Stop 0x19 – Corrupt Pool Header – !pool, !poolval, dt nt!_POOL_HEADER

This blog post is going to more of a link to a thread again, but I’m going to quickly explain the fields within the _POOL_HEADER data structure. Please note !pool and !pooval are explained in my Stop 0xC2 blog post.

Stop 0x19 Example – With Stop 0xC5 and Stop 0xC2 

Every pool allocation, has a data structure called the Header, this is used to store information about the pool allocation such as it’s size, it’s owner and the previous allocation before it within the linked list.

The Block Size means the current size of the pool allocation.

Previous Size contains the size of the previous pool allocation.

Pool Tag is the owner of the pool allocation. You could use the !poolfind extension to find the allocation owned by that pool tag. 


About 0x14c

I'm currently a Software Developer. My primary interests are Mathematics, Programming and Windows Internals.
This entry was posted in Stop 0x19. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.