Debugging Tools for Windows


The DRIVER_OVERRAN_STACK_BUFFER bug check has a value of 0x000000F7. This indicates that a driver has overrun a stack-based buffer.


The following parameters are displayed on the blue screen.

Parameter Description
1 The actual security check cookie from the stack
2 The expected security check cookie
3 The bit-complement of the expected security check cookie
4 0


A driver overran a stack-based buffer (or local variable) in a way that would have overwritten the function's return address and jumped back to an arbitrary address when the function returned.

This is the classic "buffer overrun" hacking attack. The system has been brought down to prevent a malicious user from gaining complete control of it.

Resolving the Problem

Use the kb (Display Stack Backtrace) command to get a stack trace.

The last routine on the stack before the buffer overrun handlers and bug check call is the one that overran its local variable.

Build machine: CAPEBUILD