[Winpcap-users] Winpcap in Intanium machine

Renato Araújo Ferreira marina.peixe at terra.com.br
Wed Oct 7 21:21:49 PDT 2009 

After send that last message I tried to run windump again without any parameter (that make It dump first interface of list) and this machine crashed again, but with another error from another SYS file (I didn't save the information). At this second try the crash dump was disabled by me due to 36GB of ram size (a long time to dump), but I still have the first one that generated the message that in last message.

I used before the gdb tool to debug core files under solaris, but I never did something like it under windows. I will try to start with debuging tools tomorow. Do you have any tip?

But I'm still afraid about DLL's. Why a wrong/problematic DLL could not crash a driver that it need to access?

Thanks,

Renato A. Ferreira


 On Qua 07/10/09 17:43 , "Gianluca Varenni" gianluca.varenni at cacetech.com sent:
> The crash is due to the driver, not to mismatching DLLs. Now you will need
> 
> windbg and probably a second machine to debug the issue.
> 
> I would start loading the crash dump in windbg and understanding what went
> 
> wrong.
> 
> 
> 
> GV
> 
> 
> 
> ----- Original Message ----- 
> 
> From: " Renato Araújo Ferreira" mar
> ina.peixe at terra.com.br>
> To: users at winpc
> ap.org>
> Sent: Wednesday, October 07, 2009 1:07 PM
> 
> Subject: Re: [Winpcap-users] Winpcap in Intanium machine
> 
> 
> 
> 
> 
> >
> 
> >
> 
> >
> 
> > I added the reference to IA64 in NPF.RC VERSIONINFO with:
> 
> >
> 
> >
> 
> > #elif defined(_IA64_)
> 
> >   VALUE "FileDescription",   "npf.sys (NT5/6 IA64) Kernel Driver"
> 
> >
> 
> >
> 
> > After I changed the refferences to AMD64 (appear only two times and
> refers 
> > to hUserEvent32Bit) from:
> 
> >
> 
> >
> 
> > #ifdef _AMD64_
> 
> >
> 
> >
> 
> > To:
> 
> >
> 
> >
> 
> > #if defined(_AMD64_) || defined(_IA64_)
> 
> >
> 
> >
> 
> > The compilation was sucessful, the "net start npf" works fine and the 
> > interfaces is now appearing in return of "windump -D". But when I tried
> to 
> > open wireshark, the interface list was OK showing all of then, but before
> 
> > I click at buttom to start capture (i think that was when it started to
> 
> > count packets) the server went down with this message:
> 
> >
> 
> >
> 
> > *** STOP: 0x0000008E 
> 
> >
> (0xFFFFFFFF80000002,0xE00001626B738834,0xE000016276387410,0x000000000000000
> 0)
> >
> 
> > ***       NPF.sys - Address E00001626B738834 base at E00001626B730000,
> 
> > DateStamp 4acce5bf
> 
> >
> 
> >
> 
> > I'm still trying with the DLL's (wpcap.dll and packet.dll) that I got 
> > unpacking the installer, but they has the same name and I dont know if I
> 
> > choose the right one between vista, 2000 or amd64.
> 
> >
> 
> > I will now try to compile these DLL's before try again.
> 
> >
> 
> > Thanks,
> 
> >
> 
> > Renato A. Ferreira
> 
> >
> 
> > _______________________________________________
> 
> > Winpcap-users mailing list
> 
> > Winpcap-users at winpc
> ap.org
> > https://www.winpcap.org/mailman/listinfo/winpcap-users
> 
> 
> 
> 
>

More information about the Winpcap-users mailing list