search

nmap / npcap

Nmap Project's Windows packet capture and transmission library
https://npcap.com
Other
3.03k stars 519 forks source link

卸载时出现:Fatal System Error: 0x000000d1 #212

Open kouzhudong opened 4 years ago

kouzhudong commented 4 years ago

2: kd> g KDTARGET: Refreshing KD connection

*** Fatal System Error: 0x000000d1 (0xFFFFB887AA9E08D8,0x0000000000000002,0x0000000000000000,0xFFFFF8023560EA81)

Break instruction exception - code 80000003 (first chance)

A fatal system error has occurred. Debugger entered on first try; Bugcheck callbacks have not been invoked.

A fatal system error has occurred.

nt!DbgBreakPointWithStatus: fffff802`335cd210 cc int 3 2: kd> !analyze -v Connected to Windows 10 18362 x64 target at (Fri Jul 24 10:44:19.257 2020 (UTC + 8:00)), ptr64 TRUE Loading Kernel Symbols ............................

Press ctrl-c (cdb, kd, ntsd) or ctrl-break (windbg) to abort symbol loads that take too long. Run !sym noisy before .reload to track down problems loading symbols.

................................... ................................................................ ................................................................ .... Loading User Symbols ..................................

Press ctrl-c (cdb, kd, ntsd) or ctrl-break (windbg) to abort symbol loads that take too long. Run !sym noisy before .reload to track down problems loading symbols.

.............................. . Loading unloaded module list ...........

DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1) An attempt was made to access a pageable (or completely invalid) address at an interrupt request level (IRQL) that is too high. This is usually caused by drivers using improper addresses. If kernel debugger is available get stack backtrace. Arguments: Arg1: ffffb887aa9e08d8, memory referenced Arg2: 0000000000000002, IRQL Arg3: 0000000000000000, value 0 = read operation, 1 = write operation Arg4: fffff8023560ea81, address which referenced memory

Debugging Details:

KEY_VALUES_STRING: 1

PROCESSES_ANALYSIS: 1

SERVICE_ANALYSIS: 1

STACKHASH_ANALYSIS: 1

TIMELINE_ANALYSIS: 1

DUMP_CLASS: 1

DUMP_QUALIFIER: 0

BUILD_VERSION_STRING: 18362.1.amd64fre.19h1_release.190318-1202

DUMP_TYPE: 0

BUGCHECK_P1: ffffb887aa9e08d8

BUGCHECK_P2: 2

BUGCHECK_P3: 0

BUGCHECK_P4: fffff8023560ea81

READ_ADDRESS: ffffb887aa9e08d8 Special pool

CURRENT_IRQL: 2

FAULTING_IP: ndis!NdisFreeNetBuffer+11 fffff802`3560ea81 8b4558 mov eax,dword ptr [rbp+58h]

CPU_COUNT: 6

CPU_MHZ: c78

CPU_VENDOR: GenuineIntel

CPU_FAMILY: 6

CPU_MODEL: 9e

CPU_STEPPING: a

CPU_MICROCODE: 6,9e,a,0 (F,M,S,R) SIG: B4'00000000 (cache) B4'00000000 (init)

DEFAULT_BUCKET_ID: WIN8_DRIVER_FAULT

BUGCHECK_STR: AV

PROCESS_NAME: dumpcap.exe

ANALYSIS_SESSION_HOST: CORREY

ANALYSIS_SESSION_TIME: 07-24-2020 10:45:02.0973

ANALYSIS_VERSION: 10.0.18362.1 amd64fre

DEVICE_OBJECT: ffffb88700000000

TRAP_FRAME: ffffaf092fbe5550 -- (.trap 0xffffaf092fbe5550) NOTE: The trap frame does not contain all registers. Some register values may be zeroed or incorrect. rax=ffffb887aa9aae10 rbx=0000000000000000 rcx=ffffb887aa9aae10 rdx=0000000000000000 rsi=0000000000000000 rdi=0000000000000000 rip=fffff8023560ea81 rsp=ffffaf092fbe56e0 rbp=ffffb887aa9e0880 r8=ffffb887a9d018c0 r9=0000000000000000 r10=ffffb887a0a25160 r11=0000000000000000 r12=0000000000000000 r13=0000000000000000 r14=0000000000000000 r15=0000000000000000 iopl=0 nv up ei ng nz na pe nc ndis!NdisFreeNetBuffer+0x11: fffff8023560ea81 8b4558 mov eax,dword ptr [rbp+58h] ss:0018:ffffb887aa9e08d8=???????? Resetting default scope

LAST_CONTROL_TRANSFER: from fffff802336ac922 to fffff802335cd210

STACK_TEXT:
ffffaf092fbe4c68 fffff802336ac922 : ffffb887aa9e08d8 0000000000000003 ffffaf092fbe4dd0 fffff80233514b70 : nt!DbgBreakPointWithStatus ffffaf092fbe4c70 fffff802336ac017 : 0000000000000003 ffffaf092fbe4dd0 fffff802335d9a60 00000000000000d1 : nt!KiBugCheckDebugBreak+0x12 ffffaf092fbe4cd0 fffff802335c54c7 : ffffaf092fbe5450 ffffb887ab0e2fc0 0000000000000000 00000000ffffffff : nt!KeBugCheck2+0x947 ffffaf092fbe53d0 fffff802335d71e9 : 000000000000000a ffffb887aa9e08d8 0000000000000002 0000000000000000 : nt!KeBugCheckEx+0x107 ffffaf092fbe5410 fffff802335d3529 : 0000000000000103 0000000000000000 0000000000000103 0000000000000000 : nt!KiBugCheckDispatch+0x69 ffffaf092fbe5550 fffff8023560ea81 : ffffb887ab0e2fc0 fffff80233d7e52b ffffb887a104a7c8 0000000000000000 : nt!KiPageFault+0x469 ffffaf092fbe56e0 fffff802322a479a : ffffb887ab0e2fc0 ffffb88740000010 00000000ffffffff 0000000000000001 : ndis!NdisFreeNetBuffer+0x11 ffffaf092fbe5710 fffff802322a3fe3 : 0000000000000067 fffff802322a4830 ffffb887aa024502 ffffb887aba66c44 : npcap!NPF_FreeNBCopies+0x7a [F:\git\network\nmap\npcap\packetWin7\npf\npf\Openclos.c @ 442] ffffaf092fbe5740 fffff802322a3fe3 : 0000000000040246 0000000000000067 0000000000000000 ffffb887aa024500 : npcap!NPF_ObjectPoolReturn+0x43 [F:\git\network\nmap\npcap\packetWin7\npf\npf\ObjPool.c @ 291] ffffaf092fbe5780 fffff802322a9971 : ffffb887ab0e2fc0 0000000000000067 0000000000000000 ffffb887aa024500 : npcap!NPF_ObjectPoolReturn+0x43 [F:\git\network\nmap\npcap\packetWin7\npf\npf\ObjPool.c @ 291] ffffaf092fbe57c0 fffff802335827aa : 0000000000000000 ffffb887aa990ea0 ffffb88700000300 ffffb8870003e800 : npcap!NPF_Read+0x3e1 [F:\git\network\nmap\npcap\packetWin7\npf\npf\Read.c @ 376] ffffaf092fbe5840 fffff80233d680a9 : ffffb887aa990ea0 ffffb887aa3022f0 fffff57a8096f800 81000000278f8867 : nt!IopfCallDriver+0x56 ffffaf092fbe5880 fffff80233621b65 : ffffb887aa990ea0 0000000000000000 0000000000000001 ffffb887ab97ce00 : nt!IovCallDriver+0x275 ffffaf092fbe58c0 fffff80233a0ae15 : ffffaf092fbe5b80 ffffb887aa990ea0 0000000000000001 ffffb887a7599ed0 : nt!IofCallDriver+0x184ce5 ffffaf092fbe5900 fffff80233a06fef : ffffb88700000000 0000000000000000 0000000000000000 ffffaf092fbe5b80 : nt!IopSynchronousServiceTail+0x1a5 ffffaf092fbe59a0 fffff802335d6c15 : 0000000000000001 0000000000000000 0000000000000000 0000000000000000 : nt!NtReadFile+0x59f ffffaf092fbe5a90 00007ffcc1c7c134 : 00007ffcbf7c5187 0000000000000000 ffffffffffd9da60 0000000000000048 : nt!KiSystemServiceCopyEnd+0x25 000000eea56fd5a8 00007ffcbf7c5187 : 0000000000000000 ffffffffffd9da60 0000000000000048 0000000000000001 : ntdll!NtReadFile+0x14 000000eea56fd5b0 00007ffc98605945 : 0000025be017b010 0000025be017b010 0000025b00000000 000000eea56fd6c4 : KERNELBASE!ReadFile+0x77 000000eea56fd630 00007ffc86cfe3b6 : 0000025be0124cb0 00007ffcbf815ac9 0000000000000000 0000000000000000 : packet!PacketReceivePacket+0x95 000000eea56fd670 0000025be0124cb0 : 00007ffcbf815ac9 0000000000000000 0000000000000000 0000000000000000 : wpcap!pcap_lookupnet+0x416 000000eea56fd678 00007ffcbf815ac9 : 0000000000000000 0000000000000000 0000000000000000 00007ff7886ae4d0 : 0x0000025be0124cb0 000000eea56fd680 00007ff788692049 : 0000025be0124cb0 0000000000001001 000000eea56fd800 000000eea56fd770 : KERNELBASE!PeekNamedPipe+0x1b9 000000eea56fd750 0000025be0124cb0 : 0000000000001001 000000eea56fd800 000000eea56fd770 000000eea56fd7a0 : dumpcap+0x2049 000000eea56fd758 0000000000001001 : 000000eea56fd800 000000eea56fd770 000000eea56fd7a0 0000000000000000 : 0x0000025be0124cb0 000000eea56fd760 000000eea56fd800 : 000000eea56fd770 000000eea56fd7a0 0000000000000000 0000000000000000 : 0x1001 000000eea56fd768 000000eea56fd770 : 000000eea56fd7a0 0000000000000000 0000000000000000 0000de17d64ece18 : 0x000000eea56fd800 000000eea56fd770 000000eea56fd7a0 : 0000000000000000 0000000000000000 0000de17d64ece18 0000025be0124cb0 : 0x000000eea56fd770 000000eea56fd778 0000000000000000 : 0000000000000000 0000de17d64ece18 0000025be0124cb0 00007ff788693617 : 0x000000ee`a56fd7a0

