ExAllocatePoolWithTag working at a high IRQL?

I accidently placed a ExAllocatePoolWithTag(NonPagedPoolNx) when IRQL was set too IPI_LEVEL and it succeeded? I confirmed IRQL in WinDbg, and the ExAllocatePoolWithTag() succeeded and gave me a valid buffer.

The MSDN states ExAllocatePoolWithTag only operates at <= DISPATCH_LEVEL, but it seems to work at higher IRQLs too. Even the SAL notation for the ExAllocatePoolWithTag shows _When_((PoolType & PagedPool) == 0, _IRQL_requires_max_(DISPATCH_LEVEL))

I understand paging is disabled by the MemoryManager as it only operates at <= APC_LEVEL, but MemoryManager seems to allocate kernel pages from non paged pool fine.

Has it always been like this? Is MSDN incorrect?

Many things that are prohibited at raised IRQL will work sometimes, and some things even work most of the time. That doesn’t mean the documentation is wrong. It means you got lucky, this time.

2 Likes

Thanks. Yeah I’ve adjusted my driver now to simply allocate the memory before the IRQL is raised.

As MSDN states ExAllocatePoolWithTag (NonPagedPoolNx) requires <= DISPATCH_LEVEL
But to read/write to NonPagedPool - MSDN states “Nonpaged pool can be accessed from any IRQL”.