KERNEL_SECURITY_CHECK_FAILURE (139) mavi ekran hatası

Microsoft (R) Windows Debugger Version 10.0.20153.1000 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [C:\Users\CsHay\AppData\Local\Temp\Rar$DIa3800.31532\111020-42609-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available


************* Path validation summary **************
Response Time (ms) Location
Deferred srv*
Symbol search path is: srv*
Executable search path is:
Windows 10 Kernel Version 19041 MP (4 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Edition build lab: 19041.1.amd64fre.vb_release.191206-1406
Machine Name:
Kernel base = 0xfffff807`06800000 PsLoadedModuleList = 0xfffff807`0742a310
Debug session time: Tue Nov 10 20:27:58.547 2020 (UTC + 3:00)
System Uptime: 0 days 0:37:26.273
Loading Kernel Symbols
...............................................................
................................................................
................................................................
........
Loading User Symbols
Loading unloaded module list
................
For analysis of this file, run !analyze -v
nt!KeBugCheckEx:
fffff807`06bf45a0 48894c2408 mov qword ptr [rsp+8],rcx ss:0018:ffffd001`36e0f020=0000000000000139
1: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

KERNEL_SECURITY_CHECK_FAILURE (139)
A kernel component has corrupted a critical data structure. The corruption
could potentially allow a malicious user to gain control of this machine.
Arguments:
Arg1: 0000000000000003, A LIST_ENTRY has been corrupted (i.e. double remove).
Arg2: ffffd00136e0f340, Address of the trap frame for the exception that caused the bugcheck
Arg3: ffffd00136e0f298, Address of the exception record for the exception that caused the bugcheck
Arg4: 0000000000000000, Reserved

Debugging Details:
------------------

*** WARNING: Unable to verify timestamp for win32k.sys

KEY_VALUES_STRING: 1

Key : Analysis.CPU.mSec
Value: 3983

Key : Analysis.DebugAnalysisProvider.CPP
Value: Create: 8007007e on DESKTOP-IPC9T25

Key : Analysis.DebugData
Value: CreateObject

Key : Analysis.DebugModel
Value: CreateObject

Key : Analysis.Elapsed.mSec
Value: 17477

Key : Analysis.Memory.CommitPeak.Mb
Value: 76

Key : Analysis.System
Value: CreateObject

Key : WER.OS.Branch
Value: vb_release

Key : WER.OS.Timestamp
Value: 2019-12-06T14:06:00Z

Key : WER.OS.Version
Value: 10.0.19041.1


ADDITIONAL_XML: 1

OS_BUILD_LAYERS: 1

BUGCHECK_CODE: 139

BUGCHECK_P1: 3

BUGCHECK_P2: ffffd00136e0f340

BUGCHECK_P3: ffffd00136e0f298

BUGCHECK_P4: 0

TRAP_FRAME: ffffd00136e0f340 -- (.trap 0xffffd00136e0f340)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=ffffd108885a0368 rbx=0000000000000000 rcx=0000000000000003
rdx=0000000000000000 rsi=0000000000000000 rdi=0000000000000000
rip=fffff80706ac51ad rsp=ffffd00136e0f4d0 rbp=ffffd1088c4ad500
r8=0000000000000001 r9=0000000000000002 r10=ffffd10885efaf00
r11=ffffe781f53ec180 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei pl nz na po cy
nt!KiExitDispatcher+0x1ad:
fffff807`06ac51ad cd29 int 29h
Resetting default scope

EXCEPTION_RECORD: ffffd00136e0f298 -- (.exr 0xffffd00136e0f298)
ExceptionAddress: fffff80706ac51ad (nt!KiExitDispatcher+0x00000000000001ad)
ExceptionCode: c0000409 (Security check failure or stack buffer overrun)
ExceptionFlags: 00000001
NumberParameters: 1
Parameter[0]: 0000000000000003
Subcode: 0x3 FAST_FAIL_CORRUPT_LIST_ENTRY

BLACKBOXBSD: 1 (!blackboxbsd)


BLACKBOXNTFS: 1 (!blackboxntfs)


BLACKBOXPNP: 1 (!blackboxpnp)


BLACKBOXWINLOGON: 1

CUSTOMER_CRASH_COUNT: 1

PROCESS_NAME: System

ERROR_CODE: (NTSTATUS) 0xc0000409 - Sistem, bu uygulamada y n tabanl bir arabelle in ta t n alg lad . Bu ta ma, k t niyetli bir kullan c n n bu uygulaman n denetimini ele ge irmesine olanak verebilir.

