none
BSOD help to analyze the .dmp file RRS feed

  • Question

  • <iframe src="https://onedrive.live.com/embed?cid=6C187207953E38AC&resid=6C187207953E38AC%21572&authkey=AMeoVhbr0VDQpzo" width="98" height="120" frameborder="0" scrolling="no"></iframe>

    If someone please could read & intrepret what is happening with my pc & why I keep have problems with Kernel Security Check Failure,

    Thanks in advance

    Wednesday, January 13, 2016 10:14 PM

Answers

All replies

  • Dump shows Probably caused by : ntkrnlmp.exe so Windows so basically the OS so not much help I would say.

    Please see guide Driver Verifier-- tracking down a mis-behaving driver (by Team ZigZag) for further troubling shooting for the issue.

    Dump analysis below for completeness.

    Microsoft (R) Windows Debugger Version 10.0.10586.567 AMD64
    Copyright (c) Microsoft Corporation. All rights reserved.
    
    
    Loading Dump File [C:\WinDbg\robertobarnez\011316-19156-01.dmp]
    Mini Kernel Dump File: Only registers and stack trace are available
    
    
    ************* Symbol Path validation summary **************
    Response                         Time (ms)     Location
    Deferred                                       http://msdl.microsoft.com/download/symbols
    Symbol search path is: http://msdl.microsoft.com/download/symbols
    Executable search path is: 
    Windows 10 Kernel Version 10586 MP (8 procs) Free x64
    Product: WinNt, suite: TerminalServer SingleUserTS Personal
    Built by: 10586.63.amd64fre.th2_release.160104-1513
    Machine Name:
    Kernel base = 0xfffff803`c3682000 PsLoadedModuleList = 0xfffff803`c3960c70
    Debug session time: Wed Jan 13 21:46:14.005 2016 (UTC + 0:00)
    System Uptime: 0 days 0:45:56.741
    Loading Kernel Symbols
    .
    
    Press ctrl-c (cdb, kd, ntsd) or ctrl-break (windbg) to abort symbol loads that take too long.
    Run !sym noisy before .reload to track down problems loading symbols.
    
    ..............................................................
    ................................................................
    ....................................................
    Loading User Symbols
    Loading unloaded module list
    .............
    *******************************************************************************
    *                                                                             *
    *                        Bugcheck Analysis                                    *
    *                                                                             *
    *******************************************************************************
    
    Use !analyze -v to get detailed debugging information.
    
    BugCheck 139, {3, ffffd000252b7750, ffffd000252b76a8, 0}
    
    Probably caused by : ntkrnlmp.exe ( nt!KiFastFailDispatch+d0 )
    
    Followup:     MachineOwner
    ---------
    
    5: kd> !analyze -v
    *******************************************************************************
    *                                                                             *
    *                        Bugcheck Analysis                                    *
    *                                                                             *
    *******************************************************************************
    
    KERNEL_SECURITY_CHECK_FAILURE (139)
    A kernel component has corrupted a critical data structure.  The corruption
    could potentially allow a malicious user to gain control of this machine.
    Arguments:
    Arg1: 0000000000000003, A LIST_ENTRY has been corrupted (i.e. double remove).
    Arg2: ffffd000252b7750, Address of the trap frame for the exception that caused the bugcheck
    Arg3: ffffd000252b76a8, Address of the exception record for the exception that caused the bugcheck
    Arg4: 0000000000000000, Reserved
    
    Debugging Details:
    ------------------
    
    
    DUMP_CLASS: 1
    
    DUMP_QUALIFIER: 400
    
    BUILD_VERSION_STRING:  10586.63.amd64fre.th2_release.160104-1513
    
    SYSTEM_MANUFACTURER:  ASUSTeK COMPUTER INC.
    
    SYSTEM_PRODUCT_NAME:  G750JM
    
    SYSTEM_SKU:  ASUS-NotebookSKU
    
    SYSTEM_VERSION:  1.0       
    
    BIOS_VENDOR:  American Megatrends Inc.
    
    BIOS_VERSION:  G750JM.205
    
    BIOS_DATE:  02/11/2014
    
    BASEBOARD_MANUFACTURER:  ASUSTeK COMPUTER INC.
    
    BASEBOARD_PRODUCT:  G750JM
    
    BASEBOARD_VERSION:  1.0       
    
    DUMP_TYPE:  2
    
    BUGCHECK_P1: 3
    
    BUGCHECK_P2: ffffd000252b7750
    
    BUGCHECK_P3: ffffd000252b76a8
    
    BUGCHECK_P4: 0
    
    TRAP_FRAME:  ffffd000252b7750 -- (.trap 0xffffd000252b7750)
    NOTE: The trap frame does not contain all registers.
    Some register values may be zeroed or incorrect.
    rax=ffffe000e352a980 rbx=0000000000000000 rcx=0000000000000003
    rdx=ffffe000de65e3c0 rsi=0000000000000000 rdi=0000000000000000
    rip=fffff803c37dbd82 rsp=ffffd000252b78e0 rbp=0000000000000001
     r8=ffffe000e08c0128  r9=0000000000000000 r10=7fffe000e08c0128
    r11=7ffffffffffffffc r12=0000000000000000 r13=0000000000000000
    r14=0000000000000000 r15=0000000000000000
    iopl=0         nv up ei pl nz ac pe cy
    nt! ?? ::FNODOBFM::`string'+0x8c82:
    fffff803`c37dbd82 cd29            int     29h
    Resetting default scope
    
    EXCEPTION_RECORD:  ffffd000252b76a8 -- (.exr 0xffffd000252b76a8)
    ExceptionAddress: fffff803c37dbd82 (nt! ?? ::FNODOBFM::`string'+0x0000000000008c82)
       ExceptionCode: c0000409 (Security check failure or stack buffer overrun)
      ExceptionFlags: 00000001
    NumberParameters: 1
       Parameter[0]: 0000000000000003
    Subcode: 0x3 FAST_FAIL_CORRUPT_LIST_ENTRY
    
    CPU_COUNT: 8
    
    CPU_MHZ: 95a
    
    CPU_VENDOR:  GenuineIntel
    
    CPU_FAMILY: 6
    
    CPU_MODEL: 3c
    
    CPU_STEPPING: 3
    
    CPU_MICROCODE: 6,3c,3,0 (F,M,S,R)  SIG: 1E'00000000 (cache) 1E'00000000 (init)
    
    CUSTOMER_CRASH_COUNT:  1
    
    DEFAULT_BUCKET_ID:  LIST_ENTRY_CORRUPT
    
    BUGCHECK_STR:  0x139
    
    PROCESS_NAME:  System
    
    CURRENT_IRQL:  2
    
    ERROR_CODE: (NTSTATUS) 0xc0000409 - The system detected an overrun of a stack-based buffer in this application. This overrun could potentially allow a malicious user to gain control of this application.
    
    EXCEPTION_CODE: (NTSTATUS) 0xc0000409 - The system detected an overrun of a stack-based buffer in this application. This overrun could potentially allow a malicious user to gain control of this application.
    
    EXCEPTION_CODE_STR:  c0000409
    
    EXCEPTION_PARAMETER1:  0000000000000003
    
    ANALYSIS_SESSION_HOST:  
    
    ANALYSIS_SESSION_TIME:  01-13-2016 22:50:18.0994
    
    ANALYSIS_VERSION: 10.0.10586.567 amd64fre
    
    LAST_CONTROL_TRANSFER:  from fffff803c37cf2e9 to fffff803c37c4770
    
    STACK_TEXT:  
    ffffd000`252b7428 fffff803`c37cf2e9 : 00000000`00000139 00000000`00000003 ffffd000`252b7750 ffffd000`252b76a8 : nt!KeBugCheckEx
    ffffd000`252b7430 fffff803`c37cf610 : 00000000`00000000 00000000`00000010 ffffe000`dfd11228 00000000`00000002 : nt!KiBugCheckDispatch+0x69
    ffffd000`252b7570 fffff803`c37ce7f3 : ffffc000`96d88f11 ffffc000`94d19028 ffffd000`252b7840 fffff803`00000010 : nt!KiFastFailDispatch+0xd0
    ffffd000`252b7750 fffff803`c37dbd82 : ffffe000`ddab9cb8 fffff803`c36b472f 00000000`00000000 ffffd000`22a01a00 : nt!KiRaiseSecurityCheckFailure+0xf3
    ffffd000`252b78e0 fffff803`c36962c4 : ffffe000`00000000 ffffe000`ddab9c10 ffffe000`ddab9c10 00000000`ffffffff : nt! ?? ::FNODOBFM::`string'+0x8c82
    ffffd000`252b7910 fffff803`c36961e2 : 00000000`00000000 00000000`00000001 00000000`00000001 00000000`00000002 : nt!CcDeallocateBcb+0x1c
    ffffd000`252b7940 fffff803`c3695daa : ffffe000`00000001 00000000`00001000 00000000`000002fd 00000000`00000001 : nt!CcUnpinFileDataEx+0x3c2
    ffffd000`252b79a0 fffff803`c3722180 : 00000000`00001000 ffffd000`252b7aa9 00000000`0002b135 00000000`00001000 : nt!CcReleaseByteRangeFromWrite+0xaa
    ffffd000`252b79f0 fffff803`c3722686 : ffffe000`e08bdb38 00000000`00000000 00000000`00000001 ffffd000`252b7b98 : nt!CcFlushCachePriv+0x450
    ffffd000`252b7b00 fffff803`c36ecb79 : fffff803`c3a15200 fffff803`c3a5ab00 7fffffff`00000000 00000001`aa1c55e6 : nt!CcWriteBehindInternal+0x156
    ffffd000`252b7b80 fffff803`c368b125 : ffffe000`df0c7180 00000000`00000080 ffffe000`dcaea680 ffffe000`dd2d5800 : nt!ExpWorkerThread+0xe9
    ffffd000`252b7c10 fffff803`c37c9916 : ffffd000`8db07180 ffffe000`dd2d5800 fffff803`c368b0e4 fffff801`dc06d86f : nt!PspSystemThreadStartup+0x41
    ffffd000`252b7c60 00000000`00000000 : ffffd000`252b8000 ffffd000`252b2000 00000000`00000000 00000000`00000000 : nt!KiStartSystemThread+0x16
    
