KERNEL_MODE_HEAP_CORRUPTION mavi ekran hatası

Microsoft (R) Windows Debugger Version 10.0.25200.1003 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [C:\Users\Administrator\Desktop\051923-17312-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available


************* Path validation summary **************
Response                         Time (ms)     Location
Deferred                                       srv*
Symbol search path is: srv*
Executable search path is:
Windows 10 Kernel Version 22621 MP (12 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Machine Name:
Kernel base = 0xfffff802`79400000 PsLoadedModuleList = 0xfffff802`7a013470
Debug session time: Fri May 19 22:12:01.711 2023 (UTC + 3:00)
System Uptime: 0 days 0:12:50.303
Loading Kernel Symbols
..

Press ctrl-c (cdb, kd, ntsd) or ctrl-break (windbg) to abort symbol loads that take too long.
Run !sym noisy before .reload to track down problems loading symbols.

.............................................................
................................................................
................................................................
...........
Loading User Symbols
Loading unloaded module list
........
For analysis of this file, run !analyze -v
nt!KeBugCheckEx:
fffff802`7982b8f0 48894c2408      mov     qword ptr [rsp+8],rcx ss:0018:ffffe48f`33b85610=000000000000013a
9: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

KERNEL_MODE_HEAP_CORRUPTION (13a)
The kernel mode heap manager has detected corruption in a heap.
Arguments:
Arg1: 0000000000000011, Type of corruption detected
Arg2: ffffd00c53e00140, Address of the heap that reported the corruption
Arg3: ffffd00c609d3f90, Address at which the corruption was detected
Arg4: 0000000000000000

Debugging Details:
------------------

fffff8027a11c468: Unable to get MiVisibleState
Unable to get NonPagedPoolStart
Unable to get NonPagedPoolEnd
Unable to get PagedPoolStart
Unable to get PagedPoolEnd
HeapDbgInitExtension Failed

KEY_VALUES_STRING: 1

    Key  : Analysis.CPU.mSec
    Value: 3093

    Key  : Analysis.DebugAnalysisManager
    Value: Create

    Key  : Analysis.Elapsed.mSec
    Value: 4554

    Key  : Analysis.IO.Other.Mb
    Value: 0

    Key  : Analysis.IO.Read.Mb
    Value: 0

    Key  : Analysis.IO.Write.Mb
    Value: 0

    Key  : Analysis.Init.CPU.mSec
    Value: 171

    Key  : Analysis.Init.Elapsed.mSec
    Value: 357040

    Key  : Analysis.Memory.CommitPeak.Mb
    Value: 92

    Key  : Bugcheck.Code.DumpHeader
    Value: 0x13a

    Key  : Bugcheck.Code.Register
    Value: 0x13a

    Key  : Dump.Attributes.AsUlong
    Value: 1008

    Key  : Dump.Attributes.DiagDataWrittenToHeader
    Value: 1

    Key  : Dump.Attributes.ErrorCode
    Value: 0

    Key  : Dump.Attributes.KernelGeneratedTriageDump
    Value: 1

    Key  : Dump.Attributes.LastLine
    Value: Dump completed successfully.

    Key  : Dump.Attributes.ProgressPercentage
    Value: 0


FILE_IN_CAB:  051923-17312-01.dmp

DUMP_FILE_ATTRIBUTES: 0x1008
  Kernel Generated Triage Dump

BUGCHECK_CODE:  13a

BUGCHECK_P1: 11

BUGCHECK_P2: ffffd00c53e00140

BUGCHECK_P3: ffffd00c609d3f90

BUGCHECK_P4: 0

POOL_ADDRESS: Unable to get NonPagedPoolStart
Unable to get NonPagedPoolEnd
Unable to get PagedPoolStart
Unable to get PagedPoolEnd
unable to get nt!MmSpecialPagesInUse
 ffffd00c609d3f90

FREED_POOL_TAG:  TpmP

BLACKBOXBSD: 1 (!blackboxbsd)


BLACKBOXNTFS: 1 (!blackboxntfs)


