3 Sep
2018
3 Sep
'18
4:12 a.m.
On 02/09/18 23:11, Derek Lesho wrote:
I see, thanks for clearing that up. Looking further, it looks like the NonPagedPoolExecute value was only added in Windows 8. Either way, even when the windows version in wine is set to windows 7, BEDaisy.sys does use ExAllocatePoolWithTag with a POOL_TYPE of 1 and tries to execute it. Maybe all paged memory allocated in the kernel is executable?
Indeed it would seem so:
https://docs.microsoft.com/en-us/windows-hardware/drivers/kernel/no-execute-...