NdisRequest bSOD

NTDEV
1

hi
VOID OnOpenAdapterDone(IN NDIS_HANDLE ProtocolBindingContext, IN NDIS_STATUS Status, IN NDIS_STATUS OpenErrorStatus)
{
PIRP Irp = NULL;
POPEN_INSTANCE Open = NULL;
POPEN_INSTANCE pOpen = (POPEN_INSTANCE)ProtocolBindingContext;
NDIS_REQUEST anNdisRequest;
BOOLEAN anotherStstus=FALSE;
ULONG aMode = NDIS_PACKET_TYPE_PROMISCUOUS;
DbgPrint(“On open Adapter Called”);
if (pOpen) {
NdisInitializeEvent(&pOpen->BindEvent);
anNdisRequest.RequestType = NdisRequestSetInformation;
anNdisRequest.DATA.SET_INFORMATION.Oid = OID_GEN_CURRENT_PACKET_FILTER;
anNdisRequest.DATA.SET_INFORMATION.InformationBuffer = &aMode;
anNdisRequest.DATA.SET_INFORMATION.InformationBufferLength = sizeof(ULONG);
NdisRequest(&anotherStstus, pOpen->hAdapter, &anNdisRequest);
}
//pOpen->Status = Status;
//NdisSetEvent(&pOpen->BindEvent);
}

when i m loading the driver with osr loader with on demand start it is working fine but when i load the driver with boot start its giving BSOD and the
Windbg is

TEM_THREAD_EXCEPTION_NOT_HANDLED (7e)
This is a very common bugcheck. Usually the exception address pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this address.
Arguments:
Arg1: c0000005, The exception code that was not handled
Arg2: 88110503, The address that the exception occurred at
Arg3: 89dfc7c0, Exception Record Address
Arg4: 89dfc3a0, Context Record Address

Debugging Details:

DUMP_CLASS: 1

DUMP_QUALIFIER: 0

BUILD_VERSION_STRING: 6.1.7600.16385 (win7_rtm.090713-1255)

DUMP_TYPE: 0

BUGCHECK_P1: ffffffffc0000005

BUGCHECK_P2: ffffffff88110503

BUGCHECK_P3: ffffffff89dfc7c0

BUGCHECK_P4: ffffffff89dfc3a0

EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%p referenced memory at 0x%p. The memory could not be %s.

FAULTING_IP:
ndis!NdisRequest+c
88110503 ff505c call dword ptr [eax+5Ch]

EXCEPTION_RECORD: 89dfc7c0 – (.exr 0xffffffff89dfc7c0)
ExceptionAddress: 88110503 (ndis!NdisRequest+0x0000000c)
ExceptionCode: c0000005 (Access violation)
ExceptionFlags: 00000000
NumberParameters: 2
Parameter[0]: 00000000
Parameter[1]: 0000005c
Attempt to read from address 0000005c

CONTEXT: 89dfc3a0 – (.cxr 0xffffffff89dfc3a0)
eax=00000000 ebx=89dfc9dc ecx=00000000 edx=00000065 esi=86547ad8 edi=86547ad8
eip=88110503 esp=89dfc888 ebp=89dfc890 iopl=0 nv up ei ng nz ac pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00210296
ndis!NdisRequest+0xc:
88110503 ff505c call dword ptr [eax+5Ch] ds:0023:0000005c=???
Resetting default scope

CPU_COUNT: 1

CPU_MHZ: e07

CPU_VENDOR: GenuineIntel

CPU_FAMILY: 6

CPU_MODEL: 4f

CPU_STEPPING: 1

CPU_MICROCODE: 6,4f,1,0 (F,M,S,R) SIG: B00001B’00000000 (cache) 0’00000000 (init)

PROCESS_NAME: System

CURRENT_IRQL: 2

ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%p referenced memory at 0x%p. The memory could not be %s.

EXCEPTION_CODE_STR: c0000005

EXCEPTION_PARAMETER1: 00000000

EXCEPTION_PARAMETER2: 0000005c

FOLLOWUP_IP:
nt_80b95000+6fb0
80b9bfb0 8bf8 mov edi,eax

BUGCHECK_STR: 0x7E

READ_ADDRESS: 0000005c

DEFAULT_BUCKET_ID: NULL_CLASS_PTR_DEREFERENCE

ANALYSIS_SESSION_HOST: DESKTOP-0B0JBOC

ANALYSIS_SESSION_TIME: 08-23-2017 17:45:00.0338

ANALYSIS_VERSION: 10.0.15063.468 amd64fre

LAST_CONTROL_TRANSFER: from 865c652e to 88110503

STACK_TEXT:
89dfc890 865c652e 89dfc8af 00000000 89dfc8b0 ndis!NdisRequest+0xc
WARNING: Frame IP not in any known module. Following frames may be wrong.
89dfc8dc 865c639b 86547ad8 89dfc9dc 00000000 0x865c652e
89dfc918 865c5b5e 89dfc9dc 00000000 89dfc940 0x865c639b
89dfcbe0 82bca77f 865405b0 00000000 00000000 0x865c5b5e
89dfccc0 80b9bfb0 00000000 865cf000 00000000 nt!IoCreateDriver+0x2f3
89dfcce8 80b97066 8b5c9000 00000000 85fd3470 nt_80b95000+0x6fb0
89dfcd50 82c4d66d 00000000 92183241 00000000 nt_80b95000+0x2066
89dfcd90 82aff0d9 80b96f2e 00000000 00000000 nt!PspSystemThreadStartup+0x9e
00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x19

THREAD_SHA1_HASH_MOD_FUNC: dbc74d47bc495e22a6aa50582893ce7c23dab998

THREAD_SHA1_HASH_MOD_FUNC_OFFSET: 92bad83db4f06f009567479d6675c16a3a84b9bb

THREAD_SHA1_HASH_MOD: 5b75be03eac18b2f639b9953205e0fdad2b1de3b

FAULT_INSTR_CODE: ff85f88b

SYMBOL_STACK_INDEX: 5

SYMBOL_NAME: nt_80b95000+6fb0

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: nt_80b95000

IMAGE_NAME: ntkrnlpa.exe

DEBUG_FLR_IMAGE_TIMESTAMP: 599d7063

STACK_COMMAND: .cxr 0xffffffff89dfc3a0 ; kb

FAILURE_BUCKET_ID: 0x7E_nt_80b95000+6fb0

BUCKET_ID: 0x7E_nt_80b95000+6fb0

PRIMARY_PROBLEM_CLASS: 0x7E_nt_80b95000+6fb0

TARGET_TIME: 2017-08-23T12:14:12.000Z

OSBUILD: 7600

OSSERVICEPACK: 16385

SERVICEPACK_NUMBER: 0

OS_REVISION: 0

SUITE_MASK: 272

PRODUCT_TYPE: 1

OSPLATFORM_TYPE: x86

OSNAME: Windows 7

OSEDITION: Windows 7 WinNt TerminalServer SingleUserTS

OS_LOCALE:

USER_LCID: 0

OSBUILD_TIMESTAMP: 2009-07-14 04:45:19

BUILDDATESTAMP_STR: 090713-1255

BUILDLAB_STR: win7_rtm

BUILDOSVER_STR: 6.1.7600.16385

ANALYSIS_SESSION_ELAPSED_TIME: 2cc

ANALYSIS_SOURCE: KM

FAILURE_ID_HASH_STRING: km:0x7e_nt_80b95000+6fb0

FAILURE_ID_HASH: {b84503c9-5cef-712d-5f11-207bd5182c20}

Followup: MachineOwner

2

Don’t forget to check OpenErrorStatus. Zero out the request before you use it. Are you really writing a new NDIS 5 protocol driver?

3

xxxxx@gmail.com wrote:

when i m loading the driver with osr loader with on demand start it is working fine but when i load the driver with boot start its giving BSOD and the Windbg is

eax=00000000 ebx=89dfc9dc ecx=00000000 edx=00000065 esi=86547ad8 edi=86547ad8
eip=88110503 esp=89dfc888 ebp=89dfc890 iopl=0 nv up ei ng nz ac pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00210296
ndis!NdisRequest+0xc:
88110503 ff505c call dword ptr [eax+5Ch] ds:0023:0000005c=???

OK, so NDIS is trying to call a function pointer, and the table of
function pointers is null, which probable means pOpen->hAdapter is null.

How are you insuring that your driver is not loaded before the rest of
the network stack?  Why did you choose “boot start”?


Tim Roberts, xxxxx@probo.com
Providenza & Boekelheide, Inc.