Microsoft (R) Windows Debugger Version 6.3.9600.17298 X86
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\Windows\MEMORY.DMP]
Kernel Bitmap Dump File: Only kernel address space is available
************* Symbol Path validation summary **************
Response Time (ms) Location
Deferred SRV*C:\Windows\symbol_cache*http://msdl.microsoft.com/download/symbols
Symbol search path is: SRV*C:\Windows\symbol_cache*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 8 Kernel Version 9600 MP (16 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Built by: 9600.17238.amd64fre.winblue_gdr.140723-2018
Machine Name:
Kernel base = 0xfffff801`23a1b000 PsLoadedModuleList = 0xfffff801`23ce5350
Debug session time: Mon Nov 17 17:38:04.407 2014 (UTC - 8:00)
System Uptime: 0 days 8:21:51.142
Loading Kernel Symbols
...............................................................
................................................................
....Page 1303cc not present in the dump file. Type ".hh dbgerr004" for details
...............................
Loading User Symbols
PEB is paged out (Peb.Ldr = 00007ff5`ffff4018). Type ".hh dbgerr001" for details
Loading unloaded module list
..........
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck F7, {230, 56080e849309, ffffa9f7f17b6cf6, 0}
Probably caused by : ntkrnlmp.exe ( nt!_report_gsfailure+25 )
Followup: MachineOwner
---------
11: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
DRIVER_OVERRAN_STACK_BUFFER (f7)
A driver has overrun a stack-based buffer. This overrun could potentially
allow a malicious user to gain control of this machine.
DESCRIPTION
A driver overran a stack-based buffer (or local variable) in a way that would
have overwritten the function's return address and jumped back to an arbitrary
address when the function returned. This is the classic "buffer overrun"
hacking attack and the system has been brought down to prevent a malicious user
from gaining complete control of it.
Do a kb to get a stack backtrace -- the last routine on the stack before the
buffer overrun handlers and bugcheck call is the one that overran its local
variable(s).
Arguments:
Arg1: 0000000000000230, Actual security check cookie from the stack
Arg2: 000056080e849309, Expected security check cookie
Arg3: ffffa9f7f17b6cf6, Complement of the expected security check cookie
Arg4: 0000000000000000, zero
Debugging Details:
------------------
DEFAULT_BUCKET_ID: GS_FALSE_POSITIVE_MISSING_GSFRAME
SECURITY_COOKIE: Expected 000056080e849309 found 0000000000000230
BUGCHECK_STR: 0xF7
PROCESS_NAME: linpack_xeon64
CURRENT_IRQL: d
ANALYSIS_VERSION: 6.3.9600.17298 (debuggers(dbg).141024-1500) x86fre
LAST_CONTROL_TRANSFER: from fffff80123bda671 to fffff80123b6eca0
STACK_TEXT:
ffffd001`d8de2ce8 fffff801`23bda671 : 00000000`000000f7 00000000`00000230 00005608`0e849309 ffffa9f7`f17b6cf6 : nt!KeBugCheckEx
ffffd001`d8de2cf0 fffff801`23a7d18f : ffff8609`d65abe09 00000000`00000000 ffffe000`51602fb0 ffffd001`d8da4180 : nt!_report_gsfailure+0x25
ffffd001`d8de2d30 fffff801`241ac7b5 : 00000000`00000005 fffff801`23b08ae6 00000000`0046fd00 00000000`0046fa80 : nt!KeClockInterruptNotify+0x10f
ffffd001`d8de2f40 fffff801`23af40e3 : ffffd001`dc6bab80 fffff801`23b212cf ffff8609`d65abc59 00000000`00000000 : hal!HalpTimerClockIpiRoutine+0x15
ffffd001`d8de2f70 fffff801`23b7012a : ffffe000`51602f00 00000000`00000004 00000000`00000007 00000000`00000007 : nt!KiCallInterruptServiceRoutine+0xa3
ffffd001`d8de2fb0 fffff801`23b7050f : ffffe000`58c4a080 ffffe000`58748240 00000000`00000000 ffffe000`58748240 : nt!KiInterruptSubDispatchNoLockNoEtw+0xea
ffffd001`dc69cb00 00000001`4028cd42 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiInterruptDispatchLBControl+0x11f
00000000`0a16fa78 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x00000001`4028cd42
STACK_COMMAND: kb
FOLLOWUP_IP:
nt!_report_gsfailure+25
fffff801`23bda671 cc int 3
SYMBOL_STACK_INDEX: 1
SYMBOL_NAME: nt!_report_gsfailure+25
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
IMAGE_NAME: ntkrnlmp.exe
DEBUG_FLR_IMAGE_TIMESTAMP: 53d0b7c3
BUCKET_ID_FUNC_OFFSET: 25
FAILURE_BUCKET_ID: 0xF7_MISSING_GSFRAME_nt!_report_gsfailure
BUCKET_ID: 0xF7_MISSING_GSFRAME_nt!_report_gsfailure
ANALYSIS_SOURCE: KM
FAILURE_ID_HASH_STRING: km:0xf7_missing_gsframe_nt!_report_gsfailure
FAILURE_ID_HASH: {82d2c1b5-b0cb-60a5-9a5d-78c8c4284f84}
Followup: MachineOwner
---------
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\Windows\MEMORY.DMP]
Kernel Bitmap Dump File: Only kernel address space is available
************* Symbol Path validation summary **************
Response Time (ms) Location
Deferred SRV*C:\Windows\symbol_cache*http://msdl.microsoft.com/download/symbols
Symbol search path is: SRV*C:\Windows\symbol_cache*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 8 Kernel Version 9600 MP (16 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Built by: 9600.17238.amd64fre.winblue_gdr.140723-2018
Machine Name:
Kernel base = 0xfffff801`23a1b000 PsLoadedModuleList = 0xfffff801`23ce5350
Debug session time: Mon Nov 17 17:38:04.407 2014 (UTC - 8:00)
System Uptime: 0 days 8:21:51.142
Loading Kernel Symbols
...............................................................
