Hi all,
I has developed a file system filter driver and installed on machines with W2K and WXP.
I have one machine with Windows XP installed on drive E and I get blue screen on starting windows XP. I install Soft-ice and the problem disapear, i uninstall soft-ice and the problem occour again.
I believe that it can occour because Windows XP have a protection on memory access. It’s write ? Can I disable this protection ?
Thanks in advance,
Heldai
Sounds more like a problem with uninitialized memory.
Clint
----- Original Message -----
From: Heldai
To: File Systems Developers
Sent: Thursday, August 22, 2002 9:54 AM
Subject: [ntfsd] Blue screen without soft-ice
Hi all,
I has developed a file system filter driver and installed on machines with
W2K and WXP.
I have one machine with Windows XP installed on drive E and I get blue
screen on starting windows XP. I install Soft-ice and the problem disapear,
i uninstall soft-ice and the problem occour again.
I believe that it can occour because Windows XP have a protection on
memory access. It’s write ? Can I disable this protection ?
Thanks in advance,
You are currently subscribed to ntfsd as: xxxxx@lancache.com
To unsubscribe send a blank email to %%email.unsub%%
When you talk about crashes and BSODs and you expect an answer, you should in the first place tell us at least what bugcode it was. Anyway , you dont want to disable memory write protection facility. You want your driver to work flawless on all configurations., so check your code for mistakes and fix them.
Ciao
----- Original Message -----
From: Heldai
To: File Systems Developers
Sent: Thursday, August 22, 2002 4:54 PM
Subject: [ntfsd] Blue screen without soft-ice
Hi all,
I has developed a file system filter driver and installed on machines with W2K and WXP.
I have one machine with Windows XP installed on drive E and I get blue screen on starting windows XP. I install Soft-ice and the problem disapear, i uninstall soft-ice and the problem occour again.
I believe that it can occour because Windows XP have a protection on memory access. It’s write ? Can I disable this protection ?
Thanks in advance,
You are currently subscribed to ntfsd as: xxxxx@rdsor.ro
To unsubscribe send a blank email to %%email.unsub%%
OK Dan,
I want know if soft-ice disable read-only memory access because with soft-ice installed my driver is OK.
I receive message “Trying write in read-only memory” when soft-ice is not installed.
Thanks,
Heldai
----- Original Message -----
From: Dan Partelly
To: File Systems Developers
Sent: Thursday, August 22, 2002 1:09 PM
Subject: [ntfsd] Re: Blue screen without soft-ice
When you talk about crashes and BSODs and you expect an answer, you should in the first place tell us at least what bugcode it was. Anyway , you dont want to disable memory write protection facility. You want your driver to work flawless on all configurations., so check your code for mistakes and fix them.
Ciao
----- Original Message -----
From: Heldai
To: File Systems Developers
Sent: Thursday, August 22, 2002 4:54 PM
Subject: [ntfsd] Blue screen without soft-ice
Hi all,
I has developed a file system filter driver and installed on machines with W2K and WXP.
I have one machine with Windows XP installed on drive E and I get blue screen on starting windows XP. I install Soft-ice and the problem disapear, i uninstall soft-ice and the problem occour again.
I believe that it can occour because Windows XP have a protection on memory access. It’s write ? Can I disable this protection ?
Thanks in advance,
You are currently subscribed to ntfsd as: xxxxx@scuasecurity.com.br
To unsubscribe send a blank email to %%email.unsub%%
I was checking my code and I have locating the problem.
I am hooking the function ZwCreateSection to get file execution. I am altering the pointer to ZwCreateSection on KeServiceDescriptorTable, doing it point to my function and my function call the original ZwCeateSection.
In W2K it’s OK, but on XP I has received Error trying writing Readonly memory.
Somebody know how can I bypass my problem ?
Thanks in advance,
Heldai
----- Original Message -----
From: Dan Partelly
To: File Systems Developers
Sent: Thursday, August 22, 2002 1:09 PM
Subject: [ntfsd] Re: Blue screen without soft-ice
When you talk about crashes and BSODs and you expect an answer, you should in the first place tell us at least what bugcode it was. Anyway , you dont want to disable memory write protection facility. You want your driver to work flawless on all configurations., so check your code for mistakes and fix them.
Ciao
----- Original Message -----
From: Heldai
To: File Systems Developers
Sent: Thursday, August 22, 2002 4:54 PM
Subject: [ntfsd] Blue screen without soft-ice
Hi all,
I has developed a file system filter driver and installed on machines with W2K and WXP.
I have one machine with Windows XP installed on drive E and I get blue screen on starting windows XP. I install Soft-ice and the problem disapear, i uninstall soft-ice and the problem occour again.
I believe that it can occour because Windows XP have a protection on memory access. It’s write ? Can I disable this protection ?
Thanks in advance,
You are currently subscribed to ntfsd as: xxxxx@scuasecurity.com.br
To unsubscribe send a blank email to %%email.unsub%%
“Heldai” wrote in message news:xxxxx@ntfsd…
> I am hooking the function ZwCreateSection to get file execution. I am
altering the pointer to
> ZwCreateSection on KeServiceDescriptorTable, doing it point to my function
and my function call the
> original ZwCeateSection.
>
> In W2K it’s OK, but on XP I has received Error trying writing Readonly
memory.
>
> Somebody know how can I bypass my problem ?
