EWDK Code Analysis and CodeQL for HLK package, failing test due to wdm.h code

Question

EWDK Code Analysis and CodeQL for HLK package, failing test due to wdm.h code

John Hentges, ACCES 20

I'm trying to pass HLK testing for a PnP DAQ card driver targeting Windows 11 Iot Enterprise LTSC. My DVL (.xml) file, created from "Visual Studio 2022 | Extensions | Driver | Create driver verification log..." by parsing the results from CodeQL testing (must-fix.qls) and the results from CodeAnalysis, says I have a must-fix defect in my WDM kernel driver targeting 10.0.26100:

{DRIVER}.x64.Semmle.Defect.cpp/drivers/wdk-deprecated-api - from CodeQL,

However, the online reference for this defect says it means my driver is using an old ExAllocatePool function - it is not. All 5 calls to ExAllocatePool* in my code were calling ExAllocatePoolZero, and I updated all of them to ExAllocatePool2. I still see the error.
Digging into the .sarif instead of the DVL summary I see the errors are all coming from WDM.h, NOT my source.I started with the nuget WDK but had to make some crazy path changes so that CodeQL could find wdm.h. I switched to the EWDK, then I just had to add C:\CodeQL-home\CodeQL\ to the PATH to get it to work.

Here's the six wdm.h errors I get in my Sarif file:

Using deprecated API 'ExAllocatePoolWithTag'. WDM.h line 25506

Using deprecated API 'ExAllocatePoolWithTag'. WDM.h line 25544

Using deprecated API 'ExAllocatePoolWithQuotaTag'. WDM.h line 25574

Using deprecated API 'ExAllocatePoolWithQuotaTag'. WDM.h line 25612

Using deprecated API 'ExAllocatePoolWithTagPriority'. WDM.h line 25643

Using deprecated API 'ExAllocatePoolWithTagPriority'. WDM.h line 25683

I can't pass the HLK Static Verifier test unless this goes away...

Accepted answer

0 additional answers

Your answer

Answer 1

Jacob Ronstadt 80 Microsoft Employee

Hi John,

After taking a look at this it seems to be an issue with using the WDK nuget package with CodeQL. Normally results from outside the source directory should be excluded, but when using the WDK nuget, kit files such as wdm.h are placed in the packages directory in your source directory.

I've created an internal bug to track this, but for now you can work around the issue by changing the structure of your project so that you aren't running CodeQL in the same directory as the nuget packages directory. For example, with a structure similar to below you can run codeql from the "driver" directory so that the WDK nuget files aren't included in your database.

ProjectFolder/
├── driver_solution.sln/
├── packages/
├── driver/
│   ├── driver.c
│   ├── driver.h
│   ├── driver_project.vcxproj

John Hentges, ACCES 20 Reputation points

2025-04-22T12:42:27.1633333+00:00

I am uncertain how to modify my project / solution to accomplish this directory change (given the packages folder was created by the nuget process), but I'll dig around in the .sln / .vcxproj and see what I can find.

Thank you for your response; it seems a plausible fix; I'll revert when I have status
John Hentges, ACCES 20 Reputation points

2025-04-22T13:52:03.1833333+00:00

Well, I was able to modify the vcxproj for the modified directory structure and the driver builds in both the IDE and the codeql database create. However, the analyze step reports

Message cpp/baseline/expected-extracted-files

for every source file in the driver, both .h and .cpp.

database-create-20250422.063932.419.log
Jacob Ronstadt 80 Reputation points Microsoft Employee

2025-04-22T15:22:55.8133333+00:00

Those are only informational about which files are extracted and shouldn't impact HLK tests.

Share via

EWDK Code Analysis and CodeQL for HLK package, failing test due to wdm.h code

0 additional answers

Your answer