编码Windows驱动程序时,mmmprobeandlockpages()失败
我正在编码Windows驱动程序。
我尝试使用 mmmprobeandlockpages() https://learn.microsoft.com/en-us/windows-hardware/windows-hardware/drivers/ddi/wdm/wdm/nf-wdm/nf-wdm/nf-wdm-mmmmprobeandlockpages
ioallocatemdl()。然后,我探讨虚拟内存页面。代码就像:
PMDL pMdl = IoAllocateMdl(Dest, (ULONG)Size, FALSE, FALSE, NULL);
if (pMdl) {
__try {
MmProbeAndLockPages(pMdl, KernelMode, IoModifyAccess);
MmUnlockPages(pMdl);
}
__except (EXCEPTION_EXECUTE_HANDLER) {
status = GetExceptionCode();
}
IoFreeMdl(pMdl);
}
我还尝试使用 kestackattachprocess()尝试将其附加到该过程上,但没有效果。
dest 变量是 userland 过程的pvoid。该地址有效,因为我可以从中阅读。
您是否有一个想法,为什么 mmmprobeandlockpages()失败,而我的代码则进入 分支?
异常代码是 0xc0000005 (这是违规访问),但我指定 ioModifyAccess/iowriteaccess ,我应该能够从内尔兰德(Kernelland)写信给userland流程,对吗?
即使我解开CR0的WP位,它也行不通...嗡嗡声发生了一些奇怪的事情,
我正在使用Windows 10.0.19044
谢谢
。
I am coding a windows driver.
I try to probes a Virtual Memory Page using MmProbeAndLockPages() https://learn.microsoft.com/en-us/windows-hardware/drivers/ddi/wdm/nf-wdm-mmprobeandlockpages
First I allocate the MDL using IoAllocateMdl(). Then I probes the virtual memory page. The code is like :
PMDL pMdl = IoAllocateMdl(Dest, (ULONG)Size, FALSE, FALSE, NULL);
if (pMdl) {
__try {
MmProbeAndLockPages(pMdl, KernelMode, IoModifyAccess);
MmUnlockPages(pMdl);
}
__except (EXCEPTION_EXECUTE_HANDLER) {
status = GetExceptionCode();
}
IoFreeMdl(pMdl);
}
I also tried to attach to the process using KeStackAttachProcess() but it has no effect.
The Dest variable is a PVOID to a userland process' address. The address is valid because I can read from it.
Do you have an idea why MmProbeAndLockPages() failed and my code goes into the except branch?
The exception code is 0xC0000005 (which is an access violation) but I specified IoModifyAccess/IoWriteAccess and I should be able to write to a userland process from kernelland, right?
Even when I unset the WP bit of cr0, it doesn't work ... hum something weird is happening
I am using a windows 10.0.19044
Thanks
regards
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
我必须将
iOmodifyAccess更改为ioreadAccess。然后调用
mmprotectmdlsystemaddress()page_readwrite 。I have to change
IoModifyAccesstoIoReadAccess.Then to call
MmProtectMdlSystemAddress()withPAGE_READWRITE.