![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(128, 8%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
특정 에이전트 설치 후 블루스크린 발생되어 수집한 메모리 덤프 분석결과입니다.
해당 결과를 보고 해결방안을 안내받고 싶습니다.
어디부분에서 충돌이 일어난건지 알고 싶습니다.
************* Preparing the environment for Debugger Extensions Gallery repositories **************
ExtensionRepository : Implicit
UseExperimentalFeatureForNugetShare : false
AllowNugetExeUpdate : false
NonInteractiveNuget : true
AllowNugetMSCredentialProviderInstall : false
AllowParallelInitializationOfLocalRepositories : true
EnableRedirectToChakraJsProvider : false
-- Configuring repositories
----> Repository : LocalInstalled, Enabled: true
----> Repository : UserExtensions, Enabled: true
>>>>>>>>>>>>> Preparing the environment for Debugger Extensions Gallery repositories completed, duration 0.000 seconds
************* Waiting for Debugger Extensions Gallery to Initialize **************
>>>>>>>>>>>>> Waiting for Debugger Extensions Gallery to Initialize completed, duration 0.031 seconds
----> Repository : UserExtensions, Enabled: true, Packages count: 0
----> Repository : LocalInstalled, Enabled: true, Packages count: 42
Microsoft (R) Windows Debugger Version 10.0.27725.1000 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\Users\vl051\Downloads\MEMORY (2).DMP]
Kernel Bitmap Dump File: Kernel address space is available, User address space may not be available.
************* Path validation summary **************
Response Time (ms) Location
Deferred srv*
Symbol search path is: srv*
Executable search path is:
Windows 10 Kernel Version 19041 MP (8 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Edition build lab: 19041.1.amd64fre.vb_release.191206-1406
Kernel base = 0xfffff802`57400000 PsLoadedModuleList = 0xfffff802`5802a7c0
Debug session time: Thu Oct 17 17:40:58.337 2024 (UTC + 9:00)
System Uptime: 0 days 8:44:58.896
Loading Kernel Symbols
...............................................................
................................................................
................................................................
.......................................
Loading User Symbols
Loading unloaded module list
........................
For analysis of this file, run !analyze -v
nt!KeBugCheckEx:
fffff802`577fe310 48894c2408 mov qword ptr [rsp+8],rcx ss:0018:fffff802`605387b0=0000000000000139
0: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
KERNEL_SECURITY_CHECK_FAILURE (139)
A kernel component has corrupted a critical data structure. The corruption
could potentially allow a malicious user to gain control of this machine.
Arguments:
Arg1: 0000000000000000, A stack-based buffer has been overrun.
Arg2: 0000000000000000, Address of the trap frame for the exception that caused the BugCheck
Arg3: 0000000000000000, Address of the exception record for the exception that caused the BugCheck
Arg4: 0000109800001098, Reserved
Debugging Details:
------------------
KEY_VALUES_STRING: 1
Key : Analysis.CPU.mSec
Value: 578
Key : Analysis.Elapsed.mSec
Value: 1838
Key : Analysis.IO.Other.Mb
Value: 0
Key : Analysis.IO.Read.Mb
Value: 1
Key : Analysis.IO.Write.Mb
Value: 0
Key : Analysis.Init.CPU.mSec
Value: 250
Key : Analysis.Init.Elapsed.mSec
Value: 1892
Key : Analysis.Memory.CommitPeak.Mb
Value: 95
Key : Analysis.Version.DbgEng
Value: 10.0.27725.1000
Key : Analysis.Version.Description
Value: 10.2408.27.01 amd64fre
Key : Analysis.Version.Ext
Value: 1.2408.27.1
Key : Bugcheck.Code.KiBugCheckData
Value: 0x139
Key : Bugcheck.Code.LegacyAPI
Value: 0x139
Key : Bugcheck.Code.TargetModel
Value: 0x139
Key : Failure.Bucket
Value: 0x139_0_LEGACY_GS_VIOLATION_nt!guard_icall_bugcheck
Key : Failure.Hash
Value: {9bee41a7-2ef9-07ca-7e59-7d5a0c6e2d05}
Key : Hypervisor.Enlightenments.Value
Value: 0
Key : Hypervisor.Enlightenments.ValueHex
Value: 0
Key : Hypervisor.Flags.AnyHypervisorPresent
Value: 0
Key : Hypervisor.Flags.ApicEnlightened
Value: 0
Key : Hypervisor.Flags.ApicVirtualizationAvailable
Value: 1
Key : Hypervisor.Flags.AsyncMemoryHint
Value: 0
Key : Hypervisor.Flags.CoreSchedulerRequested
Value: 0
Key : Hypervisor.Flags.CpuManager
Value: 0
Key : Hypervisor.Flags.DeprecateAutoEoi
Value: 0
Key : Hypervisor.Flags.DynamicCpuDisabled
Value: 0
Key : Hypervisor.Flags.Epf
Value: 0
Key : Hypervisor.Flags.ExtendedProcessorMasks
Value: 0
Key : Hypervisor.Flags.HardwareMbecAvailable
Value: 1
Key : Hypervisor.Flags.MaxBankNumber
Value: 0
Key : Hypervisor.Flags.MemoryZeroingControl
Value: 0
Key : Hypervisor.Flags.NoExtendedRangeFlush
Value: 0
Key : Hypervisor.Flags.NoNonArchCoreSharing
Value: 0
Key : Hypervisor.Flags.Phase0InitDone
Value: 0
Key : Hypervisor.Flags.PowerSchedulerQos
Value: 0
Key : Hypervisor.Flags.RootScheduler
Value: 0
Key : Hypervisor.Flags.SynicAvailable
Value: 0
Key : Hypervisor.Flags.UseQpcBias
Value: 0
Key : Hypervisor.Flags.Value
Value: 16908288
Key : Hypervisor.Flags.ValueHex
Value: 1020000
Key : Hypervisor.Flags.VpAssistPage
Value: 0
Key : Hypervisor.Flags.VsmAvailable
Value: 0
Key : Hypervisor.RootFlags.AccessStats
Value: 0
Key : Hypervisor.RootFlags.CrashdumpEnlightened
Value: 0
Key : Hypervisor.RootFlags.CreateVirtualProcessor
Value: 0
Key : Hypervisor.RootFlags.DisableHyperthreading
Value: 0
Key : Hypervisor.RootFlags.HostTimelineSync
Value: 0
Key : Hypervisor.RootFlags.HypervisorDebuggingEnabled
Value: 0
Key : Hypervisor.RootFlags.IsHyperV
Value: 0
Key : Hypervisor.RootFlags.LivedumpEnlightened
Value: 0
Key : Hypervisor.RootFlags.MapDeviceInterrupt
Value: 0
Key : Hypervisor.RootFlags.MceEnlightened
Value: 0
Key : Hypervisor.RootFlags.Nested
Value: 0
Key : Hypervisor.RootFlags.StartLogicalProcessor
Value: 0
Key : Hypervisor.RootFlags.Value
Value: 0
Key : Hypervisor.RootFlags.ValueHex
Value: 0
Key : SecureKernel.HalpHvciEnabled
Value: 0
Key : WER.OS.Branch
Value: vb_release
Key : WER.OS.Version
Value: 10.0.19041.1
BUGCHECK_CODE: 139
BUGCHECK_P1: 0
BUGCHECK_P2: 0
BUGCHECK_P3: 0
BUGCHECK_P4: 109800001098
FILE_IN_CAB: MEMORY (2).DMP
FAULTING_THREAD: fffff80258127a00
TRAP_FRAME: 0000000000000000 -- (.trap 0x0)
Resetting default scope
EXCEPTION_RECORD: 0000000000000000 -- (.exr 0x0)
Cannot read Exception record @ 0000000000000000
PROCESS_NAME: System
STACK_TEXT:
fffff802`605387a8 fffff802`5780893b : 00000000`00000139 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KeBugCheckEx
fffff802`605387b0 fffff802`5761fb32 : fffff802`5f059380 fffff802`5355a180 fffff802`5355a180 00000000`00000002 : nt!guard_icall_bugcheck+0x1b
fffff802`605387e0 fffff802`5782c062 : 00000000`00000000 00000000`00000000 00000000`00140001 00000000`001255cb : nt!KiProcessExpiredTimerList+0x172
fffff802`605388d0 fffff802`57802e0e : 00000000`00000000 fffff802`5355a180 fffff802`58127a00 ffff8784`c2a09080 : nt!KiRetireDpcList+0x20da92
fffff802`60538b60 00000000`00000000 : fffff802`60539000 fffff802`60532000 00000000`00000000 00000000`00000000 : nt!KiIdleLoop+0x9e
SYMBOL_NAME: nt!guard_icall_bugcheck+1b
MODULE_NAME: nt
IMAGE_NAME: ntkrnlmp.exe
STACK_COMMAND: .process /r /p 0xfffff80258124a00; .thread 0xfffff80258127a00 ; kb
BUCKET_ID_FUNC_OFFSET: 1b
FAILURE_BUCKET_ID: 0x139_0_LEGACY_GS_VIOLATION_nt!guard_icall_bugcheck
OS_VERSION: 10.0.19041.1
BUILDLAB_STR: vb_release
OSPLATFORM_TYPE: x64
OSNAME: Windows 10
FAILURE_ID_HASH: {9bee41a7-2ef9-07ca-7e59-7d5a0c6e2d05}
Followup: MachineOwner
---------
0: kd> .trap 0x0
잠긴 질문. 이 질문은 Microsoft 지원 커뮤니티에서 마이그레이션되었습니다. 질문이 도움이 되었는지 여부에 대해 응답할 수는 있지만, 메모나 회신을 추가하거나 질문을 따를 수는 없습니다.
저희는 사용자를 위하여 번역된 내용을 제공하고 있습니다. 문법적 오류가 있더라도 양해바랍니다.
여러분이 가지고 있는 미니덤프 파일을 업로드해 주세요. 시스템 충돌의 잠재적 원인에 대한 통찰력을 제공하는지 확인하기 위해 해당 파일을 검토해 보겠습니다.
Windows 파일 탐색기를 엽니다.
C:\Windows\Minidump로 이동합니다.
모든 미니덤프 파일을 바탕 화면에 복사한 후, 압축합니다.
zip 파일을 클라우드(OneDrive, DropBox 등)에 업로드한 다음, 이를 공유하도록 선택하여 공유 링크를 받으세요.
그런 다음 여기에 zip 파일의 링크를 게시하여 우리가 살펴볼 수 있도록 해주세요.
요청한 덤프파일 내용입니다.
KERNEL_SECURITY_CHECK_FAILURE (139)
A kernel component has corrupted a critical data structure. The corruption
could potentially allow a malicious user to gain control of this machine.
Arguments:
Arg1: 0000000000000000, A stack-based buffer has been overrun.
Arg2: 0000000000000000, Address of the trap frame for the exception that caused the BugCheck
Arg3: 0000000000000000, Address of the exception record for the exception that caused the BugCheck
Arg4: 000033d4000033d4, Reserved
Debugging Details:
------------------
KEY_VALUES_STRING: 1
Key : Analysis.CPU.mSec
Value: 171
Key : Analysis.Elapsed.mSec
Value: 4041
Key : Analysis.IO.Other.Mb
Value: 0
Key : Analysis.IO.Read.Mb
Value: 1
Key : Analysis.IO.Write.Mb
Value: 0
Key : Analysis.Init.CPU.mSec
Value: 31
Key : Analysis.Init.Elapsed.mSec
Value: 2387
Key : Analysis.Memory.CommitPeak.Mb
Value: 92
Key : Analysis.Version.DbgEng
Value: 10.0.27725.1000
Key : Analysis.Version.Description
Value: 10.2408.27.01 amd64fre
Key : Analysis.Version.Ext
Value: 1.2408.27.1
Key : Bugcheck.Code.LegacyAPI
Value: 0x139
Key : Bugcheck.Code.TargetModel
Value: 0x139
Key : Failure.Bucket
Value: 0x139_0_LEGACY_GS_VIOLATION_nt!guard_icall_bugcheck
Key : Failure.Hash
Value: {9bee41a7-2ef9-07ca-7e59-7d5a0c6e2d05}
Key : Stack.Pointer
Value: NMI
Key : WER.OS.Branch
Value: vb_release
Key : WER.OS.Version
Value: 10.0.19041.1
BUGCHECK_CODE: 139
BUGCHECK_P1: 0
BUGCHECK_P2: 0
BUGCHECK_P3: 0
BUGCHECK_P4: 33d4000033d4
FILE_IN_CAB: 102924-5421-01.dmp
FAULTING_THREAD: ffffaf84fdd41080
TRAP_FRAME: 0000000000000000 -- (.trap 0x0)
Resetting default scope
EXCEPTION_RECORD: 0000000000000000 -- (.exr 0x0)
Cannot read Exception record @ 0000000000000000
BLACKBOXBSD: 1 (!blackboxbsd)
BLACKBOXNTFS: 1 (!blackboxntfs)
BLACKBOXPNP: 1 (!blackboxpnp)
BLACKBOXWINLOGON: 1
CUSTOMER_CRASH_COUNT: 1
PROCESS_NAME: MagicLine4NX.exe
DPC_STACK_BASE: FFFFAE86F1647FB0
STACK_TEXT:
ffffae86`f1647bf8 fffff801`5400893b : 00000000`00000139 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KeBugCheckEx
ffffae86`f1647c00 fffff801`53e1fb32 : fffff801`5a829380 ffff9900`27a00180 ffff9900`27a00180 ffff9900`00000002 : nt!guard_icall_bugcheck+0x1b
ffffae86`f1647c30 fffff801`5402c062 : ffff9900`27a00180 64898bf9`00000000 00000000`00000008 00000000`00004b30 : nt!KiProcessExpiredTimerList+0x172
ffffae86`f1647d20 fffff801`54006bc5 : 850f01c2`f6f18b48 ffff9900`27a00180 ffffaf84`f1324200 00000000`000001d9 : nt!KiRetireDpcList+0x20da92
ffffae86`f1647fb0 fffff801`540069b0 : ffffaf84`fdd41080 fffff801`53efc2ca 00000000`76e64660 00000000`004fc32c : nt!KxRetireDpcList+0x5
ffffae86`f69df380 fffff801`540060f5 : 00000000`000001d9 fffff801`54000bf1 00000000`00c51780 00000000`00000000 : nt!KiDispatchInterruptContinue
ffffae86`f69df3b0 fffff801`54000bf1 : 00000000`00c51780 00000000`00000000 00000000`00000000 ffffaf84`fc4f83a0 : nt!KiDpcInterruptBypass+0x25
ffffae86`f69df3c0 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiInterruptDispatchNoLockNoEtw+0xb1
SYMBOL_NAME: nt!guard_icall_bugcheck+1b
MODULE_NAME: nt
IMAGE_NAME: ntkrnlmp.exe
IMAGE_VERSION: 10.0.19041.5007
STACK_COMMAND: .process /r /p 0xffffaf84fdbd0080; .thread 0xffffaf84fdd41080 ; kb
BUCKET_ID_FUNC_OFFSET: 1b
FAILURE_BUCKET_ID: 0x139_0_LEGACY_GS_VIOLATION_nt!guard_icall_bugcheck
OS_VERSION: 10.0.19041.1
BUILDLAB_STR: vb_release
OSPLATFORM_TYPE: x64
OSNAME: Windows 10
FAILURE_ID_HASH: {9bee41a7-2ef9-07ca-7e59-7d5a0c6e2d05}
Followup: MachineOwner
저희는 사용자를 위하여 번역된 내용을 제공하고 있습니다. 문법적 오류가 있더라도 양해바랍니다.
안녕하세요, 저는 데이브입니다. 이 문제를 도와드리겠습니다.
해당 덤프 파일은 일반적인 오류를 나타낼 뿐, 해당 충돌의 구체적인 원인은 설명하지 않습니다.
PC가 한 번만 충돌했거나 이 문제가 지속적으로 발생하는 경우, OneDrive, Google Drive 등과 같은 클라우드 서비스에 업로드하여 분석할 수 있는 C:\Windows\Minidump 폴더에 더 많은 미니덤프 파일이 있습니까?