[Winpcap-users] Winpcap in Intanium machine

Thu Oct 8 17:29:23 PDT 2009

You cannot debug with Visual Studio. You need to use Windbg.

In windbg you can use the watch window to watch the contents of a variable. 
What is the bugcheck code?

If you have used "analyze -v" after the crash, please post the entire output 
of !analyze -v

GV

----- Original Message ----- 
From: " Renato Araújo Ferreira" <marina.peixe at terra.com.br>
To: <winpcap-users at winpcap.org>
Sent: Thursday, October 08, 2009 1:54 PM
Subject: Re: [Winpcap-users] Winpcap in Intanium machine

> the rigth stack:
>
> NPF!GetTimeKQPC [time_calls.h @ 373]
> NPF!NPF_tap [read.c @ 607]
> NDIS
>
> this line of time_calls.h:
>
> dst->tv_usec = data->start[0].tv_usec + 
> (LONG)((PTime.QuadPart%TimeFreq.QuadPart)*1000000/TimeFreq.QuadPart);
>
> I will look for an way to read the content of variable. Is there any known 
> way to run this dump in visual studio and see the content of these 
> variables?
>
> Thanks,
>
> Renato A. Ferreira
>
> On Qui 08/10/09 16:56 ,  Renato Araújo Ferreira marina.peixe at terra.com.br 
> sent:
>> The smalldump combined with the npf.pdb generated a stack trace like
>> follow
>> GetTimeKQPC
>> NPF_tap
>> NDIS
>>
>> with a memory exaust error.... I don't remember the correct spelling
>> because it did not make sense in source code so I didn't care to copy the
>> information...
>> I think that because the pdb file was not the same from the sys file 
>> build,
>> as I compiled too many times before combine them. After I recompiled 
>> again
>> to be sure to use the sys/pdb generate at same build and analyse the 
>> rigth
>> infromation, but is not generating the symbols anymore and I don't know
>> why.
>> Now I'm trying a kernel dump option, that takes a long time to be
>> generated. The small dump is fast and take a few kilobytes. There are 
>> only
>> this two options.
>>
>> On Qui 08/10/09 11:28 , "Gianluca Varenni" gianluca.varenni at cacetech.com 
>> sent:>
>> >
>> > ----- Original Message ----- 
>> >
>> > From: " Renato Araújo Ferreira" mar
>> > ina.pe
>> ixe at terra.com.br>> To: users at winpc
>> > ap.org>
>> > Sent: Wednesday, October 07, 2009 9:21 PM
>> >
>> > Subject: Re: [Winpcap-users] Winpcap in Intanium machine>
>> >
>> >
>> >
>> >
>> > > After send that last message I tried to run windump again without any
>> > > parameter (that make It dump first interface of list) and this
>> machine>
>> > > crashed again, but with another error from another SYS file (I
>> didn't> save
>> > > the information). At this second try the crash dump was disabled by
>> me> due
>> > > to 36GB of ram size (a long time to dump), but I still have the first
>> one>
>> > > that generated the message that in last message.>
>> > >
>> >
>> >
>> >
>> > If you enable just kernel memory dump, the memory dump is much smaller
>> than>
>> > 36GB. On a normal x86/x64 machine freshly booted, it's usually
>> below> 100MB.
>> >
>> >
>> > > I used before the gdb tool to debug core files under solaris, but I
>> never>
>> > > did something like it under windows. I will try to start with
>> debuging>
>> > > tools tomorow. Do you have any tip?
>> >
>> >
>> >
>> > Well, the first thing you do is loading the memory dump and issue
>> >
>> > "!analyze -v" on the windbg command line.
>> >
>> >
>> >
>> > >
>> >
>> > > But I'm still afraid about DLL's. Why a wrong/problematic DLL could
>> not>
>> > > crash a driver that it need to access?
>> >
>> >
>> >
>> > Because a driver should protect itself against bogus input from user
>> level>
>> > DLLs. A driver should never ever trust any data coming from user mode
>> and>
>> > should always validate it.
>> >
>> > So in the case of some problematic DLL, if the driver receives some
>> bogus>
>> > data from the DLL, it must just fail the I/O request.>
>> >
>> >
>> > GV
>> >
>> >
>> >
>> >
>> >
>> >
>> >
>> > >
>> >
>> > > Thanks,
>> >
>> > >
>> >
>> > > Renato A. Ferreira
>> >
>> > >
>> >
>> > >
>> >
>> > > On Qua 07/10/09 17:43 , "Gianluca Varenni" 
>> > > gianluca.varenni at cacetech.com > > sent:
>> >
>> > >> The crash is due to the driver, not to mismatching DLLs. Now you
