Re: Re[2]: [ntdev] Question about nonpaged memory and MDLs

xxxxx@mail.ru wrote:

Here its an IDA plugin, line 117:
https://github.com/nihilus/idastealth/blob/master/src/StealthDriver/StealthDriver/StealthImplementation.cpp 

it uses MmBuildMdlForNonPagedPool + MmMapLockedPages

it’s unusual for me to see this and it seems to work fine, how is it
possible and why?

Just because it’s wrong doesn’t mean it won’t work.  This slimy code is
actually trying to create a second writable mapping of those physical
pages, because the original mapping is read-only.


Tim Roberts, xxxxx@probo.com
Providenza & Boekelheide, Inc.