BLACKBOXWINLOGON: 1

CUSTOMER_CRASH_COUNT:  1

PROCESS_NAME:  System

STACK_TEXT: 
ffffe48f`33b85608 fffff802`799a4084     : 00000000`0000013a 00000000`00000011 ffffd00c`53e00140 ffffd00c`609d3f90 : nt!KeBugCheckEx
ffffe48f`33b85610 fffff802`799a40e4     : 00000000`00000011 00000000`00000000 ffffd00c`53e00140 ffffbb87`df073040 : nt!RtlpHeapHandleError+0x40
ffffe48f`33b85650 fffff802`799a3d01     : 00000000`01a00070 ffffffff`ffffffff 00000000`00000000 ffffe781`437cd180 : nt!RtlpHpHeapHandleError+0x58
ffffe48f`33b85680 fffff802`798aeb9e     : 00000000`00040246 fffff802`796513ad ffffe48f`33b858b0 00000000`00000001 : nt!RtlpLogHeapFailure+0x45
ffffe48f`33b856b0 fffff802`79641689     : ffffd00c`53e00380 00000000`000000ff 00000000`00000000 ffffbb87`00000000 : nt!RtlpHpLfhSubsegmentFreeBlock+0x19b2de
ffffe48f`33b85740 fffff802`79e9e1b0     : ffffd00c`609d3f90 00000000`0000000b 00000000`00000070 00000000`00000000 : nt!RtlpHpFreeHeap+0x159
ffffe48f`33b857e0 fffff802`7db64ffc     : ffffd00c`506d7054 ffffd00c`609d3fb0 00000000`0000000b 00000000`00000070 : nt!ExFreePoolWithTag+0x1a0
ffffe48f`33b85870 fffff802`7db72707     : 00000000`00000075 ffffd00c`54acb490 00000000`0000000e ffffd00c`56b58010 : tpm!Tpm20ResourceMgr::RemovedLoadedResource+0xb4
ffffe48f`33b858b0 fffff802`7db63497     : ffffd00c`54acb490 ffffbb87`dc9ff6f0 00000000`00000000 00000000`00000075 : tpm!Tpm20ResourceMgr::SubmitRequest+0xef37
ffffe48f`33b85970 fffff802`7db6315e     : ffffbb87`00000003 00000000`00000000 ffffe48f`33b85b10 00000000`00000050 : tpm!Tpm20Scheduler::DoUserRequest+0xb7
ffffe48f`33b85a10 fffff802`7db6165c     : ffffbb87`dc9ff6f0 ffffbb87`dc9ff6f0 fffff802`7db615f0 ffffbb87`dc9ff6f0 : tpm!Tpm20Scheduler::SchedulerThreadFunction+0x19e
ffffe48f`33b85b50 fffff802`7960dc67     : ffffbb87`00000003 fffff802`7db615f0 ffffbb87`dc9ff6f0 004fe07f`bcbbbdff : tpm!Tpm20Scheduler::SchedulerThreadWrapper+0x6c
ffffe48f`33b85bb0 fffff802`79830854     : ffffe781`438a0180 ffffbb87`df073040 fffff802`7960dc10 89894c00`00008881 : nt!PspSystemThreadStartup+0x57
ffffe48f`33b85c00 00000000`00000000     : ffffe48f`33b86000 ffffe48f`33b7f000 00000000`00000000 00000000`00000000 : nt!KiStartSystemThread+0x34


SYMBOL_NAME:  tpm!Tpm20ResourceMgr::RemovedLoadedResource+b4

MODULE_NAME: tpm

IMAGE_NAME:  tpm.sys

IMAGE_VERSION:  10.0.22621.1690

STACK_COMMAND:  .cxr; .ecxr ; kb

BUCKET_ID_FUNC_OFFSET:  b4

FAILURE_BUCKET_ID:  0x13a_11_TpmP_tpm!Tpm20ResourceMgr::RemovedLoadedResource

OSPLATFORM_TYPE:  x64

OSNAME:  Windows 10

FAILURE_ID_HASH:  {6ba9f639-9502-ddc5-ae09-9c26d2dd1d69}

Followup:     MachineOwner
---------

Microsoft (R) Windows Debugger Version 10.0.25200.1003 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [C:\Users\Administrator\Desktop\051823-19000-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available


************* Path validation summary **************
Response                         Time (ms)     Location
Deferred                                       srv*
Symbol search path is: srv*
Executable search path is:
Windows 10 Kernel Version 22621 MP (12 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Machine Name:
Kernel base = 0xfffff800`6a400000 PsLoadedModuleList = 0xfffff800`6b013470
Debug session time: Thu May 18 10:44:13.112 2023 (UTC + 3:00)
System Uptime: 2 days 17:10:06.601
Loading Kernel Symbols
..

Press ctrl-c (cdb, kd, ntsd) or ctrl-break (windbg) to abort symbol loads that take too long.
Run !sym noisy before .reload to track down problems loading symbols.

.............................................................
................................................................
................................................................
...............
Loading User Symbols
Loading unloaded module list
....................................
For analysis of this file, run !analyze -v
nt!KeBugCheckEx:
fffff800`6a82b8f0 48894c2408      mov     qword ptr [rsp+8],rcx ss:0018:ffffae01`0bba53c0=0000000000000139
4: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

KERNEL_SECURITY_CHECK_FAILURE (139)
A kernel component has corrupted a critical data structure.  The corruption
could potentially allow a malicious user to gain control of this machine.
Arguments:
Arg1: 0000000000000003, A LIST_ENTRY has been corrupted (i.e. double remove).
Arg2: ffffae010bba56e0, Address of the trap frame for the exception that caused the BugCheck
Arg3: ffffae010bba5638, Address of the exception record for the exception that caused the BugCheck
Arg4: 0000000000000000, Reserved

Debugging Details:
------------------


KEY_VALUES_STRING: 1

    Key  : Analysis.CPU.mSec
    Value: 1453

    Key  : Analysis.DebugAnalysisManager
    Value: Create

    Key  : Analysis.Elapsed.mSec
    Value: 1734

    Key  : Analysis.IO.Other.Mb
    Value: 0

    Key  : Analysis.IO.Read.Mb
    Value: 0

    Key  : Analysis.IO.Write.Mb
    Value: 0

    Key  : Analysis.Init.CPU.mSec
    Value: 140

    Key  : Analysis.Init.Elapsed.mSec
    Value: 8896

    Key  : Analysis.Memory.CommitPeak.Mb
    Value: 93

    Key  : Bugcheck.Code.DumpHeader
    Value: 0x139

    Key  : Bugcheck.Code.Register
    Value: 0x139

    Key  : Dump.Attributes.AsUlong
    Value: 1008

    Key  : Dump.Attributes.DiagDataWrittenToHeader
    Value: 1

    Key  : Dump.Attributes.ErrorCode
    Value: 0

    Key  : Dump.Attributes.KernelGeneratedTriageDump
    Value: 1

    Key  : Dump.Attributes.LastLine
    Value: Dump completed successfully.

    Key  : Dump.Attributes.ProgressPercentage
    Value: 0

    Key  : FailFast.Name
    Value: CORRUPT_LIST_ENTRY

    Key  : FailFast.Type
    Value: 3


FILE_IN_CAB:  051823-19000-01.dmp

DUMP_FILE_ATTRIBUTES: 0x1008
  Kernel Generated Triage Dump

BUGCHECK_CODE:  139

BUGCHECK_P1: 3

BUGCHECK_P2: ffffae010bba56e0

BUGCHECK_P3: ffffae010bba5638

BUGCHECK_P4: 0

TRAP_FRAME:  ffffae010bba56e0 -- (.trap 0xffffae010bba56e0)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=ffff990fec44f700 rbx=0000000000000000 rcx=0000000000000003
rdx=ffffe58aab42b110 rsi=0000000000000000 rdi=0000000000000000
rip=fffff8006ddf5008 rsp=ffffae010bba5870 rbp=ffffae010bba5930
 r8=ffffe58aaf8bcc98  r9=ffffe58aab42b110 r10=0000000000008001
r11=ffffffffffffffff r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0         nv up ei pl nz na po cy
tpm!Tpm20ResourceMgr::RemovedLoadedResource+0xc0:
fffff800`6ddf5008 cd29            int     29h
Resetting default scope

EXCEPTION_RECORD:  ffffae010bba5638 -- (.exr 0xffffae010bba5638)
ExceptionAddress: fffff8006ddf5008 (tpm!Tpm20ResourceMgr::RemovedLoadedResource+0x00000000000000c0)
   ExceptionCode: c0000409 (Security check failure or stack buffer overrun)
  ExceptionFlags: 00000001
NumberParameters: 1
   Parameter[0]: 0000000000000003
Subcode: 0x3 FAST_FAIL_CORRUPT_LIST_ENTRY

BLACKBOXBSD: 1 (!blackboxbsd)


BLACKBOXNTFS: 1 (!blackboxntfs)


BLACKBOXPNP: 1 (!blackboxpnp)


BLACKBOXWINLOGON: 1

CUSTOMER_CRASH_COUNT:  1

PROCESS_NAME:  System

ERROR_CODE: (NTSTATUS) 0xc0000409 - Sistem, bu uygulamada y   n tabanl  bir arabelle in ta t   n  alg lad . Bu ta ma, k t  niyetli bir kullan c n n bu uygulaman n denetimini ele ge irmesine olanak verebilir.

EXCEPTION_CODE_STR:  c0000409

EXCEPTION_PARAMETER1:  0000000000000003

EXCEPTION_STR:  0xc0000409

STACK_TEXT: 
ffffae01`0bba53b8 fffff800`6a840fa9     : 00000000`00000139 00000000`00000003 ffffae01`0bba56e0 ffffae01`0bba5638 : nt!KeBugCheckEx
ffffae01`0bba53c0 fffff800`6a841532     : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiBugCheckDispatch+0x69
ffffae01`0bba5500 fffff800`6a83f306     : 00000000`00000000 fffff800`6de353d0 ffffe58a`97a7f040 fffff800`6a6511e3 : nt!KiFastFailDispatch+0xb2
ffffae01`0bba56e0 fffff800`6ddf5008     : ffff990f`e0eb1110 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiRaiseSecurityCheckFailure+0x346
ffffae01`0bba5870 fffff800`6de02707     : 00000000`00000075 ffff990f`e0eb1110 00000000`0000000e ffff9900`090d9010 : tpm!Tpm20ResourceMgr::RemovedLoadedResource+0xc0
ffffae01`0bba58b0 fffff800`6ddf3497     : ffff990f`e0eb1110 ffffe58a`975fa600 00000000`00000000 00000000`00000075 : tpm!Tpm20ResourceMgr::SubmitRequest+0xef37
ffffae01`0bba5970 fffff800`6ddf315e     : ffffe58a`00000003 00000000`00000000 ffffae01`0bba5b10 00000000`00000050 : tpm!Tpm20Scheduler::DoUserRequest+0xb7
ffffae01`0bba5a10 fffff800`6ddf165c     : ffffe58a`975fa600 ffffe58a`975fa600 fffff800`6ddf15f0 ffffe58a`975fa600 : tpm!Tpm20Scheduler::SchedulerThreadFunction+0x19e
ffffae01`0bba5b50 fffff800`6a60dc67     : ffffe58a`00000003 fffff800`6ddf15f0 ffffe58a`975fa600 004fe07f`bcbbbdff : tpm!Tpm20Scheduler::SchedulerThreadWrapper+0x6c
ffffae01`0bba5bb0 fffff800`6a830854     : ffff8081`cdea7180 ffffe58a`97a7f040 fffff800`6a60dc10 4d034ccd`8b45078b : nt!PspSystemThreadStartup+0x57
ffffae01`0bba5c00 00000000`00000000     : ffffae01`0bba6000 ffffae01`0bb9f000 00000000`00000000 00000000`00000000 : nt!KiStartSystemThread+0x34


SYMBOL_NAME:  tpm!Tpm20ResourceMgr::RemovedLoadedResource+c0

MODULE_NAME: tpm

IMAGE_NAME:  tpm.sys

IMAGE_VERSION:  10.0.22621.1690

STACK_COMMAND:  .cxr; .ecxr ; kb

BUCKET_ID_FUNC_OFFSET:  c0

FAILURE_BUCKET_ID:  0x139_3_CORRUPT_LIST_ENTRY_tpm!Tpm20ResourceMgr::RemovedLoadedResource

OSPLATFORM_TYPE:  x64

OSNAME:  Windows 10

FAILURE_ID_HASH:  {1764a007-36a0-ad2e-affa-7bb93db2d908}

Followup:     MachineOwner
---------