Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Crash Dump Analysis provided by OSR Open Systems Resources, Inc. (http://www.osr.com)
- Online Crash Dump Analysis Service
- See http://www.osronline.com for more information
- Windows 8 Kernel Version 9600 MP (8 procs) Free x64
- Product: WinNt, suite: TerminalServer SingleUserTS Personal
- Built by: 9600.16404.amd64fre.winblue_gdr.130913-2141
- Machine Name:
- Kernel base = 0xfffff802`21a10000 PsLoadedModuleList = 0xfffff802`21cd4990
- Debug session time: Sat Nov 9 06:41:12.536 2013 (UTC - 5:00)
- System Uptime: 0 days 2:39:44.245
- *******************************************************************************
- * *
- * Bugcheck Analysis *
- * *
- *******************************************************************************
- DRIVER_OVERRAN_STACK_BUFFER (f7)
- A driver has overrun a stack-based buffer. This overrun could potentially
- allow a malicious user to gain control of this machine.
- DESCRIPTION
- A driver overran a stack-based buffer (or local variable) in a way that would
- have overwritten the function's return address and jumped back to an arbitrary
- address when the function returned. This is the classic "buffer overrun"
- hacking attack and the system has been brought down to prevent a malicious user
- from gaining complete control of it.
- Do a kb to get a stack backtrace -- the last routine on the stack before the
- buffer overrun handlers and bugcheck call is the one that overran its local
- variable(s).
- Arguments:
- Arg1: 000028020111dfe5, Actual security check cookie from the stack
- Arg2: 00004d0dc8bba99c, Expected security check cookie
- Arg3: ffffb2f237445663, Complement of the expected security check cookie
- Arg4: 0000000000000000, zero
- Debugging Details:
- ------------------
- TRIAGER: Could not open triage file : e:\dump_analysis\program\triage\modclass.ini, error 2
- DEFAULT_BUCKET_ID: GS_FALSE_POSITIVE_MISSING_GSFRAME
- SECURITY_COOKIE: Expected 00004d0dc8bba99c found 000028020111dfe5
- CUSTOMER_CRASH_COUNT: 1
- BUGCHECK_STR: 0xF7
- PROCESS_NAME: System
- CURRENT_IRQL: 0
- EXCEPTION_RECORD: ffffe0004adbc800 -- (.exr 0xffffe0004adbc800)
- Cannot read Exception record @ ffffe0004adbc800
- TRAP_FRAME: ffffe0004990bbd0 -- (.trap 0xffffe0004990bbd0)
- Unable to read trap frame at ffffe000`4990bbd0
- LAST_CONTROL_TRANSFER: from fffff80221bc73f1 to fffff80221b5dca0
- STACK_TEXT:
- ffffd000`20b567a8 fffff802`21bc73f1 : 00000000`000000f7 00002802`0111dfe5 00004d0d`c8bba99c ffffb2f2`37445663 : nt!KeBugCheckEx
- ffffd000`20b567b0 fffff802`21b50b53 : ffffd000`20b569b8 ffffd000`00000003 00000000`00001000 fffff802`21af010f : nt!_report_gsfailure+0x25
- ffffd000`20b567f0 fffff802`21b651ed : fffff802`21d13000 fffff802`21a10000 0003ed6c`00781000 ffffc000`0eb46d20 : nt!_GSHandlerCheck+0x13
- ffffd000`20b56820 fffff802`21af09a5 : ffffd000`20b56f80 ffffd000`20b56950 ffffd000`20b57778 ffffd000`20b56900 : nt!RtlpExecuteHandlerForException+0xd
- ffffd000`20b56850 fffff802`21af186b : ffffd000`20b57778 ffffd000`20b57480 ffffd000`20b57778 ffffd000`20b574c0 : nt!RtlDispatchException+0x455
- ffffd000`20b56f50 fffff802`21b698c2 : ffffe000`4adbc800 00000000`00022a00 ffffe000`4990bbd0 00000000`00000000 : nt!KiDispatchException+0x61f
- ffffd000`20b57640 fffff802`21b68014 : 00000000`00000000 00000000`00000000 ffffc000`02313c00 ffffd000`20b57820 : nt!KiExceptionDispatch+0xc2
- ffffd000`20b57820 fffff802`21a84080 : ffffd000`20b57401 fffff802`21a71e6f fffff802`21a40000 ffffe000`03c10de8 : nt!KiPageFault+0x214
- ffffd000`20b579b8 00000000`00000000 : 00000000`00000000 fffff802`21caf100 00000000`00000000 ffffe000`003b3040 : nt!MiSetReadOnlyOnSectionView+0x204
- STACK_COMMAND: kb
- FOLLOWUP_IP:
- nt!_report_gsfailure+25
- fffff802`21bc73f1 cc int 3
- SYMBOL_STACK_INDEX: 1
- SYMBOL_NAME: nt!_report_gsfailure+25
- FOLLOWUP_NAME: MachineOwner
- MODULE_NAME: nt
- IMAGE_NAME: ntkrnlmp.exe
- DEBUG_FLR_IMAGE_TIMESTAMP: 52341cf4
- FAILURE_BUCKET_ID: X64_0xF7_MISSING_GSFRAME_nt!_report_gsfailure+25
- BUCKET_ID: X64_0xF7_MISSING_GSFRAME_nt!_report_gsfailure+25
- Followup: MachineOwner
- ---------
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement