This didn’t puzzle the Debug Ninja, how about you? – The Complete Debug

This didn’t puzzle the Debug Ninja, how about you? – The Complete Debug

  • Comments 1
This debug is quite long, for readability purposes we kept the initial blog post short and the complete debug is on this page.

 

1: kd> .bugcheck

Bugcheck code 000000D1

Arguments e074281d 00000002 00000001 ba502493

1: kd> kv

ChildEBP RetAddr  Args to Child

f78b6544 ba502493 badb0d00 00000001 00000000 nt!_KiTrap0E+0x2a7 (FPO: [0,0] TrapFrame @ f78b6544)

f78b65e0 ba50d9d8 00000020 8c32cab8 00000022 tcpip!GetAddrType+0x19f (FPO: [Non-Fpo]) (CONV: stdcall)

f78b6694 ba50dc56 8c32cab8 8ca71c2c 000005c8 tcpip!IPRcvPacket+0x66c (FPO: [Non-Fpo]) (CONV: stdcall)

f78b66d4 ba50dd58 00000000 8ca63440 8ca71c0a tcpip!ARPRcvIndicationNew+0x149 (FPO: [Non-Fpo]) (CONV: stdcall)

f78b6710 bada5550 8c4b53b8 00000000 f78b678c tcpip!ARPRcvPacket+0x68 (FPO: [Non-Fpo]) (CONV: stdcall)

f78b6764 ba9c614b 8cac2ad0 f78b6784 00000002 NDIS!ethFilterDprIndicateReceivePacket+0x1d2 (FPO: [Non-Fpo]) (CONV: stdcall)

1: kd> .trap f78b6544

ErrCode = 00000002

eax=8c32cab8 ebx=8c323008 ecx=00000001 edx=00000001 esi=8ca71c18 edi=f78b6618

eip=ba502493 esp=f78b65b8 ebp=f78b65e0 iopl=0         nv up ei pl zr na pe nc

cs=0008  ss=0010  ds=0023  es=0023  fs=0030  gs=0000             efl=00250246

tcpip!GetAddrType+0x19f:

ba502493 008b15f84154    add     byte ptr [ebx+5441F815h],cl ds:0023:e074281d=??

1: kd> dd @ebx+5441F815

e074281d  ???????? ???????? ???????? ????????

e074282d  ???????? ???????? ???????? ????????

e074283d  ???????? ???????? ???????? ????????

e074284d  ???????? ???????? ???????? ????????

e074285d  ???????? ???????? ???????? ????????

e074286d  ???????? ???????? ???????? ????????

e074287d  ???????? ???????? ???????? ????????

e074288d  ???????? ???????? ???????? ????????

1: kd> !pte e074281d

               VA e074281d

PDE at 00000000C0603818    PTE at 00000000C0703A10

contains 000000021B980963  contains E154FC1000000400

pfn 21b980 -G-DA--KWEV                           not valid

                       Proto: 00000000E154FC10

 

1: kd> ub ba50d9d8

tcpip!IPRcvPacket+0x658:

ba50d9c4 51              push    ecx

ba50d9c5 50              push    eax

ba50d9c6 53              push    ebx

ba50d9c7 ff75f4          push    dword ptr [ebp-0Ch]

ba50d9ca ff75f8          push    dword ptr [ebp-8]

ba50d9cd ff75ec          push    dword ptr [ebp-14h]

ba50d9d0 ff7508          push    dword ptr [ebp+8]

ba50d9d3 e84a040000      call    tcpip!DeliverToUser (ba50de22)

 

1: kd> uf tcpip!DeliverToUser

tcpip!DeliverToUser:

ba50de22 8bff            mov     edi,edi

ba50de24 55              push    ebp

ba50de25 8bec            mov     ebp,esp

ba50de27 83ec1c          sub     esp,1Ch

ba50de2a 8365fc00        and     dword ptr [ebp-4],0

ba50de2e 53              push    ebx

ba50de2f 8b5d08          mov     ebx,dword ptr [ebp+8]

ba50de32 56              push    esi

ba50de33 57              push    edi

ba50de34 8b7d18          mov     edi,dword ptr [ebp+18h]

ba50de37 8b4708          mov     eax,dword ptr [edi+8]

ba50de3a 8945f8          mov     dword ptr [ebp-8],eax

ba50de3d 8b470c          mov     eax,dword ptr [edi+0Ch]

ba50de40 894518          mov     dword ptr [ebp+18h],eax

ba50de43 8b430c          mov     eax,dword ptr [ebx+0Ch]

ba50de46 0fb68039010000  movzx   eax,byte ptr [eax+139h]

ba50de4d c645f400        mov     byte ptr [ebp-0Ch],0

ba50de51 8945ec          mov     dword ptr [ebp-14h],eax

ba50de54 e82bfdffff      call    tcpip!ProcessFirewallQ (ba50db84)

ba50de59 83672070        and     dword ptr [edi+20h],70h

ba50de5d 8b7510          mov     esi,dword ptr [ebp+10h]

ba50de60 0fb6c8          movzx   ecx,al

ba50de63 a1fc7854ba      mov     eax,dword ptr [tcpip!IPSecHandlerPtr (ba5478fc)]

ba50de68 85c0            test    eax,eax

ba50de6a 0f8481000000    je      tcpip!DeliverToUser+0xd9 (ba50def1)

