ndislwf problem with copied NetBufferLists and send it

NTDEV
1

hello all,
I copy the NetBufferLists in FilterSendNetBufferLists function , and send it.
Problem a: i use the “ping cmd” ping this “ndislwf PC” at other PC. the ping cmd Request timeout.
Problem b: when i uninstall the ndislwf service, don’t install again.

I do it like this:

  1. In the FilterAttach function, allocate the send/recv poolhandle. initialize send/recv queues.this queue be used save original netbufferlist.
    PoolParameters.ContextSize = 0; PoolParameters.fAllocateNetBuffer = TRUE; use NdisAllocateNetBufferListPool(pFilter->FilterHandle, &PoolParameters);

  2. copy the NetBufferLists when FilterSendNetBufferLists function wes called, and send it.
    FilterSendNetBufferLists(…)
    {

    do
    {

DispatchLevel = NDIS_TEST_SEND_AT_DISPATCH_LEVEL(SendFlags);
#if DBG

#endif
// copy NetBufferLists
FILTER_ACQUIRE_LOCK(&pFilter->Lock, DispatchLevel);
pCopyNetBufferLists = CopyNetBufferList(NetBufferLists);
FILTER_RELEASE_LOCK(&pFilter->Lock, DispatchLevel);
// join original NetBufferLists to my Queues.

NdisFSendNetBufferLists(pFilter->FilterHandle, pCopyNetBufferLists, PortNumber, SendFlags);
}while(bFalse);
}

pNetBufferList = NdisAllocateNetBufferAndNetBufferList(
pNblPoolHandle,
0, // ContextSize
0, // ContextBackfill
pMdl, // MdlChain
0, // DataOffset
DataSize); // DataLength

copy data,just copy it, i consult NTDEV List. but i don’t know how to set NBLs parameters ,
i set the copied nbl: pCopiedNBL->SourceHandle = NetBufferLists->SourceHandle; pCopiedNBL->NblFlags = NetBufferLists->NblFlags;pCopiedNBL->Flags = NetBufferLists->Flags;pCopiedNBL->Status = NetBufferLists->Status;

  1. return original NetBufferList in FilterSendNetBufferListsComplete:
    VOID
    FilterSendNetBufferListsComplete(…)
    {
    // get the original from my queues
    pOriginalNbl=serchqueue(mySendQueueHead,NetBufferLists);

// free NetBufferList
FreeNetBUfferList(NetBufferLists);

NdisFSendNetBufferListsComplete(pFilter->FilterHandle, pOriginalNbl, SendCompleteFlags);
}

  1. In the FilterDetach free the sedn/recv poolhandle, and send/recv Queues;
2

Problem a) Ping is turned off in Win7 by default. You need to use netsh command to turn it on.

3

Don’t manually copy NBLs. NDIS has built-in functionality to do this - read about cloned NBLs here:
http://msdn.microsoft.com/en-us/library/ff546392.aspx
http://msdn.microsoft.com/en-us/library/ff570483.aspx
http://msdn.microsoft.com/en-us/library/ff544929.aspx

Cloned NBLs would eliminate many of the bugs listed below. However, I have no idea what you are trying to accomplish with all this NBL copying - so I can’t 100% guarantee that cloning is right for your situation.

But here are the possible bugs I noticed in your code snippets, several of which could explain why packets aren’t getting sent:

  1. The miniport might need backfill, so you should give the original NBL to the miniport, and keep the copy.

  2. DataOffset is not necessarily zero - check the original NET_BUFFER with NET_BUFFER_DATA_OFFSET().

  3. Remember that NBLs are sent to your filter (and completed back) in chains of multiple NBLs - I don’t see any loops in your code snippets.

  4. When copying an NBL, do not set SourceHandle to the other NBL’s SourceHandle.

  5. You shouldn’t copy the NBL->Status in FilterSendNetBufferLists; the status is only meaningful on the sendcomplete path. Thus, copy it in FilterSendNetBufferListsComplete.

  6. You shouldn’t touch the NBL->Flags. They are reserved for various components.

From: xxxxx@lists.osr.com [mailto:xxxxx@lists.osr.com] On Behalf Of yyffei
Sent: Thursday, April 15, 2010 9:36 AM
To: Windows System Software Devs Interest List
Subject: [ntdev] ndislwf problem with copied NetBufferLists and send it

hello all,
I copy the NetBufferLists in FilterSendNetBufferLists function , and send it.
Problem a: i use the “ping cmd” ping this “ndislwf PC” at other PC. the ping cmd Request timeout.
Problem b: when i uninstall the ndislwf service, don’t install again.

I do it like this:

  1. In the FilterAttach function, allocate the send/recv poolhandle. initialize send/recv queues.this queue be used save original netbufferlist.
    PoolParameters.ContextSize = 0; PoolParameters.fAllocateNetBuffer = TRUE; use NdisAllocateNetBufferListPool(pFilter->FilterHandle, &PoolParameters);

  2. copy the NetBufferLists when FilterSendNetBufferLists function wes called, and send it.
    FilterSendNetBufferLists(…)
    {

    do
    {

DispatchLevel = NDIS_TEST_SEND_AT_DISPATCH_LEVEL(SendFlags);
#if DBG

#endif
// copy NetBufferLists
FILTER_ACQUIRE_LOCK(&pFilter->Lock, DispatchLevel);
pCopyNetBufferLists = CopyNetBufferList(NetBufferLists);
FILTER_RELEASE_LOCK(&pFilter->Lock, DispatchLevel);
// join original NetBufferLists to my Queues.

NdisFSendNetBufferLists(pFilter->FilterHandle, pCopyNetBufferLists, PortNumber, SendFlags);
}while(bFalse);
}

pNetBufferList = NdisAllocateNetBufferAndNetBufferList(
pNblPoolHandle,
0, // ContextSize
0, // ContextBackfill
pMdl, // MdlChain
0, // DataOffset
DataSize); // DataLength

copy data,just copy it, i consult NTDEV List. but i don’t know how to set NBLs parameters ,
i set the copied nbl: pCopiedNBL->SourceHandle = NetBufferLists->SourceHandle; pCopiedNBL->NblFlags = NetBufferLists->NblFlags;pCopiedNBL->Flags = NetBufferLists->Flags;pCopiedNBL->Status = NetBufferLists->Status;

  1. return original NetBufferList in FilterSendNetBufferListsComplete:
    VOID
    FilterSendNetBufferListsComplete(…)
    {
    // get the original from my queues
    pOriginalNbl=serchqueue(mySendQueueHead,NetBufferLists);

// free NetBufferList
FreeNetBUfferList(NetBufferLists);

NdisFSendNetBufferListsComplete(pFilter->FilterHandle, pOriginalNbl, SendCompleteFlags);
}

  1. In the FilterDetach free the sedn/recv poolhandle, and send/recv Queues;

NTDEV is sponsored by OSR

For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer

4

Jeffrey, thanks for your reply!
Frist of all, i copy the NBLs,and i want to modify it. for example, modify the tcp port, or http data. so i am not make sure the cloned NBLs can do this.
“A cloned NET_BUFFER_LIST structure is a duplicate that references the original data. Drivers can use this type of structure to efficiently transfer the same data to multiple paths.”

"

But here are the possible bugs I noticed in your code snippets, several of which could explain why packets aren’t getting sent:

  1. The miniport might need backfill, so you should give the original NBL to the miniport, and keep the copy.

  1. DataOffset is not necessarily zero – check the original NET_BUFFER with NET_BUFFER_DATA_OFFSET().

  2. Remember that NBLs are sent to your filter (and completed back) in chains of multiple NBLs – I don’t see any loops in your code snippets.

  3. When copying an NBL, do not set SourceHandle to the other NBL’s SourceHandle.
    copied NBL, the SourceHandle is NULL. so i set it to original NBL->SourceHandle.

  4. You shouldn’t copy the NBL->Status in FilterSendNetBufferLists; the status is only meaningful on the sendcomplete path. Thus, copy it in FilterSendNetBufferListsComplete.

