C30033
warning C30033: Executable allocation was detected in a driver compiled with POOL_NX_OPTIN. This driver has been determined to be loaded at run time by another driver. Please verify that the loading driver calls ExInitializeDriverRuntime(DrvRtPoolNxOptIn) in its DriverEntry.
BANNED_MEM_ALLOCATION_MAYBE_UNSAFE_DRIVER_LOADED
It has been determined that this is a DLL that is loaded by another driver, and as such does not have a complete initialization function. Verify the loading driver is:
- Compiled using POOL_NX_OPTIN=1
- Calls ExInitializeDriverRuntime(DrvRtPoolNxOptIn) in its initialization function
If the loading driver specifies these correctly, then the warning can be ignored.
Example
The following code in every loader of the DLL means that you should make the change (as per the safe example below)
In the sources file
C_DEFINES=$(C_DEFINES)
In DriverEntry, before any memory allocation takes place:
NTSTATUS
DriverEntry (
_In_ PDRIVER_OBJECT DriverObject,
_In_ PUNICODE_STRING RegistryPath
)
{
NTSTATUS status;
…
// No call to ExInitializeDriverRuntime
return(status)
}
The following code in every loader of the DLL means that you can ignore the warning.
In the sources file, add
C_DEFINES=$(C_DEFINES) -DPOOL_NX_OPTIN=1
In DriverEntry, before any memory allocation takes place:
NTSTATUS
DriverEntry (
_In_ PDRIVER_OBJECT DriverObject,
_In_ PUNICODE_STRING RegistryPath
)
{
NTSTATUS status;
ExInitializeDriverRuntime( DrvRtPoolNxOptIn );
…
Example #2
A second way to fix this is to make every call explicitly reference non-executable memory.
The following code generates this warning.
ExAllocatePoolWithTag(NonPagedPool, numberOfBytes, 'xppn');
The following code avoids this warning:
ExAllocatePoolWithTag(NonPagedPoolNx, numberOfBytes, 'xppn');
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for