 

tcpip!DeliverToUser+0x4e:

ba50de70 8365f000        and     dword ptr [ebp-10h],0

ba50de74 8365e400        and     dword ptr [ebp-1Ch],0

ba50de78 8365e800        and     dword ptr [ebp-18h],0

ba50de7c 803d4ca254ba00  cmp     byte ptr [tcpip!FilterRefPtr+0xc (ba54a24c)],0

ba50de83 8b571c          mov     edx,dword ptr [edi+1Ch]

ba50de86 c7450820000000  mov     dword ptr [ebp+8],20h

ba50de8d 895510          mov     dword ptr [ebp+10h],edx

ba50de90 755f            jne     tcpip!DeliverToUser+0xd9 (ba50def1)

 

tcpip!DeliverToUser+0x70:

ba50de92 85c9            test    ecx,ecx

ba50de94 755b            jne     tcpip!DeliverToUser+0xd9 (ba50def1)

 

tcpip!DeliverToUser+0x74:

ba50de96 394dec          cmp     dword ptr [ebp-14h],ecx

ba50de99 7556            jne     tcpip!DeliverToUser+0xd9 (ba50def1)

 

tcpip!DeliverToUser+0x79:

ba50de9b 3b1de07454ba    cmp     ebx,dword ptr [tcpip!LoopNTE (ba5474e0)]

ba50dea1 0f84b6320000    je      tcpip!DeliverToUser+0x81 (ba51115d)

 

tcpip!DeliverToUser+0x81:

ba51115d c7450824000000  mov     dword ptr [ebp+8],24h

ba511164 e93ecdffff      jmp     tcpip!DeliverToUser+0x88 (ba50dea7)

 

tcpip!DeliverToUser+0x88:

ba50dea7 8b4d20          mov     ecx,dword ptr [ebp+20h]

ba50deaa f6410b80        test    byte ptr [ecx+0Bh],80h

ba50deae 0f85278a0100    jne     tcpip!DeliverToUser+0x91 (ba5268db)

 

tcpip!DeliverToUser+0x91:

ba5268db 834d0808        or      dword ptr [ebp+8],8

ba5268df e9d075feff      jmp     tcpip!DeliverToUser+0x95 (ba50deb4)

 

tcpip!DeliverToUser+0x95:

ba50deb4 ff7528          push    dword ptr [ebp+28h]

ba50deb7 8d4d08          lea     ecx,[ebp+8]

ba50deba 51              push    ecx

ba50debb 8d4de8          lea     ecx,[ebp-18h]

ba50debe 51              push    ecx

ba50debf 8d4de4          lea     ecx,[ebp-1Ch]

ba50dec2 51              push    ecx

ba50dec3 8d4df0          lea     ecx,[ebp-10h]

ba50dec6 51              push    ecx

ba50dec7 ff7524          push    dword ptr [ebp+24h]

ba50deca ff730c          push    dword ptr [ebx+0Ch]

ba50decd 57              push    edi

ba50dece 56              push    esi

ba50decf ffd0            call    eax

ba50ded1 85c0            test    eax,eax

ba50ded3 0f850b8a0100    jne     tcpip!DeliverToUser+0xb6 (ba5268e4)

 

tcpip!DeliverToUser+0xb6:

ba5268e4 ff051c5354ba    inc     dword ptr [tcpip!IPSInfo+0x1c (ba54531c)]

ba5268ea e9bc76feff      jmp     tcpip!DeliverToUser+0x59d (ba50dfab)

 

tcpip!DeliverToUser+0xc1:

ba50ded9 8b45f0          mov     eax,dword ptr [ebp-10h]

ba50dedc 29451c          sub     dword ptr [ebp+1Ch],eax

ba50dedf 8b471c          mov     eax,dword ptr [edi+1Ch]

ba50dee2 ff7508          push    dword ptr [ebp+8]

ba50dee5 2b4510          sub     eax,dword ptr [ebp+10h]

ba50dee8 57              push    edi

ba50dee9 8945fc          mov     dword ptr [ebp-4],eax

ba50deec e817ffffff      call    tcpip!UpdateIPSecRcvBuf (ba50de08)

 

tcpip!DeliverToUser+0xd9:

ba50def1 807e0906        cmp     byte ptr [esi+9],6

ba50def5 753e            jne     tcpip!DeliverToUser+0x12f (ba50df35)

 

tcpip!DeliverToUser+0xdf:

ba50def7 8b430c          mov     eax,dword ptr [ebx+0Ch]

ba50defa 83b88c00000007  cmp     dword ptr [eax+8Ch],7

ba50df01 0f857a510000    jne     tcpip!DeliverToUser+0x124 (ba513081)

 

tcpip!DeliverToUser+0xeb:

ba50df07 837f1000        cmp     dword ptr [edi+10h],0

ba50df0b 741a            je      tcpip!DeliverToUser+0x114 (ba50df27)

