241 个问题
导致错误的原因是因为 sprotect.sys 这个驱动程序,它与 Windows 11 24H2 目前暂时不兼容。
可以的解决办法有在恢复环境中卸载更新,或安装 Windows 24H2 以下版本的 Windows。
关于这个错误的进展你可以在Windows 11版本 24H2 已知问题和通知中了解。
蓝屏显示DRIVER_OVERRAN_STACK_BUFFER
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(281.6, 11%, 37%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EC%3C/text%3E%3C/svg%3E)
杂茶chapda
20
信誉分
将蓝屏文件导出后利用windbg分析后得到的结果如下:
14: kd> !analyze -v
*** WARNING: Unable to verify timestamp for sprotect.sys
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
DRIVER_OVERRAN_STACK_BUFFER (f7)
A driver has overrun a stack-based buffer. This overrun could potentially
allow a malicious user to gain control of this machine.
DESCRIPTION
A driver overran a stack-based buffer (or local variable) in a way that would
have overwritten the function's return address and jumped back to an arbitrary
address when the function returned. This is the classic "buffer overrun"
hacking attack and the system has been brought down to prevent a malicious user
from gaining complete control of it.
Do a kb to get a stack backtrace -- the last routine on the stack before the
buffer overrun handlers and BugCheck call is the one that overran its local
variable(s).
Arguments:
Arg1: ffff908bc62ffac7, Actual security check cookie from the stack
Arg2: 0000f24d50be3374, Expected security check cookie
Arg3: ffff0db2af41cc8b, Complement of the expected security check cookie
Arg4: 0000000000000000, zero
Debugging Details:
------------------
KEY_VALUES_STRING: 1
Key : Analysis.CPU.mSec
Value: 1734
Key : Analysis.Elapsed.mSec
Value: 1738
Key : Analysis.IO.Other.Mb
Value: 13
Key : Analysis.IO.Read.Mb
Value: 20
Key : Analysis.IO.Write.Mb
Value: 23
Key : Analysis.Init.CPU.mSec
Value: 5328
Key : Analysis.Init.Elapsed.mSec
Value: 1386108
Key : Analysis.Memory.CommitPeak.Mb
Value: 111
Key : Analysis.Version.DbgEng
Value: 10.0.27725.1000
Key : Analysis.Version.Description
Value: 10.2408.27.01 amd64fre
Key : Analysis.Version.Ext
Value: 1.2408.27.1
Key : Bugcheck.Code.LegacyAPI
Value: 0xf7
Key : Bugcheck.Code.TargetModel
Value: 0xf7
Key : Dump.Attributes.AsUlong
Value: 21008
Key : Dump.Attributes.DiagDataWrittenToHeader
Value: 1
Key : Dump.Attributes.ErrorCode
Value: 0
Key : Dump.Attributes.KernelGeneratedTriageDump
Value: 1
Key : Dump.Attributes.LastLine
Value: Dump completed successfully.
Key : Dump.Attributes.ProgressPercentage
Value: 0
Key : Failure.Bucket
Value: 0xF7_MISSING_GSFRAME_sprotect!unknown_function
Key : Failure.Hash
Value: {cec00509-501b-7fff-3dd5-9dde16ef82dd}
BUGCHECK_CODE: f7
BUGCHECK_P1: ffff908bc62ffac7
BUGCHECK_P2: f24d50be3374
BUGCHECK_P3: ffff0db2af41cc8b
BUGCHECK_P4: 0
FILE_IN_CAB: 061625-13343-01.dmp
DUMP_FILE_ATTRIBUTES: 0x21008
Kernel Generated Triage Dump
FAULTING_THREAD: ffffde84547b1300
SECURITY_COOKIE: Expected 0000f24d50be3374 found ffff908bc62ffac7
BLACKBOXBSD: 1 (!blackboxbsd)
BLACKBOXNTFS: 1 (!blackboxntfs)
BLACKBOXPNP: 1 (!blackboxpnp)
CUSTOMER_CRASH_COUNT: 1
PROCESS_NAME: System
STACK_TEXT:
ffff908b`c62be648 fffff804`42126626 : 00000000`000000f7 ffff908b`c62ffac7 0000f24d`50be3374 ffff0db2`af41cc8b : nt!KeBugCheckEx
ffff908b`c62be650 00000000`000000f7 : ffff908b`c62ffac7 0000f24d`50be3374 ffff0db2`af41cc8b 00000000`00000000 : sprotect+0x6626
ffff908b`c62be658 ffff908b`c62ffac7 : 0000f24d`50be3374 ffff0db2`af41cc8b 00000000`00000000 ffff908b`c62bed20 : 0xf7
ffff908b`c62be660 0000f24d`50be3374 : ffff0db2`af41cc8b 00000000`00000000 ffff908b`c62bed20 ffff908b`c62bf698 : 0xffff908b`c62ffac7
ffff908b`c62be668 ffff0db2`af41cc8b : 00000000`00000000 ffff908b`c62bed20 ffff908b`c62bf698 fffff804`4212663b : 0x0000f24d`50be3374
ffff908b`c62be670 00000000`00000000 : ffff908b`c62bed20 ffff908b`c62bf698 fffff804`4212663b ffff908b`c62be750 : 0xffff0db2`af41cc8b
SYMBOL_NAME: sprotect+6626
MODULE_NAME: sprotect
IMAGE_NAME: sprotect.sys
STACK_COMMAND: .process /r /p 0xffffde84446c7040; .thread 0xffffde84547b1300 ; kb
BUCKET_ID_FUNC_OFFSET: 6626
FAILURE_BUCKET_ID: 0xF7_MISSING_GSFRAME_sprotect!unknown_function
OSPLATFORM_TYPE: x64
OSNAME: Windows 10
FAILURE_ID_HASH: {cec00509-501b-7fff-3dd5-9dde16ef82dd}
Followup: MachineOwner
请问这是什么原因导致的蓝屏,以及解决办法是什么?
(症状是开机即蓝屏,无法进入操作界面,手边有pe工具)