解决 Windows 8.1 中的蓝屏:DRIVER_OVERRAN_STACK_BUFFER

解决 Windows 8.1 中的蓝屏:DRIVER_OVERRAN_STACK_BUFFER

我有一台 Windows 8.1 台式机,它大部分时间都很稳定,但最近我又开始玩 Skyrim 时,出现了蓝屏。有时它们会在 5 分钟内就出现,有时则会在玩了一个小时左右后出现。我之前曾在这台机器上使用不同的操作系统玩过 Skyrim,它仅有的玩 Skyrim 会导致 BSOD(其他游戏可能会,但我没有其他游戏),所以我怀疑这是 Win8.1 和我的硬件的组合。

我用过蓝屏视图查看转储。它们都看起来像这样:

在此处输入图片描述

!analyze -v以下是windbg的输出:

kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

DRIVER_OVERRAN_STACK_BUFFER (f7)
A driver has overrun a stack-based buffer.  This overrun could potentially
allow a malicious user to gain control of this machine.
DESCRIPTION
A driver overran a stack-based buffer (or local variable) in a way that would
have overwritten the function's return address and jumped back to an arbitrary
address when the function returned.  This is the classic "buffer overrun"
hacking attack and the system has been brought down to prevent a malicious user
from gaining complete control of it.
Do a kb to get a stack backtrace -- the last routine on the stack before the
buffer overrun handlers and bugcheck call is the one that overran its local
variable(s).
Arguments:
Arg1: 064d0606000c271a, Actual security check cookie from the stack
Arg2: 0000446666e92e93, Expected security check cookie
Arg3: ffffbb999916d16c, Complement of the expected security check cookie
Arg4: 0000000000000000, zero

Debugging Details:
------------------


DEFAULT_BUCKET_ID:  GS_FALSE_POSITIVE_MISSING_GSFRAME

SECURITY_COOKIE:  Expected 0000446666e92e93 found 064d0606000c271a

CUSTOMER_CRASH_COUNT:  1

BUGCHECK_STR:  0xF7

PROCESS_NAME:  TESV.exe

CURRENT_IRQL:  0

LOCK_ADDRESS:  fffff80399745360 -- (!locks fffff80399745360)

Resource @ nt!PiEngineLock (0xfffff80399745360)    Available

WARNING: SystemResourcesList->Flink chain invalid. Resource may be corrupted, or already deleted.


WARNING: SystemResourcesList->Blink chain invalid. Resource may be corrupted, or already deleted.

1 total locks

PNP_TRIAGE: 
    Lock address  : 0xfffff80399745360
    Thread Count  : 0
    Thread address: 0x0000000000000000
    Thread wait   : 0x0

