Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix reported BSOD in !NPF_RemoveFromGroupOpenArray #746

Closed
fyodor opened this issue Jul 18, 2024 · 2 comments
Closed

Fix reported BSOD in !NPF_RemoveFromGroupOpenArray #746

fyodor opened this issue Jul 18, 2024 · 2 comments

Comments

@fyodor
Copy link
Member

fyodor commented Jul 18, 2024

We just had an Npcap OEM redistribution customer report that one of their customers experienced an Npcap-related BSOD. They sent a dump and we're still evaluating. Here is the stacktrace and npcap module details:

============================================================================================
# Child-SP          RetAddr               Call Site
00 ffffc209`c7c361a8 fffff807`244123a9     nt!KeBugCheckEx
01 ffffc209`c7c361b0 fffff807`244114fc     nt!KiBugCheckDispatch+0x69
02 ffffc209`c7c362f0 fffff807`2440868f     nt!KiSystemServiceHandler+0x7c
03 ffffc209`c7c36330 fffff807`2435f917     nt!RtlpExecuteHandlerForException+0xf
04 ffffc209`c7c36360 fffff807`2435d846     nt!RtlDispatchException+0x297
05 ffffc209`c7c36a80 fffff807`244124ec     nt!KiDispatchException+0x186
06 ffffc209`c7c37140 fffff807`2440dd52     nt!KiExceptionDispatch+0x12c
07 ffffc209`c7c37320 fffff807`291b430e     nt!KiPageFault+0x452
08 ffffc209`c7c374b0 fffff807`2bed2ede     NDIS!NdisAcquireRWLockWrite+0x1e
09 ffffc209`c7c374e0 fffff807`2bed2c72     npcap!NPF_RemoveFromGroupOpenArray+0xa2 [C:\Users\Nmap\Documents\Repos\npcap\packetWin7\npf\npf\Openclos.c @ 1463]
0a ffffc209`c7c37520 fffff807`2422d3f5     npcap!NPF_Cleanup+0x62 [C:\Users\Nmap\Documents\Repos\npcap\packetWin7\npf\npf\Openclos.c @ 1303]
0b ffffc209`c7c37550 fffff807`24619397     nt!IofCallDriver+0x55
0c ffffc209`c7c37590 fffff807`2462148f     nt!IopCloseFile+0x177
0d ffffc209`c7c37620 fffff807`246cca95     nt!ObCloseHandleTableEntry+0x51f
0e ffffc209`c7c37760 fffff807`2471d28d     nt!ExSweepHandleTable+0xd5
0f ffffc209`c7c37810 fffff807`24712e70     nt!ObKillProcess+0x35
10 ffffc209`c7c37840 fffff807`2468a08e     nt!PspRundownSingleProcess+0x204
11 ffffc209`c7c378d0 fffff807`246bf15e     nt!PspExitThread+0x5f6
12 ffffc209`c7c379d0 fffff807`24411b05     nt!NtTerminateProcess+0xde
13 ffffc209`c7c37a40 00007ffd`36d6dae4     nt!KiSystemServiceCopyEnd+0x25
14 00000025`11faf778 00000000`00000000     0x00007ffd`36d6dae4
2: kd> lmvm npcap
Browse full module list
start             end                 module name
fffff807`2bed0000 fffff807`2bee3000   npcap    T (private pdb symbols)  c:\store\devsetup\npcap-1.79-debugsymbols\x64\win10\npcap.pdb
    Loaded symbol image file: npcap.sys
    Image path: \SystemRoot\system32\DRIVERS\npcap.sys
    Image name: npcap.sys
    Browse all global symbols  functions  data
    Timestamp:        Wed Jan 17 22:48:37 2024 (65A85945)
    CheckSum:         0001CF7E
    ImageSize:        00013000
    Translations:     0000.04b0 0000.04e4 0409.04b0 0409.04e4
    Information from resource tables:
@fyodor fyodor changed the title Fix BSOD in !NPF_RemoveFromGroupOpenArray Fix reported BSOD in !NPF_RemoveFromGroupOpenArray Jul 18, 2024
@dmiller-nmap
Copy link
Contributor

Likely fixed in 44b4d9d, but need testing to confirm.

@dmiller-nmap
Copy link
Contributor

Fixed in Npcap 1.80

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants