帮忙分析下这个问题
******************************************************************************** *
* Bugcheck Analysis *
* *
*******************************************************************************
KERNEL_SECURITY_CHECK_FAILURE (139)
A kernel component has corrupted a critical data structure. The corruption
could potentially allow a malicious user to gain control of this machine.
Arguments:
Arg1: 0000000000000003, A LIST_ENTRY has been corrupted (i.e. double remove).
Arg2: ffff98810398cac0, Address of the trap frame for the exception that caused the bugcheck
Arg3: ffff98810398ca18, Address of the exception record for the exception that caused the bugcheck
Arg4: 0000000000000000, Reserved
Debugging Details:
------------------
***** Kernel symbols are WRONG. Please fix symbols to do analysis.
*************************************************************************
*** ***
*** ***
*** Either you specified an unqualified symbol, or your debugger ***
*** doesn't have full symbol information. Unqualified symbol ***
*** resolution is turned off by default. Please either specify a ***
*** fully qualified symbol module!symbolname, or enable resolution ***
*** of unqualified symbols by typing ".symopt- 100". Note that ***
*** enabling unqualified symbol resolution with network symbol ***
*** server shares in the symbol path may cause the debugger to ***
*** appear to hang for long periods of time when an incorrect ***
*** symbol name is typed or the network symbol server is down. ***
*** ***
*** For some commands to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Either you specified an unqualified symbol, or your debugger ***
*** doesn't have full symbol information. Unqualified symbol ***
*** resolution is turned off by default. Please either specify a ***
*** fully qualified symbol module!symbolname, or enable resolution ***
*** of unqualified symbols by typing ".symopt- 100". Note that ***
*** enabling unqualified symbol resolution with network symbol ***
*** server shares in the symbol path may cause the debugger to ***
*** appear to hang for long periods of time when an incorrect ***
*** symbol name is typed or the network symbol server is down. ***
*** ***
*** For some commands to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!KPRCB ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Either you specified an unqualified symbol, or your debugger ***
*** doesn't have full symbol information. Unqualified symbol ***
*** resolution is turned off by default. Please either specify a ***
*** fully qualified symbol module!symbolname, or enable resolution ***
*** of unqualified symbols by typing ".symopt- 100". Note that ***
*** enabling unqualified symbol resolution with network symbol ***
*** server shares in the symbol path may cause the debugger to ***
*** appear to hang for long periods of time when an incorrect ***
*** symbol name is typed or the network symbol server is down. ***
*** ***
*** For some commands to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Either you specified an unqualified symbol, or your debugger ***
*** doesn't have full symbol information. Unqualified symbol ***
*** resolution is turned off by default. Please either specify a ***
*** fully qualified symbol module!symbolname, or enable resolution ***
*** of unqualified symbols by typing ".symopt- 100". Note that ***
*** enabling unqualified symbol resolution with network symbol ***
*** server shares in the symbol path may cause the debugger to ***
*** appear to hang for long periods of time when an incorrect ***
*** symbol name is typed or the network symbol server is down. ***
*** ***
*** For some commands to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!KPRCB ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Either you specified an unqualified symbol, or your debugger ***
*** doesn't have full symbol information. Unqualified symbol ***
*** resolution is turned off by default. Please either specify a ***
*** fully qualified symbol module!symbolname, or enable resolution ***
*** of unqualified symbols by typing ".symopt- 100". Note that ***
*** enabling unqualified symbol resolution with network symbol ***
*** server shares in the symbol path may cause the debugger to ***
*** appear to hang for long periods of time when an incorrect ***
*** symbol name is typed or the network symbol server is down. ***
*** ***
*** For some commands to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Either you specified an unqualified symbol, or your debugger ***
*** doesn't have full symbol information. Unqualified symbol ***
*** resolution is turned off by default. Please either specify a ***
*** fully qualified symbol module!symbolname, or enable resolution ***
*** of unqualified symbols by typing ".symopt- 100". Note that ***
*** enabling unqualified symbol resolution with network symbol ***
*** server shares in the symbol path may cause the debugger to ***
*** appear to hang for long periods of time when an incorrect ***
*** symbol name is typed or the network symbol server is down. ***
*** ***
*** For some commands to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Either you specified an unqualified symbol, or your debugger ***
*** doesn't have full symbol information. Unqualified symbol ***
*** resolution is turned off by default. Please either specify a ***
*** fully qualified symbol module!symbolname, or enable resolution ***
*** of unqualified symbols by typing ".symopt- 100". Note that ***
*** enabling unqualified symbol resolution with network symbol ***
*** server shares in the symbol path may cause the debugger to ***
*** appear to hang for long periods of time when an incorrect ***
*** symbol name is typed or the network symbol server is down. ***
*** ***
*** For some commands to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Either you specified an unqualified symbol, or your debugger ***
*** doesn't have full symbol information. Unqualified symbol ***
*** resolution is turned off by default. Please either specify a ***
*** fully qualified symbol module!symbolname, or enable resolution ***
*** of unqualified symbols by typing ".symopt- 100". Note that ***
*** enabling unqualified symbol resolution with network symbol ***
*** server shares in the symbol path may cause the debugger to ***
*** appear to hang for long periods of time when an incorrect ***
*** symbol name is typed or the network symbol server is down. ***
*** ***
*** For some commands to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
ADDITIONAL_DEBUG_TEXT:
You can run '.symfix; .reload' to try to fix the symbol path and load symbols.
FAULTING_MODULE: fffff80032417000 nt
DEBUG_FLR_IMAGE_TIMESTAMP: 4d6da0f2
TRAP_FRAME: ffff98810398cac0 -- (.trap 0xffff98810398cac0)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=ffffab0cb1eabfc0 rbx=0000000000000000 rcx=0000000000000003
rdx=0000000000002000 rsi=0000000000000000 rdi=0000000000000000
rip=fffff800325a407b rsp=ffff98810398cc50 rbp=ffff98810398cd79
r8=0000000000000000 r9=0000000000000000 r10=0000000000000000
r11=ffff98810398cdd8 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up di pl nz na pe nc
nt!memset+0x315fb:
fffff800`325a407b cd29 int 29h
Resetting default scope
EXCEPTION_RECORD: ffff98810398ca18 -- (.exr 0xffff98810398ca18)
ExceptionAddress: fffff800325a407b (nt!memset+0x00000000000315fb)
ExceptionCode: c0000409 (Security check failure or stack buffer overrun)
ExceptionFlags: 00000001
NumberParameters: 1
Parameter[0]: 0000000000000003
DEFAULT_BUCKET_ID: WIN8_DRIVER_FAULT
BUGCHECK_STR: 0x139
CURRENT_IRQL: 0
ANALYSIS_VERSION: 6.3.9600.17336 (debuggers(dbg).150226-1500) amd64fre
LAST_CONTROL_TRANSFER: from fffff80032571a29 to fffff800325668b0
STACK_TEXT:
ffff9881`0398c798 fffff800`32571a29 : 00000000`00000139 00000000`00000003 ffff9881`0398cac0 ffff9881`0398ca18 : nt!KeBugCheckEx
ffff9881`0398c7a0 fffff800`32571d90 : 00000001`00000000 0000924f`0002000e 00000000`00000000 00000000`00000000 : nt!setjmpex+0x3f49
ffff9881`0398c8e0 fffff800`32570d73 : 00000000`0000011c fffff800`324b6089 00000000`00000000 fffff800`32af77a8 : nt!setjmpex+0x42b0
ffff9881`0398cac0 fffff800`325a407b : 00000000`00000000 fffff800`3281949d 00000000`00000025 ffffab0c`bdb02010 : nt!setjmpex+0x3293
ffff9881`0398cc50 fffff800`ca602d14 : ffff9881`00002c50 ffffab0c`b5ca18c0 ffffab0c`aab85ad0 ffffab0c`b74f926a : nt!memset+0x315fb
ffff9881`0398cc90 fffff800`32448762 : ffffab0c`b5ca18c0 ffffab0c`aab85980 00000000`c000000d 00000000`00000200 : topsecpf+0x2d14
ffff9881`0398ccc0 fffff800`cafc725c : ffffab0c`00000200 00000000`00001000 ffffab0c`b371abf0 ffff9880`00000000 : nt!IoCompleteRequest+0x122
ffff9881`0398cde0 fffff800`ca602eb6 : 69746365`6e6e6f00 726f7073`6e617254 73736572`64644174 00000000`00000000 : tdx+0x725c
ffff9881`0398ce80 fffff800`ca60126d : ffffab0c`b5ca19d8 ffffab0c`b5ca18c0 ffffab0c`b5ca18c0 ffffab0c`b3705e28 : topsecpf+0x2eb6
ffff9881`0398cec0 fffff800`ca601739 : ffffab0c`aab85980 ffffab0c`b5ca19d8 ffffab0c`b5ca18c0 ffffab0c`bdb02010 : topsecpf+0x126d
ffff9881`0398cef0 fffff800`32818a3f : 00000000`00000024 ffffab0c`bdb02010 ffff9881`0398d190 ffffab0c`b5857118 : topsecpf+0x1739
ffff9881`0398cf20 fffff800`3283b1e2 : fffff800`328173b0 fffff800`328173b0 ffff9881`00000000 ffffab0c`a9c3a2d0 : nt!SeQueryInformationToken+0x7c9f
ffff9881`0398d110 fffff800`3281c42d : ffffab0c`b74f9200 ffff9881`0398d370 ffffab0c`00000240 ffffab0c`a8ed0dc0 : nt!ObWaitForMultipleObjects+0xf32
ffff9881`0398d2e0 fffff800`327fe0e9 : ffff9881`00000001 ffffab0c`bdb020a8 ffff9881`0398d5e0 00000000`00000028 : nt!ObOpenObjectByNameEx+0x1dd
ffff9881`0398d420 fffff800`328d3cca : ffffab0c`bda5dcf8 0000924f`0002000e ffff9881`0398d5e0 ffff9881`0398d5d0 : nt!NtCreateFile+0x469
ffff9881`0398d4c0 fffff800`ca6b8918 : ffffab0c`bda5dc50 00000000`00000000 ffffab0c`bdd03780 00000000`00000000 : nt!IoCreateFile+0x8a
ffff9881`0398d550 fffff800`ca6a6f99 : 00000000`00000005 ffffab0c`bdea4bc0 00000000`00000000 00000000`00000001 : afd+0x58918
ffff9881`0398d680 fffff800`3282cdd0 : ffffab0c`bdea4bc0 ffffab0c`bdea4d68 00000000`00000000 00000000`00000000 : afd+0x46f99
ffff9881`0398d820 fffff800`3282c16c : ffffab0c`00000000 ffffab0c`baecc504 fffff780`000002dc ffff9881`0398db80 : nt!NtQueryInformationFile+0xc20
ffff9881`0398d8e0 fffff800`3282b3c6 : ab0cb504`0770fa2b 00000000`0000115c 00000000`00000001 00000000`00000000 : nt!NtDeviceIoControlFile+0xdfc
ffff9881`0398da20 fffff800`32571593 : 00000000`00000000 00000000`00000001 00000000`00000000 fffff800`00000000 : nt!NtDeviceIoControlFile+0x56
ffff9881`0398da90 00000000`5179222c : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!setjmpex+0x3ab3
00000000`011fef28 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x5179222c
STACK_COMMAND: kb
FOLLOWUP_IP:
topsecpf+2d14
fffff800`ca602d14 4885f6 test rsi,rsi
SYMBOL_STACK_INDEX: 5
SYMBOL_NAME: topsecpf+2d14
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: topsecpf
IMAGE_NAME: topsecpf.sys
BUCKET_ID: WRONG_SYMBOLS
FAILURE_BUCKET_ID: WRONG_SYMBOLS
ANALYSIS_SOURCE: KM
FAILURE_ID_HASH_STRING: km:wrong_symbols
FAILURE_ID_HASH: {70b057e8-2462-896f-28e7-ac72d4d365f8}
Followup: MachineOwner
---------
最后更新:2017-09-19 23:03:03
上一篇:
打开文件夹,提示没有与之关联的程序来执行操作
下一篇:
system 进程占CPU过高
你的设备已过期,并缺少重要的安全和质量更新,因此存在风险。让我们带你重回正轨,这样
Microsoft store 无法联网,显示Microsoft Store需要联网,你似乎没有联网
设备以迁移 由于仅部分匹配或匹配不明确,因此无法迁移设备
由于在创建转储期间出错,创建转储文件失败。
发生临时 DNS 错误
应用商店,在我们这边发生问题,无法使你登陆,错误代码: 0xD000000D
照相机不可用,错误代码:0xA00F4244(0xC00DABE0)
应用商店打开异常提示“清单中指定了未知的布局”
自定义扫描Windows defender里面的设备性能和运行状况 黄色感叹号问题
windows预口体验成员内口版本遇到问题需要重启
热门内容
windows10 点开此电脑后,有两个显示硬盘盘符的目录是怎么回事?
windows 10 专业版无法下载中文语言包
KB4056892
win10不能共享文件夹
在Surfacebook上用Windows to go 1703版本,更新后重启蓝屏,无法进入系统
windows10 1709版本更新失败,错误0x8007001f
microdoft visual c++ 2015 redistributable
WIN10 Insider Preview 17025更新失败,错误代码0x80096004
计算机管理服务 出现一个内部错误(INVALID
关于控制面板中的安全和维护内提示Windows defender 防病毒已关闭的问题