为什么我在分配缓冲区时遇到了崩溃?

时间:2016-01-04 10:01:01

标签: c++ windows memory-leaks driver

我正在使用Filter开发驱动程序。因此,当我在SendNetBufferListsComplete中编写filter.cpp函数时,我遇到了崩溃(蓝屏)。 WinDbug指向了一些缓冲区分配。代码在这里:

编辑: 

sendNetBufferListsComplete(
    IN PNET_BUFFER_LIST NetBufferLists,
    IN ULONG SendCompleteFlags) {

    PNET_BUFFER_LIST pNetBufferList = NetBufferLists;
    PNET_BUFFER_LIST pNextNetBufferList = NULL;

    while (pNetBufferList) 
    {
        pNextNetBufferList = NET_BUFFER_LIST_NEXT_NBL(pNetBufferList);
        NET_BUFFER_LIST_NEXT_NBL(pNetBufferList) = NULL;
        PNET_BUFFER_LIST pParentNetBufferList = pNetBufferList->ParentNetBufferList;

        if (pParentNetBufferList != NULL)
        {
            NDIS_STATUS status = NET_BUFFER_LIST_STATUS(pNetBufferList);
            NdisFreeNetBufferList(pNetBufferList);

            if (NdisInterlockedDecrement(&pParentNetBufferList->ChildRefCount) == 0) {
                NET_BUFFER_LIST_STATUS(pParentNetBufferList) = status;
                NdisFSendNetBufferListsComplete(m_hFilter, pParentNetBufferList, SendCompleteFlags);
            }
        }
        else
        {
            if(pNetBufferList != NULL) 
            {
                **---windbug pointed here---****

                PVOID pBuffer = *(PVOID*) NET_BUFFER_LIST_CONTEXT_DATA_START(pNetBufferList);

                PMDL pMdl = NET_BUFFER_FIRST_MDL(NET_BUFFER_LIST_FIRST_NB(pNetBufferList));

                if(pMdl)
                    NdisFreeMdl(pMdl);

                if(pBuffer)
                    delete[] (UCHAR*) pBuffer;

                NdisFreeNetBufferList(pNetBufferList);                
            }
        }

        NdisInterlockedDecrement(&m_nSendNetBufferListCount);
        pNetBufferList = pNextNetBufferList;
    }

实际问题是什么?它溢出了吗?还是NULL检查问题?

ndish.h 

#define NET_BUFFER_LIST_CONTEXT_DATA_START(_NBL)    ((PUCHAR)(((_NBL)->Context)+1)+(_NBL)->Context->Offset)
像这样。并在Wdm.h 

//
// I/O system definitions.
//
// Define a Memory Descriptor List (MDL)
//
// An MDL describes pages in a virtual buffer in terms of physical pages.  The
// pages associated with the buffer are described in an array that is allocated
// just after the MDL header structure itself.
//
typedef
    _Struct_size_bytes_(_Inexpressible_(sizeof(struct _MDL) +    // 747934
       (ByteOffset + ByteCount + PAGE_SIZE-1) / PAGE_SIZE * sizeof(PFN_NUMBER)))
  struct _MDL {
    struct _MDL *Next;
    CSHORT Size;
    CSHORT MdlFlags;

    struct _EPROCESS *Process;
    PVOID MappedSystemVa;   /* see creators for field size annotations. */
    PVOID StartVa;   /* see creators for validity; could be address 0.  */
    ULONG ByteCount;
    ULONG ByteOffset;
} MDL, *PMDL;

0 个答案:

没有答案
相关问题
最新问题