Microsoft (R) Windows Debugger Version 10.0.20153.1000 AMD64.
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\Users\Kaan\Desktop\092020-12859-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available.
Symbol search path is: srv*
Executable search path is:
Windows 10 Kernel Version 18362 MP (4 procs) Free x64.
Product: WinNt, suite: TerminalServer SingleUserTS.
Edition build lab: 18362.1.amd64fre.19h1_release.190318-1202.
Machine Name:
Kernel base = 0xfffff804`5e000000 PsLoadedModuleList = 0xfffff804`5e4460f0.
Debug session time: Sun Sep 20 17:12:00.167 2020 (UTC + 4:00)
System Uptime: 0 days 0:14:42.879.
Loading Kernel Symbols.
...............................................................
................................................................
............................................
Loading User Symbols.
Loading unloaded module list.
......
For analysis of this file, run !analyze -v.
*** WARNING: Unable to verify timestamp for athuw8x.sys.
nt!KeBugCheckEx:
fffff804`5e1c2990 48894c2408 mov qword ptr [rsp+8],rcx ss:ffffe48f`464070f0=00000000000000f7.
3: kd> !analyze -v.
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
DRIVER_OVERRAN_STACK_BUFFER (f7)
A driver has overrun a stack-based buffer. This overrun could potentially.
allow a malicious user to gain control of this machine.
DESCRIPTION.
A driver overran a stack-based buffer (or local variable) in a way that would.
have overwritten the function's return address and jumped back to an arbitrary.
address when the function returned. This is the classic "buffer overrun"
hacking attack and the system has been brought down to prevent a malicious user.
from gaining complete control of it.
Do a kb to get a stack backtrace -- the last routine on the stack before the.
buffer overrun handlers and bugcheck call is the one that overran its local.
variable(s).
Arguments:
Arg1: fffbe48f62e27130, Actual security check cookie from the stack.
Arg2: 0000e5e8396edb53, Expected security check cookie.
Arg3: ffff1a17c69124ac, Complement of the expected security check cookie.
Arg4: 0000000000000000, zero.
Debugging Details:
------------------
*** WARNING: Unable to verify timestamp for win32k.sys.
KEY_VALUES_STRING: 1.
Key : Analysis.CPU.mSec.
Value: 4015.
Key : Analysis.DebugAnalysisProvider.CPP.
Value: Create: 8007007e on DESKTOP-OHH9VN5.
Key : Analysis.DebugData.
Value: CreateObject.
Key : Analysis.DebugModel.
Value: CreateObject.
Key : Analysis.Elapsed.mSec.
Value: 193358.
Key : Analysis.Memory.CommitPeak.Mb.
Value: 76.
Key : Analysis.System.
Value: CreateObject.
Key : WER.OS.Branch.
Value: 19h1_release.
Key : WER.OS.Timestamp.
Value: 2019-03-18T12:02:00Z.
Key : WER.OS.Version.
Value: 10.0.18362.1.
ADDITIONAL_XML: 1.
OS_BUILD_LAYERS: 1.
BUGCHECK_CODE: f7.
BUGCHECK_P1: fffbe48f62e27130.
BUGCHECK_P2: e5e8396edb53.
BUGCHECK_P3: ffff1a17c69124ac.
BUGCHECK_P4: 0.
SECURITY_COOKIE: Expected 0000e5e8396edb53 found fffbe48f62e27130.
CUSTOMER_CRASH_COUNT: 1.
PROCESS_NAME: System.
STACK_TEXT:
ffffe48f`464070e8 fffff804`7701bd5e : 00000000`000000f7 fffbe48f`62e27130 0000e5e8`396edb53 ffff1a17`c69124ac : nt!KeBugCheckEx.
ffffe48f`464070f0 00000000`000000f7 : fffbe48f`62e27130 0000e5e8`396edb53 ffff1a17`c69124ac 00000000`00000000 : athuw8x+0x22bd5e.
ffffe48f`464070f8 fffbe48f`62e27130 : 0000e5e8`396edb53 ffff1a17`c69124ac 00000000`00000000 ffffffff`fd050f80 : 0xf7.
ffffe48f`46407100 0000e5e8`396edb53 : ffff1a17`c69124ac 00000000`00000000 ffffffff`fd050f80 ffff000c`5a350001 : 0xfffbe48f`62e27130.
ffffe48f`46407108 ffff1a17`c69124ac : 00000000`00000000 ffffffff`fd050f80 ffff000c`5a350001 fffff804`76df5be4 : 0x0000e5e8`396edb53.
ffffe48f`46407110 00000000`00000000 : ffffffff`fd050f80 ffff000c`5a350001 fffff804`76df5be4 ffffc309`5aa3a030 : 0xffff1a17`c69124ac.
SYMBOL_NAME: athuw8x+22bd5e.
MODULE_NAME: athuw8x.
IMAGE_NAME: athuw8x.sys.
STACK_COMMAND: .thread ; .cxr ; kb.
BUCKET_ID_FUNC_OFFSET: 22bd5e.
FAILURE_BUCKET_ID: 0xF7_MISSING_GSFRAME_athuw8x!unknown_function.
OS_VERSION: 10.0.18362.1.
BUILDLAB_STR: 19h1_release.
OSPLATFORM_TYPE: x64.
OSNAME: Windows 10.
FAILURE_ID_HASH: {082f214b-17e3-e092-6bfa-64645b23946a}
Followup: MachineOwner.
---------