- Konu Sahibi Konu Sahibi
- #14
Yukarıda attım ama
Microsoft (R) Windows Debugger Version 10.0.25136.1001 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\Windows\MEMORY.DMP]
Kernel Bitmap Dump File: Kernel address space is available, User address space may not be available.
Dump completed successfully, progress percentage: 100
Symbol search path is: srv*
Executable search path is:
Windows 10 Kernel Version 22000 MP (8 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Edition build lab: 22000.1.amd64fre.co_release.210604-1628
Machine Name:
Kernel base = 0xfffff803`54400000 PsLoadedModuleList = 0xfffff803`55029650
Debug session time: Tue Jul 19 18:02:42.323 2022 (UTC + 3:00)
System Uptime: 0 days 0:13:47.014
Loading Kernel Symbols
...............................................................
................................................................
..............................................................
Loading User Symbols
Loading unloaded module list
...................
For analysis of this file, run !analyze -v
nt!KeBugCheckEx:
fffff803`54817d00 48894c2408 mov qword ptr [rsp+8],rcx ss:0018:ffffa709`a975eff0=0000000000000139
1: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
KERNEL_SECURITY_CHECK_FAILURE (139)
A kernel component has corrupted a critical data structure. The corruption
could potentially allow a malicious user to gain control of this machine.
Arguments:
Arg1: 0000000000000003, A LIST_ENTRY has been corrupted (i.e. double remove).
Arg2: ffffa709a975f310, Address of the trap frame for the exception that caused the BugCheck
Arg3: ffffa709a975f268, Address of the exception record for the exception that caused the BugCheck
Arg4: 0000000000000000, Reserved
Debugging Details:
------------------
Unable to load image \SystemRoot\System32\drivers\athurx.sys, Win32 error 0n2
KEY_VALUES_STRING: 1
Key : Analysis.CPU.mSec
Value: 1265
Key : Analysis.DebugAnalysisManager
Value: Create
Key : Analysis.Elapsed.mSec
Value: 2683
Key : Analysis.Init.CPU.mSec
Value: 1140
Key : Analysis.Init.Elapsed.mSec
Value: 44515
Key : Analysis.Memory.CommitPeak.Mb
Value: 100
Key : Bugcheck.Code.DumpHeader
Value: 0x139
Key : Bugcheck.Code.KiBugCheckData
Value: 0x139
Key : Bugcheck.Code.Register
Value: 0x139
Key : Dump.Attributes.AsUlong
Value: 1800
Key : FailFast.Name
Value: CORRUPT_LIST_ENTRY
Key : FailFast.Type
Value: 3
Key : WER.OS.Branch
Value: co_release
Key : WER.OS.Timestamp
Value: 2021-06-04T16:28:00Z
Key : WER.OS.Version
Value: 10.0.22000.1
FILE_IN_CAB: MEMORY.DMP
TAG_NOT_DEFINED_202b: *** Unknown TAG in analysis list 202b
DUMP_FILE_ATTRIBUTES: 0x1800
BUGCHECK_CODE: 139
BUGCHECK_P1: 3
BUGCHECK_P2: ffffa709a975f310
BUGCHECK_P3: ffffa709a975f268
BUGCHECK_P4: 0
TRAP_FRAME: ffffa709a975f310 -- (.trap 0xffffa709a975f310)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=ffffc10b81fe6515 rbx=0000000000000000rcx=0000000000000003
rdx=ffffc10b7a566c48 rsi=0000000000000000rdi=0000000000000000
rip=fffff80354718bc2 rsp=ffffa709a975f4a0 rbp=ffffab802c385180
r8=0000000000000010 r9=0000000000000000r10=fffff803546f5a90
r11=00000001a3fbcc39 r12=0000000000000000r13=0000000000000000
r14=0000000000000000r15=0000000000000000
iopl=0 nv up di pl nz na pe nc
nt!ExInterlockedRemoveHeadList+0x102:
fffff803`54718bc2 cd29 int 29h
Resetting default scope
EXCEPTION_RECORD: ffffa709a975f268 -- (.exr 0xffffa709a975f268)
ExceptionAddress: fffff80354718bc2 (nt!ExInterlockedRemoveHeadList+0x0000000000000102)
ExceptionCode: c0000409 (Security check failure or stack buffer overrun)
ExceptionFlags: 00000001
NumberParameters: 1
Parameter[0]: 0000000000000003
Subcode: 0x3 FAST_FAIL_CORRUPT_LIST_ENTRY
BLACKBOXBSD: 1 (!blackboxbsd)
BLACKBOXNTFS: 1 (!blackboxntfs)
BLACKBOXPNP: 1 (!blackboxpnp)
BLACKBOXWINLOGON: 1
PROCESS_NAME: System
ERROR_CODE: (NTSTATUS) 0xc0000409 - Sistem, bu uygulamada y n tabanl bir arabelle in ta t n alg lad . Bu ta ma, k t niyetli bir kullan c n n bu uygulaman n denetimini ele ge irmesine olanak verebilir.
EXCEPTION_CODE_STR: c0000409
EXCEPTION_PARAMETER1: 0000000000000003
EXCEPTION_STR: 0xc0000409
STACK_TEXT:
ffffa709`a975efe8 fffff803`5482a8a9 : 00000000`00000139 00000000`00000003 ffffa709`a975f310 ffffa709`a975f268 : nt!KeBugCheckEx
ffffa709`a975eff0 fffff803`5482acf2 : 00000000`00000008 00000000`00000000 00000027`00000000 ffffa709`a975f3e0 : nt!KiBugCheckDispatch+0x69
ffffa709`a975f130 fffff803`54828fd2 : ffffc10b`7a5bf01c ffffc10b`81fe74a7 ffffa709`0000000c ffffc10b`83fee030 : nt!KiFastFailDispatch+0xb2
ffffa709`a975f310 fffff803`54718bc2 : ffffab80`2c8cf000 fffff803`b47feda3 fffff803`b497d7e0 00000000`00000200 : nt!KiRaiseSecurityCheckFailure+0x312
ffffa709`a975f4a0 fffff803`b47b54c0 : ffffc10b`00000000 ffffc10b`80aeb040 00000000`00000080 fffff803`b47b6eb0 : nt!ExInterlockedRemoveHeadList+0x102
ffffa709`a975f4e0 fffff803`b47dabf4 : ffffc10b`7a554030 fffff803`54649f17 00000000`00000000 fffff803`b4962380 : athurx+0x54c0
ffffa709`a975f520 fffff803`b486597b : ffffc10b`7a554030 ffffab80`00000006 00000000`00000010 00000000`00000240 : athurx+0x2abf4
ffffa709`a975f580 fffff803`b4866596 : ffffc10b`7a554030 00000000`00000004 00000000`0000000c ffffc10b`00000001 : athurx+0xb597b
ffffa709`a975f5c0 fffff803`b484f685 : ffffc10b`83fee030 00000000`00000017 ffffa709`a975f664 fffff803`00000004 : athurx+0xb6596
ffffa709`a975f620 fffff803`b484f3bb : ffffc10b`7a994030 ffffab80`00001f04 ffffa709`a9750000 00000001`a3fbcc39 : athurx+0x9f685
ffffa709`a975f680 fffff803`b48c554c : ffffc10b`7a994030 ffffc10b`00001f04 00000000`000c9e78 ffffc10b`81787100 : athurx+0x9f3bb
ffffa709`a975f6c0 fffff803`b48849ca : ffffc10b`7a994030 ffffa709`00000002 00000000`00000000 ffffab80`2c8cf000 : athurx+0x11554c
ffffa709`a975f6f0 fffff803`b4884e51 : ffffc10b`7a8e4e28 fffff803`00000002 ffffc10b`7a8e2000 fffff803`b487ed00 : athurx+0xd49ca
ffffa709`a975f750 fffff803`b4873019 : ffffc10b`7a8e4e28 00000000`00000002 ffffc10b`00000000 fffff803`b4844f00 : athurx+0xd4e51
ffffa709`a975f7b0 fffff803`b4856b13 : ffffc10b`7a8e2030 ffffc10b`00000000 00000000`00000000 ffffc10b`7a554030 : athurx+0xc3019
ffffa709`a975f880 fffff803`b482d397 : ffffc10b`7aadd040 ffffc10b`00000001 ffffc10b`00000000 ffffc10b`7a554030 : athurx+0xa6b13
ffffa709`a975f920 fffff803`b4827075 : ffffc10b`7aadd040 ffffc10b`00000001 ffffc10b`00000000 ffffc10b`00000001 : athurx+0x7d397
ffffa709`a975f950 fffff803`b47ea63d : ffffc10b`7aadd040 ffffc10b`7edb0de0 ffffc10b`0000000b fffff803`5076c600 : athurx+0x77075
ffffa709`a975f990 fffff803`b47eb977 : ffffc10b`7a8e7030 ffffc10b`80aeb001 00000000`00000001 ffffc10b`81a4e580 : athurx+0x3a63d
ffffa709`a975f9f0 fffff803`b47e32e9 : ffffc10b`7a8e7030 ffffab80`2c8cf000 ffffc10b`6c4f7040 00000000`ffffffff : athurx+0x3b977
ffffa709`a975fa30 fffff803`b47b732b : ffffc10b`7a8e7030 fffff803`00000000 00000000`00001200 ffffa709`a975f500 : athurx+0x332e9
ffffa709`a975fa80 fffff803`54730415 : ffffc10b`7a554030 fffff803`b47b6eb0 ffffc10b`7a554030 004fe47f`b19bbfff : athurx+0x732b
ffffa709`a975fb30 fffff803`5481bdb4 : ffffab80`2c8c0180 ffffc10b`80aeb040 fffff803`547303c0 00000000`00000000 : nt!PspSystemThreadStartup+0x55
ffffa709`a975fb80 00000000`00000000 : ffffa709`a9760000 ffffa709`a9759000 00000000`00000000 00000000`00000000 : nt!KiStartSystemThread+0x34
SYMBOL_NAME: athurx+54c0
MODULE_NAME: athurx
IMAGE_NAME: athurx.sys
STACK_COMMAND: .cxr; .ecxr ; kb
BUCKET_ID_FUNC_OFFSET: 54c0
FAILURE_BUCKET_ID: 0x139_3_CORRUPT_LIST_ENTRY_athurx!unknown_function
OS_VERSION: 10.0.22000.1
BUILDLAB_STR: co_release
OSPLATFORM_TYPE: x64
OSNAME: Windows 10
FAILURE_ID_HASH: {cf0b00cb-8b52-be47-e20d-865e290d55f0}
Followup: MachineOwner
---------
Mesaj otomatik birleştirildi:
Microsoft (R) Windows Debugger Version 10.0.25136.1001 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\Windows\MEMORY.DMP]
Kernel Bitmap Dump File: Kernel address space is available, User address space may not be available.
Dump completed successfully, progress percentage: 100
Symbol search path is: srv*
Executable search path is:
Windows 10 Kernel Version 22000 MP (8 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Edition build lab: 22000.1.amd64fre.co_release.210604-1628
Machine Name:
Kernel base = 0xfffff803`54400000 PsLoadedModuleList = 0xfffff803`55029650
Debug session time: Tue Jul 19 18:02:42.323 2022 (UTC + 3:00)
System Uptime: 0 days 0:13:47.014
Loading Kernel Symbols
...............................................................
................................................................
..............................................................
Loading User Symbols
Loading unloaded module list
...................
For analysis of this file, run !analyze -v
nt!KeBugCheckEx:
fffff803`54817d00 48894c2408 mov qword ptr [rsp+8],rcx ss:0018:ffffa709`a975eff0=0000000000000139
1: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
KERNEL_SECURITY_CHECK_FAILURE (139)
A kernel component has corrupted a critical data structure. The corruption
could potentially allow a malicious user to gain control of this machine.
Arguments:
Arg1: 0000000000000003, A LIST_ENTRY has been corrupted (i.e. double remove).
Arg2: ffffa709a975f310, Address of the trap frame for the exception that caused the BugCheck
Arg3: ffffa709a975f268, Address of the exception record for the exception that caused the BugCheck
Arg4: 0000000000000000, Reserved
Debugging Details:
------------------
Unable to load image \SystemRoot\System32\drivers\athurx.sys, Win32 error 0n2
KEY_VALUES_STRING: 1
Key : Analysis.CPU.mSec
Value: 1265
Key : Analysis.DebugAnalysisManager
Value: Create
Key : Analysis.Elapsed.mSec
Value: 2683
Key : Analysis.Init.CPU.mSec
Value: 1140
Key : Analysis.Init.Elapsed.mSec
Value: 44515
Key : Analysis.Memory.CommitPeak.Mb
Value: 100
Key : Bugcheck.Code.DumpHeader
Value: 0x139
Key : Bugcheck.Code.KiBugCheckData
Value: 0x139
Key : Bugcheck.Code.Register
Value: 0x139
Key : Dump.Attributes.AsUlong
Value: 1800
Key : FailFast.Name
Value: CORRUPT_LIST_ENTRY
Key : FailFast.Type
Value: 3
Key : WER.OS.Branch
Value: co_release
Key : WER.OS.Timestamp
Value: 2021-06-04T16:28:00Z
Key : WER.OS.Version
Value: 10.0.22000.1
FILE_IN_CAB: MEMORY.DMP
TAG_NOT_DEFINED_202b: *** Unknown TAG in analysis list 202b
DUMP_FILE_ATTRIBUTES: 0x1800
BUGCHECK_CODE: 139
BUGCHECK_P1: 3
BUGCHECK_P2: ffffa709a975f310
BUGCHECK_P3: ffffa709a975f268
BUGCHECK_P4: 0
TRAP_FRAME: ffffa709a975f310 -- (.trap 0xffffa709a975f310)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=ffffc10b81fe6515 rbx=0000000000000000rcx=0000000000000003
rdx=ffffc10b7a566c48 rsi=0000000000000000rdi=0000000000000000
rip=fffff80354718bc2 rsp=ffffa709a975f4a0 rbp=ffffab802c385180
r8=0000000000000010 r9=0000000000000000r10=fffff803546f5a90
r11=00000001a3fbcc39 r12=0000000000000000r13=0000000000000000
r14=0000000000000000r15=0000000000000000
iopl=0 nv up di pl nz na pe nc
nt!ExInterlockedRemoveHeadList+0x102:
fffff803`54718bc2 cd29 int 29h
Resetting default scope
EXCEPTION_RECORD: ffffa709a975f268 -- (.exr 0xffffa709a975f268)
ExceptionAddress: fffff80354718bc2 (nt!ExInterlockedRemoveHeadList+0x0000000000000102)
ExceptionCode: c0000409 (Security check failure or stack buffer overrun)
ExceptionFlags: 00000001
NumberParameters: 1
Parameter[0]: 0000000000000003
Subcode: 0x3 FAST_FAIL_CORRUPT_LIST_ENTRY
BLACKBOXBSD: 1 (!blackboxbsd)
BLACKBOXNTFS: 1 (!blackboxntfs)
BLACKBOXPNP: 1 (!blackboxpnp)
BLACKBOXWINLOGON: 1
PROCESS_NAME: System
ERROR_CODE: (NTSTATUS) 0xc0000409 - Sistem, bu uygulamada y n tabanl bir arabelle in ta t n alg lad . Bu ta ma, k t niyetli bir kullan c n n bu uygulaman n denetimini ele ge irmesine olanak verebilir.
EXCEPTION_CODE_STR: c0000409
EXCEPTION_PARAMETER1: 0000000000000003
EXCEPTION_STR: 0xc0000409
STACK_TEXT:
ffffa709`a975efe8 fffff803`5482a8a9 : 00000000`00000139 00000000`00000003 ffffa709`a975f310 ffffa709`a975f268 : nt!KeBugCheckEx
ffffa709`a975eff0 fffff803`5482acf2 : 00000000`00000008 00000000`00000000 00000027`00000000 ffffa709`a975f3e0 : nt!KiBugCheckDispatch+0x69
ffffa709`a975f130 fffff803`54828fd2 : ffffc10b`7a5bf01c ffffc10b`81fe74a7 ffffa709`0000000c ffffc10b`83fee030 : nt!KiFastFailDispatch+0xb2
ffffa709`a975f310 fffff803`54718bc2 : ffffab80`2c8cf000 fffff803`b47feda3 fffff803`b497d7e0 00000000`00000200 : nt!KiRaiseSecurityCheckFailure+0x312
ffffa709`a975f4a0 fffff803`b47b54c0 : ffffc10b`00000000 ffffc10b`80aeb040 00000000`00000080 fffff803`b47b6eb0 : nt!ExInterlockedRemoveHeadList+0x102
ffffa709`a975f4e0 fffff803`b47dabf4 : ffffc10b`7a554030 fffff803`54649f17 00000000`00000000 fffff803`b4962380 : athurx+0x54c0
ffffa709`a975f520 fffff803`b486597b : ffffc10b`7a554030 ffffab80`00000006 00000000`00000010 00000000`00000240 : athurx+0x2abf4
ffffa709`a975f580 fffff803`b4866596 : ffffc10b`7a554030 00000000`00000004 00000000`0000000c ffffc10b`00000001 : athurx+0xb597b
ffffa709`a975f5c0 fffff803`b484f685 : ffffc10b`83fee030 00000000`00000017 ffffa709`a975f664 fffff803`00000004 : athurx+0xb6596
ffffa709`a975f620 fffff803`b484f3bb : ffffc10b`7a994030 ffffab80`00001f04 ffffa709`a9750000 00000001`a3fbcc39 : athurx+0x9f685
ffffa709`a975f680 fffff803`b48c554c : ffffc10b`7a994030 ffffc10b`00001f04 00000000`000c9e78 ffffc10b`81787100 : athurx+0x9f3bb
ffffa709`a975f6c0 fffff803`b48849ca : ffffc10b`7a994030 ffffa709`00000002 00000000`00000000 ffffab80`2c8cf000 : athurx+0x11554c
ffffa709`a975f6f0 fffff803`b4884e51 : ffffc10b`7a8e4e28 fffff803`00000002 ffffc10b`7a8e2000 fffff803`b487ed00 : athurx+0xd49ca
ffffa709`a975f750 fffff803`b4873019 : ffffc10b`7a8e4e28 00000000`00000002 ffffc10b`00000000 fffff803`b4844f00 : athurx+0xd4e51
ffffa709`a975f7b0 fffff803`b4856b13 : ffffc10b`7a8e2030 ffffc10b`00000000 00000000`00000000 ffffc10b`7a554030 : athurx+0xc3019
ffffa709`a975f880 fffff803`b482d397 : ffffc10b`7aadd040 ffffc10b`00000001 ffffc10b`00000000 ffffc10b`7a554030 : athurx+0xa6b13
ffffa709`a975f920 fffff803`b4827075 : ffffc10b`7aadd040 ffffc10b`00000001 ffffc10b`00000000 ffffc10b`00000001 : athurx+0x7d397
ffffa709`a975f950 fffff803`b47ea63d : ffffc10b`7aadd040 ffffc10b`7edb0de0 ffffc10b`0000000b fffff803`5076c600 : athurx+0x77075
ffffa709`a975f990 fffff803`b47eb977 : ffffc10b`7a8e7030 ffffc10b`80aeb001 00000000`00000001 ffffc10b`81a4e580 : athurx+0x3a63d
ffffa709`a975f9f0 fffff803`b47e32e9 : ffffc10b`7a8e7030 ffffab80`2c8cf000 ffffc10b`6c4f7040 00000000`ffffffff : athurx+0x3b977
ffffa709`a975fa30 fffff803`b47b732b : ffffc10b`7a8e7030 fffff803`00000000 00000000`00001200 ffffa709`a975f500 : athurx+0x332e9
ffffa709`a975fa80 fffff803`54730415 : ffffc10b`7a554030 fffff803`b47b6eb0 ffffc10b`7a554030 004fe47f`b19bbfff : athurx+0x732b
ffffa709`a975fb30 fffff803`5481bdb4 : ffffab80`2c8c0180 ffffc10b`80aeb040 fffff803`547303c0 00000000`00000000 : nt!PspSystemThreadStartup+0x55
ffffa709`a975fb80 00000000`00000000 : ffffa709`a9760000 ffffa709`a9759000 00000000`00000000 00000000`00000000 : nt!KiStartSystemThread+0x34
SYMBOL_NAME: athurx+54c0
MODULE_NAME: athurx
IMAGE_NAME: athurx.sys
STACK_COMMAND: .cxr; .ecxr ; kb
BUCKET_ID_FUNC_OFFSET: 54c0
FAILURE_BUCKET_ID: 0x139_3_CORRUPT_LIST_ENTRY_athurx!unknown_function
OS_VERSION: 10.0.22000.1
BUILDLAB_STR: co_release
OSPLATFORM_TYPE: x64
OSNAME: Windows 10
FAILURE_ID_HASH: {cf0b00cb-8b52-be47-e20d-865e290d55f0}
Followup: MachineOwner
---------