Hi
For the past 1-2 weeks i am constantly getting bsod
I analyzed a bit and it shows ntkrnlmp.exe
Here's the dump files: "http://80.211.144.44/Minidump.zip"
Below is the WinDbg output
Microsoft (R) Windows Debugger Version 10.0.16299.15 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\Windows\Minidump\120117-26859-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
************* Path validation summary **************
Response Time (ms) Location
Deferred SRV*C:\SymCache*http://msdl.microsoft.com/download/symbols
Symbol search path is: SRV*C:\SymCache*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 10 Kernel Version 15063 MP (2 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 15063.0.amd64fre.rs2_release.170317-1834
Machine Name:
Kernel base = 0xfffff803`2b890000 PsLoadedModuleList = 0xfffff803`2bbdc5c0
Debug session time: Fri Dec 1 22:24:41.437 2017 (UTC + 3:00)
System Uptime: 0 days 0:51:41.216
Loading Kernel Symbols
...............................................................
................................................................
................................................
Loading User Symbols
Loading unloaded module list
................
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck F7, {3a813e180ef0, c9e7111f1660, ffff3618eee0e99f, 0}
Probably caused by : ntkrnlmp.exe ( nt!_report_gsfailure+25 )
Followup: MachineOwner
---------
1: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
DRIVER_OVERRAN_STACK_BUFFER (f7)
A driver has overrun a stack-based buffer. This overrun could potentially
allow a malicious user to gain control of this machine.
DESCRIPTION
A driver overran a stack-based buffer (or local variable) in a way that would
have overwritten the function's return address and jumped back to an arbitrary
address when the function returned. This is the classic "buffer overrun"
hacking attack and the system has been brought down to prevent a malicious user
from gaining complete control of it.
Do a kb to get a stack backtrace -- the last routine on the stack before the
buffer overrun handlers and bugcheck call is the one that overran its local
variable(s).
Arguments:
Arg1: 00003a813e180ef0, Actual security check cookie from the stack
Arg2: 0000c9e7111f1660, Expected security check cookie
Arg3: ffff3618eee0e99f, Complement of the expected security check cookie
Arg4: 0000000000000000, zero
Debugging Details:
------------------
DUMP_CLASS: 1
DUMP_QUALIFIER: 400
BUILD_VERSION_STRING: 10.0.15063.674 (WinBuild.160101.0800)
SYSTEM_MANUFACTURER: MSI
SYSTEM_PRODUCT_NAME: MS-7267
SYSTEM_SKU: To Be Filled By O.E.M.
SYSTEM_VERSION: 4.0
BIOS_VENDOR: American Megatrends Inc.
BIOS_VERSION: V17.1
BIOS_DATE: 07/11/2007
BASEBOARD_MANUFACTURER: MSI
BASEBOARD_PRODUCT: MS-7267
BASEBOARD_VERSION: 4.0
DUMP_TYPE: 2
BUGCHECK_P1: 3a813e180ef0
BUGCHECK_P2: c9e7111f1660
BUGCHECK_P3: ffff3618eee0e99f
BUGCHECK_P4: 0
SECURITY_COOKIE: Expected 0000c9e7111f1660 found 00003a813e180ef0
CPU_COUNT: 2
CPU_MHZ: 91a
CPU_VENDOR: GenuineIntel
CPU_FAMILY: 6
CPU_MODEL: f
