While using a libnet application (tcptraceroute) on Win-XP, I got the dreaded "blue screen of death" once again. This program like nmap, is sending TCP segments. Using tcpdump or Ethereal, npf seems rock solid.
libnet is also using libpcap. Details: >filever \WINDOWS\system32\drivers\npf.sys --a-- W32i DRV - 3.1.0.20 shp 32,768 02-03-2004 npf.sys Details from the Mini-dump (attached) doesn't mention nfp.sys specifically, but I'm sure it's involved somehow. The BSOD message was DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1) Arguments: Arg1: 77e96d6a, memory referenced Arg2: 00000002, IRQL Arg3: 00000000, value 0 = read operation, 1 = write operation Arg4: 77e96d6a, address which referenced memory Some more details from WinDbg: CURRENT_IRQL: 2 FAULTING_IP: +77e96d6a 77e96d6a ?? ??? DEFAULT_BUCKET_ID: DRIVER_FAULT BUGCHECK_STR: 0xD1 LAST_CONTROL_TRANSFER: from 80530335 to 804f4103 STACK_TEXT: WARNING: Stack unwind information not available. Following frames may be wrong. f688cd48 80530335 0000000a 77e96d6a 00000002 nt!KeBugCheckEx+0x19 f688cd64 823ce9d0 815d5020 ef4d3cec ef4d3d98 nt!Kei386EoiHelper+0x257d 00000000 00000000 00000000 00000000 00000000 0x823ce9d0 FAILED_INSTRUCTION_ADDRESS: +77e96d6a 77e96d6a ?? ??? FOLLOWUP_IP: nt!Kei386EoiHelper+257d 80530335 f7457000000200 test dword ptr [ebp+0x70],0x20000 FOLLOWUP_NAME: MachineOwner ------- The experts may be able to make some sense of the Minidump. Refs: http://www.packetfactory.net/libnet http://michael.toren.net/code/tcptraceroute/ Thanks. --gv
Mini021304-01.dmp.gz
Description: Binary data
