API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Jul 15th, 2018
89
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 7.61 KB | None | 0 0
raw download clone embed print report
  1.  
  2. Microsoft (R) Windows Debugger Version 10.0.17674.1000 AMD64
  3. Copyright (c) Microsoft Corporation. All rights reserved.
  4.  
  5.  
  6. Loading Dump File [C:\Windows\MEMORY.DMP]
  7. Kernel Bitmap Dump File: Kernel address space is available, User address space may not be available.
  8.  
  9. Symbol search path is: srv*
  10. Executable search path is:
  11. Windows 10 Kernel Version 17134 MP (16 procs) Free x64
  12. Product: WinNt, suite: TerminalServer SingleUserTS
  13. Built by: 17134.1.amd64fre.rs4_release.180410-1804
  14. Machine Name:
  15. Kernel base = 0xfffff803`0aa94000 PsLoadedModuleList = 0xfffff803`0ae4e1f0
  16. Debug session time: Sun Jul 15 19:37:44.385 2018 (UTC + 2:00)
  17. System Uptime: 0 days 10:45:21.076
  18. Loading Kernel Symbols
  19. ...............................................................
  20. ....Page 34fd6 not present in the dump file. Type ".hh dbgerr004" for details
  21. ............................................................
  22. ....................................................
  23. Loading User Symbols
  24. PEB is paged out (Peb.Ldr = 00000070`42216018). Type ".hh dbgerr001" for details
  25. Loading unloaded module list
  26. .........
  27. *** ERROR: Module load completed but symbols could not be loaded for nvlddmkm.sys
  28. *******************************************************************************
  29. * *
  30. * Bugcheck Analysis *
  31. * *
  32. *******************************************************************************
  33.  
  34. Use !analyze -v to get detailed debugging information.
  35.  
  36. BugCheck F7, {ffffcdd81edff110, 25f4ae9c42d, fffffda0b5163bd2, 0}
  37.  
  38. Page 16a555 not present in the dump file. Type ".hh dbgerr004" for details
  39. Probably caused by : nvlddmkm.sys ( nvlddmkm+1b9306 )
  40.  
  41. Followup: MachineOwner
  42. ---------
  43.  
  44. nt!KeBugCheckEx:
  45. fffff803`0ac2c430 48894c2408 mov qword ptr [rsp+8],rcx ss:0018:ffffcd84`1edfe260=00000000000000f7
  46. 4: kd> !analyze -v
  47. *******************************************************************************
  48. * *
  49. * Bugcheck Analysis *
  50. * *
  51. *******************************************************************************
  52.  
  53. DRIVER_OVERRAN_STACK_BUFFER (f7)
  54. A driver has overrun a stack-based buffer. This overrun could potentially
  55. allow a malicious user to gain control of this machine.
  56. DESCRIPTION
  57. A driver overran a stack-based buffer (or local variable) in a way that would
  58. have overwritten the function's return address and jumped back to an arbitrary
  59. address when the function returned. This is the classic "buffer overrun"
  60. hacking attack and the system has been brought down to prevent a malicious user
  61. from gaining complete control of it.
  62. Do a kb to get a stack backtrace -- the last routine on the stack before the
  63. buffer overrun handlers and bugcheck call is the one that overran its local
  64. variable(s).
  65. Arguments:
  66. Arg1: ffffcdd81edff110, Actual security check cookie from the stack
  67. Arg2: 0000025f4ae9c42d, Expected security check cookie
  68. Arg3: fffffda0b5163bd2, Complement of the expected security check cookie
  69. Arg4: 0000000000000000, zero
  70.  
  71. Debugging Details:
  72. ------------------
  73.  
  74.  
  75. KEY_VALUES_STRING: 1
  76.  
  77.  
  78. STACKHASH_ANALYSIS: 1
  79.  
  80. TIMELINE_ANALYSIS: 1
  81.  
  82.  
  83. DUMP_CLASS: 1
  84.  
  85. DUMP_QUALIFIER: 401
  86.  
  87. BUILD_VERSION_STRING: 17134.1.amd64fre.rs4_release.180410-1804
  88.  
  89. SYSTEM_MANUFACTURER: Gigabyte Technology Co., Ltd.
  90.  
