Npcap v.9982 cause bsod on Stop

[keithdg]

Doing an sc stop npcap will cause a bsod if the npcap is in the middle of injecting a packet.
Best way to test is to run wireshark, quit wireshark while packets are moving from a browser
do a sc stop npcap.

The Classify code should be protect unregister of the WFP driver that happens in the middle of transmission of an FwpsInjectNetworkSendAsync

Here is the stack.

2: kd> !ANALYZE
Connected to Windows 8 15063 x64 target at (Mon Aug  5 15:24:02.603 2019 (UTC - 4:00)), ptr64 TRUE
Loading Kernel Symbols
...............................................................
................................................................
.........................................................
Loading User Symbols

Loading unloaded module list
...............Unable to enumerate user-mode unloaded modules, Win32 error 0n30
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck D1, {27, 2, 1, fffff80b4b812ca0}

*** ERROR: Module load completed but symbols could not be loaded for npcap.sys
Probably caused by : fwpkclnt.sys ( fwpkclnt!FwppInjectPrologue+94 )

Followup: MachineOwner
---------

2: kd> kb
RetAddr           : Args to Child                                                           : Call Site
fffff801`d7094232 : 00000000`00000027 00000000`0000000a ffffdf00`1c8e9380 fffff801`d6f6a2d0 : nt!DbgBreakPointWithStatus
fffff801`d7093ae2 : 00000000`00000003 ffffdf00`1c8e9380 fffff801`d71452e0 00000000`000000d1 : nt!KiBugCheckDebugBreak+0x12
fffff801`d7003667 : 00000000`00000000 00000000`00000000 00000000`00000001 ffffdf00`1c8e9a50 : nt!KeBugCheck2+0x922
fffff801`d700e8a9 : 00000000`0000000a 00000000`00000027 00000000`00000002 00000000`00000001 : nt!KeBugCheckEx+0x107
fffff801`d700ce7d : 00000000`646e444e 00000000`00000060 00000001`00000001 ffffce07`439e00d0 : nt!KiBugCheckDispatch+0x69
fffff80b`4b812ca0 : ffffce07`416ceab0 fffff80b`4b4417d5 00000000`00000000 ffffce07`43405c00 : nt!KiPageFault+0x23d
fffff80b`4b81464b : 00000000`00000001 ffffdf00`1c8e9dd1 00000000`00000000 ffffce07`46141bd0 : fwpkclnt!FwppInjectPrologue+0x94
fffff80b`4dc215a2 : ffffffff`ffffffff 00000000`00000000 ffffdf00`1c8ea102 00000000`00000014 : fwpkclnt!FwpsInjectNetworkSendAsync0+0xdb
fffff80b`4b44fda1 : ffffce07`41f07e10 ffffdf00`1c8e9fe0 ffffdf00`1c8ea5e0 00000000`00000000 : npcap+0x15a2
fffff80b`4b44f1d7 : 00000000`00000000 ffffdf00`1c8ea590 ffffdf00`1c8ea5e0 ffffce07`43405c60 : NETIO!ProcessCallout+0x9b1
fffff80b`4b44d206 : 00000000`00000000 ffffdf00`1c8ea2a0 00000000`00000000 ffffce07`47e980d4 : NETIO!ArbitrateAndEnforce+0x497
fffff80b`4be502d0 : 00000000`00000000 ffffce07`475fc180 00000000`0000ff02 00000000`00000000 : NETIO!KfdClassify+0x316
fffff80b`4bd971f0 : 00000000`00000001 ffffce07`43405fc4 00000000`00000001 ffffce07`475fcb80 : tcpip!ShimIpPacketInV4+0xb8eac
fffff80b`4bd96841 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : tcpip!IppReceiveHeadersHelper+0x2d0
fffff80b`4bd6e9a3 : 00000000`00000003 00000000`00000000 fffff80b`4bf34000 ffffdf00`1c8eaf20 : tcpip!IppReceiveHeaderBatch+0x91
