*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 139, {3, ffffd000bc7cd340, ffffd000bc7cd298, 0}
*** WARNING: Unable to verify timestamp for copperhd.sys
*** ERROR: Module load completed but symbols could not be loaded for copperhd.sys
Probably caused by : copperhd.sys ( copperhd+288b )
Followup: MachineOwner
---------
4: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
KERNEL_SECURITY_CHECK_FAILURE (139)
A kernel component has corrupted a critical data structure. The corruption
could potentially allow a malicious user to gain control of this machine.
Arguments:
Arg1: 0000000000000003, A LIST_ENTRY has been corrupted (i.e. double remove).
Arg2: ffffd000bc7cd340, Address of the trap frame for the exception that caused the bugcheck
Arg3: ffffd000bc7cd298, Address of the exception record for the exception that caused the bugcheck
Arg4: 0000000000000000, Reserved
Debugging Details:
------------------
TRAP_FRAME: ffffd000bc7cd340 -- (.trap 0xffffd000bc7cd340)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=ffffe001899e9f48 rbx=0000000000000000 rcx=0000000000000003
rdx=ffffe0018a225f48 rsi=0000000000000000 rdi=0000000000000000
rip=fffff803aa71db7e rsp=ffffd000bc7cd4d0 rbp=0000000000000000
r8=ffffe001899e7468 r9=00000000000007ff r10=ffffd000bc240000
r11=00000000000004b8 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up di pl nz na po nc
nt!ExInterlockedInsertHeadList+0xae:
fffff803`aa71db7e cd29 int 29h
Resetting default scope
EXCEPTION_RECORD: ffffd000bc7cd298 -- (.exr 0xffffd000bc7cd298)
ExceptionAddress: fffff803aa71db7e (nt!ExInterlockedInsertHeadList+0x00000000000000ae)
ExceptionCode: c0000409 (Security check failure or stack buffer overrun)
ExceptionFlags: 00000001
NumberParameters: 1
Parameter[0]: 0000000000000003
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: LIST_ENTRY_CORRUPT
BUGCHECK_STR: 0x139
PROCESS_NAME: System
CURRENT_IRQL: 0
ERROR_CODE: (NTSTATUS) 0xc0000409 - Er is een bufferoverschrijdingsfout opgetreden voor stack-buffer in deze toepassing. Via deze overschrijdingsfout kan een kwaadwillige gebruiker de controle over deze toepassing verkrijgen.
EXCEPTION_CODE: (NTSTATUS) 0xc0000409 - Er is een bufferoverschrijdingsfout opgetreden voor stack-buffer in deze toepassing. Via deze overschrijdingsfout kan een kwaadwillige gebruiker de controle over deze toepassing verkrijgen.
EXCEPTION_PARAMETER1: 0000000000000003
ANALYSIS_VERSION: 6.3.9600.16384 (debuggers(dbg).130821-1623) amd64fre
LAST_CONTROL_TRANSFER: from fffff803aa77dae9 to fffff803aa771fa0
STACK_TEXT:
ffffd000`bc7cd018 fffff803`aa77dae9 : 00000000`00000139 00000000`00000003 ffffd000`bc7cd340 ffffd000`bc7cd298 : nt!KeBugCheckEx
ffffd000`bc7cd020 fffff803`aa77de10 : 00000000`00020260 00000001`00000000 00000003`00000000 00000000`00000003 : nt!KiBugCheckDispatch+0x69
ffffd000`bc7cd160 fffff803`aa77d034 : 00000000`00000d6c 00000000`00000000 00000000`00000000 00000000`00000080 : nt!KiFastFailDispatch+0xd0
ffffd000`bc7cd340 fffff803`aa71db7e : 00000000`00000000 00000000`00000000 00000000`00000000 ffffe001`89fd5820 : nt!KiRaiseSecurityCheckFailure+0xf4
ffffd000`bc7cd4d0 fffff801`d7c0a88b : ffffe001`8a225f20 00000000`00000002 ffffe001`899e7450 ffffe001`89fd5820 : nt!ExInterlockedInsertHeadList+0xae
ffffd000`bc7cd510 ffffe001`8a225f20 : 00000000`00000002 ffffe001`899e7450 ffffe001`89fd5820 ffffd000`00000000 : copperhd+0x288b
ffffd000`bc7cd518 00000000`00000002 : ffffe001`899e7450 ffffe001`89fd5820 ffffd000`00000000 00000000`00000000 : 0xffffe001`8a225f20
ffffd000`bc7cd520 ffffe001`899e7450 : ffffe001`89fd5820 ffffd000`00000000 00000000`00000000 ffffd000`bc7cd580 : 0x2
ffffd000`bc7cd528 ffffe001`89fd5820 : ffffd000`00000000 00000000`00000000 ffffd000`bc7cd580 00000000`00000000 : 0xffffe001`899e7450
ffffd000`bc7cd530 ffffd000`00000000 : 00000000`00000000 ffffd000`bc7cd580 00000000`00000000 00000000`00b000ae : 0xffffe001`89fd5820
ffffd000`bc7cd538 00000000`00000000 : ffffd000`bc7cd580 00000000`00000000 00000000`00b000ae ffffc001`ed3eb890 : 0xffffd000`00000000
STACK_COMMAND: kb
FOLLOWUP_IP:
copperhd+288b
fffff801`d7c0a88b ?? ???
SYMBOL_STACK_INDEX: 5
SYMBOL_NAME: copperhd+288b
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: copperhd
IMAGE_NAME: copperhd.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 4af91b39
FAILURE_BUCKET_ID: 0x139_3_copperhd+288b
BUCKET_ID: 0x139_3_copperhd+288b
ANALYSIS_SOURCE: KM
FAILURE_ID_HASH_STRING: km:0x139_3_copperhd+288b
FAILURE_ID_HASH: {c94678d5-ee90-17d8-a55d-3447770975e2}
Followup: MachineOwner