flat assembler
Message board for the users of flat assembler.

Index > Windows > Some crazy things with OpenFileMapping & CreateFileMapping

Author
Thread Post new topic Reply to topic
Roman



Joined: 21 Apr 2012
Posts: 1701
Roman 14 Jan 2024, 18:13
Fasmw 1.73
32bits windows 10
1) I run CreateFileMapping.exe than OpenFileMapping.exe work fine.
2) I run CreateFileMapping.exe than dx.exe and always get 0 from OpenFileMappingA

Two exe files work fine.
First do CreateFileMapping.exe
Second OpenFileMapping.exe

File dx.exe not do OpenFileMapping, return always 0

All three exe files in the same folder.

Second and third exe files do tha same(equal code IDA Pro show). But dx.exe always get 0
Image
Post 14 Jan 2024, 18:13
View user's profile Send private message Reply with quote
Roman



Joined: 21 Apr 2012
Posts: 1701
Roman 14 Jan 2024, 18:43
Post 14 Jan 2024, 18:43
View user's profile Send private message Reply with quote
macomics



Joined: 26 Jan 2021
Posts: 913
Location: Russia
macomics 14 Jan 2024, 19:34
Can you give a little more information? For example, what is the value of GetLastError after OpenFileMapping in dx.exe. This value will show debugger even without adding a call to this function. If you use IDA 7+, then it has its own debugger.
Post 14 Jan 2024, 19:34
View user's profile Send private message Reply with quote
Roman



Joined: 21 Apr 2012
Posts: 1701
Roman 14 Jan 2024, 22:00
Post 14 Jan 2024, 22:00
View user's profile Send private message Reply with quote
macomics



Joined: 26 Jan 2021
Posts: 913
Location: Russia
macomics 14 Jan 2024, 23:42
The fact is that you have an error in the name for CreateFileMapping / OpenFileMapping. Escaping is used to create a string in C/C++, and in the source program the double \ will turn into a single one in the binary program. In your program, the name is set with two \ which leads to an error and you get the code 0. The option when you pass a pointer to a pointer leads to the fact that the object is not placed in the Global section, but gets a name different from the expected one. Objects outside the Global section are not visible in different processes. Try to do this
Code:
; CreateFileMapping.asm
format PE GUI 5.0 at 0x00010000
include "win32a.inc"
section '.idata' import data readable writeable
library kernel32, 'KERNEL32.DLL',user32,'USER32.DLL'
include 'API\KERNEL32.INC'
include 'API\USER32.INC'
section '.text' code readable executable
entry $
      BUFFSIZ = 4096 ; One page
      invoke CreateFileMapping, INVALID_HANDLE_VALUE, NULL, PAGE_READWRITE, 0, BUFFSIZ, p_Name
      mov    [hMapping], eax
      invoke MapViewOfFile, eax, FILE_MAP_ALL_ACCESS, 0, 0, BUFFSIZ
      mov    [lpMapBuff], eax
      mov    byte [eax +  0], 'H'
      mov    byte [eax +  1], 'e'
      mov    byte [eax +  2], 'l'
      mov    byte [eax +  3], 'l'
      mov    byte [eax +  4], 'o'
      mov    byte [eax +  5], ' '
      invoke MessageBox, HWND_DESKTOP, a_Msg0, a_Title, MB_OK
      mov    eax, [lpMapBuff]
      mov    byte [eax +  6], 'w'
      mov    byte [eax +  7], 'o'
      mov    byte [eax +  8], 'r'
      mov    byte [eax +  9], 'l'
      mov    byte [eax + 10], 'd'
      invoke MessageBox, HWND_DESKTOP, a_Msg1, a_Title, MB_OK
      invoke UnmapViewOfFile, [lpMapBuff]
      invoke CloseHandle, [hMapping]
      invoke MessageBox, HWND_DESKTOP, a_Msg2, a_Title, MB_OK
      invoke ExitProcess, 0

section '.data' data readable writeable
p_Name               db 'Global\MyFileMappingObject22', 0
a_Title              db 'CreateFileMapping', 0
a_Msg0               db 'Wait 0', 0
a_Msg1               db 'Wait 1', 0
a_Msg2               db 'Close', 0
align 4
hMapping             rd 1
lpMapBuff            rd 1    
Code:
; OpenFileMapping.asm
format PE GUI 5.0 at 0x00010000
include "win32a.inc"
section '.idata' import data readable writeable
library kernel32, 'KERNEL32.DLL',user32,'USER32.DLL'
include 'API\KERNEL32.INC'
include 'API\USER32.INC'
section '.text' code readable executable
entry $
      BUFFSIZ = 4096 ; One page
      invoke OpenFileMapping, FILE_MAP_ALL_ACCESS, FALSE, p_Name
      mov    [hMapping], eax
      invoke MapViewOfFile, eax, FILE_MAP_ALL_ACCESS, 0, 0, BUFFSIZ
      mov    [lpMapBuff], eax
      invoke MessageBox, HWND_DESKTOP, eax, a_Title, MB_OK
      invoke MessageBox, HWND_DESKTOP, [lpMapBuff], a_Title, MB_OK
      invoke UnmapViewOfFile, [lpMapBuff]
      invoke CloseHandle, [hMapping]
      invoke MessageBox, HWND_DESKTOP, a_Msg0, a_Title, MB_OK
      invoke ExitProcess, 0

section '.data' data readable writeable
p_Name               db 'Global\MyFileMappingObject22', 0
a_Title              db 'OpenFileMapping', 0
a_Msg0               db 'Close', 0
align 4
hMapping             rd 1
lpMapBuff            rd 1    


Description:
Filesize: 19.03 KB
Viewed: 1453 Time(s)

Screenshot_20240115_023917.png


Description:
Filesize: 18.71 KB
Viewed: 1453 Time(s)

Screenshot_20240115_023939.png


Description:
Filesize: 18.76 KB
Viewed: 1453 Time(s)

Screenshot_20240115_024012.png


Post 14 Jan 2024, 23:42
View user's profile Send private message Reply with quote
Roman



Joined: 21 Apr 2012
Posts: 1701
Roman 15 Jan 2024, 04:46
Thanks macomics.
For me work with 'Global4MyFileMappingObject25' and BUFFSIZ = 256
Work good 64bit(first process) and 32bit(second process) in Windows 10

Problem was in 'Global\MyFileMappingObject25' and 'Global\\MyFileMappingObject25'
Microsoft gives bad example !
https://learn.microsoft.com/en-us/windows/win32/memory/creating-named-shared-memory
Post 15 Jan 2024, 04:46
View user's profile Send private message Reply with quote
Roman



Joined: 21 Apr 2012
Posts: 1701
Roman 15 Jan 2024, 05:07
Prefixing the file mapping object names with "Global\" allows processes to communicate with each other even if they are in different terminal server sessions. This requires that the first process must have the SeCreateGlobalPrivilege privilege.
Post 15 Jan 2024, 05:07
View user's profile Send private message Reply with quote
macomics



Joined: 26 Jan 2021
Posts: 913
Location: Russia
macomics 15 Jan 2024, 06:05
Roman wrote:
Prefixing the file mapping object names with "Global\" allows processes to communicate with each other even if they are in different terminal server sessions. This requires that the first process must have the SeCreateGlobalPrivilege privilege.
Everything is described in the article about the CreateFileMapping function
https://learn.microsoft.com/en-us/windows/win32/api/winbase/nf-winbase-createfilemappinga wrote:
The name can have a "Global" or "Local" prefix to explicitly create the object in the global or session namespace. The remainder of the name can contain any character except the backslash character (\). Creating a file mapping object in the global namespace from a session other than session zero requires the SeCreateGlobalPrivilege privilege. For more information, see Kernel Object Namespaces.
When you specify a double \, the first one is the section and name separator, and the second one is part of the name.
Post 15 Jan 2024, 06:05
View user's profile Send private message Reply with quote
Roman



Joined: 21 Apr 2012
Posts: 1701
Roman 15 Jan 2024, 08:30
How i understood process with OpenFileMapping only can read from mapped buffer.
If i write some data in mapped buffer from process with OpenFileMapping.
Another process(with CreateFileMapping) not see this data.
Post 15 Jan 2024, 08:30
View user's profile Send private message Reply with quote
macomics



Joined: 26 Jan 2021
Posts: 913
Location: Russia
macomics 15 Jan 2024, 08:53
Roman wrote:
How i understood process with OpenFileMapping only can read from mapped buffer.
If i write some data in mapped buffer from process with OpenFileMapping.
Another process(with CreateFileMapping) not see this data.