  5. You shouldn’t touch the NBL->Flags. They are reserved for various components.
    "

my copy code:
PNET_BUFFER_LIST CopyNetBufferList(PNET_BUFFER_LIST pNetBufferLists)
{

pCurrNbl = pNetBufferLists;
pCurrentNbl = pNetBufferList;
while(pCurrentNbl && ntStatus == NDIS_STATUS_SUCCESS)
{
pCurrentNb = NET_BUFFER_LIST_FIRST_NB(pCurrentNbl);
lTotalLength = NET_BUFFER_DATA_LENGTH(pCurrentNb);
pCopyNbl = AllocateNetBuffAndNetBufferList(pNblPoolHandle, pFilterHandle, lTotalLength);
pCopyMdl = NET_BUFFER_FIRST_MDL(NET_BUFFER_LIST_FIRST_NB(pCopyNbl));
NdisQueryMdl(
pCopyMdl,
&pNewBuffer,
&lNewBufferLen,
NormalPagePriority);
lOffset = 0;
pMdl = NET_BUFFER_FIRST_MDL(pCurrentNb);
while(pMdl && lNewBufferLen > 0)
{
NdisQueryMdl( pMdl,(PVOID *)&pData,&lDataBufferLen,NormalPagePriority);
lBytesToCopy = MIN(lDataBufferLen - lMdlOffset, lNewBufferLen);
NdisMoveMemory((pNewBuffer + lOffset), pData + lMdlOffset, lBytesToCopy);
lNewBufferLen -= lBytesToCopy;
lOffset += lBytesToCopy;
// CurrentMdlOffset is used only for the first Mdl processed. For the remaining Mdls, it is 0.
lMdlOffset = 0;
NdisGetNextMdl(pMdl, &pMdl);
}
NET_BUFFER_DATA_LENGTH(NET_BUFFER_LIST_FIRST_NB(pCopyNbl)) = lTotalLength;
pCopyNbl->SourceHandle = pCurrentNbl->SourceHandle;

if(pCopyNetBufferList == NULL)
{
pCopyNetBufferList = pCopyNblTail = pCopyNbl;
}
else
{
NET_BUFFER_LIST_NEXT_NBL(pCopyNblTail) = pCopyNbl;
}
pCurrentNbl = NET_BUFFER_LIST_NEXT_NBL(pCurrentNbl);

}

}

DEBUGP the ETH , IP , TCP/UDP/ICMP data is same as original NBL’s.

i use the same code in FilterReceiveNetBufferLists function. i receive my pind packet. but i have a blue screen.

0: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If kernel debugger is available get stack backtrace.
Arguments:
Arg1: 00000000, memory referenced
Arg2: 00000002, IRQL
Arg3: 00000000, value 0 = read operation, 1 = write operation
Arg4: 9096d695, address which referenced memory
Debugging Details:

