BSOD on Windows 7 Professional 64 bit

Hi,

I've bought a new computer and installed Windows 7 Professional 64 bit.
Everything was going great for two weeks until I've started playing with Winpcap 4.1.1 (compatible with Windows 7) - WinPcap, The Packet Capture and Network Monitoring Library for Windows.
When I'm doing different stuff with it (can't say exactly what) and also surfing the web (when I do both at once) I get a BSOD.
This is pretty consistent and I can pretty much decide when to get it.

It looks to me that the crash has something to do with the network device driver.
I've installed the latest drivers but I still get the BSOD on demand.
I do want to work with Winpcap and it looks to me that it can't be Winpcap's fault if I get BSOD (but I could be wrong) but some driver.

Attached are the 6 mini dumps of the BSODs I got so far.

If you have any idea on how to try and resolve this problem it would be highly appreciated.

Hi.

Bug Check 0xA: IRQL_NOT_LESS_OR_EQUAL

0xA in relation to write operation...and in relation to VSTestHost.exe

Code:

Microsoft (R) Windows Debugger Version 6.11.0001.404 X86
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [E:\Temp\Rar$DI00.968\110909-24117-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: SRV*C:\SymCache*http://msdl.microsoft.com/download/symbols
Executable search path is: 
Windows 7 Kernel Version 7600 MP (4 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7600.16385.amd64fre.win7_rtm.090713-1255
Machine Name:
Kernel base = 0xfffff800`03e52000 PsLoadedModuleList = 0xfffff800`0408fe50
Debug session time: Sun Nov  8 16:36:34.189 2009 (GMT-5)
System Uptime: 0 days 0:36:42.766
Loading Kernel Symbols
...............................................................
................................................................
................................
Loading User Symbols
Loading unloaded module list
.....
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck A, {3178, 2, 1, fffff80003eccb75}

Unable to load image \SystemRoot\system32\drivers\npf.sys, Win32 error 0n2
*** WARNING: Unable to verify timestamp for npf.sys
*** ERROR: Module load completed but symbols could not be loaded for npf.sys
Probably caused by : npf.sys ( npf+2ef5 )

Followup: MachineOwner
---------

0: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

IRQL_NOT_LESS_OR_EQUAL (a)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high.  This is usually
caused by drivers using improper addresses.
If a kernel debugger is available get the stack backtrace.
Arguments:
Arg1: 0000000000003178, memory referenced
Arg2: 0000000000000002, IRQL
Arg3: 0000000000000001, bitfield :
    bit 0 : value 0 = read operation, 1 = write operation
    bit 3 : value 0 = not an execute operation, 1 = execute operation (only on chips which support this level of status)
Arg4: fffff80003eccb75, address which referenced memory

Debugging Details:
------------------


WRITE_ADDRESS: GetPointerFromAddress: unable to read from fffff800040fa0e0
 0000000000003178 

CURRENT_IRQL:  2

FAULTING_IP: 
nt!KeAcquireSpinLockRaiseToDpc+55
fffff800`03eccb75 f0480fba2900    lock bts qword ptr [rcx],0

CUSTOMER_CRASH_COUNT:  1

DEFAULT_BUCKET_ID:  VISTA_DRIVER_FAULT

BUGCHECK_STR:  0xA

PROCESS_NAME:  VSTestHost.exe

TRAP_FRAME:  fffff8800909b7b0 -- (.trap 0xfffff8800909b7b0)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=0000000000000002 rbx=0000000000000000 rcx=0000000000003178
rdx=0000000000000085 rsi=0000000000000000 rdi=0000000000000000
rip=fffff80003eccb75 rsp=fffff8800909b940 rbp=0000000000003178
 r8=0000000000000065  r9=0000000000000000 r10=0000000000000000
r11=fffff8800909b980 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0         nv up ei pl nz na po nc
nt!KeAcquireSpinLockRaiseToDpc+0x55:
fffff800`03eccb75 f0480fba2900    lock bts qword ptr [rcx],0 ds:00000000`00003178=????????????????
Resetting default scope

LAST_CONTROL_TRANSFER:  from fffff80003ec3469 to fffff80003ec3f00

STACK_TEXT:  
fffff880`0909b668 fffff800`03ec3469 : 00000000`0000000a 00000000`00003178 00000000`00000002 00000000`00000001 : nt!KeBugCheckEx
fffff880`0909b670 fffff800`03ec20e0 : 00000000`00000000 00000000`00000000 00000000`00000000 fffff800`03eca1a2 : nt!KiBugCheckDispatch+0x69
fffff880`0909b7b0 fffff800`03eccb75 : fffffa80`03e5c3f0 00000000`08004870 00000000`00000001 fffffa80`06a57900 : nt!KiPageFault+0x260
fffff880`0909b940 fffff880`05c02ef5 : fffffa80`0677d990 00000000`00000000 fffffa80`0677d8c0 00000000`00000000 : nt!KeAcquireSpinLockRaiseToDpc+0x55
fffff880`0909b990 fffffa80`0677d990 : 00000000`00000000 fffffa80`0677d8c0 00000000`00000000 fffffa80`0677d8c0 : npf+0x2ef5
fffff880`0909b998 00000000`00000000 : fffffa80`0677d8c0 00000000`00000000 fffffa80`0677d8c0 fffff880`05c03edf : 0xfffffa80`0677d990


STACK_COMMAND:  kb

FOLLOWUP_IP: 
npf+2ef5
fffff880`05c02ef5 ??              ???

SYMBOL_STACK_INDEX:  4

SYMBOL_NAME:  npf+2ef5

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: npf

IMAGE_NAME:  npf.sys

DEBUG_FLR_IMAGE_TIMESTAMP:  4addfab3

FAILURE_BUCKET_ID:  X64_0xA_npf+2ef5

BUCKET_ID:  X64_0xA_npf+2ef5

Followup: MachineOwner
---------

I'd have a question or two about it, but since you say "(can't say exactly what)", I'm hoping the info I gave already will help.

Thank you for your replies.

I can't restore the problem without Winpcap.

VSTesthost is the application I run that uses Winpcap (it's a unit test in Visual Studio 2008 that uses Winpcap libraries).

My guess is that it has something to do with Winpcap's npf driver.

If you have any more thoughts let me know.

Thank you.

I haven't used that in a while, but does WinPCAP show in the local area connections settings, where IPv4 and IPv6 are?

If so, I don't think any further software is needed to "run" it and have functionality.

Like I said, it's been a long time....so sorry if I'm off here.

Try Wireshark out. It's an interesting piece of software in itself.

torrentg, I'm not sure what you mean.
I don't understand what you're trying to say and how is it related to my BSOD.

I'm familiar with Wireshark pretty well.