Winsock Kernel Access Violation RRS feed

  • Question

  • Hi,
    I am developing a kernel mode driver that should send data to a server.
    I read about WSK and also found the following examples:
    - Microsoft's "WSK TCP Echo Server":
    - wskudp:

    I tries to use wsktcp but I WskProvier.Dispatch->WskSocket causes BSOD because an access violation.

    I obviously made the relevant initialization as in WSKStartup (WskRegiser and WskCaptureProviderNPI) and InitWskData works fine.

    Although there might be a better approach to implement the requirements, I still want to try the socket solution.

    Bugcheck info:
    BugCheck 0x7E, {c0000005, 95564a59, 8919a304, 89199ee0}

    • Edited by A.r.a.d Monday, July 10, 2017 5:34 PM title miss
    Monday, July 10, 2017 5:34 PM

All replies

  • Without seeing the code, I cannot tell you what is wrong. From the bugcheck information you provided, your driver caused an access violation (probably dereferenced a pointer improperly). You need to post the output of !analyze -v from WinDBG


    Azius Developer Training Windows device driver, internals, security, & forensics training and consulting. Blog at

    Monday, July 10, 2017 6:11 PM
  • As Brian said you need to post the !analyze -v    You are likely to find that something in your setup is wrong, and the pointer to WskSocket is invalid.  I've had this several times in stuff I have done in this area.

    Don Burn Windows Driver Consulting Website:

    Monday, July 10, 2017 9:42 PM