Click here to Skip to main content
15,867,568 members
Please Sign up or sign in to vote.
0.00/5 (No votes)
See more:
hMapFile = OpenFileMappingA(FILE_MAP_WRITE, FALSE, "Global\\SharedMemoryTest");
	if (!hMapFile || hMapFile == INVALID_HANDLE_VALUE)
	{
		printf("OpenFileMappingA(write) fail! Error: %u\n", GetLastError());
		return 0;
	}

	pBuf = (char*)MapViewOfFile(hMapFile, FILE_MAP_WRITE, 0, 0, 4096);
	if (!pBuf)
	{
		printf("OpenFileMappingA(write) fail! Error: %u\n", GetLastError());
		return 0;
	}


here is my kernel side where i setup , SID , DACL etc..

<pre>    CHAR sidBuffer[SECURITY_MAX_SID_SIZE];
    ULONG sidSize = 0;
    ACL daclSet;
    SECURITY_DESCRIPTOR SecDescriptor;
    HANDLE sectionHandle;
#define SHARED_MEMORY 0x100
 
 
    status = SecLookupWellKnownSid(WinBuiltinAdministratorsSid, &sidBuffer, sizeof(sidBuffer), &sidSize); // Looks up for administrator account SID and returns to buffer
    if (!NT_SUCCESS(status))
    {
        DbgPrintEx(0, 0, "SecLookupWellKnownSid failed: line #554\n");
        SECO_DPRINT("NTSTATUS %d\n", status);
        return status;
    }
    ULONG _sidSize = RtlLengthSid(&sidBuffer); // Get size of SID we want to add to DACL
    ACCESS_ALLOWED_ACE _testing; // Allocate structure for sizing
    ULONG _sidstartSize = sizeof(_testing.SidStart); //Get size of ULONG SidStart in ACCESS_ALLOWED_ACE
    ULONG _ACLSize = sizeof(ACCESS_ALLOWED_ACE) - _sidstartSize + _sidSize; // Calculate full ACL size for ACL
    status = RtlCreateAcl(&daclSet, _ACLSize + 0x10, ACL_REVISION); //Create ACL using the ACL size
    if (!NT_SUCCESS(status))
    {
        DbgPrintEx(0, 0, "RtlCreateAcl failed: line #564\n");
        SECO_DPRINT("NTSTATUS %d\n", status);
        return status;
    }
    status = RtlAddAccessAllowedAce(&daclSet, ACL_REVISION, FILE_ALL_ACCESS, &sidBuffer); //Add SID to ACL
    if (!NT_SUCCESS(status))
    {
        DbgPrintEx(0, 0, "RtlAddAccessAllowedAce failed: line #570\n");
        SECO_DPRINT("NTSTATUS %d\n", status);
        return status;
    }
    status = RtlCreateSecurityDescriptor(&SecDescriptor, SECURITY_DESCRIPTOR_REVISION); //Initialize Security Descriptor
    if (!NT_SUCCESS(status))
    {
        DbgPrintEx(0, 0, "RtlCreateSecurityDescriptor failed: line #576\n");
        SECO_DPRINT("NTSTATUS %d\n", status);
        return status;
    }
    status = RtlSetDaclSecurityDescriptor(&SecDescriptor, FALSE, &daclSet, TRUE); //Add DACL to Security Descriptor
    if (!NT_SUCCESS(status))
    {
        DbgPrintEx(0, 0, "RtlSetDaclSecurityDescriptor failed: line #582\n");
        SECO_DPRINT("NTSTATUS %d\n", status);
        return status;
    }
    OBJECT_ATTRIBUTES objAttr; //Allocate object attribute structure
    WCHAR stringBuf[] = L"\\BaseNamedObjects\\Global\\SharedSectionKernel"; //Allocate buffer for name of shared memory
    UNICODE_STRING sectionName; // Allocate UNICODE_STRING for section name
    RtlInitUnicodeString(§ionName, stringBuf); // Initialize UNICODE_STRING with buffer
    InitializeObjectAttributes(&objAttr, §ionName, OBJ_CASE_INSENSITIVE, NULL, &SecDescriptor); // Initialize OBJECT_ATTRIBUTES using section name and security descriptor
    LARGE_INTEGER maxSize; // Allocate max size structure
    maxSize.QuadPart = sizeof(SHARED_MEMORY); // Set quad part to size of shared memory structure
    DbgBreakPoint();
    status = ZwCreateSection(§ionHandle, SECTION_ALL_ACCESS, &objAttr, &maxSize, PAGE_READWRITE, SEC_COMMIT, NULL); // Create section with section handle, object attributes, and the size of shared mem struct
    if (!NT_SUCCESS(status))
    {
        DbgPrintEx(0, 0, "ZwCreateSection failed: line #595\n");
        SECO_DPRINT("NTSTATUS %d\n", status);
        return status;
    }


whoever i always fail while i try to open OpenFileMappingA with FILE_MAP_WRITE but i can open OpenFileMappingA with read access just fine and btw error code is ERROR_ACCESS_DENIED.

What I have tried:

idk what am doing wrong here i even asked a couple of people but they didn't know how to solve it either
Posted

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)



CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900