How to set memory attributes in kernel?

OSR_Community_User · July 23, 2007, 12:15pm

I would like to know of an equivalent to VirtualProtect() for kernelspace.

Ie, given a virtual memory range returned from ExAllocatePool, or the current memory space occupied by the driver itself in memory, how do I set the memory read/write/execute attributes - the one ultimately ending up as modifying the PTEs, in ReactOS?

Another way of asking it is: what is the internals of NtMapViewOfSection() - how does it modify the memory attributes at the page level(in terms of calling what other APIs)? NtMapViewOfSection() is only applicable for userspace buffer right?

anton_bassov · July 23, 2007, 12:40pm

> I would like to know of an equivalent to VirtualProtect() for kernelspace.

AFAIK, there is no equivalent to VirtualProtect() for the kernel address space, simply because page protection is meaningless for the kernel-mode code - once drivers have an access to CR0, they can simply clear WP flag in it, and, at this point, they will be able to write to RO pages without a slightest problem without even being bothered to modify PTEs…

Anton Bassov

Skywing · July 23, 2007, 12:47pm

MmProtectMdlSystemAddress is the only (documented) way to do something
similar to what you are asking, as far as I know.

–
Ken Johnson (Skywing)
Windows SDK MVP
http://www.nynaeve.net
wrote in message news:xxxxx@ntdev…
>I would like to know of an equivalent to VirtualProtect() for kernelspace.
>
> Ie, given a virtual memory range returned from ExAllocatePool, or the
> current memory space occupied by the driver itself in memory, how do I set
> the memory read/write/execute attributes - the one ultimately ending up as
> modifying the PTEs, in ReactOS?
>
> Another way of asking it is: what is the internals of
> NtMapViewOfSection() - how does it modify the memory attributes at the
> page level(in terms of calling what other APIs)? NtMapViewOfSection() is
> only applicable for userspace buffer right?
>

anton_bassov · July 23, 2007, 5:18pm

> MmProtectMdlSystemAddress is the only (documented) way to do something

similar to what you are asking, as far as I know.

Actually, I would rather say not “similar” but “remotely reminiscent” - you cannot use it with arbitrary range, but, instead, only with the one MDL has been already mapped to. Therefore, I did not even make this suggestion…

Anton Bassov