>> will>
>> > >> need
>> >
>> > >>
>> >
>> > >> windbg and probably a second machine to debug the issue.>
>> > >>
>> >
>> > >> I would start loading the crash dump in windbg and understanding
>> what>
>> > >> went
>> >
>> > >>
>> >
>> > >> wrong.
>> >
>> > >>
>> >
>> > >>
>> >
>> > >>
>> >
>> > >> GV
>> >
>> > >>
>> >
>> > >>
>> >
>> > >>
>> >
>> > >> ----- Original Message ----- 
>> >
>> > >>
>> >
>> > >> From: " Renato Araújo Ferreira" mar
>> >
>> > >> ina.pe
>> > ixe at terra.co
>> m.br>> >> To: users at winpc
>> >
>> > >> ap.org>
>> >
>> > >> Sent: Wednesday, October 07, 2009 1:07 PM>
>> > >>
>> >
>> > >> Subject: Re: [Winpcap-users] Winpcap in Intanium machine>
>> > >>
>> >
>> > >>
>> >
>> > >>
>> >
>> > >>
>> >
>> > >>
>> >
>> > >> >
>> >
>> > >>
>> >
>> > >> >
>> >
>> > >>
>> >
>> > >> >
>> >
>> > >>
>> >
>> > >> > I added the reference to IA64 in NPF.RC VERSIONINFO
>> with:>
>> > >>
>> >
>> > >> >
>> >
>> > >>
>> >
>> > >> >
>> >
>> > >>
>> >
>> > >> > #elif defined(_IA64_)
>> >
>> > >>
>> >
>> > >> >   VALUE "FileDescription",   "npf.sys (NT5/6 IA64) Kernel
>> Driver"> >>
>> >
>> > >> >
>> >
>> > >>
>> >
>> > >> >
>> >
>> > >>
>> >
>> > >> > After I changed the refferences to AMD64 (appear only two times
>> and> >> refers
>> >
>> > >> > to hUserEvent32Bit) from:
>> >
>> > >>
>> >
>> > >> >
>> >
>> > >>
>> >
>> > >> >
>> >
>> > >>
>> >
>> > >> > #ifdef _AMD64_
>> >
>> > >>
>> >
>> > >> >
>> >
>> > >>
>> >
>> > >> >
>> >
>> > >>
>> >
>> > >> > To:
>> >
>> > >>
>> >
>> > >> >
>> >
>> > >>
>> >
>> > >> >
>> >
>> > >>
>> >
>> > >> > #if defined(_AMD64_) || defined(_IA64_)>
>> > >>
>> >
>> > >> >
>> >
>> > >>
>> >
>> > >> >
>> >
>> > >>
>> >
>> > >> > The compilation was sucessful, the "net start npf" works fine
>> and> the
>> > >> > interfaces is now appearing in return of "windump -D". But when
>> I> tried
>> > >> to
>> >
>> > >> > open wireshark, the interface list was OK showing all of then, but
>> > >> > before
>> >
>> > >>
>> >
>> > >> > I click at buttom to start capture (i think that was when it
>> started> to
>> > >>
>> >
>> > >> > count packets) the server went down with this message:>
>> > >>
>> >
>> > >> >
>> >
>> > >>
>> >
>> > >> >
>> >
>> > >>
>> >
>> > >> > *** STOP: 0x0000008E
>> >
>> > >>
>> >
>> > >> >
>> >
>> > >>
>> >
>> (0xFFFFFFFF80000002,0xE00001626B738834,0xE000016276387410,0x000000000000000
>> >
>> > >> 0)
>> >
>> > >> >
>> >
>> > >>
>> >
>> > >> > ***       NPF.sys - Address E00001626B738834 base at> 
>> > >> > E00001626B730000,
>> > >>
>> >
>> > >> > DateStamp 4acce5bf
>> >
>> > >>
>> >
>> > >> >
>> >
>> > >>
>> >
>> > >> >
>> >
>> > >>
>> >
>> > >> > I'm still trying with the DLL's (wpcap.dll and packet.dll) that
>> I> got
>> > >> > unpacking the installer, but they has the same name and I dont 
>> > >> > know
>> if>
>> > >> > I
>> >
>> > >>
>> >
>> > >> > choose the right one between vista, 2000 or amd64.>
>> > >>
>> >
>> > >> >
>> >
>> > >>
>> >
>> > >> > I will now try to compile these DLL's before try again.>
>> > >>
>> >
>> > >> >
>> >
>> > >>
>> >
>> > >> > Thanks,
>> >
>> > >>
>> >
>> > >> >
>> >
>> > >>
>> >
>> > >> > Renato A. Ferreira
>> >
>> > >>
>> >
>> > >> >
>> >
>> > >>
>> >
>> > >> > _______________________________________________>
>> > >>
>> >
>> > >> > Winpcap-users mailing list
>> >
>> > >>
>> >
>> > >> > Winpcap-users at winpc
>> >
>> > >> ap.org
>> >
>> > >> > https://www.winpcap.org/mailman/listinfo/winpcap-users> >>
>> >
>> > >>
>> >
>> > >>
>> >
>> > >>
>> >
>> > >>
>> >
>> > >
>> >
>> > > _______________________________________________>
>> > > Winpcap-users mailing list
>> >
>> > > Winpcap-users at winpc
>> > ap.org
>> > > https://www.winpcap.org/mailman/listinfo/winpcap-users> >
>> >
>> >
>> >
>> >
>> >
>>
>> _______________________________________________
>> Winpcap-users mailing list
>> Winpcap-users at winpc
>> ap.orghttps://www.winpcap.org/mailman/listinfo/winpcap-users
>>
>
> _______________________________________________
> Winpcap-users mailing list
> Winpcap-users at winpcap.org
> https://www.winpcap.org/mailman/listinfo/winpcap-users
> 