why ExFreePool will blue screen

Forum for discussion about kernel-mode development.
Post Reply
lwbkm
Posts: 11
Joined: Fri Apr 27, 2018 10:02 am

why ExFreePool will blue screen

Post by lwbkm » Mon May 21, 2018 6:45 am

easy code ,but ExFreePool will be blue screen.......why... :x how can i fix it ..

Code: Select all

#include <ntddk.h>
#include <windef.h>

PVOID pBuffer;
NTSTATUS NTGetLogicalDrives(OUT DWORD *pDiskNumber);

NTSTATUS WINAPI ZwQueryInformationProcess(
	_In_      HANDLE           ProcessHandle,
	_In_      PROCESSINFOCLASS ProcessInformationClass,//ProcessDeviceMap
	_Out_     PVOID            ProcessInformation,
	_In_      ULONG            ProcessInformationLength,
	_Out_opt_ PULONG           ReturnLength
);


VOID DriverUnload(PDRIVER_OBJECT pDriverObject)
{
	//UNREFERENCED_PARAMETER(pDriverObject);//close error tip
	KdPrint(("DriverUnload.....\n"));

	return;
}



NTSTATUS DriverEntry(IN PDRIVER_OBJECT pDriverObject, IN PUNICODE_STRING pRegPath) {
	NTSTATUS status;

	pDriverObject->DriverUnload = DriverUnload;
	KdPrint(("DriverEntry.....\n"));

	int dm = 0;
	DWORD *pDiskNumber = &dm;
	status = NTGetLogicalDrives(pDiskNumber);

	KdPrint(("%d.....\n", status));

	KdPrint(("0x%p.....\n", dm));

	return status;
}

NTSTATUS NTGetLogicalDrives(OUT DWORD *pDiskNumber) {
	NTSTATUS status;

	HANDLE handle = -1;
	PVOID pBuffer = ExAllocatePool(NonPagedPool, 4);

	status = ZwQueryInformationProcess(handle, 0x17,pBuffer, 0x24, 0);
	if (NT_SUCCESS(status))
	{
		*pDiskNumber = *(int *)pBuffer;

	}
	//ExFreePool(pBuffer);//blue screen

	return status;
}

User avatar
EP_X0FF
Global Moderator
Posts: 4808
Joined: Sun Mar 07, 2010 5:35 am
Location: Russian Federation
Contact:

Re: why ExFreePool will blue screen

Post by EP_X0FF » Mon May 21, 2018 9:18 am

Are you kidding or what?

You allocated 4 byte long buffer and passed it to function giving it size as 36 bytes long.

You don't need to allocate memory for PROCESS_DEVICEMAP_INFORMATION. It is structure with fixed size.
Ring0 - the source of inspiration

lwbkm
Posts: 11
Joined: Fri Apr 27, 2018 10:02 am

Re: why ExFreePool will blue screen

Post by lwbkm » Mon May 21, 2018 3:15 pm

omg,i am first use this function,
I didn't look carefully about
ProcessInformationLength [in]
The size of the buffer pointed to by the ProcessInformation parameter, in bytes.

It was very careless of me.thank you! :D

User avatar
Brock
Posts: 204
Joined: Wed Apr 28, 2010 3:13 am
Location: Valparaiso, Florida USA
Contact:

Re: why ExFreePool will blue screen

Post by Brock » Wed May 23, 2018 11:32 pm

@lwbkm,

When you graduate to better understanding kernel memory allocation and general management you might also strongly consider, on Windows 8+ anyhow, using ExAllocatePool(NonPagedPoolNx, ...); or the newer compiler's opt-in flag instead of the NonPagedPool type. It's just a best practice is all
Accept nothing less than STATUS_SUCCESS

Post Reply