我在Filter种Attach的时候,分配了一个Pool:
NdisZeroMemory(&PoolParameters, sizeof(NET_BUFFER_LIST_POOL_PARAMETERS));
PoolParameters.Header.Type = NDIS_OBJECT_TYPE_DEFAULT;
PoolParameters.Header.Revision = NET_BUFFER_LIST_POOL_PARAMETERS_REVISION_1;
PoolParameters.Header.Size = sizeof(PoolParameters);
PoolParameters.ProtocolId = NDIS_PROTOCOL_ID_DEFAULT ;
PoolParameters.ContextSize = sizeof(FILTER_SEND_NETBUFLIST_RSVD);
PoolParameters.fAllocateNetBuffer = TRUE;
PoolParameters.PoolTag = FILTER_ALLOC_TAG;
pFilter->SendNetBufferListPool = NdisAllocateNetBufferListPool(
NdisFilterHandle,
&PoolParameters);
if (pFilter->SendNetBufferListPool != NULL)
{
DEBUGP(DL_TEST, ("FileAttach: Successfully to alloc send net buffer list pool\n"));
}else{
DEBUGP(DL_TEST, ("FileAttach: failed to alloc send net buffer list pool\n"));
Status = NDIS_STATUS_RESOURCES;
break;
}
复制代码
中间会有用到SendNetBufferListPool,来分配一个NBL.
然后想在FilterDetach的时候释放pool
if(pFilter->SendNetBufferListPool !=NULL)
{
NdisFreeNetBufferPool(pFilter->SendNetBufferListPool);
pFilter->SendNetBufferListPool = NULL;
} 复制代码
结果执行到这里的时候:
** Fatal System Error: 0x000000d1
(0x00000004,0x00000002,0x00000001,0x8F83446F)
BugCheck D1, {4, 2, 1, 8f83446f}
ollowup: MachineOwner
---------
nt!RtlpBreakWithStatusInstruction:
83e7e394 cc int 3
kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If kernel debugger is available get stack backtrace.
Arguments:
Arg1: 00000004, memory referenced
Arg2: 00000002, IRQL
Arg3: 00000001, value 0 = read operation, 1 = write operation
Arg4: 8f83446f, address which referenced memory
RITE_ADDRESS: 00000004
CURRENT_IRQL: 2
FAULTING_IP:
ndis!NdisFreeNetBufferPool+52
8f83446f 897104 mov dword ptr [ecx+4],esi
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
BUGCHECK_STR: 0xD1
PROCESS_NAME: dllhost.exe
TRAP_FRAME: 9e839a58 -- (.trap 0xffffffff9e839a58)
ErrCode = 00000002
eax=00000000 ebx=8ee5f400 ecx=00000000 edx=8ee5f400 esi=8eb5f0ac edi=8f84c4a4
eip=8f83446f esp=9e839acc ebp=9e839ad8 iopl=0 nv up ei ng nz na pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010286
ndis!NdisFreeNetBufferPool+0x52:
8f83446f 897104 mov dword ptr [ecx+4],esi ds:0023:00000004=????????
Resetting default scope
LAST_CONTROL_TRANSFER: from 83eefe71 to 83e7e394
STACK_TEXT:
9e839624 83eefe71 00000003 b7863020 00000065 nt!RtlpBreakWithStatusInstruction
9e839674 83ef096d 00000003 00000004 8f83446f nt!KiBugCheckDebugBreak+0x1c
9e839a38 83e597eb 0000000a 00000004 00000002 nt!KeBugCheck2+0x68b
9e839a38 8f83446f 0000000a 00000004 00000002 nt!KiTrap0E+0x2cf
9e839ad8 8f35a85d 8ee5f400 8edc1bd8 00014938 ndis!NdisFreeNetBufferPool+0x52
WARNING: Stack unwind information not available. Following frames may be wrong.
