Wireshark mailing list archives
Re: Npcap 0.03 call for test
From: Pascal Quantin <pascal.quantin () gmail com>
Date: Thu, 6 Aug 2015 19:02:04 +0200
2015-08-06 15:21 GMT+02:00 Yang Luo <hsluoyb () gmail com>:
Hi Pascal, This issue is because some parts of Npcap have been migrated to MSVC2010, however Win10 RTM lacks VC2010 redist package. I have changed to static link the libs, and tested on my Win10 RTM. Latest installer that has this bug fixed is: https://svn.nmap.org/nmap-exp/yang/NPcap-LWF/npcap-nmap-0.03-r5.exe <https://svn.nmap.org/nmap-exp/yang/NPcap-LWF/npcap-nmap-0.03-r5.exe> Cheers, Yang
Hi Yang, it now installs successfully. But I get a systematic crash when trying to laod Wireshark (while so far I was not facing BSoD on my Windows 10 virtual machine). You will find the full memory dump here: https://www.dropbox.com/s/n9oq6oajv411n3c/MEMORY.7z?dl=0 ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* IRQL_NOT_LESS_OR_EQUAL (a) An attempt was made to access a pageable (or completely invalid) address at an interrupt request level (IRQL) that is too high. This is usually caused by drivers using improper addresses. If a kernel debugger is available get the stack backtrace. Arguments: Arg1: 000000000000a620, memory referenced Arg2: 0000000000000002, IRQL Arg3: 0000000000000001, bitfield : bit 0 : value 0 = read operation, 1 = write operation bit 3 : value 0 = not an execute operation, 1 = execute operation (only on chips which support this level of status) Arg4: fffff80297ae252c, address which referenced memory Debugging Details: ------------------ *** ERROR: Module load completed but symbols could not be loaded for npf.sys Page 9b25 not present in the dump file. Type ".hh dbgerr004" for details WRITE_ADDRESS: unable to get nt!MmSpecialPoolStart unable to get nt!MmSpecialPoolEnd unable to get nt!MmPagedPoolEnd unable to get nt!MmNonPagedPoolStart unable to get nt!MmSizeOfNonPagedPoolInBytes 000000000000a620 CURRENT_IRQL: 2 FAULTING_IP: nt!KeAcquireSpinLockRaiseToDpc+1c fffff802`97ae252c f0480fba2900 lock bts qword ptr [rcx],0 DEFAULT_BUCKET_ID: WIN8_DRIVER_FAULT BUGCHECK_STR: AV PROCESS_NAME: dumpcap.exe ANALYSIS_VERSION: 6.3.9600.17237 (debuggers(dbg).140716-0327) amd64fre TRAP_FRAME: ffffd000b8e1b580 -- (.trap 0xffffd000b8e1b580) NOTE: The trap frame does not contain all registers. Some register values may be zeroed or incorrect. rax=0000000000000002 rbx=0000000000000000 rcx=000000000000a620 rdx=ffffe001d847d360 rsi=0000000000000000 rdi=0000000000000000 rip=fffff80297ae252c rsp=ffffd000b8e1b710 rbp=ffffd000b8e1bb80 r8=ffffe001d6c15180 r9=000000000000000e r10=0000000020206f49 r11=ffffe001d78b4840 r12=0000000000000000 r13=0000000000000000 r14=0000000000000000 r15=0000000000000000 iopl=0 nv up ei pl zr na po nc nt!KeAcquireSpinLockRaiseToDpc+0x1c: fffff802`97ae252c f0480fba2900 lock bts qword ptr [rcx],0 ds:00000000`0000a620=???????????????? Resetting default scope LAST_CONTROL_TRANSFER: from fffff80297b6aba9 to fffff80297b60220 STACK_TEXT: ffffd000`b8e1b438 fffff802`97b6aba9 : 00000000`0000000a 00000000`0000a620 00000000`00000002 00000000`00000001 : nt!KeBugCheckEx ffffd000`b8e1b440 fffff802`97b693c8 : 00000000`00000000 00000000`00000000 ffffe001`d8d4c010 ffff479f`55c28c80 : nt!KiBugCheckDispatch+0x69 ffffd000`b8e1b580 fffff802`97ae252c : 00000000`00000000 00000000`00000000 e001d78b`4c100001 ffffd000`b8e1b728 : nt!KiPageFault+0x248 ffffd000`b8e1b710 fffff801`2d55319a : e001d78b`4c100000 00000000`0012019f 00000000`00000001 ffffe001`d734f780 : nt!KeAcquireSpinLockRaiseToDpc+0x1c ffffd000`b8e1b740 fffff801`2d553a38 : 00000000`00001ef0 ffffe001`d847d300 00000000`00000001 ffffd000`00000000 : npf+0x319a ffffd000`b8e1b770 fffff802`97e4117d : 00000000`00000001 ffffe001`d847d360 ffffe001`d847d360 ffffe001`00000001 : npf+0x3a38 ffffd000`b8e1b800 fffff802`97e40a56 : 0000001d`2eebcbd8 ffffd000`b8e1bb80 00000000`00000000 00000000`00000000 : nt!IopXxxControlFile+0x71d ffffd000`b8e1ba20 fffff802`97b6a863 : ffffe001`d8c8c080 0000001d`2eebcbb8 ffffd000`b8e1baa8 00000000`00000001 : nt!NtDeviceIoControlFile+0x56 ffffd000`b8e1ba90 00007ffa`0669356a : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 0000001d`2eebcb68 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x00007ffa`0669356a STACK_COMMAND: kb FOLLOWUP_IP: npf+319a fffff801`2d55319a 4032ff xor dil,dil SYMBOL_STACK_INDEX: 4 SYMBOL_NAME: npf+319a FOLLOWUP_NAME: MachineOwner MODULE_NAME: npf IMAGE_NAME: npf.sys DEBUG_FLR_IMAGE_TIMESTAMP: 55c32fb5 FAILURE_BUCKET_ID: AV_npf+319a BUCKET_ID: AV_npf+319a ANALYSIS_SOURCE: KM FAILURE_ID_HASH_STRING: km:av_npf+319a FAILURE_ID_HASH: {bf4ae29b-3505-fe6e-b8b7-41bfb9d08cf8} Followup: MachineOwner --------- Pascal.
___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: https://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Current thread:
- Re: Npcap 0.03 call for test, (continued)
- Re: Npcap 0.03 call for test Yang Luo (Aug 03)
- Re: Npcap 0.03 call for test Yang Luo (Aug 03)
- Re: Npcap 0.03 call for test Pascal Quantin (Aug 03)
- Re: Npcap 0.03 call for test Yang Luo (Aug 03)
- Re: Npcap 0.03 call for test Jim Young (Aug 03)
- Re: Npcap 0.03 call for test Yang Luo (Aug 05)
- Re: Npcap 0.03 call for test Jim Young (Aug 06)
- Re: Npcap 0.03 call for test Yang Luo (Aug 15)
- Re: Npcap 0.03 call for test Pascal Quantin (Aug 06)
- Re: Npcap 0.03 call for test Yang Luo (Aug 06)
- Re: Npcap 0.03 call for test Pascal Quantin (Aug 06)
- Re: Npcap 0.03 call for test Jim Young (Aug 06)
- Re: Npcap 0.03 call for test Yang Luo (Aug 10)
- Re: Npcap 0.03 call for test Jim Young (Aug 10)
- Re: Npcap 0.03 call for test Yang Luo (Aug 14)