Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

NPCAP BUGCHECK

From: "Mike ." <dmciscobgp () hotmail com>
Date: Fri, 29 Mar 2019 17:15:33 +0000
getting no responses to this never-ending saga . maybe some of you coders can do somethig with this. i have enclosed 
the crashdump. -----Mike

*crash dump is too damn big, this a direct copy/paste from windbg, best i can do


Use !analyze -v to get detailed debugging information.

BugCheck 7E, {80000003, 887a720e, 89341ae8, 893416c0}

*** ERROR: Module load completed but symbols could not be loaded for mssmbios.sys
*** ERROR: Symbol file could not be found.  Defaulted to export symbols for dump_dumpata.sys -
Probably caused by : dump_dumpata.sys ( dump_dumpata!AtaPortSetBusData+168 )

Followup: MachineOwner
---------

1: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

SYSTEM_THREAD_EXCEPTION_NOT_HANDLED (7e)
This is a very common bugcheck.  Usually the exception address pinpoints
the driver/function that caused the problem.  Always note this address
as well as the link date of the driver/image that contains this address.
Arguments:
Arg1: 80000003, The exception code that was not handled
Arg2: 887a720e, The address that the exception occurred at
Arg3: 89341ae8, Exception Record Address
Arg4: 893416c0, Context Record Address

Debugging Details:
------------------


EXCEPTION_CODE: (HRESULT) 0x80000003 (2147483651) - One or more arguments are invalid

FAULTING_IP:
dump_dumpata!AtaPortSetBusData+168
887a720e cc              int     3

EXCEPTION_RECORD:  89341ae8 -- (.exr 0xffffffff89341ae8)
ExceptionAddress: 887a720e (dump_dumpata!AtaPortSetBusData+0x00000168)
   ExceptionCode: 80000003 (Break instruction exception)
  ExceptionFlags: 00000000
NumberParameters: 3
   Parameter[0]: 00000000
   Parameter[1]: 84d93998
   Parameter[2]: 00000000

CONTEXT:  893416c0 -- (.cxr 0xffffffff893416c0;r)
eax=89341c40 ebx=850d2a60 ecx=01000000 edx=00000000 esi=84f490e0 edi=84df6590
eip=887a720e esp=89341bb0 ebp=89341ce4 iopl=0         nv up ei pl zr na pe nc
cs=0008  ss=0010  ds=0023  es=0023  fs=0030  gs=0000             efl=00000246
dump_dumpata!AtaPortSetBusData+0x168:
887a720e cc              int     3
Last set context:
eax=89341c40 ebx=850d2a60 ecx=01000000 edx=00000000 esi=84f490e0 edi=84df6590
eip=887a720e esp=89341bb0 ebp=89341ce4 iopl=0         nv up ei pl zr na pe nc
cs=0008  ss=0010  ds=0023  es=0023  fs=0030  gs=0000             efl=00000246
dump_dumpata!AtaPortSetBusData+0x168:
887a720e cc              int     3
Resetting default scope

DEFAULT_BUCKET_ID:  WIN7_DRIVER_FAULT

BUGCHECK_STR:  0x7E

PROCESS_NAME:  System

CURRENT_IRQL:  0

ERROR_CODE: (NTSTATUS) 0x80000003 - {EXCEPTION}  Breakpoint  A breakpoint has been reached.

EXCEPTION_PARAMETER1:  00000000

EXCEPTION_PARAMETER2:  84d93998

EXCEPTION_PARAMETER3:  00000000

ANALYSIS_VERSION: 6.3.9600.17336 (debuggers(dbg).150226-1500) x86fre

LAST_CONTROL_TRANSFER:  from 88494d01 to 887a720e

STACK_TEXT:
WARNING: Stack unwind information not available. Following frames may be wrong.
89341ce4 88494d01 84df6590 00000000 84f490e0 dump_dumpata!AtaPortSetBusData+0x168
89341d0c 884ffcad 00f490e0 884c9690 884c96a0 ndis!ndisCheckMiniportFilters+0x105
89341d24 884f7013 850cbde8 00f490e0 89341d50 ndis!ndisQueuedCheckAdapterBindings+0xc8
89341d34 884930a5 850cbde8 00000000 84d93998 ndis!ndisWorkItemHandler+0xe
89341d50 8224313d 00000000 9571b668 00000000 ndis!ndisWorkerThread+0xa4
89341d90 820ea559 88493001 00000000 00000000 nt!PspSystemThreadStartup+0x9e
00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x19


FOLLOWUP_IP:
dump_dumpata!AtaPortSetBusData+168
887a720e cc              int     3

SYMBOL_STACK_INDEX:  0

SYMBOL_NAME:  dump_dumpata!AtaPortSetBusData+168

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: dump_dumpata

IMAGE_NAME:  dump_dumpata.sys

DEBUG_FLR_IMAGE_TIMESTAMP:  4a5bbf14

IMAGE_VERSION:  6.1.7600.16385

STACK_COMMAND:  .cxr 0xffffffff893416c0 ; kb

FAILURE_BUCKET_ID:  0x7E_dump_dumpata!AtaPortSetBusData+168

BUCKET_ID:  0x7E_dump_dumpata!AtaPortSetBusData+168

ANALYSIS_SOURCE:  KM

FAILURE_ID_HASH_STRING:  km:0x7e_dump_dumpata!ataportsetbusdata+168

FAILURE_ID_HASH:  {f4afee9b-9096-dd3a-c82f-ac191960470b}

Followup: MachineOwner
---------


*this points to the faulting function, but then i got the blue screen, it showed NPCAP.SYS as the offender*

_______________________________________________
Sent through the dev mailing list
https://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: