Export (0) Print
Expand All
Expand Minimize

MmIsDriverVerifyingByAddress routine

The MmIsDriverVerifyingByAddress routine checks whether the kernel-mode driver that is identified by the specified image address is being verified or calls a driver that is being verified by Driver Verifier.

Syntax


LOGICAL MmIsDriverVerifyingByAddress(
  _In_  PVOID AddressWithinSection
);

Parameters

AddressWithinSection [in]

A pointer to the virtual address within the driver image. MmIsDriverVerifyingByAddress uses this address to determine which driver to check.

Return value

MmIsDriverVerifyingByAddress returns TRUE if the specified driver either is in the driver verification list or imports calls to entry points in a driver that is in the driver verification list. Otherwise, this routine returns FALSE.

Remarks

A kernel-mode driver can call this routine to determine whether it or another driver is being monitored by Driver Verifier. Driver Verifier monitors kernel-mode drivers to detect illegal function calls or actions that might corrupt the system. To select drivers to be verified, you can use the Verifier Command Line or Driver Verifier Manager. For more information about adding drivers to the driver verification list, see Selecting Drivers to be Verified.

A similar routine, MmIsDriverVerifying, indicates whether a driver identified by a driver object is being verified or calls a driver that is being verified.

Another related routine, MmIsDriverSuspectForVerifier, indicates whether a driver represented by a driver object is in the list of drivers that are selected to be verified.

For example, if driver A has an import table through which it calls one or more entry points in driver B, and driver B is in the driver verification list, then MmIsDriverVerifyingByAddress(Aobj) returns TRUE and MmIsDriverSuspectForVerifier(Badr) returns TRUE, where Aobj is a pointer to the driver object for A and Badr is an address in driver B. If driver A is not in the driver verification list, MmIsDriverSuspectForVerifier(Aobj) returns FALSE. Even if driver B does not call entry points in any drivers that are in the driver verification list, MmIsDriverVerifyingByAddress(Badr) returns TRUE because driver B is in the driver verification list. If a driver C is not in the driver verification list and does not call entry points in any drivers that are in the driver verification list, MmIsDriverVerifyingByAddress(Cadr) and MmIsDriverSuspectForVerifier(Cobj) both return FALSE.

Requirements

Version

Available starting with Windows Vista.

Header

Wdm.h (include Wdm.h)

Library

Ntoskrnl.lib

IRQL

<=APC_LEVEL

See also

MmIsDriverSuspectForVerifier
MmIsDriverVerifying

 

 

Send comments about this topic to Microsoft

Show:
© 2014 Microsoft