P
Phillip_P
Guest
So in the past couple days I have started getting random crashes. Always with the Kernel_Security_Check_Failure(139)
This is the first time this has happened since I installed. I have not made any changes to the system recently, its almost a full year old.
Results of the Memory dump are:
[COLOR=rgba(30, 30, 30, 1)]KERNEL_SECURITY_CHECK_FAILURE (139)[/COLOR]
[COLOR=rgba(30, 30, 30, 1)]A kernel component has corrupted a critical data structure. The corruption
could potentially allow a malicious user to gain control of this machine.
Arguments:
Arg1: 0000000000000003, A LIST_ENTRY has been corrupted (i.e. double remove).
Arg2: ffffd082192c76c0, Address of the trap frame for the exception that caused the bugcheck
Arg3: ffffd082192c7618, Address of the exception record for the exception that caused the bugcheck
Arg4: 0000000000000000, Reserved[/COLOR]
[COLOR=rgba(30, 30, 30, 1)]Debugging Details:[/COLOR]
[COLOR=rgba(30, 30, 30, 1)]------------------
KEY_VALUES_STRING: 1
Key : Analysis.CPU.mSec
Value: 2421
Key : Analysis.DebugAnalysisManager
Value: Create
Key : Analysis.Elapsed.mSec
Value: 4520
Key : Analysis.Init.CPU.mSec
Value: 389
Key : Analysis.Init.Elapsed.mSec
Value: 5078
Key : Analysis.Memory.CommitPeak.Mb
Value: 79
Key : FailFast.Name
Value: CORRUPT_LIST_ENTRY
Key : FailFast.Type
Value: 3
Key : WER.OS.Branch
Value: vb_release
Key : WER.OS.Timestamp
Value: 2019-12-06T14:06:00Z
Key : WER.OS.Version
Value: 10.0.19041.1[/COLOR]
[COLOR=rgba(30, 30, 30, 1)]BUGCHECK_CODE: 139
BUGCHECK_P1: 3
BUGCHECK_P2: ffffd082192c76c0
BUGCHECK_P3: ffffd082192c7618
BUGCHECK_P4: 0
TRAP_FRAME: ffffd082192c76c0 -- [/COLOR][COLOR=rgba(0, 0, 255, 1)](.trap 0xffffd082192c76c0)
[/COLOR][COLOR=rgba(30, 30, 30, 1)]NOTE: The trap frame does not contain all registers.
[/COLOR][COLOR=rgba(0, 0, 255, 1)]Some register values may be zeroed or incorrect.
[/COLOR][COLOR=rgba(30, 30, 30, 1)]rax=ffffe68555847d90 rbx=0000000000000000 rcx=0000000000000003
rdx=0000000000000000 rsi=0000000000000000 rdi=0000000000000000
rip=fffff80065db2e00 rsp=ffffd082192c7850 rbp=ffffe68555343750
r8=ffffbd0173df6a70 r9=ffffe6854ca07370 r10=ffffbd015de8d840
r11=ffffd082192c7800 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei ng nz na po cy
libwamf+0x2e00:
fffff800`65db2e00 cd29 int 29h
Resetting default scope
EXCEPTION_RECORD: ffffd082192c7618 -- [/COLOR][COLOR=rgba(0, 0, 255, 1)](.exr 0xffffd082192c7618)
[/COLOR][COLOR=rgba(30, 30, 30, 1)]ExceptionAddress: fffff80065db2e00 (libwamf+0x0000000000002e00)
ExceptionCode: c0000409 (Security check failure or stack buffer overrun)
ExceptionFlags: 00000001
NumberParameters: 1
Parameter[0]: 0000000000000003
Subcode: 0x3 FAST_FAIL_CORRUPT_LIST_ENTRY
BLACKBOXBSD: 1 ([/COLOR][COLOR=rgba(0, 0, 255, 1)]!blackboxbsd[/COLOR][COLOR=rgba(30, 30, 30, 1)])
BLACKBOXNTFS: 1 ([/COLOR][COLOR=rgba(0, 0, 255, 1)]!blackboxntfs[/COLOR][COLOR=rgba(30, 30, 30, 1)])
BLACKBOXPNP: 1 ([/COLOR][COLOR=rgba(0, 0, 255, 1)]!blackboxpnp[/COLOR][COLOR=rgba(30, 30, 30, 1)])
BLACKBOXWINLOGON: 1
PROCESS_NAME: System
ERROR_CODE: (NTSTATUS) 0xc0000409 - The system detected an overrun of a stack-based buffer in this application. This overrun could potentially allow a malicious user to gain control of this application.
