Thomas Bohl schrieb:> I have the impression that since some time (since Vers. 5.0?) N[expr] does&...
By peter_pein
Hi, I have a routine which open the file handle for me. It works fine as long as no one touches the ...
By anonymous
Hello Bruce,Thanks a lot for your explanation! I got it.I should have read the known BUGs before:)Ma...
By wyel_en
Dear members of www-html,I may have to re-introduce myself here before I send the followingposting t...
By oskarwelzl
MessageFrom: "Simon Michael" <simon (AT) joyful (DOT) com>To: zope (AT) zope (DOT) orgSubject:...
By biggerboat, 1 Comments
Are there any out there? I've been hunting places like Google Video and dl'ing mpeg4'...
By dawson9b7b, 1 Comments
Hi I whant to use a driver from another driver. But whats the diffrence between Zw- or Io-Createfile...
By anonymous, 2 Comments
i'm getting so confused on this notepad project...can someone please help me?the code i got on ...
By dragonempres, 2 Comments
Unicode Technical Report #20 (Unicode in XML and other Markup Languages) specifies that Zero-width J...
By jose, 5 Comments
Show us the output of !analyze -v in the kernel debugger.
-Eliyas
<euacela...gmail.com> wrote in message
news:1172319453.825136.189940...k78g2000cwa.googlegroups.com...
> hi
> I try to map a region in the page file to Iter process comunicate in
> kernel mode.
> with no further commet s I'll give show the code to see if its
> something wrong:
> NTSTATUS FillPortViewClient(PPORT_VIEW ClientView)
> {
> NTSTATUS Status;
> HANDLE hSection,hFile,hProc;
> PVOID BaseAddress=NULL;
> LARGE_INTEGER MaximumSize;
> UNICODE_STRING FileName;
> OBJECT_ATTRIBUTES obj;
> IO_STATUS_BLOCK IoStatus;
> SIZE_T ViewSize;
> ULONG SectionSize;
> ULONG Error;
> PEPROCESS Process;
> KAPC_STATE StateProcess;
> FILE_STANDARD_INFORMATION FileInfo;
>
>
>
> SectionSize=SECTION_SIZE;
> DbgPrint("section size: %d",SectionSize);
>
>
> RtlZeroMemory(&MaximumSize,sizeof(LARGE_INTEGER));
> //MaximumSize.LowPart=SectionSize;
> //MaximumSize.HighPart=0;
> MaximumSize.QuadPart=4096;
> //i tried with lowPart=4096 and still nothing
> RtlInitUnicodeString(&FileName,L"\\BaseNamedObjects\\MySection");
> InitializeObjectAttributes(&obj,
> &FileName,
> OBJ_CASE_INSENSITIVE|OBJ_KERNEL_HANDLE,
> NULL,
> NULL);
>
> Status=ZwCreateSection(&hSection,
> SECTION_MAP_READ|STANDARD_RIGHTS_REQUIRED|SECTION_MAP_WRITE,
> &obj,
> &MaximumSize,
> PAGE_READWRITE,
> SEC_COMMIT,
> NULL);//hFile);
>
>
> if (!NT_SUCCESS(Status))
> {
> DbgPrint("Sectiunea nu a putut fi deschisa: 0x%x",Status);
> Error=1;
> return 0;
> }
>
>
>
> ViewSize=4096;
>
> DbgPrint("Sectiune Creata: 0x%x",Status);
>
>
> Status=ZwMapViewOfSection(
> hSection,
> NtCurrentProcess(),
> &BaseAddress,
> 0,
> ViewSize,
> NULL,//&MaximumSize,//offset
> &ViewSize,//size to map
> ViewShare,//Share to child processes
> 0,// Allocation type
> PAGE_READWRITE);//protection
>
> if (!NT_SUCCESS(Status))
> {
> DbgPrint("Sectiunea nu a putut fi mappata: 0x%x",Status);
> ZwClose(hSection);
> Error=1;
> return 0;
> }
> Error=0;
> if (!Error)
> {
> DbgPrint("sectiune mappta size: %d",ViewSize);
> ClientView->Length=sizeof(PORT_VIEW);
> ClientView->SectionHandle=hSection;
> ClientView->ViewBase=BaseAddress;
> ClientView->ViewSize=SectionSize/2;
> ClientView->SectionOffset=0;
> ClientView->ViewRemoteBase=BaseAddress;
> }
>
> return Status;
> }
>
> i tired many combinations but still blue screen.
