Hey guys,
I have several instances in my WDM driver where I use ExAllocatePoolWithTag() to allocate non-paged memory, and specify a different tag for each call (which also doesn’t match any of the tags in pooltag.txt).
Example:
_frames = (PUserGraphicsFrame *)ExAllocatePoolWithTag(NonPagedPool, size * sizeof(PUserGraphicsFrame), ‘tGRX’);
Furthermore, I’m running an XP SP2 Checked build, and I have verified that ‘Enable Pool Tagging’ is enabled via Gflags (I think it was by default w/ the checked build).
Also, I’ve enabled ‘Pool Tracking’ via the driver Verifier.
I’m using OSR’s PoolTag Reporter, and set the filter to watch for the specific tags I’m using in the driver, however, I do not see any of the tags show up when I start the application and/or use functionality within the app that uses the driver (whether the filter is set or not).
Additional, I don’t see the tags show up under WinDbg when I type the command ‘!poolused’.
I have ensured that I have the latest version of the driver installed on the target machine (about 5 times).
So, I’m trying to debug a pool corruption problem within the driver, and I’d love to be able to narrow it down to the culprit using pool tags, but I just can’t get them to work. What am I missing? It has to be something simple.
Is there a build option that I need to force the tags to be used? Is it a configuration issue on my target machine?
Thanks,
Jason
Unfortunately allocations from special pool don’t go in the pool tag
database. You’ll need to disable Verifier to see your allocations in PoolTag
or !poolused.
-scott
Scott Noone
Software Engineer
OSR Open Systems Resources, Inc.
http://www.osronline.com
wrote in message news:xxxxx@ntdev…
> Hey guys,
>
> I have several instances in my WDM driver where I use
> ExAllocatePoolWithTag() to allocate non-paged memory, and specify a
> different tag for each call (which also doesn’t match any of the tags in
> pooltag.txt).
>
> Example:
> _frames = (PUserGraphicsFrame *)ExAllocatePoolWithTag(NonPagedPool,
> size * sizeof(PUserGraphicsFrame), ‘tGRX’);
>
> Furthermore, I’m running an XP SP2 Checked build, and I have verified that
> ‘Enable Pool Tagging’ is enabled via Gflags (I think it was by default w/
> the checked build).
>
> Also, I’ve enabled ‘Pool Tracking’ via the driver Verifier.
>
> I’m using OSR’s PoolTag Reporter, and set the filter to watch for the
> specific tags I’m using in the driver, however, I do not see any of the
> tags show up when I start the application and/or use functionality within
> the app that uses the driver (whether the filter is set or not).
>
> Additional, I don’t see the tags show up under WinDbg when I type the
> command ‘!poolused’.
>
> I have ensured that I have the latest version of the driver installed on
> the target machine (about 5 times).
>
> So, I’m trying to debug a pool corruption problem within the driver, and
> I’d love to be able to narrow it down to the culprit using pool tags, but
> I just can’t get them to work. What am I missing? It has to be something
> simple.
>
> Is there a build option that I need to force the tags to be used? Is it a
> configuration issue on my target machine?
>
> Thanks,
>
> Jason
>
Scott,
Hmm. I disabled Verifier, rebooted (twice), and I still can’t see the pool tags. I also don’t see them in the debugger. I also tried ‘!poolused’ in the debugger, and I don’t see the tags in that list either.
I’m sure that Verifier is disabled 1.) Because it says so, and 2.) I don’t see it interrogating my driver in the debugger output like before.
I understand that the tag 'DDK ’ is supposed to be used for allocated memory when you don’t specify a tag, and I do see that tag show up.
I missed the fact that the Verifier uses the Special Pool for specified drivers, so it’s good to know that tid bit of info. 
Any other ideas?
Thanks,
Jason
>>
Unfortunately allocations from special pool don’t go in the pool tag database. You’ll need to disable Verifier to see your allocations in PoolTag or !poolused.
<<
On the other hand, if you’re using DV, then the handy extension !verifier 3 will list every single piece of pool you allocated (and its tag, when available), whether paged or non-paged, and how big (as well as max/min/attempt/fail statistics for the pools, IIRC).
So perhaps it actually is the right tool for this job…
You are allocating with ExAllocatePoolWithTag, right?
-scott
Scott Noone
Software Engineer
OSR Open Systems Resources, Inc.
http://www.osronline.com
wrote in message news:xxxxx@ntdev…
> Scott,
>
> Hmm. I disabled Verifier, rebooted (twice), and I still can’t see the
> pool tags. I also don’t see them in the debugger. I also tried
> ‘!poolused’ in the debugger, and I don’t see the tags in that list either.
