I use tdifw1.2 of ntdev.h1.ru
I just got a crash I can’t seem to puzzle out.
Here is the bugcheck info and source.
I’d like to hear any explanation for problem of tdifw.
Thanks in advance.
****************************************************************************
***
*
*
* Bugcheck Analysis
*
*
*
****************************************************************************
***
DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)
An attempt was made to access a pageable (or completely invalid) address at
an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If kernel debugger is available get stack backtrace.
Arguments:
Arg1: 00000000, memory referenced
Arg2: 00000002, IRQL
Arg3: 00000000, value 0 = read operation, 1 = write operation
Arg4: 00000000, address which referenced memory
Debugging Details:
***** Kernel symbols are WRONG. Please fix symbols to do analysis.
*** ERROR: Symbol file could not be found. Defaulted to export symbols for
tcpip.sys -
*** ERROR: Symbol file could not be found. Defaulted to export symbols for
halmacpi.dll -
READ_ADDRESS: unable to get nt!MmPoolCodeEnd
unable to get nt!MmSpecialPoolEnd
unable to get nt!MmPagedPoolEnd
unable to get nt!MmNonPagedPoolEnd
unable to get nt!MmNonPagedPoolStart
unable to get nt!MmSpecialPoolStart
unable to get nt!MmPagedPoolStart
unable to get nt!MmNonPagedPoolExpansionStart
unable to get nt!MmPoolCodeStart
00000000
CURRENT_IRQL: 2
FAULTING_IP:
+0
00000000 ?? ???
DEFAULT_BUCKET_ID: DRIVER_FAULT
BUGCHECK_STR: 0xD1
LAST_CONTROL_TRANSFER: from 00000000 to 8046987c
STACK_TEXT:
f245f944 00000000 00000000 00000000 00000000 nt!Kei386EoiHelper+0x2ae4
FAILED_INSTRUCTION_ADDRESS:
+0
00000000 ?? ???
FOLLOWUP_IP:
tdifw!tdi_event_receive_datagram+8b [c:\tdifw1.2\src\drv\ev_dg.c @ 83]
bfd6f4ab eb05 jmp tdifw!tdi_event_receive_datagram+0x92 (bfd6f4b2)
FOLLOWUP_NAME: MachineOwner
SYMBOL_NAME: tdifw!tdi_event_receive_datagram+8b
MODULE_NAME: tdifw
IMAGE_NAME: tdifw.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 3fcee114
STACK_COMMAND: kb
BUCKET_ID: WRONG_SYMBOLS
Followup: MachineOwner
// -*- mode: C++; tab-width: 4; indent-tabs-mode: nil -*- (for GNU Emacs)
//
// $Id: ev_dg.c,v 1.2 2002/10/01 12:54:15 dev Exp $
/*
* This file contains TDI_EVENT_RECEIVE_DATAGRAM handler
*/
#include <ntddk.h>
#include <tdikrnl.h>
#include “sock.h”
#include “events.h”
#include “filter.h”
#include “obj_tbl.h”
#include “tdifw.h”
//--------------------------------------------------------------------------
–
/*
* TDI_EVENT_RECEIVE_DATAGRAM handler
*/
NTSTATUS tdi_event_receive_datagram(
IN PVOID TdiEventContext,
IN LONG SourceAddressLength,
IN PVOID SourceAddress,
IN LONG OptionsLength,
IN PVOID Options,
IN ULONG ReceiveDatagramFlags,
IN ULONG BytesIndicated,
IN ULONG BytesAvailable,
OUT ULONG *BytesTaken,
IN PVOID Tsdu,
OUT PIRP *IoRequestPacket)
{
TDI_EVENT_CONTEXT *ctx = (TDI_EVENT_CONTEXT *)TdiEventContext;
struct ot_entry *ote_addr = NULL;
KIRQL irql;
TA_ADDRESS *remote_addr, *local_addr;
NTSTATUS status;
int ipproto, result = FILTER_DENY;
struct flt_request request;
struct flt_rule rule;
// get local address of address object
ote_addr = ot_find_fileobj(ctx->fileobj, &irql);
if (ote_addr == NULL) {
KdPrint((“[tdifw] tdi_receive_datagram: ot_find_fileobj(0x%x)!\n”,
ctx->fileobj));
goto done;
}
KdPrint((“[tdifw] tdi_event_receive_datagram: addrobj 0x%x\n”,
ctx->fileobj));
// check device object: UDP or RawIP
if (get_original_devobj(ote_addr->devobj, &ipproto) == NULL ||
(ipproto != IPPROTO_UDP && ipproto != IPPROTO_IP)) {
// unknown device object!
KdPrint((“[tdifw] tdi_event_receive_datagram: unknown DeviceObject
0x%x!\n”, ote_addr));
goto done;
}
local_addr = (TA_ADDRESS *)(ote_addr->local_addr);
remote_addr = ((TRANSPORT_ADDRESS *)SourceAddress)->Address;
KdPrint((“[tdifw] tdi_event_receive_datagram(pid:%u): %x:%u -> %x:%u\n”,
ote_addr->pid, ntohl(((TDI_ADDRESS_IP *)(remote_addr->Address))->in_addr),
ntohs(((TDI_ADDRESS_IP *)(remote_addr->Address))->sin_port),
ntohl(((TDI_ADDRESS_IP *)(local_addr->Address))->in_addr),
ntohs(((TDI_ADDRESS_IP *)(local_addr->Address))->sin_port)));
// call quick filter for datagram
memset(&request, 0, sizeof(request));
request.struct_size = sizeof(request);
request.type = TYPE_DATAGRAM;
request.direction = DIRECTION_IN;
request.proto = ipproto;
request.pid = ote_addr->pid;
memcpy(&request.addr.from, &remote_addr->AddressType, sizeof(struct
sockaddr));
memcpy(&request.addr.to, &local_addr->AddressType, sizeof(struct
sockaddr));
request.addr.len = sizeof(struct sockaddr_in);
memset(&rule, 0, sizeof(rule));
result = quick_filter(&request, &rule);
if (rule.log)
log_request(&request);
done:
// cleanup
if (ote_addr != NULL)
KeReleaseSpinLock(&g_ot_hash_guard, irql);
if (result == FILTER_ALLOW) {
return ((PTDI_IND_RECEIVE_DATAGRAM)(ctx->old_handler))
(ctx->old_context, SourceAddressLength, SourceAddress, OptionsLength,
Options, ReceiveDatagramFlags, BytesIndicated, BytesAvailable,
BytesTaken,
Tsdu, IoRequestPacket);
} else
return STATUS_DATA_NOT_ACCEPTED;
}</tdikrnl.h></ntddk.h>