This didn’t puzzle the Debug Ninja, how about you? – The Complete Debug
This debug is quite long, for readability purposes we kept the initial blog post short and the complete debug is on this page.
1: kd> .bugcheck
Bugcheck code 000000D1
Arguments e074281d 00000002 00000001 ba502493
1: kd> kv
ChildEBP RetAddr Args to Child
f78b6544 ba502493 badb0d00 00000001 00000000 nt!_KiTrap0E+0x2a7 (FPO: [0,0] TrapFrame @ f78b6544)
f78b65e0 ba50d9d8 00000020 8c32cab8 00000022 tcpip!GetAddrType+0x19f (FPO: [Non-Fpo]) (CONV: stdcall)
f78b6694 ba50dc56 8c32cab8 8ca71c2c 000005c8 tcpip!IPRcvPacket+0x66c (FPO: [Non-Fpo]) (CONV: stdcall)
f78b66d4 ba50dd58 00000000 8ca63440 8ca71c0a tcpip!ARPRcvIndicationNew+0x149 (FPO: [Non-Fpo]) (CONV: stdcall)
f78b6710 bada5550 8c4b53b8 00000000 f78b678c tcpip!ARPRcvPacket+0x68 (FPO: [Non-Fpo]) (CONV: stdcall)
f78b6764 ba9c614b 8cac2ad0 f78b6784 00000002 NDIS!ethFilterDprIndicateReceivePacket+0x1d2 (FPO: [Non-Fpo]) (CONV: stdcall)
1: kd> .trap f78b6544
ErrCode = 00000002
eax=8c32cab8 ebx=8c323008 ecx=00000001 edx=00000001 esi=8ca71c18 edi=f78b6618
eip=ba502493 esp=f78b65b8 ebp=f78b65e0 iopl=0 nv up ei pl zr na pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00250246
tcpip!GetAddrType+0x19f:
ba502493 008b15f84154 add byte ptr [ebx+5441F815h],cl ds:0023:e074281d=??
1: kd> dd @ebx+5441F815
e074281d ???????? ???????? ???????? ????????
e074282d ???????? ???????? ???????? ????????
e074283d ???????? ???????? ???????? ????????
e074284d ???????? ???????? ???????? ????????
e074285d ???????? ???????? ???????? ????????
e074286d ???????? ???????? ???????? ????????
e074287d ???????? ???????? ???????? ????????
e074288d ???????? ???????? ???????? ????????
1: kd> !pte e074281d
VA e074281d
PDE at 00000000C0603818 PTE at 00000000C0703A10
contains 000000021B980963 contains E154FC1000000400
pfn 21b980 -G-DA--KWEV not valid
Proto: 00000000E154FC10
1: kd> ub ba50d9d8
tcpip!IPRcvPacket+0x658:
ba50d9c4 51 push ecx
ba50d9c5 50 push eax
ba50d9c6 53 push ebx
ba50d9c7 ff75f4 push dword ptr [ebp-0Ch]
ba50d9ca ff75f8 push dword ptr [ebp-8]
ba50d9cd ff75ec push dword ptr [ebp-14h]
ba50d9d0 ff7508 push dword ptr [ebp+8]
ba50d9d3 e84a040000 call tcpip!DeliverToUser (ba50de22)
1: kd> uf tcpip!DeliverToUser
tcpip!DeliverToUser:
ba50de22 8bff mov edi,edi
ba50de24 55 push ebp
ba50de25 8bec mov ebp,esp
ba50de27 83ec1c sub esp,1Ch
ba50de2a 8365fc00 and dword ptr [ebp-4],0
ba50de2e 53 push ebx
ba50de2f 8b5d08 mov ebx,dword ptr [ebp+8]
ba50de32 56 push esi
ba50de33 57 push edi
ba50de34 8b7d18 mov edi,dword ptr [ebp+18h]
ba50de37 8b4708 mov eax,dword ptr [edi+8]
ba50de3a 8945f8 mov dword ptr [ebp-8],eax
ba50de3d 8b470c mov eax,dword ptr [edi+0Ch]
ba50de40 894518 mov dword ptr [ebp+18h],eax
ba50de43 8b430c mov eax,dword ptr [ebx+0Ch]
ba50de46 0fb68039010000 movzx eax,byte ptr [eax+139h]
ba50de4d c645f400 mov byte ptr [ebp-0Ch],0
ba50de51 8945ec mov dword ptr [ebp-14h],eax
