ZwCreateSection protection problem

OSR_Community_User · July 19, 2001, 11:49am

Hello all!

If i create at driver level a section with ZwCreateSection, is there any
way to grant access it for a user level process? When i try to open it
with OpenFileMapping() i get an Access Denied error code.

Thanks in advance for any help

You are currently subscribed to ntfsd as: $subst(‘Recip.EmailAddr’)
To unsubscribe send a blank email to leave-ntfsd-$subst(‘Recip.MemberIDChar’)@lists.osr.com

OSR_Community_User · July 19, 2001, 12:21pm

You have to build “Security Descriptor” which allows it
and pass it to ZwCreateSection in the SecurityDescriptor
field of ObjectAttributes argument. Use some Rtl routines
like like RtlCreateSecurity, RtlCreateAcl, RtlAddAccessAllowedAce,
RtlSetDaclSecurityDescriptor and so on. The description
of those routines can be found in MSDN Library, but not
for Nt Rtl API, but for Win32 API. But the name of the
routine (except Rtl prefix), arguments and functionality
are mostly the same.

Hope this helps

Paul

PS: There is some example how to build such descriptor
using Rtl on the www.sysinternals.com, DevSec - IIRC.

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com]On Behalf Of Illes Attila
Sent: Thursday, July 19, 2001 5:46 PM
To: File Systems Developers
Subject: [ntfsd] ZwCreateSection protection problem

Hello all!

If i create at driver level a section with ZwCreateSection, is there any
way to grant access it for a user level process? When i try to open it
with OpenFileMapping() i get an Access Denied error code.

Thanks in advance for any help

You are currently subscribed to ntfsd as: xxxxx@compelson.com
To unsubscribe send a blank email to leave-ntfsd-$subst(‘Recip.MemberIDChar’)@lists.osr.com

You are currently subscribed to ntfsd as: $subst(‘Recip.EmailAddr’)
To unsubscribe send a blank email to leave-ntfsd-$subst(‘Recip.MemberIDChar’)@lists.osr.com

OSR_Community_User · July 19, 2001, 2:33pm

Please refer to the “mapmem” sample in the NT4DDK which demonstrates
that functionality. Alternatively, try using the MmMapLockedPages
function instead.

Regards,
Youssef

-----Original Message-----
From: Illes Attila [mailto:xxxxx@ktk.bme.hu]
Sent: Thursday, July 19, 2001 8:46 AM
To: File Systems Developers
Subject: [ntfsd] ZwCreateSection protection problem

Hello all!

If i create at driver level a section with ZwCreateSection, is there any
way to grant access it for a user level process? When i try to open it
with OpenFileMapping() i get an Access Denied error code.

Thanks in advance for any help

You are currently subscribed to ntfsd as: xxxxx@microsoft.com
To unsubscribe send a blank email to leave-ntfsd-$subst(‘Recip.MemberIDChar’)@lists.osr.com

You are currently subscribed to ntfsd as: $subst(‘Recip.EmailAddr’)
To unsubscribe send a blank email to leave-ntfsd-$subst(‘Recip.MemberIDChar’)@lists.osr.com