9e839af0 8f83d130 8edc1bd8 8cd4497c 8cd44938 ndislwf+0x185d
9e839b50 8f88ea48 8cd44938 8efeaf10 8efeaf00 ndis!ndisDetachFilter+0x385
9e839b84 8f87f943 8e2bfcd8 00000002 00000000 ndis!ndisHandleFilterDetachNotification+0x18a
9e839ba8 8f87a3b8 8efeaf18 00000000 8ce72818 ndis!ndisHandleUModePnPOp+0x276
9e839bdc 8f87a57e 8ce72818 8eea8bd8 8d821d88 ndis!ndisHandlePnPRequest+0x378
9e839bfc 83e4f4bc 8d821d88 8ce72818 8ce72818 ndis!ndisDispatchRequest+0x8a
9e839c14 84050eee 8eea8bd8 8ce72818 8ce72888 nt!IofCallDriver+0x63
9e839c34 8406dcd1 8d821d88 8eea8bd8 00000000 nt!IopSynchronousServiceTail+0x1f8
9e839cd0 840704ac 8d821d88 8ce72818 00000000 nt!IopXxxControlFile+0x6aa
9e839d04 83e5642a 000002cc 00000000 00000000 nt!NtDeviceIoControlFile+0x2a
9e839d04 774164f4 000002cc 00000000 00000000 nt!KiFastCallEntry+0x12a
0189eeec 77414cac 757da08f 000002cc 00000000 ntdll!KiFastSystemCallRet
0189eef0 757da08f 000002cc 00000000 00000000 ntdll!NtDeviceIoControlFile+0xc
0189ef50 7591ec25 000002cc 00170008 003ff158 KERNELBASE!DeviceIoControl+0xf6
0189ef7c 718fb4e3 000002cc 00170008 003ff158 kernel32!DeviceIoControlImplementation+0x80
0189efe4 71923b08 00000001 0000000b 0189f018 netcfgx!NdisHandlePnPEvent+0x1d5
0189f03c 71923a12 0000000b 0189f20e 0189f168 netcfgx!HrNdisAttachOrDetach+0x78
0189f080 71908bb4 022278c0 0000000b 74d227d4 netcfgx!CFilteredAdapters::HrAttachOrDetach+0x75
0189f094 718fec9d 5d82e248 0181fc10 0181fc58 netcfgx!CFilteredAdapters::SendDetachNotifications+0x37
0189f2bc 718fda24 0181fdc0 0181fc58 0181fd48 netcfgx!CModifyContext::ApplyChanges+0xa98
0189f2d0 7191ee84 00000001 71920350 40000000 netcfgx!CModifyContext::HrApplyIfOkOrCancel+0x2d
0189f2d8 71920350 40000000 74d227d4 02220a40 netcfgx!CModifyContext::HrPopRecursionDepth+0x20
0189f2ec 7191f494 00000000 0189f384 0189f3a8 netcfgx!CModifyContext::HrRemoveComponentIfNotReferenced+0xe9
0189f318 72db07f6 02221254 02220a40 0189f384 netcfgx!CImplINetCfgClass::DeInstall+0xf7
0189f35c 72daaf08 01810800 02220a40 0189f384 netshell!HrRemoveComponent+0x60
0189f3e4 72daccf2 000301fe 01810800 02220a40 netshell!HrQueryUserAndRemoveComponent+0xbc
0189f400 72da7715 00050156 000301fe 01810800 netshell!HrLvRemove+0x27
0189f42c 72daa80c 00050156 00210e30 0189f46c netshell!CLanNetPage::OnRemoveHelper+0x6a
0189f43c 72daf8ea 000301fe 00000111 00003aa4 netshell!CLanNetNormalPage::ProcessWindowMessage+0x14b
0189f46c 772686ef 000301fe 00000111 00003aa4 netshell!CPropSheetPage::DialogProc+0x44
0189f498 7725baf1 72daf8a6 000301fe 00000111 USER32!InternalCallWinProc+0x23
0189f514 7725b98b 003affa4 72daf8a6 000301fe USER32!UserCallDlgProcCheckWow+0x132
0189f55c 7725bb7b 00000000 00000111 00003aa4 USER32!DefDlgProcWorker+0xa8
0189f578 772686ef 000301fe 00000111 00003aa4 USER32!DefDlgProcW+0x22
