Tom's Hardware > Forum > Windows XP > Device Driver > What about mapping sections to system addresses?

What about mapping sections to system addresses?

Forum Windows XP : Device Driver - What about mapping sections to system addresses?

Tom's Hardware: Over 1.4 million members in 6 different countries available to answer all your high-tech questions. Sign up now! Its free!
Ask the community Add a reply
Word :    Username :           
 
alex   07-14-2004 at 02:47:50 AM

Archived from groups: microsoft.public.development.device.drivers,microsoft.public.windowsxp.device_driver.dev (More info?)

 

I have a small piece of code which creates section for ntdll.dll and maps it
to the system addresses. But W2K and XP after running this code becomes
unable to run new processes. It looks like ntdll.dll completely unmapped
from the system.
But on Windows Server 2003 all seems work fine.

If comment out calls to MmMapViewInSystemSpace/MmUnmapViewInSystemSpace then
all is okay.
If SEC_IMAGE substitute to SEC_COMMIT then again all is okay.

What is wrong?


NTSTATUS foo( VOID )
{
UNICODE_STRING FileName;
OBJECT_ATTRIBUTES ObjectAttributes;
IO_STATUS_BLOCK IoStatusBlock;
PVOID SectionObject;
HANDLE FileHandle;
HANDLE SectionHandle;
PVOID Base;
UINT Size;
NTSTATUS Status;

RtlInitUnicodeString( &FileName, L"\\SystemRoot\\system32\\ntdll.dll" );

InitializeObjectAttributes(
&ObjectAttributes,
&FileName,
OBJ_CASE_INSENSITIVE | OBJ_KERNEL_HANDLE,
NULL,
NULL );

Status = ZwCreateFile(
&FileHandle,
GENERIC_READ,
&ObjectAttributes,
&IoStatusBlock,
NULL,
0,
FILE_SHARE_READ | FILE_SHARE_WRITE | FILE_SHARE_DELETE,
FILE_OPEN,
0,
NULL,
0 );

if( Status != STATUS_SUCCESS )
{
return Status;
}

InitializeObjectAttributes(
&ObjectAttributes,
NULL,
OBJ_KERNEL_HANDLE,
NULL,
NULL );

Status = ZwCreateSection(
&SectionHandle,
SECTION_MAP_READ,
&ObjectAttributes,
NULL,
PAGE_READONLY,
0x01000000, // SEC_IMAGE
FileHandle );

if( Status != STATUS_SUCCESS )
{
ZwClose( FileHandle );
return Status;
}

Status = ObReferenceObjectByHandle(
SectionHandle,
SECTION_MAP_READ,
NULL,
KernelMode,
&SectionObject,
NULL );

if( Status != STATUS_SUCCESS )
{
ZwClose( SectionHandle );
ZwClose( FileHandle );
return Status;
}

Base = NULL;
Size = 0;
Status = MmMapViewInSystemSpace( SectionObject, &Base, &Size );

ObDereferenceObject( SectionObject );

if( Status != STATUS_SUCCESS )
{
ZwClose( SectionHandle );
ZwClose( FileHandle );
return Status;
}


MmUnmapViewInSystemSpace( Base );

ZwClose( SectionHandle );
ZwClose( FileHandle );

return STATUS_SUCCESS;
}

Add a reply
Sponsored Links
Register or log in to remove.
Ask the community Add a reply
Tom's Hardware > Forum > Windows XP > Device Driver > What about mapping sections to system addresses?
Go to:

There are 985 identified and unidentified users. To see the list of identified users, Click here.

Forum map
Bestofmedia Forum ©
2000-2009 Bestofmedia Group
Page generated in 0.354 seconds
Please mind

You are about to answer a thread that has been inactive for more than 6 months.
If you still wish to proceed, please ensure that your posting is original and does not duplicate or overlap any prior responses to this thread.

Add a reply Cancel
Sponsored links
  • Ask the community now
  • Publish
Ad
Related Topics
See all relatives topics
They won a badge
Join us in greeting them
How do I win badges?