This allows avoiding one of the previous implementation limits:
leaked IRP not queued to a thread are now totally visible since
we look directly in the memory pool.
For now, it allows searching for pool allocations in
both paged and non paged pool.
It is based on Andreas Schuster work to identify POOL_HEADER
structures.
This is far from perfect, and totally doesn't match the
WinDBG way of doing it. Instead of browsing pool to find
matching 'IRP' tags, we just browse all the processes
to find the queued IRP. This requires the IRPs to be queued,
obviously, and will make us miss the leaked IRPs, for instance.
Proper way to do it would be to implement !poolfind and then
rely on its implementation to find our IRPs.
Perhaps later ;-)
..\ntoskrnl\kdbg\i386\i386-dis.c(3131,23): warning: adding 'char' to a string does not append to the string [-Wstring-plus-int]
oappend ("%cs:" + intel_syntax);
~~~~~~~^~~~~~~~~~~~~~
..\ntoskrnl\kdbg\i386\i386-dis.c(3131,23): note: use array indexing to silence this warning
oappend ("%cs:" + intel_syntax);
^
& [ ]
Fixes clang warning:
..\ntoskrnl\kdbg\kdb.c(175,25): warning: variable 'TrapCr4' is uninitialized when used here [-Wuninitialized]
KdbTrapFrame->Cr4 = TrapCr4;
^~~~~~~
..\ntoskrnl\kdbg\kdb.c(140,45): note: initialize the variable 'TrapCr4' to silence this warning
ULONG TrapCr0, TrapCr2, TrapCr3, TrapCr4;
^
= 0