We have WFP driver for connection redirection. Everything works fine.
But when windows firewall service is turned off and outlook 2013 is started on Windows 8, system crashes.
The !analyze out put is:
SYSTEM_THREAD_EXCEPTION_NOT_HANDLED (7e)
This is a very common bugcheck. Usually the exception address pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this address.
Arguments:
Arg1: c0000005, The exception code that was not handled
Arg2: ac10a596, The address that the exception occurred at
Arg3: ab9fbb38, Exception Record Address
Arg4: ab9fb700, Context Record Address
Debugging Details:
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.
FAULTING_IP:
Ndu!NduSetAppMetaDataListForRedirectedFlow+168
ac10a596 8b00 mov eax,dword ptr [eax]
EXCEPTION_RECORD: ab9fbb38 – (.exr 0xffffffffab9fbb38)
ExceptionAddress: ac10a596 (Ndu!NduSetAppMetaDataListForRedirectedFlow+0x00000168)
ExceptionCode: c0000005 (Access violation)
ExceptionFlags: 00000000
NumberParameters: 2
Parameter[0]: 00000000
Parameter[1]: 00000000
Attempt to read from address 00000000
CONTEXT: ab9fb700 – (.cxr 0xffffffffab9fb700)
eax=00000000 ebx=86dea790 ecx=8236cf80 edx=00000000 esi=00000103 edi=00000006
eip=ac10a596 esp=ab9fbc00 ebp=ab9fbc4c iopl=0 nv up ei pl nz na pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010206
Ndu!NduSetAppMetaDataListForRedirectedFlow+0x168:
ac10a596 8b00 mov eax,dword ptr [eax] ds:0023:00000000=???
Resetting default scope
DEFAULT_BUCKET_ID: NULL_DEREFERENCE
PROCESS_NAME: System
CURRENT_IRQL: 0
ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.
EXCEPTION_PARAMETER1: 00000000
EXCEPTION_PARAMETER2: 00000000
READ_ADDRESS: 00000000
FOLLOWUP_IP:
Ndu!NduSetAppMetaDataListForRedirectedFlow+168
ac10a596 8b00 mov eax,dword ptr [eax]
BUGCHECK_STR: AV
LAST_CONTROL_TRANSFER: from ac10aa88 to ac10a596
STACK_TEXT:
ab9fbc4c ac10aa88 00000002 ab9fbc70 ab9fbc6c Ndu!NduSetAppMetaDataListForRedirectedFlow+0x168
ab9fbc98 816a00a8 86a39668 b1fe5a60 8184e578 Ndu!NduSetAppMetaDataListWorkerRoutine+0x66
ab9fbcdc 816a01c9 8679e970 86d46640 00000000 nt!IopProcessWorkItem+0xa1
ab9fbd34 816cfb1b 00010000 278081ba 00000000 nt!ExpWorkerThread+0x111
ab9fbd70 817b9579 816a00bc 00010000 00000000 nt!PspSystemThreadStartup+0x4a
00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x19
SYMBOL_STACK_INDEX: 0
SYMBOL_NAME: Ndu!NduSetAppMetaDataListForRedirectedFlow+168
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: Ndu
IMAGE_NAME: Ndu.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 5010abcf
STACK_COMMAND: .cxr 0xffffffffab9fb700 ; kb
BUCKET_ID_FUNC_OFFSET: 168
FAILURE_BUCKET_ID: AV_Ndu!NduSetAppMetaDataListForRedirectedFlow
BUCKET_ID: AV_Ndu!NduSetAppMetaDataListForRedirectedFlow
Followup: MachineOwner
The exception record tells NULL pointer was accessed.
Any other clues?