CAUSE
This problem is caused by internal corruption of redirector data
structures, including the NetBIOS Control Blocks (NCBs) used for posting
receive datagrams. When these pending receive datagrams complete, the
buffer address and post address are invalid and the corruption that results
can cause the variety of symptoms mentioned above.
The following call path occurs on a datagram receipt:
NETVIEW: DG_POST
NETVIEW: Handle_Datagram_Buffer
NETMSLOT: Mailslot_DatagramWrite
NETMSLOT: Local_Mailslot_Write
NETINIT: LLCritNet
When LLCritNet is called, it checks if WFP_START and REN_WFP need to be
updated. Depending on what was occurring in the foreground when the receive
datagram completes, there may have been a FIT translation that occurred
that has not been reflected in DOS yet.
Unfortunately, LLCritNet (and LCritNet) assumes SS is currently the DOS
data segment--which would be true for most foreground operations, but is
not true for the above call path because DG_POST switches to the
redirector's POST_STACK. The following snippets from LLCritNet will
consequently corrupt memory in the redirector:
push ss
pop es
mov di, es:[REN_WFP]
rep movsb
...
push ss
pop es
mov di, es:[WFP_START]
rep movsb
The corruption was fixed by replacing the above code with:
mov es, Dos_Seg
mov di, es:[REN_WFP]
rep movsb
...
mov es, Dos_Seg
mov di, es:[WFP_START]
rep movsb