hMapFile = OpenFileMappingA(FILE_MAP_WRITE, FALSE, "Global\\SharedMemoryTest");
if (!hMapFile || hMapFile == INVALID_HANDLE_VALUE)
{
printf("OpenFileMappingA(write) fail! Error: %u\n", GetLastError());
return 0;
}
pBuf = (char*)MapViewOfFile(hMapFile, FILE_MAP_WRITE, 0, 0, 4096);
if (!pBuf)
{
printf("OpenFileMappingA(write) fail! Error: %u\n", GetLastError());
return 0;
}
here is my kernel side where i setup , SID , DACL etc..
<pre> CHAR sidBuffer[SECURITY_MAX_SID_SIZE];
ULONG sidSize = 0;
ACL daclSet;
SECURITY_DESCRIPTOR SecDescriptor;
HANDLE sectionHandle;
#define SHARED_MEMORY 0x100
status = SecLookupWellKnownSid(WinBuiltinAdministratorsSid, &sidBuffer, sizeof(sidBuffer), &sidSize);
if (!NT_SUCCESS(status))
{
DbgPrintEx(0, 0, "SecLookupWellKnownSid failed: line #554\n");
SECO_DPRINT("NTSTATUS %d\n", status);
return status;
}
ULONG _sidSize = RtlLengthSid(&sidBuffer);
ACCESS_ALLOWED_ACE _testing;
ULONG _sidstartSize = sizeof(_testing.SidStart);
ULONG _ACLSize = sizeof(ACCESS_ALLOWED_ACE) - _sidstartSize + _sidSize;
status = RtlCreateAcl(&daclSet, _ACLSize + 0x10, ACL_REVISION);
if (!NT_SUCCESS(status))
{
DbgPrintEx(0, 0, "RtlCreateAcl failed: line #564\n");
SECO_DPRINT("NTSTATUS %d\n", status);
return status;
}
status = RtlAddAccessAllowedAce(&daclSet, ACL_REVISION, FILE_ALL_ACCESS, &sidBuffer);
if (!NT_SUCCESS(status))
{
DbgPrintEx(0, 0, "RtlAddAccessAllowedAce failed: line #570\n");
SECO_DPRINT("NTSTATUS %d\n", status);
return status;
}
status = RtlCreateSecurityDescriptor(&SecDescriptor, SECURITY_DESCRIPTOR_REVISION);
if (!NT_SUCCESS(status))
{
DbgPrintEx(0, 0, "RtlCreateSecurityDescriptor failed: line #576\n");
SECO_DPRINT("NTSTATUS %d\n", status);
return status;
}
status = RtlSetDaclSecurityDescriptor(&SecDescriptor, FALSE, &daclSet, TRUE);
if (!NT_SUCCESS(status))
{
DbgPrintEx(0, 0, "RtlSetDaclSecurityDescriptor failed: line #582\n");
SECO_DPRINT("NTSTATUS %d\n", status);
return status;
}
OBJECT_ATTRIBUTES objAttr;
WCHAR stringBuf[] = L"\\BaseNamedObjects\\Global\\SharedSectionKernel";
UNICODE_STRING sectionName;
RtlInitUnicodeString(§ionName, stringBuf);
InitializeObjectAttributes(&objAttr, §ionName, OBJ_CASE_INSENSITIVE, NULL, &SecDescriptor);
LARGE_INTEGER maxSize;
maxSize.QuadPart = sizeof(SHARED_MEMORY);
DbgBreakPoint();
status = ZwCreateSection(§ionHandle, SECTION_ALL_ACCESS, &objAttr, &maxSize, PAGE_READWRITE, SEC_COMMIT, NULL);
if (!NT_SUCCESS(status))
{
DbgPrintEx(0, 0, "ZwCreateSection failed: line #595\n");
SECO_DPRINT("NTSTATUS %d\n", status);
return status;
}
whoever i always fail while i try to open OpenFileMappingA with FILE_MAP_WRITE but i can open OpenFileMappingA with read access just fine and btw error code is ERROR_ACCESS_DENIED.
What I have tried:
idk what am doing wrong here i even asked a couple of people but they didn't know how to solve it either