• July 17, 2017
    Announcement: New site design for Microsoft Community

    In July, Microsoft will roll out the first of ongoing site improvements aimed to modernize Microsoft Community and help customers get the most out of their community experience.

    • During the roll out period, you may see the old or new site design depending on your location

    • We expect the roll out to finish by 31 July

    Note: Past private message conversations will not move to the new site design. Please save any private messages you would like to keep.

     Learn more about the upcoming site improvements in this thread.

    Thank you for being part of Microsoft Community!

 
Question
1042 views

driver_overran_stack_buffer

Henrygreyling asked on
Hi,

My laptop restarts every 15 min or so, rendering it useless. I recently updated to Win 8.1 pro. Please help. 


1.      What is the make and model of the computer?

2.      What are the hardware specifications of the computer?

3.      Have you installed any third party security software on the computer?

4.      Are all the drivers updated?

5.      Have you made any recent changes on the computer?

6.      Have you connected any external devices to the computer?


1.      HP Pavilion dv6

2.      Intel Core i7-2630QM CPU @ 2.00GHz

3.      Malaware

4.      Not sure

5.      Installed win 8.1 pro

6.      No.


2 people had this question

Abuse history


The answered status icon Answer
Patrick Barker replied on

That worked, thanks!

All of the attached DMP files are of the DRIVER_OVERRAN_STACK_BUFFER (f7) bug check.

This indicates that a driver has overrun a stack-based buffer.

A driver overran a stack-based buffer (or local variable) in a way that would have overwritten the function's return address and jumped back to an arbitrary address when the function returned.


If we take a look at the call stack:


6: kd> kb
RetAddr           : Args to Child                                                           : Call Site
fffff800`01891f6e : 00000000`000000f7 0000f800`01894410 0000f800`01894412 ffff07ff`fe76bbed : nt!KeBugCheckEx
00000000`000000f7 : 0000f800`01894410 0000f800`01894412 ffff07ff`fe76bbed 00000000`00000000 : WinFLAdrv+0x3f6e
0000f800`01894410 : 0000f800`01894412 ffff07ff`fe76bbed 00000000`00000000 ffffe000`0405668c : 0xf7
0000f800`01894412 : ffff07ff`fe76bbed 00000000`00000000 ffffe000`0405668c ffffd000`25b08250 : 0xf800`01894410
ffff07ff`fe76bbed : 00000000`00000000 ffffe000`0405668c ffffd000`25b08250 fffff800`018911c5 : 0xf800`01894412
00000000`00000000 : ffffe000`0405668c ffffd000`25b08250 fffff800`018911c5 00000000`00000000 : 0xffff07ff`fe76bbed


FAILURE_BUCKET_ID:  X64_0xF7_ONE_BIT_MISSING_GSFRAME_WinFLAdrv+3f6e

Unable to load image \SystemRoot\SysWOW64\WinFLAdrv.sys, Win32 error 0n2
*** WARNING: Unable to verify timestamp for WinFLAdrv.sys
*** ERROR: Module load completed but symbols could not be loaded for WinFLAdrv.sys


^^ WinFLAdrv.sys is related to WinFLAdrv.sys Service Application from NewSoftwares.net. Remove whatever is in relation to this. If you are not sure, navigate to C:\Windows\System32\Drivers find WinFLAdrv.sys, right click, properties, Details tab and see what the description is.

-----------------------------------------

If you're still crashing after the above, please remove and replace AVG with Windows 8's built-in Windows Defender for temporary troubleshooting purposes:

AVG removal tool - http://www.avg.com/us-en/utilities

-----------------------------------------

If you're still crashing after both recommendations, please enable Driver Verifier to look for further device driver corruption:

Driver Verifier:

What is Driver Verifier?

Driver Verifier is included in Windows 8, 7, Windows Server 2008 R2, Windows Vista, Windows Server 2008, Windows 2000, Windows XP, and Windows Server 2003 to promote stability and reliability; you can use this tool to troubleshoot driver issues. Windows kernel-mode components can cause system corruption or system failures as a result of an improperly written driver, such as an earlier version of a Windows Driver Model (WDM) driver.

Essentially, if there's a 3rd party driver believed to be at issue, enabling Driver Verifier will help flush out the rogue driver if it detects a violation.

Before enabling Driver Verifier, it is recommended to create a System Restore Point:

Vista - START | type rstrui - create a restore point
Windows 7 - START | type create | select "Create a Restore Point"
Windows 8 - http://www.eightforums.com/tutorials/4690-restore-point-create-windows-8-a.html

How to enable Driver Verifier:

Start > type "verifier" without the quotes > Select the following options -

1. Select - "Create custom settings (for code developers)"
2. Select - "Select individual settings from a full list"
3. Check the following boxes -
- Special Pool
- Pool Tracking
- Force IRQL Checking
- Deadlock Detection
- Security Checks (Windows 7 & 8)
- DDI compliance checking (Windows 8)
- Miscellaneous Checks
4. Select  - "Select driver names from a list"
5. Click on the "Provider" tab. This will sort all of the drivers by the provider.
6. Check EVERY box that is [B]NOT[/B] provided by Microsoft / Microsoft Corporation.
7. Click on Finish.
8. Restart.

Important information regarding Driver Verifier:

- If Driver Verifier finds a violation, the system will BSOD.

- After enabling Driver Verifier and restarting the system, depending on the culprit, if for example the driver is on start-up, you may not be able to get back into normal Windows because Driver Verifier will flag it, and as stated above, that will cause / force a BSOD.

If this happens, do not panic, do the following:

- Boot into Safe Mode by repeatedly tapping the F8 key during boot-up.

- Once in Safe Mode - Start > type "system restore" without the quotes.

- Choose the restore point you created earlier.
If you did not set up a restore point, do not worry, you can still disable Driver Verifier to get back into normal Windows:

- Start > Search > type "cmd" without the quotes.

- To turn off Driver Verifier, type in cmd "verifier /reset" without the quotes.
・    Restart and boot into normal Windows.

How long should I keep Driver Verifier enabled for?

It varies, many experts and analysts have different recommendations. Personally, I recommend keeping it enabled for at least 24 hours. If you don't BSOD by then, disable Driver Verifier.

My system BSOD'd, where can I find the crash dumps?

They will be located in %systemroot%\Minidump

Any other questions can most likely be answered by this article:
http://support.microsoft.com/kb/244617

Regards,

Patrick
Debugger/Reverse Engineer.
Be the first person to mark this helpful

Abuse history


progress