Forum Kuralları Hata Çözümleri Hileler Nasıl Kullanılır ? Üye Grupları
Neler Yeni

Çözüldü DRIVER_OVERRAN_STACK_BUFFER Mavi Ekran Hatası

Durum
Üzgünüz bu konu cevaplar için kapatılmıştır...

yumanda2000

yumanda2000
CauSXOXO Kralım Hayatım Bol tereyağlı İskenderim
Seçkin Üye
Katılım
9 Tem 2017
Mesajlar
409
Çözümler
7
Tepki puanı
83
Ödüller
8
8 HİZMET YILI
Klarnite Full Spoofer kullanmayı denediğimde bu mavi ekran hatasıyla karşılaşıyorum.
Minidump yorumlayabilecek olursa çok yardımı olur teşekkür ederim

Kod: 
************* Preparing the environment for Debugger Extensions Gallery repositories **************
   ExtensionRepository : Implicit
   UseExperimentalFeatureForNugetShare : true
   AllowNugetExeUpdate : true
   NonInteractiveNuget : true
   AllowNugetMSCredentialProviderInstall : true
   AllowParallelInitializationOfLocalRepositories : true
   EnableRedirectToChakraJsProvider : false

   -- Configuring repositories
      ----> Repository : LocalInstalled, Enabled: true
      ----> Repository : UserExtensions, Enabled: true

>>>>>>>>>>>>> Preparing the environment for Debugger Extensions Gallery repositories completed, duration 0.000 seconds

************* Waiting for Debugger Extensions Gallery to Initialize **************

>>>>>>>>>>>>> Waiting for Debugger Extensions Gallery to Initialize completed, duration 0.016 seconds
   ----> Repository : UserExtensions, Enabled: true, Packages count: 0
   ----> Repository : LocalInstalled, Enabled: true, Packages count: 42

Microsoft (R) Windows Debugger Version 10.0.27725.1000 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [C:\Users\GLOSS\Desktop\111624-11843-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: srv*
Executable search path is:
Kod: 
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

DRIVER_OVERRAN_STACK_BUFFER (f7)
A driver has overrun a stack-based buffer.  This overrun could potentially
allow a malicious user to gain control of this machine.
DESCRIPTION
A driver overran a stack-based buffer (or local variable) in a way that would
have overwritten the function's return address and jumped back to an arbitrary
address when the function returned.  This is the classic "buffer overrun"
hacking attack and the system has been brought down to prevent a malicious user
from gaining complete control of it.
Do a kb to get a stack backtrace -- the last routine on the stack before the
buffer overrun handlers and BugCheck call is the one that overran its local
variable(s).
Arguments:
Arg1: 00002b992ddfa262, Actual security check cookie from the stack
Arg2: 0000ba95b52aceaa, Expected security check cookie
Arg3: ffff456a4ad53155, Complement of the expected security check cookie
Arg4: 0000000000000000, zero

Debugging Details:
------------------

DBGHELP: Timeout to store: https://msdl.microsoft.com/download/symbols

KEY_VALUES_STRING: 1

    Key  : Analysis.CPU.mSec
    Value: 1468

    Key  : Analysis.Elapsed.mSec
    Value: 62141

    Key  : Analysis.IO.Other.Mb
    Value: 8

    Key  : Analysis.IO.Read.Mb
    Value: 1

    Key  : Analysis.IO.Write.Mb
    Value: 20

    Key  : Analysis.Init.CPU.mSec
    Value: 687

    Key  : Analysis.Init.Elapsed.mSec
    Value: 274428

    Key  : Analysis.Memory.CommitPeak.Mb
    Value: 85

    Key  : Analysis.Version.DbgEng
    Value: 10.0.27725.1000

    Key  : Analysis.Version.Description
    Value: 10.2408.27.01 amd64fre

    Key  : Analysis.Version.Ext
    Value: 1.2408.27.1

    Key  : Bugcheck.Code.LegacyAPI
    Value: 0xf7

    Key  : Bugcheck.Code.TargetModel
    Value: 0xf7

    Key  : Dump.Attributes.AsUlong
    Value: 8

    Key  : Dump.Attributes.KernelGeneratedTriageDump
    Value: 1

    Key  : Failure.Bucket
    Value: 0xF7_MISSING_GSFRAME_nt!_report_gsfailure

    Key  : Failure.Hash
    Value: {82d2c1b5-b0cb-60a5-9a5d-78c8c4284f84}


BUGCHECK_CODE:  f7

BUGCHECK_P1: 2b992ddfa262

BUGCHECK_P2: ba95b52aceaa

BUGCHECK_P3: ffff456a4ad53155

BUGCHECK_P4: 0

FILE_IN_CAB:  111624-11843-01.dmp

DUMP_FILE_ATTRIBUTES: 0x8
  Kernel Generated Triage Dump

FAULTING_THREAD:  ffffa98da074e080

SECURITY_COOKIE:  Expected 0000ba95b52aceaa found 00002b992ddfa262

BLACKBOXBSD: 1 (!blackboxbsd)


BLACKBOXNTFS: 1 (!blackboxntfs)


BLACKBOXPNP: 1 (!blackboxpnp)


BLACKBOXWINLOGON: 1

CUSTOMER_CRASH_COUNT:  1

PROCESS_NAME:  find.exe

TRAP_FRAME:  ffffdc86286e7211 -- (.trap 0xffffdc86286e7211)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=0500000000000b10 rbx=0000000000000000 rcx=0000000000c00000
rdx=d100000000000000 rsi=0000000000000000 rdi=0000000000000000
rip=456b636f4c6e6970 rsp=69004d005c004500 rbp=65636f4c6e697053
 r8=02fffff80118551a  r9=0000000000000000 r10=ff00000000000000
r11=80ffffffffffffff r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=1         nv dn di pl nz na pe nc
5c00:456b636f`4c6e6970 ??              ???
Resetting default scope

STACK_TEXT: 
ffffdc86`286e6258 fffff801`186b7635     : 00000000`000000f7 00002b99`2ddfa262 0000ba95`b52aceaa ffff456a`4ad53155 : nt!KeBugCheckEx
ffffdc86`286e6260 fffff801`185d61de     : ffffdc86`286e6870 fffff801`184eebaf fffff801`182fc73c ffffdc86`00000000 : nt!_report_gsfailure+0x25
ffffdc86`286e62a0 fffff801`185d6173     : ffffdc86`286e6370 00000000`00000000 ffffdc86`286e68a8 ffffdc86`286e6880 : nt!_GSHandlerCheckCommon+0x5a
ffffdc86`286e62d0 fffff801`186090bf     : fffff801`185d6160 00000000`00000000 00000000`00000000 00000000`00000000 : nt!_GSHandlerCheck+0x13
ffffdc86`286e6300 fffff801`184ee997     : ffffdc86`286e6870 00000000`00000000 ffffdc86`286e75e0 fffff801`187d61f4 : nt!RtlpExecuteHandlerForException+0xf
ffffdc86`286e6330 fffff801`18539536     : ffffdc86`286e7248 ffffdc86`286e6f80 ffffdc86`286e7248 fffff801`19ff0000 : nt!RtlDispatchException+0x297
ffffdc86`286e6a50 fffff801`18612eec     : 00000000`00000030 00000000`00000000 ffffdc86`286e7211 fffff801`1844b241 : nt!KiDispatchException+0x186
ffffdc86`286e7110 fffff801`1860e2ef     : ffffa98d`9cd4b000 ffffdc86`286e7370 ffffdc86`286e7450 00000000`00000000 : nt!KiExceptionDispatch+0x12c
ffffdc86`286e72f0 fffff801`18551ad1     : 00000000`000b1000 00000000`756c4163 ffffdc86`286e77a0 ffffba80`bc90f000 : nt!KiGeneralProtectionFault+0x32f
ffffdc86`286e7480 ffffba80`bdb2b817     : fffff801`19ff0000 00000000`00000000 00000000`00000001 00000000`00000000 : nt!ExFlushLookasideListEx+0x21
ffffdc86`286e74b0 fffff801`19ff0000     : 00000000`00000000 00000000`00000001 00000000`00000000 00006c6c`642e6963 : 0xffffba80`bdb2b817
ffffdc86`286e74b8 00000000`00000000     : 00000000`00000001 00000000`00000000 00006c6c`642e6963 00000000`00000000 : CI!tlgWriteTransfer_EtwWriteTransfer <PERF> (CI+0x0)


SYMBOL_NAME:  nt!_report_gsfailure+25

MODULE_NAME: nt

IMAGE_NAME:  ntkrnlmp.exe

IMAGE_VERSION:  10.0.19041.5129

STACK_COMMAND:  .process /r /p 0xffffa98d9f3f0080; .thread 0xffffa98da074e080 ; kb

BUCKET_ID_FUNC_OFFSET:  25

FAILURE_BUCKET_ID:  0xF7_MISSING_GSFRAME_nt!_report_gsfailure

OSPLATFORM_TYPE:  x64

OSNAME:  Windows 10

FAILURE_ID_HASH:  {82d2c1b5-b0cb-60a5-9a5d-78c8c4284f84}

Followup:     MachineOwner
---------
 
Son düzenleme:
Çözüm
#Adc Main
Kod: 
DRIVER_OVERRAN_STACK_BUFFER (f7)
A driver has overrun a stack-based buffer.  This overrun could potentially
allow a malicious user to gain control of this machine.
DESCRIPTION
A driver overran a stack-based buffer (or local variable) in a way that would
have overwritten the function's return address and jumped back to an arbitrary
address when the function returned.  This is the classic "buffer overrun"
hacking attack and the system has been brought down to prevent a malicious user
from gaining complete control of it.
Do a kb to get a stack backtrace -- the last routine on the stack before the
buffer overrun handlers and bugcheck call is the one that overran its local
variable(s).
Arguments:
Arg1: 00006987ff960d48, Actual security...
Tarihe göre sırala Oylamaya göre sırala

#Adc Main

#Adc Main
Admin
Katılım
9 Eki 2017
Mesajlar
13,539
Çözümler
1,050
Tepki puanı
3,382
Ödüller
22
8 HİZMET YILI
Kod: 
DRIVER_OVERRAN_STACK_BUFFER (f7)
A driver has overrun a stack-based buffer.  This overrun could potentially
allow a malicious user to gain control of this machine.
DESCRIPTION
A driver overran a stack-based buffer (or local variable) in a way that would
have overwritten the function's return address and jumped back to an arbitrary
address when the function returned.  This is the classic "buffer overrun"
hacking attack and the system has been brought down to prevent a malicious user
from gaining complete control of it.
Do a kb to get a stack backtrace -- the last routine on the stack before the
buffer overrun handlers and bugcheck call is the one that overran its local
variable(s).
Arguments:
Arg1: 00006987ff960d48, Actual security check cookie from the stack
Arg2: 00003b0e2c5d196a, Expected security check cookie
Arg3: ffffd466d2205dcd, Complement of the expected security check cookie
Arg4: 0000000000000000, zero

Debugging Details:
------------------


KEY_VALUES_STRING: 1

    Key  : Analysis.CPU.Sec
    Value: 5

    Key  : Analysis.DebugAnalysisProvider.CPP
    Value: Create: 8007007e on DESKTOP-HH6FM2D

    Key  : Analysis.DebugData
    Value: CreateObject

    Key  : Analysis.DebugModel
    Value: CreateObject

    Key  : Analysis.Elapsed.Sec
    Value: 46

    Key  : Analysis.Memory.CommitPeak.Mb
    Value: 69

    Key  : Analysis.System
    Value: CreateObject


BUGCHECK_CODE:  f7

BUGCHECK_P1: 6987ff960d48

BUGCHECK_P2: 3b0e2c5d196a

BUGCHECK_P3: ffffd466d2205dcd

BUGCHECK_P4: 0

SECURITY_COOKIE:  Expected 00003b0e2c5d196a found 00006987ff960d48

BLACKBOXBSD: 1 (!blackboxbsd)


