Open fyodor opened 1 month ago
We just had an Npcap OEM redistribution customer report that one of their customers experienced an Npcap-related BSOD. They sent a dump and we're still evaluating. Here is the stacktrace and npcap module details:
============================================================================================ # Child-SP RetAddr Call Site 00 ffffc209`c7c361a8 fffff807`244123a9 nt!KeBugCheckEx 01 ffffc209`c7c361b0 fffff807`244114fc nt!KiBugCheckDispatch+0x69 02 ffffc209`c7c362f0 fffff807`2440868f nt!KiSystemServiceHandler+0x7c 03 ffffc209`c7c36330 fffff807`2435f917 nt!RtlpExecuteHandlerForException+0xf 04 ffffc209`c7c36360 fffff807`2435d846 nt!RtlDispatchException+0x297 05 ffffc209`c7c36a80 fffff807`244124ec nt!KiDispatchException+0x186 06 ffffc209`c7c37140 fffff807`2440dd52 nt!KiExceptionDispatch+0x12c 07 ffffc209`c7c37320 fffff807`291b430e nt!KiPageFault+0x452 08 ffffc209`c7c374b0 fffff807`2bed2ede NDIS!NdisAcquireRWLockWrite+0x1e 09 ffffc209`c7c374e0 fffff807`2bed2c72 npcap!NPF_RemoveFromGroupOpenArray+0xa2 [C:\Users\Nmap\Documents\Repos\npcap\packetWin7\npf\npf\Openclos.c @ 1463] 0a ffffc209`c7c37520 fffff807`2422d3f5 npcap!NPF_Cleanup+0x62 [C:\Users\Nmap\Documents\Repos\npcap\packetWin7\npf\npf\Openclos.c @ 1303] 0b ffffc209`c7c37550 fffff807`24619397 nt!IofCallDriver+0x55 0c ffffc209`c7c37590 fffff807`2462148f nt!IopCloseFile+0x177 0d ffffc209`c7c37620 fffff807`246cca95 nt!ObCloseHandleTableEntry+0x51f 0e ffffc209`c7c37760 fffff807`2471d28d nt!ExSweepHandleTable+0xd5 0f ffffc209`c7c37810 fffff807`24712e70 nt!ObKillProcess+0x35 10 ffffc209`c7c37840 fffff807`2468a08e nt!PspRundownSingleProcess+0x204 11 ffffc209`c7c378d0 fffff807`246bf15e nt!PspExitThread+0x5f6 12 ffffc209`c7c379d0 fffff807`24411b05 nt!NtTerminateProcess+0xde 13 ffffc209`c7c37a40 00007ffd`36d6dae4 nt!KiSystemServiceCopyEnd+0x25 14 00000025`11faf778 00000000`00000000 0x00007ffd`36d6dae4 2: kd> lmvm npcap Browse full module list start end module name fffff807`2bed0000 fffff807`2bee3000 npcap T (private pdb symbols) c:\store\devsetup\npcap-1.79-debugsymbols\x64\win10\npcap.pdb Loaded symbol image file: npcap.sys Image path: \SystemRoot\system32\DRIVERS\npcap.sys Image name: npcap.sys Browse all global symbols functions data Timestamp: Wed Jan 17 22:48:37 2024 (65A85945) CheckSum: 0001CF7E ImageSize: 00013000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4 Information from resource tables:
Likely fixed in 44b4d9d67829c9120f3e6bc4e746b5448fd79cba, but need testing to confirm.
We just had an Npcap OEM redistribution customer report that one of their customers experienced an Npcap-related BSOD. They sent a dump and we're still evaluating. Here is the stacktrace and npcap module details: