<div dir="ltr">Hi Michael,<div><br><div>A seemingly viable way would be that you decompile your driver (npf.sys) into C code using IDA pro, cross-searched the failing address in IDA and WinPcap souce code, you will probably find the wrong line of code. </div></div><div><br></div><div>Cheers,</div><div>Yang</div></div><div class="gmail_extra"><br><div class="gmail_quote">On Wed, Sep 16, 2015 at 11:56 AM, Michael Acosta <span dir="ltr"><<a href="mailto:mike.acosta@gmail.com" target="_blank">mike.acosta@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Hi,<br>
<br>
We've been using WinPCAP optionally to send GARP frames on Windows<br>
server (2008r2 and up), but it sometimes seems to hang in a call. It's<br>
not easily reproducible, but I managed to get a kernel memory dump<br>
today of the issue - the problem is that we do not have the symbols<br>
for 4.1.3 to see what it's doing in WINDBG.<br>
<br>
Can someone provide the symbols to me so we can see what's hanging up<br>
here? If we compile on our own, the PDB isn't going to match our<br>
running environment, and since it's not easily reproducable we're kind<br>
of light on collected kernel data, so just building our own is not an<br>
option at this point. We need to see the symbols from the version<br>
built and accessible on <a href="http://winpcap.org" rel="noreferrer" target="_blank">winpcap.org</a> in order to make progress here.<br>
<br>
Please let me know if you need more information.<br>
<br>
Thank you,<br>
<span class="HOEnZb"><font color="#888888"><br>
--<br>
Michael Acosta<br>
_______________________________________________<br>
Winpcap-users mailing list<br>
<a href="mailto:Winpcap-users@winpcap.org">Winpcap-users@winpcap.org</a><br>
<a href="https://www.winpcap.org/mailman/listinfo/winpcap-users" rel="noreferrer" target="_blank">https://www.winpcap.org/mailman/listinfo/winpcap-users</a><br>
</font></span></blockquote></div><br></div>