******************************************************************************** *
* Bugcheck Analysis *
* *
*******************************************************************************
KERNEL_SECURITY_CHECK_FAILURE (139)
A kernel component has corrupted a critical data structure. The corruption
could potentially allow a malicious user to gain control of this machine.
Arguments:
Arg1: 0000000000000003, A LIST_ENTRY has been corrupted (i.e. double remove).
Arg2: ffffd000233167f0, Address of the trap frame for the exception that caused the bugcheck
Arg3: ffffd00023316748, Address of the exception record for the exception that caused the bugcheck
Arg4: 0000000000000000, Reserved
Debugging Details:
------------------
TRAP_FRAME: ffffd000233167f0 -- (.trap 0xffffd000233167f0)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=ffffe001d2950640 rbx=0000000000000000 rcx=0000000000000003
rdx=0000000000000000 rsi=0000000000000000 rdi=0000000000000000
rip=fffff800ef8f7003 rsp=ffffd00023316980 rbp=0000000080000000
r8=0000000000000000 r9=0000000000000003 r10=0000000000000000
r11=fffff800ef9e788b r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei pl nz na pe cy
nt!ExInitializeResourceLite+0xff:
fffff800`ef8f7003 cd29 int 29h
Resetting default scope
EXCEPTION_RECORD: ffffd00023316748 -- (.exr 0xffffd00023316748)
ExceptionAddress: fffff800ef8f7003 (nt!ExInitializeResourceLite+0x00000000000000ff)
ExceptionCode: c0000409 (Security check failure or stack buffer overrun)
ExceptionFlags: 00000001
NumberParameters: 1
Parameter[0]: 0000000000000003
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: LIST_ENTRY_CORRUPT
BUGCHECK_STR: 0x139
PROCESS_NAME: Photoshop.exe
CURRENT_IRQL: 2
ERROR_CODE: (NTSTATUS) 0xc0000409 - Er is een bufferoverschrijdingsfout opgetreden voor stack-buffer in deze toepassing. Via deze overschrijdingsfout kan een kwaadwillige gebruiker de controle over deze toepassing verkrijgen.
EXCEPTION_CODE: (NTSTATUS) 0xc0000409 - Er is een bufferoverschrijdingsfout opgetreden voor stack-buffer in deze toepassing. Via deze overschrijdingsfout kan een kwaadwillige gebruiker de controle over deze toepassing verkrijgen.
EXCEPTION_PARAMETER1: 0000000000000003
ANALYSIS_VERSION: 6.3.9600.17336 (debuggers(dbg).150226-1500) amd64fre
LAST_CONTROL_TRANSFER: from fffff800ef9e67e9 to fffff800ef9daca0
STACK_TEXT:
ffffd000`233164c8 fffff800`ef9e67e9 : 00000000`00000139 00000000`00000003 ffffd000`233167f0 ffffd000`23316748 : nt!KeBugCheckEx
ffffd000`233164d0 fffff800`ef9e6b10 : ffffe001`d6667010 00000000`00000001 00000000`00000002 ffffe001`d64053b0 : nt!KiBugCheckDispatch+0x69
ffffd000`23316610 fffff800`ef9e5d34 : ffffb001`c74c22b0 ffffb001`c74c2310 ffffb001`c74c2380 ffffb001`c74c23e8 : nt!KiFastFailDispatch+0xd0
ffffd000`233167f0 fffff800`ef8f7003 : ffffc001`66a41060 00000000`00000158 ffffe001`ced24180 ffffd001`67b312e0 : nt!KiRaiseSecurityCheckFailure+0xf4
ffffd000`23316980 fffff800`f28e7be8 : ffffe001`cf891980 ffffd001`67b312e0 ffffe001`ced24180 ffffd001`00000000 : nt!ExInitializeResourceLite+0xff
ffffd000`233169b0 fffff800`f29c1779 : ffffc001`66a41014 ffffe001`d4375d00 ffffe001`ced24180 ffffe001`00000000 : Ntfs!NtfsAllocateNonpagedFcb+0x54
ffffd000`233169e0 fffff800`f298be5a : ffffe001`d4375de8 ffffe001`ced24180 00000000`00000000 000e0000`0003ac90 : Ntfs!NtfsCreateFcb+0x299
ffffd000`23316ad0 fffff800`f2992caf : ffffc001`6559d940 ffffd001`67b312e0 ffffb001`c74c23e8 ffffd001`67b31150 : Ntfs!NtfsOpenFile+0x22a
ffffd000`23316d20 fffff800`f2996b9d : ffffe001`d4375de8 ffffe001`d6405010 ffffd001`67b31150 ffffe001`d62e8601 : Ntfs!NtfsCommonCreate+0x1104
ffffd000`23316f50 fffff800`ef9de5f7 : ffffd001`67b31120 00000000`00d2d688 00000000`00000000 00000000`00000000 : Ntfs!NtfsCommonCreateCallout+0x1d
ffffd000`23316f80 fffff800`ef9de5bd : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KxSwitchKernelStackCallout+0x27
ffffd001`67b30f90 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSwitchKernelStackContinue
STACK_COMMAND: kb
FOLLOWUP_IP:
nt!KiFastFailDispatch+d0
fffff800`ef9e6b10 c644242000 mov byte ptr [rsp+20h],0
SYMBOL_STACK_INDEX: 2
SYMBOL_NAME: nt!KiFastFailDispatch+d0
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
IMAGE_NAME: ntkrnlmp.exe
DEBUG_FLR_IMAGE_TIMESTAMP: 550f41a6
IMAGE_VERSION: 6.3.9600.17736
BUCKET_ID_FUNC_OFFSET: d0
FAILURE_BUCKET_ID: 0x139_3_nt!KiFastFailDispatch
BUCKET_ID: 0x139_3_nt!KiFastFailDispatch
ANALYSIS_SOURCE: KM
FAILURE_ID_HASH_STRING: km:0x139_3_nt!kifastfaildispatch
FAILURE_ID_HASH: {36173680-6f08-995f-065a-3d368c996911}