保存
在DDK的例子Mapmem中,用ZwMapViewOfSection将物理地址映射到App空间,该函数能否将系统地址映射到App空间?
我尝试着做了一下,但返回invalid_view_size,好像length给的不对。各位大侠帮忙看看啊。
PVOID
GetUserAddressFromSystemAddress(IN PVOID iSystemAddress,///系统地址
IN ULONG iBufferLength ///地址空间长度
)
{
UNICODE_STRING systemMemoryUnicodeString;
OBJECT_ATTRIBUTES objectAttributes;
HANDLE systemMemoryHandle = NULL;
PVOID systemMemorySection = NULL;
NTSTATUS ntStatus;
PVOID virtualAddress;
ULONG length=iBufferLength;
LARGE_INTEGER lSystemAddress;
KIRQL irql=KeGetCurrentIrql();
RtlInitUnicodeString (&systemMemoryUnicodeString,
L\"\\\\Device\\\\SystemMemory\");
InitializeObjectAttributes(&objectAttributes,///OUT
&systemMemoryUnicodeString, ///the ObjectName
OBJ_CASE_INSENSITIVE, the Attributes
(HANDLE) NULL,
(PSECURITY_DESCRIPTOR) NULL);
ntStatus = ZwOpenSection(&systemMemoryHandle, //SectionHandle OUT
SECTION_ALL_ACCESS,///DesireAccess
&objectAttributes);///ObjectAttributes
if (!NT_SUCCESS(ntStatus))
{
return NULL;
}
ntStatus = ObReferenceObjectByHandle (systemMemoryHandle,//got by ZwOpenSection
SECTION_ALL_ACCESS,
(POBJECT_TYPE) NULL,
KernelMode,
&systemMemorySection,//OUT Pointer to the object bocy
(POBJECT_HANDLE_INFORMATION) NULL);
///OUT points to the struture receives the handle attributes
///and the granted access rights for the object
if (!NT_SUCCESS(ntStatus))
{
goto close_handle;
}
virtualAddress = NULL;
///存放Driver分配的系统地址
lSystemAddress.QuadPart=(LONGLONG)iSystemAddress;
// Map the section
ntStatus = ZwMapViewOfSection(systemMemoryHandle,
(HANDLE) -1,
&virtualAddress,
0L,///IN ZeroBits
length,
&lSystemAddress,
&length,
ViewShare,
0,
PAGE_READWRITE | PAGE_NOCACHE);
if (!NT_SUCCESS(ntStatus))
{
goto close_handle;
}
//
return virtualAddress;
close_handle:
ZwClose (systemMemoryHandle);
return NULL;
}
扫一扫
792
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
