-
-
[求助]请大家帮看一下ExFreePool引起蓝屏的问题
-
发表于:
2009-3-9 11:24
14936
-
[求助]请大家帮看一下ExFreePool引起蓝屏的问题
在驱动中列举进程,把进程名做成链表。但在读取链表数据后释放所申请的内存立即蓝屏。请大家看看代码哪里有问题?
NTSTATUS EnumProcess()
{
int iCount = 1; //进程计数
NTSTATUS status; //返回值
PVOID pSi = NULL; //指向SystemInformationClass的指针,此处为SystemProcessesAndThreadsInformation,即我们所要获取的信息
PSYSTEM_PROCESS_INFORMATION pSpiNext = NULL; //同上
ULONG uSize; //pSi的大小,以BYTE为单位
ULONG pNeededSize = 0; //系统返回所需长度,因在WIN2000下不会返回,故不只用,设置为0
BOOL bOver = FALSE; //标识是否列举完成
//设定pSi大小uSize初始为32K,并为pSi分配uSize的内存,根据返回值逐步累加uSize,步长为32K
for (uSize = 0x8000; ((pSi = ExAllocatePoolWithTag(NonPagedPool, uSize, 'tag1')) != NULL); uSize += 0x8000)
{
//检索指定的系统信息,这里是有关进程的信息
status = NtQuerySystemInformation(SystemProcessesAndThreadsInformation,
pSi,
uSize,
&pNeededSize);
if (STATUS_SUCCESS == status) //NtQuerySystemInformation返回成功
{
pSpiNext = (PSYSTEM_PROCESS_INFORMATION)pSi; //使用pSpiNext操作,pSi要留到后面释放所分配的内存
while (TRUE)
{
if (pSpiNext->ProcessId == 0)
{
pMyData = (PMYPROCESSDATA)ExAllocatePoolWithTag(PagedPool, sizeof(PMYPROCESSDATA), 'tag2');
RtlInitUnicodeString(&pMyData->usImageName, L"System Idle Process");
InsertTailList(&ProcessListHead, (PLIST_ENTRY)&pMyData->myListEntry);//插入链表
//DbgPrint("[Aliwy] %d - %wZ(%.8X)\n", pSpiNext->ProcessId, &pMyData->usImageName, pMyData); //进程标识符为0的是System Idle Process,需手动标明
}
else
{
pMyData = (PMYPROCESSDATA)ExAllocatePoolWithTag(PagedPool, sizeof(PMYPROCESSDATA), 'tag2');
pMyData->usImageName = pSpiNext->ImageName;
InsertTailList(&ProcessListHead, (PLIST_ENTRY)&pMyData->myListEntry);//插入链表
//DbgPrint("[Aliwy] %d - %wZ(%.8X)\n", pSpiNext->ProcessId, &pMyData->usImageName, pMyData); //打印出进程标识符和进程名称
}
if (pSpiNext->NextEntryOffset == 0) //如果NextEntryOffset为0即表示进程已列举完
{
pMyData = (PMYPROCESSDATA)ExAllocatePoolWithTag(PagedPool, sizeof(PMYPROCESSDATA), 'tag2');
RtlInitUnicodeString(&pMyData->usImageName, L"EnumProcess Over");
InsertTailList(&ProcessListHead, (PLIST_ENTRY)&pMyData->myListEntry);//插入链表
//DbgPrint("[Aliwy] %wZ, Count is: %d(%.8X)\n", &pMyData->usImageName, iCount, pMyData);
bOver = TRUE; //标识进程列举已完成
break; //跳出列举循环(while循环)
}
pSpiNext = (PSYSTEM_PROCESS_INFORMATION)((ULONG)pSpiNext + pSpiNext->NextEntryOffset); //指向下一个进程的信息
iCount++; //计数累加
}
ExFreePool(pSi); //释放为sPi分配的内存
if (bOver) //进程列举完成
{
if (!IsListEmpty(&ProcessListHead))
{
while (!IsListEmpty(&ProcessListHead))
{
pMyData = CONTAINING_RECORD(RemoveHeadList(&ProcessListHead),
MYPROCESSDATA,
myListEntry);
DbgPrint("[Aliwy] %wZ(0x%.8X)\n", &pMyData->usImageName, pMyData);
[COLOR=red]ExFreePool(pMyData); //这里就蓝[/COLOR]
}
}
break; //跳出内存分配循环(for循环)
}
}
}
return STATUS_SUCCESS;
}
//------------------------------
[招生]科锐逆向工程师培训(2024年11月15日实地,远程教学同时开班, 第51期)