> please help
> thanks
>
eliyas | Tues, 20 May 2008 07:39:00 GMT |
Actually, I don't see anything wrong with your code - it should work just
fine. The only question is SECTION_SIZE constant (there is no such
declaration in WDK).
What is the size of the section you are trying to create ( I specified 16
pages, and managed to run your code successfully)?
Please note that ZwCreateSection() will fail because of name collision if
you run it on thread X while thread Y has an open handle. However, you don't
seem to proceed to mapping the section if ZwCreateSection() call fails...
Anton Bassov
"euacela...gmail.com" wrote:
> hi
> I try to map a region in the page file to Iter process comunicate in
> kernel mode.
> with no further commet s I'll give show the code to see if its
> something wrong:
> NTSTATUS FillPortViewClient(PPORT_VIEW ClientView)
> {
> NTSTATUS Status;
> HANDLE hSection,hFile,hProc;
> PVOID BaseAddress=NULL;
> LARGE_INTEGER MaximumSize;
> UNICODE_STRING FileName;
> OBJECT_ATTRIBUTES obj;
> IO_STATUS_BLOCK IoStatus;
> SIZE_T ViewSize;
> ULONG SectionSize;
> ULONG Error;
> PEPROCESS Process;
> KAPC_STATE StateProcess;
> FILE_STANDARD_INFORMATION FileInfo;
>
>
>
> SectionSize=SECTION_SIZE;
> DbgPrint("section size: %d",SectionSize);
>
>
> RtlZeroMemory(&MaximumSize,sizeof(LARGE_INTEGER));
> //MaximumSize.LowPart=SectionSize;
> //MaximumSize.HighPart=0;
> MaximumSize.QuadPart=4096;
> //i tried with lowPart=4096 and still nothing
> RtlInitUnicodeString(&FileName,L"\\BaseNamedObjects\\MySection");
> InitializeObjectAttributes(&obj,
> &FileName,
> OBJ_CASE_INSENSITIVE|OBJ_KERNEL_HANDLE,
> NULL,
> NULL);
>
> Status=ZwCreateSection(&hSection,
> SECTION_MAP_READ|STANDARD_RIGHTS_REQUIRED|SECTION_MAP_WRITE,
> &obj,
> &MaximumSize,
> PAGE_READWRITE,
> SEC_COMMIT,
> NULL);//hFile);
>
>
> if (!NT_SUCCESS(Status))
> {
> DbgPrint("Sectiunea nu a putut fi deschisa: 0x%x",Status);
> Error=1;
> return 0;
> }
>
>
>
> ViewSize=4096;
>
> DbgPrint("Sectiune Creata: 0x%x",Status);
>
>
> Status=ZwMapViewOfSection(
> hSection,
> NtCurrentProcess(),
> &BaseAddress,
> 0,
> ViewSize,
> NULL,//&MaximumSize,//offset
> &ViewSize,//size to map
> ViewShare,//Share to child processes
> 0,// Allocation type
> PAGE_READWRITE);//protection
>
> if (!NT_SUCCESS(Status))
> {
> DbgPrint("Sectiunea nu a putut fi mappata: 0x%x",Status);
> ZwClose(hSection);
> Error=1;
> return 0;
> }
> Error=0;
> if (!Error)
> {
> DbgPrint("sectiune mappta size: %d",ViewSize);
> ClientView->Length=sizeof(PORT_VIEW);
> ClientView->SectionHandle=hSection;
> ClientView->ViewBase=BaseAddress;
> ClientView->ViewSize=SectionSize/2;
> ClientView->SectionOffset=0;
> ClientView->ViewRemoteBase=BaseAddress;
> }
>
> return Status;
> }
>
> i tired many combinations but still blue screen.
> please help
> thanks
>
antonbassov | Tues, 20 May 2008 07:40:00 GMT |
No actually the ZwCreateSection return STATUS_SUCCESS
the only problem is with ZwMapViewOfSection.
SECTION_SIZE is a constant declared by me.
I know that the size is always rounded up to the page size wich is
4096 and I declared SECTION_SIZE that size, I also tried with a
smaller value just in case, but it always blue screens, and it is
driving me nuts.
I run it in system context, I, tried running while attached to
taskmanger.exe, but nothing.
i tried many combinations but I can't imagine why I get the blue
screen.
I also tried maping the content o a file, a small txt but again blue
screen.
I run the code in Microsoft Virtual PC, windows xp sp2
how can thread Y have an opened handle if the section is just being
created there.
I told you ZwCreateSection return ok. I also tried puttin
ZwMapViewOfSection in a try catch statement but still nothing, no
exception , but blue screen.
Should I reinstall windows ?
I thought that SectionOffset parameter is the problem but I looked
over the code of ZwMapViewOfSection that I got form microsoft student
partners and it shouldn't bluew screen because of that.
can u please give me any sugestions
On Feb 24, 8:46 pm, Anton Bassov
<AntonBas......discussions.microsoft.com> wrote:
> Actually, I don't see anything wrong with your code - it should work just
> fine. The only question is SECTION_SIZE constant (there is no such
> declaration in WDK).
> What is the size of the section you are trying to create ( I specified 16
> pages, and managed to run your code successfully)?
> Please note that ZwCreateSection() will fail because of name collision if
> you run it on thread X while thread Y has an open handle. However, you don't
> seem to proceed to mapping the section if ZwCreateSection() call fails...
> Anton Bassov
> "euac......gmail.com" wrote:
> > hi
> > I try to map a region in the page file to Iter process comunicate in
> > kernel mode.
> > with no further commet s I'll give show the code to see if its
> > something wrong:
> > NTSTATUS FillPortViewClient(PPORT_VIEW ClientView)
> > {
> > NTSTATUS Status;
> > HANDLE hSection,hFile,hProc;
> > PVOID BaseAddress=NULL;
> > LARGE_INTEGER MaximumSize;
> > UNICODE_STRING FileName;
> > OBJECT_ATTRIBUTES obj;
> > IO_STATUS_BLOCK IoStatus;
> > SIZE_T ViewSize;
> > ULONG SectionSize;
> > ULONG Error;
> > PEPROCESS Process;
> > KAPC_STATE StateProcess;
> > FILE_STANDARD_INFORMATION FileInfo;
> > SectionSize=SECTION_SIZE;
> > DbgPrint("section size: %d",SectionSize);
> > RtlZeroMemory(&MaximumSize,sizeof(LARGE_INTEGER));
> > //MaximumSize.LowPart=SectionSize;
> > //MaximumSize.HighPart=0;
> > MaximumSize.QuadPart=4096;
> > //i tried with lowPart=4096 and still nothing
> > RtlInitUnicodeString(&FileName,L"\\BaseNamedObjects\\MySection");
> > InitializeObjectAttributes(&obj,
> > &FileName,
> > OBJ_CASE_INSENSITIVE|OBJ_KERNEL_HANDLE,
> > NULL,
> > NULL);
> > Status=ZwCreateSection(&hSection,
> > SECTION_MAP_READ|STANDARD_RIGHTS_REQUIRED|SECTION_MAP_WRITE,
> > &obj,
> > &MaximumSize,
> > PAGE_READWRITE,
> > SEC_COMMIT,
> > NULL);//hFile);
> > if (!NT_SUCCESS(Status))
> > {
> > DbgPrint("Sectiunea nu a putut fi deschisa: 0x%x",Status);
> > Error=1;
> > return 0;
> > }
> > ViewSize=4096;
> > DbgPrint("Sectiune Creata: 0x%x",Status);
> > Status=ZwMapViewOfSection(
> > hSection,
> > NtCurrentProcess(),
> > &BaseAddress,
> > 0,
> > ViewSize,
> > NULL,//&MaximumSize,//offset
> > &ViewSize,//size to map
> > ViewShare,//Share to child processes
> > 0,// Allocation type
> > PAGE_READWRITE);//protection
> > if (!NT_SUCCESS(Status))
> > {
> > DbgPrint("Sectiunea nu a putut fi mappata: 0x%x",Status);
> > ZwClose(hSection);
> > Error=1;
> > return 0;
> > }
> > Error=0;
> > if (!Error)
> > {
> > DbgPrint("sectiune mappta size: %d",ViewSize);
> > ClientView->Length=sizeof(PORT_VIEW);
> > ClientView->SectionHandle=hSection;
> > ClientView->ViewBase=BaseAddress;
> > ClientView->ViewSize=SectionSize/2;
> > ClientView->SectionOffset=0;
> > ClientView->ViewRemoteBase=BaseAddress;
> > }
> > return Status;
> > }
> > i tired many combinations but still blue screen.
> > please help
> > thanks
euacela | Tues, 20 May 2008 07:41:00 GMT |
Probably, there is just some piece of crappy third-party software that hooks
ZwMapViewOfSection() and is unable to handle it properly. ...
Try NtMapViewOfSection() instead - if you call it from a driver, your call
does not go
via SSDT, so that if someone hooks SSDT, this code will be out of play...
Anton Bassov
"euacela...gmail.com" wrote:
> No actually the ZwCreateSection return STATUS_SUCCESS
> the only problem is with ZwMapViewOfSection.
> SECTION_SIZE is a constant declared by me.
> I know that the size is always rounded up to the page size wich is
> 4096 and I declared SECTION_SIZE that size, I also tried with a
> smaller value just in case, but it always blue screens, and it is
> driving me nuts.
> I run it in system context, I, tried running while attached to
> taskmanger.exe, but nothing.
> i tried many combinations but I can't imagine why I get the blue
> screen.
> I also tried maping the content o a file, a small txt but again blue
> screen.
> I run the code in Microsoft Virtual PC, windows xp sp2
> how can thread Y have an opened handle if the section is just being
> created there.
> I told you ZwCreateSection return ok. I also tried puttin
> ZwMapViewOfSection in a try catch statement but still nothing, no
> exception , but blue screen.
> Should I reinstall windows ?
> I thought that SectionOffset parameter is the problem but I looked
> over the code of ZwMapViewOfSection that I got form microsoft student
> partners and it shouldn't bluew screen because of that.
> can u please give me any sugestions
>
> On Feb 24, 8:46 pm, Anton Bassov
> <AntonBas......discussions.microsoft.com> wrote:
> > Actually, I don't see anything wrong with your code - it should work just
> > fine. The only question is SECTION_SIZE constant (there is no such
> > declaration in WDK).
> > What is the size of the section you are trying to create ( I specified 16
> > pages, and managed to run your code successfully)?
> >
> > Please note that ZwCreateSection() will fail because of name collision if
> > you run it on thread X while thread Y has an open handle. However, you don't
> > seem to proceed to mapping the section if ZwCreateSection() call fails...
> >
> > Anton Bassov
> >
> > "euac......gmail.com" wrote:
> > > hi
> > > I try to map a region in the page file to Iter process comunicate in
> > > kernel mode.
> > > with no further commet s I'll give show the code to see if its
> > > something wrong:
> >
> > > NTSTATUS FillPortViewClient(PPORT_VIEW ClientView)
> > > {
> > > NTSTATUS Status;
> > > HANDLE hSection,hFile,hProc;
> > > PVOID BaseAddress=NULL;
> > > LARGE_INTEGER MaximumSize;
> > > UNICODE_STRING FileName;
> > > OBJECT_ATTRIBUTES obj;
> > > IO_STATUS_BLOCK IoStatus;
> > > SIZE_T ViewSize;
> > > ULONG SectionSize;
> > > ULONG Error;
> > > PEPROCESS Process;
> > > KAPC_STATE StateProcess;
> > > FILE_STANDARD_INFORMATION FileInfo;
> >
> > > SectionSize=SECTION_SIZE;
> >
> > > DbgPrint("section size: %d",SectionSize);
> >
> > > RtlZeroMemory(&MaximumSize,sizeof(LARGE_INTEGER));
> >
> > > //MaximumSize.LowPart=SectionSize;
> > > //MaximumSize.HighPart=0;
> > > MaximumSize.QuadPart=4096;
> > > //i tried with lowPart=4096 and still nothing
> >
> > > RtlInitUnicodeString(&FileName,L"\\BaseNamedObjects\\MySection");
> > > InitializeObjectAttributes(&obj,
> > > &FileName,
> > > OBJ_CASE_INSENSITIVE|OBJ_KERNEL_HANDLE,
> > > NULL,
> > > NULL);
> >
> > > Status=ZwCreateSection(&hSection,
> > > SECTION_MAP_READ|STANDARD_RIGHTS_REQUIRED|SECTION_MAP_WRITE,
> > > &obj,
> > > &MaximumSize,
> > > PAGE_READWRITE,
> > > SEC_COMMIT,
