SHARE
TWEET

Untitled

a guest Jul 23rd, 2019 111 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. Loading Dump File [C:\Windows\MEMORY.DMP]
  2. Kernel Bitmap Dump File: Kernel address space is available, User address space may not be available.
  3.  
  4. Symbol search path is: srv*
  5. Executable search path is:
  6. Windows 10 Kernel Version 18362 MP (16 procs) Free x64
  7. Product: WinNt, suite: TerminalServer SingleUserTS
  8. Built by: 18362.1.amd64fre.19h1_release.190318-1202
  9. Machine Name:
  10. Kernel base = 0xfffff806`03e00000 PsLoadedModuleList = 0xfffff806`042432f0
  11. Debug session time: Tue Jul 23 18:18:43.147 2019 (UTC + 2:00)
  12. System Uptime: 0 days 0:00:13.839
  13. Loading Kernel Symbols
  14. ...............................................................
  15. ................................................................
  16. .........................................................
  17. Loading User Symbols
  18. PEB is paged out (Peb.Ldr = 0000008e`4b776018).  Type ".hh dbgerr001" for details
  19. Loading unloaded module list
  20. .......
  21. For analysis of this file, run !analyze -v
  22. 6: kd> !analyze -v
  23. *******************************************************************************
  24. *                                                                             *
  25. *                        Bugcheck Analysis                                    *
  26. *                                                                             *
  27. *******************************************************************************
  28.  
  29. DRIVER_OVERRAN_STACK_BUFFER (f7)
  30. A driver has overrun a stack-based buffer.  This overrun could potentially
  31. allow a malicious user to gain control of this machine.
  32. DESCRIPTION
  33. A driver overran a stack-based buffer (or local variable) in a way that would
  34. have overwritten the function's return address and jumped back to an arbitrary
  35. address when the function returned.  This is the classic "buffer overrun"
  36. hacking attack and the system has been brought down to prevent a malicious user
  37. from gaining complete control of it.
  38. Do a kb to get a stack backtrace -- the last routine on the stack before the
  39. buffer overrun handlers and bugcheck call is the one that overran its local
  40. variable(s).
  41. Arguments:
  42. Arg1: 0008df46505c7860, Actual security check cookie from the stack
  43. Arg2: 0000df46505c7860, Expected security check cookie
  44. Arg3: ffff20b9afa3879f, Complement of the expected security check cookie
  45. Arg4: 0000000000000000, zero
  46.  
  47. Debugging Details:
  48. ------------------
  49.  
  50.  
  51. KEY_VALUES_STRING: 1
  52.  
  53.  
  54. PROCESSES_ANALYSIS: 1
  55.  
  56. SERVICE_ANALYSIS: 1
  57.  
  58. STACKHASH_ANALYSIS: 1
  59.  
  60. TIMELINE_ANALYSIS: 1
  61.  
  62.  
  63. DUMP_CLASS: 1
  64.  
  65. DUMP_QUALIFIER: 401
  66.  
  67. BUILD_VERSION_STRING:  18362.1.amd64fre.19h1_release.190318-1202
  68.  
  69. SYSTEM_MANUFACTURER:  Gigabyte Technology Co., Ltd.
  70.  
  71. SYSTEM_PRODUCT_NAME:  X470 AORUS ULTRA GAMING
  72.  
  73. SYSTEM_SKU:  Default string
  74.  
  75. SYSTEM_VERSION:  Default string
  76.  
  77. BIOS_VENDOR:  American Megatrends Inc.
  78.  
  79. BIOS_VERSION:  F41b
  80.  
  81. BIOS_DATE:  07/12/2019
  82.  
  83. BASEBOARD_MANUFACTURER:  Gigabyte Technology Co., Ltd.
  84.  
  85. BASEBOARD_PRODUCT:  X470 AORUS ULTRA GAMING-CF
  86.  
  87. BASEBOARD_VERSION:  Default string
  88.  
  89. DUMP_TYPE:  1
  90.  
  91. BUGCHECK_P1: 8df46505c7860
  92.  
  93. BUGCHECK_P2: df46505c7860
  94.  
  95. BUGCHECK_P3: ffff20b9afa3879f
  96.  
  97. BUGCHECK_P4: 0
  98.  
  99. SECURITY_COOKIE:  Expected 0000df46505c7860 found 0008df46505c7860
  100.  
  101. BUGCHECK_STR:  0xF7_ONE_BIT
  102.  
  103. CPU_COUNT: 10
  104.  
  105. CPU_MHZ: e74
  106.  
  107. CPU_VENDOR:  AuthenticAMD
  108.  
  109. CPU_FAMILY: 17
  110.  
  111. CPU_MODEL: 8
  112.  
  113. CPU_STEPPING: 2
  114.  
  115. BLACKBOXBSD: 1 (!blackboxbsd)
  116.  
  117.  
  118. BLACKBOXNTFS: 1 (!blackboxntfs)
  119.  
  120.  
  121. BLACKBOXWINLOGON: 1
  122.  
  123. DEFAULT_BUCKET_ID:  WIN8_DRIVER_FAULT
  124.  
  125. PROCESS_NAME:  svchost.exe
  126.  
  127. CURRENT_IRQL:  0
  128.  
  129. ANALYSIS_SESSION_HOST:  DESKTOP-VRM8R9M
  130.  
  131. ANALYSIS_SESSION_TIME:  07-23-2019 18:31:16.0074
  132.  
  133. ANALYSIS_VERSION: 10.0.18362.1 amd64fre
  134.  
  135. LAST_CONTROL_TRANSFER:  from fffff80604079e45 to fffff80603fbc900
  136.  
  137. STACK_TEXT:  
  138. ffffee83`72be08a8 fffff806`04079e45 : 00000000`000000f7 0008df46`505c7860 0000df46`505c7860 ffff20b9`afa3879f : nt!KeBugCheckEx
  139. ffffee83`72be08b0 fffff806`03e3e24d : 00000000`00000000 00000000`00000001 ffffc709`f9cdcb40 00000000`00000004 : nt!_report_gsfailure+0x25
  140. ffffee83`72be08f0 fffff806`03fce118 : 00000000`00000010 00000000`00000000 00000000`00000000 00000000`00000000 : nt!NtWaitForWorkViaWorkerFactory+0x31d
  141. ffffee83`72be0a90 00007ff9`3bc7f9f4 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x28
  142. 0000008e`4ba7f5c8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x00007ff9`3bc7f9f4
  143.  
  144.  
  145. THREAD_SHA1_HASH_MOD_FUNC:  2108b7abc0e792c7844ee6a3281c515ec010d93a
  146.  
  147. THREAD_SHA1_HASH_MOD_FUNC_OFFSET:  cdea38349e3eff88af4e99597221f83f825cbab1
  148.  
  149. THREAD_SHA1_HASH_MOD:  d084f7dfa548ce4e51810e4fd5914176ebc66791
  150.  
  151. FOLLOWUP_IP:
  152. nt!_report_gsfailure+25
  153. fffff806`04079e45 cc              int     3
  154.  
  155. FAULT_INSTR_CODE:  cccccccc
  156.  
  157. SYMBOL_STACK_INDEX:  1
  158.  
  159. SYMBOL_NAME:  nt!_report_gsfailure+25
  160.  
  161. FOLLOWUP_NAME:  MachineOwner
  162.  
  163. MODULE_NAME: nt
  164.  
  165. IMAGE_NAME:  ntkrnlmp.exe
  166.  
  167. DEBUG_FLR_IMAGE_TIMESTAMP:  3ed0f42
  168.  
  169. IMAGE_VERSION:  10.0.18362.239
  170.  
  171. STACK_COMMAND:  .thread ; .cxr ; kb
  172.  
  173. BUCKET_ID_FUNC_OFFSET:  25
  174.  
  175. FAILURE_BUCKET_ID:  0xF7_ONE_BIT_MISSING_GSFRAME_nt!_report_gsfailure
  176.  
  177. BUCKET_ID:  0xF7_ONE_BIT_MISSING_GSFRAME_nt!_report_gsfailure
  178.  
  179. PRIMARY_PROBLEM_CLASS:  0xF7_ONE_BIT_MISSING_GSFRAME_nt!_report_gsfailure
  180.  
  181. TARGET_TIME:  2019-07-23T16:18:43.000Z
  182.  
  183. OSBUILD:  18362
  184.  
  185. OSSERVICEPACK:  239
  186.  
  187. SERVICEPACK_NUMBER: 0
  188.  
  189. OS_REVISION: 0
  190.  
  191. SUITE_MASK:  272
  192.  
  193. PRODUCT_TYPE:  1
  194.  
  195. OSPLATFORM_TYPE:  x64
  196.  
  197. OSNAME:  Windows 10
  198.  
  199. OSEDITION:  Windows 10 WinNt TerminalServer SingleUserTS
  200.  
  201. OS_LOCALE:  
  202.  
  203. USER_LCID:  0
  204.  
  205. OSBUILD_TIMESTAMP:  1972-02-02 09:33:06
  206.  
  207. BUILDDATESTAMP_STR:  190318-1202
  208.  
  209. BUILDLAB_STR:  19h1_release
  210.  
  211. BUILDOSVER_STR:  10.0.18362.1.amd64fre.19h1_release.190318-1202
  212.  
  213. ANALYSIS_SESSION_ELAPSED_TIME:  3d51
  214.  
  215. ANALYSIS_SOURCE:  KM
  216.  
  217. FAILURE_ID_HASH_STRING:  km:0xf7_one_bit_missing_gsframe_nt!_report_gsfailure
  218.  
  219. FAILURE_ID_HASH:  {8f84f302-dd0e-1f96-6f9c-0ea31ad59f42}
  220.  
  221. Followup:     MachineOwner
  222. ---------
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top