1: kd> !analyze -v ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* DRIVER_OVERRAN_STACK_BUFFER (f7) A driver has overrun a stack-based buffer. This overrun could potentially allow a malicious user to gain control of this machine. DESCRIPTION A driver overran a stack-based buffer (or local variable) in a way that would have overwritten the function's return address and jumped back to an arbitrary address when the function returned. This is the classic "buffer overrun" hacking attack and the system has been brought down to prevent a malicious user from gaining complete control of it. Do a kb to get a stack backtrace -- the last routine on the stack before the buffer overrun handlers and BugCheck call is the one that overran its local variable(s). Arguments: Arg1: 00003f8b69368131, Actual security check cookie from the stack Arg2: 00003f8b69fd8131, Expected security check cookie Arg3: ffffc07496027ece, Complement of the expected security check cookie Arg4: 0000000000000000, zero Debugging Details: ------------------ KEY_VALUES_STRING: 1 Key : Analysis.CPU.mSec Value: 2983 Key : Analysis.DebugAnalysisManager Value: Create Key : Analysis.Elapsed.mSec Value: 72733 Key : Analysis.Init.CPU.mSec Value: 1031 Key : Analysis.Init.Elapsed.mSec Value: 128663 Key : Analysis.Memory.CommitPeak.Mb Value: 95 Key : Bugcheck.Code.DumpHeader Value: 0xf7 Key : Bugcheck.Code.Register Value: 0xf7 Key : Dump.Attributes.AsUlong Value: 8 Key : Dump.Attributes.KernelGeneratedTriageDump Value: 1 FILE_IN_CAB: 091322-9203-01.dmp DUMP_FILE_ATTRIBUTES: 0x8 Kernel Generated Triage Dump BUGCHECK_CODE: f7 BUGCHECK_P1: 3f8b69368131 BUGCHECK_P2: 3f8b69fd8131 BUGCHECK_P3: ffffc07496027ece BUGCHECK_P4: 0 SECURITY_COOKIE: Expected 00003f8b69fd8131 found 00003f8b69368131 CUSTOMER_CRASH_COUNT: 1 PROCESS_NAME: wemeetapp.exe STACK_TEXT: fffffb0f`8a526a28 fffff804`618b14b5 : 00000000`000000f7 00003f8b`69368131 00003f8b`69fd8131 ffffc074`96027ece : nt!KeBugCheckEx fffffb0f`8a526a30 fffff804`61a5630a : fffffb0f`8a526d20 00000000`00000001 ffffd88f`4523be70 00000000`00000000 : nt!_report_gsfailure 0x25 fffffb0f`8a526a70 ffff8656`53a37af1 : fffffb0f`8a527798 fffff804`61a247d1 ffff8628`466e3630 00000000`00000000 : nt!ObWaitForMultipleObjects 0x35a fffffb0f`8a526f70 ffff8656`5392ecbe : 00000000`00000000 ffff8628`466e3630 00000000`00000d4c 00000000`00001cff : win32kfull!xxxMsgWaitForMultipleObjectsEx 0xd9 fffffb0f`8a527020 ffff8656`53fb6fd0 : fffffb0f`8a5279a8 00000000`00000000 00000000`00000d4c ffffe931`00001cff : win32kfull!NtUserMsgWaitForMultipleObjectsEx 0x3fe fffffb0f`8a527950 fffff804`6180a2b5 : 00000000`1b7ff5a0 00000000`00000200 00000000`00000040 00000000`000000b6 : win32k!NtUserMsgWaitForMultipleObjectsEx 0x20 fffffb0f`8a527990 00007ff8`d1a89014 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd 0x25 00000000`1b6fe7c8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x00007ff8`d1a89014 SYMBOL_NAME: win32kfull!xxxMsgWaitForMultipleObjectsEx d9 MODULE_NAME: win32kfull IMAGE_NAME: win32kfull.sys IMAGE_VERSION: 10.0.19041.1193 STACK_COMMAND: .cxr; .ecxr ; kb BUCKET_ID_FUNC_OFFSET: d9 FAILURE_BUCKET_ID: 0xF7_MISSING_GSFRAME_win32kfull!xxxMsgWaitForMultipleObjectsEx OSPLATFORM_TYPE: x64 OSNAME: Windows 10 FAILURE_ID_HASH: {2d350b1c-e36e-1d2b-7525-4530d157c1cb} Followup: MachineOwner --------- ***moved from Microsoft Teams / Unknown/other / Other***
您好,根据您提供的dmp文件,导致蓝屏的原因是:vwifimp.sys无线网卡驱动您可以打开设备管理器,点开网络适配器,找到相应的驱动,右击选择“卸载设备”,如果问是否删除设备,不要勾选,直接点卸载,然后重启电脑,系统会自动安装驱动。然后观察看看是否依旧蓝屏。
,您好!感谢您联系本站支持平台!了解到您目前遇到蓝屏的问题,需要您提供您的dmp文件来分析您系统故障的原因,已经通过私信的方式联系您获取dmp文件,您可以点击此本站论坛右上角的账户头像,然后点击下图红框位置的“.”,然后选择“查看私人消息”
您好,根据您提供的dmp文件,导致蓝屏的原因是:vwifimp.sys无线网卡驱动您可以打开设备管理器,点开网络适配器,找到相应的驱动,右击选择“卸载设备”,如果问是否删除设备,不要勾选,直接点卸载,然后重启电脑,系统会自动安装驱动。然后观察看看是否依旧蓝屏。
