The smalldump combined with the npf.pdb generated a stack trace like follow
GetTimeKQPC NPF_tap NDIS with a memory exaust error.... I don't remember the correct spelling because it did not make sense in source code so I didn't care to copy the information... I think that because the pdb file was not the same from the sys file build, as I compiled too many times before combine them. After I recompiled again to be sure to use the sys/pdb generate at same build and analyse the rigth infromation, but is not generating the symbols anymore and I don't know why. Now I'm trying a kernel dump option, that takes a long time to be generated. The small dump is fast and take a few kilobytes. There are only this two options. On Qui 08/10/09 11:28 , "Gianluca Varenni" [email protected] sent: > > > ----- Original Message ----- > > From: " Renato Araújo Ferreira" mar > [email protected]> > To: us...@winpc > ap.org> > Sent: Wednesday, October 07, 2009 9:21 PM > > Subject: Re: [Winpcap-users] Winpcap in Intanium machine > > > > > > > After send that last message I tried to run windump again without any > > parameter (that make It dump first interface of list) and this machine > > > crashed again, but with another error from another SYS file (I didn't > save > > the information). At this second try the crash dump was disabled by me > due > > to 36GB of ram size (a long time to dump), but I still have the first one > > > that generated the message that in last message. > > > > > > > If you enable just kernel memory dump, the memory dump is much smaller than > > 36GB. On a normal x86/x64 machine freshly booted, it's usually below > 100MB. > > > > I used before the gdb tool to debug core files under solaris, but I never > > > did something like it under windows. I will try to start with debuging > > > tools tomorow. Do you have any tip? > > > > Well, the first thing you do is loading the memory dump and issue > > "!analyze -v" on the windbg command line. > > > > > > > > But I'm still afraid about DLL's. Why a wrong/problematic DLL could not > > > crash a driver that it need to access? > > > > Because a driver should protect itself against bogus input from user level > > DLLs. A driver should never ever trust any data coming from user mode and > > should always validate it. > > So in the case of some problematic DLL, if the driver receives some bogus > > data from the DLL, it must just fail the I/O request. > > > > GV > > > > > > > > > > > > Thanks, > > > > > > Renato A. Ferreira > > > > > > > > > On Qua 07/10/09 17:43 , "Gianluca Varenni" [email protected] > > sent: > > >> The crash is due to the driver, not to mismatching DLLs. Now you will > > >> need > > >> > > >> windbg and probably a second machine to debug the issue. > > >> > > >> I would start loading the crash dump in windbg and understanding what > > >> went > > >> > > >> wrong. > > >> > > >> > > >> > > >> GV > > >> > > >> > > >> > > >> ----- Original Message ----- > > >> > > >> From: " Renato Araújo Ferreira" mar > > >> ina.pe > [email protected]> > >> To: us...@winpc > > >> ap.org> > > >> Sent: Wednesday, October 07, 2009 1:07 PM > > >> > > >> Subject: Re: [Winpcap-users] Winpcap in Intanium machine > > >> > > >> > > >> > > >> > > >> > > >> > > > >> > > >> > > > >> > > >> > > > >> > > >> > I added the reference to IA64 in NPF.RC VERSIONINFO with: > > >> > > >> > > > >> > > >> > > > >> > > >> > #elif defined(_IA64_) > > >> > > >> > VALUE "FileDescription", "npf.sys (NT5/6 IA64) Kernel Driver" > >> > > >> > > > >> > > >> > > > >> > > >> > After I changed the refferences to AMD64 (appear only two times and > >> refers > > >> > to hUserEvent32Bit) from: > > >> > > >> > > > >> > > >> > > > >> > > >> > #ifdef _AMD64_ > > >> > > >> > > > >> > > >> > > > >> > > >> > To: > > >> > > >> > > > >> > > >> > > > >> > > >> > #if defined(_AMD64_) || defined(_IA64_) > > >> > > >> > > > >> > > >> > > > >> > > >> > The compilation was sucessful, the "net start npf" works fine and > the > >> > interfaces is now appearing in return of "windump -D". But when I > tried > >> to > > >> > open wireshark, the interface list was OK showing all of then, but > >> > before > > >> > > >> > I click at buttom to start capture (i think that was when it started > to > >> > > >> > count packets) the server went down with this message: > > >> > > >> > > > >> > > >> > > > >> > > >> > *** STOP: 0x0000008E > > >> > > >> > > > >> > (0xFFFFFFFF80000002,0xE00001626B738834,0xE000016276387410,0x000000000000000 > > >> 0) > > >> > > > >> > > >> > *** NPF.sys - Address E00001626B738834 base at > E00001626B730000, > >> > > >> > DateStamp 4acce5bf > > >> > > >> > > > >> > > >> > > > >> > > >> > I'm still trying with the DLL's (wpcap.dll and packet.dll) that I > got > >> > unpacking the installer, but they has the same name and I dont know if > > >> > I > > >> > > >> > choose the right one between vista, 2000 or amd64. > > >> > > >> > > > >> > > >> > I will now try to compile these DLL's before try again. > > >> > > >> > > > >> > > >> > Thanks, > > >> > > >> > > > >> > > >> > Renato A. Ferreira > > >> > > >> > > > >> > > >> > _______________________________________________ > > >> > > >> > Winpcap-users mailing list > > >> > > >> > winpcap-us...@winpc > > >> ap.org > > >> > https://www.winpcap.org/mailman/listinfo/winpcap-users > >> > > >> > > >> > > >> > > >> > > > > > > _______________________________________________ > > > Winpcap-users mailing list > > > winpcap-us...@winpc > ap.org > > https://www.winpcap.org/mailman/listinfo/winpcap-users > > > > > > > _______________________________________________ Winpcap-users mailing list [email protected] https://www.winpcap.org/mailman/listinfo/winpcap-users
