Microsoft (R) Windows Debugger Version 10.0.20153.1000 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\Users\CsHay\AppData\Local\Temp\Rar$DIa5428.30181\minidump.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
************* Path validation summary **************
Response Time (ms) Location
Deferred srv*
Symbol search path is: srv*
Executable search path is:
Windows 10 Kernel Version 19041 MP (8 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Edition build lab: 19041.1.amd64fre.vb_release.191206-1406
Machine Name:
Kernel base = 0xfffff803`17200000 PsLoadedModuleList = 0xfffff803`17e2a310
Debug session time: Sun Oct 25 14:33:56.793 2020 (UTC + 3:00)
System Uptime: 11 days 4:50:56.877
Loading Kernel Symbols
...............................................................
................................................................
................................................................
...............................................
Loading User Symbols
Loading unloaded module list
..................................................
For analysis of this file, run !analyze -v
nt!KeBugCheckEx:
fffff803`175f45a0 48894c2408 mov qword ptr [rsp+8],rcx ss:fffffe06`20be7060=0000000000000139
4: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
KERNEL_SECURITY_CHECK_FAILURE (139)
A kernel component has corrupted a critical data structure. The corruption
could potentially allow a malicious user to gain control of this machine.
Arguments:
Arg1: 0000000000000003, A LIST_ENTRY has been corrupted (i.e. double remove).
Arg2: fffffe0620be7380, Address of the trap frame for the exception that caused the bugcheck
Arg3: fffffe0620be72d8, Address of the exception record for the exception that caused the bugcheck
Arg4: 0000000000000000, Reserved
Debugging Details:
------------------
*** WARNING: Unable to verify timestamp for win32k.sys
KEY_VALUES_STRING: 1
Key : Analysis.CPU.mSec
Value: 2890
Key : Analysis.DebugAnalysisProvider.CPP
Value: Create: 8007007e on DESKTOP-IPC9T25
Key : Analysis.DebugData
Value: CreateObject
Key : Analysis.DebugModel
Value: CreateObject
Key : Analysis.Elapsed.mSec
Value: 19677
Key : Analysis.Memory.CommitPeak.Mb
Value: 77
Key : Analysis.System
Value: CreateObject
Key : WER.OS.Branch
Value: vb_release
Key : WER.OS.Timestamp
Value: 2019-12-06T14:06:00Z
Key : WER.OS.Version
Value: 10.0.19041.1
ADDITIONAL_XML: 1
OS_BUILD_LAYERS: 1
BUGCHECK_CODE: 139
BUGCHECK_P1: 3
BUGCHECK_P2: fffffe0620be7380
BUGCHECK_P3: fffffe0620be72d8
BUGCHECK_P4: 0
TRAP_FRAME: fffffe0620be7380 -- (.trap 0xfffffe0620be7380)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=ffff850b1fd0ebc0 rbx=0000000000000000 rcx=0000000000000003
rdx=0000000000000000 rsi=0000000000000000 rdi=0000000000000000
rip=fffff803174c51ad rsp=fffffe0620be7510 rbp=ffff850b1fd3d500
r8=0000000000000001 r9=0000000000000002 r10=ffff850b1a2d7e00
r11=ffff988012bd1180 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei pl nz na po cy
nt!KiExitDispatcher+0x1ad:
fffff803`174c51ad cd29 int 29h
Resetting default scope
EXCEPTION_RECORD: fffffe0620be72d8 -- (.exr 0xfffffe0620be72d8)
ExceptionAddress: fffff803174c51ad (nt!KiExitDispatcher+0x00000000000001ad)
ExceptionCode: c0000409 (Security check failure or stack buffer overrun)
ExceptionFlags: 00000001
NumberParameters: 1
Parameter[0]: 0000000000000003
Subcode: 0x3 FAST_FAIL_CORRUPT_LIST_ENTRY
BLACKBOXBSD: 1 (!blackboxbsd)
BLACKBOXNTFS: 1 (!blackboxntfs)
BLACKBOXPNP: 1 (!blackboxpnp)
BLACKBOXWINLOGON: 1
PROCESS_NAME: System
ERROR_CODE: (NTSTATUS) 0xc0000409 - Sistem, bu uygulamada y n tabanl bir arabelle in ta t n alg lad . Bu ta ma, k t niyetli bir kullan c n n bu uygulaman n denetimini ele ge irmesine olanak verebilir.
EXCEPTION_CODE_STR: c0000409
EXCEPTION_PARAMETER1: 0000000000000003
EXCEPTION_STR: 0xc0000409
STACK_TEXT:
fffffe06`20be7058 fffff803`17606569 : 00000000`00000139 00000000`00000003 fffffe06`20be7380 fffffe06`20be72d8 : nt!KeBugCheckEx
fffffe06`20be7060 fffff803`17606990 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiBugCheckDispatch+0x69
fffffe06`20be71a0 fffff803`17604d23 : 00000000`000000ff 00000000`00000000 00000000`00000000 55555555`55555555 : nt!KiFastFailDispatch+0xd0
fffffe06`20be7380 fffff803`174c51ad : 00000000`00000000 fffffe06`20be75c1 ffff850b`33a5b000 fffff803`174ded73 : nt!KiRaiseSecurityCheckFailure+0x323
fffffe06`20be7510 fffff803`17410671 : ffff9880`12bd1180 00000000`00000000 ffff9880`12bd1101 fffff803`17bb1094 : nt!KiExitDispatcher+0x1ad
fffffe06`20be7580 fffff803`814faaf7 : 00000000`00000200 ffff850b`35fee068 ffffc183`0db3d560 00000000`00000002 : nt!KeInsertQueueApc+0x151
fffffe06`20be7620 00000000`00000200 : ffff850b`35fee068 ffffc183`0db3d560 00000000`00000002 00000000`00000000 : BEDaisy+0x2eaaf7
fffffe06`20be7628 ffff850b`35fee068 : ffffc183`0db3d560 00000000`00000002 00000000`00000000 00000000`00000000 : 0x200
fffffe06`20be7630 ffffc183`0db3d560 : 00000000`00000002 00000000`00000000 00000000`00000000 00000000`00000000 : 0xffff850b`35fee068
fffffe06`20be7638 00000000`00000002 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0xffffc183`0db3d560
fffffe06`20be7640 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 ffff01a0`7801f000 : 0x2
SYMBOL_NAME: BEDaisy+2eaaf7
MODULE_NAME: BEDaisy
IMAGE_NAME: BEDaisy.sys
STACK_COMMAND: .thread ; .cxr ; kb
BUCKET_ID_FUNC_OFFSET: 2eaaf7
FAILURE_BUCKET_ID: 0x139_3_CORRUPT_LIST_ENTRY_BEDaisy!unknown_function
OS_VERSION: 10.0.19041.1
BUILDLAB_STR: vb_release
OSPLATFORM_TYPE: x64
OSNAME: Windows 10
FAILURE_ID_HASH: {59d8eb10-b2e4-7df6-f6a5-49968226dbb8}
Followup: MachineOwner
---------