none
Frequenti schermate BLU RRS feed

  • Domanda

  • Buongiorno

    purtroppo mi vengono errori con schermata blu frequenti , l'ultimo ha come arrore 

    DRIVER_OVERRAN_STACK_BUFFER (f7) Ho fatto leggere il minidump a WinDbg e il risultato è questo :

    Microsoft (R) Windows Debugger Version 10.0.18972.1001 AMD64 Copyright (c) Microsoft Corporation. All rights reserved. Loading Dump File [C:\Windows\Minidump\091719-8468-01.dmp] Mini Kernel Dump File: Only registers and stack trace are available ************* Path validation summary ************** Response Time (ms) Location Deferred srv* Symbol search path is: srv* Executable search path is: Windows 10 Kernel Version 18362 MP (16 procs) Free x64 Product: WinNt, suite: TerminalServer SingleUserTS Built by: 18362.1.amd64fre.19h1_release.190318-1202 Machine Name: Kernel base = 0xfffff800`6e600000 PsLoadedModuleList = 0xfffff800`6ea475b0 Debug session time: Tue Sep 17 08:28:57.922 2019 (UTC + 2:00) System Uptime: 0 days 18:21:30.611 Loading Kernel Symbols . Press ctrl-c (cdb, kd, ntsd) or ctrl-break (windbg) to abort symbol loads that take too long. Run !sym noisy before .reload to track down problems loading symbols. .............................................................. ................................................................ ............................................................... Loading User Symbols Loading unloaded module list ................ For analysis of this file, run !analyze -v nt!KeBugCheckEx: fffff800`6e7c10a0 48894c2408 mov qword ptr [rsp+8],rcx ss:0018:fffff68e`1f4377a0=00000000000000f7 2: kd> !analyze -v ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* DRIVER_OVERRAN_STACK_BUFFER (f7) A driver has overrun a stack-based buffer. This overrun could potentially allow a malicious user to gain control of this machine. DESCRIPTION A driver overran a stack-based buffer (or local variable) in a way that would have overwritten the function's return address and jumped back to an arbitrary address when the function returned. This is the classic "buffer overrun" hacking attack and the system has been brought down to prevent a malicious user from gaining complete control of it. Do a kb to get a stack backtrace -- the last routine on the stack before the buffer overrun handlers and bugcheck call is the one that overran its local variable(s). Arguments: Arg1: 00007c68fb99bc06, Actual security check cookie from the stack Arg2: 00007c68fb39bc06, Expected security check cookie Arg3: ffff8397043643f9, Complement of the expected security check cookie Arg4: 0000000000000000, zero Debugging Details: ------------------ KEY_VALUES_STRING: 1 Key : Analysis.CPU.Sec Value: 2 Key : Analysis.DebugAnalysisProvider.CPP Value: Create: 8007007e on PCMANUELE Key : Analysis.DebugData Value: CreateObject Key : Analysis.DebugModel Value: CreateObject Key : Analysis.Elapsed.Sec Value: 32 Key : Analysis.Memory.CommitPeak.Mb Value: 69 Key : Analysis.System Value: CreateObject BUGCHECK_CODE: f7 BUGCHECK_P1: 7c68fb99bc06 BUGCHECK_P2: 7c68fb39bc06 BUGCHECK_P3: ffff8397043643f9 BUGCHECK_P4: 0 SECURITY_COOKIE: Expected 00007c68fb39bc06 found 00007c68fb99bc06 BLACKBOXBSD: 1 (!blackboxbsd) BLACKBOXNTFS: 1 (!blackboxntfs) BLACKBOXPNP: 1 (!blackboxpnp) BLACKBOXWINLOGON: 1 CUSTOMER_CRASH_COUNT: 1 PROCESS_NAME: System STACK_TEXT: fffff68e`1f437798 fffff800`6e87c1f5 : 00000000`000000f7 00007c68`fb99bc06 00007c68`fb39bc06 ffff8397`043643f9 : nt!KeBugCheckEx fffff68e`1f4377a0 fffff800`6e622186 : 00005475`899f6f64 00005475`899f6f64 ffff930f`dd91e010 00000000`00000000 : nt!_report_gsfailure+0x25 fffff68e`1f4377e0 fffff800`6e62158e : 00000000`00000003 00000000`00000002 ffff930f`dd91e100 00000000`00000008 : nt!PpmIdleExecuteTransition+0xa56 fffff68e`1f437b00 fffff800`6e7c4ba8 : ffffffff`00000000 ffffbb01`54340180 ffff930f`e9fd7080 00000000`00001586 : nt!PoIdle+0x36e fffff68e`1f437c60 00000000`00000000 : fffff68e`1f438000 fffff68e`1f432000 00000000`00000000 00000000`00000000 : nt!KiIdleLoop+0x48 SYMBOL_NAME: nt!_report_gsfailure+25 MODULE_NAME: nt IMAGE_NAME: ntkrnlmp.exe IMAGE_VERSION: 10.0.18362.356 STACK_COMMAND: .thread ; .cxr ; kb BUCKET_ID_FUNC_OFFSET: 25 FAILURE_BUCKET_ID: 0xF7_TWO_BIT_MISSING_GSFRAME_nt!_report_gsfailure OS_VERSION: 10.0.18362.1 BUILDLAB_STR: 19h1_release OSPLATFORM_TYPE: x64 OSNAME: Windows 10 FAILURE_ID_HASH: {f51a552f-12ee-f12d-33e2-004ce080333a} Followup: MachineOwner ---------

    Io non ci capisco niente , se qualcuno puo darmi qualche indicazione , anche di altri forum se qui è off-topic.

    Grazie mille

    Fabrizio

    martedì 17 settembre 2019 11:44

Tutte le risposte

  • Ciao,

    Il problema è dovuto ad un DRIVER_OVERRAN_STACK_BUFFER

    A driver has overrun a stack-based buffer. This overrun could potentially allow a malicious user to gain control of this machine.

    Ti suggerisco, se possibile, di aggiornare il driver del dispositivo che lo ha generato, prova ad usare BlueScreenView per identificare il driver in questione.


    Massimo Giambona MCT

    venerdì 20 settembre 2019 09:01