So I'm suspecting a memory leak in a driver written with WDF. I've been trying to catch it with the driver verifier, but I can't seem to succeed.
I decided to test my approach. I wrote a small test driver, or more precisely, modified Microsoft's echo driver, and introduced a memory leak into it as such:
WDFMEMORY hMem = NULL;
Status = WdfMemoryCreate(WDF_NO_OBJECT_ATTRIBUTES, NonPagedPoolNx, 'aaaa', 1, &hMem, NULL);
if(Status == STATUS_SUCCESS)
{
KdPrint(("WdfMemoryCreate leaked memory!\n"));
}
else
{
KdPrint(("WdfMemoryCreate FAIL, status = 0x%X\n", Status));
}
After I load my echo.sys and enable driver verifier for it, and for the wdf01000.sys:
I also run the wdfverifier.exe and enable it for my echo.sys to track WDFMEMORY objects, among other things:
Then I run my echo driver with the code snippet above to introduce a memory leak. I can see the output in the DbgView, meaning that the leaky code had run.
I then tried to reboot the system while my echo.sys was still loaded, hoping to cause the verifier to catch my memory leak to emulate what I need the verifier to do in my actual driver. But nothing seem to happen, the OS just reboots.
I then tried to repeat the steps above, and then to unload manually my echo.sys with the memory leak in it. Still verifier fails to catch it. The driver simply unloads without a BSOD.
So what am I doing wrong?