[NTOS] On DBG builds, fill pool allocations with 0xCD and freed pool with 0xDD

This matches what the MSVC runtime does with heap allocations on debug builds.
2025-06-05 01:10:26 +00:00 · 2019-06-29 12:06:04 +02:00 · 2019-06-29 12:06:04 +02:00 · 24f240be8a
commit 24f240be8a
parent 14478887df
2 changed files with 50 additions and 12 deletions
--- a/ntoskrnl/mm/ARM3/expool.c
+++ b/ntoskrnl/mm/ARM3/expool.c
@ -1859,6 +1859,7 @@ ExAllocatePoolWithTag(IN POOL_TYPE PoolType,
    ULONG OriginalType;
    PKPRCB Prcb = KeGetCurrentPrcb();
    PGENERAL_LOOKASIDE LookasideList;
+    PVOID Allocation;

    //
    // Some sanity checks
@ -1898,10 +1899,13 @@ ExAllocatePoolWithTag(IN POOL_TYPE PoolType,
            if (MmUseSpecialPool(NumberOfBytes, Tag))
            {
                //
-                // Try to allocate using special pool
+                // Try to allocate using special pool (initialized with random byte)
                //
-                Entry = MmAllocateSpecialPool(NumberOfBytes, Tag, PoolType, 2);
-                if (Entry) return Entry;
+                Allocation = MmAllocateSpecialPool(NumberOfBytes, Tag, PoolType, 2);
+                if (Allocation != NULL)
+                {
+                    return Allocation;
+                }
            }
        }
    }
@ -1922,8 +1926,8 @@ ExAllocatePoolWithTag(IN POOL_TYPE PoolType,
        //
        // Allocate pages for it
        //
-        Entry = MiAllocatePoolPages(OriginalType, NumberOfBytes);
-        if (!Entry)
+        Allocation = MiAllocatePoolPages(OriginalType, NumberOfBytes);
+        if (Allocation == NULL)
        {
 #if DBG
            //
@ -1995,7 +1999,7 @@ ExAllocatePoolWithTag(IN POOL_TYPE PoolType,
        // Add a tag for the big page allocation and switch to the generic "BIG"
        // tag if we failed to do so, then insert a tracker for this alloation.
        //
-        if (!ExpAddTagForBigPages(Entry,
+        if (!ExpAddTagForBigPages(Allocation,
                                  Tag,
                                  (ULONG)BYTES_TO_PAGES(NumberOfBytes),
                                  OriginalType))
@ -2003,7 +2007,7 @@ ExAllocatePoolWithTag(IN POOL_TYPE PoolType,
            Tag = ' GIB';
        }
        ExpInsertPoolTracker(Tag, ROUND_TO_PAGES(NumberOfBytes), OriginalType);
-        return Entry;
+        return Allocation;
    }

    //
@ -2073,7 +2077,11 @@ ExAllocatePoolWithTag(IN POOL_TYPE PoolType,
            Entry->PoolTag = Tag;
            (POOL_FREE_BLOCK(Entry))->Flink = NULL;
            (POOL_FREE_BLOCK(Entry))->Blink = NULL;
-            return POOL_FREE_BLOCK(Entry);
+            Allocation = POOL_FREE_BLOCK(Entry);
+#if DBG
+            RtlFillMemory(Allocation, NumberOfBytes, 0xCD);
+#endif
+            return Allocation;
        }
    }

@ -2257,7 +2265,11 @@ ExAllocatePoolWithTag(IN POOL_TYPE PoolType,
            Entry->PoolTag = Tag;
            (POOL_FREE_BLOCK(Entry))->Flink = NULL;
            (POOL_FREE_BLOCK(Entry))->Blink = NULL;
-            return POOL_FREE_BLOCK(Entry);
+            Allocation = POOL_FREE_BLOCK(Entry);
+#if DBG
+            RtlFillMemory(Allocation, NumberOfBytes, 0xCD);
+#endif
+            return Allocation;
        }
    } while (++ListHead != &PoolDesc->ListHeads[POOL_LISTS_PER_PAGE]);

@ -2400,7 +2412,9 @@ ExAllocatePoolWithTag(IN POOL_TYPE PoolType,
    //
    ExpCheckPoolBlocks(Entry);
    Entry->PoolTag = Tag;
-    return POOL_FREE_BLOCK(Entry);
+    Allocation = POOL_FREE_BLOCK(Entry);
+
+    return Allocation;
 }

 /*
@ -2544,6 +2558,10 @@ ExFreePoolWithTag(IN PVOID P,
            Tag &= ~PROTECTED_POOL;
        }

+#if DBG
+        RtlFillMemory(P, PageCount * PAGE_SIZE, 0xDD);
+#endif
+
        //
        // Check block tag
        //
@ -2669,6 +2687,10 @@ ExFreePoolWithTag(IN PVOID P,
        }
    }

+#if DBG
+    RtlFillMemory(P, BlockSize * POOL_BLOCK_SIZE - sizeof(*Entry), 0xDD);
+#endif
+
    //
    // Is this allocation small enough to have come from a lookaside list?
    //
--- a/ntoskrnl/mm/ARM3/pool.c
+++ b/ntoskrnl/mm/ARM3/pool.c
@ -665,6 +665,9 @@ MiAllocatePoolPages(IN POOL_TYPE PoolType,
        //
        // Return the allocation address to the caller
        //
+#if DBG
+        RtlFillMemory(BaseVa, ROUND_TO_PAGES(SizeInBytes), 0xCD);
+#endif
        return BaseVa;
    }

@ -674,7 +677,13 @@ MiAllocatePoolPages(IN POOL_TYPE PoolType,
    if ((SizeInPages == 1) && (ExQueryDepthSList(&MiNonPagedPoolSListHead)))
    {
        BaseVa = InterlockedPopEntrySList(&MiNonPagedPoolSListHead);
-        if (BaseVa) return BaseVa;
+        if (BaseVa)
+        {
+#if DBG
+            RtlFillMemory(BaseVa, ROUND_TO_PAGES(SizeInBytes), 0xCD);
+#endif
+            return BaseVa;
+        }
    }

    //
@ -802,6 +811,9 @@ MiAllocatePoolPages(IN POOL_TYPE PoolType,
                // Release the nonpaged pool lock, and return the allocation
                //
                KeReleaseQueuedSpinLock(LockQueueMmNonPagedPoolLock, OldIrql);
+#if DBG
+                RtlFillMemory(BaseVa, ROUND_TO_PAGES(SizeInBytes), 0xCD);
+#endif
                return BaseVa;
            }

@ -897,7 +909,11 @@ MiAllocatePoolPages(IN POOL_TYPE PoolType,
    //
    // Return the address
    //
-    return MiPteToAddress(StartPte);
+    BaseVa = MiPteToAddress(StartPte);
+#if DBG
+            RtlFillMemory(BaseVa, ROUND_TO_PAGES(SizeInBytes), 0xCD);
+#endif
+    return BaseVa;
 }

 ULONG