BLACKBOXNTFS: 1 (!blackboxntfs)


BLACKBOXPNP: 1 (!blackboxpnp)


BLACKBOXWINLOGON: 1

PROCESS_NAME:  dwm.exe

STACK_TEXT:
ffffc40f`39fadaf8 fffff804`6f6682ab : 00000000`000000f7 00006987`ff960d48 00003b0e`2c5d196a ffffd466`d2205dcd : nt!KeBugCheckEx
ffffc40f`39fadb00 00000000`000000f7 : 00006987`ff960d48 00003b0e`2c5d196a ffffd466`d2205dcd 00000000`00000000 : atikmdag+0xe82ab
ffffc40f`39fadb08 00006987`ff960d48 : 00003b0e`2c5d196a ffffd466`d2205dcd 00000000`00000000 00000000`00000000 : 0xf7
ffffc40f`39fadb10 00003b0e`2c5d196a : ffffd466`d2205dcd 00000000`00000000 00000000`00000000 00000000`00000000 : 0x00006987`ff960d48
ffffc40f`39fadb18 ffffd466`d2205dcd : 00000000`00000000 00000000`00000000 00000000`00000000 fffff804`6f667fee : 0x00003b0e`2c5d196a
ffffc40f`39fadb20 00000000`00000000 : 00000000`00000000 00000000`00000000 fffff804`6f667fee ffffad88`c72bc000 : 0xffffd466`d2205dcd


SYMBOL_NAME:  atikmdag+e82ab

MODULE_NAME: atikmdag

IMAGE_NAME:  atikmdag.sys

STACK_COMMAND:  .thread ; .cxr ; kb

BUCKET_ID_FUNC_OFFSET:  e82ab

FAILURE_BUCKET_ID:  0xF7_MISSING_GSFRAME_atikmdag!unknown_function

OS_VERSION:  10.0.18362.1

BUILDLAB_STR:  19h1_release

OSPLATFORM_TYPE:  x64

OSNAME:  Windows 10

FAILURE_ID_HASH:  {deacbb19-74cd-edab-fe73-2dddaa9b4bde}

Followup:     MachineOwner
---------

DRIVER_OVERRAN_STACK_BUFFER (f7)
A driver has overrun a stack-based buffer.  This overrun could potentially
allow a malicious user to gain control of this machine.
DESCRIPTION
A driver overran a stack-based buffer (or local variable) in a way that would
have overwritten the function's return address and jumped back to an arbitrary
address when the function returned.  This is the classic "buffer overrun"
hacking attack and the system has been brought down to prevent a malicious user
from gaining complete control of it.
Do a kb to get a stack backtrace -- the last routine on the stack before the
buffer overrun handlers and bugcheck call is the one that overran its local
variable(s).
Arguments:
Arg1: 00006987ff960d48, Actual security check cookie from the stack
Arg2: 00003b0e2c5d196a, Expected security check cookie
Arg3: ffffd466d2205dcd, Complement of the expected security check cookie
Arg4: 0000000000000000, zero

Debugging Details:
------------------


KEY_VALUES_STRING: 1

    Key  : Analysis.CPU.Sec
    Value: 5

    Key  : Analysis.DebugAnalysisProvider.CPP
    Value: Create: 8007007e on DESKTOP-HH6FM2D

    Key  : Analysis.DebugData
    Value: CreateObject

    Key  : Analysis.DebugModel
    Value: CreateObject

    Key  : Analysis.Elapsed.Sec
    Value: 43

    Key  : Analysis.Memory.CommitPeak.Mb
    Value: 69

    Key  : Analysis.System
    Value: CreateObject


BUGCHECK_CODE:  f7

BUGCHECK_P1: 6987ff960d48

BUGCHECK_P2: 3b0e2c5d196a

BUGCHECK_P3: ffffd466d2205dcd

BUGCHECK_P4: 0

SECURITY_COOKIE:  Expected 00003b0e2c5d196a found 00006987ff960d48

BLACKBOXBSD: 1 (!blackboxbsd)


BLACKBOXNTFS: 1 (!blackboxntfs)


BLACKBOXPNP: 1 (!blackboxpnp)


BLACKBOXWINLOGON: 1

CUSTOMER_CRASH_COUNT:  1

PROCESS_NAME:  dwm.exe

STACK_TEXT:
ffffc40f`39fadaf8 fffff804`6f6682ab : 00000000`000000f7 00006987`ff960d48 00003b0e`2c5d196a ffffd466`d2205dcd : nt!KeBugCheckEx
ffffc40f`39fadb00 00000000`000000f7 : 00006987`ff960d48 00003b0e`2c5d196a ffffd466`d2205dcd 00000000`00000000 : atikmdag+0xe82ab
ffffc40f`39fadb08 00006987`ff960d48 : 00003b0e`2c5d196a ffffd466`d2205dcd 00000000`00000000 00000000`00000000 : 0xf7
ffffc40f`39fadb10 00003b0e`2c5d196a : ffffd466`d2205dcd 00000000`00000000 00000000`00000000 00000000`00000000 : 0x00006987`ff960d48
ffffc40f`39fadb18 ffffd466`d2205dcd : 00000000`00000000 00000000`00000000 00000000`00000000 fffff804`6f667fee : 0x00003b0e`2c5d196a
ffffc40f`39fadb20 00000000`00000000 : 00000000`00000000 00000000`00000000 fffff804`6f667fee ffffad88`c72bc000 : 0xffffd466`d2205dcd


SYMBOL_NAME:  atikmdag+e82ab

MODULE_NAME: atikmdag

IMAGE_NAME:  atikmdag.sys

STACK_COMMAND:  .thread ; .cxr ; kb

BUCKET_ID_FUNC_OFFSET:  e82ab

FAILURE_BUCKET_ID:  0xF7_MISSING_GSFRAME_atikmdag!unknown_function

OS_VERSION:  10.0.18362.1

BUILDLAB_STR:  19h1_release

OSPLATFORM_TYPE:  x64

OSNAME:  Windows 10

FAILURE_ID_HASH:  {deacbb19-74cd-edab-fe73-2dddaa9b4bde}

Followup:     MachineOwner
---------

PAGE_FAULT_IN_NONPAGED_AREA (50)
Invalid system memory was referenced.  This cannot be protected by try-except.
Typically the address is just plain bad or it is pointing at freed memory.
Arguments:
Arg1: ffffffffffffff83, memory referenced.
Arg2: 0000000000000002, value 0 = read operation, 1 = write operation.
Arg3: fffff8074b7c1a91, If non-zero, the instruction address which referenced the bad memory
    address.
Arg4: 0000000000000002, (reserved)

Debugging Details:
------------------


Could not read faulting driver name

KEY_VALUES_STRING: 1

    Key  : Analysis.CPU.Sec
    Value: 3

    Key  : Analysis.DebugAnalysisProvider.CPP
    Value: Create: 8007007e on DESKTOP-HH6FM2D

    Key  : Analysis.DebugData
    Value: CreateObject

    Key  : Analysis.DebugModel
    Value: CreateObject

    Key  : Analysis.Elapsed.Sec
    Value: 3

    Key  : Analysis.Memory.CommitPeak.Mb
    Value: 67

    Key  : Analysis.System
    Value: CreateObject


BUGCHECK_CODE:  50

BUGCHECK_P1: ffffffffffffff83

BUGCHECK_P2: 2

BUGCHECK_P3: fffff8074b7c1a91

BUGCHECK_P4: 2

READ_ADDRESS: fffff8074b7723b8: Unable to get MiVisibleState
Unable to get NonPagedPoolStart
Unable to get NonPagedPoolEnd
Unable to get PagedPoolStart
Unable to get PagedPoolEnd
fffff8074b6293b8: Unable to get Flags value from nt!KdVersionBlock
fffff8074b6293b8: Unable to get Flags value from nt!KdVersionBlock
unable to get nt!MmSpecialPagesInUse
ffffffffffffff83

