-
Notifications
You must be signed in to change notification settings - Fork 560
Closed
Description
We just had an Npcap OEM redistribution customer report that one of their customers experienced an Npcap-related BSOD. They sent a dump and we're still evaluating. Here is the stacktrace and npcap module details:
============================================================================================
# Child-SP RetAddr Call Site
00 ffffc209`c7c361a8 fffff807`244123a9 nt!KeBugCheckEx
01 ffffc209`c7c361b0 fffff807`244114fc nt!KiBugCheckDispatch+0x69
02 ffffc209`c7c362f0 fffff807`2440868f nt!KiSystemServiceHandler+0x7c
03 ffffc209`c7c36330 fffff807`2435f917 nt!RtlpExecuteHandlerForException+0xf
04 ffffc209`c7c36360 fffff807`2435d846 nt!RtlDispatchException+0x297
05 ffffc209`c7c36a80 fffff807`244124ec nt!KiDispatchException+0x186
06 ffffc209`c7c37140 fffff807`2440dd52 nt!KiExceptionDispatch+0x12c
07 ffffc209`c7c37320 fffff807`291b430e nt!KiPageFault+0x452
08 ffffc209`c7c374b0 fffff807`2bed2ede NDIS!NdisAcquireRWLockWrite+0x1e
09 ffffc209`c7c374e0 fffff807`2bed2c72 npcap!NPF_RemoveFromGroupOpenArray+0xa2 [C:\Users\Nmap\Documents\Repos\npcap\packetWin7\npf\npf\Openclos.c @ 1463]
0a ffffc209`c7c37520 fffff807`2422d3f5 npcap!NPF_Cleanup+0x62 [C:\Users\Nmap\Documents\Repos\npcap\packetWin7\npf\npf\Openclos.c @ 1303]
0b ffffc209`c7c37550 fffff807`24619397 nt!IofCallDriver+0x55
0c ffffc209`c7c37590 fffff807`2462148f nt!IopCloseFile+0x177
0d ffffc209`c7c37620 fffff807`246cca95 nt!ObCloseHandleTableEntry+0x51f
0e ffffc209`c7c37760 fffff807`2471d28d nt!ExSweepHandleTable+0xd5
0f ffffc209`c7c37810 fffff807`24712e70 nt!ObKillProcess+0x35
10 ffffc209`c7c37840 fffff807`2468a08e nt!PspRundownSingleProcess+0x204
11 ffffc209`c7c378d0 fffff807`246bf15e nt!PspExitThread+0x5f6
12 ffffc209`c7c379d0 fffff807`24411b05 nt!NtTerminateProcess+0xde
13 ffffc209`c7c37a40 00007ffd`36d6dae4 nt!KiSystemServiceCopyEnd+0x25
14 00000025`11faf778 00000000`00000000 0x00007ffd`36d6dae4
2: kd> lmvm npcap
Browse full module list
start end module name
fffff807`2bed0000 fffff807`2bee3000 npcap T (private pdb symbols) c:\store\devsetup\npcap-1.79-debugsymbols\x64\win10\npcap.pdb
Loaded symbol image file: npcap.sys
Image path: \SystemRoot\system32\DRIVERS\npcap.sys
Image name: npcap.sys
Browse all global symbols functions data
Timestamp: Wed Jan 17 22:48:37 2024 (65A85945)
CheckSum: 0001CF7E
ImageSize: 00013000
Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
Information from resource tables:
Activity
[-]Fix BSOD in !NPF_RemoveFromGroupOpenArray[/-][+]Fix reported BSOD in !NPF_RemoveFromGroupOpenArray[/+]dmiller-nmap commentedon Jul 22, 2024
Likely fixed in 44b4d9d, but need testing to confirm.
dmiller-nmap commentedon Sep 17, 2024
Fixed in Npcap 1.80