LAST_CONTROL_TRANSFER:  from fffff8039962d441 to fffff803995c3ca0

STACK_TEXT:  
ffffd000`2961ffb8 fffff803`9962d441 : 00000000`000000f7 064d0606`000c271a 00004466`66e92e93 ffffbb99`9916d16c : nt!KeBugCheckEx
ffffd000`2961ffc0 fffff803`9981991f : ffffc000`00000001 ffffd000`296203c0 ffffd000`296206e0 00000000`000f003f : nt!_report_gsfailure+0x25
ffffd000`29620000 fffff803`99816cae : ffffffff`ffffffff 62633134`37386365 ffffffff`ffffffff ffffffff`ffffffff : nt!CmOpenKey+0x34f
ffffd000`296201b0 fffff803`995cf4b3 : 00001225`00000000 00000000`00000001 fffff803`9945ae00 fffff803`995c5aa8 : nt!NtOpenKey+0x12
ffffd000`296201f0 fffff803`995c7900 : fffff803`99842507 ffffd000`29620430 ffffd000`29620760 ffffc000`0eabda8a : nt!KiSystemServiceCopyEnd+0x13
ffffd000`29620388 fffff803`99842507 : ffffd000`29620430 ffffd000`29620760 ffffc000`0eabda8a 00000000`000000ab : nt!KiServiceLinkage
ffffd000`29620390 fffff803`99842452 : 00000000`00000000 ffffffff`80000044 ffffc000`0008ed60 ffffd000`29620760 : nt!RegRtlOpenKeyTransacted+0xa7
ffffd000`29620420 fffff803`9984ab23 : ffffffff`80000044 00000000`00000000 ffffc000`0008ed60 00000000`00000000 : nt!SysCtxRegOpenKey+0x3a
ffffd000`29620460 fffff803`9984a9ad : 00000000`00000040 ffffd000`29620591 00000000`00000004 00000000`00000000 : nt!CmOpenCommonClassRegKeyWorker+0x123
ffffd000`296204d0 fffff803`9984d002 : 00000000`00000000 fffff803`997454e0 ffffe000`00000042 00000000`00000060 : nt!CmOpenCommonClassRegKey+0xf5
ffffd000`296205e0 fffff803`9984e14f : 00000000`00000002 00000000`00000000 ffffd000`29620730 00000000`00000000 : nt!CmOpenInterfaceClassRegKey+0x3a
ffffd000`29620630 fffff803`9984fad5 : 00000000`00000001 ffffd000`29620a48 00000000`00000000 ffffd000`29620878 : nt!IopGetDeviceInterfaces+0xe7
ffffd000`29620800 fffff803`99843b47 : e00002ad`d720d08b 00000000`00000000 ffffe000`00e1c990 00000000`00000003 : nt!PiCMGetDeviceInterfaceList+0xed
ffffd000`29620900 fffff803`99843ae9 : 00000000`00000000 ffffe000`02add750 ffffd000`29620c00 fffff803`00000000 : nt!PiCMFastIoDeviceDispatch+0x53
ffffd000`29620950 fffff803`99820f97 : ffffe000`02add750 00000000`00000000 00000000`00000910 00000000`000008a0 : nt!PiDaFastIoDispatch+0x65
ffffd000`296209b0 fffff803`99821d7a : ffffd000`00000000 ffffe000`00e1c9c0 00000000`00000001 00000000`00000000 : nt!IopXxxControlFile+0x3f7
ffffd000`29620b60 fffff803`995cf4b3 : ffffd000`29620c50 00000000`00000000 00000000`001f0000 00000000`00000001 : nt!NtDeviceIoControlFile+0x56
ffffd000`29620bd0 00000000`77d52772 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
00000000`3308f128 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x77d52772


STACK_COMMAND:  kb

FOLLOWUP_IP: 
nt!_report_gsfailure+25
fffff803`9962d441 cc              int     3

SYMBOL_STACK_INDEX:  1

SYMBOL_NAME:  nt!_report_gsfailure+25

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: nt

IMAGE_NAME:  ntkrnlmp.exe

DEBUG_FLR_IMAGE_TIMESTAMP:  52718d9c

BUCKET_ID_FUNC_OFFSET:  25

FAILURE_BUCKET_ID:  0xF7_MISSING_GSFRAME_nt!_report_gsfailure

BUCKET_ID:  0xF7_MISSING_GSFRAME_nt!_report_gsfailure

Followup: MachineOwner
---------

我已上传 HWInfo 报告这里

我已经将 BIOS 升级到最新版本。这似乎减少了 BSOD 出现的频率,但最终还是会出现。我的视频驱动程序也是最新的。我还运行了病毒检查(使用 Defender,又名 Security Essentials),它发现了一个可能的威胁并将其清除。

有人能给我一些建议来解决这个问题吗?

答案1

这很可能是由驱动程序中的错误引起的。它会触发缓冲区溢出,这是一个安全问题,因为它会尝试使用比应使用的更多的分配内存。这可能会导致严重的不稳定,因此系统会自行关闭以防止这种情况发生。

由于它只在玩游戏时发生,我建议升级你的图形驱动程序,看看问题是否仍然存在。

如果没有,那么你必须打开你的转储文件,因为它会告诉你哪个驱动程序导致了这个问题,因为执行程序(屏幕截图中提到)不太可能是原因。
查找BUCKET_ID: 0xF7_MISSING_GSFRAME以 开头的行。

此外,如果您以前从未在该特定系统上遇到过此问题(即:没有驱动程序升级),我建议您检查系统是否存在潜在威胁(恶意软件、病毒......)作为安全预防措施。

相关内容