How to access memory using the physical address

Hi, all

I’m trying to access memory by the physical address in my driver. The reason
why I do this is I need to get data from my bootstrap code. In the bootstrap
code, I first enter the 386 Protected Mode and then write some important
data to a buffer (identified by the physical address), at last jump back to
the original bootstrap code. Suppose the buffer won’t be re-written, how can
I read the content of the buffer in my WinXP driver module?

I’ve read about MmMapIoSpace function, but I don’t know how to initialize
the PHYSICAL_ADDRESS parameter, and it seems this function is obsolete.

Any suggestion is welcome. Thanks,
GrepAll

Massively small font there.

MmMapIoSpace is not obsolete, but that is the least of your problems. That
“suppose the buffer won’t be rewritten” part, for physical memory owned by
the OS, is a huge problem. How do you suppose that is going to happen? You
initialize the PHYSICAL_ADDRESS with the linear physical address of the
buffer that you suppose won’t be rewritten. What exactly are you
bootstrapping? A platform? A device?

=====================
Mark Roddy DDK MVP
Windows 2003/XP/2000 Consulting
Hollis Technology Solutions 603-321-1032
www.hollistech.com

From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of GrepAll
Sent: Monday, January 16, 2006 8:56 PM
To: Windows System Software Devs Interest List
Subject: [ntdev] How to access memory using the physical address

Hi, all

I’m trying to access memory by the physical address in my driver. The reason
why I do this is I need to get data from my bootstrap code. In the bootstrap
code, I first enter the 386 Protected Mode and then write some important
data to a buffer (identified by the physical address), at last jump back to
the original bootstrap code. Suppose the buffer won’t be re-written, how can
I read the content of the buffer in my WinXP driver module?

I’ve read about MmMapIoSpace function, but I don’t know how to initialize
the PHYSICAL_ADDRESS parameter, and it seems this function is obsolete.

Any suggestion is welcome. Thanks,
GrepAll

Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256

You are currently subscribed to ntdev as: unknown lmsubst tag argument: ‘’
To unsubscribe send a blank email to xxxxx@lists.osr.com

Hi,

It’s not a platform, either a device.

I want implement pre-boot verification function. That is, user should enter
his password before Windows starts, and by sharing the buffer, the driver
could get the password to implement single-sign-on (in fact it’s useless for
password verification, but it’s useful for other verification, SmartCard
verification for example.).

In my research, there is about 32kb size space which Windows won’t rewrite,
and it’s enough as my buffer. Or we just forget the “won’t be rewritten”
suppose, I’m interested in how to access memory by physical address.

I check the DDK document, u r right, MmMapIoSpace is not obsolete. But the
HalTranslateBusAddress is obsolete. Could you please tell me how to
initialize the PHYSICAL_ADDRESS with a linear physical address? I’m not so
familar with driver development. Thanks!

GrepAll

From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Mark Roddy
Sent: Tuesday, January 17, 2006 12:02 PM
To: Windows System Software Devs Interest List
Subject: RE: [ntdev] How to access memory using the physical address

Massively small font there.

MmMapIoSpace is not obsolete, but that is the least of your problems. That
“suppose the buffer won’t be rewritten” part, for physical memory owned by
the OS, is a huge problem. How do you suppose that is going to happen? You
initialize the PHYSICAL_ADDRESS with the linear physical address of the
buffer that you suppose won’t be rewritten. What exactly are you
bootstrapping? A platform? A device?

=====================
Mark Roddy DDK MVP
Windows 2003/XP/2000 Consulting
Hollis Technology Solutions 603-321-1032
www.hollistech.com

From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of GrepAll
Sent: Monday, January 16, 2006 8:56 PM
To: Windows System Software Devs Interest List
Subject: [ntdev] How to access memory using the physical address

Hi, all

I’m trying to access memory by the physical address in my driver. The reason
why I do this is I need to get data from my bootstrap code. In the bootstrap
code, I first enter the 386 Protected Mode and then write some important
data to a buffer (identified by the physical address), at last jump back to
the original bootstrap code. Suppose the buffer won’t be re-written, how can
I read the content of the buffer in my WinXP driver module?

I’ve read about MmMapIoSpace function, but I don’t know how to initialize
the PHYSICAL_ADDRESS parameter, and it seems this function is obsolete.

Any suggestion is welcome. Thanks,
GrepAll

Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256

You are currently subscribed to ntdev as: unknown lmsubst tag argument: ‘’
To unsubscribe send a blank email to xxxxx@lists.osr.com

Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256

You are currently subscribed to ntdev as: unknown lmsubst tag argument: ‘’
To unsubscribe send a blank email to xxxxx@lists.osr.com

This is not the way to implement single sign-on. You need to read up on the Microsoft Gina DLL and Gina-stub DLLs. The user does have to successfully login to the WIndows platform 1 time, but that is the only requirement. From that point on, the user’s credentials can be cached for pre-Windows login network verification. If you have more restrictive requirements, it might be interesting to explain those further. However, the GINA method has worked for the biggest names in PC platform production, so I can’t imagine the customer for whom this is not sufficient. Playing hand-off from a boot loader or some such to the OS, is not a great idea.

Bill M.
“GrepAll” wrote in message news:xxxxx@ntdev…
Hi,

It’s not a platform, either a device.

I want implement pre-boot verification function. That is, user should enter his password before Windows starts, and by sharing the buffer, the driver could get the password to implement single-sign-on (in fact it’s useless for password verification, but it’s useful for other verification, SmartCard verification for example.).

In my research, there is about 32kb size space which Windows won’t rewrite, and it’s enough as my buffer. Or we just forget the “won’t be rewritten” suppose, I’m interested in how to access memory by physical address.

I check the DDK document, u r right, MmMapIoSpace is not obsolete. But the HalTranslateBusAddress is obsolete. Could you please tell me how to initialize the PHYSICAL_ADDRESS with a linear physical address? I’m not so familar with driver development. Thanks!

GrepAll

------------------------------------------------------------------------------
From: xxxxx@lists.osr.com [mailto:xxxxx@lists.osr.com] On Behalf Of Mark Roddy
Sent: Tuesday, January 17, 2006 12:02 PM
To: Windows System Software Devs Interest List
Subject: RE: [ntdev] How to access memory using the physical address

Massively small font there.

MmMapIoSpace is not obsolete, but that is the least of your problems. That “suppose the buffer won’t be rewritten” part, for physical memory owned by the OS, is a huge problem. How do you suppose that is going to happen? You initialize the PHYSICAL_ADDRESS with the linear physical address of the buffer that you suppose won’t be rewritten. What exactly are you bootstrapping? A platform? A device?
=====================
Mark Roddy DDK MVP
Windows 2003/XP/2000 Consulting
Hollis Technology Solutions 603-321-1032
www.hollistech.com

----------------------------------------------------------------------------
From: xxxxx@lists.osr.com [mailto:xxxxx@lists.osr.com] On Behalf Of GrepAll
Sent: Monday, January 16, 2006 8:56 PM
To: Windows System Software Devs Interest List
Subject: [ntdev] How to access memory using the physical address

Hi, all

I’m trying to access memory by the physical address in my driver. The reason why I do this is I need to get data from my bootstrap code. In the bootstrap code, I first enter the 386 Protected Mode and then write some important data to a buffer (identified by the physical address), at last jump back to the original bootstrap code. Suppose the buffer won’t be re-written, how can I read the content of the buffer in my WinXP driver module?

I’ve read about MmMapIoSpace function, but I don’t know how to initialize the PHYSICAL_ADDRESS parameter, and it seems this function is obsolete.

Any suggestion is welcome. Thanks,
GrepAll

—
Questions? First check the Kernel Driver FAQ at http://www.osronline.com/article.cfm?id=256

You are currently subscribed to ntdev as: unknown lmsubst tag argument: ‘’
To unsubscribe send a blank email to xxxxx@lists.osr.com

—
Questions? First check the Kernel Driver FAQ at http://www.osronline.com/article.cfm?id=256

You are currently subscribed to ntdev as: unknown lmsubst tag argument: ‘’
To unsubscribe send a blank email to xxxxx@lists.osr.com

Hi,

My design is to extend the “user” concept from Windows system to the whole
PC with a SmartCard. The user install the software under Windows environment
and we’ll record his credential in the SmartCard, which can be protected by
the SmartCard PIN. Then once he input his PIN in pre-boot verification and
transfer the Windows credential to the driver, then, by letting Gina
communicate with the driver, we can implement single-sign-on.

I don’t know if this solution is good enough, but there may be potential
users.

Anyway, I’ve found the solution of access memory with physical address. Here
is the solution:

1. ZwOpenSection to open \Device\PhysicalMemory device;
2. ZwMapViewOfSection to map the physical memory buffer to the virtual
   memory space;
3. Use the buffer;
4. ZwUnmapViewOfSection & ZwClose.

This solution can access the lowest 1MB physical memory.

I’ve tested and it does work. Thanks for you guys’ answer.

GrepAll

From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Bill McKenzie
Sent: Tuesday, January 17, 2006 4:25 PM
To: Windows System Software Devs Interest List
Subject: Re:[ntdev] How to access memory using the physical address

This is not the way to implement single sign-on. You need to read up on the
Microsoft Gina DLL and Gina-stub DLLs. The user does have to successfully
login to the WIndows platform 1 time, but that is the only requirement.
From that point on, the user’s credentials can be cached for pre-Windows
login network verification. If you have more restrictive requirements, it
might be interesting to explain those further. However, the GINA method has
worked for the biggest names in PC platform production, so I can’t imagine
the customer for whom this is not sufficient. Playing hand-off from a boot
loader or some such to the OS, is not a great idea.

Bill M.

“GrepAll” wrote in message news:xxxxx@ntdev…
Hi,

It’s not a platform, either a device.

I want implement pre-boot verification function. That is, user should enter
his password before Windows starts, and by sharing the buffer, the driver
could get the password to implement single-sign-on (in fact it’s useless for
password verification, but it’s useful for other verification, SmartCard
verification for example.).

In my research, there is about 32kb size space which Windows won’t rewrite,
and it’s enough as my buffer. Or we just forget the “won’t be rewritten”
suppose, I’m interested in how to access memory by physical address.

I check the DDK document, u r right, MmMapIoSpace is not obsolete. But the
HalTranslateBusAddress is obsolete. Could you please tell me how to
initialize the PHYSICAL_ADDRESS with a linear physical address? I’m not so
familar with driver development. Thanks!

GrepAll



From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Mark Roddy
Sent: Tuesday, January 17, 2006 12:02 PM
To: Windows System Software Devs Interest List
Subject: RE: [ntdev] How to access memory using the physical address

Massively small font there.

MmMapIoSpace is not obsolete, but that is the least of your problems. That
“suppose the buffer won’t be rewritten” part, for physical memory owned by
the OS, is a huge problem. How do you suppose that is going to happen? You
initialize the PHYSICAL_ADDRESS with the linear physical address of the
buffer that you suppose won’t be rewritten. What exactly are you
bootstrapping? A platform? A device?

=====================
Mark Roddy DDK MVP
Windows 2003/XP/2000 Consulting
Hollis Technology Solutions 603-321-1032
www.hollistech.com



From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of GrepAll
Sent: Monday, January 16, 2006 8:56 PM
To: Windows System Software Devs Interest List
Subject: [ntdev] How to access memory using the physical address

Hi, all

I’m trying to access memory by the physical address in my driver. The reason
why I do this is I need to get data from my bootstrap code. In the bootstrap
code, I first enter the 386 Protected Mode and then write some important
data to a buffer (identified by the physical address), at last jump back to
the original bootstrap code. Suppose the buffer won’t be re-written, how can
I read the content of the buffer in my WinXP driver module?

I’ve read about MmMapIoSpace function, but I don’t know how to initialize
the PHYSICAL_ADDRESS parameter, and it seems this function is obsolete.

Any suggestion is welcome. Thanks,
GrepAll

—
Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256

You are currently subscribed to ntdev as: unknown lmsubst tag argument: ‘’
To unsubscribe send a blank email to xxxxx@lists.osr.com

—
Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256

You are currently subscribed to ntdev as: unknown lmsubst tag argument: ‘’
To unsubscribe send a blank email to xxxxx@lists.osr.com

—
Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256

You are currently subscribed to ntdev as: unknown lmsubst tag argument: ‘’
To unsubscribe send a blank email to xxxxx@lists.osr.com

There is no guarantee that your memory address will not be overwritten. Your
testing has simply been lucky. In the future you will have one or more
unlucky customers. Why not demand the pin as part of the normal OS boot
process?

=====================
Mark Roddy DDK MVP
Windows 2003/XP/2000 Consulting
Hollis Technology Solutions 603-321-1032
www.hollistech.com

From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of GrepAll
Sent: Tuesday, January 17, 2006 4:57 AM
To: Windows System Software Devs Interest List
Subject: RE: [ntdev] How to access memory using the physical address

Hi,

My design is to extend the “user” concept from Windows system to the whole
PC with a SmartCard. The user install the software under Windows environment
and we’ll record his credential in the SmartCard, which can be protected by
the SmartCard PIN. Then once he input his PIN in pre-boot verification and
transfer the Windows credential to the driver, then, by letting Gina
communicate with the driver, we can implement single-sign-on.

I don’t know if this solution is good enough, but there may be potential
users.

Anyway, I’ve found the solution of access memory with physical address. Here
is the solution:

1. ZwOpenSection to open \Device\PhysicalMemory device;
2. ZwMapViewOfSection to map the physical memory buffer to the virtual
   memory space;
3. Use the buffer;
4. ZwUnmapViewOfSection & ZwClose.

This solution can access the lowest 1MB physical memory.

I’ve tested and it does work. Thanks for you guys’ answer.

GrepAll

From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Bill McKenzie
Sent: Tuesday, January 17, 2006 4:25 PM
To: Windows System Software Devs Interest List
Subject: Re:[ntdev] How to access memory using the physical address

This is not the way to implement single sign-on. You need to read up on the
Microsoft Gina DLL and Gina-stub DLLs. The user does have to successfully
login to the WIndows platform 1 time, but that is the only requirement.
From that point on, the user’s credentials can be cached for pre-Windows
login network verification. If you have more restrictive requirements, it
might be interesting to explain those further. However, the GINA method has
worked for the biggest names in PC platform production, so I can’t imagine
the customer for whom this is not sufficient. Playing hand-off from a boot
loader or some such to the OS, is not a great idea.

Bill M.

“GrepAll” wrote in message news:xxxxx@ntdev…
Hi,

It’s not a platform, either a device.

I want implement pre-boot verification function. That is, user should enter
his password before Windows starts, and by sharing the buffer, the driver
could get the password to implement single-sign-on (in fact it’s useless for
password verification, but it’s useful for other verification, SmartCard
verification for example.).

In my research, there is about 32kb size space which Windows won’t rewrite,
and it’s enough as my buffer. Or we just forget the “won’t be rewritten”
suppose, I’m interested in how to access memory by physical address.

I check the DDK document, u r right, MmMapIoSpace is not obsolete. But the
HalTranslateBusAddress is obsolete. Could you please tell me how to
initialize the PHYSICAL_ADDRESS with a linear physical address? I’m not so
familar with driver development. Thanks!

GrepAll



From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Mark Roddy
Sent: Tuesday, January 17, 2006 12:02 PM
To: Windows System Software Devs Interest List
Subject: RE: [ntdev] How to access memory using the physical address

Massively small font there.

MmMapIoSpace is not obsolete, but that is the least of your problems. That
“suppose the buffer won’t be rewritten” part, for physical memory owned by
the OS, is a huge problem. How do you suppose that is going to happen? You
initialize the PHYSICAL_ADDRESS with the linear physical address of the
buffer that you suppose won’t be rewritten. What exactly are you
bootstrapping? A platform? A device?

=====================
Mark Roddy DDK MVP
Windows 2003/XP/2000 Consulting
Hollis Technology Solutions 603-321-1032
www.hollistech.com



From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of GrepAll
Sent: Monday, January 16, 2006 8:56 PM
To: Windows System Software Devs Interest List
Subject: [ntdev] How to access memory using the physical address

Hi, all

I’m trying to access memory by the physical address in my driver. The reason
why I do this is I need to get data from my bootstrap code. In the bootstrap
code, I first enter the 386 Protected Mode and then write some important
data to a buffer (identified by the physical address), at last jump back to
the original bootstrap code. Suppose the buffer won’t be re-written, how can
I read the content of the buffer in my WinXP driver module?

I’ve read about MmMapIoSpace function, but I don’t know how to initialize
the PHYSICAL_ADDRESS parameter, and it seems this function is obsolete.

Any suggestion is welcome. Thanks,
GrepAll

—
Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256

You are currently subscribed to ntdev as: unknown lmsubst tag argument: ‘’
To unsubscribe send a blank email to xxxxx@lists.osr.com

—
Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256

You are currently subscribed to ntdev as: unknown lmsubst tag argument: ‘’
To unsubscribe send a blank email to xxxxx@lists.osr.com

—
Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256

You are currently subscribed to ntdev as: unknown lmsubst tag argument: ‘’
To unsubscribe send a blank email to xxxxx@lists.osr.com
—
Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256

You are currently subscribed to ntdev as: unknown lmsubst tag argument: ‘’
To unsubscribe send a blank email to xxxxx@lists.osr.com

As I know, SafeBoot and SecureDoc have done this. I think there are some
people who want this feature otherwise these companies will not survive.