Why?
Code:
; CreateFileMapping
format PE GUI 5.0 at 0x00010000
include "win32a.inc"
section '.idata' import data readable writeable
library kernel32, 'KERNEL32.DLL',user32,'USER32.DLL'
include 'API\KERNEL32.INC'
include 'API\USER32.INC'
section '.text' code readable executable
entry $
      BUFFSIZ = 4096 ; One page
      invoke CreateFileMapping, INVALID_HANDLE_VALUE, NULL, PAGE_READWRITE, 0, BUFFSIZ, p_Name
      mov    [hMapping], eax
      invoke MapViewOfFile, eax, FILE_MAP_ALL_ACCESS, 0, 0, BUFFSIZ
      mov    [lpMapBuff], eax
      invoke MessageBox, HWND_DESKTOP, a_Msg1, a_Title, MB_OK
      invoke MessageBox, HWND_DESKTOP, [lpMapBuff], a_Title, MB_OK
      invoke MessageBox, HWND_DESKTOP, [lpMapBuff], a_Title, MB_OK
      invoke UnmapViewOfFile, [lpMapBuff]
      invoke CloseHandle, [hMapping]
      invoke MessageBox, HWND_DESKTOP, a_Msg0, a_Title, MB_OK
      invoke ExitProcess, 0

section '.data' data readable writeable
p_Name               db 'Global\MyFileMappingObject22', 0
a_Title              db 'CreateFileMapping', 0
a_Msg1               db 'Wait', 0
a_Msg0               db 'Close', 0
align 4
hMapping             rd 1
lpMapBuff            rd 1    
Code:
; OpenFileMapping
format PE GUI 5.0 at 0x00010000
include "win32a.inc"
section '.idata' import data readable writeable
library kernel32, 'KERNEL32.DLL',user32,'USER32.DLL'
include 'API\KERNEL32.INC'
include 'API\USER32.INC'
section '.text' code readable executable
entry $
      BUFFSIZ = 4096 ; One page
      invoke OpenFileMapping, FILE_MAP_ALL_ACCESS, FALSE, p_Name
      mov    [hMapping], eax
      invoke MapViewOfFile, eax, FILE_MAP_ALL_ACCESS, 0, 0, BUFFSIZ
      mov    [lpMapBuff], eax
      mov    byte [eax +  0], 'H'
      mov    byte [eax +  1], 'e'
      mov    byte [eax +  2], 'l'
      mov    byte [eax +  3], 'l'
      mov    byte [eax +  4], 'o'
      mov    byte [eax +  5], ' '
      invoke MessageBox, HWND_DESKTOP, a_Msg2, a_Title, MB_OK
      mov    eax, [lpMapBuff]
      mov    byte [eax +  6], 'w'
      mov    byte [eax +  7], 'o'
      mov    byte [eax +  8], 'r'
      mov    byte [eax +  9], 'l'
      mov    byte [eax + 10], 'd'
      invoke MessageBox, HWND_DESKTOP, a_Msg1, a_Title, MB_OK
      invoke UnmapViewOfFile, [lpMapBuff]
      invoke CloseHandle, [hMapping]
      invoke MessageBox, HWND_DESKTOP, a_Msg0, a_Title, MB_OK
      invoke ExitProcess, 0

section '.data' data readable writeable
p_Name               db 'Global\MyFileMappingObject22', 0
a_Title              db 'OpenFileMapping', 0
a_Msg0               db 'Close', 0
a_Msg1               db 'Wait 1', 0
a_Msg2               db 'Wait 0', 0
align 4
hMapping             rd 1
lpMapBuff            rd 1    

1) Start CreateFileMapping so that the object is created
2) Start OpenFileMapping so that the existing object would be opened. CreateFileMapping - not touched
3) Click OK in CreateFileMapping. OpenFileMapping - not touched
4) Click OK first in OpenFileMapping and then in CreateFileMapping
5) Click OK again in OpenFileMapping and then in CreateFileMapping


Description:
Filesize: 40.99 KB
Viewed: 1399 Time(s)

Screenshot_20240115_114138.png


Post 15 Jan 2024, 08:53
View user's profile Send private message Reply with quote
macomics



