Kernel Pool Cheat Sheet - mista.nu

0 downloads 165 Views 212KB Size Report
Try per-processor non- paged lookaside list. Yes. Lock non-paged pool descriptor (local node). Yes. No. Success? No. Yes
ExAllocatePoolWithTag Windows 7 SP1 Start Tarjei Mandt [email protected] NumBytes > 0xFF0

No

PagedPool?

No (NonPaged pool)

Yes

Yes

Session Allocation?

Call ExpAllocateBigPool

Yes

BlockSize < 0x1A

Yes

Try session paged lookaside list

BlockSize > 0x20

No

No

Try per-processor paged lookaside list

No

Try per-processor nonpaged lookaside list

BlockSize > 0x20

No

Success?

Success?

No

Yes

No

Yes Lock paged pool descriptor (round robin)

Use ListHeads of currently locked pool (n = BlockSize-1)

ListHeads[n] empty? Try next BlockSize

Yes

Lock non-paged pool descriptor (local node)

Lock session paged pool descriptor

No

No

Success? Yes

Safe unlink ListHeads[n].Flink Yes

Yes

More ListHeads?

No

Call MiAllocatePoolPages

Split entry if larger than needed

Return Chunk

ExFreePoolWithTag

Check if Entry.BlockSize equals NextEntry.PreviousSize

Start Page aligned address?

Is bordering chunk valid?

No

No

Windows 7 SP1

Tarjei Mandt [email protected]

BugCheckEx(BAD_POOL_HEADER)

Yes

PagedPool?

No

BlockSize < 0x20

Yes

Put in per-processor nonpaged lookaside list

Success?

BlockSize < 0x20

Yes

Put in per-processor paged lookaside list

Success?

Yes

Put in session paged lookaside list

Success?

No

Yes

Session allocation?

No

No

Lock pool descriptor

Yes

BlockSize < 0x1A

Yes No No Delayed frees?

Pending frees list full?

Yes

Call ExDeferredFreePool

Add entry to front of pending frees list

Return

Yes No

Yes

Is next chunk free?

No

Yes

Safe unlink and merge

No

Is previous chunk free?

Yes

Safe unlink and merge

Is chunk a full page?

Yes Call MiFreePoolPages

No

Add entry to front of ListHeads list