saeger

Members
  • Content Count

    2
  • Joined

  • Last visited

Community Reputation

0 Neutral

About saeger

  • Rank
    Newbie
  1. Hello. I am Internet Download Manager team member. Some our customers reported BSODs and inability to boot their systems after LavaSoft Firewall installation. Our investigations showed that there is a bug in the firewall that triggers BSOD when another TDI filter is attached to TcpIp system driver. And though we have invented a workaround for our product already the firewall driver should be fixed in the first place. Technical details, please forward this to your developers. Our driver attaches a layered filter device to \Device\Tcp which seems to have its dispatch table hooked by afw.sys. From WinDbg listing below you can see that idmtdi's completion routine gets wrong device object 8208e7a8 instead of 81d50c28 because afw.sys incorrectly handles IRP completion. It should take device object pointer to be passed to the upper routine from the upper IRP stack location and not from any other place. 1: kd> kp ChildEBP RetAddr f89ab2cc f7dbf3e3 idmtdi!TransportCreateComplete(struct _DEVICE_OBJECT * device = 0x8208e7a8, struct _IRP * irp = 0x81e48008, void * context = 0x00000000)+0x341 f89ab2f0 804e1f14 afw+0xe3e3 f89ab320 b2d91a9b nt!IopfCompleteRequest+0xa2 f89ab350 f7dbf753 tcpip!TCPDispatch+0x11a f89ab378 804e19ee afw+0xe753 f89ab3c4 8057eeb8 nt!IopfCallDriver+0x31 ... 1: kd> !devobj 0x8208e7a8 Device object (8208e7a8) is for: Tcp \Driver\Tcpip DriverObject 81d50da0 Current Irp 00000000 RefCount 7 Type 00000012 Flags 00000050 Dacl e18da2fc DevExt 00000000 DevObjExt 8208e860 ExtensionFlags (0000000000) AttachedDevice (Upper) 81d50c28 \Driver\IDMTDI Device queue is not busy. 1: kd> !irp 0x81e48008 Irp is active with 2 stacks 2 is current (= 0x81e4809c) No Mdl: System buffer=821edda8: Thread 823c18b8: Irp stack trace. cmd flg cl Device File Completion-Context [ 0, 0] 0 0 8208e7a8 00000000 f7dbf336-81e37768 \Driver\Tcpip afw Args: 00000000 00000000 00000000 00000000 >[ 0, 0] 0 0 81d50c28 821f8408 00000000-00000000 \Driver\IDMTDI Args: f89ab3f0 02000000 00000080 00000021