Microsoft (R) Windows Debugger Version 6.11.0001.404 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\Windows\Minidump\031410-20046-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: SRV*c:\symbols*
کد:
برای مشاهده محتوا ، لطفا وارد شوید یا ثبت نام کنید
Executable search path is:
Windows 7 Kernel Version 7600 MP (2 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7600.16385.amd64fre.win7_rtm.090713-1255
Machine Name:
Kernel base = 0xfffff800`03205000 PsLoadedModuleList = 0xfffff800`03442e50
Debug session time: Sun Mar 14 14
20.327 2010 (GMT+5)
System Uptime: 0 days 1
14.137
Loading Kernel Symbols
.................................................. .............
.................................................. ..............
.............................................
Loading User Symbols
Loading unloaded module list
........
Unable to load image \SystemRoot\system32\DRIVERS\nvlddmkm.sys, Win32 error 0n2
*** WARNING: Unable to verify timestamp for nvlddmkm.sys
*** ERROR: Module load completed but symbols could not be loaded for nvlddmkm.sys
************************************************** *****************************
* *
* Bugcheck Analysis *
* *
************************************************** *****************************
Use !analyze -v to get detailed debugging information.
BugCheck F7, {fff4f8a102f1b8d1, 2b992ddfa232, ffffd466d2205dcd, 0}
Probably caused by : nvlddmkm.sys ( nvlddmkm+120cc6 )
Followup: MachineOwner
---------
1: kd> !analyze -v
************************************************** *****************************
* *
* Bugcheck Analysis *
* *
************************************************** *****************************
DRIVER_OVERRAN_STACK_BUFFER (f7)
A driver has overrun a stack-based buffer. This overrun could potentially
allow a malicious user to gain control of this machine.
DESCRIPTION
A driver overran a stack-based buffer (or local variable) in a way that would
have overwritten the function's return address and jumped back to an arbitrary
address when the function returned. This is the classic "buffer overrun"
hacking attack and the system has been brought down to prevent a malicious user
from gaining complete control of it.
Do a kb to get a stack backtrace -- the last routine on the stack before the
buffer overrun handlers and bugcheck call is the one that overran its local
variable(s).
Arguments:
Arg1: fff4f8a102f1b8d1, Actual security check cookie from the stack
Arg2: 00002b992ddfa232, Expected security check cookie
Arg3: ffffd466d2205dcd, Complement of the expected security check cookie
Arg4: 0000000000000000, zero
Debugging Details:
------------------
DEFAULT_BUCKET_ID: GS_FALSE_POSITIVE_MISSING_GSFRAME
SECURITY_COOKIE: Expected 00002b992ddfa232 found fff4f8a102f1b8d1
CUSTOMER_CRASH_COUNT: 1
BUGCHECK_STR: 0xF7
PROCESS_NAME: System
CURRENT_IRQL: 2
LAST_CONTROL_TRANSFER: from fffff88004931cc6 to fffff80003276f00
STACK_TEXT:
fffff880`02f1b888 fffff880`04931cc6 : 00000000`000000f7 fff4f8a1`02f1b8d1 00002b99`2ddfa232 ffffd466`d2205dcd : nt!KeBugCheckEx
fffff880`02f1b890 00000000`000000f7 : fff4f8a1`02f1b8d1 00002b99`2ddfa232 ffffd466`d2205dcd 00000000`00000000 : nvlddmkm+0x120cc6
fffff880`02f1b898 fff4f8a1`02f1b8d1 : 00002b99`2ddfa232 ffffd466`d2205dcd 00000000`00000000 00000000`00000000 : 0xf7
fffff880`02f1b8a0 00002b99`2ddfa232 : ffffd466`d2205dcd 00000000`00000000 00000000`00000000 fffffa80`06fb4b50 : 0xfff4f8a1`02f1b8d1
fffff880`02f1b8a8 ffffd466`d2205dcd : 00000000`00000000 00000000`00000000 fffffa80`06fb4b50 fffff880`04a6b0bf : 0x2b99`2ddfa232
fffff880`02f1b8b0 00000000`00000000 : 00000000`00000000 fffffa80`06fb4b50 fffff880`04a6b0bf fffffa80`04e8e040 : 0xffffd466`d2205dcd
STACK_COMMAND: kb
FOLLOWUP_IP:
nvlddmkm+120cc6
fffff880`04931cc6 ?? ???
SYMBOL_STACK_INDEX: 1
SYMBOL_NAME: nvlddmkm+120cc6
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nvlddmkm
IMAGE_NAME: nvlddmkm.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 4a6e492b
FAILURE_BUCKET_ID: X64_0xF7_MISSING_GSFRAME_nvlddmkm+120cc6
BUCKET_ID: X64_0xF7_MISSING_GSFRAME_nvlddmkm+120cc6
Followup: MachineOwner
---------
1: kd> lmvm nvlddmkm
start end module name
fffff880`04811000 fffff880`05316700 nvlddmkm T (no symbols)
Loaded symbol image file: nvlddmkm.sys
Image path: \SystemRoot\system32\DRIVERS\nvlddmkm.sys
Image name: nvlddmkm.sys
Timestamp: Tue Jul 28 05
15 2009 (4A6E492B)
CheckSum: 00B12301
ImageSize: 00B05700
Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4