Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- DRIVER_OVERRAN_STACK_BUFFER (f7)
- A driver has overrun a stack-based buffer. This overrun could potentially
- allow a malicious user to gain control of this machine.
- DESCRIPTION
- A driver overran a stack-based buffer (or local variable) in a way that would
- have overwritten the function's return address and jumped back to an arbitrary
- address when the function returned. This is the classic "buffer overrun"
- hacking attack and the system has been brought down to prevent a malicious user
- from gaining complete control of it.
- Do a kb to get a stack backtrace -- the last routine on the stack before the
- buffer overrun handlers and bugcheck call is the one that overran its local
- variable(s).
- Arguments:
- Arg1: ce4b37deeb0a7580, Actual security check cookie from the stack
- Arg2: 0000e668dabe8657, Expected security check cookie
- Arg3: ffff1997254179a8, Complement of the expected security check cookie
- Arg4: 0000000000000000, zero
- Debugging Details:
- ------------------
- KEY_VALUES_STRING: 1
- PROCESSES_ANALYSIS: 1
- SERVICE_ANALYSIS: 1
- STACKHASH_ANALYSIS: 1
- TIMELINE_ANALYSIS: 1
- DUMP_CLASS: 1
- DUMP_QUALIFIER: 401
- BUILD_VERSION_STRING: 17763.1.amd64fre.rs5_release.180914-1434
- SYSTEM_MANUFACTURER: Micro-Star International Co., Ltd
- SYSTEM_PRODUCT_NAME: MS-7B07
- SYSTEM_SKU: To be filled by O.E.M.
- SYSTEM_VERSION: 1.0
- BIOS_VENDOR: American Megatrends Inc.
- BIOS_VERSION: 2.B0
- BIOS_DATE: 11/06/2018
- BASEBOARD_MANUFACTURER: Micro-Star International Co., Ltd
- BASEBOARD_PRODUCT: B350M PRO-VH PLUS (MS-7B07)
- BASEBOARD_VERSION: 1.0
- DUMP_TYPE: 1
- BUGCHECK_P1: ce4b37deeb0a7580
- BUGCHECK_P2: e668dabe8657
- BUGCHECK_P3: ffff1997254179a8
- BUGCHECK_P4: 0
- SECURITY_COOKIE: Expected 0000e668dabe8657 found ce4b37deeb0a7580
- CPU_COUNT: c
- CPU_MHZ: e10
- CPU_VENDOR: AuthenticAMD
- CPU_FAMILY: 17
- CPU_MODEL: 1
- CPU_STEPPING: 1
- BLACKBOXBSD: 1 (!blackboxbsd)
- DEFAULT_BUCKET_ID: WIN8_DRIVER_FAULT
- BUGCHECK_STR: 0xF7
- PROCESS_NAME: System
- CURRENT_IRQL: 2
- ANALYSIS_SESSION_HOST: DESKTOP-P2JCIAF
- ANALYSIS_SESSION_TIME: 07-03-2019 03:08:02.0044
- ANALYSIS_VERSION: 10.0.18362.1 x86fre
- LAST_CONTROL_TRANSFER: from fffff8025890e7b5 to fffff8025885aef0
- STACK_TEXT:
- ffffc409`eb0a7538 fffff802`5890e7b5 : 00000000`000000f7 ce4b37de`eb0a7580 0000e668`dabe8657 ffff1997`254179a8 : nt!KeBugCheckEx
- ffffc409`eb0a7540 fffff802`5870f9c7 : fffff802`58ae32f0 ffffc37b`99f3a000 00000000`00000002 fffff802`00000001 : nt!_report_gsfailure+0x25
- ffffc409`eb0a7580 fffff802`5870de91 : fffff802`58ae2ee0 00000000`00000000 00000000`00000009 00000000`00000080 : nt!MiMakeZeroedPageTablesEx+0x253
- ffffc409`eb0a77e0 fffff802`5870de59 : fffff802`58ae2158 00000000`00000001 00000000`00000009 fffff802`00000002 : nt!MiMakeZeroedPageTables+0x9
- ffffc409`eb0a7820 fffff802`586d2b88 : ffffc37b`99f3a080 fffff802`00000000 ffff2261`31b4f117 00000000`00000000 : nt!MiSplitBitmapPages+0x6d
- ffffc409`eb0a7850 fffff802`5878c555 : 00000000`00000000 00000000`00000080 00000000`00000000 00000000`00000000 : nt!MiExpandPtes+0x150
- ffffc409`eb0a7910 fffff802`5878affe : 00000027`0db68a01 fffff802`00000003 ffffc409`eb0a7a40 ffff2261`31b4ffd7 : nt!MiReservePtes+0x435
- ffffc409`eb0a79e0 fffff802`587a322a : 00000000`59df0000 ffff2261`31b4ffa7 fffff802`586e7500 ffffa308`d23c5300 : nt!MmMapLockedPagesSpecifyCache+0xce
- ffffc409`eb0a7a40 fffff802`586e760a : ffffa308`d23c5300 00000000`00000000 00000000`00080000 ffffa308`00000005 : nt!CcCompleteAsyncRead+0xf2
- ffffc409`eb0a7b30 fffff802`5871bbfa : ffffa308`d0b11040 fffff802`586e75c0 ffffa308`d13d11f0 ffffa308`b3ceecb0 : nt!CcCompleteAsyncReadWorker+0x4a
- ffffc409`eb0a7b70 fffff802`586e4b35 : ffffa308`d0b11040 ffffa308`b3c6b040 ffffa308`d0b11040 00000000`00000000 : nt!ExpWorkerThread+0x16a
- ffffc409`eb0a7c10 fffff802`5886235c : ffffb381`ce19e180 ffffa308`d0b11040 fffff802`586e4ae0 00000000`00000000 : nt!PspSystemThreadStartup+0x55
- ffffc409`eb0a7c60 00000000`00000000 : ffffc409`eb0a8000 ffffc409`eb0a2000 00000000`00000000 00000000`00000000 : nt!KiStartSystemThread+0x1c
- THREAD_SHA1_HASH_MOD_FUNC: 7fee156177d79f735223a9a9f95185f063a61ba8
- THREAD_SHA1_HASH_MOD_FUNC_OFFSET: 5fc1cf84ecd72ab0238d797518a9227b5886d195
- THREAD_SHA1_HASH_MOD: fe34192f63d13620a8987d294372ee74d699cfee
- FOLLOWUP_IP:
- nt!_report_gsfailure+25
- fffff802`5890e7b5 cc int 3
- FAULT_INSTR_CODE: cccccccc
- SYMBOL_STACK_INDEX: 1
- SYMBOL_NAME: nt!_report_gsfailure+25
- FOLLOWUP_NAME: MachineOwner
- MODULE_NAME: nt
- IMAGE_NAME: ntkrnlmp.exe
- DEBUG_FLR_IMAGE_TIMESTAMP: 33a6c3fc
- STACK_COMMAND: .thread ; .cxr ; kb
- BUCKET_ID_FUNC_OFFSET: 25
- FAILURE_BUCKET_ID: 0xF7_MISSING_GSFRAME_nt!_report_gsfailure
- BUCKET_ID: 0xF7_MISSING_GSFRAME_nt!_report_gsfailure
- PRIMARY_PROBLEM_CLASS: 0xF7_MISSING_GSFRAME_nt!_report_gsfailure
- TARGET_TIME: 2019-06-18T03:07:47.000Z
- OSBUILD: 17763
- OSSERVICEPACK: 0
- SERVICEPACK_NUMBER: 0
- OS_REVISION: 0
- SUITE_MASK: 784
- PRODUCT_TYPE: 1
- OSPLATFORM_TYPE: x64
- OSNAME: Windows 10
- OSEDITION: Windows 10 WinNt TerminalServer SingleUserTS Personal
- OS_LOCALE:
- USER_LCID: 0
- OSBUILD_TIMESTAMP: 1997-06-17 14:06:04
- BUILDDATESTAMP_STR: 180914-1434
- BUILDLAB_STR: rs5_release
- BUILDOSVER_STR: 10.0.17763.1.amd64fre.rs5_release.180914-1434
- ANALYSIS_SESSION_ELAPSED_TIME: 1459
- ANALYSIS_SOURCE: KM
- FAILURE_ID_HASH_STRING: km:0xf7_missing_gsframe_nt!_report_gsfailure
- FAILURE_ID_HASH: {82d2c1b5-b0cb-60a5-9a5d-78c8c4284f84}
- Followup: MachineOwner
- ---------
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
