d4vids
Nowy
Liczba postów: 9
|
RE: Windows 7 64bit bluescreen
Kod:
Microsoft (R) Windows Debugger Version 6.11.0001.404 X86
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C: \Windows\Minidump\111211-40997-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
WARNING: Whitespace at end of path element
Symbol search path is: SRV*c: \symbols*http: //msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Kernel Version 7600 MP (4 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Built by: 7600.16841.amd64fre.win7_gdr.110622-1503
Machine Name:
Kernel base = 0xfffff800`03401000 PsLoadedModuleList = 0xfffff800`0363ee70
Debug session time: Sat Nov 12 16: 04: 55.439 2011 (GMT+1)
System Uptime: 0 days 7: 45: 04.938
Loading Kernel Symbols
...............................................................
................................................................
....................................
Loading User Symbols
Loading unloaded module list
....
Unable to load image \SystemRoot\system32\DRIVERS\nvlddmkm.sys, Win32 error 0n2
*** WARNING: Unable to verify timestamp for nvlddmkm.sys
*** ERROR: Module load completed but symbols could not be loaded for nvlddmkm.sys
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck F7, {77ffcce484f, 2b992ddfa232, ffffd466d2205dcd, 0}
Probably caused by : nvlddmkm.sys ( nvlddmkm+1c9e46 )
Followup: MachineOwner
---------
1: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
DRIVER_OVERRAN_STACK_BUFFER (f7)
A driver has overrun a stack-based buffer. This overrun could potentially
allow a malicious user to gain control of this machine.
DESCRIPTION
A driver overran a stack-based buffer (or local variable) in a way that would
have overwritten the function's return address and jumped back to an arbitrary
address when the function returned. This is the classic "buffer overrun"
hacking attack and the system has been brought down to prevent a malicious user
from gaining complete control of it.
Do a kb to get a stack backtrace -- the last routine on the stack before the
buffer overrun handlers and bugcheck call is the one that overran its local
variable(s).
Arguments:
Arg1: 0000077ffcce484f, Actual security check cookie from the stack
Arg2: 00002b992ddfa232, Expected security check cookie
Arg3: ffffd466d2205dcd, Complement of the expected security check cookie
Arg4: 0000000000000000, zero
Debugging Details:
------------------
DEFAULT_BUCKET_ID: GS_FALSE_POSITIVE_MISSING_GSFRAME
SECURITY_COOKIE: Expected 00002b992ddfa232 found 0000077ffcce484f
CUSTOMER_CRASH_COUNT: 1
BUGCHECK_STR: 0xF7
PROCESS_NAME: System
CURRENT_IRQL: 2
LAST_CONTROL_TRANSFER: from fffff8801041be46 to fffff800034715c0
STACK_TEXT:
fffff880`0331b768 fffff880`1041be46 : 00000000`000000f7 0000077f`fcce484f 00002b99`2ddfa232 ffffd466`d2205dcd : nt!KeBugCheckEx
fffff880`0331b770 00000000`000000f7 : 0000077f`fcce484f 00002b99`2ddfa232 ffffd466`d2205dcd 00000000`00000000 : nvlddmkm+0x1c9e46
fffff880`0331b778 0000077f`fcce484f : 00002b99`2ddfa232 ffffd466`d2205dcd 00000000`00000000 fffffa80`0423f000 : 0xf7
fffff880`0331b780 00002b99`2ddfa232 : ffffd466`d2205dcd 00000000`00000000 fffffa80`0423f000 00000000`00000030 : 0x77f`fcce484f
fffff880`0331b788 ffffd466`d2205dcd : 00000000`00000000 fffffa80`0423f000 00000000`00000030 fffff880`105ae91a : 0x2b99`2ddfa232
fffff880`0331b790 00000000`00000000 : fffffa80`0423f000 00000000`00000030 fffff880`105ae91a fffffa80`13854640 : 0xffffd466`d2205dcd
STACK_COMMAND: kb
FOLLOWUP_IP:
nvlddmkm+1c9e46
fffff880`1041be46 ? ?
SYMBOL_STACK_INDEX: 1
SYMBOL_NAME: nvlddmkm+1c9e46
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nvlddmkm
IMAGE_NAME: nvlddmkm.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 4e99233b
FAILURE_BUCKET_ID: X64_0xF7_MISSING_GSFRAME_nvlddmkm+1c9e46
BUCKET_ID: X64_0xF7_MISSING_GSFRAME_nvlddmkm+1c9e46
Followup: MachineOwner
---------
![[Obrazek: 1474010608.png]](http://www.speedtest.net/result/1474010608.png)
|
Post: #3