 

tcpip!DeliverToUser+0xf1:

ba50df0d 640fb61551000000 movzx   edx,byte ptr fs:[51h]

ba50df15 8b8880010000    mov     ecx,dword ptr [eax+180h]

ba50df1b 3bca            cmp     ecx,edx

ba50df1d 0f857145ffff    jne     tcpip!DeliverToUser+0x103 (ba502494)

 

tcpip!DeliverToUser+0x103:

ba502494 8b15f84154ba    mov     edx,dword ptr [tcpip!_imp__KeNumberProcessors (ba5441f8)]

ba50249a 0fbe12          movsx   edx,byte ptr [edx]

ba50249d 3bca            cmp     ecx,edx

ba50249f 0f8582ba0000    jne     tcpip!DeliverToUser+0x114 (ba50df27)

 

tcpip!DeliverToUser+0x110:

ba50df23 c645f402        mov     byte ptr [ebp-0Ch],2

 

tcpip!DeliverToUser+0x114:

ba50df27 640fb60d51000000 movzx   ecx,byte ptr fs:[51h]

ba50df2f 898880010000    mov     dword ptr [eax+180h],ecx

 

tcpip!DeliverToUser+0x114:

ba5024a5 e979ba0000      jmp     tcpip!DeliverToUser+0x110 (ba50df23)

 

tcpip!DeliverToUser+0x124:

ba513081 3d007554ba      cmp     eax,offset tcpip!LoopInterface (ba547500)

ba513086 0f85a9aeffff    jne     tcpip!DeliverToUser+0x12f (ba50df35)

 

tcpip!DeliverToUser+0x12b:

ba51308c c645f402        mov     byte ptr [ebp-0Ch],2

ba513090 e9a0aeffff      jmp     tcpip!DeliverToUser+0x12f (ba50df35)

 

tcpip!DeliverToUser+0x12f:

ba50df35 33c0            xor     eax,eax

ba50df37 8a4609          mov     al,byte ptr [esi+9]

ba50df3a 50              push    eax

ba50df3b e85c0d0000      call    tcpip!FindUserRcv (ba50ec9c)

ba50df40 33c9            xor     ecx,ecx

ba50df42 394dec          cmp     dword ptr [ebp-14h],ecx

ba50df45 894510          mov     dword ptr [ebp+10h],eax

ba50df48 0f8503990000    jne     tcpip!DeliverToUser+0x308 (ba517851)

 

tcpip!DeliverToUser+0x148:

ba50df4e 3bc1            cmp     eax,ecx

ba50df50 0f84698b0100    je      tcpip!DeliverToUser+0x4f0 (ba526abf)

 

tcpip!DeliverToUser+0x150:

ba50df56 384d28          cmp     byte ptr [ebp+28h],cl

ba50df59 8b5708          mov     edx,dword ptr [edi+8]

ba50df5c 8955ec          mov     dword ptr [ebp-14h],edx

ba50df5f 8b570c          mov     edx,dword ptr [edi+0Ch]

ba50df62 895524          mov     dword ptr [ebp+24h],edx

ba50df65 0f85eabcffff    jne     tcpip!DeliverToUser+0x299 (ba509c55)

 

tcpip!DeliverToUser+0x165:

ba50df6b ff7520          push    dword ptr [ebp+20h]

ba50df6e 8a4e09          mov     cl,byte ptr [esi+9]

ba50df71 51              push    ecx

ba50df72 ff75f4          push    dword ptr [ebp-0Ch]

ba50df75 8b4d0c          mov     ecx,dword ptr [ebp+0Ch]

ba50df78 ff751c          push    dword ptr [ebp+1Ch]

ba50df7b 57              push    edi

ba50df7c ff7514          push    dword ptr [ebp+14h]

ba50df7f 56              push    esi

ba50df80 ff7304          push    dword ptr [ebx+4]

ba50df83 ff7104          push    dword ptr [ecx+4]

ba50df86 ff760c          push    dword ptr [esi+0Ch]

ba50df89 ff7610          push    dword ptr [esi+10h]

ba50df8c 53              push    ebx

ba50df8d ffd0            call    eax

ba50df8f 85c0            test    eax,eax

ba50df91 0f8569a40000    jne     tcpip!DeliverToUser+0x1a6 (ba518400)

 

tcpip!DeliverToUser+0x18d:

ba50df97 64a051000000    mov     al,byte ptr fs:[00000051h]

ba50df9d 83e007          and     eax,7

ba50dfa0 c1e006          shl     eax,6

ba50dfa3 8d80845354ba    lea     eax,tcpip!IPPerCpuStats+0x4 (ba545384)[eax]

ba50dfa9 ff00            inc     dword ptr [eax]

 

tcpip!DeliverToUser+0x1a6:

ba518400 3dfc2a0000      cmp     eax,2AFCh

ba518405 0f84e4e40000    je      tcpip!DeliverToUser+0x1b1 (ba5268ef)

 

tcpip!DeliverToUser+0x1b1:

ba5268ef 8b4518          mov     eax,dword ptr [ebp+18h]

ba5268f2 ff05185354ba    inc     dword ptr [tcpip!IPSInfo+0x18 (ba545318)]

ba5268f8 3d80000000      cmp     eax,80h

ba5268fd 88451f          mov     byte ptr [ebp+1Fh],al

ba526900 7204            jb      tcpip!DeliverToUser+0x1c8 (ba526906)

 

tcpip!DeliverToUser+0x1c4:

ba526902 c6451f80        mov     byte ptr [ebp+1Fh],80h

 

tcpip!DeliverToUser+0x1c8:

ba526906 0fb6451f        movzx   eax,byte ptr [ebp+1Fh]

ba52690a 8b5d14          mov     ebx,dword ptr [ebp+14h]

ba52690d 6a10            push    10h

ba52690f 894520          mov     dword ptr [ebp+20h],eax

ba526912 6854435074      push    74504354h

ba526917 03c3            add     eax,ebx

ba526919 50              push    eax

ba52691a 6a00            push    0

ba52691c ff15284254ba    call    dword ptr [tcpip!_imp__ExAllocatePoolWithTagPriority (ba544228)]

ba526922 8bd0            mov     edx,eax

ba526924 85d2            test    edx,edx

ba526926 895514          mov     dword ptr [ebp+14h],edx

ba526929 0f847c76feff    je      tcpip!DeliverToUser+0x59d (ba50dfab)

 

tcpip!DeliverToUser+0x1f1:

ba52692f 8bcb            mov     ecx,ebx

ba526931 8bc1            mov     eax,ecx

ba526933 c1e902          shr     ecx,2

ba526936 8bfa            mov     edi,edx

ba526938 f3a5            rep movs dword ptr es:[edi],dword ptr [esi]

ba52693a 6a03            push    3

ba52693c 8bc8            mov     ecx,eax

ba52693e 58              pop     eax

ba52693f 23c8            and     ecx,eax

ba526941 f3a4            rep movs byte ptr es:[edi],byte ptr [esi]

ba526943 0fb675fc        movzx   esi,byte ptr [ebp-4]

ba526947 8b4d20          mov     ecx,dword ptr [ebp+20h]

ba52694a 0375f8          add     esi,dword ptr [ebp-8]

ba52694d 0fb6fb          movzx   edi,bl

ba526950 025d1f          add     bl,byte ptr [ebp+1Fh]

ba526953 03fa            add     edi,edx

ba526955 8bd1            mov     edx,ecx

ba526957 c1e902          shr     ecx,2

ba52695a f3a5            rep movs dword ptr es:[edi],dword ptr [esi]

ba52695c 53              push    ebx

ba52695d 6a00            push    0

ba52695f 6a02            push    2

ba526961 50              push    eax

ba526962 ff7514          push    dword ptr [ebp+14h]

ba526965 8bca            mov     ecx,edx

ba526967 23c8            and     ecx,eax

ba526969 8b450c          mov     eax,dword ptr [ebp+0Ch]

ba52696c f3a4            rep movs byte ptr es:[edi],byte ptr [esi]

ba52696e ff7004          push    dword ptr [eax+4]

ba526971 e8bd19ffff      call    tcpip!SendICMPErr (ba518333)

ba526976 6a00            push    0

ba526978 ff7514          push    dword ptr [ebp+14h]

ba52697b e95b1bffff      jmp     tcpip!DeliverToUser+0x48e (ba5184db)

 

tcpip!DeliverToUser+0x242:

ba51840b 33c9            xor     ecx,ecx

ba51840d 648a0d51000000  mov     cl,byte ptr fs:[51h]

ba518414 83e107          and     ecx,7

ba518417 c1e106          shl     ecx,6

ba51841a 8d89845354ba    lea     ecx,tcpip!IPPerCpuStats+0x4 (ba545384)[ecx]

ba518420 ff01            inc     dword ptr [ecx]

ba518422 807e0911        cmp     byte ptr [esi+9],11h

ba518426 752d            jne     tcpip!DeliverToUser+0x28c (ba518455)

 

tcpip!DeliverToUser+0x25f:

ba518428 ff7520          push    dword ptr [ebp+20h]

ba51842b 8b450c          mov     eax,dword ptr [ebp+0Ch]

ba51842e 6a11            push    11h

ba518430 6a00            push    0

ba518432 ff751c          push    dword ptr [ebp+1Ch]

ba518435 57              push    edi

ba518436 ff7514          push    dword ptr [ebp+14h]

ba518439 56              push    esi

ba51843a ff7304          push    dword ptr [ebx+4]

ba51843d ff7004          push    dword ptr [eax+4]

ba518440 ff760c          push    dword ptr [esi+0Ch]

ba518443 ff7610          push    dword ptr [esi+10h]

ba518446 53              push    ebx

ba518447 ff7524          push    dword ptr [ebp+24h]

ba51844a ff75ec          push    dword ptr [ebp-14h]

ba51844d ff7510          push    dword ptr [ebp+10h]

ba518450 e8dcb5ffff      call    tcpip!DeliverToRAW (ba513a31)