>
> I’m sure that Verifier is disabled 1.) Because it says so, and 2.) I don’t
> see it interrogating my driver in the debugger output like before.
>
> I understand that the tag 'DDK ’ is supposed to be used for allocated
> memory when you don’t specify a tag, and I do see that tag show up.
>
> I missed the fact that the Verifier uses the Special Pool for specified
> drivers, so it’s good to know that tid bit of info.
>
> Any other ideas?
>
> Thanks,
>
> Jason
>
Bob,
Yes, perhaps…I will try that, but just for my own etification, I’d like to know why PoolTag doesn’t catch the tags. I’m sure there will be someone else down the road who will run into the same issue.
I just found this ‘Hector Memo’, which is what Scott was pointing out:
http://www.osronline.com/article.cfm?id=274
Thanks for the feedback!
Jason
Minor correction to my previous post- it lists everything you have *currently* allocated. If you have fault injection on, then !verifier 4 will list a history of allocations it failed (including caller’s address), but there’s no history of all your allocations that I am aware of.
-----Original Message-----
From: xxxxx@lists.osr.com [mailto:xxxxx@lists.osr.com] On Behalf Of Bob Kjelgaard
Sent: Wednesday, July 11, 2007 1:16 PM
To: Windows System Software Devs Interest List
Subject: RE: Re:[ntdev] Cannot get Pool Tags to show up
>
Unfortunately allocations from special pool don’t go in the pool tag database. You’ll need to disable Verifier to see your allocations in PoolTag or !poolused.
<<
On the other hand, if you’re using DV, then the handy extension !verifier 3 will list every single piece of pool you allocated (and its tag, when available), whether paged or non-paged, and how big (as well as max/min/attempt/fail statistics for the pools, IIRC).
So perhaps it actually is the right tool for this job…
Scott,
Yes, I am allocating with ExAllocatePoolWithTag().
The current behavior of the driver seems to me that the calls to ExAllocatePoolWithTag() get treated like a call to ExAllocatePool(). Originally, the driver did do this, but I changed all instances to use ExAllocatePoolWithTag() so I can track down the culprit.
I’ve verified that the driver did ‘build’, and it has been freshly installed (even after I disabled the verifier).
And Bob, thanks for the extra detail! I’m basically just looking to point a finger to the portion of the code using the Non Paged memory that’s hosing it when I get pool exceptions. Then, I can focus on that piece of code. I’ve got about 8 different objects that get allocated to Non Paged memory, and I’m not sure which one is getting corrupted (thus tags could tell me).
Thanks,
Jason
And the obvious mistake that I forget:
Tag ‘tGRX’ will show as “XRGt” in pool monitor…
Thomas F. Divine
-----Original Message-----
From: xxxxx@lists.osr.com [mailto:bounce-293308-
xxxxx@lists.osr.com] On Behalf Of xxxxx@gmail.com
Sent: Wednesday, July 11, 2007 3:25 PM
To: Windows System Software Devs Interest List
Subject: [ntdev] Cannot get Pool Tags to show up
Hey guys,
I have several instances in my WDM driver where I use
ExAllocatePoolWithTag() to allocate non-paged memory, and specify a
different tag for each call (which also doesn’t match any of the tags
in pooltag.txt).
Example:
_frames = (PUserGraphicsFrame
*)ExAllocatePoolWithTag(NonPagedPool, size *
sizeof(PUserGraphicsFrame), ‘tGRX’);
Furthermore, I’m running an XP SP2 Checked build, and I have verified
that ‘Enable Pool Tagging’ is enabled via Gflags (I think it was by
default w/ the checked build).
Also, I’ve enabled ‘Pool Tracking’ via the driver Verifier.
I’m using OSR’s PoolTag Reporter, and set the filter to watch for the
specific tags I’m using in the driver, however, I do not see any of the
tags show up when I start the application and/or use functionality
within the app that uses the driver (whether the filter is set or not).
Additional, I don’t see the tags show up under WinDbg when I type the
command ‘!poolused’.
I have ensured that I have the latest version of the driver installed
on the target machine (about 5 times).
So, I’m trying to debug a pool corruption problem within the driver,
and I’d love to be able to narrow it down to the culprit using pool
tags, but I just can’t get them to work. What am I missing? It has to
be something simple.
Is there a build option that I need to force the tags to be used? Is
it a configuration issue on my target machine?
Thanks,
Jason
Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256
To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer
If it was me, I’d disassemble the routine and see if the tag is pushed on the stack [it’s a constant, after all] and the call is made. If it is, then I’d put a breakpoint on said routine and step past the allocate call, then !pool the address returned from the call (or just dump the nearby memory with dc or such).
That would tell me whether the code was trying to use the tag, or it provided it and the OS wasn’t using it.