RtlEnumerateGenericTableWithoutSplaying and bad RestartKey

Neil_Weicher · January 13, 2010, 6:59pm

Is there any way to see if a RestartKey is valid when using
RtlEnumerateGenericTableWithoutSplaying?

The table entries are all allocated out of NPP.

I am restarting it at a specific location that previously was valid, but now
is not.

I’ve tried putting it in a try/except. Even tried using MmIsAddressValid.
But no matter what, I keep getting DRIVER_PAGE_FAULT_IN_FREED_SPECIAL_POOL
(0xD5).

Thanks for any tips.

Ayush_Gupta-2 · January 13, 2010, 10:59pm

Comments inline…

Is there any way to see if a RestartKey is valid when using
RtlEnumerateGenericTableWithoutSplaying?

The table entries are all allocated out of NPP.

I am restarting it at a specific location that previously was valid,
but now
is not.

What kind of lock have you used?
Have you done #define RTL_USE_AVL_TABLES 0? If not then you are ending up
using Splay trees which require exclusive locking.

I’ve tried putting it in a try/except. Even tried using
MmIsAddressValid.
But no matter what, I keep getting
DRIVER_PAGE_FAULT_IN_FREED_SPECIAL_POOL
(0xD5).

MmIsAddressValid just tells whether the page is paged in or not. So, for NPP
allocated, it is not going to do anything because for all valid NPP
addresses, it will always return true.
Try/except won’t help because AFAIK, you cannot mask such bug checks using
try except. But yes, while accessing user mode addresses in kernel, you
must access them in try/except block.

Regards,
Ayush Gupta
AI Consulting

OSR_Community_User · January 14, 2010, 2:08am

> I am restarting it at a specific location that previously was valid, but now

is not.

Restart from the very start, this is the only valid way.

–
Maxim S. Shatskih
Windows DDK MVP
xxxxx@storagecraft.com
http://www.storagecraft.com

Neil_Weicher · January 16, 2010, 12:28pm

“Ayush Gupta” wrote in message news:xxxxx@ntfsd…
>
> What kind of lock have you used?
> Have you done #define RTL_USE_AVL_TABLES 0? If not then you are ending up
> using Splay trees which require exclusive locking.

Thanks, Ayush. I am using ExAcquireResourceExclusiveLite. (On a side note,
Would ExAcquireFastMutex be more efficient?)

My trees are fairly small (rarely more than a dozen or so entries), however
they are examined frequently. Would defining RTL_USE_AVL_TABLES make much
difference to performance?

Thanks.