wbenny / hvpp

hvpp is a lightweight Intel x64/VT-x hypervisor written in C++ focused primarily on virtualization of already running operating system
MIT License
1.12k stars 221 forks source link

KERNEL_SECURITY_CHECK_FAILURE (139) #41

Open Tai7sy opened 5 years ago

Tai7sy commented 5 years ago

BSOD randomly

debug Screenshot: screenshot.png

!analyze -v

*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

KERNEL_SECURITY_CHECK_FAILURE (139)
A kernel component has corrupted a critical data structure.  The corruption
could potentially allow a malicious user to gain control of this machine.
Arguments:
Arg1: 0000000000000004, The thread's stack pointer was outside the legal stack
    extents for the thread.
Arg2: ffffac0a81dbd110, Address of the trap frame for the exception that caused the bugcheck
Arg3: ffffac0a81dbd068, Address of the exception record for the exception that caused the bugcheck
Arg4: 0000000000000000, Reserved

Debugging Details:
------------------

"C:\Windows\System32\KERNELBASE.dll" was not found in the image list.
Debugger will attempt to load "C:\Windows\System32\KERNELBASE.dll" at given base 00000000`00000000.

Please provide the full image name, including the extension (i.e. kernel32.dll)
for more reliable results.Base address and size overrides can be given as
.reload <image.ext>=<base>,<size>.

KEY_VALUES_STRING: 1

PROCESSES_ANALYSIS: 1

SERVICE_ANALYSIS: 1

STACKHASH_ANALYSIS: 1

TIMELINE_ANALYSIS: 1

DUMP_CLASS: 1

DUMP_QUALIFIER: 0

BUILD_VERSION_STRING:  17763.1.amd64fre.rs5_release.180914-1434

DUMP_TYPE:  0

BUGCHECK_P1: 4

BUGCHECK_P2: ffffac0a81dbd110

BUGCHECK_P3: ffffac0a81dbd068

BUGCHECK_P4: 0

TRAP_FRAME:  ffff18a01182070f -- (.trap 0xffff18a01182070f)
Unable to read trap frame at ffff18a0`1182070f

EXCEPTION_RECORD:  ffffac0a81dbd068 -- (.exr 0xffffac0a81dbd068)
ExceptionAddress: fffff80413a3b7df (nt!RtlpGetStackLimits+0x0000000000147c7f)
   ExceptionCode: c0000409 (Security check failure or stack buffer overrun)
  ExceptionFlags: 00000001
NumberParameters: 1
   Parameter[0]: 0000000000000004
Subcode: 0x4 FAST_FAIL_INCORRECT_STACK

CPU_COUNT: 4

CPU_MHZ: e10

CPU_VENDOR:  GenuineIntel

CPU_FAMILY: 6

CPU_MODEL: 9e

CPU_STEPPING: 9

CPU_MICROCODE: 6,9e,9,0 (F,M,S,R)  SIG: B4'00000000 (cache) B4'00000000 (init)

BUGCHECK_STR:  0x139

PROCESS_NAME:  debug_me.exe

CURRENT_IRQL:  0

DEFAULT_BUCKET_ID:  FAIL_FAST_INCORRECT_STACK

WATSON_BKT_EVENT:  BEX

ERROR_CODE: (NTSTATUS) 0xc0000409 - <Unable to get error code text>

EXCEPTION_CODE: (NTSTATUS) 0xc0000409 - <Unable to get error code text>

EXCEPTION_CODE_STR:  c0000409

EXCEPTION_PARAMETER1:  0000000000000004

ANALYSIS_SESSION_HOST:  windywhli-PC1

ANALYSIS_SESSION_TIME:  11-19-2019 20:19:23.0224

ANALYSIS_VERSION: 10.0.18362.1 amd64fre

BAD_STACK_POINTER:  ffffac0a81dbc628

LAST_CONTROL_TRANSFER:  from fffff80413aa2d72 to fffff804139cd390

STACK_TEXT:  
ffffac0a`81dbc628 fffff804`13aa2d72 : 00000000`00000004 00000000`00000003 ffffac0a`81dbc790 fffff804`1396d380 : nt!DbgBreakPointWithStatus
ffffac0a`81dbc630 fffff804`13aa24f7 : 00000000`00000003 ffffac0a`81dbc790 fffff804`139d9660 00000000`00000139 : nt!KiBugCheckDebugBreak+0x12
ffffac0a`81dbc690 fffff804`139c5837 : 00000000`00000000 cccccccc`cccccccc 00000000`00000000 00001f80`00cc00cc : nt!KeBugCheck2+0x957
ffffac0a`81dbcdb0 fffff804`139d6e69 : 00000000`00000139 00000000`00000004 ffffac0a`81dbd110 ffffac0a`81dbd068 : nt!KeBugCheckEx+0x107
ffffac0a`81dbcdf0 fffff804`139d7210 : cccccccc`cccccccc cccccccc`cccccccc cccccccc`cccccccc cccccccc`cccccccc : nt!KiBugCheckDispatch+0x69
ffffac0a`81dbcf30 fffff804`139d5608 : cccccccc`cccccccc cccccccc`cccccccc cccccccc`cccccccc cccccccc`cccccccc : nt!KiFastFailDispatch+0xd0
ffffac0a`81dbd110 fffff804`13a3b7df : 00000000`00000000 ffffac0a`81dbd550 cccccccc`cccccccc cccccccc`cccccccc : nt!KiRaiseSecurityCheckFailure+0x308
ffffac0a`81dbd2a0 fffff804`13926e7b : cccccccc`cccccccc cccccccc`cccccccc cccccccc`00000003 cccccccc`cccccccc : nt!RtlpGetStackLimits+0x147c7f
ffffac0a`81dbd2d0 fffff804`13834ac4 : ffffac0a`81dbdd08 ffffac0a`81dbda50 ffffac0a`81dbdd08 ffffac0a`81db6000 : nt!RtlDispatchException+0x6b
ffffac0a`81dbd520 fffff804`139d6f42 : 00000000`00000000 fffff804`138ec094 ffff18a0`1182070f fffff804`14283af6 : nt!KiDispatchException+0x144
ffffac0a`81dbdbd0 fffff804`139d178e : ffffac0a`81dbddc0 fffff804`1aab3e85 00000000`00000000 00000020`00000000 : nt!KiExceptionDispatch+0xc2
ffffac0a`81dbddb0 fffff804`1aab34c1 : 00000000`00000000 00000000`00484ea3 cccccccc`cccccccc cccccccc`cccccccc : nt!KiInvalidOpcodeFault+0x30e
ffffac0a`81dbdf40 fffff804`1aac3be5 : 00000000`0019fa90 00000000`004023fd 00000000`00010202 00000000`00000005 : win32dk!hvpp::vcpu_t::entry_host+0x161 [D:\MyProjects\VSProjects\hvpp\src\hvpp\hvpp\vcpu.cpp @ 849]
ffffac0a`81dbdfb0 00000000`00402402 : 004020f3`00401714 00739670`004020f3 0019fa98`00401564 0040131f`0019fae0 : win32dk!hvpp::vcpu_t::entry_host_+0x58 [D:\MyProjects\VSProjects\hvpp\src\hvpp\hvpp\vcpu.asm @ 231]
00000000`0019fa90 004020f3`00401714 : 00739670`004020f3 0019fa98`00401564 0040131f`0019fae0 00000007`004020f3 : debug_me+0x2402
00000000`0019fa98 00739670`004020f3 : 0019fa98`00401564 0040131f`0019fae0 00000007`004020f3 4150083c`c0000000 : 0x004020f3`00401714
00000000`0019faa0 0019fa98`00401564 : 0040131f`0019fae0 00000007`004020f3 4150083c`c0000000 40180000`00000000 : 0x00739670`004020f3
00000000`0019faa8 0040131f`0019fae0 : 00000007`004020f3 4150083c`c0000000 40180000`00000000 4150083b`40000000 : 0x0019fa98`00401564
00000000`0019fab0 00000007`004020f3 : 4150083c`c0000000 40180000`00000000 4150083b`40000000 00000007`0073e308 : 0x0040131f`0019fae0
