Message 1 of 1
11 May 18 08:52
Join Date: 04 Mar 2018
Posts To This List: 3
DRIVER_IRQL_NOT_LESS_OR_EQUAL on trying to set variable in classifyfn!!
I am developing a WFP callout driver which then logs all the network requests.
In a ALE_CONNECT_AUTH classify function am trying to set the flow context so
that the next layers can get some more context related information. Following is
the offending code which is triggering the bug check.
139: RtlZeroMemory(context, sizeof(FLOW_DATA));
> 140: context->previousLayerId[context->currentLayerIndex++] =
141: // Associate the flow context structure with the data flow
The declaration of previousLayerId looks something like this :
Also there is a check before this code to make sure that
ExAllocatePoolWithTag(allocated from NonPagedPool) is succeeding in the
allocation or not.
So with my code, what could be triggering the bug check?
Also as a side question, will this flowcontext be shared different WFP layers
and their callouts? Like I am assuming that this context will be shared between
the ALE_AUTH_CONNECT & OUTBOUND_TRANSPORT classify callouts.
Is my assumption correct?
Thanks in advance.