[Winpcap-bugs] WinPcap 4.1.1 - BSOD
Gianluca Varenni
gianluca.varenni at cacetech.com
Fri Nov 13 09:20:20 PST 2009
This time I was able to get the crash dump correctly.
In this case the driver asserted on a bad condition that should never happen.
Are you able to provide me the binaries to run the test?
Have a nice day
GV
----- Original Message -----
From: Boaz Brickner
To: Gianluca Varenni
Cc: winpcap-bugs at winpcap.org
Sent: Friday, November 13, 2009 12:05 AM
Subject: Re: [Winpcap-bugs] WinPcap 4.1.1 - BSOD
Hi,
It seems the zip file was corrupted.
I've rezipped it, uploaded it, and here are the different parameters on the zip file.
BoazMEMORY3.zip
56478352 bytes
ADLER32: cf6243a1
CRC32: 0ac90d25
MD2: 5a6af575a6321cd270af60dfd3e9ad22
MD4: b922517648db0a9f75f79aeb0ef9c68b
MD5: 6001d5fda98dc209f54b43a41c18930a
SHA1: ee5b542b4fead9b4b0a91f91847527fca6ea83ea
SHA256: 373ec76e3ba7431c83c9508219ae20b1a132a714c8eddf296405d7ea8ba141e1
SHA384: 45ca4d2049dde87e6ec313d48356b839b817fe51c96bfcf5c9fcbe45e066915959efe7ef403363fe4424e1c38091fb72
SHA512: 270ba74400a79a889e1480f3f37f51de1a728895a10de502b78ccd1bff982a0b2a6701b67c9eaa4cc3db2fcf44c524b8ecb401dd53afb7604806933c8daddb64
RIPEMD128: 02b0cf064234ec8ba6190a4584f29d3d
RIPEMD160: d55ebced51778c48a14ef0fcf5772925466cea34
TIGER128: 2ca256a32a6178908ef849b5298ab5ec
TIGER160: 2ca256a32a6178908ef849b5298ab5ecb0b45815
TIGER192: 2ca256a32a6178908ef849b5298ab5ecb0b458152e4a6294
GOST: 5284d47812e1256d7894b187a3f54b3da0c9f5de3ec0a247d01a1da9b2f7d789
On Fri, Nov 13, 2009 at 01:52, Gianluca Varenni <gianluca.varenni at cacetech.com> wrote:
It looks like the file got corrupted during the upload.
Can you please upload it again, and provide me the SHA1 or MD5 checksum of the zip file?
Have a nice day
GV
----- Original Message -----
From: Boaz Brickner
To: Gianluca Varenni
Cc: winpcap-bugs at winpcap.org
Sent: Thursday, November 12, 2009 3:05 PM
Subject: Re: [Winpcap-bugs] WinPcap 4.1.1 - BSOD
Hi,
I've just uploaded a 45 MB zip file containing the kernel dump.
I hope this helps.
Boaz.
On Thu, Nov 12, 2009 at 23:45, Gianluca Varenni <gianluca.varenni at cacetech.com> wrote:
Would it be possible for you to enable kernel crash dumps and try to crash your machine as well?
Have a nice day
GV
----- Original Message -----
From: Boaz Brickner
To: Gianluca Varenni
Cc: winpcap-bugs at winpcap.org
Sent: Thursday, November 12, 2009 1:41 PM
Subject: Re: [Winpcap-bugs] WinPcap 4.1.1 - BSOD
Hi,
I've uploaded 2 Windows XP mini dumps to ftp://www.winpcap.org/pub/incoming/ and I hope it got there.
There are also 6 Windows 7 mini dumps publicly available in http://www.sevenforums.com/crashes-debugging/37276-bsod-windows-7-professional-64-bit.html
Thank you,
Boaz.
On Thu, Nov 12, 2009 at 22:22, Gianluca Varenni <gianluca.varenni at cacetech.com> wrote:
I analyzed the stack trace that you sent below, and it's definitely a NULL pointer dereference, that should not happen (in the sense that such pointer should not be null, it comes from the OS itself). In order to further investigate the problem, however, I need to have a kernel memory dump, so that I can get a look at the variables on the stack...
Have a nice day
GV
----- Original Message -----
From: Boaz Brickner
To: winpcap-bugs at winpcap.org
Sent: Thursday, November 12, 2009 11:03 AM
Subject: [Winpcap-bugs] WinPcap 4.1.1 - BSOD
Hi,
I'm working on a new wrapper for WinPcap in .Net call Pcap.Net.
I've recently tried to upgrade Pcap.Net project (http://pcapdotnet.codeplex.com) to WinPcap 4.1.1 to support Windows 7 (I've used WinPcap 4.0.2 before).
When I run my different unit tests that use all kinds of WinPcap's features while using my network drive, I'm getting a Blue Screen Of Death (BSOD) - Windows Crash.
I've managed to get BSOD both on Windows 7 Professional 64 bit and on Windows XP SP3 32 bit (two different computer systems).
Before I've upgraded to WinPcap 4.1.1 I've never got a BSOD (Windows XP SP3).
It seems this BSOD is caused by WinPcap's npf driver.
