Wireshark mailing list archives
Re: Npcap 0.03 call for test
From: Pascal Quantin <pascal.quantin () gmail com>
Date: Mon, 3 Aug 2015 23:19:23 +0200
2015-08-03 17:57 GMT+02:00 Yang Luo <hsluoyb () gmail com>:
Hi Pascal, Thanks for testing. The output of your dump is pasted below. It seems that NdisFOidRequest call fails in Npcap's NPF_GetDeviceMTU routine. It is in the same position with the previous SYSTEM_SERVICE_EXCEPTION BSoD. So I think they may belong to the same bug. However, I didn't find what's wrong with this code (go to this link if anyone is interested with the code: https://github.com/nmap/npcap/blob/master/packetWin7/npf/npf/Openclos.c, Line: 570). WinDbg said "*An attempt was made to access a pageable (or completely invalid) address at an interrupt request level (IRQL) that is too high.*" But actually all arguments of NdisFOidRequest are from the OPEN_INSTANCE struct and this struct is allocated in a NonPaged pool, so it's hard to understand its reason.
Hi Yang, the page https://msdn.microsoft.com/en-us/library/windows/hardware/ff549954%28v=vs.85%29.aspx suggests that: "Before the driver calls *NdisFOidRequest*, the driver must allocate an *NDIS_OID_REQUEST* <https://msdn.microsoft.com/en-us/library/windows/hardware/ff566710%28v=vs.85%29.aspx> structure and transfer the request information to the new structure by calling *NdisAllocateCloneOidRequest* <https://msdn.microsoft.com/en-us/library/windows/hardware/ff560706%28v=vs.85%29.aspx>. As an option, a filter driver can complete a request immediately without forwarding the request." When looking at your code, you seem to use directly an array entry in OPEN_INSTANCE structure (or at least that's the feeling it gives). Something missed when porting the code from NDIS5 to NDIS6? This is properly done in NPF_OidRequest() function. Note that I just looked at the code during less than 5mn and I'm not familiar with driver development at all so I could be completely wrong and have missed an obvious thing ;) Regards, Pascal.
___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: https://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Current thread:
- Re: Npcap 0.03 call for test, (continued)
- Re: Npcap 0.03 call for test Tyson Key (Aug 01)
- Re: Npcap 0.03 call for test Tyson Key (Aug 01)
- Re: Npcap 0.03 call for test Yang Luo (Aug 02)
- Re: Npcap 0.03 call for test Yang Luo (Aug 03)
- Re: Npcap 0.03 call for test Pascal Quantin (Aug 03)
- Re: Npcap 0.03 call for test Yang Luo (Aug 03)
- Re: Npcap 0.03 call for test Pascal Quantin (Aug 03)
- Re: Npcap 0.03 call for test Jim Young (Aug 03)
- Re: Npcap 0.03 call for test Yang Luo (Aug 03)
- Re: Npcap 0.03 call for test Yang Luo (Aug 03)
- Re: Npcap 0.03 call for test Pascal Quantin (Aug 03)
- Re: Npcap 0.03 call for test Yang Luo (Aug 03)
- Re: Npcap 0.03 call for test Jim Young (Aug 03)
- Re: Npcap 0.03 call for test Yang Luo (Aug 05)
- Re: Npcap 0.03 call for test Jim Young (Aug 06)
- Re: Npcap 0.03 call for test Yang Luo (Aug 15)
- Re: Npcap 0.03 call for test Pascal Quantin (Aug 06)
- Re: Npcap 0.03 call for test Yang Luo (Aug 06)
- Re: Npcap 0.03 call for test Pascal Quantin (Aug 06)
- Re: Npcap 0.03 call for test Jim Young (Aug 06)
- Re: Npcap 0.03 call for test Yang Luo (Aug 10)