[Winpcap-bugs] WinPcap 4.1.1 - BSOD
Boaz Brickner
boaz.brickner at gmail.com
Fri Nov 20 23:22:04 PST 2009
Hi GV,
Do you have any test results (ping)?
Thank you,
Boaz.
On Sat, Nov 14, 2009 at 01:02, Gianluca Varenni <
gianluca.varenni at cacetech.com> wrote:
> Thanks!
>
> I will test it in the next couple of days.
> Ping me if I don't get back to you within a week.
>
> Have a nice day
> GV
>
> ----- Original Message -----
> *From:* Boaz Brickner <boaz.brickner at gmail.com>
> *To:* Gianluca Varenni <gianluca.varenni at cacetech.com>
> *Cc:* winpcap-bugs at winpcap.org
> *Sent:* Friday, November 13, 2009 2:20 PM
> *Subject:* Re: [Winpcap-bugs] WinPcap 4.1.1 - BSOD
>
> Hi,
>
> I've uploaded a small console application that causes the crash to the ftp
> site.
> I hope that all needed dlls are there. If you're missing any, let me know.
> If the application runs without causing a BSOD crash, try to download
> something while running the application. I've found it useful to try to see
> a youtube movie while downloading.
> If this doesn't work either, you might need to disable all network devices
> but your main network device and to disable IPv6 support from the main
> network device.
>
> I hope you'll crash :)
>
> Boaz.
>
> On Fri, Nov 13, 2009 at 21:35, Gianluca Varenni <
> gianluca.varenni at cacetech.com> wrote:
>
>> That would be great. I'm still using VS2005 SP1 professional edition, I
>> haven't migrated to 2008.
>>
>> Have a nice day
>> GV
>>
>>
>> ----- Original Message -----
>> *From:* Boaz Brickner <boaz.brickner at gmail.com>
>> *To:* Gianluca Varenni <gianluca.varenni at cacetech.com>
>> *Cc:* winpcap-bugs at winpcap.org
>> *Sent:* Friday, November 13, 2009 10:18 AM
>> *Subject:* Re: [Winpcap-bugs] WinPcap 4.1.1 - BSOD
>>
>> The entire code is available here (change set 30721):
>> http://pcapdotnet.codeplex.com/SourceControl/ListDownloadableCommits.aspx
>>
>> I'm not sure exactly what test causes it, if you can't compile and run the
>> code, I will try to create an executable that causes a BSOD.
>>
>> Boaz.
>>
>> On Fri, Nov 13, 2009 at 19:20, Gianluca Varenni <
>> gianluca.varenni at cacetech.com> wrote:
>>
>>> This time I was able to get the crash dump correctly.
>>>
>>> In this case the driver asserted on a bad condition that should never
>>> happen.
>>>
>>> Are you able to provide me the binaries to run the test?
>>>
>>> Have a nice day
>>> GV
>>>
>>>
>>> ----- Original Message -----
>>> *From:* Boaz Brickner <boaz.brickner at gmail.com>
>>> *To:* Gianluca Varenni <gianluca.varenni at cacetech.com>
>>> *Cc:* winpcap-bugs at winpcap.org
>>> *Sent:* Friday, November 13, 2009 12:05 AM
>>> *Subject:* Re: [Winpcap-bugs] WinPcap 4.1.1 - BSOD
>>>
>>> Hi,
>>>
>>> It seems the zip file was corrupted.
>>> I've rezipped it, uploaded it, and here are the different parameters on
>>> the zip file.
>>>
>>> BoazMEMORY3.zip
>>> 56478352 bytes
>>>
>>> ADLER32: cf6243a1
>>> CRC32: 0ac90d25
>>> MD2: 5a6af575a6321cd270af60dfd3e9ad22
>>> MD4: b922517648db0a9f75f79aeb0ef9c68b
>>> MD5: 6001d5fda98dc209f54b43a41c18930a
>>> SHA1: ee5b542b4fead9b4b0a91f91847527fca6ea83ea
>>> SHA256: 373ec76e3ba7431c83c9508219ae20b1a132a714c8eddf296405d7ea8ba141e1
>>> SHA384:
>>> 45ca4d2049dde87e6ec313d48356b839b817fe51c96bfcf5c9fcbe45e066915959efe7ef403363fe4424e1c38091fb72
>>> SHA512:
>>> 270ba74400a79a889e1480f3f37f51de1a728895a10de502b78ccd1bff982a0b2a6701b67c9eaa4cc3db2fcf44c524b8ecb401dd53afb7604806933c8daddb64
>>> RIPEMD128: 02b0cf064234ec8ba6190a4584f29d3d
>>> RIPEMD160: d55ebced51778c48a14ef0fcf5772925466cea34
>>> TIGER128: 2ca256a32a6178908ef849b5298ab5ec
>>> TIGER160: 2ca256a32a6178908ef849b5298ab5ecb0b45815
>>> TIGER192: 2ca256a32a6178908ef849b5298ab5ecb0b458152e4a6294
>>> GOST: 5284d47812e1256d7894b187a3f54b3da0c9f5de3ec0a247d01a1da9b2f7d789
>>>
>>> On Fri, Nov 13, 2009 at 01:52, Gianluca Varenni <
>>> gianluca.varenni at cacetech.com> wrote:
>>>
>>>> It looks like the file got corrupted during the upload.
>>>>
>>>> Can you please upload it again, and provide me the SHA1 or MD5 checksum
>>>> of the zip file?
>>>>
>>>> Have a nice day
>>>> GV
>>>>
>>>>
>>>> ----- Original Message -----
>>>> *From:* Boaz Brickner <boaz.brickner at gmail.com>
>>>> *To:* Gianluca Varenni <gianluca.varenni at cacetech.com>
>>>> *Cc:* winpcap-bugs at winpcap.org
>>>> *Sent:* Thursday, November 12, 2009 3:05 PM
>>>> *Subject:* Re: [Winpcap-bugs] WinPcap 4.1.1 - BSOD
>>>>
>>>> Hi,
>>>>
>>>> I've just uploaded a 45 MB zip file containing the kernel dump.
>>>> I hope this helps.
>>>>
>>>> Boaz.
>>>>
>>>> On Thu, Nov 12, 2009 at 23:45, Gianluca Varenni <
>>>> gianluca.varenni at cacetech.com> wrote:
>>>>
>>>>> Would it be possible for you to enable kernel crash dumps and try to
>>>>> crash your machine as well?
>>>>>
>>>>> Have a nice day
>>>>> GV
>>>>>
>>>>> ----- Original Message -----
>>>>> *From:* Boaz Brickner <boaz.brickner at gmail.com>
>>>>> *To:* Gianluca Varenni <gianluca.varenni at cacetech.com>
>>>>> *Cc:* winpcap-bugs at winpcap.org
>>>>> *Sent:* Thursday, November 12, 2009 1:41 PM
>>>>> *Subject:* Re: [Winpcap-bugs] WinPcap 4.1.1 - BSOD
>>>>>
>>>>> Hi,
>>>>>
>>>>> I've uploaded 2 Windows XP mini dumps to
>>>>> ftp://www.winpcap.org/pub/incoming/ and I hope it got there.
>>>>> There are also 6 Windows 7 mini dumps publicly available in
>>>>> http://www.sevenforums.com/crashes-debugging/37276-bsod-windows-7-professional-64-bit.html
>>>>>
>>>>> Thank you,
>>>>>
>>>>> Boaz.
>>>>>
>>>>> On Thu, Nov 12, 2009 at 22:22, Gianluca Varenni <
>>>>> gianluca.varenni at cacetech.com> wrote:
>>>>>
>>>>>> I analyzed the stack trace that you sent below, and it's definitely
>>>>>> a NULL pointer dereference, that should not happen (in the sense that such
>>>>>> pointer should not be null, it comes from the OS itself). In order to
>>>>>> further investigate the problem, however, I need to have a kernel memory
>>>>>> dump, so that I can get a look at the variables on the stack...
>>>>>>
>>>>>>
>>>>>> Have a nice day
>>>>>> GV
>>>>>>
>>>>>>
>>>>>> ----- Original Message -----
>>>>>> *From:* Boaz Brickner <boaz.brickner at gmail.com>
>>>>>> *To:* winpcap-bugs at winpcap.org
>>>>>> *Sent:* Thursday, November 12, 2009 11:03 AM
>>>>>> *Subject:* [Winpcap-bugs] WinPcap 4.1.1 - BSOD
>>>>>>
>>>>>> Hi,
>>>>>>
>>>>>> I'm working on a new wrapper for WinPcap in .Net call Pcap.Net.
>>>>>> I've recently tried to upgrade Pcap.Net project (
>>>>>> http://pcapdotnet.codeplex.com) to WinPcap 4.1.1 to support Windows 7
>>>>>> (I've used WinPcap 4.0.2 before).
>>>>>>
>>>>>> When I run my different unit tests that use all kinds of WinPcap's
>>>>>> features while using my network drive, I'm getting a Blue Screen Of Death
>>>>>> (BSOD) - Windows Crash.
>>>>>> I've managed to get BSOD both on Windows 7 Professional 64 bit and on
>>>>>> Windows XP SP3 32 bit (two different computer systems).
>>>>>> Before I've upgraded to WinPcap 4.1.1 I've never got a BSOD (Windows
>>>>>> XP SP3).
>>>>>>
>>>>>> *It seems this BSOD is caused by WinPcap's npf driver.*
>>>>>>
>>>>>> At first I thought this problem is caused by Windows 7 or a
>>>>>> combination of Windows 7 and WinPcap.
>>>>>> After I've seen that this problem also appears on my Windows XP that
>>>>>> never experienced this problem before, I believe this is not the case and it
>>>>>> is caused by WinPcap 4.1.1 alone.
>>>>>>
>>>>>> Since a full reboot is needed after the BSOD appears, I'm having a
>>>>>> hard time figuring out what exactly causes this problem.
>>>>>>
>>>>>> If you want to try and recreate this problem you are welcome to use
>>>>>> WinPcap 4.1.1 and download the latest source from Pcap.Net project site
>>>>>> (changeset 30721):
>>>>>>
>>>>>>
>>>>>> http://pcapdotnet.codeplex.com/SourceControl/ListDownloadableCommits.aspx
>>>>>>
>>>>>> If you're having troubles compiling and running the unit tests using
>>>>>> Visual Studio Team Suite 2008 SP1, you are welcome to contact me and I'll
>>>>>> try to help you with it. Sometimes more than one run of all the unit tests
>>>>>> may be needed to cause the crash and you might need to do use your network
>>>>>> drive (by downloading a file for example) to make the BSOD appear.
>>>>>>
>>>>>>
>>>>>> Also see my post on Windows 7 forums:
>>>>>>
>>>>>> http://www.sevenforums.com/crashes-debugging/37276-bsod-windows-7-professional-64-bit.html
>>>>>>
>>>>>> *
>>>>>> Details from Windows 7 mini dump (note that npf.sys is specifically
>>>>>> referenced):*
>>>>>>
>>>>>> IRQL_NOT_LESS_OR_EQUAL (a)
>>>>>> An attempt was made to access a pageable (or completely invalid)
>>>>>> address at an
>>>>>> interrupt request level (IRQL) that is too high. This is usually
>>>>>> caused by drivers using improper addresses.
>>>>>> If a kernel debugger is available get the stack backtrace.
>>>>>> Arguments:
>>>>>> Arg1: 0000000000003178, memory referenced
>>>>>> Arg2: 0000000000000002, IRQL
>>>>>> Arg3: 0000000000000001, bitfield :
>>>>>> bit 0 : value 0 = read operation, 1 = write operation
>>>>>> bit 3 : value 0 = not an execute operation, 1 = execute operation
>>>>>> (only on chips which support this level of status)
>>>>>> Arg4: fffff80003eccb75, address which referenced memory
>>>>>>
>>>>>> Debugging Details:
>>>>>> ------------------
>>>>>>
>>>>>>
>>>>>> WRITE_ADDRESS: GetPointerFromAddress: unable to read from
>>>>>> fffff800040fa0e0
>>>>>> 0000000000003178
>>>>>>
>>>>>> CURRENT_IRQL: 2
>>>>>>
>>>>>> FAULTING_IP:
>>>>>> nt!KeAcquireSpinLockRaiseToDpc+55
>>>>>> fffff800`03eccb75 f0480fba2900 lock bts qword ptr [rcx],0
>>>>>>
>>>>>> CUSTOMER_CRASH_COUNT: 1
>>>>>>
>>>>>> DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
>>>>>>
>>>>>> BUGCHECK_STR: 0xA
>>>>>>
>>>>>> PROCESS_NAME: VSTestHost.exe
>>>>>>
>>>>>> TRAP_FRAME: fffff8800909b7b0 -- (.trap 0xfffff8800909b7b0)
>>>>>> NOTE: The trap frame does not contain all registers.
>>>>>> Some register values may be zeroed or incorrect.
>>>>>> rax=0000000000000002 rbx=0000000000000000 rcx=0000000000003178
>>>>>> rdx=0000000000000085 rsi=0000000000000000 rdi=0000000000000000
>>>>>> rip=fffff80003eccb75 rsp=fffff8800909b940 rbp=0000000000003178
>>>>>> r8=0000000000000065 r9=0000000000000000 r10=0000000000000000
>>>>>> r11=fffff8800909b980 r12=0000000000000000 r13=0000000000000000
>>>>>> r14=0000000000000000 r15=0000000000000000
>>>>>> iopl=0 nv up ei pl nz na po nc
>>>>>> nt!KeAcquireSpinLockRaiseToDpc+0x55:
>>>>>> fffff800`03eccb75 f0480fba2900 lock bts qword ptr [rcx],0
>>>>>> ds:00000000`00003178=????????????????
>>>>>> Resetting default scope
>>>>>>
>>>>>> LAST_CONTROL_TRANSFER: from fffff80003ec3469 to fffff80003ec3f00
>>>>>>
>>>>>> STACK_TEXT:
>>>>>> fffff880`0909b668 fffff800`03ec3469 : 00000000`0000000a
>>>>>> 00000000`00003178 00000000`00000002 00000000`00000001 : nt!KeBugCheckEx
>>>>>> fffff880`0909b670 fffff800`03ec20e0 : 00000000`00000000
>>>>>> 00000000`00000000 00000000`00000000 fffff800`03eca1a2 :
>>>>>> nt!KiBugCheckDispatch+0x69
>>>>>> fffff880`0909b7b0 fffff800`03eccb75 : fffffa80`03e5c3f0
>>>>>> 00000000`08004870 00000000`00000001 fffffa80`06a57900 : nt!KiPageFault+0x260
>>>>>> fffff880`0909b940 fffff880`05c02ef5 : fffffa80`0677d990
>>>>>> 00000000`00000000 fffffa80`0677d8c0 00000000`00000000 :
>>>>>> nt!KeAcquireSpinLockRaiseToDpc+0x55
>>>>>> fffff880`0909b990 fffffa80`0677d990 : 00000000`00000000
>>>>>> fffffa80`0677d8c0 00000000`00000000 fffffa80`0677d8c0 : npf+0x2ef5
>>>>>> fffff880`0909b998 00000000`00000000 : fffffa80`0677d8c0
>>>>>> 00000000`00000000 fffffa80`0677d8c0 fffff880`05c03edf : 0xfffffa80`0677d990
>>>>>>
>>>>>>
>>>>>> STACK_COMMAND: kb
>>>>>>
>>>>>> FOLLOWUP_IP:
>>>>>> npf+2ef5
>>>>>> fffff880`05c02ef5 ?? ???
>>>>>>
>>>>>> SYMBOL_STACK_INDEX: 4
>>>>>>
>>>>>> SYMBOL_NAME: npf+2ef5
>>>>>>
>>>>>> FOLLOWUP_NAME: MachineOwner
>>>>>>
>>>>>> *MODULE_NAME: npf
>>>>>>
>>>>>> IMAGE_NAME: npf.sys*
>>>>>>
>>>>>> DEBUG_FLR_IMAGE_TIMESTAMP: 4addfab3
>>>>>>
>>>>>> FAILURE_BUCKET_ID: X64_0xA_npf+2ef5
>>>>>>
>>>>>>
>>>>>> ------------------------------
>>>>>>
>>>>>> _______________________________________________
>>>>>> Winpcap-bugs mailing list
>>>>>> Winpcap-bugs at winpcap.org
>>>>>> https://www.winpcap.org/mailman/listinfo/winpcap-bugs
>>>>>>
>>>>>>
>>>>>
>>>> ------------------------------
>>>>
>>>> _______________________________________________
>>>> Winpcap-bugs mailing list
>>>> Winpcap-bugs at winpcap.org
>>>> https://www.winpcap.org/mailman/listinfo/winpcap-bugs
>>>>
>>>>
>>> ------------------------------
>>>
>>> _______________________________________________
>>> Winpcap-bugs mailing list
>>> Winpcap-bugs at winpcap.org
>>> https://www.winpcap.org/mailman/listinfo/winpcap-bugs
>>>
>>>
>> ------------------------------
>>
>> _______________________________________________
>> Winpcap-bugs mailing list
>> Winpcap-bugs at winpcap.org
>> https://www.winpcap.org/mailman/listinfo/winpcap-bugs
>>
>>
> ------------------------------
>
> _______________________________________________
> Winpcap-bugs mailing list
> Winpcap-bugs at winpcap.org
> https://www.winpcap.org/mailman/listinfo/winpcap-bugs
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.winpcap.org/pipermail/winpcap-bugs/attachments/20091121/75047b7a/attachment-0001.htm
More information about the Winpcap-bugs
mailing list