 

tcpip!DeliverToUser+0x28c:

ba518455 85c0            test    eax,eax

ba518457 0f844e5bffff    je      tcpip!DeliverToUser+0x59d (ba50dfab)

 

tcpip!DeliverToUser+0x299:

ba509c55 807d2808        cmp     byte ptr [ebp+28h],8

ba509c59 0f8306dc0000    jae     tcpip!DeliverToUser+0x55f (ba517865)

 

tcpip!DeliverToUser+0x2a3:

ba509c5f ff7520          push    dword ptr [ebp+20h]

ba509c62 33c9            xor     ecx,ecx

ba509c64 8a4e09          mov     cl,byte ptr [esi+9]

ba509c67 51              push    ecx

ba509c68 ff751c          push    dword ptr [ebp+1Ch]

ba509c6b 57              push    edi

ba509c6c ff7514          push    dword ptr [ebp+14h]

ba509c6f 56              push    esi

ba509c70 ff760c          push    dword ptr [esi+0Ch]

ba509c73 ff7610          push    dword ptr [esi+10h]

ba509c76 53              push    ebx

ba509c77 50              push    eax

ba509c78 e890050000      call    tcpip!BCastRcv (ba50a20d)

ba509c7d 3d2a2b0000      cmp     eax,2B2Ah

ba509c82 0f8523430000    jne     tcpip!DeliverToUser+0x59d (ba50dfab)

 

tcpip!DeliverToUser+0x2cc:

ba509c88 807e0911        cmp     byte ptr [esi+9],11h

ba509c8c 0f8519430000    jne     tcpip!DeliverToUser+0x59d (ba50dfab)

 

tcpip!DeliverToUser+0x2d6:

ba509c92 ff7520          push    dword ptr [ebp+20h]

ba509c95 8b450c          mov     eax,dword ptr [ebp+0Ch]

ba509c98 6a11            push    11h

ba509c9a 6a00            push    0

ba509c9c ff751c          push    dword ptr [ebp+1Ch]

ba509c9f 57              push    edi

ba509ca0 ff7514          push    dword ptr [ebp+14h]

ba509ca3 56              push    esi

ba509ca4 ff7304          push    dword ptr [ebx+4]

ba509ca7 ff7004          push    dword ptr [eax+4]

ba509caa ff760c          push    dword ptr [esi+0Ch]

ba509cad ff7610          push    dword ptr [esi+10h]

ba509cb0 53              push    ebx

ba509cb1 ff7524          push    dword ptr [ebp+24h]

ba509cb4 ff75ec          push    dword ptr [ebp-14h]

 

tcpip!DeliverToUser+0x2fb:

ba509cb7 ff7510          push    dword ptr [ebp+10h]

ba509cba e8729d0000      call    tcpip!DeliverToRAW (ba513a31)

ba509cbf e9e7420000      jmp     tcpip!DeliverToUser+0x59d (ba50dfab)

 

tcpip!DeliverToUser+0x308:

ba517851 807d2800        cmp     byte ptr [ebp+28h],0

ba517855 0f8425f10000    je      tcpip!DeliverToUser+0x312 (ba526980)

 

tcpip!DeliverToUser+0x312:

ba526980 3bc1            cmp     eax,ecx

ba526982 0f8437010000    je      tcpip!DeliverToUser+0x4f0 (ba526abf)

 

tcpip!DeliverToUser+0x31a:

ba526988 8b4f08          mov     ecx,dword ptr [edi+8]

ba52698b 834f2001        or      dword ptr [edi+20h],1

ba52698f ff7520          push    dword ptr [ebp+20h]

ba526992 894d24          mov     dword ptr [ebp+24h],ecx

ba526995 8b4f0c          mov     ecx,dword ptr [edi+0Ch]

ba526998 894d28          mov     dword ptr [ebp+28h],ecx

ba52699b 33c9            xor     ecx,ecx

ba52699d 8a4e09          mov     cl,byte ptr [esi+9]

ba5269a0 51              push    ecx

ba5269a1 ff75f4          push    dword ptr [ebp-0Ch]

ba5269a4 8b4d0c          mov     ecx,dword ptr [ebp+0Ch]

ba5269a7 ff751c          push    dword ptr [ebp+1Ch]

ba5269aa 57              push    edi

ba5269ab ff7514          push    dword ptr [ebp+14h]

ba5269ae 56              push    esi

ba5269af ff7304          push    dword ptr [ebx+4]

ba5269b2 ff7104          push    dword ptr [ecx+4]

ba5269b5 ff760c          push    dword ptr [esi+0Ch]

ba5269b8 ff7610          push    dword ptr [esi+10h]

ba5269bb 53              push    ebx

ba5269bc ffd0            call    eax

ba5269be 33c9            xor     ecx,ecx

ba5269c0 3bc1            cmp     eax,ecx

ba5269c2 7530            jne     tcpip!DeliverToUser+0x399 (ba5269f4)

