*** WARNING: Unable to verify timestamp for mctkmd64.sys
*** ERROR: Module load completed but symbols could not be loaded for mctkmd64.sys
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck F7, {ffcff8df08df36ac, f8800ffe00dc, ffff077ff001ff23, 0}
Probably caused by : mctkmd64.sys ( mctkmd64+1adfe )
Followup: MachineOwner
---------
2: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
DRIVER_OVERRAN_STACK_BUFFER (f7)
A driver has overrun a stack-based buffer. This overrun could potentially
allow a malicious user to gain control of this machine.
DESCRIPTION
A driver overran a stack-based buffer (or local variable) in a way that would
have overwritten the function's return address and jumped back to an arbitrary
address when the function returned. This is the classic "buffer overrun"
hacking attack and the system has been brought down to prevent a malicious user
from gaining complete control of it.
Do a kb to get a stack backtrace -- the last routine on the stack before the
buffer overrun handlers and bugcheck call is the one that overran its local
variable(s).
Arguments:
Arg1: ffcff8df08df36ac, Actual security check cookie from the stack
Arg2: 0000f8800ffe00dc, Expected security check cookie
Arg3: ffff077ff001ff23, Complement of the expected security check cookie
Arg4: 0000000000000000, zero
Debugging Details:
------------------
DEFAULT_BUCKET_ID: GS_FALSE_POSITIVE_MISSING_GSFRAME
SECURITY_COOKIE: Expected 0000f8800ffe00dc found ffcff8df08df36ac
CUSTOMER_CRASH_COUNT: 1
BUGCHECK_STR: 0xF7
PROCESS_NAME: avgidsagent.ex
CURRENT_IRQL: 0
LAST_CONTROL_TRANSFER: from fffff8800ffdbdfe to fffff80002ed0b80
STACK_TEXT:
fffff880`08933698 fffff880`0ffdbdfe : 00000000`000000f7 ffcff8df`08df36ac 0000f880`0ffe00dc ffff077f`f001ff23 : nt!KeBugCheckEx
fffff880`089336a0 00000000`000000f7 : ffcff8df`08df36ac 0000f880`0ffe00dc ffff077f`f001ff23 00000000`00000000 : mctkmd64+0x1adfe
fffff880`089336a8 ffcff8df`08df36ac : 0000f880`0ffe00dc ffff077f`f001ff23 00000000`00000000 00000000`00000001 : 0xf7
fffff880`089336b0 0000f880`0ffe00dc : ffff077f`f001ff23 00000000`00000000 00000000`00000001 00000000`00000000 : 0xffcff8df`08df36ac
fffff880`089336b8 ffff077f`f001ff23 : 00000000`00000000 00000000`00000001 00000000`00000000 fffff880`0ffd1de2 : 0x0000f880`0ffe00dc
fffff880`089336c0 00000000`00000000 : 00000000`00000001 00000000`00000000 fffff880`0ffd1de2 fffff880`08933998 : 0xffff077f`f001ff23
STACK_COMMAND: kb
FOLLOWUP_IP:
mctkmd64+1adfe
fffff880`0ffdbdfe ?? ???
SYMBOL_STACK_INDEX: 1
SYMBOL_NAME: mctkmd64+1adfe
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: mctkmd64
IMAGE_NAME: mctkmd64.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 4f84faaa
FAILURE_BUCKET_ID: X64_0xF7_MISSING_GSFRAME_mctkmd64+1adfe
BUCKET_ID: X64_0xF7_MISSING_GSFRAME_mctkmd64+1adfe
Followup: MachineOwner
---------
2: kd> lmvm mctkmd64
start end module name
fffff880`0ffc1000 fffff880`0ffec000 mctkmd64 T (no symbols)
Loaded symbol image file: mctkmd64.sys
Image path: mctkmd64.sys
Image name: mctkmd64.sys
Timestamp: Wed Apr 11 09:29:46 2012 (4F84FAAA)
CheckSum: 0002B605
ImageSize: 0002B000
Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4