My driver calls ExAllocatePoolWithTag to get a NonPagedPool buffer of about 40 bytes. However, when this code is run in Windows 10 with verifier on, the below prompt occurs in the debugger. Does anyone know what this means?
*********** Verifier Detected a Code Integrity Issue ************
**
** The caller 0xFFFFF8001464153B specified an executable pool type 0x0 (tag 0x6c6d6f6e).
**
*****************************************************************
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of xxxxx@gmail.com
Sent: Tuesday, February 02, 2016 9:16 PM
To: Windows System Software Devs Interest List
Subject: [ntdev] Mysterious Windows 10 driver verifier assertion
My driver calls ExAllocatePoolWithTag to get a NonPagedPool buffer of about
40 bytes. However, when this code is run in Windows 10 with verifier on, the
below prompt occurs in the debugger. Does anyone know what this means?
*********** Verifier Detected a Code Integrity Issue ************
**
** The caller 0xFFFFF8001464153B specified an executable pool type 0x0 (tag
0x6c6d6f6e).
**
*****************************************************************
Check the documentation on the POOL_TYPE parameter. On Windows 8 and later, you should use NonPagedPoolNx instead of NonPagedPool, as the latter is now equivalent to NonPagedPoolExecute which will give you a block of executable memory (which presumably you don’t really need).
We use a single binary for Windows 7 and later. What happens if NonPagedPoolNx is specified in Windows 7? Seems to do the right thing, but if it is undefined behavior then a RtlGetVersion version check for Windows 8 or later can be implemented if necessary.
wrote in message news:xxxxx@ntdev… > My driver calls ExAllocatePoolWithTag to get a NonPagedPool buffer of about 40 bytes. However, when this code is run in Windows 10 with verifier on, the below prompt occurs in the debugger. Does anyone know what this means? > > > Verifier Detected a Code Integrity Issue* > > The caller 0xFFFFF8001464153B specified an executable pool type 0x0 (tag 0x6c6d6f6e). > >*************************************************************** > > Verifier assertion failed > (B)reak, (I)gnore, (W)arn only, (R)emove assert? > >
I got this error when I did MmGetSystemAddressForMdlSafe() on a
MDL that was passed to me by an MS kernel component. Not sure how I am involved here.
MmGetMdlVirtualAddress() on the same MDL didn’t throw this error.
Also I am l am already using the NonPagedPoolNx for the memory I am allocating elsewhere, not related to above code. DV caught this for me in this case.
You just define a macro POOL_NX_OPTIN=1 and make the following call in your
DriverEntry function: ExInitializeDriverRuntime(DrvRtPoolNxOptIn) - you do
this before allocating any memory.
If you do these steps you can leave your allocations using NonPagedPool and
they’ll be NonPagedPoolNx on Windows8 and later and remain NonPagedPool on
Windows 7.
On 3 February 2016 at 08:31, Maxim S. Shatskih wrote: