WFP verifier issue RRS feed

  • Question

  • According to documentation for FWPM_LAYER_ALE_AUTH_CONNECT_REDIRECT,

    "Starting with Windows 8, memory allocated for localRedirectContext will have its ownership taken by WFP, and will be freed when the proxied flow is removed."

    But if verifier is ON then it gives bugcheck DRIVER_VERIFIER_DETECTED_VIOLATION with allocations not freed for the context.

    Any solution for this?
    Friday, June 26, 2020 3:20 PM


  • If redirected connection is not cleaned up when wfp callout driver is getting unloaded, forget to free memory before unload type bugcheck by Driver verifier is obvious. 

    When connection will get cleaned up by wfp is not in our control. So either turn off the dv or try some other mechanism to do memory management needed when connection is getting redirected. Enforcing reboot required when such driver is getting unloaded is also good idea. 

    • Marked as answer by win_kernel_dev Saturday, January 2, 2021 11:50 PM
    Saturday, January 2, 2021 11:50 PM