memory_corruption
Вот мой листинг по твоему дампу:
Код:
Microsoft (R) Windows Debugger Version 10.0.14321.1024 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\Users\odmin\Downloads\092916-3750-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
************* Symbol Path validation summary **************
Response Time (ms) Location
Deferred .sympath cache*e:\Symbols
Deferred srv*https://msdl.microsoft.com/download/symbols
Symbol search path is: .sympath cache*e:\Symbols;srv*https://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 10 Kernel Version 14393 MP (4 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 14393.187.amd64fre.rs1_release_inmarket.160906-1818
Machine Name:
Kernel base = 0xfffff802`db414000 PsLoadedModuleList = 0xfffff802`db718080
Debug session time: Wed Sep 28 20:08:02.780 2016 (UTC + 3:00)
System Uptime: 0 days 17:37:29.505
Loading Kernel Symbols
.
Press ctrl-c (cdb, kd, ntsd) or ctrl-break (windbg) to abort symbol loads that take too long.
Run !sym noisy before .reload to track down problems loading symbols.
..............................................................
................................................................
................................
Loading User Symbols
Loading unloaded module list
.......................
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 139, {3, ffffa000f0b77400, ffffa000f0b77358, 0}
*** WARNING: Unable to verify timestamp for win32k.sys
*** ERROR: Module load completed but symbols could not be loaded for win32k.sys
Probably caused by : memory_corruption
Followup: memory_corruption
---------
2: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
KERNEL_SECURITY_CHECK_FAILURE (139)
A kernel component has corrupted a critical data structure. The corruption
could potentially allow a malicious user to gain control of this machine.
Arguments:
Arg1: 0000000000000003, A LIST_ENTRY has been corrupted (i.e. double remove).
Arg2: ffffa000f0b77400, Address of the trap frame for the exception that caused the bugcheck
Arg3: ffffa000f0b77358, Address of the exception record for the exception that caused the bugcheck
Arg4: 0000000000000000, Reserved
Debugging Details:
------------------
DUMP_CLASS: 1
DUMP_QUALIFIER: 400
BUILD_VERSION_STRING: 10.0.14393.187 (rs1_release_inmarket.160906-1818)
SYSTEM_MANUFACTURER: Gigabyte Technology Co., Ltd.
SYSTEM_PRODUCT_NAME: H97-D3H
SYSTEM_SKU: To be filled by O.E.M.
SYSTEM_VERSION: To be filled by O.E.M.
BIOS_VENDOR: American Megatrends Inc.
BIOS_VERSION: F7
BIOS_DATE: 09/19/2015
BASEBOARD_MANUFACTURER: Gigabyte Technology Co., Ltd.
BASEBOARD_PRODUCT: H97-D3H-CF
BASEBOARD_VERSION: x.x
DUMP_TYPE: 2
BUGCHECK_P1: 3
BUGCHECK_P2: ffffa000f0b77400
