Receiving Udp Packets

Here is the memdump and the minidump. When i look at the localvariables of
the receive function the Pointer to TdiEventContet has the right address and
when i look at tmpSession it is Null but he don't stop the function.

Function:

NTSTATUS ReceiveData(PVOID TdiEventContext,
LONG SourceAddressLength,
PVOID SourceAddress,
LONG OptionsLength,
PVOID Options,
ULONG ReceiveDatagramFlags,
ULONG BytesIndicated,
ULONG BytesAvailable,
ULONG *BytesTaken,
PVOID Tsdu,
PIRP *IoRequestPacket)
{
SESSION_INFO* tmpSession = (SESSION_INFO*)TdiEventContext;
TRANSPORT_ADDRESS* transAddr = (TRANSPORT_ADDRESS*)SourceAddress;
TA_ADDRESS* addr = (TA_ADDRESS*)transAddr->Address;
TDI_ADDRESS_IP* ipAddr = (TDI_ADDRESS_IP*)addr->Address;
rtp_send_hdr_t* rtpHeader;

//DbgPrint("ReceiveData: Packet Received for session %i from IP %0x\n",
tmpSession->SessionId, ipAddr->in_addr);

if(driverExtension->UnloadStatus == TRUE)
{
DbgPrint("ReceiveData: Driver is Unloaded\n");
return STATUS_SUCCESS;
}

if(tmpSession = NULL)
{
DbgPrint("ReceiveData: RtpSession is NULL\n");
return STATUS_SUCCESS;
}

// checks if the packet is from the rigth IP address
if(ipAddr->in_addr != tmpSession->DestIp)
{
DbgPrint("ReceiveData: Packet with wrong IP received for session %i\n",
tmpSession->SessionId);
// send an event to the service that an packet for no session received
tmpSession->WrongPacketIn = 1;
tmpSession->WrongPacketIp = ipAddr->in_addr;
tmpSession->WrongPacketPort = ipAddr->sin_port;

return STATUS_SUCCESS;
}

return STATUS_SUCCESS;
}

Minidump:

DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If kernel debugger is available get stack backtrace.
Arguments:
Arg1: 00000174, memory referenced
Arg2: d0000002, IRQL
Arg3: 00000000, value 0 = read operation, 1 = write operation
Arg4: b770bb4d, address which referenced memory

Debugging Details:
------------------


READ_ADDRESS: 00000174

CURRENT_IRQL: 2

FAULTING_IP:
ITCTECCTI!ReceiveData+6d
[c:\itcteccti\wdf_itcteccti\wdf_itcteccti\itcteccti driver.c @ 1652]
b770bb4d 3b9174010000 cmp edx,dword ptr [ecx+174h]

CUSTOMER_CRASH_COUNT: 1

DEFAULT_BUCKET_ID: DRIVER_FAULT_SERVER_MINIDUMP

BUGCHECK_STR: 0xD1

PROCESS_NAME: Idle

LAST_CONTROL_TRANSFER: from 88c81918 to 8088c993

STACK_TEXT:
8089a17c 88c81918 8769a1c8 00000000 00000000 nt!ExFreePoolWithTag+0x65d
WARNING: Frame IP not in any known module. Following frames may be wrong.
8089a188 00000000 88c20023 87b10023 5302a8c0 0x88c81918


STACK_COMMAND: .bugcheck ; kb

FOLLOWUP_IP:
ITCTECCTI!ReceiveData+6d
[c:\itcteccti\wdf_itcteccti\wdf_itcteccti\itcteccti driver.c @ 1652]
b770bb4d 3b9174010000 cmp edx,dword ptr [ecx+174h]

FAULTING_SOURCE_CODE:
1648: return STATUS_SUCCESS;
1649: }
1650:
1651: // checks if the packet is from the rigth IP address
> 1652: if(ipAddr->in_addr != tmpSession->DestIp)
1653: {
1654: DbgPrint("ReceiveData: Packet with wrong IP received for session
%i\n", tmpSession->SessionId);
1655: // send an event to the service that an packet for no session
received
1656: tmpSession->WrongPacketIn = 1;
1657: tmpSession->WrongPacketIp = ipAddr->in_addr;


SYMBOL_NAME: ITCTECCTI!ReceiveData+6d

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: ITCTECCTI

IMAGE_NAME: ITCTECCTI.sys

DEBUG_FLR_IMAGE_TIMESTAMP: 4a4c535c

FAILURE_BUCKET_ID: 0xD1_ITCTECCTI!ReceiveData+6d

BUCKET_ID: 0xD1_ITCTECCTI!ReceiveData+6d

Followup: MachineOwner
---------


Memdump:


ADDITIONAL_DEBUG_TEXT:
Use '!findthebuild' command to search for the target build information.
If the build information is available, run '!findthebuild -s ; .reload' to
set symbol path and load symbols.

