C++ function for "kernel memory check" before accessing

Question

1.00/5 (2 votes)

See more:

I am developing a simple device driver for study. With a lot of testing, I am creating so many errors which finally leads my computer to blue screen. I am sure that the reason for this is memory crash. So now I want to check if my code can access to Kernel memory before going further.
My question is what function can check whether it is accessible or not in kernel memory. For instance, there is a pointer structure with two fields and I want to access the first field which is also a pointer but do now know whether it really has an accessible value or just trash value.
In this given context, I need to check it out to make sure that I am not getting blue screen.
Thanks in advance!

What I have tried:

-------------------------------------------------------------

Posted 3-Aug-17 3:11am

MinYoung Lee

Updated 4-Aug-17 21:26pm

Add a Solution

Comments

Richard MacCutchan 3-Aug-17 10:40am

In kernel mode it is difficult to do this, as you have access to kernel memory, so it is easy to trash the system. You just need to do more desk checking of your code. There are various code analysis tools available; check via Google.

MinYoung Lee 3-Aug-17 10:45am

Yeah, I have to.. I'm still trying to figure out and I forgot to mention what OS, language I am using. C++, Windows7 they are.

Dave Kreskowiak 3-Aug-17 10:53am

In kernel mode, you can go anywhere and do anything, so really, what's "invalid" in this context? Nothing...

MinYoung Lee 3-Aug-17 11:40am

Yes, Dave Kreskowiak you are right. So I am considering to set the range of kernel memory to see if it is valid or has accessible values. I am new to this kernel programming, feel really challenging but interesting.

Dave Kreskowiak 3-Aug-17 11:53am

You're looking at this the wrong way. Since, in the kernel, EVERYTHING IS VALID AND ACCESSIBLE, it's not so much that you can't get a value, it's that you're getting a value that makes no sense to your code, which causes the crash.

You may think that your pointer is correct when it's actually pointing to somewhere else you didn't expect, returning a value your code didn't expect, working on that value, resulting in the crash.

MinYoung Lee 3-Aug-17 23:01pm

Yes, I totally agree with you. I spent a lot of time to fix this problem yesterday and I finally found out what was wrong with my code. It was exactly what you are saying. All I need to do was just check if my pointer was pointing the right value or not.

1 solution

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

**`Randor`** · Answer 1 · 2017-08-04T21:26:00

Hi,

Your question is unclear. You need to specify who allocated the buffer... usermode or kernelmode? Also you need to clarify which ring is reading the buffer... usermode or kernelmode.

I think you may be looking for the MmIsAddressValid function[^].

If the buffer you are passing to kernelmode has come from a usermode application you may need to call the ProbeForRead function[^] to validate read access to buffers that are allocated in user space.

Best Wishes,
-David Delaune