API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Nov 12th, 2013
60
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 4.19 KB | None | 0 0
raw download clone embed print report
  1. Crash Dump Analysis provided by OSR Open Systems Resources, Inc. (http://www.osr.com)
  2. Online Crash Dump Analysis Service
  3. See http://www.osronline.com for more information
  4. Windows 8 Kernel Version 9600 MP (8 procs) Free x64
  5. Product: WinNt, suite: TerminalServer SingleUserTS Personal
  6. Built by: 9600.16404.amd64fre.winblue_gdr.130913-2141
  7. Machine Name:
  8. Kernel base = 0xfffff802`21a10000 PsLoadedModuleList = 0xfffff802`21cd4990
  9. Debug session time: Sat Nov 9 06:41:12.536 2013 (UTC - 5:00)
  10. System Uptime: 0 days 2:39:44.245
  11. *******************************************************************************
  12. * *
  13. * Bugcheck Analysis *
  14. * *
  15. *******************************************************************************
  16.  
  17. DRIVER_OVERRAN_STACK_BUFFER (f7)
  18. A driver has overrun a stack-based buffer. This overrun could potentially
  19. allow a malicious user to gain control of this machine.
  20. DESCRIPTION
  21. A driver overran a stack-based buffer (or local variable) in a way that would
  22. have overwritten the function's return address and jumped back to an arbitrary
  23. address when the function returned. This is the classic "buffer overrun"
  24. hacking attack and the system has been brought down to prevent a malicious user
  25. from gaining complete control of it.
  26. Do a kb to get a stack backtrace -- the last routine on the stack before the
  27. buffer overrun handlers and bugcheck call is the one that overran its local
  28. variable(s).
  29. Arguments:
  30. Arg1: 000028020111dfe5, Actual security check cookie from the stack
  31. Arg2: 00004d0dc8bba99c, Expected security check cookie
  32. Arg3: ffffb2f237445663, Complement of the expected security check cookie
  33. Arg4: 0000000000000000, zero
  34.  
  35. Debugging Details:
  36. ------------------
  37.  
  38. TRIAGER: Could not open triage file : e:\dump_analysis\program\triage\modclass.ini, error 2
  39.  
  40. DEFAULT_BUCKET_ID: GS_FALSE_POSITIVE_MISSING_GSFRAME
  41.  
  42. SECURITY_COOKIE: Expected 00004d0dc8bba99c found 000028020111dfe5
  43.  
  44. CUSTOMER_CRASH_COUNT: 1
  45.  
  46. BUGCHECK_STR: 0xF7
  47.  
  48. PROCESS_NAME: System
  49.  
  50. CURRENT_IRQL: 0
  51.  
  52. EXCEPTION_RECORD: ffffe0004adbc800 -- (.exr 0xffffe0004adbc800)
  53. Cannot read Exception record @ ffffe0004adbc800
  54.  
  55. TRAP_FRAME: ffffe0004990bbd0 -- (.trap 0xffffe0004990bbd0)
  56. Unable to read trap frame at ffffe000`4990bbd0
  57.  
  58. LAST_CONTROL_TRANSFER: from fffff80221bc73f1 to fffff80221b5dca0
  59.  
  60. STACK_TEXT:
  61. ffffd000`20b567a8 fffff802`21bc73f1 : 00000000`000000f7 00002802`0111dfe5 00004d0d`c8bba99c ffffb2f2`37445663 : nt!KeBugCheckEx
  62. ffffd000`20b567b0 fffff802`21b50b53 : ffffd000`20b569b8 ffffd000`00000003 00000000`00001000 fffff802`21af010f : nt!_report_gsfailure+0x25
  63. ffffd000`20b567f0 fffff802`21b651ed : fffff802`21d13000 fffff802`21a10000 0003ed6c`00781000 ffffc000`0eb46d20 : nt!_GSHandlerCheck+0x13
  64. ffffd000`20b56820 fffff802`21af09a5 : ffffd000`20b56f80 ffffd000`20b56950 ffffd000`20b57778 ffffd000`20b56900 : nt!RtlpExecuteHandlerForException+0xd
  65. ffffd000`20b56850 fffff802`21af186b : ffffd000`20b57778 ffffd000`20b57480 ffffd000`20b57778 ffffd000`20b574c0 : nt!RtlDispatchException+0x455
  66. ffffd000`20b56f50 fffff802`21b698c2 : ffffe000`4adbc800 00000000`00022a00 ffffe000`4990bbd0 00000000`00000000 : nt!KiDispatchException+0x61f
  67. ffffd000`20b57640 fffff802`21b68014 : 00000000`00000000 00000000`00000000 ffffc000`02313c00 ffffd000`20b57820 : nt!KiExceptionDispatch+0xc2
  68. ffffd000`20b57820 fffff802`21a84080 : ffffd000`20b57401 fffff802`21a71e6f fffff802`21a40000 ffffe000`03c10de8 : nt!KiPageFault+0x214
  69. ffffd000`20b579b8 00000000`00000000 : 00000000`00000000 fffff802`21caf100 00000000`00000000 ffffe000`003b3040 : nt!MiSetReadOnlyOnSectionView+0x204
  70.  
  71.  
  72. STACK_COMMAND: kb
  73.  
  74. FOLLOWUP_IP:
  75. nt!_report_gsfailure+25
  76. fffff802`21bc73f1 cc int 3
  77.  
  78. SYMBOL_STACK_INDEX: 1
  79.  
  80. SYMBOL_NAME: nt!_report_gsfailure+25
  81.  
  82. FOLLOWUP_NAME: MachineOwner
  83.  
  84. MODULE_NAME: nt
  85.  
  86. IMAGE_NAME: ntkrnlmp.exe
  87.  
  88. DEBUG_FLR_IMAGE_TIMESTAMP: 52341cf4
  89.  
  90. FAILURE_BUCKET_ID: X64_0xF7_MISSING_GSFRAME_nt!_report_gsfailure+25
  91.  
  92. BUCKET_ID: X64_0xF7_MISSING_GSFRAME_nt!_report_gsfailure+25
  93.  
  94. Followup: MachineOwner
  95. ---------
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!