0189f5a4 77268876 7725bb59 000301fe 00000111 USER32!InternalCallWinProc+0x23
0189f61c 77267631 003affa4 7725bb59 000301fe USER32!UserCallWinProcCheckWow+0x14b
0189f65c 77267695 005e1cb0 005d1d30 00003aa4 USER32!SendMessageWorker+0x4d0
0189f67c 74554e95 000301fe 00000111 00003aa4 USER32!SendMessageW+0x7c
0189f69c 74554ef7 003d30d0 00000000 00020348 comctl32!Button_NotifyParent+0x3d
0189f6b8 74554d89 50010001 00000001 0189f794 comctl32!Button_ReleaseCapture+0x113
0189f718 772686ef 00020348 00000202 00000000 comctl32!Button_WndProc+0xa18
0189f744 77268876 744df82b 00020348 00000202 USER32!InternalCallWinProc+0x23
0189f7bc 772689b5 003affa4 744df82b 00020348 USER32!UserCallWinProcCheckWow+0x14b
0189f81c 77268e9c 744df82b 00000000 0189f850 USER32!DispatchMessageWorker+0x35e
0189f82c 77267033 0189f89c 00000000 0189f89c USER32!DispatchMessageW+0xf
0189f850 744f7a87 0005036a 005e5ab8 003daf00 USER32!IsDialogMessageW+0x588
0189f86c 744f79f5 003dbb60 0189f89c 02000182 comctl32!Prop_IsDialogMessage+0x16f
0189f8cc 744f7c94 003dbb60 02000182 00000000 comctl32!_RealPropertySheet+0x29c
0189f8e8 744f7c3f 0189f928 00000000 0189f90c comctl32!_PropertySheet+0x52
0189f8f8 72dcdbc9 0189f928 00030320 15280007 comctl32!PropertySheetW+0xf
0189f90c 72dc1031 0189f928 5d80706f 7591f176 netshell!PropertySheetW+0x3f
0189fa00 72db9f85 00030320 00000000 00210b98 netshell!HrRaiseConnectionPropertiesInternal+0x320
0189fa84 72dbc058 0189faa8 00030320 00210938 netshell!HrOnCommandProperties+0x183
0189fad0 72dbc0af 00030320 0039b0ac 72db9e02 netshell!HrRaiseDialogFromINetConnection+0x8e
0189fae4 72dc160d 00030320 0039b0ac 00000000 netshell!HrRaiseConnectionProperties+0x1b
0189fb08 75921174 002108e8 0189fb54 7742b3f5 netshell!ShowPropertiesDialogThreadProc+0x8c
0189fb14 7742b3f5 002108e8 76c03e66 00000000 kernel32!BaseThreadInitThunk+0xe
0189fb54 7742b3c8 72dc1581 002108e8 00000000 ntdll!__RtlUserThreadStart+0x70
0189fb6c 00000000 72dc1581 002108e8 00000000 ntdll!_RtlUserThreadStart+0x1b
STACK_COMMAND: kb
FOLLOWUP_IP:
ndislwf+185d
8f35a85d 8b45f4 mov eax,dword ptr [ebp-0Ch]
SYMBOL_STACK_INDEX: 5
SYMBOL_NAME: ndislwf+185d
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: ndislwf
IMAGE_NAME: ndislwf.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 4b5d536c
FAILURE_BUCKET_ID: 0xD1_ndislwf+185d
BUCKET_ID: 0xD1_ndislwf+185d
Followup: MachineOwner
---------
kd> .trap 0xffffffff9e839a58
ErrCode = 00000002
eax=00000000 ebx=8ee5f400 ecx=00000000 edx=8ee5f400 esi=8eb5f0ac edi=8f84c4a4
eip=8f83446f esp=9e839acc ebp=9e839ad8 iopl=0 nv up ei ng nz na pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010286
ndis!NdisFreeNetBufferPool+0x52:
8f83446f 897104 mov dword ptr [ecx+4],esi ds:0023:00000004=????????
能看到这些调试信息吗,IRQL 怎么会抬高呢,NDIS 调用FilterDetach是以PASSIVE_LEVEL的?到了释放pool就不行了?
谢谢