–

Regards,
ZG [@ Sydney]
Windows Driver Developer

“Bill McKenzie” wrote in message
news:xxxxx@ntdev…
This is not the way to implement single sign-on. You need to read up on the
Microsoft Gina DLL and Gina-stub DLLs. The user does have to successfully
login to the WIndows platform 1 time, but that is the only requirement.
From that point on, the user’s credentials can be cached for pre-Windows
login network verification. If you have more restrictive requirements, it
might be interesting to explain those further. However, the GINA method has
worked for the biggest names in PC platform production, so I can’t imagine
the customer for whom this is not sufficient. Playing hand-off from a boot
loader or some such to the OS, is not a great idea.

Bill M.
“GrepAll” wrote in message news:xxxxx@ntdev…
Hi,

It’s not a platform, either a device.

I want implement pre-boot verification function. That is, user should enter
his password before Windows starts, and by sharing the buffer, the driver
could get the password to implement single-sign-on (in fact it’s useless for
password verification, but it’s useful for other verification, SmartCard
verification for example.).

In my research, there is about 32kb size space which Windows won’t rewrite,
and it’s enough as my buffer. Or we just forget the “won’t be rewritten”
suppose, I’m interested in how to access memory by physical address.

I check the DDK document, u r right, MmMapIoSpace is not obsolete. But the
HalTranslateBusAddress is obsolete. Could you please tell me how to
initialize the PHYSICAL_ADDRESS with a linear physical address? I’m not so
familar with driver development. Thanks!

GrepAll

From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Mark Roddy
Sent: Tuesday, January 17, 2006 12:02 PM
To: Windows System Software Devs Interest List
Subject: RE: [ntdev] How to access memory using the physical address

Massively small font there.

MmMapIoSpace is not obsolete, but that is the least of your problems. That
“suppose the buffer won’t be rewritten” part, for physical memory owned by
the OS, is a huge problem. How do you suppose that is going to happen? You
initialize the PHYSICAL_ADDRESS with the linear physical address of the
buffer that you suppose won’t be rewritten. What exactly are you
bootstrapping? A platform? A device?
=====================
Mark Roddy DDK MVP
Windows 2003/XP/2000 Consulting
Hollis Technology Solutions 603-321-1032
www.hollistech.com

From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of GrepAll
Sent: Monday, January 16, 2006 8:56 PM
To: Windows System Software Devs Interest List
Subject: [ntdev] How to access memory using the physical address

Hi, all

I’m trying to access memory by the physical address in my driver. The reason
why I do this is I need to get data from my bootstrap code. In the bootstrap
code, I first enter the 386 Protected Mode and then write some important
data to a buffer (identified by the physical address), at last jump back to
the original bootstrap code. Suppose the buffer won’t be re-written, how can
I read the content of the buffer in my WinXP driver module?

I’ve read about MmMapIoSpace function, but I don’t know how to initialize
the PHYSICAL_ADDRESS parameter, and it seems this function is obsolete.

Any suggestion is welcome. Thanks,
GrepAll

—
Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256

You are currently subscribed to ntdev as: unknown lmsubst tag argument: ‘’
To unsubscribe send a blank email to xxxxx@lists.osr.com

—
Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256

You are currently subscribed to ntdev as: unknown lmsubst tag argument: ‘’
To unsubscribe send a blank email to xxxxx@lists.osr.com

To what end? What do you gain by having credentials entered before the GINA
has control? Through a custom GINA it is possible to establish secure
network connections before Windows login, there is support for dealing with
Smart cards and such, and you can even customize the Windows login UI if
more info is needed at login. Essentially, Winlogon is up and running about
as early in the OS load process as you could ever want a network connection,
so I am curious as to the need for any pre-OS handoff.

Bill M.

“ZG” wrote in message news:xxxxx@ntdev…
> As I know, SafeBoot and SecureDoc have done this. I think there are some
> people who want this feature otherwise these companies will not survive.
>
> –
>
> Regards,
> ZG [@ Sydney]
> Windows Driver Developer
>
>
> “Bill McKenzie” wrote in message
> news:xxxxx@ntdev…
> This is not the way to implement single sign-on. You need to read up on
> the Microsoft Gina DLL and Gina-stub DLLs. The user does have to
> successfully login to the WIndows platform 1 time, but that is the only
> requirement. From that point on, the user’s credentials can be cached for
> pre-Windows login network verification. If you have more restrictive
> requirements, it might be interesting to explain those further. However,
> the GINA method has worked for the biggest names in PC platform
> production, so I can’t imagine the customer for whom this is not
> sufficient. Playing hand-off from a boot loader or some such to the OS,
> is not a great idea.
>
> Bill M.
> “GrepAll” wrote in message news:xxxxx@ntdev…
> Hi,
>
> It’s not a platform, either a device.
>
> I want implement pre-boot verification function. That is, user should
> enter his password before Windows starts, and by sharing the buffer, the
> driver could get the password to implement single-sign-on (in fact it’s
> useless for password verification, but it’s useful for other verification,
> SmartCard verification for example.).
>
> In my research, there is about 32kb size space which Windows won’t
> rewrite, and it’s enough as my buffer. Or we just forget the “won’t be
> rewritten” suppose, I’m interested in how to access memory by physical
> address.
>
> I check the DDK document, u r right, MmMapIoSpace is not obsolete. But the
> HalTranslateBusAddress is obsolete. Could you please tell me how to
> initialize the PHYSICAL_ADDRESS with a linear physical address? I’m not so
> familar with driver development. Thanks!
>
> GrepAll
>
>
>
>
>
> From: xxxxx@lists.osr.com
> [mailto:xxxxx@lists.osr.com] On Behalf Of Mark Roddy
> Sent: Tuesday, January 17, 2006 12:02 PM
> To: Windows System Software Devs Interest List
> Subject: RE: [ntdev] How to access memory using the physical address
>
>
> Massively small font there.
>
> MmMapIoSpace is not obsolete, but that is the least of your problems. That
> “suppose the buffer won’t be rewritten” part, for physical memory owned by
> the OS, is a huge problem. How do you suppose that is going to happen? You
> initialize the PHYSICAL_ADDRESS with the linear physical address of the
> buffer that you suppose won’t be rewritten. What exactly are you
> bootstrapping? A platform? A device?
> =====================
> Mark Roddy DDK MVP
> Windows 2003/XP/2000 Consulting
> Hollis Technology Solutions 603-321-1032
> www.hollistech.com
>
>
>
>
>
> From: xxxxx@lists.osr.com
> [mailto:xxxxx@lists.osr.com] On Behalf Of GrepAll
> Sent: Monday, January 16, 2006 8:56 PM
> To: Windows System Software Devs Interest List
> Subject: [ntdev] How to access memory using the physical address
>
>
> Hi, all
>
> I’m trying to access memory by the physical address in my driver. The
> reason why I do this is I need to get data from my bootstrap code. In the
> bootstrap code, I first enter the 386 Protected Mode and then write some
> important data to a buffer (identified by the physical address), at last
> jump back to the original bootstrap code. Suppose the buffer won’t be
> re-written, how can I read the content of the buffer in my WinXP driver
> module?
>
> I’ve read about MmMapIoSpace function, but I don’t know how to initialize
> the PHYSICAL_ADDRESS parameter, and it seems this function is obsolete.
>
> Any suggestion is welcome. Thanks,
> GrepAll
>
> —
> Questions? First check the Kernel Driver FAQ at
> http://www.osronline.com/article.cfm?id=256
>
> You are currently subscribed to ntdev as: unknown lmsubst tag argument: ‘’
> To unsubscribe send a blank email to xxxxx@lists.osr.com
>
> —
> Questions? First check the Kernel Driver FAQ at
> http://www.osronline.com/article.cfm?id=256
>
> You are currently subscribed to ntdev as: unknown lmsubst tag argument: ‘’
> To unsubscribe send a blank email to xxxxx@lists.osr.com
>
>

This fails the basic thought-experiment of “What if two developers do the
same thing?”

Why do you believe you gain any security by checking this before Windows
starts? All of this can be done today with the access controls built into
Windows. Read up on the basics of users, groups, and ACLs, and you will see
that you can do all of this without resorting to such things.

Also, your explanation of extending single-sign-on to the entire computer
does not make sense. Once the operating system boots, multiple security
contexts are running at the same time. How you do handle this 1:N mapping?
What happens if user A logs in, then logs out, and user B wants to log in?
Does the machine need to be rebooted?

Also, please spell out “you” and “are”.

– arlie

From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of GrepAll
Sent: Monday, January 16, 2006 11:30 PM
To: Windows System Software Devs Interest List
Subject: RE: [ntdev] How to access memory using the physical address

Hi,

It’s not a platform, either a device.