READ_ADDRESS: 00000000
CURRENT_IRQL: 2
FAULTING_IP:
Rt86win7!MPReturnNetBufferLists+35
9096d695 8b08 mov ecx,dword ptr [eax]
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
BUGCHECK_STR: 0xD1
PROCESS_NAME: System
TRAP_FRAME: 8416253c – (.trap 0xffffffff8416253c)
ErrCode = 00000000
eax=00000000 ebx=00000000 ecx=870f6410 edx=870480e0 esi=870f6000 edi=00000000
eip=9096d695 esp=841625b0 ebp=841625bc iopl=0 nv up ei ng nz na pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010286
Rt86win7!MPReturnNetBufferLists+0x35:
9096d695 8b08 mov ecx,dword ptr [eax] ds:0023:00000000=???
Resetting default scope
LAST_CONTROL_TRANSFER: from 84118e71 to 840a7394
STACK_TEXT:
84162104 84118e71 00000003 92189286 00000065 nt!RtlpBreakWithStatusInstruction
84162154 8411996d 00000003 00000000 9096d695 nt!KiBugCheckDebugBreak+0x1c
8416251c 840827eb 0000000a 00000000 00000002 nt!KeBugCheck2+0x68b
8416251c 9096d695 0000000a 00000000 00000002 nt!KiTrap0E+0x2cf
841625bc 8a0caadc 870f6000 87d7f018 00000000 Rt86win7!MPReturnNetBufferLists+0x35
841625d4 8d13d7f3 86eb1408 87d7f018 00000000 ndis!NdisFReturnNetBufferLists+0x4c
84162604 8a0ef935 86e2fc18 87d7f018 00000000 ndislwf!FilterReturnNetBufferLists+0x133 [d:\winddk\7600.16385.1\src\filter-test\filter.c @ 1466]
8416262c 8a10137c 870480e0 87d7f018 00000000 ndis!ndisReturnNetBufferListsInternal+0xe3
84162654 8a29ae11 00dc3aa8 87d7f018 00000000 ndis!NdisReturnNetBufferLists+0xff
84162670 8a15169a 87d7f018 00000001 00000000 tcpip!FlpReturnNetBufferListChain+0x99
841626a0 8a29cb40 00000000 00000000 86db70e0 NETIO!NetioDereferenceNetBufferListChain+0xea
841626c0 8a29bb44 86db70e0 00000000 00000000 tcpip!IppCompleteAndFreePacketList+0xd7
84162754 8a29aaf5 87814b88 00000000 90e55401 tcpip!IpFlcReceivePackets+0xbc5
841627d0 8a29ac66 88187008 87cc3248 00000000 tcpip!FlpReceiveNonPreValidatedNetBufferListChain+0x746
84162804 840cbf8a 87cc3248 92189bbe 86dc25f0 tcpip!FlReceiveNetBufferListChainCalloutRoutine+0x11e
8416286c 8a29acee 8a29ab48 84162894 00000000 nt!KeExpandKernelStackAndCalloutEx+0x132
841628a8 8a10118d 88187002 87cc3200 00000000 tcpip!FlReceiveNetBufferListChain+0x7c
841628e0 8a0ef670 87dc3aa8 87cc3248 00000000 ndis!ndisMIndicateNetBufferListsToOpen+0x188
84162908 8a0ef5e7 00000000 874aef00 870480e0 ndis!ndisIndicateSortedNetBufferLists+0x4a
84162a84 8a09aca5 870480e0 00000000 00000000 ndis!ndisMDispatchReceiveNetBufferLists+0x129
84162aa0 8a0caa87 870480e0 87cc3248 00000000 ndis!ndisMTopReceiveNetBufferLists+0x2d
84162abc 8a0caa21 86eb1408 87cc3248 00000000 ndis!ndisFilterIndicateReceiveNetBufferLists+0x46
84162ad8 8d13da7c 86eb1408 87cc3248 00000000 ndis!NdisFIndicateReceiveNetBufferLists+0x2f
84162b14 8a0efa2e 86e2fc18 874aef00 00000000 ndislwf!FilterReceiveNetBufferLists+0x24c [d:\winddk\7600.16385.1\src\filter-test\filter.c @ 1704]
84162b3c 8a09ac1e 870480e0 874aef00 00000000 ndis!ndisMIndicateReceiveNetBufferListsInternal+0x62
84162b64 90976e8a 870480e0 874aef00 00000000 ndis!NdisMIndicateReceiveNetBufferLists+0x52
84162be4 9096ccd1 000f6000 870f6000 00000000 Rt86win7!MpHandleRecvIntPriVLanJumbo+0x6fe
84162c14 8a0ef309 870f6000 00000000 84162c40 Rt86win7!MPHandleInterrupt+0x1dd
84162c50 8a09a9f4 874b8464 004b8450 00000000 ndis!ndisMiniportDpc+0xe2
84162c78 840a43b5 874b8464 874b8450 00000000 ndis!ndisInterruptDpc+0xaf
84162cd4 840a4218 84165d20 8416f280 00000000 nt!KiExecuteAllDpcs+0xf9
84162d20 840a4038 00000000 0000000e 00000000 nt!KiRetireDpcList+0xd5
84162d24 00000000 0000000e 00000000 00000000 nt!KiIdleLoop+0x38
STACK_COMMAND: kb
FOLLOWUP_IP:
Rt86win7!MPReturnNetBufferLists+35
9096d695 8b08 mov ecx,dword ptr [eax]
SYMBOL_STACK_INDEX: 4
SYMBOL_NAME: Rt86win7!MPReturnNetBufferLists+35
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: Rt86win7
IMAGE_NAME: Rt86win7.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 49a65b16
FAILURE_BUCKET_ID: 0xD1_Rt86win7!MPReturnNetBufferLists+35
BUCKET_ID: 0xD1_Rt86win7!MPReturnNetBufferLists+35
Followup: MachineOwner

5

i debug my ndislwf driver, i find NdisReserved/ProtocolReserved/MiniportReserved have some different with the copied NBL and original NBL, ignore it.
i track my filter driver, found a “rule”. in FilterSendNetBufferListsComplete function or FilterReturnNetBufferLists function, serch my send/recv Queue,if the NetBufferLists is not in the Queues. i reckon the NBL as original NBL. pass on it.

DispatchLevel = NDIS_TEST_RETURN_AT_DISPATCH_LEVEL(ReturnFlags);
FILTER_ACQUIRE_LOCK(&pFilter->Lock, DispatchLevel);
pOriginateNbl = QuaereNetBufferListQueue(pFilter->pRecvNetBufferListQueueHead, NetBufferLists);
FILTER_RELEASE_LOCK(&pFilter->Lock, DispatchLevel);
if(pOriginateNbl == NULL)
{
//
// if run here, after call NdisFReturnNetBufferLists will be blue screen
pOriginateNbl = NetBufferLists;
}
else
{
// free user allocate nbl

FreeOldNetBuffAndNetBufferList(NetBufferLists);
}

NdisFReturnNetBufferLists(pFilter->FilterHandle, pOriginateNbl, ReturnFlags);

i comprehend, this flowing like: send->sendcomplete; send->sendcomplete; receive->return;receive->return;
but pOriginateNbl == NULL because no send/receive, just sendcomplete/return, i don’t know why.

Jeffrey, thanks for your reply!
Frist of all, i copy the NBLs,and i want to modify it. for example, modify the tcp port, or http data. so i am not make sure the cloned NBLs can do this.
“A cloned NET_BUFFER_LIST structure is a duplicate that references the original data. Drivers can use this type of structure to efficiently transfer the same data to multiple paths.”

"
> But here are the possible bugs I noticed in your code snippets, several of which could explain why packets aren’t getting sent:
> 1. The miniport might need backfill, so you should give the original NBL to the miniport, and keep the copy.

> 2. DataOffset is not necessarily zero – check the original NET_BUFFER with NET_BUFFER_DATA_OFFSET().
> 3. Remember that NBLs are sent to your filter (and completed back) in chains of multiple NBLs – I don’t see any loops in your code snippets.
> 4. When copying an NBL, do not set SourceHandle to the other NBL’s SourceHandle.
copied NBL, the SourceHandle is NULL. so i set it to original NBL->SourceHandle.
>
> 5. You shouldn’t copy the NBL->Status in FilterSendNetBufferLists; the status is only meaningful on the sendcomplete path. Thus, copy it in FilterSendNetBufferListsComplete.
> 6. You shouldn’t touch the NBL->Flags. They are reserved for various components.
"

my copy code:
PNET_BUFFER_LIST CopyNetBufferList(PNET_BUFFER_LIST pNetBufferLists)
{

