Something I forgot to mention: Strictly speaking, the expression “new
char[sizeof(TEMP) + sizeOfFile]” is not correct, because it fails to
account for the overlap caused by “char data[1].” In the interest of
simplifying the expression, I left it out the adjustment.
mm
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Martin O’Brien
Sent: Thursday, August 02, 2007 06:56
To: Windows System Software Devs Interest List
Subject: RE: [ntdev] Ioctl question
Just to clarify a little bit, the problem is that you are passing a
pointer, whether or not you include the length. This is a problem
because the kernel does not have any way to know how to go about locking
down the memory to which it points. Actually, to be precise, it has no
idea that it is a pointer in the first place. This all assumes that you
are using METHOD_BUFFERED. There are ways to pass pointers like this,
but they are more complicated and you have to do the validation and
locking. For what you are doing, these would probably be overkill and
more work. The best solution to this, in my opinion, is what Mark
suggested last: flatten everything out in to an array. That is, say
your file is 512 bytes long, pass it as char[512]. This poses a problem
in C, as one can not declare arrays dynamically like this directly.
Instead, the common but unattractive work around is to do something like
this:
struct
{
int length;
.
.
.
char data[1];
} TEMP;
char * buffer = new char[sizeof(TEMP) + sizeOfFile];
TEMP * info = (TEMP *) buffer;
Declaring data as having one member satisfies the compiler, and the
casting of the correct size buffer allows you to use the structure
definition.
You don’t want to process the file in kernel mode unless you have
another good reason to do so; doing it just to get around the pointer
issue is, in my opinion, a very bad idea.
Good luck,
mm
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Mark S. Edwards
Sent: Thursday, August 02, 2007 03:54
To: Windows System Software Devs Interest List
Subject: Re: [ntdev] Ioctl question
Bad idea.
- No length parameter means you can’t safely validate the data. Can
cause overruns and be susceptible to easy attack
- Complications for 64-bit.
Since you say its a file, why not pass the filename down instead and
have the kernel process it directly ? Alternative, pass the file handle
from user mode if you don’t want to do the file open in kernel mode.
Another solution might be to memory map the file.
If it’s only simple processing on a small file, send the contents of the
file in the Ioctl as a char array. This is the easiest of them all to
handle in kernel mode.
So many better and safer ways than what you are proposing.
Mark.
At 07:41 AM 8/2/2007, Andrey Kamchatnikov wrote:
Hi,
I have one question regarding Ioctl.
I have a structure:
typedef struct{
…
unsigned char * Data;
…
}myStruct, *PmyStruct;
Question: can I use (unsigned char * Data) type to send it to the driver
(originally it’s a binary file).
Thank you,
Andrew
NTDEV is sponsored by OSR
For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars
To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer
NTDEV is sponsored by OSR
For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars
To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer