*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 139, {3, ffffd00022b37340, ffffd00022b37298, 0}
*** WARNING: Unable to verify timestamp for Abyssus.sys
*** ERROR: Module load completed but symbols could not be loaded for Abyssus.sys
Probably caused by : Abyssus.sys ( Abyssus+1b8b )
Followup: MachineOwner
---------
1: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
KERNEL_SECURITY_CHECK_FAILURE (139)
A kernel component has corrupted a critical data structure. The corruption
could potentially allow a malicious user to gain control of this machine.
Arguments:
Arg1: 0000000000000003, A LIST_ENTRY has been corrupted (i.e. double remove).
Arg2: ffffd00022b37340, Address of the trap frame for the exception that caused the bugcheck
Arg3: ffffd00022b37298, Address of the exception record for the exception that caused the bugcheck
Arg4: 0000000000000000, Reserved
Debugging Details:
------------------
TRAP_FRAME: ffffd00022b37340 -- (.trap 0xffffd00022b37340)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=ffffe000661a4b08 rbx=0000000000000000 rcx=0000000000000003
rdx=ffffe0006aae71b8 rsi=0000000000000000 rdi=0000000000000000
rip=fffff8007cf0f7ce rsp=ffffd00022b374d0 rbp=0000000000000000
r8=ffffe00065ac3d78 r9=00000000000007ff r10=ffffd001fed972c0
r11=ffffc0013fe3a080 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up di pl nz na po cy
nt!ExInterlockedInsertHeadList+0xae:
fffff800`7cf0f7ce cd29 int 29h
Resetting default scope
EXCEPTION_RECORD: ffffd00022b37298 -- (.exr 0xffffd00022b37298)
ExceptionAddress: fffff8007cf0f7ce (nt!ExInterlockedInsertHeadList+0x00000000000000ae)
ExceptionCode: c0000409 (Security check failure or stack buffer overrun)
ExceptionFlags: 00000001
NumberParameters: 1
Parameter[0]: 0000000000000003
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: LIST_ENTRY_CORRUPT
BUGCHECK_STR: 0x139
PROCESS_NAME: System
CURRENT_IRQL: 0
ERROR_CODE: (NTSTATUS) 0xc0000409 - The system detected an overrun of a stack-based buffer in this application. This overrun could potentially allow a malicious user to gain control of this application.
EXCEPTION_CODE: (NTSTATUS) 0xc0000409 - The system detected an overrun of a stack-based buffer in this application. This overrun could potentially allow a malicious user to gain control of this application.
EXCEPTION_PARAMETER1: 0000000000000003
ANALYSIS_VERSION: 6.3.9600.17237 (debuggers(dbg).140716-0327) amd64fre
LAST_CONTROL_TRANSFER: from fffff8007cf707e9 to fffff8007cf64ca0
STACK_TEXT:
ffffd000`22b37018 fffff800`7cf707e9 : 00000000`00000139 00000000`00000003 ffffd000`22b37340 ffffd000`22b37298 : nt!KeBugCheckEx
ffffd000`22b37020 fffff800`7cf70b10 : 00000000`01a03b69 00000001`00000000 00000003`00000000 00000000`00000003 : nt!KiBugCheckDispatch+0x69
ffffd000`22b37160 fffff800`7cf6fd34 : 00000000`00001830 00000000`00000000 00000000`00000000 00000000`00000080 : nt!KiFastFailDispatch+0xd0
ffffd000`22b37340 fffff800`7cf0f7ce : 00000000`00000000 00000000`00000000 00000000`00000000 ffffe000`6ab78e20 : nt!KiRaiseSecurityCheckFailure+0xf4
ffffd000`22b374d0 fffff801`3b6dcb8b : ffffe000`6aae7190 00000000`00000002 ffffe000`65ac3d60 ffffe000`6ab78e20 : nt!ExInterlockedInsertHeadList+0xae
ffffd000`22b37510 ffffe000`6aae7190 : 00000000`00000002 ffffe000`65ac3d60 ffffe000`6ab78e20 ffffd000`00000000 : Abyssus+0x1b8b
ffffd000`22b37518 00000000`00000002 : ffffe000`65ac3d60 ffffe000`6ab78e20 ffffd000`00000000 00000000`00000000 : 0xffffe000`6aae7190
ffffd000`22b37520 ffffe000`65ac3d60 : ffffe000`6ab78e20 ffffd000`00000000 00000000`00000000 ffffd000`22b37580 : 0x2
ffffd000`22b37528 ffffe000`6ab78e20 : ffffd000`00000000 00000000`00000000 ffffd000`22b37580 00000000`00000000 : 0xffffe000`65ac3d60
ffffd000`22b37530 ffffd000`00000000 : 00000000`00000000 ffffd000`22b37580 00000000`00000000 00000000`00a0009e : 0xffffe000`6ab78e20
ffffd000`22b37538 00000000`00000000 : ffffd000`22b37580 00000000`00000000 00000000`00a0009e ffffc001`40a54150 : 0xffffd000`00000000
STACK_COMMAND: kb
FOLLOWUP_IP:
Abyssus+1b8b
fffff801`3b6dcb8b ?? ???
SYMBOL_STACK_INDEX: 5
SYMBOL_NAME: Abyssus+1b8b
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: Abyssus
IMAGE_NAME: Abyssus.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 4aea553c
FAILURE_BUCKET_ID: 0x139_3_Abyssus+1b8b
BUCKET_ID: 0x139_3_Abyssus+1b8b
ANALYSIS_SOURCE: KM
FAILURE_ID_HASH_STRING: km:0x139_3_abyssus+1b8b
FAILURE_ID_HASH: {f3c79fe2-a5d8-d3c9-4b46-6780a46e70d6}
Followup: MachineOwner
---------