Hello!
I’m working on adding a check for input buffers supplied by another
kernel-mode component but not a user-level process.
In user mode I can to do something like this:
__try {
memcpy(tmp_buf, input_buffer, size);
} __except(EXCEPTION_EXECUTE_HANDLER) {
…
}
or check for some magic values in input_buffer inside __try {}.
But in kernel-mode __try {} seems to be doesn’t work as I wish. I’m on
PASSIVE_LEVEL by the way and I think the problem related with the
input_buffer from PagedPool address space.
The question is is there’s a way to check by pointer and size is memory in
kernel address space readable?
Vlad
Hi Vlad
__try {
//…
}
__except(EXCEPTION_EXECUTE_HANDLER) {
DWORD dwErr = GetExceptionCode();
//…
}
works Ok in Kernel Mode
GetExceptionCode() returns exception code.
Nikolay
“Vladislav Goncharov” wrote in message
news:xxxxx@ntdev…
> Hello!
>
> I’m working on adding a check for input buffers supplied by another
> kernel-mode component but not a user-level process.
>
> In user mode I can to do something like this:
>
> __try {
>
> memcpy(tmp_buf, input_buffer, size);
>
> }__except(EXCEPTION_EXECUTE_HANDLER) {
>
> …
>
> }
>
> or check for some magic values in input_buffer inside try {}.
>
> But in kernel-mode try {} seems to be doesn’t work as I wish. I’m on
> PASSIVE_LEVEL by the way and I think the problem related with the
> input_buffer from PagedPool address space.
>
> The question is is there’s a way to check by pointer and size is memory in
> kernel address space readable?
>
> Vlad
>
>
>
There’s no good way to test the validity of a kernel-mode buffer. If
another driver hands you a bad kernel buffer then there’s a bug in that
driver.
-p
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of
Vladislav Goncharov
Sent: Wednesday, October 27, 2004 3:12 AM
To: Windows System Software Devs Interest List
Subject: [ntdev] Is given memory from kernel address space
readable? How to check?
Hello!
I’m working on adding a check for input buffers supplied by
another kernel-mode component but not a user-level process.
In user mode I can to do something like this:
__try {
memcpy(tmp_buf, input_buffer, size);
} __except(EXCEPTION_EXECUTE_HANDLER) {
…
}
or check for some magic values in input_buffer inside __try {}.
But in kernel-mode __try {} seems to be doesn’t work as I
wish. I’m on PASSIVE_LEVEL by the way and I think the problem
related with the input_buffer from PagedPool address space.
The question is is there’s a way to check by pointer and size
is memory in kernel address space readable?
Vlad
Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256
You are currently subscribed to ntdev as:
xxxxx@windows.microsoft.com To unsubscribe send a blank
email to xxxxx@lists.osr.com
> I’m working on adding a check for input buffers supplied by another
kernel-mode component but not a user-level process.
Usually there is no such checks for inside the kernel. If the caller provides
bad address - then the machine will BSOD due to caller’s fault.
ProbeForWrite cannot work for kernel addresses.
Also - at least for some boot configurations - there is no such thing as
“read-only memory” for kernel mode (Ring 0) code.
Maxim Shatskih, Windows DDK MVP
StorageCraft Corporation
xxxxx@storagecraft.com
http://www.storagecraft.com