Joined: 26 Jan 2021
Posts: 913
Location: Russia
macomics 15 Jan 2024, 09:01
Code:
; CreateFileMapping
format PE GUI 5.0 at 0x00010000
include "win32a.inc"
section '.idata' import data readable writeable
library kernel32, 'KERNEL32.DLL',user32,'USER32.DLL'
include 'API\KERNEL32.INC'
include 'API\USER32.INC'
section '.text' code readable executable
entry $
      BUFFSIZ = 4096 ; One page
      invoke CreateFileMapping, INVALID_HANDLE_VALUE, NULL, PAGE_READWRITE, 0, BUFFSIZ, p_Name
      mov    [hMapping], eax
      invoke MapViewOfFile, eax, FILE_MAP_ALL_ACCESS, 0, 0, BUFFSIZ
      mov    [lpMapBuff], eax
      invoke MessageBox, HWND_DESKTOP, a_Msg1, a_Title, MB_OK
      invoke MessageBox, HWND_DESKTOP, [lpMapBuff], a_Title, MB_OK
      invoke MessageBox, HWND_DESKTOP, [lpMapBuff], a_Title, MB_OK
      mov    eax, [lpMapBuff]
      mov    byte [eax +  5], ','
      mov    byte [eax +  6], ' '
      mov    dword [eax +  7], 'maco'
      mov    byte [eax + 11], 'm'
      mov    word [eax + 12], 'ic'
      mov    byte [eax + 14], 's'
      mov    byte [eax + 15], '!'
      invoke UnmapViewOfFile, [lpMapBuff]
      invoke CloseHandle, [hMapping]
      invoke MessageBox, HWND_DESKTOP, a_Msg0, a_Title, MB_OK
      invoke ExitProcess, 0

section '.data' data readable writeable
p_Name               db 'Global\MyFileMappingObject22', 0
a_Title              db 'CreateFileMapping', 0
a_Msg0               db 'Close', 0
a_Msg1               db 'Wait', 0
align 4
hMapping             rd 1
lpMapBuff            rd 1    
Code:
; OpenFileMapping
format PE GUI 5.0 at 0x00010000
include "win32a.inc"
section '.idata' import data readable writeable
library kernel32, 'KERNEL32.DLL',user32,'USER32.DLL'
include 'API\KERNEL32.INC'
include 'API\USER32.INC'
section '.text' code readable executable
entry $
      BUFFSIZ = 4096 ; One page
      invoke OpenFileMapping, FILE_MAP_ALL_ACCESS, FALSE, p_Name
      mov    [hMapping], eax
      invoke MapViewOfFile, eax, FILE_MAP_ALL_ACCESS, 0, 0, BUFFSIZ
      mov    [lpMapBuff], eax
      mov    byte [eax +  0], 'H'
      mov    byte [eax +  1], 'e'
      mov    byte [eax +  2], 'l'
      mov    byte [eax +  3], 'l'
      mov    byte [eax +  4], 'o'
      mov    byte [eax +  5], ' '
      invoke MessageBox, HWND_DESKTOP, a_Msg2, a_Title, MB_OK
      mov    eax, [lpMapBuff]
      mov    byte [eax +  6], 'w'
      mov    byte [eax +  7], 'o'
      mov    byte [eax +  8], 'r'
      mov    byte [eax +  9], 'l'
      mov    byte [eax + 10], 'd'
      invoke MessageBox, HWND_DESKTOP, a_Msg1, a_Title, MB_OK
      invoke MessageBox, HWND_DESKTOP, [lpMapBuff], a_Title, MB_OK
      invoke UnmapViewOfFile, [lpMapBuff]
      invoke CloseHandle, [hMapping]
      invoke MessageBox, HWND_DESKTOP, a_Msg0, a_Title, MB_OK
      invoke ExitProcess, 0

section '.data' data readable writeable
p_Name               db 'Global\MyFileMappingObject22', 0
a_Title              db 'OpenFileMapping', 0
a_Msg0               db 'Close', 0
a_Msg1               db 'Wait 1', 0
a_Msg2               db 'Wait 0', 0
align 4
hMapping             rd 1
lpMapBuff            rd 1    
Bidirectional
Post 15 Jan 2024, 09:01
View user's profile Send private message Reply with quote
Roman



Joined: 21 Apr 2012
Posts: 1701
Roman 15 Jan 2024, 12:11
Thanks
My mistake.
In process OpenFileMapping i do
invoke UnmapViewOfFile, [lpMapBuff]
invoke CloseHandle, [hMapping]
Post 15 Jan 2024, 12:11
View user's profile Send private message Reply with quote
macomics



Joined: 26 Jan 2021
Posts: 913
Location: Russia
macomics 15 Jan 2024, 13:08
As long as there is at least one hMapping open, the file will be available and the data will not be deleted. Even if you close hMapping after writing, while it is open in the data reader, you can make a MapViewOfFile and get the contents. You can experiment with this with bidirectional examples.
Post 15 Jan 2024, 13:08
View user's profile Send private message Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  


< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Copyright © 1999-2024, Tomasz Grysztar. Also on GitHub, YouTube.

Website powered by rwasa.