0

Earlier this evening my computer crashed while browsing the web. I had three Firefox tabs open, on YouTube, Soundcloud, and PCGamer. While on PCGamer, the screen froze, and the sound replayed a small section repeatedly before crashing to blue screen with the following error:

0x000000f7 (0xfffff8800ae22ae8, 0x0000f960002e992f, 0xffff069fffd166d0, 0x0000000000000000).

From my research, this is a "A driver has overrun a stack-based buffer. This overrun could potentially allow a malicious user to gain access to gain control of this machine."

It has only happened once, which could mean nothing, however this is still concerning to me, as I don't believe I have any malware or viruses. A Malwarebytes Anti-Malware scan found nothing, and a Spybot scan is currently running. I also run AVG 2015 as my primary defense. I will be performing a safemode scan later this evening once Spybot's results come in, but I wanted to ask Superuser in case this is a more serious issue that I should be concerned with.

I have a DMP file, however it is over 900MB in size. I can zip and upload this to dropbox if needed/requested.

I appreciate any help/insight into this issue.

Improve this question
8
  • 1
    In general you'll need to determine which driver it was and try updating/changing the driver. If it keeps happening, consider replacing the hardware its related to. If your question is "should I be concerned?" we can't answer that based on this info -- yes it could be a "one-off", or not. :)
    – Ƭᴇcʜιᴇ007
    Commented Jun 11, 2015 at 2:04
  • If your question is "How do I find out which driver?" consider questions like How should I approach analysing this Windows crash dump?, How can I read a dmp file in windows 7?, Reasons for the blue screen of death in Windows 7 logs, etc.
    – Ƭᴇcʜιᴇ007
    Commented Jun 11, 2015 at 2:08
  • @Ƭᴇcʜιᴇ007 Using BlueScreenView, it would seem the faulting drivers were "win32k.sys" and "ntoskrnl.exe". All virus scans have come back empty, and AdwCleaner found some files but nothing that seemed major. I'm sorry, I'm just not sure what to make of it. I haven't changed any drivers recently, and in fact the only recent thing that was done was Windows automatic updates from early this morning.
    – nightsurfer
    Commented Jun 11, 2015 at 2:34
  • Bug Check 0xF7: DRIVER_OVERRAN_STACK_BUFFER: msdn.microsoft.com/en-us/library/ff560389%28v=vs.85%29.aspx. Copy the dmp to a different PC and analyze it with Windbg: channel9.msdn.com/Shows/Defrag-Tools/…
    – magicandre1981
    Commented Jun 11, 2015 at 4:12
  • @magicandre1981 I tried to follow along on the video but I've never used the Windows Debugging Tool before, and I'm really not sure what I'm looking for. Would it be alright to send it to you?
    – nightsurfer
    Commented Jun 11, 2015 at 12:43

1 Answer 1

Reset to default
1

The new dump also shows hardware issues. Here the Instruction Pointer is MISALIGNED.

*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

DRIVER_OVERRAN_STACK_BUFFER (f7)
A driver has overrun a stack-based buffer.  This overrun could potentially
allow a malicious user to gain control of this machine.
DESCRIPTION
A driver overran a stack-based buffer (or local variable) in a way that would
have overwritten the function's return address and jumped back to an arbitrary
address when the function returned.  This is the classic "buffer overrun"
hacking attack and the system has been brought down to prevent a malicious user
from gaining complete control of it.
Do a kb to get a stack backtrace -- the last routine on the stack before the
buffer overrun handlers and bugcheck call is the one that overran its local
variable(s).
Arguments:
Arg1: 000000000e728077, Actual security check cookie from the stack
Arg2: 0000f960003387ed, Expected security check cookie
Arg3: ffff069fffcc7812, Complement of the expected security check cookie
Arg4: 0000000000000000, zero

Debugging Details:
------------------


BIOS_DATE:  02/24/2009

BASEBOARD_PRODUCT:  EP45T-UD3LR

BASEBOARD_VERSION:  x.x

BUGCHECK_P1: e728077

BUGCHECK_P2: f960003387ed

BUGCHECK_P3: ffff069fffcc7812

BUGCHECK_P4: 0

SECURITY_COOKIE:  Expected 0000f960003387ed found 000000000e728077

CPU_COUNT: 4

CPU_MHZ: 91d

CPU_VENDOR:  GenuineIntel

CPU_FAMILY: 6

CPU_MODEL: 17

CPU_STEPPING: a

DEFAULT_BUCKET_ID:  WIN7_DRIVER_FAULT

BUGCHECK_STR:  0xF7

PROCESS_NAME:  Audiosurf2.exe

CURRENT_IRQL:  0

ANALYSIS_VERSION: 10.0.10069.9 amd64fre

EXCEPTION_RECORD:  fffff8800b5a6198 -- (.exr 0xfffff8800b5a6198)
ExceptionAddress: fffff96000113c70 (win32k!SfnINLPCREATESTRUCT+0x0000000000000678)
   ExceptionCode: c0000005 (Access violation)
  ExceptionFlags: 00000000


STACK_TEXT:  
00 nt!KeBugCheckEx
01 win32k!_report_gsfailure
02 win32k!_GSHandlerCheck_SEH
03 nt!RtlpExecuteHandlerForException
04 nt!RtlDispatchException
05 nt!KiDispatchException
06 nt!KiExceptionDispatch
07 nt!KiPageFault
08 win32k!SfnINLPCREATESTRUCT
09 0x0
0a 0x0
0b 0x0
0c 0x0
0d 0x0
0e 0x0
0f 0x0
10 dxgkrnl!DxgkPresent
11 win32k!NtGdiDdDDIPresent
12 nt!KiSystemServiceCopyEnd


SYMBOL_NAME:  dxgkrnl!DxgkPresent+543

MODULE_NAME: hardware

BUCKET_ID:  X64_IP_MISALIGNED

PRIMARY_PROBLEM_CLASS:  X64_IP_MISALIGNED

So, test your RAM for errors with memtest86+ and stress / torture test your CPU with Prime95.

Also try to update the BIOS to Version F12E. You still use BIOS F5.

Improve this answer
9
  • Memtest has run with one pass, no errors. Prime95 has been going for about 30 minutes now with all tests passing so far. Could this be a mobo issue? Is it anything to do with graphics card drivers?
    – nightsurfer
    Commented Jun 13, 2015 at 16:32
  • run memtest more times. Also run Prime95 for 4-5 hours. Also post pictures of the memory and SPD tabs from CPU-Z:cpuid.com/softwares/cpu-z.html
    – magicandre1981
    Commented Jun 13, 2015 at 17:25
  • !Memory Tab !SPD Tab
    – nightsurfer
    Commented Jun 13, 2015 at 18:58
  • Memtest ran two passes and did not find any errors. I will let Prime95 run again later today, but I don't know if I will leave it for 4-5 hours. 1 at the most.
    – nightsurfer
    Commented Jun 13, 2015 at 21:35
  • I have run Prime95 for 1 hour on Small test, 1 hour on In-Place, and 1 hour on Blend. No errors detected.
    – nightsurfer
    Commented Jun 14, 2015 at 1:40

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .