Closed r0t0tiller closed 5 years ago
FAULTING_IP: wanarp+11aa
How is this Npcap's fault? wanarp.sys is Microsoft's MS Remote Access and Routing ARP Driver.
Besides windump
decodes frame 1 + 2 fine. But the remaining 9030 frames are parsed as junk:
[Invalid header: caplen==0, len==0]
I am going to do more analysis on this. Feel free to close.
This is very likely the same issue as #1398, caused by using pageable memory for network data. When it is paged out, the MDL becomes junk, causing crashes in downstream drivers. This issue will be solved in the next release.
Description:
When sending a malformed .pcap file with the NDIS Wan adapter results in a Denial-of-Service (BSoD).
Analysis:
When sending a malformed .pcap file with the NDIS Wan adapter using either pcap_sendqueue_queue() or pcap_sendqueue_transmit() results in a Denial-of-Service (BSoD).
Version: npcap 0.992
Tested on: Windows 10 x64