CPU_STEPPING: b
CPU_MICROCODE: 6,f,b,0 (F,M,S,R) SIG: C1'00000000 (cache) C1'00000000 (init)
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: WIN8_DRIVER_FAULT
BUGCHECK_STR: 0xF7
PROCESS_NAME: svchost.exe
CURRENT_IRQL: 2
ANALYSIS_SESSION_HOST: DESKTOP-9INHLTE
ANALYSIS_SESSION_TIME: 12-02-2017 10:39:50.0281
ANALYSIS_VERSION: 10.0.16299.15 amd64fre
LAST_CONTROL_TRANSFER: from fffff8032ba6a905 to fffff8032b9fc580
STACK_TEXT:
ffffcb01`3e1840c8 fffff803`2ba6a905 : 00000000`000000f7 00003a81`3e180ef0 0000c9e7`111f1660 ffff3618`eee0e99f : nt!KeBugCheckEx
ffffcb01`3e1840d0 fffff803`2b8f9550 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!_report_gsfailure+0x25
ffffcb01`3e184110 fffff803`2b8f93fe : 00000000`00000100 ffff9c88`49e0c8c0 00000000`00000000 ffffcb01`3e1842d8 : nt!MiIdentifyPfn+0x100
ffffcb01`3e1841e0 fffff803`2bd3ce1a : 00000000`00000000 ffff9c88`49e0b330 ffff9c88`49e0b000 ffff9c88`49e0b000 : nt!MiIdentifyPfnWrapper+0x3e
ffffcb01`3e184210 fffff803`2bd3c92f : ffff9c88`49445080 08000000`00004421 ffffcb01`3e1843f4 ffff9c88`49e0b000 : nt!PfpPfnPrioRequest+0xca
ffffcb01`3e184290 fffff803`2bd3ab8e : 00000000`0000004f ffff9c88`47d9e190 00000051`8bd7a038 fffff803`2b8c69e8 : nt!PfQuerySuperfetchInformation+0x2bf
ffffcb01`3e1843c0 fffff803`2bd3a83b : 00000000`00000000 0000021e`adfea700 00000000`00000000 00000000`00000000 : nt!ExpQuerySystemInformation+0x22e
ffffcb01`3e184c00 fffff803`2ba07413 : ffff9c88`49445080 00000000`00000000 00000000`00000000 00000051`8bd7caa8 : nt!NtQuerySystemInformation+0x2b
ffffcb01`3e184c40 00007ff9`eee55a64 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
00000051`8bd79ee8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x00007ff9`eee55a64
THREAD_SHA1_HASH_MOD_FUNC: 0621696229749f19418dfeecf88f4c3d2bd5058e
THREAD_SHA1_HASH_MOD_FUNC_OFFSET: 1e0bc3642c40aa307336c381675ee4a94c42db8e
THREAD_SHA1_HASH_MOD: 9f457f347057f10e1df248e166a3e95e6570ecfe
FOLLOWUP_IP:
nt!_report_gsfailure+25
fffff803`2ba6a905 cc int 3
FAULT_INSTR_CODE: cccccccc
SYMBOL_STACK_INDEX: 1
SYMBOL_NAME: nt!_report_gsfailure+25
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
IMAGE_NAME: ntkrnlmp.exe
DEBUG_FLR_IMAGE_TIMESTAMP: 59cdf43a
IMAGE_VERSION: 10.0.15063.674
STACK_COMMAND: .thread ; .cxr ; kb
BUCKET_ID_FUNC_OFFSET: 25
FAILURE_BUCKET_ID: 0xF7_MISSING_GSFRAME_nt!_report_gsfailure
BUCKET_ID: 0xF7_MISSING_GSFRAME_nt!_report_gsfailure
PRIMARY_PROBLEM_CLASS: 0xF7_MISSING_GSFRAME_nt!_report_gsfailure
TARGET_TIME: 2017-12-01T19:24:41.000Z
OSBUILD: 15063
OSSERVICEPACK: 674
SERVICEPACK_NUMBER: 0
OS_REVISION: 0
SUITE_MASK: 272
PRODUCT_TYPE: 1
OSPLATFORM_TYPE: x64
OSNAME: Windows 10
OSEDITION: Windows 10 WinNt TerminalServer SingleUserTS
OS_LOCALE:
USER_LCID: 0
OSBUILD_TIMESTAMP: 2017-09-29 10:20:26
BUILDDATESTAMP_STR: 160101.0800
BUILDLAB_STR: WinBuild
BUILDOSVER_STR: 10.0.15063.674
ANALYSIS_SESSION_ELAPSED_TIME: 2a4b
ANALYSIS_SOURCE: KM
FAILURE_ID_HASH_STRING: km:0xf7_missing_gsframe_nt!_report_gsfailure
FAILURE_ID_HASH: {82d2c1b5-b0cb-60a5-9a5d-78c8c4284f84}
Followup: MachineOwner
---------