在正常使用完准备关机时,突然出现蓝屏,蓝屏提示为:KERNEL_SECURITY_CHECK_FAILURE (139),微软那边说需要卸载360,但用习惯了,实在不想删,求大佬救命
dump文件:
Minidump.zip
(1.98 MB)
第一次蓝屏的dump文件内容:
Microsoft (R) Windows Debugger Version 10.0.19041.685 X86
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [D:\BaiduNetdiskDownload\Minidump\Minidump\082921-13984-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: srv*
Executable search path is:
Windows 10 Kernel Version 19041 MP (8 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Built by: 19041.1.amd64fre.vb_release.191206-1406
Machine Name:
Kernel base = 0xfffff807`7c600000 PsLoadedModuleList = 0xfffff807`7d22a190
Debug session time: Sun Aug 29 07:57:34.972 2021 (UTC + 8:00)
System Uptime: 0 days 21:28:27.579
Loading Kernel Symbols
...............................................................
................................................................
................................................................
..................................................
Loading User Symbols
Loading unloaded module list
...................
For analysis of this file, run !analyze -v
1: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
KERNEL_SECURITY_CHECK_FAILURE (139)
A kernel component has corrupted a critical data structure. The corruption
could potentially allow a malicious user to gain control of this machine.
Arguments:
Arg1: 000000000000001d, Type of memory safety violation
Arg2: fffffd058e45ef10, Address of the trap frame for the exception that caused the bugcheck
Arg3: fffffd058e45ee68, Address of the exception record for the exception that caused the bugcheck
Arg4: 0000000000000000, Reserved
Debugging Details:
------------------
*** WARNING: Unable to verify timestamp for 360Hvm64.sys
*** WARNING: Unable to verify timestamp for win32k.sys
KEY_VALUES_STRING: 1
Key : Analysis.CPU.Sec
Value: 3
Key : Analysis.DebugAnalysisProvider.CPP
Value: Create: 8007007e on DESKTOP-5JF7T7G
Key : Analysis.DebugData
Value: CreateObject
Key : Analysis.DebugModel
Value: CreateObject
Key : Analysis.Elapsed.Sec
Value: 6
Key : Analysis.Memory.CommitPeak.Mb
Value: 112
Key : Analysis.System
Value: CreateObject
BUGCHECK_CODE: 139
BUGCHECK_P1: 1d
BUGCHECK_P2: fffffd058e45ef10
BUGCHECK_P3: fffffd058e45ee68
BUGCHECK_P4: 0
TRAP_FRAME: fffffd058e45ef10 -- (.trap 0xfffffd058e45ef10)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=fffff8077d212400 rbx=0000000000000000 rcx=000000000000001d
rdx=fffff8077d2124c0 rsi=0000000000000000 rdi=0000000000000000
rip=fffff8077ca3d919 rsp=fffffd058e45f0a8 rbp=000000000000000f
r8=fffff8077d2124c0 r9=0000000000000000 r10=fffff8077d212400
r11=fffff8077d231360 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up di ng nz na pe cy
nt!RtlRbRemoveNode+0x1b2529:
fffff807`7ca3d919 cd29 int 29h
Resetting default scope
EXCEPTION_RECORD: fffffd058e45ee68 -- (.exr 0xfffffd058e45ee68)
ExceptionAddress: fffff8077ca3d919 (nt!RtlRbRemoveNode+0x00000000001b2529)
ExceptionCode: c0000409 (Security check failure or stack buffer overrun)
ExceptionFlags: 00000001
NumberParameters: 1
Parameter[0]: 000000000000001d
Subcode: 0x1d FAST_FAIL_INVALID_BALANCED_TREE
BLACKBOXBSD: 1 (!blackboxbsd)
BLACKBOXNTFS: 1 (!blackboxntfs)
BLACKBOXPNP: 1 (!blackboxpnp)
BLACKBOXWINLOGON: 1
CUSTOMER_CRASH_COUNT: 1
PROCESS_NAME: svchost.exe
ERROR_CODE: (NTSTATUS) 0xc0000409 -<Unable to get error code text>
EXCEPTION_CODE_STR: c0000409
EXCEPTION_PARAMETER1: 000000000000001d
EXCEPTION_STR: 0xc0000409
BAD_STACK_POINTER: fffffd058e45ebe8
STACK_TEXT:
fffffd05`8e45ebe8 fffff807`7ca09169 : 00000000`00000139 00000000`0000001d fffffd05`8e45ef10 fffffd05`8e45ee68 : nt!KeBugCheckEx
fffffd05`8e45ebf0 fffff807`7ca09590 : 00000000`00000000 ffffba80`0fd80180 ffffa101`200e4040 00000000`00000000 : nt!KiBugCheckDispatch+0x69
fffffd05`8e45ed30 fffff807`7ca07923 : ffff8c8d`360b5d10 00000000`00020000 00000000`00000000 00000000`00000000 : nt!KiFastFailDispatch+0xd0
fffffd05`8e45ef10 fffff807`7ca3d919 : 00000000`00000002 00000000`00000002 fffff807`7cb1b677 00000000`0000000f : nt!KiRaiseSecurityCheckFailure+0x323
fffffd05`8e45f0a8 fffff807`7cb1b677 : 00000000`0000000f 00000000`00000201 ffffffff`ffffffff 00000000`00000000 : nt!RtlRbRemoveNode+0x1b2529
fffffd05`8e45f0c0 fffff807`7cb19af1 : 00000000`00000002 00000000`00000200 00000000`00000201 0000017a`8c6047e4 : nt!KiSetVirtualHeteroClockIntervalRequest+0x83
fffffd05`8e45f0f0 fffff807`7cb191d7 : 00000000`00000002 00000000`00000200 00000000`00000201 ffffba80`0fd80180 : nt!KeUpdatePendingQosRequest+0x31
fffffd05`8e45f130 fffff807`7c9fe2eb : ffffba80`0fd80180 000fa4ef`bd9bbfff ffffa101`1d9ab080 ffffa101`1f857080 : nt!KeCheckAndApplyBamQos+0xd7
fffffd05`8e45f160 fffff807`7c9fdf56 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!SwapContext+0xbb
fffffd05`8e45f1a0 fffff807`7c80c970 : 00000000`0003168e 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSwapContext+0x76
fffffd05`8e45f2e0 fffff807`7c80be9f : ffff8c8d`43e9e5d0 fffff807`7cc2d91c fffffd05`8e45f4a0 00000000`ffff0002 : nt!KiSwapThread+0x500
fffffd05`8e45f390 fffff807`7c80b743 : 00000000`00000000 fffff807`00000000 ffffa101`3ecedc00 ffffa101`1f8571c0 : nt!KiCommitThreadWait+0x14f
fffffd05`8e45f430 fffff807`7c896983 : ffffa101`1f857508 00000000`00000011 ffffa101`1d26fd01 00000000`00000000 : nt!KeWaitForSingleObject+0x233
fffffd05`8e45f520 fffff807`7cc84876 : 00000000`00000000 ffffa101`1f857508 c8fc2c49`00000011 0000017a`8c624f38 : nt!AlpcpSignalAndWait+0x143
fffffd05`8e45f5c0 fffff807`7cc844db : fffffd05`8e45f6a0 0000017a`8c624f38 0000017a`91790770 00000000`7e000000 : nt!AlpcpReceiveSynchronousReply+0x56
fffffd05`8e45f620 fffff807`7cc82566 : ffffa101`21b8a070 fffff807`00020000 0000017a`91790770 0000017a`8c624f38 : nt!AlpcpProcessSynchronousRequest+0x37b
fffffd05`8e45f740 fffff807`96217156 : 00000000`00000000 fffffd05`8e45fa80 00000050`f0dfc578 fffffd05`8e45f9a8 : nt!NtAlpcSendWaitReceivePort+0x1d6
fffffd05`8e45f800 00000000`00000000 : fffffd05`8e45fa80 00000050`f0dfc578 fffffd05`8e45f9a8 0000017a`91790770 : 360Hvm64+0x17156
SYMBOL_NAME: 360Hvm64+17156
MODULE_NAME: 360Hvm64
IMAGE_NAME: 360Hvm64.sys
STACK_COMMAND: .thread ; .cxr ; kb
BUCKET_ID_FUNC_OFFSET: 17156
FAILURE_BUCKET_ID: 0x139_1d_INVALID_BALANCED_TREE_STACKPTR_ERROR_360Hvm64!unknown_function
OS_VERSION: 10.0.19041.1
BUILDLAB_STR: vb_release
OSPLATFORM_TYPE: x64
OSNAME: Windows 10
FAILURE_ID_HASH: {d2a1590c-d87e-3717-9871-5142c0909462}
Followup: MachineOwner
---------
|
|
|
|
评论
直达楼层