Windows System Software -- Consulting, Training, Development -- Unique Expertise, Guaranteed Results

Home NTDEV

Before Posting...

Please check out the Community Guidelines in the Announcements and Administration Category.

More Info on Driver Writing and Debugging


The free OSR Learning Library has more than 50 articles on a wide variety of topics about writing and debugging device drivers and Minifilters. From introductory level to advanced. All the articles have been recently reviewed and updated, and are written using the clear and definitive style you've come to expect from OSR over the years.


Check out The OSR Learning Library at: https://www.osr.com/osr-learning-library/


block websites using domain name wfp filter

codehelp123codehelp123 Member Posts: 7

developing wfp driver to block websites using there ip addresses and catching ip addresses using dns packets matching each domain name of dns packet while they arrive in classify function and parse dns packets and match against targeted domain names if they match then retriving ip adress from them and save them in globle array if got any packets has same ip as stored ip address then block packet but driver is crashing after some time of execution
and this error is showing in windbg:- User
RECURSIVE_NMI (111)
DESCRIPTION
A recursive NMI has occurred.
Arguments:
Arg1: 0000000000000001
Arg2: ffff9b0052536e70
Arg3: fffff80321c0a654
Arg4: ffff9b0052536e70

Debugging Details:

KEY_VALUES_STRING: 1

Key  : Analysis.CPU.mSec
Value: 3999

Key  : Analysis.DebugAnalysisManager
Value: Create

Key  : Analysis.Elapsed.mSec
Value: 6569

Key  : Analysis.Init.CPU.mSec
Value: 61936

Key  : Analysis.Init.Elapsed.mSec
Value: 953199

Key  : Analysis.Memory.CommitPeak.Mb
Value: 74

Key  : WER.OS.Branch
Value: vb_release

Key  : WER.OS.Timestamp
Value: 2019-12-06T14:06:00Z

Key  : WER.OS.Version
Value: 10.0.19041.1

BUGCHECK_CODE: 111

BUGCHECK_P1: 1

BUGCHECK_P2: ffff9b0052536e70

BUGCHECK_P3: fffff80321c0a654

BUGCHECK_P4: ffff9b0052536e70

PROCESS_NAME: dwm.exe

STACK_TEXT:
ffff9b0052536678 fffff80321d182f2 : ffff9b00525367e0 fffff80321b7f4f0 0000000000000100 0000000000000000 : nt!DbgBreakPointWithStatus
ffff9b0052536680 fffff80321d178d6 : 0000000000000003 ffff9b00525367e0 fffff80321c14db0 0000000000000111 : nt!KiBugCheckDebugBreak+0x12
ffff9b00525366e0 fffff80321bfd7f7 : 0000000000000000 0000000000000000 0000000000016401 0000000000000000 : nt!KeBugCheck2+0x946
ffff9b0052536df0 fffff80321d26e33 : 0000000000000111 0000000000000001 ffff9b0052536e70 fffff80321c0a654 : nt!KeBugCheckEx+0x107
ffff9b0052536e30 fffff80321c0a4ab : 0000000000016484 0000000000000000 0000000000000000 0000000000000000 : nt!KiMcheckFastForward+0x223
ffff9b0052536e70 fffff80321c0a654 : 0000000000016484 0000000000000000 0000000000000000 0000000000000000 : nt!KiNmiInterrupt+0x1ab
ffff9b0052536e70 0000000000000000 : 0000000000016484 0000000000000000 0000000000000000 0000000000000000 : nt!KiNmiInterrupt+0x354

SYMBOL_NAME: nt!KiMcheckFastForward+223

MODULE_NAME: nt

IMAGE_NAME: ntkrnlmp.exe

STACK_COMMAND: .cxr; .ecxr ; kb

BUCKET_ID_FUNC_OFFSET: 223

FAILURE_BUCKET_ID: 0x111_nt!KiMcheckFastForward

OS_VERSION: 10.0.19041.1

BUILDLAB_STR: vb_release

OSPLATFORM_TYPE: x64
what need to do

Comments

  • codehelp123codehelp123 Member Posts: 7

    if anybody has idea about it then please post response

  • Tim_RobertsTim_Roberts Member - All Emails Posts: 14,832

    Is this occurring on only one test machine? In virtually every case, NMI is caused by a hardware problem in a peripheral. The fact that it originated in DWM ("desktop window manager") suggests that it may be your graphics card.

    Tim Roberts, [email protected]
    Software Wizard Emeritus

  • codehelp123codehelp123 Member Posts: 7
    If it is hardware issue then why its crashing after some time of loading driver.and if it's driver then what will be probable reasons.
  • Tim_RobertsTim_Roberts Member - All Emails Posts: 14,832

    You didn't answer my question. Do you see this on more than one machine? If you have memory management problems, you could be writing in a region of memory that maps to the graphics card, causing the graphics hardware to puke.

    And, of course, there are better and far less intrusive methods of blocking web sites. That's what proxies are for, and those involve no dangerous kernel coding at all.

    Tim Roberts, [email protected]
    Software Wizard Emeritus

  • codehelp123codehelp123 Member Posts: 7
    it's crashing on other machines too when try to open edge browser
Sign In or Register to comment.

Howdy, Stranger!

It looks like you're new here. Sign in or register to get started.

Upcoming OSR Seminars
OSR has suspended in-person seminars due to the Covid-19 outbreak. But, don't miss your training! Attend via the internet instead!
Kernel Debugging 13-17 May 2024 Live, Online
Developing Minifilters 1-5 Apr 2024 Live, Online
Internals & Software Drivers 11-15 Mar 2024 Live, Online
Writing WDF Drivers 20-24 May 2024 Live, Online