Is there any way to set this to check write only?
Thanks Jim D.
Ok, here is the problem.
When I turn on PoolTagOverruns code as shown below trigger the blue screen.
First of all, what are the rules for pool tag over runs?
Is there any way to allow reading certain areas in kernel space with out
trigger PoolTagOverruns checks?
Can they be turned on for writes only ?
(before you tell me that this code is “wrong”, I have replaced it with
ZwQuerySystemInformation, but there are other places where it read things -
I would like to understand how this mechanism works)
// Find the offset for the process name in EPROCESS structure…
for( i = 0; i < 3 * PAGE_SIZE; i++ )
{
–> if( !strncmp( “System”, (PCHAR) curproc + i, strlen(“System”) ))
{
m_ProcessNameOffset = i;
}
}
“jim” wrote in message news:xxxxx@windbg…
> Is there any way to set this to check write only?
> Thanks Jim D.
>
>