You cannot debug with Visual Studio. You need to use Windbg. In windbg you can use the watch window to watch the contents of a variable. What is the bugcheck code?
If you have used "analyze -v" after the crash, please post the entire output of !analyze -v GV ----- Original Message ----- From: " Renato Araújo Ferreira" <[email protected]> To: <[email protected]> Sent: Thursday, October 08, 2009 1:54 PM Subject: Re: [Winpcap-users] Winpcap in Intanium machine > the rigth stack: > > NPF!GetTimeKQPC [time_calls.h @ 373] > NPF!NPF_tap [read.c @ 607] > NDIS > > this line of time_calls.h: > > dst->tv_usec = data->start[0].tv_usec + > (LONG)((PTime.QuadPart%TimeFreq.QuadPart)*1000000/TimeFreq.QuadPart); > > I will look for an way to read the content of variable. Is there any known > way to run this dump in visual studio and see the content of these > variables? > > Thanks, > > Renato A. Ferreira > > On Qui 08/10/09 16:56 , Renato Araújo Ferreira [email protected] > sent: >> The smalldump combined with the npf.pdb generated a stack trace like >> follow >> GetTimeKQPC >> NPF_tap >> NDIS >> >> with a memory exaust error.... I don't remember the correct spelling >> because it did not make sense in source code so I didn't care to copy the >> information... >> I think that because the pdb file was not the same from the sys file >> build, >> as I compiled too many times before combine them. After I recompiled >> again >> to be sure to use the sys/pdb generate at same build and analyse the >> rigth >> infromation, but is not generating the symbols anymore and I don't know >> why. >> Now I'm trying a kernel dump option, that takes a long time to be >> generated. The small dump is fast and take a few kilobytes. There are >> only >> this two options. >> >> On Qui 08/10/09 11:28 , "Gianluca Varenni" [email protected] >> sent:> >> > >> > ----- Original Message ----- >> > >> > From: " Renato Araújo Ferreira" mar >> > ina.pe >> [email protected]>> To: us...@winpc >> > ap.org> >> > Sent: Wednesday, October 07, 2009 9:21 PM >> > >> > Subject: Re: [Winpcap-users] Winpcap in Intanium machine> >> > >> > >> > >> > >> > > After send that last message I tried to run windump again without any >> > > parameter (that make It dump first interface of list) and this >> machine> >> > > crashed again, but with another error from another SYS file (I >> didn't> save >> > > the information). At this second try the crash dump was disabled by >> me> due >> > > to 36GB of ram size (a long time to dump), but I still have the first >> one> >> > > that generated the message that in last message.> >> > > >> > >> > >> > >> > If you enable just kernel memory dump, the memory dump is much smaller >> than> >> > 36GB. On a normal x86/x64 machine freshly booted, it's usually >> below> 100MB. >> > >> > >> > > I used before the gdb tool to debug core files under solaris, but I >> never> >> > > did something like it under windows. I will try to start with >> debuging> >> > > tools tomorow. Do you have any tip? >> > >> > >> > >> > Well, the first thing you do is loading the memory dump and issue >> > >> > "!analyze -v" on the windbg command line. >> > >> > >> > >> > > >> > >> > > But I'm still afraid about DLL's. Why a wrong/problematic DLL could >> not> >> > > crash a driver that it need to access? >> > >> > >> > >> > Because a driver should protect itself against bogus input from user >> level> >> > DLLs. A driver should never ever trust any data coming from user mode >> and> >> > should always validate it. >> > >> > So in the case of some problematic DLL, if the driver receives some >> bogus> >> > data from the DLL, it must just fail the I/O request.> >> > >> > >> > GV >> > >> > >> > >> > >> > >> > >> > >> > > >> > >> > > Thanks, >> > >> > > >> > >> > > Renato A. Ferreira >> > >> > > >> > >> > > >> > >> > > On Qua 07/10/09 17:43 , "Gianluca Varenni" >> > > [email protected] > > sent: >> > >> > >> The crash is due to the driver, not to mismatching DLLs. Now you >> will> >> > >> need >> > >> > >> >> > >> > >> windbg and probably a second machine to debug the issue.> >> > >> >> > >> > >> I would start loading the crash dump in windbg and understanding >> what> >> > >> went >> > >> > >> >> > >> > >> wrong. >> > >> > >> >> > >> > >> >> > >> > >> >> > >> > >> GV >> > >> > >> >> > >> > >> >> > >> > >> >> > >> > >> ----- Original Message ----- >> > >> > >> >> > >> > >> From: " Renato Araújo Ferreira" mar >> > >> > >> ina.pe >> > [email protected] >> m.br>> >> To: us...@winpc >> > >> > >> ap.org> >> > >> > >> Sent: Wednesday, October 07, 2009 1:07 PM> >> > >> >> > >> > >> Subject: Re: [Winpcap-users] Winpcap in Intanium machine> >> > >> >> > >> > >> >> > >> > >> >> > >> > >> >> > >> > >> >> > >> > >> > >> > >> > >> >> > >> > >> > >> > >> > >> >> > >> > >> > >> > >> > >> >> > >> > >> > I added the reference to IA64 in NPF.RC VERSIONINFO >> with:> >> > >> >> > >> > >> > >> > >> > >> >> > >> > >> > >> > >> > >> >> > >> > >> > #elif defined(_IA64_) >> > >> > >> >> > >> > >> > VALUE "FileDescription", "npf.sys (NT5/6 IA64) Kernel >> Driver"> >> >> > >> > >> > >> > >> > >> >> > >> > >> > >> > >> > >> >> > >> > >> > After I changed the refferences to AMD64 (appear only two times >> and> >> refers >> > >> > >> > to hUserEvent32Bit) from: >> > >> > >> >> > >> > >> > >> > >> > >> >> > >> > >> > >> > >> > >> >> > >> > >> > #ifdef _AMD64_ >> > >> > >> >> > >> > >> > >> > >> > >> >> > >> > >> > >> > >> > >> >> > >> > >> > To: >> > >> > >> >> > >> > >> > >> > >> > >> >> > >> > >> > >> > >> > >> >> > >> > >> > #if defined(_AMD64_) || defined(_IA64_)> >> > >> >> > >> > >> > >> > >> > >> >> > >> > >> > >> > >> > >> >> > >> > >> > The compilation was sucessful, the "net start npf" works fine >> and> the >> > >> > interfaces is now appearing in return of "windump -D". But when >> I> tried >> > >> to >> > >> > >> > open wireshark, the interface list was OK showing all of then, but >> > >> > before >> > >> > >> >> > >> > >> > I click at buttom to start capture (i think that was when it >> started> to >> > >> >> > >> > >> > count packets) the server went down with this message:> >> > >> >> > >> > >> > >> > >> > >> >> > >> > >> > >> > >> > >> >> > >> > >> > *** STOP: 0x0000008E >> > >> > >> >> > >> > >> > >> > >> > >> >> > >> (0xFFFFFFFF80000002,0xE00001626B738834,0xE000016276387410,0x000000000000000 >> > >> > >> 0) >> > >> > >> > >> > >> > >> >> > >> > >> > *** NPF.sys - Address E00001626B738834 base at> >> > >> > E00001626B730000, >> > >> >> > >> > >> > DateStamp 4acce5bf >> > >> > >> >> > >> > >> > >> > >> > >> >> > >> > >> > >> > >> > >> >> > >> > >> > I'm still trying with the DLL's (wpcap.dll and packet.dll) that >> I> got >> > >> > unpacking the installer, but they has the same name and I dont >> > >> > know >> if> >> > >> > I >> > >> > >> >> > >> > >> > choose the right one between vista, 2000 or amd64.> >> > >> >> > >> > >> > >> > >> > >> >> > >> > >> > I will now try to compile these DLL's before try again.> >> > >> >> > >> > >> > >> > >> > >> >> > >> > >> > Thanks, >> > >> > >> >> > >> > >> > >> > >> > >> >> > >> > >> > Renato A. Ferreira >> > >> > >> >> > >> > >> > >> > >> > >> >> > >> > >> > _______________________________________________> >> > >> >> > >> > >> > Winpcap-users mailing list >> > >> > >> >> > >> > >> > winpcap-us...@winpc >> > >> > >> ap.org >> > >> > >> > https://www.winpcap.org/mailman/listinfo/winpcap-users> >> >> > >> > >> >> > >> > >> >> > >> > >> >> > >> > >> >> > >> > > >> > >> > > _______________________________________________> >> > > Winpcap-users mailing list >> > >> > > winpcap-us...@winpc >> > ap.org >> > > https://www.winpcap.org/mailman/listinfo/winpcap-users> > >> > >> > >> > >> > >> > >> >> _______________________________________________ >> Winpcap-users mailing list >> winpcap-us...@winpc >> ap.orghttps://www.winpcap.org/mailman/listinfo/winpcap-users >> > > _______________________________________________ > Winpcap-users mailing list > [email protected] > https://www.winpcap.org/mailman/listinfo/winpcap-users > _______________________________________________ Winpcap-users mailing list [email protected] https://www.winpcap.org/mailman/listinfo/winpcap-users
