******************************************************************************** *
* Bugcheck Analysis *
* *
*******************************************************************************
KERNEL_SECURITY_CHECK_FAILURE (139)
A kernel component has corrupted a critical data structure. The corruption
could potentially allow a malicious user to gain control of this machine.
Arguments:
Arg1: 0000000000000003, A LIST_ENTRY has been corrupted (i.e. double remove).
Arg2: ffffd00023eecc30, Address of the trap frame for the exception that caused the bugcheck
Arg3: ffffd00023eecb88, Address of the exception record for the exception that caused the bugcheck
Arg4: 0000000000000000, Reserved
Debugging Details:
------------------
TRAP_FRAME: ffffd00023eecc30 -- (.trap 0xffffd00023eecc30)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=ffffe001a29c55a0 rbx=0000000000000000 rcx=0000000000000003
rdx=0000000000000000 rsi=0000000000000000 rdi=0000000000000000
rip=fffff801bf901bc9 rsp=ffffd00023eecdc0 rbp=ffffe0019d2fd100
r8=ffffd00023eecde0 r9=000000000000148f r10=ffffe0019d6abd00
r11=00000000000048c5 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei ng nz na pe cy
[COLOR=#ff0000][B][U]gwdrv+0x2bc9[/U][/B][/COLOR]:
fffff801`bf901bc9 ?? ???
Resetting default scope
EXCEPTION_RECORD: ffffd00023eecb88 -- (.exr 0xffffd00023eecb88)
ExceptionAddress: fffff801bf901bc9 (gwdrv+0x0000000000002bc9)
ExceptionCode: c0000409 (Security check failure or stack buffer overrun)
ExceptionFlags: 00000001
NumberParameters: 1
Parameter[0]: 0000000000000003
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: LIST_ENTRY_CORRUPT
BUGCHECK_STR: 0x139
PROCESS_NAME: System
CURRENT_IRQL: 2
ERROR_CODE: (NTSTATUS) 0xc0000409 - The system detected an overrun of a stack-based buffer in this application. This overrun could potentially allow a malicious user to gain control of this application.
EXCEPTION_CODE: (NTSTATUS) 0xc0000409 - The system detected an overrun of a stack-based buffer in this application. This overrun could potentially allow a malicious user to gain control of this application.
EXCEPTION_PARAMETER1: 0000000000000003
ANALYSIS_VERSION: 6.3.9600.17237 (debuggers(dbg).140716-0327) amd64fre
LAST_CONTROL_TRANSFER: from fffff800fa1d1ae9 to fffff800fa1c5fa0
STACK_TEXT:
ffffd000`23eec908 fffff800`fa1d1ae9 : 00000000`00000139 00000000`00000003 ffffd000`23eecc30 ffffd000`23eecb88 : nt!KeBugCheckEx
ffffd000`23eec910 fffff800`fa1d1e10 : ffffd000`23eecca3 ffffe001`a1f69738 00000000`00000000 ffffd000`23eecb80 : nt!KiBugCheckDispatch+0x69
ffffd000`23eeca50 fffff800`fa1d1034 : 00000000`00000004 00000000`00015d9c ffffe001`9d574f50 00000000`00000000 : nt!KiFastFailDispatch+0xd0
ffffd000`23eecc30 fffff801`bf901bc9 : ffffe001`9d201c20 ffffd000`00000000 ffffe001`9dc1c960 ffffe001`9cec37a0 : nt!KiRaiseSecurityCheckFailure+0xf4
ffffd000`23eecdc0 ffffe001`9d201c20 : ffffd000`00000000 ffffe001`9dc1c960 ffffe001`9cec37a0 00000000`00000000 : gwdrv+0x2bc9
ffffd000`23eecdc8 ffffd000`00000000 : ffffe001`9dc1c960 ffffe001`9cec37a0 00000000`00000000 ffffe001`9dc1c978 : 0xffffe001`9d201c20
ffffd000`23eecdd0 ffffe001`9dc1c960 : ffffe001`9cec37a0 00000000`00000000 ffffe001`9dc1c978 00000000`00000002 : 0xffffd000`00000000
ffffd000`23eecdd8 ffffe001`9cec37a0 : 00000000`00000000 ffffe001`9dc1c978 00000000`00000002 ffffe001`a2963200 : 0xffffe001`9dc1c960
ffffd000`23eecde0 00000000`00000000 : ffffe001`9dc1c978 00000000`00000002 ffffe001`a2963200 00000000`00000000 : 0xffffe001`9cec37a0
STACK_COMMAND: kb
FOLLOWUP_IP:
gwdrv+2bc9
fffff801`bf901bc9 ?? ???
SYMBOL_STACK_INDEX: 4
SYMBOL_NAME: gwdrv+2bc9
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: gwdrv
IMAGE_NAME: gwdrv.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 53f5af9f
FAILURE_BUCKET_ID: 0x139_3_gwdrv+2bc9
BUCKET_ID: 0x139_3_gwdrv+2bc9
ANALYSIS_SOURCE: KM
FAILURE_ID_HASH_STRING: km:0x139_3_gwdrv+2bc9
FAILURE_ID_HASH: {02eabad7-6b06-703c-84f0-43b530fb44df}
Followup: MachineOwner
---------