Use !analyze -v to get detailed debugging information.
BugCheck F7, {fffff88070064aa6, fffff88070064aa6, 77f8ff9b559, 0}
Probably caused by : fltmgr.sys ( fltmgr!FltpFreeIrpCtrl+145 )
Followup: MachineOwner
---------
nt!DbgBreakPointWithStatus:
fffff800`04270f60 cc int 3
0: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
DRIVER_OVERRAN_STACK_BUFFER (f7)
A driver has overrun a stack-based buffer. This overrun could potentially
allow a malicious user to gain control of this machine.
DESCRIPTION
A driver overran a stack-based buffer (or local variable) in a way that would
have overwritten the function's return address and jumped back to an arbitrary
address when the function returned. This is the classic "buffer overrun"
hacking attack and the system has been brought down to prevent a malicious user
from gaining complete control of it.
Do a kb to get a stack backtrace -- the last routine on the stack before the
buffer overrun handlers and bugcheck call is the one that overran its local
variable(s).
Arguments:
Arg1: fffff88070064aa6, Actual security check cookie from the stack
Arg2: fffff88070064aa6, Expected security check cookie
Arg3: 0000077f8ff9b559, Complement of the expected security check cookie
Arg4: 0000000000000000, zero
Debugging Details:
------------------
DEFAULT_BUCKET_ID: GS_FALSE_POSITIVE_MISSING_GSFRAME
SECURITY_COOKIE: Expected fffff88070064aa6 found fffff88070064aa6
BUGCHECK_STR: 0xF7_ONE_BIT
PROCESS_NAME: System
CURRENT_IRQL: 2
LAST_CONTROL_TRANSFER: from fffff8000436e6d2 to fffff80004270f60
SYMBOL_ON_RAW_STACK: 1
STACK_ADDR_RAW_STACK_SYMBOL: fffff88007179e70
STACK_COMMAND: dds FFFFF88007179E70-0x20 ; kb
STACK_TEXT:
fffff880`07179e50 41dff2e0
fffff880`07179e54 fffffa80
fffff880`07179e58 317a73a0
fffff880`07179e5c fffffa80
fffff880`07179e60 3165f3b0
fffff880`07179e64 fffffa80
fffff880`07179e68 010ceaf5
fffff880`07179e6c fffff880
fffff880`07179e70 00000000
fffff880`07179e74 00000000
fffff880`07179e78 00000001
fffff880`07179e7c 00000000
fffff880`07179e80 00000000
fffff880`07179e84 00000000
fffff880`07179e88 00000000
fffff880`07179e8c 00000000
fffff880`07179e90 315b2800
fffff880`07179e94 fffffa80
fffff880`07179e98 315b2870
fffff880`07179e9c fffffa80
fffff880`07179ea0 322adde0
fffff880`07179ea4 fffffa80
fffff880`07179ea8 00000000
fffff880`07179eac 00000000
fffff880`07179eb0 00000000
fffff880`07179eb4 00000000
fffff880`07179eb8 010cffbc
fffff880`07179ebc fffff880
fffff880`07179ec0 00000000
fffff880`07179ec4 fffffa80
fffff880`07179ec8 322adde0
fffff880`07179ecc fffffa80
FOLLOWUP_IP:
fltmgr!FltpFreeIrpCtrl+145
fffff880`010ceaf5 ff05c9920100 inc dword ptr [fltmgr!FltGlobals+0xbc4 (fffff880`010e7dc4)]
SYMBOL_NAME: fltmgr!FltpFreeIrpCtrl+145
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: fltmgr
IMAGE_NAME: fltmgr.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 4a5bc11f
FAILURE_BUCKET_ID: X64_0xF7_ONE_BIT_MISSING_GSFRAME_fltmgr!FltpFreeIrpCtrl+145
BUCKET_ID: X64_0xF7_ONE_BIT_MISSING_GSFRAME_fltmgr!FltpFreeIrpCtrl+145
Followup: MachineOwner
---------
hzqst