ba50de54 e82bfdffff call tcpip!ProcessFirewallQ (ba50db84)
ba50de59 83672070 and dword ptr [edi+20h],70h
ba50de5d 8b7510 mov esi,dword ptr [ebp+10h]
ba50de60 0fb6c8 movzx ecx,al
ba50de63 a1fc7854ba mov eax,dword ptr [tcpip!IPSecHandlerPtr (ba5478fc)]
ba50de68 85c0 test eax,eax
ba50de6a 0f8481000000 je tcpip!DeliverToUser+0xd9 (ba50def1)
tcpip!DeliverToUser+0x4e:
ba50de70 8365f000 and dword ptr [ebp-10h],0
ba50de74 8365e400 and dword ptr [ebp-1Ch],0
ba50de78 8365e800 and dword ptr [ebp-18h],0
ba50de7c 803d4ca254ba00 cmp byte ptr [tcpip!FilterRefPtr+0xc (ba54a24c)],0
ba50de83 8b571c mov edx,dword ptr [edi+1Ch]
ba50de86 c7450820000000 mov dword ptr [ebp+8],20h
ba50de8d 895510 mov dword ptr [ebp+10h],edx
ba50de90 755f jne tcpip!DeliverToUser+0xd9 (ba50def1)
tcpip!DeliverToUser+0x70:
ba50de92 85c9 test ecx,ecx
ba50de94 755b jne tcpip!DeliverToUser+0xd9 (ba50def1)
tcpip!DeliverToUser+0x74:
ba50de96 394dec cmp dword ptr [ebp-14h],ecx
ba50de99 7556 jne tcpip!DeliverToUser+0xd9 (ba50def1)
tcpip!DeliverToUser+0x79:
ba50de9b 3b1de07454ba cmp ebx,dword ptr [tcpip!LoopNTE (ba5474e0)]
ba50dea1 0f84b6320000 je tcpip!DeliverToUser+0x81 (ba51115d)
tcpip!DeliverToUser+0x81:
ba51115d c7450824000000 mov dword ptr [ebp+8],24h
ba511164 e93ecdffff jmp tcpip!DeliverToUser+0x88 (ba50dea7)
tcpip!DeliverToUser+0x88:
ba50dea7 8b4d20 mov ecx,dword ptr [ebp+20h]
ba50deaa f6410b80 test byte ptr [ecx+0Bh],80h
ba50deae 0f85278a0100 jne tcpip!DeliverToUser+0x91 (ba5268db)
tcpip!DeliverToUser+0x91:
ba5268db 834d0808 or dword ptr [ebp+8],8
ba5268df e9d075feff jmp tcpip!DeliverToUser+0x95 (ba50deb4)
tcpip!DeliverToUser+0x95:
ba50deb4 ff7528 push dword ptr [ebp+28h]
ba50deb7 8d4d08 lea ecx,[ebp+8]
ba50deba 51 push ecx
ba50debb 8d4de8 lea ecx,[ebp-18h]
ba50debe 51 push ecx
ba50debf 8d4de4 lea ecx,[ebp-1Ch]
ba50dec2 51 push ecx
ba50dec3 8d4df0 lea ecx,[ebp-10h]
ba50dec6 51 push ecx
ba50dec7 ff7524 push dword ptr [ebp+24h]
ba50deca ff730c push dword ptr [ebx+0Ch]
ba50decd 57 push edi
ba50dece 56 push esi
ba50decf ffd0 call eax
ba50ded1 85c0 test eax,eax
ba50ded3 0f850b8a0100 jne tcpip!DeliverToUser+0xb6 (ba5268e4)
tcpip!DeliverToUser+0xb6:
ba5268e4 ff051c5354ba inc dword ptr [tcpip!IPSInfo+0x1c (ba54531c)]
ba5268ea e9bc76feff jmp tcpip!DeliverToUser+0x59d (ba50dfab)
tcpip!DeliverToUser+0xc1:
ba50ded9 8b45f0 mov eax,dword ptr [ebp-10h]
ba50dedc 29451c sub dword ptr [ebp+1Ch],eax
ba50dedf 8b471c mov eax,dword ptr [edi+1Ch]
ba50dee2 ff7508 push dword ptr [ebp+8]
ba50dee5 2b4510 sub eax,dword ptr [ebp+10h]
ba50dee8 57 push edi
ba50dee9 8945fc mov dword ptr [ebp-4],eax
ba50deec e817ffffff call tcpip!UpdateIPSecRcvBuf (ba50de08)
tcpip!DeliverToUser+0xd9:
ba50def1 807e0906 cmp byte ptr [esi+9],6
ba50def5 753e jne tcpip!DeliverToUser+0x12f (ba50df35)
tcpip!DeliverToUser+0xdf:
ba50def7 8b430c mov eax,dword ptr [ebx+0Ch]
ba50defa 83b88c00000007 cmp dword ptr [eax+8Ch],7
ba50df01 0f857a510000 jne tcpip!DeliverToUser+0x124 (ba513081)
tcpip!DeliverToUser+0xeb:
ba50df07 837f1000 cmp dword ptr [edi+10h],0
ba50df0b 741a je tcpip!DeliverToUser+0x114 (ba50df27)
tcpip!DeliverToUser+0xf1:
ba50df0d 640fb61551000000 movzx edx,byte ptr fs:[51h]
ba50df15 8b8880010000 mov ecx,dword ptr [eax+180h]
ba50df1b 3bca cmp ecx,edx
ba50df1d 0f857145ffff jne tcpip!DeliverToUser+0x103 (ba502494)
tcpip!DeliverToUser+0x103:
ba502494 8b15f84154ba mov edx,dword ptr [tcpip!_imp__KeNumberProcessors (ba5441f8)]
ba50249a 0fbe12 movsx edx,byte ptr [edx]
ba50249d 3bca cmp ecx,edx
ba50249f 0f8582ba0000 jne tcpip!DeliverToUser+0x114 (ba50df27)
tcpip!DeliverToUser+0x110:
ba50df23 c645f402 mov byte ptr [ebp-0Ch],2
tcpip!DeliverToUser+0x114:
ba50df27 640fb60d51000000 movzx ecx,byte ptr fs:[51h]
ba50df2f 898880010000 mov dword ptr [eax+180h],ecx
tcpip!DeliverToUser+0x114:
ba5024a5 e979ba0000 jmp tcpip!DeliverToUser+0x110 (ba50df23)
tcpip!DeliverToUser+0x124:
ba513081 3d007554ba cmp eax,offset tcpip!LoopInterface (ba547500)
ba513086 0f85a9aeffff jne tcpip!DeliverToUser+0x12f (ba50df35)
tcpip!DeliverToUser+0x12b:
ba51308c c645f402 mov byte ptr [ebp-0Ch],2
ba513090 e9a0aeffff jmp tcpip!DeliverToUser+0x12f (ba50df35)
tcpip!DeliverToUser+0x12f:
ba50df35 33c0 xor eax,eax
ba50df37 8a4609 mov al,byte ptr [esi+9]
ba50df3a 50 push eax
ba50df3b e85c0d0000 call tcpip!FindUserRcv (ba50ec9c)
ba50df40 33c9 xor ecx,ecx
ba50df42 394dec cmp dword ptr [ebp-14h],ecx
ba50df45 894510 mov dword ptr [ebp+10h],eax
ba50df48 0f8503990000 jne tcpip!DeliverToUser+0x308 (ba517851)
tcpip!DeliverToUser+0x148:
ba50df4e 3bc1 cmp eax,ecx
ba50df50 0f84698b0100 je tcpip!DeliverToUser+0x4f0 (ba526abf)
tcpip!DeliverToUser+0x150:
ba50df56 384d28 cmp byte ptr [ebp+28h],cl
ba50df59 8b5708 mov edx,dword ptr [edi+8]
ba50df5c 8955ec mov dword ptr [ebp-14h],edx
ba50df5f 8b570c mov edx,dword ptr [edi+0Ch]
ba50df62 895524 mov dword ptr [ebp+24h],edx
ba50df65 0f85eabcffff jne tcpip!DeliverToUser+0x299 (ba509c55)
tcpip!DeliverToUser+0x165:
ba50df6b ff7520 push dword ptr [ebp+20h]
ba50df6e 8a4e09 mov cl,byte ptr [esi+9]
ba50df71 51 push ecx
ba50df72 ff75f4 push dword ptr [ebp-0Ch]
ba50df75 8b4d0c mov ecx,dword ptr [ebp+0Ch]
ba50df78 ff751c push dword ptr [ebp+1Ch]
ba50df7b 57 push edi
ba50df7c ff7514 push dword ptr [ebp+14h]
ba50df7f 56 push esi
ba50df80 ff7304 push dword ptr [ebx+4]
ba50df83 ff7104 push dword ptr [ecx+4]
ba50df86 ff760c push dword ptr [esi+0Ch]
ba50df89 ff7610 push dword ptr [esi+10h]
ba50df8c 53 push ebx
ba50df8d ffd0 call eax
ba50df8f 85c0 test eax,eax
ba50df91 0f8569a40000 jne tcpip!DeliverToUser+0x1a6 (ba518400)
tcpip!DeliverToUser+0x18d:
ba50df97 64a051000000 mov al,byte ptr fs:[00000051h]
ba50df9d 83e007 and eax,7
ba50dfa0 c1e006 shl eax,6
ba50dfa3 8d80845354ba lea eax,tcpip!IPPerCpuStats+0x4 (ba545384)[eax]
ba50dfa9 ff00 inc dword ptr [eax]
tcpip!DeliverToUser+0x1a6:
ba518400 3dfc2a0000 cmp eax,2AFCh
ba518405 0f84e4e40000 je tcpip!DeliverToUser+0x1b1 (ba5268ef)
tcpip!DeliverToUser+0x1b1:
ba5268ef 8b4518 mov eax,dword ptr [ebp+18h]
ba5268f2 ff05185354ba inc dword ptr [tcpip!IPSInfo+0x18 (ba545318)]
ba5268f8 3d80000000 cmp eax,80h
ba5268fd 88451f mov byte ptr [ebp+1Fh],al
ba526900 7204 jb tcpip!DeliverToUser+0x1c8 (ba526906)
tcpip!DeliverToUser+0x1c4:
ba526902 c6451f80 mov byte ptr [ebp+1Fh],80h
tcpip!DeliverToUser+0x1c8:
ba526906 0fb6451f movzx eax,byte ptr [ebp+1Fh]
ba52690a 8b5d14 mov ebx,dword ptr [ebp+14h]
ba52690d 6a10 push 10h
ba52690f 894520 mov dword ptr [ebp+20h],eax
ba526912 6854435074 push 74504354h
ba526917 03c3 add eax,ebx
ba526919 50 push eax
ba52691a 6a00 push 0
ba52691c ff15284254ba call dword ptr [tcpip!_imp__ExAllocatePoolWithTagPriority (ba544228)]
ba526922 8bd0 mov edx,eax
ba526924 85d2 test edx,edx
ba526926 895514 mov dword ptr [ebp+14h],edx
ba526929 0f847c76feff je tcpip!DeliverToUser+0x59d (ba50dfab)
tcpip!DeliverToUser+0x1f1:
ba52692f 8bcb mov ecx,ebx
ba526931 8bc1 mov eax,ecx
ba526933 c1e902 shr ecx,2
ba526936 8bfa mov edi,edx
ba526938 f3a5 rep movs dword ptr es:[edi],dword ptr [esi]
ba52693a 6a03 push 3
ba52693c 8bc8 mov ecx,eax
ba52693e 58 pop eax
ba52693f 23c8 and ecx,eax
ba526941 f3a4 rep movs byte ptr es:[edi],byte ptr [esi]
ba526943 0fb675fc movzx esi,byte ptr [ebp-4]
ba526947 8b4d20 mov ecx,dword ptr [ebp+20h]
ba52694a 0375f8 add esi,dword ptr [ebp-8]
ba52694d 0fb6fb movzx edi,bl
ba526950 025d1f add bl,byte ptr [ebp+1Fh]
ba526953 03fa add edi,edx
ba526955 8bd1 mov edx,ecx
ba526957 c1e902 shr ecx,2
ba52695a f3a5 rep movs dword ptr es:[edi],dword ptr [esi]
ba52695c 53 push ebx
ba52695d 6a00 push 0
ba52695f 6a02 push 2
ba526961 50 push eax
ba526962 ff7514 push dword ptr [ebp+14h]
ba526965 8bca mov ecx,edx
ba526967 23c8 and ecx,eax
ba526969 8b450c mov eax,dword ptr [ebp+0Ch]
ba52696c f3a4 rep movs byte ptr es:[edi],byte ptr [esi]
ba52696e ff7004 push dword ptr [eax+4]
ba526971 e8bd19ffff call tcpip!SendICMPErr (ba518333)
ba526976 6a00 push 0
ba526978 ff7514 push dword ptr [ebp+14h]
ba52697b e95b1bffff jmp tcpip!DeliverToUser+0x48e (ba5184db)
tcpip!DeliverToUser+0x242:
ba51840b 33c9 xor ecx,ecx
ba51840d 648a0d51000000 mov cl,byte ptr fs:[51h]
ba518414 83e107 and ecx,7
ba518417 c1e106 shl ecx,6
ba51841a 8d89845354ba lea ecx,tcpip!IPPerCpuStats+0x4 (ba545384)[ecx]
ba518420 ff01 inc dword ptr [ecx]
ba518422 807e0911 cmp byte ptr [esi+9],11h
ba518426 752d jne tcpip!DeliverToUser+0x28c (ba518455)
tcpip!DeliverToUser+0x25f:
ba518428 ff7520 push dword ptr [ebp+20h]
ba51842b 8b450c mov eax,dword ptr [ebp+0Ch]
ba51842e 6a11 push 11h
ba518430 6a00 push 0
ba518432 ff751c push dword ptr [ebp+1Ch]
ba518435 57 push edi
ba518436 ff7514 push dword ptr [ebp+14h]
ba518439 56 push esi
ba51843a ff7304 push dword ptr [ebx+4]
ba51843d ff7004 push dword ptr [eax+4]
ba518440 ff760c push dword ptr [esi+0Ch]
ba518443 ff7610 push dword ptr [esi+10h]
ba518446 53 push ebx
ba518447 ff7524 push dword ptr [ebp+24h]
ba51844a ff75ec push dword ptr [ebp-14h]
ba51844d ff7510 push dword ptr [ebp+10h]