I want implement pre-boot verification function. That is, user should enter
his password before Windows starts, and by sharing the buffer, the driver
could get the password to implement single-sign-on (in fact it’s useless for
password verification, but it’s useful for other verification, SmartCard
verification for example.).

In my research, there is about 32kb size space which Windows won’t rewrite,
and it’s enough as my buffer. Or we just forget the “won’t be rewritten”
suppose, I’m interested in how to access memory by physical address.

I check the DDK document, u r right, MmMapIoSpace is not obsolete. But the
HalTranslateBusAddress is obsolete. Could you please tell me how to
initialize the PHYSICAL_ADDRESS with a linear physical address? I’m not so
familar with driver development. Thanks!

GrepAll

From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Mark Roddy
Sent: Tuesday, January 17, 2006 12:02 PM
To: Windows System Software Devs Interest List
Subject: RE: [ntdev] How to access memory using the physical address

Massively small font there.

MmMapIoSpace is not obsolete, but that is the least of your problems. That
“suppose the buffer won’t be rewritten” part, for physical memory owned by
the OS, is a huge problem. How do you suppose that is going to happen? You
initialize the PHYSICAL_ADDRESS with the linear physical address of the
buffer that you suppose won’t be rewritten. What exactly are you
bootstrapping? A platform? A device?

=====================
Mark Roddy DDK MVP
Windows 2003/XP/2000 Consulting
Hollis Technology Solutions 603-321-1032
www.hollistech.com

From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of GrepAll
Sent: Monday, January 16, 2006 8:56 PM
To: Windows System Software Devs Interest List
Subject: [ntdev] How to access memory using the physical address

Hi, all

I’m trying to access memory by the physical address in my driver.
The reason why I do this is I need to get data from my bootstrap code. In
the bootstrap code, I first enter the 386 Protected Mode and then write some
important data to a buffer (identified by the physical address), at last
jump back to the original bootstrap code. Suppose the buffer won’t be
re-written, how can I read the content of the buffer in my WinXP driver
module?

I’ve read about MmMapIoSpace function, but I don’t know how to
initialize the PHYSICAL_ADDRESS parameter, and it seems this function is
obsolete.

Any suggestion is welcome. Thanks,
GrepAll

Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256

You are currently subscribed to ntdev as: unknown lmsubst tag
argument: ‘’
To unsubscribe send a blank email to
xxxxx@lists.osr.com

Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256

You are currently subscribed to ntdev as: unknown lmsubst tag argument: ‘’
To unsubscribe send a blank email to xxxxx@lists.osr.com

Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256

You are currently subscribed to ntdev as: unknown lmsubst tag argument: ‘’
To unsubscribe send a blank email to xxxxx@lists.osr.com

“What do you gain by having credentials entered before the GINA
has control”

You cannot boot - a desired effect of sector based Disk Encryption.
If you can (because your preboot credentials are ok), the SSO is
just a “side-effect” then.

Else

|---------±-------------------------------->
| | “Bill McKenzie” |
| | | | net> |
| | Sent by: |
| | bounce-235093-16691@li|
| | sts.osr.com |
| | |
| | |
| | 01/17/2006 03:25 PM |
| | Please respond to |
| | “Windows System |
| | Software Devs Interest|
| | List” |
|---------±-------------------------------->
>-----------------------------------------------------------------------------------------------------------|
| |
| To: “Windows System Software Devs Interest List” |
| cc: |
| Subject: Re:[ntdev] How to access memory using the physical address (Unsigned Mail) |
>-----------------------------------------------------------------------------------------------------------|

To what end? What do you gain by having credentials entered before the
GINA
has control? Through a custom GINA it is possible to establish secure
network connections before Windows login, there is support for dealing with

Smart cards and such, and you can even customize the Windows login UI if
more info is needed at login. Essentially, Winlogon is up and running
about
as early in the OS load process as you could ever want a network
connection,
so I am curious as to the need for any pre-OS handoff.

Bill M.

“ZG” wrote in message news:xxxxx@ntdev…
> As I know, SafeBoot and SecureDoc have done this. I think there are some
> people who want this feature otherwise these companies will not survive.
>
> –
>
> Regards,
> ZG [@ Sydney]
> Windows Driver Developer
>
>
> “Bill McKenzie” wrote in message
> news:xxxxx@ntdev…
> This is not the way to implement single sign-on. You need to read up on
> the Microsoft Gina DLL and Gina-stub DLLs. The user does have to
> successfully login to the WIndows platform 1 time, but that is the only
> requirement. From that point on, the user’s credentials can be cached for

> pre-Windows login network verification. If you have more restrictive
> requirements, it might be interesting to explain those further. However,

> the GINA method has worked for the biggest names in PC platform
> production, so I can’t imagine the customer for whom this is not
> sufficient. Playing hand-off from a boot loader or some such to the OS,
> is not a great idea.
>
> Bill M.
> “GrepAll” wrote in message news:xxxxx@ntdev…
> Hi,
>
> It’s not a platform, either a device.
>
> I want implement pre-boot verification function. That is, user should
> enter his password before Windows starts, and by sharing the buffer, the
> driver could get the password to implement single-sign-on (in fact it’s
> useless for password verification, but it’s useful for other
verification,
> SmartCard verification for example.).
>
> In my research, there is about 32kb size space which Windows won’t
> rewrite, and it’s enough as my buffer. Or we just forget the “won’t be
> rewritten” suppose, I’m interested in how to access memory by physical
> address.
>
> I check the DDK document, u r right, MmMapIoSpace is not obsolete. But
the
> HalTranslateBusAddress is obsolete. Could you please tell me how to
> initialize the PHYSICAL_ADDRESS with a linear physical address? I’m not
so
> familar with driver development. Thanks!
>
> GrepAll
>
>
>
>
>
> From: xxxxx@lists.osr.com
> [mailto:xxxxx@lists.osr.com] On Behalf Of Mark Roddy
> Sent: Tuesday, January 17, 2006 12:02 PM
> To: Windows System Software Devs Interest List
> Subject: RE: [ntdev] How to access memory using the physical address
>
>
> Massively small font there.
>
> MmMapIoSpace is not obsolete, but that is the least of your problems.
That
> “suppose the buffer won’t be rewritten” part, for physical memory owned
by
> the OS, is a huge problem. How do you suppose that is going to happen?
You
> initialize the PHYSICAL_ADDRESS with the linear physical address of the
> buffer that you suppose won’t be rewritten. What exactly are you
> bootstrapping? A platform? A device?
> =====================
> Mark Roddy DDK MVP
> Windows 2003/XP/2000 Consulting
> Hollis Technology Solutions 603-321-1032
> www.hollistech.com
>
>
>
>
>
> From: xxxxx@lists.osr.com
> [mailto:xxxxx@lists.osr.com] On Behalf Of GrepAll
> Sent: Monday, January 16, 2006 8:56 PM
> To: Windows System Software Devs Interest List
> Subject: [ntdev] How to access memory using the physical address
>
>
> Hi, all
>
> I’m trying to access memory by the physical address in my driver. The
> reason why I do this is I need to get data from my bootstrap code. In the

> bootstrap code, I first enter the 386 Protected Mode and then write some
> important data to a buffer (identified by the physical address), at last
> jump back to the original bootstrap code. Suppose the buffer won’t be
> re-written, how can I read the content of the buffer in my WinXP driver
> module?
>
> I’ve read about MmMapIoSpace function, but I don’t know how to initialize

> the PHYSICAL_ADDRESS parameter, and it seems this function is obsolete.
>
> Any suggestion is welcome. Thanks,
> GrepAll
>
> —
> Questions? First check the Kernel Driver FAQ at
> http://www.osronline.com/article.cfm?id=256
>
> You are currently subscribed to ntdev as: unknown lmsubst tag argument:
‘’
> To unsubscribe send a blank email to xxxxx@lists.osr.com
>
> —
> Questions? First check the Kernel Driver FAQ at
> http://www.osronline.com/article.cfm?id=256
>
> You are currently subscribed to ntdev as: unknown lmsubst tag argument:
‘’
> To unsubscribe send a blank email to xxxxx@lists.osr.com
>
>

—
Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256

You are currently subscribed to ntdev as: xxxxx@utimaco.de
To unsubscribe send a blank email to xxxxx@lists.osr.com

The original poster did not say he was doing sector-based encryption, only
access control.

And if someone is paranoid enough to need sector-based encryption, then they
should probably be using different keys for the storage encryption and the
user account password, anyway.

– arlie

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Else Kluger
Sent: Tuesday, January 17, 2006 12:24 PM
To: Windows System Software Devs Interest List
Subject: Re:[ntdev] How to access memory using the physical address

“What do you gain by having credentials entered before the GINA has control”

You cannot boot - a desired effect of sector based Disk Encryption.
If you can (because your preboot credentials are ok), the SSO is just a
“side-effect” then.

Else

Right, the poster did not mention sector based encryption, this is a
completely different animal, so to speak.

Pete

Kernel Drivers
Windows Filesystem and Device Driver Consulting
www.KernelDrivers.com
(303)546-0300

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Else Kluger
Sent: Tuesday, January 17, 2006 10:24 AM
To: Windows System Software Devs Interest List
Subject: Re:[ntdev] How to access memory using the physical address

“What do you gain by having credentials entered before the GINA
has control”

You cannot boot - a desired effect of sector based Disk Encryption.
If you can (because your preboot credentials are ok), the SSO is
just a “side-effect” then.

Else

|---------±-------------------------------->
| | “Bill McKenzie” |
| | | | net> |
| | Sent by: |
| | bounce-235093-16691@li|
| | sts.osr.com |
| | |
| | |
| | 01/17/2006 03:25 PM |
| | Please respond to |
| | “Windows System |
| | Software Devs Interest|
| | List” |
|---------±-------------------------------->

>---------------------------------------------------------------------------
--------------------------------|
|
|
| To: “Windows System Software Devs Interest List”
|
| cc:
|
| Subject: Re:[ntdev] How to access memory using the physical
address (Unsigned Mail) |

>---------------------------------------------------------------------------
--------------------------------|

To what end? What do you gain by having credentials entered before the
GINA
has control? Through a custom GINA it is possible to establish secure
network connections before Windows login, there is support for dealing with

Smart cards and such, and you can even customize the Windows login UI if
more info is needed at login. Essentially, Winlogon is up and running
about
as early in the OS load process as you could ever want a network
connection,
so I am curious as to the need for any pre-OS handoff.

Bill M.

“ZG” wrote in message news:xxxxx@ntdev…
> As I know, SafeBoot and SecureDoc have done this. I think there are some
> people who want this feature otherwise these companies will not survive.
>
> –
>
> Regards,
> ZG [@ Sydney]
> Windows Driver Developer
>
>
> “Bill McKenzie” wrote in message
> news:xxxxx@ntdev…
> This is not the way to implement single sign-on. You need to read up on
> the Microsoft Gina DLL and Gina-stub DLLs. The user does have to
> successfully login to the WIndows platform 1 time, but that is the only
> requirement. From that point on, the user’s credentials can be cached for

> pre-Windows login network verification. If you have more restrictive
> requirements, it might be interesting to explain those further. However,

> the GINA method has worked for the biggest names in PC platform
> production, so I can’t imagine the customer for whom this is not
> sufficient. Playing hand-off from a boot loader or some such to the OS,
> is not a great idea.
>
> Bill M.
> “GrepAll” wrote in message news:xxxxx@ntdev…
> Hi,
>
> It’s not a platform, either a device.
>
> I want implement pre-boot verification function. That is, user should
> enter his password before Windows starts, and by sharing the buffer, the
> driver could get the password to implement single-sign-on (in fact it’s
> useless for password verification, but it’s useful for other
verification,
> SmartCard verification for example.).
>
> In my research, there is about 32kb size space which Windows won’t
> rewrite, and it’s enough as my buffer. Or we just forget the “won’t be
> rewritten” suppose, I’m interested in how to access memory by physical
> address.
>
> I check the DDK document, u r right, MmMapIoSpace is not obsolete. But
the
> HalTranslateBusAddress is obsolete. Could you please tell me how to
> initialize the PHYSICAL_ADDRESS with a linear physical address? I’m not
so
> familar with driver development. Thanks!
>
> GrepAll
>
>
>
>
>
> From: xxxxx@lists.osr.com
> [mailto:xxxxx@lists.osr.com] On Behalf Of Mark Roddy
> Sent: Tuesday, January 17, 2006 12:02 PM
> To: Windows System Software Devs Interest List
> Subject: RE: [ntdev] How to access memory using the physical address
>
>
> Massively small font there.
>
> MmMapIoSpace is not obsolete, but that is the least of your problems.
That
> “suppose the buffer won’t be rewritten” part, for physical memory owned
by
> the OS, is a huge problem. How do you suppose that is going to happen?
You
> initialize the PHYSICAL_ADDRESS with the linear physical address of the
> buffer that you suppose won’t be rewritten. What exactly are you
> bootstrapping? A platform? A device?
> =====================
> Mark Roddy DDK MVP
> Windows 2003/XP/2000 Consulting
> Hollis Technology Solutions 603-321-1032
> www.hollistech.com
>
>
>
>
>
> From: xxxxx@lists.osr.com
> [mailto:xxxxx@lists.osr.com] On Behalf Of GrepAll
> Sent: Monday, January 16, 2006 8:56 PM
> To: Windows System Software Devs Interest List
> Subject: [ntdev] How to access memory using the physical address
>
>
> Hi, all
>
> I’m trying to access memory by the physical address in my driver. The
> reason why I do this is I need to get data from my bootstrap code. In the

> bootstrap code, I first enter the 386 Protected Mode and then write some
> important data to a buffer (identified by the physical address), at last
> jump back to the original bootstrap code. Suppose the buffer won’t be
> re-written, how can I read the content of the buffer in my WinXP driver
> module?
>
> I’ve read about MmMapIoSpace function, but I don’t know how to initialize

> the PHYSICAL_ADDRESS parameter, and it seems this function is obsolete.
>
> Any suggestion is welcome. Thanks,
> GrepAll
>
> —
> Questions? First check the Kernel Driver FAQ at
> http://www.osronline.com/article.cfm?id=256
>
> You are currently subscribed to ntdev as: unknown lmsubst tag argument:
‘’
> To unsubscribe send a blank email to xxxxx@lists.osr.com
>
> —
> Questions? First check the Kernel Driver FAQ at
> http://www.osronline.com/article.cfm?id=256
>
> You are currently subscribed to ntdev as: unknown lmsubst tag argument:
‘’
> To unsubscribe send a blank email to xxxxx@lists.osr.com
>
>

—
Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256

You are currently subscribed to ntdev as: xxxxx@utimaco.de
To unsubscribe send a blank email to xxxxx@lists.osr.com

—
Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256

You are currently subscribed to ntdev as: xxxxx@kerneldrivers.com
To unsubscribe send a blank email to xxxxx@lists.osr.com

Arlie,

I was merely trying to give preboot authentication a possible meaning.

And the OP did NOT say that he was NOT doing sector-based encryption …
And there are many more paranoid people than you might think -
otherwise already mentioned companies wouldn’t survive indeed.

Regards
Else

|---------±-------------------------------->
| | “Arlie Davis” |
| | | | .com> |
| | Sent by: |
| | bounce-235128-16691@li|
| | sts.osr.com |
| | |
| | |
| | 01/17/2006 06:33 PM |
| | Please respond to |
| | “Windows System |
| | Software Devs Interest|
| | List” |
|---------±-------------------------------->
>-----------------------------------------------------------------------------------------------------------|
| |
| To: “Windows System Software Devs Interest List” |
| cc: |
| Subject: RE: [ntdev] How to access memory using the physical address (Unsigned Mail) |
>-----------------------------------------------------------------------------------------------------------|

The original poster did not say he was doing sector-based encryption, only
access control.

And if someone is paranoid enough to need sector-based encryption, then
they
should probably be using different keys for the storage encryption and the
user account password, anyway.

– arlie

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Else Kluger
Sent: Tuesday, January 17, 2006 12:24 PM
To: Windows System Software Devs Interest List
Subject: Re:[ntdev] How to access memory using the physical address

“What do you gain by having credentials entered before the GINA has
control”

You cannot boot - a desired effect of sector based Disk Encryption.
If you can (because your preboot credentials are ok), the SSO is just a
“side-effect” then.

Else

—
Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256

You are currently subscribed to ntdev as: xxxxx@utimaco.de
To unsubscribe send a blank email to xxxxx@lists.osr.com

I cannot boot? I dare say a few minutes with minimal tools, possibly only
an XP install disc, booting to the repair console will resolve that
problem and allow me access to that “un-bootable” disc. Sector based Disc
Encryption from a file system driver, while possible, is difficult. Do you
encrypt the MBR? Many solutions swap the MBR around and some of those have
ended in unreadable systems or security failures. How do you handle the
page file, dump_atapi.sys?

This is easier solved by using a disc with Full Disc Encryption firmware
following the new ATA spec coming out of the T13 committee. Failing the
password on that disc will not even permit you to read the MBR, preventing
ANY access to the disc or system, if it is the boot disc.

The personal opinion of
Gary G. Little

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of
xxxxx@utimaco.de
Sent: Tuesday, January 17, 2006 11:24 AM
To: Windows System Software Devs Interest List
Subject: Re:[ntdev] How to access memory using the physical address

“What do you gain by having credentials entered before the GINA
has control”

You cannot boot - a desired effect of sector based Disk Encryption.
If you can (because your preboot credentials are ok), the SSO is
just a “side-effect” then.

Else

|---------±-------------------------------->
| | “Bill McKenzie” |
| | | | net> |
| | Sent by: |
| | bounce-235093-16691@li|
| | sts.osr.com |
| | |
| | |
| | 01/17/2006 03:25 PM |
| | Please respond to |
| | “Windows System |
| | Software Devs Interest|
| | List” |
|---------±-------------------------------->

>-------------------------------------------------------------------------
----------------------------------|
|
|
| To: “Windows System Software Devs Interest List”
|
| cc:
|
| Subject: Re:[ntdev] How to access memory using the physical
address (Unsigned Mail) |

>-------------------------------------------------------------------------
----------------------------------|

To what end? What do you gain by having credentials entered before the
GINA
has control? Through a custom GINA it is possible to establish secure
network connections before Windows login, there is support for dealing
with

Smart cards and such, and you can even customize the Windows login UI if
more info is needed at login. Essentially, Winlogon is up and running
about
as early in the OS load process as you could ever want a network
connection,
so I am curious as to the need for any pre-OS handoff.

Bill M.

“ZG” wrote in message news:xxxxx@ntdev…
> As I know, SafeBoot and SecureDoc have done this. I think there are some
> people who want this feature otherwise these companies will not survive.
>
> –
>
> Regards,
> ZG [@ Sydney]
> Windows Driver Developer
>
>
> “Bill McKenzie” wrote in message
> news:xxxxx@ntdev…
> This is not the way to implement single sign-on. You need to read up on
> the Microsoft Gina DLL and Gina-stub DLLs. The user does have to
> successfully login to the WIndows platform 1 time, but that is the only
> requirement. From that point on, the user’s credentials can be cached
for

> pre-Windows login network verification. If you have more restrictive
> requirements, it might be interesting to explain those further.
However,

> the GINA method has worked for the biggest names in PC platform
> production, so I can’t imagine the customer for whom this is not
> sufficient. Playing hand-off from a boot loader or some such to the OS,
> is not a great idea.
>
> Bill M.
> “GrepAll” wrote in message news:xxxxx@ntdev…
> Hi,
>
> It’s not a platform, either a device.
>
> I want implement pre-boot verification function. That is, user should
> enter his password before Windows starts, and by sharing the buffer, the
> driver could get the password to implement single-sign-on (in fact it’s
> useless for password verification, but it’s useful for other
verification,
> SmartCard verification for example.).
>
> In my research, there is about 32kb size space which Windows won’t
> rewrite, and it’s enough as my buffer. Or we just forget the “won’t be
> rewritten” suppose, I’m interested in how to access memory by physical
> address.
>
> I check the DDK document, u r right, MmMapIoSpace is not obsolete. But
the
> HalTranslateBusAddress is obsolete. Could you please tell me how to
> initialize the PHYSICAL_ADDRESS with a linear physical address? I’m not
so
> familar with driver development. Thanks!
>
> GrepAll
>
>
>
>
>
> From: xxxxx@lists.osr.com
> [mailto:xxxxx@lists.osr.com] On Behalf Of Mark Roddy
> Sent: Tuesday, January 17, 2006 12:02 PM
> To: Windows System Software Devs Interest List
> Subject: RE: [ntdev] How to access memory using the physical address
>
>
> Massively small font there.
>
> MmMapIoSpace is not obsolete, but that is the least of your problems.
That
> “suppose the buffer won’t be rewritten” part, for physical memory owned
by
> the OS, is a huge problem. How do you suppose that is going to happen?
You
> initialize the PHYSICAL_ADDRESS with the linear physical address of the
> buffer that you suppose won’t be rewritten. What exactly are you
> bootstrapping? A platform? A device?
> =====================
> Mark Roddy DDK MVP
> Windows 2003/XP/2000 Consulting
> Hollis Technology Solutions 603-321-1032
> www.hollistech.com
>
>
>
>
>
> From: xxxxx@lists.osr.com
> [mailto:xxxxx@lists.osr.com] On Behalf Of GrepAll
> Sent: Monday, January 16, 2006 8:56 PM
> To: Windows System Software Devs Interest List
> Subject: [ntdev] How to access memory using the physical address
>
>
> Hi, all
>
> I’m trying to access memory by the physical address in my driver. The
> reason why I do this is I need to get data from my bootstrap code. In
the

> bootstrap code, I first enter the 386 Protected Mode and then write some
> important data to a buffer (identified by the physical address), at last
> jump back to the original bootstrap code. Suppose the buffer won’t be
> re-written, how can I read the content of the buffer in my WinXP driver
> module?
>
> I’ve read about MmMapIoSpace function, but I don’t know how to
initialize

> the PHYSICAL_ADDRESS parameter, and it seems this function is obsolete.
>
> Any suggestion is welcome. Thanks,
> GrepAll
>
> —
> Questions? First check the Kernel Driver FAQ at
> http://www.osronline.com/article.cfm?id=256
>
> You are currently subscribed to ntdev as: unknown lmsubst tag argument:
‘’
> To unsubscribe send a blank email to xxxxx@lists.osr.com
>
> —
> Questions? First check the Kernel Driver FAQ at
> http://www.osronline.com/article.cfm?id=256
>
> You are currently subscribed to ntdev as: unknown lmsubst tag argument:
‘’
> To unsubscribe send a blank email to xxxxx@lists.osr.com
>
>

—
Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256

You are currently subscribed to ntdev as: xxxxx@utimaco.de
To unsubscribe send a blank email to xxxxx@lists.osr.com

—
Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256

You are currently subscribed to ntdev as: xxxxx@seagate.com
To unsubscribe send a blank email to xxxxx@lists.osr.com

First, not all ppl *just* use Windows. Multi-OS on one computer is very
common.
Second, not all customers can understand how secure the GINA is - they just
believe what they see.

–

Regards,
ZG [@ Sydney]
Windows Driver Developer

“Bill McKenzie” wrote in message
news:xxxxx@ntdev…
> To what end? What do you gain by having credentials entered before the
> GINA has control? Through a custom GINA it is possible to establish
> secure network connections before Windows login, there is support for
> dealing with Smart cards and such, and you can even customize the Windows
> login UI if more info is needed at login. Essentially, Winlogon is up and
> running about as early in the OS load process as you could ever want a
> network connection, so I am curious as to the need for any pre-OS handoff.
>
> Bill M.
>
> “ZG” wrote in message news:xxxxx@ntdev…
>> As I know, SafeBoot and SecureDoc have done this. I think there are some
>> people who want this feature otherwise these companies will not survive.
>>
>> –
>>
>> Regards,
>> ZG [@ Sydney]
>> Windows Driver Developer
>>
>>
>> “Bill McKenzie” wrote in message
>> news:xxxxx@ntdev…
>> This is not the way to implement single sign-on. You need to read up on
>> the Microsoft Gina DLL and Gina-stub DLLs. The user does have to
>> successfully login to the WIndows platform 1 time, but that is the only
>> requirement. From that point on, the user’s credentials can be cached for
>> pre-Windows login network verification. If you have more restrictive
>> requirements, it might be interesting to explain those further. However,
>> the GINA method has worked for the biggest names in PC platform
>> production, so I can’t imagine the customer for whom this is not
>> sufficient. Playing hand-off from a boot loader or some such to the OS,
>> is not a great idea.
>>
>> Bill M.
>> “GrepAll” wrote in message news:xxxxx@ntdev…
>> Hi,
>>
>> It’s not a platform, either a device.
>>
>> I want implement pre-boot verification function. That is, user should
>> enter his password before Windows starts, and by sharing the buffer, the
>> driver could get the password to implement single-sign-on (in fact it’s
>> useless for password verification, but it’s useful for other
>> verification, SmartCard verification for example.).
>>
>> In my research, there is about 32kb size space which Windows won’t
>> rewrite, and it’s enough as my buffer. Or we just forget the “won’t be
>> rewritten” suppose, I’m interested in how to access memory by physical
>> address.
>>
>> I check the DDK document, u r right, MmMapIoSpace is not obsolete. But
>> the HalTranslateBusAddress is obsolete. Could you please tell me how to
>> initialize the PHYSICAL_ADDRESS with a linear physical address? I’m not
>> so familar with driver development. Thanks!
>>
>> GrepAll
>>
>>
>>
>>
>>
>> From: xxxxx@lists.osr.com
>> [mailto:xxxxx@lists.osr.com] On Behalf Of Mark Roddy
>> Sent: Tuesday, January 17, 2006 12:02 PM
>> To: Windows System Software Devs Interest List
>> Subject: RE: [ntdev] How to access memory using the physical address
>>
>>
>> Massively small font there.
>>
>> MmMapIoSpace is not obsolete, but that is the least of your problems.
>> That “suppose the buffer won’t be rewritten” part, for physical memory
>> owned by the OS, is a huge problem. How do you suppose that is going to
>> happen? You initialize the PHYSICAL_ADDRESS with the linear physical
>> address of the buffer that you suppose won’t be rewritten. What exactly
>> are you bootstrapping? A platform? A device?
>> =====================
>> Mark Roddy DDK MVP
>> Windows 2003/XP/2000 Consulting
>> Hollis Technology Solutions 603-321-1032
>> www.hollistech.com
>>
>>
>>
>>
>>
>> From: xxxxx@lists.osr.com
>> [mailto:xxxxx@lists.osr.com] On Behalf Of GrepAll
>> Sent: Monday, January 16, 2006 8:56 PM
>> To: Windows System Software Devs Interest List
>> Subject: [ntdev] How to access memory using the physical address
>>
>>
>> Hi, all
>>
>> I’m trying to access memory by the physical address in my driver. The
>> reason why I do this is I need to get data from my bootstrap code. In the
>> bootstrap code, I first enter the 386 Protected Mode and then write some
>> important data to a buffer (identified by the physical address), at last
>> jump back to the original bootstrap code. Suppose the buffer won’t be
>> re-written, how can I read the content of the buffer in my WinXP driver
>> module?
>>
>> I’ve read about MmMapIoSpace function, but I don’t know how to initialize
>> the PHYSICAL_ADDRESS parameter, and it seems this function is obsolete.
>>
>> Any suggestion is welcome. Thanks,
>> GrepAll
>>
>> —
>> Questions? First check the Kernel Driver FAQ at
>> http://www.osronline.com/article.cfm?id=256
>>
>> You are currently subscribed to ntdev as: unknown lmsubst tag argument:
>> ‘’
>> To unsubscribe send a blank email to xxxxx@lists.osr.com
>>
>> —
>> Questions? First check the Kernel Driver FAQ at
>> http://www.osronline.com/article.cfm?id=256
>>
>> You are currently subscribed to ntdev as: unknown lmsubst tag argument:
>> ‘’
>> To unsubscribe send a blank email to xxxxx@lists.osr.com
>>
>>
>
>
>