FAULTING_MODULE: 80800000 nt

DEBUG_FLR_IMAGE_TIMESTAMP: 4a4c535c

READ_ADDRESS: unable to get nt!MmSpecialPoolStart
unable to get nt!MmSpecialPoolEnd
unable to get nt!MmPoolCodeStart
unable to get nt!MmPoolCodeEnd
00000174

CURRENT_IRQL: 0

FAULTING_IP:
ITCTECCTI!ReceiveData+6d
[c:\itcteccti\wdf_itcteccti\wdf_itcteccti\itcteccti driver.c @ 1652]
b770bb4d 3b9174010000 cmp edx,dword ptr [ecx+174h]

DEFAULT_BUCKET_ID: DRIVER_FAULT

BUGCHECK_STR: 0xD1

LAST_CONTROL_TRANSFER: from b770bb4d to 8088c993

STACK_TEXT:
WARNING: Stack unwind information not available. Following frames may be
wrong.
8089a15c b770bb4d badb0d00 5302a8c0 8089a410 nt!Kei386EoiHelper+0x28d3
8089a1e4 b90c35b6 8414e450 00000016 8089a264 ITCTECCTI!ReceiveData+0x6d
[c:\itcteccti\wdf_itcteccti\wdf_itcteccti\itcteccti driver.c @ 1652]
8089a280 b90b79b7 89359850 5302a8c0 0000b0cd tcpip!IPGetAddrType+0x733b
8089a2d8 b90bc239 893a8b60 e302a8c0 5302a8c0 tcpip!GetIFAndLink+0x584c
8089a338 b90ba45e 00000020 893a8b60 b90c320a tcpip!IPRcvComplete+0x1ce2
8089a3c8 b90ba684 893a8b60 89492622 000000b4 tcpip!IPRcvPacket+0x27b
8089a408 b90ba517 00000000 894eac10 89492600 tcpip!IPRcvComplete+0x12d
8089a460 f7234208 891f6e58 894eac10 00000000 tcpip!IPRcvPacket+0x334
8089a4b4 f761b758 8a3ee130 8089a514 00000001
NDIS!ethFilterDprIndicateReceivePacket+0x385
8089a570 f761e272 00000000 00000000 8a3ee130 l151x86+0x4758
8089a590 f7229466 8a2a93f0 ffdffa40 8a2a97ec l151x86+0x7272
8089a5a8 80832110 8a2a97ec 8a2a97d8 00000000 NDIS!ndisMDpcX+0x21
8089a600 8088de4f 00000000 0000000e 00000000 nt!ZwYieldExecution+0x248c
8089db40 00000000 8089db48 8089db48 8089db50 nt!KiDispatchInterrupt+0x32f


STACK_COMMAND: kb

FOLLOWUP_IP:
ITCTECCTI!ReceiveData+6d
[c:\itcteccti\wdf_itcteccti\wdf_itcteccti\itcteccti driver.c @ 1652]
b770bb4d 3b9174010000 cmp edx,dword ptr [ecx+174h]

FAULTING_SOURCE_CODE:
1648: return STATUS_SUCCESS;
1649: }
1650:
1651: // checks if the packet is from the rigth IP address
> 1652: if(ipAddr->in_addr != tmpSession->DestIp)
1653: {
1654: DbgPrint("ReceiveData: Packet with wrong IP received for session
%i\n", tmpSession->SessionId);
1655: // send an event to the service that an packet for no session
received
1656: tmpSession->WrongPacketIn = 1;
1657: tmpSession->WrongPacketIp = ipAddr->in_addr;


SYMBOL_STACK_INDEX: 1

SYMBOL_NAME: ITCTECCTI!ReceiveData+6d

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: ITCTECCTI

IMAGE_NAME: ITCTECCTI.sys

BUCKET_ID: WRONG_SYMBOLS

Followup: MachineOwner
---------

Harald

I tested the function with only one dbgPrint and it works so the tmpSession
pointer is not null.

NTSTATUS ReceiveData(PVOID TdiEventContext,
LONG SourceAddressLength,
PVOID SourceAddress,
LONG OptionsLength,
PVOID Options,
ULONG ReceiveDatagramFlags,
ULONG BytesIndicated,
ULONG BytesAvailable,
ULONG *BytesTaken,
PVOID Tsdu,
PIRP *IoRequestPacket)
{
SESSION_INFO* tmpSession = (SESSION_INFO*)TdiEventContext;
TRANSPORT_ADDRESS* transAddr = (TRANSPORT_ADDRESS*)SourceAddress;
TA_ADDRESS* addr = (TA_ADDRESS*)transAddr->Address;
TDI_ADDRESS_IP* ipAddr = (TDI_ADDRESS_IP*)addr->Address;
rtp_send_hdr_t* rtpHeader;

DbgPrint("ReceiveData: Packet Received for session %i from IP %0x\n",
tmpSession->SessionId, ipAddr->in_addr);

return STATUS_SUCCESS;
}

Hi
I found the error. In one of the IFs i foget an = and so he set the
tmpSession to zero.

if(tmpSession = NULL)

It was definitly to hot yesterday in the office.

THANKS

Harald