Hi,
I have been some time trying to map a file using:
ZwCreateSection and ZwMapViewOfSection but I have not got it yet. I got to create the section, I can not map it.
Please tell me how to do it.
Thank you.
You are currently subscribed to ntfsd as: $subst(‘Recip.EmailAddr’)
To unsubscribe send a blank email to leave-ntfsd-$subst(‘Recip.MemberIDChar’)@lists.osr.com
It should go a little something like this (I don’t know for sure, the only
code I have that I could find instantly used NtXxx from user-mode, not
ZwXxx from kernel-mode), and it’s C++, not C (notice the declarations
scattered all over).
WCHAR filename = L"\path\to\file";
UNICODE_STRING fileName = {0};
fileName.Buffer = filename;
fileName.MaximumLength = sizeof(filename);
fileName.Length = fileName.MaximumLength - sizeof(WCHAR);
OBJECT_ATTRIBUTES oa = {0};
InitializeObjectAttributes(&oa, &fileName, OBJ_CASE_INSENSITIVE, NULL,
NULL);
IO_STATUS_BLOCK isb = {0};
HANDLE file = INVALID_HANDLE_VALUE;
NtCreateFile(&file, FILE_GENERIC_READ, &oa, &isb, NULL, 0,
FILE_SHARE_READ, FILE_OPEN, 0, NULL, 0);
FILE_STANDARD_INFORMATION fsi = {0};
ZwQueryInformationFile(file, &isb, (void*)&fsi, sizeof(fsi),
FileStandardInformation);
SIZE_T viewSize = (SIZE_T)fsi.EndOfFile.QuadPart;
InitializeObjectAttributes(&oa, NULL, NULL, NULL, NULL);
HANDLE section = INVALID_HANDLE_VALUE;
ZwCreateSection(§ion, SECTION_MAP_READ | SECTION_MAP_EXECUTE, NULL,
NULL, PAGE_READONLY, SEC_COMMIT, file);
LARGE_INTEGER offset = {0};
char* base = NULL;
ZwMapViewOfSection(section, NtCurrentProcess(), (void**)&base, 0, 0,
&offset, &viewSize, ViewShare, 0, PAGE_READONLY);
// the file is now mapped starting at “base” into the current process’s
address space
If you are mapping a PE executable, then specifying SEC_IMAGE, instead
of SEC_COMMIT, is perhaps a useful thing to do. SEC_IMAGE reads the
executable and puts the various sections of the executable at their
correct RVAs (so that sections start at sectionName.VirtualAddress, not
sectionName.PointerToRawData). If you don’t do this, you have to correct
the offsets by hand (rather than just using base + RVA).
On Tue, 30 Oct 2001, Ratmil Torres wrote:
Hi,
I have been some time trying to map a file using:
ZwCreateSection and ZwMapViewOfSection but I have not got it yet. I got to create the section, I can not map it.
Please tell me how to do it.
Thank you.
You are currently subscribed to ntfsd as: xxxxx@inkvine.fluff.org
To unsubscribe send a blank email to leave-ntfsd-$subst(‘Recip.MemberIDChar’)@lists.osr.com
–
Peter xxxxx@inkvine.fluff.org
http://www.inkvine.fluff.org/~peter/
logic kicks ass:
(1) Horses have an even number of legs.
(2) They have two legs in back and fore legs in front.
(3) This makes a total of six legs, which certainly is an odd number of
legs for a horse.
(4) But the only number that is both odd and even is infinity.
(5) Therefore, horses must have an infinite number of legs.
You are currently subscribed to ntfsd as: $subst(‘Recip.EmailAddr’)
To unsubscribe send a blank email to leave-ntfsd-$subst(‘Recip.MemberIDChar’)@lists.osr.com