MmIsNonPagedSystemAddressValid

Krzysztof_Uchronski-1 · January 25, 2007, 10:13am

Hello,
I know that MmIsNonPagedSystemAddressValid is obsolete and there was already a thread regarding this topic, however I need to find out a way to check if the given address lives in the nonpaged pool or at least if it doesn’t cause page fault during dereferencing it. MmIsAddressValid solve my problem but it cannot be used since there is no guarantee that the page remains in the memory till I finish my operations on it.

Thanks in advance
Krzysiek

OSR_Community_User · January 25, 2007, 10:17am

This question always begs the question “why”? What problem are you trying to solve, where you need to dereference a pointer that you aren’t sure, in advance, is valid? Where did you get this pointer, and what will you do with it?

Nearly all “IsValidPointer” functions are inherently broken. I mean the idea of them is broken, not just the implementations.

From: xxxxx@lists.osr.com [xxxxx@lists.osr.com] On Behalf Of krzysuchr@o2.pl [krzysuchr@o2.pl]
Sent: Thursday, January 25, 2007 7:13 AM
To: Windows System Software Devs Interest List
Subject: [ntdev] MmIsNonPagedSystemAddressValid

Hello,
I know that MmIsNonPagedSystemAddressValid is obsolete and there was already a thread regarding this topic, however I need to find out a way to check if the given address lives in the nonpaged pool or at least if it doesn’t cause page fault during dereferencing it. MmIsAddressValid solve my problem but it cannot be used since there is no guarantee that the page remains in the memory till I finish my operations on it.

Thanks in advance
Krzysiek

Questions? First check the Kernel Driver FAQ at http://www.osronline.com/article.cfm?id=256

To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer

Krzysztof_Uchronski-1 · January 25, 2007, 11:12am

Arlie,
I would like to obtain the HwDeviceExtension from the DEVICE_OBJECT in the mirror miniport driver, I know that the address of the HwDeviceExtension seats in the DEVICE_OBJECT::DeviceExtension + offset (the offset depends on what OS it is running). To be sure that the HwDeviceExtension is valid I want to check the magic number/signature value that is the first field in my HwDeviceExtension structure. However I can’t do that since it can cause page fault.
I need all of these to put the device that is handled by my mirror miniport driver to the power off/on state, since my function VIDEO_HW_INITIALIZATION_DATA::HwSetPowerState for mirror device is never called in oposite to the extend miniport driver where it works just perfectly.
If there is any “official” solution for this particualr problem I’ll immediately drop any other ideas that are connected with the IsAddressValid issues. For instance: on Vista there is very nice function called RegisterPowerSettingNotification that solves my problem, unfortunately it doesn’t exists on before-Vista-OSes. I know that I can put fillter driver on the primary display device but I would like to avoid this kind of solution since it needs separate driver.

Thanks
Krzysiek

OSR_Community_User · January 25, 2007, 11:49am

This falls into one of those broken ideas that Arlie was talking about.

Any solution which requires probing around in memory you don’t own
looking for magic numbers is just plain bad, regardless of whether it’s
the “only way” you can do it.

-p

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of krzysuchr@o2.pl
Sent: Thursday, January 25, 2007 8:12 AM
To: Windows System Software Devs Interest List
Subject: RE:[ntdev] MmIsNonPagedSystemAddressValid

Arlie,
I would like to obtain the HwDeviceExtension from the DEVICE_OBJECT in
the mirror miniport driver, I know that the address of the
HwDeviceExtension seats in the DEVICE_OBJECT::DeviceExtension + offset
(the offset depends on what OS it is running). To be sure that the
HwDeviceExtension is valid I want to check the magic number/signature
value that is the first field in my HwDeviceExtension structure. However
I can’t do that since it can cause page fault.
I need all of these to put the device that is handled by my mirror
miniport driver to the power off/on state, since my function
VIDEO_HW_INITIALIZATION_DATA::HwSetPowerState for mirror device is never
called in oposite to the extend miniport driver where it works just
perfectly.
If there is any “official” solution for this particualr problem I’ll
immediately drop any other ideas that are connected with the
IsAddressValid issues. For instance: on Vista there is very nice
function called RegisterPowerSettingNotification that solves my problem,
unfortunately it doesn’t exists on before-Vista-OSes. I know that I can
put fillter driver on the primary display device but I would like to
avoid this kind of solution since it needs separate driver.

Thanks
Krzysiek

Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256

To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer

anton_bassov · January 25, 2007, 11:57am

As Doron Holan from MSFT explained to me, MmIsAddressValid() is meant to be used only in context of Memory Manager itself, so that it should not have been documented in DDK, in the first place. The only thing it can tell you is what situation *WAS* like at the moment when PTE was examined - the situation may be already different by the time you try to actually get use of this info.

Therefore, as guys have already pointed out, you should re-design your solution, so that
there would be no need to check whether accessing the address may raise a page fault, in the first place…

Anton Bassov

Krzysztof_Uchronski-1 · January 25, 2007, 11:57am

Thanks for your response
Like I said, I know that this not the “only way” I can solve my problem. It’s just an investigation that should eliminate all the “bad ideas”. I’ve already wrote in my second post that I don’t want to use magic numbers/signatures since it can cause page faults.
Any help will be appreciated.

Krzysiek

Krzysztof_Uchronski-1 · January 25, 2007, 12:03pm

Anton,
thanks for constructive answer, there was already mentioned on the other thread here that those routine should be used only for debug purpose (like in the ASSERT situations). Anyway I was curious if such a validation is possible since there are two documented functions in the DDK that are somehow connected with this topic: MmIsAddressValid and MmIsNonPagedSystemAddressValid.
Krzysiek

OSR_Community_User · January 25, 2007, 12:52pm

Krzysiek:

You make, in my opinion, an excellent point here, and do a better job
of it and much more succinctly than I could. In my opinion, any number
of things that are on these lists characterized as unsafe generally
quite accurately. However, they are frequently also characterized as
without need or precedent, which is, also in my opinion, partially true
but never the full story. That being said, while I am not making any
sort of judgement about your interests or intentions, this sort of need
(modifying or even just examining things you didn’t allocate) is an
equally accurate and pithy although incomplete characterization of
malware, but what you seek to do is these days is being very strongly
discouraged, and I think with good reason, because it is just not a
fundamentally safe enough action to be occurring in the kernel.
Although I sometimes take issue with these characterizations,
personally, I would trust Microsoft on this one, because while I think
that what you observed about the documented API is quite obviously at
least partially and likely considerably accurate, based on the change of
heart about these API, I think it may not be the whole story and
probably that this lesson was learned the hard way.

mm

>> krzysuchr@o2.pl 2007-01-25 12:04 >>>
Anton,
thanks for constructive answer, there was already mentioned on the
other thread here that those routine should be used only for debug
purpose (like in the ASSERT situations). Anyway I was curious if such a
validation is possible since there are two documented functions in the
DDK that are somehow connected with this topic: MmIsAddressValid and
MmIsNonPagedSystemAddressValid.
Krzysiek

Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256

To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer

anton_bassov · January 25, 2007, 7:01pm

> Anyway I was curious if such a validation is possible since

there are two documented functions in the DDK that are somehow connected with
this topic: MmIsAddressValid and MmIsNonPagedSystemAddressValid

Well, according to Doron, these functions should not have been documented, in the first place…
However, for this or that reason, they made their way into WDK as well, although the latter one
is marked as beng obsolete…

Anton Bassov