998 fffff801`0383e9a9 : 00000000`00000139 00000000`00000039 ffffc50e`59951cc0 ffffc50e`59951c18 : nt!KeBugCheckEx
ffffc50e`599519a0 fffff801`0383ef32 : ffff800f`510dc950 00000000`00000401 00000000`00000024 00000000`00000000 : nt!KiBugCheckDispatch+0x69
ffffc50e`59951ae0 fffff801`0383c67d : ffffffff`80002fe0 00000000`00000000 fffff801`6b0d5185 00000000`00000030 : nt!KiFastFailDispatch+0xb2
ffffc50e`59951cc0 fffff801`6b24d677 : fffff801`6b1d0ccd 00000000`00000000 00000000`00000000 ffff800f`510dc950 : nt!KiControlProtectionFault+0x3bd
ffffc50e`59951e58 fffff801`6b1d0ccd : 00000000`00000000 00000000`00000000 ffff800f`510dc950 ffffc50e`59952098 : HoYoKProtect+0x36d677
ffffc50e`59951e60 00000000`00000000 : 00000000`00000000 ffff800f`510dc950 ffffc50e`59952098 fffff801`0259c000 : HoYoKProtect+0x2f0ccd
SYMBOL_NAME: HoYoKProtect+36d677
MODULE_NAME: HoYoKProtect
IMAGE_NAME: HoYoKProtect.sys
STACK_COMMAND: .cxr; .ecxr ; kb
BUCKET_ID_FUNC_OFFSET: 36d677
FAILURE_BUCKET_ID: 0x139_39_HoYoKProtect!unknown_function
OSPLATFORM_TYPE: x64
OSNAME: Windows 10
FAILURE_ID_HASH: {bdd68e0c-7ccb-39d2-4fec-ba57db48928f}
Followup: MachineOwner
---------