EXCEPTION_CODE_STR: c0000409

EXCEPTION_PARAMETER1: 0000000000000003

EXCEPTION_STR: 0xc0000409

STACK_TEXT:
ffffd001`36e0f018 fffff807`06c06569 : 00000000`00000139 00000000`00000003 ffffd001`36e0f340 ffffd001`36e0f298 : nt!KeBugCheckEx
ffffd001`36e0f020 fffff807`06c06990 : ffffe781`f53ec180 fffff807`06a8f50d 00000000`00000001 00000000`00000000 : nt!KiBugCheckDispatch+0x69
ffffd001`36e0f160 fffff807`06c04d23 : 00000000`0000000f 00000000`00000000 00000000`00000000 55555555`55555555 : nt!KiFastFailDispatch+0xd0
ffffd001`36e0f340 fffff807`06ac51ad : 00000000`00000000 ffffd001`36e0f581 ffffd108`90509000 fffff807`00000000 : nt!KiRaiseSecurityCheckFailure+0x323
ffffd001`36e0f4d0 fffff807`06a10671 : ffffe781`f53ec180 00000000`00000000 ffffe781`f53ec101 fffff807`071b1094 : nt!KiExitDispatcher+0x1ad
ffffd001`36e0f540 fffff807`07d1966b : 00000000`00000100 ffffd108`8d2646f8 ffffa78a`7ac6e010 00000000`00000002 : nt!KeInsertQueueApc+0x151
ffffd001`36e0f5e0 00000000`00000100 : ffffd108`8d2646f8 ffffa78a`7ac6e010 00000000`00000002 00000000`00000000 : BEDaisy+0x31966b
ffffd001`36e0f5e8 ffffd108`8d2646f8 : ffffa78a`7ac6e010 00000000`00000002 00000000`00000000 00000000`00000000 : 0x100
ffffd001`36e0f5f0 ffffa78a`7ac6e010 : 00000000`00000002 00000000`00000000 00000000`00000000 fffff807`06bf0600 : 0xffffd108`8d2646f8
ffffd001`36e0f5f8 00000000`00000002 : 00000000`00000000 00000000`00000000 fffff807`06bf0600 00000000`00000000 : 0xffffa78a`7ac6e010
ffffd001`36e0f600 00000000`00000000 : 00000000`00000000 fffff807`06bf0600 00000000`00000000 fffff371`0b0af201 : 0x2


SYMBOL_NAME: BEDaisy+31966b

MODULE_NAME: BEDaisy

IMAGE_NAME: BEDaisy.sys

STACK_COMMAND: .thread ; .cxr ; kb

BUCKET_ID_FUNC_OFFSET: 31966b

FAILURE_BUCKET_ID: 0x139_3_CORRUPT_LIST_ENTRY_BEDaisy!unknown_function

OS_VERSION: 10.0.19041.1

BUILDLAB_STR: vb_release

OSPLATFORM_TYPE: x64

OSNAME: Windows 10

FAILURE_ID_HASH: {59d8eb10-b2e4-7df6-f6a5-49968226dbb8}

Followup: MachineOwner
---------

Microsoft (R) Windows Debugger Version 10.0.20153.1000 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [C:\Users\CsHay\AppData\Local\Temp\Rar$DIa3800.32675\111020-39843-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available


************* Path validation summary **************
Response Time (ms) Location
Deferred srv*
Symbol search path is: srv*
Executable search path is:
Windows 10 Kernel Version 19041 MP (4 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Edition build lab: 19041.1.amd64fre.vb_release.191206-1406
Machine Name:
Kernel base = 0xfffff805`52600000 PsLoadedModuleList = 0xfffff805`5322a310
Debug session time: Tue Nov 10 19:50:00.929 2020 (UTC + 3:00)
System Uptime: 0 days 1:04:36.651
Loading Kernel Symbols
...............................................................
................................................................
................................................................
.......
Loading User Symbols
Loading unloaded module list
..............
For analysis of this file, run !analyze -v
nt!KeBugCheckEx:
fffff805`529f45a0 48894c2408 mov qword ptr [rsp+8],rcx ss:ffff8a01`b9b4f020=0000000000000139
1: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

KERNEL_SECURITY_CHECK_FAILURE (139)
A kernel component has corrupted a critical data structure. The corruption
could potentially allow a malicious user to gain control of this machine.
Arguments:
Arg1: 0000000000000003, A LIST_ENTRY has been corrupted (i.e. double remove).
Arg2: ffff8a01b9b4f340, Address of the trap frame for the exception that caused the bugcheck
Arg3: ffff8a01b9b4f298, Address of the exception record for the exception that caused the bugcheck
Arg4: 0000000000000000, Reserved

Debugging Details:
------------------

*** WARNING: Unable to verify timestamp for BEDaisy.sys
*** WARNING: Unable to verify timestamp for win32k.sys

KEY_VALUES_STRING: 1

Key : Analysis.CPU.mSec
Value: 5124

Key : Analysis.DebugAnalysisProvider.CPP
Value: Create: 8007007e on DESKTOP-IPC9T25