 

tcpip!DeliverToUser+0x356:

ba5269c4 ff7520          push    dword ptr [ebp+20h]

ba5269c7 33c0            xor     eax,eax

ba5269c9 64a051000000    mov     al,byte ptr fs:[00000051h]

ba5269cf 83e007          and     eax,7

ba5269d2 c1e006          shl     eax,6

ba5269d5 8d80845354ba    lea     eax,tcpip!IPPerCpuStats+0x4 (ba545384)[eax]

ba5269db ff00            inc     dword ptr [eax]

ba5269dd 33c0            xor     eax,eax

ba5269df 8a4609          mov     al,byte ptr [esi+9]

ba5269e2 50              push    eax

ba5269e3 51              push    ecx

ba5269e4 ff751c          push    dword ptr [ebp+1Ch]

ba5269e7 57              push    edi

ba5269e8 ff7514          push    dword ptr [ebp+14h]

ba5269eb 56              push    esi

ba5269ec ff7304          push    dword ptr [ebx+4]

ba5269ef e949eafeff      jmp     tcpip!DeliverToUser+0x381 (ba51543d)

 

tcpip!DeliverToUser+0x381:

ba51543d 8b450c          mov     eax,dword ptr [ebp+0Ch]

ba515440 ff7004          push    dword ptr [eax+4]

ba515443 ff760c          push    dword ptr [esi+0Ch]

ba515446 ff7610          push    dword ptr [esi+10h]

ba515449 53              push    ebx

ba51544a ff7528          push    dword ptr [ebp+28h]

ba51544d ff7524          push    dword ptr [ebp+24h]

ba515450 e96248ffff      jmp     tcpip!DeliverToUser+0x2fb (ba509cb7)

 

tcpip!DeliverToUser+0x399:

ba5269f4 3dfc2a0000      cmp     eax,2AFCh

ba5269f9 7573            jne     tcpip!DeliverToUser+0x3c8 (ba526a6e)

 

tcpip!DeliverToUser+0x3a0:

ba5269fb 8b5d18          mov     ebx,dword ptr [ebp+18h]

ba5269fe ff05185354ba    inc     dword ptr [tcpip!IPSInfo+0x18 (ba545318)]

ba526a04 81fb80000000    cmp     ebx,80h

ba526a0a 7202            jb      tcpip!DeliverToUser+0x3b3 (ba526a0e)

 

tcpip!DeliverToUser+0x3b1:

ba526a0c b380            mov     bl,80h

 

tcpip!DeliverToUser+0x3b3:

ba526a0e 8b5514          mov     edx,dword ptr [ebp+14h]

ba526a11 0fb6c3          movzx   eax,bl

ba526a14 6a10            push    10h

ba526a16 6854435074      push    74504354h

ba526a1b 03d0            add     edx,eax

ba526a1d 52              push    edx

 

tcpip!DeliverToUser+0x3c8:

ba526a6e 33c0            xor     eax,eax

ba526a70 64a051000000    mov     al,byte ptr fs:[00000051h]

ba526a76 83e007          and     eax,7

ba526a79 c1e006          shl     eax,6

ba526a7c 8d80845354ba    lea     eax,tcpip!IPPerCpuStats+0x4 (ba545384)[eax]

ba526a82 ff00            inc     dword ptr [eax]

ba526a84 807e0911        cmp     byte ptr [esi+9],11h

ba526a88 0f85cf19ffff    jne     tcpip!DeliverToUser+0x410 (ba51845d)

 

tcpip!DeliverToUser+0x3e4:

ba526a8e ff7520          push    dword ptr [ebp+20h]

ba526a91 8b450c          mov     eax,dword ptr [ebp+0Ch]

ba526a94 6a11            push    11h

ba526a96 51              push    ecx

ba526a97 ff751c          push    dword ptr [ebp+1Ch]

ba526a9a 57              push    edi

ba526a9b ff7514          push    dword ptr [ebp+14h]

ba526a9e 56              push    esi

ba526a9f ff7304          push    dword ptr [ebx+4]

ba526aa2 ff7004          push    dword ptr [eax+4]

ba526aa5 ff760c          push    dword ptr [esi+0Ch]

ba526aa8 ff7610          push    dword ptr [esi+10h]

ba526aab 53              push    ebx

ba526aac ff7528          push    dword ptr [ebp+28h]

ba526aaf ff7524          push    dword ptr [ebp+24h]

ba526ab2 ff7510          push    dword ptr [ebp+10h]

ba526ab5 e877cffeff      call    tcpip!DeliverToRAW (ba513a31)

ba526aba e99e19ffff      jmp     tcpip!DeliverToUser+0x410 (ba51845d)

 

tcpip!DeliverToUser+0x410:

ba51845d 8b5d18          mov     ebx,dword ptr [ebp+18h]

ba518460 81fb80000000    cmp     ebx,80h

ba518466 7202            jb      tcpip!DeliverToUser+0x41d (ba51846a)

