New
#1
Hacking Attack ? or something else
Yesterday my machine crashed and rebooted , when I investigated the Minidump I read a message in it "This is the classic "buffer overrun" hacking attack and the system has been brought down to prevent a malicious user from gaining complete control of it."
It also mentions something about a Windows 8 Driver
Now, I am not able to assess this information in the minidump as I just do not posess those levels of skills and knowlwdge.
I guess my question is this; Do I need to do anything about this or is liable to be just a one hit wonder ?
Gigabyte motherboard
16 Gig Ram
Intel Processor
Windows 10
Windows Firewall
Anivirus - Windows Defender
Anti Malware - Malware Bytes Pro
Router Firewall On
Here is the Minidump:
Code:A driver has overrun a stack-based buffer. This overrun could potentially allow a malicious user to gain control of this machine. DESCRIPTION A driver overran a stack-based buffer (or local variable) in a way that would have overwritten the function's return address and jumped back to an arbitrary address when the function returned. This is the classic "buffer overrun" hacking attack and the system has been brought down to prevent a malicious user from gaining complete control of it. Do a kb to get a stack backtrace -- the last routine on the stack before the buffer overrun handlers and bugcheck call is the one that overran its local variable(s). Arguments: Arg1: 00006780bea282d0, Actual security check cookie from the stack Arg2: 0000d027b95c3a8c, Expected security check cookie Arg3: ffff2fd846a3c573, Complement of the expected security check cookie Arg4: 0000000000000000, zero Debugging Details: ------------------ DUMP_CLASS: 1 DUMP_QUALIFIER: 400 BUILD_VERSION_STRING: 10.0.15063.674 (WinBuild.160101.0800) SYSTEM_MANUFACTURER: Gigabyte Technology Co., Ltd. SYSTEM_PRODUCT_NAME: To be filled by O.E.M. SYSTEM_SKU: To be filled by O.E.M. SYSTEM_VERSION: To be filled by O.E.M. BIOS_VENDOR: American Megatrends Inc. BIOS_VERSION: F14 BIOS_DATE: 01/16/2014 BASEBOARD_MANUFACTURER: Gigabyte Technology Co., Ltd. BASEBOARD_PRODUCT: H77M-D3H BASEBOARD_VERSION: To be filled by O.E.M. DUMP_TYPE: 2 BUGCHECK_P1: 6780bea282d0 BUGCHECK_P2: d027b95c3a8c BUGCHECK_P3: ffff2fd846a3c573 BUGCHECK_P4: 0 SECURITY_COOKIE: Expected 0000d027b95c3a8c found 00006780bea282d0 CPU_COUNT: 8 CPU_MHZ: d40 CPU_VENDOR: GenuineIntel CPU_FAMILY: 6 CPU_MODEL: 3a CPU_STEPPING: 9 CPU_MICROCODE: 6,3a,9,0 (F,M,S,R) SIG: 1B'00000000 (cache) 1B'00000000 (init) BLACKBOXBSD: 1 (!blackboxbsd) CUSTOMER_CRASH_COUNT: 1 DEFAULT_BUCKET_ID: WIN8_DRIVER_FAULT BUGCHECK_STR: 0xF7 PROCESS_NAME: svchost.exe CURRENT_IRQL: 2 ANALYSIS_SESSION_HOST: ALISTAIR-PC ANALYSIS_SESSION_TIME: 11-15-2017 13:35:02.0996 ANALYSIS_VERSION: 10.0.17016.1000 amd64fre LAST_CONTROL_TRANSFER: from fffff8007e25b905 to fffff8007e1ed580 STACK_TEXT: ffffe080`b5fd2f88 fffff800`7e25b905 : 00000000`000000f7 00006780`bea282d0 0000d027`b95c3a8c ffff2fd8`46a3c573 : nt!KeBugCheckEx ffffe080`b5fd2f90 fffff800`7e0ea550 : ffffb684`327cc000 ffffe080`b5fd3010 00000000`00000000 ffffa464`00000000 : nt!_report_gsfailure+0x25 ffffe080`b5fd2fd0 fffff800`7e0ea3fe : 00000000`00000100 ffffb684`327cd8c0 00000000`00000000 ffffe080`b5fd3198 : nt!MiIdentifyPfn+0x100 ffffe080`b5fd30a0 fffff800`7e52de1a : 00000000`00000000 ffffb684`327cd380 ffffb684`327cc000 fffff800`7e0e8763 : nt!MiIdentifyPfnWrapper+0x3e ffffe080`b5fd30d0 fffff800`7e52d92f : ffffb684`2a221080 00000000`00000001 ffffe080`b5fd32b4 ffffb684`327cc000 : nt!PfpPfnPrioRequest+0xca ffffe080`b5fd3150 fffff800`7e52bb8e : 00000000`0000004f ffffa45b`42193e60 000000ae`ad87a008 00000000`00000200 : nt!PfQuerySuperfetchInformation+0x2bf ffffe080`b5fd3280 fffff800`7e52b83b : 00000000`00000000 00000000`00000000 00000000`00000008 000000ae`ad87d250 : nt!ExpQuerySystemInformation+0x22e ffffe080`b5fd3ac0 fffff800`7e1f8413 : ffffb684`2a221080 00000000`00000000 00000000`00000000 00007ff9`f4754d50 : nt!NtQuerySystemInformation+0x2b ffffe080`b5fd3b00 00007ffa`02bf5a64 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 000000ae`ad879ef8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x00007ffa`02bf5a64 THREAD_SHA1_HASH_MOD_FUNC: 0621696229749f19418dfeecf88f4c3d2bd5058e THREAD_SHA1_HASH_MOD_FUNC_OFFSET: 1e0bc3642c40aa307336c381675ee4a94c42db8e THREAD_SHA1_HASH_MOD: 9f457f347057f10e1df248e166a3e95e6570ecfe FOLLOWUP_IP: nt!_report_gsfailure+25 fffff800`7e25b905 cc int 3 FAULT_INSTR_CODE: cccccccc SYMBOL_STACK_INDEX: 1 SYMBOL_NAME: nt!_report_gsfailure+25 FOLLOWUP_NAME: MachineOwner MODULE_NAME: nt IMAGE_NAME: ntkrnlmp.exe DEBUG_FLR_IMAGE_TIMESTAMP: 59cdf43a IMAGE_VERSION: 10.0.15063.674 STACK_COMMAND: .thread ; .cxr ; kb BUCKET_ID_FUNC_OFFSET: 25 FAILURE_BUCKET_ID: 0xF7_MISSING_GSFRAME_nt!_report_gsfailure BUCKET_ID: 0xF7_MISSING_GSFRAME_nt!_report_gsfailure PRIMARY_PROBLEM_CLASS: 0xF7_MISSING_GSFRAME_nt!_report_gsfailure TARGET_TIME: 2017-11-15T01:37:43.000Z OSBUILD: 15063 OSSERVICEPACK: 674 SERVICEPACK_NUMBER: 0 OS_REVISION: 0 SUITE_MASK: 272 PRODUCT_TYPE: 1 OSPLATFORM_TYPE: x64 OSNAME: Windows 10 OSEDITION: Windows 10 WinNt TerminalServer SingleUserTS OS_LOCALE: USER_LCID: 0 OSBUILD_TIMESTAMP: 2017-09-29 17:20:26 BUILDDATESTAMP_STR: 160101.0800 BUILDLAB_STR: WinBuild BUILDOSVER_STR: 10.0.15063.674 ANALYSIS_SESSION_ELAPSED_TIME: db0 ANALYSIS_SOURCE: KM FAILURE_ID_HASH_STRING: km:0xf7_missing_gsframe_nt!_report_gsfailure FAILURE_ID_HASH: {82d2c1b5-b0cb-60a5-9a5d-78c8c4284f84} Followup: MachineOwner --------- 6: kd> !blackboxbsd Version: 136 Product type: 1 Auto advanced boot: FALSE Advanced boot menu timeout: 30 Last boot succeeded: TRUE Last boot shutdown: FALSE Sleep in progrees: FALSE Power button timestamp: 0 System running: TRUE Connected standby in progress: FALSE User shutdown in progress: FALSE System shutdown in progress: FALSE Sleep in progress: 0 Connected standby scenario instance id: 0 Connected standby entry reason: 0 Connected standby exit reason: 0 System sleep transitions to on: 3 Last reference time: 0x1d35da598cd4c10 Last reference time checksum: 0x15f1626a Last update boot id: 46 Boot attempt count: 1 Last boot checkpoint: TRUE Checksum: 0x34 Last boot id: 46 Last successful shutdown boot id: 45 Last reported abnormal shutdown boot id: 44 Error info boot id: 0 Error info repeat count: 0 Error info other error count: 0 Error info code: 0 Error info other error count: 0 Power button last press time: 0 Power button cumulative press count: 0 Power button last press boot id: 0 Power button last power watchdog stage: 0 Power button watchdog armed: FALSE Power button shutdown in progress: FALSE Power button last release time: 0 Power button cumulative release count: 0 Power button last release boot id: 0 Power button error count: 0 Power button current connected standby phase: 0 Power button transition latest checkpoint id: 0 Power button transition latest checkpoint type: 0 Power button transition latest checkpoint sequence number: 0 6: kd> kb # RetAddr : Args to Child : Call Site 00 fffff800`7e25b905 : 00000000`000000f7 00006780`bea282d0 0000d027`b95c3a8c ffff2fd8`46a3c573 : nt!KeBugCheckEx 01 fffff800`7e0ea550 : ffffb684`327cc000 ffffe080`b5fd3010 00000000`00000000 ffffa464`00000000 : nt!_report_gsfailure+0x25 02 fffff800`7e0ea3fe : 00000000`00000100 ffffb684`327cd8c0 00000000`00000000 ffffe080`b5fd3198 : nt!MiIdentifyPfn+0x100 03 fffff800`7e52de1a : 00000000`00000000 ffffb684`327cd380 ffffb684`327cc000 fffff800`7e0e8763 : nt!MiIdentifyPfnWrapper+0x3e 04 fffff800`7e52d92f : ffffb684`2a221080 00000000`00000001 ffffe080`b5fd32b4 ffffb684`327cc000 : nt!PfpPfnPrioRequest+0xca 05 fffff800`7e52bb8e : 00000000`0000004f ffffa45b`42193e60 000000ae`ad87a008 00000000`00000200 : nt!PfQuerySuperfetchInformation+0x2bf 06 fffff800`7e52b83b : 00000000`00000000 00000000`00000000 00000000`00000008 000000ae`ad87d250 : nt!ExpQuerySystemInformation+0x22e 07 fffff800`7e1f8413 : ffffb684`2a221080 00000000`00000000 00000000`00000000 00007ff9`f4754d50 : nt!NtQuerySystemInformation+0x2b 08 00007ffa`02bf5a64 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 09 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x00007ffa`02bf5a64
Last edited by Brink; 15 Nov 2017 at 19:01. Reason: code box