I am developing a WFP callout driver which then logs all the network requests. In a ALE_CONNECT_AUTH classify function am trying to set the flow context so that the next layers can get some more context related information. Following is the offending code which is triggering the bug check.
139: RtlZeroMemory(context, sizeof(FLOW_DATA));
> 140: context->previousLayerId[context->currentLayerIndex++] = inFixedValues->layerId;
141: // Associate the flow context structure with the data flow
The declaration of previousLayerId looks something like this :
Also there is a check before this code to make sure that ExAllocatePoolWithTag(allocated from NonPagedPool) is succeeding in the allocation or not.
So with my code, what could be triggering the bug check?
Also as a side question, will this flowcontext be shared different WFP layers and their callouts? Like I am assuming that this context will be shared between the ALE_AUTH_CONNECT & OUTBOUND_TRANSPORT classify callouts.
Is my assumption correct?
Thanks in advance.