BUGCHECK_P3: ffffa000f0b77358
BUGCHECK_P4: 0
TRAP_FRAME: ffffa000f0b77400 -- (.trap 0xffffa000f0b77400)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=ffff8b05504238a8 rbx=0000000000000000 rcx=0000000000000003
rdx=0000000000000000 rsi=0000000000000000 rdi=0000000000000000
rip=fffff802db9ad1dd rsp=ffffa000f0b77590 rbp=0000000000000705
r8=0000000000000000 r9=0000000000000000 r10=ffffe1082f0f5ac0
r11=ffffa000f0b775d8 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei ng nz ac pe cy
nt! ?? ::NNGAKEGL::`string'+0x2212d:
fffff802`db9ad1dd cd29 int 29h
Resetting default scope
EXCEPTION_RECORD: ffffa000f0b77358 -- (.exr 0xffffa000f0b77358)
ExceptionAddress: fffff802db9ad1dd (nt! ?? ::NNGAKEGL::`string'+0x000000000002212d)
ExceptionCode: c0000409 (Security check failure or stack buffer overrun)
ExceptionFlags: 00000001
NumberParameters: 1
Parameter[0]: 0000000000000003
Subcode: 0x3 FAST_FAIL_CORRUPT_LIST_ENTRY
CPU_COUNT: 4
CPU_MHZ: c79
CPU_VENDOR: GenuineIntel
CPU_FAMILY: 6
CPU_MODEL: 3c
CPU_STEPPING: 3
CPU_MICROCODE: 6,3c,3,0 (F,M,S,R) SIG: 1E'00000000 (cache) 1E'00000000 (init)
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: CODE_CORRUPTION
BUGCHECK_STR: 0x139
PROCESS_NAME: System
CURRENT_IRQL: 0
ERROR_CODE: (NTSTATUS) 0xc0000409 - <Unable to get error code text>
EXCEPTION_CODE: (NTSTATUS) 0xc0000409 - <Unable to get error code text>
EXCEPTION_CODE_STR: c0000409
EXCEPTION_PARAMETER1: 0000000000000003
ANALYSIS_SESSION_HOST: INTEL
ANALYSIS_SESSION_TIME: 09-30-2016 16:55:29.0145
ANALYSIS_VERSION: 10.0.14321.1024 amd64fre
LAST_CONTROL_TRANSFER: from fffff802db569229 to fffff802db55e0b0
STACK_TEXT:
ffffa000`f0b770d8 fffff802`db569229 : 00000000`00000139 00000000`00000003 ffffa000`f0b77400 ffffa000`f0b77358 : nt!KeBugCheckEx
ffffa000`f0b770e0 fffff802`db569590 : 00000000`00000001 fffff80d`7c41df6d 00000000`0054bc00 ffffffff`ffffffff : nt!KiBugCheckDispatch+0x69
ffffa000`f0b77220 fffff802`db568573 : ffffa000`f0b77410 00000000`00000000 00000001`ffffffff fffffff6`00000008 : nt!KiFastFailDispatch+0xd0
ffffa000`f0b77400 fffff802`db9ad1dd : 00000000`00000000 fffff80d`7c40e076 ffffe108`30760ac0 ffff8b05`4b047180 : nt!KiRaiseSecurityCheckFailure+0xf3
ffffa000`f0b77590 fffff80d`7c4b4fb0 : ffffe108`32bbcdb0 00000000`00000000 ffffa000`f0b776c8 ffff8b05`4b047180 : nt! ?? ::NNGAKEGL::`string'+0x2212d
ffffa000`f0b775e0 fffff80d`7c4b4daf : ffffcb00`01010000 00000028`52f12100 00000000`00000000 00000000`00000000 : NTFS!NtfsDeleteScb+0x130
ffffa000`f0b77670 fffff80d`7c4056f3 : ffff8b05`504238e0 ffffe108`32bbcdb0 00000000`00000000 00000000`00000000 : NTFS!NtfsRemoveScb+0x5f
ffffa000`f0b776c0 fffff80d`7c4b4b30 : ffffe108`2f0f5ac0 00000000`00000001 ffff8b05`5184b018 00000000`00000001 : NTFS!NtfsPrepareFcbForRemoval+0x63
ffffa000`f0b77700 fffff80d`7c41ede0 : ffff8b05`5184b018 ffffa000`f0b77803 00000000`00000000 ffffe108`2f0f5ac0 : NTFS!NtfsTeardownStructures+0x90
ffffa000`f0b77780 fffff80d`7c4fe6cb : ffffa000`f0b77900 00000000`00000000 00000000`00000001 ffffe108`0000000a : NTFS!NtfsDecrementCloseCounts+0xd0
ffffa000`f0b777c0 fffff80d`7c4f5b55 : ffff8b05`5184b018 ffffe108`32bbcdb0 ffffe108`2f0f5ac0 ffff8b05`4b047180 : NTFS!NtfsCommonClose+0x40b
ffffa000`f0b77890 fffff80d`7b833172 : ffff8b05`4b9db001 ffff8b05`5271f010 ffff8b05`4ea09800 ffff8b05`00000002 : NTFS!NtfsFsdClose+0x295
ffffa000`f0b779a0 fffff802`db875efd : ffff8b05`50974810 ffff8b05`50974810 ffff8b05`5271f010 ffff8b05`00000006 : FLTMGR!FltpDispatch+0xe2
ffffa000`f0b77a00 fffff802`db871378 : fffff802`db8e51cc 00000000`00000001 ffff8b05`4b175f20 00000000`00000001 : nt!IopDeleteFile+0x12d
ffffa000`f0b77a80 fffff802`db8e54a0 : 00000000`00000000 ffff8b05`509747e0 fffff802`db8e51cc fffff802`db715da0 : nt!ObpRemoveObjectRoutine+0x78
ffffa000`f0b77ae0 fffff802`db4739b9 : ffff8b05`530ae040 fffff802`db8e51cc fffff802`db715da0 fffff802`db7d0280 : nt!ObpProcessRemoveObjectQueue+0x2d4
ffffa000`f0b77b80 fffff802`db4e6255 : 2f099484`b6862909 00000000`00000080 ffff8b05`4b0d7040 ffff8b05`530ae040 : nt!ExpWorkerThread+0xe9
ffffa000`f0b77c10 fffff802`db563576 : fffff802`db755180 ffff8b05`530ae040 fffff802`db4e6214 fbe3ab86`0215710f : nt!PspSystemThreadStartup+0x41
ffffa000`f0b77c60 00000000`00000000 : ffffa000`f0b78000 ffffa000`f0b72000 00000000`00000000 00000000`00000000 : nt!KiStartSystemThread+0x16
STACK_COMMAND: kb
CHKIMG_EXTENSION: !chkimg -lo 50 -d !nt
fffff802db44e43c-fffff802db44e43d 2 bytes - nt!MiInsertNonPagedPoolOnSlist+45c
[ 80 f6:00 88 ]
fffff802db48f13f - nt!MmUnmapViewInSystemCache+83f (+0x40d03)
[ fa:c8 ]
3 errors : !nt (fffff802db44e43c-fffff802db48f13f)
MODULE_NAME: memory_corruption
IMAGE_NAME: memory_corruption
FOLLOWUP_NAME: memory_corruption
DEBUG_FLR_IMAGE_TIMESTAMP: 0
MEMORY_CORRUPTOR: LARGE
FAILURE_BUCKET_ID: MEMORY_CORRUPTION_LARGE
BUCKET_ID: MEMORY_CORRUPTION_LARGE
PRIMARY_PROBLEM_CLASS: MEMORY_CORRUPTION_LARGE
TARGET_TIME: 2016-09-28T17:08:02.000Z
OSBUILD: 14393
OSSERVICEPACK: 187
SERVICEPACK_NUMBER: 0
OS_REVISION: 0
SUITE_MASK: 272
PRODUCT_TYPE: 1
OSPLATFORM_TYPE: x64
OSNAME: Windows 10
OSEDITION: Windows 10 WinNt TerminalServer SingleUserTS
OS_LOCALE:
USER_LCID: 0
OSBUILD_TIMESTAMP: 2016-09-07 07:40:20
BUILDDATESTAMP_STR: 160906-1818
BUILDLAB_STR: rs1_release_inmarket
BUILDOSVER_STR: 10.0.14393.187
ANALYSIS_SESSION_ELAPSED_TIME: 1cf5
ANALYSIS_SOURCE: KM
FAILURE_ID_HASH_STRING: km:memory_corruption_large
FAILURE_ID_HASH: {e29154ac-69a4-0eb8-172a-a860f73c0a3c}
Followup: memory_corruption
---------