ba518450 e8dcb5ffff call tcpip!DeliverToRAW (ba513a31)
tcpip!DeliverToUser+0x28c:
ba518455 85c0 test eax,eax
ba518457 0f844e5bffff je tcpip!DeliverToUser+0x59d (ba50dfab)
tcpip!DeliverToUser+0x299:
ba509c55 807d2808 cmp byte ptr [ebp+28h],8
ba509c59 0f8306dc0000 jae tcpip!DeliverToUser+0x55f (ba517865)
tcpip!DeliverToUser+0x2a3:
ba509c5f ff7520 push dword ptr [ebp+20h]
ba509c62 33c9 xor ecx,ecx
ba509c64 8a4e09 mov cl,byte ptr [esi+9]
ba509c67 51 push ecx
ba509c68 ff751c push dword ptr [ebp+1Ch]
ba509c6b 57 push edi
ba509c6c ff7514 push dword ptr [ebp+14h]
ba509c6f 56 push esi
ba509c70 ff760c push dword ptr [esi+0Ch]
ba509c73 ff7610 push dword ptr [esi+10h]
ba509c76 53 push ebx
ba509c77 50 push eax
ba509c78 e890050000 call tcpip!BCastRcv (ba50a20d)
ba509c7d 3d2a2b0000 cmp eax,2B2Ah
ba509c82 0f8523430000 jne tcpip!DeliverToUser+0x59d (ba50dfab)
tcpip!DeliverToUser+0x2cc:
ba509c88 807e0911 cmp byte ptr [esi+9],11h
ba509c8c 0f8519430000 jne tcpip!DeliverToUser+0x59d (ba50dfab)
tcpip!DeliverToUser+0x2d6:
ba509c92 ff7520 push dword ptr [ebp+20h]
ba509c95 8b450c mov eax,dword ptr [ebp+0Ch]
ba509c98 6a11 push 11h
ba509c9a 6a00 push 0
ba509c9c ff751c push dword ptr [ebp+1Ch]
ba509c9f 57 push edi
ba509ca0 ff7514 push dword ptr [ebp+14h]
ba509ca3 56 push esi
ba509ca4 ff7304 push dword ptr [ebx+4]
ba509ca7 ff7004 push dword ptr [eax+4]
ba509caa ff760c push dword ptr [esi+0Ch]
ba509cad ff7610 push dword ptr [esi+10h]
ba509cb0 53 push ebx
ba509cb1 ff7524 push dword ptr [ebp+24h]
ba509cb4 ff75ec push dword ptr [ebp-14h]
tcpip!DeliverToUser+0x2fb:
ba509cb7 ff7510 push dword ptr [ebp+10h]
ba509cba e8729d0000 call tcpip!DeliverToRAW (ba513a31)
ba509cbf e9e7420000 jmp tcpip!DeliverToUser+0x59d (ba50dfab)
tcpip!DeliverToUser+0x308:
ba517851 807d2800 cmp byte ptr [ebp+28h],0
ba517855 0f8425f10000 je tcpip!DeliverToUser+0x312 (ba526980)
tcpip!DeliverToUser+0x312:
ba526980 3bc1 cmp eax,ecx
ba526982 0f8437010000 je tcpip!DeliverToUser+0x4f0 (ba526abf)
tcpip!DeliverToUser+0x31a:
ba526988 8b4f08 mov ecx,dword ptr [edi+8]
ba52698b 834f2001 or dword ptr [edi+20h],1
ba52698f ff7520 push dword ptr [ebp+20h]
ba526992 894d24 mov dword ptr [ebp+24h],ecx
ba526995 8b4f0c mov ecx,dword ptr [edi+0Ch]
ba526998 894d28 mov dword ptr [ebp+28h],ecx
ba52699b 33c9 xor ecx,ecx
ba52699d 8a4e09 mov cl,byte ptr [esi+9]
ba5269a0 51 push ecx
ba5269a1 ff75f4 push dword ptr [ebp-0Ch]
ba5269a4 8b4d0c mov ecx,dword ptr [ebp+0Ch]
ba5269a7 ff751c push dword ptr [ebp+1Ch]
ba5269aa 57 push edi
ba5269ab ff7514 push dword ptr [ebp+14h]
ba5269ae 56 push esi
ba5269af ff7304 push dword ptr [ebx+4]
ba5269b2 ff7104 push dword ptr [ecx+4]
ba5269b5 ff760c push dword ptr [esi+0Ch]
ba5269b8 ff7610 push dword ptr [esi+10h]
ba5269bb 53 push ebx
ba5269bc ffd0 call eax
ba5269be 33c9 xor ecx,ecx
ba5269c0 3bc1 cmp eax,ecx
ba5269c2 7530 jne tcpip!DeliverToUser+0x399 (ba5269f4)
tcpip!DeliverToUser+0x356:
ba5269c4 ff7520 push dword ptr [ebp+20h]
ba5269c7 33c0 xor eax,eax
ba5269c9 64a051000000 mov al,byte ptr fs:[00000051h]
ba5269cf 83e007 and eax,7
ba5269d2 c1e006 shl eax,6
ba5269d5 8d80845354ba lea eax,tcpip!IPPerCpuStats+0x4 (ba545384)[eax]
ba5269db ff00 inc dword ptr [eax]
ba5269dd 33c0 xor eax,eax
ba5269df 8a4609 mov al,byte ptr [esi+9]
ba5269e2 50 push eax
ba5269e3 51 push ecx
ba5269e4 ff751c push dword ptr [ebp+1Ch]
ba5269e7 57 push edi
ba5269e8 ff7514 push dword ptr [ebp+14h]
ba5269eb 56 push esi
ba5269ec ff7304 push dword ptr [ebx+4]
ba5269ef e949eafeff jmp tcpip!DeliverToUser+0x381 (ba51543d)
tcpip!DeliverToUser+0x381:
ba51543d 8b450c mov eax,dword ptr [ebp+0Ch]
ba515440 ff7004 push dword ptr [eax+4]
ba515443 ff760c push dword ptr [esi+0Ch]
ba515446 ff7610 push dword ptr [esi+10h]
ba515449 53 push ebx
ba51544a ff7528 push dword ptr [ebp+28h]
ba51544d ff7524 push dword ptr [ebp+24h]
ba515450 e96248ffff jmp tcpip!DeliverToUser+0x2fb (ba509cb7)
tcpip!DeliverToUser+0x399:
ba5269f4 3dfc2a0000 cmp eax,2AFCh
ba5269f9 7573 jne tcpip!DeliverToUser+0x3c8 (ba526a6e)
tcpip!DeliverToUser+0x3a0:
ba5269fb 8b5d18 mov ebx,dword ptr [ebp+18h]
ba5269fe ff05185354ba inc dword ptr [tcpip!IPSInfo+0x18 (ba545318)]
ba526a04 81fb80000000 cmp ebx,80h
ba526a0a 7202 jb tcpip!DeliverToUser+0x3b3 (ba526a0e)
tcpip!DeliverToUser+0x3b1:
ba526a0c b380 mov bl,80h
tcpip!DeliverToUser+0x3b3:
ba526a0e 8b5514 mov edx,dword ptr [ebp+14h]
ba526a11 0fb6c3 movzx eax,bl
ba526a14 6a10 push 10h
ba526a16 6854435074 push 74504354h
ba526a1b 03d0 add edx,eax
ba526a1d 52 push edx
tcpip!DeliverToUser+0x3c8:
ba526a6e 33c0 xor eax,eax
ba526a70 64a051000000 mov al,byte ptr fs:[00000051h]
ba526a76 83e007 and eax,7
ba526a79 c1e006 shl eax,6
ba526a7c 8d80845354ba lea eax,tcpip!IPPerCpuStats+0x4 (ba545384)[eax]
ba526a82 ff00 inc dword ptr [eax]
ba526a84 807e0911 cmp byte ptr [esi+9],11h
ba526a88 0f85cf19ffff jne tcpip!DeliverToUser+0x410 (ba51845d)
tcpip!DeliverToUser+0x3e4:
ba526a8e ff7520 push dword ptr [ebp+20h]
ba526a91 8b450c mov eax,dword ptr [ebp+0Ch]
ba526a94 6a11 push 11h
ba526a96 51 push ecx
ba526a97 ff751c push dword ptr [ebp+1Ch]
ba526a9a 57 push edi
ba526a9b ff7514 push dword ptr [ebp+14h]
ba526a9e 56 push esi
ba526a9f ff7304 push dword ptr [ebx+4]
ba526aa2 ff7004 push dword ptr [eax+4]
ba526aa5 ff760c push dword ptr [esi+0Ch]
ba526aa8 ff7610 push dword ptr [esi+10h]
ba526aab 53 push ebx
ba526aac ff7528 push dword ptr [ebp+28h]
ba526aaf ff7524 push dword ptr [ebp+24h]
ba526ab2 ff7510 push dword ptr [ebp+10h]
ba526ab5 e877cffeff call tcpip!DeliverToRAW (ba513a31)
ba526aba e99e19ffff jmp tcpip!DeliverToUser+0x410 (ba51845d)
tcpip!DeliverToUser+0x410:
ba51845d 8b5d18 mov ebx,dword ptr [ebp+18h]
ba518460 81fb80000000 cmp ebx,80h
ba518466 7202 jb tcpip!DeliverToUser+0x41d (ba51846a)
tcpip!DeliverToUser+0x41b:
ba518468 b380 mov bl,80h
tcpip!DeliverToUser+0x41d:
ba51846a 8b4d14 mov ecx,dword ptr [ebp+14h]
ba51846d 6a10 push 10h
ba51846f 0fb6c3 movzx eax,bl
