Page 1 of 1

why ExFreePool will blue screen

PostPosted:Mon May 21, 2018 6:45 am
by lwbkm
easy code ,but ExFreePool will be blue screen.......why... :x how can i fix it ..
Code: Select all
#include <ntddk.h>
#include <windef.h>

PVOID pBuffer;
NTSTATUS NTGetLogicalDrives(OUT DWORD *pDiskNumber);

NTSTATUS WINAPI ZwQueryInformationProcess(
	_In_      HANDLE           ProcessHandle,
	_In_      PROCESSINFOCLASS ProcessInformationClass,//ProcessDeviceMap
	_Out_     PVOID            ProcessInformation,
	_In_      ULONG            ProcessInformationLength,
	_Out_opt_ PULONG           ReturnLength
);


VOID DriverUnload(PDRIVER_OBJECT pDriverObject)
{
	//UNREFERENCED_PARAMETER(pDriverObject);//close error tip
	KdPrint(("DriverUnload.....\n"));

	return;
}



NTSTATUS DriverEntry(IN PDRIVER_OBJECT pDriverObject, IN PUNICODE_STRING pRegPath) {
	NTSTATUS status;

	pDriverObject->DriverUnload = DriverUnload;
	KdPrint(("DriverEntry.....\n"));

	int dm = 0;
	DWORD *pDiskNumber = &dm;
	status = NTGetLogicalDrives(pDiskNumber);

	KdPrint(("%d.....\n", status));

	KdPrint(("0x%p.....\n", dm));

	return status;
}

NTSTATUS NTGetLogicalDrives(OUT DWORD *pDiskNumber) {
	NTSTATUS status;

	HANDLE handle = -1;
	PVOID pBuffer = ExAllocatePool(NonPagedPool, 4);

	status = ZwQueryInformationProcess(handle, 0x17,pBuffer, 0x24, 0);
	if (NT_SUCCESS(status))
	{
		*pDiskNumber = *(int *)pBuffer;

	}
	//ExFreePool(pBuffer);//blue screen

	return status;
}

Re: why ExFreePool will blue screen

PostPosted:Mon May 21, 2018 9:18 am
by EP_X0FF
Are you kidding or what?

You allocated 4 byte long buffer and passed it to function giving it size as 36 bytes long.

You don't need to allocate memory for PROCESS_DEVICEMAP_INFORMATION. It is structure with fixed size.

Re: why ExFreePool will blue screen

PostPosted:Mon May 21, 2018 3:15 pm
by lwbkm
omg,i am first use this function,
I didn't look carefully about
ProcessInformationLength [in]
The size of the buffer pointed to by the ProcessInformation parameter, in bytes.

It was very careless of me.thank you! :D

Re: why ExFreePool will blue screen

PostPosted:Wed May 23, 2018 11:32 pm
by Brock
@lwbkm,

When you graduate to better understanding kernel memory allocation and general management you might also strongly consider, on Windows 8+ anyhow, using ExAllocatePool(NonPagedPoolNx, ...); or the newer compiler's opt-in flag instead of the NonPagedPool type. It's just a best practice is all

Re: why ExFreePool will blue screen

PostPosted:Tue Jul 02, 2019 3:13 pm
by KarNak
Try changing the int on the allocation buffer? 4 bytes long? come on

Re: why ExFreePool will blue screen

PostPosted:Thu Jul 04, 2019 4:21 am
by EP_X0FF
I highly doubt he will read or answer you after more than 1 year passed since this thread last reply. Closed.