Windows:从用户空间访问驱动程序内存(只读)-可能吗?
[英]Windows: accessing driver memory from userspace (read only) - possible?
问题描述
Is it possible in Win7 family to read a random known location at lower 4gb of RAM from userspace application? 
在Win7系列中,是否可以从用户空间应用程序读取RAM较低4gb处的随机已知位置? The memory at that location is allocated by kernel driver. 该位置的内存是由内核驱动程序分配的。
2 个解决方案
解决方案1
2 已采纳 2011-12-29 11:45:23
I would seriously hope that this is not possible, neither under Windows 7 nor any (reasonably recent, such as NT/2k) previous version. 我将非常希望,在Windows 7和任何以前的版本(可能是最新的版本,例如NT / 2k)下,都不可能做到这一点。
If this was possible, any unprivilegued random snippet of executable code that gets on your computer somehow could trivially compromise system security, for example by reading out the drive encryption key, or authentication data of users as they log in, and whatnot. 如果可能的话,计算机上获得的任何未经特权的随机可执行代码片段都可能以某种方式微不足道地损害系统安全性,例如通过读取驱动器加密密钥或用户登录时的身份验证数据,等等。
It would not make any sense to run a webbrowser under a limited user account. 以受限的用户帐户运行Web浏览器没有任何意义。 Any exploit could just read sensible information from memory anyway. 无论如何,任何漏洞利用都可以从内存中读取明智的信息。 What programs are running, which users are logged in (and other info such as credential and encryption keys), what the firewall settings are etc etc. 正在运行什么程序,哪些用户已登录(以及其他信息,例如凭据和加密密钥),防火墙设置是什么,等等。
Of course, as Sergius said, you can always install a driver and remap memory regions so they are accessible, but there's not much the OS can do against that if you've allowed the installation of a driver. 当然,正如Sergius所说,您始终可以安装驱动程序并重新映射内存区域,以便可以访问它们,但是如果您允许安装驱动程序,则OS对此无能为力。 That's why that annoying little "do you really want?" 这就是为什么那个烦人的小“你真的想要吗?” box pops up. 框弹出。
解决方案2
1 2011-12-29 11:33:42
As I know it is impossible without a driver help in Win7. 据我所知,如果没有Win7中的驱动程序帮助,这是不可能的。 From a driver you can map a required memory to a user-mode address space or provide IOCLT for memory reading. 从驱动程序,您可以将所需的内存映射到用户模式地址空间,或提供IOCLT进行内存读取。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.