Matching pool tags in Windows drivers

I love small posts especially those notes that could help you when banging your head at the wall after facing a strange error on Windows API. When MSDN mentions nothing your last hope is to be in your notes. Original link can be found here.

This is a note to myself, mainly. If the PROTECTED_POOL flag is set on a pool tag, freeing it will require the use of the same tag as when allocating it. For all other purposes the tag will be ignored when freeing.

Microsoft states for the Tag parameter in ExAllocatePoolWithTag:

Specifies the pool tag for the allocated memory. Specify the pool tag as a character literal of up to four characters delimited by single quotation marks (for example, ‘Tag1′). The string is usually specified in reverse order (for example, ‘1gaT’). The ASCII value of each character in the tag must be between 0 and 127. Every allocation code path should use a unique pool tag to ensure that debuggers and verifiers identify a distinct allocated block.

Presumably most tags used by system components themselves will have that flag set, but to be honest I haven’t checked the pooltag.txt lately ;)

// Oliver

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: