*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 139, {2, ffffd00149a1b150, ffffd00149a1b0a8, 0}
*** WARNING: Unable to verify timestamp for NETwew00.sys
*** ERROR: Module load completed but symbols could not be loaded for NETwew00.sys
Probably caused by : [B]NETwew00.sys [/B]( NETwew00+e3ad )
Followup: MachineOwner
---------
0: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
KERNEL_SECURITY_CHECK_FAILURE (139)
A kernel component has corrupted a critical data structure. The corruption
could potentially allow a malicious user to gain control of this machine.
Arguments:
Arg1: 0000000000000002, Stack cookie instrumentation code detected a stack-based
buffer overrun.
Arg2: ffffd00149a1b150, Address of the trap frame for the exception that caused the bugcheck
Arg3: ffffd00149a1b0a8, Address of the exception record for the exception that caused the bugcheck
Arg4: 0000000000000000, Reserved
Debugging Details:
------------------
TRAP_FRAME: ffffd00149a1b150 -- (.trap 0xffffd00149a1b150)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=0000000000000000 rbx=0000000000000000 rcx=0000000000000002
rdx=000000000763bd72 rsi=0000000000000000 rdi=0000000000000000
rip=fffff801430253ad rsp=ffffd00149a1b2e8 rbp=ffffd001510570a4
r8=0000000000000000 r9=0000000000000000 r10=0000000000000000
r11=ffffd00149a1b334 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei ng nz na po nc
NETwew00+0xe3ad:
fffff801`430253ad ?? ???
Resetting default scope
EXCEPTION_RECORD: ffffd00149a1b0a8 -- (.exr 0xffffd00149a1b0a8)
ExceptionAddress: fffff801430253ad (NETwew00+0x000000000000e3ad)
ExceptionCode: c0000409 (Security check failure or stack buffer overrun)
ExceptionFlags: 00000001
NumberParameters: 1
Parameter[0]: 0000000000000002
CUSTOMER_CRASH_COUNT: 1
BUGCHECK_STR: 0x139
PROCESS_NAME: System
CURRENT_IRQL: 2
ERROR_CODE: (NTSTATUS) 0xc0000409 - The system detected an overrun of a stack-based buffer in this application. This overrun could potentially allow a malicious user to gain control of this application.
EXCEPTION_CODE: (NTSTATUS) 0xc0000409 - The system detected an overrun of a stack-based buffer in this application. This overrun could potentially allow a malicious user to gain control of this application.
EXCEPTION_PARAMETER1: 0000000000000002
DEFAULT_BUCKET_ID: STACK_COOKIE_CHECK_FAILURE
ANALYSIS_VERSION: 6.3.9600.17298 (debuggers(dbg).141024-1500) amd64fre
LAST_CONTROL_TRANSFER: from fffff803f37d67e9 to fffff803f37caca0
STACK_TEXT:
ffffd001`49a1ae28 fffff803`f37d67e9 : 00000000`00000139 00000000`00000002 ffffd001`49a1b150 ffffd001`49a1b0a8 : nt!KeBugCheckEx
ffffd001`49a1ae30 fffff803`f37d6b10 : ffffe001`00000001 ffffe001`14945770 00000000`00000000 fffff801`40e04370 : nt!KiBugCheckDispatch+0x69
ffffd001`49a1af70 fffff803`f37d5d34 : ffffe001`1a140120 00000000`00000000 00000000`00000000 ffffe001`19c475a8 : nt!KiFastFailDispatch+0xd0
ffffd001`49a1b150 fffff801`430253ad : fffff801`43124a39 ffffe001`1a140110 ffffd001`49a1b3c0 ffffe001`1a140670 : nt!KiRaiseSecurityCheckFailure+0xf4
ffffd001`49a1b2e8 fffff801`43124a39 : ffffe001`1a140110 ffffd001`49a1b3c0 ffffe001`1a140670 ffffd001`49a1b389 : NETwew00+0xe3ad
ffffd001`49a1b2f0 ffffe001`1a140110 : ffffd001`49a1b3c0 ffffe001`1a140670 ffffd001`49a1b389 ffffe001`1a094710 : NETwew00+0x10da39
ffffd001`49a1b2f8 ffffd001`49a1b3c0 : ffffe001`1a140670 ffffd001`49a1b389 ffffe001`1a094710 fffff801`431d1c00 : 0xffffe001`1a140110
ffffd001`49a1b300 ffffe001`1a140670 : ffffd001`49a1b389 ffffe001`1a094710 fffff801`431d1c00 00000000`00000000 : 0xffffd001`49a1b3c0
ffffd001`49a1b308 ffffd001`49a1b389 : ffffe001`1a094710 fffff801`431d1c00 00000000`00000000 00000000`00000000 : 0xffffe001`1a140670
ffffd001`49a1b310 ffffe001`1a094710 : fffff801`431d1c00 00000000`00000000 00000000`00000000 72696d65`00000064 : 0xffffd001`49a1b389
ffffd001`49a1b318 fffff801`431d1c00 : 00000000`00000000 00000000`00000000 72696d65`00000064 00000000`00000000 : 0xffffe001`1a094710
ffffd001`49a1b320 00000000`00000000 : 00000000`00000000 72696d65`00000064 00000000`00000000 00000000`00000000 : NETwew00+0x1bac00
STACK_COMMAND: kb
FOLLOWUP_IP:
NETwew00+e3ad
fffff801`430253ad ?? ???
SYMBOL_STACK_INDEX: 4
SYMBOL_NAME: NETwew00+e3ad
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: NETwew00
IMAGE_NAME: NETwew00.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 51c9f0ae
FAILURE_BUCKET_ID: 0x139_2_NETwew00+e3ad
BUCKET_ID: 0x139_2_NETwew00+e3ad
ANALYSIS_SOURCE: KM
FAILURE_ID_HASH_STRING: km:0x139_2_netwew00+e3ad
FAILURE_ID_HASH: {3a8bcebc-b629-57de-3ff9-020d5f3d499f}
Followup: MachineOwner
---------