00000000`0019fab8 4150083c`c0000000 : 40180000`00000000 4150083b`40000000 00000007`0073e308 004020f3`00739670 : 0x00000007`004020f3
00000000`0019fac0 40180000`00000000 : 4150083b`40000000 00000007`0073e308 004020f3`00739670 0041c7f0`0019fb14 : 0x4150083c`c0000000
00000000`0019fac8 4150083b`40000000 : 00000007`0073e308 004020f3`00739670 0041c7f0`0019fb14 004b5710`02416dc8 : 0x40180000`00000000
00000000`0019fad0 00000007`0073e308 : 004020f3`00739670 0041c7f0`0019fb14 004b5710`02416dc8 004b5710`02416dc8 : 0x4150083b`40000000
00000000`0019fad8 004020f3`00739670 : 0041c7f0`0019fb14 004b5710`02416dc8 004b5710`02416dc8 004b5710`0040baa0 : 0x00000007`0073e308
00000000`0019fae0 0041c7f0`0019fb14 : 004b5710`02416dc8 004b5710`02416dc8 004b5710`0040baa0 fffffffe`ffffffff : 0x004020f3`00739670
00000000`0019fae8 004b5710`02416dc8 : 004b5710`02416dc8 004b5710`0040baa0 fffffffe`ffffffff 76a96c42`0019fb40 : 0x0041c7f0`0019fb14
00000000`0019faf0 004b5710`02416dc8 : 004b5710`0040baa0 fffffffe`ffffffff 76a96c42`0019fb40 000007d8`004012c3 : 0x004b5710`02416dc8
00000000`0019faf8 004b5710`0040baa0 : fffffffe`ffffffff 76a96c42`0019fb40 000007d8`004012c3 0019fb80`004120b9 : 0x004b5710`02416dc8
00000000`0019fb00 fffffffe`ffffffff : 76a96c42`0019fb40 000007d8`004012c3 0019fb80`004120b9 02416dc8`02416dc8 : 0x004b5710`0040baa0
00000000`0019fb08 76a96c42`0019fb40 : 000007d8`004012c3 0019fb80`004120b9 02416dc8`02416dc8 0040baa0`0019fc20 : 0xfffffffe`ffffffff
00000000`0019fb10 000007d8`004012c3 : 0019fb80`004120b9 02416dc8`02416dc8 0040baa0`0019fc20 02416dc8`0040baa0 : 0x76a96c42`0019fb40
00000000`0019fb18 0019fb80`004120b9 : 02416dc8`02416dc8 0040baa0`0019fc20 02416dc8`0040baa0 00000000`00000001 : 0x000007d8`004012c3
00000000`0019fb20 02416dc8`02416dc8 : 0040baa0`0019fc20 02416dc8`0040baa0 00000000`00000001 0047f1d2`0019fc14 : 0x0019fb80`004120b9
00000000`0019fb28 0040baa0`0019fc20 : 02416dc8`0040baa0 00000000`00000001 0047f1d2`0019fc14 004153f9`ffffffff : 0x02416dc8`02416dc8
00000000`0019fb30 02416dc8`0040baa0 : 00000000`00000001 0047f1d2`0019fc14 004153f9`ffffffff 0019fb80`000007d8 : 0x0040baa0`0019fc20
00000000`0019fb38 00000000`00000001 : 0047f1d2`0019fc14 004153f9`ffffffff 0019fb80`000007d8 004153ca`00000000 : 0x02416dc8`0040baa0
00000000`0019fb40 0047f1d2`0019fc14 : 004153f9`ffffffff 0019fb80`000007d8 004153ca`00000000 0019fb80`000007d8 : 0x1
00000000`0019fb48 004153f9`ffffffff : 0019fb80`000007d8 004153ca`00000000 0019fb80`000007d8 0040badb`00000000 : 0x0047f1d2`0019fc14
00000000`0019fb50 0019fb80`000007d8 : 004153ca`00000000 0019fb80`000007d8 0040badb`00000000 0019fb80`000007d8 : 0x004153f9`ffffffff
00000000`0019fb58 004153ca`00000000 : 0019fb80`000007d8 0040badb`00000000 0019fb80`000007d8 00000000`00000000 : 0x0019fb80`000007d8
00000000`0019fb60 0019fb80`000007d8 : 0040badb`00000000 0019fb80`000007d8 00000000`00000000 16010002`52010001 : 0x004153ca`00000000
00000000`0019fb68 0040badb`00000000 : 0019fb80`000007d8 00000000`00000000 16010002`52010001 00000000`00000000 : 0x0019fb80`000007d8
00000000`0019fb70 0019fb80`000007d8 : 00000000`00000000 16010002`52010001 00000000`00000000 00486218`00000000 : 0x0040badb`00000000
00000000`0019fb78 00000000`00000000 : 16010002`52010001 00000000`00000000 00486218`00000000 004b8118`0047de32 : 0x0019fb80`000007d8

