在处理MPReturnPacket时出现蓝屏，请教怎么修改？着急，大家帮忙

dump文件分析信息如下：
DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high.  This is usually
caused by drivers using improper addresses.
If kernel debugger is available get stack backtrace.
Arguments:
Arg1: 00000008, memory referenced
Arg2: 00000002, IRQL
Arg3: 00000000, value 0 = read operation, 1 = write operation
Arg4: fa889848, address which referenced memory

MODULE_NAME: NDIS

FAULTING_MODULE: 804d8000 nt

DEBUG_FLR_IMAGE_TIMESTAMP:  41107ec3

READ_ADDRESS: unable to get nt!MmSpecialPoolStart
unable to get nt!MmSpecialPoolEnd
unable to get nt!MmPoolCodeStart
unable to get nt!MmPoolCodeEnd
 00000008

CURRENT_IRQL:  2

FAULTING_IP:
NDIS!NdisReturnPackets+48
fa889848 8b7308          mov     esi,dword ptr [ebx+8]

DEFAULT_BUCKET_ID:  WRONG_SYMBOLS

BUGCHECK_STR:  0xD1

LAST_CONTROL_TRANSFER:  from 804f93fa to 80527da8

STACK_TEXT:  
WARNING: Stack unwind information not available. Following frames may be wrong.
f8b3e5ec 804f93fa 00000003 00000008 fa889848 nt!DbgBreakPointWithStatus+0x4
f8b3e9cc 80540853 0000000a 00000008 00000002 nt!KeRegisterBugCheckReasonCallback+0x77c
f8b3ea10 fa88987f ffb86178 00000000 00000023 nt!Kei386EoiHelper+0x27db
f8b3ea78 f9259875 ffa26810 00000001 00000000 NDIS!NdisReturnPackets+0x7f
f8b3ea90 f925ee4e f8b3eb10 f925ee4e ffa267f8 afd+0xc875
f8b3eb08 f9250492 016dfe50 f9250492 ffb4f378 afd+0x11e4e
f8b3ec50 8057564b ffbd33e8 00000001 016dfd9c afd+0x3492
f8b3ed00 8056e33c 0000020c 0000029c 00000000 nt!NtWriteFile+0x3595
f8b3ed34 8053d808 0000020c 0000029c 00000000 nt!NtDeviceIoControlFile+0x2a
f8b3eddc 80541fa2 fa87ab85 80e747f0 00000000 nt!KeReleaseInStackQueuedSpinLockFromDpcLevel+0xb14
f8b3ee14 7c931bff 003e0000 014e0040 014e0040 nt!KiDispatchInterrupt+0x5a2
f8b3ee38 7c939f5d 000023f8 104e0040 00000000 ntdll!RtlInitializeCriticalSection+0xd2
f8b3ee68 7c938839 003e0000 00000000 73fb3e01 ntdll!RtlGetNtProductType+0x137
f8b3eeac 7c931538 003e0000 7c9306eb 00000000 ntdll!RtlReAllocateHeap+0xe3c
f8b3eeb4 7c9306eb 00000000 00010000 00000000 ntdll!wcsncpy+0xaa9
f8b3eedc 73fb428a 00000002 00000400 00000000 ntdll!RtlAllocateHeap+0x117
f8b3eef4 62c248f2 01010056 00634720 00000009 USP10!ScriptStringAnalyse+0x237
f8b3ef40 719cd8a3 00000000 00000005 00000004 LPK!LpkTabbedTextOut+0xa9f
f8b3ef58 719cd8b4 00000005 00000016 003eabf0 mswsock!WSPStartup+0x1548
f8b3ef6c 77d1f5ea 01010056 005a0049 0012f5b0 mswsock!WSPStartup+0x1559
f8b3ef70 01010056 005a0049 0012f5b0 7ffdf000 USER32!DrawIconEx+0x260
f8b3ef74 005a0049 0012f5b0 7ffdf000 00000000 0x1010056
f8b3ef78 0012f5b0 7ffdf000 00000000 00634670 0x5a0049
f8b3ef7c 7ffdf000 00000000 00634670 00000001 0x12f5b0
f8b3ef80 00000000 00634670 00000001 00000001 0x7ffdf000


STACK_COMMAND:  .bugcheck ; kb

FOLLOWUP_IP:
NDIS!NdisReturnPackets+48
fa889848 8b7308          mov     esi,dword ptr [ebx+8]

SYMBOL_NAME:  NDIS!NdisReturnPackets+48

FOLLOWUP_NAME:  MachineOwner

IMAGE_NAME:  NDIS.sys

BUCKET_ID:  WRONG_SYMBOLS

怀疑是MPReturnPacket处理出的问题，因为只有这个函数中调用了NdisReturnPackets。具体代码如下(来自http://bbs.driverdevelop.com/htm_data/10/0507/94787.html)：
VOID
MPReturnPacket(
IN NDIS_HANDLE MiniportAdapterContext,
IN PNDIS_PACKET Packet
)
{
    PADAPT pAdapt = (PADAPT)MiniportAdapterContext;
    PNDIS_PACKET MyPacket;
    PRSVD Resvd;
    PNDIS_BUFFER pNdisBuffer;
    PUCHAR pPacketContent;
    UINT BufferLen;

