Nmap Development mailing list archives
NPCAP BUGCHECK
From: "Mike ." <dmciscobgp () hotmail com>
Date: Fri, 29 Mar 2019 17:15:33 +0000
getting no responses to this never-ending saga . maybe some of you coders can do somethig with this. i have enclosed the crashdump. -----Mike *crash dump is too damn big, this a direct copy/paste from windbg, best i can do Use !analyze -v to get detailed debugging information. BugCheck 7E, {80000003, 887a720e, 89341ae8, 893416c0} *** ERROR: Module load completed but symbols could not be loaded for mssmbios.sys *** ERROR: Symbol file could not be found. Defaulted to export symbols for dump_dumpata.sys - Probably caused by : dump_dumpata.sys ( dump_dumpata!AtaPortSetBusData+168 ) Followup: MachineOwner --------- 1: kd> !analyze -v ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* SYSTEM_THREAD_EXCEPTION_NOT_HANDLED (7e) This is a very common bugcheck. Usually the exception address pinpoints the driver/function that caused the problem. Always note this address as well as the link date of the driver/image that contains this address. Arguments: Arg1: 80000003, The exception code that was not handled Arg2: 887a720e, The address that the exception occurred at Arg3: 89341ae8, Exception Record Address Arg4: 893416c0, Context Record Address Debugging Details: ------------------ EXCEPTION_CODE: (HRESULT) 0x80000003 (2147483651) - One or more arguments are invalid FAULTING_IP: dump_dumpata!AtaPortSetBusData+168 887a720e cc int 3 EXCEPTION_RECORD: 89341ae8 -- (.exr 0xffffffff89341ae8) ExceptionAddress: 887a720e (dump_dumpata!AtaPortSetBusData+0x00000168) ExceptionCode: 80000003 (Break instruction exception) ExceptionFlags: 00000000 NumberParameters: 3 Parameter[0]: 00000000 Parameter[1]: 84d93998 Parameter[2]: 00000000 CONTEXT: 893416c0 -- (.cxr 0xffffffff893416c0;r) eax=89341c40 ebx=850d2a60 ecx=01000000 edx=00000000 esi=84f490e0 edi=84df6590 eip=887a720e esp=89341bb0 ebp=89341ce4 iopl=0 nv up ei pl zr na pe nc cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000246 dump_dumpata!AtaPortSetBusData+0x168: 887a720e cc int 3 Last set context: eax=89341c40 ebx=850d2a60 ecx=01000000 edx=00000000 esi=84f490e0 edi=84df6590 eip=887a720e esp=89341bb0 ebp=89341ce4 iopl=0 nv up ei pl zr na pe nc cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000246 dump_dumpata!AtaPortSetBusData+0x168: 887a720e cc int 3 Resetting default scope DEFAULT_BUCKET_ID: WIN7_DRIVER_FAULT BUGCHECK_STR: 0x7E PROCESS_NAME: System CURRENT_IRQL: 0 ERROR_CODE: (NTSTATUS) 0x80000003 - {EXCEPTION} Breakpoint A breakpoint has been reached. EXCEPTION_PARAMETER1: 00000000 EXCEPTION_PARAMETER2: 84d93998 EXCEPTION_PARAMETER3: 00000000 ANALYSIS_VERSION: 6.3.9600.17336 (debuggers(dbg).150226-1500) x86fre LAST_CONTROL_TRANSFER: from 88494d01 to 887a720e STACK_TEXT: WARNING: Stack unwind information not available. Following frames may be wrong. 89341ce4 88494d01 84df6590 00000000 84f490e0 dump_dumpata!AtaPortSetBusData+0x168 89341d0c 884ffcad 00f490e0 884c9690 884c96a0 ndis!ndisCheckMiniportFilters+0x105 89341d24 884f7013 850cbde8 00f490e0 89341d50 ndis!ndisQueuedCheckAdapterBindings+0xc8 89341d34 884930a5 850cbde8 00000000 84d93998 ndis!ndisWorkItemHandler+0xe 89341d50 8224313d 00000000 9571b668 00000000 ndis!ndisWorkerThread+0xa4 89341d90 820ea559 88493001 00000000 00000000 nt!PspSystemThreadStartup+0x9e 00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x19 FOLLOWUP_IP: dump_dumpata!AtaPortSetBusData+168 887a720e cc int 3 SYMBOL_STACK_INDEX: 0 SYMBOL_NAME: dump_dumpata!AtaPortSetBusData+168 FOLLOWUP_NAME: MachineOwner MODULE_NAME: dump_dumpata IMAGE_NAME: dump_dumpata.sys DEBUG_FLR_IMAGE_TIMESTAMP: 4a5bbf14 IMAGE_VERSION: 6.1.7600.16385 STACK_COMMAND: .cxr 0xffffffff893416c0 ; kb FAILURE_BUCKET_ID: 0x7E_dump_dumpata!AtaPortSetBusData+168 BUCKET_ID: 0x7E_dump_dumpata!AtaPortSetBusData+168 ANALYSIS_SOURCE: KM FAILURE_ID_HASH_STRING: km:0x7e_dump_dumpata!ataportsetbusdata+168 FAILURE_ID_HASH: {f4afee9b-9096-dd3a-c82f-ac191960470b} Followup: MachineOwner --------- *this points to the faulting function, but then i got the blue screen, it showed NPCAP.SYS as the offender*
_______________________________________________ Sent through the dev mailing list https://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- NPCAP BUGCHECK Mike . (Mar 29)