MM_INTERNAL_CODE:  2

BLACKBOXBSD: 1 (!blackboxbsd)


BLACKBOXNTFS: 1 (!blackboxntfs)


BLACKBOXWINLOGON: 1

CUSTOMER_CRASH_COUNT:  1

PROCESS_NAME:  chrome.exe

TRAP_FRAME:  fffffa8afc186d40 -- (.trap 0xfffffa8afc186d40)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=000000000000007b rbx=0000000000000000 rcx=fffffa8afc187000
rdx=0000000000000025 rsi=0000000000000000 rdi=0000000000000000
rip=fffff8074b7c1a91 rsp=fffffa8afc186ed8 rbp=000000000000ffdf
r8=fffff8074bb49502  r9=fffffa8afc186ff0 r10=fffffa8afc187002
r11=fffffa8afc186f98 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0         nv up ei ng nz na pe nc
nt!AlpcpCancelMessagesByRequestor+0x17d:
fffff807`4b7c1a91 006683          add     byte ptr [rsi-7Dh],ah ds:ffffffff`ffffff83=??
Resetting default scope

MISALIGNED_IP:
nt!AlpcpCancelMessagesByRequestor+17d
fffff807`4b7c1a91 006683          add     byte ptr [rsi-7Dh],ah

STACK_TEXT:
fffffa8a`fc186a98 fffff807`4b3e31d6 : 00000000`00000050 ffffffff`ffffff83 00000000`00000002 fffffa8a`fc186d40 : nt!KeBugCheckEx
fffffa8a`fc186aa0 fffff807`4b2730bf : ffffcb83`38d2ad64 00000000`00000002 00000000`00000000 ffffffff`ffffff83 : nt!MiSystemFault+0x1d64a6
fffffa8a`fc186ba0 fffff807`4b3cf120 : 00000000`00000000 00000000`00000001 ffffcb83`42353501 fffffa8a`fc186fc0 : nt!MmAccessFault+0x34f
fffffa8a`fc186d40 fffff807`4b7c1a91 : 00000000`00000001 ffffcb83`42353510 00000000`00000000 fffffa8a`fc186ff0 : nt!KiPageFault+0x360
fffffa8a`fc186ed8 fffffa8a`fc186f74 : fffffa8a`fc186f76 fffffa8a`fc186f78 fffffa8a`fc186f7a fffffa8a`fc186f7c : nt!AlpcpCancelMessagesByRequestor+0x17d
fffffa8a`fc186f48 fffffa8a`fc186f76 : fffffa8a`fc186f78 fffffa8a`fc186f7a fffffa8a`fc186f7c fffffa8a`fc186f7e : 0xfffffa8a`fc186f74
fffffa8a`fc186f50 fffffa8a`fc186f78 : fffffa8a`fc186f7a fffffa8a`fc186f7c fffffa8a`fc186f7e 00000000`00000000 : 0xfffffa8a`fc186f76
fffffa8a`fc186f58 fffffa8a`fc186f7a : fffffa8a`fc186f7c fffffa8a`fc186f7e 00000000`00000000 00000000`00000000 : 0xfffffa8a`fc186f78
fffffa8a`fc186f60 fffffa8a`fc186f7c : fffffa8a`fc186f7e 00000000`00000000 00000000`00000000 ffff38b2`745b0cb9 : 0xfffffa8a`fc186f7a
fffffa8a`fc186f68 fffffa8a`fc186f7e : 00000000`00000000 00000000`00000000 ffff38b2`745b0cb9 ffffcb83`42353510 : 0xfffffa8a`fc186f7c
fffffa8a`fc186f70 00000000`00000000 : 00000000`00000000 ffff38b2`745b0cb9 ffffcb83`42353510 00000000`00000076 : 0xfffffa8a`fc186f7e


