stackoom
  简体   繁体   中英

kernel mod allocate memory

 原文  2021-03-15 13:48:42       c++/ c/ driver/ windows-kernel

Question

i developing kervel driver and dell communicating with each other. try to make a snapshot function and walk function

my struct is

struct SM_MSI {
  wchar_t* Name;
  SIZE_T Size;
  uintptr_t Address;
};

in my snapshot function i do this.

        ModulesList = ExAllocatePool(PagedPool, sizeof(SM_MSI) * index);
        if (ModulesList == NULL) // check memory is allocated or not.
        {
            return STATUS_UNSUCCESSFUL;
        }
        index = 0;
        for (PLIST_ENTRY pListEntry = (PLIST_ENTRY)((PPEB_LDR_DATA)pPeb->Ldr)->InLoadOrderModuleList.Flink;
            pListEntry != &((PPEB_LDR_DATA)pPeb->Ldr)->InLoadOrderModuleList; pListEntry = (PLIST_ENTRY)pListEntry->Flink)
        {
            PLDR_DATA_TABLE_ENTRY pEntry = CONTAINING_RECORD(pListEntry, LDR_DATA_TABLE_ENTRY, InLoadOrderLinks);
            if (pEntry->BaseDllName.Buffer > 0 && pEntry->BaseDllName.Length < 256) {
                ModulesListCount = ModulesListCount + 1;

                SM_MSI temp = { 0 };
                temp.Name = (wchar_t*)ExAllocatePool(PagedPool, sizeof(wchar_t) * 256);
                if (temp.Name != NULL)
                    wcscpy_s(temp.Name, 256, pEntry->BaseDllName.Buffer);

                temp.Size = pEntry->SizeOfImage;
                temp.Address = (uintptr_t)pEntry->DllBase;

                memcpy((PVOID)((ULONG_PTR)ModulesList + ((index++) * sizeof(SM_MSI))), &temp, sizeof(SM_MSI));
            }
        }

in my walk function i do this

NTSTATUS ProcModulesWalk(OUT SM_MSI* module_sys_info) {
  if (ModulesListCount == 0)
      return STATUS_ACCESS_DENIED;

  memcpy(module_sys_info, (SM_MSI*)((ULONG_PTR)ModulesList) + ModulesListIndex++, sizeof(SM_MSI));

  if (ModulesListIndex >= ModulesListCount) {
      ModulesListCount = 0;
      ModulesListIndex = 0;

      ExFreePool(ModulesList); // free memory 
      DbgPrintEx(0, 0, "free memory\n");
  }
  return STATUS_SUCCESS;
}

when i use this functions in my driver entry(when the driver load) all work good. but when i call it from the dll all "word fine" only for 2 seconds and then i get blue screen.

when i try to remove the Name variable from the SM_MSI struct all work perfect.?! so i understand the problem is the "wchar_t* Name" but i need this name so any idea what to do?

OK GUYS i solved it i forgat to alloc memory before i send it to the dll and then to driver.

1 answers

solution1
 0  2021-03-15 14:29:14

You are trying to request your driver to find the base address and size of a module in a process given the module name. The solution is to not use a driver at all, and simply call EnumProcessModules. If the process you are trying to access has special protection, you shouldn't be tampering with it anyways; that would result in undefined behaviour.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Why malloc can not allocate huge memory in FreeBSD-x64 kernel space? Proper allocate memory for PODs Cannot allocate memory for a structure Constructor in called for allocate memory? Dynamically allocate memory for struct allocate huge memory in MFC dynamiclly allocate memory for class Is this way to allocate memory bad? How vector allocate memory new does not allocate memory
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM