After finding this forum I figured you guys would have this solved in minutes!!!!
Usually we do, but if everyone else like me didn't even see this thread, then maybe that's why it slipped under the radar.
KERNEL_SECURITY_CHECK_FAILURE (139)
This bug check indicates that the kernel has detected the corruption of a critical data structure.
Code:
5: kd> .bugcheck
Bugcheck code 00000139
Arguments 00000000`00000003 ffffd001`131d97a0 ffffd001`131d96f8 00000000`00000000
- The first argument is 3 which indicates a LIST_ENTRY was corrupted.
Code:
5: kd> .exr ffffd001`131d96f8
ExceptionAddress: fffff960001df9ff (win32k!SURFACE::RemoveLSurf+0x000000000000006b)
ExceptionCode: c0000409 (Security check failure or stack buffer overrun)
ExceptionFlags: 00000001
NumberParameters: 1
Parameter[0]: 0000000000000003
Taking a look at the 3rd argument, we can see the exception that caused Windows to throw the bug check was either a security check failure or a stack buffer overrun. Given this is a small memory dump, we can't see what in kernel memory caused the buffer overflow, which in turn raised the exception. With that said, we cannot do any further debugging really. We'll need a verifier enabled kernel-dump to go further.
Driver Verifier:
What is Driver Verifier?
Driver Verifier monitors Windows kernel-mode drivers, graphics drivers, and even 3rd party drivers to detect illegal function calls or actions that might corrupt the system. Driver Verifier can subject the Windows drivers to a variety of stresses and tests to find improper behavior.
Essentially, if there's a 3rd party driver believed to be causing the issues at hand, enabling Driver Verifier will help us see which specific driver is causing the problem.
Before enabling Driver Verifier, it is recommended to create a System Restore Point:
Vista - START | type rstrui - create a restore point
Windows 7 - START | type create | select "Create a Restore Point"
Windows 8/8.1 -
Restore Point - Create in Windows 8
How to enable Driver Verifier:
Start > type "verifier" without the quotes > Select the following options -
1. Select - "Create custom settings (for code developers)"
2. Select - "Select individual settings from a full list"
3. Check the following boxes -
- Special Pool
- Pool Tracking
- Force IRQL Checking
- Deadlock Detection
- Security Checks (only on Windows 7 & 8/8.1)
- DDI compliance checking (only on Windows 8/8.1)
- Miscellaneous Checks
4. Select - "Select driver names from a list"
5. Click on the "Provider" tab. This will sort all of the drivers by the provider.
6. Check EVERY box that is
NOT provided by Microsoft / Microsoft Corporation.
7. Click on Finish.
8. Restart.
Important information regarding Driver Verifier:
- Perhaps the most important which I will now clarify as this has been misunderstood often, enabling Driver Verifier by itself is
not! a solution, but instead a diagnostic utility. It will tell us if a driver is causing your issues, but again it will not outright solve your issues.
- If Driver Verifier finds a violation, the system will BSOD. To expand on this a bit more for the interested, specifically what Driver Verifier actually does is it looks for any driver making illegal function calls, causing memory leaks, etc. When and/if this happens, system corruption occurs if allowed to continue. When Driver Verifier is enabled per my instructions above, it is monitoring
all 3rd party drivers (as we have it set that way) and when it catches a driver attempting to do this, it will quickly flag that driver as being a troublemaker, and bring down the system safely before any corruption can occur.
- After enabling Driver Verifier and restarting the system, depending on the culprit, if for example the driver is on start-up, you may not be able to get back into normal Windows because Driver Verifier will detect it in violation almost straight away, and as stated above, that will cause / force a BSOD.
If this happens, do not panic, do the following:
- Boot into Safe Mode by repeatedly tapping the F8 key during boot-up.
- Once in Safe Mode - Start > Search > type "cmd" without the quotes.
- To turn off Driver Verifier, type in cmd "verifier /reset" without the quotes.
- Restart and boot into normal Windows.
If your OS became corrupt or you cannot boot into Windows after disabling verifier via Safe Mode:
- Boot into Safe Mode by repeatedly tapping the F8 key during boot-up.
- Once in Safe Mode - Start > type "system restore" without the quotes.
- Choose the restore point you created earlier.
-- Note that Safe Mode for Windows 8/8.1 is a bit different, and you may need to try different methods:
5 Ways to Boot into Safe Mode in Windows 8 & Windows 8.1
How long should I keep Driver Verifier enabled for?
I recommend keeping it enabled for at least 24 hours. If you don't BSOD by then, disable Driver Verifier. I will usually say whether or not I'd like for you to keep it enabled any longer.
My system BSOD'd with Driver Verifier enabled, where can I find the crash dumps?
- If you have the system set to generate Small Memory Dumps, they will be located in
%systemroot%\Minidump.
- If you have the system set to generate Kernel Memory Dumps,
it will be located in
%systemroot% and labeled MEMORY.DMP.
Any other questions can most likely be answered by this article:
Using Driver Verifier to identify issues with Windows drivers for advanced users
After the system crashes with verifier enabled, upload the
MEMORY.DMP file located in C:\Windows to a hosting site of your choice, preferably one without ads, and then link it here.
eInitialize+0x4b