Well, I don’t know for other systems but GINA is typically how it is done
here.

Second, not all customers can understand how secure the GINA is - they
just believe what they see.

Educate them.

Bill M.

“ZG” wrote in message news:xxxxx@ntdev…
> First, not all ppl just use Windows. Multi-OS on one computer is very
> common.
> Second, not all customers can understand how secure the GINA is - they
> just believe what they see.
>
> –
>
> Regards,
> ZG [@ Sydney]
> Windows Driver Developer
>
>
> “Bill McKenzie” wrote in message
> news:xxxxx@ntdev…
>> To what end? What do you gain by having credentials entered before the
>> GINA has control? Through a custom GINA it is possible to establish
>> secure network connections before Windows login, there is support for
>> dealing with Smart cards and such, and you can even customize the Windows
>> login UI if more info is needed at login. Essentially, Winlogon is up
>> and running about as early in the OS load process as you could ever want
>> a network connection, so I am curious as to the need for any pre-OS
>> handoff.
>>
>> Bill M.
>>
>> “ZG” wrote in message news:xxxxx@ntdev…
>>> As I know, SafeBoot and SecureDoc have done this. I think there are some
>>> people who want this feature otherwise these companies will not survive.
>>>
>>> –
>>>
>>> Regards,
>>> ZG [@ Sydney]
>>> Windows Driver Developer
>>>
>>>
>>> “Bill McKenzie” wrote in message
>>> news:xxxxx@ntdev…
>>> This is not the way to implement single sign-on. You need to read up on
>>> the Microsoft Gina DLL and Gina-stub DLLs. The user does have to
>>> successfully login to the WIndows platform 1 time, but that is the only
>>> requirement. From that point on, the user’s credentials can be cached
>>> for pre-Windows login network verification. If you have more
>>> restrictive requirements, it might be interesting to explain those
>>> further. However, the GINA method has worked for the biggest names in
>>> PC platform production, so I can’t imagine the customer for whom this is
>>> not sufficient. Playing hand-off from a boot loader or some such to the
>>> OS, is not a great idea.
>>>
>>> Bill M.
>>> “GrepAll” wrote in message news:xxxxx@ntdev…
>>> Hi,
>>>
>>> It’s not a platform, either a device.
>>>
>>> I want implement pre-boot verification function. That is, user should
>>> enter his password before Windows starts, and by sharing the buffer, the
>>> driver could get the password to implement single-sign-on (in fact it’s
>>> useless for password verification, but it’s useful for other
>>> verification, SmartCard verification for example.).
>>>
>>> In my research, there is about 32kb size space which Windows won’t
>>> rewrite, and it’s enough as my buffer. Or we just forget the “won’t be
>>> rewritten” suppose, I’m interested in how to access memory by physical
>>> address.
>>>
>>> I check the DDK document, u r right, MmMapIoSpace is not obsolete. But
>>> the HalTranslateBusAddress is obsolete. Could you please tell me how to
>>> initialize the PHYSICAL_ADDRESS with a linear physical address? I’m not
>>> so familar with driver development. Thanks!
>>>
>>> GrepAll
>>>
>>>
>>>
>>>
>>>
>>> From: xxxxx@lists.osr.com
>>> [mailto:xxxxx@lists.osr.com] On Behalf Of Mark Roddy
>>> Sent: Tuesday, January 17, 2006 12:02 PM
>>> To: Windows System Software Devs Interest List
>>> Subject: RE: [ntdev] How to access memory using the physical address
>>>
>>>
>>> Massively small font there.
>>>
>>> MmMapIoSpace is not obsolete, but that is the least of your problems.
>>> That “suppose the buffer won’t be rewritten” part, for physical memory
>>> owned by the OS, is a huge problem. How do you suppose that is going to
>>> happen? You initialize the PHYSICAL_ADDRESS with the linear physical
>>> address of the buffer that you suppose won’t be rewritten. What exactly
>>> are you bootstrapping? A platform? A device?
>>> =====================
>>> Mark Roddy DDK MVP
>>> Windows 2003/XP/2000 Consulting
>>> Hollis Technology Solutions 603-321-1032
>>> www.hollistech.com
>>>
>>>
>>>
>>>
>>>
>>> From: xxxxx@lists.osr.com
>>> [mailto:xxxxx@lists.osr.com] On Behalf Of GrepAll
>>> Sent: Monday, January 16, 2006 8:56 PM
>>> To: Windows System Software Devs Interest List
>>> Subject: [ntdev] How to access memory using the physical address
>>>
>>>
>>> Hi, all
>>>
>>> I’m trying to access memory by the physical address in my driver. The
>>> reason why I do this is I need to get data from my bootstrap code. In
>>> the bootstrap code, I first enter the 386 Protected Mode and then write
>>> some important data to a buffer (identified by the physical address), at
>>> last jump back to the original bootstrap code. Suppose the buffer won’t
>>> be re-written, how can I read the content of the buffer in my WinXP
>>> driver module?
>>>
>>> I’ve read about MmMapIoSpace function, but I don’t know how to
>>> initialize the PHYSICAL_ADDRESS parameter, and it seems this function is
>>> obsolete.
>>>
>>> Any suggestion is welcome. Thanks,
>>> GrepAll
>>>
>>> —
>>> Questions? First check the Kernel Driver FAQ at
>>> http://www.osronline.com/article.cfm?id=256
>>>
>>> You are currently subscribed to ntdev as: unknown lmsubst tag argument:
>>> ‘’
>>> To unsubscribe send a blank email to xxxxx@lists.osr.com
>>>
>>> —
>>> Questions? First check the Kernel Driver FAQ at
>>> http://www.osronline.com/article.cfm?id=256
>>>
>>> You are currently subscribed to ntdev as: unknown lmsubst tag argument:
>>> ‘’
>>> To unsubscribe send a blank email to xxxxx@lists.osr.com
>>>
>>>
>>
>>
>>
>
>
>

Yes, I do want to implement a sector based encrption.

1. “First, not all ppl *just* use Windows. Multi-OS on one computer is very
   common.”
   It supports only one Windows system. This can be mentioned in the User
   Manual.

2. " I dare say a few minutes with minimal tools, possibly only an XP
   install disc, booting to the repair console will resolve that problem and
   allow me access to that “un-bootable” disc. "
   Since the whole disk is encrypted, except the MBR which is stored in the
   sector other than 0, and the encrypt-key is protected by the SmartCard. I
   don’t think it is easy to read any data from the disk.

3. “What happens if user A logs in, then logs out, and user B wants to log
   in?
   Does the machine need to be rebooted?”
   I’m thinking on it.

4. “Also, please spell out “you” and “are”.”
   OK. Advice accepted!

5. “There is no guarantee that your memory address will not be overwritten.”
   I think it’s safe if I keep the data in the lowest 1MB of physical memory.
   http://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/Booko
   fSP1/e0f862a3-cf16-4a48-bea5-f2004d12ce35.mspx

GrepAll

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Peter Scott
Sent: Wednesday, January 18, 2006 1:53 AM
To: Windows System Software Devs Interest List
Subject: RE: [ntdev] How to access memory using the physical address

Right, the poster did not mention sector based encryption, this is a
completely different animal, so to speak.

Pete

Kernel Drivers
Windows Filesystem and Device Driver Consulting www.KernelDrivers.com
(303)546-0300

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Else Kluger
Sent: Tuesday, January 17, 2006 10:24 AM
To: Windows System Software Devs Interest List
Subject: Re:[ntdev] How to access memory using the physical address

“What do you gain by having credentials entered before the GINA has control”

You cannot boot - a desired effect of sector based Disk Encryption.
If you can (because your preboot credentials are ok), the SSO is just a
“side-effect” then.

Else

|---------±-------------------------------->
| | “Bill McKenzie” |
| | | | net> |
| | Sent by: |
| | bounce-235093-16691@li|
| | sts.osr.com |
| | |
| | |
| | 01/17/2006 03:25 PM |
| | Please respond to |
| | “Windows System |
| | Software Devs Interest|
| | List” |
|---------±-------------------------------->

>-----------------------------------------------------------------------
>----
--------------------------------|
|
|
| To: “Windows System Software Devs Interest List”
|
| cc:
|
| Subject: Re:[ntdev] How to access memory using the physical
address (Unsigned Mail) |

>-----------------------------------------------------------------------
>----
--------------------------------|

To what end? What do you gain by having credentials entered before the GINA
has control? Through a custom GINA it is possible to establish secure
network connections before Windows login, there is support for dealing with

Smart cards and such, and you can even customize the Windows login UI if
more info is needed at login. Essentially, Winlogon is up and running about
as early in the OS load process as you could ever want a network connection,
so I am curious as to the need for any pre-OS handoff.

Bill M.

“ZG” wrote in message news:xxxxx@ntdev…
> As I know, SafeBoot and SecureDoc have done this. I think there are
> some people who want this feature otherwise these companies will not
survive.
>
> –
>
> Regards,
> ZG [@ Sydney]
> Windows Driver Developer
>
>
> “Bill McKenzie” wrote in message
> news:xxxxx@ntdev…
> This is not the way to implement single sign-on. You need to read up
> on the Microsoft Gina DLL and Gina-stub DLLs. The user does have to
> successfully login to the WIndows platform 1 time, but that is the
> only requirement. From that point on, the user’s credentials can be
> cached for

> pre-Windows login network verification. If you have more restrictive
> requirements, it might be interesting to explain those further.
> However,

> the GINA method has worked for the biggest names in PC platform
> production, so I can’t imagine the customer for whom this is not
> sufficient. Playing hand-off from a boot loader or some such to the
> OS, is not a great idea.
>
> Bill M.
> “GrepAll” wrote in message news:xxxxx@ntdev…
> Hi,
>
> It’s not a platform, either a device.
>
> I want implement pre-boot verification function. That is, user should
> enter his password before Windows starts, and by sharing the buffer,
> the driver could get the password to implement single-sign-on (in fact
> it’s useless for password verification, but it’s useful for other
verification,
> SmartCard verification for example.).
>
> In my research, there is about 32kb size space which Windows won’t
> rewrite, and it’s enough as my buffer. Or we just forget the “won’t be
> rewritten” suppose, I’m interested in how to access memory by physical
> address.
>
> I check the DDK document, u r right, MmMapIoSpace is not obsolete. But
the
> HalTranslateBusAddress is obsolete. Could you please tell me how to
> initialize the PHYSICAL_ADDRESS with a linear physical address? I’m
> not
so
> familar with driver development. Thanks!
>
> GrepAll
>
>
>
>
>
> From: xxxxx@lists.osr.com
> [mailto:xxxxx@lists.osr.com] On Behalf Of Mark Roddy
> Sent: Tuesday, January 17, 2006 12:02 PM
> To: Windows System Software Devs Interest List
> Subject: RE: [ntdev] How to access memory using the physical address
>
>
> Massively small font there.
>
> MmMapIoSpace is not obsolete, but that is the least of your problems.
That
> “suppose the buffer won’t be rewritten” part, for physical memory
> owned
by
> the OS, is a huge problem. How do you suppose that is going to happen?
You
> initialize the PHYSICAL_ADDRESS with the linear physical address of
> the buffer that you suppose won’t be rewritten. What exactly are you
> bootstrapping? A platform? A device?
> =====================
> Mark Roddy DDK MVP
> Windows 2003/XP/2000 Consulting
> Hollis Technology Solutions 603-321-1032 www.hollistech.com
>
>
>
>
>
> From: xxxxx@lists.osr.com
> [mailto:xxxxx@lists.osr.com] On Behalf Of GrepAll
> Sent: Monday, January 16, 2006 8:56 PM
> To: Windows System Software Devs Interest List
> Subject: [ntdev] How to access memory using the physical address
>
>
> Hi, all
>
> I’m trying to access memory by the physical address in my driver. The
> reason why I do this is I need to get data from my bootstrap code. In
> the

> bootstrap code, I first enter the 386 Protected Mode and then write
> some important data to a buffer (identified by the physical address),
> at last jump back to the original bootstrap code. Suppose the buffer
> won’t be re-written, how can I read the content of the buffer in my
> WinXP driver module?
>
> I’ve read about MmMapIoSpace function, but I don’t know how to
> initialize

> the PHYSICAL_ADDRESS parameter, and it seems this function is obsolete.
>
> Any suggestion is welcome. Thanks,
> GrepAll
>
> —
> Questions? First check the Kernel Driver FAQ at
> http://www.osronline.com/article.cfm?id=256
>
> You are currently subscribed to ntdev as: unknown lmsubst tag argument:
‘’
> To unsubscribe send a blank email to xxxxx@lists.osr.com
>
> —
> Questions? First check the Kernel Driver FAQ at
> http://www.osronline.com/article.cfm?id=256
>
> You are currently subscribed to ntdev as: unknown lmsubst tag argument:
‘’
> To unsubscribe send a blank email to xxxxx@lists.osr.com
>
>

—
Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256

You are currently subscribed to ntdev as: xxxxx@utimaco.de To
unsubscribe send a blank email to xxxxx@lists.osr.com

—
Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256

You are currently subscribed to ntdev as: xxxxx@kerneldrivers.com To
unsubscribe send a blank email to xxxxx@lists.osr.com

—
Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256

You are currently subscribed to ntdev as: JungleKnight@163.com To
unsubscribe send a blank email to xxxxx@lists.osr.com

MmMapIoSpace is surely not obsolete.

Maxim Shatskih, Windows DDK MVP
StorageCraft Corporation
xxxxx@storagecraft.com
http://www.storagecraft.com

----- Original Message -----
From: “GrepAll”
To: “Windows System Software Devs Interest List”
Sent: Tuesday, January 17, 2006 4:56 AM
Subject: [ntdev] How to access memory using the physical address

> Hi, all
>
> I’m trying to access memory by the physical address in my driver. The reason
> why I do this is I need to get data from my bootstrap code. In the bootstrap
> code, I first enter the 386 Protected Mode and then write some important
> data to a buffer (identified by the physical address), at last jump back to
> the original bootstrap code. Suppose the buffer won’t be re-written, how can
> I read the content of the buffer in my WinXP driver module?
>
> I’ve read about MmMapIoSpace function, but I don’t know how to initialize
> the PHYSICAL_ADDRESS parameter, and it seems this function is obsolete.
>
> Any suggestion is welcome. Thanks,
> GrepAll
>
> —
> Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256
>
> You are currently subscribed to ntdev as: xxxxx@storagecraft.com
> To unsubscribe send a blank email to xxxxx@lists.osr.com

> HalTranslateBusAddress is obsolete. Could you please tell me how to

initialize the PHYSICAL_ADDRESS with a linear physical address?

Just stupidly use the real-mode physical address.

Maxim Shatskih, Windows DDK MVP
StorageCraft Corporation
xxxxx@storagecraft.com
http://www.storagecraft.com

Thanks, I’ll try.

GrepAll

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Maxim S. Shatskih
Sent: Wednesday, January 18, 2006 1:33 PM
To: Windows System Software Devs Interest List
Subject: Re: [ntdev] How to access memory using the physical address

HalTranslateBusAddress is obsolete. Could you please tell me how to
initialize the PHYSICAL_ADDRESS with a linear physical address?

Just stupidly use the real-mode physical address.

Maxim Shatskih, Windows DDK MVP
StorageCraft Corporation
xxxxx@storagecraft.com
http://www.storagecraft.com

Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256

You are currently subscribed to ntdev as: JungleKnight@163.com To
unsubscribe send a blank email to xxxxx@lists.osr.com