flat assembler
Message board for the users of flat assembler.
Index
> Windows > Some crazy things with OpenFileMapping & CreateFileMapping |
Author |
|
Roman 14 Jan 2024, 18:43
Code I get from msdn.
https://learn.microsoft.com/en-us/windows/win32/memory/creating-named-shared-memory |
|||
14 Jan 2024, 18:43 |
|
macomics 14 Jan 2024, 19:34
Can you give a little more information? For example, what is the value of GetLastError after OpenFileMapping in dx.exe. This value will show debugger even without adding a call to this function. If you use IDA 7+, then it has its own debugger.
|
|||
14 Jan 2024, 19:34 |
|
Roman 14 Jan 2024, 22:00
|
|||
14 Jan 2024, 22:00 |
|
macomics 14 Jan 2024, 23:42
The fact is that you have an error in the name for CreateFileMapping / OpenFileMapping. Escaping is used to create a string in C/C++, and in the source program the double \ will turn into a single one in the binary program. In your program, the name is set with two \ which leads to an error and you get the code 0. The option when you pass a pointer to a pointer leads to the fact that the object is not placed in the Global section, but gets a name different from the expected one. Objects outside the Global section are not visible in different processes. Try to do this
Code: ; CreateFileMapping.asm format PE GUI 5.0 at 0x00010000 include "win32a.inc" section '.idata' import data readable writeable library kernel32, 'KERNEL32.DLL',user32,'USER32.DLL' include 'API\KERNEL32.INC' include 'API\USER32.INC' section '.text' code readable executable entry $ BUFFSIZ = 4096 ; One page invoke CreateFileMapping, INVALID_HANDLE_VALUE, NULL, PAGE_READWRITE, 0, BUFFSIZ, p_Name mov [hMapping], eax invoke MapViewOfFile, eax, FILE_MAP_ALL_ACCESS, 0, 0, BUFFSIZ mov [lpMapBuff], eax mov byte [eax + 0], 'H' mov byte [eax + 1], 'e' mov byte [eax + 2], 'l' mov byte [eax + 3], 'l' mov byte [eax + 4], 'o' mov byte [eax + 5], ' ' invoke MessageBox, HWND_DESKTOP, a_Msg0, a_Title, MB_OK mov eax, [lpMapBuff] mov byte [eax + 6], 'w' mov byte [eax + 7], 'o' mov byte [eax + 8], 'r' mov byte [eax + 9], 'l' mov byte [eax + 10], 'd' invoke MessageBox, HWND_DESKTOP, a_Msg1, a_Title, MB_OK invoke UnmapViewOfFile, [lpMapBuff] invoke CloseHandle, [hMapping] invoke MessageBox, HWND_DESKTOP, a_Msg2, a_Title, MB_OK invoke ExitProcess, 0 section '.data' data readable writeable p_Name db 'Global\MyFileMappingObject22', 0 a_Title db 'CreateFileMapping', 0 a_Msg0 db 'Wait 0', 0 a_Msg1 db 'Wait 1', 0 a_Msg2 db 'Close', 0 align 4 hMapping rd 1 lpMapBuff rd 1 Code: ; OpenFileMapping.asm format PE GUI 5.0 at 0x00010000 include "win32a.inc" section '.idata' import data readable writeable library kernel32, 'KERNEL32.DLL',user32,'USER32.DLL' include 'API\KERNEL32.INC' include 'API\USER32.INC' section '.text' code readable executable entry $ BUFFSIZ = 4096 ; One page invoke OpenFileMapping, FILE_MAP_ALL_ACCESS, FALSE, p_Name mov [hMapping], eax invoke MapViewOfFile, eax, FILE_MAP_ALL_ACCESS, 0, 0, BUFFSIZ mov [lpMapBuff], eax invoke MessageBox, HWND_DESKTOP, eax, a_Title, MB_OK invoke MessageBox, HWND_DESKTOP, [lpMapBuff], a_Title, MB_OK invoke UnmapViewOfFile, [lpMapBuff] invoke CloseHandle, [hMapping] invoke MessageBox, HWND_DESKTOP, a_Msg0, a_Title, MB_OK invoke ExitProcess, 0 section '.data' data readable writeable p_Name db 'Global\MyFileMappingObject22', 0 a_Title db 'OpenFileMapping', 0 a_Msg0 db 'Close', 0 align 4 hMapping rd 1 lpMapBuff rd 1 Last edited by macomics on 13 Nov 2024, 20:51; edited 1 time in total |
|||
14 Jan 2024, 23:42 |
|
Roman 15 Jan 2024, 04:46
Thanks macomics.
