|
|
passthru发送原始帧,NdisFreeBuffer蓝屏
[复制链接]
改写的passthru 在ndis5.1下实现发送原始帧,出现一个奇怪的问题。
PtDispatch中调用发送函数SendRawData,里面给自己的包做了一个标记,
完了以后在PtSendComplete里释放自己申请的内存。结果在调用NdisFreeBuffer的时候蓝屏。
具体描述如下:
- NDIS_STATUS SendRawData(PADAPT adapt, PVOID buffer, ULONG length)
- {
- NDIS_STATUS status;
- PNDIS_PACKET ndisPacket = NULL;
- PNDIS_BUFFER ndisBuffer = NULL;
- PUCHAR sendBuffer = NULL;
- PSEND_RSVD sendRsvd = NULL;
- NDIS_PHYSICAL_ADDRESS highestAcceptableAddress;
- highestAcceptableAddress.QuadPart = -1;
- ASSERT(buffer != NULL);
- ASSERT(length >= ETH_MIN_PACKET_SIZE && length <= ETH_MAX_PACKET_SIZE);
- status = NdisAllocateMemory(&sendBuffer, length, 0, highestAcceptableAddress);
- //status = NdisAllocateMemoryWithTag (&sendBuffer, length, TAG);
- if (status != NDIS_STATUS_SUCCESS)
- {
- return status;
- }
- RtlZeroMemory(sendBuffer, length);
- RtlMoveMemory(sendBuffer, buffer, length);
- NdisAllocatePacket(&status, &ndisPacket, adapt->SendPacketPoolHandle);
- if (status != NDIS_STATUS_SUCCESS)
- {
- NdisFreeMemory(sendBuffer, length, 0);
- return status;
- }
- [color=#FF0000]NdisAllocateBuffer(&status, &ndisBuffer, adapt->SendPacketPoolHandle, &sendBuffer, length); [/color]
- //这里调试结果为SendRawData -> Allocate return: 0x81a2d6d8, 60
- // 马上QuerySafe一下结果返回值也是0xf????,跟下面崩溃前的数字一样
- DBGPRINT(("SendRawData -> Allocate return: 0x%x, %d\n", sendBuffer, length));
- if (status != NDIS_STATUS_SUCCESS)
- {
- NdisFreeMemory(sendBuffer, length, 0);
- NdisFreePacket(ndisPacket);
- return status;
- }
- NdisChainBufferAtFront(ndisPacket, ndisBuffer);
- sendRsvd = (PSEND_RSVD)(ndisPacket->ProtocolReserved);
- sendRsvd->OriginalPkt = (PNDIS_PACKET)1; //标记自己
- ndisPacket->Private.Head->Next = NULL;
- ndisPacket->Private.Tail = NULL;
- NdisSetPacketFlags(ndisPacket, NDIS_FLAGS_DONT_LOOPBACK);
- DBGPRINT(("SendRawData -> Now send!\n"));
- NdisSend(&status, adapt->BindingHandle, ndisPacket);
- if (status != STATUS_PENDING)
- {
- NdisUnchainBufferAtFront(ndisPacket, &ndisBuffer);
- NdisQueryBufferSafe(ndisBuffer, &sendBuffer, &length, NormalPagePriority);
- NdisFreeBuffer(ndisBuffer);
- NdisFreeMemory(sendBuffer, length, 0);
- NdisFreePacket(ndisPacket);
- DBGPRINT(("SendRawData -> Released!\n"));
- }
- DBGPRINT(("SendRawData -> Send succeeded!\n"));
- return status;
- }
- VOID
- PtSendComplete(
- IN NDIS_HANDLE ProtocolBindingContext,
- IN PNDIS_PACKET Packet,
- IN NDIS_STATUS Status
- )
- {
- PADAPT pAdapt = (PADAPT)ProtocolBindingContext;
- PNDIS_PACKET Pkt;
- NDIS_HANDLE PoolHandle;
- // -------------------------------------------------------------------------
- PNDIS_BUFFER ndisBuffer = NULL;
- PUCHAR sendBuffer = NULL;
- ULONG length;
- Pkt = ((PSEND_RSVD)(Packet->ProtocolReserved))->OriginalPkt;
- if ((int)Pkt == 1) // 是自己构建的包
- {
- DBGPRINT(("PtSendComplete -> Now free!\n"));
- NdisUnchainBufferAtFront(Packet, &ndisBuffer);
- NdisQueryBufferSafe(ndisBuffer, &sendBuffer, &length, NormalPagePriority);
- DBGPRINT(("PtSendComplete -> Query return: 0x%x, %d\n", sendBuffer, length));
- // 这里很奇怪,结果为PtSendComplete -> Query return: 0xf0f01b38, 60
- // 大小没错,问题是指向0x8???的变成了0xF?????
- NdisFreeBuffer(ndisBuffer);
- [color=#FF0000]NdisFreeMemory(sendBuffer, length, 0); //这里就蓝屏了[/color]
- // 注释掉这里就没问题了,问题是不是意味着内存泄漏了吧?NDIS 5.1
- NdisDprFreePacket(Packet);
- DBGPRINT(("PtSendComplete -> Free successed!\n"));
- return;
- }
- // -------------------------------------------------------------------------
- #ifdef NDIS51
- //
- // Packet stacking:
- //
- // Determine if the packet we are completing is the one we allocated. If so, then
- // get the original packet from the reserved area and completed it and free the
- // allocated packet. If this is the packet that was sent down to us, then just
- // complete it
- //
- PoolHandle = NdisGetPoolFromPacket(Packet);
- if (PoolHandle != pAdapt->SendPacketPoolHandle)
- {
- //
- // We had passed down a packet belonging to the protocol above us.
- //
- // DBGPRINT(("PtSendComp: Adapt %p, Stacked Packet %p\n", pAdapt, Packet));
- NdisMSendComplete(pAdapt->MiniportHandle,
- Packet,
- Status);
- }
- else
- #endif // NDIS51
- {
- PSEND_RSVD SendRsvd;
- SendRsvd = (PSEND_RSVD)(Packet->ProtocolReserved);
- Pkt = SendRsvd->OriginalPkt;
-
- #ifndef WIN9X
- NdisIMCopySendCompletePerPacketInfo (Pkt, Packet);
- #endif
-
- NdisDprFreePacket(Packet);
- NdisMSendComplete(pAdapt->MiniportHandle,
- Pkt,
- Status);
- }
- //
- // Decrease the outstanding send count
- //
- ADAPT_DECR_PENDING_SENDS(pAdapt);
- }
很伤脑筋。希望各位大侠能指点一下,谢谢。
|
|
提升卡
变色卡
千斤顶
1/10 
京公网安备 11010802033920号
Copyright © 2005-2024 EEWORLD.com.cn, Inc. All rights reserved