fffff80b`4bd6e633 : 00000000`00004800 00000000`00000000 00000000`00000000 ffffce07`42244a01 : tcpip!IppLoopbackIndicatePackets+0x1c7
fffff801`d6ead20b : ffffdf00`1c8eb0f8 ffffce07`45208080 ffffdf00`1c8eb0f8 fffff80b`4bd6e540 : tcpip!IppLoopbackTransmitCalloutRoutine+0xf3
fffff80b`4bde8385 : 00000000`00000002 fffff80b`4bf386f0 fffff80b`4bf34000 fffff80b`4bf34001 : nt!KeExpandKernelStackAndCalloutInternal+0x8b
fffff80b`4bd95a0e : ffffce07`42244a78 ffffdf00`1c8eb180 00000000`00000000 ffffce07`4249d040 : tcpip!IppLoopbackEnqueue+0x185
fffff80b`4bd94dcf : fffff80b`4bf34000 00000000`00000000 ffffce07`42244a78 00000000`00006a02 : tcpip!IppDispatchSendPacketHelper+0x99e
fffff80b`4bd9406b : 00000000`00000000 ffffdf00`1c8eb810 ffffce07`42244a78 00000000`00000007 : tcpip!IppPacketizeDatagrams+0x2df
fffff80b`4bda2ff1 : ffffce07`47278c00 ffffce07`41908c40 fffff80b`4bf34000 ffffce07`42d73340 : tcpip!IppSendDatagramsCommon+0x4db
fffff80b`4bd9fc94 : 00000000`00418b00 00000000`00000001 ffffce07`43b66650 fffff80b`4bf34000 : tcpip!IpNlpFastSendDatagram+0xf51
fffff80b`4bd9923a : 00000000`00000000 00000000`00000080 00000000`00000002 00000009`fb68925a : tcpip!TcpTcbSend+0x5c4
fffff80b`4bd62e21 : ffffce07`42225900 00000000`00418bcb ffffce07`00000004 ffffce07`4222ecd0 : tcpip!TcpFlushDelay+0x1fa
fffff801`d6f09b6c : ffffdf00`1c8b9f80 00000000`00000000 ffffce07`4222ed88 ffffdf00`1c8b7180 : tcpip!TcpPeriodicTimeoutHandler+0x7f1
fffff801`d6f09477 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiExecuteAllDpcs+0x1dc
fffff801`d7008635 : 00000000`00000000 ffffdf00`1c8b7180 ffffdf00`1fdff730 00000000`00000000 : nt!KiRetireDpcList+0xd7
fffff801`d7008440 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KxRetireDpcList+0x5
fffff801`d7006d3a : 00000000`00000000 00000000`00000001 00000000`00000206 fffff801`d70086cf : nt!KiDispatchInterruptContinue
fffff801`d7009057 : ffffdf00`1c8b7ae0 fffff801`d711665c ffffce07`45208080 00000000`00000001 : nt!KiDpcInterrupt+0xca
fffff801`d711665c : ffffce07`45208080 00000000`00000001 ffffdf00`1fdffa00 ffffdf00`1fdffa08 : nt!ExpInterlockedPopEntrySListResume
fffff801`d6f730ed : ffffb3c6`3f0a245e fffff801`d72145bc 00000000`00000062 ffffdf00`1fdffa80 : nt!ExAllocatePoolWithTag+0x2bc
fffff801`d6f72fd1 : ffffce07`441a59b0 ffffce07`30526d73 00000000`00000000 00000000`00000002 : nt!SmFpAllocate+0x5d
fffff801`d6fa92a9 : ffffce07`441a59b0 ffffdf00`1fdffa50 00000000`00000001 00000000`00000001 : nt!SMKM_STORE_MGR<SM_TRAITS>::SmpPageEvict+0x79
fffff801`d6fec973 : 20000000`20026bcf 00000000`00026bcf fffff801`20026bcf 00000000`00000002 : nt!MiStoreEvictPageFile+0x95
fffff801`d6f73ac7 : 00000175`0000053c ffffce07`45208080 fffff801`d6fec810 ffffce07`4509d440 : nt!MiStoreEvictThread+0x163
fffff801`d70089e6 : ffffdf00`1c835180 ffffce07`45208080 fffff801`d6f73a80 54b4ae2d`00000b80 : nt!PspSystemThreadStartup+0x47
00000000`00000000 : ffffdf00`1fe00000 ffffdf00`1fdfa000 00000000`00000000 00000000`00000000 : nt!KiStartSystemThread+0x16

[dmiller-nmap]

Thanks for the bug report! I'll take a look at it.

[dmiller-nmap]

@keithdg This should have been fixed in Npcap 0.9983. If you still experience this problem in the latest Npcap, you may reopen this issue.