Access Violation MmUnmapLockedPages

vishnu_pv · November 3, 2010, 8:28am

Hi
Iam trying to share memory between driver(mirror driver) and application. Iam allocating memory in kernel and mapping it in to user process.

Steps iam using while mapping to user process:

ExAllocatePoolWithTag(NonPagedPool,…)
2)IOAllocateMDL()
3)MmMapLockedPagesSpecifyCache(, UserMode,…)

steps while unmapping:

UnMapLockedPages()
2)IOFreeMdl()

Iam getting Access violation error during unmapping.
Access Violation – code c0000005
nt!MmUnmapLockedPagesinUserSpace+0X8
82ed50b7 8b814 mov ecx, dword ptr [eax + 14h]

Am i doing anything wrong here?

Thanks.

OSR_Community_User · November 3, 2010, 9:23am

You must be running in the context of the process in which you mapped the pages when you call MmUnmapLockedPages. In addition, I hope you are zeroing out the memory block that you share with user mode, since you don’t want the user app to see any kernel sensitive information…

–Mark Cariddi
OSR Open System Resources, Inc.

-----Original Message-----
From: xxxxx@lists.osr.com [mailto:xxxxx@lists.osr.com] On Behalf Of xxxxx@gmail.com
Sent: Wednesday, November 03, 2010 8:30 AM
To: Windows System Software Devs Interest List
Subject: [ntdev] Access Violation MmUnmapLockedPages

Hi
Iam trying to share memory between driver(mirror driver) and application. Iam allocating memory in kernel and mapping it in to user process.

Steps iam using while mapping to user process:

ExAllocatePoolWithTag(NonPagedPool,…)
2)IOAllocateMDL()
3)MmMapLockedPagesSpecifyCache(, UserMode,…)

steps while unmapping:

UnMapLockedPages()
2)IOFreeMdl()

Iam getting Access violation error during unmapping.
Access Violation – code c0000005
nt!MmUnmapLockedPagesinUserSpace+0X8
82ed50b7 8b814 mov ecx, dword ptr [eax + 14h]

Am i doing anything wrong here?

Thanks.

NTDEV is sponsored by OSR

For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer

vishnu_pv · November 3, 2010, 11:44am

Thanks Mark for your reply.
Mapping and unmapping are done in the same process context. Regarding zeroing the memory, actually i want application to read the bytes written by driver.

Thanks.

Alex_Grig · November 3, 2010, 4:14pm

Can’t you just use IOCTLs to pass data? Mapping to the user mode is very tricky and may lead to BSODs if a process gets terminated without unmapping the pages properly, which is quite tricky.

vishnu_pv · November 9, 2010, 2:04am

Sorry for the late reply.
I was able to figure out the reason for access violation and rectify it. But the problem now iam facing is MmMapLockedPagesSpecfyCache(…,Usermode,…) is returning NULL. After this operation if i try to print the RequestPacket contents(in Windbg, dt -b RequestPacket), its giving Memory Read error. Iam using Method_Buffered transfer type in the IOCTL. Am i doing anything wrong.

Iam querying for the mapped user address from the application using extescape. Iam not sure if iam querying correctly. Can anyone explain how to query?. Iam using Method_buffered here too because iam bit confused with other transfer types.

Thanks.

vishnu_pv · November 9, 2010, 6:57am

I did a small mistake in DrvEscape Function. I was able to rectify it.

Thanks.