ba518472 6854435074 push 74504354h
ba518477 03c1 add eax,ecx
ba518479 50 push eax
ba51847a 6a00 push 0
ba51847c ff15284254ba call dword ptr [tcpip!_imp__ExAllocatePoolWithTagPriority (ba544228)]
ba518482 8bf8 mov edi,eax
ba518484 85ff test edi,edi
ba518486 897d1c mov dword ptr [ebp+1Ch],edi
ba518489 0f841c5bffff je tcpip!DeliverToUser+0x59d (ba50dfab)
tcpip!DeliverToUser+0x442:
ba51848f 8b4d14 mov ecx,dword ptr [ebp+14h]
ba518492 8bc1 mov eax,ecx
ba518494 c1e902 shr ecx,2
ba518497 f3a5 rep movs dword ptr es:[edi],dword ptr [esi]
ba518499 6a03 push 3
ba51849b 8bc8 mov ecx,eax
ba51849d 58 pop eax
ba51849e 23c8 and ecx,eax
ba5184a0 f3a4 rep movs byte ptr es:[edi],byte ptr [esi]
ba5184a2 0fb675fc movzx esi,byte ptr [ebp-4]
ba5184a6 0fb67d14 movzx edi,byte ptr [ebp+14h]
ba5184aa 0375f8 add esi,dword ptr [ebp-8]
ba5184ad 037d1c add edi,dword ptr [ebp+1Ch]
ba5184b0 0fb6cb movzx ecx,bl
ba5184b3 8bd1 mov edx,ecx
ba5184b5 c1e902 shr ecx,2
ba5184b8 f3a5 rep movs dword ptr es:[edi],dword ptr [esi]
ba5184ba 8bca mov ecx,edx
ba5184bc 23c8 and ecx,eax
ba5184be 025d14 add bl,byte ptr [ebp+14h]
ba5184c1 53 push ebx
ba5184c2 6a00 push 0
ba5184c4 50 push eax
tcpip!DeliverToUser+0x478:
ba5184c5 50 push eax
ba5184c6 ff751c push dword ptr [ebp+1Ch]
ba5184c9 8b450c mov eax,dword ptr [ebp+0Ch]
ba5184cc f3a4 rep movs byte ptr es:[edi],byte ptr [esi]
ba5184ce ff7004 push dword ptr [eax+4]
ba5184d1 e85dfeffff call tcpip!SendICMPErr (ba518333)
ba5184d6 6a00 push 0
ba5184d8 ff751c push dword ptr [ebp+1Ch]
tcpip!DeliverToUser+0x48e:
ba5184db ff15244254ba call dword ptr [tcpip!_imp__ExFreePoolWithTag (ba544224)]
ba5184e1 e9c55affff jmp tcpip!DeliverToUser+0x59d (ba50dfab)
tcpip!DeliverToUser+0x499:
ba51785b 807d2808 cmp byte ptr [ebp+28h],8
ba51785f 0f828cdbffff jb tcpip!DeliverToUser+0x4a3 (ba5153f1)
tcpip!DeliverToUser+0x4a3:
ba5153f1 3bc1 cmp eax,ecx
ba5153f3 8b5708 mov edx,dword ptr [edi+8]
ba5153f6 895524 mov dword ptr [ebp+24h],edx
ba5153f9 8b570c mov edx,dword ptr [edi+0Ch]
ba5153fc 895528 mov dword ptr [ebp+28h],edx
ba5153ff 0f84ba160100 je tcpip!DeliverToUser+0x4f0 (ba526abf)
tcpip!DeliverToUser+0x4b3:
ba515405 834f2001 or dword ptr [edi+20h],1
ba515409 ff7520 push dword ptr [ebp+20h]
ba51540c 33c9 xor ecx,ecx
ba51540e 8a4e09 mov cl,byte ptr [esi+9]
ba515411 51 push ecx
ba515412 ff751c push dword ptr [ebp+1Ch]
ba515415 57 push edi
ba515416 ff7514 push dword ptr [ebp+14h]
ba515419 56 push esi
ba51541a ff760c push dword ptr [esi+0Ch]
ba51541d ff7610 push dword ptr [esi+10h]
ba515420 53 push ebx
ba515421 50 push eax
ba515422 e8e64dffff call tcpip!BCastRcv (ba50a20d)
ba515427 ff7520 push dword ptr [ebp+20h]
ba51542a 33c0 xor eax,eax
ba51542c 8a4609 mov al,byte ptr [esi+9]
ba51542f 50 push eax
ba515430 6a00 push 0
ba515432 ff751c push dword ptr [ebp+1Ch]
ba515435 57 push edi
ba515436 ff7514 push dword ptr [ebp+14h]
ba515439 56 push esi
ba51543a ff7304 push dword ptr [ebx+4]
tcpip!DeliverToUser+0x4f0:
ba526abf 8b5d18 mov ebx,dword ptr [ebp+18h]
ba526ac2 ff05185354ba inc dword ptr [tcpip!IPSInfo+0x18 (ba545318)]
ba526ac8 81fb80000000 cmp ebx,80h
ba526ace 7202 jb tcpip!DeliverToUser+0x503 (ba526ad2)
tcpip!DeliverToUser+0x501:
ba526ad0 b380 mov bl,80h
tcpip!DeliverToUser+0x503:
ba526ad2 8b5514 mov edx,dword ptr [ebp+14h]
ba526ad5 0fb6c3 movzx eax,bl
ba526ad8 6a10 push 10h
ba526ada 03c2 add eax,edx
ba526adc 6854435074 push 74504354h
ba526ae1 50 push eax
ba526ae2 e937ffffff jmp tcpip!DeliverToUser+0x513 (ba526a1e)
tcpip!DeliverToUser+0x513:
ba526a1e 51 push ecx
ba526a1f ff15284254ba call dword ptr [tcpip!_imp__ExAllocatePoolWithTagPriority (ba544228)]
ba526a25 8bf8 mov edi,eax
ba526a27 85ff test edi,edi
ba526a29 897d1c mov dword ptr [ebp+1Ch],edi
ba526a2c 0f847975feff je tcpip!DeliverToUser+0x59d (ba50dfab)
tcpip!DeliverToUser+0x523:
ba526a32 8b4d14 mov ecx,dword ptr [ebp+14h]
ba526a35 8bc1 mov eax,ecx
ba526a37 c1e902 shr ecx,2
ba526a3a f3a5 rep movs dword ptr es:[edi],dword ptr [esi]
ba526a3c 6a03 push 3
ba526a3e 8bc8 mov ecx,eax
ba526a40 58 pop eax
ba526a41 23c8 and ecx,eax
ba526a43 f3a4 rep movs byte ptr es:[edi],byte ptr [esi]
ba526a45 0fb675fc movzx esi,byte ptr [ebp-4]
ba526a49 0fb67d14 movzx edi,byte ptr [ebp+14h]
ba526a4d 0375f8 add esi,dword ptr [ebp-8]
ba526a50 037d1c add edi,dword ptr [ebp+1Ch]
ba526a53 0fb6cb movzx ecx,bl
ba526a56 8bd1 mov edx,ecx
ba526a58 c1e902 shr ecx,2
ba526a5b f3a5 rep movs dword ptr es:[edi],dword ptr [esi]
ba526a5d 8bca mov ecx,edx
ba526a5f 23c8 and ecx,eax
ba526a61 025d14 add bl,byte ptr [ebp+14h]
ba526a64 53 push ebx
ba526a65 6a00 push 0
ba526a67 6a02 push 2
ba526a69 e9571affff jmp tcpip!DeliverToUser+0x478 (ba5184c5)
tcpip!DeliverToUser+0x55f:
ba517865 a1b85554ba mov eax,dword ptr [tcpip!RawPI (ba5455b8)]
ba51786a 3bc1 cmp eax,ecx
ba51786c 0f843967ffff je tcpip!DeliverToUser+0x59d (ba50dfab)
tcpip!DeliverToUser+0x568:
ba517872 8b4004 mov eax,dword ptr [eax+4]
ba517875 3bc1 cmp eax,ecx
ba517877 0f842e67ffff je tcpip!DeliverToUser+0x59d (ba50dfab)
tcpip!DeliverToUser+0x56f:
ba51787d 807d28ff cmp byte ptr [ebp+28h],0FFh
ba517881 0f842467ffff je tcpip!DeliverToUser+0x59d (ba50dfab)
tcpip!DeliverToUser+0x575:
ba517887 834f2001 or dword ptr [edi+20h],1
ba51788b ff7520 push dword ptr [ebp+20h]
ba51788e 33d2 xor edx,edx
ba517890 8a5609 mov dl,byte ptr [esi+9]
ba517893 52 push edx
ba517894 51 push ecx
ba517895 ff751c push dword ptr [ebp+1Ch]
ba517898 8b4d0c mov ecx,dword ptr [ebp+0Ch]
ba51789b 57 push edi
ba51789c ff7514 push dword ptr [ebp+14h]
ba51789f 56 push esi
ba5178a0 ff7304 push dword ptr [ebx+4]
ba5178a3 ff7104 push dword ptr [ecx+4]
ba5178a6 ff760c push dword ptr [esi+0Ch]
ba5178a9 ff7610 push dword ptr [esi+10h]
ba5178ac 53 push ebx
ba5178ad ffd0 call eax
ba5178af e9f766ffff jmp tcpip!DeliverToUser+0x59d (ba50dfab)
tcpip!DeliverToUser+0x59d:
ba50dfab 5f pop edi
ba50dfac 5e pop esi
ba50dfad 5b pop ebx
ba50dfae c9 leave
ba50dfaf c22400 ret 24h