This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(163.2, 78%, 25%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EPN%3C/text%3E%3C/svg%3E)
Hello, we have confirmed that there is an interoperability issue with Visual Studio Code 2019 and SysMon 13.24 when trying to run an application.
This causes a Blue Screen and can corrupt a project in Visual Studio Code. The current work around is to remove SysMon. We don't know what other version this affects as these users don't have time to test.
I have seen some similar issues on older posts but was wondering if others are seeing this problem and how we can address it. This is happening on more than 1 system so it is more of a wide spread issue.
Here is a recent post as well that address this problem: https://learn.microsoft.com/en-us/answers/questions/511948/bsod-driver-overran-stack-buffer-when-attaching-to.html
This is a much older post with the same Failure ID hash so maybe not as relevant: https://social.technet.microsoft.com/Forums/en-US/64857333-cf8e-47ab-b638-4370ae4e4fce/sysmon-1111-bsod-on-laptops?forum=miscutils
Debugging Details:
------------------
KEY_VALUES_STRING: 1
Key : Analysis.CPU.mSec
Value: 4593
Key : Analysis.DebugAnalysisManager
Value: Create
Key : Analysis.Elapsed.mSec
Value: 14312
Key : Analysis.Init.CPU.mSec
Value: 437
Key : Analysis.Init.Elapsed.mSec
Value: 6108
Key : Analysis.Memory.CommitPeak.Mb
Value: 77
Key : WER.OS.Branch
Value: vb_release
Key : WER.OS.Timestamp
Value: 2019-12-06T14:06:00Z
Key : WER.OS.Version
Value: 10.0.19041.1
BUGCHECK_CODE: f7
BUGCHECK_P1: ff96a4d06874eab0
BUGCHECK_P2: f8077ce3f0c0
BUGCHECK_P3: ffff07f8831c0f3f
BUGCHECK_P4: 0
SECURITY_COOKIE: Expected 0000f8077ce3f0c0 found ff96a4d06874eab0
CUSTOMER_CRASH_COUNT: 1
PROCESS_NAME: devenv.exe
STACK_TEXT:
ffffa48a685cea38 fffff8077ce21056 : 00000000000000f7 ff96a4d06874eab0 0000f8077ce3f0c0 ffff07f8831c0f3f : nt!KeBugCheckEx
ffffa48a685cea40 00000000000000f7 : ff96a4d06874eab0 0000f8077ce3f0c0 ffff07f8831c0f3f 0000000000000000 : SysmonDrv+0x1056
ffffa48a685cea48 ff96a4d06874eab0 : 0000f8077ce3f0c0 ffff07f8831c0f3f 0000000000000000 0100000000100000 : 0xf7
ffffa48a685cea50 0000f8077ce3f0c0 : ffff07f8831c0f3f 0000000000000000 0100000000100000 ffff8009fb5bf620 : 0xff96a4d06874eab0 ffffa48a685cea58 ffff07f8831c0f3f : 0000000000000000 0100000000100000 ffff8009fb5bf620 fffff8077ce285e8 : 0x0000f8077ce3f0c0
ffffa48a685cea60 0000000000000000 : 0100000000100000 ffff8009fb5bf620 fffff8077ce285e8 0000000000000001 : 0xffff07f8`831c0f3f
SYMBOL_NAME: SysmonDrv+1056
MODULE_NAME: SysmonDrv
IMAGE_NAME: SysmonDrv.sys
STACK_COMMAND: .thread ; .cxr ; kb
BUCKET_ID_FUNC_OFFSET: 1056
FAILURE_BUCKET_ID: 0xF7_MISSING_GSFRAME_SysmonDrv!unknown_function
OS_VERSION: 10.0.19041.1
BUILDLAB_STR: vb_release
OSPLATFORM_TYPE: x64
OSNAME: Windows 10
FAILURE_ID_HASH: {bfcd09b2-c8e3-6711-5ab4-bb081f1f34f2}
Followup: MachineOwner
I have confirmed that 13.30 has resolved this issue. Thanks all for your input and thanks to those who worked to get this fixed!
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(310.4, 57.00000000000001%, 40%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMH%3C/text%3E%3C/svg%3E)
@Mark Russinovich - Any ideas? We are stuck.
Thanks boss.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(44.800000000000004, 26%, 14%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EC%3C/text%3E%3C/svg%3E)
Would be great to get an update on this. I even opened a support case and am getting nowhere.
I am tagging @Marc-MSFT as he may have been the one responding to SysMon related forums as well with great feed back.
It seems that asking a question in the old forums redirects us here to a generic learn.microsoft.com site which is super confusing.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(198.4, 23%, 29%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EGM%3C/text%3E%3C/svg%3E)
This has become an issue for us as well.
Sysmon 13.30 has been released. Going to test and report back if this bug has been fixed. Please feel free to report back if you have tested and confirmed as well!