    Resvd = (PRSVD)(Packet->MiniportReserved);
    MyPacket = Resvd->OriginalPkt;

    DBGPRINT(("In MPReturnPacket()\n"));
    if(MyPacket)
    {
        NdisFreePacket(Packet);
        DBGPRINT(("Calling MPReturnPacket(),will bule screen!-- %X --\n",(void*)&MyPacket));
        NdisReturnPackets(&MyPacket, 1);
        DBGPRINT(("Calling MPReturnPacket(),nothing happen!\n"));
    }
    // I Add This Code for NdisIndicateReceivePacket
    else
    {        
        NdisUnchainBufferAtFront(Packet,&pNdisBuffer);
        NdisQueryBufferSafe(pNdisBuffer,(PVOID *)&pPacketContent,&BufferLen,32);  
        NdisFreeBuffer(pNdisBuffer);
        NdisFreeMemory(pPacketContent,BUFFER_SIZE,0);
        NdisFreePacket(Packet);
    }
}

各位大侠帮帮忙，我实在是不知道该怎么搞定

在MPReturnPacket中要处理NdisIndicateReceivePacket 情况，主要是因为在处理PtReceive时，分别考虑了可以完全收报和一次不能完全收到数据包的情况。PtTransferDataComplete的代码如下：VOID
PtTransferDataComplete(
    IN NDIS_HANDLE ProtocolBindingContext,
    IN PNDIS_PACKET Packet,
    IN NDIS_STATUS Status,
    IN UINT BytesTransferred
)
{
    PADAPT pAdapt = (PADAPT)ProtocolBindingContext;
    PUCHAR pPacketContent;
    PRSVD Rsvd;
    UINT OffsetSize, Result, PacketLen;

    PNDIS_BUFFER pPacketBuffer;
    PNDIS_PACKET pBakPacket;
    PNDIS_BUFFER pBakBuffer;

    PUCHAR pBakContent;
    UINT BufferLen , nPacketLen;
    UINT flag = 1;

    DbgPrint(("In PtTransferDataComplete\n"));

    //
    // Returning the Send on the Primary, will point to itself if there is no LBFO
    //
    pAdapt = pAdapt->pPrimaryAdapt;
    Rsvd = (PRSVD)(Packet->MiniportReserved);
    // pBakPacket 里是 HeaderBuffer + LookAheadBuffer 的内容。
    pBakPacket = (PNDIS_PACKET)(Rsvd->OriginalPkt);

    if(pAdapt->MiniportHandle)
    {
        if(pBakPacket == NULL)
            NdisMTransferDataComplete(pAdapt->MiniportHandle, Packet, Status, BytesTransferred);
        else
        {
            Status = NdisAllocateMemory(&pPacketContent, BUFFER_SIZE, 0, HighestAcceptableMax);
            CopyPacket2Buffer(pBakPacket, pPacketContent, &OffsetSize);
            nPacketLen = OffsetSize ;
            CopyPacket2Buffer(Packet, pPacketContent+OffsetSize, &PacketLen);
            nPacketLen += PacketLen ;
            
            if(Monitor_flag)
            {
                if (flag && Encrypt_flag)
                    EncryptPackets(pPacketContent,nPacketLen) ;

                if(Check_Packet((char*)pPacketContent,FALSE))
                {
                    flag = 0;    // 不向上指示该包
                }                
            }
            else {}

            PacketLen += OffsetSize;
            // 释放包描述符pBakPacket、缓冲描述符pBakBuffer、内存pBakContent。
            NdisUnchainBufferAtFront(pBakPacket, &pBakBuffer);
            NdisQueryBufferSafe(pBakBuffer, &pBakContent, &BufferLen, 32);
            NdisFreeBuffer(pBakBuffer);
            NdisFreeMemory(pBakContent, BUFFER_SIZE, 0);
            NdisFreePacket(pBakPacket);

            memset(Packet->MiniportReserved, 0, sizeof(Packet->MiniportReserved));

            NdisUnchainBufferAtFront(Packet, &pPacketBuffer);
            NdisQueryBufferSafe(pPacketBuffer, &pBakContent, &BufferLen, 32);
            NdisFreeBuffer(pPacketBuffer);
            NdisFreeMemory(pBakContent, BUFFER_SIZE, 0);

            if(!flag)
            {
                // 释放资源并返回
                NdisFreePacket(Packet);
                return;
            }

            NdisAllocateBuffer(&Status, &pPacketBuffer, pAdapt->RecvBufferPoolHandle, pPacketContent, PacketLen);
            NdisChainBufferAtFront(Packet, pPacketBuffer);
            Packet->Private.Head->Next=NULL;
            Packet->Private.Tail=NULL;
            NDIS_SET_PACKET_HEADER_SIZE(Packet,14);
            
            // 向上层协议驱动指示数据包，防真网卡行为。
            NdisMIndicateReceivePacket(pAdapt->MiniportHandle, &Packet, 1);

            if(NDIS_GET_PACKET_STATUS(Packet)!=NDIS_STATUS_PENDING)
            {
                MPReturnPacket((NDIS_HANDLE)pAdapt, Packet);
            }
        }
    }
    return;
}

各位大侠帮忙看看到底这些代码出现了什么问题

我又遇到这个问题了，不知怎么弄。
不知解决这个问题没有？赐教！