Ask a new question

Multiple blue screens while playing

Hi

For the past 1-2 weeks i am constantly getting bsod

I analyzed a bit, But I don't understand it

Loading Dump File [C:\Users\jesus\Desktop\071124-7671-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available


************* Path validation summary **************
Response                         Time (ms)     Location
Deferred                                       srv*
Symbol search path is: srv*
Executable search path is: 
Windows 10 Kernel Version 22621 MP (16 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Edition build lab: 22621.1.amd64fre.ni_release.220506-1250
Kernel base = 0xfffff803`66c00000 PsLoadedModuleList = 0xfffff803`67813510
Debug session time: Thu Jul 11 21:42:42.935 2024 (UTC + 2:00)
System Uptime: 0 days 22:48:53.536
Loading Kernel Symbols
...............................................................
................................................................
................................................................
.......................................
Loading User Symbols
PEB is paged out (Peb.Ldr = 00000080`d66dd018).  Type ".hh dbgerr001" for details
Loading unloaded module list
..................
For analysis of this file, run !analyze -v
nt!KeBugCheckEx:
fffff803`67015df0 48894c2408      mov     qword ptr [rsp+8],rcx ss:ffff980f`df9cf940=00000000000000f7
4: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

DRIVER_OVERRAN_STACK_BUFFER (f7)
A driver has overrun a stack-based buffer.  This overrun could potentially
allow a malicious user to gain control of this machine.
DESCRIPTION
A driver overran a stack-based buffer (or local variable) in a way that would
have overwritten the function's return address and jumped back to an arbitrary
address when the function returned.  This is the classic "buffer overrun"
hacking attack and the system has been brought down to prevent a malicious user
from gaining complete control of it.
Do a kb to get a stack backtrace -- the last routine on the stack before the
buffer overrun handlers and BugCheck call is the one that overran its local
variable(s).
Arguments:
Arg1: 0000500dcedfbc46, Actual security check cookie from the stack
Arg2: 0000500dbcbe24c8, Expected security check cookie
Arg3: ffffaff2312043b9, Complement of the expected security check cookie
Arg4: 0000000000000000, zero

Debugging Details:
------------------

*** WARNING: Check Image - Checksum mismatch - Dump: 0xb17b2, File: 0xb1718 - C:\ProgramData\Dbg\sym\win32k.sys\6C1AD5CCab000\win32k.sys

KEY_VALUES_STRING: 1

    Key  : Analysis.CPU.mSec
    Value: 1843

    Key  : Analysis.Elapsed.mSec
    Value: 4097

    Key  : Analysis.IO.Other.Mb
    Value: 0

    Key  : Analysis.IO.Read.Mb
    Value: 0

    Key  : Analysis.IO.Write.Mb
    Value: 0

    Key  : Analysis.Init.CPU.mSec
    Value: 468

    Key  : Analysis.Init.Elapsed.mSec
    Value: 23882

    Key  : Analysis.Memory.CommitPeak.Mb
    Value: 140

    Key  : Bugcheck.Code.LegacyAPI
    Value: 0xf7

    Key  : Bugcheck.Code.TargetModel
    Value: 0xf7

    Key  : Failure.Bucket
    Value: 0xF7_MISSING_GSFRAME_nt!_report_gsfailure

    Key  : Failure.Hash
    Value: {82d2c1b5-b0cb-60a5-9a5d-78c8c4284f84}

    Key  : WER.OS.Branch
    Value: ni_release

    Key  : WER.OS.Version
    Value: 10.0.22621.1


BUGCHECK_CODE:  f7

BUGCHECK_P1: 500dcedfbc46

BUGCHECK_P2: 500dbcbe24c8

BUGCHECK_P3: ffffaff2312043b9

BUGCHECK_P4: 0

FILE_IN_CAB:  071124-7671-01.dmp

SECURITY_COOKIE:  Expected 0000500dbcbe24c8 found 0000500dcedfbc46

BLACKBOXBSD: 1 (!blackboxbsd)


BLACKBOXNTFS: 1 (!blackboxntfs)


BLACKBOXPNP: 1 (!blackboxpnp)


BLACKBOXWINLOGON: 1

CUSTOMER_CRASH_COUNT:  1

PROCESS_NAME:  ONCE_HUMAN.exe

STACK_TEXT:  
ffff980f`df9cf938 fffff803`670fbd75     : 00000000`000000f7 0000500d`cedfbc46 0000500d`bcbe24c8 ffffaff2`312043b9 : nt!KeBugCheckEx
ffff980f`df9cf940 fffff803`66f47ee2     : ffffc887`2f6e3740 00000000`00000111 00000000`00000001 ffffc887`00000000 : nt!_report_gsfailure+0x25
ffff980f`df9cf980 fffff803`6702707e     : 00000000`00000086 ffffc887`2aae8d60 000001d9`a1185b00 00000000`00000000 : nt!MmAccessFault+0x282
ffff980f`df9cfaa0 00007ffc`e621be75     : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiPageFault+0x37e
00000080`d986dc30 00000000`00000000     : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x00007ffc`e621be75


SYMBOL_NAME:  nt!_report_gsfailure+25

MODULE_NAME: nt

IMAGE_NAME:  ntkrnlmp.exe

IMAGE_VERSION:  10.0.22621.3880

STACK_COMMAND:  .cxr; .ecxr ; kb

BUCKET_ID_FUNC_OFFSET:  25

FAILURE_BUCKET_ID:  0xF7_MISSING_GSFRAME_nt!_report_gsfailure

OS_VERSION:  10.0.22621.1

BUILDLAB_STR:  ni_release

OSPLATFORM_TYPE:  x64

OSNAME:  Windows 10

FAILURE_ID_HASH:  {82d2c1b5-b0cb-60a5-9a5d-78c8c4284f84}

Followup:     MachineOwner
---------
someone, help me?
Hi,
My name is Igor, it's a pleasure for me to help others and I'll try to help you.

Please use driver verifier to gather additional information. https://support.microsoft.com/en-us/help/244617...
Run verifier /standard /all /bootmode resetonbootfail command, reboot PC and use it as usual (it will be slower). If blue screen happens please share memory dumps to OneDrive for analysis.
------------------
if you'll find someone's post helpful, mark it as an answer and rate it please. This will help other users to find answers to their similar questions.

Was this reply helpful?

Sorry this didn't help.

Great! Thanks for your feedback.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this reply?

Thanks for your feedback.

Hi,
My name is Igor, it's a pleasure for me to help others and I'll try to help you.

Please use driver verifier to gather additional information. https://support.microsoft.com/en-us/help/244617...
Run command, reboot PC and use it as usual (it will be slower). If blue screen happens please share memory dumps to OneDrive for analysis. verifier /standard /all /bootmode resetonbootfail

Here On the home screen as soon as you enter the password you have given it:

https://1drv.ms/u/c/ce8b864fb4efb03c/EdIvg8sssXpOp_0dLULwDZ0BJwjMG8el61Qop2qbJJVlNg?e=v2z8ZW

These are two older minidumps
https://1drv.ms/u/c/ce8b864fb4efb03c/EQG9DPyxQIZJnPepHL5p-dEBYEh_9S4DOvBH42dkBmKHAA?e=VR0c3Y
https://1drv.ms/u/c/ce8b864fb4efb03c/EUgFuO_GCxlOqKUKUyVoS-UBZ-hjLknKSIss5BnvaRJ9-Q?e=iH2g9W

Was this reply helpful?

Sorry this didn't help.

Great! Thanks for your feedback.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this reply?

Thanks for your feedback.

Dump says: A device driver attempting to corrupt the system has been caught. It is GVCIDrv64.sys driver, it is a part of some Gigabyte software, likely RGB or XTREME GAMING ENGINE. Please update or uninstall these tools.
------------------
if you'll find someone's post helpful, mark it as an answer and rate it please. This will help other users to find answers to their similar questions.

Was this reply helpful?

Sorry this didn't help.

Great! Thanks for your feedback.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this reply?

Thanks for your feedback. 

thank you so much!!! How do you disable this: verifier /standard /all /bootmode resetonbootfail

Was this reply helpful?

Sorry this didn't help.

Great! Thanks for your feedback.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this reply?

Thanks for your feedback.

verifier should be disabled automatically after this command and BSOD. But you may run
verifier /reset
command.
------------------
if you'll find someone's post helpful, mark it as an answer and rate it please. This will help other users to find answers to their similar questions.

Was this reply helpful?

Sorry this didn't help.

Great! Thanks for your feedback.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this reply?

Thanks for your feedback.

 
 

Question Info

Last updated April 16, 2025 Views 85 Applies to: