************* Preparing the environment for Debugger Extensions Gallery repositories **************
ExtensionRepository : Implicit
UseExperimentalFeatureForNugetShare : true
AllowNugetExeUpdate : true
NonInteractiveNuget : true
AllowNugetMSCredentialProviderInstall : true
AllowParallelInitializationOfLocalRepositories : true
EnableRedirectToV8JsProvider : false
-- Configuring repositories
----> Repository : LocalInstalled, Enabled: true
----> Repository : UserExtensions, Enabled: true
>>>>>>>>>>>>> Preparing the environment for Debugger Extensions Gallery repositories completed, duration 0.078 seconds
************* WAIting for Debugger Extensions Gallery to Initialize **************
>>>>>>>>>>>>> Waiting for Debugger Extensions Gallery to Initialize completed, duration 0.031 seconds
----> Repository : UserExtensions, Enabled: true, Packages count: 0
----> Repository : LocalInstalled, Enabled: true, Packages count: 29
Microsoft (R) Windows Debugger Version 10.0.26100.1 X86
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\Windows\Minidump\070424-13437-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: srv*
Executable search path is:
Windows 10 Kernel Version 22621 MP (12 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Kernel base = 0xfffff804`2d000000 PSLoadedModuleList = 0xfffff804`2dc13530
Debug session time: Thu Jul 4 11:47:45.066 2024 (UTC + 8:00)
System Uptime: 0 days 2:03:03.725
Loading Kernel Symbols
..
Press ctrl-c (cdb, kd, ntsd) or ctrl-break (windbg) to abort symbol loads that take too long.
Run !sym noisy before .reload to track down problems loading symbols.
.............................................................
................................................................
................................................................
...................................
Loading User Symbols
Loading unloaded module list
..........
For analysis of this file, run !analyze -v
4: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
DRIVER_OVERRAN_STACK_BUFFER (f7)
A driver has overrun a stack-based buffer. This overrun could potentially
allow a malicious user to gain control of this machine.
DESCRIPTION
A driver overran a stack-based buffer (or local variable) in a way that would
have overwritten the function's return address and jumped back to an arbitrary
address when the function returned. This is the classic "buffer overrun"
hacking attack and the system has been brought down to prevent a malicious user
from gaining complete control of it.
Do a kb to get a stack backtrace -- the last routine on the stack before the
buffer overrun handlers and BugCheck call is the one that overran its local
variable(s).
Arguments:
Arg1: 000056b6f954c351, Actual security check cookie from the stack
Arg2: 000056b63f41f12f, Expected security check cookie
Arg3: ffffa94906ab3cae, Complement of the expected security check cookie
Arg4: 0000000000000000, zero
Debugging Details:
------------------
KEY_VALUES_STRING: 1
Key : Analysis.CPU.mSec
Value: 9859
Key : Analysis.Elapsed.mSec
Value: 13145
Key : Analysis.IO.Other.Mb
Value: 4
Key : Analysis.IO.Read.Mb
Value: 25
Key : Analysis.IO.Write.Mb
Value: 0
Key : Analysis.Init.CPU.mSec
Value: 24296
Key : Analysis.Init.Elapsed.mSec
Value: 67396
Key : Analysis.Memory.CommitPeak.Mb
Value: 115
Key : Bugcheck.Code.LegacyAPI
Value: 0xf7
Key : Dump.Attributes.AsUlong
Value: 1008
Key : Dump.Attributes.DiagDataWrittenToHeader
Value: 1
Key : Dump.Attributes.ErrorCode
Value: 0
Key : Dump.Attributes.KernelGeneratedTriageDump
Value: 1
Key : Dump.Attributes.LastLine
Value: Dump completed successfully.
Key : Dump.Attributes.ProgressPercentage
Value: 0
Key : Failure.Bucket
Value: 0xF7_MISSING_GSFRAME_nt!_report_gsfailure
Key : Failure.Hash
Value: {82d2c1b5-b0cb-60a5-9a5d-78c8c4284f84}
BUGCHECK_CODE: f7
BUGCHECK_P1: 56b6f954c351
BUGCHECK_P2: 56b63f41f12f
BUGCHECK_P3: ffffa94906ab3cae
BUGCHECK_P4: 0
FILE_IN_CAB: 070424-13437-01.dmp
DUMP_FILE_ATTRIBUTES: 0x1008
Kernel Generated Triage Dump
SECURITY_COOKIE: Expected 000056b63f41f12f found 000056b6f954c351
BLACKBOXBSD: 1 (!blackboxbsd)
BLACKBOXntfs: 1 (!blackboxntfs)
BLACKBOXPNP: 1 (!blackboxpnp)
BLACKBOXWINLOGON: 1
CUSTOMER_CRASH_COUNT: 1
PROCESS_NAME: System
STACK_TEXT:
fffffc83`6ec8f548 fffff804`2d4fbe75 : 00000000`000000f7 000056b6`f954c351 000056b6`3f41f12f ffffa949`06ab3cae : nt!KeBugCheckEx
fffffc83`6ec8f550 fffff804`2d271f61 : 00000000`00000000 00000000`00000000 ffffaa35`979c36c1 00000000`00000000 : nt!_report_gsfailure+0x25
fffffc83`6ec8f590 fffff804`2d32a5cd : 00000000`00000000 ffff8100`d0690180 00000000`ffffffff 00000011`3121be82 : nt!HviIsXboxNanovisorPresent+0x39
fffffc83`6ec8f5c0 fffff804`2d329a0b : ffffbc06`91f43718 00000000`00000000 ffffffff`ffffffff fffffc83`6ec8fa70 : nt!PpmIdleExecuteTransition+0xb5d
fffffc83`6ec8fa10 fffff804`2d41ae64 : 00000000`00000000 ffffbc06`8a387080 ffffbc06`9d30d080 ffffbc06`a0c28080 : nt!PoIdle+0x68b
fffffc83`6ec8fc00 00000000`00000000 : fffffc83`6ec90000 fffffc83`6ec89000 00000000`00000000 00000000`00000000 : nt!KiIdleLoop+0x54
SYMBOL_NAME: nt!_report_gsfailure+25
MODULE_NAME: nt
IMAGE_NAME: ntkrnlmp.exe
IMAGE_VERSION: 10.0.22621.3810
STACK_COMMAND: .cxr; .ecxr ; kb
BUCKET_ID_FUNC_OFFSET: 25
FAILURE_BUCKET_ID: 0xF7_MISSING_GSFRAME_nt!_report_gsfailure
OSPLATFORM_TYPE: x64
OSNAME: Windows 10
FAILURE_ID_HASH: {82d2c1b5-b0cb-60a5-9a5d-78c8c4284f84}
Followup: MachineOwner
--------- |