pCurrNbl = pNetBufferLists;
pCurrentNbl = pNetBufferList;
while(pCurrentNbl && ntStatus == NDIS_STATUS_SUCCESS)
{
pCurrentNb = NET_BUFFER_LIST_FIRST_NB(pCurrentNbl);
lTotalLength = NET_BUFFER_DATA_LENGTH(pCurrentNb);
pCopyNbl = AllocateNetBuffAndNetBufferList(pNblPoolHandle, pFilterHandle, lTotalLength);
pCopyMdl = NET_BUFFER_FIRST_MDL(NET_BUFFER_LIST_FIRST_NB(pCopyNbl));
NdisQueryMdl(
pCopyMdl,
&pNewBuffer,
&lNewBufferLen,
NormalPagePriority);
lOffset = 0;
pMdl = NET_BUFFER_FIRST_MDL(pCurrentNb);
while(pMdl && lNewBufferLen > 0)
{
NdisQueryMdl( pMdl,(PVOID *)&pData,&lDataBufferLen,NormalPagePriority);
lBytesToCopy = MIN(lDataBufferLen - lMdlOffset, lNewBufferLen);
NdisMoveMemory((pNewBuffer + lOffset), pData + lMdlOffset, lBytesToCopy);
lNewBufferLen -= lBytesToCopy;
lOffset += lBytesToCopy;
// CurrentMdlOffset is used only for the first Mdl processed. For the remaining Mdls, it is 0.
lMdlOffset = 0;
NdisGetNextMdl(pMdl, &pMdl);
}
NET_BUFFER_DATA_LENGTH(NET_BUFFER_LIST_FIRST_NB(pCopyNbl)) = lTotalLength;
pCopyNbl->SourceHandle = pCurrentNbl->SourceHandle;

if(pCopyNetBufferList == NULL)
{
pCopyNetBufferList = pCopyNblTail = pCopyNbl;
}
else
{
NET_BUFFER_LIST_NEXT_NBL(pCopyNblTail) = pCopyNbl;
}
pCurrentNbl = NET_BUFFER_LIST_NEXT_NBL(pCurrentNbl);

}

}

DEBUGP the ETH , IP , TCP/UDP/ICMP data is same as original NBL’s.

i use the same code in FilterReceiveNetBufferLists function. i receive my pind packet. but i have a blue screen.

0: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If kernel debugger is available get stack backtrace.
Arguments:
Arg1: 00000000, memory referenced
Arg2: 00000002, IRQL
Arg3: 00000000, value 0 = read operation, 1 = write operation
Arg4: 9096d695, address which referenced memory
Debugging Details:

