none
Uninstalling ndis filter driver causes dllhost.exe hang RRS feed

  • 问题

  • Hi all,

    I have written NDIS filter driver based on WDK's sample(LWF), it works well, but when uninstalling the driver through Ethernet properties, sometime it works well, sometime it hangs(not responding).

    below is call stack and related analysis, please help me to find out root reason.

    call stack:

    nt!KiSwapContext+0x19

     nt!KiCommitThreadWait+0x280

     nt!KeWaitForSingleObject+0x269

     nt!ExWaitForRundownProtectionReleaseCacheAware+0x9c

     tcpip!FlUnbindAdapter+0x76

     ndis!ndisInvokeUnbindAdapter+0x1c

     ndis!ndisUnbindProtocol+0x13b

     ndis!ndisCloseMiniportBindingsForPause+0x1396

     ndis!ndisDetachFilter+0x27f

     ndis!ndisHandleFilterAttachOrDetachNotification+0x15f

     ndis!ndisHandleUModePnPOp+0x2384a

     ndis!ndisDispatchRequest+0x47

     nt!IofCallDriver+0x3f

     nt!IopSynchronousServiceTail+0x121

     nt!IopXxxControlFile+0x3ac

     nt!NtDeviceIoControlFile+0x2a

     nt!KiFastCallEntry+0x12c

     ntdll!KiFastSystemCallRet

     ntdll!NtDeviceIoControlFile+0xa

     KERNELBASE!DeviceIoControl+0x77

     KERNEL32!DeviceIoControlImplementation+0x3d

     netcfgx!HrNdisAttachOrDetach+0x1a2

     netcfgx!CFilteredAdapters::HrAttachOrDetach+0x79

     netcfgx!CModifyContext::ApplyChanges+0xeb0

     netcfgx!CModifyContext::HrApplyIfOkOrCancel+0x2b

     netcfgx!CModifyContext::HrPopRecursionDepth+0x24

     netcfgx!CModifyContext::HrRemoveComponentIfNotReferenced+0xd6

     netcfgx!CImplINetCfgClass::DeInstall+0x132

     netshell!HrRemoveComponent+0x58

     netshell!HrQueryUserAndRemoveComponent+0xc8

     netshell!CLanNetPage::OnRemoveHelper+0x86

     netshell!CLanNetNormalPage::ProcessWindowMessage+0x120

     netshell!CPropSheetPage::DialogProc+0x42

    ble. Following frames may be wrong.

     USER32!gapfnScSendMessage+0x14b

     USER32!Ordinal2518+0x5f6

     USER32!Ordinal2518+0x34b

     USER32!Ordinal2518+0x709

     USER32!gapfnScSendMessage+0x14b

     USER32!IsThreadDesktopComposited+0x15d

     USER32!ChangeDisplaySettingsExW+0x30b

     USER32!SendMessageW+0xe3

     comctl32!Button_ReleaseCapture+0xb9

     comctl32!Button_WndProc+0xac8

     USER32!gapfnScSendMessage+0x14b

     USER32!IsThreadDesktopComposited+0x15d

     USER32!CallNextHookEx+0x35e

     USER32!EndMenu+0xf5

     comctl32!Prop_IsDialogMessage+0x3b

     comctl32!_RealPropertySheet+0x234

     comctl32!_PropertySheet+0x3b

     comctl32!PropertySheetW+0xf

     netshell!PropertySheetW+0x4a

     netshell!HrRaiseConnectionPropertiesInternal+0x27d

     netshell!HrOnCommandProperties+0x14c

     netshell!HrRaiseDialogFromINetConnection+0xb1

     netshell!ShowPropertiesDialogThreadProc+0xab

     KERNEL32!BaseThreadInitThunk+0xe

     ntdll!__RtlUserThreadStart+0x4a

     ntdll!_RtlUserThreadStart+0x1c

    2)

    1: kd> !ndiskd.pendingnbls

    PHASE 1/3: Found 45 NBL pool(s).                

    PHASE 2/3: Found 155 freed NBL(s).                                   

        Pending Nbl        Currently held by                                       

        87802e48           86c31008 - WFP Native MAC Layer LightWeight Filter-0000  [Filter]                   

                                                                                       

    PHASE 3/3: Found 1 pending NBL(s) of 671 total NBL(s).                     

    Search complete.

    1: kd> !ndiskd.nbl 87802e48 -NblCurrentOwner
        Owner              Filter              86c31008 - WFP Native MAC Layer LightWeight Filter-0000
    1: kd> !ndiskd.nbl 87802e48 -data
    NET_BUFFER 87802ef8
        Warning: the packet extends 1514 byte(s) beyond the last MDL
    1: kd> !ndiskd.nb 87802ef8
        NB                 87802ef8            Next NB            0
        Length             0n1514              Source pool        861b3c80
        First MDL          0                   DataOffset         0
        Current MDL        [NULL]              Current MDL offset 0

        View associated NBL.

    By the way, in driver, I have set MTU length to 1514 with OID request.

    Thanks in advance!

    Rick Wang

    2012年10月18日 11:27