Windows System Software -- Consulting, Training, Development -- Unique Expertise, Guaranteed Results

Before Posting...
Please check out the Community Guidelines in the Announcements and Administration Category.

Re: Re[2]: [ntdev] Question about nonpaged memory and MDLs

Tim_RobertsTim_Roberts Member - All Emails Posts: 13,004
xxxxx@mail.ru wrote:
> Here its an IDA plugin, line 117:
> https://github.com/nihilus/idastealth/blob/master/src/StealthDriver/StealthDriver/StealthImplementation.cpp 
>
> it uses MmBuildMdlForNonPagedPool + MmMapLockedPages
>
> it's unusual for me to see this and it seems to work fine, how is it
> possible and why?

Just because it's wrong doesn't mean it won't work.  This slimy code is
actually trying to create a second writable mapping of those physical
pages, because the original mapping is read-only.

--
Tim Roberts, xxxxx@probo.com
Providenza & Boekelheide, Inc.

Tim Roberts, [email protected]
Providenza & Boekelheide, Inc.

Sign In or Register to comment.

Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Upcoming OSR Seminars
Developing Minifilters 29 July 2019 OSR Seminar Space
Writing WDF Drivers 23 Sept 2019 OSR Seminar Space
Kernel Debugging 21 Oct 2019 OSR Seminar Space
Internals & Software Drivers 18 Nov 2019 Dulles, VA