>
I’d suggest if you have to ask how to work around this, you really shouldn’t
be “hooking” routines in the O/S…
I’m sure you don’t appreciate getting that answer, and it’s not my intention
to be rude, but would you at least just think about the possibility of
trying to acheive whatever your goal is another way?
Peter
OSR
Easiest way is to describe the area through an MDL and map the area as RW.
If your aiming x86, Ia32 only , you can disable temporarly WP bit in Cr0.
----- Original Message -----
From: Heldai
To: File Systems Developers
Sent: Thursday, August 22, 2002 9:10 PM
Subject: [ntfsd] Re: Blue screen without soft-ice
I was checking my code and I have locating the problem.
I am hooking the function ZwCreateSection to get file execution. I am altering the pointer to ZwCreateSection on KeServiceDescriptorTable, doing it point to my function and my function call the original ZwCeateSection.
In W2K it’s OK, but on XP I has received Error trying writing Readonly memory.
Somebody know how can I bypass my problem ?
Thanks in advance,
Heldai
----- Original Message -----
From: Dan Partelly
To: File Systems Developers
Sent: Thursday, August 22, 2002 1:09 PM
Subject: [ntfsd] Re: Blue screen without soft-ice
When you talk about crashes and BSODs and you expect an answer, you should in the first place tell us at least what bugcode it was. Anyway , you dont want to disable memory write protection facility. You want your driver to work flawless on all configurations., so check your code for mistakes and fix them.
Ciao
----- Original Message -----
From: Heldai
To: File Systems Developers
Sent: Thursday, August 22, 2002 4:54 PM
Subject: [ntfsd] Blue screen without soft-ice
Hi all,
I has developed a file system filter driver and installed on machines with W2K and WXP.
I have one machine with Windows XP installed on drive E and I get blue screen on starting windows XP. I install Soft-ice and the problem disapear, i uninstall soft-ice and the problem occour again.
I believe that it can occour because Windows XP have a protection on memory access. It’s write ? Can I disable this protection ?
Thanks in advance,
You are currently subscribed to ntfsd as: xxxxx@rdsor.ro
To unsubscribe send a blank email to %%email.unsub%%
Yes, SoftIce does disable the kernel’s memory write protection. It requires you to reboot on a new system when you begin installing it. It also tells you it is disabling the protection. This should NEVER be done in a production environment. Why crash the whole system instead of just one driver? Microsoft doesn’t seem to want anyone to provide program execution control. You can do some with a file system filter and trap creates, but determining when a create is for an execution vice a file copy. The memory mapping attributes can give you a clue, but it is not foolproof.
----- Original Message -----
From: Heldai
To: File Systems Developers
Sent: Thursday, August 22, 2002 1:05 PM
Subject: [ntfsd] Re: Blue screen without soft-ice
OK Dan,
I want know if soft-ice disable read-only memory access because with soft-ice installed my driver is OK.
I receive message “Trying write in read-only memory” when soft-ice is not installed.
Thanks,
Heldai
----- Original Message -----
From: Dan Partelly
To: File Systems Developers
Sent: Thursday, August 22, 2002 1:09 PM
Subject: [ntfsd] Re: Blue screen without soft-ice
When you talk about crashes and BSODs and you expect an answer, you should in the first place tell us at least what bugcode it was. Anyway , you dont want to disable memory write protection facility. You want your driver to work flawless on all configurations., so check your code for mistakes and fix them.
Ciao
----- Original Message -----
From: Heldai
To: File Systems Developers
Sent: Thursday, August 22, 2002 4:54 PM
Subject: [ntfsd] Blue screen without soft-ice
Hi all,
I has developed a file system filter driver and installed on machines with W2K and WXP.
I have one machine with Windows XP installed on drive E and I get blue screen on starting windows XP. I install Soft-ice and the problem disapear, i uninstall soft-ice and the problem occour again.
I believe that it can occour because Windows XP have a protection on memory access. It’s write ? Can I disable this protection ?
Thanks in advance,
You are currently subscribed to ntfsd as: xxxxx@yoshimuni.com
To unsubscribe send a blank email to %%email.unsub%%
Thanks for all answers.
My question is about bypass readonly protection, but do you can sugest
another way if it is not recommended. I am hooking OS routines only because
it was running ok on my driver in Winnt and w2k.
Sorry if I don’t post my message correctly.
Heldai
----- Original Message -----
From: “Peter Viscarola”
Newsgroups: ntfsd
To: “File Systems Developers”
Sent: Thursday, August 22, 2002 3:27 PM
Subject: [ntfsd] Re: Blue screen without soft-ice
> “Heldai” wrote in message news:xxxxx@ntfsd…
> > I am hooking the function ZwCreateSection to get file execution. I am
> altering the pointer to
> > ZwCreateSection on KeServiceDescriptorTable, doing it point to my
function
> and my function call the
> > original ZwCeateSection.
> >
> > In W2K it’s OK, but on XP I has received Error trying writing Readonly
> memory.
> >
> > Somebody know how can I bypass my problem ?
> >
>
> I’d suggest if you have to ask how to work around this, you really
shouldn’t
> be “hooking” routines in the O/S…
>
> I’m sure you don’t appreciate getting that answer, and it’s not my
intention
> to be rude, but would you at least just think about the possibility of
> trying to acheive whatever your goal is another way?
>
> Peter
> OSR
>
>
>
>
> —
> You are currently subscribed to ntfsd as: xxxxx@scuasecurity.com.br
> To unsubscribe send a blank email to %%email.unsub%%