none
Non-zero Code Integrity statistic found: "Section Alignment Failures =8" and "Execute-Write Section Count=1" RRS feed

  • Question

      • When I ran HLK for my old WDM driver for WIndows 10 64, I have got failures for HVCI code integrity test as below, 

      Non-zero Code Integrity statistic found: "Section Alignment Failures =8" 

      Non-zero Code Integrity statistic found: "Execute-Write  Section Count=1" 

      Driver was built with WDK 7.   I have used NonPagedPoolNx and wherever I used ExAllocatePoolWithTag , I have used the pool tag with a multiple  of 0x1000.
       
    • Were there any recent changes made prior to the issue?
      • Changes done in the driver for making the HVCI readiness Test in HLK to pass for Windows 10.
      • I have changed all paged pool usages to NonPagedPoolNx  and used ExAllocatePoolWithTag with  pool tag with a multiple  of 0x1000.
    • Where did  get this error?
      • In the HLK setup for Windows 10 USB driver.
    • On which build version of Windows is the device running on?
      • I have tested on on WIndows 10 x64 1607 and 1511 and 1709 versions. HLK test fails with these errors.
    • Troubleshooting steps so far?
      • Yes. I have enabled the driver verifier and debugged remotely with Windbg. I am getting following 8 Code integrity issues.
                       

    Driver Verifier: Enabled for driverxxx.sys, flags 0x2000000, build 10586, key 
    xxxxxxxx
    *********** Verifier Detected a Code Integrity Issue ************
    **
    ** The image driverxxx.sys contains section 0xFFFFF800873401F0 that is not page 
    aligned (name .text).
    **
    *****************************************************************
    *********** Verifier Detected a Code Integrity Issue ************
    **
    ** The image  driverxxx.sys contains section 0xFFFFF80087340218 that is not page 
    aligned (name .rdata).
    **
    *****************************************************************
    *********** Verifier Detected a Code Integrity Issue ************
    **
    ** The image  driverxxx.sys contains section 0xFFFFF80087340240 that is not page 
    aligned (name .data).
    **
    *****************************************************************
    *********** Verifier Detected a Code Integrity Issue ************
    **
    ** The image  driverxxx.sys contains section 0xFFFFF80087340268 that is not page 
    aligned (name .pdata).
    **
    *****************************************************************
    *********** Verifier Detected a Code Integrity Issue ************
    **
    ** The image  driverxxx.sys contains section 0xFFFFF80087340290 that is not page 
    aligned (name .CRT).
    **
    *****************************************************************
    *********** Verifier Detected a Code Integrity Issue ************
    **
    ** The image  driverxxx.sys contains section 0xFFFFF800873402B8 that is not page 
    aligned (name INIT).
    **
    *****************************************************************
    *********** Verifier Detected a Code Integrity Issue ************
    **
    ** The image driverxxx.sys contains section 0xFFFFF800873402E0 that is not page 
    aligned (name .rsrc).
    **
    *****************************************************************
    *********** Verifier Detected a Code Integrity Issue ************
    **
    ** The image  driverxxx.sys contains section 0xFFFFF80087340308 that is not page 
    aligned (name .reloc).
    **
    *****************************************************************


    How can I trace this .text, .rdata , .data etc to the code for page alignment 
    issues ?
    Since it is a Verifier crash, I am not able to debug even with the .pdb file in 
    Windbg.
    Any thoughts to identify the root cause of this failure ? Please help.

    Monday, February 5, 2018 3:57 AM

All replies

  • It looks like your linker options are not correct. The linker is responsible for coalescing the program sections (PSECTs) output by the compiler into image sections with the same page attributes (read, read/write, execute, etc.), and placing the sections on page boundaries

     -Brian


    Azius Developer Training www.azius.com Windows device driver, internals, security, & forensics training and consulting. Blog at www.azius.com/blog

    Monday, February 5, 2018 4:04 AM
    Moderator
  • Thanks Brian, Actually I have added below ones into my build, still the page alignment issues persists.

    First try.
    LINKER_FLAGS=/ALIGN:4096 

    Second try.
    LINKER_FLAGS=/SECTION:.text!RX,ALIGN:4096 
    DRIVER_ALIGNMENT=0x1000

    Any idea of what is going wrong ?



    • Edited by Steve Walkin Monday, February 5, 2018 4:23 AM Name correction
    Monday, February 5, 2018 4:21 AM
  • Compare the linker command line options you're using vs. what is used in a working driver project. The problem is probably related to some vaguely documented linker option that you're missing. Note: not all compiler and linker options are documented, which is by design! :-(

     -Brian


    Azius Developer Training www.azius.com Windows device driver, internals, security, & forensics training and consulting. Blog at www.azius.com/blog

    Monday, February 5, 2018 4:26 AM
    Moderator
  • I have tried with Use _NT_TARGET_VERSION=$(_NT_TARGET_VERSION_LATEST) in the "sources" file of my build environment[Win 7 x64 fre]. Still it is not page aligned.

    Monday, February 5, 2018 6:11 AM
  • Related to: Non-zero Code Integrity statistic found: "Execute-Write  Section Count=1"

    I'm using an older WDK version and need to fix the result of the INIT pragma (e.g. https://gist.github.com/pavel-a/090cbe4b2aea9a054c55974b7c7be634#file-wc-fixer-cpp , using a current WDK also helps)

    Tuesday, February 13, 2018 8:53 AM