THREAD_SHA1_HASH_MOD_FUNC:  9878726627229c0c7c7b6cf8cacb076f99901365

THREAD_SHA1_HASH_MOD_FUNC_OFFSET:  6b7b4724f584776c4f57d46af500ba565cf0d156

THREAD_SHA1_HASH_MOD:  6ae1ede5fed85cf92790998645c6060afa1c331a

FOLLOWUP_IP: 
win32dk!hvpp::vcpu_t::entry_host+161 [D:\MyProjects\VSProjects\hvpp\src\hvpp\hvpp\vcpu.cpp @ 849]
fffff804`1aab34c1 440f79a720800000        vmwrite r12,qword ptr [rdi+8020h]

FAULT_INSTR_CODE:  a7790f44

FAULTING_SOURCE_LINE:  D:\MyProjects\VSProjects\hvpp\src\hvpp\hvpp\vcpu.cpp

FAULTING_SOURCE_FILE:  D:\MyProjects\VSProjects\hvpp\src\hvpp\hvpp\vcpu.cpp

FAULTING_SOURCE_LINE_NUMBER:  849

SYMBOL_STACK_INDEX:  c

SYMBOL_NAME:  win32dk!hvpp::vcpu_t::entry_host+161

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: win32dk

IMAGE_NAME:  win32dk.sys

DEBUG_FLR_IMAGE_TIMESTAMP:  5dce5bd8

STACK_COMMAND:  .thread ; .cxr ; kb

BUCKET_ID_FUNC_OFFSET:  161

FAILURE_BUCKET_ID:  0x139_MISSING_GSFRAME_STACKPTR_ERROR_win32dk!hvpp::vcpu_t::entry_host

BUCKET_ID:  0x139_MISSING_GSFRAME_STACKPTR_ERROR_win32dk!hvpp::vcpu_t::entry_host

PRIMARY_PROBLEM_CLASS:  0x139_MISSING_GSFRAME_STACKPTR_ERROR_win32dk!hvpp::vcpu_t::entry_host

TARGET_TIME:  2019-11-19T12:18:30.000Z

OSBUILD:  17763

OSSERVICEPACK:  0

SERVICEPACK_NUMBER: 0

OS_REVISION: 0

SUITE_MASK:  272

PRODUCT_TYPE:  1

OSPLATFORM_TYPE:  x64

OSNAME:  Windows 10

OSEDITION:  Windows 10 WinNt TerminalServer SingleUserTS

OS_LOCALE:  

USER_LCID:  0

OSBUILD_TIMESTAMP:  2005-12-02 00:58:59

BUILDDATESTAMP_STR:  180914-1434

BUILDLAB_STR:  rs5_release

BUILDOSVER_STR:  10.0.17763.1.amd64fre.rs5_release.180914-1434

ANALYSIS_SESSION_ELAPSED_TIME:  fbfd

ANALYSIS_SOURCE:  KM

FAILURE_ID_HASH_STRING:  km:0x139_missing_gsframe_stackptr_error_win32dk!hvpp::vcpu_t::entry_host

FAILURE_ID_HASH:  {46030f82-f280-8494-bba2-d63fa3a0fafa}

Followup:     MachineOwner
---------