peview.exe 3.0.12105.7578 crash
urielmann opened this issue · comments
Uriel Mann commented
Brief description of your issue
Starting peview.exe 3.0.12105.7578 on Windows 10 VMWare VM result in a crash
peview.dmp
Steps to reproduce (optional)
No response
Expected behavior (optional)
No response
Actual behavior (optional)
No response
Environment (optional)
No response
Uriel Mann commented
0:007> !analyze -v
*******************************************************************************
* *
* Exception Analysis *
* *
*******************************************************************************
KEY_VALUES_STRING: 1
Key : Analysis.CPU.mSec
Value: 9093
Key : Analysis.DebugAnalysisManager
Value: Create
Key : Analysis.Elapsed.mSec
Value: 52529
Key : Analysis.Init.CPU.mSec
Value: 7312
Key : Analysis.Init.Elapsed.mSec
Value: 1040590
Key : Analysis.Memory.CommitPeak.Mb
Value: 114
Key : FailFast.Name
Value: UNEXPECTED_HEAP_EXCEPTION
Key : FailFast.Type
Value: 35
Key : Timeline.OS.Boot.DeltaSec
Value: 1670
Key : Timeline.Process.Start.DeltaSec
Value: 1043
Key : WER.OS.Branch
Value: vb_release
Key : WER.OS.Timestamp
Value: 2019-12-06T14:06:00Z
Key : WER.OS.Version
Value: 10.0.19041.1
Key : WER.Process.Version
Value: 3.0.12105.7578
NTGLOBALFLAG: 0
PROCESS_BAM_CURRENT_THROTTLED: 0
PROCESS_BAM_PREVIOUS_THROTTLED: 0
APPLICATION_VERIFIER_FLAGS: 0
EXCEPTION_RECORD: (.exr -1)
ExceptionAddress: 00007fff5ced4ff8 (ntdll!RtlpHpAllocWithExceptionProtection$filt$0+0x0000000000000038)
ExceptionCode: c0000409 (Security check failure or stack buffer overrun)
ExceptionFlags: 00000001
NumberParameters: 1
Parameter[0]: 0000000000000023
Subcode: 0x23 FAST_FAIL_UNEXPECTED_HEAP_EXCEPTION
FAULTING_THREAD: 00001c88
PROCESS_NAME: peview.exe
ERROR_CODE: (NTSTATUS) 0xc0000409 - The system detected an overrun of a stack-based buffer in this application. This overrun could potentially allow a malicious user to gain control of this application.
EXCEPTION_CODE_STR: c0000409
EXCEPTION_PARAMETER1: 0000000000000023
STACK_TEXT:
000000c9`4fffdd60 00007fff`5cebca06 : 00007fff`5cfa3878 00007fff`5ce30000 000000c9`4fffde70 00007fff`5ce60e7b : ntdll!RtlpHpAllocWithExceptionProtection$filt$0+0x38
000000c9`4fffdd90 00007fff`5ced23af : 00000000`00000000 000000c9`4fffe370 000000c9`4fffea30 00000000`00000000 : ntdll!_C_specific_handler+0x96
000000c9`4fffde00 00007fff`5ce814b4 : 00000000`00000000 000000c9`4fffe370 000000c9`4fffea30 00000000`00000000 : ntdll!RtlpExecuteHandlerForException+0xf
000000c9`4fffde30 00007fff`5ced0ebe : 00000001`00000001 00000000`00007fff 00000210`56390290 00000000`00001000 : ntdll!RtlDispatchException+0x244
000000c9`4fffe540 00007fff`5ce5a320 : 00000210`56390280 00000000`0000000e 00000000`00000009 00000210`56602000 : ntdll!KiUserExceptionDispatch+0x2e
000000c9`4fffec40 00007fff`5ce592c2 : 00000210`56605f00 00000000`00090000 000000c9`4fffee00 00000000`00000000 : ntdll!RtlRbRemoveNode+0x280
000000c9`4fffec70 00007fff`5ce58eab : 00000001`00000000 00000000`00000002 00000000`00000000 00007fff`5a72bf74 : ntdll!RtlpHpVsChunkSplit+0x42
000000c9`4fffed00 00007fff`5ce5ae92 : 00000000`00000000 00000000`00000080 00000000`00000080 000000c9`4fffeed8 : ntdll!RtlpHpVsContextAllocateInternal+0x1db
000000c9`4fffed70 00007fff`5ce5c28c : 000000c9`00000000 00000000`00000080 000000c9`4fffeec0 00000000`00000000 : ntdll!RtlpAllocateHeapInternal+0x472
000000c9`4fffee80 00007fff`5cc39d40 : 00000000`00000080 000000c9`4ffff310 00000000`00000000 00000000`00000103 : ntdll!RtlpHpAllocWithExceptionProtection+0x1c
000000c9`4fffeee0 00007fff`5a5213af : 000000c9`4ffff3a0 000000c9`4ffff310 00000000`0000000b 000000c9`4ffff200 : msvcrt!malloc+0x70
000000c9`4fffef10 00007fff`5a51209a : 000000c9`4ffff3a0 000000c9`4ffff520 000000c9`4ffff040 00000210`587f7f20 : wintrust!operator new+0x23
000000c9`4fffef40 00007fff`5a511ee5 : 0000002e`00000000 00007fff`4635ea61 00000017`00000000 00000210`564b5b00 : wintrust!I_VerifyTrust+0x17a
000000c9`4ffff2b0 00007fff`463af156 : 00000210`58cf2b90 00000000`00000001 00000000`00000000 00000000`00000000 : wintrust!WinVerifyTrust+0x45
000000c9`4ffff2f0 00007fff`463aebcb : 00000000`00000017 00000210`564b5b00 00000210`564b5b00 00000000`00000000 : wininet!WinVerifySecureChannel+0x6a
000000c9`4ffff340 00007fff`463ae4fe : 00000210`00000000 00000210`58cf45a0 00000000`00cc0010 00000210`58cf2b90 : wininet!CSecureSocket::VerifyTrust+0x23b
000000c9`4ffff490 00007fff`463ae34b : 00000000`00000000 000000c9`4ffff5a0 00000000`00000000 000000c9`4ffff794 : wininet!CSecureSocket::VerifyServerCert+0x162
000000c9`4ffff4f0 00007fff`463adae1 : 00000210`58cf45a0 00000000`00000000 00000210`564b5b00 00000000`00000000 : wininet!CSecureSocket::QueryAndVerifyServerCert+0x5f
000000c9`4ffff520 00007fff`463ad31f : 00000210`0000c11c 000000c9`4ffff860 01db6a05`14912980 00000210`564b5470 : wininet!CSecureSocket::NegotiateLoop_Fsm+0x79d
000000c9`4ffff5e0 00007fff`46365bc0 : 00000210`564b5470 000000c9`4ffff860 000000c9`4ffff790 00000000`00000000 : wininet!CFsm_NegotiateLoop::RunSM+0x3f
000000c9`4ffff610 00007fff`46365415 : 00000000`000003e5 00000210`58bf7a40 000000c9`4ffff878 00000000`00000001 : wininet!CFsm::Run+0x1d0
000000c9`4ffff740 00007fff`46361a33 : 00000210`58bf7a40 000000c9`4ffffcd0 00000210`58d658e8 00000210`58bf7a40 : wininet!CFsm::RunWorkItem+0x265
000000c9`4ffff8e0 00007fff`463b512d : 00000210`58cf2350 00000210`564b37d0 00000000`00000000 00000000`00000000 : wininet!CSocket::ReceiveCompletion+0x93
000000c9`4ffff910 00007fff`5a9fcb20 : 000000c9`4ffffcd0 00000000`00000000 00000000`0000022c 00000000`00000516 : wininet!CWxSocket::IoCompletionCallback+0xcd
000000c9`4ffff980 00007fff`5ce510f9 : 00000210`58d65820 00000000`00000000 00000000`00000000 00000000`00000000 : KERNELBASE!BasepTpIoCallback+0x50
000000c9`4ffff9d0 00007fff`5ce82f86 : 00000210`58d658e8 00000210`00000000 00000210`58cf2358 00000210`56402340 : ntdll!TppIopExecuteCallback+0x129
000000c9`4ffffa50 00007fff`5b707344 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!TppWorkerThread+0x456
000000c9`4ffffd50 00007fff`5ce826b1 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : KERNEL32!BaseThreadInitThunk+0x14
000000c9`4ffffd80 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!RtlUserThreadStart+0x21
STACK_COMMAND: ~7s ; .cxr ; kb
SYMBOL_NAME: msvcrt!malloc+70
MODULE_NAME: msvcrt
IMAGE_NAME: msvcrt.dll
FAILURE_BUCKET_ID: FAIL_FAST_UNEXPECTED_HEAP_EXCEPTION_c0000409_msvcrt.dll!malloc
OS_VERSION: 10.0.19041.1
BUILDLAB_STR: vb_release
OSPLATFORM_TYPE: x64
OSNAME: Windows 10
IMAGE_VERSION: 7.0.19041.3636
FAILURE_ID_HASH: {67cf2ecd-04f2-e392-2e6a-9ad449f9ae70}
Followup: MachineOwner
---------
dmex commented
10.0.19041.1
The stack shows a bug in the OS and your version of Windows was last updated 5 years ago?
MagicAndre1981 commented
your version of Windows was last updated 5 years ago?
no, Windbg also shows this for me in dmp files from Windows 10 22H2 19045 with latest patches.