memory access scheme

Hello.

I would like to ask you for guidelines for accessing memory in kernel mode.

  1. Assuming I have to access kernel paged memory. Can I just read this memory at passive level w/o _try/_except block? If no - what are aprticular cases in which it would not work?

  2. Same as 1. but for user mode memory (assuming passive level and reading memory from process in which context kernel mode code is executing)

  3. What for are __try/__except block?

  4. When locking of memory (Mm* functions) and MDLs should be used?

I’m sorry for that big amount of questions, but I would like to organize this things…

thank you very much for help

  1. To access paged memory you allocated or some other driver allocated for you (and you trust that other driver) you don’t need try/except block. try/except will not do you any good, anyway, because access to invalid kernel address is always a bugcheck.

  2. To access memory in user space, provided by the user, you need try/except block, because usermode code cannot be trusted. If the memory is invalid, you want that caught without crashing the box.

  3. try/except allows you to catch accesses to invalid usermode addresses.

  4. You need to lock memory when you’re going to access the buffer outside of the IRP dispatch handler. The buffers provided by ReadFile/WriteFile/DeviceIoControl are usually already locked, unless METHOD_NEITHER is used. You only need to lock the buffers explicitly with METHOD_NEITHER IOCTL, and if the application passes an embedded pointer in DeviceIoControl input data structure.