- Katılım
- 9 Ekim 2016
- Mesajlar
- 3.115
- Çözümler
- 10
Minidump içeriği aşağıdaki gibidir.
Kod:
************* Preparing the environment for Debugger Extensions Gallery repositories **************
ExtensionRepository : Implicit
UseExperimentalFeatureForNugetShare : false
AllowNugetExeUpdate : false
AllowNugetMSCredentialProviderInstall : false
AllowParallelInitializationOfLocalRepositories : true
-- Configuring repositories
----> Repository : LocalInstalled, Enabled: true
----> Repository : UserExtensions, Enabled: true
>>>>>>>>>>>>> Preparing the environment for Debugger Extensions Gallery repositories completed, duration 0.000 seconds
************* Waiting for Debugger Extensions Gallery to Initialize **************
>>>>>>>>>>>>> Waiting for Debugger Extensions Gallery to Initialize completed, duration 0.016 seconds
----> Repository : UserExtensions, Enabled: true, Packages count: 0
----> Repository : LocalInstalled, Enabled: true, Packages count: 36
Microsoft (R) Windows Debugger Version 10.0.25877.1004 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\Users\isken\OneDrive\Masaüstü\Yeni klasör (3)\081723-165250-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
************* Path validation summary **************
Response Time (ms) Location
Deferred srv*
Symbol search path is: srv*
Executable search path is:
Windows 10 Kernel Version 19041 MP (16 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Edition build lab: 19041.1.amd64fre.vb_release.191206-1406
Kernel base = 0xfffff802`3b600000 PsLoadedModuleList = 0xfffff802`3c22a3d0
Debug session time: Thu Aug 17 19:32:44.627 2023 (UTC + 3:00)
System Uptime: 1 days 18:42:46.328
Loading Kernel Symbols
...............................................................
................................................................
................................................................
.............
Loading User Symbols
Loading unloaded module list
..................................................
For analysis of this file, run !analyze -v
*** WARNING: Unable to verify timestamp for nvlddmkm.sys
nt!KeBugCheckEx:
fffff802`3b9fcc40 48894c2408 mov qword ptr [rsp+8],rcx ss:0018:fffff802`402746f0=00000000000000f7
0: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
DRIVER_OVERRAN_STACK_BUFFER (f7)
A driver has overrun a stack-based buffer. This overrun could potentially
allow a malicious user to gain control of this machine.
DESCRIPTION
A driver overran a stack-based buffer (or local variable) in a way that would
have overwritten the function's return address and jumped back to an arbitrary
address when the function returned. This is the classic "buffer overrun"
hacking attack and the system has been brought down to prevent a malicious user
from gaining complete control of it.
Do a kb to get a stack backtrace -- the last routine on the stack before the
buffer overrun handlers and BugCheck call is the one that overran its local
variable(s).
Arguments:
Arg1: 0000078340274131, Actual security check cookie from the stack
Arg2: 00000783731b6849, Expected security check cookie
Arg3: fffff87c8ce497b6, Complement of the expected security check cookie
Arg4: 0000000000000000, zero
Debugging Details:
------------------
KEY_VALUES_STRING: 1
Key : Analysis.CPU.mSec
Value: 2358
Key : Analysis.Elapsed.mSec
Value: 5997
Key : Analysis.IO.Other.Mb
Value: 0
Key : Analysis.IO.Read.Mb
Value: 0
Key : Analysis.IO.Write.Mb
Value: 0
Key : Analysis.Init.CPU.mSec
Value: 280
Key : Analysis.Init.Elapsed.mSec
Value: 2381
Key : Analysis.Memory.CommitPeak.Mb
Value: 90
Key : Bugcheck.Code.LegacyAPI
Value: 0xf7
Key : Failure.Bucket
Value: 0xF7_MISSING_GSFRAME_nvlddmkm!unknown_function
Key : Failure.Hash
Value: {2ffeac14-357b-96a5-98b2-2e606f12e8c0}
Key : WER.OS.Branch
Value: vb_release
Key : WER.OS.Version
Value: 10.0.19041.1
BUGCHECK_CODE: f7
BUGCHECK_P1: 78340274131
BUGCHECK_P2: 783731b6849
BUGCHECK_P3: fffff87c8ce497b6
BUGCHECK_P4: 0
FILE_IN_CAB: 081723-165250-01.dmp
SECURITY_COOKIE: Expected 00000783731b6849 found 0000078340274131
BLACKBOXBSD: 1 (!blackboxbsd)
BLACKBOXNTFS: 1 (!blackboxntfs)
BLACKBOXPNP: 1 (!blackboxpnp)
BLACKBOXWINLOGON: 1
CUSTOMER_CRASH_COUNT: 1
PROCESS_NAME: System
STACK_TEXT:
fffff802`402746e8 fffff802`6bbe26b7 : 00000000`000000f7 00000783`40274131 00000783`731b6849 fffff87c`8ce497b6 : nt!KeBugCheckEx
fffff802`402746f0 00000000`000000f7 : 00000783`40274131 00000783`731b6849 fffff87c`8ce497b6 00000000`00000000 : nvlddmkm+0x926b7
fffff802`402746f8 00000783`40274131 : 00000783`731b6849 fffff87c`8ce497b6 00000000`00000000 ffffa685`132ff5e0 : 0xf7
fffff802`40274700 00000783`731b6849 : fffff87c`8ce497b6 00000000`00000000 ffffa685`132ff5e0 ffffa685`19840108 : 0x00000783`40274131
fffff802`40274708 fffff87c`8ce497b6 : 00000000`00000000 ffffa685`132ff5e0 ffffa685`19840108 fffff802`6bdbe412 : 0x00000783`731b6849
fffff802`40274710 00000000`00000000 : ffffa685`132ff5e0 ffffa685`19840108 fffff802`6bdbe412 00000000`00000002 : 0xfffff87c`8ce497b6
SYMBOL_NAME: nvlddmkm+926b7
MODULE_NAME: nvlddmkm
IMAGE_NAME: nvlddmkm.sys
STACK_COMMAND: .cxr; .ecxr ; kb
BUCKET_ID_FUNC_OFFSET: 926b7
FAILURE_BUCKET_ID: 0xF7_MISSING_GSFRAME_nvlddmkm!unknown_function
OS_VERSION: 10.0.19041.1
BUILDLAB_STR: vb_release
OSPLATFORM_TYPE: x64
OSNAME: Windows 10
FAILURE_ID_HASH: {2ffeac14-357b-96a5-98b2-2e606f12e8c0}
Followup: MachineOwner
---------