................................................................
....Page 1303cc not present in the dump file. Type ".hh dbgerr004" for details
...............................
Loading User Symbols
PEB is paged out (Peb.Ldr = 00007ff5`ffff4018). Type ".hh dbgerr001" for details
Loading unloaded module list
..........
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck F7, {230, 56080e849309, ffffa9f7f17b6cf6, 0}
Probably caused by : ntkrnlmp.exe ( nt!_report_gsfailure+25 )
Followup: MachineOwner
---------
11: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
DRIVER_OVERRAN_STACK_BUFFER (f7)
A driver has overrun a stack-based buffer. This overrun could potentially
allow a malicious user to gain control of this machine.
DESCRIPTION
A driver overran a stack-based buffer (or local variable) in a way that would
have overwritten the function's return address and jumped back to an arbitrary
address when the function returned. This is the classic "buffer overrun"
hacking attack and the system has been brought down to prevent a malicious user
from gaining complete control of it.
Do a kb to get a stack backtrace -- the last routine on the stack before the
buffer overrun handlers and bugcheck call is the one that overran its local
variable(s).
Arguments:
Arg1: 0000000000000230, Actual security check cookie from the stack
Arg2: 000056080e849309, Expected security check cookie
Arg3: ffffa9f7f17b6cf6, Complement of the expected security check cookie
Arg4: 0000000000000000, zero
Debugging Details:
------------------
DEFAULT_BUCKET_ID: GS_FALSE_POSITIVE_MISSING_GSFRAME
SECURITY_COOKIE: Expected 000056080e849309 found 0000000000000230
BUGCHECK_STR: 0xF7
PROCESS_NAME: linpack_xeon64
CURRENT_IRQL: d
ANALYSIS_VERSION: 6.3.9600.17298 (debuggers(dbg).141024-1500) x86fre
LAST_CONTROL_TRANSFER: from fffff80123bda671 to fffff80123b6eca0
STACK_TEXT:
ffffd001`d8de2ce8 fffff801`23bda671 : 00000000`000000f7 00000000`00000230 00005608`0e849309 ffffa9f7`f17b6cf6 : nt!KeBugCheckEx
ffffd001`d8de2cf0 fffff801`23a7d18f : ffff8609`d65abe09 00000000`00000000 ffffe000`51602fb0 ffffd001`d8da4180 : nt!_report_gsfailure+0x25
ffffd001`d8de2d30 fffff801`241ac7b5 : 00000000`00000005 fffff801`23b08ae6 00000000`0046fd00 00000000`0046fa80 : nt!KeClockInterruptNotify+0x10f
ffffd001`d8de2f40 fffff801`23af40e3 : ffffd001`dc6bab80 fffff801`23b212cf ffff8609`d65abc59 00000000`00000000 : hal!HalpTimerClockIpiRoutine+0x15
ffffd001`d8de2f70 fffff801`23b7012a : ffffe000`51602f00 00000000`00000004 00000000`00000007 00000000`00000007 : nt!KiCallInterruptServiceRoutine+0xa3
ffffd001`d8de2fb0 fffff801`23b7050f : ffffe000`58c4a080 ffffe000`58748240 00000000`00000000 ffffe000`58748240 : nt!KiInterruptSubDispatchNoLockNoEtw+0xea
ffffd001`dc69cb00 00000001`4028cd42 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiInterruptDispatchLBControl+0x11f
00000000`0a16fa78 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x00000001`4028cd42
STACK_COMMAND: kb
FOLLOWUP_IP:
nt!_report_gsfailure+25
fffff801`23bda671 cc int 3
SYMBOL_STACK_INDEX: 1
SYMBOL_NAME: nt!_report_gsfailure+25
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
IMAGE_NAME: ntkrnlmp.exe
DEBUG_FLR_IMAGE_TIMESTAMP: 53d0b7c3
BUCKET_ID_FUNC_OFFSET: 25
FAILURE_BUCKET_ID: 0xF7_MISSING_GSFRAME_nt!_report_gsfailure
BUCKET_ID: 0xF7_MISSING_GSFRAME_nt!_report_gsfailure
ANALYSIS_SOURCE: KM
FAILURE_ID_HASH_STRING: km:0xf7_missing_gsframe_nt!_report_gsfailure
FAILURE_ID_HASH: {82d2c1b5-b0cb-60a5-9a5d-78c8c4284f84}
Followup: MachineOwner
---------
My Computer
System One
-
- OS
- 8.1