  91. SYSTEM_PRODUCT_NAME: X470 AORUS ULTRA GAMING
  92.  
  93. SYSTEM_SKU: Default string
  94.  
  95. SYSTEM_VERSION: Default string
  96.  
  97. BIOS_VENDOR: American Megatrends Inc.
  98.  
  99. BIOS_VERSION: F3g
  100.  
  101. BIOS_DATE: 05/10/2018
  102.  
  103. BASEBOARD_MANUFACTURER: Gigabyte Technology Co., Ltd.
  104.  
  105. BASEBOARD_PRODUCT: X470 AORUS ULTRA GAMING-CF
  106.  
  107. BASEBOARD_VERSION: x.x
  108.  
  109. DUMP_TYPE: 1
  110.  
  111. BUGCHECK_P1: ffffcdd81edff110
  112.  
  113. BUGCHECK_P2: 25f4ae9c42d
  114.  
  115. BUGCHECK_P3: fffffda0b5163bd2
  116.  
  117. BUGCHECK_P4: 0
  118.  
  119. SECURITY_COOKIE: Expected 0000025f4ae9c42d found ffffcdd81edff110
  120.  
  121. CPU_COUNT: 10
  122.  
  123. CPU_MHZ: e74
  124.  
  125. CPU_VENDOR: AuthenticAMD
  126.  
  127. CPU_FAMILY: 17
  128.  
  129. CPU_MODEL: 8
  130.  
  131. CPU_STEPPING: 2
  132.  
  133. BLACKBOXBSD: 1 (!blackboxbsd)
  134.  
  135.  
  136. BLACKBOXPNP: 1 (!blackboxpnp)
  137.  
  138.  
  139. DEFAULT_BUCKET_ID: WIN8_DRIVER_FAULT
  140.  
  141. BUGCHECK_STR: 0xF7
  142.  
  143. PROCESS_NAME: csrss.exe
  144.  
  145. CURRENT_IRQL: 0
  146.  
  147. ANALYSIS_SESSION_HOST: DESKTOP-P8CCI4V
  148.  
  149. ANALYSIS_SESSION_TIME: 07-15-2018 19:54:01.0156
  150.  
  151. ANALYSIS_VERSION: 10.0.17674.1000 amd64fre
  152.  
  153. LAST_CONTROL_TRANSFER: from fffff801393d9306 to fffff8030ac2c430
  154.  
  155. STACK_TEXT:
  156. ffffcd84`1edfe258 fffff801`393d9306 : 00000000`000000f7 ffffcdd8`1edff110 0000025f`4ae9c42d fffffda0`b5163bd2 : nt!KeBugCheckEx
  157. ffffcd84`1edfe260 fffff801`3933ddf6 : ffff8d05`dc639230 ffffcd84`1edfe3a0 ffffcd84`1edfe930 00000000`00372268 : nvlddmkm+0x1b9306
  158. ffffcd84`1edfe2a0 fffff801`3933f870 : ffff8d05`db4f9000 ffffcd84`1edfe6f0 ffff8d05`dc647540 ffff8d05`db4f9000 : nvlddmkm+0x11ddf6
  159. ffffcd84`1edfe640 fffff801`392ecc12 : 00000000`00000000 ffffcd84`1edfe6d9 ffffcd84`1edfe930 ffff8d05`dc647540 : nvlddmkm+0x11f870
  160. ffffcd84`1edfe670 fffff801`370044ff : fffff801`392ecb7a 00000000`00000100 00000000`00000000 ffff8d05`d78ed8f0 : nvlddmkm+0xccc12
  161. ffffcd84`1edfe740 fffff801`37035619 : ffffcd84`1edff300 ffffbd0a`2c55e750 ffffcd84`1edff198 ffffbd0a`00000002 : dxgkrnl!DXGCONTEXT::Render+0x77f
  162. ffffcd84`1edfee50 ffffd25c`929c8359 : ffffcd84`1edff3b0 00000000`00000000 ffffffff`00000002 00000000`00000000 : dxgkrnl!DxgkCddGdiCommand+0x5b9
  163. ffffcd84`1edff2f0 ffffd25c`929c6dd4 : 00000000`00028b92 00000000`00028b92 ffff8d05`dd6dacb0 ffffd21e`85ef3020 : cdd!CHwCommandBuffer::FlushGdiCommands+0x279
  164. ffffcd84`1edff570 fffff803`0ab78cd7 : ffff8d05`dd6ca080 ffff8d05`dd6ca080 ffffd25c`929c6840 ffffd21e`85ef3020 : cdd!PresentWorkerThread+0x594
  165. ffffcd84`1edffc10 fffff803`0ac338d6 : fffff803`09a77180 ffff8d05`dd6ca080 fffff803`0ab78c90 00000000`00000000 : nt!PspSystemThreadStartup+0x47
  166. ffffcd84`1edffc60 00000000`00000000 : ffffcd84`1ee00000 ffffcd84`1edfa000 00000000`00000000 00000000`00000000 : nt!KiStartSystemThread+0x16
  167.  
  168.  
  169. THREAD_SHA1_HASH_MOD_FUNC: d54fdbd4397a7382cbee4c44685652a3cd2c492d
  170.  
  171. THREAD_SHA1_HASH_MOD_FUNC_OFFSET: 35da004f060293df1a02deeba7ea788fb299f38c
  172.  
  173. THREAD_SHA1_HASH_MOD: 5609009770382e6f8f1fed28e89a5530191190d1
  174.  
  175. FOLLOWUP_IP:
  176. nvlddmkm+1b9306
  177. fffff801`393d9306 cc int 3
  178.  
  179. FAULT_INSTR_CODE: 8348cccc
  180.  
  181. SYMBOL_STACK_INDEX: 1
  182.  
  183. SYMBOL_NAME: nvlddmkm+1b9306
  184.  
  185. FOLLOWUP_NAME: MachineOwner
  186.  
  187. MODULE_NAME: nvlddmkm
  188.  
  189. IMAGE_NAME: nvlddmkm.sys
  190.  
  191. DEBUG_FLR_IMAGE_TIMESTAMP: 5b2fbada
  192.  
  193. STACK_COMMAND: .thread ; .cxr ; kb
  194.  
  195. BUCKET_ID_FUNC_OFFSET: 1b9306
  196.  
  197. FAILURE_BUCKET_ID: 0xF7_MISSING_GSFRAME_nvlddmkm!unknown_function
  198.  
  199. BUCKET_ID: 0xF7_MISSING_GSFRAME_nvlddmkm!unknown_function
  200.  
  201. PRIMARY_PROBLEM_CLASS: 0xF7_MISSING_GSFRAME_nvlddmkm!unknown_function
  202.  
  203. TARGET_TIME: 2018-07-15T17:37:44.000Z
  204.  
  205. OSBUILD: 17134
  206.  
  207. OSSERVICEPACK: 0
  208.  
  209. SERVICEPACK_NUMBER: 0
  210.  
  211. OS_REVISION: 0
  212.  
  213. SUITE_MASK: 272
  214.  
  215. PRODUCT_TYPE: 1
  216.  
  217. OSPLATFORM_TYPE: x64
  218.  
  219. OSNAME: Windows 10
  220.  
  221. OSEDITION: Windows 10 WinNt TerminalServer SingleUserTS
  222.  
  223. OS_LOCALE:
  224.  
  225. USER_LCID: 0
  226.  
  227. OSBUILD_TIMESTAMP: 2018-07-06 08:57:56
  228.  
  229. BUILDDATESTAMP_STR: 180410-1804
  230.  
  231. BUILDLAB_STR: rs4_release
  232.  
  233. BUILDOSVER_STR: 10.0.17134.1.amd64fre.rs4_release.180410-1804
  234.  
  235. ANALYSIS_SESSION_ELAPSED_TIME: b28
  236.  
  237. ANALYSIS_SOURCE: KM
  238.  
  239. FAILURE_ID_HASH_STRING: km:0xf7_missing_gsframe_nvlddmkm!unknown_function
  240.  
  241. FAILURE_ID_HASH: {2ffeac14-357b-96a5-98b2-2e606f12e8c0}
  242.  
  243. Followup: MachineOwner
  244. ---------
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!