EXCEPTION_CODE_STR: c0000409
EXCEPTION_PARAMETER1: 0000000000000003
EXCEPTION_STR: 0xc0000409
STACK_TEXT:
ffffd082`192c7398 fffff800`58807b69 : 00000000`00000139 00000000`00000003 ffffd082`192c76c0 ffffd082`192c7618 : nt!KeBugCheckEx
ffffd082`192c73a0 fffff800`58807f90 : ffffbd01`675874c0 fffff800`588075b5 ffffbd01`741b9c00 ffffbd01`71ee269c : nt!KiBugCheckDispatch+0x69
ffffd082`192c74e0 fffff800`58806323 : ffffbd01`00000003 00000000`00000001 00000000`00000020 00000000`00000000 : nt!KiFastFailDispatch+0xd0
ffffd082`192c76c0 fffff800`65db2e00 : 00000000`00000000 ffffe685`55343750 fffff800`65db5120 fffff800`65db275d : nt!KiRaiseSecurityCheckFailure+0x323
ffffd082`192c7850 fffff800`65db2741 : ffffbd01`5de86e20 00000000`00000008 00000000`e314bd0d ffffd082`192c7939 : libwamf+0x2e00
ffffd082`192c78a0 fffff800`57370440 : ffffbd01`6b277a20 00000000`00989680 ffffbd01`6aee2cc0 ffffbd01`6b277a30 : libwamf+0x2741
ffffd082`192c78d0 fffff800`573720c8 : ffffbd01`71ee2010 ffffbd01`6b277a30 ffffbd01`6b277a30 00000000`00000000 : FLTMGR!FltOpenVolume+0xe50
ffffd082`192c79a0 fffff800`573723a7 : ffffbd01`6b550190 00000000`00000008 ffffbd01`6b550040 ffffbd01`00000000 : FLTMGR!FltRemoveOpenReparseEntry+0x19e8
ffffd082`192c79e0 fffff800`573726b5 : ffffbd01`6de2f810 fffff800`573726a0 ffffbd01`5de75c60 00000000`00000100 : FLTMGR!FltRemoveOpenReparseEntry+0x1cc7
ffffd082`192c7a40 fffff800`58625975 : ffffbd01`675874c0 fffff800`5736ffc0 ffffbd01`5de75c60 ffffbd01`00000000 : FLTMGR!FltRemoveOpenReparseEntry+0x1fd5
ffffd082`192c7a70 fffff800`58717e85 : ffffbd01`675874c0 00000000`00000080 ffffbd01`5de68080 000fa4ef`bd9bbfff : nt!ExpWorkerThread+0x105
ffffd082`192c7b10 fffff800`587fd2a8 : ffffac80`521e0180 ffffbd01`675874c0 fffff800`58717e30 00000000`00000000 : nt!PspSystemThreadStartup+0x55
ffffd082`192c7b60 00000000`00000000 : ffffd082`192c8000 ffffd082`192c1000 00000000`00000000 00000000`00000000 : nt!KiStartSystemThread+0x28
SYMBOL_NAME: libwamf+2e00
MODULE_NAME: [/COLOR][COLOR=rgba(0, 0, 255, 1)]libwamf
[/COLOR][COLOR=rgba(30, 30, 30, 1)]IMAGE_NAME: libwamf.sys
STACK_COMMAND: .thread ; .cxr ; kb
BUCKET_ID_FUNC_OFFSET: 2e00
FAILURE_BUCKET_ID: 0x139_3_CORRUPT_LIST_ENTRY_libwamf!unknown_function
OS_VERSION: 10.0.19041.1
BUILDLAB_STR: vb_release
OSPLATFORM_TYPE: x64
OSNAME: Windows 10
FAILURE_ID_HASH: {13eabe20-0fac-c14f-91ee-170f860e7e14}
Followup: MachineOwner[/COLOR]
[COLOR=rgba(30, 30, 30, 1)]Any help on this would be appreciated. [/COLOR]
[COLOR=rgba(30, 30, 30, 1)]All the searches I have done for the libwamf file just result in what it is and the company that is responsible but nothing on a possible resolution or why it is causing a crash.[/COLOR]
Continue reading...
