中间层驱动再次请教大牛 Break due to page fault

还是在SoftIce调试的时候，在PtTransferDataComplete中出错：
Status=NdisAllocateMemory(&pPacketContent,2000,0,HighestAcceptableMax);
NdisUnchainBufferAtFront(pBakPacket,&pBakBuffer);
NdisQueryBufferSafe(pBakBuffer,&pPacketContent,&BakBufferSize,32);
NdisQueryBufferSafe(pPacketBuffer,&pPacketContent1,&PacketBufferLen,32);
PacketLen=BakBufferSize+PacketBufferLen;
NdisZeroMemory(pPacketContent,2000);
NdisMoveMemory(pPacketContent,pBakContent,BakBufferSize);
NdisMoveMemory(pPacketContent+BakBufferSize,pPacketContent1,PacketBufferLen);到这里SoftIce报错：Break due to page Fault(oEh).Fault=0000
很奇怪的是上面一个MoveMemory没有问题，到下面就报错了，不明白中，请教一下大牛们，非常感谢:)

还是在SoftIce调试的时候，在PtTransferDataComplete中出错：
Status=NdisAllocateMemory(&pPacketContent,2000,0,HighestAcceptableMax);
NdisUnchainBufferAtFront(pBakPacket,&pBakBuffer);
NdisQueryBufferSafe(pBakBuffer,&pPacketContent,&BakBufferSize,32);
NdisQueryBufferSafe(pPacketBuffer,&pPacketContent1,&PacketBufferLen,32);
PacketLen=BakBufferSize+PacketBufferLen;
NdisZeroMemory(pPacketContent,2000);
NdisMoveMemory(pPacketContent,pBakContent,BakBufferSize);
NdisMoveMemory(pPacketContent+BakBufferSize,pPacketContent1,PacketBufferLen);到这里SoftIce报错：Break due to page Fault
(oEh).Fault=0000
很奇怪的是上面一个MoveMemory没有问题，到下面就报错了，不明白中，请教一下大牛们，非常感谢:)

1.pPacketBuffer分配的代码是不是有问题,检查一下,如果查不出来,
把代码也贴上来看看
2.作了一次不必要的内存复制,可以参考一下ddk里ndisuio的例子.

谢谢斑竹，看了一下，pPacketBuffer的分配应该没有问题，
程序语句如下：
Status=NdisAllocateMemory(&pBakContent,2000,0,HighestAcceptableMax);
       NdisZeroMemory(pBakContent,2000);
NdisMoveMemory(pBakContent,HeaderBuffer,HeaderBufferSize);
NdisMoveMemory(pBakContent+HeaderBufferSize,LookAheadBuffer,LookAheadBufferSize);
       OffsetSize=HeaderBufferSize+LookAheadBufferSize;
  PacketLen= +HeaderBufferSize;
  NdisAllocateBuffer(&Status,&pBakBuffer,pAdapt->RecvPacketBufferHandle,pBakContent,OffsetSize);
 NdisDprAllocatePacket(&Status,&MyBakPacket,pAdapt->RecvPacketPoolHandle);
         NdisChainBufferAtFront(MyBakPacket,pBakBuffer);
     Status=NdisAllocateMemory(&pPacketContent,2000,0,HighestAcceptableMax);
NdisAllocateBuffer(&Status,&pPacketBuffer,pAdapt->RecvPacketBufferHandle,pPacketContent,(PacketSize-LookAheadBufferSize));
NdisDprAllocatePacket(&Status,&MyPacket,pAdapt->RecvPacketPoolHandle);
 NdisChainBufferAtFront(MyPacket,pPacketBuffer);
       MyPacket->Private.Head->Next=NULL;
  MyPacket->Private.Tail=NULL;
  Rsvd =(PRSVD)(MyPacket->MiniportReserved);
  Rsvd->OriginalPkt=(PNDIS_PACKET)MyBakPacket;
NDIS_SET_PACKET_HEADER_SIZE(MyPacket,HeaderBufferSize);
NdisTransferData(&Status,pAdapt->BindingHandle,MacReceiveContext,LookAheadBufferSize,(PacketLen-LookAheadBufferSize),MyPacket,&ByteTransferred);
  if ( Status != NDIS_STATUS_PENDING )
  {
  PtTransferDataComplete((NDIS_HANDLE)pAdapt, MyPacket, Status, ByteTransferred);
  }  
}
     return (NDIS_STATUS_SUCCESS);
}
以上是Receive的语句， 没有发现什么问题，斑竹看一下吧，多谢了:)

代码小问题不少，但是看着不应导致page fault,而且效率不高，建议参考ndisuio的做法来做.
NdisMoveMemory(pPacketContent+BakBufferSize,pPacketContent1,PacketBufferLen)异常的时候，自己看汇编代码，确定是到了哪个地址越界了，在返回来查你的ndis_buffer分配的代码。
先指出几点有问题之处：
1。MyPacket->Private.Head->Next=NULL;没必要
MyPacket->Private.Tail=NULL;不对。
2。NdisAllocateBuffer(&Status,&pPacketBuffer,pAdapt->RecvPacketBufferHandle,pPacketContent,(PacketSize-LookAheadBufferSize));
NdisTransferData(&Status,pAdapt->BindingHandle,MacReceiveContext,LookAheadBufferSize,(PacketLen-LookAheadBufferSize),MyPacket,&ByteTransferred);
PacketSize-LookAheadBufferSize应该等于PacketLen-LookAheadBufferSize，你这里不等吧？

3。PtCompleteTransfer中PacketLen=BakBufferSize+PacketBufferLen;好像计算的不准确，和
2有关