Microsoft (R) Windows Debugger Version 10.0.25136.1001 AMD64 Copyright (c) Microsoft Corporation. All rights reserved. Loading Dump File [C:\Users\junjie\Desktop\071822-7515-01.dmp] Mini Kernel Dump File: Only registers and stack trace are available ************* Path validation summary ************** Response Time (ms) Location Deferred srv* Symbol search path is: srv* Executable search path is: Windows 10 Kernel Version 19041 MP (16 procs) Free x64 Product: WinNt, suite: TerminalServer SingleUserTS Machine Name: Kernel base = 0xfffff801`41a00000 PsLoadedModuleList = 0xfffff801`4262a230 Debug session time: Mon Jul 18 09:17:25.830 2022 (UTC 8:00) System Uptime: 1 days 15:07:52.547 Loading Kernel Symbols .. Press ctrl-c (cdb, kd, ntsd) or ctrl-break (windbg) to abort symbol loads that take too long. Run !sym noisy before .reload to track down problems loading symbols. ............................................................. ................................................................ ................................................................ ........... Loading User Symbols Loading unloaded module list ................................. For analysis of this file, run !analyze -v nt!KeBugCheckEx: fffff801`41df8590 48894c2408 mov qword ptr [rsp 8],rcx ss:ffff8b0b`fe0ff9b0=00000000000000f7 14: kd> !analyze -v ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* DRIVER_OVERRAN_STACK_BUFFER (f7) A driver has overrun a stack-based buffer. This overrun could potentially allow a malicious user to gain control of this machine. DESCRIPTION A driver overran a stack-based buffer (or local variable) in a way that would have overwritten the function's return address and jumped back to an arbitrary address when the function returned. This is the classic "buffer overrun" hacking attack and the system has been brought down to prevent a malicious user from gaining complete control of it. Do a kb to get a stack backtrace -- the last routine on the stack before the buffer overrun handlers and BugCheck call is the one that overran its local variable(s). Arguments: Arg1: 0000928b2f230eb6, Actual security check cookie from the stack Arg2: 0000928b2f230eb7, Expected security check cookie Arg3: ffff6d74d0dcf148, Complement of the expected security check cookie Arg4: 0000000000000000, zero Debugging Details: ------------------ KEY_VALUES_STRING: 1 Key : Analysis.CPU.mSec Value: 1921 Key : Analysis.DebugAnalysisManager Value: Create Key : Analysis.Elapsed.mSec Value: 1997 Key : Analysis.Init.CPU.mSec Value: 280 Key : Analysis.Init.Elapsed.mSec Value: 17535 Key : Analysis.Memory.CommitPeak.Mb Value: 92 Key : Bugcheck.Code.DumpHeader Value: 0xf7 Key : Bugcheck.Code.Register Value: 0xf7 Key : Dump.Attributes.AsUlong Value: 8 Key : Dump.Attributes.KernelGeneratedTriageDump Value: 1 FILE_IN_CAB: 071822-7515-01.dmp DUMP_FILE_ATTRIBUTES: 0x8 Kernel Generated Triage Dump BUGCHECK_CODE: f7 BUGCHECK_P1: 928b2f230eb6 BUGCHECK_P2: 928b2f230eb7 BUGCHECK_P3: ffff6d74d0dcf148 BUGCHECK_P4: 0 SECURITY_COOKIE: Expected 0000928b2f230eb7 found 0000928b2f230eb6 BLACKBOXBSD: 1 (!blackboxbsd) BLACKBOXNTFS: 1 (!blackboxntfs) BLACKBOXPNP: 1 (!blackboxpnp) BLACKBOXWINLOGON: 1 CUSTOMER_CRASH_COUNT: 1 PROCESS_NAME: System STACK_TEXT: ffff8b0b`fe0ff9a8 fffff801`41eb1895 : 00000000`000000f7 0000928b`2f230eb6 0000928b`2f230eb7 ffff6d74`d0dcf148 : nt!KeBugCheckEx ffff8b0b`fe0ff9b0 fffff801`41caaa48 : 00000000`00000000 00001f80`00000000 00000000`00000003 00000000`00000002 : nt!_report_gsfailure 0x25 ffff8b0b`fe0ff9f0 fffff801`41dfc0b4 : ffffffff`00000000 ffffe280`128b3440 ffffbb85`1e1a0080 00000000`00000359 : nt!PoIdle 0x3a8 ffff8b0b`fe0ffb60 00000000`00000000 : ffff8b0b`fe100000 ffff8b0b`fe0f9000 00000000`00000000 00000000`00000000 : nt!KiIdleLoop 0x54 SYMBOL_NAME: nt!_report_gsfailure 25 MODULE_NAME: nt IMAGE_NAME: ntkrnlmp.exe IMAGE_VERSION: 10.0.19041.1826 STACK_COMMAND: .cxr; .ecxr ; kb BUCKET_ID_FUNC_OFFSET: 25 FAILURE_BUCKET_ID: 0xF7_ONE_BIT_MISSING_GSFRAME_nt!_report_gsfailure OSPLATFORM_TYPE: x64 OSNAME: Windows 10 FAILURE_ID_HASH: {8f84f302-dd0e-1f96-6f9c-0ea31ad59f42} Followup: MachineOwner ---------
HiIamDave,Iwillhelpyouwiththis.PleasechecktoseeifyourPCisproducinganyminidumpfiles,Iwillcheckthosetoseeiftheyprovideanyinsightintoapotentialcauseofthesystemcrashes.PleaseNote,IcannotdownloadfromBaiduCloudDrive,pleaseuseadifferentCloudServicefortheupload.OpenWindowsFileExplorer.NavigatetoC:\Windows\MinidumpCopyanyminidumpfilesontoyourDesktop,thenzipthoseup.UploadthezipfiletotheCloud(OneDrive,DropBox.etc.),thenchoosetosharethoseandgetasharelink.Thenpostthelinkheretothezipfile,sowecantakealookforyou.
https://1drv.ms/u/s!AkUTwMrBEF7a7DSJEJABCivyHunb?e=1qwAXgThanks此是否有帮助?是否抱歉,这没有帮助。太棒了!感谢你的反馈。你对此的满意度如何?感谢你的反馈,它能帮助改进网站。你对此的满意度如何?感谢你的反馈。
HiYourminidumpfilesjustindicatememory(RAM)corruptionnospecificdriverislistedThebestoptionistodownloadthewidelyavailablefreeutilityMemTest86,thenrunafull4passscanwiththattotestyourRAMforphysicalerrors
