optimized#4
Conversation
| @@ -134,6 +134,11 @@ | |||
| <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|ARM64'"> | |||
| m_apc_state = (KAPC_STATE*)ExAllocatePool(NonPagedPool, sizeof(KAPC_STATE)); | ||
| if (attach) | ||
| { | ||
| m_apc_state = (KAPC_STATE*)ExAllocatePool2(NonPagedPool, sizeof(KAPC_STATE), '2cba'); |
There was a problem hiding this comment.
Can you explain please why this is necessary?
| { | ||
| handles_allocation_size += 0x10000; | ||
| handles_pool = ExAllocatePool(PagedPool, handles_allocation_size); | ||
| handles_pool = ExAllocatePool2(PagedPool, handles_allocation_size, '1cba'); |
There was a problem hiding this comment.
Can you explain please why this is necessary?
There was a problem hiding this comment.
This is a good question. Generally speaking, Microsoft Windows is updating its document all the time. Judging whether it succeeds in allocating pools is always required. Other changes could be ignored if using an old version wdk.
According to the Microsoft document, ExAllocatePool is obsolete and has been deprecated in Windows 10, version 2004. It has been replaced by ExAllocatePool2. From then on, Microsoft always encourages developers to have a tag while allocating a pool. The following image prevents me to build it when regarding warnings as errors in kernel mode.
After my testing, ExAllocatePool2 is not always successful, but ExAllocatePoolZero on my system could succeed. I have no good ideas on this point. Maybe it is better to judge which one to use first according to the system.
The same as the ProcessReference.cpp.
Many Thanks.
There was a problem hiding this comment.
Cool :)
Why you didn't choose ExAllocatePoolWithTag?
Because ExAllocatePool2 is supported only from new windows version.
There was a problem hiding this comment.
ExAllocatePoolWithTag is also replaced by ExAllocatePool2.
I don't know why Microsoft would like to do this. Maybe it is safer to use the new API.
Click here to see related documents.
There was a problem hiding this comment.
ExAllocatePool2 and ExAllocatePoolZero are both functions that are supported from new versions of windows.
ExAllocatePoolWithTag is maybe deprecated in the new WDK toolset but there is background compatibility in the windows kernel, you should compile with WDK from from lower version.
Please use ExAllocatePoolWithTag
Remove DbgPrint
|
I have removed three files that don't make sense but changed while I was editing the two .cpp files. |
| @@ -1,163 +0,0 @@ | |||
| <?xml version="1.0" encoding="utf-8"?> | |||
There was a problem hiding this comment.
This kind of file would be changed as soon as I open the .sln file via VS 2022. So I would like to remove the change in pull request.
| m_apc_state = (KAPC_STATE*)ExAllocatePool(NonPagedPool, sizeof(KAPC_STATE)); | ||
| if (attach) | ||
| { | ||
| m_apc_state = (KAPC_STATE*)ExAllocatePool2(NonPagedPool, sizeof(KAPC_STATE), '2cba'); |
There was a problem hiding this comment.
ExAllocatePool2 and ExAllocatePoolZero are both functions that are supported from new versions of windows.
ExAllocatePoolWithTag is maybe deprecated in the new WDK toolset but there is background compatibility in the windows kernel, you should compile with WDK from from lower version.
Please use ExAllocatePoolWithTag
| { | ||
| handles_allocation_size += 0x10000; | ||
| handles_pool = ExAllocatePool(PagedPool, handles_allocation_size); | ||
| handles_pool = ExAllocatePool2(PagedPool, handles_allocation_size, '1cba'); |
There was a problem hiding this comment.
ExAllocatePool2 and ExAllocatePoolZero are both functions that are supported from new versions of windows.
ExAllocatePoolWithTag is maybe deprecated in the new WDK toolset but there is background compatibility in the windows kernel, you should compile with WDK from from lower version.
Please use ExAllocatePoolWithTag
| @@ -1,149 +0,0 @@ | |||
| <?xml version="1.0" encoding="utf-8"?> | |||
2 participants
ISSUE #3