At first I thought this problem is caused by Windows 7 or a combination of Windows 7 and WinPcap.
After I've seen that this problem also appears on my Windows XP that never experienced this problem before, I believe this is not the case and it is caused by WinPcap 4.1.1 alone.
Since a full reboot is needed after the BSOD appears, I'm having a hard time figuring out what exactly causes this problem.
If you want to try and recreate this problem you are welcome to use WinPcap 4.1.1 and download the latest source from Pcap.Net project site (changeset 30721):
http://pcapdotnet.codeplex.com/SourceControl/ListDownloadableCommits.aspx
If you're having troubles compiling and running the unit tests using Visual Studio Team Suite 2008 SP1, you are welcome to contact me and I'll try to help you with it. Sometimes more than one run of all the unit tests may be needed to cause the crash and you might need to do use your network drive (by downloading a file for example) to make the BSOD appear.
Also see my post on Windows 7 forums:
http://www.sevenforums.com/crashes-debugging/37276-bsod-windows-7-professional-64-bit.html
Details from Windows 7 mini dump (note that npf.sys is specifically referenced):
IRQL_NOT_LESS_OR_EQUAL (a)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If a kernel debugger is available get the stack backtrace.
Arguments:
Arg1: 0000000000003178, memory referenced
Arg2: 0000000000000002, IRQL
Arg3: 0000000000000001, bitfield :
bit 0 : value 0 = read operation, 1 = write operation
bit 3 : value 0 = not an execute operation, 1 = execute operation (only on chips which support this level of status)
Arg4: fffff80003eccb75, address which referenced memory
Debugging Details:
------------------
WRITE_ADDRESS: GetPointerFromAddress: unable to read from fffff800040fa0e0
0000000000003178
CURRENT_IRQL: 2
FAULTING_IP:
nt!KeAcquireSpinLockRaiseToDpc+55
fffff800`03eccb75 f0480fba2900 lock bts qword ptr [rcx],0
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
BUGCHECK_STR: 0xA
PROCESS_NAME: VSTestHost.exe
TRAP_FRAME: fffff8800909b7b0 -- (.trap 0xfffff8800909b7b0)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=0000000000000002 rbx=0000000000000000 rcx=0000000000003178
rdx=0000000000000085 rsi=0000000000000000 rdi=0000000000000000
rip=fffff80003eccb75 rsp=fffff8800909b940 rbp=0000000000003178
r8=0000000000000065 r9=0000000000000000 r10=0000000000000000
r11=fffff8800909b980 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei pl nz na po nc
nt!KeAcquireSpinLockRaiseToDpc+0x55:
fffff800`03eccb75 f0480fba2900 lock bts qword ptr [rcx],0 ds:00000000`00003178=????????????????
Resetting default scope
LAST_CONTROL_TRANSFER: from fffff80003ec3469 to fffff80003ec3f00
STACK_TEXT:
fffff880`0909b668 fffff800`03ec3469 : 00000000`0000000a 00000000`00003178 00000000`00000002 00000000`00000001 : nt!KeBugCheckEx
fffff880`0909b670 fffff800`03ec20e0 : 00000000`00000000 00000000`00000000 00000000`00000000 fffff800`03eca1a2 : nt!KiBugCheckDispatch+0x69
fffff880`0909b7b0 fffff800`03eccb75 : fffffa80`03e5c3f0 00000000`08004870 00000000`00000001 fffffa80`06a57900 : nt!KiPageFault+0x260
fffff880`0909b940 fffff880`05c02ef5 : fffffa80`0677d990 00000000`00000000 fffffa80`0677d8c0 00000000`00000000 : nt!KeAcquireSpinLockRaiseToDpc+0x55
fffff880`0909b990 fffffa80`0677d990 : 00000000`00000000 fffffa80`0677d8c0 00000000`00000000 fffffa80`0677d8c0 : npf+0x2ef5
fffff880`0909b998 00000000`00000000 : fffffa80`0677d8c0 00000000`00000000 fffffa80`0677d8c0 fffff880`05c03edf : 0xfffffa80`0677d990
STACK_COMMAND: kb
FOLLOWUP_IP:
npf+2ef5
fffff880`05c02ef5 ?? ???
SYMBOL_STACK_INDEX: 4
SYMBOL_NAME: npf+2ef5
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: npf
IMAGE_NAME: npf.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 4addfab3
FAILURE_BUCKET_ID: X64_0xA_npf+2ef5
------------------------------------------------------------------
_______________________________________________
Winpcap-bugs mailing list
Winpcap-bugs at winpcap.org
https://www.winpcap.org/mailman/listinfo/winpcap-bugs
--------------------------------------------------------------------------
_______________________________________________
Winpcap-bugs mailing list
Winpcap-bugs at winpcap.org
https://www.winpcap.org/mailman/listinfo/winpcap-bugs
------------------------------------------------------------------------------
_______________________________________________
Winpcap-bugs mailing list
Winpcap-bugs at winpcap.org
https://www.winpcap.org/mailman/listinfo/winpcap-bugs
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.winpcap.org/pipermail/winpcap-bugs/attachments/20091113/91f19c3e/attachment-0001.htm
More information about the Winpcap-bugs
mailing list