Accessing kernel memory from user mode (windows) -


i'm writing driver needs allocate non paged pool of memory , memory, performance sake, must directly accessible usermode program.

in driver entry i've allocated memory 2 type of methods

pmdl = ioallocatemdl(null,                      4096,                      false,                      false,                      null); if(!pmdl) {     dbgprintex(dpfltr_ihvvideo_id, dpfltr_info_level, "error on ioallocatemdl. returning driver early.\n");     return status_insufficient_resources; } mmbuildmdlfornonpagedpool(pmdl); usermemory = (void *)mmmaplockedpagesspecifycache(pmdl, usermode, mmwritecombined, null, false, lowpagepriority);

and

usermemory = exallocatepoolwithtag(                 nonpagedpool,                 4096,                 pool_tag);

now don't want issue deviceiocontrol every time need write/read memory instead want this

char* sharedmem; ..... transactionresult = deviceiocontrol ( hdevice,                         (dword) ioctl_mmap,                         null,                         0,                         sharedmem,                         sizeof(int),                         &bretur,                         null                         ); ..... sharedmem[0]='c';

using deviceiocontrol address in kernel memory , using directly, mmap under linux.

is there kind of way in windows?

---------------edit 1 i've done this

hmapfile = openfilemapping(                 file_map_all_access,          // read/write access                 true,                                       "global\\sharedmemory");                 // name of mapping object  lasterror = getlasterror(); if (hmapfile == null) {     printf("could not create file mapping object (%d).\n" ,getlasterror());     return 1; } pbuf = (char*)mapviewoffile(hmapfile,   // handle map object                             file_map_all_access, // read/write permission                             0,                             0,                             4096);  if (pbuf == null) {     printf("could not map view of file (%d).\n", getlasterror());     closehandle(hmapfile);     return 1; } pbuf[0] = 'c'; pbuf[1] = '\n'; closehandle(hmapfile);

and i've created view in kernel this

rtlinitunicodestring(&name, l"\\basenamedobjects\\sharedmemory"); initializeobjectattributes(&oa, &name, 0, 0, null); zwcreatesection(&hsection, section_all_access, &oa, &li, page_readwrite, sec_commit, null);  zwmapviewofsection(hsection, ntcurrentprocess(),                      &usermem, 0, mem_width, null,                     &j, viewshare, 0, page_readwrite);

but in kernel when read memory it's empty: can may be?

i understood how need work.

first i've created structure following

typedef struct _memory_entry {     pvoid       pbuffer;          } memory_entry, *pmemory_entry;

this used return virtual address kernel space user space

in driverentry used

usermem = exallocatepoolwithtag(nonpagedpool,                                 mem_width,                                  pool_tag );

to set nonpaged memory. i've created ioctl working in direct_out mode following snippet

... pmdl                mdl = null; pvoid               buffer = null; memory_entry        returnedvalue; void*               uservirtualaddress = null; ... buffer = mmgetsystemaddressformdlsafe(irp->mdladdress, normalpagepriority); //gets safely pointer output in irp mdl = ioallocatemdl( usermem,mem_width, false, false, null ); //allocate memory descriptor list mmbuildmdlfornonpagedpool(mdl); //this needed when we're managing nonpaged memory uservirtualaddress = mmmaplockedpagesspecifycache(                                           mdl,                                           usermode,                                            mmnoncached,                                           null,                                           false,                                            normalpagepriority); //return virtual address in context of                                                                 //the user space program called ioctl  returnedvalue.pbuffer = uservirtualaddress; rtlcopymemory(buffer,             &returnedvalue,             sizeof(pvoid));   //i copy virtual address in structure returned                               //to user mode program irp

in user mode program needed to this

transactionresult = deviceiocontrol ( hdevice,                         (dword) ioctl_mmap,                         null,                         0,                         sharedmem,                         sizeof(void*),                         &bretur,                         null                         );

in (memory_entry*)sharedmem->pbuffer find memory area created , shared kernel space directly accessible kernel , user program

i haven't wrote need remember wrap entire mmgetsystemaddressformdlsafe(...)----->rtlcopymemory(...) in try...except block because can encounter various problems here may cause bugcheck better safe sorry. anyway, if you're compiling kind of code in checked environment ms autocodereview pointing out.

if need more clarifications, or if wrote wrong let me know , happy modify post.


Comments

Post a Comment

Popular posts from this blog

php - failed to open stream: HTTP request failed! HTTP/1.0 400 Bad Request -

this code i'm using find latitude , longitude of place: function coords($address){ echo $url="http://maps.googleapis.com/maps/api/geocode/json?address=".$address; $json = file_get_contents(urlencode($url)); $data = json_decode($json, true); print_r($data['results'][0]['geometry']['location']['lat']); print_r($data['results'][0]['geometry']['location']['lng']); } however returns warning: failed open stream: http request failed! http/1.0 400 bad request if use above code in simple procedure works fine not in function. note: have tried curl_init()... method produced same result? instead of encoding whole url encode address part. following code work fine $add='jamshoro phase 2'; $url="http://maps.googleapis.com/maps/api/geocode/json?address=".urlencode($add); $json = file_get_contents($url); $data = json_decode($json, true); print_r($data['r
Read more

java - How to filter a backspace keyboard input -

i have code gives message when key number pressed: txtvalueofclause.addeventfilter(keyevent.key_typed, new eventhandler<keyevent>() { @override public void handle(keyevent t) { char ar[] = t.getcharacter().tochararray(); char ch = ar[t.getcharacter().tochararray().length - 1]; if (!(ch >= '0' && ch <= '9')) { system.out.println("the char entered not number"); t.consume(); } } }); now if press on wrong button , press backspace remove it, error message. how can add backspace input if statement? i have found answer: txtvalueofclause.addeventfilter(keyevent.key_typed, new eventhandler<keyevent>() { @override public void handle(keyevent t) { char ar[] = t.getcharacter().tochararray(); char ch = ar[t.getcharacter().tochar
Read more

java - Show Soft Keyboard when EditText Appears -

i have code in android app, alert dialog , keyboard, , when dialog shown want keyboard appear. not , not sure why? here code: final alertdialog.builder alert = new alertdialog.builder(this); alert.settitle("title"); alert.setmessage("message"); final edittext input = new edittext(this); input.setinputtype(inputtype.type_class_number); alert.setview(input); input.setonfocuschangelistener(new view.onfocuschangelistener() { @override public void onfocuschange(view v, boolean hasfocus) { if (hasfocus) { log.i(tag, "in focus"); inputmethodmanager inputmethodmanager = (inputmethodmanager) getsystemservice(context.input_method_service); inputmethodmanager.showsoftinput(input, inputmethodmanager.show_implicit); } } }); but keyboard not appear though edit text in focus, , tell appear why, doesn't come up? thanks in advance.
Read more