You need to adjust the DACL of the section object in the kernel code. For a
quick test, try this:
Create the section object as you have done and then:
PVOID sec_obj;
ObReferenceObjectByHandle
(
sec_handle,
SECTION_ALL_ACCESS,
NULL,
KernelMode,
&sec_obj,
0
);E
PSECURITY_DESCRIPTOR secure_desc;
BOOLEAN allocated;
ObGetObjectSecurity(sec_obj, &secure_desc, &allocated);
RtlSetDaclSecurityDescriptor(secure_desc, FALSE, NULL, FALSE);
ObReleaseObjectSecurity(secure_desc, allocated);
ObDereferenceObject(sec_obj);
SIZE_T view_size = your buffer size goes here;
status = ZwMapViewOfSection
(
sec_handle,
ZwCurrentProcess(),
&userMem,
0L,
view_size,
NULL,
&view_size,
ViewUnmap,
0,
PAGE_READWRITE
);
// It is safe to close the section object handle once mapping has
// been established. This way, we do not have to maintain the handle
// or cleanup on teardown.
ZwClose(sec_handle);
ᐧ
On Wed, Apr 29, 2015 at 1:57 PM, Tim Roberts wrote:
> xxxxx@gmail.com wrote:
> > I need to develop a driver that shares memory to user programs I’ve
> tryed many ways to do this but without results; the last I’m trying is to
> MapViewOfFile the portion of memory allocated in the kernel. I’ve done it
> like this:
> > …
> > then I’ve send an IOCTL to the driver to write in DbgPrint what I’ve
> written in the memory but it won’t change.
> >
> > I’ve started 2 days ago and now I don’t know where to bump my head to
> solve this, anyone have any idea of what I’m doing wrong?
> >
> > I’m a newbie in this kind of architecture so pardon me if I’m asking a
> dumb question,
>
> It’s not a dumb question, but it is frequently asked. In general,
> sharing memory like this is almost always a bad solution. It is a
> security exposure, because user-mode processes are not protected. It’s
> better to pass your data through ioctls, just like the traditional
> driver model. That way, the I/O manager keeps track of locking and
> unlocking.
>
> If you can describe in a bit more detail WHY you think you need this,
> perhaps we can help you zero in on a good solution.
>
> –
> Tim Roberts, xxxxx@probo.com
> Providenza & Boekelheide, Inc.
>
>
> —
> NTDEV is sponsored by OSR
>
> Visit the list at: http://www.osronline.com/showlists.cfm?list=ntdev
>
> OSR is HIRING!! See http://www.osr.com/careers
>
> For our schedule of WDF, WDM, debugging and other seminars visit:
> http://www.osr.com/seminars
>
> To unsubscribe, visit the List Server section of OSR Online at
> http://www.osronline.com/page.cfm?name=ListServer
>
–
Jamey Kirby
Disrupting the establishment since 1964
This is a personal email account and as such, emails are not subject to
archiving. Nothing else really matters.