I have Glasswire Basic and after installing ReHIPS I started getting the above BSODs.
I sent ReCrypt the kernel dump, and they determined the culprit was gwdrv.sys.
The asked for a copy of the aforementioned driver and this is their response:
We looked into this issue. And it looks like ReHIPS has nothing to do with it. On the other hand they have several issues.
- They try to allocate memory in a cycle. If allocation failed, they allocate again. So if for some reason allocation can’t succeed (like system is running out of memory or some parameter is wrong) it’ll get into infinite cycle. No error checking, nothing, just infinite cycle. This’ll lead to either hang thread (and probably system) or BSOD (on high IRQL windows will detect too long DPC execution and will BSOD).
- They don’t properly check NET_BUFFER-s for inspection. They get NET_BUFFER_DATA with zero CurrentMdl, CurrentMdlOffset and NbDataLength and still try to call NdisAdvanceNetBufferDataStart without any checking. It leads to negative signed (or very big unsigned) NbDataLength value. So they try to allocate 0xfffffff5 bytes of memory, failing and entering infinite cycle.
Is there something you can do to avoid this BSOD?
Do you use Nahimic software on your PC? Did the crash generate a dmp file?
I don’t use Nahmic software (that I know of)
I have removed GW from that PC, but I do still have a kernel dump in Dropbox.
Can I post a link here or should I rather PM you?
PM’d the link.
I sent you a new version of GlassWire to test.
Will try it tomorrow, and let you know.
No BSODs after several hours, so looking good to go.
Will let you know if anything changes.
That’s great news! We will release this update to the public on Monday probably.
Bad news I’m afraid. The problem has reoccurred.
Once I’m back online, I’ll check if there is a new kernel dump, and if so, upload it to Dropbox and send you a link.
Thanks! We need that dump to figure out what’s wrong.
I have the dump. I will PM you the link.
I only have the issue on one machine. Maybe some interaction on that setup. Have uninstalled so long.
On Thu 2017/03/23 2:40:32 PM GMT your computer crashed
crash dump file: C:\WINDOWS\memory.dmp
This was probably caused by the following module: gwdrv.sys (gwdrv+0x424E)
Bugcheck code: 0x133 (0x0, 0x501, 0x500, 0x0)
Bug check description: The DPC watchdog detected a prolonged run time at an IRQL of DISPATCH_LEVEL or above.
This appears to be a typical software driver bug and is not likely to be caused by a hardware problem. This problem might also be caused because of overheating (thermal issue).
A third party driver was identified as the probable root cause of this system error. It is suggested you look for an update for the following driver: gwdrv.sys .
Google query: gwdrv.sys DPC_WATCHDOG_VIOLATION
The development team asked if you installed any unusual applications, or made any OS changes before this crash happened?
We also searched for your error and found it could be related to not having some system updates. Can you update all your drivers/OS with Windows Update and see if it helps?
The one possibly ‘unusual’ application was ReHIPS 2.2 which is still in beta.
But the ReCrypt devs have studied the dump also and said it had nothing to do with ReHIPS (see opening post).
No OS changes.
Windows 10 is fully patched build 14393.970, including any drivers from WU.
There is a possibility it is a thermal issue? (WhoCrashed report in earlier post above). That machine runs pretty hot.
If nothing was unusual about the software on your PC, and if it’s up to date then perhaps it is the thermal issue. We have not seen this problem before so we’re not sure what else to suggest.
If I uninstall Glasswire, the problem goes away though.
I would like to keep ReHIPS on the machine for now, as I am beta-testing it.
I will try again in a day or two.
But OK. Thanks for trying.
I do think it is particular to my setup.
No-one on the ReHIPS forum has had an issue with Glasswire, neither me when testing ReHIPS before.
But I suppose there are not many out there with both softs.