Description
I am writing a query which detect the Sal IRQL annotation on Driver code. So there is file public.h where
DRIVER_INITIALIZE DriverEntry; is written
There is a Driver.cpp
Where
IRQL_requires(passive_level)
NTSTATUS
DriverEntry()
I wrote a query which is detecting the functions which don’t have SAL Irql . Here I have annotated in the DriverEntry function. When I run the query it gives results from public.h location. DriverEntry is not annotated with SAL IRQl.
Query looks like
Class SALirql extends SALAnnotations{
SALIrql()
{
this.getMacroName() in [“IRQL_requires”,…]
}
}
from Function f1, Function F2
Where
f1.getADeclarationEntry()=f2.getADeclarationEntry() and
not exists ( SALIrql s | s.getDeclarationEntry()= f1.getDeclarationEntry()
Select f1, f1.getName() + “ function does not have the SAL IRQL “