Now that I’m back in front of my computer, the exact code is:
static PMDL
AllocatePagesExtra(int Pages, int ExtraSize)
{
PMDL Mdl;
PVOID Buf;
Buf = ExAllocatePoolWithTag(NonPagedPool, Pages * PAGE_SIZE,
ALLOCATE_PAGES_POOL_TAG);
if (Buf == NULL)
{
KdPrint((__DRIVER_NAME " AllocatePages Failed at
ExAllocatePoolWithTag (Buf)\n"));
return NULL;
}
Mdl = (PMDL)ExAllocatePoolWithTag(NonPagedPool, MmSizeOfMdl(Buf, Pages
* PAGE_SIZE) + ExtraSize, ALLOCATE_PAGES_POOL_TAG);
if (Mdl == NULL)
{
// TODO: free the memory here
KdPrint((__DRIVER_NAME " AllocatePages Failed at
ExAllocatePoolWithTag (Mdl)\n"));
return NULL;
}
MmInitializeMdl(Mdl, Buf, Pages * PAGE_SIZE);
MmBuildMdlForNonPagedPool(Mdl);
return Mdl;
}
With additional shortcuts:
static __inline PMDL
AllocatePages(int Pages)
{
return AllocatePagesExtra(Pages, 0);
}
static __inline PMDL
AllocatePage()
{
return AllocatePagesExtra(1, 0);
}
Looking at the code, because I use MmInitializeMdl and not
IoAllocateMdl/IoFreeMdl, is there any cleanup I need to do to undo
anything done by MmBuildMdlForNonPagedPool?
James
-----Original Message-----
From: xxxxx@lists.osr.com [mailto:bounce-441941-
xxxxx@lists.osr.com] On Behalf Of James Harper
Sent: Tuesday, 22 February 2011 09:13
To: Windows System Software Devs Interest List
Cc: Windows System Software Devs Interest List
Subject: Re: [ntdev] allocated address = FFFFFA8000000000
I checked the code (it’s been a while) and it does the following:
Exallocatepoolwithtag (buffer)
Exallocatepoolwithtag (for mdl, including some extra memory on the
end)
Mminitializemdl
Mmbuildmdl (can’t remember exact name)
Return mdl
All allocations are non paged, and the buffer is a multiple of page
size
The caller gets the buffer address via mmgetmdlvirtualaddress, which
is the
bit I’m not completely sure about, but the code has worked for years
without
problems
A user has just reported an address of fffffa8000000002 which is
impossible as
it’s not page aligned so I’m now thinking something is stomping on
memory
somewhere
Sent from my iPhone
On 22/02/2011, at 3:19, “Paul Durrant” wrote:
>
> > How are you allocating the memory? ExAllocatePoolWithTag?
> >
> > On 21 February 2011 10:21, James Harper
> wrote:
> >> I’m allocating memory and getting an address of FFFFFA8000000000.
At
> >> some point after that I try and free the memory and get a 0xC2
(0x42,
> >> 0xFFFFFA8000000000, 0, 0) bug check.
> >>
> >> Is the fact that FFFFFA8000000000 is a very round number just a
> >> coincidence? Up until the point that it gets freed there don’t seem
to
> >> be any problems with using that page of memory.
> >>
> >> 0xC2 (0x42) is supposed to be “The current thread attempted to free
a
> >> virtual address that was never in any pool.” which would suggest
that I
> >> didn’t really get that address after all and now I’m trying to free
it.
> >>
> >> Thanks
> >>
> >> James
> >>
> >> —
> >> NTDEV is sponsored by OSR
> >>
> >> For our schedule of WDF, WDM, debugging and other seminars visit:
> >> http://www.osr.com/seminars
> >>
> >> To unsubscribe, visit the List Server section of OSR Online at
> http://www.osronline.com/page.cfm?name=ListServer
> >>
> >
> >
> >
> > –
> > Paul Durrant
> > http://www.linkedin.com/in/pdurrant
>
> —
> NTDEV is sponsored by OSR
>
> For our schedule of WDF, WDM, debugging and other seminars visit:
> http://www.osr.com/seminars
>
> To unsubscribe, visit the List Server section of OSR Online at
> http://www.osronline.com/page.cfm?name=ListServer