I’m wondering if anyone knows the structure of the kernel pool headers? I
couldn’t find the info anywhere! I’m getting some pool corruption and
understanding the header will help me get a handle on what’s wrong…
I went through the assembly, and here’s what I came up with…
Pool blocks are 32 bytes each.
struct {
UCHAR previousBlocks; // Number of blocks in the previous allocation.
UCHAR unknown; // No idea…
UCHAR inUse; // I think this is just an is-use flag for the
current allocation.
UCHAR currentBlocks; // Number of blocks in the current allocation.
ULONG poolTag; // Used for debugging.
} kernelPoolHeader;
You are currently subscribed to ntdev as: $subst(‘Recip.EmailAddr’)
To unsubscribe send a blank email to leave-ntdev-$subst(‘Recip.MemberIDChar’)@lists.osr.com
Hello,
I think the “inUse” member stores pool_type + 1.
Also, the code seems to store a pointer to EPROCESS
when used with quota. Otherwise it stores pool tag.
HTH,
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com]On Behalf Of Taed Nelson
Sent: Thursday, February 08, 2001 8:04 AM
To: NT Developers Interest List
Subject: [ntdev] Kernel pool header structure?
I’m wondering if anyone knows the structure of the kernel pool headers? I
couldn’t find the info anywhere! I’m getting some pool corruption and
understanding the header will help me get a handle on what’s wrong…
I went through the assembly, and here’s what I came up with…
Pool blocks are 32 bytes each.
struct {
UCHAR previousBlocks; // Number of blocks in the previous allocation.
UCHAR unknown; // No idea…
UCHAR inUse; // I think this is just an is-use flag for the
current allocation.
UCHAR currentBlocks; // Number of blocks in the current allocation.
ULONG poolTag; // Used for debugging.
} kernelPoolHeader;
Do You Yahoo!?
Get your free @yahoo.com address at http://mail.yahoo.com
You are currently subscribed to ntdev as: $subst(‘Recip.EmailAddr’)
To unsubscribe send a blank email to leave-ntdev-$subst(‘Recip.MemberIDChar’)@lists.osr.com