For me work with 'Global4MyFileMappingObject25' and BUFFSIZ = 256 Work good 64bit(first process) and 32bit(second process) in Windows 10 Problem was in 'Global\MyFileMappingObject25' and 'Global\\MyFileMappingObject25' Microsoft gives bad example ! https://learn.microsoft.com/en-us/windows/win32/memory/creating-named-shared-memory |
|||
15 Jan 2024, 04:46 |
|
Roman 15 Jan 2024, 05:07
Prefixing the file mapping object names with "Global\" allows processes to communicate with each other even if they are in different terminal server sessions. This requires that the first process must have the SeCreateGlobalPrivilege privilege.
|
|||
15 Jan 2024, 05:07 |
|
macomics 15 Jan 2024, 06:05
Roman wrote: Prefixing the file mapping object names with "Global\" allows processes to communicate with each other even if they are in different terminal server sessions. This requires that the first process must have the SeCreateGlobalPrivilege privilege. https://learn.microsoft.com/en-us/windows/win32/api/winbase/nf-winbase-createfilemappinga wrote: The name can have a "Global" or "Local" prefix to explicitly create the object in the global or session namespace. The remainder of the name can contain any character except the backslash character (\). Creating a file mapping object in the global namespace from a session other than session zero requires the SeCreateGlobalPrivilege privilege. For more information, see Kernel Object Namespaces. |
|||
15 Jan 2024, 06:05 |
|
Roman 15 Jan 2024, 08:30
How i understood process with OpenFileMapping only can read from mapped buffer.
If i write some data in mapped buffer from process with OpenFileMapping. Another process(with CreateFileMapping) not see this data. |
|||
15 Jan 2024, 08:30 |
|
macomics 15 Jan 2024, 08:53
Roman wrote: How i understood process with OpenFileMapping only can read from mapped buffer. Why? Code: ; CreateFileMapping format PE GUI 5.0 at 0x00010000 include "win32a.inc" section '.idata' import data readable writeable library kernel32, 'KERNEL32.DLL',user32,'USER32.DLL' include 'API\KERNEL32.INC' include 'API\USER32.INC' section '.text' code readable executable entry $ BUFFSIZ = 4096 ; One page invoke CreateFileMapping, INVALID_HANDLE_VALUE, NULL, PAGE_READWRITE, 0, BUFFSIZ, p_Name mov [hMapping], eax invoke MapViewOfFile, eax, FILE_MAP_ALL_ACCESS, 0, 0, BUFFSIZ mov [lpMapBuff], eax invoke MessageBox, HWND_DESKTOP, a_Msg1, a_Title, MB_OK invoke MessageBox, HWND_DESKTOP, [lpMapBuff], a_Title, MB_OK invoke MessageBox, HWND_DESKTOP, [lpMapBuff], a_Title, MB_OK invoke UnmapViewOfFile, [lpMapBuff] invoke CloseHandle, [hMapping] invoke MessageBox, HWND_DESKTOP, a_Msg0, a_Title, MB_OK invoke ExitProcess, 0 section '.data' data readable writeable p_Name db 'Global\MyFileMappingObject22', 0 a_Title db 'CreateFileMapping', 0 a_Msg1 db 'Wait', 0 a_Msg0 db 'Close', 0 align 4 hMapping rd 1 lpMapBuff rd 1 Code: ; OpenFileMapping format PE GUI 5.0 at 0x00010000 include "win32a.inc" section '.idata' import data readable writeable library kernel32, 'KERNEL32.DLL',user32,'USER32.DLL' include 'API\KERNEL32.INC' include 'API\USER32.INC' section '.text' code readable executable entry $ BUFFSIZ = 4096 ; One page invoke OpenFileMapping, FILE_MAP_ALL_ACCESS, FALSE, p_Name mov [hMapping], eax invoke MapViewOfFile, eax, FILE_MAP_ALL_ACCESS, 0, 0, BUFFSIZ mov [lpMapBuff], eax mov byte [eax + 0], 'H' mov byte [eax + 1], 'e' mov byte [eax + 2], 'l' mov byte [eax + 3], 'l' mov byte [eax + 4], 'o' mov byte [eax + 5], ' ' invoke MessageBox, HWND_DESKTOP, a_Msg2, a_Title, MB_OK mov eax, [lpMapBuff] mov byte [eax + 6], 'w' mov byte [eax + 7], 'o' mov byte [eax + 8], 'r' mov byte [eax + 9], 'l' mov byte [eax + 10], 'd' invoke MessageBox, HWND_DESKTOP, a_Msg1, a_Title, MB_OK invoke UnmapViewOfFile, [lpMapBuff] invoke CloseHandle, [hMapping] invoke MessageBox, HWND_DESKTOP, a_Msg0, a_Title, MB_OK invoke ExitProcess, 0 section '.data' data readable writeable p_Name db 'Global\MyFileMappingObject22', 0 a_Title db 'OpenFileMapping', 0 a_Msg0 db 'Close', 0 a_Msg1 db 'Wait 1', 0 a_Msg2 db 'Wait 0', 0 align 4 hMapping rd 1 lpMapBuff rd 1 1) Start CreateFileMapping so that the object is created 2) Start OpenFileMapping so that the existing object would be opened. CreateFileMapping - not touched 3) Click OK in CreateFileMapping. OpenFileMapping - not touched 4) Click OK first in OpenFileMapping and then in CreateFileMapping 5) Click OK again in OpenFileMapping and then in CreateFileMapping Last edited by macomics on 13 Nov 2024, 20:50; edited 1 time in total |
|||
15 Jan 2024, 08:53 |
|
macomics 15 Jan 2024, 09:01
Code: ; CreateFileMapping format PE GUI 5.0 at 0x00010000 include "win32a.inc" section '.idata' import data readable writeable library kernel32, 'KERNEL32.DLL',user32,'USER32.DLL' include 'API\KERNEL32.INC' include 'API\USER32.INC' section '.text' code readable executable entry $ BUFFSIZ = 4096 ; One page invoke CreateFileMapping, INVALID_HANDLE_VALUE, NULL, PAGE_READWRITE, 0, BUFFSIZ, p_Name mov [hMapping], eax invoke MapViewOfFile, eax, FILE_MAP_ALL_ACCESS, 0, 0, BUFFSIZ mov [lpMapBuff], eax invoke MessageBox, HWND_DESKTOP, a_Msg1, a_Title, MB_OK invoke MessageBox, HWND_DESKTOP, [lpMapBuff], a_Title, MB_OK invoke MessageBox, HWND_DESKTOP, [lpMapBuff], a_Title, MB_OK mov eax, [lpMapBuff] mov byte [eax + 5], ',' mov byte [eax + 6], ' ' mov dword [eax + 7], 'maco' mov byte [eax + 11], 'm' mov word [eax + 12], 'ic' mov byte [eax + 14], 's' mov byte [eax + 15], '!' invoke UnmapViewOfFile, [lpMapBuff] invoke CloseHandle, [hMapping] invoke MessageBox, HWND_DESKTOP, a_Msg0, a_Title, MB_OK invoke ExitProcess, 0 section '.data' data readable writeable p_Name db 'Global\MyFileMappingObject22', 0 a_Title db 'CreateFileMapping', 0 a_Msg0 db 'Close', 0 a_Msg1 db 'Wait', 0 align 4 hMapping rd 1 lpMapBuff rd 1 Code: ; OpenFileMapping format PE GUI 5.0 at 0x00010000 include "win32a.inc" section '.idata' import data readable writeable library kernel32, 'KERNEL32.DLL',user32,'USER32.DLL' include 'API\KERNEL32.INC' include 'API\USER32.INC' section '.text' code readable executable entry $ BUFFSIZ = 4096 ; One page invoke OpenFileMapping, FILE_MAP_ALL_ACCESS, FALSE, p_Name mov [hMapping], eax invoke MapViewOfFile, eax, FILE_MAP_ALL_ACCESS, 0, 0, BUFFSIZ mov [lpMapBuff], eax mov byte [eax + 0], 'H' mov byte [eax + 1], 'e' mov byte [eax + 2], 'l' mov byte [eax + 3], 'l' mov byte [eax + 4], 'o' mov byte [eax + 5], ' ' invoke MessageBox, HWND_DESKTOP, a_Msg2, a_Title, MB_OK mov eax, [lpMapBuff] mov byte [eax + 6], 'w' mov byte [eax + 7], 'o' mov byte [eax + 8], 'r' mov byte [eax + 9], 'l' mov byte [eax + 10], 'd' invoke MessageBox, HWND_DESKTOP, a_Msg1, a_Title, MB_OK invoke MessageBox, HWND_DESKTOP, [lpMapBuff], a_Title, MB_OK invoke UnmapViewOfFile, [lpMapBuff] invoke CloseHandle, [hMapping] invoke MessageBox, HWND_DESKTOP, a_Msg0, a_Title, MB_OK invoke ExitProcess, 0 section '.data' data readable writeable p_Name db 'Global\MyFileMappingObject22', 0 a_Title db 'OpenFileMapping', 0 a_Msg0 db 'Close', 0 a_Msg1 db 'Wait 1', 0 a_Msg2 db 'Wait 0', 0 align 4 hMapping rd 1 lpMapBuff rd 1 |
|||
15 Jan 2024, 09:01 |
|
Roman 15 Jan 2024, 12:11
Thanks
My mistake. In process OpenFileMapping i do invoke UnmapViewOfFile, [lpMapBuff] invoke CloseHandle, [hMapping] |
|||
15 Jan 2024, 12:11 |
|
macomics 15 Jan 2024, 13:08
As long as there is at least one hMapping open, the file will be available and the data will not be deleted. Even if you close hMapping after writing, while it is open in the data reader, you can make a MapViewOfFile and get the contents. You can experiment with this with bidirectional examples.
|
|||
15 Jan 2024, 13:08 |
|
< Last Thread | Next Thread > |
Forum Rules:
|
Copyright © 1999-2025, Tomasz Grysztar. Also on GitHub, YouTube.
Website powered by rwasa.