Index: pool.c =================================================================== --- ntoskrnl/mm/ARM3/pool.c (revision 74045) +++ ntoskrnl/mm/ARM3/pool.c (working copy) @@ -24,7 +24,7 @@ KGUARDED_MUTEX MmPagedPoolMutex; MM_PAGED_POOL_INFO MmPagedPoolInfo; SIZE_T MmAllocatedNonPagedPool; -ULONG MmSpecialPoolTag; +ULONG MmSpecialPoolTag = 1; ULONG MmConsumedPoolPercentage; BOOLEAN MmProtectFreedNonPagedPool; SLIST_HEADER MiNonPagedPoolSListHead; Index: special.c =================================================================== --- ntoskrnl/mm/ARM3/special.c (revision 74045) +++ ntoskrnl/mm/ARM3/special.c (working copy) @@ -76,6 +76,10 @@ NTAPI MmUseSpecialPool(SIZE_T NumberOfBytes, ULONG Tag) { + PLDR_DATA_TABLE_ENTRY LdrEntry; + PVOID CallersCaller; + UNICODE_STRING Win32k = RTL_CONSTANT_STRING(L"win32k.sys"); + /* Special pool is not suitable for allocations bigger than 1 page */ if (NumberOfBytes > (PAGE_SIZE - sizeof(POOL_HEADER))) { @@ -82,12 +86,30 @@ return FALSE; } - if (MmSpecialPoolTag == '*') + if (Tag == 'enoN' || KeGetCurrentIrql() >= DISPATCH_LEVEL) { return TRUE; } - return Tag == MmSpecialPoolTag; + /* Find the first four letters of the driver name if we can */ + RtlGetCallersAddress(NULL, &CallersCaller); + if (!PsLoadedModuleList.Flink) + { + return TRUE; + } + + LdrEntry = MiLookupDataTableEntry(CallersCaller); + if (!LdrEntry) + { + return TRUE; + } + + if (RtlEqualUnicodeString(&LdrEntry->BaseDllName, &Win32k, TRUE)) + { + return TRUE; + } + + return FALSE; } BOOLEAN