[求助]BAD_POOL_CALLER 蓝屏-付费问答-看雪-安全社区|安全招聘|kanxue.com

[旧帖] [求助]BAD_POOL_CALLER 蓝屏 0.00雪花

发表于: 2015-3-24 13:32 3523

[旧帖] [求助]BAD_POOL_CALLER 蓝屏 0.00雪花

gotestgo

2015-3-24 13:32

3523

急急急哪位能帮忙看看为什么老是蓝屏啊（win7 BAD_POOL_CALLER）

具体代码如下

VOID
MPSendPackets(
IN NDIS_HANDLE          MiniportAdapterContext,
IN PPNDIS_PACKET          PacketArray,
IN UINT                   NumberOfPackets
)
{
PADAPT             pAdapt = (PADAPT)MiniportAdapterContext;
NDIS_STATUS       Status;
UINT             i;
PVOID             MediaSpecificInfo = NULL;
UINT             MediaSpecificInfoSize = 0;

PNDIS_BUFFER MyBuffer;


for (i = 0; i < NumberOfPackets; i++)
{
      PNDIS_PACKET Packet, MyPacket;
PSEND_RSVD       Resvd;
PSEND_RSVD       MyResvd;


Packet = PacketArray[i];
//add by gongxz 20150319
{
UINT PhysicalBufferCount;
   UINT BufferCount;
   PIP_HEADER pIPHeader;
   BOOLEAN Status = FALSE;
   PNDIS_BUFFER NdisBuffer ;

   PUCHAR pPacketContent = NULL;
   PUCHAR tembuffer = NULL ;
   ULONG length = 0;
   UINT TotalPacketLength = 0;
   UINT copysize = 0;
   UINT DataOffset = 0 ;

NdisAllocateMemoryWithTag(&pPacketContent, 2048, TAG);
if (pPacketContent == NULL)
         {
            continue;
         }
NdisZeroMemory(pPacketContent, 2048) ;
DBGPRINT(("===>MPSendPackets 0 <===\n"));
      NdisQueryPacket(Packet, &PhysicalBufferCount, &BufferCount, &NdisBuffer, &TotalPacketLength);

DBGPRINT(("===>MPSendPackets 0.1,PhysicalBufferCount=%d,BufferCount=%d,TotalPacketLength=%d<===\n", PhysicalBufferCount, BufferCount, TotalPacketLength));
      while(TRUE)
      {
         NdisQueryBufferSafe(NdisBuffer, &tembuffer, ©size, NormalPagePriority);
     DBGPRINT(("===>MPSendPackets 0.1,copysize = %d<===\n", copysize));
         if(tembuffer != NULL)
         {
            NdisMoveMemory(pPacketContent + DataOffset, tembuffer, copysize);
            DataOffset += copysize;
}
         NdisGetNextBuffer(NdisBuffer , &NdisBuffer) ;

         if(NdisBuffer == NULL)
         {
            break ;
         }
         DBGPRINT(("===>MPSendPackets 0.2 <===\n"));
}

      pIPHeader = (PIP_HEADER)(pPacketContent + IP_OFFSET);
      if(pPacketContent[12] == 8 && pPacketContent[13] == 0 && pIPHeader->Protocol == PROT_TCP)
      {

        DBGPRINT(("===>MPSendPackets 1 <===\n"));

        NdisAcquireSpinLock(&pAdapt->Lock);
            //
            // If the below miniport is going to low power state, stop sending down any packet.
            //
            if (pAdapt->PTDeviceState > NdisDeviceStateD0)
            {
            NdisReleaseSpinLock(&pAdapt->Lock);
            NdisFreeMemory(pPacketContent, 2048, 0);
                  NdisMSendComplete(ADAPT_MINIPORT_HANDLE(pAdapt),
                              Packet,
                              NDIS_STATUS_FAILURE);
            continue;
            }
            pAdapt->OutstandingSends++;
            NdisReleaseSpinLock(&pAdapt->Lock);

   NdisAllocatePacket(&Status, &MyPacket, pAdapt->SendPacketPoolHandle);
   if (Status == NDIS_STATUS_SUCCESS)
{
   DBGPRINT(("===>MPSendPackets 1.1 <===\n"));
     //AlterPacketWind(pPacketContent);

     NdisAllocateBuffer(&Status, &MyBuffer, pAdapt->SendPacketPoolHandle, pPacketContent, length);
     if (Status == NDIS_STATUS_SUCCESS)
{
Resvd =(PSEND_RSVD)(MyPacket->ProtocolReserved);
Resvd->OriginalPkt = (PNDIS_PACKET)Packet;

     DBGPRINT(("===>MPSendPackets 2.1 <===\n"));

NdisChainBufferAtFront(MyPacket, MyBuffer);
DBGPRINT(("===>MPSendPackets 2.2 <===\n"));
MyPacket->Private.Head->Next = NULL;

MyPacket->Private.Tail = NULL;

DBGPRINT(("===>MPSendPackets 2.3 <===\n"));
MyResvd =(PSEND_RSVD)(MyPacket->MiniportReserved);

MyResvd->OriginalPkt = (PNDIS_PACKET)MyPacket;

DBGPRINT(("===>MPSendPackets 2.4 <===\n"));
NdisSend(&Status, pAdapt->BindingHandle, MyPacket);

KdPrint(("Status = %x", Status));

if(Status != NDIS_STATUS_PENDING)
{
#ifndef WIN9X
            NdisIMCopySendCompletePerPacketInfo (Packet, MyPacket);
#endif

      NdisUnchainBufferAtFront(MyPacket ,&MyBuffer);
      if (MyBuffer)
      {
        NdisFreeBuffer(MyBuffer);
      }
      NdisFreeMemory(pPacketContent, 2048, 0);
      NdisFreePacket(MyPacket);

               ADAPT_DECR_PENDING_SENDS(pAdapt);
}
if (Status != NDIS_STATUS_PENDING)
{
NdisMSendComplete(ADAPT_MINIPORT_HANDLE(pAdapt), Packet, Status);
}
         continue;
      }
      }

      NdisFreeMemory(pPacketContent, 2048, 0);
      ADAPT_DECR_PENDING_SENDS(pAdapt);

      if (Status != NDIS_STATUS_PENDING)
         {
            NdisMSendComplete(ADAPT_MINIPORT_HANDLE(pAdapt),
                              Packet,
                              Status);
         }
         continue;
}
else
{
DBGPRINT(("===>MPSendPackets 4 <===\n"));
NdisFreeMemory(pPacketContent, 2048, 0);
DBGPRINT(("===>MPSendPackets 4.1 <===\n"));
}

}
   //add by gongxz 20150319

         //
         // The driver should fail the send if the virtual miniport is in low
         // power state
         //
         if (pAdapt->MPDeviceState > NdisDeviceStateD0)
      {
         NdisMSendComplete(ADAPT_MINIPORT_HANDLE(pAdapt),
                        Packet,
                        NDIS_STATUS_FAILURE);
         continue;
      }

      DBGPRINT(("===>MPSendPackets 4.2 <===\n"));

#ifdef NDIS51
DBGPRINT(("===>MPSendPackets 4.3 <===\n"));
      //
      // Use NDIS 5.1 packet stacking:
      //
      {
         PNDIS_PACKET_STACK       pStack;
         BOOLEAN                Remaining;

         //
         // Packet stacks: Check if we can use the same packet for sending down.
         //
         pStack = NdisIMGetCurrentPacketStack(Packet, &Remaining);
         DBGPRINT(("===>MPSendPackets 4.4 <===\n"));
         if (Remaining)
         {
            DBGPRINT(("===>MPSendPackets 4.5 <===\n"));
            //
            // We can reuse "Packet".
            //
            // NOTE: if we needed to keep per-packet information in packets
            // sent down, we can use pStack->IMReserved[].
            //
            ASSERT(pStack);
            //
            // If the below miniport is going to low power state, stop sending down any packet.
            //
            NdisAcquireSpinLock(&pAdapt->Lock);
            if (pAdapt->PTDeviceState > NdisDeviceStateD0)
            {
                  NdisReleaseSpinLock(&pAdapt->Lock);
                  NdisMSendComplete(ADAPT_MINIPORT_HANDLE(pAdapt),
                                    Packet,
                                    NDIS_STATUS_FAILURE);
            }
            else
            {
                  pAdapt->OutstandingSends++;
                  NdisReleaseSpinLock(&pAdapt->Lock);

                  NdisSend(&Status,
                           pAdapt->BindingHandle,
                           Packet);

                  if (Status != NDIS_STATUS_PENDING)
                  {
                     NdisMSendComplete(ADAPT_MINIPORT_HANDLE(pAdapt),
                                          Packet,
                                          Status);

                     ADAPT_DECR_PENDING_SENDS(pAdapt);
                  }
            }
            DBGPRINT(("===>MPSendPackets 4.7 <===\n"));
            continue;
         }
      }
#endif
      do
      {
         NdisAcquireSpinLock(&pAdapt->Lock);
         //
         // If the below miniport is going to low power state, stop sending down any packet.
         //
         if (pAdapt->PTDeviceState > NdisDeviceStateD0)
         {
            NdisReleaseSpinLock(&pAdapt->Lock);
            Status = NDIS_STATUS_FAILURE;
            break;
         }
         pAdapt->OutstandingSends++;
         NdisReleaseSpinLock(&pAdapt->Lock);

         NdisAllocatePacket(&Status,
                           &MyPacket,
                           pAdapt->SendPacketPoolHandle);

         if (Status == NDIS_STATUS_SUCCESS)
         {
            PSEND_RSVD       SendRsvd;

            SendRsvd = (PSEND_RSVD)(MyPacket->ProtocolReserved);
            SendRsvd->OriginalPkt = Packet;

            NdisGetPacketFlags(MyPacket) = NdisGetPacketFlags(Packet);

            NDIS_PACKET_FIRST_NDIS_BUFFER(MyPacket) = NDIS_PACKET_FIRST_NDIS_BUFFER(Packet);
            NDIS_PACKET_LAST_NDIS_BUFFER(MyPacket) = NDIS_PACKET_LAST_NDIS_BUFFER(Packet);
#ifdef WIN9X
            //
            // Work around the fact that NDIS does not initialize this
            // to FALSE on Win9x.
            //
            NDIS_PACKET_VALID_COUNTS(MyPacket) = FALSE;
#endif // WIN9X

            //
            // Copy the OOB data from the original packet to the new
            // packet.
            //
            NdisMoveMemory(NDIS_OOB_DATA_FROM_PACKET(MyPacket),
                        NDIS_OOB_DATA_FROM_PACKET(Packet),
                        sizeof(NDIS_PACKET_OOB_DATA));
            //
            // Copy relevant parts of the per packet info into the new packet
            //
#ifndef WIN9X
            NdisIMCopySendPerPacketInfo(MyPacket, Packet);
#endif

            //
            // Copy the Media specific information
            //
            NDIS_GET_PACKET_MEDIA_SPECIFIC_INFO(Packet,
                                                &MediaSpecificInfo,
                                                &MediaSpecificInfoSize);

            if (MediaSpecificInfo || MediaSpecificInfoSize)
            {
                  NDIS_SET_PACKET_MEDIA_SPECIFIC_INFO(MyPacket,
                                                      MediaSpecificInfo,
                                                      MediaSpecificInfoSize);
            }

            NdisSend(&Status,
                     pAdapt->BindingHandle,
                     MyPacket);

            if (Status != NDIS_STATUS_PENDING)
            {
#ifndef WIN9X
                  NdisIMCopySendCompletePerPacketInfo (Packet, MyPacket);
#endif
                  NdisFreePacket(MyPacket);
                  ADAPT_DECR_PENDING_SENDS(pAdapt);
            }
         }
         else
         {
            //
            // The driver cannot allocate a packet.
            //
            ADAPT_DECR_PENDING_SENDS(pAdapt);
         }
      }
      while (FALSE);

      if (Status != NDIS_STATUS_PENDING)
      {
         NdisMSendComplete(ADAPT_MINIPORT_HANDLE(pAdapt),
                           Packet,
                           Status);
      }
}

DBGPRINT(("==>MPSendPackets end\n"));
}

[培训]《安卓高级研修班(网课)》月薪三万计划，掌握调试、分析还原ollvm、vmp的方法，定制art虚拟机自动化脱壳的方法

收藏・0

免费・0

支持

最新回复 (7)
顺子就是我雪币： 97 活跃值： (225) 能力值： ( LV2，RANK：10 ) 在线值：发帖 6 回帖 53 粉丝 0 关注私信	顺子就是我 2 楼 nat转发？？？ 2015-3-24 19:03 0
顺子就是我雪币： 97 活跃值： (225) 能力值： ( LV2，RANK：10 ) 在线值：发帖 6 回帖 53 粉丝 0 关注私信	顺子就是我 3 楼 NdisAllocateMemoryWithTag(&pPacketContent, 2048, TAG); if (pPacketContent == NULL) { continue; } NdisZeroMemory(pPacketContent, 2048) ; DBGPRINT(("===>MPSendPackets 0 <===\n")); NdisQueryPacket(Packet, &PhysicalBufferCount, &BufferCount, &NdisBuffer, &TotalPacketLength); // 这里错误了原因是有些包会大于2048个字节的 (不要问我为什么我也不知道) // 具体可以通过下面的代码来将packet转化成buffer VOID CopyPacket2Buffer(IN PNDIS_PACKET pPacket,IN OUT PUCHAR pBuff,IN OUT PUINT pLength) { PNDIS_BUFFER BuffDT; //定义一个buffer指示符 PUCHAR BuffVA; //指向一个PNDIS_PACKET结构里面的Buffer的虚拟地址 UINT BuffLen; //Buffer的长度 pLength=0; //数据包内容的总长度,开始先置零 BuffLen=0; NdisQueryPacket(pPacket,NULL,NULL,&BuffDT,NULL); //查询Packet的信息，这里查的是Packet的Buffer指示符链表的第一个Buffer while( (PNDIS_BUFFER)NULL != BuffDT ) { NdisQueryBufferSafe(BuffDT,&BuffVA,&BuffLen,32); //得到BuffDT指向的那个Buffer的虚拟地BuffVA和长度BuffLen pLength+=BuffLen; //计算pBuff中填入数据的总长度pLength if(NULL != pBuff) { NdisMoveMemory(pBuff,BuffVA,BuffLen); //将BuffVA其中的内容，移动到pBuff指向的那块区域 pBuff=pBuff+BuffLen; //pBuff指针后移，前BuffLen个字节已经填入数据 } NdisGetNextBuffer(BuffDT,&BuffDT); //获得Buffer指示符链表中的下一个Buffer指示符 } } PS：这个问题当年我也找了很久才找到的 2015-3-24 19:10 0
gotestgo 雪币： 37 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 7 回帖 18 粉丝 0 关注私信	gotestgo 4 楼谢谢楼上的2位兄弟啊,真的很感动，我实验下哦 2015-3-25 09:03 0
gotestgo 雪币： 37 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 7 回帖 18 粉丝 0 关注私信	gotestgo 5 楼 to @顺子就是我请问 NdisMoveMemory(pBuff,BuffVA,BuffLen); //将BuffVA其中的内容，移动到pBuff指向的那块区域其中的pBuff你是怎么分配的啊! 2015-3-25 09:20 0
顺子就是我雪币： 97 活跃值： (225) 能力值： ( LV2，RANK：10 ) 在线值：发帖 6 回帖 53 粉丝 0 关注私信	顺子就是我 6 楼 BOOLEAN MallocPacketBuffer(IN PNDIS_PACKET Packet,PUCHAR* pBuffer,PULONG pLength) { UINT Length = 0; NDIS_STATUS Status = NDIS_STATUS_SUCCESS; if(NULL == Packet) return FALSE; CopyPacket2Buffer(Packet,NULL,&Length); Status = NdisAllocateMemoryWithTag(pBuffer,Length,TAG); if(NDIS_STATUS_SUCCESS != Status) { return FALSE; } CopyPacket2Buffer(Packet,pBuffer,&Length); pLength = Length; return TRUE; } VOID FreePacketBuffer(IN PUCHAR pBuffer,ULONG pLength) { if(pBuffer) NdisFreeMemory(pBuffer, pLength, 0); pBuffer = NULL; } //这样调用的 PUCHAR pBuffer = NULL; UL if( FALSE == MallocPacketBuffer(Packet,&pBuffer,&Length)) return NAT_STATUS_DONOTHING; //申请空间失败 2015-3-25 09:27 0
gotestgo 雪币： 37 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 7 回帖 18 粉丝 0 关注私信	gotestgo 7 楼嗯非常感谢分配内存的思路和我一样但是你的代码更简洁更直观谢谢啦，另外我是拿这个东西用来修改包的滑动窗口大小做限速的，不知道这样思路对不对! 2015-3-25 09:40 0
gotestgo 雪币： 37 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 7 回帖 18 粉丝 0 关注私信	gotestgo 8 楼 to @顺子就是我方便说说qq吗有个问题请教下! 2015-3-25 14:25 0
	游客登录 \| 注册方可回帖回帖表情雪币赚取及消费高级回复

gotestgo

发帖

回帖

RANK

关注

私信

他的文章

关于我们

联系我们

企业服务

看雪公众号

最新回复 (7)
顺子就是我雪币： 97 活跃值： (225) 能力值： ( LV2，RANK：10 ) 在线值：发帖 6 回帖 53 粉丝 0 关注私信	顺子就是我 2 楼 nat转发？？？ 2015-3-24 19:03 0
顺子就是我雪币： 97 活跃值： (225) 能力值： ( LV2，RANK：10 ) 在线值：发帖 6 回帖 53 粉丝 0 关注私信	顺子就是我 3 楼 NdisAllocateMemoryWithTag(&pPacketContent, 2048, TAG); if (pPacketContent == NULL) { continue; } NdisZeroMemory(pPacketContent, 2048) ; DBGPRINT(("===>MPSendPackets 0 <===\n")); NdisQueryPacket(Packet, &PhysicalBufferCount, &BufferCount, &NdisBuffer, &TotalPacketLength); // 这里错误了原因是有些包会大于2048个字节的 (不要问我为什么我也不知道) // 具体可以通过下面的代码来将packet转化成buffer VOID CopyPacket2Buffer(IN PNDIS_PACKET pPacket,IN OUT PUCHAR pBuff,IN OUT PUINT pLength) { PNDIS_BUFFER BuffDT; //定义一个buffer指示符 PUCHAR BuffVA; //指向一个PNDIS_PACKET结构里面的Buffer的虚拟地址 UINT BuffLen; //Buffer的长度 pLength=0; //数据包内容的总长度,开始先置零 BuffLen=0; NdisQueryPacket(pPacket,NULL,NULL,&BuffDT,NULL); //查询Packet的信息，这里查的是Packet的Buffer指示符链表的第一个Buffer while( (PNDIS_BUFFER)NULL != BuffDT ) { NdisQueryBufferSafe(BuffDT,&BuffVA,&BuffLen,32); //得到BuffDT指向的那个Buffer的虚拟地BuffVA和长度BuffLen pLength+=BuffLen; //计算pBuff中填入数据的总长度pLength if(NULL != pBuff) { NdisMoveMemory(pBuff,BuffVA,BuffLen); //将BuffVA其中的内容，移动到pBuff指向的那块区域 pBuff=pBuff+BuffLen; //pBuff指针后移，前BuffLen个字节已经填入数据 } NdisGetNextBuffer(BuffDT,&BuffDT); //获得Buffer指示符链表中的下一个Buffer指示符 } } PS：这个问题当年我也找了很久才找到的 2015-3-24 19:10 0
gotestgo 雪币： 37 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 7 回帖 18 粉丝 0 关注私信	gotestgo 4 楼谢谢楼上的2位兄弟啊,真的很感动，我实验下哦 2015-3-25 09:03 0
gotestgo 雪币： 37 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 7 回帖 18 粉丝 0 关注私信	gotestgo 5 楼 to @顺子就是我请问 NdisMoveMemory(pBuff,BuffVA,BuffLen); //将BuffVA其中的内容，移动到pBuff指向的那块区域其中的pBuff你是怎么分配的啊! 2015-3-25 09:20 0
顺子就是我雪币： 97 活跃值： (225) 能力值： ( LV2，RANK：10 ) 在线值：发帖 6 回帖 53 粉丝 0 关注私信	顺子就是我 6 楼 BOOLEAN MallocPacketBuffer(IN PNDIS_PACKET Packet,PUCHAR* pBuffer,PULONG pLength) { UINT Length = 0; NDIS_STATUS Status = NDIS_STATUS_SUCCESS; if(NULL == Packet) return FALSE; CopyPacket2Buffer(Packet,NULL,&Length); Status = NdisAllocateMemoryWithTag(pBuffer,Length,TAG); if(NDIS_STATUS_SUCCESS != Status) { return FALSE; } CopyPacket2Buffer(Packet,pBuffer,&Length); pLength = Length; return TRUE; } VOID FreePacketBuffer(IN PUCHAR pBuffer,ULONG pLength) { if(pBuffer) NdisFreeMemory(pBuffer, pLength, 0); pBuffer = NULL; } //这样调用的 PUCHAR pBuffer = NULL; UL if( FALSE == MallocPacketBuffer(Packet,&pBuffer,&Length)) return NAT_STATUS_DONOTHING; //申请空间失败 2015-3-25 09:27 0
gotestgo 雪币： 37 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 7 回帖 18 粉丝 0 关注私信	gotestgo 7 楼嗯非常感谢分配内存的思路和我一样但是你的代码更简洁更直观谢谢啦，另外我是拿这个东西用来修改包的滑动窗口大小做限速的，不知道这样思路对不对! 2015-3-25 09:40 0
gotestgo 雪币： 37 活跃值： (10) 能力值： ( LV2，RANK：10 ) 在线值：发帖 7 回帖 18 粉丝 0 关注私信	gotestgo 8 楼 to @顺子就是我方便说说qq吗有个问题请教下! 2015-3-25 14:25 0
	游客登录 \| 注册方可回帖回帖表情雪币赚取及消费高级回复