Vista BSOD

[ovidkafka]

With tcpcrypt started under Windows Vista, I have had multiple BSODs. I can't provide much useful information (flashes off the screen too quickly) other than that the most recent one occurred in passthru.sys

On restart, Vista says:

Problem signature:
Problem Event Name: BlueScreen
OS Version: 6.0.6002.2.2.0.256.6
Locale ID: 3081

Additional information about the problem:
BCCode: d1
BCP1: 8ACFC810
BCP2: 00000002
BCP3: 00000000
BCP4: 8C7E7F7D
OS Version: 6_0_6002
Service Pack: 2_0
Product: 256_1

There's an XML file that contains info about all the drivers that were loaded. This contains in part:

<DRIVER>
    <FILENAME>passthru.sys</FILENAME>
    <FILESIZE>45416</FILESIZE>
    <CREATIONDATE>10-13-2010 06:38:10</CREATIONDATE>
    <VERSION>6.1.7600.16385</VERSION>
    <MANUFACTURER>Windows (R) Win 7 DDK provider</MANUFACTURER>
    <PRODUCTNAME>Windows (R) Win 7 DDK driver</PRODUCTNAME>
    <HASH>fce1c6c0949f178dc01b5f6f1bc28c7f</HASH>
</DRIVER>

There's a Windows Minidump file but I don't know how to get anything useful out of it.

[basil00]

I can confirm that tcpcrypt also crashes Win7 64-bit reasonably often.

[basil00]

I had a quick look into this and here is my educated guess:

In divert.c, in divert_write(), the driver constructs a packet pNdisPacket from the IRP's MdlAddress. This packet is then sent to the miniport driver via a call to NdisSendPackets. Later, IoCompleteRequest is called to complete the IRP. IoCompleteRequest presumably frees or invalidates the MdlAddress.

This is a race condition: if IoCompleteRequest is called before the Miniport has finished sending the packet (i.e. before divert_send_complete() is called), then bad things will happen.