READ_ADDRESS: 00000000
CURRENT_IRQL: 2
FAULTING_IP:
Rt86win7!MPReturnNetBufferLists+35
9096d695 8b08 mov ecx,dword ptr [eax]
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
BUGCHECK_STR: 0xD1
PROCESS_NAME: System
TRAP_FRAME: 8416253c – (.trap 0xffffffff8416253c)
ErrCode = 00000000
eax=00000000 ebx=00000000 ecx=870f6410 edx=870480e0 esi=870f6000 edi=00000000
eip=9096d695 esp=841625b0 ebp=841625bc iopl=0 nv up ei ng nz na pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010286
Rt86win7!MPReturnNetBufferLists+0x35:
9096d695 8b08 mov ecx,dword ptr [eax] ds:0023:00000000=???
Resetting default scope
LAST_CONTROL_TRANSFER: from 84118e71 to 840a7394
STACK_TEXT:
84162104 84118e71 00000003 92189286 00000065 nt!RtlpBreakWithStatusInstruction
84162154 8411996d 00000003 00000000 9096d695 nt!KiBugCheckDebugBreak+0x1c
8416251c 840827eb 0000000a 00000000 00000002 nt!KeBugCheck2+0x68b
8416251c 9096d695 0000000a 00000000 00000002 nt!KiTrap0E+0x2cf
841625bc 8a0caadc 870f6000 87d7f018 00000000 Rt86win7!MPReturnNetBufferLists+0x35
841625d4 8d13d7f3 86eb1408 87d7f018 00000000 ndis!NdisFReturnNetBufferLists+0x4c
84162604 8a0ef935 86e2fc18 87d7f018 00000000 ndislwf!FilterReturnNetBufferLists+0x133 [d:\winddk\7600.16385.1\src\filter-test\filter.c @ 1466]
8416262c 8a10137c 870480e0 87d7f018 00000000 ndis!ndisReturnNetBufferListsInternal+0xe3
84162654 8a29ae11 00dc3aa8 87d7f018 00000000 ndis!NdisReturnNetBufferLists+0xff
84162670 8a15169a 87d7f018 00000001 00000000 tcpip!FlpReturnNetBufferListChain+0x99
841626a0 8a29cb40 00000000 00000000 86db70e0 NETIO!NetioDereferenceNetBufferListChain+0xea
841626c0 8a29bb44 86db70e0 00000000 00000000 tcpip!IppCompleteAndFreePacketList+0xd7
84162754 8a29aaf5 87814b88 00000000 90e55401 tcpip!IpFlcReceivePackets+0xbc5
841627d0 8a29ac66 88187008 87cc3248 00000000 tcpip!FlpReceiveNonPreValidatedNetBufferListChain+0x746
84162804 840cbf8a 87cc3248 92189bbe 86dc25f0 tcpip!FlReceiveNetBufferListChainCalloutRoutine+0x11e
8416286c 8a29acee 8a29ab48 84162894 00000000 nt!KeExpandKernelStackAndCalloutEx+0x132
841628a8 8a10118d 88187002 87cc3200 00000000 tcpip!FlReceiveNetBufferListChain+0x7c
841628e0 8a0ef670 87dc3aa8 87cc3248 00000000 ndis!ndisMIndicateNetBufferListsToOpen+0x188
84162908 8a0ef5e7 00000000 874aef00 870480e0 ndis!ndisIndicateSortedNetBufferLists+0x4a
84162a84 8a09aca5 870480e0 00000000 00000000 ndis!ndisMDispatchReceiveNetBufferLists+0x129
84162aa0 8a0caa87 870480e0 87cc3248 00000000 ndis!ndisMTopReceiveNetBufferLists+0x2d
84162abc 8a0caa21 86eb1408 87cc3248 00000000 ndis!ndisFilterIndicateReceiveNetBufferLists+0x46
84162ad8 8d13da7c 86eb1408 87cc3248 00000000 ndis!NdisFIndicateReceiveNetBufferLists+0x2f
84162b14 8a0efa2e 86e2fc18 874aef00 00000000 ndislwf!FilterReceiveNetBufferLists+0x24c [d:\winddk\7600.16385.1\src\filter-test\filter.c @ 1704]
84162b3c 8a09ac1e 870480e0 874aef00 00000000 ndis!ndisMIndicateReceiveNetBufferListsInternal+0x62
84162b64 90976e8a 870480e0 874aef00 00000000 ndis!NdisMIndicateReceiveNetBufferLists+0x52
84162be4 9096ccd1 000f6000 870f6000 00000000 Rt86win7!MpHandleRecvIntPriVLanJumbo+0x6fe
84162c14 8a0ef309 870f6000 00000000 84162c40 Rt86win7!MPHandleInterrupt+0x1dd
84162c50 8a09a9f4 874b8464 004b8450 00000000 ndis!ndisMiniportDpc+0xe2
84162c78 840a43b5 874b8464 874b8450 00000000 ndis!ndisInterruptDpc+0xaf
84162cd4 840a4218 84165d20 8416f280 00000000 nt!KiExecuteAllDpcs+0xf9
84162d20 840a4038 00000000 0000000e 00000000 nt!KiRetireDpcList+0xd5
84162d24 00000000 0000000e 00000000 00000000 nt!KiIdleLoop+0x38
STACK_COMMAND: kb
FOLLOWUP_IP:
Rt86win7!MPReturnNetBufferLists+35
9096d695 8b08 mov ecx,dword ptr [eax]
SYMBOL_STACK_INDEX: 4
SYMBOL_NAME: Rt86win7!MPReturnNetBufferLists+35
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: Rt86win7
IMAGE_NAME: Rt86win7.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 49a65b16
FAILURE_BUCKET_ID: 0xD1_Rt86win7!MPReturnNetBufferLists+35
BUCKET_ID: 0xD1_Rt86win7!MPReturnNetBufferLists+35
Followup: MachineOwner