windowskerneldriverwfp

WFP verifier issue


According to documentation for FWPM_LAYER_ALE_AUTH_CONNECT_REDIRECT,

"Starting with Windows 8, memory allocated for localRedirectContext will have its ownership taken by WFP, and will be freed when the proxied flow is removed."

But if verifier is ON then it gives bugcheck DRIVER_VERIFIER_DETECTED_VIOLATION with allocations not freed for the context.

Any solution for this?


Solution

  • I took a leaf of what was available before localRedirectContext came to picture from windows 8 onwards. Managing a list of memory allocated for storing context and clearing it when user mode asks for the record using the local port, IP version, and protocol number. By doing this, -> the list doesn't grow long as it gets cleared immediately after listening to the new connection -> if some connection is still under process while the callout driver is getting unloaded, by freeing up item available in list solves the verifier issue