    
    STACK_COMMAND:  kb
    
    THREAD_SHA1_HASH_MOD_FUNC:  8c66561180cc9266a886088d1ad4aeaea6368885
    
    THREAD_SHA1_HASH_MOD_FUNC_OFFSET:  34e9acfcca7200aac1294562de7a2b15629e465b
    
    THREAD_SHA1_HASH_MOD:  fe34192f63d13620a8987d294372ee74d699cfee
    
    FOLLOWUP_IP: 
    nt!KiFastFailDispatch+d0
    fffff803`c37cf610 c644242000      mov     byte ptr [rsp+20h],0
    
    FAULT_INSTR_CODE:  202444c6
    
    SYMBOL_STACK_INDEX:  2
    
    SYMBOL_NAME:  nt!KiFastFailDispatch+d0
    
    FOLLOWUP_NAME:  MachineOwner
    
    MODULE_NAME: nt
    
    IMAGE_NAME:  ntkrnlmp.exe
    
    DEBUG_FLR_IMAGE_TIMESTAMP:  568b1c58
    
    IMAGE_VERSION:  10.0.10586.63
    
    BUCKET_ID_FUNC_OFFSET:  d0
    
    FAILURE_BUCKET_ID:  0x139_3_nt!KiFastFailDispatch
    
    BUCKET_ID:  0x139_3_nt!KiFastFailDispatch
    
    PRIMARY_PROBLEM_CLASS:  0x139_3_nt!KiFastFailDispatch
    
    TARGET_TIME:  2016-01-13T21:46:14.000Z
    
    OSBUILD:  10586
    
    OSSERVICEPACK:  0
    
    SERVICEPACK_NUMBER: 0
    
    OS_REVISION: 0
    
    SUITE_MASK:  784
    
    PRODUCT_TYPE:  1
    
    OSPLATFORM_TYPE:  x64
    
    OSNAME:  Windows 10
    
    OSEDITION:  Windows 10 WinNt TerminalServer SingleUserTS Personal
    
    OS_LOCALE:  
    
    USER_LCID:  0
    
    OSBUILD_TIMESTAMP:  2016-01-05 01:28:56
    
    BUILDDATESTAMP_STR:  160104-1513
    
    BUILDLAB_STR:  th2_release
    
    BUILDOSVER_STR:  10.0.10586.63.amd64fre.th2_release.160104-1513
    
    ANALYSIS_SESSION_ELAPSED_TIME: 5b6
    
    ANALYSIS_SOURCE:  KM
    
    FAILURE_ID_HASH_STRING:  km:0x139_3_nt!kifastfaildispatch
    
    FAILURE_ID_HASH:  {36173680-6f08-995f-065a-3d368c996911}
    
    Followup:     MachineOwner
    ---------
    
    

    Wednesday, January 13, 2016 10:55 PM
  • Some drivers that were included that stood out due to there age (pre Windows 10 age). To NIC drivers most notable to me perhaps.

    PxHlpa64.sys Px Engine Device Driver Mon Oct 17 15:29:34 2011
    dcrypt.sys DiskCryptor driver Wed Jul 09 07:42:01 2014
    mbae64.sys Malwarebytes Anti-Exploit Mon Sep 08 19:27:15 2014
    wachidrouter.sys Wacom HID Router Driver Wed Aug 06 19:10:05 2014
    wacomrouterfilter.sys Wacom Router Filter Wed Aug 06 19:10:12 2014
    dump_dcrypt.sys DiskCryptor driver Wed Jul 09 07:42:01 2014
    bcmwl63a.sys Broadcom 802.11 Network Adapter wireless driver Fri Oct 31 19:18:04 2014
    L1C63x64.sys Qualcomm Atheros AR8151 PCI-E Gigabit Ethernet Controller  Tue Jul 16 07:56:31 2013

    Wednesday, January 13, 2016 11:14 PM
  • Also, there is an issue with the latest GEFORCE driver (361.43) on some systems particularly with but not inclusive to applications that use OpenCL hardware acceleration.

    Rolling back the NVIDIA graphics driver to the previous stable version is recommended until the issue is fixed.

    Numerous reports of Kernel_Security_Check_Failure errors with the last update (361.43) as reported on the GEFORCE Drivers forum:

    https://forums.geforce.com/default/topic/904988/kernel-security-check-failure

    Edit:

    Rather than rolling back the GEFORCE driver you could try the following hotfix driver:

    http://nvidia.custhelp.com/app/answers/detail/a_id/3832

    Thursday, January 14, 2016 12:59 AM
  • Hi,

    Was your issue resolved?

    If you resolved it using our solution, please "mark it as answer" to help other community members find the helpful reply quickly.

    If you resolve it using your own solution, please share your experience and solution here. It will be very beneficial for other community members who have similar questions.

    If no, please reply and tell us the current situation in order to provide further help.


    Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.

    Wednesday, January 20, 2016 6:01 AM
    Moderator