Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Microsoft (R) Windows Debugger Version 10.0.17674.1000 AMD64
- Copyright (c) Microsoft Corporation. All rights reserved.
- Loading Dump File [C:\Windows\MEMORY.DMP]
- Kernel Bitmap Dump File: Kernel address space is available, User address space may not be available.
- Symbol search path is: srv*
- Executable search path is:
- Windows 10 Kernel Version 17134 MP (16 procs) Free x64
- Product: WinNt, suite: TerminalServer SingleUserTS
- Built by: 17134.1.amd64fre.rs4_release.180410-1804
- Machine Name:
- Kernel base = 0xfffff803`0aa94000 PsLoadedModuleList = 0xfffff803`0ae4e1f0
- Debug session time: Sun Jul 15 19:37:44.385 2018 (UTC + 2:00)
- System Uptime: 0 days 10:45:21.076
- Loading Kernel Symbols
- ...............................................................
- ....Page 34fd6 not present in the dump file. Type ".hh dbgerr004" for details
- ............................................................
- ....................................................
- Loading User Symbols
- PEB is paged out (Peb.Ldr = 00000070`42216018). Type ".hh dbgerr001" for details
- Loading unloaded module list
- .........
- *** ERROR: Module load completed but symbols could not be loaded for nvlddmkm.sys
- *******************************************************************************
- * *
- * Bugcheck Analysis *
- * *
- *******************************************************************************
- Use !analyze -v to get detailed debugging information.
- BugCheck F7, {ffffcdd81edff110, 25f4ae9c42d, fffffda0b5163bd2, 0}
- Page 16a555 not present in the dump file. Type ".hh dbgerr004" for details
- Probably caused by : nvlddmkm.sys ( nvlddmkm+1b9306 )
- Followup: MachineOwner
- ---------
- nt!KeBugCheckEx:
- fffff803`0ac2c430 48894c2408 mov qword ptr [rsp+8],rcx ss:0018:ffffcd84`1edfe260=00000000000000f7
- 4: kd> !analyze -v
- *******************************************************************************
- * *
- * Bugcheck Analysis *
- * *
- *******************************************************************************
- DRIVER_OVERRAN_STACK_BUFFER (f7)
- A driver has overrun a stack-based buffer. This overrun could potentially
- allow a malicious user to gain control of this machine.
- DESCRIPTION
- A driver overran a stack-based buffer (or local variable) in a way that would
- have overwritten the function's return address and jumped back to an arbitrary
- address when the function returned. This is the classic "buffer overrun"
- hacking attack and the system has been brought down to prevent a malicious user
- from gaining complete control of it.
- Do a kb to get a stack backtrace -- the last routine on the stack before the
- buffer overrun handlers and bugcheck call is the one that overran its local
- variable(s).
- Arguments:
- Arg1: ffffcdd81edff110, Actual security check cookie from the stack
- Arg2: 0000025f4ae9c42d, Expected security check cookie
- Arg3: fffffda0b5163bd2, Complement of the expected security check cookie
- Arg4: 0000000000000000, zero
- Debugging Details:
- ------------------
- KEY_VALUES_STRING: 1
- STACKHASH_ANALYSIS: 1
- TIMELINE_ANALYSIS: 1
- DUMP_CLASS: 1
- DUMP_QUALIFIER: 401
- BUILD_VERSION_STRING: 17134.1.amd64fre.rs4_release.180410-1804
- SYSTEM_MANUFACTURER: Gigabyte Technology Co., Ltd.
- SYSTEM_PRODUCT_NAME: X470 AORUS ULTRA GAMING
- SYSTEM_SKU: Default string
- SYSTEM_VERSION: Default string
- BIOS_VENDOR: American Megatrends Inc.
- BIOS_VERSION: F3g
- BIOS_DATE: 05/10/2018
- BASEBOARD_MANUFACTURER: Gigabyte Technology Co., Ltd.
- BASEBOARD_PRODUCT: X470 AORUS ULTRA GAMING-CF
- BASEBOARD_VERSION: x.x
- DUMP_TYPE: 1
- BUGCHECK_P1: ffffcdd81edff110
- BUGCHECK_P2: 25f4ae9c42d
- BUGCHECK_P3: fffffda0b5163bd2
- BUGCHECK_P4: 0
- SECURITY_COOKIE: Expected 0000025f4ae9c42d found ffffcdd81edff110
- CPU_COUNT: 10
- CPU_MHZ: e74
- CPU_VENDOR: AuthenticAMD
- CPU_FAMILY: 17
- CPU_MODEL: 8
- CPU_STEPPING: 2
- BLACKBOXBSD: 1 (!blackboxbsd)
- BLACKBOXPNP: 1 (!blackboxpnp)
- DEFAULT_BUCKET_ID: WIN8_DRIVER_FAULT
- BUGCHECK_STR: 0xF7
- PROCESS_NAME: csrss.exe
- CURRENT_IRQL: 0
- ANALYSIS_SESSION_HOST: DESKTOP-P8CCI4V
- ANALYSIS_SESSION_TIME: 07-15-2018 19:54:01.0156
- ANALYSIS_VERSION: 10.0.17674.1000 amd64fre
- LAST_CONTROL_TRANSFER: from fffff801393d9306 to fffff8030ac2c430
- STACK_TEXT:
- ffffcd84`1edfe258 fffff801`393d9306 : 00000000`000000f7 ffffcdd8`1edff110 0000025f`4ae9c42d fffffda0`b5163bd2 : nt!KeBugCheckEx
- ffffcd84`1edfe260 fffff801`3933ddf6 : ffff8d05`dc639230 ffffcd84`1edfe3a0 ffffcd84`1edfe930 00000000`00372268 : nvlddmkm+0x1b9306
- ffffcd84`1edfe2a0 fffff801`3933f870 : ffff8d05`db4f9000 ffffcd84`1edfe6f0 ffff8d05`dc647540 ffff8d05`db4f9000 : nvlddmkm+0x11ddf6
- ffffcd84`1edfe640 fffff801`392ecc12 : 00000000`00000000 ffffcd84`1edfe6d9 ffffcd84`1edfe930 ffff8d05`dc647540 : nvlddmkm+0x11f870
- ffffcd84`1edfe670 fffff801`370044ff : fffff801`392ecb7a 00000000`00000100 00000000`00000000 ffff8d05`d78ed8f0 : nvlddmkm+0xccc12
- ffffcd84`1edfe740 fffff801`37035619 : ffffcd84`1edff300 ffffbd0a`2c55e750 ffffcd84`1edff198 ffffbd0a`00000002 : dxgkrnl!DXGCONTEXT::Render+0x77f
- ffffcd84`1edfee50 ffffd25c`929c8359 : ffffcd84`1edff3b0 00000000`00000000 ffffffff`00000002 00000000`00000000 : dxgkrnl!DxgkCddGdiCommand+0x5b9
- ffffcd84`1edff2f0 ffffd25c`929c6dd4 : 00000000`00028b92 00000000`00028b92 ffff8d05`dd6dacb0 ffffd21e`85ef3020 : cdd!CHwCommandBuffer::FlushGdiCommands+0x279
- ffffcd84`1edff570 fffff803`0ab78cd7 : ffff8d05`dd6ca080 ffff8d05`dd6ca080 ffffd25c`929c6840 ffffd21e`85ef3020 : cdd!PresentWorkerThread+0x594
- ffffcd84`1edffc10 fffff803`0ac338d6 : fffff803`09a77180 ffff8d05`dd6ca080 fffff803`0ab78c90 00000000`00000000 : nt!PspSystemThreadStartup+0x47
- ffffcd84`1edffc60 00000000`00000000 : ffffcd84`1ee00000 ffffcd84`1edfa000 00000000`00000000 00000000`00000000 : nt!KiStartSystemThread+0x16
- THREAD_SHA1_HASH_MOD_FUNC: d54fdbd4397a7382cbee4c44685652a3cd2c492d
- THREAD_SHA1_HASH_MOD_FUNC_OFFSET: 35da004f060293df1a02deeba7ea788fb299f38c
- THREAD_SHA1_HASH_MOD: 5609009770382e6f8f1fed28e89a5530191190d1
- FOLLOWUP_IP:
- nvlddmkm+1b9306
- fffff801`393d9306 cc int 3
- FAULT_INSTR_CODE: 8348cccc
- SYMBOL_STACK_INDEX: 1
- SYMBOL_NAME: nvlddmkm+1b9306
- FOLLOWUP_NAME: MachineOwner
- MODULE_NAME: nvlddmkm
- IMAGE_NAME: nvlddmkm.sys
- DEBUG_FLR_IMAGE_TIMESTAMP: 5b2fbada
- STACK_COMMAND: .thread ; .cxr ; kb
- BUCKET_ID_FUNC_OFFSET: 1b9306
- FAILURE_BUCKET_ID: 0xF7_MISSING_GSFRAME_nvlddmkm!unknown_function
- BUCKET_ID: 0xF7_MISSING_GSFRAME_nvlddmkm!unknown_function
- PRIMARY_PROBLEM_CLASS: 0xF7_MISSING_GSFRAME_nvlddmkm!unknown_function
- TARGET_TIME: 2018-07-15T17:37:44.000Z
- OSBUILD: 17134
- OSSERVICEPACK: 0
- SERVICEPACK_NUMBER: 0
- OS_REVISION: 0
- SUITE_MASK: 272
- PRODUCT_TYPE: 1
- OSPLATFORM_TYPE: x64
- OSNAME: Windows 10
- OSEDITION: Windows 10 WinNt TerminalServer SingleUserTS
- OS_LOCALE:
- USER_LCID: 0
- OSBUILD_TIMESTAMP: 2018-07-06 08:57:56
- BUILDDATESTAMP_STR: 180410-1804
- BUILDLAB_STR: rs4_release
- BUILDOSVER_STR: 10.0.17134.1.amd64fre.rs4_release.180410-1804
- ANALYSIS_SESSION_ELAPSED_TIME: b28
- ANALYSIS_SOURCE: KM
- FAILURE_ID_HASH_STRING: km:0xf7_missing_gsframe_nvlddmkm!unknown_function
- FAILURE_ID_HASH: {2ffeac14-357b-96a5-98b2-2e606f12e8c0}
- Followup: MachineOwner
- ---------
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement