search

nmap / npcap

Nmap Project's Windows packet capture and transmission library
https://npcap.com
Other
2.97k stars 514 forks source link

Fix reported BSOD in !NPF_RemoveFromGroupOpenArray #746

Open fyodor opened 1 month ago

fyodor commented 1 month ago

We just had an Npcap OEM redistribution customer report that one of their customers experienced an Npcap-related BSOD. They sent a dump and we're still evaluating. Here is the stacktrace and npcap module details:

============================================================================================
# Child-SP          RetAddr               Call Site
00 ffffc209`c7c361a8 fffff807`244123a9     nt!KeBugCheckEx
01 ffffc209`c7c361b0 fffff807`244114fc     nt!KiBugCheckDispatch+0x69
02 ffffc209`c7c362f0 fffff807`2440868f     nt!KiSystemServiceHandler+0x7c
03 ffffc209`c7c36330 fffff807`2435f917     nt!RtlpExecuteHandlerForException+0xf
04 ffffc209`c7c36360 fffff807`2435d846     nt!RtlDispatchException+0x297
05 ffffc209`c7c36a80 fffff807`244124ec     nt!KiDispatchException+0x186
06 ffffc209`c7c37140 fffff807`2440dd52     nt!KiExceptionDispatch+0x12c
07 ffffc209`c7c37320 fffff807`291b430e     nt!KiPageFault+0x452
08 ffffc209`c7c374b0 fffff807`2bed2ede     NDIS!NdisAcquireRWLockWrite+0x1e
09 ffffc209`c7c374e0 fffff807`2bed2c72     npcap!NPF_RemoveFromGroupOpenArray+0xa2 [C:\Users\Nmap\Documents\Repos\npcap\packetWin7\npf\npf\Openclos.c @ 1463]
0a ffffc209`c7c37520 fffff807`2422d3f5     npcap!NPF_Cleanup+0x62 [C:\Users\Nmap\Documents\Repos\npcap\packetWin7\npf\npf\Openclos.c @ 1303]
0b ffffc209`c7c37550 fffff807`24619397     nt!IofCallDriver+0x55
0c ffffc209`c7c37590 fffff807`2462148f     nt!IopCloseFile+0x177
0d ffffc209`c7c37620 fffff807`246cca95     nt!ObCloseHandleTableEntry+0x51f
0e ffffc209`c7c37760 fffff807`2471d28d     nt!ExSweepHandleTable+0xd5
0f ffffc209`c7c37810 fffff807`24712e70     nt!ObKillProcess+0x35
10 ffffc209`c7c37840 fffff807`2468a08e     nt!PspRundownSingleProcess+0x204
11 ffffc209`c7c378d0 fffff807`246bf15e     nt!PspExitThread+0x5f6
12 ffffc209`c7c379d0 fffff807`24411b05     nt!NtTerminateProcess+0xde
13 ffffc209`c7c37a40 00007ffd`36d6dae4     nt!KiSystemServiceCopyEnd+0x25
14 00000025`11faf778 00000000`00000000     0x00007ffd`36d6dae4
2: kd> lmvm npcap
Browse full module list
start             end                 module name
fffff807`2bed0000 fffff807`2bee3000   npcap    T (private pdb symbols)  c:\store\devsetup\npcap-1.79-debugsymbols\x64\win10\npcap.pdb
    Loaded symbol image file: npcap.sys
    Image path: \SystemRoot\system32\DRIVERS\npcap.sys
    Image name: npcap.sys
    Browse all global symbols  functions  data
    Timestamp:        Wed Jan 17 22:48:37 2024 (65A85945)
    CheckSum:         0001CF7E
    ImageSize:        00013000
    Translations:     0000.04b0 0000.04e4 0409.04b0 0409.04e4
    Information from resource tables:
dmiller-nmap commented 1 month ago

Likely fixed in 44b4d9d67829c9120f3e6bc4e746b5448fd79cba, but need testing to confirm.