This is the first time this has happened since I installed. I have not made any changes to the system recently, its almost a full year old.
Results of the Memory dump are:
[COLOR=rgba(30, 30, 30, 1)]KERNEL_SECURITY_CHECK_FAILURE (139)[/COLOR]
[COLOR=rgba(30, 30, 30, 1)]A kernel component has corrupted a critical data structure. The corruption
could potentially allow a malicious user to gain control of this machine.
Arguments:
Arg1: 0000000000000003, A LIST_ENTRY has been corrupted (i.e. double remove).
Arg2: ffffd082192c76c0, Address of the trap frame for the exception that caused the bugcheck
Arg3: ffffd082192c7618, Address of the exception record for the exception that caused the bugcheck
Arg4: 0000000000000000, Reserved[/COLOR]
[COLOR=rgba(30, 30, 30, 1)]Debugging Details:[/COLOR]
[COLOR=rgba(30, 30, 30, 1)]------------------
KEY_VALUES_STRING: 1
Key : Analysis.CPU.mSec
Value: 2421
Key : Analysis.DebugAnalysisManager
Value: Create
Key : Analysis.Elapsed.mSec
Value: 4520
Key : Analysis.Init.CPU.mSec
Value: 389
Key : Analysis.Init.Elapsed.mSec
Value: 5078
Key : Analysis.Memory.CommitPeak.Mb
Value: 79
Key : FailFast.Name
Value: CORRUPT_LIST_ENTRY
Key : FailFast.Type
Value: 3
Key : WER.OS.Branch
Value: vb_release
Key : WER.OS.Timestamp
Value: 2019-12-06T14:06:00Z
Key : WER.OS.Version
Value: 10.0.19041.1[/COLOR]
[COLOR=rgba(30, 30, 30, 1)]BUGCHECK_CODE: 139
BUGCHECK_P1: 3
BUGCHECK_P2: ffffd082192c76c0
BUGCHECK_P3: ffffd082192c7618
BUGCHECK_P4: 0
TRAP_FRAME: ffffd082192c76c0 -- [/COLOR][COLOR=rgba(0, 0, 255, 1)](.trap 0xffffd082192c76c0)
[/COLOR][COLOR=rgba(30, 30, 30, 1)]NOTE: The trap frame does not contain all registers.
[/COLOR][COLOR=rgba(0, 0, 255, 1)]Some register values may be zeroed or incorrect.
[/COLOR][COLOR=rgba(30, 30, 30, 1)]rax=ffffe68555847d90 rbx=0000000000000000 rcx=0000000000000003
rdx=0000000000000000 rsi=0000000000000000 rdi=0000000000000000
rip=fffff80065db2e00 rsp=ffffd082192c7850 rbp=ffffe68555343750
r8=ffffbd0173df6a70 r9=ffffe6854ca07370 r10=ffffbd015de8d840
r11=ffffd082192c7800 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei ng nz na po cy
libwamf+0x2e00:
fffff800`65db2e00 cd29 int 29h
Resetting default scope
EXCEPTION_RECORD: ffffd082192c7618 -- [/COLOR][COLOR=rgba(0, 0, 255, 1)](.exr 0xffffd082192c7618)
[/COLOR][COLOR=rgba(30, 30, 30, 1)]ExceptionAddress: fffff80065db2e00 (libwamf+0x0000000000002e00)
ExceptionCode: c0000409 (Security check failure or stack buffer overrun)
ExceptionFlags: 00000001
NumberParameters: 1
Parameter[0]: 0000000000000003
Subcode: 0x3 FAST_FAIL_CORRUPT_LIST_ENTRY
BLACKBOXBSD: 1 ([/COLOR][COLOR=rgba(0, 0, 255, 1)]!blackboxbsd[/COLOR][COLOR=rgba(30, 30, 30, 1)])
BLACKBOXNTFS: 1 ([/COLOR][COLOR=rgba(0, 0, 255, 1)]!blackboxntfs[/COLOR][COLOR=rgba(30, 30, 30, 1)])
BLACKBOXPNP: 1 ([/COLOR][COLOR=rgba(0, 0, 255, 1)]!blackboxpnp[/COLOR][COLOR=rgba(30, 30, 30, 1)])
BLACKBOXWINLOGON: 1
PROCESS_NAME: System
ERROR_CODE: (NTSTATUS) 0xc0000409 - The system detected an overrun of a stack-based buffer in this application. This overrun could potentially allow a malicious user to gain control of this application.
EXCEPTION_CODE_STR: c0000409
EXCEPTION_PARAMETER1: 0000000000000003
EXCEPTION_STR: 0xc0000409
STACK_TEXT:
ffffd082`192c7398 fffff800`58807b69 : 00000000`00000139 00000000`00000003 ffffd082`192c76c0 ffffd082`192c7618 : nt!KeBugCheckEx
ffffd082`192c73a0 fffff800`58807f90 : ffffbd01`675874c0 fffff800`588075b5 ffffbd01`741b9c00 ffffbd01`71ee269c : nt!KiBugCheckDispatch+0x69
ffffd082`192c74e0 fffff800`58806323 : ffffbd01`00000003 00000000`00000001 00000000`00000020 00000000`00000000 : nt!KiFastFailDispatch+0xd0
ffffd082`192c76c0 fffff800`65db2e00 : 00000000`00000000 ffffe685`55343750 fffff800`65db5120 fffff800`65db275d : nt!KiRaiseSecurityCheckFailure+0x323
ffffd082`192c7850 fffff800`65db2741 : ffffbd01`5de86e20 00000000`00000008 00000000`e314bd0d ffffd082`192c7939 : libwamf+0x2e00
ffffd082`192c78a0 fffff800`57370440 : ffffbd01`6b277a20 00000000`00989680 ffffbd01`6aee2cc0 ffffbd01`6b277a30 : libwamf+0x2741
ffffd082`192c78d0 fffff800`573720c8 : ffffbd01`71ee2010 ffffbd01`6b277a30 ffffbd01`6b277a30 00000000`00000000 : FLTMGR!FltOpenVolume+0xe50
ffffd082`192c79a0 fffff800`573723a7 : ffffbd01`6b550190 00000000`00000008 ffffbd01`6b550040 ffffbd01`00000000 : FLTMGR!FltRemoveOpenReparseEntry+0x19e8
ffffd082`192c79e0 fffff800`573726b5 : ffffbd01`6de2f810 fffff800`573726a0 ffffbd01`5de75c60 00000000`00000100 : FLTMGR!FltRemoveOpenReparseEntry+0x1cc7
ffffd082`192c7a40 fffff800`58625975 : ffffbd01`675874c0 fffff800`5736ffc0 ffffbd01`5de75c60 ffffbd01`00000000 : FLTMGR!FltRemoveOpenReparseEntry+0x1fd5
ffffd082`192c7a70 fffff800`58717e85 : ffffbd01`675874c0 00000000`00000080 ffffbd01`5de68080 000fa4ef`bd9bbfff : nt!ExpWorkerThread+0x105
ffffd082`192c7b10 fffff800`587fd2a8 : ffffac80`521e0180 ffffbd01`675874c0 fffff800`58717e30 00000000`00000000 : nt!PspSystemThreadStartup+0x55
ffffd082`192c7b60 00000000`00000000 : ffffd082`192c8000 ffffd082`192c1000 00000000`00000000 00000000`00000000 : nt!KiStartSystemThread+0x28
SYMBOL_NAME: libwamf+2e00
MODULE_NAME: [/COLOR][COLOR=rgba(0, 0, 255, 1)]libwamf
[/COLOR][COLOR=rgba(30, 30, 30, 1)]IMAGE_NAME: libwamf.sys
STACK_COMMAND: .thread ; .cxr ; kb
BUCKET_ID_FUNC_OFFSET: 2e00
FAILURE_BUCKET_ID: 0x139_3_CORRUPT_LIST_ENTRY_libwamf!unknown_function
OS_VERSION: 10.0.19041.1
BUILDLAB_STR: vb_release
OSPLATFORM_TYPE: x64
OSNAME: Windows 10
FAILURE_ID_HASH: {13eabe20-0fac-c14f-91ee-170f860e7e14}
Followup: MachineOwner[/COLOR]
[COLOR=rgba(30, 30, 30, 1)]Any help on this would be appreciated. [/COLOR]
[COLOR=rgba(30, 30, 30, 1)]All the searches I have done for the libwamf file just result in what it is and the company that is responsible but nothing on a possible resolution or why it is causing a crash.[/COLOR]
Continue reading...