NtQueryObjectSecurity()/NtSetObjectSecurity()

Hi everyone

There’s a problem: NT 4.0 NTOSKRNL doesn’t export ZwSetSecurityObject(), so
I’ve to use NtSetSecurityObject(). But it returns STATUS_ACCESS_VIOLATION
while I’m passing buffer allocated at user process context (by
ZwAllocateVirtualMemory()). Any suggestions?

Thanx.

Hi Alexey !

The NtSetSecurityObject routine has three arguments:

  1. The Object Handle (which is not a pointer)
  2. The Security Information (which is also not a pointer)
  3. The Security Desscriptor

The only one difference between ZwSetSecurityObject and
NtSetSecurityObject (called by kernel mode code) is
in the thread context versus the third argument.
When the current thread’s previous mode is KernelMode
you can pass in a pointer to any virtual address, while
when the previous mode is UserMode, valid addresses
are restricted to the user mode ones (below or
equal to MM_HIGHEST_USER_ADDRESS).

But in your case you are passing the user mode address
as the third argument, so the routine’s functionality is
not affected by the thread’s previous mode.

Thus the bug probably will be in anything else.

I reccomend to debug (trace) the call into the routine
to find out what’s going wrong.
(My guess is some error in the SECURITY_DESCRIPTOR
structure itself - there are pointers in it).

Paul

-----P?vodn? zpr?va-----
Od: xxxxx@storactive.com
[SMTP:xxxxx@storactive.com]
Odesl?no: 21. ?ervence 2000 5:47
Komu: NT Developers Interest List
P?edm?t: [ntdev] NtQueryObjectSecurity()/NtSetObjectSecurity()

Hi everyone

There’s a problem: NT 4.0 NTOSKRNL doesn’t export ZwSetSecurityObject(),
so
I’ve to use NtSetSecurityObject(). But it returns STATUS_ACCESS_VIOLATION
while I’m passing buffer allocated at user process context (by
ZwAllocateVirtualMemory()). Any suggestions?

Thanx.


You are currently subscribed to ntdev as: xxxxx@sodatsw.cz
To unsubscribe send a blank email to $subst(‘Email.Unsub’)