The commit e7118d4 switches the code to using ExAllocatePoolWithTag, which doesn't zero out the memory on allocation. This was causing the ETW session initialisation functions to read junk as flags and start to reject the session, so failing any plugin load that wanted to use ETW. The fix is simple though, I probably should of had this before anyway.
stevemk14ebr
commented
1 year ago
The commit e7118d4 switches the code to using ExAllocatePoolWithTag, which doesn't zero out the memory on allocation. This was causing the ETW session initialisation functions to read junk as flags and start to reject the session, so failing any plugin load that wanted to use ETW. The fix is simple though, I probably should of had this before anyway.