Archive for the ‘NDIS Corner’ Category

Crash Dump Analysis Patterns (Part 164)

Sunday, December 25th, 2011

When looking at network packet pools using NDIS WinDbg extension we might see increased number of allocated blocks possibly correlated with network problems, for example:

0: kd> !ndiskd.pktpools * normal
Pool     Allocator BlocksAllocated BlockSize PktsPerBlock PacketLength
8a467e20 b9090f96  0×1             0×1000    0×14         0xc8   tcpip!ARPRegister+119
8a491460 ba4eea56  0×1             0×1000    0×14         0xc8   wanarp!WanpInitializeNdis+a8
8a466508 b905d368  0×1             0×1000    0xd          0×138   tcpip!InitForwardingPools+53
8a373578 b905becb  0×3             0×1000    0×11         0xe8   tcpip!AllocIPPacketList+59
8a466580 b9095ac5  0×1             0×1000    0xe          0×118   tcpip!IPInit+e0
8a460958 bac40a97  0xb             0×1000    0×14         0xc8   vmxnet+a97

0: kd> !ndiskd.pktpools * no sent packets
Pool     Allocator BlocksAllocated BlockSize PktsPerBlock PacketLength
8a467e20 b9090f96  0×1             0×1000    0×14         0xc8 tcpip!ARPRegister+119
8a491460 ba4eea56  0×1             0×1000    0×14         0xc8 wanarp!WanpInitializeNdis+a8
8a466508 b905d368  0×1             0×1000    0xd          0×138 tcpip!InitForwardingPools+53
8a373578 b905becb  0xa3            0×1000    0×11         0xe8 tcpip!AllocIPPacketList+59
8a466580 b9095ac5  0×1             0×1000    0xe          0×118 tcpip!IPInit+e0
8a460958 bac40a97  0×9b            0×1000    0×14         0xc8 vmxnet+a97

- Dmitry Vostokov @ DumpAnalysis.org + TraceAnalysis.org -

Crash Dump Analysis Patterns (Part 163)

Sunday, December 25th, 2011

Sometimes we need to check network adapters (miniports) to see whether they are up, down, connected or disconnected. This can be done using ndiskd WinDbg extension and its commands. For example (a kernel memory dump):

1: kd> !ndiskd.miniports
raspptp.sys, v0.0
  88453360 NetLuidIndex  1, IfIndex  3,  WAN Miniport (PPTP)
raspppoe.sys, v0.0
  884860e8 NetLuidIndex  0, IfIndex  4,  WAN Miniport (PPPOE)
ndiswan.sys, v0.0
  8842f0e8 NetLuidIndex  0, IfIndex  5,  WAN Miniport (IPv6)
  8842e0e8 NetLuidIndex  3, IfIndex  6,  WAN Miniport (IP)
rasl2tp.sys, v0.0
  8842b0e8 NetLuidIndex  0, IfIndex  2,  WAN Miniport (L2TP)
E1G60I32.sys, v8.1
  84b730e8 NetLuidIndex  4, IfIndex  8,  Intel(R) PRO/1000 MT Network Connection

tunnel.sys, v1.0
  84b370e8 NetLuidIndex  2, IfIndex  9,  isatap.{0DC6D9AD-70DC-41CE-9798-F71D1A8C899F}

1: kd> !ndiskd.miniport 84b730e8

MINIPORT

    Intel(R) PRO/1000 MT Network Connection

    Ndis Handle        84b730e8
    Ndis API Version   v6.0
    Adapter Context    88460008
    Miniport Driver    84b44938 - E1G60I32.sys  v8.1
    Ndis Verifier      [No flags set]

    Media Type         802.3
    Physical Medium    802.3
    Device Path        \??\PCI#VEN_8086&DEV_100F&SUBSYS_075015AD&REV_01#4&b70f118&0&0888#{ad498944-762f-11d0-8dcb-00c04fc3358c}\{0DC6D9AD-70DC-41CE-9798-F71D1A8C899F}
    Device Object      84b73030
    MAC Address        00-0c-29-b1-7d-39

STATE

    Miniport           Running
    Device PnP         Started
    Datapath           00000002          ← DIVERTED_BECAUSE_MEDIA_DISCONNECTED
    NBL Status         NDIS_STATUS_MEDIA_DISCONNECTED
    Operational status DOWN
    Operational flags  00000002          ← DOWN_NOT_CONNECTED

    Admin status       ADMIN_UP
    Media              MediaDisconnected
    Power              D0
    References         6
    User Handles       0
    Total Resets       0
    Pending OID        None
    Flags              0c452218
        ↑ BUS_MASTER, 64BIT_DMA, SG_DMA, DEFAULT_PORT_ACTIVATED,
        SUPPORTS_MEDIA_SENSE, DOES_NOT_DO_LOOPBACK, NOT_MEDIA_CONNECTED
    PnPFlags           00210021
        ↑ PM_SUPPORTED, DEVICE_POWER_ENABLED, RECEIVED_START, HARDWARE_DEVICE

BINDINGS

    Filter List        Filter              Filter Driver      Context          _
    QoS Packet Scheduler-0000
                       88e453d8            88e18938           88e1ed60

    Open List          Open                Protocol           Context          _
    RSPNDR             8bcbb470            8bd23ac8           8bcbb820
    LLTDIO             8bcb8c00            8bd15980           8bd153f8
    TCPIP6             88e528e8            88e02350           88e52c98
    TCPIP              88e1c078            88e02aa8           88e1e6a8

MORE INFORMATION

     → Driver handlers                      → Task offloads
     → Power management
     → Pending OIDs                         → Timers
                                            → Receive Side Throttling
     → Wake-on-LAN (WoL)                    → Packet filter
     → NDIS ports

Another example from a different complete memory dump: 

STATE

    Device PnP         Started
    Datapath           00000002          ← DIVERTED_BECAUSE_MEDIA_DISCONNECTED
    Packet Status      NDIS_STATUS_NO_CABLE
    Media              Not Connected

  […]

- Dmitry Vostokov @ DumpAnalysis.org + TraceAnalysis.org -