0: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
KERNEL_SECURITY_CHECK_FAILURE (139)
A kernel component has corrupted a critical data structure. The corruption
could potentially allow a malicious user to gain control of this machine.
Arguments:
Arg1: 0000000000000002, Stack cookie instrumentation code detected a stack-based
buffer overrun.
Arg2: ffffd0003806c610, Address of the trap frame for the exception that caused the bugcheck
Arg3: ffffd0003806c568, Address of the exception record for the exception that caused the bugcheck
Arg4: 0000000000000000, Reserved
Debugging Details:
------------------
DUMP_FILE_ATTRIBUTES: 0x8
Kernel Generated Triage Dump
TRAP_FRAME: ffffd0003806c610 -- (.trap 0xffffd0003806c610)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=0000000000000000 rbx=0000000000000000 rcx=0000000000000002
rdx=ffffffffea84c8b2 rsi=0000000000000000 rdi=0000000000000000
rip=fffff8011fa9f33d rsp=ffffd0003806c7a8 rbp=ffffd000228b90a4
r8=0000000000000000 r9=0000000000000000 r10=0000000000000000
r11=ffffd0003806c7f4 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei ng nz na pe nc
Netwew00+0xe33d:
fffff801`1fa9f33d ?? ???
Resetting default scope
EXCEPTION_RECORD: ffffd0003806c568 -- (.exr 0xffffd0003806c568)
ExceptionAddress: fffff8011fa9f33d (Netwew00+0x000000000000e33d)
ExceptionCode: c0000409 (Security check failure or stack buffer overrun)
ExceptionFlags: 00000001
NumberParameters: 1
Parameter[0]: 0000000000000002
CUSTOMER_CRASH_COUNT: 1
BUGCHECK_STR: 0x139
PROCESS_NAME: System
CURRENT_IRQL: 2
ERROR_CODE: (NTSTATUS) 0xc0000409 - The system detected an overrun of a stack-based buffer in this application. This overrun could potentially allow a malicious user to gain control of this application.
EXCEPTION_CODE: (NTSTATUS) 0xc0000409 - The system detected an overrun of a stack-based buffer in this application. This overrun could potentially allow a malicious user to gain control of this application.
EXCEPTION_PARAMETER1: 0000000000000002
DEFAULT_BUCKET_ID: STACK_COOKIE_CHECK_FAILURE
ANALYSIS_VERSION: 6.3.9600.16384 (debuggers(dbg).130821-1623) amd64fre
LAST_CONTROL_TRANSFER: from fffff801e63deae9 to fffff801e63d2fa0
STACK_TEXT:
ffffd000`3806c2e8 fffff801`e63deae9 : 00000000`00000139 00000000`00000002 ffffd000`3806c610 ffffd000`3806c568 : nt!KeBugCheckEx
ffffd000`3806c2f0 fffff801`e63dee10 : ffffe001`14e5f3a8 ffffd000`3806c4c0 ffffe001`111dc1a0 ffffe001`11190728 : nt!KiBugCheckDispatch+0x69
ffffd000`3806c430 fffff801`e63de034 : ffffe001`17f62900 00000000`00000000 00000000`00000000 fffff801`1df353f0 : nt!KiFastFailDispatch+0xd0
ffffd000`3806c610 fffff801`1fa9f33d : fffff801`1fb9f129 ffffe001`17f628f0 ffffd000`3806c880 ffffe001`17f6cea0 : nt!KiRaiseSecurityCheckFailure+0xf4
ffffd000`3806c7a8 fffff801`1fb9f129 : ffffe001`17f628f0 ffffd000`3806c880 ffffe001`17f6cea0 ffffd000`3806c849 : Netwew00+0xe33d
ffffd000`3806c7b0 ffffe001`17f628f0 : ffffd000`3806c880 ffffe001`17f6cea0 ffffd000`3806c849 ffffe001`14793e10 : Netwew00+0x10e129
ffffd000`3806c7b8 ffffd000`3806c880 : ffffe001`17f6cea0 ffffd000`3806c849 ffffe001`14793e10 fffff801`1fc4c740 : 0xffffe001`17f628f0
ffffd000`3806c7c0 ffffe001`17f6cea0 : ffffd000`3806c849 ffffe001`14793e10 fffff801`1fc4c740 00000000`00000000 : 0xffffd000`3806c880
ffffd000`3806c7c8 ffffd000`3806c849 : ffffe001`14793e10 fffff801`1fc4c740 00000000`00000000 00000000`00000000 : 0xffffe001`17f6cea0
ffffd000`3806c7d0 ffffe001`14793e10 : fffff801`1fc4c740 00000000`00000000 00000000`00000000 00524556`0000004c : 0xffffd000`3806c849
ffffd000`3806c7d8 fffff801`1fc4c740 : 00000000`00000000 00000000`00000000 00524556`0000004c 00000000`00000000 : 0xffffe001`14793e10
ffffd000`3806c7e0 00000000`00000000 : 00000000`00000000 00524556`0000004c 00000000`00000000 00000000`00000000 : Netwew00+0x1bb740
STACK_COMMAND: kb
FOLLOWUP_IP:
Netwew00+e33d
fffff801`1fa9f33d ?? ???
SYMBOL_STACK_INDEX: 4
SYMBOL_NAME: Netwew00+e33d
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: Netwew00
IMAGE_NAME: Netwew00.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 530c94f8
FAILURE_BUCKET_ID: 0x139_2_Netwew00+e33d
BUCKET_ID: 0x139_2_Netwew00+e33d
ANALYSIS_SOURCE: KM
FAILURE_ID_HASH_STRING: km:0x139_2_netwew00+e33d
FAILURE_ID_HASH: {86310b31-3819-64f4-9fa1-7956524c43e1}
Followup: MachineOwner