(Yeah I know it’s probably mine, but I’m at a dead end…)
There is a previous thread about this
http://www.osronline.com/showthread.cfm?link=210582
But I’m pretty sure that my driver is already doing the correct thing of not calling NdisFSendNetBufferListsComplete() on anything that’s mine, which it was implied that person wasn’t doing.
Here’s my analyze -v output
DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If kernel debugger is available get stack backtrace.
Arguments:
Arg1: 00000000, memory referenced
Arg2: 00000002, IRQL
Arg3: 00000001, value 0 = read operation, 1 = write operation
Arg4: 8c2ec748, address which referenced memory
Debugging Details:
WRITE_ADDRESS: 00000000
CURRENT_IRQL: 2
FAULTING_IP:
ndis!ndisMSendCompleteNetBufferListsInternal+b9
8c2ec748 8938 mov dword ptr [eax],edi
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
BUGCHECK_STR: 0xD1
PROCESS_NAME: System
TRAP_FRAME: 82970a4c – (.trap 0xffffffff82970a4c)
ErrCode = 00000002
eax=00000000 ebx=00000000 ecx=00000000 edx=00000000 esi=853850e0 edi=85533580
eip=8c2ec748 esp=82970ac0 ebp=82970af8 iopl=0 nv up ei pl zr na pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010246
ndis!ndisMSendCompleteNetBufferListsInternal+0xb9:
8c2ec748 8938 mov dword ptr [eax],edi ds:0023:00000000=???
Resetting default scope
LAST_CONTROL_TRANSFER: from 82926fc5 to 828b54b4
STACK_TEXT:
82970614 82926fc5 00000003 1594df74 00000065 nt!RtlpBreakWithStatusInstruction
82970664 82927ac1 00000003 00000000 8c2ec748 nt!KiBugCheckDebugBreak+0x1c
82970a2c 8289085b 0000000a 00000000 00000002 nt!KeBugCheck2+0x68b
82970a2c 8c2ec748 0000000a 00000000 00000002 nt!KiTrap0E+0x2cf
82970af8 8c2885e2 85533580 85519318 00000001 ndis!ndisMSendCompleteNetBufferListsInternal+0xb9
82970b0c 9132b848 86980b38 85519318 00000001 ndis!NdisFSendNetBufferListsComplete+0x3a
82970b30 8c2885e2 869807b8 85519318 00000001 pacer!PcFilterSendNetBufferListsComplete+0xb4
82970b44 91360892 8697e7c8 85519318 00000001 ndis!NdisFSendNetBufferListsComplete+0x3a
82970b68 8c2ecf0a 8697a738 85519318 00000001 ndislwf!FilterSendNetBufferListsComplete+0x102 [c:\ndislwf-test\filter.c @ 1229]
82970b8c 93bb503c 853850e0 85519318 00000001 ndis!NdisMSendNetBufferListsComplete+0xa4
82970bb8 93bb2858 865fa000 00000000 82970be4 e1y6032!ProcessTransmitInterrupts+0x1ac
82970be8 93bb2aaf 005fa000 853850e0 82970c10 e1y6032!E1000HandleInterrupt+0x188
82970bf8 93bb2b4a 865fa000 00000000 82970c40 e1y6032!E1000HandleInterruptEx+0xf
82970c10 8c2da301 865fa000 00000000 00000000 e1y6032!E1000MessageInterruptDPC+0x1a
82970c50 8c2859f4 864502b4 004501a0 00000000 ndis!ndisMiniportDpc+0xda
82970c78 828b24f5 864502b4 864501a0 00000000 ndis!ndisInterruptDpc+0xaf
82970cd4 828b2358 82973d20 8297d280 00000000 nt!KiExecuteAllDpcs+0xf9
82970d20 828b2178 00000000 0000000e 00000000 nt!KiRetireDpcList+0xd5
82970d24 00000000 0000000e 00000000 00000000 nt!KiIdleLoop+0x38
STACK_COMMAND: kb
FOLLOWUP_IP:
pacer!PcFilterSendNetBufferListsComplete+b4
9132b848 5b pop ebx
SYMBOL_STACK_INDEX: 6
SYMBOL_NAME: pacer!PcFilterSendNetBufferListsComplete+b4
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: pacer
IMAGE_NAME: pacer.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 4a5bc916
FAILURE_BUCKET_ID: 0xD1_pacer!PcFilterSendNetBufferListsComplete+b4
BUCKET_ID: 0xD1_pacer!PcFilterSendNetBufferListsComplete+b4
Followup: MachineOwner
And here’s what my code at c:\ndislwf-test\filter.c looks like (I’m pretty sure it’s basically default example code):
VOID
FilterSendNetBufferListsComplete(
IN NDIS_HANDLE FilterModuleContext,
IN PNET_BUFFER_LIST NetBufferLists,
IN ULONG SendCompleteFlags
)
/*++
Routine Description:
SendNetBufferListComplete
Arguments:
Return Value:
NONE
–*/
{
PMS_FILTER pFilter = (PMS_FILTER)FilterModuleContext;
ULONG NumOfSendCompletes = 0;
BOOLEAN DispatchLevel;
PNET_BUFFER_LIST CurrNbl;
DEBUGP(DL_TRACE, (“===>SendNBLComplete, NetBufferList: %p.\n”, NetBufferLists));
//
// if necessary, undo any modifications to the NetBufferList thate were performed “on the way down”
//
if (pFilter->TrackSends)
{
CurrNbl = NetBufferLists;
while (CurrNbl)
{
NumOfSendCompletes++;
CurrNbl = NET_BUFFER_LIST_NEXT_NBL(CurrNbl);
}
DispatchLevel = NDIS_TEST_SEND_AT_DISPATCH_LEVEL(SendCompleteFlags);
FILTER_ACQUIRE_LOCK(&pFilter->Lock, DispatchLevel);
pFilter->OutstandingSends -= NumOfSendCompletes;
FILTER_LOG_SEND_REF(2, pFilter, PrevNbl, pFilter->OutstandingSends);
FILTER_RELEASE_LOCK(&pFilter->Lock, DispatchLevel);
}
//Don’t call NdisFSendNetBufferListsComplete for our own packets, just free them
if(NetBufferLists->NdisPoolHandle != gNblPoolHandle){
NdisFSendNetBufferListsComplete(pFilter->FilterHandle, NetBufferLists, SendCompleteFlags);
}
else{
NdisFreeNetBufferList(NetBufferLists);
}
DEBUGP(DL_TRACE, (“<===SendNBLComplete.\n”));
}
So the point is that I don’t ever call NdisFSendNetBufferListsComplete() on anything that’s not from my pool (gNblPoolHandle). This is only very sporatically occuring, it’s not every time, so I’m not clear who is at fault.
Thanks for your help
Justin