DPC Watchdog Violation BSOD after installing Glasswire Basic

Started by paulderdash, March 09, 2017, 06:14:26 PM

Previous topic - Next topic

paulderdash

Hi

I have again reproduced this.
Install ReHIPS RC4.
Install Glasswire Basic.
Reboot.
After a while, accessing File Explorer or some other tasks, DPC Watchdog Violation BSOD: WhoCrashed identifies gwdrv.sys driver as cause.
Uninstall Glasswire Basic, the problem no longer occurs.
Possible compatibility issue?
I will PM link to kernel dump to @crasher as soon as it uploads to Dropbox.

Edit: PM sent.

crasher

Thanks for your crashdump. We will analyze it to determine the causes of the BSOD. Driver of ReHIPS written very careful. In my memory, he did not cause problems.

paulderdash

Thanks. It could be just unique to my setup.
But I hope you can reproduce or spot something. I'd like to able to continue using Glasswire.
Ozone did say on the other thread: 'I noticed that that paid version has two additional monitors, one for network device and second for camera and mic.' so that may be relevant.
Neither of us had previously experienced issues with the free version.

crasher

It doesn't look ReHIPS-related, neither by crash dump, nor by google as similar problems were posted https://www.eightforums.com/bsod-crashes-debugging/72664-random-bsod-dpcwatchdog-violation-others.html It has something to do with glassware network filtering. Could you give me gwdrv.sys file?

paulderdash

Hmm. Interesting.

If I uninstall Glasswire the problem does disappear. But it only appeared lately when I reinstalled ReHIPS.

I don't have the issue with Glasswire on another machine.

Must be some sort of interaction. I will PM you gwdrv.sys file tomorrow.

Thanks for looking into this.

Edit: I have uninstalled GW on that machine. Would it be OK to send you the file from another machine? If so, PM sent.

fixer

We looked into this issue. And it looks like ReHIPS has nothing to do with it. On the other hand they have several issues.
1. They try to allocate memory in a cycle. If allocation failed, they allocate again. So if for some reason allocation can't succeed (like system is running out of memory or some parameter is wrong) it'll get into infinite cycle. No error checking, nothing, just infinite cycle. This'll lead to either hang thread (and probably system) or BSOD (on high IRQL windows will detect too long DPC execution and will BSOD).
2. They don't properly check NET_BUFFER-s for inspection. They get NET_BUFFER_DATA with zero CurrentMdl, CurrentMdlOffset and NbDataLength and still try to call NdisAdvanceNetBufferDataStart without any checking. It leads to negative signed (or very big unsigned) NbDataLength value. So they try to allocate 0xfffffff5 bytes of memory, failing and entering infinite cycle.

paulderdash

Only saw your reply now.  :-[

Thanks for investigating, and apologies for wasting your time then.

I have Glasswire on two machines, but the problem only appeared on my secondary machine, and only after I (re)installed ReHIPS.

I could try uninstalling ReHIPS and reinstalling Glasswire to see if the problem reoccurs, but I'd prefer to keep playing with ReHIPS for now.

I will see if I can get your response to their support.

Thanks again.

Edit: Posted the issue on their forum: https://forum.glasswire.com/t/dpc-watchdog-violation-bsod/4270. Hope that's OK.

perisanboy

running GLass wire with Rehips not even one problem!OR BSOD?maybe you have other security software? like an av? or smth like that made that BSOD

aDVll

Quote from: perisanboy on August 03, 2017, 03:13:53 AM
running GLass wire with Rehips not even one problem!OR BSOD?maybe you have other security software? like an av? or smth like that made that BSOD
Report was months ago. They probably fixed their issues or you use glasswire free.

perisanboy

yes im using the free version :) but i dont think the piad version make pc bsod :P

fixer

I haven't checked it since. Maybe it's some paid module, maybe they silently fixed it, maybe it was some special condition that doesn't happen often.

HJLBX

gwdrv.sys is known to randomly BSOD.  You don't need anything installed beside it; just put it on Windows and stand back.