THREAD_SHA1_HASH_MOD_FUNC: be0bf8f4f9dba2874fd7cfeb9c6097e33cfe8e65

THREAD_SHA1_HASH_MOD_FUNC_OFFSET: 85026973df6ad21b3639f90b10c374a637589978

THREAD_SHA1_HASH_MOD: 2bf4801162187112be2880c1c2294cf2ce5b8490

FOLLOWUP_IP: npcap!NPF_FreeNBCopies+7a [F:\git\network\nmap\npcap\packetWin7\npf\npf\Openclos.c @ 442] fffff802`322a479a 488b5c2430 mov rbx,qword ptr [rsp+30h]

FAULT_INSTR_CODE: 245c8b48

FAULTING_SOURCE_LINE: F:\git\network\nmap\npcap\packetWin7\npf\npf\Openclos.c

FAULTING_SOURCE_FILE: F:\git\network\nmap\npcap\packetWin7\npf\npf\Openclos.c

FAULTING_SOURCE_LINE_NUMBER: 442

FAULTING_SOURCE_CODE:
438: pDeleteMe = pMdl; 439: pMdl = pMdl->Next; 440: NdisFreeMdl((PMDL)pDeleteMe); 441: }

442: NET_BUFFER_FIRST_MDL(pNBCopy->pNetBuffer)->Next = NULL; 443: NET_BUFFER_DATA_LENGTH(pNBCopy->pNetBuffer) = 0; 444: NET_BUFFER_DATA_OFFSET(pNBCopy->pNetBuffer) = 0; 445: NdisFreeNetBuffer(pNBCopy->pNetBuffer); 446: } 447: }

SYMBOL_STACK_INDEX: 7

SYMBOL_NAME: npcap!NPF_FreeNBCopies+7a

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: npcap

IMAGE_NAME: npcap.sys

DEBUG_FLR_IMAGE_TIMESTAMP: 5f16baac

STACK_COMMAND: .thread ; .cxr ; kb

BUCKET_ID_FUNC_OFFSET: 7a

FAILURE_BUCKET_ID: AV_VRF_npcap!NPF_FreeNBCopies

BUCKET_ID: AV_VRF_npcap!NPF_FreeNBCopies

PRIMARY_PROBLEM_CLASS: AV_VRF_npcap!NPF_FreeNBCopies

TARGET_TIME: 2020-07-24T02:42:18.000Z

OSBUILD: 18362

OSSERVICEPACK: 0

SERVICEPACK_NUMBER: 0

OS_REVISION: 0

SUITE_MASK: 272

PRODUCT_TYPE: 1

OSPLATFORM_TYPE: x64

OSNAME: Windows 10

OSEDITION: Windows 10 WinNt TerminalServer SingleUserTS

OS_LOCALE:

USER_LCID: 0

OSBUILD_TIMESTAMP: unknown_date

BUILDDATESTAMP_STR: 190318-1202

BUILDLAB_STR: 19h1_release

BUILDOSVER_STR: 10.0.18362.1.amd64fre.19h1_release.190318-1202

ANALYSIS_SESSION_ELAPSED_TIME: 9cae

ANALYSIS_SOURCE: KM

FAILURE_ID_HASH_STRING: km:av_vrf_npcap!npf_freenbcopies

FAILURE_ID_HASH: {35be24f4-dc28-ccad-e493-9cc776d83253}

Followup: MachineOwner

2: kd> .trap 0xffffaf092fbe5550 NOTE: The trap frame does not contain all registers. Some register values may be zeroed or incorrect. rax=ffffb887aa9aae10 rbx=0000000000000000 rcx=ffffb887aa9aae10 rdx=0000000000000000 rsi=0000000000000000 rdi=0000000000000000 rip=fffff8023560ea81 rsp=ffffaf092fbe56e0 rbp=ffffb887aa9e0880 r8=ffffb887a9d018c0 r9=0000000000000000 r10=ffffb887a0a25160 r11=0000000000000000 r12=0000000000000000 r13=0000000000000000 r14=0000000000000000 r15=0000000000000000 iopl=0 nv up ei ng nz na pe nc ndis!NdisFreeNetBuffer+0x11: fffff8023560ea81 8b4558 mov eax,dword ptr [rbp+58h] ss:0018:ffffb887aa9e08d8=???????? 2: kd> lmvm npcap Browse full module list start end module name fffff802322a0000 fffff802322bd000 npcap (private pdb symbols) F:\git\network\nmap\npcap\packetWin7\vs14\x64\Win7 Debug\npcap.pdb Loaded symbol image file: npcap.sys Image path: npcap.sys Image name: npcap.sys Browse all global symbols functions data Timestamp: Tue Jul 21 17:51:40 2020 (5F16BAAC) CheckSum: 0001C54B ImageSize: 0001D000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4 Information from resource tables: 2: kd> dv pNBCopy = 0xffffb887a3e2136c pMdl = 0x0000000000000000 pDeleteMe =

kouzhudong commented 4 years ago

image