Kernel Os Windows Access

| Bug Type | Example | Detection | | :--- | :--- | :--- | | | Accessing paged pool at IRQL >= DISPATCH_LEVEL | Driver Verifier (IRQL checking) | | Double fetch | Reading user-mode pointer twice (TOCTOU) | Code analysis rule 28152 | | Spinlock deadlock | Acquiring two spinlocks in different order | !locks in WinDbg | | Memory leak (non-paged pool) | Forgetting ExFreePoolWithTag | PoolMon + tagged allocations |

Modern Windows kernel development mandates: kernel os windows