> > > NULL);//hFile);
> >
> > > if (!NT_SUCCESS(Status))
> > > {
> > > DbgPrint("Sectiunea nu a putut fi deschisa: 0x%x",Status);
> >
> > > Error=1;
> >
> > > return 0;
> > > }
> >
> > > ViewSize=4096;
> >
> > > DbgPrint("Sectiune Creata: 0x%x",Status);
> >
> > > Status=ZwMapViewOfSection(
> > > hSection,
> > > NtCurrentProcess(),
> > > &BaseAddress,
> > > 0,
> > > ViewSize,
> > > NULL,//&MaximumSize,//offset
> > > &ViewSize,//size to map
> > > ViewShare,//Share to child processes
> > > 0,// Allocation type
> > > PAGE_READWRITE);//protection
> >
> > > if (!NT_SUCCESS(Status))
> > > {
> > > DbgPrint("Sectiunea nu a putut fi mappata: 0x%x",Status);
> >
> > > ZwClose(hSection);
> >
> > > Error=1;
> > > return 0;
> > > }
> >
> > > Error=0;
> >
> > > if (!Error)
> > > {
> > > DbgPrint("sectiune mappta size: %d",ViewSize);
> > > ClientView->Length=sizeof(PORT_VIEW);
> > > ClientView->SectionHandle=hSection;
> > > ClientView->ViewBase=BaseAddress;
> > > ClientView->ViewSize=SectionSize/2;
> > > ClientView->SectionOffset=0;
> > > ClientView->ViewRemoteBase=BaseAddress;
> >
> > > }
> >
> > > return Status;
> > > }
> >
> > > i tired many combinations but still blue screen.
> > > please help
> > > thanks
>
>
antonbassov | Tues, 20 May 2008 07:42:00 GMT |
I don't know if this is it.
Today the thing worked but the strangest thing happened.
I know I had another older project which used ZwMapViewOfSection to
map a portable executer, and it worked there.
So I took that file and included it in my project. To my amazement
after compiling it worked, but only the code written in that certain
file.
After this i took my code and put it in the same file. It blue
screened. Then I took my code and put it in the boddy of the function
that worked. My code worked now. Then I was begginign to be
frustrated, it is like it was playing with me.
I had two functions with different names, but with tha same code in
each. One worked fine one bluew screened.
Then after a few more blue screens, my initial function that used to
blue screen the driver worked.
This is something that I haven't yet exeperienced.
Then another thing and I suspect the same thing.
I am trying to comunicate via kernel LPC so I make a ServerThread in
the system process and client thread in taskmanager, explorer, another
process. The server get succesfulyy to the part where it should wait,
but the client process when I try to call NtConnectPort, I get blue
screen.
This is how I call it
The ClientPortView is a PORT_VIEW structure whch i initialize like
this:
after making a succesfull section;
ClientView->Length=sizeof(PORT_VIEW);
ClientView->SectionHandle=hSection;
ClientView->SectionOffset=0;
and server view:
ServerView->Length=sizeof(REMOTE_PORT_VIEW);
and now this is the SQS parameter:
sqs.ImpersonationLevel=SecurityImpersonation;
sqs.Length=sizeof(SECURITY_QUALITY_OF_SERVICE);
sqs.EffectiveOnly=TRUE;
sqs.ContextTrackingMode=TRUE;
now the actual code after all preparation.
Status=FillPortViewClientSection(&ClientPortView);
if (!NT_SUCCESS(Status))
{
DbgPrint("client view is not valid");
ClientPortView.SectionHandle=NULL;
}
Status=FillPortViewServer(&ServerPortView);
if (ClientPortView.SectionHandle!=NULL)
Status= NtConnectPort(
&hPort,
&Port_Name,
&sqs,
&ClientPortView,
&ServerPortView,
&MaxMess,
NULL,
&ret);
else
Status= NtConnectPort(
&hPort,
&Port_Name,
&sqs,
NULL,
NULL,
&MaxMess,
NULL,
&ret);
after calling this I get blue screen.
not an exeption, not an error message but a blue screen. I know this
shouldn;t happen, but if you see any bug in my code please correct me
thank you.
euacela | Tues, 20 May 2008 07:43:00 GMT |