阅读329 返回首页    go windows

求助win10蓝屏问题,dmp分析如下

Microsoft (R) Windows Debugger Version 6.12.0002.633 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [C:\Windows\Minidump\083017-19125-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: SRV*E:\symbols*https://msdl.microsoft.com/download/symbols;F:\Symbols;SRV*F:\symbols*D:\symbols;https://msdl.microsoft.com/download/symbols
Executable search path is: 
Windows 7 Kernel Version 15063 MP (16 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 15063.0.amd64fre.rs2_release.170317-1834
Machine Name:
Kernel base = 0xfffff803`92214000 PsLoadedModuleList = 0xfffff803`925605c0
Debug session time: Wed Aug 30 11:44:28.769 2017 (UTC + 8:00)
System Uptime: 0 days 19:00:49.491
Loading Kernel Symbols
...............................................................
................................................................
................................................
Loading User Symbols
Loading unloaded module list
..........................
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck F7, {288090c6fd40, 38c18bd705ba, ffffc73e7428fa45, 0}

*** WARNING: Unable to verify timestamp for win32k.sys
Probably caused by : memory_corruption

Followup: memory_corruption
---------

5: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

DRIVER_OVERRAN_STACK_BUFFER (f7)
A driver has overrun a stack-based buffer.  This overrun could potentially
allow a malicious user to gain control of this machine.
DESCRIPTION
A driver overran a stack-based buffer (or local variable) in a way that would
have overwritten the function's return address and jumped back to an arbitrary
address when the function returned.  This is the classic "buffer overrun"
hacking attack and the system has been brought down to prevent a malicious user
from gaining complete control of it.
Do a kb to get a stack backtrace -- the last routine on the stack before the
buffer overrun handlers and bugcheck call is the one that overran its local
variable(s).
Arguments:
Arg1: 0000288090c6fd40, Actual security check cookie from the stack
Arg2: 000038c18bd705ba, Expected security check cookie
Arg3: ffffc73e7428fa45, Complement of the expected security check cookie
Arg4: 0000000000000000, zero

Debugging Details:
------------------


DEFAULT_BUCKET_ID:  CODE_CORRUPTION

SECURITY_COOKIE:  Expected 000038c18bd705ba found 0000288090c6fd40

CUSTOMER_CRASH_COUNT:  1

BUGCHECK_STR:  0xF7

PROCESS_NAME:  svchost.exe

CURRENT_IRQL:  2

LAST_CONTROL_TRANSFER:  from fffff803923ee905 to fffff80392380560

STACK_TEXT:  
ffff8e80`98aecf88 fffff803`923ee905 : 00000000`000000f7 00002880`90c6fd40 000038c1`8bd705ba ffffc73e`7428fa45 : nt!KeBugCheckEx
ffff8e80`98aecf90 fffff803`9227d180 : ffffbc8b`674e8000 ffff8e80`98aed010 00000000`00000000 00000000`00000000 : nt!_report_gsfailure+0x25
ffff8e80`98aecfd0 fffff803`9227d02e : 00000000`00000100 ffffbc8b`674e98c0 00000000`00000000 ffff8e80`98aed198 : nt!MiIdentifyPfn+0x100
ffff8e80`98aed0a0 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!MiIdentifyPfnWrapper+0x3e


STACK_COMMAND:  kb

CHKIMG_EXTENSION: !chkimg -lo 50 -d !nt
    fffff8039227d0b9-fffff8039227d0ba  2 bytes - nt!MiIdentifyPfn+39
[ 80 fa:00 a6 ]
    fffff8039229c0ef - nt!MiGetNextPageTable+19f (+0x1f036)
[ f6:bb ]
    fffff8039229c122 - nt!MiGetNextPageTable+1d2 (+0x33)
[ f6:bb ]
    fffff803922a507b - nt!MiResolvePrivateZeroFault+27b (+0x8f59)
[ f6:bb ]
    fffff803922a50b0-fffff803922a50b2  3 bytes - nt!MiResolvePrivateZeroFault+2b0 (+0x35)
[ 40 fb f6:c0 dd bb ]
    fffff803922a50d8-fffff803922a50d9  2 bytes - nt!MiResolvePrivateZeroFault+2d8 (+0x28)
[ 80 fa:00 a6 ]
    fffff803922a5b53-fffff803922a5b54  2 bytes - nt!MiGetPage+a3 (+0xa7b)
[ 80 fa:00 a6 ]
    fffff803922a5cc2-fffff803922a5cc3  2 bytes - nt!MiGetFreeOrZeroPage+72 (+0x16f)
[ 80 fa:00 a6 ]
    fffff803922a6558 - nt!MiCompletePrivateZeroFault+518 (+0x896)
[ f6:bb ]
    fffff803922a6567-fffff803922a6568  2 bytes - nt!MiCompletePrivateZeroFault+527 (+0x0f)
[ 80 fa:00 a6 ]
    fffff80392494383-fffff80392494385  3 bytes - nt!ExFreePoolWithTag+363
[ 40 fb f6:c0 dd bb ]
    fffff803926c1de7-fffff803926c1de8  2 bytes - nt!PfpPfnPrioRequest+d7
[ 80 fa:00 a6 ]
22 errors : !nt (fffff8039227d0b9-fffff803926c1de8)

MODULE_NAME: memory_corruption

IMAGE_NAME:  memory_corruption

FOLLOWUP_NAME:  memory_corruption

DEBUG_FLR_IMAGE_TIMESTAMP:  0

MEMORY_CORRUPTOR:  LARGE

FAILURE_BUCKET_ID:  X64_MEMORY_CORRUPTION_LARGE

BUCKET_ID:  X64_MEMORY_CORRUPTION_LARGE

Followup: memory_corruption
---------

最后更新:2017-08-30 13:02:33

  上一篇:go win10系统自动添加ENG输入法
  下一篇:go 系统频繁蓝屏 不知道什么原因