*** Fatal System Error: 0x00000139 (0x00000003,0x81BE4B54,0x81BE4A80,0x00000000) Break instruction exception - code 80000003 (first chance) A fatal system error has occurred. Debugger entered on first try; Bugcheck callbacks have not been invoked. A fatal system error has occurred. Connected to Windows 8 9600 x86 compatible target at (Wed Nov 19 17:13:11.168 2014 (UTC + 1:00)), ptr64 FALSE Loading Kernel Symbols ............................................................... ................................................................ ......................... Loading User Symbols ................................................................ ................................................................ ................................................................ .................... Loading unloaded module list ............... ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* Use !analyze -v to get detailed debugging information. BugCheck 139, {3, 81be4b54, 81be4a80, 0} Probably caused by : Pool_Corruption ( nt!ExDeferredFreePool+483 ) Followup: Pool_corruption --------- nt!RtlpBreakWithStatusInstruction: 81f10ef4 cc int 3 1: kd> .reload Connected to Windows 8 9600 x86 compatible target at (Wed Nov 19 17:14:17.937 2014 (UTC + 1:00)), ptr64 FALSE Loading Kernel Symbols ............................................................... ................................................................ ......................... Loading User Symbols ................................................................ ................................................................ ................................................................ .................... Loading unloaded module list ............... 1: kd> !analyze -v ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* KERNEL_SECURITY_CHECK_FAILURE (139) A kernel component has corrupted a critical data structure. The corruption could potentially allow a malicious user to gain control of this machine. Arguments: Arg1: 00000003, A LIST_ENTRY has been corrupted (i.e. double remove). Arg2: 81be4b54, Address of the trap frame for the exception that caused the bugcheck Arg3: 81be4a80, Address of the exception record for the exception that caused the bugcheck Arg4: 00000000, Reserved Debugging Details: ------------------ TRAP_FRAME: 81be4b54 -- (.trap 0xffffffff81be4b54) ErrCode = 00000000 eax=00000000 ebx=a5415da8 ecx=9933b5d0 edx=00000003 esi=00000002 edi=88827334 eip=81ff04a3 esp=81be4bc8 ebp=81be4c10 iopl=0 nv up ei pl nz ac po cy cs=0008 ss=0010 ds=b5c0 es=0023 fs=0030 gs=0023 efl=00000213 nt!ExDeferredFreePool+0x483: 81ff04a3 cd29 int 29h Resetting default scope EXCEPTION_RECORD: 81be4a80 -- (.exr 0xffffffff81be4a80) ExceptionAddress: 81ff04a3 (nt!ExDeferredFreePool+0x00000483) ExceptionCode: c0000409 (Security check failure or stack buffer overrun) ExceptionFlags: 00000001 NumberParameters: 1 Parameter[0]: 00000003 DEFAULT_BUCKET_ID: LIST_ENTRY_CORRUPT BUGCHECK_STR: 0x139 PROCESS_NAME: explorer.exe CURRENT_IRQL: 1 ERROR_CODE: (NTSTATUS) 0xc0000409 - The system detected an overrun of a stack-based buffer in this application. This overrun could potentially allow a malicious user to gain control of this application. EXCEPTION_CODE: (NTSTATUS) 0xc0000409 - The system detected an overrun of a stack-based buffer in this application. This overrun could potentially allow a malicious user to gain control of this application. EXCEPTION_PARAMETER1: 00000003 LAST_CONTROL_TRANSFER: from 81f91cbe to 81f10ef4 STACK_TEXT: 81be4614 81f91cbe 00000003 d630f8a2 00000065 nt!RtlpBreakWithStatusInstruction 81be4668 81f917d8 801c8138 81be4a68 81be4b54 nt!KiBugCheckDebugBreak+0x1f 81be4a3c 81f0fab6 00000139 00000003 81be4b54 nt!KeBugCheck2+0x676 81be4a60 81f20efa 00000139 00000003 81be4b54 nt!KiBugCheck2+0xc6 81be4a60 81ff04a3 00000139 00000003 81be4b54 nt!KiRaiseSecurityCheckFailure+0xf6 81be4c10 81ff0bd4 90600fc0 8886f978 00000001 nt!ExDeferredFreePool+0x483 81be4c88 932fd58e 8886f978 00000000 c431a195 nt!ExFreePoolWithTag+0x724 81be4f3c 81f20b27 00000042 0000000c 8886f978 win32k!NtUserSystemParametersInfo+0x1c2 81be4f3c 77c26ce4 00000042 0000000c 8886f978 nt!KiSystemServicePostCall 042fda68 7796bc63 7796bcd9 00000042 0000000c ntdll!KiFastSystemCallRet 042fda6c 7796bcd9 00000042 0000000c 042fdbd4 USER32!NtUserSystemParametersInfo+0xa 042fdab0 74681f1a 00000042 0000000c 042fdbd4 USER32!RealSystemParametersInfoW+0x5d 042fdb60 7796bda2 00000042 0000000c 042fdbd4 UxTheme!ThemeSystemParametersInfoW+0x9e [d:\blue_gdr\shell\themes\uxtheme\sethook.cpp @ 1388] 042fdba8 7468cc6e 00000042 0000000c 042fdbd4 USER32!SystemParametersInfoW+0xa2 042fde0c 6471bf5d 042fdea0 ffffffff 6471e72c UxTheme!IsThemeActive+0x4d [d:\blue_gdr\shell\themes\uxtheme\wrapper.cpp @ 2516] 042fde18 6471e72c 0000000f 042fdfcc 0ecdfc60 UIRibbon!MsoThemeFActive+0x1c 042fded0 6471b5dd 01010919 042fe1b0 042fe020 UIRibbon!NetUI::Element::Paint+0x65 042fdf6c 6471b634 0fcbba38 0ecdfc60 042fdfcc UIRibbon!NetUI::Element::_DisplayNodeCallback+0x440 042fdfb8 6471d308 0fcbba38 042fdfcc 00000002 UIRibbon!GPCB::xwInvokeDirect+0x22 042fdff4 6471ea45 0fcbba38 01010919 042fe1b0 UIRibbon!GPCB::xrFirePaint+0x4a 042fe034 6471df1e 042fe074 042fe1b0 0fcbba38 UIRibbon!DuVisual::xrDrawCore+0xcc 042fe1d4 6471df7b 042fe210 0fcbba90 00000000 UIRibbon!DuVisual::xrDrawFull+0x6a2 042fe370 6471df7b 042fe3ac 0fcbc4e0 00000000 UIRibbon!DuVisual::xrDrawFull+0x733 042fe50c 6471df7b 042fe548 0fcbc590 00000000 UIRibbon!DuVisual::xrDrawFull+0x733 042fe6a8 6471df7b 042fe6e4 0fcbc640 00000000 UIRibbon!DuVisual::xrDrawFull+0x733 042fe844 6471df7b 042fe880 0fcbc6f0 00000000 UIRibbon!DuVisual::xrDrawFull+0x733 042fe9e0 6471df7b 042fea1c 0fcb1678 ffffffff UIRibbon!DuVisual::xrDrawFull+0x733 042feb7c 6471d298 042fec6c 0fcb1678 00000000 UIRibbon!DuVisual::xrDrawFull+0x733 042feb90 64720f03 042fec6c 00000000 7700930b UIRibbon!DuVisual::xrDrawStart+0x3a 042feca8 6472806f 00000000 5f0108e7 042fed00 UIRibbon!DuRootGadget::xrDrawTree+0x384 042fed24 746d8254 00000000 5f0108e7 5f0108e7 UIRibbon!HWndContainer::OnNcPaint+0x176 042fed4c 746d81e9 0ade8e44 04010908 0ade8e20 UxTheme!NcDrawCustomElements+0x61 [d:\blue_gdr\shell\themes\uxtheme\nctheme.cpp @ 4692] 042fedfc 746d7e60 04010908 0ade8e44 042fee40 UxTheme!CThemeWnd::NcPaintCaption+0x5a6 [d:\blue_gdr\shell\themes\uxtheme\nctheme.cpp @ 4819] 042feefc 746d2930 00000000 00000000 05040918 UxTheme!CThemeWnd::NcPaint+0x457 [d:\blue_gdr\shell\themes\uxtheme\nctheme.cpp @ 5170] 042fef20 74685a13 0ade8e20 042fef68 779de2a8 UxTheme!OnDwpNcPaint+0x60 [d:\blue_gdr\shell\themes\uxtheme\nctheme.cpp @ 5764] 042fef90 74681964 05040918 00000000 00000001 UxTheme!_ThemeDefWindowProc+0x629 [d:\blue_gdr\shell\themes\uxtheme\sethook.cpp @ 1070] 042fefa4 77969962 00030102 00000085 05040918 UxTheme!ThemeDefWindowProcW+0x18 [d:\blue_gdr\shell\themes\uxtheme\sethook.cpp @ 1114] 042feff8 6ab72147 00030102 00000085 05040918 USER32!DefWindowProcW+0x1e7 042ff03c 6ab6b41c 00030102 00000085 05040918 explorerframe!CExplorerFrame::v_WndProc+0xfc 042ff060 779675b3 00030102 00000085 05040918 explorerframe!CImpWndProc::s_WndProc+0x69 042ff08c 779677b8 6ab6b3db 00030102 00000085 USER32!_InternalCallWinProc+0x23 042ff10c 77969b6a 00030102 00000085 05040918 USER32!UserCallWinProcCheckWow+0x110 042ff138 6470b6f1 6ab6b3db 00030102 00000085 USER32!CallWindowProcW+0x63 042ff170 779675b3 01650fc0 00000085 05040918 UIRibbon!WndBridge::RawWndProc+0xfa 042ff19c 77967677 04650fc0 00030102 00000085 USER32!_InternalCallWinProc+0x23 042ff21c 77969744 00030102 00000085 05040918 USER32!UserCallWinProcCheckWow+0x1c9 042ff278 77969894 016661b0 00000085 05040918 USER32!DispatchClientMessage+0xb5 042ff2a0 77c26c1e 042ff2bc 00000018 042ff398 USER32!__fnDWORD+0x2c 042ff2d0 779698b6 77969bb0 00030102 0000000f ntdll!KiUserCallbackDispatcher+0x2e 042ff2d4 77969bb0 00030102 0000000f 00000000 USER32!NtUserMessageCall+0xa 042ff358 7796857c 00000000 00000000 00000000 USER32!RealDefWindowProcWorker+0x183 042ff3a8 6ab72147 00030102 0000000f 00000000 USER32!DefWindowProcW+0x100 042ff3e8 6ab6b41c 00030102 0000000f 00000000 explorerframe!CExplorerFrame::v_WndProc+0xfc 042ff40c 779675b3 00030102 0000000f 00000000 explorerframe!CImpWndProc::s_WndProc+0x69 042ff438 779677b8 6ab6b3db 00030102 0000000f USER32!_InternalCallWinProc+0x23 042ff4b8 77969b6a 00030102 0000000f 00000000 USER32!UserCallWinProcCheckWow+0x110 042ff4e4 6470b6f1 6ab6b3db 00030102 0000000f USER32!CallWindowProcW+0x63 042ff51c 779675b3 00650fc0 0000000f 00000000 UIRibbon!WndBridge::RawWndProc+0xfa 042ff548 77967677 04650fc0 00030102 0000000f USER32!_InternalCallWinProc+0x23 042ff5c8 77969744 00030102 0000000f 00000000 USER32!UserCallWinProcCheckWow+0x1c9 042ff624 77969894 016661b0 0000000f 00000000 USER32!DispatchClientMessage+0xb5 042ff64c 77c26c1e 042ff668 00000018 042ff6bc USER32!__fnDWORD+0x2c 042ff67c 77969a79 77969a91 042ff6f0 37d74c98 ntdll!KiUserCallbackDispatcher+0x2e 042ff680 77969a91 042ff6f0 37d74c98 ffffffff USER32!NtUserDispatchMessage+0xa 042ff6cc 7796783b ffffff0f 042ff714 6ab6b2e2 USER32!DispatchMessageWorker+0x29a 042ff6d8 6ab6b2e2 042ff6f0 00000000 0c716a48 USER32!DispatchMessageW+0x10 042ff714 6abc579d 0e98d8e0 75b8de39 00000000 explorerframe!CExplorerFrame::FrameMessagePump+0xda 042ff72c 6abc5efd 0ec8f928 0ec8f928 0ec8f940 explorerframe!BrowserThreadProc+0x4b 042ff744 6abc5eb9 00000000 042ff76c 6ab77467 explorerframe!BrowserNewThreadProc+0x34 042ff750 6ab77467 0ec8f928 00200000 fffffffe explorerframe!CExplorerTask::InternalResumeRT+0x11 042ff76c 759e8126 00c8f928 00000000 0ec89990 explorerframe!CRunnableTask::Run+0xab 042ff81c 759e82d3 00000000 042ff8ac 76bb5ab3 SHELL32!CShellTaskThread::ThreadProc+0x240 042ff828 76bb5ab3 0ec89990 00000000 00000000 SHELL32!CShellTaskThread::s_ThreadProc+0x2b 042ff8ac 773c17ad 00fae940 042ff8fc 77c1226c SHCORE!SHCreateStreamOnFileW+0x21f 042ff8b8 77c1226c 00fae940 37ddd6bd 00000000 KERNEL32!BaseThreadInitThunk+0xe STACK_COMMAND: kb FOLLOWUP_IP: nt!ExDeferredFreePool+483 81ff04a3 cd29 int 29h SYMBOL_STACK_INDEX: 5 SYMBOL_NAME: nt!ExDeferredFreePool+483 FOLLOWUP_NAME: Pool_corruption IMAGE_NAME: Pool_Corruption DEBUG_FLR_IMAGE_TIMESTAMP: 0 MODULE_NAME: Pool_Corruption BUCKET_ID_FUNC_OFFSET: 483 FAILURE_BUCKET_ID: 0x139_3_nt!ExDeferredFreePool BUCKET_ID: 0x139_3_nt!ExDeferredFreePool Followup: Pool_corruption ---------