Hi Yang, Sorry for the late reply about the BSOD issue (especially in this thread), but here is my debugging information, from BlueScreenView;
================================================== Dump File : 071115-33031-01.dmp Crash Time : 11/07/2015 08:56:46 pm Bug Check String : BAD_POOL_CALLER Bug Check Code : 0x000000c2 Parameter 1 : 00000000`00000007 Parameter 2 : 00000000`00001200 Parameter 3 : 00000000`0c000000 Parameter 4 : ffffe001`f29be558 Caused By Driver : tcpip.sys Caused By Address : tcpip.sys+1c2180 File Description : TCP/IP Driver Product Name : Microsoft® Windows® Operating System Company : Microsoft Corporation File Version : 6.3.9600.16384 (winblue_rtm.130821-1623) Processor : x64 Crash Address : ntoskrnl.exe+150ca0 Stack Address 1 : Stack Address 2 : Stack Address 3 : Computer Name : Full Path : C:\WINDOWS\Minidump\071115-33031-01.dmp Processors Count : 4 Major Version : 15 Minor Version : 9600 Dump File Size : 281,456 Dump File Time : 11/07/2015 08:57:50 pm ================================================== I don't know if they're related to NPCap, or WinPCap (since BSV seems to load the current executable/DLL images from disk, to resolve the vendor names; and the nature of npf.sys is that it's always RAM-resident, and loaded into the TCP/IP stack), but I also have MiniDumps with SYSTEM_SERVICE_EXCEPTION, and SYSTEM_THREAD_EXCEPTION_NOT_HANDLED errors. Tyson. 2015-07-17 1:57 GMT+01:00 Yang Luo <[email protected]>: > Hi Tyson, > > On Thu, Jul 16, 2015 at 6:10 PM, Tyson Key <[email protected]> wrote: > >> Hi Yang, >> >> Come to think of it, I got exactly the same BSoD error as Jim ( >> BAD_POOL_CALLER). >> > > About this BAD_POOL_CALLER BSOD, I think there may be some bugs in > allocating pool memory. I have found this in MS: > https://msdn.microsoft.com/en-us/library/windows/hardware/ff560185(v=vs.85).aspx. > It needs the four parameters in your BSOD screen to check the detailed > crash reason. It's good if you can provide it:) > >> >> However, my configuration is different (I have a bunch of VMware >> interfaces, and an Atheros AR9485WB-EG WLAN adaptor, which is also >> semi-supported by Acrylic Wi-Fi - but BSoDs for a different reason (seems >> to be related to NDIS drivers, with that)), and multiple loopback adaptors >> were created on my machine (named "Microsoft KM-TEST Loopback Adaptor", >> instead of "NPCap Loopback", if memory serves correctly). >> > > If you run "NPFInstall.exe -il" one time, Npcap will install one adapter > for you. This is why you have so many loopback adapters. You should run > "NPFInstall.exe -ul" to uninstall the lastest loopback adapter. > And it seems that Npcap's renaming adapter to "Npcap Loopback Adapter" > code doesn't work on Win10 and with no obvious reason. I have reported this > to Microsoft to see if there's a solution. > > >> Bizarrely, even after uninstalling NPCap, and replacing it with WinPCap, >> these KM-TEST adaptors still persist across reboots: >> [image: 埋め込み画像 1] >> >> I assume that these are a side-effect of manually installing the .ini >> file, after attempting to run the set-up tool ("npfinstall -r", "npfinstall >> -li", and then "npfinstall -i") via a batch script with Administrator >> privileges. >> >> I also found that although I could see packets containing a MAC address >> with the mnemonic "LOOP", I could not capture any ICMP traffic, when trying >> to ping 127.0.0.1, or ::1 (using both Microsoft Network Monitor, and >> Wireshark - the latter of which would not detect any interfaces, after >> reinstalling NPCap a few times, before eventually replacing it with >> WinPCap, until I rebooted). >> > > If you have installed multiple loopback adapters using "NPFInstall.exe > -il", Npcap will view only the last one as the real "Npcap Loopback > Adapter", so in your picture, it is only "Ethernet 4" that can be > recognized by Npcap as loopback adapter. In this adapter, you should be > able to see the loopback traffic. > >> >> If I get time, I'm going to see if I can reproduce the BSoD, and try >> writing down the steps involved. >> >> If you found another BSOD, perhaps you can take a picture of it, so I can > get enough details about the causes and parameters about it. > > >> Tyson. >> >> > Cheers, > Yang > > > ___________________________________________________________________________ > Sent via: Wireshark-dev mailing list <[email protected]> > Archives: https://www.wireshark.org/lists/wireshark-dev > Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev > mailto:[email protected] > ?subject=unsubscribe > -- Fight Internet Censorship! http://www.eff.org http://vmlemon.wordpress.com | Twitter/FriendFeed/Skype: vmlemon | 00447934365844
___________________________________________________________________________ Sent via: Wireshark-dev mailing list <[email protected]> Archives: https://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:[email protected]?subject=unsubscribe
