mehmet can gülerer
Centipat
- Katılım
- 5 Mayıs 2020
- Mesajlar
- 33
File on MEGA
mega.nz
KERNEL_SECURITY_CHECK_FAILURE (139)
A kernel component has corrupted a critical data structure. The corruption
could potentially allow a malicious user to gain control of this machine.
Arguments:
Arg1: 0000000000000003, A LIST_ENTRY has been corrupted (i.e. double remove).
Arg2: ffffbd8eed63e560, Address of the trap frame for the exception that caused the bugcheck
Arg3: ffffbd8eed63e4b8, Address of the exception record for the exception that caused the bugcheck
Arg4: 0000000000000000, Reserved
Debugging Details:
------------------
KEY_VALUES_STRING: 1
Key : Analysis.CPU.mSec
Value: 7093
Key : Analysis.DebugAnalysisProvider.CPP
Value: Create: 8007007e on BORA
Key : Analysis.DebugData
Value: CreateObject
Key : Analysis.DebugModel
Value: CreateObject
Key : Analysis.Elapsed.mSec
Value: 9627
Key : Analysis.Memory.CommitPeak.Mb
Value: 75
Key : Analysis.System
Value: CreateObject
Key : WER.OS.Branch
Value: vb_release
Key : WER.OS.Timestamp
Value: 2019-12-06T14:06:00Z
Key : WER.OS.Version
Value: 10.0.19041.1
ADDITIONAL_XML: 1
OS_BUILD_LAYERS: 1
BUGCHECK_CODE: 139
BUGCHECK_P1: 3
BUGCHECK_P2: ffffbd8eed63e560
BUGCHECK_P3: ffffbd8eed63e4b8
BUGCHECK_P4: 0
TRAP_FRAME: ffffbd8eed63e560 -- (.trap 0xffffbd8eed63e560)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=ffffd58a107e61a0 rbx=0000000000000000 rcx=0000000000000003
rdx=ffffd58a107e61a0 rsi=0000000000000000 rdi=0000000000000000
rip=fffff8021ee7048d rsp=ffffbd8eed63e6f0 rbp=00000000d984a03b
r8=00000000d984a03b r9=fffff8021ea00000 r10=fffff8021995aac0
r11=ffffbd8eed63e800 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei ng nz ac po cy
nt!KiInsertTimerTable+0x18f1fd:
fffff802`1ee7048d cd29 int 29h
Resetting default scope
EXCEPTION_RECORD: ffffbd8eed63e4b8 -- (.exr 0xffffbd8eed63e4b8)
ExceptionAddress: fffff8021ee7048d (nt!KiInsertTimerTable+0x000000000018f1fd)
ExceptionCode: c0000409 (Security check failure or stack buffer overrun)
ExceptionFlags: 00000001
NumberParameters: 1
Parameter[0]: 0000000000000003
Subcode: 0x3 FAST_FAIL_CORRUPT_LIST_ENTRY
BLACKBOXBSD: 1 (!blackboxbsd)
BLACKBOXNTFS: 1 (!blackboxntfs)
BLACKBOXWINLOGON: 1
CUSTOMER_CRASH_COUNT: 1
PROCESS_NAME: chrome.exe
ERROR_CODE: (NTSTATUS) 0xc0000409 - Sistem, bu uygulamada y n tabanl bir arabelle in ta t n alg lad . Bu ta ma, k t niyetli bir kullan c n n bu uygulaman n denetimini ele ge irmesine olanak verebilir.
EXCEPTION_CODE_STR: c0000409
EXCEPTION_PARAMETER1: 0000000000000003
EXCEPTION_STR: 0xc0000409
STACK_TEXT:
ffffbd8e`ed63e238 fffff802`1ee07169 : 00000000`00000139 00000000`00000003 ffffbd8e`ed63e560 ffffbd8e`ed63e4b8 : nt!KeBugCheckEx
ffffbd8e`ed63e240 fffff802`1ee07590 : 000104ab`0000ffff 00000000`000000ff 00000000`ffffffff fffff802`00000000 : nt!KiBugCheckDispatch+0x69
ffffbd8e`ed63e380 fffff802`1ee05923 : ffffd58a`10275080 ffffbd8e`ed63e500 00000000`00000000 fffff802`1edfbf96 : nt!KiFastFailDispatch+0xd0
ffffbd8e`ed63e560 fffff802`1ee7048d : 00000000`00000000 00000000`00000000 00000000`00000000 fffff802`2202da08 : nt!KiRaiseSecurityCheckFailure+0x323
ffffbd8e`ed63e6f0 fffff802`1ecdf5fd : ffffd58a`107e6080 fffff802`2202d272 00000000`00000000 ffffd58a`00000000 : nt!KiInsertTimerTable+0x18f1fd
ffffbd8e`ed63e770 fffff802`1ece2cc3 : ffffd58a`00000061 ffffd58a`00000000 00000000`00000001 00000000`00000001 : nt!KiCommitThreadWait+0x3bd
ffffbd8e`ed63e810 fffff802`1ece26f8 : ffffd58a`12406680 00000000`00000001 ffffd58a`12259940 fffff802`00000002 : nt!KeRemoveQueueEx+0x263
ffffbd8e`ed63e8b0 fffff802`1f05ee3d : fffff802`00000000 00000000`00000000 ffffd58a`12259940 00000000`00000000 : nt!IoRemoveIoCompletion+0x98
ffffbd8e`ed63e9e0 fffff802`1ee06bb8 : ffffd58a`107e6080 0000005c`a51ffa88 ffffbd8e`ed63eaa8 00000227`fb680a60 : nt!NtRemoveIoCompletion+0x13d
ffffbd8e`ed63ea90 00007ffa`2ff6bec4 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x28
0000005c`a51ffa68 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x00007ffa`2ff6bec4
SYMBOL_NAME: nt!KiInsertTimerTable+18f1fd
MODULE_NAME: nt
IMAGE_NAME: ntkrnlmp.exe
IMAGE_VERSION: 10.0.19041.630
STACK_COMMAND: .thread ; .cxr ; kb
BUCKET_ID_FUNC_OFFSET: 18f1fd
FAILURE_BUCKET_ID: 0x139_3_CORRUPT_LIST_ENTRY_KTIMER_LIST_CORRUPTION_nt!KiInsertTimerTable
OS_VERSION: 10.0.19041.1
BUILDLAB_STR: vb_release
OSPLATFORM_TYPE: x64
OSNAME: Windows 10
FAILURE_ID_HASH: {f89e8bcc-9d62-a3aa-7602-6fa1ac774850}
Followup: MachineOwner
---------
KMODE_EXCEPTION_NOT_HANDLED (1e)
This is a very common bugcheck. Usually the exception address pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this address.
Arguments:
Arg1: ffffffffc0000096, The exception code that was not handled
Arg2: fffff8043b127c54, The address that the exception occurred at
Arg3: 0000000000000000, Parameter 0 of the exception
Arg4: 0000000000000000, Parameter 1 of the exception
Debugging Details:
------------------
*** WARNING: Unable to verify timestamp for win32k.sys
KEY_VALUES_STRING: 1
Key : Analysis.CPU.mSec
Value: 5124
Key : Analysis.DebugAnalysisProvider.CPP
Value: Create: 8007007e on BORA
Key : Analysis.DebugData
Value: CreateObject
Key : Analysis.DebugModel
Value: CreateObject
Key : Analysis.Elapsed.mSec
Value: 12191
Key : Analysis.Memory.CommitPeak.Mb
Value: 75
Key : Analysis.System
Value: CreateObject
Key : WER.OS.Branch
Value: vb_release
Key : WER.OS.Timestamp
Value: 2019-12-06T14:06:00Z
Key : WER.OS.Version
Value: 10.0.19041.1
ADDITIONAL_XML: 1
OS_BUILD_LAYERS: 1
BUGCHECK_CODE: 1e
BUGCHECK_P1: ffffffffc0000096
BUGCHECK_P2: fffff8043b127c54
BUGCHECK_P3: 0
BUGCHECK_P4: 0
BLACKBOXBSD: 1 (!blackboxbsd)
BLACKBOXNTFS: 1 (!blackboxntfs)
BLACKBOXPNP: 1 (!blackboxpnp)
BLACKBOXWINLOGON: 1
CUSTOMER_CRASH_COUNT: 1
PROCESS_NAME: System
BAD_STACK_POINTER: ffff97000f078158
STACK_TEXT:
ffff9700`0f078158 fffff804`3b2f451e : 00000000`0000001e ffffffff`c0000096 fffff804`3b127c54 00000000`00000000 : nt!KeBugCheckEx
ffff9700`0f078160 fffff804`3b1fe0d2 : fffff804`3b2f44fc 00000000`00000000 00000000`00000000 00000000`00000000 : nt!HvlpVtlCallExceptionHandler+0x22
ffff9700`0f0781a0 fffff804`3b052db7 : ffff9700`0f078710 00000000`00000000 ffffbd06`05c53c60 fffff804`3b1f8d34 : nt!RtlpExecuteHandlerForException+0x12
ffff9700`0f0781d0 fffff804`3b0519a6 : ffffbd06`05c534b8 ffff9700`0f078e20 ffffbd06`05c534b8 000008a0`6ed84826 : nt!RtlDispatchException+0x297
ffff9700`0f0788f0 fffff804`3b1f60a2 : c35de38b`49287b8b 24548d48`c78b4ccc 0de85024`4c8d4830 79c085d8`8b000010 : nt!KiDispatchException+0x186
ffff9700`0f078fb0 fffff804`3b1f6070 : fffff804`3b2072a5 00000000`00000000 00000000`000000c8 ffffd48d`bca0e320 : nt!KxExceptionDispatchOnExceptionStack+0x12
ffffbd06`05c53378 fffff804`3b2072a5 : 00000000`00000000 00000000`000000c8 ffffd48d`bca0e320 fffff804`3b02d843 : nt!KiExceptionDispatchOnExceptionStackContinue
ffffbd06`05c53380 fffff804`3b202fe0 : fffff804`3b162530 fffff804`3b08f53b fffff804`3b162510 fffff804`3b089267 : nt!KiExceptionDispatch+0x125
ffffbd06`05c53560 fffff804`3b127c54 : ffffd48d`bf9c1010 00000000`00000000 ffffd48d`bf9c1010 00000006`1c3d32e0 : nt!KiGeneralProtectionFault+0x320
ffffbd06`05c536f0 fffff804`3b127004 : 00000000`00000000 00001f80`00000000 00000000`00000003 00000000`00000002 : nt!PpmIdleExecuteTransition+0xad4
ffffbd06`05c53af0 fffff804`3b1f8d34 : ffffffff`00000000 ffff9700`0f0631c0 ffffd48d`c26ce080 00000000`00000240 : nt!PoIdle+0x374
ffffbd06`05c53c60 00000000`00000000 : ffffbd06`05c54000 ffffbd06`05c4e000 00000000`00000000 00000000`00000000 : nt!KiIdleLoop+0x54
SYMBOL_NAME: nt!PpmIdleExecuteTransition+ad4
MODULE_NAME: nt
IMAGE_NAME: ntkrnlmp.exe
IMAGE_VERSION: 10.0.19041.630
STACK_COMMAND: .thread ; .cxr ; kb
BUCKET_ID_FUNC_OFFSET: ad4
FAILURE_BUCKET_ID: 0x1E_c0000096_STACKPTR_ERROR_nt!PpmIdleExecuteTransition
OS_VERSION: 10.0.19041.1
BUILDLAB_STR: vb_release
OSPLATFORM_TYPE: x64
OSNAME: Windows 10
FAILURE_ID_HASH: {04616f21-9cdf-0d5f-7e41-75a19bf96901}
Followup: MachineOwner
---------
IRQL_NOT_LESS_OR_EQUAL (a)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If a kernel debugger is available get the stack backtrace.
Arguments:
Arg1: 000000000a011550, memory referenced
Arg2: 0000000000000002, IRQL
Arg3: 0000000000000001, bitfield :
bit 0 : value 0 = read operation, 1 = write operation
bit 3 : value 0 = not an execute operation, 1 = execute operation (only on chips which support this level of status)
Arg4: fffff8040fc29c6a, address which referenced memory
Debugging Details:
------------------
KEY_VALUES_STRING: 1
Key : Analysis.CPU.mSec
Value: 5124
Key : Analysis.DebugAnalysisProvider.CPP
Value: Create: 8007007e on BORA
Key : Analysis.DebugData
Value: CreateObject
Key : Analysis.DebugModel
Value: CreateObject
Key : Analysis.Elapsed.mSec
Value: 42194
Key : Analysis.Memory.CommitPeak.Mb
Value: 75
Key : Analysis.System
Value: CreateObject
Key : WER.OS.Branch
Value: vb_release
Key : WER.OS.Timestamp
Value: 2019-12-06T14:06:00Z
Key : WER.OS.Version
Value: 10.0.19041.1
ADDITIONAL_XML: 1
OS_BUILD_LAYERS: 1
BUGCHECK_CODE: a
BUGCHECK_P1: a011550
BUGCHECK_P2: 2
BUGCHECK_P3: 1
BUGCHECK_P4: fffff8040fc29c6a
WRITE_ADDRESS: fffff804106fb390: Unable to get MiVisibleState
Unable to get NonPagedPoolStart
Unable to get NonPagedPoolEnd
Unable to get PagedPoolStart
Unable to get PagedPoolEnd
fffff8041060f340: Unable to get Flags value from nt!KdVersionBlock
fffff8041060f340: Unable to get Flags value from nt!KdVersionBlock
unable to get nt!MmSpecialPagesInUse
000000000a011550
BLACKBOXBSD: 1 (!blackboxbsd)
BLACKBOXNTFS: 1 (!blackboxntfs)
BLACKBOXWINLOGON: 1
CUSTOMER_CRASH_COUNT: 1
PROCESS_NAME: csrss.exe
TRAP_FRAME: fffffd090c563030 -- (.trap 0xfffffd090c563030)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=0000000000000000 rbx=0000000000000000 rcx=0000000000000000
rdx=0000000000000001 rsi=0000000000000000 rdi=0000000000000000
rip=fffff8040fc29c6a rsp=fffffd090c5631c0 rbp=0000000000000000
r8=ffffc2050eaf1044 r9=0000000000000004 r10=00000000ffffffff
r11=000000000000000a r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei pl zr na po nc
nt!ExAcquireSpinLockExclusive+0x5a:
fffff804`0fc29c6a f00fba2f1f lock bts dword ptr [rdi],1Fh ds:00000000`00000000=????????
Resetting default scope
STACK_TEXT:
fffffd09`0c562ee8 fffff804`0fe07169 : 00000000`0000000a 00000000`0a011550 00000000`00000002 00000000`00000001 : nt!KeBugCheckEx
fffffd09`0c562ef0 fffff804`0fe03469 : ffffc205`127f0010 fffff804`0fc88e76 fffff804`0fdf1300 fffff804`0fc7448a : nt!KiBugCheckDispatch+0x69
fffffd09`0c563030 fffff804`0fc29c6a : fffffd09`0c563240 fffffd09`0c563220 ffffc205`13d06010 ffffc205`120c29c0 : nt!KiPageFault+0x469
fffffd09`0c5631c0 fffff804`0fc29add : 00000000`0a011540 ffffc205`0eaf1000 00000000`00000000 00000000`00000000 : nt!ExAcquireSpinLockExclusive+0x5a
fffffd09`0c5631f0 fffff804`0fc28dc4 : ffffc205`0a015700 fffffd09`0c5634a0 ffffc205`0eaf20a0 fffffd09`0c5634a4 : nt!RtlpHpAcquireLockExclusive+0xd
fffffd09`0c563220 fffff804`0fcc7262 : ffffc205`0a010340 00000000`000000ff ffffc205`0eaf20a0 00000001`00000000 : nt!RtlpHpLfhSubsegmentFreeBlock+0x244
fffffd09`0c5632d0 fffff804`103b1019 : 00000000`00000000 00000000`00000000 00000000`00000000 01000000`00100000 : nt!ExFreeHeapPool+0x362
fffffd09`0c5633b0 fffff804`1ad129cf : ffffc205`0eaf20a0 fffffd09`0c563550 ffffc205`0e629050 ffffc205`13c5a208 : nt!ExFreePool+0x9
fffffd09`0c5633e0 ffffc205`0eaf20a0 : fffffd09`0c563550 ffffc205`0e629050 ffffc205`13c5a208 00000000`00000000 : nvlddmkm+0x8129cf
fffffd09`0c5633e8 fffffd09`0c563550 : ffffc205`0e629050 ffffc205`13c5a208 00000000`00000000 00000000`00000001 : 0xffffc205`0eaf20a0
fffffd09`0c5633f0 ffffc205`0e629050 : ffffc205`13c5a208 00000000`00000000 00000000`00000001 fffffd09`0c563b30 : 0xfffffd09`0c563550
fffffd09`0c5633f8 ffffc205`13c5a208 : 00000000`00000000 00000000`00000001 fffffd09`0c563b30 fffff804`1a5b66b3 : 0xffffc205`0e629050
fffffd09`0c563400 00000000`00000000 : 00000000`00000001 fffffd09`0c563b30 fffff804`1a5b66b3 ffffc205`0eaf20a0 : 0xffffc205`13c5a208
SYMBOL_NAME: nt!ExFreePool+9
IMAGE_NAME: Pool_Corruption
IMAGE_VERSION: 10.0.19041.630
MODULE_NAME: Pool_Corruption
STACK_COMMAND: .thread ; .cxr ; kb
BUCKET_ID_FUNC_OFFSET: 9
FAILURE_BUCKET_ID: AV_nt!ExFreePool
OS_VERSION: 10.0.19041.1
BUILDLAB_STR: vb_release
OSPLATFORM_TYPE: x64
OSNAME: Windows 10
FAILURE_ID_HASH: {2ae0a97e-dcd7-47ef-dbfb-430f2cbf58a1}
Followup: Pool_corruption
---------
Bu sitenin çalışmasını sağlamak için gerekli çerezleri ve deneyiminizi iyileştirmek için isteğe bağlı çerezleri kullanıyoruz.