verifier.exe showing abnormal pool allocations

Chris_Schade · August 8, 2010, 11:45am

I’m running verifier.exe for the first time on my KMDF driver. The driver is very passive atm: just some notification routines.

But after boot, the verifier already shows approximately 200k allocation attempts (all successful… in ‘special pool’) and after about 40 minutes this climbed to over a million.
Now I doubt my driver is doing this, there is only one call to ExAllocatePoolWithTag followed by a kdprint. And even when I unload my driver the number of allocations keep growing.

Is this normal? If not… what could be causing it? In the list of ‘Drivers’ being verified, only my driver is listed and its status is ‘unloaded’.

A second short question that I know the answer to but hopefully someone has some new insight:
Is there a chance of support in SDV for C++ (please don’t kill me for mentioning this awful word on this list :$). I’m not actually using any major C++ constructs, but I use it to be able to locally declare variables and have default parameter values in a few functions.
I’ve read about the SDV in my ‘Developing drivers with the WDF’ book and wanted to try it but… failed because of this. But (IMHO) the SDV shouldn’t reject a driver’s source on the extension alone.

Now for the dangerous question (maybe Peter should stop reading here :P): Should I convert my driver to C so that I can use SDV? I already compile with W4 and run preFAST…
Because I’m only using the C++ compiler for small (athough veeery convenient) things I guess it is worth it, plus I’m not an exerienced kernel developer yet so it will probably teach me a lot…

I apologize again for mentioning the ++ word.

Don_Burn_1 · August 8, 2010, 11:59am

On the allocations, use one of the many methods to check the tag of the
allocations (such as Windbg, or Pooltag) to see if the allocations are
your tag, if not then don’t worry about them.

Microsoft has said they are working on supporting a limited C++ with SDV
but have given no timeframe. I use SDV, but for the most part I still
find it frustrating to use and I have never found a bug with it. So I
would not rush to change your code to allow SDV to run.

Don Burn (MVP, Windows DKD)
Windows Filesystem and Driver Consulting
Website: http://www.windrvr.com
Blog: http://msmvps.com/blogs/WinDrvr

-----Original Message-----
From: xxxxx@gmail.com [mailto:xxxxx@gmail.com]
Posted At: Sunday, August 08, 2010 11:47 AM
Posted To: ntdev
Conversation: verifier.exe showing abnormal pool allocations
Subject: verifier.exe showing abnormal pool allocations

I’m running verifier.exe for the first time on my KMDF driver. The
driver is
very passive atm: just some notification routines.

But after boot, the verifier already shows approximately 200k
allocation
attempts (all successful… in ‘special pool’) and after about 40
minutes this
climbed to over a million.
Now I doubt my driver is doing this, there is only one call to
ExAllocatePoolWithTag followed by a kdprint. And even when I unload my
driver
the number of allocations keep growing.

Is this normal? If not… what could be causing it? In the list of
‘Drivers’
being verified, only my driver is listed and its status is ‘unloaded’.

A second short question that I know the answer to but hopefully
someone has
some new insight:
Is there a chance of support in SDV for C++ (please don’t kill me for
mentioning this awful word on this list :$). I’m not actually using
any major
C++ constructs, but I use it to be able to locally declare variables
and have
default parameter values in a few functions.
I’ve read about the SDV in my ‘Developing drivers with the WDF’ book
and
wanted to try it but… failed because of this. But (IMHO) the SDV
shouldn’t
reject a driver’s source on the extension alone.

Now for the dangerous question (maybe Peter should stop reading here
:P):
Should I convert my driver to C so that I can use SDV? I already
compile with
W4 and run preFAST…
Because I’m only using the C++ compiler for small (athough veeery
convenient)
things I guess it is worth it, plus I’m not an exerienced kernel
developer yet
so it will probably teach me a lot…

I apologize again for mentioning the ++ word.

__________ Information from ESET Smart Security, version of virus
signature
database 5349 (20100807) __________

The message was checked by ESET Smart Security.

http://www.eset.com

Chris_Schade · August 8, 2010, 12:08pm

Right, I thought the SDV would show only my allocations. Thanks.

Then I have another small problem I hope someone may have experience with. It’s not really related but since I have a thread anyway…

I use a VM(ware workstation 7.1) to develop and attach windbg to it through a named pipe. Whenever I resume from a snapshot, it can take several minutes before the VM responds to my input. I see that the screen is updated (there are some cmd’s open and the cursors are blinking).

Problem is that it doesn’t always take that long… sometimes I can use the VM again after seconds.

Peter_Viscarola_OSR · August 8, 2010, 12:34pm

I’ll echo what Don said: SDV might be nice in some cases, and it’s theoretically terrific. But I’ve never seen it find an important bug. So, to be perfectly frank, if I were you I wouldn’t bother converting my code to use SDV.

At OSR we use CPP file types very similarly to the way you evidently do… and that prevents us from running SDV on almost all of our code.

Prefast is another matter… like lint, it tends to find errors… and things that aren’t errors… but that’s what it’s about.

Peter
OSR

mm1 · August 8, 2010, 3:30pm

Converting a driver to use a tool would seem to me to be a bad idea pretty
much under all circumstances. I mean, you’re going to introduce errors in
the process, almost certainly.

mm

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of
xxxxx@gmail.com
Sent: Sunday, August 08, 2010 11:47 AM
To: Windows System Software Devs Interest List
Subject: [ntdev] verifier.exe showing abnormal pool allocations

I’m running verifier.exe for the first time on my KMDF driver. The driver is
very passive atm: just some notification routines.

But after boot, the verifier already shows approximately 200k allocation
attempts (all successful… in ‘special pool’) and after about 40 minutes
this climbed to over a million.
Now I doubt my driver is doing this, there is only one call to
ExAllocatePoolWithTag followed by a kdprint. And even when I unload my
driver the number of allocations keep growing.

Is this normal? If not… what could be causing it? In the list of ‘Drivers’
being verified, only my driver is listed and its status is ‘unloaded’.

A second short question that I know the answer to but hopefully someone has
some new insight:
Is there a chance of support in SDV for C++ (please don’t kill me for
mentioning this awful word on this list :$). I’m not actually using any
major C++ constructs, but I use it to be able to locally declare variables
and have default parameter values in a few functions.
I’ve read about the SDV in my ‘Developing drivers with the WDF’ book and
wanted to try it but… failed because of this. But (IMHO) the SDV shouldn’t
reject a driver’s source on the extension alone.

Now for the dangerous question (maybe Peter should stop reading here :P):
Should I convert my driver to C so that I can use SDV? I already compile
with W4 and run preFAST…
Because I’m only using the C++ compiler for small (athough veeery
convenient) things I guess it is worth it, plus I’m not an exerienced kernel
developer yet so it will probably teach me a lot…

I apologize again for mentioning the ++ word.

NTDEV is sponsored by OSR

For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer

Chris_Schade · August 8, 2010, 4:42pm

If it would greatly help me write better code in the long run I would do it though(especially since I don’t use a lot of C++ features and the driver is still relatively small)… but it is reassuring that ‘you guys’ don’t use SDV either.

In any case… the WDF book is awesome (KMDF in general for that matter).

Peter_Viscarola_OSR · August 8, 2010, 5:14pm

I definitely agree… KMDF is awesome.

Peter
OSR

David_J_Craig · August 8, 2010, 8:38pm

There is a KMDF Verifier that knows a lot about the internals of KMDF and
probably UMDF. If your driver works in that environment, use both and
include the sys files loaded as part of WDF.

I also use the same features of C++ in some of my newer drivers to limit the
scope of local variables and define default values for parameters. I also
use ‘extern “C”’ on all (most) functions to ensure that no overloading can
occur and keep the map file a little cleaner.

I mostly live in an environment where KMDF is just not available since there
are Microsoft provided port drivers with defined interfaces. However one
thing in which KMDF excels is writing a bus driver. You might find one is
needed even for various miniport drivers.

wrote in message news:xxxxx@ntdev…
> If it would greatly help me write better code in the long run I would do
> it though(especially since I don’t use a lot of C++ features and the
> driver is still relatively small)… but it is reassuring that ‘you guys’
> don’t use SDV either.
>
> In any case… the WDF book is awesome (KMDF in general for that matter).
>
>
>
>
>
>

Chris_Schade · August 9, 2010, 12:49pm

Ah I didn’t know KMDF had it’s own verifier… just found a post on Doron’s blog though - Thanks

P.S. the problem I described with VMware and resuming from snapshots has been fixed.
The snapshot I used was made when WinDbg was attached, I made one now where it isn’t yet attached and I can immediately use the VM after resuming.

In retrospect that makes sense of course…