Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Loading Dump File [C:\Windows\MEMORY.DMP]
- Kernel Bitmap Dump File: Kernel address space is available, User address space may not be available.
- Symbol search path is: srv*
- Executable search path is:
- Windows 10 Kernel Version 18362 MP (16 procs) Free x64
- Product: WinNt, suite: TerminalServer SingleUserTS
- Built by: 18362.1.amd64fre.19h1_release.190318-1202
- Machine Name:
- Kernel base = 0xfffff806`03e00000 PsLoadedModuleList = 0xfffff806`042432f0
- Debug session time: Tue Jul 23 18:18:43.147 2019 (UTC + 2:00)
- System Uptime: 0 days 0:00:13.839
- Loading Kernel Symbols
- ...............................................................
- ................................................................
- .........................................................
- Loading User Symbols
- PEB is paged out (Peb.Ldr = 0000008e`4b776018). Type ".hh dbgerr001" for details
- Loading unloaded module list
- .......
- For analysis of this file, run !analyze -v
- 6: kd> !analyze -v
- *******************************************************************************
- * *
- * Bugcheck Analysis *
- * *
- *******************************************************************************
- DRIVER_OVERRAN_STACK_BUFFER (f7)
- A driver has overrun a stack-based buffer. This overrun could potentially
- allow a malicious user to gain control of this machine.
- DESCRIPTION
- A driver overran a stack-based buffer (or local variable) in a way that would
- have overwritten the function's return address and jumped back to an arbitrary
- address when the function returned. This is the classic "buffer overrun"
- hacking attack and the system has been brought down to prevent a malicious user
- from gaining complete control of it.
- Do a kb to get a stack backtrace -- the last routine on the stack before the
- buffer overrun handlers and bugcheck call is the one that overran its local
- variable(s).
- Arguments:
- Arg1: 0008df46505c7860, Actual security check cookie from the stack
- Arg2: 0000df46505c7860, Expected security check cookie
- Arg3: ffff20b9afa3879f, Complement of the expected security check cookie
- Arg4: 0000000000000000, zero
- Debugging Details:
- ------------------
- KEY_VALUES_STRING: 1
- PROCESSES_ANALYSIS: 1
- SERVICE_ANALYSIS: 1
- STACKHASH_ANALYSIS: 1
- TIMELINE_ANALYSIS: 1
- DUMP_CLASS: 1
- DUMP_QUALIFIER: 401
- BUILD_VERSION_STRING: 18362.1.amd64fre.19h1_release.190318-1202
- SYSTEM_MANUFACTURER: Gigabyte Technology Co., Ltd.
- SYSTEM_PRODUCT_NAME: X470 AORUS ULTRA GAMING
- SYSTEM_SKU: Default string
- SYSTEM_VERSION: Default string
- BIOS_VENDOR: American Megatrends Inc.
- BIOS_VERSION: F41b
- BIOS_DATE: 07/12/2019
- BASEBOARD_MANUFACTURER: Gigabyte Technology Co., Ltd.
- BASEBOARD_PRODUCT: X470 AORUS ULTRA GAMING-CF
- BASEBOARD_VERSION: Default string
- DUMP_TYPE: 1
- BUGCHECK_P1: 8df46505c7860
- BUGCHECK_P2: df46505c7860
- BUGCHECK_P3: ffff20b9afa3879f
- BUGCHECK_P4: 0
- SECURITY_COOKIE: Expected 0000df46505c7860 found 0008df46505c7860
- BUGCHECK_STR: 0xF7_ONE_BIT
- CPU_COUNT: 10
- CPU_MHZ: e74
- CPU_VENDOR: AuthenticAMD
- CPU_FAMILY: 17
- CPU_MODEL: 8
- CPU_STEPPING: 2
- BLACKBOXBSD: 1 (!blackboxbsd)
- BLACKBOXNTFS: 1 (!blackboxntfs)
- BLACKBOXWINLOGON: 1
- DEFAULT_BUCKET_ID: WIN8_DRIVER_FAULT
- PROCESS_NAME: svchost.exe
- CURRENT_IRQL: 0
- ANALYSIS_SESSION_HOST: DESKTOP-VRM8R9M
- ANALYSIS_SESSION_TIME: 07-23-2019 18:31:16.0074
- ANALYSIS_VERSION: 10.0.18362.1 amd64fre
- LAST_CONTROL_TRANSFER: from fffff80604079e45 to fffff80603fbc900
- STACK_TEXT:
- ffffee83`72be08a8 fffff806`04079e45 : 00000000`000000f7 0008df46`505c7860 0000df46`505c7860 ffff20b9`afa3879f : nt!KeBugCheckEx
- ffffee83`72be08b0 fffff806`03e3e24d : 00000000`00000000 00000000`00000001 ffffc709`f9cdcb40 00000000`00000004 : nt!_report_gsfailure+0x25
- ffffee83`72be08f0 fffff806`03fce118 : 00000000`00000010 00000000`00000000 00000000`00000000 00000000`00000000 : nt!NtWaitForWorkViaWorkerFactory+0x31d
- ffffee83`72be0a90 00007ff9`3bc7f9f4 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x28
- 0000008e`4ba7f5c8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x00007ff9`3bc7f9f4
- THREAD_SHA1_HASH_MOD_FUNC: 2108b7abc0e792c7844ee6a3281c515ec010d93a
- THREAD_SHA1_HASH_MOD_FUNC_OFFSET: cdea38349e3eff88af4e99597221f83f825cbab1
- THREAD_SHA1_HASH_MOD: d084f7dfa548ce4e51810e4fd5914176ebc66791
- FOLLOWUP_IP:
- nt!_report_gsfailure+25
- fffff806`04079e45 cc int 3
- FAULT_INSTR_CODE: cccccccc
- SYMBOL_STACK_INDEX: 1
- SYMBOL_NAME: nt!_report_gsfailure+25
- FOLLOWUP_NAME: MachineOwner
- MODULE_NAME: nt
- IMAGE_NAME: ntkrnlmp.exe
- DEBUG_FLR_IMAGE_TIMESTAMP: 3ed0f42
- IMAGE_VERSION: 10.0.18362.239
- STACK_COMMAND: .thread ; .cxr ; kb
- BUCKET_ID_FUNC_OFFSET: 25
- FAILURE_BUCKET_ID: 0xF7_ONE_BIT_MISSING_GSFRAME_nt!_report_gsfailure
- BUCKET_ID: 0xF7_ONE_BIT_MISSING_GSFRAME_nt!_report_gsfailure
- PRIMARY_PROBLEM_CLASS: 0xF7_ONE_BIT_MISSING_GSFRAME_nt!_report_gsfailure
- TARGET_TIME: 2019-07-23T16:18:43.000Z
- OSBUILD: 18362
- OSSERVICEPACK: 239
- SERVICEPACK_NUMBER: 0
- OS_REVISION: 0
- SUITE_MASK: 272
- PRODUCT_TYPE: 1
- OSPLATFORM_TYPE: x64
- OSNAME: Windows 10
- OSEDITION: Windows 10 WinNt TerminalServer SingleUserTS
- OS_LOCALE:
- USER_LCID: 0
- OSBUILD_TIMESTAMP: 1972-02-02 09:33:06
- BUILDDATESTAMP_STR: 190318-1202
- BUILDLAB_STR: 19h1_release
- BUILDOSVER_STR: 10.0.18362.1.amd64fre.19h1_release.190318-1202
- ANALYSIS_SESSION_ELAPSED_TIME: 3d51
- ANALYSIS_SOURCE: KM
- FAILURE_ID_HASH_STRING: km:0xf7_one_bit_missing_gsframe_nt!_report_gsfailure
- FAILURE_ID_HASH: {8f84f302-dd0e-1f96-6f9c-0ea31ad59f42}
- Followup: MachineOwner
- ---------
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
