[SOLVED] can anyone help me

Page 2 - Seeking answers? Join the Tom's Hardware community: where nearly two million members share solutions and discuss the latest tech.
Toggle sidebar Toggle sidebar
Z

Zodiac2160

Feb 7, 2021
32
0
30
Hi
i keep getting random bsod errors with different codes i tested every hardware component and everything seems fine here is my specs
Operating System
Windows 10 Pro 64-bit
CPU
AMD Ryzen 5 3500X 47 °C
Matisse 7nm Technology
RAM
8.00GB Single-Channel Unknown @ 1596MHz (16-18-18-36)
Motherboard
Gigabyte Technology Co. Ltd. B450M GAMING (AM4) 31 °C
Graphics
S22F350 (1920x1080@60Hz)
2047MB NVIDIA GeForce GTX 1660 SUPER (ZOTAC International) 32 °C
Storage
111GB Patriot Burst (SATA (SSD)) 33 °C
931GB Western Digital WDC WD10EZEX-21WN4A0 (SATA ) 33 °C
931GB Western Digital WDC WD10JPVX-60JC3T0 (SATA ) 30 °C
and here is the memory.dmp

Microsoft (R) Windows Debugger Version 10.0.20153.1000 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [D:\MEMORY.DMP]
Kernel Bitmap Dump File: Kernel address space is available, User address space may not be available.


Path validation summary *
Response Time (ms) Location
Deferred srv*
Symbol search path is: srv*
Executable search path is:
Windows 10 Kernel Version 19041 MP (6 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Edition build lab: 19041.1.amd64fre.vb_release.191206-1406
Machine Name:
Kernel base = 0xfffff80313000000 PsLoadedModuleList = 0xfffff80313c2a4b0
Debug session time: Sun Feb 7 18:40:43.245 2021 (UTC + 2:00)
System Uptime: 0 days 0:10:46.872
Loading Kernel Symbols
...............................................................
................................................................
................................................................
...
Loading User Symbols

Loading unloaded module list
...........
For analysis of this file, run !analyze -v
nt!KeBugCheckEx:
fffff803133f5a80 48894c2408 mov qword ptr [rsp+8],rcx ss:0018:fffff80317e6c320=0000000000000139
0: kd> !analyze -v
***
  • *
  • Bugcheck Analysis *
  • *
***

KERNEL_SECURITY_CHECK_FAILURE (139)
A kernel component has corrupted a critical data structure. The corruption
could potentially allow a malicious user to gain control of this machine.
Arguments:
Arg1: 0000000000000003, A LIST_ENTRY has been corrupted (i.e. double remove).
Arg2: fffff80317e6c640, Address of the trap frame for the exception that caused the bugcheck
Arg3: fffff80317e6c598, Address of the exception record for the exception that caused the bugcheck
Arg4: 0000000000000000, Reserved

Debugging Details:
------------------


KEY_VALUES_STRING: 1

Key : Analysis.CPU.mSec
Value: 2952

Key : Analysis.DebugAnalysisProvider.CPP
Value: Create: 8007007e on DESKTOP-E2QA0OP

Key : Analysis.DebugData
Value: CreateObject

Key : Analysis.DebugModel
Value: CreateObject

Key : Analysis.Elapsed.mSec
Value: 3053

Key : Analysis.Memory.CommitPeak.Mb
Value: 75

Key : Analysis.System
Value: CreateObject

Key : WER.OS.Branch
Value: vb_release

Key : WER.OS.Timestamp
Value: 2019-12-06T14:06:00Z

Key : WER.OS.Version
Value: 10.0.19041.1


ADDITIONAL_XML: 1

OS_BUILD_LAYERS: 1

BUGCHECK_CODE: 139

BUGCHECK_P1: 3

BUGCHECK_P2: fffff80317e6c640

BUGCHECK_P3: fffff80317e6c598

BUGCHECK_P4: 0

TRAP_FRAME: fffff80317e6c640 -- (.trap 0xfffff80317e6c640)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=ffffd3810a557158 rbx=0000000000000000 rcx=0000000000000003
rdx=ffffd3810a08e158 rsi=0000000000000000 rdi=0000000000000000
rip=fffff803134127b0 rsp=fffff80317e6c7d0 rbp=fffff8030f8b3180
r8=0000000000000102 r9=0000000000000000 r10=fffff8030f8b6ac0
r11=000000018190e7fb r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei pl nz na po nc
nt!KiTryUnwaitThread+0x1c6460:
fffff803134127b0 cd29 int 29h Resetting default scope EXCEPTION_RECORD: fffff80317e6c598 -- (.exr 0xfffff80317e6c598) ExceptionAddress: fffff803134127b0 (nt!KiTryUnwaitThread+0x00000000001c6460) ExceptionCode: c0000409 (Security check failure or stack buffer overrun) ExceptionFlags: 00000001 NumberParameters: 1 Parameter[0]: 0000000000000003 Subcode: 0x3 FAST_FAIL_CORRUPT_LIST_ENTRY BLACKBOXBSD: 1 (!blackboxbsd) BLACKBOXNTFS: 1 (!blackboxntfs) BLACKBOXPNP: 1 (!blackboxpnp) BLACKBOXWINLOGON: 1 PROCESS_NAME: System ERROR_CODE: (NTSTATUS) 0xc0000409 - The system detected an overrun of a stack-based buffer in this application. This overrun could potentially allow a malicious user to gain control of this application. EXCEPTION_CODE_STR: c0000409 EXCEPTION_PARAMETER1: 0000000000000003 EXCEPTION_STR: 0xc0000409 STACK_TEXT: fffff80317e6c318 fffff80313407a69 : 0000000000000139 0000000000000003 fffff80317e6c640 fffff80317e6c598 : nt!KeBugCheckEx fffff80317e6c320 fffff80313407e90 : fffff80317e6c758 0000000000000000 fffff80317e6c4d0 0000000000000000 : nt!KiBugCheckDispatch+0x69 fffff80317e6c460 fffff80313406223 : ffffd381059fa010 0000000000000000 ffffffffffffffd1 fffff80325e3ea52 : nt!KiFastFailDispatch+0xd0 fffff80317e6c640 fffff803134127b0 : 0000000000000000 0000000000989680 0000000000000002 0000000000000000 : nt!KiRaiseSecurityCheckFailure+0x323 fffff80317e6c7d0 fffff803132452d6 : ffffd3810a557188 0000000000000000 ffffd3810a557250 0000000000000000 : nt!KiTryUnwaitThread+0x1c6460 fffff80317e6c830 fffff80313244e7c : ffffd3810a557180 0000000000000000 fffff80317e6cb18 0000000000000000 : nt!KiTimerWaitTest+0x1e6 fffff80317e6c8e0 fffff803132072e9 : 0000000000000000 0000000000000000 0000000000140001 000000000000607c : nt!KiProcessExpiredTimerList+0xdc fffff80317e6c9d0 fffff803133f95ee : 0000000000000000 fffff8030f8b3180 fffff80313d27600 ffffd3810af8a080 : nt!KiRetireDpcList+0x9d9 fffff80317e6cc60 0000000000000000 : fffff80317e6d000 fffff80317e67000 0000000000000000 00000000`00000000 : nt!KiIdleLoop+0x9e


SYMBOL_NAME: nt!KiTimerWaitTest+1e6

MODULE_NAME: nt

IMAGE_NAME: ntkrnlmp.exe

STACK_COMMAND: .thread ; .cxr ; kb

BUCKET_ID_FUNC_OFFSET: 1e6

FAILURE_BUCKET_ID: 0x139_3_CORRUPT_LIST_ENTRY_KTIMER_LIST_CORRUPTION_nt!KiTimerWaitTest

OS_VERSION: 10.0.19041.1

BUILDLAB_STR: vb_release

OSPLATFORM_TYPE: x64

OSNAME: Windows 10

FAILURE_ID_HASH: {efb56395-a173-53f8-073d-d3c8cfd50e2b}

Followup: MachineOwner
---------
 
Last edited by a moderator:
Solution
Colif
at least you got past the kmspico answers I was getting, and its hopefully not involved. I assume ops PC has a valid license

it seems it allows Windows to run an application inside another application process without setting up a VM. that is my laymans understanding of what i read. Don't know if command I see is coming from pico provider or the pico process itself.

Given your search result is from the Windows subsystem for linux, I still don't know what it was doing.
Sort by date Sort by votes
Colif said:
it doesn't really help, it just shows what pico does. I don't know why you can't access site.

whatever is actually causing this is hiding itself so i guess we can try to bring it out
i just edited this so if you find any errors, let me know - https://forums.tomshardware.com/threads/driver-verifier-instructions.3686888/
do the precautions, I don't just put them there for fun :)
Click to expand...
i got a bsod while launching then i entered the safe mod and uploaded the minidump here it is https://drive.google.com/file/d/1mtv3O50-Q_tZLrAxjd9V0C4scfKvQwgo/view?usp=sharing
 
Upvote 0 Downvote
I ran the dump file through the debugger and got the following information: https://jsfiddle.net/1tus5908/show This link is for anyone wanting to help. You do not have to view it. It is safe to "run the fiddle" as the page asks.

File information:021121-7578-01.dmp (Feb 11 2021 - 10:41:33)
Bugcheck:DRIVER_VERIFIER_DETECTED_VIOLATION (C4)
Driver warnings:*** WARNING: Unable to verify timestamp for ene.sys
Probably caused by:ene.sys (Process: System)
Uptime:0 Day(s), 0 Hour(s), 00 Min(s), and 04 Sec(s)

This information can be used by others to help you. Someone else will post with more information. Please wait for additional answers. Good luck.
 
  • Like
Reactions: Zodiac2160
Upvote 0 Downvote
Ok, if you want to try that when you are happy with that choice.

Another way if needed.

Reset your Windows 10 system with the Keep My Files option
www.techrepublic.com

Reset your Windows 10 system with the Keep My Files option | TechRepublic

If your Windows 10 system goes awry, it's good to know that you have tools to help revive it--without losing any data.
www.techrepublic.com www.techrepublic.com
www.howtogeek.com

Everything You Need to Know About “Reset This PC” in Windows 10 and Windows 11

Windows includes a “Reset your PC” option that quickly restores Windows to its factory default configuration. It’s faster and more convenient than reinstalling Windows 10 or Windows 11 from scratch.
www.howtogeek.com www.howtogeek.com
 
Upvote 0 Downvote
Colif said:
i didn't know you had.

csrss.exe is the client for your user on windows. doesn't tell me a great deal about potential cause.
all 3 seem to be the same thing
nt!KiSystemServiceExitPico+0x1fe they all have the same memory address it seems. So probably the same driver each time.

which is unusual. I don't exactly know what its doing
Pico is a Unix text editor... the more i look the less I am sure. pretty sure its part of windows, I have seen it before.

can you run this, it might give me some clues. It will create a zip file so if you can upload it, I see what it shows - https://www.sysnative.com/forums/pages/bsodcollectionapp/
Click to expand...
https://drive.google.com/file/d/1XVOUdjf7kRtZixwAOJ0I1tGpOf1cROl-/view?usp=sharing here it is
 
Upvote 0 Downvote
You must log in or register to reply here.

TRENDING THREADS

Latest posts

Moderators online

Share this page

COMPANY
RESOURCES
FOLLOW
Top Bottom