Key : Analysis.DebugData
Value: CreateObject

Key : Analysis.DebugModel
Value: CreateObject

Key : Analysis.Elapsed.mSec
Value: 18194

Key : Analysis.Memory.CommitPeak.Mb
Value: 77

Key : Analysis.System
Value: CreateObject

Key : WER.OS.Branch
Value: vb_release

Key : WER.OS.Timestamp
Value: 2019-12-06T14:06:00Z

Key : WER.OS.Version
Value: 10.0.19041.1


ADDITIONAL_XML: 1

OS_BUILD_LAYERS: 1

BUGCHECK_CODE: 139

BUGCHECK_P1: 3

BUGCHECK_P2: ffff8a01b9b4f340

BUGCHECK_P3: ffff8a01b9b4f298

BUGCHECK_P4: 0

TRAP_FRAME: ffff8a01b9b4f340 -- (.trap 0xffff8a01b9b4f340)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=ffffe302415a0368 rbx=0000000000000000 rcx=0000000000000003
rdx=0000000000000000 rsi=0000000000000000 rdi=0000000000000000
rip=fffff805528c51ad rsp=ffff8a01b9b4f4d0 rbp=ffffe3024533c040
r8=0000000000000001 r9=0000000000000002 r10=ffffe3023ecec300
r11=ffff8b0168fec180 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei pl nz na pe cy
nt!KiExitDispatcher+0x1ad:
fffff805`528c51ad cd29 int 29h
Resetting default scope

EXCEPTION_RECORD: ffff8a01b9b4f298 -- (.exr 0xffff8a01b9b4f298)
ExceptionAddress: fffff805528c51ad (nt!KiExitDispatcher+0x00000000000001ad)
ExceptionCode: c0000409 (Security check failure or stack buffer overrun)
ExceptionFlags: 00000001
NumberParameters: 1
Parameter[0]: 0000000000000003
Subcode: 0x3 FAST_FAIL_CORRUPT_LIST_ENTRY

BLACKBOXBSD: 1 (!blackboxbsd)


BLACKBOXNTFS: 1 (!blackboxntfs)


BLACKBOXPNP: 1 (!blackboxpnp)


BLACKBOXWINLOGON: 1

CUSTOMER_CRASH_COUNT: 1

PROCESS_NAME: System

ERROR_CODE: (NTSTATUS) 0xc0000409 - Sistem, bu uygulamada y n tabanl bir arabelle in ta t n alg lad . Bu ta ma, k t niyetli bir kullan c n n bu uygulaman n denetimini ele ge irmesine olanak verebilir.

EXCEPTION_CODE_STR: c0000409

EXCEPTION_PARAMETER1: 0000000000000003

EXCEPTION_STR: 0xc0000409

STACK_TEXT:
ffff8a01`b9b4f018 fffff805`52a06569 : 00000000`00000139 00000000`00000003 ffff8a01`b9b4f340 ffff8a01`b9b4f298 : nt!KeBugCheckEx
ffff8a01`b9b4f020 fffff805`52a06990 : ffff8b01`693bb180 fffff805`5288f50d 00000000`00000001 00000000`00000000 : nt!KiBugCheckDispatch+0x69
ffff8a01`b9b4f160 fffff805`52a04d23 : 00000000`0000000f 00000000`00000000 00000000`00000000 55555555`55555555 : nt!KiFastFailDispatch+0xd0
ffff8a01`b9b4f340 fffff805`528c51ad : 00000000`00000000 00000000`0c60480e ffffe302`40e18000 fffff805`00000000 : nt!KiRaiseSecurityCheckFailure+0x323
ffff8a01`b9b4f4d0 fffff805`52810671 : ffff8b01`68fec180 00000000`00000000 ffff8b01`68fec101 fffff805`52fb1094 : nt!KiExitDispatcher+0x1ad
ffff8a01`b9b4f540 fffff805`5eb6966b : 00000000`00000100 ffffe302`50fef068 ffffc304`3e967010 00000000`00000002 : nt!KeInsertQueueApc+0x151
ffff8a01`b9b4f5e0 00000000`00000100 : ffffe302`50fef068 ffffc304`3e967010 00000000`00000002 00000000`00000000 : BEDaisy+0x31966b
ffff8a01`b9b4f5e8 ffffe302`50fef068 : ffffc304`3e967010 00000000`00000002 00000000`00000000 00000000`00000000 : 0x100
ffff8a01`b9b4f5f0 ffffc304`3e967010 : 00000000`00000002 00000000`00000000 00000000`00000000 00000000`00000000 : 0xffffe302`50fef068
ffff8a01`b9b4f5f8 00000000`00000002 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0xffffc304`3e967010
ffff8a01`b9b4f600 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 fffff791`f2be0a01 : 0x2


SYMBOL_NAME: BEDaisy+31966b

MODULE_NAME: BEDaisy

IMAGE_NAME: BEDaisy.sys

STACK_COMMAND: .thread ; .cxr ; kb

BUCKET_ID_FUNC_OFFSET: 31966b

FAILURE_BUCKET_ID: 0x139_3_CORRUPT_LIST_ENTRY_BEDaisy!unknown_function

OS_VERSION: 10.0.19041.1

BUILDLAB_STR: vb_release

OSPLATFORM_TYPE: x64

OSNAME: Windows 10

FAILURE_ID_HASH: {59d8eb10-b2e4-7df6-f6a5-49968226dbb8}

Followup: MachineOwner
---------