SYMBOL_NAME:  nt!AlpcpCancelMessagesByRequestor+17d

IMAGE_NAME:  hardware

IMAGE_VERSION:  10.0.18362.356

STACK_COMMAND:  .thread ; .cxr ; kb

MODULE_NAME: hardware

FAILURE_BUCKET_ID:  IP_MISALIGNED

OS_VERSION:  10.0.18362.1

BUILDLAB_STR:  19h1_release

OSPLATFORM_TYPE:  x64

OSNAME:  Windows 10

FAILURE_ID_HASH:  {201b0e5d-db2a-63d2-77be-8ce8ff234750}

Followup:     MachineOwner
---------

DRIVER_OVERRAN_STACK_BUFFER (f7)
A driver has overrun a stack-based buffer.  This overrun could potentially
allow a malicious user to gain control of this machine.
DESCRIPTION
A driver overran a stack-based buffer (or local variable) in a way that would
have overwritten the function's return address and jumped back to an arbitrary
address when the function returned.  This is the classic "buffer overrun"
hacking attack and the system has been brought down to prevent a malicious user
from gaining complete control of it.
Do a kb to get a stack backtrace -- the last routine on the stack before the
buffer overrun handlers and bugcheck call is the one that overran its local
variable(s).
Arguments:
Arg1: 0000438b6610dd48, Actual security check cookie from the stack
Arg2: 0000d1da6686a4db, Expected security check cookie
Arg3: ffffd466d2205dcd, Complement of the expected security check cookie
Arg4: 0000000000000000, zero

Debugging Details:
------------------


KEY_VALUES_STRING: 1

    Key  : Analysis.CPU.Sec
    Value: 5

    Key  : Analysis.DebugAnalysisProvider.CPP
    Value: Create: 8007007e on DESKTOP-HH6FM2D

    Key  : Analysis.DebugData
    Value: CreateObject

    Key  : Analysis.DebugModel
    Value: CreateObject

    Key  : Analysis.Elapsed.Sec
    Value: 63

    Key  : Analysis.Memory.CommitPeak.Mb
    Value: 69

    Key  : Analysis.System
    Value: CreateObject


BUGCHECK_CODE:  f7

BUGCHECK_P1: 438b6610dd48

BUGCHECK_P2: d1da6686a4db

BUGCHECK_P3: ffffd466d2205dcd

BUGCHECK_P4: 0

SECURITY_COOKIE:  Expected 0000d1da6686a4db found 0000438b6610dd48

BLACKBOXBSD: 1 (!blackboxbsd)


BLACKBOXNTFS: 1 (!blackboxntfs)


BLACKBOXPNP: 1 (!blackboxpnp)


BLACKBOXWINLOGON: 1

CUSTOMER_CRASH_COUNT:  1

PROCESS_NAME:  dwm.exe

STACK_TEXT:
ffffc606`5ebfaaf8 fffff806`8b4482ab : 00000000`000000f7 0000438b`6610dd48 0000d1da`6686a4db ffffd466`d2205dcd : nt!KeBugCheckEx
ffffc606`5ebfab00 00000000`000000f7 : 0000438b`6610dd48 0000d1da`6686a4db ffffd466`d2205dcd 00000000`00000000 : atikmdag+0xe82ab
ffffc606`5ebfab08 0000438b`6610dd48 : 0000d1da`6686a4db ffffd466`d2205dcd 00000000`00000000 00000000`00000000 : 0xf7
ffffc606`5ebfab10 0000d1da`6686a4db : ffffd466`d2205dcd 00000000`00000000 00000000`00000000 00000000`00000000 : 0x0000438b`6610dd48
ffffc606`5ebfab18 ffffd466`d2205dcd : 00000000`00000000 00000000`00000000 00000000`00000000 fffff806`8b447fee : 0x0000d1da`6686a4db
ffffc606`5ebfab20 00000000`00000000 : 00000000`00000000 00000000`00000000 fffff806`8b447fee ffff858d`3a023000 : 0xffffd466`d2205dcd


SYMBOL_NAME:  atikmdag+e82ab

MODULE_NAME: atikmdag

IMAGE_NAME:  atikmdag.sys

STACK_COMMAND:  .thread ; .cxr ; kb

BUCKET_ID_FUNC_OFFSET:  e82ab

FAILURE_BUCKET_ID:  0xF7_MISSING_GSFRAME_atikmdag!unknown_function

OS_VERSION:  10.0.18362.1

BUILDLAB_STR:  19h1_release

OSPLATFORM_TYPE:  x64

OSNAME:  Windows 10

FAILURE_ID_HASH:  {deacbb19-74cd-edab-fe73-2dddaa9b4bde}

Followup:     MachineOwner
---------
 
Oyla 0 Olumsuz oyla
Çözüm
Durum
Üzgünüz bu konu cevaplar için kapatılmıştır...

Benzer Konular

zGanoR
  • Kilitli
Instagram uygulamasız takip etmeyenleri görmek
2
Cevaplar
25
Görüntüleme
1K
MRAliş
M
DelPhoİ
  • Kilitli
İnstagram Gt Yapmayanları Kolayca Unfollow Yapma
2 3 4
Cevaplar
62
Görüntüleme
3K
pete341
P
N
  • Kilitli
Hiding Debuggers via Intel MSR_LSTAR Hooking
Cevaplar
3
Görüntüleme
2K
hmobalo
H
M
  • Kilitli
  • Soru-Cevap
Minecraft Açılmıyor YARDIM
Cevaplar
15
Görüntüleme
1K
andréa
andréa
N
  • Kilitli
EAC Anti-Debug Bypass
Cevaplar
3
Görüntüleme
4K
polaco121
polaco121
Hakkımızda

MemoryHackers.org 2015 yılında kurulmuş memory hacking topluluğudur. Bünyesinde Dword Team ve birçok profesyonel coder bulundurmaktadır. Amaçları pay2win olan oyunlardaki parayı öde , birinci ol ayrımcılığını kaldırmak için yazılımlar üretip / paylaşmaktır. Paylaşılan yazılımların memoryhackers.org ile bir alakası olmayıp, memoryhackers.org yasalara göre sadece "yer sağlayıcı" olarak hizmet etmektedir. 5651 kanunda belirtildiği gibi "Yer sağlayıcı, yer sağladığı içeriği kontrol etmek veya hukuka aykırı bir faaliyetin söz konusu olup olmadığını araştırmakla yükümlü değildir." Ayriyetten aynı maddenin devamında "“yer sağlayıcının, yer sağladığı hukuka aykırı içeriğin kanunen belirli suçları içermesi halinde yer sağlayıcının haberdar edilmesi hâlinde bu içeriği yayından çıkarmakla yükümlüdür.” sözleri yer almaktadır. Eğer ürününüzün / programınızın sitemiz aracılığıyla kötüye kullanıldığını düşünüyorsanız lütfen "İletişim" sekmesinden şirketinizin resmi elektronik adresinden veyahut avukatınız aracılığı ile gerekli müracaatı yapınız. Yapmış olduğunuz istekler yoğunluğa göre 3 iş günü içerisinde incelenip haklı bulunmanız neticesinde hak sahibinin belirttiği kötüye kullanım olan konu 7 iş günü içerisinde sitemizden kaldırılır. Sitede bir çok oyun için yazılmış hile & araçlar bulabilir, programlama dersleri izleyebilir, ilginizi çeken içerikleri paylaşabilir ya da bilgisayarla ilgili,hayatınızdaki herhangi bir olayla ilgili görüş & yardım talep edebilirsiniz. Memoryhackers.org kökleri çok uzun yıllara dayanmaktadır. Memoryhackers.org oyunlardaki zengin / fakir ayrımcılığını kaldırmak için uzun yıllar hizmet vermektedir & vermeye devam edicektir.

Desteklenen Oyunlar

Desteklenen Oyunlar

Copyright © 2015-2026 MemoryHackers® All rights reserved.
Forum software by XenForo®
Üst