Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Shared Memory Between User Mode and Kernel Mode

Tags:

c++

windows

winapi

shared-memory

kernel32

I am writing some kernel side code for Windows7 to access shared memory created in user mode, as suggested here.
The shared memory is created in user space with name:

"MySharedMem"

Opening the shared memory in user space works.
Opening the same shared memory in kernel mode calling ZwOpenSection fails returning:

#define STATUS_OBJECT_NAME_NOT_FOUND     ((NTSTATUS)0xC0000034L)

The kernel code is:

NTSTATUS CModule1::OpenShared()
{
SIZE_T vs = 256;
WCHAR stringBuffer[] =  L"\\BaseNamedObjects\\MySharedMem";
UNICODE_STRING  sectionName;

RtlInitUnicodeString(&sectionName,stringBuffer);

OBJECT_ATTRIBUTES myAttributes;

InitializeObjectAttributes(&myAttributes,&sectionName,0,NULL,NULL);
NTSTATUS status0 = ZwOpenSection(&sectionHandle_,SECTION_MAP_READ|SECTION_MAP_WRITE,&myAttributes);

NTSTATUS status = ZwMapViewOfSection(&sectionHandle_, ZwCurrentProcess(), (PVOID *)&pSharedData_, 0, 0, NULL, &vs, ViewShare, 0, PAGE_READWRITE); 
return status;
}

I tried several names (L"\\MySharedMem" or L"MySharedMem") but I got other errors as STATUS_OBJECT_PATH_INVALID or STATUS_OBJECT_PATH_NOT_FOUND.
Also creating the shared memory as "Global\\MySharedMem" does not work.

What am I doing wrong?

I tried to create the shared memory in kernel mode, I get success on ZwCreateSection and ZwMapViewOfSection but i get access violation when I access the pSharedData_ pointer to test the buffer:

NTSTATUS CModule1::MapUserSection()
{
typedef struct SHARED_SECTION {DWORD i; };
NTSTATUS status = STATUS_SUCCESS;
ULONG Attributes=OBJ_KERNEL_HANDLE | OBJ_FORCE_ACCESS_CHECK;

OBJECT_ATTRIBUTES objectAttributes;
LARGE_INTEGER MaxSize;
SIZE_T ViewSize=sizeof(SHARED_SECTION);
MaxSize.QuadPart=sizeof(SHARED_SECTION);

WCHAR stringBuffer[] =  L"\\MySm2";
UNICODE_STRING  sectionName;
RtlInitUnicodeString(&sectionName,stringBuffer);
InitializeObjectAttributes(&objectAttributes,&sectionName,Attributes,NULL,NULL);

status= ZwCreateSection(&sectionHandle_,SECTION_ALL_ACCESS,&objectAttributes,&MaxSize,PAGE_READWRITE,SEC_COMMIT,NULL);
status = ZwMapViewOfSection(sectionHandle_, ZwCurrentProcess(), (PVOID *)&pSharedData_, 0, 0, NULL, &ViewSize, ViewShare, 0, PAGE_READWRITE); 

//To test the buffer
RtlFillMemory(pSharedData_, '1',ViewSize);
return status;
}

Everything fails...

like image 463
Stefano Piovesan Avatar asked Sep 15 '15 21:09

Stefano Piovesan

People also ask

What is difference between kernel mode and user mode?

In kernel mode, the program has direct and unrestricted access to system resources. In user mode, the application program executes and starts. In user mode, a single process fails if an interrupt occurs. Kernel mode is also known as the master mode, privileged mode, or system mode.

How the communication happens between user mode and kernel mode?

The filter manager supports communication between user mode and kernel mode through communication ports. The minifilter driver controls security on the port by specifying a security descriptor to be applied to the communication port object.

How do two processes share memory?

The user just writes data to the process memory, and the operating systems dumps the data to the file. When two processes map the same file in memory, the memory that one process writes is seen by another process, so memory mapped files can be used as an interprocess communication mechanism.

What is shared memory explain kernel support for shared memory with example?

So, shared memory provides a way by letting two or more processes share a memory segment. With Shared Memory the data is only copied twice – from input file into shared memory and from shared memory to the output file. SYSTEM CALLS USED ARE: ftok(): is use to generate a unique key.

1 Answers

Concerning CreateFileMapping:

Creating a file mapping object in the global namespace from a session other than session zero requires the SeCreateGlobalPrivilege privilege.

From KB191840:

[T]he object is always mapped in the user address space (below 0x80000000) of a process (regardless of whether the object is created in kernel mode or user mode) the address is valid only if it is accessed in the context of the process.

The KB continues:

This method is not recommended and is used least by low-level device drivers because, as explained earlier, the scope of the address is limited to the process in which the object is mapped, and it cannot be accessed in a DPC or ISR. [Emphasis Mine]

The fix is either:

  1. Create the file mapping in kernel mode. (Suggested by the KB article.)
  2. Use IOCTL
like image 61
theB Avatar answered Oct 13 '22 19:10

theB
Sign in to Comment

Related questions

Boost pool allocators won't compile with std::allocate_shared in g++
why huge compilation time difference between g++ and clang++?
C++11 cross compiler/standard library random distribution reproducibility
QTreeView merge some cells
Why does loop unrolling have no effect for a large dataset?
Is there any way to inherit an alias template?
inconsistent warning: variable might be clobbered by ‘longjmp’ or ‘vfork’
vector::clear in libc++ for trivially destructible types
Why does the preprocessor distinguish between number and character tokens?
Size of pointer to member function varies like crazy
Custom allocator performance
C++ How to export a static class member from a dll?
c++ string literal still confusing
Weird c++ copy constructor without default constructor [duplicate]
OpenGL - Water waves (with noise)
How does `std::less` work?
VS2013 - static const already defined
(Vec4 x Mat4x4) product using SIMD and improvements
stdin as input file for MSVC
std::set insert with initialiser lists

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!