According to documentation for FWPM_LAYER_ALE_AUTH_CONNECT_REDIRECT,
“Starting with Windows 8, memory allocated for localRedirectContext will have its ownership taken by WFP, and will be freed when the proxied flow is removed.”
But if verifier is ON then it gives bugcheck DRIVER_VERIFIER_DETECTED_VIOLATION with allocations not freed for the context.
Hey, I know this is a very old thread, but I thought it’s worth asking the question here. I have encountered the same issue with the driver verifier.
Could you please tell me how can I add exception for this? Verifier detects violation on my driver only if “Pool tracking” is only, and only for localRedirectContext field. Can we somehow enable “Pool tracking” but tell the verifier to ignore memory for the field localRedirectContext ?