 

tcpip!DeliverToUser+0x41b:

ba518468 b380            mov     bl,80h

 

tcpip!DeliverToUser+0x41d:

ba51846a 8b4d14          mov     ecx,dword ptr [ebp+14h]

ba51846d 6a10            push    10h

ba51846f 0fb6c3          movzx   eax,bl

ba518472 6854435074      push    74504354h

ba518477 03c1            add     eax,ecx

ba518479 50              push    eax

ba51847a 6a00            push    0

ba51847c ff15284254ba    call    dword ptr [tcpip!_imp__ExAllocatePoolWithTagPriority (ba544228)]

ba518482 8bf8            mov     edi,eax

ba518484 85ff            test    edi,edi

ba518486 897d1c          mov     dword ptr [ebp+1Ch],edi

ba518489 0f841c5bffff    je      tcpip!DeliverToUser+0x59d (ba50dfab)

 

tcpip!DeliverToUser+0x442:

ba51848f 8b4d14          mov     ecx,dword ptr [ebp+14h]

ba518492 8bc1            mov     eax,ecx

ba518494 c1e902          shr     ecx,2

ba518497 f3a5            rep movs dword ptr es:[edi],dword ptr [esi]

ba518499 6a03            push    3

ba51849b 8bc8            mov     ecx,eax

ba51849d 58              pop     eax

ba51849e 23c8            and     ecx,eax

ba5184a0 f3a4            rep movs byte ptr es:[edi],byte ptr [esi]

ba5184a2 0fb675fc        movzx   esi,byte ptr [ebp-4]

ba5184a6 0fb67d14        movzx   edi,byte ptr [ebp+14h]

ba5184aa 0375f8          add     esi,dword ptr [ebp-8]

ba5184ad 037d1c          add     edi,dword ptr [ebp+1Ch]

ba5184b0 0fb6cb          movzx   ecx,bl

ba5184b3 8bd1            mov     edx,ecx

ba5184b5 c1e902          shr     ecx,2

ba5184b8 f3a5            rep movs dword ptr es:[edi],dword ptr [esi]

ba5184ba 8bca            mov     ecx,edx

ba5184bc 23c8            and     ecx,eax

ba5184be 025d14          add     bl,byte ptr [ebp+14h]

ba5184c1 53              push    ebx

ba5184c2 6a00            push    0

ba5184c4 50              push    eax

 

tcpip!DeliverToUser+0x478:

ba5184c5 50              push    eax

ba5184c6 ff751c          push    dword ptr [ebp+1Ch]

ba5184c9 8b450c          mov     eax,dword ptr [ebp+0Ch]

ba5184cc f3a4            rep movs byte ptr es:[edi],byte ptr [esi]

ba5184ce ff7004          push    dword ptr [eax+4]

ba5184d1 e85dfeffff      call    tcpip!SendICMPErr (ba518333)

ba5184d6 6a00            push    0

ba5184d8 ff751c          push    dword ptr [ebp+1Ch]

 

tcpip!DeliverToUser+0x48e:

ba5184db ff15244254ba    call    dword ptr [tcpip!_imp__ExFreePoolWithTag (ba544224)]

ba5184e1 e9c55affff      jmp     tcpip!DeliverToUser+0x59d (ba50dfab)

 

tcpip!DeliverToUser+0x499:

ba51785b 807d2808        cmp     byte ptr [ebp+28h],8

ba51785f 0f828cdbffff    jb      tcpip!DeliverToUser+0x4a3 (ba5153f1)

 

tcpip!DeliverToUser+0x4a3:

ba5153f1 3bc1            cmp     eax,ecx

ba5153f3 8b5708          mov     edx,dword ptr [edi+8]

ba5153f6 895524          mov     dword ptr [ebp+24h],edx

ba5153f9 8b570c          mov     edx,dword ptr [edi+0Ch]

ba5153fc 895528          mov     dword ptr [ebp+28h],edx

ba5153ff 0f84ba160100    je      tcpip!DeliverToUser+0x4f0 (ba526abf)

 

tcpip!DeliverToUser+0x4b3:

ba515405 834f2001        or      dword ptr [edi+20h],1

ba515409 ff7520          push    dword ptr [ebp+20h]

ba51540c 33c9            xor     ecx,ecx

ba51540e 8a4e09          mov     cl,byte ptr [esi+9]

ba515411 51              push    ecx

ba515412 ff751c          push    dword ptr [ebp+1Ch]

ba515415 57              push    edi

ba515416 ff7514          push    dword ptr [ebp+14h]

ba515419 56              push    esi

ba51541a ff760c          push    dword ptr [esi+0Ch]

ba51541d ff7610          push    dword ptr [esi+10h]

ba515420 53              push    ebx

ba515421 50              push    eax

ba515422 e8e64dffff      call    tcpip!BCastRcv (ba50a20d)

ba515427 ff7520          push    dword ptr [ebp+20h]

ba51542a 33c0            xor     eax,eax

ba51542c 8a4609          mov     al,byte ptr [esi+9]

ba51542f 50              push    eax

ba515430 6a00            push    0

ba515432 ff751c          push    dword ptr [ebp+1Ch]

ba515435 57              push    edi

ba515436 ff7514          push    dword ptr [ebp+14h]

ba515439 56              push    esi

ba51543a ff7304          push    dword ptr [ebx+4]

 

tcpip!DeliverToUser+0x4f0:

ba526abf 8b5d18          mov     ebx,dword ptr [ebp+18h]

ba526ac2 ff05185354ba    inc     dword ptr [tcpip!IPSInfo+0x18 (ba545318)]

ba526ac8 81fb80000000    cmp     ebx,80h

ba526ace 7202            jb      tcpip!DeliverToUser+0x503 (ba526ad2)

 

tcpip!DeliverToUser+0x501:

ba526ad0 b380            mov     bl,80h

 

tcpip!DeliverToUser+0x503:

ba526ad2 8b5514          mov     edx,dword ptr [ebp+14h]

ba526ad5 0fb6c3          movzx   eax,bl

ba526ad8 6a10            push    10h

ba526ada 03c2            add     eax,edx

ba526adc 6854435074      push    74504354h

ba526ae1 50              push    eax

ba526ae2 e937ffffff      jmp     tcpip!DeliverToUser+0x513 (ba526a1e)

 

tcpip!DeliverToUser+0x513:

ba526a1e 51              push    ecx

ba526a1f ff15284254ba    call    dword ptr [tcpip!_imp__ExAllocatePoolWithTagPriority (ba544228)]

ba526a25 8bf8            mov     edi,eax

ba526a27 85ff            test    edi,edi

ba526a29 897d1c          mov     dword ptr [ebp+1Ch],edi

ba526a2c 0f847975feff    je      tcpip!DeliverToUser+0x59d (ba50dfab)

 

tcpip!DeliverToUser+0x523:

ba526a32 8b4d14          mov     ecx,dword ptr [ebp+14h]

ba526a35 8bc1            mov     eax,ecx

ba526a37 c1e902          shr     ecx,2

ba526a3a f3a5            rep movs dword ptr es:[edi],dword ptr [esi]

ba526a3c 6a03            push    3

ba526a3e 8bc8            mov     ecx,eax

ba526a40 58              pop     eax

ba526a41 23c8            and     ecx,eax

ba526a43 f3a4            rep movs byte ptr es:[edi],byte ptr [esi]

ba526a45 0fb675fc        movzx   esi,byte ptr [ebp-4]

ba526a49 0fb67d14        movzx   edi,byte ptr [ebp+14h]

ba526a4d 0375f8          add     esi,dword ptr [ebp-8]

ba526a50 037d1c          add     edi,dword ptr [ebp+1Ch]

ba526a53 0fb6cb          movzx   ecx,bl

ba526a56 8bd1            mov     edx,ecx

ba526a58 c1e902          shr     ecx,2

ba526a5b f3a5            rep movs dword ptr es:[edi],dword ptr [esi]

ba526a5d 8bca            mov     ecx,edx

ba526a5f 23c8            and     ecx,eax

ba526a61 025d14          add     bl,byte ptr [ebp+14h]

ba526a64 53              push    ebx

ba526a65 6a00            push    0

ba526a67 6a02            push    2

ba526a69 e9571affff      jmp     tcpip!DeliverToUser+0x478 (ba5184c5)

 

tcpip!DeliverToUser+0x55f:

ba517865 a1b85554ba      mov     eax,dword ptr [tcpip!RawPI (ba5455b8)]

ba51786a 3bc1            cmp     eax,ecx

ba51786c 0f843967ffff    je      tcpip!DeliverToUser+0x59d (ba50dfab)

 

tcpip!DeliverToUser+0x568:

ba517872 8b4004          mov     eax,dword ptr [eax+4]

ba517875 3bc1            cmp     eax,ecx

ba517877 0f842e67ffff    je      tcpip!DeliverToUser+0x59d (ba50dfab)

 

tcpip!DeliverToUser+0x56f:

ba51787d 807d28ff        cmp     byte ptr [ebp+28h],0FFh

ba517881 0f842467ffff    je      tcpip!DeliverToUser+0x59d (ba50dfab)

 

tcpip!DeliverToUser+0x575:

ba517887 834f2001        or      dword ptr [edi+20h],1

ba51788b ff7520          push    dword ptr [ebp+20h]

ba51788e 33d2            xor     edx,edx

ba517890 8a5609          mov     dl,byte ptr [esi+9]

ba517893 52              push    edx

ba517894 51              push    ecx

ba517895 ff751c          push    dword ptr [ebp+1Ch]

ba517898 8b4d0c          mov     ecx,dword ptr [ebp+0Ch]

ba51789b 57              push    edi

ba51789c ff7514          push    dword ptr [ebp+14h]

ba51789f 56              push    esi

ba5178a0 ff7304          push    dword ptr [ebx+4]

ba5178a3 ff7104          push    dword ptr [ecx+4]

ba5178a6 ff760c          push    dword ptr [esi+0Ch]

ba5178a9 ff7610          push    dword ptr [esi+10h]

ba5178ac 53              push    ebx

ba5178ad ffd0            call    eax

ba5178af e9f766ffff      jmp     tcpip!DeliverToUser+0x59d (ba50dfab)

 

tcpip!DeliverToUser+0x59d:

ba50dfab 5f              pop     edi

ba50dfac 5e              pop     esi

ba50dfad 5b              pop     ebx

ba50dfae c9              leave

ba50dfaf c22400          ret     24h