In addition to what Arlie said:
,&Handle,sizeof(PHANDLE),
You should have sizeof(HANDLE), no “P”, the call swallows the starting
address
of something and the length of this something, not the length of a pointer
to that
something.
But lucky you are: sizeof(PHANDLE) happens to be equal to sizeof(HANDLE).
Do not test your luck ike that:-)
(HANDLE)(*InputBuf),
Instead I would try (assuming InputBuf points to the start of the buffer)
*((PHANDLE)InputBuf)
which is read by the compiler as “I know that the 4 bytes starting
at address contain a HANDLE value; extract that value”.
Your order to the compiler is different: “extract the value of a type
InputBuf points to and convert this value to a HANDLE”
See the difference?
Either you first put water in a pot and then heat it up, or
you first heat the pot up and then put water into it.
You may be lucky this time also due to little-endianness (if your InputBuf
is
of char* type and the handle value is small, which is probably the case,
like 0x30
or something, you will get the correct result), but again, let your enemies
test
their luck like that:-)
----- Original Message -----
From: “Haikun Hou”
To: “Windows System Software Devs Interest List”
Sent: Friday, February 17, 2006 3:02 AM
Subject: [ntdev] ´ð¸´: [ntdev] Is it possible to share kernel object between
driver and application?
Hello everyone:
I did like this:
In application: Since I used a smartcard device, I used ScardControl
insdead of DeviceIOControl.
DWORD dwBytesReturn = 0;
HANDLE Handle = CreateEvent( NULL, TRUE, TRUE, “share_event”);
SCardControl( CardHandle,
IOCTL_GETCANCELEVENT_HANDLE,&Handle,sizeof(PHANDLE),NULL,0,&dwBytesRetur
n);
In driver specific IOCTL case:
ntStatus = ObReferenceObjectByHandle( (HANDLE)(*InputBuf),
THREAD_ALL_ACCESS, *ExEventObjectType, UserMode, &Handles, NULL );
But the “ntStatus” is STATUS_ACCESS_DENIED. What’s the problem? I
didn’t find any issures about it in that doc.
Thank you for your attentions!
Haikun
2006-2-17
-----ÓʼþÔ¼þ-----
·¢¼þÈË: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] ´ú±í xxxxx@Home
·¢ËÍʱ¼ä: 2006Äê2ÔÂ16ÈÕ 2:54
ÊÕ¼þÈË: Windows System Software Devs Interest List
Ö÷Ìâ: Re: [ntdev] Is it possible to share kernel object between driver
and application?
> a named event, it is only created in the object name space for your
> session (unless you put the right prefix on the name)
Ok, good point.
> You are also exposing yourself to another attack by an outside
> component by creating a named object
Oh! Forgot to mention it as “obvious”.
Thanx, Doron.
----- Original Message -----
From: “Doron Holan”
To: “Windows System Software Devs Interest List”
Sent: Wednesday, February 15, 2006 1:20 PM
Subject: RE: [ntdev] Is it possible to share kernel object between
driver
and application?
When you create a named event, it is only created in the object name
space
for your session (unless you put the right prefix on the name). You are
also exposing yourself to another attack by an outside component by
creating
a named object. If you have an unnamed handle and pass it to the
driver,
there is no way for another app to open up the event object.
d
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of xxxxx@Home
Sent: Wednesday, February 15, 2006 8:00 AM
To: Windows System Software Devs Interest List
Subject: Re: [ntdev] Is it possible to share kernel object between
driver
and application?
It has been already explained how to “convert” a user-mode handle
into something usable in the kernel thru ObRefByHandle.
This is what Oney describes and Microsoft recommends, see
http://download.microsoft.com/download/e/b/a/eba1050f-a31d-436b-9281-92c
dfeae4b45/KM-UMGuide.doc
There is another approach (let’s leave overlapped ioctls alone for now),
using named objects (events etc.),
see http://www.osronline.com/article.cfm?id=108.
Just out of interest: what’s wrong with this second approach,
CreateEvent(… , “i-will-open-this-event-in-the-kernel”),
paired with IoCreateNotificationEvent, except the obvious?
By “obvious” I mean (a) your naming convention may not be good enough,
and
(b) performance issues.
Ok, what else, if anything?
----- Original Message -----
From: Yakov Kaabak
To: Windows System Software Devs Interest List
Sent: Wednesday, February 15, 2006 10:26 AM
Subject: RE: [ntdev] Is it possible to share kernel object between
driver
and application?
Yes, it is.
In user mode:
1. Create event/semaphore
2. Send handle to your driver by DeviceIoControl
In driver:
1. Apply ObReferenceObjectByHandle to received handle (while in dispatch
routine for the above DeviceIoControl)
2. Store the result (Object) and use it however you want (SetEvent,
WaitForSingleObject etc)
3. When you no longer need it, call ObDereferenceObject on it.
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Haikun Hou
Sent: Wednesday, February 15, 2006 4:59 AM
To: Windows System Software Devs Interest List
Subject: [ntdev] Is it possible to share kernel object between driver
and
application?
Hello everyone:
I want to know is it possible to share a kernel object, such as
Event/Samephore object between driver and application? As I understand,
to
use SDK API in driver is not good, but I don’t know if this is allowed ?
Any attention will be appreciated !
Haikun
2006-2-15
—
Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256
You are currently subscribed to ntdev as: unknown lmsubst tag argument:
‘’
To unsubscribe send a blank email to xxxxx@lists.osr.com
—
Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256
You are currently subscribed to ntdev as: unknown lmsubst tag argument:
‘’
To unsubscribe send a blank email to xxxxx@lists.osr.com
—
Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256
You are currently subscribed to ntdev as: unknown lmsubst tag argument:
‘’
To unsubscribe send a blank email to xxxxx@lists.osr.com
—
Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256
You are currently subscribed to ntdev as: unknown lmsubst tag argument:
‘’
To unsubscribe send a blank email to xxxxx@lists.osr.com
—
Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256
You are currently subscribed to ntdev as: xxxxx@todos.com.cn
To unsubscribe send a blank email to xxxxx@lists.osr.com
—
Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256
You are currently subscribed to ntdev as: unknown lmsubst tag argument: ‘’
To unsubscribe send a blank email to xxxxx@lists.osr.com