Microsoft (R) Windows Debugger Version 10.0.20153.1000 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\Users\CsHay\AppData\Local\Temp\Rar$DIa2248.23048\110420-34828-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
************* Path validation summary **************
Response Time (ms) Location
Deferred srv*
Symbol search path is: srv*
Executable search path is:
Windows 10 Kernel Version 18362 MP (6 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Edition build lab: 18362.1.amd64fre.19h1_release.190318-1202
Machine Name:
Kernel base = 0xfffff802`15a00000 PsLoadedModuleList = 0xfffff802`15e461b0
Debug session time: Wed Nov 4 15:36:10.759 2020 (UTC + 3:00)
System Uptime: 0 days 3:17:45.485
Loading Kernel Symbols
...............................................................
................................................................
................................................................
.............
Loading User Symbols
Loading unloaded module list
..................
For analysis of this file, run !analyze -v
nt!KeBugCheckEx:
fffff802`15bc2ce0 48894c2408 mov qword ptr [rsp+8],rcx ss:fffff802`1987dcd0=0000000000000139
0: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
KERNEL_SECURITY_CHECK_FAILURE (139)
A kernel component has corrupted a critical data structure. The corruption
could potentially allow a malicious user to gain control of this machine.
Arguments:
Arg1: 0000000000000004, The thread's stack pointer was outside the legal stack
extents for the thread.
Arg2: fffff8021987dff0, Address of the trap frame for the exception that caused the bugcheck
Arg3: fffff8021987df48, Address of the exception record for the exception that caused the bugcheck
Arg4: 0000000000000000, Reserved
Debugging Details:
------------------
KEY_VALUES_STRING: 1
Key : Analysis.CPU.mSec
Value: 3687
Key : Analysis.DebugAnalysisProvider.CPP
Value: Create: 8007007e on DESKTOP-IPC9T25
Key : Analysis.DebugData
Value: CreateObject
Key : Analysis.DebugModel
Value: CreateObject
Key : Analysis.Elapsed.mSec
Value: 8872
Key : Analysis.Memory.CommitPeak.Mb
Value: 75
Key : Analysis.System
Value: CreateObject
Key : WER.OS.Branch
Value: 19h1_release
Key : WER.OS.Timestamp
Value: 2019-03-18T12:02:00Z
Key : WER.OS.Version
Value: 10.0.18362.1
ADDITIONAL_XML: 1
OS_BUILD_LAYERS: 1
BUGCHECK_CODE: 139
BUGCHECK_P1: 4
BUGCHECK_P2: fffff8021987dff0
BUGCHECK_P3: fffff8021987df48
BUGCHECK_P4: 0
TRAP_FRAME: fffff8021987dff0 -- (.trap 0xfffff8021987dff0)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=ffffcf8a1ab21000 rbx=0000000000000000 rcx=0000000000000004
rdx=ffffcf8a1ab28000 rsi=0000000000000000 rdi=0000000000000000
rip=fffff80215be263f rsp=fffff8021987e180 rbp=fffff8021987e6f0
r8=ffffcf8a1ab28000 r9=fffff8021987e710 r10=ffffd5086f7e0080
r11=000000235e36cf40 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei pl zr na po nc
nt!RtlpGetStackLimitsEx+0x1d65e7:
fffff802`15be263f cd29 int 29h
Resetting default scope
EXCEPTION_RECORD: fffff8021987df48 -- (.exr 0xfffff8021987df48)
ExceptionAddress: fffff80215be263f (nt!RtlpGetStackLimitsEx+0x00000000001d65e7)
ExceptionCode: c0000409 (Security check failure or stack buffer overrun)
ExceptionFlags: 00000001
NumberParameters: 1
Parameter[0]: 0000000000000004
Subcode: 0x4 FAST_FAIL_INCORRECT_STACK
BLACKBOXBSD: 1 (!blackboxbsd)
BLACKBOXNTFS: 1 (!blackboxntfs)
BLACKBOXPNP: 1 (!blackboxpnp)
BLACKBOXWINLOGON: 1
CUSTOMER_CRASH_COUNT: 1
PROCESS_NAME: WhatsApp.exe
WATSON_BKT_EVENT: BEX
ERROR_CODE: (NTSTATUS) 0xc0000409 - Sistem, bu uygulamada y n tabanl bir arabelle in ta t n alg lad . Bu ta ma, k t niyetli bir kullan c n n bu uygulaman n denetimini ele ge irmesine olanak verebilir.
EXCEPTION_CODE_STR: c0000409
EXCEPTION_PARAMETER1: 0000000000000004
EXCEPTION_STR: 0xc0000409
BAD_STACK_POINTER: fffff8021987dcc8
STACK_TEXT:
fffff802`1987dcc8 fffff802`15bd4b29 : 00000000`00000139 00000000`00000004 fffff802`1987dff0 fffff802`1987df48 : nt!KeBugCheckEx
fffff802`1987dcd0 fffff802`15bd4f50 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiBugCheckDispatch+0x69
fffff802`1987de10 fffff802`15bd32e3 : fffff802`15b2ee58 fffff802`15e0d45c fffff802`1987e7d0 00000000`00000000 : nt!KiFastFailDispatch+0xd0
fffff802`1987dff0 fffff802`15be263f : 00000000`00000000 00000000`0000035e 0005e1a0`00ab5000 00000000`0010001f : nt!KiRaiseSecurityCheckFailure+0x323
fffff802`1987e180 fffff802`15be2e2c : 00000000`00000000 00000000`00000000 fffff802`1987e6f0 00007fff`00000003 : nt!RtlpGetStackLimitsEx+0x1d65e7
fffff802`1987e1b0 fffff802`15a0b33e : ffffcf8a`1ab26fe8 fffff802`1987ee30 ffffcf8a`1ab26fe8 00000000`00000000 : nt!RtlDispatchException+0x1d662c
fffff802`1987e900 fffff802`15bc3b52 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiDispatchException+0x16e
fffff802`1987efb0 fffff802`15bc3b20 : fffff802`15bd4c56 ffffd508`6ea44080 ffffd508`6f7e0080 00000000`00000001 : nt!KxExceptionDispatchOnExceptionStack+0x12
ffffcf8a`1ab26ea8 fffff802`15bd4c56 : ffffd508`6ea44080 ffffd508`6f7e0080 00000000`00000001 00000000`00000000 : nt!KiExceptionDispatchOnExceptionStackContinue
ffffcf8a`1ab26eb0 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiExceptionDispatch+0x116
SYMBOL_NAME: nt!KiFastFailDispatch+d0
MODULE_NAME: nt
IMAGE_NAME: ntkrnlmp.exe
IMAGE_VERSION: 10.0.18362.1139
STACK_COMMAND: .thread ; .cxr ; kb
BUCKET_ID_FUNC_OFFSET: d0
FAILURE_BUCKET_ID: 0x139_MISSING_GSFRAME_STACKPTR_ERROR_nt!KiFastFailDispatch
OS_VERSION: 10.0.18362.1
BUILDLAB_STR: 19h1_release
OSPLATFORM_TYPE: x64
OSNAME: Windows 10
FAILURE_ID_HASH: {7b0febb5-6007-4f2b-3d38-57fef278d8d5}
Followup: MachineOwner
---------
Microsoft (R) Windows Debugger Version 10.0.20153.1000 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\Users\CsHay\AppData\Local\Temp\Rar$DIa2248.28125\110620-40281-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
************* Path validation summary **************
Response Time (ms) Location
Deferred srv*
Symbol search path is: srv*
Executable search path is:
Windows 10 Kernel Version 18362 MP (6 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Edition build lab: 18362.1.amd64fre.19h1_release.190318-1202
Machine Name:
Kernel base = 0xfffff803`13200000 PsLoadedModuleList = 0xfffff803`136461b0
Debug session time: Fri Nov 6 00:43:12.191 2020 (UTC + 3:00)
System Uptime: 1 days 8:34:31.944
Loading Kernel Symbols
...............................................................
................................................................
................................................................
.............
Loading User Symbols
Loading unloaded module list
................................
For analysis of this file, run !analyze -v
nt!KeBugCheckEx:
fffff803`133c2ce0 48894c2408 mov qword ptr [rsp+8],rcx ss:0018:ffff8105`fcede4e0=000000000000003b
2: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
SYSTEM_SERVICE_EXCEPTION (3b)
An exception happened while executing a system service routine.
Arguments:
Arg1: 00000000c000001d, Exception code that caused the bugcheck
Arg2: fffff803137d0e9e, Address of the instruction which caused the bugcheck
Arg3: ffff8105fcedee10, Address of the context record for the exception that caused the bugcheck
Arg4: 0000000000000000, zero.
Debugging Details:
------------------
*** WARNING: Unable to verify timestamp for win32k.sys
KEY_VALUES_STRING: 1
Key : Analysis.CPU.mSec
Value: 4124
Key : Analysis.DebugAnalysisProvider.CPP
Value: Create: 8007007e on DESKTOP-IPC9T25
Key : Analysis.DebugData
Value: CreateObject
Key : Analysis.DebugModel
Value: CreateObject
Key : Analysis.Elapsed.mSec
Value: 20349
Key : Analysis.Memory.CommitPeak.Mb
Value: 75
Key : Analysis.System
Value: CreateObject
Key : WER.OS.Branch
Value: 19h1_release
Key : WER.OS.Timestamp
Value: 2019-03-18T12:02:00Z
Key : WER.OS.Version
Value: 10.0.18362.1
ADDITIONAL_XML: 1
OS_BUILD_LAYERS: 1
BUGCHECK_CODE: 3b
BUGCHECK_P1: c000001d
BUGCHECK_P2: fffff803137d0e9e
BUGCHECK_P3: ffff8105fcedee10
BUGCHECK_P4: 0
CONTEXT: ffff8105fcedee10 -- (.cxr 0xffff8105fcedee10)
rax=00000000000011d4 rbx=0000000000000000 rcx=00000000000011d4
rdx=0000000000000002 rsi=000000000001201b rdi=ffff9402b7b886a0
rip=fffff803137d0e9e rsp=ffff8105fcedf800 rbp=ffff8105fcedfa80
r8=ffff9402a00cd220 r9=0000000000000001 r10=fffff803137d0b00
r11=ffffa50a7c026b40 r12=0000000000000000 r13=0000000000000001
r14=0000000000000000 r15=0000000000000028
iopl=0 nv up ei pl nz na po nc
cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00050206
nt!IopXxxControlFile+0x24e:
fffff803`137d0e9e e87d850000 call nt!ObReferenceObjectByHandle (fffff803`137d9420)
Resetting default scope
BLACKBOXBSD: 1 (!blackboxbsd)
BLACKBOXNTFS: 1 (!blackboxntfs)
BLACKBOXPNP: 1 (!blackboxpnp)
BLACKBOXWINLOGON: 1
CUSTOMER_CRASH_COUNT: 1
PROCESS_NAME: GenshinImpact.exe
STACK_TEXT:
ffff8105`fcedf800 fffff803`137d0c36 : 00000000`00000001 00000000`000011d4 00000000`00000000 00000000`00000000 : nt!IopXxxControlFile+0x24e
ffff8105`fcedf920 fffff803`133d4555 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!NtDeviceIoControlFile+0x56
ffff8105`fcedf990 00007fff`721bc1a4 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x25
00000047`8a6ff458 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x00007fff`721bc1a4
SYMBOL_NAME: nt!IopXxxControlFile+24e
MODULE_NAME: nt
IMAGE_NAME: ntkrnlmp.exe
IMAGE_VERSION: 10.0.18362.1139
STACK_COMMAND: .cxr 0xffff8105fcedee10 ; kb
BUCKET_ID_FUNC_OFFSET: 24e
FAILURE_BUCKET_ID: 0x3B_c000001d_nt!IopXxxControlFile
OS_VERSION: 10.0.18362.1
BUILDLAB_STR: 19h1_release
OSPLATFORM_TYPE: x64
OSNAME: Windows 10
FAILURE_ID_HASH: {6bcdb976-fa70-ec54-fd2b-864d819025db}
Followup: MachineOwner
---------